projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix waiting for EIR update when setting local name
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
9238f36a 56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
3159d384 226
3f0f524b
JH		 227 if (!status && !test_bit(HCI_INIT, &hdev->flags))
228 hci_update_ad(hdev);
a9de9248
MH		 229}
230
231static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232{
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
234
9f1db00c 235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 236
237 if (rp->status)
238 return;
239
db99b5fc
JH		 240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 242}
243
244static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245{
246 __u8 status = *((__u8 *) skb->data);
247 void *sent;
248
9f1db00c 249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252 if (!sent)
253 return;
254
255 if (!status) {
256 __u8 param = *((__u8 *) sent);
257
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
260 else
261 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 262 }
a9de9248 263
33ef95ed
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 266}
267
a9de9248 268static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 269{
a9de9248 270 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 271 void *sent;
272
9f1db00c 273 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 274
a9de9248
MH		 275 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
276 if (!sent)
277 return;
1da177e4 278
a9de9248
MH		 279 if (!status) {
280 __u8 param = *((__u8 *) sent);
281
282 if (param)
283 set_bit(HCI_ENCRYPT, &hdev->flags);
284 else
285 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 }
a9de9248 287}
1da177e4 288
a9de9248
MH		 289static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
290{
36f7fc7e
JH		 291 __u8 param, status = *((__u8 *) skb->data);
292 int old_pscan, old_iscan;
a9de9248 293 void *sent;
1da177e4 294
9f1db00c 295 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 296
a9de9248
MH		 297 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 if (!sent)
299 return;
1da177e4 300
36f7fc7e
JH		 301 param = *((__u8 *) sent);
302
56e5cb86
JH		 303 hci_dev_lock(hdev);
304
fa1bd918 305 if (status) {
744cf19e 306 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 307 hdev->discov_timeout = 0;
308 goto done;
309 }
310
36f7fc7e
JH		 311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
313
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
316 if (!old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 318 if (hdev->discov_timeout > 0) {
319 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
320 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 321 to);
16ab91ab 322 }
36f7fc7e 323 } else if (old_iscan)
744cf19e 324 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 325
326 if (param & SCAN_PAGE) {
327 set_bit(HCI_PSCAN, &hdev->flags);
328 if (!old_pscan)
744cf19e 329 mgmt_connectable(hdev, 1);
36f7fc7e 330 } else if (old_pscan)
744cf19e 331 mgmt_connectable(hdev, 0);
1da177e4 332
36f7fc7e 333done:
56e5cb86 334 hci_dev_unlock(hdev);
a9de9248 335}
1da177e4 336
a9de9248
MH		 337static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
338{
339 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 340
9f1db00c 341 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 342
a9de9248
MH		 343 if (rp->status)
344 return;
1da177e4 345
a9de9248 346 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 347
a9de9248 348 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 349 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 350}
1da177e4 351
a9de9248
MH		 352static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
353{
354 __u8 status = *((__u8 *) skb->data);
355 void *sent;
1da177e4 356
9f1db00c 357 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 358
a9de9248
MH		 359 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360 if (!sent)
361 return;
1da177e4 362
7f9a903c
MH		 363 hci_dev_lock(hdev);
364
365 if (status == 0)
366 memcpy(hdev->dev_class, sent, 3);
367
368 if (test_bit(HCI_MGMT, &hdev->dev_flags))
369 mgmt_set_class_of_dev_complete(hdev, sent, status);
370
371 hci_dev_unlock(hdev);
a9de9248 372}
1da177e4 373
a9de9248
MH		 374static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
375{
376 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
377 __u16 setting;
378
9f1db00c 379 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 380
381 if (rp->status)
382 return;
383
384 setting = __le16_to_cpu(rp->voice_setting);
385
f383f275 386 if (hdev->voice_setting == setting)
a9de9248
MH		 387 return;
388
389 hdev->voice_setting = setting;
390
9f1db00c 391 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 392
3c54711c 393 if (hdev->notify)
a9de9248 394 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 395}
396
8fc9ced3
GP		 397static void hci_cc_write_voice_setting(struct hci_dev *hdev,
398 struct sk_buff *skb)
a9de9248
MH		 399{
400 __u8 status = *((__u8 *) skb->data);
f383f275 401 __u16 setting;
a9de9248
MH		 402 void *sent;
403
9f1db00c 404 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 405
f383f275
MH		 406 if (status)
407 return;
408
a9de9248
MH		 409 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 if (!sent)
411 return;
1da177e4 412
f383f275 413 setting = get_unaligned_le16(sent);
1da177e4 414
f383f275
MH		 415 if (hdev->voice_setting == setting)
416 return;
417
418 hdev->voice_setting = setting;
1da177e4 419
9f1db00c 420 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 421
3c54711c 422 if (hdev->notify)
f383f275 423 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 424}
425
333140b5
MH		 426static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
427{
428 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 429 struct hci_cp_write_ssp_mode *sent;
333140b5 430
9f1db00c 431 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 432
333140b5
MH		 433 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
434 if (!sent)
435 return;
436
5ed8eb2f
JH		 437 if (!status) {
438 if (sent->mode)
439 hdev->host_features[0] |= LMP_HOST_SSP;
440 else
441 hdev->host_features[0] &= ~LMP_HOST_SSP;
442 }
443
ed2c4ee3 444 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 445 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 446 else if (!status) {
5ed8eb2f 447 if (sent->mode)
c0ecddc2
JH		 448 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449 else
450 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
451 }
333140b5
MH		 452}
453
a9de9248
MH		 454static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
455{
456 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 457
9f1db00c 458 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 459
a9de9248 460 if (rp->status)
42c6b129 461 return;
1143e5a6 462
a9de9248 463 hdev->hci_ver = rp->hci_ver;
e4e8e37c 464 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 465 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 466 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 467 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 468
9f1db00c 469 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 470 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 471}
472
8fc9ced3
GP		 473static void hci_cc_read_local_commands(struct hci_dev *hdev,
474 struct sk_buff *skb)
a9de9248
MH		 475{
476 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 477
9f1db00c 478 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 479
2177bab5
JH		 480 if (!rp->status)
481 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 482}
1da177e4 483
8fc9ced3
GP		 484static void hci_cc_read_local_features(struct hci_dev *hdev,
485 struct sk_buff *skb)
a9de9248
MH		 486{
487 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 488
9f1db00c 489 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 490
a9de9248
MH		 491 if (rp->status)
492 return;
5b7f9909 493
a9de9248 494 memcpy(hdev->features, rp->features, 8);
5b7f9909 495
a9de9248
MH		 496 /* Adjust default settings according to features
497 * supported by device. */
1da177e4 498
a9de9248
MH		 499 if (hdev->features[0] & LMP_3SLOT)
500 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 501
a9de9248
MH		 502 if (hdev->features[0] & LMP_5SLOT)
503 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 504
a9de9248
MH		 505 if (hdev->features[1] & LMP_HV2) {
506 hdev->pkt_type |= (HCI_HV2);
507 hdev->esco_type |= (ESCO_HV2);
508 }
1da177e4 509
a9de9248
MH		 510 if (hdev->features[1] & LMP_HV3) {
511 hdev->pkt_type |= (HCI_HV3);
512 hdev->esco_type |= (ESCO_HV3);
513 }
1da177e4 514
45db810f 515 if (lmp_esco_capable(hdev))
a9de9248 516 hdev->esco_type |= (ESCO_EV3);
da1f5198 517
a9de9248
MH		 518 if (hdev->features[4] & LMP_EV4)
519 hdev->esco_type |= (ESCO_EV4);
da1f5198 520
a9de9248
MH		 521 if (hdev->features[4] & LMP_EV5)
522 hdev->esco_type |= (ESCO_EV5);
1da177e4 523
efc7688b
MH		 524 if (hdev->features[5] & LMP_EDR_ESCO_2M)
525 hdev->esco_type |= (ESCO_2EV3);
526
527 if (hdev->features[5] & LMP_EDR_ESCO_3M)
528 hdev->esco_type |= (ESCO_3EV3);
529
530 if (hdev->features[5] & LMP_EDR_3S_ESCO)
531 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
532
a9de9248 533 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 534 hdev->features[0], hdev->features[1],
535 hdev->features[2], hdev->features[3],
536 hdev->features[4], hdev->features[5],
537 hdev->features[6], hdev->features[7]);
a9de9248 538}
1da177e4 539
971e3a4b 540static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 541 struct sk_buff *skb)
971e3a4b
AG		 542{
543 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
544
9f1db00c 545 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 546
547 if (rp->status)
42c6b129 548 return;
971e3a4b 549
b5b32b65
AG		 550 switch (rp->page) {
551 case 0:
552 memcpy(hdev->features, rp->features, 8);
553 break;
554 case 1:
555 memcpy(hdev->host_features, rp->features, 8);
556 break;
557 }
971e3a4b
AG		 558}
559
1e89cffb 560static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 561 struct sk_buff *skb)
1e89cffb
AE		 562{
563 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
564
9f1db00c 565 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 566
42c6b129
JH		 567 if (!rp->status)
568 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 569}
570
a9de9248
MH		 571static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
572{
573 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 574
9f1db00c 575 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 576
a9de9248
MH		 577 if (rp->status)
578 return;
1da177e4 579
a9de9248
MH		 580 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
581 hdev->sco_mtu = rp->sco_mtu;
582 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
583 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
584
585 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
586 hdev->sco_mtu = 64;
587 hdev->sco_pkts = 8;
1da177e4 588 }
a9de9248
MH		 589
590 hdev->acl_cnt = hdev->acl_pkts;
591 hdev->sco_cnt = hdev->sco_pkts;
592
807deac2
GP		 593 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
594 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 595}
596
597static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
598{
599 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
600
9f1db00c 601 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 602
603 if (!rp->status)
604 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 605}
606
350ee4cf 607static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 608 struct sk_buff *skb)
350ee4cf
AE		 609{
610 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
611
9f1db00c 612 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 613
614 if (rp->status)
615 return;
616
617 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
618 hdev->block_len = __le16_to_cpu(rp->block_len);
619 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
620
621 hdev->block_cnt = hdev->num_blocks;
622
623 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 624 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 625}
626
928abaa7 627static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 628 struct sk_buff *skb)
928abaa7
AE		 629{
630 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
631
9f1db00c 632 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 633
634 if (rp->status)
8e2a0d92 635 goto a2mp_rsp;
928abaa7
AE		 636
637 hdev->amp_status = rp->amp_status;
638 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
639 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
640 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
641 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
642 hdev->amp_type = rp->amp_type;
643 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
644 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
645 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
646 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
647
8e2a0d92
AE		 648a2mp_rsp:
649 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 650}
651
903e4541
AE		 652static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
653 struct sk_buff *skb)
654{
