projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add timeout field to mgmt_set_discoverable
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
a9de9248
MH		 58 if (status)
59 return;
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
63 mgmt_discovering(hdev->id, 0);
6bd57416 64
23bb5763 65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 66
67 hci_conn_check_pending(hdev);
68}
6bd57416 69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
a9de9248 74 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
a9de9248
MH		 79 hci_conn_check_pending(hdev);
80}
81
82static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
83{
84 BT_DBG("%s", hdev->name);
85}
86
87static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88{
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
91
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
93
94 if (rp->status)
95 return;
96
97 hci_dev_lock(hdev);
98
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 if (conn) {
101 if (rp->role)
102 conn->link_mode &= ~HCI_LM_MASTER;
103 else
104 conn->link_mode |= HCI_LM_MASTER;
1da177e4 105 }
a9de9248
MH		 106
107 hci_dev_unlock(hdev);
1da177e4
LT		 108}
109
e4e8e37c
MH		 110static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111{
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
114
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
116
117 if (rp->status)
118 return;
119
120 hci_dev_lock(hdev);
121
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 if (conn)
124 conn->link_policy = __le16_to_cpu(rp->policy);
125
126 hci_dev_unlock(hdev);
127}
128
a9de9248 129static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 130{
a9de9248 131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 132 struct hci_conn *conn;
04837f64 133 void *sent;
1da177e4 134
a9de9248 135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 136
a9de9248
MH		 137 if (rp->status)
138 return;
1da177e4 139
a9de9248
MH		 140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
141 if (!sent)
142 return;
1da177e4 143
a9de9248 144 hci_dev_lock(hdev);
1da177e4 145
a9de9248 146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 147 if (conn)
83985319 148 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 149
a9de9248
MH		 150 hci_dev_unlock(hdev);
151}
1da177e4 152
e4e8e37c
MH		 153static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
165static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
166{
167 __u8 status = *((__u8 *) skb->data);
168 void *sent;
169
170 BT_DBG("%s status 0x%x", hdev->name, status);
171
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
173 if (!sent)
174 return;
175
176 if (!status)
177 hdev->link_policy = get_unaligned_le16(sent);
178
23bb5763 179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 180}
181
a9de9248
MH		 182static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183{
184 __u8 status = *((__u8 *) skb->data);
04837f64 185
a9de9248 186 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 187
10572132
GP		 188 clear_bit(HCI_RESET, &hdev->flags);
189
23bb5763 190 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 191}
04837f64 192
a9de9248
MH		 193static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
04837f64 197
a9de9248 198 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 199
a9de9248
MH		 200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
201 if (!sent)
202 return;
04837f64 203
b312b161
JH		 204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev->id, sent, status);
206
207 if (status)
208 return;
209
1f6c6378 210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 211}
212
213static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214{
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
216
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
218
219 if (rp->status)
220 return;
221
1f6c6378 222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 223}
224
225static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 __u8 status = *((__u8 *) skb->data);
228 void *sent;
229
230 BT_DBG("%s status 0x%x", hdev->name, status);
231
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
233 if (!sent)
234 return;
235
236 if (!status) {
237 __u8 param = *((__u8 *) sent);
238
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
241 else
242 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 243 }
a9de9248 244
23bb5763 245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 246}
247
a9de9248 248static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 249{
a9de9248 250 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 251 void *sent;
252
a9de9248 253 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 254
a9de9248
MH		 255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
256 if (!sent)
257 return;
1da177e4 258
a9de9248
MH		 259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param)
263 set_bit(HCI_ENCRYPT, &hdev->flags);
264 else
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
266 }
1da177e4 267
23bb5763 268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 269}
1da177e4 270
a9de9248
MH		 271static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
272{
36f7fc7e
JH		 273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
a9de9248 275 void *sent;
1da177e4 276
a9de9248 277 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 278
a9de9248
MH		 279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
280 if (!sent)
281 return;
1da177e4 282
36f7fc7e
JH		 283 if (status != 0)
284 goto done;
285
286 param = *((__u8 *) sent);
287
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
290
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
16ab91ab
JH		 295 if (hdev->discov_timeout > 0) {
296 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
297 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
298 to);
299 }
36f7fc7e
JH		 300 } else if (old_iscan)
301 mgmt_discoverable(hdev->id, 0);
302
303 if (param & SCAN_PAGE) {
304 set_bit(HCI_PSCAN, &hdev->flags);
305 if (!old_pscan)
306 mgmt_connectable(hdev->id, 1);
307 } else if (old_pscan)
308 mgmt_connectable(hdev->id, 0);
1da177e4 309
36f7fc7e 310done:
23bb5763 311 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 312}
1da177e4 313
a9de9248
MH		 314static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
315{
316 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 317
a9de9248 318 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 319
a9de9248
MH		 320 if (rp->status)
321 return;
1da177e4 322
a9de9248 323 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 324
a9de9248
MH		 325 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
326 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
327}
1da177e4 328
a9de9248
MH		 329static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
330{
331 __u8 status = *((__u8 *) skb->data);
332 void *sent;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 335
f383f275
MH		 336 if (status)
337 return;
338
a9de9248
MH		 339 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
340 if (!sent)
341 return;
1da177e4 342
f383f275 343 memcpy(hdev->dev_class, sent, 3);
a9de9248 344}
1da177e4 345
a9de9248
MH		 346static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
347{
348 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
349 __u16 setting;
350
351 BT_DBG("%s status 0x%x", hdev->name, rp->status);
352
353 if (rp->status)
354 return;
355
356 setting = __le16_to_cpu(rp->voice_setting);
357
f383f275 358 if (hdev->voice_setting == setting)
a9de9248
MH		 359 return;
360
361 hdev->voice_setting = setting;
362
363 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
364
365 if (hdev->notify) {
366 tasklet_disable(&hdev->tx_task);
367 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
368 tasklet_enable(&hdev->tx_task);
369 }
370}
371
372static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373{
374 __u8 status = *((__u8 *) skb->data);
f383f275 375 __u16 setting;
a9de9248
MH		 376 void *sent;
377
378 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 379
f383f275
MH		 380 if (status)
381 return;
382
a9de9248
MH		 383 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
384 if (!sent)
385 return;
1da177e4 386
f383f275 387 setting = get_unaligned_le16(sent);
1da177e4 388
f383f275
MH		 389 if (hdev->voice_setting == setting)
390 return;
391
392 hdev->voice_setting = setting;
1da177e4 393
f383f275 394 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 395
f383f275
MH		 396 if (hdev->notify) {
397 tasklet_disable(&hdev->tx_task);
398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 400 }
401}
402
a9de9248 403static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 404{
a9de9248 405 __u8 status = *((__u8 *) skb->data);
1da177e4 406
a9de9248 407 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 408
23bb5763 409 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 410}
1143e5a6 411
333140b5
MH		 412static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
413{
414 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
415
416 BT_DBG("%s status 0x%x", hdev->name, rp->status);
417
418 if (rp->status)
419 return;
420
421 hdev->ssp_mode = rp->mode;
422}
423
424static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425{
426 __u8 status = *((__u8 *) skb->data);
427 void *sent;
428
429 BT_DBG("%s status 0x%x", hdev->name, status);
430
431 if (status)
432 return;
433
434 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
435 if (!sent)
436 return;
437
438 hdev->ssp_mode = *((__u8 *) sent);
439}
440
d5859e22
JH		 441static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
442{
443 if (hdev->features[6] & LMP_EXT_INQ)
444 return 2;
445
446 if (hdev->features[3] & LMP_RSSI_INQ)
447 return 1;
448
449 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
450 hdev->lmp_subver == 0x0757)
451 return 1;
452
453 if (hdev->manufacturer == 15) {
454 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
455 return 1;
456 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
457 return 1;
458 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
459 return 1;
460 }
461
462 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
463 hdev->lmp_subver == 0x1805)
464 return 1;
465
466 return 0;
467}
468
469static void hci_setup_inquiry_mode(struct hci_dev *hdev)
470{
471 u8 mode;
472
473 mode = hci_get_inquiry_mode(hdev);
474
475 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
476}
477
478static void hci_setup_event_mask(struct hci_dev *hdev)
479{
480 /* The second byte is 0xff instead of 0x9f (two reserved bits
481 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
482 * command otherwise */
483 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
484
6de6c18d
VT		 485 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
486 * any event mask for pre 1.2 devices */
487 if (hdev->lmp_ver <= 1)
488 return;
489
490 events[4] |= 0x01; /* Flow Specification Complete */