655 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
656 struct amp_assoc *assoc = &hdev->loc_assoc;
657 size_t rem_len, frag_len;
658
659 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
660
661 if (rp->status)
662 goto a2mp_rsp;
663
664 frag_len = skb->len - sizeof(*rp);
665 rem_len = __le16_to_cpu(rp->rem_len);
666
667 if (rem_len > frag_len) {
2e430be3 668 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 669
670 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
671 assoc->offset += frag_len;
672
673 /* Read other fragments */
674 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
675
676 return;
677 }
678
679 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
680 assoc->len = assoc->offset + rem_len;
681 assoc->offset = 0;
682
683a2mp_rsp:
684 /* Send A2MP Rsp when all fragments are received */
685 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 686 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 687}
688
d5859e22 689static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 690 struct sk_buff *skb)
d5859e22 691{
91c4e9b1 692 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 693
9f1db00c 694 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 695
696 if (!rp->status)
697 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 698}
699
980e1a53
JH		 700static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
701{
702 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
703 struct hci_cp_pin_code_reply *cp;
704 struct hci_conn *conn;
705
9f1db00c 706 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 707
56e5cb86
JH		 708 hci_dev_lock(hdev);
709
a8b2d5c2 710 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 711 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 712
fa1bd918 713 if (rp->status)
56e5cb86 714 goto unlock;
980e1a53
JH		 715
716 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
717 if (!cp)
56e5cb86 718 goto unlock;
980e1a53
JH		 719
720 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
721 if (conn)
722 conn->pin_length = cp->pin_len;
56e5cb86
JH		 723
724unlock:
725 hci_dev_unlock(hdev);
980e1a53
JH		 726}
727
728static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
729{
730 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
731
9f1db00c 732 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 733
56e5cb86
JH		 734 hci_dev_lock(hdev);
735
a8b2d5c2 736 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 737 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 738 rp->status);
56e5cb86
JH		 739
740 hci_dev_unlock(hdev);
980e1a53 741}
56e5cb86 742
6ed58ec5
VT		 743static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
744 struct sk_buff *skb)
745{
746 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
747
9f1db00c 748 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 749
750 if (rp->status)
751 return;
752
753 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
754 hdev->le_pkts = rp->le_max_pkt;
755
756 hdev->le_cnt = hdev->le_pkts;
757
758 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 759}
980e1a53 760
60e77321
JH		 761static void hci_cc_le_read_local_features(struct hci_dev *hdev,
762 struct sk_buff *skb)
763{
764 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
765
766 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
767
768 if (!rp->status)
769 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 770}
771
8fa19098
JH		 772static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
773 struct sk_buff *skb)
774{
775 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
776
777 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
778
3f0f524b 779 if (!rp->status) {
8fa19098 780 hdev->adv_tx_power = rp->tx_power;
3f0f524b
JH		 781 if (!test_bit(HCI_INIT, &hdev->flags))
782 hci_update_ad(hdev);
783 }
8fa19098
JH		 784}
785
a5c29683
JH		 786static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
787{
788 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
789
9f1db00c 790 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 791
56e5cb86
JH		 792 hci_dev_lock(hdev);
793
a8b2d5c2 794 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 795 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
796 rp->status);
56e5cb86
JH		 797
798 hci_dev_unlock(hdev);
a5c29683
JH		 799}
800
801static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 802 struct sk_buff *skb)
a5c29683
JH		 803{
804 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
805
9f1db00c 806 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 807
56e5cb86
JH		 808 hci_dev_lock(hdev);
809
a8b2d5c2 810 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 811 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 812 ACL_LINK, 0, rp->status);
56e5cb86
JH		 813
814 hci_dev_unlock(hdev);
a5c29683
JH		 815}
816
1143d458
BG		 817static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
820
9f1db00c 821 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 822
823 hci_dev_lock(hdev);
824
a8b2d5c2 825 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 826 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 827 0, rp->status);
1143d458
BG		 828
829 hci_dev_unlock(hdev);
830}
831
832static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 833 struct sk_buff *skb)
1143d458
BG		 834{
835 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
836
9f1db00c 837 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 838
839 hci_dev_lock(hdev);
840
a8b2d5c2 841 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 842 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 843 ACL_LINK, 0, rp->status);
1143d458
BG		 844
845 hci_dev_unlock(hdev);
846}
847
c35938b2 848static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 849 struct sk_buff *skb)
c35938b2
SJ		 850{
851 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
852
9f1db00c 853 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 854
56e5cb86 855 hci_dev_lock(hdev);
744cf19e 856 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 857 rp->randomizer, rp->status);
56e5cb86 858 hci_dev_unlock(hdev);
c35938b2
SJ		 859}
860
c1d5dc4a
JH		 861static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
862{
863 __u8 *sent, status = *((__u8 *) skb->data);
864
865 BT_DBG("%s status 0x%2.2x", hdev->name, status);
866
867 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
868 if (!sent)
869 return;
870
871 hci_dev_lock(hdev);
872
873 if (!status) {
874 if (*sent)
875 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
876 else
877 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
878 }
879
880 hci_dev_unlock(hdev);
881
882 if (!test_bit(HCI_INIT, &hdev->flags))
883 hci_update_ad(hdev);
c1d5dc4a
JH		 884}
885
07f7fa5d
AG		 886static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
887{
888 __u8 status = *((__u8 *) skb->data);
889
9f1db00c 890 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be 891
3fd24153
AG		 892 if (status) {
893 hci_dev_lock(hdev);
894 mgmt_start_discovery_failed(hdev, status);
895 hci_dev_unlock(hdev);
896 return;
897 }
07f7fa5d
AG		 898}
899
eb9d91f5 900static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 901 struct sk_buff *skb)
eb9d91f5
AG		 902{
903 struct hci_cp_le_set_scan_enable *cp;
904 __u8 status = *((__u8 *) skb->data);
905
9f1db00c 906 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 907
eb9d91f5
AG		 908 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
909 if (!cp)
910 return;
911
68a8aea4
AE		 912 switch (cp->enable) {
913 case LE_SCANNING_ENABLED:
3fd24153
AG		 914 if (status) {
915 hci_dev_lock(hdev);
916 mgmt_start_discovery_failed(hdev, status);
917 hci_dev_unlock(hdev);
7ba8b4be 918 return;
3fd24153 919 }
7ba8b4be 920
d23264a8
AG		 921 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
922
a8f13c8c 923 hci_dev_lock(hdev);
343f935b 924 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 925 hci_dev_unlock(hdev);
68a8aea4
AE		 926 break;
927
928 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 929 if (status) {
930 hci_dev_lock(hdev);
931 mgmt_stop_discovery_failed(hdev, status);
932 hci_dev_unlock(hdev);
7ba8b4be 933 return;
c9ecc48e 934 }
7ba8b4be 935
d23264a8
AG		 936 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
937
bc3dd33c
AG		 938 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
939 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 940 mgmt_interleaved_discovery(hdev);
941 } else {
942 hci_dev_lock(hdev);
943 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
944 hci_dev_unlock(hdev);
945 }
946
68a8aea4
AE		 947 break;
948
949 default:
950 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
951 break;
35815085 952 }
eb9d91f5
AG		 953}
954
cf1d081f
JH		 955static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
956 struct sk_buff *skb)
957{
958 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
959
960 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
961
962 if (!rp->status)
963 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 964}
965
9b008c04
JH		 966static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
967 struct sk_buff *skb)
968{
969 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
970
971 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
972
973 if (!rp->status)
974 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 975}
976
6039aa73
GP		 977static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
978 struct sk_buff *skb)
f9b49306 979{
06199cf8 980 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 981 __u8 status = *((__u8 *) skb->data);
982
9f1db00c 983 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 984
06199cf8 985 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 986 if (!sent)
f9b49306
AG		 987 return;
988
8f984dfa
JH		 989 if (!status) {
990 if (sent->le)
991 hdev->host_features[0] |= LMP_HOST_LE;
992 else
993 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 994
995 if (sent->simul)
996 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
997 else
998 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 999 }
1000
1001 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1002 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa 1003 mgmt_le_enable_complete(hdev, sent->le, status);
f9b49306
AG		 1004}
1005
93c284ee
AE		 1006static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1007 struct sk_buff *skb)
1008{
1009 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1010
1011 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1012 hdev->name, rp->status, rp->phy_handle);
1013
1014 if (rp->status)
1015 return;
1016
1017 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1018}
1019
6039aa73 1020static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1021{
9f1db00c 1022 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1023
1024 if (status) {
a9de9248 1025 hci_conn_check_pending(hdev);
56e5cb86 1026 hci_dev_lock(hdev);
a8b2d5c2 1027 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1028 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1029 hci_dev_unlock(hdev);
314b2381
JH		 1030 return;
1031 }
1032
89352e7d
AG		 1033 set_bit(HCI_INQUIRY, &hdev->flags);
1034
56e5cb86 1035 hci_dev_lock(hdev);
343f935b 1036 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1037 hci_dev_unlock(hdev);
1da177e4
LT		 1038}
1039
6039aa73 1040static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1041{
a9de9248 1042 struct hci_cp_create_conn *cp;
1da177e4 1043 struct hci_conn *conn;
1da177e4 1044
9f1db00c 1045 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1046
1047 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1048 if (!cp)
1049 return;
1050
1051 hci_dev_lock(hdev);
1052
1053 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1054
6ed93dc6 1055 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1056
1057 if (status) {
1058 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1059 if (status != 0x0c || conn->attempt > 2) {
1060 conn->state = BT_CLOSED;
1061 hci_proto_connect_cfm(conn, status);
1062 hci_conn_del(conn);
1063 } else
1064 conn->state = BT_CONNECT2;
1da177e4
LT		 1065 }
1066 } else {
1067 if (!conn) {
1068 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1069 if (conn) {
a0c808b3 1070 conn->out = true;
1da177e4
LT		 1071 conn->link_mode |= HCI_LM_MASTER;
1072 } else
893ef971 1073 BT_ERR("No memory for new connection");
1da177e4
LT		 1074 }
1075 }
1076
1077 hci_dev_unlock(hdev);
1078}
1079
a9de9248 1080static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1081{
a9de9248
MH		 1082 struct hci_cp_add_sco *cp;
1083 struct hci_conn *acl, *sco;
1084 __u16 handle;
1da177e4 1085
9f1db00c 1086 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1087
a9de9248
MH		 1088 if (!status)
1089 return;
1da177e4 1090
a9de9248
MH		 1091 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1092 if (!cp)
1093 return;
1da177e4 1094
a9de9248 1095 handle = __le16_to_cpu(cp->handle);
1da177e4 1096
9f1db00c 1097 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1098
a9de9248 1099 hci_dev_lock(hdev);
1da177e4 1100
a9de9248 1101 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1102 if (acl) {
1103 sco = acl->link;
1104 if (sco) {
1105 sco->state = BT_CLOSED;
1da177e4 1106
5a08ecce