491 events[4] |= 0x02; /* Inquiry Result with RSSI */
492 events[4] |= 0x04; /* Read Remote Extended Features Complete */
493 events[5] |= 0x08; /* Synchronous Connection Complete */
494 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 495
496 if (hdev->features[3] & LMP_RSSI_INQ)
497 events[4] |= 0x04; /* Inquiry Result with RSSI */
498
499 if (hdev->features[5] & LMP_SNIFF_SUBR)
500 events[5] |= 0x20; /* Sniff Subrating */
501
502 if (hdev->features[5] & LMP_PAUSE_ENC)
503 events[5] |= 0x80; /* Encryption Key Refresh Complete */
504
505 if (hdev->features[6] & LMP_EXT_INQ)
506 events[5] |= 0x40; /* Extended Inquiry Result */
507
508 if (hdev->features[6] & LMP_NO_FLUSH)
509 events[7] |= 0x01; /* Enhanced Flush Complete */
510
511 if (hdev->features[7] & LMP_LSTO)
512 events[6] |= 0x80; /* Link Supervision Timeout Changed */
513
514 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
515 events[6] |= 0x01; /* IO Capability Request */
516 events[6] |= 0x02; /* IO Capability Response */
517 events[6] |= 0x04; /* User Confirmation Request */
518 events[6] |= 0x08; /* User Passkey Request */
519 events[6] |= 0x10; /* Remote OOB Data Request */
520 events[6] |= 0x20; /* Simple Pairing Complete */
521 events[7] |= 0x04; /* User Passkey Notification */
522 events[7] |= 0x08; /* Keypress Notification */
523 events[7] |= 0x10; /* Remote Host Supported
524 * Features Notification */
525 }
526
527 if (hdev->features[4] & LMP_LE)
528 events[7] |= 0x20; /* LE Meta-Event */
529
530 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
531}
532
e6100a25
AG		 533static void hci_set_le_support(struct hci_dev *hdev)
534{
535 struct hci_cp_write_le_host_supported cp;
536
537 memset(&cp, 0, sizeof(cp));
538
539 if (enable_le) {
540 cp.le = 1;
541 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
542 }
543
544 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
545}
546
d5859e22
JH		 547static void hci_setup(struct hci_dev *hdev)
548{
549 hci_setup_event_mask(hdev);
550
551 if (hdev->lmp_ver > 1)
552 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
553
554 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
555 u8 mode = 0x01;
556 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
557 }
558
559 if (hdev->features[3] & LMP_RSSI_INQ)
560 hci_setup_inquiry_mode(hdev);
561
562 if (hdev->features[7] & LMP_INQ_TX_PWR)
563 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 564
565 if (hdev->features[7] & LMP_EXTFEATURES) {
566 struct hci_cp_read_local_ext_features cp;
567
568 cp.page = 0x01;
569 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
570 sizeof(cp), &cp);
571 }
e6100a25
AG		 572
573 if (hdev->features[4] & LMP_LE)
574 hci_set_le_support(hdev);
d5859e22
JH		 575}
576
a9de9248
MH		 577static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
578{
579 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 580
a9de9248 581 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 582
a9de9248
MH		 583 if (rp->status)
584 return;
1143e5a6 585
a9de9248 586 hdev->hci_ver = rp->hci_ver;
e4e8e37c 587 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 588 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 589 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 590 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 591
a9de9248
MH		 592 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
593 hdev->manufacturer,
594 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 595
596 if (test_bit(HCI_INIT, &hdev->flags))
597 hci_setup(hdev);
598}
599
600static void hci_setup_link_policy(struct hci_dev *hdev)
601{
602 u16 link_policy = 0;
603
604 if (hdev->features[0] & LMP_RSWITCH)
605 link_policy |= HCI_LP_RSWITCH;
606 if (hdev->features[0] & LMP_HOLD)
607 link_policy |= HCI_LP_HOLD;
608 if (hdev->features[0] & LMP_SNIFF)
609 link_policy |= HCI_LP_SNIFF;
610 if (hdev->features[1] & LMP_PARK)
611 link_policy |= HCI_LP_PARK;
612
613 link_policy = cpu_to_le16(link_policy);
614 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
615 sizeof(link_policy), &link_policy);
a9de9248 616}
1da177e4 617
a9de9248
MH		 618static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
619{
620 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 621
a9de9248 622 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 623
a9de9248 624 if (rp->status)
d5859e22 625 goto done;
1da177e4 626
a9de9248 627 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 628
629 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
630 hci_setup_link_policy(hdev);
631
632done:
633 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 634}
1da177e4 635
a9de9248
MH		 636static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
637{
638 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 639
a9de9248 640 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 641
a9de9248
MH		 642 if (rp->status)
643 return;
5b7f9909 644
a9de9248 645 memcpy(hdev->features, rp->features, 8);
5b7f9909 646
a9de9248
MH		 647 /* Adjust default settings according to features
648 * supported by device. */
1da177e4 649
a9de9248
MH		 650 if (hdev->features[0] & LMP_3SLOT)
651 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 652
a9de9248
MH		 653 if (hdev->features[0] & LMP_5SLOT)
654 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 655
a9de9248
MH		 656 if (hdev->features[1] & LMP_HV2) {
657 hdev->pkt_type |= (HCI_HV2);
658 hdev->esco_type |= (ESCO_HV2);
659 }
1da177e4 660
a9de9248
MH		 661 if (hdev->features[1] & LMP_HV3) {
662 hdev->pkt_type |= (HCI_HV3);
663 hdev->esco_type |= (ESCO_HV3);
664 }
1da177e4 665
a9de9248
MH		 666 if (hdev->features[3] & LMP_ESCO)
667 hdev->esco_type |= (ESCO_EV3);
da1f5198 668
a9de9248
MH		 669 if (hdev->features[4] & LMP_EV4)
670 hdev->esco_type |= (ESCO_EV4);
da1f5198 671
a9de9248
MH		 672 if (hdev->features[4] & LMP_EV5)
673 hdev->esco_type |= (ESCO_EV5);
1da177e4 674
efc7688b
MH		 675 if (hdev->features[5] & LMP_EDR_ESCO_2M)
676 hdev->esco_type |= (ESCO_2EV3);
677
678 if (hdev->features[5] & LMP_EDR_ESCO_3M)
679 hdev->esco_type |= (ESCO_3EV3);
680
681 if (hdev->features[5] & LMP_EDR_3S_ESCO)
682 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
683
a9de9248
MH		 684 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
685 hdev->features[0], hdev->features[1],
686 hdev->features[2], hdev->features[3],
687 hdev->features[4], hdev->features[5],
688 hdev->features[6], hdev->features[7]);
689}
1da177e4 690
971e3a4b
AG		 691static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
692 struct sk_buff *skb)
693{
694 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
695
696 BT_DBG("%s status 0x%x", hdev->name, rp->status);
697
698 if (rp->status)
699 return;
700
701 memcpy(hdev->extfeatures, rp->features, 8);
702
703 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
704}
705
a9de9248
MH		 706static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
707{
708 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 709
a9de9248 710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 711
a9de9248
MH		 712 if (rp->status)
713 return;
1da177e4 714
a9de9248
MH		 715 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
716 hdev->sco_mtu = rp->sco_mtu;
717 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
718 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
719
720 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
721 hdev->sco_mtu = 64;
722 hdev->sco_pkts = 8;
1da177e4 723 }
a9de9248
MH		 724
725 hdev->acl_cnt = hdev->acl_pkts;
726 hdev->sco_cnt = hdev->sco_pkts;
727
728 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
729 hdev->acl_mtu, hdev->acl_pkts,
730 hdev->sco_mtu, hdev->sco_pkts);
731}
732
733static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
734{
735 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
736
737 BT_DBG("%s status 0x%x", hdev->name, rp->status);
738
739 if (!rp->status)
740 bacpy(&hdev->bdaddr, &rp->bdaddr);
741
23bb5763
JH		 742 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
743}
744
745static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
746{
747 __u8 status = *((__u8 *) skb->data);
748
749 BT_DBG("%s status 0x%x", hdev->name, status);
750
751 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 752}
753
928abaa7
AE		 754static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
755 struct sk_buff *skb)
756{
757 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
758
759 BT_DBG("%s status 0x%x", hdev->name, rp->status);
760
761 if (rp->status)
762 return;
763
764 hdev->amp_status = rp->amp_status;
765 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
766 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
767 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
768 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
769 hdev->amp_type = rp->amp_type;
770 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
771 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
772 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
773 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
774
775 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
776}
777
b0916ea0
JH		 778static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
779 struct sk_buff *skb)
780{
781 __u8 status = *((__u8 *) skb->data);
782
783 BT_DBG("%s status 0x%x", hdev->name, status);
784
785 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
786}
787
d5859e22
JH		 788static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
789{
790 __u8 status = *((__u8 *) skb->data);
791
792 BT_DBG("%s status 0x%x", hdev->name, status);
793
794 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
795}
796
797static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
798 struct sk_buff *skb)
799{
800 __u8 status = *((__u8 *) skb->data);
801
802 BT_DBG("%s status 0x%x", hdev->name, status);
803
804 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
805}
806
807static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
808 struct sk_buff *skb)
809{
810 __u8 status = *((__u8 *) skb->data);
811
812 BT_DBG("%s status 0x%x", hdev->name, status);
813
814 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
815}
816
817static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status 0x%x", hdev->name, status);
822
823 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
824}
825
980e1a53
JH		 826static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
827{
828 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
829 struct hci_cp_pin_code_reply *cp;
830 struct hci_conn *conn;
831
832 BT_DBG("%s status 0x%x", hdev->name, rp->status);
833
834 if (test_bit(HCI_MGMT, &hdev->flags))
835 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
836
837 if (rp->status != 0)
838 return;
839
840 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
841 if (!cp)
842 return;
843
844 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