AE		 1107 hci_proto_connect_cfm(sco, status);
1108 hci_conn_del(sco);
1109 }
a9de9248 1110 }
1da177e4 1111
a9de9248
MH		 1112 hci_dev_unlock(hdev);
1113}
1da177e4 1114
f8558555
MH		 1115static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1116{
1117 struct hci_cp_auth_requested *cp;
1118 struct hci_conn *conn;
1119
9f1db00c 1120 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1121
1122 if (!status)
1123 return;
1124
1125 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1126 if (!cp)
1127 return;
1128
1129 hci_dev_lock(hdev);
1130
1131 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1132 if (conn) {
1133 if (conn->state == BT_CONFIG) {
1134 hci_proto_connect_cfm(conn, status);
1135 hci_conn_put(conn);
1136 }
1137 }
1138
1139 hci_dev_unlock(hdev);
1140}
1141
1142static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1143{
1144 struct hci_cp_set_conn_encrypt *cp;
1145 struct hci_conn *conn;
1146
9f1db00c 1147 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1148
1149 if (!status)
1150 return;
1151
1152 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1153 if (!cp)
1154 return;
1155
1156 hci_dev_lock(hdev);
1157
1158 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1159 if (conn) {
1160 if (conn->state == BT_CONFIG) {
1161 hci_proto_connect_cfm(conn, status);
1162 hci_conn_put(conn);
1163 }
1164 }
1165
1166 hci_dev_unlock(hdev);
1167}
1168
127178d2 1169static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1170 struct hci_conn *conn)
392599b9 1171{
392599b9
JH		 1172 if (conn->state != BT_CONFIG || !conn->out)
1173 return 0;
1174
765c2a96 1175 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1176 return 0;
1177
1178 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1179 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1180 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1181 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1182 return 0;
1183
392599b9
JH		 1184 return 1;
1185}
1186
6039aa73 1187static int hci_resolve_name(struct hci_dev *hdev,
04124681 1188 struct inquiry_entry *e)
30dc78e1
JH		 1189{
1190 struct hci_cp_remote_name_req cp;
1191
1192 memset(&cp, 0, sizeof(cp));
1193
1194 bacpy(&cp.bdaddr, &e->data.bdaddr);
1195 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1196 cp.pscan_mode = e->data.pscan_mode;
1197 cp.clock_offset = e->data.clock_offset;
1198
1199 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1200}
1201
b644ba33 1202static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1203{
1204 struct discovery_state *discov = &hdev->discovery;
1205 struct inquiry_entry *e;
1206
b644ba33
JH		 1207 if (list_empty(&discov->resolve))
1208 return false;
1209
1210 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1211 if (!e)
1212 return false;
1213
b644ba33
JH		 1214 if (hci_resolve_name(hdev, e) == 0) {
1215 e->name_state = NAME_PENDING;
1216 return true;
1217 }
1218
1219 return false;
1220}
1221
1222static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1223 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1224{
1225 struct discovery_state *discov = &hdev->discovery;
1226 struct inquiry_entry *e;
1227
1228 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1229 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1230 name_len, conn->dev_class);
b644ba33
JH		 1231
1232 if (discov->state == DISCOVERY_STOPPED)
1233 return;
1234
30dc78e1
JH		 1235 if (discov->state == DISCOVERY_STOPPING)
1236 goto discov_complete;
1237
1238 if (discov->state != DISCOVERY_RESOLVING)
1239 return;
1240
1241 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1242 /* If the device was not found in a list of found devices names of which
1243 * are pending. there is no need to continue resolving a next name as it
1244 * will be done upon receiving another Remote Name Request Complete
1245 * Event */
1246 if (!e)
1247 return;
1248
1249 list_del(&e->list);
1250 if (name) {
30dc78e1 1251 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1252 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1253 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1254 } else {
1255 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1256 }
1257
b644ba33 1258 if (hci_resolve_next_name(hdev))
30dc78e1 1259 return;
30dc78e1
JH		 1260
1261discov_complete:
1262 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1263}
1264
a9de9248
MH		 1265static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1266{
127178d2
JH		 1267 struct hci_cp_remote_name_req *cp;
1268 struct hci_conn *conn;
1269
9f1db00c 1270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1271
1272 /* If successful wait for the name req complete event before
1273 * checking for the need to do authentication */
1274 if (!status)
1275 return;
1276
1277 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1278 if (!cp)
1279 return;
1280
1281 hci_dev_lock(hdev);
1282
b644ba33
JH		 1283 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1284
a8b2d5c2 1285 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1286 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1287
79c6c70c
JH		 1288 if (!conn)
1289 goto unlock;
1290
1291 if (!hci_outgoing_auth_needed(hdev, conn))
1292 goto unlock;
1293
51a8efd7 1294 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1295 struct hci_cp_auth_requested cp;
1296 cp.handle = __cpu_to_le16(conn->handle);
1297 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1298 }
1299
79c6c70c 1300unlock:
127178d2 1301 hci_dev_unlock(hdev);
a9de9248 1302}
1da177e4 1303
769be974
MH		 1304static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1305{
1306 struct hci_cp_read_remote_features *cp;
1307 struct hci_conn *conn;
1308
9f1db00c 1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1310
1311 if (!status)
1312 return;
1313
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1315 if (!cp)
1316 return;
1317
1318 hci_dev_lock(hdev);
1319
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321 if (conn) {
1322 if (conn->state == BT_CONFIG) {
769be974
MH		 1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_put(conn);
1325 }
1326 }
1327
1328 hci_dev_unlock(hdev);
1329}
1330
1331static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1332{
1333 struct hci_cp_read_remote_ext_features *cp;
1334 struct hci_conn *conn;
1335
9f1db00c 1336 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1337
1338 if (!status)
1339 return;
1340
1341 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1342 if (!cp)
1343 return;
1344
1345 hci_dev_lock(hdev);
1346
1347 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1348 if (conn) {
1349 if (conn->state == BT_CONFIG) {
769be974
MH		 1350 hci_proto_connect_cfm(conn, status);
1351 hci_conn_put(conn);
1352 }
1353 }
1354
1355 hci_dev_unlock(hdev);
1356}
1357
a9de9248
MH		 1358static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1359{
b6a0dc82
MH		 1360 struct hci_cp_setup_sync_conn *cp;
1361 struct hci_conn *acl, *sco;
1362 __u16 handle;
1363
9f1db00c 1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1365
1366 if (!status)
1367 return;
1368
1369 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1370 if (!cp)
1371 return;
1372
1373 handle = __le16_to_cpu(cp->handle);
1374
9f1db00c 1375 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1376
1377 hci_dev_lock(hdev);
1378
1379 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1380 if (acl) {
1381 sco = acl->link;
1382 if (sco) {
1383 sco->state = BT_CLOSED;
b6a0dc82 1384
5a08ecce
AE		 1385 hci_proto_connect_cfm(sco, status);
1386 hci_conn_del(sco);
1387 }
b6a0dc82
MH		 1388 }
1389
1390 hci_dev_unlock(hdev);
1da177e4
LT		 1391}
1392
a9de9248 1393static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1394{
a9de9248
MH		 1395 struct hci_cp_sniff_mode *cp;
1396 struct hci_conn *conn;
1da177e4 1397
9f1db00c 1398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1399
a9de9248
MH		 1400 if (!status)
1401 return;
04837f64 1402
a9de9248
MH		 1403 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1404 if (!cp)
1405 return;
04837f64 1406
a9de9248 1407 hci_dev_lock(hdev);
04837f64 1408
a9de9248 1409 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1410 if (conn) {
51a8efd7 1411 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1412
51a8efd7 1413 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1414 hci_sco_setup(conn, status);
1415 }
1416
a9de9248
MH		 1417 hci_dev_unlock(hdev);
1418}
04837f64 1419
a9de9248
MH		 1420static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_exit_sniff_mode *cp;
1423 struct hci_conn *conn;
04837f64 1424
9f1db00c 1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1426
a9de9248
MH		 1427 if (!status)
1428 return;
04837f64 1429
a9de9248
MH		 1430 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1431 if (!cp)
1432 return;
04837f64 1433
a9de9248 1434 hci_dev_lock(hdev);
1da177e4 1435
a9de9248 1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1437 if (conn) {
51a8efd7 1438 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1439
51a8efd7 1440 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1441 hci_sco_setup(conn, status);
1442 }
1443
a9de9248 1444 hci_dev_unlock(hdev);
1da177e4
LT		 1445}
1446
88c3df13
JH		 1447static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1448{
1449 struct hci_cp_disconnect *cp;
1450 struct hci_conn *conn;
1451
1452 if (!status)
1453 return;
1454
1455 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1456 if (!cp)
1457 return;
1458
1459 hci_dev_lock(hdev);
1460
1461 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1462 if (conn)
1463 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1464 conn->dst_type, status);
88c3df13
JH		 1465
1466 hci_dev_unlock(hdev);
1467}
1468
fcd89c09
VT		 1469static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1470{
fcd89c09
VT		 1471 struct hci_conn *conn;
1472
9f1db00c 1473 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1474
f00a06ac
AG		 1475 if (status) {
1476 hci_dev_lock(hdev);
fcd89c09 1477
0c95ab78 1478 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1479 if (!conn) {
1480 hci_dev_unlock(hdev);
1481 return;
1482 }
fcd89c09 1483
6ed93dc6 1484 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1485
f00a06ac 1486 conn->state = BT_CLOSED;
0c95ab78 1487 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1488 conn->dst_type, status);
1489 hci_proto_connect_cfm(conn, status);
1490 hci_conn_del(conn);
fcd89c09 1491
f00a06ac
AG		 1492 hci_dev_unlock(hdev);
1493 }
fcd89c09
VT		 1494}
1495
a02226d6
AE		 1496static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1497{
93c284ee
AE		 1498 struct hci_cp_create_phy_link *cp;
1499
a02226d6 1500 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1501
93c284ee
AE		 1502 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1503 if (!cp)
1504 return;
1505
e58917b9
AE		 1506 hci_dev_lock(hdev);
1507
1508 if (status) {
1509 struct hci_conn *hcon;
1510
1511 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1512 if (hcon)
1513 hci_conn_del(hcon);
1514 } else {
1515 amp_write_remote_assoc(hdev, cp->phy_handle);
1516 }
1517
1518 hci_dev_unlock(hdev);
a02226d6
AE		 1519}
1520
0b26ab9d
AE		 1521static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1522{
1523 struct hci_cp_accept_phy_link *cp;
1524
1525 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1526
1527 if (status)
1528 return;
1529
1530 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1531 if (!cp)
1532 return;
1533
1534 amp_write_remote_assoc(hdev, cp->phy_handle);
1535}
1536
6039aa73 1537static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1538{
1539 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1540 struct discovery_state *discov = &hdev->discovery;
1541 struct inquiry_entry *e;
1da177e4 1542
9f1db00c 1543 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1544
9238f36a 1545 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1546
a9de9248 1547 hci_conn_check_pending(hdev);
89352e7d
AG		 1548
1549 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1550 return;
1551
a8b2d5c2 1552 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1553 return;
1554
56e5cb86 1555 hci_dev_lock(hdev);
30dc78e1 1556
343f935b 1557 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1558 goto unlock;
1559
1560 if (list_empty(&discov->resolve)) {
1561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562 goto unlock;
1563 }
1564
1565 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1566 if (e && hci_resolve_name(hdev, e) == 0) {
1567 e->name_state = NAME_PENDING;
1568 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1569 } else {
1570 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1571 }
1572
1573unlock:
56e5cb86 1574 hci_dev_unlock(hdev);
1da177e4
LT		 1575}
1576
6039aa73 1577static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1578{
45bb4bf0 1579 struct inquiry_data data;
a9de9248 1580 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1581 int num_rsp = *((__u8 *) skb->data);
1582
1583 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1584
45bb4bf0
MH		 1585 if (!num_rsp)
1586 return;
1587
1519cc17
AG		 1588 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1589 return;
1590