845 if (conn)
846 conn->pin_length = cp->pin_len;
847}
848
849static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
850{
851 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
852
853 BT_DBG("%s status 0x%x", hdev->name, rp->status);
854
855 if (test_bit(HCI_MGMT, &hdev->flags))
856 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
857 rp->status);
858}
6ed58ec5
VT		 859static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
860 struct sk_buff *skb)
861{
862 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
863
864 BT_DBG("%s status 0x%x", hdev->name, rp->status);
865
866 if (rp->status)
867 return;
868
869 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
870 hdev->le_pkts = rp->le_max_pkt;
871
872 hdev->le_cnt = hdev->le_pkts;
873
874 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
875
876 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
877}
980e1a53 878
a5c29683
JH		 879static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
880{
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882
883 BT_DBG("%s status 0x%x", hdev->name, rp->status);
884
885 if (test_bit(HCI_MGMT, &hdev->flags))
886 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
887 rp->status);
888}
889
890static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
891 struct sk_buff *skb)
892{
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894
895 BT_DBG("%s status 0x%x", hdev->name, rp->status);
896
897 if (test_bit(HCI_MGMT, &hdev->flags))
898 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
899 rp->status);
900}
901
c35938b2
SJ		 902static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
903 struct sk_buff *skb)
904{
905 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
906
907 BT_DBG("%s status 0x%x", hdev->name, rp->status);
908
909 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
910 rp->randomizer, rp->status);
911}
912
eb9d91f5
AG		 913static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
914 struct sk_buff *skb)
915{
916 struct hci_cp_le_set_scan_enable *cp;
917 __u8 status = *((__u8 *) skb->data);
918
919 BT_DBG("%s status 0x%x", hdev->name, status);
920
921 if (status)
922 return;
923
924 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
925 if (!cp)
926 return;
927
35815085
AG		 928 if (cp->enable == 0x01) {
929 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 930
931 hci_dev_lock(hdev);
eb9d91f5 932 hci_adv_entries_clear(hdev);
a8f13c8c 933 hci_dev_unlock(hdev);
35815085
AG		 934 } else if (cp->enable == 0x00) {
935 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
936 }
eb9d91f5
AG		 937}
938
a7a595f6
VCG		 939static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
940{
941 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
942
943 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944
945 if (rp->status)
946 return;
947
948 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
949}
950
951static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
952{
953 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
956
957 if (rp->status)
958 return;
959
960 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
961}
962
f9b49306
AG		 963static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
964 struct sk_buff *skb)
965{
966 struct hci_cp_read_local_ext_features cp;
967 __u8 status = *((__u8 *) skb->data);
968
969 BT_DBG("%s status 0x%x", hdev->name, status);
970
971 if (status)
972 return;
973
974 cp.page = 0x01;
975 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
976}
977
a9de9248
MH		 978static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
979{
980 BT_DBG("%s status 0x%x", hdev->name, status);
981
982 if (status) {
23bb5763 983 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 984 hci_conn_check_pending(hdev);
164a6e78
JH		 985 if (test_bit(HCI_MGMT, &hdev->flags))
986 mgmt_inquiry_failed(hdev->id, status);
314b2381
JH		 987 return;
988 }
989
89352e7d
AG		 990 set_bit(HCI_INQUIRY, &hdev->flags);
991
992 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 993}
994
1da177e4
LT		 995static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
996{
a9de9248 997 struct hci_cp_create_conn *cp;
1da177e4 998 struct hci_conn *conn;
1da177e4 999
a9de9248
MH		 1000 BT_DBG("%s status 0x%x", hdev->name, status);
1001
1002 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1003 if (!cp)
1004 return;
1005
1006 hci_dev_lock(hdev);
1007
1008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1009
a9de9248 1010 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1011
1012 if (status) {
1013 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1014 if (status != 0x0c || conn->attempt > 2) {
1015 conn->state = BT_CLOSED;
1016 hci_proto_connect_cfm(conn, status);
1017 hci_conn_del(conn);
1018 } else
1019 conn->state = BT_CONNECT2;
1da177e4
LT		 1020 }
1021 } else {
1022 if (!conn) {
1023 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1024 if (conn) {
1025 conn->out = 1;
1026 conn->link_mode |= HCI_LM_MASTER;
1027 } else
893ef971 1028 BT_ERR("No memory for new connection");
1da177e4
LT		 1029 }
1030 }
1031
1032 hci_dev_unlock(hdev);
1033}
1034
a9de9248 1035static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1036{
a9de9248
MH		 1037 struct hci_cp_add_sco *cp;
1038 struct hci_conn *acl, *sco;
1039 __u16 handle;
1da177e4 1040
b6a0dc82
MH		 1041 BT_DBG("%s status 0x%x", hdev->name, status);
1042
a9de9248
MH		 1043 if (!status)
1044 return;
1da177e4 1045
a9de9248
MH		 1046 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1047 if (!cp)
1048 return;
1da177e4 1049
a9de9248 1050 handle = __le16_to_cpu(cp->handle);
1da177e4 1051
a9de9248 1052 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1053
a9de9248 1054 hci_dev_lock(hdev);
1da177e4 1055
a9de9248 1056 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1057 if (acl) {
1058 sco = acl->link;
1059 if (sco) {
1060 sco->state = BT_CLOSED;
1da177e4 1061
5a08ecce
AE		 1062 hci_proto_connect_cfm(sco, status);
1063 hci_conn_del(sco);
1064 }
a9de9248 1065 }
1da177e4 1066
a9de9248
MH		 1067 hci_dev_unlock(hdev);
1068}
1da177e4 1069
f8558555
MH		 1070static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1071{
1072 struct hci_cp_auth_requested *cp;
1073 struct hci_conn *conn;
1074
1075 BT_DBG("%s status 0x%x", hdev->name, status);
1076
1077 if (!status)
1078 return;
1079
1080 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1081 if (!cp)
1082 return;
1083
1084 hci_dev_lock(hdev);
1085
1086 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1087 if (conn) {
1088 if (conn->state == BT_CONFIG) {
1089 hci_proto_connect_cfm(conn, status);
1090 hci_conn_put(conn);
1091 }
1092 }
1093
1094 hci_dev_unlock(hdev);
1095}
1096
1097static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1098{
1099 struct hci_cp_set_conn_encrypt *cp;
1100 struct hci_conn *conn;
1101
1102 BT_DBG("%s status 0x%x", hdev->name, status);
1103
1104 if (!status)
1105 return;
1106
1107 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1108 if (!cp)
1109 return;
1110
1111 hci_dev_lock(hdev);
1112
1113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1114 if (conn) {
1115 if (conn->state == BT_CONFIG) {
1116 hci_proto_connect_cfm(conn, status);
1117 hci_conn_put(conn);
1118 }
1119 }
1120
1121 hci_dev_unlock(hdev);
1122}
1123
127178d2 1124static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1125 struct hci_conn *conn)
392599b9 1126{
392599b9
JH		 1127 if (conn->state != BT_CONFIG || !conn->out)
1128 return 0;
1129
765c2a96 1130 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1131 return 0;
1132
1133 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1134 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1135 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1136 conn->pending_sec_level != BT_SECURITY_HIGH &&
1137 !(conn->auth_type & 0x01))
392599b9
JH		 1138 return 0;
1139
392599b9
JH		 1140 return 1;
1141}
1142
a9de9248
MH		 1143static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1144{
127178d2
JH		 1145 struct hci_cp_remote_name_req *cp;
1146 struct hci_conn *conn;
1147
a9de9248 1148 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1149
1150 /* If successful wait for the name req complete event before
1151 * checking for the need to do authentication */
1152 if (!status)
1153 return;
1154
1155 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1156 if (!cp)
1157 return;
1158
1159 hci_dev_lock(hdev);
1160
1161 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1162 if (!conn)
1163 goto unlock;
1164
1165 if (!hci_outgoing_auth_needed(hdev, conn))
1166 goto unlock;
1167
1168 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1169 struct hci_cp_auth_requested cp;
1170 cp.handle = __cpu_to_le16(conn->handle);
1171 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1172 }
1173
79c6c70c 1174unlock:
127178d2 1175 hci_dev_unlock(hdev);
a9de9248 1176}
1da177e4 1177
769be974
MH		 1178static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1179{
1180 struct hci_cp_read_remote_features *cp;
1181 struct hci_conn *conn;
1182
1183 BT_DBG("%s status 0x%x", hdev->name, status);
1184
1185 if (!status)
1186 return;
1187
1188 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1189 if (!cp)
1190 return;
1191
1192 hci_dev_lock(hdev);
1193
1194 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1195 if (conn) {
1196 if (conn->state == BT_CONFIG) {
769be974
MH		 1197 hci_proto_connect_cfm(conn, status);
1198 hci_conn_put(conn);
1199 }
1200 }
1201
1202 hci_dev_unlock(hdev);
1203}
1204
1205static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1206{
1207 struct hci_cp_read_remote_ext_features *cp;
1208 struct hci_conn *conn;
1209
1210 BT_DBG("%s status 0x%x", hdev->name, status);
1211
1212 if (!status)
1213 return;
1214
1215 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1216 if (!cp)
1217 return;
1218
1219 hci_dev_lock(hdev);
1220
1221 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1222 if (conn) {
1223 if (conn->state == BT_CONFIG) {
769be974
MH		 1224 hci_proto_connect_cfm(conn, status);
1225 hci_conn_put(conn);
1226 }
1227 }
1228
1229 hci_dev_unlock(hdev);
1230}
1231
a9de9248
MH		 1232static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1233{
b6a0dc82
MH		 1234 struct hci_cp_setup_sync_conn *cp;
1235 struct hci_conn *acl, *sco;
1236 __u16 handle;
1237
a9de9248 1238 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1239
1240 if (!status)
1241 return;
1242
1243 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1244 if (!cp)
1245 return;
1246
1247 handle = __le16_to_cpu(cp->handle);
1248
1249 BT_DBG("%s handle %d", hdev->name, handle);
1250
1251 hci_dev_lock(hdev);
1252
1253 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1254 if (acl) {
1255 sco = acl->link;
1256 if (sco) {
1257 sco->state = BT_CLOSED;
b6a0dc82 1258
5a08ecce
AE		 1259 hci_proto_connect_cfm(sco, status);