1da177e4 1591 hci_dev_lock(hdev);
45bb4bf0 1592
e17acd40 1593 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1594 bool name_known, ssp;
3175405b 1595
1da177e4
LT		 1596 bacpy(&data.bdaddr, &info->bdaddr);
1597 data.pscan_rep_mode = info->pscan_rep_mode;
1598 data.pscan_period_mode = info->pscan_period_mode;
1599 data.pscan_mode = info->pscan_mode;
1600 memcpy(data.dev_class, info->dev_class, 3);
1601 data.clock_offset = info->clock_offset;
1602 data.rssi = 0x00;
41a96212 1603 data.ssp_mode = 0x00;
3175405b 1604
388fc8fa 1605 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1606 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1607 info->dev_class, 0, !name_known, ssp, NULL,
1608 0);
1da177e4 1609 }
45bb4bf0 1610
1da177e4
LT		 1611 hci_dev_unlock(hdev);
1612}
1613
6039aa73 1614static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1615{
a9de9248
MH		 1616 struct hci_ev_conn_complete *ev = (void *) skb->data;
1617 struct hci_conn *conn;
1da177e4
LT		 1618
1619 BT_DBG("%s", hdev->name);
1620
1621 hci_dev_lock(hdev);
1622
1623 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1624 if (!conn) {
1625 if (ev->link_type != SCO_LINK)
1626 goto unlock;
1627
1628 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1629 if (!conn)
1630 goto unlock;
1631
1632 conn->type = SCO_LINK;
1633 }
1da177e4
LT		 1634
1635 if (!ev->status) {
1636 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1637
1638 if (conn->type == ACL_LINK) {
1639 conn->state = BT_CONFIG;
1640 hci_conn_hold(conn);
a9ea3ed9
SJ		 1641
1642 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1643 !hci_find_link_key(hdev, &ev->bdaddr))
1644 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1645 else
1646 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1647 } else
1648 conn->state = BT_CONNECTED;
1da177e4 1649
9eba32b8 1650 hci_conn_hold_device(conn);
7d0db0a3
MH		 1651 hci_conn_add_sysfs(conn);
1652
1da177e4
LT		 1653 if (test_bit(HCI_AUTH, &hdev->flags))
1654 conn->link_mode |= HCI_LM_AUTH;
1655
1656 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1657 conn->link_mode |= HCI_LM_ENCRYPT;
1658
04837f64
MH		 1659 /* Get remote features */
1660 if (conn->type == ACL_LINK) {
1661 struct hci_cp_read_remote_features cp;
1662 cp.handle = ev->handle;
769be974 1663 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1664 sizeof(cp), &cp);
04837f64
MH		 1665 }
1666
1da177e4 1667 /* Set packet type for incoming connection */
d095c1eb 1668 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1669 struct hci_cp_change_conn_ptype cp;
1670 cp.handle = ev->handle;
a8746417 1671 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1672 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1673 &cp);
1da177e4 1674 }
17d5c04c 1675 } else {
1da177e4 1676 conn->state = BT_CLOSED;
17d5c04c 1677 if (conn->type == ACL_LINK)
744cf19e 1678 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1679 conn->dst_type, ev->status);
17d5c04c 1680 }
1da177e4 1681
e73439d8
MH		 1682 if (conn->type == ACL_LINK)
1683 hci_sco_setup(conn, ev->status);
1da177e4 1684
769be974
MH		 1685 if (ev->status) {
1686 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1687 hci_conn_del(conn);
c89b6e6b
MH		 1688 } else if (ev->link_type != ACL_LINK)
1689 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1690
a9de9248 1691unlock:
1da177e4 1692 hci_dev_unlock(hdev);
1da177e4 1693
a9de9248 1694 hci_conn_check_pending(hdev);
1da177e4
LT		 1695}
1696
20714bfe
FD		 1697void hci_conn_accept(struct hci_conn *conn, int mask)
1698{
1699 struct hci_dev *hdev = conn->hdev;
1700
1701 BT_DBG("conn %p", conn);
1702
1703 conn->state = BT_CONFIG;
1704
1705 if (!lmp_esco_capable(hdev)) {
1706 struct hci_cp_accept_conn_req cp;
1707
1708 bacpy(&cp.bdaddr, &conn->dst);
1709
1710 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1711 cp.role = 0x00; /* Become master */
1712 else
1713 cp.role = 0x01; /* Remain slave */
1714
1715 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1716 } else /* lmp_esco_capable(hdev)) */ {
1717 struct hci_cp_accept_sync_conn_req cp;
1718
1719 bacpy(&cp.bdaddr, &conn->dst);
1720 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1721
1722 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1723 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1724 cp.max_latency = __constant_cpu_to_le16(0xffff);
1725 cp.content_format = cpu_to_le16(hdev->voice_setting);
1726 cp.retrans_effort = 0xff;
1727
1728 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1729 sizeof(cp), &cp);
1730 }
1731}
1732
6039aa73 1733static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1734{
a9de9248
MH		 1735 struct hci_ev_conn_request *ev = (void *) skb->data;
1736 int mask = hdev->link_mode;
20714bfe 1737 __u8 flags = 0;
1da177e4 1738
6ed93dc6 1739 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1740 ev->link_type);
1da177e4 1741
20714bfe
FD		 1742 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1743 &flags);
1da177e4 1744
138d22ef 1745 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1746 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1747 /* Connection accepted */
c7bdd502 1748 struct inquiry_entry *ie;
1da177e4 1749 struct hci_conn *conn;
1da177e4 1750
a9de9248 1751 hci_dev_lock(hdev);
b6a0dc82 1752
cc11b9c1
AE		 1753 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1754 if (ie)
c7bdd502
MH		 1755 memcpy(ie->data.dev_class, ev->dev_class, 3);
1756
8fc9ced3
GP		 1757 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1758 &ev->bdaddr);
a9de9248 1759 if (!conn) {
cc11b9c1
AE		 1760 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1761 if (!conn) {
893ef971 1762 BT_ERR("No memory for new connection");
a9de9248
MH		 1763 hci_dev_unlock(hdev);
1764 return;
1da177e4
LT		 1765 }
1766 }
b6a0dc82 1767
a9de9248 1768 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1769
a9de9248 1770 hci_dev_unlock(hdev);
1da177e4 1771
20714bfe
FD		 1772 if (ev->link_type == ACL_LINK ||
1773 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1774 struct hci_cp_accept_conn_req cp;
20714bfe 1775 conn->state = BT_CONNECT;
1da177e4 1776
b6a0dc82
MH		 1777 bacpy(&cp.bdaddr, &ev->bdaddr);
1778
1779 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1780 cp.role = 0x00; /* Become master */
1781 else
1782 cp.role = 0x01; /* Remain slave */
1783
04124681
GP		 1784 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1785 &cp);
20714bfe 1786 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1787 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1788 conn->state = BT_CONNECT;
b6a0dc82
MH		 1789
1790 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1791 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1792
82781e63
AE		 1793 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1794 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1795 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1796 cp.content_format = cpu_to_le16(hdev->voice_setting);
1797 cp.retrans_effort = 0xff;
1da177e4 1798
b6a0dc82 1799 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1800 sizeof(cp), &cp);
20714bfe
FD		 1801 } else {
1802 conn->state = BT_CONNECT2;
1803 hci_proto_connect_cfm(conn, 0);
1804 hci_conn_put(conn);
b6a0dc82 1805 }
a9de9248
MH		 1806 } else {
1807 /* Connection rejected */
1808 struct hci_cp_reject_conn_req cp;
1da177e4 1809
a9de9248 1810 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1811 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1812 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1813 }
1da177e4
LT		 1814}
1815
f0d6a0ea
MA		 1816static u8 hci_to_mgmt_reason(u8 err)
1817{
1818 switch (err) {
1819 case HCI_ERROR_CONNECTION_TIMEOUT:
1820 return MGMT_DEV_DISCONN_TIMEOUT;
1821 case HCI_ERROR_REMOTE_USER_TERM:
1822 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1823 case HCI_ERROR_REMOTE_POWER_OFF:
1824 return MGMT_DEV_DISCONN_REMOTE;
1825 case HCI_ERROR_LOCAL_HOST_TERM:
1826 return MGMT_DEV_DISCONN_LOCAL_HOST;
1827 default:
1828 return MGMT_DEV_DISCONN_UNKNOWN;
1829 }
1830}
1831
6039aa73 1832static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1833{
a9de9248 1834 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1835 struct hci_conn *conn;
1836
9f1db00c 1837 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1838
1839 hci_dev_lock(hdev);
1840
1841 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1842 if (!conn)
1843 goto unlock;
7d0db0a3 1844
37d9ef76
JH		 1845 if (ev->status == 0)
1846 conn->state = BT_CLOSED;
04837f64 1847
b644ba33 1848 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1849 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1850 if (ev->status) {
88c3df13 1851 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1852 conn->dst_type, ev->status);
f0d6a0ea
MA		 1853 } else {
1854 u8 reason = hci_to_mgmt_reason(ev->reason);
1855
afc747a6 1856 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1857 conn->dst_type, reason);
1858 }
37d9ef76 1859 }
f7520543 1860
37d9ef76 1861 if (ev->status == 0) {
6ec5bcad
VA		 1862 if (conn->type == ACL_LINK && conn->flush_key)
1863 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1864 hci_proto_disconn_cfm(conn, ev->reason);
1865 hci_conn_del(conn);
1866 }
f7520543
JH		 1867
1868unlock:
04837f64
MH		 1869 hci_dev_unlock(hdev);
1870}
1871
6039aa73 1872static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1873{
a9de9248 1874 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1875 struct hci_conn *conn;
1da177e4 1876
9f1db00c 1877 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1878
1879 hci_dev_lock(hdev);
1880
04837f64 1881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1882 if (!conn)
1883 goto unlock;
1884
1885 if (!ev->status) {
aa64a8b5 1886 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1887 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1888 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1889 } else {
d7556e20
WR		 1890 conn->link_mode |= HCI_LM_AUTH;
1891 conn->sec_level = conn->pending_sec_level;
2a611692 1892 }
d7556e20 1893 } else {
bab73cb6 1894 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1895 ev->status);
d7556e20 1896 }
1da177e4 1897
51a8efd7
JH		 1898 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1899 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1900
d7556e20 1901 if (conn->state == BT_CONFIG) {
aa64a8b5 1902 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1903 struct hci_cp_set_conn_encrypt cp;
1904 cp.handle = ev->handle;
1905 cp.encrypt = 0x01;
1906 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1907 &cp);
052b30b0 1908 } else {
d7556e20
WR		 1909 conn->state = BT_CONNECTED;
1910 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1911 hci_conn_put(conn);
1912 }
d7556e20
WR		 1913 } else {
1914 hci_auth_cfm(conn, ev->status);
052b30b0 1915
d7556e20
WR		 1916 hci_conn_hold(conn);
1917 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1918 hci_conn_put(conn);
1919 }
1920
51a8efd7 1921 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1922 if (!ev->status) {
1923 struct hci_cp_set_conn_encrypt cp;
1924 cp.handle = ev->handle;
1925 cp.encrypt = 0x01;
1926 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1927 &cp);
d7556e20 1928 } else {
51a8efd7 1929 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1930 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1931 }
1932 }
1933
d7556e20 1934unlock:
1da177e4
LT		 1935 hci_dev_unlock(hdev);
1936}
1937
6039aa73 1938static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1939{
127178d2
JH		 1940 struct hci_ev_remote_name *ev = (void *) skb->data;
1941 struct hci_conn *conn;
1942
a9de9248 1943 BT_DBG("%s", hdev->name);
1da177e4 1944
a9de9248 1945 hci_conn_check_pending(hdev);
127178d2
JH		 1946
1947 hci_dev_lock(hdev);
1948
b644ba33 1949 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1950
b644ba33
JH		 1951 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1952 goto check_auth;
a88a9652 1953
b644ba33
JH		 1954 if (ev->status == 0)
1955 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1956 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 1957 else
1958 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1959
1960check_auth:
79c6c70c
JH		 1961 if (!conn)
1962 goto unlock;
1963
1964 if (!hci_outgoing_auth_needed(hdev, conn))
1965 goto unlock;
1966
51a8efd7 1967 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1968 struct hci_cp_auth_requested cp;
1969 cp.handle = __cpu_to_le16(conn->handle);
1970 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1971 }
1972
79c6c70c 1973unlock:
127178d2 1974 hci_dev_unlock(hdev);
a9de9248
MH		 1975}
1976
6039aa73 1977static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 1978{
1979 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1980 struct hci_conn *conn;
1981
9f1db00c 1982 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1983
1984 hci_dev_lock(hdev);
1985
04837f64 1986 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1987 if (conn) {
1988 if (!ev->status) {
ae293196
MH		 1989 if (ev->encrypt) {
1990 /* Encryption implies authentication */
1991 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1992 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1993 conn->sec_level = conn->pending_sec_level;