1260 hci_conn_del(sco);
1261 }
b6a0dc82
MH		 1262 }
1263
1264 hci_dev_unlock(hdev);
1da177e4
LT		 1265}
1266
a9de9248 1267static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1268{
a9de9248
MH		 1269 struct hci_cp_sniff_mode *cp;
1270 struct hci_conn *conn;
1da177e4 1271
a9de9248 1272 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1273
a9de9248
MH		 1274 if (!status)
1275 return;
04837f64 1276
a9de9248
MH		 1277 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1278 if (!cp)
1279 return;
04837f64 1280
a9de9248 1281 hci_dev_lock(hdev);
04837f64 1282
a9de9248 1283 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1284 if (conn) {
a9de9248 1285 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1286
e73439d8
MH		 1287 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1288 hci_sco_setup(conn, status);
1289 }
1290
a9de9248
MH		 1291 hci_dev_unlock(hdev);
1292}
04837f64 1293
a9de9248
MH		 1294static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1295{
1296 struct hci_cp_exit_sniff_mode *cp;
1297 struct hci_conn *conn;
04837f64 1298
a9de9248 1299 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1300
a9de9248
MH		 1301 if (!status)
1302 return;
04837f64 1303
a9de9248
MH		 1304 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1305 if (!cp)
1306 return;
04837f64 1307
a9de9248 1308 hci_dev_lock(hdev);
1da177e4 1309
a9de9248 1310 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1311 if (conn) {
a9de9248 1312 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1313
e73439d8
MH		 1314 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1315 hci_sco_setup(conn, status);
1316 }
1317
a9de9248 1318 hci_dev_unlock(hdev);
1da177e4
LT		 1319}
1320
fcd89c09
VT		 1321static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1322{
1323 struct hci_cp_le_create_conn *cp;
1324 struct hci_conn *conn;
1325
1326 BT_DBG("%s status 0x%x", hdev->name, status);
1327
1328 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1329 if (!cp)
1330 return;
1331
1332 hci_dev_lock(hdev);
1333
1334 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1335
1336 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1337 conn);
1338
1339 if (status) {
1340 if (conn && conn->state == BT_CONNECT) {
1341 conn->state = BT_CLOSED;
1342 hci_proto_connect_cfm(conn, status);
1343 hci_conn_del(conn);
1344 }
1345 } else {
1346 if (!conn) {
1347 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1348 if (conn) {
1349 conn->dst_type = cp->peer_addr_type;
fcd89c09 1350 conn->out = 1;
29b7988a 1351 } else {
fcd89c09 1352 BT_ERR("No memory for new connection");
29b7988a 1353 }
fcd89c09
VT		 1354 }
1355 }
1356
1357 hci_dev_unlock(hdev);
1358}
1359
a7a595f6
VCG		 1360static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1361{
1362 BT_DBG("%s status 0x%x", hdev->name, status);
1363}
1364
1da177e4
LT		 1365static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1366{
1367 __u8 status = *((__u8 *) skb->data);
1368
1369 BT_DBG("%s status %d", hdev->name, status);
1370
23bb5763 1371 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1372
a9de9248 1373 hci_conn_check_pending(hdev);
89352e7d
AG		 1374
1375 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1376 return;
1377
1378 mgmt_discovering(hdev->id, 0);
1da177e4
LT		 1379}
1380
1da177e4
LT		 1381static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1382{
45bb4bf0 1383 struct inquiry_data data;
a9de9248 1384 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1385 int num_rsp = *((__u8 *) skb->data);
1386
1387 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1388
45bb4bf0
MH		 1389 if (!num_rsp)
1390 return;
1391
1da177e4 1392 hci_dev_lock(hdev);
45bb4bf0 1393
e17acd40 1394 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1395 bacpy(&data.bdaddr, &info->bdaddr);
1396 data.pscan_rep_mode = info->pscan_rep_mode;
1397 data.pscan_period_mode = info->pscan_period_mode;
1398 data.pscan_mode = info->pscan_mode;
1399 memcpy(data.dev_class, info->dev_class, 3);
1400 data.clock_offset = info->clock_offset;
1401 data.rssi = 0x00;
41a96212 1402 data.ssp_mode = 0x00;
1da177e4 1403 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1404 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1405 NULL);
1da177e4 1406 }
45bb4bf0 1407
1da177e4
LT		 1408 hci_dev_unlock(hdev);
1409}
1410
1da177e4
LT		 1411static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1412{
a9de9248
MH		 1413 struct hci_ev_conn_complete *ev = (void *) skb->data;
1414 struct hci_conn *conn;
1da177e4
LT		 1415
1416 BT_DBG("%s", hdev->name);
1417
1418 hci_dev_lock(hdev);
1419
1420 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1421 if (!conn) {
1422 if (ev->link_type != SCO_LINK)
1423 goto unlock;
1424
1425 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1426 if (!conn)
1427 goto unlock;
1428
1429 conn->type = SCO_LINK;
1430 }
1da177e4
LT		 1431
1432 if (!ev->status) {
1433 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1434
1435 if (conn->type == ACL_LINK) {
1436 conn->state = BT_CONFIG;
1437 hci_conn_hold(conn);
052b30b0 1438 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
cfafccf7 1439 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
769be974
MH		 1440 } else
1441 conn->state = BT_CONNECTED;
1da177e4 1442
9eba32b8 1443 hci_conn_hold_device(conn);
7d0db0a3
MH		 1444 hci_conn_add_sysfs(conn);
1445
1da177e4
LT		 1446 if (test_bit(HCI_AUTH, &hdev->flags))
1447 conn->link_mode |= HCI_LM_AUTH;
1448
1449 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1450 conn->link_mode |= HCI_LM_ENCRYPT;
1451
04837f64
MH		 1452 /* Get remote features */
1453 if (conn->type == ACL_LINK) {
1454 struct hci_cp_read_remote_features cp;
1455 cp.handle = ev->handle;
769be974
MH		 1456 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1457 sizeof(cp), &cp);
04837f64
MH		 1458 }
1459
1da177e4 1460 /* Set packet type for incoming connection */
a8746417 1461 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1462 struct hci_cp_change_conn_ptype cp;
1463 cp.handle = ev->handle;
a8746417
MH		 1464 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1465 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1466 sizeof(cp), &cp);
1da177e4 1467 }
17d5c04c 1468 } else {
1da177e4 1469 conn->state = BT_CLOSED;
17d5c04c
JH		 1470 if (conn->type == ACL_LINK)
1471 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1472 }
1da177e4 1473
e73439d8
MH		 1474 if (conn->type == ACL_LINK)
1475 hci_sco_setup(conn, ev->status);
1da177e4 1476
769be974
MH		 1477 if (ev->status) {
1478 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1479 hci_conn_del(conn);
c89b6e6b
MH		 1480 } else if (ev->link_type != ACL_LINK)
1481 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1482
a9de9248 1483unlock:
1da177e4 1484 hci_dev_unlock(hdev);
1da177e4 1485
a9de9248 1486 hci_conn_check_pending(hdev);
1da177e4
LT		 1487}
1488
a9de9248 1489static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1490{
a9de9248
MH		 1491 struct hci_ev_conn_request *ev = (void *) skb->data;
1492 int mask = hdev->link_mode;
1da177e4 1493
a9de9248
MH		 1494 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1495 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1496
a9de9248 1497 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1498
138d22ef
SJ		 1499 if ((mask & HCI_LM_ACCEPT) &&
1500 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1501 /* Connection accepted */
c7bdd502 1502 struct inquiry_entry *ie;
1da177e4 1503 struct hci_conn *conn;
1da177e4 1504
a9de9248 1505 hci_dev_lock(hdev);
b6a0dc82 1506
cc11b9c1
AE		 1507 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1508 if (ie)
c7bdd502
MH		 1509 memcpy(ie->data.dev_class, ev->dev_class, 3);
1510
a9de9248
MH		 1511 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1512 if (!conn) {
cc11b9c1
AE		 1513 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1514 if (!conn) {
893ef971 1515 BT_ERR("No memory for new connection");
a9de9248
MH		 1516 hci_dev_unlock(hdev);
1517 return;
1da177e4
LT		 1518 }
1519 }
b6a0dc82 1520
a9de9248
MH		 1521 memcpy(conn->dev_class, ev->dev_class, 3);
1522 conn->state = BT_CONNECT;
b6a0dc82 1523
a9de9248 1524 hci_dev_unlock(hdev);
1da177e4 1525
b6a0dc82
MH		 1526 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1527 struct hci_cp_accept_conn_req cp;
1da177e4 1528
b6a0dc82
MH		 1529 bacpy(&cp.bdaddr, &ev->bdaddr);
1530
1531 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1532 cp.role = 0x00; /* Become master */
1533 else
1534 cp.role = 0x01; /* Remain slave */
1535
1536 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1537 sizeof(cp), &cp);
1538 } else {
1539 struct hci_cp_accept_sync_conn_req cp;
1540
1541 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1542 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1543
1544 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1545 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1546 cp.max_latency = cpu_to_le16(0xffff);
1547 cp.content_format = cpu_to_le16(hdev->voice_setting);
1548 cp.retrans_effort = 0xff;
1da177e4 1549
b6a0dc82
MH		 1550 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1551 sizeof(cp), &cp);
1552 }
a9de9248
MH		 1553 } else {
1554 /* Connection rejected */
1555 struct hci_cp_reject_conn_req cp;
1da177e4 1556
a9de9248 1557 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1558 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1559 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1560 }
1da177e4
LT		 1561}
1562
a9de9248 1563static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1564{
a9de9248 1565 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1566 struct hci_conn *conn;
1567
1568 BT_DBG("%s status %d", hdev->name, ev->status);
1569
8962ee74
JH		 1570 if (ev->status) {
1571 mgmt_disconnect_failed(hdev->id);
a9de9248 1572 return;
8962ee74 1573 }
a9de9248 1574
04837f64
MH		 1575 hci_dev_lock(hdev);
1576
1577 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1578 if (!conn)
1579 goto unlock;
7d0db0a3 1580
f7520543 1581 conn->state = BT_CLOSED;
04837f64 1582
83bc71b4 1583 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1584 mgmt_disconnected(hdev->id, &conn->dst);
1585
1586 hci_proto_disconn_cfm(conn, ev->reason);
1587 hci_conn_del(conn);
1588
1589unlock:
04837f64
MH		 1590 hci_dev_unlock(hdev);
1591}
1592
1da177e4
LT		 1593static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1594{
a9de9248 1595 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1596 struct hci_conn *conn;
1da177e4
LT		 1597
1598 BT_DBG("%s status %d", hdev->name, ev->status);
1599
1600 hci_dev_lock(hdev);
1601
04837f64 1602 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1603 if (!conn)
1604 goto unlock;
1605
1606 if (!ev->status) {
1607 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1608 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1609 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1610 } else {