ae293196 1994 } else
1da177e4
LT		 1995 conn->link_mode &= ~HCI_LM_ENCRYPT;
1996 }
1997
51a8efd7 1998 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1999
a7d7723a 2000 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 2001 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2002 hci_conn_put(conn);
2003 goto unlock;
2004 }
2005
f8558555
MH		 2006 if (conn->state == BT_CONFIG) {
2007 if (!ev->status)
2008 conn->state = BT_CONNECTED;
2009
2010 hci_proto_connect_cfm(conn, ev->status);
2011 hci_conn_put(conn);
2012 } else
2013 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2014 }
2015
a7d7723a 2016unlock:
1da177e4
LT		 2017 hci_dev_unlock(hdev);
2018}
2019
6039aa73
GP		 2020static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2021 struct sk_buff *skb)
1da177e4 2022{
a9de9248 2023 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2024 struct hci_conn *conn;
1da177e4 2025
9f1db00c 2026 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2027
2028 hci_dev_lock(hdev);
2029
04837f64 2030 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2031 if (conn) {
2032 if (!ev->status)
2033 conn->link_mode |= HCI_LM_SECURE;
2034
51a8efd7 2035 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2036
2037 hci_key_change_cfm(conn, ev->status);
2038 }
2039
2040 hci_dev_unlock(hdev);
2041}
2042
6039aa73
GP		 2043static void hci_remote_features_evt(struct hci_dev *hdev,
2044 struct sk_buff *skb)
1da177e4 2045{
a9de9248
MH		 2046 struct hci_ev_remote_features *ev = (void *) skb->data;
2047 struct hci_conn *conn;
2048
9f1db00c 2049 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2050
a9de9248
MH		 2051 hci_dev_lock(hdev);
2052
2053 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2054 if (!conn)
2055 goto unlock;
769be974 2056
ccd556fe
JH		 2057 if (!ev->status)
2058 memcpy(conn->features, ev->features, 8);
2059
2060 if (conn->state != BT_CONFIG)
2061 goto unlock;
2062
2063 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2064 struct hci_cp_read_remote_ext_features cp;
2065 cp.handle = ev->handle;
2066 cp.page = 0x01;
2067 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2068 sizeof(cp), &cp);
392599b9
JH		 2069 goto unlock;
2070 }
2071
671267bf 2072 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2073 struct hci_cp_remote_name_req cp;
2074 memset(&cp, 0, sizeof(cp));
2075 bacpy(&cp.bdaddr, &conn->dst);
2076 cp.pscan_rep_mode = 0x02;
2077 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2078 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2079 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2080 conn->dst_type, 0, NULL, 0,
2081 conn->dev_class);
392599b9 2082
127178d2 2083 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2084 conn->state = BT_CONNECTED;
2085 hci_proto_connect_cfm(conn, ev->status);
2086 hci_conn_put(conn);
769be974 2087 }
a9de9248 2088
ccd556fe 2089unlock:
a9de9248 2090 hci_dev_unlock(hdev);
1da177e4
LT		 2091}
2092
6039aa73 2093static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2094{
2095 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2096 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2097 __u16 opcode;
2098
2099 skb_pull(skb, sizeof(*ev));
2100
2101 opcode = __le16_to_cpu(ev->opcode);
2102
2103 switch (opcode) {
2104 case HCI_OP_INQUIRY_CANCEL:
2105 hci_cc_inquiry_cancel(hdev, skb);
2106 break;
2107
4d93483b
AG		 2108 case HCI_OP_PERIODIC_INQ:
2109 hci_cc_periodic_inq(hdev, skb);
2110 break;
2111
a9de9248
MH		 2112 case HCI_OP_EXIT_PERIODIC_INQ:
2113 hci_cc_exit_periodic_inq(hdev, skb);
2114 break;
2115
2116 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2117 hci_cc_remote_name_req_cancel(hdev, skb);
2118 break;
2119
2120 case HCI_OP_ROLE_DISCOVERY:
2121 hci_cc_role_discovery(hdev, skb);
2122 break;
2123
e4e8e37c
MH		 2124 case HCI_OP_READ_LINK_POLICY:
2125 hci_cc_read_link_policy(hdev, skb);
2126 break;
2127
a9de9248
MH		 2128 case HCI_OP_WRITE_LINK_POLICY:
2129 hci_cc_write_link_policy(hdev, skb);
2130 break;
2131
e4e8e37c
MH		 2132 case HCI_OP_READ_DEF_LINK_POLICY:
2133 hci_cc_read_def_link_policy(hdev, skb);
2134 break;
2135
2136 case HCI_OP_WRITE_DEF_LINK_POLICY:
2137 hci_cc_write_def_link_policy(hdev, skb);
2138 break;
2139
a9de9248
MH		 2140 case HCI_OP_RESET:
2141 hci_cc_reset(hdev, skb);
2142 break;
2143
2144 case HCI_OP_WRITE_LOCAL_NAME:
2145 hci_cc_write_local_name(hdev, skb);
2146 break;
2147
2148 case HCI_OP_READ_LOCAL_NAME:
2149 hci_cc_read_local_name(hdev, skb);
2150 break;
2151
2152 case HCI_OP_WRITE_AUTH_ENABLE:
2153 hci_cc_write_auth_enable(hdev, skb);
2154 break;
2155
2156 case HCI_OP_WRITE_ENCRYPT_MODE:
2157 hci_cc_write_encrypt_mode(hdev, skb);
2158 break;
2159
2160 case HCI_OP_WRITE_SCAN_ENABLE:
2161 hci_cc_write_scan_enable(hdev, skb);
2162 break;
2163
2164 case HCI_OP_READ_CLASS_OF_DEV:
2165 hci_cc_read_class_of_dev(hdev, skb);
2166 break;
2167
2168 case HCI_OP_WRITE_CLASS_OF_DEV:
2169 hci_cc_write_class_of_dev(hdev, skb);
2170 break;
2171
2172 case HCI_OP_READ_VOICE_SETTING:
2173 hci_cc_read_voice_setting(hdev, skb);
2174 break;
2175
2176 case HCI_OP_WRITE_VOICE_SETTING:
2177 hci_cc_write_voice_setting(hdev, skb);
2178 break;
2179
333140b5
MH		 2180 case HCI_OP_WRITE_SSP_MODE:
2181 hci_cc_write_ssp_mode(hdev, skb);
2182 break;
2183
a9de9248
MH		 2184 case HCI_OP_READ_LOCAL_VERSION:
2185 hci_cc_read_local_version(hdev, skb);
2186 break;
2187
2188 case HCI_OP_READ_LOCAL_COMMANDS:
2189 hci_cc_read_local_commands(hdev, skb);
2190 break;
2191
2192 case HCI_OP_READ_LOCAL_FEATURES:
2193 hci_cc_read_local_features(hdev, skb);
2194 break;
2195
971e3a4b
AG		 2196 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2197 hci_cc_read_local_ext_features(hdev, skb);
2198 break;
2199
a9de9248
MH		 2200 case HCI_OP_READ_BUFFER_SIZE:
2201 hci_cc_read_buffer_size(hdev, skb);
2202 break;
2203
2204 case HCI_OP_READ_BD_ADDR:
2205 hci_cc_read_bd_addr(hdev, skb);
2206 break;
2207
350ee4cf
AE		 2208 case HCI_OP_READ_DATA_BLOCK_SIZE:
2209 hci_cc_read_data_block_size(hdev, skb);
2210 break;
2211
1e89cffb
AE		 2212 case HCI_OP_READ_FLOW_CONTROL_MODE:
2213 hci_cc_read_flow_control_mode(hdev, skb);
2214 break;
2215
928abaa7
AE		 2216 case HCI_OP_READ_LOCAL_AMP_INFO:
2217 hci_cc_read_local_amp_info(hdev, skb);
2218 break;
2219
903e4541
AE		 2220 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2221 hci_cc_read_local_amp_assoc(hdev, skb);
2222 break;
2223
d5859e22
JH		 2224 case HCI_OP_READ_INQ_RSP_TX_POWER:
2225 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2226 break;
2227
980e1a53
JH		 2228 case HCI_OP_PIN_CODE_REPLY:
2229 hci_cc_pin_code_reply(hdev, skb);
2230 break;
2231
2232 case HCI_OP_PIN_CODE_NEG_REPLY:
2233 hci_cc_pin_code_neg_reply(hdev, skb);
2234 break;
2235
c35938b2
SJ		 2236 case HCI_OP_READ_LOCAL_OOB_DATA:
2237 hci_cc_read_local_oob_data_reply(hdev, skb);
2238 break;
2239
6ed58ec5
VT		 2240 case HCI_OP_LE_READ_BUFFER_SIZE:
2241 hci_cc_le_read_buffer_size(hdev, skb);
2242 break;
2243
60e77321
JH		 2244 case HCI_OP_LE_READ_LOCAL_FEATURES:
2245 hci_cc_le_read_local_features(hdev, skb);
2246 break;
2247
8fa19098
JH		 2248 case HCI_OP_LE_READ_ADV_TX_POWER:
2249 hci_cc_le_read_adv_tx_power(hdev, skb);
2250 break;
2251
a5c29683
JH		 2252 case HCI_OP_USER_CONFIRM_REPLY:
2253 hci_cc_user_confirm_reply(hdev, skb);
2254 break;
2255
2256 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2257 hci_cc_user_confirm_neg_reply(hdev, skb);
2258 break;
2259
1143d458
BG		 2260 case HCI_OP_USER_PASSKEY_REPLY:
2261 hci_cc_user_passkey_reply(hdev, skb);
2262 break;
2263
2264 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2265 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2266 break;
07f7fa5d
AG		 2267
2268 case HCI_OP_LE_SET_SCAN_PARAM:
2269 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2270 break;
2271
c1d5dc4a
JH		 2272 case HCI_OP_LE_SET_ADV_ENABLE:
2273 hci_cc_le_set_adv_enable(hdev, skb);
2274 break;
2275
eb9d91f5
AG		 2276 case HCI_OP_LE_SET_SCAN_ENABLE:
2277 hci_cc_le_set_scan_enable(hdev, skb);
2278 break;
2279
cf1d081f
JH		 2280 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2281 hci_cc_le_read_white_list_size(hdev, skb);
2282 break;
2283
9b008c04
JH		 2284 case HCI_OP_LE_READ_SUPPORTED_STATES:
2285 hci_cc_le_read_supported_states(hdev, skb);
2286 break;
2287
f9b49306
AG		 2288 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2289 hci_cc_write_le_host_supported(hdev, skb);
2290 break;
2291
93c284ee
AE		 2292 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2293 hci_cc_write_remote_amp_assoc(hdev, skb);
2294 break;
2295
a9de9248 2296 default:
9f1db00c 2297 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2298 break;
2299 }
2300
ad82cdd1 2301 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2302 del_timer(&hdev->cmd_timer);
2303
ad82cdd1 2304 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2305
dbccd791 2306 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2307 atomic_set(&hdev->cmd_cnt, 1);
2308 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2309 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2310 }
2311}
2312
6039aa73 2313static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2314{
2315 struct hci_ev_cmd_status *ev = (void *) skb->data;
2316 __u16 opcode;
2317
2318 skb_pull(skb, sizeof(*ev));
2319
2320 opcode = __le16_to_cpu(ev->opcode);
2321
2322 switch (opcode) {
2323 case HCI_OP_INQUIRY:
2324 hci_cs_inquiry(hdev, ev->status);
2325 break;
2326
2327 case HCI_OP_CREATE_CONN:
2328 hci_cs_create_conn(hdev, ev->status);
2329 break;
2330
2331 case HCI_OP_ADD_SCO:
2332 hci_cs_add_sco(hdev, ev->status);
2333 break;
2334
f8558555
MH		 2335 case HCI_OP_AUTH_REQUESTED:
2336 hci_cs_auth_requested(hdev, ev->status);
2337 break;
2338
2339 case HCI_OP_SET_CONN_ENCRYPT:
2340 hci_cs_set_conn_encrypt(hdev, ev->status);
2341 break;
2342
a9de9248
MH		 2343 case HCI_OP_REMOTE_NAME_REQ:
2344 hci_cs_remote_name_req(hdev, ev->status);
2345 break;
2346
769be974
MH		 2347 case HCI_OP_READ_REMOTE_FEATURES:
2348 hci_cs_read_remote_features(hdev, ev->status);
2349 break;
2350
2351 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2352 hci_cs_read_remote_ext_features(hdev, ev->status);
2353 break;
2354
a9de9248
MH		 2355 case HCI_OP_SETUP_SYNC_CONN:
2356 hci_cs_setup_sync_conn(hdev, ev->status);
2357 break;
2358
2359 case HCI_OP_SNIFF_MODE:
2360 hci_cs_sniff_mode(hdev, ev->status);
2361 break;
2362
2363 case HCI_OP_EXIT_SNIFF_MODE:
2364 hci_cs_exit_sniff_mode(hdev, ev->status);
2365 break;
2366
8962ee74 2367 case HCI_OP_DISCONNECT:
88c3df13 2368 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2369 break;
2370
fcd89c09
VT		 2371 case HCI_OP_LE_CREATE_CONN:
2372 hci_cs_le_create_conn(hdev, ev->status);
2373 break;
2374
a02226d6
AE		 2375 case HCI_OP_CREATE_PHY_LINK:
2376 hci_cs_create_phylink(hdev, ev->status);
2377 break;
2378
0b26ab9d
AE		 2379 case HCI_OP_ACCEPT_PHY_LINK:
2380 hci_cs_accept_phylink(hdev, ev->status);
2381 break;
2382
a9de9248 2383 default:
9f1db00c 2384 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2385 break;
2386 }
2387
ad82cdd1 2388 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2389 del_timer(&hdev->cmd_timer);
2390
ad82cdd1 2391 hci_req_cmd_status(hdev, opcode, ev->status);
9238f36a 2392
10572132 2393 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2394 atomic_set(&hdev->cmd_cnt, 1);
2395 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2396 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2397 }
2398}
2399
6039aa73 2400static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2401{
2402 struct hci_ev_role_change *ev = (void *) skb->data;
2403 struct hci_conn *conn;
2404
9f1db00c 2405 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2406
2407 hci_dev_lock(hdev);
2408
2409 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2410 if (conn) {
2411 if (!ev->status) {
2412 if (ev->role)
2413 conn->link_mode &= ~HCI_LM_MASTER;
2414 else
2415 conn->link_mode |= HCI_LM_MASTER;
2416 }
2417
51a8efd7 2418 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2419
2420 hci_role_switch_cfm(conn, ev->status, ev->role);
2421 }
2422
2423 hci_dev_unlock(hdev);
2424}
2425
6039aa73 2426static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2427{
2428 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2429 int i;
2430
32ac5b9b
AE		 2431 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2432 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2433 return;
2434 }
2435
c5993de8 2436 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2437 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2438 BT_DBG("%s bad parameters", hdev->name);
2439 return;
2440 }
2441
c5993de8
AE		 2442 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2443
613a1c0c
AE		 2444 for (i = 0; i < ev->num_hndl; i++) {
2445 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2446 struct hci_conn *conn;
2447 __u16 handle, count;
2448
613a1c0c
AE		 2449 handle = __le16_to_cpu(info->handle);
2450 count = __le16_to_cpu(info->count);
a9de9248
MH		 2451
2452 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2453 if (!conn)
2454 continue;
2455
2456 conn->sent -= count;
2457