d7556e20
WR		 1611 conn->link_mode |= HCI_LM_AUTH;
1612 conn->sec_level = conn->pending_sec_level;
2a611692 1613 }
d7556e20
WR		 1614 } else {
1615 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1616 }
1da177e4 1617
d7556e20
WR		 1618 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1619 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1620
d7556e20
WR		 1621 if (conn->state == BT_CONFIG) {
1622 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1623 struct hci_cp_set_conn_encrypt cp;
1624 cp.handle = ev->handle;
1625 cp.encrypt = 0x01;
1626 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1627 &cp);
052b30b0 1628 } else {
d7556e20
WR		 1629 conn->state = BT_CONNECTED;
1630 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1631 hci_conn_put(conn);
1632 }
d7556e20
WR		 1633 } else {
1634 hci_auth_cfm(conn, ev->status);
052b30b0 1635
d7556e20
WR		 1636 hci_conn_hold(conn);
1637 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1638 hci_conn_put(conn);
1639 }
1640
1641 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1642 if (!ev->status) {
1643 struct hci_cp_set_conn_encrypt cp;
1644 cp.handle = ev->handle;
1645 cp.encrypt = 0x01;
1646 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1647 &cp);
1648 } else {
1649 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1650 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1651 }
1652 }
1653
d7556e20 1654unlock:
1da177e4
LT		 1655 hci_dev_unlock(hdev);
1656}
1657
a9de9248 1658static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1659{
127178d2
JH		 1660 struct hci_ev_remote_name *ev = (void *) skb->data;
1661 struct hci_conn *conn;
1662
a9de9248 1663 BT_DBG("%s", hdev->name);
1da177e4 1664
a9de9248 1665 hci_conn_check_pending(hdev);
127178d2
JH		 1666
1667 hci_dev_lock(hdev);
1668
a88a9652
JH		 1669 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1670 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1671
127178d2 1672 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1673 if (!conn)
1674 goto unlock;
1675
1676 if (!hci_outgoing_auth_needed(hdev, conn))
1677 goto unlock;
1678
1679 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1680 struct hci_cp_auth_requested cp;
1681 cp.handle = __cpu_to_le16(conn->handle);
1682 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1683 }
1684
79c6c70c 1685unlock:
127178d2 1686 hci_dev_unlock(hdev);
a9de9248
MH		 1687}
1688
1689static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1690{
1691 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1692 struct hci_conn *conn;
1693
1694 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1695
1696 hci_dev_lock(hdev);
1697
04837f64 1698 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1699 if (conn) {
1700 if (!ev->status) {
ae293196
MH		 1701 if (ev->encrypt) {
1702 /* Encryption implies authentication */
1703 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1704 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1705 conn->sec_level = conn->pending_sec_level;
ae293196 1706 } else
1da177e4
LT		 1707 conn->link_mode &= ~HCI_LM_ENCRYPT;
1708 }
1709
1710 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1711
f8558555
MH		 1712 if (conn->state == BT_CONFIG) {
1713 if (!ev->status)
1714 conn->state = BT_CONNECTED;
1715
1716 hci_proto_connect_cfm(conn, ev->status);
1717 hci_conn_put(conn);
1718 } else
1719 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1720 }
1721
1722 hci_dev_unlock(hdev);
1723}
1724
a9de9248 1725static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1726{
a9de9248 1727 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1728 struct hci_conn *conn;
1da177e4
LT		 1729
1730 BT_DBG("%s status %d", hdev->name, ev->status);
1731
1732 hci_dev_lock(hdev);
1733
04837f64 1734 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1735 if (conn) {
1736 if (!ev->status)
1737 conn->link_mode |= HCI_LM_SECURE;
1738
1739 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1740
1741 hci_key_change_cfm(conn, ev->status);
1742 }
1743
1744 hci_dev_unlock(hdev);
1745}
1746
a9de9248 1747static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1748{
a9de9248
MH		 1749 struct hci_ev_remote_features *ev = (void *) skb->data;
1750 struct hci_conn *conn;
1751
1752 BT_DBG("%s status %d", hdev->name, ev->status);
1753
a9de9248
MH		 1754 hci_dev_lock(hdev);
1755
1756 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1757 if (!conn)
1758 goto unlock;
769be974 1759
ccd556fe
JH		 1760 if (!ev->status)
1761 memcpy(conn->features, ev->features, 8);
1762
1763 if (conn->state != BT_CONFIG)
1764 goto unlock;
1765
1766 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1767 struct hci_cp_read_remote_ext_features cp;
1768 cp.handle = ev->handle;
1769 cp.page = 0x01;
1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1771 sizeof(cp), &cp);
392599b9
JH		 1772 goto unlock;
1773 }
1774
127178d2
JH		 1775 if (!ev->status) {
1776 struct hci_cp_remote_name_req cp;
1777 memset(&cp, 0, sizeof(cp));
1778 bacpy(&cp.bdaddr, &conn->dst);
1779 cp.pscan_rep_mode = 0x02;
1780 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1781 }
392599b9 1782
127178d2 1783 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1784 conn->state = BT_CONNECTED;
1785 hci_proto_connect_cfm(conn, ev->status);
1786 hci_conn_put(conn);
769be974 1787 }
a9de9248 1788
ccd556fe 1789unlock:
a9de9248 1790 hci_dev_unlock(hdev);
1da177e4
LT		 1791}
1792
a9de9248 1793static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1794{
a9de9248 1795 BT_DBG("%s", hdev->name);
1da177e4
LT		 1796}
1797
a9de9248 1798static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1799{
a9de9248 1800 BT_DBG("%s", hdev->name);
1da177e4
LT		 1801}
1802
a9de9248
MH		 1803static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1804{
1805 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1806 __u16 opcode;
1807
1808 skb_pull(skb, sizeof(*ev));
1809
1810 opcode = __le16_to_cpu(ev->opcode);
1811
1812 switch (opcode) {
1813 case HCI_OP_INQUIRY_CANCEL:
1814 hci_cc_inquiry_cancel(hdev, skb);
1815 break;
1816
1817 case HCI_OP_EXIT_PERIODIC_INQ:
1818 hci_cc_exit_periodic_inq(hdev, skb);
1819 break;
1820
1821 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1822 hci_cc_remote_name_req_cancel(hdev, skb);
1823 break;
1824
1825 case HCI_OP_ROLE_DISCOVERY:
1826 hci_cc_role_discovery(hdev, skb);
1827 break;
1828
e4e8e37c
MH		 1829 case HCI_OP_READ_LINK_POLICY:
1830 hci_cc_read_link_policy(hdev, skb);
1831 break;
1832
a9de9248
MH		 1833 case HCI_OP_WRITE_LINK_POLICY:
1834 hci_cc_write_link_policy(hdev, skb);
1835 break;
1836
e4e8e37c
MH		 1837 case HCI_OP_READ_DEF_LINK_POLICY:
1838 hci_cc_read_def_link_policy(hdev, skb);
1839 break;
1840
1841 case HCI_OP_WRITE_DEF_LINK_POLICY:
1842 hci_cc_write_def_link_policy(hdev, skb);
1843 break;
1844
a9de9248
MH		 1845 case HCI_OP_RESET:
1846 hci_cc_reset(hdev, skb);
1847 break;
1848
1849 case HCI_OP_WRITE_LOCAL_NAME:
1850 hci_cc_write_local_name(hdev, skb);
1851 break;
1852
1853 case HCI_OP_READ_LOCAL_NAME:
1854 hci_cc_read_local_name(hdev, skb);
1855 break;
1856
1857 case HCI_OP_WRITE_AUTH_ENABLE:
1858 hci_cc_write_auth_enable(hdev, skb);
1859 break;
1860
1861 case HCI_OP_WRITE_ENCRYPT_MODE:
1862 hci_cc_write_encrypt_mode(hdev, skb);
1863 break;
1864
1865 case HCI_OP_WRITE_SCAN_ENABLE:
1866 hci_cc_write_scan_enable(hdev, skb);
1867 break;
1868
1869 case HCI_OP_READ_CLASS_OF_DEV:
1870 hci_cc_read_class_of_dev(hdev, skb);
1871 break;
1872
1873 case HCI_OP_WRITE_CLASS_OF_DEV:
1874 hci_cc_write_class_of_dev(hdev, skb);
1875 break;
1876
1877 case HCI_OP_READ_VOICE_SETTING:
1878 hci_cc_read_voice_setting(hdev, skb);
1879 break;
1880
1881 case HCI_OP_WRITE_VOICE_SETTING:
1882 hci_cc_write_voice_setting(hdev, skb);
1883 break;
1884
1885 case HCI_OP_HOST_BUFFER_SIZE:
1886 hci_cc_host_buffer_size(hdev, skb);
1887 break;
1888
333140b5
MH		 1889 case HCI_OP_READ_SSP_MODE:
1890 hci_cc_read_ssp_mode(hdev, skb);
1891 break;
1892
1893 case HCI_OP_WRITE_SSP_MODE:
1894 hci_cc_write_ssp_mode(hdev, skb);
1895 break;
1896
a9de9248
MH		 1897 case HCI_OP_READ_LOCAL_VERSION:
1898 hci_cc_read_local_version(hdev, skb);
1899 break;
1900
1901 case HCI_OP_READ_LOCAL_COMMANDS:
1902 hci_cc_read_local_commands(hdev, skb);
1903 break;
1904
1905 case HCI_OP_READ_LOCAL_FEATURES:
1906 hci_cc_read_local_features(hdev, skb);
1907 break;
1908
971e3a4b
AG		 1909 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1910 hci_cc_read_local_ext_features(hdev, skb);
1911 break;
1912
a9de9248
MH		 1913 case HCI_OP_READ_BUFFER_SIZE:
1914 hci_cc_read_buffer_size(hdev, skb);
1915 break;
1916
1917 case HCI_OP_READ_BD_ADDR:
1918 hci_cc_read_bd_addr(hdev, skb);
1919 break;
1920
23bb5763
JH		 1921 case HCI_OP_WRITE_CA_TIMEOUT:
1922 hci_cc_write_ca_timeout(hdev, skb);
1923 break;
1924
928abaa7
AE		 1925 case HCI_OP_READ_LOCAL_AMP_INFO:
1926 hci_cc_read_local_amp_info(hdev, skb);
1927 break;
1928
b0916ea0
JH		 1929 case HCI_OP_DELETE_STORED_LINK_KEY:
1930 hci_cc_delete_stored_link_key(hdev, skb);
1931 break;
1932
d5859e22
JH		 1933 case HCI_OP_SET_EVENT_MASK:
1934 hci_cc_set_event_mask(hdev, skb);
1935 break;
1936
1937 case HCI_OP_WRITE_INQUIRY_MODE:
1938 hci_cc_write_inquiry_mode(hdev, skb);
1939 break;
1940
1941 case HCI_OP_READ_INQ_RSP_TX_POWER:
1942 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1943 break;
1944
1945 case HCI_OP_SET_EVENT_FLT:
1946 hci_cc_set_event_flt(hdev, skb);
1947 break;
1948
980e1a53
JH		 1949 case HCI_OP_PIN_CODE_REPLY:
1950 hci_cc_pin_code_reply(hdev, skb);
1951 break;
1952
1953 case HCI_OP_PIN_CODE_NEG_REPLY:
1954 hci_cc_pin_code_neg_reply(hdev, skb);
1955 break;
1956
c35938b2
SJ		 1957 case HCI_OP_READ_LOCAL_OOB_DATA:
1958 hci_cc_read_local_oob_data_reply(hdev, skb);
1959 break;
1960
6ed58ec5
VT		 1961 case HCI_OP_LE_READ_BUFFER_SIZE:
1962 hci_cc_le_read_buffer_size(hdev, skb);
1963 break;
1964
a5c29683
JH		 1965 case HCI_OP_USER_CONFIRM_REPLY:
1966 hci_cc_user_confirm_reply(hdev, skb);
1967 break;
1968
1969 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1970 hci_cc_user_confirm_neg_reply(hdev, skb);
1971 break;
1972
eb9d91f5
AG		 1973 case HCI_OP_LE_SET_SCAN_ENABLE:
1974 hci_cc_le_set_scan_enable(hdev, skb);
1975 break;
1976
a7a595f6
VCG		 1977 case HCI_OP_LE_LTK_REPLY:
1978 hci_cc_le_ltk_reply(hdev, skb);
1979 break;
1980
1981 case HCI_OP_LE_LTK_NEG_REPLY:
1982 hci_cc_le_ltk_neg_reply(hdev, skb);
1983 break;
1984
f9b49306
AG		 1985 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1986 hci_cc_write_le_host_supported(hdev, skb);
1987 break;
1988
a9de9248
MH		 1989 default:
1990 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1991 break;
1992 }
1993
6bd32326
VT		 1994 if (ev->opcode != HCI_OP_NOP)
1995 del_timer(&hdev->cmd_timer);
1996
a9de9248
MH		 1997 if (ev->ncmd) {
1998 atomic_set(&hdev->cmd_cnt, 1);