2458 switch (conn->type) {
2459 case ACL_LINK:
2460 hdev->acl_cnt += count;
2461 if (hdev->acl_cnt > hdev->acl_pkts)
2462 hdev->acl_cnt = hdev->acl_pkts;
2463 break;
2464
2465 case LE_LINK:
2466 if (hdev->le_pkts) {
2467 hdev->le_cnt += count;
2468 if (hdev->le_cnt > hdev->le_pkts)
2469 hdev->le_cnt = hdev->le_pkts;
2470 } else {
70f23020
AE		 2471 hdev->acl_cnt += count;
2472 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2473 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2474 }
f4280918
AE		 2475 break;
2476
2477 case SCO_LINK:
2478 hdev->sco_cnt += count;
2479 if (hdev->sco_cnt > hdev->sco_pkts)
2480 hdev->sco_cnt = hdev->sco_pkts;
2481 break;
2482
2483 default:
2484 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2485 break;
a9de9248
MH		 2486 }
2487 }
2488
3eff45ea 2489 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2490}
2491
76ef7cf7
AE		 2492static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2493 __u16 handle)
2494{
2495 struct hci_chan *chan;
2496
2497 switch (hdev->dev_type) {
2498 case HCI_BREDR:
2499 return hci_conn_hash_lookup_handle(hdev, handle);
2500 case HCI_AMP:
2501 chan = hci_chan_lookup_handle(hdev, handle);
2502 if (chan)
2503 return chan->conn;
2504 break;
2505 default:
2506 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2507 break;
2508 }
2509
2510 return NULL;
2511}
2512
6039aa73 2513static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2514{
2515 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2516 int i;
2517
2518 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2519 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2520 return;
2521 }
2522
2523 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2524 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2525 BT_DBG("%s bad parameters", hdev->name);
2526 return;
2527 }
2528
2529 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2530 ev->num_hndl);
25e89e99
AE		 2531
2532 for (i = 0; i < ev->num_hndl; i++) {
2533 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2534 struct hci_conn *conn = NULL;
25e89e99
AE		 2535 __u16 handle, block_count;
2536
2537 handle = __le16_to_cpu(info->handle);
2538 block_count = __le16_to_cpu(info->blocks);
2539
76ef7cf7 2540 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2541 if (!conn)
2542 continue;
2543
2544 conn->sent -= block_count;
2545
2546 switch (conn->type) {
2547 case ACL_LINK:
bd1eb66b 2548 case AMP_LINK:
25e89e99
AE		 2549 hdev->block_cnt += block_count;
2550 if (hdev->block_cnt > hdev->num_blocks)
2551 hdev->block_cnt = hdev->num_blocks;
2552 break;
2553
2554 default:
2555 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2556 break;
2557 }
2558 }
2559
2560 queue_work(hdev->workqueue, &hdev->tx_work);
2561}
2562
6039aa73 2563static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2564{
a9de9248 2565 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2566 struct hci_conn *conn;
2567
9f1db00c 2568 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2569
2570 hci_dev_lock(hdev);
2571
2572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2573 if (conn) {
2574 conn->mode = ev->mode;
2575 conn->interval = __le16_to_cpu(ev->interval);
2576
8fc9ced3
GP		 2577 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2578 &conn->flags)) {
a9de9248 2579 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2580 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2581 else
58a681ef 2582 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2583 }
e73439d8 2584
51a8efd7 2585 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2586 hci_sco_setup(conn, ev->status);
04837f64
MH		 2587 }
2588
2589 hci_dev_unlock(hdev);
2590}
2591
6039aa73 2592static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2593{
052b30b0
MH		 2594 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2595 struct hci_conn *conn;
2596
a9de9248 2597 BT_DBG("%s", hdev->name);
052b30b0
MH		 2598
2599 hci_dev_lock(hdev);
2600
2601 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2602 if (!conn)
2603 goto unlock;
2604
2605 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2606 hci_conn_hold(conn);
2607 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2608 hci_conn_put(conn);
2609 }
2610
a8b2d5c2 2611 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2612 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2613 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2614 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2615 u8 secure;
2616
2617 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2618 secure = 1;
2619 else
2620 secure = 0;
2621
744cf19e 2622 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2623 }
980e1a53 2624
b6f98044 2625unlock:
052b30b0 2626 hci_dev_unlock(hdev);
a9de9248
MH		 2627}
2628
6039aa73 2629static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2630{
55ed8ca1
JH		 2631 struct hci_ev_link_key_req *ev = (void *) skb->data;
2632 struct hci_cp_link_key_reply cp;
2633 struct hci_conn *conn;
2634 struct link_key *key;
2635
a9de9248 2636 BT_DBG("%s", hdev->name);
55ed8ca1 2637
a8b2d5c2 2638 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2639 return;
2640
2641 hci_dev_lock(hdev);
2642
2643 key = hci_find_link_key(hdev, &ev->bdaddr);
2644 if (!key) {
6ed93dc6
AE		 2645 BT_DBG("%s link key not found for %pMR", hdev->name,
2646 &ev->bdaddr);
55ed8ca1
JH		 2647 goto not_found;
2648 }
2649
6ed93dc6
AE		 2650 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2651 &ev->bdaddr);
55ed8ca1 2652
a8b2d5c2 2653 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2654 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2655 BT_DBG("%s ignoring debug key", hdev->name);
2656 goto not_found;
2657 }
2658
2659 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2660 if (conn) {
2661 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2662 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2663 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2664 goto not_found;
2665 }
55ed8ca1 2666
60b83f57 2667 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2668 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2669 BT_DBG("%s ignoring key unauthenticated for high security",
2670 hdev->name);
60b83f57
WR		 2671 goto not_found;
2672 }
2673
2674 conn->key_type = key->type;
2675 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2676 }
2677
2678 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2679 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2680
2681 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2682
2683 hci_dev_unlock(hdev);
2684
2685 return;
2686
2687not_found:
2688 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2689 hci_dev_unlock(hdev);
a9de9248
MH		 2690}
2691
6039aa73 2692static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2693{
052b30b0
MH		 2694 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2695 struct hci_conn *conn;
55ed8ca1 2696 u8 pin_len = 0;
052b30b0 2697
a9de9248 2698 BT_DBG("%s", hdev->name);
052b30b0
MH		 2699
2700 hci_dev_lock(hdev);
2701
2702 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2703 if (conn) {
2704 hci_conn_hold(conn);
2705 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2706 pin_len = conn->pin_length;
13d39315
WR		 2707
2708 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2709 conn->key_type = ev->key_type;
2710
052b30b0
MH		 2711 hci_conn_put(conn);
2712 }
2713
a8b2d5c2 2714 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2715 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2716 ev->key_type, pin_len);
55ed8ca1 2717
052b30b0 2718 hci_dev_unlock(hdev);
a9de9248
MH		 2719}
2720
6039aa73 2721static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2722{
a9de9248 2723 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2724 struct hci_conn *conn;
1da177e4 2725
9f1db00c 2726 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2727
2728 hci_dev_lock(hdev);
2729
04837f64 2730 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2731 if (conn && !ev->status) {
2732 struct inquiry_entry *ie;
2733
cc11b9c1
AE		 2734 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2735 if (ie) {
1da177e4
LT		 2736 ie->data.clock_offset = ev->clock_offset;
2737 ie->timestamp = jiffies;
2738 }
2739 }
2740
2741 hci_dev_unlock(hdev);
2742}
2743
6039aa73 2744static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2745{
2746 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2747 struct hci_conn *conn;
2748
9f1db00c 2749 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2750
2751 hci_dev_lock(hdev);
2752
2753 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2754 if (conn && !ev->status)
2755 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2756
2757 hci_dev_unlock(hdev);
2758}
2759
6039aa73 2760static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2761{
a9de9248 2762 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2763 struct inquiry_entry *ie;
2764
2765 BT_DBG("%s", hdev->name);
2766
2767 hci_dev_lock(hdev);
2768
cc11b9c1
AE		 2769 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2770 if (ie) {
85a1e930
MH		 2771 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2772 ie->timestamp = jiffies;
2773 }
2774
2775 hci_dev_unlock(hdev);
2776}
2777
6039aa73
GP		 2778static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2779 struct sk_buff *skb)
a9de9248
MH		 2780{
2781 struct inquiry_data data;
2782 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2783 bool name_known, ssp;
a9de9248
MH		 2784
2785 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2786
2787 if (!num_rsp)
2788 return;
2789
1519cc17
AG		 2790 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2791 return;
2792
a9de9248
MH		 2793 hci_dev_lock(hdev);
2794
2795 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2796 struct inquiry_info_with_rssi_and_pscan_mode *info;
2797 info = (void *) (skb->data + 1);
a9de9248 2798
e17acd40 2799 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2800 bacpy(&data.bdaddr, &info->bdaddr);
2801 data.pscan_rep_mode = info->pscan_rep_mode;
2802 data.pscan_period_mode = info->pscan_period_mode;
2803 data.pscan_mode = info->pscan_mode;
2804 memcpy(data.dev_class, info->dev_class, 3);
2805 data.clock_offset = info->clock_offset;
2806 data.rssi = info->rssi;
41a96212 2807 data.ssp_mode = 0x00;
3175405b
JH		 2808
2809 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2810 false, &ssp);
48264f06 2811 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2812 info->dev_class, info->rssi,
2813 !name_known, ssp, NULL, 0);
a9de9248
MH		 2814 }
2815 } else {
2816 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2817
e17acd40 2818 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2819 bacpy(&data.bdaddr, &info->bdaddr);
2820 data.pscan_rep_mode = info->pscan_rep_mode;
2821 data.pscan_period_mode = info->pscan_period_mode;
2822 data.pscan_mode = 0x00;
2823 memcpy(data.dev_class, info->dev_class, 3);
2824 data.clock_offset = info->clock_offset;
2825 data.rssi = info->rssi;
41a96212 2826 data.ssp_mode = 0x00;
3175405b 2827 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2828 false, &ssp);
48264f06 2829 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2830 info->dev_class, info->rssi,
2831 !name_known, ssp, NULL, 0);
a9de9248
MH		 2832 }
2833 }
2834
2835 hci_dev_unlock(hdev);
2836}
2837
6039aa73
GP		 2838static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2839 struct sk_buff *skb)
a9de9248 2840{
41a96212
MH		 2841 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2842 struct hci_conn *conn;
2843
a9de9248 2844 BT_DBG("%s", hdev->name);
41a96212 2845
41a96212
MH		 2846 hci_dev_lock(hdev);
2847
2848 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2849 if (!conn)
2850 goto unlock;
41a96212 2851
ccd556fe
JH		 2852 if (!ev->status && ev->page == 0x01) {
2853 struct inquiry_entry *ie;
41a96212 2854
cc11b9c1
AE		 2855 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2856 if (ie)
02b7cc62 2857 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2858
02b7cc62 2859 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2860 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2861 }
2862
2863 if (conn->state != BT_CONFIG)
2864 goto unlock;
2865
671267bf 2866 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2867 struct hci_cp_remote_name_req cp;
2868 memset(&cp, 0, sizeof(cp));
2869 bacpy(&cp.bdaddr, &conn->dst);
2870 cp.pscan_rep_mode = 0x02;
2871 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2872 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2873 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2874 conn->dst_type, 0, NULL, 0,
2875 conn->dev_class);
392599b9 2876
127178d2 2877 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2878 conn->state = BT_CONNECTED;
2879 hci_proto_connect_cfm(conn, ev->status);
2880 hci_conn_put(conn);
41a96212
MH		 2881 }
2882
ccd556fe 2883unlock:
41a96212 2884 hci_dev_unlock(hdev);
a9de9248
MH		 2885}
2886
6039aa73
GP		 2887static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2888 struct sk_buff *skb)
a9de9248 2889{
b6a0dc82
MH		 2890 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2891 struct hci_conn *conn;
2892
9f1db00c 2893 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2894
2895 hci_dev_lock(hdev);
2896
2897 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2898 if (!conn) {
2899 if (ev->link_type == ESCO_LINK)
2900 goto unlock;
2901
2902 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2903 if (!conn)
2904 goto unlock;
2905
2906 conn->type = SCO_LINK;
2907 }
b6a0dc82 2908
732547f9
MH		 2909 switch (ev->status) {
2910 case 0x00:
b6a0dc82
MH		 2911 conn->handle = __le16_to_cpu(ev->handle);
2912 conn->state = BT_CONNECTED;
7d0db0a3 2913
9eba32b8 2914 hci_conn_hold_device(conn);
7d0db0a3 2915 hci_conn_add_sysfs(conn);
732547f9
MH		 2916 break;
2917
705e5711 2918 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2919 case 0x1c: /* SCO interval rejected */
1038a00b 2920 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2921 case 0x1f: /* Unspecified error */
2922 if (conn->out && conn->attempt < 2) {
2923 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2924 (hdev->esco_type & EDR_ESCO_MASK);
2925 hci_setup_sync(conn, conn->link->handle);
2926 goto unlock;
2927 }
2928 /* fall through */
2929
2930 default:
b6a0dc82 2931 conn->state = BT_CLOSED;
732547f9
MH		 2932 break;
2933 }
b6a0dc82
MH		 2934
2935 hci_proto_connect_cfm(conn, ev->status);
2936 if (ev->status)
2937 hci_conn_del(conn);
2938
2939unlock:
2940 hci_dev_unlock(hdev);
a9de9248
MH		 2941}
2942
6039aa73
GP		 2943static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2944 struct sk_buff *skb)
1da177e4 2945{
a9de9248
MH		 2946 struct inquiry_data data;
2947 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2948 int num_rsp = *((__u8 *) skb->data);
9d939d94 2949 size_t eir_len;
1da177e4 2950
a9de9248 2951 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2952
a9de9248
MH		 2953 if (!num_rsp)
2954 return;
1da177e4 2955
1519cc17
AG		 2956 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2957 return;
2958
a9de9248
MH		 2959 hci_dev_lock(hdev);
2960
e17acd40 2961 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2962 bool name_known, ssp;
561aafbc 2963
a9de9248 2964 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2965 data.pscan_rep_mode = info->pscan_rep_mode;
2966 data.pscan_period_mode = info->pscan_period_mode;
2967 data.pscan_mode = 0x00;
a9de9248 2968 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2969 data.clock_offset = info->clock_offset;
2970 data.rssi = info->rssi;
41a96212 2971 data.ssp_mode = 0x01;
561aafbc 2972
a8b2d5c2 2973 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2974 name_known = eir_has_data_type(info->data,
04124681
GP		 2975 sizeof(info->data),
2976 EIR_NAME_COMPLETE);
561aafbc
JH		 2977 else
2978 name_known = true;
2979
388fc8fa 2980 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 2981 &ssp);
9d939d94 2982 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 2983 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 2984 info->dev_class, info->rssi, !name_known,
9d939d94 2985 ssp, info->data, eir_len);
a9de9248
MH		 2986 }
2987
2988 hci_dev_unlock(hdev);
2989}
1da177e4 2990
1c2e0041
JH		 2991static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2992 struct sk_buff *skb)
2993{
2994 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2995 struct hci_conn *conn;
2996
9f1db00c 2997 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 2998 __le16_to_cpu(ev->handle));
2999
3000 hci_dev_lock(hdev);
3001
3002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3003 if (!conn)
3004 goto unlock;
3005
3006 if (!ev->status)
3007 conn->sec_level = conn->pending_sec_level;
3008
3009 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3010
3011 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3012 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1c2e0041
JH		 3013 hci_conn_put(conn);
3014 goto unlock;
3015 }
3016
3017 if (conn->state == BT_CONFIG) {
3018 if (!ev->status)
3019 conn->state = BT_CONNECTED;
3020
3021 hci_proto_connect_cfm(conn, ev->status);
3022 hci_conn_put(conn);
3023 } else {
3024 hci_auth_cfm(conn, ev->status);
3025
3026 hci_conn_hold(conn);
3027 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3028 hci_conn_put(conn);
3029 }
3030
3031unlock:
3032 hci_dev_unlock(hdev);
3033}
3034
6039aa73 3035static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3036{
3037 /* If remote requests dedicated bonding follow that lead */
3038 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3039 /* If both remote and local IO capabilities allow MITM
3040 * protection then require it, otherwise don't */
3041 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3042 return 0x02;
3043 else
3044 return 0x03;
3045 }
3046
3047 /* If remote requests no-bonding follow that lead */
3048 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3049 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3050
3051 return conn->auth_type;
3052}
3053
6039aa73 3054static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3055{
3056 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3057 struct hci_conn *conn;
3058
3059 BT_DBG("%s", hdev->name);
3060
3061 hci_dev_lock(hdev);
3062
3063 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3064 if (!conn)
3065 goto unlock;
3066
3067 hci_conn_hold(conn);
3068
a8b2d5c2 3069 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3070 goto unlock;
3071
a8b2d5c2 3072 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3073 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3074 struct hci_cp_io_capability_reply cp;
3075
3076 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3077 /* Change the IO capability from KeyboardDisplay
3078 * to DisplayYesNo as it is not supported by BT spec. */
3079 cp.capability = (conn->io_capability == 0x04) ?
3080 0x01 : conn->io_capability;
7cbc9bd9
JH		 3081 conn->auth_type = hci_get_auth_req(conn);
3082 cp.authentication = conn->auth_type;
17fa4b9d 3083
8fc9ced3
GP		 3084 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3085 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3086 cp.oob_data = 0x01;
3087 else
3088 cp.oob_data = 0x00;
3089
17fa4b9d 3090 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3091 sizeof(cp), &cp);
03b555e1
JH		 3092 } else {
3093 struct hci_cp_io_capability_neg_reply cp;
3094
3095 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3096 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3097
03b555e1 3098 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3099 sizeof(cp), &cp);
03b555e1
JH		 3100 }
3101
3102unlock:
3103 hci_dev_unlock(hdev);
3104}
3105
6039aa73 3106static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3107{
3108 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3109 struct hci_conn *conn;
3110
3111 BT_DBG("%s", hdev->name);
3112
3113 hci_dev_lock(hdev);
3114
3115 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3116 if (!conn)
3117 goto unlock;
3118
03b555e1 3119 conn->remote_cap = ev->capability;
03b555e1 3120 conn->remote_auth = ev->authentication;
58a681ef
JH		 3121 if (ev->oob_data)
3122 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3123
3124unlock:
0493684e
MH		 3125 hci_dev_unlock(hdev);
3126}
3127
6039aa73
GP		 3128static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3129 struct sk_buff *skb)
a5c29683
JH		 3130{
3131 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3132 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3133 struct hci_conn *conn;
a5c29683
JH		 3134
3135 BT_DBG("%s", hdev->name);
3136
3137 hci_dev_lock(hdev);
3138
a8b2d5c2 3139 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3140 goto unlock;
a5c29683 3141
7a828908
JH		 3142 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3143 if (!conn)
3144 goto unlock;
3145
3146 loc_mitm = (conn->auth_type & 0x01);
3147 rem_mitm = (conn->remote_auth & 0x01);
3148
3149 /* If we require MITM but the remote device can't provide that
3150 * (it has NoInputNoOutput) then reject the confirmation
3151 * request. The only exception is when we're dedicated bonding
3152 * initiators (connect_cfm_cb set) since then we always have the MITM
3153 * bit set. */
3154 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3155 BT_DBG("Rejecting request: remote device can't provide MITM");
3156 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3157 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3158 goto unlock;
3159 }
3160
3161 /* If no side requires MITM protection; auto-accept */
3162 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3163 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3164
3165 /* If we're not the initiators request authorization to
3166 * proceed from user space (mgmt_user_confirm with
3167 * confirm_hint set to 1). */
51a8efd7 3168 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3169 BT_DBG("Confirming auto-accept as acceptor");
3170 confirm_hint = 1;
3171 goto confirm;
3172 }
3173
9f61656a 3174 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3175 hdev->auto_accept_delay);
9f61656a
JH		 3176
3177 if (hdev->auto_accept_delay > 0) {
3178 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3179 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3180 goto unlock;
3181 }
3182
7a828908 3183 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3184 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3185 goto unlock;
3186 }
3187
55bc1a37 3188confirm:
272d90df 3189 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3190 confirm_hint);
7a828908
JH		 3191
3192unlock:
a5c29683
JH		 3193 hci_dev_unlock(hdev);
3194}
3195
6039aa73
GP		 3196static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
1143d458
BG		 3198{
3199 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3200
3201 BT_DBG("%s", hdev->name);
3202
a8b2d5c2 3203 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3204 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3205}
3206
92a25256
JH		 3207static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3208 struct sk_buff *skb)
3209{
3210 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3211 struct hci_conn *conn;
3212
3213 BT_DBG("%s", hdev->name);
3214
3215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3216 if (!conn)
3217 return;
3218
3219 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3220 conn->passkey_entered = 0;
3221
3222 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3223 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3224 conn->dst_type, conn->passkey_notify,
3225 conn->passkey_entered);
3226}
3227
3228static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3229{
3230 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3231 struct hci_conn *conn;
3232
3233 BT_DBG("%s", hdev->name);
3234
3235 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3236 if (!conn)
3237 return;
3238
3239 switch (ev->type) {
3240 case HCI_KEYPRESS_STARTED:
3241 conn->passkey_entered = 0;
3242 return;
3243
3244 case HCI_KEYPRESS_ENTERED:
3245 conn->passkey_entered++;
3246 break;
3247
3248 case HCI_KEYPRESS_ERASED:
3249 conn->passkey_entered--;
3250 break;
3251
3252 case HCI_KEYPRESS_CLEARED:
3253 conn->passkey_entered = 0;
3254 break;
3255
3256 case HCI_KEYPRESS_COMPLETED:
3257 return;
3258 }
3259
3260 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3261 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3262 conn->dst_type, conn->passkey_notify,
3263 conn->passkey_entered);
3264}
3265
6039aa73
GP		 3266static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3267 struct sk_buff *skb)
0493684e
MH		 3268{
3269 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3270 struct hci_conn *conn;
3271
3272 BT_DBG("%s", hdev->name);
3273
3274 hci_dev_lock(hdev);
3275
3276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3277 if (!conn)
3278 goto unlock;
3279
3280 /* To avoid duplicate auth_failed events to user space we check
3281 * the HCI_CONN_AUTH_PEND flag which will be set if we
3282 * initiated the authentication. A traditional auth_complete
3283 * event gets always produced as initiator and is also mapped to
3284 * the mgmt_auth_failed event */
fa1bd918 3285 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3286 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3287 ev->status);
0493684e 3288
2a611692
JH		 3289 hci_conn_put(conn);
3290
3291unlock:
0493684e
MH		 3292 hci_dev_unlock(hdev);
3293}
3294
6039aa73
GP		 3295static void hci_remote_host_features_evt(struct hci_dev *hdev,
3296 struct sk_buff *skb)
41a96212
MH		 3297{
3298 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3299 struct inquiry_entry *ie;
3300
3301 BT_DBG("%s", hdev->name);
3302
3303 hci_dev_lock(hdev);
3304
cc11b9c1
AE		 3305 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3306 if (ie)
02b7cc62 3307 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3308
3309 hci_dev_unlock(hdev);
3310}
3311
6039aa73
GP		 3312static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3313 struct sk_buff *skb)
2763eda6
SJ		 3314{
3315 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3316 struct oob_data *data;
3317
3318 BT_DBG("%s", hdev->name);
3319
3320 hci_dev_lock(hdev);
3321
a8b2d5c2 3322 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3323 goto unlock;
3324
2763eda6