1999 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2000 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2001 }
2002}
2003
2004static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2005{
2006 struct hci_ev_cmd_status *ev = (void *) skb->data;
2007 __u16 opcode;
2008
2009 skb_pull(skb, sizeof(*ev));
2010
2011 opcode = __le16_to_cpu(ev->opcode);
2012
2013 switch (opcode) {
2014 case HCI_OP_INQUIRY:
2015 hci_cs_inquiry(hdev, ev->status);
2016 break;
2017
2018 case HCI_OP_CREATE_CONN:
2019 hci_cs_create_conn(hdev, ev->status);
2020 break;
2021
2022 case HCI_OP_ADD_SCO:
2023 hci_cs_add_sco(hdev, ev->status);
2024 break;
2025
f8558555
MH		 2026 case HCI_OP_AUTH_REQUESTED:
2027 hci_cs_auth_requested(hdev, ev->status);
2028 break;
2029
2030 case HCI_OP_SET_CONN_ENCRYPT:
2031 hci_cs_set_conn_encrypt(hdev, ev->status);
2032 break;
2033
a9de9248
MH		 2034 case HCI_OP_REMOTE_NAME_REQ:
2035 hci_cs_remote_name_req(hdev, ev->status);
2036 break;
2037
769be974
MH		 2038 case HCI_OP_READ_REMOTE_FEATURES:
2039 hci_cs_read_remote_features(hdev, ev->status);
2040 break;
2041
2042 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2043 hci_cs_read_remote_ext_features(hdev, ev->status);
2044 break;
2045
a9de9248
MH		 2046 case HCI_OP_SETUP_SYNC_CONN:
2047 hci_cs_setup_sync_conn(hdev, ev->status);
2048 break;
2049
2050 case HCI_OP_SNIFF_MODE:
2051 hci_cs_sniff_mode(hdev, ev->status);
2052 break;
2053
2054 case HCI_OP_EXIT_SNIFF_MODE:
2055 hci_cs_exit_sniff_mode(hdev, ev->status);
2056 break;
2057
8962ee74
JH		 2058 case HCI_OP_DISCONNECT:
2059 if (ev->status != 0)
2060 mgmt_disconnect_failed(hdev->id);
2061 break;
2062
fcd89c09
VT		 2063 case HCI_OP_LE_CREATE_CONN:
2064 hci_cs_le_create_conn(hdev, ev->status);
2065 break;
2066
a7a595f6
VCG		 2067 case HCI_OP_LE_START_ENC:
2068 hci_cs_le_start_enc(hdev, ev->status);
2069 break;
2070
a9de9248
MH		 2071 default:
2072 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2073 break;
2074 }
2075
6bd32326
VT		 2076 if (ev->opcode != HCI_OP_NOP)
2077 del_timer(&hdev->cmd_timer);
2078
10572132 2079 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2080 atomic_set(&hdev->cmd_cnt, 1);
2081 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2082 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2083 }
2084}
2085
2086static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2087{
2088 struct hci_ev_role_change *ev = (void *) skb->data;
2089 struct hci_conn *conn;
2090
2091 BT_DBG("%s status %d", hdev->name, ev->status);
2092
2093 hci_dev_lock(hdev);
2094
2095 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2096 if (conn) {
2097 if (!ev->status) {
2098 if (ev->role)
2099 conn->link_mode &= ~HCI_LM_MASTER;
2100 else
2101 conn->link_mode |= HCI_LM_MASTER;
2102 }
2103
2104 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2105
2106 hci_role_switch_cfm(conn, ev->status, ev->role);
2107 }
2108
2109 hci_dev_unlock(hdev);
2110}
2111
2112static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2113{
2114 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2115 __le16 *ptr;
2116 int i;
2117
2118 skb_pull(skb, sizeof(*ev));
2119
2120 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2121
2122 if (skb->len < ev->num_hndl * 4) {
2123 BT_DBG("%s bad parameters", hdev->name);
2124 return;
2125 }
2126
2127 tasklet_disable(&hdev->tx_task);
2128
2129 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2130 struct hci_conn *conn;
2131 __u16 handle, count;
2132
83985319
HH		 2133 handle = get_unaligned_le16(ptr++);
2134 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2135
2136 conn = hci_conn_hash_lookup_handle(hdev, handle);
2137 if (conn) {
2138 conn->sent -= count;
2139
2140 if (conn->type == ACL_LINK) {
70f23020
AE		 2141 hdev->acl_cnt += count;
2142 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2143 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2144 } else if (conn->type == LE_LINK) {
2145 if (hdev->le_pkts) {
2146 hdev->le_cnt += count;
2147 if (hdev->le_cnt > hdev->le_pkts)
2148 hdev->le_cnt = hdev->le_pkts;
2149 } else {
2150 hdev->acl_cnt += count;
2151 if (hdev->acl_cnt > hdev->acl_pkts)
2152 hdev->acl_cnt = hdev->acl_pkts;
2153 }
a9de9248 2154 } else {
70f23020
AE		 2155 hdev->sco_cnt += count;
2156 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2157 hdev->sco_cnt = hdev->sco_pkts;
2158 }
2159 }
2160 }
2161
c78ae283 2162 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2163
2164 tasklet_enable(&hdev->tx_task);
2165}
2166
2167static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2168{
a9de9248 2169 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2170 struct hci_conn *conn;
2171
2172 BT_DBG("%s status %d", hdev->name, ev->status);
2173
2174 hci_dev_lock(hdev);
2175
2176 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2177 if (conn) {
2178 conn->mode = ev->mode;
2179 conn->interval = __le16_to_cpu(ev->interval);
2180
2181 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2182 if (conn->mode == HCI_CM_ACTIVE)
2183 conn->power_save = 1;
2184 else
2185 conn->power_save = 0;
2186 }
e73439d8
MH		 2187
2188 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2189 hci_sco_setup(conn, ev->status);
04837f64
MH		 2190 }
2191
2192 hci_dev_unlock(hdev);
2193}
2194
a9de9248
MH		 2195static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2196{
052b30b0
MH		 2197 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2198 struct hci_conn *conn;
2199
a9de9248 2200 BT_DBG("%s", hdev->name);
052b30b0
MH		 2201
2202 hci_dev_lock(hdev);
2203
2204 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2205 if (!conn)
2206 goto unlock;
2207
2208 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2209 hci_conn_hold(conn);
2210 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2211 hci_conn_put(conn);
2212 }
2213
03b555e1
JH		 2214 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2215 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2216 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2217 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2218 u8 secure;
2219
2220 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2221 secure = 1;
2222 else
2223 secure = 0;
2224
2225 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2226 }
980e1a53 2227
b6f98044 2228unlock:
052b30b0 2229 hci_dev_unlock(hdev);
a9de9248
MH		 2230}
2231
2232static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2233{
55ed8ca1
JH		 2234 struct hci_ev_link_key_req *ev = (void *) skb->data;
2235 struct hci_cp_link_key_reply cp;
2236 struct hci_conn *conn;
2237 struct link_key *key;
2238
a9de9248 2239 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2240
2241 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2242 return;
2243
2244 hci_dev_lock(hdev);
2245
2246 key = hci_find_link_key(hdev, &ev->bdaddr);
2247 if (!key) {
2248 BT_DBG("%s link key not found for %s", hdev->name,
2249 batostr(&ev->bdaddr));
2250 goto not_found;
2251 }
2252
2253 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2254 batostr(&ev->bdaddr));
2255
b6020ba0
WR		 2256 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2257 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2258 BT_DBG("%s ignoring debug key", hdev->name);
2259 goto not_found;
2260 }
2261
2262 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2263 if (conn) {
2264 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2265 conn->auth_type != 0xff &&
2266 (conn->auth_type & 0x01)) {
2267 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2268 goto not_found;
2269 }
55ed8ca1 2270
60b83f57
WR		 2271 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2272 conn->pending_sec_level == BT_SECURITY_HIGH) {
2273 BT_DBG("%s ignoring key unauthenticated for high \
2274 security", hdev->name);
2275 goto not_found;
2276 }
2277
2278 conn->key_type = key->type;
2279 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2280 }
2281
2282 bacpy(&cp.bdaddr, &ev->bdaddr);
2283 memcpy(cp.link_key, key->val, 16);
2284
2285 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2286
2287 hci_dev_unlock(hdev);
2288
2289 return;
2290
2291not_found:
2292 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2293 hci_dev_unlock(hdev);
a9de9248
MH		 2294}
2295
2296static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2297{
052b30b0
MH		 2298 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2299 struct hci_conn *conn;
55ed8ca1 2300 u8 pin_len = 0;
052b30b0 2301
a9de9248 2302 BT_DBG("%s", hdev->name);
052b30b0
MH		 2303
2304 hci_dev_lock(hdev);
2305
2306 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2307 if (conn) {
2308 hci_conn_hold(conn);
2309 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2310 pin_len = conn->pin_length;
13d39315
WR		 2311
2312 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2313 conn->key_type = ev->key_type;
2314
052b30b0
MH		 2315 hci_conn_put(conn);
2316 }
2317
55ed8ca1 2318 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2319 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2320 ev->key_type, pin_len);
2321
052b30b0 2322 hci_dev_unlock(hdev);
a9de9248
MH		 2323}
2324
1da177e4
LT		 2325static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2326{
a9de9248 2327 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2328 struct hci_conn *conn;
1da177e4
LT		 2329
2330 BT_DBG("%s status %d", hdev->name, ev->status);
2331
2332 hci_dev_lock(hdev);
2333
04837f64 2334 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2335 if (conn && !ev->status) {
2336 struct inquiry_entry *ie;
2337
cc11b9c1
AE		 2338 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2339 if (ie) {
1da177e4
LT		 2340 ie->data.clock_offset = ev->clock_offset;
2341 ie->timestamp = jiffies;
2342 }
2343 }
2344
2345 hci_dev_unlock(hdev);
2346}
2347
a8746417
MH		 2348static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2349{
2350 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2351 struct hci_conn *conn;
2352
2353 BT_DBG("%s status %d", hdev->name, ev->status);
2354
2355 hci_dev_lock(hdev);
2356
2357 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2358 if (conn && !ev->status)
2359 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2360
2361 hci_dev_unlock(hdev);
2362}
2363
85a1e930
MH		 2364static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2365{
a9de9248 2366 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2367 struct inquiry_entry *ie;
2368
2369 BT_DBG("%s", hdev->name);
2370
2371 hci_dev_lock(hdev);
2372
cc11b9c1
AE		 2373 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2374 if (ie) {
85a1e930
MH		 2375 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2376 ie->timestamp = jiffies;
2377 }
2378
2379 hci_dev_unlock(hdev);
2380}
2381
a9de9248
MH		 2382static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2383{
2384 struct inquiry_data data;
2385 int num_rsp = *((__u8 *) skb->data);
2386
2387 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2388