SJ		 3325 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3326 if (data) {
3327 struct hci_cp_remote_oob_data_reply cp;
3328
3329 bacpy(&cp.bdaddr, &ev->bdaddr);
3330 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3331 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3332
3333 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3334 &cp);
2763eda6
SJ		 3335 } else {
3336 struct hci_cp_remote_oob_data_neg_reply cp;
3337
3338 bacpy(&cp.bdaddr, &ev->bdaddr);
3339 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3340 &cp);
2763eda6
SJ		 3341 }
3342
e1ba1f15 3343unlock:
2763eda6
SJ		 3344 hci_dev_unlock(hdev);
3345}
3346
d5e91192
AE		 3347static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3348 struct sk_buff *skb)
3349{
3350 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3351 struct hci_conn *hcon, *bredr_hcon;
3352
3353 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3354 ev->status);
3355
3356 hci_dev_lock(hdev);
3357
3358 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3359 if (!hcon) {
3360 hci_dev_unlock(hdev);
3361 return;
3362 }
3363
3364 if (ev->status) {
3365 hci_conn_del(hcon);
3366 hci_dev_unlock(hdev);
3367 return;
3368 }
3369
3370 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3371
3372 hcon->state = BT_CONNECTED;
3373 bacpy(&hcon->dst, &bredr_hcon->dst);
3374
3375 hci_conn_hold(hcon);
3376 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3377 hci_conn_put(hcon);
3378
3379 hci_conn_hold_device(hcon);
3380 hci_conn_add_sysfs(hcon);
3381
cf70ff22 3382 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3383
cf70ff22 3384 hci_dev_unlock(hdev);
d5e91192
AE		 3385}
3386
27695fb4
AE		 3387static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3388{
3389 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3390 struct hci_conn *hcon;
3391 struct hci_chan *hchan;
3392 struct amp_mgr *mgr;
3393
3394 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3395 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3396 ev->status);
3397
3398 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3399 if (!hcon)
3400 return;
3401
3402 /* Create AMP hchan */
3403 hchan = hci_chan_create(hcon);
3404 if (!hchan)
3405 return;
3406
3407 hchan->handle = le16_to_cpu(ev->handle);
3408
3409 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3410
3411 mgr = hcon->amp_mgr;
3412 if (mgr && mgr->bredr_chan) {
3413 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3414
3415 l2cap_chan_lock(bredr_chan);
3416
3417 bredr_chan->conn->mtu = hdev->block_mtu;
3418 l2cap_logical_cfm(bredr_chan, hchan, 0);
3419 hci_conn_hold(hcon);
3420
3421 l2cap_chan_unlock(bredr_chan);
3422 }
3423}
3424
606e2a10
AE		 3425static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3426 struct sk_buff *skb)
3427{
3428 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3429 struct hci_chan *hchan;
3430
3431 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3432 le16_to_cpu(ev->handle), ev->status);
3433
3434 if (ev->status)
3435 return;
3436
3437 hci_dev_lock(hdev);
3438
3439 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3440 if (!hchan)
3441 goto unlock;
3442
3443 amp_destroy_logical_link(hchan, ev->reason);
3444
3445unlock:
3446 hci_dev_unlock(hdev);
3447}
3448
9eef6b3a
AE		 3449static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3450 struct sk_buff *skb)
3451{
3452 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3453 struct hci_conn *hcon;
3454
3455 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3456
3457 if (ev->status)
3458 return;
3459
3460 hci_dev_lock(hdev);
3461
3462 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3463 if (hcon) {
3464 hcon->state = BT_CLOSED;
3465 hci_conn_del(hcon);
3466 }
3467
3468 hci_dev_unlock(hdev);
3469}
3470
6039aa73 3471static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3472{
3473 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3474 struct hci_conn *conn;
3475
9f1db00c 3476 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3477
3478 hci_dev_lock(hdev);
3479
b47a09b3 3480 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3481 if (!conn) {
3482 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3483 if (!conn) {
3484 BT_ERR("No memory for new connection");
230fd16a 3485 goto unlock;
b62f328b 3486 }
29b7988a
AG		 3487
3488 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3489
3490 if (ev->role == LE_CONN_ROLE_MASTER) {
3491 conn->out = true;
3492 conn->link_mode |= HCI_LM_MASTER;
3493 }
b62f328b 3494 }
fcd89c09 3495
cd17decb
AG		 3496 if (ev->status) {
3497 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3498 conn->dst_type, ev->status);
3499 hci_proto_connect_cfm(conn, ev->status);
3500 conn->state = BT_CLOSED;
3501 hci_conn_del(conn);
3502 goto unlock;
3503 }
3504
b644ba33
JH		 3505 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3506 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3507 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3508
7b5c0d52 3509 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3510 conn->handle = __le16_to_cpu(ev->handle);
3511 conn->state = BT_CONNECTED;
3512
3513 hci_conn_hold_device(conn);
3514 hci_conn_add_sysfs(conn);
3515
3516 hci_proto_connect_cfm(conn, ev->status);
3517
3518unlock:
3519 hci_dev_unlock(hdev);
3520}
3521
6039aa73 3522static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3523{
e95beb41
AG		 3524 u8 num_reports = skb->data[0];
3525 void *ptr = &skb->data[1];
3c9e9195 3526 s8 rssi;
9aa04c91 3527
e95beb41
AG		 3528 while (num_reports--) {
3529 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3530
3c9e9195
AG		 3531 rssi = ev->data[ev->length];
3532 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3533 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3534
e95beb41 3535 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3536 }
9aa04c91
AG		 3537}
3538
6039aa73 3539static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3540{
3541 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3542 struct hci_cp_le_ltk_reply cp;
bea710fe 3543 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3544 struct hci_conn *conn;
c9839a11 3545 struct smp_ltk *ltk;
a7a595f6 3546
9f1db00c 3547 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3548
3549 hci_dev_lock(hdev);
3550
3551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3552 if (conn == NULL)
3553 goto not_found;
a7a595f6 3554
bea710fe
VCG		 3555 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3556 if (ltk == NULL)
3557 goto not_found;
3558
3559 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3560 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3561
3562 if (ltk->authenticated)
3563 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3564
3565 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3566
c9839a11
VCG		 3567 if (ltk->type & HCI_SMP_STK) {
3568 list_del(&ltk->list);
3569 kfree(ltk);
3570 }
3571
a7a595f6 3572 hci_dev_unlock(hdev);
bea710fe
VCG		 3573
3574 return;
3575
3576not_found:
3577 neg.handle = ev->handle;
3578 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3579 hci_dev_unlock(hdev);
a7a595f6
VCG		 3580}
3581
6039aa73 3582static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3583{
3584 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3585
3586 skb_pull(skb, sizeof(*le_ev));
3587
3588 switch (le_ev->subevent) {
3589 case HCI_EV_LE_CONN_COMPLETE:
3590 hci_le_conn_complete_evt(hdev, skb);
3591 break;
3592
9aa04c91
AG		 3593 case HCI_EV_LE_ADVERTISING_REPORT:
3594 hci_le_adv_report_evt(hdev, skb);
3595 break;
3596
a7a595f6
VCG		 3597 case HCI_EV_LE_LTK_REQ:
3598 hci_le_ltk_request_evt(hdev, skb);
3599 break;
3600
fcd89c09
VT		 3601 default:
3602 break;
3603 }
3604}
3605
9495b2ee
AE		 3606static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3607{
3608 struct hci_ev_channel_selected *ev = (void *) skb->data;
3609 struct hci_conn *hcon;
3610
3611 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3612
3613 skb_pull(skb, sizeof(*ev));
3614
3615 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3616 if (!hcon)
3617 return;
3618
3619 amp_read_loc_assoc_final_data(hdev, hcon);
3620}
3621
a9de9248
MH		 3622void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3623{
3624 struct hci_event_hdr *hdr = (void *) skb->data;
3625 __u8 event = hdr->evt;
3626
3627 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3628
3629 switch (event) {
1da177e4
LT		 3630 case HCI_EV_INQUIRY_COMPLETE:
3631 hci_inquiry_complete_evt(hdev, skb);
3632 break;
3633
3634 case HCI_EV_INQUIRY_RESULT:
3635 hci_inquiry_result_evt(hdev, skb);
3636 break;
3637
a9de9248
MH		 3638 case HCI_EV_CONN_COMPLETE:
3639 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3640 break;
3641
1da177e4
LT		 3642 case HCI_EV_CONN_REQUEST:
3643 hci_conn_request_evt(hdev, skb);
3644 break;
3645
1da177e4
LT		 3646 case HCI_EV_DISCONN_COMPLETE:
3647 hci_disconn_complete_evt(hdev, skb);
3648 break;
3649
1da177e4
LT		 3650 case HCI_EV_AUTH_COMPLETE:
3651 hci_auth_complete_evt(hdev, skb);
3652 break;
3653
a9de9248
MH		 3654 case HCI_EV_REMOTE_NAME:
3655 hci_remote_name_evt(hdev, skb);
3656 break;
3657
1da177e4
LT		 3658 case HCI_EV_ENCRYPT_CHANGE:
3659 hci_encrypt_change_evt(hdev, skb);
3660 break;
3661
a9de9248
MH		 3662 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3663 hci_change_link_key_complete_evt(hdev, skb);
3664 break;
3665
3666 case HCI_EV_REMOTE_FEATURES:
3667 hci_remote_features_evt(hdev, skb);
3668 break;
3669
a9de9248
MH		 3670 case HCI_EV_CMD_COMPLETE:
3671 hci_cmd_complete_evt(hdev, skb);
3672 break;
3673
3674 case HCI_EV_CMD_STATUS:
3675 hci_cmd_status_evt(hdev, skb);
3676 break;
3677
3678 case HCI_EV_ROLE_CHANGE:
3679 hci_role_change_evt(hdev, skb);
3680 break;
3681
3682 case HCI_EV_NUM_COMP_PKTS:
3683 hci_num_comp_pkts_evt(hdev, skb);
3684 break;
3685
3686 case HCI_EV_MODE_CHANGE:
3687 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3688 break;
3689
3690 case HCI_EV_PIN_CODE_REQ:
3691 hci_pin_code_request_evt(hdev, skb);
3692 break;
3693
3694 case HCI_EV_LINK_KEY_REQ:
3695 hci_link_key_request_evt(hdev, skb);
3696 break;
3697
3698 case HCI_EV_LINK_KEY_NOTIFY:
3699 hci_link_key_notify_evt(hdev, skb);
3700 break;
3701
3702 case HCI_EV_CLOCK_OFFSET:
3703 hci_clock_offset_evt(hdev, skb);
3704 break;
3705
a8746417
MH		 3706 case HCI_EV_PKT_TYPE_CHANGE:
3707 hci_pkt_type_change_evt(hdev, skb);
3708 break;
3709
85a1e930
MH		 3710 case HCI_EV_PSCAN_REP_MODE:
3711 hci_pscan_rep_mode_evt(hdev, skb);
3712 break;
3713
a9de9248
MH		 3714 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3715 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3716 break;
3717
a9de9248
MH		 3718 case HCI_EV_REMOTE_EXT_FEATURES:
3719 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3720 break;
3721
a9de9248
MH		 3722 case HCI_EV_SYNC_CONN_COMPLETE:
3723 hci_sync_conn_complete_evt(hdev, skb);
3724 break;
1da177e4 3725
a9de9248
MH		 3726 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3727 hci_extended_inquiry_result_evt(hdev, skb);
3728 break;
1da177e4 3729
1c2e0041
JH		 3730 case HCI_EV_KEY_REFRESH_COMPLETE:
3731 hci_key_refresh_complete_evt(hdev, skb);
3732 break;
3733
0493684e
MH		 3734 case HCI_EV_IO_CAPA_REQUEST:
3735 hci_io_capa_request_evt(hdev, skb);
3736 break;
3737
03b555e1
JH		 3738 case HCI_EV_IO_CAPA_REPLY:
3739 hci_io_capa_reply_evt(hdev, skb);
3740 break;
3741
a5c29683
JH		 3742 case HCI_EV_USER_CONFIRM_REQUEST:
3743 hci_user_confirm_request_evt(hdev, skb);
3744 break;
3745
1143d458
BG		 3746 case HCI_EV_USER_PASSKEY_REQUEST:
3747 hci_user_passkey_request_evt(hdev, skb);
3748 break;
3749
92a25256
JH		 3750 case HCI_EV_USER_PASSKEY_NOTIFY:
3751 hci_user_passkey_notify_evt(hdev, skb);
3752 break;
3753
3754 case HCI_EV_KEYPRESS_NOTIFY:
3755 hci_keypress_notify_evt(hdev, skb);
3756 break;
3757
0493684e
MH		 3758 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3759 hci_simple_pair_complete_evt(hdev, skb);
3760 break;
3761
41a96212
MH		 3762 case HCI_EV_REMOTE_HOST_FEATURES:
3763 hci_remote_host_features_evt(hdev, skb);
3764 break;
3765
fcd89c09
VT		 3766 case HCI_EV_LE_META:
3767 hci_le_meta_evt(hdev, skb);
3768 break;
3769
9495b2ee
AE		 3770 case HCI_EV_CHANNEL_SELECTED:
3771 hci_chan_selected_evt(hdev, skb);
3772 break;
3773
2763eda6
SJ		 3774 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3775 hci_remote_oob_data_request_evt(hdev, skb);
3776 break;
3777
d5e91192
AE		 3778 case HCI_EV_PHY_LINK_COMPLETE:
3779 hci_phy_link_complete_evt(hdev, skb);
3780 break;
3781
27695fb4
AE		 3782 case HCI_EV_LOGICAL_LINK_COMPLETE:
3783 hci_loglink_complete_evt(hdev, skb);
3784 break;
3785
606e2a10
AE		 3786 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3787 hci_disconn_loglink_complete_evt(hdev, skb);
3788 break;
3789
9eef6b3a
AE		 3790 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3791 hci_disconn_phylink_complete_evt(hdev, skb);
3792 break;
3793
25e89e99
AE		 3794 case HCI_EV_NUM_COMP_BLOCKS:
3795 hci_num_comp_blocks_evt(hdev, skb);
3796 break;
3797
a9de9248 3798 default:
9f1db00c 3799 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3800 break;
3801 }
3802
3803 kfree_skb(skb);
3804 hdev->stat.evt_rx++;
3805}
kernel source for telekom puls (alcatel/mediatek)