2389 if (!num_rsp)
2390 return;
2391
2392 hci_dev_lock(hdev);
2393
2394 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2395 struct inquiry_info_with_rssi_and_pscan_mode *info;
2396 info = (void *) (skb->data + 1);
a9de9248 2397
e17acd40 2398 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2399 bacpy(&data.bdaddr, &info->bdaddr);
2400 data.pscan_rep_mode = info->pscan_rep_mode;
2401 data.pscan_period_mode = info->pscan_period_mode;
2402 data.pscan_mode = info->pscan_mode;
2403 memcpy(data.dev_class, info->dev_class, 3);
2404 data.clock_offset = info->clock_offset;
2405 data.rssi = info->rssi;
41a96212 2406 data.ssp_mode = 0x00;
a9de9248 2407 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2408 mgmt_device_found(hdev->id, &info->bdaddr,
2409 info->dev_class, info->rssi,
2410 NULL);
a9de9248
MH		 2411 }
2412 } else {
2413 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2414
e17acd40 2415 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2416 bacpy(&data.bdaddr, &info->bdaddr);
2417 data.pscan_rep_mode = info->pscan_rep_mode;
2418 data.pscan_period_mode = info->pscan_period_mode;
2419 data.pscan_mode = 0x00;
2420 memcpy(data.dev_class, info->dev_class, 3);
2421 data.clock_offset = info->clock_offset;
2422 data.rssi = info->rssi;
41a96212 2423 data.ssp_mode = 0x00;
a9de9248 2424 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2425 mgmt_device_found(hdev->id, &info->bdaddr,
2426 info->dev_class, info->rssi,
2427 NULL);
a9de9248
MH		 2428 }
2429 }
2430
2431 hci_dev_unlock(hdev);
2432}
2433
2434static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2435{
41a96212
MH		 2436 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2437 struct hci_conn *conn;
2438
a9de9248 2439 BT_DBG("%s", hdev->name);
41a96212 2440
41a96212
MH		 2441 hci_dev_lock(hdev);
2442
2443 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2444 if (!conn)
2445 goto unlock;
41a96212 2446
ccd556fe
JH		 2447 if (!ev->status && ev->page == 0x01) {
2448 struct inquiry_entry *ie;
41a96212 2449
cc11b9c1
AE		 2450 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2451 if (ie)
ccd556fe 2452 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2453
ccd556fe
JH		 2454 conn->ssp_mode = (ev->features[0] & 0x01);
2455 }
2456
2457 if (conn->state != BT_CONFIG)
2458 goto unlock;
2459
127178d2
JH		 2460 if (!ev->status) {
2461 struct hci_cp_remote_name_req cp;
2462 memset(&cp, 0, sizeof(cp));
2463 bacpy(&cp.bdaddr, &conn->dst);
2464 cp.pscan_rep_mode = 0x02;
2465 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2466 }
392599b9 2467
127178d2 2468 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2469 conn->state = BT_CONNECTED;
2470 hci_proto_connect_cfm(conn, ev->status);
2471 hci_conn_put(conn);
41a96212
MH		 2472 }
2473
ccd556fe 2474unlock:
41a96212 2475 hci_dev_unlock(hdev);
a9de9248
MH		 2476}
2477
2478static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2479{
b6a0dc82
MH		 2480 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2481 struct hci_conn *conn;
2482
2483 BT_DBG("%s status %d", hdev->name, ev->status);
2484
2485 hci_dev_lock(hdev);
2486
2487 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2488 if (!conn) {
2489 if (ev->link_type == ESCO_LINK)
2490 goto unlock;
2491
2492 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2493 if (!conn)
2494 goto unlock;
2495
2496 conn->type = SCO_LINK;
2497 }
b6a0dc82 2498
732547f9
MH		 2499 switch (ev->status) {
2500 case 0x00:
b6a0dc82
MH		 2501 conn->handle = __le16_to_cpu(ev->handle);
2502 conn->state = BT_CONNECTED;
7d0db0a3 2503
9eba32b8 2504 hci_conn_hold_device(conn);
7d0db0a3 2505 hci_conn_add_sysfs(conn);
732547f9
MH		 2506 break;
2507
705e5711 2508 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2509 case 0x1c: /* SCO interval rejected */
1038a00b 2510 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2511 case 0x1f: /* Unspecified error */
2512 if (conn->out && conn->attempt < 2) {
2513 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2514 (hdev->esco_type & EDR_ESCO_MASK);
2515 hci_setup_sync(conn, conn->link->handle);
2516 goto unlock;
2517 }
2518 /* fall through */
2519
2520 default:
b6a0dc82 2521 conn->state = BT_CLOSED;
732547f9
MH		 2522 break;
2523 }
b6a0dc82
MH		 2524
2525 hci_proto_connect_cfm(conn, ev->status);
2526 if (ev->status)
2527 hci_conn_del(conn);
2528
2529unlock:
2530 hci_dev_unlock(hdev);
a9de9248
MH		 2531}
2532
2533static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2534{
2535 BT_DBG("%s", hdev->name);
2536}
2537
04837f64
MH		 2538static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2539{
a9de9248 2540 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2541
2542 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2543}
2544
a9de9248 2545static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2546{
a9de9248
MH		 2547 struct inquiry_data data;
2548 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2549 int num_rsp = *((__u8 *) skb->data);
1da177e4 2550
a9de9248 2551 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2552
a9de9248
MH		 2553 if (!num_rsp)
2554 return;
1da177e4 2555
a9de9248
MH		 2556 hci_dev_lock(hdev);
2557
e17acd40 2558 for (; num_rsp; num_rsp--, info++) {
a9de9248 2559 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2560 data.pscan_rep_mode = info->pscan_rep_mode;
2561 data.pscan_period_mode = info->pscan_period_mode;
2562 data.pscan_mode = 0x00;
a9de9248 2563 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2564 data.clock_offset = info->clock_offset;
2565 data.rssi = info->rssi;
41a96212 2566 data.ssp_mode = 0x01;
a9de9248 2567 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2568 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2569 info->rssi, info->data);
a9de9248
MH		 2570 }
2571
2572 hci_dev_unlock(hdev);
2573}
1da177e4 2574
17fa4b9d
JH		 2575static inline u8 hci_get_auth_req(struct hci_conn *conn)
2576{
2577 /* If remote requests dedicated bonding follow that lead */
2578 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2579 /* If both remote and local IO capabilities allow MITM
2580 * protection then require it, otherwise don't */
2581 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2582 return 0x02;
2583 else
2584 return 0x03;
2585 }
2586
2587 /* If remote requests no-bonding follow that lead */
2588 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2589 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2590
2591 return conn->auth_type;
2592}
2593
0493684e
MH		 2594static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595{
2596 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2597 struct hci_conn *conn;
2598
2599 BT_DBG("%s", hdev->name);
2600
2601 hci_dev_lock(hdev);
2602
2603 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2604 if (!conn)
2605 goto unlock;
2606
2607 hci_conn_hold(conn);
2608
2609 if (!test_bit(HCI_MGMT, &hdev->flags))
2610 goto unlock;
2611
2612 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2613 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2614 struct hci_cp_io_capability_reply cp;
2615
2616 bacpy(&cp.bdaddr, &ev->bdaddr);
2617 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2618 conn->auth_type = hci_get_auth_req(conn);
2619 cp.authentication = conn->auth_type;
17fa4b9d 2620
ce85ee13
SJ		 2621 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2622 hci_find_remote_oob_data(hdev, &conn->dst))
2623 cp.oob_data = 0x01;
2624 else
2625 cp.oob_data = 0x00;
2626
17fa4b9d
JH		 2627 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2628 sizeof(cp), &cp);
03b555e1
JH		 2629 } else {
2630 struct hci_cp_io_capability_neg_reply cp;
2631
2632 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2633 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2634
03b555e1
JH		 2635 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2636 sizeof(cp), &cp);
2637 }
2638
2639unlock:
2640 hci_dev_unlock(hdev);
2641}
2642
2643static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2644{
2645 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2646 struct hci_conn *conn;
2647
2648 BT_DBG("%s", hdev->name);
2649
2650 hci_dev_lock(hdev);
2651
2652 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2653 if (!conn)
2654 goto unlock;
2655
03b555e1
JH		 2656 conn->remote_cap = ev->capability;
2657 conn->remote_oob = ev->oob_data;
2658 conn->remote_auth = ev->authentication;
2659
2660unlock:
0493684e
MH		 2661 hci_dev_unlock(hdev);
2662}
2663
a5c29683
JH		 2664static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2665 struct sk_buff *skb)
2666{
2667 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2668 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2669 struct hci_conn *conn;
a5c29683
JH		 2670
2671 BT_DBG("%s", hdev->name);
2672
2673 hci_dev_lock(hdev);
2674
7a828908
JH		 2675 if (!test_bit(HCI_MGMT, &hdev->flags))
2676 goto unlock;
a5c29683 2677
7a828908
JH		 2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2679 if (!conn)
2680 goto unlock;
2681
2682 loc_mitm = (conn->auth_type & 0x01);
2683 rem_mitm = (conn->remote_auth & 0x01);
2684
2685 /* If we require MITM but the remote device can't provide that
2686 * (it has NoInputNoOutput) then reject the confirmation
2687 * request. The only exception is when we're dedicated bonding
2688 * initiators (connect_cfm_cb set) since then we always have the MITM
2689 * bit set. */
2690 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2691 BT_DBG("Rejecting request: remote device can't provide MITM");
2692 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2693 sizeof(ev->bdaddr), &ev->bdaddr);
2694 goto unlock;
2695 }
2696
2697 /* If no side requires MITM protection; auto-accept */
2698 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2699 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2700
2701 /* If we're not the initiators request authorization to
2702 * proceed from user space (mgmt_user_confirm with
2703 * confirm_hint set to 1). */
2704 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2705 BT_DBG("Confirming auto-accept as acceptor");
2706 confirm_hint = 1;
2707 goto confirm;
2708 }
2709
9f61656a
JH		 2710 BT_DBG("Auto-accept of user confirmation with %ums delay",
2711 hdev->auto_accept_delay);
2712
2713 if (hdev->auto_accept_delay > 0) {
2714 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2715 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2716 goto unlock;
2717 }
2718
7a828908
JH		 2719 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2720 sizeof(ev->bdaddr), &ev->bdaddr);
2721 goto unlock;
2722 }
2723
55bc1a37
JH		 2724confirm:
2725 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2726 confirm_hint);
7a828908
JH		 2727
2728unlock:
a5c29683
JH		 2729 hci_dev_unlock(hdev);
2730}
2731
0493684e
MH		 2732static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2733{
2734 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2735 struct hci_conn *conn;
2736
2737 BT_DBG("%s", hdev->name);
2738
2739 hci_dev_lock(hdev);
2740
2741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2742 if (!conn)
2743 goto unlock;
2744
2745 /* To avoid duplicate auth_failed events to user space we check
2746 * the HCI_CONN_AUTH_PEND flag which will be set if we
2747 * initiated the authentication. A traditional auth_complete
2748 * event gets always produced as initiator and is also mapped to
2749 * the mgmt_auth_failed event */
2750 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2751 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2752
2a611692
JH		 2753 hci_conn_put(conn);
2754
2755unlock:
0493684e
MH		 2756 hci_dev_unlock(hdev);
2757}
2758
41a96212
MH		 2759static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2760{
2761 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2762 struct inquiry_entry *ie;
2763
2764 BT_DBG("%s", hdev->name);
2765
2766 hci_dev_lock(hdev);
2767
cc11b9c1
AE		 2768 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2769 if (ie)
41a96212
MH		 2770 ie->data.ssp_mode = (ev->features[0] & 0x01);
2771
2772 hci_dev_unlock(hdev);
2773}
2774
2763eda6
SJ		 2775static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2776 struct sk_buff *skb)
2777{
2778 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2779 struct oob_data *data;
2780
2781 BT_DBG("%s", hdev->name);
2782
2783 hci_dev_lock(hdev);
2784
e1ba1f15
SJ		 2785 if (!test_bit(HCI_MGMT, &hdev->flags))
2786 goto unlock;
2787
2763eda6
SJ		 2788 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2789 if (data) {
2790 struct hci_cp_remote_oob_data_reply cp;
2791
2792 bacpy(&cp.bdaddr, &ev->bdaddr);
2793 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2794 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2795
2796 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2797 &cp);
2798 } else {
2799 struct hci_cp_remote_oob_data_neg_reply cp;
2800
2801 bacpy(&cp.bdaddr, &ev->bdaddr);
2802 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2803 &cp);
2804 }
2805
e1ba1f15 2806unlock:
2763eda6
SJ		 2807 hci_dev_unlock(hdev);
2808}
2809
fcd89c09
VT		 2810static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2811{
2812 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2813 struct hci_conn *conn;
2814
2815 BT_DBG("%s status %d", hdev->name, ev->status);
2816
2817 hci_dev_lock(hdev);
2818
2819 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2820 if (!conn) {
2821 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2822 if (!conn) {
2823 BT_ERR("No memory for new connection");
2824 hci_dev_unlock(hdev);
2825 return;
2826 }
29b7988a
AG		 2827
2828 conn->dst_type = ev->bdaddr_type;
b62f328b 2829 }
fcd89c09
VT		 2830
2831 if (ev->status) {
83bc71b4 2832 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2833 hci_proto_connect_cfm(conn, ev->status);
2834 conn->state = BT_CLOSED;
2835 hci_conn_del(conn);
2836 goto unlock;
2837 }
2838
cfafccf7 2839 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
83bc71b4 2840
7b5c0d52 2841 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2842 conn->handle = __le16_to_cpu(ev->handle);
2843 conn->state = BT_CONNECTED;
2844
2845 hci_conn_hold_device(conn);
2846 hci_conn_add_sysfs(conn);
2847
2848 hci_proto_connect_cfm(conn, ev->status);
2849
2850unlock:
2851 hci_dev_unlock(hdev);
2852}
2853
9aa04c91
AG		 2854static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2855 struct sk_buff *skb)
2856{
e95beb41
AG		 2857 u8 num_reports = skb->data[0];
2858 void *ptr = &skb->data[1];
9aa04c91
AG		 2859
2860 hci_dev_lock(hdev);
2861
e95beb41
AG		 2862 while (num_reports--) {
2863 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2864
9aa04c91 2865 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2866
2867 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2868 }
2869
2870 hci_dev_unlock(hdev);
2871}
2872
a7a595f6
VCG		 2873static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2874 struct sk_buff *skb)
2875{
2876 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2877 struct hci_cp_le_ltk_reply cp;
bea710fe 2878 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2879 struct hci_conn *conn;
bea710fe 2880 struct link_key *ltk;
a7a595f6
VCG		 2881
2882 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2883
2884 hci_dev_lock(hdev);
2885
2886 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2887 if (conn == NULL)
2888 goto not_found;
a7a595f6 2889
bea710fe
VCG		 2890 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2891 if (ltk == NULL)
2892 goto not_found;
2893
2894 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2895 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2896 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2897
2898 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2899
2900 hci_dev_unlock(hdev);
bea710fe
VCG		 2901
2902 return;
2903
2904not_found:
2905 neg.handle = ev->handle;
2906 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2907 hci_dev_unlock(hdev);
a7a595f6
VCG		 2908}
2909
fcd89c09
VT		 2910static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2911{
2912 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2913
2914 skb_pull(skb, sizeof(*le_ev));
2915
2916 switch (le_ev->subevent) {
2917 case HCI_EV_LE_CONN_COMPLETE:
2918 hci_le_conn_complete_evt(hdev, skb);
2919 break;
2920
9aa04c91
AG		 2921 case HCI_EV_LE_ADVERTISING_REPORT:
2922 hci_le_adv_report_evt(hdev, skb);
2923 break;
2924
a7a595f6
VCG		 2925 case HCI_EV_LE_LTK_REQ:
2926 hci_le_ltk_request_evt(hdev, skb);
2927 break;
2928
fcd89c09
VT		 2929 default:
2930 break;
2931 }
2932}
2933
a9de9248
MH		 2934void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2935{
2936 struct hci_event_hdr *hdr = (void *) skb->data;
2937 __u8 event = hdr->evt;
2938
2939 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2940
2941 switch (event) {
1da177e4
LT		 2942 case HCI_EV_INQUIRY_COMPLETE:
2943 hci_inquiry_complete_evt(hdev, skb);
2944 break;
2945
2946 case HCI_EV_INQUIRY_RESULT:
2947 hci_inquiry_result_evt(hdev, skb);
2948 break;
2949
a9de9248
MH		 2950 case HCI_EV_CONN_COMPLETE:
2951 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2952 break;
2953
1da177e4
LT		 2954 case HCI_EV_CONN_REQUEST:
2955 hci_conn_request_evt(hdev, skb);
2956 break;
2957
1da177e4
LT		 2958 case HCI_EV_DISCONN_COMPLETE:
2959 hci_disconn_complete_evt(hdev, skb);
2960 break;
2961
1da177e4
LT		 2962 case HCI_EV_AUTH_COMPLETE:
2963 hci_auth_complete_evt(hdev, skb);
2964 break;
2965
a9de9248
MH		 2966 case HCI_EV_REMOTE_NAME:
2967 hci_remote_name_evt(hdev, skb);
2968 break;
2969
1da177e4
LT		 2970 case HCI_EV_ENCRYPT_CHANGE:
2971 hci_encrypt_change_evt(hdev, skb);
2972 break;
2973
a9de9248
MH		 2974 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2975 hci_change_link_key_complete_evt(hdev, skb);
2976 break;
2977
2978 case HCI_EV_REMOTE_FEATURES:
2979 hci_remote_features_evt(hdev, skb);
2980 break;
2981
2982 case HCI_EV_REMOTE_VERSION:
2983 hci_remote_version_evt(hdev, skb);
2984 break;
2985
2986 case HCI_EV_QOS_SETUP_COMPLETE:
2987 hci_qos_setup_complete_evt(hdev, skb);
2988 break;
2989
2990 case HCI_EV_CMD_COMPLETE:
2991 hci_cmd_complete_evt(hdev, skb);
2992 break;
2993
2994 case HCI_EV_CMD_STATUS:
2995 hci_cmd_status_evt(hdev, skb);
2996 break;
2997
2998 case HCI_EV_ROLE_CHANGE:
2999 hci_role_change_evt(hdev, skb);
3000 break;
3001
3002 case HCI_EV_NUM_COMP_PKTS:
3003 hci_num_comp_pkts_evt(hdev, skb);
3004 break;
3005
3006 case HCI_EV_MODE_CHANGE:
3007 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3008 break;
3009
3010 case HCI_EV_PIN_CODE_REQ:
3011 hci_pin_code_request_evt(hdev, skb);
3012 break;
3013
3014 case HCI_EV_LINK_KEY_REQ:
3015 hci_link_key_request_evt(hdev, skb);
3016 break;
3017
3018 case HCI_EV_LINK_KEY_NOTIFY:
3019 hci_link_key_notify_evt(hdev, skb);
3020 break;
3021
3022 case HCI_EV_CLOCK_OFFSET:
3023 hci_clock_offset_evt(hdev, skb);
3024 break;
3025
a8746417
MH		 3026 case HCI_EV_PKT_TYPE_CHANGE:
3027 hci_pkt_type_change_evt(hdev, skb);
3028 break;
3029
85a1e930
MH		 3030 case HCI_EV_PSCAN_REP_MODE:
3031 hci_pscan_rep_mode_evt(hdev, skb);
3032 break;
3033
a9de9248
MH		 3034 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3035 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3036 break;
3037
a9de9248
MH		 3038 case HCI_EV_REMOTE_EXT_FEATURES:
3039 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3040 break;
3041
a9de9248
MH		 3042 case HCI_EV_SYNC_CONN_COMPLETE:
3043 hci_sync_conn_complete_evt(hdev, skb);
3044 break;
1da177e4 3045
a9de9248
MH		 3046 case HCI_EV_SYNC_CONN_CHANGED:
3047 hci_sync_conn_changed_evt(hdev, skb);
3048 break;
1da177e4 3049
a9de9248
MH		 3050 case HCI_EV_SNIFF_SUBRATE:
3051 hci_sniff_subrate_evt(hdev, skb);
3052 break;
1da177e4 3053
a9de9248
MH		 3054 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3055 hci_extended_inquiry_result_evt(hdev, skb);
3056 break;
1da177e4 3057
0493684e
MH		 3058 case HCI_EV_IO_CAPA_REQUEST:
3059 hci_io_capa_request_evt(hdev, skb);
3060 break;
3061
03b555e1
JH		 3062 case HCI_EV_IO_CAPA_REPLY:
3063 hci_io_capa_reply_evt(hdev, skb);
3064 break;
3065
a5c29683
JH		 3066 case HCI_EV_USER_CONFIRM_REQUEST:
3067 hci_user_confirm_request_evt(hdev, skb);
3068 break;
3069
0493684e
MH		 3070 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3071 hci_simple_pair_complete_evt(hdev, skb);
3072 break;
3073
41a96212
MH		 3074 case HCI_EV_REMOTE_HOST_FEATURES:
3075 hci_remote_host_features_evt(hdev, skb);
3076 break;
3077
fcd89c09
VT		 3078 case HCI_EV_LE_META:
3079 hci_le_meta_evt(hdev, skb);
3080 break;
3081
2763eda6
SJ		 3082 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3083 hci_remote_oob_data_request_evt(hdev, skb);
3084 break;
3085
a9de9248
MH		 3086 default:
3087 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3088 break;
3089 }
3090
3091 kfree_skb(skb);
3092 hdev->stat.evt_rx++;
3093}
3094
3095/* Generate internal stack event */
3096void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3097{
3098 struct hci_event_hdr *hdr;
3099 struct hci_ev_stack_internal *ev;
3100 struct sk_buff *skb;
3101
3102 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3103 if (!skb)
3104 return;
3105
3106 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3107 hdr->evt = HCI_EV_STACK_INTERNAL;
3108 hdr->plen = sizeof(*ev) + dlen;
3109
3110 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3111 ev->type = type;
3112 memcpy(ev->data, data, dlen);
3113
576c7d85 3114 bt_cb(skb)->incoming = 1;
a61bbcf2 3115 __net_timestamp(skb);
576c7d85 3116
0d48d939 3117 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3118 skb->dev = (void *) hdev;
eec8d2bc 3119 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3120 kfree_skb(skb);
3121}
e6100a25 3122
669bb396 3123module_param(enable_le, bool, 0644);
e6100a25 3124MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)