projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Factor out Create Configuration Response
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
8e2a0d92 33#include <net/bluetooth/a2mp.h>
903e4541 34#include <net/bluetooth/amp.h>
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
e6d465cb
AG		 44 if (status) {
45 hci_dev_lock(hdev);
46 mgmt_stop_discovery_failed(hdev, status);
47 hci_dev_unlock(hdev);
a9de9248 48 return;
e6d465cb 49 }
1da177e4 50
89352e7d
AG		 51 clear_bit(HCI_INQUIRY, &hdev->flags);
52
56e5cb86 53 hci_dev_lock(hdev);
ff9ef578 54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 55 hci_dev_unlock(hdev);
6bd57416 56
23bb5763 57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 58
59 hci_conn_check_pending(hdev);
60}
6bd57416 61
4d93483b
AG		 62static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63{
64 __u8 status = *((__u8 *) skb->data);
65
9f1db00c 66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 67
68 if (status)
69 return;
70
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 72}
73
a9de9248
MH		 74static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75{
76 __u8 status = *((__u8 *) skb->data);
6bd57416 77
9f1db00c 78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 79
a9de9248
MH		 80 if (status)
81 return;
1da177e4 82
ae854a70
AG		 83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
807deac2
GP		 88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
89 struct sk_buff *skb)
a9de9248
MH		 90{
91 BT_DBG("%s", hdev->name);
92}
93
94static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95{
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
98
9f1db00c 99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 100
101 if (rp->status)
102 return;
103
104 hci_dev_lock(hdev);
105
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
107 if (conn) {
108 if (rp->role)
109 conn->link_mode &= ~HCI_LM_MASTER;
110 else
111 conn->link_mode |= HCI_LM_MASTER;
1da177e4 112 }
a9de9248
MH		 113
114 hci_dev_unlock(hdev);
1da177e4
LT		 115}
116
e4e8e37c
MH		 117static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 if (conn)
131 conn->link_policy = __le16_to_cpu(rp->policy);
132
133 hci_dev_unlock(hdev);
134}
135
a9de9248 136static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 137{
a9de9248 138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 139 struct hci_conn *conn;
04837f64 140 void *sent;
1da177e4 141
9f1db00c 142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 143
a9de9248
MH		 144 if (rp->status)
145 return;
1da177e4 146
a9de9248
MH		 147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 if (!sent)
149 return;
1da177e4 150
a9de9248 151 hci_dev_lock(hdev);
1da177e4 152
a9de9248 153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 154 if (conn)
83985319 155 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 156
a9de9248
MH		 157 hci_dev_unlock(hdev);
158}
1da177e4 159
807deac2
GP		 160static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct sk_buff *skb)
e4e8e37c
MH		 162{
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164
9f1db00c 165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 166
167 if (rp->status)
168 return;
169
170 hdev->link_policy = __le16_to_cpu(rp->policy);
171}
172
807deac2
GP		 173static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 struct sk_buff *skb)
e4e8e37c
MH		 175{
176 __u8 status = *((__u8 *) skb->data);
177 void *sent;
178
9f1db00c 179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 180
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
185 if (!status)
186 hdev->link_policy = get_unaligned_le16(sent);
187
23bb5763 188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 189}
190
a9de9248
MH		 191static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
192{
193 __u8 status = *((__u8 *) skb->data);
04837f64 194
9f1db00c 195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 196
10572132
GP		 197 clear_bit(HCI_RESET, &hdev->flags);
198
23bb5763 199 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 200
a297e97c 201 /* Reset all non-persistent flags */
ae854a70
AG		 202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 204
205 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 206}
04837f64 207
a9de9248
MH		 208static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209{
210 __u8 status = *((__u8 *) skb->data);
211 void *sent;
04837f64 212
9f1db00c 213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 214
a9de9248
MH		 215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (!sent)
217 return;
04837f64 218
56e5cb86
JH		 219 hci_dev_lock(hdev);
220
f51d5b24
JH		 221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 223 else if (!status)
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 225
56e5cb86 226 hci_dev_unlock(hdev);
3159d384
JH		 227
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 229}
230
231static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232{
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
234
9f1db00c 235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 236
237 if (rp->status)
238 return;
239
db99b5fc
JH		 240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 242}
243
244static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245{
246 __u8 status = *((__u8 *) skb->data);
247 void *sent;
248
9f1db00c 249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252 if (!sent)
253 return;
254
255 if (!status) {
256 __u8 param = *((__u8 *) sent);
257
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
260 else
261 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 262 }
a9de9248 263
33ef95ed
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
266
23bb5763 267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
1da177e4 289
23bb5763 290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 291}
1da177e4 292
a9de9248
MH		 293static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
294{
36f7fc7e
JH		 295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
a9de9248 297 void *sent;
1da177e4 298
9f1db00c 299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 300
a9de9248
MH		 301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 if (!sent)
303 return;
1da177e4 304
36f7fc7e
JH		 305 param = *((__u8 *) sent);
306
56e5cb86
JH		 307 hci_dev_lock(hdev);
308
fa1bd918 309 if (status) {
744cf19e 310 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 311 hdev->discov_timeout = 0;
312 goto done;
313 }
314
36f7fc7e
JH		 315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
317
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
320 if (!old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 325 to);
16ab91ab 326 }
36f7fc7e 327 } else if (old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 329
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
332 if (!old_pscan)
744cf19e 333 mgmt_connectable(hdev, 1);
36f7fc7e 334 } else if (old_pscan)
744cf19e 335 mgmt_connectable(hdev, 0);
1da177e4 336
36f7fc7e 337done:
56e5cb86 338 hci_dev_unlock(hdev);
23bb5763 339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 340}
1da177e4 341
a9de9248
MH		 342static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343{
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 347
a9de9248
MH		 348 if (rp->status)
349 return;
1da177e4 350
a9de9248 351 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 352
a9de9248 353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 355}
1da177e4 356
a9de9248
MH		 357static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
358{
359 __u8 status = *((__u8 *) skb->data);
360 void *sent;
1da177e4 361
9f1db00c 362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 363
a9de9248
MH		 364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
365 if (!sent)
366 return;
1da177e4 367
7f9a903c
MH		 368 hci_dev_lock(hdev);
369
370 if (status == 0)
371 memcpy(hdev->dev_class, sent, 3);
372
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
375
376 hci_dev_unlock(hdev);
a9de9248 377}
1da177e4 378
a9de9248
MH		 379static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
380{
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
382 __u16 setting;
383
9f1db00c 384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 385
386 if (rp->status)
387 return;
388
389 setting = __le16_to_cpu(rp->voice_setting);
390
f383f275 391 if (hdev->voice_setting == setting)
a9de9248
MH		 392 return;
393
394 hdev->voice_setting = setting;
395
9f1db00c 396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 397
3c54711c 398 if (hdev->notify)
a9de9248 399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 400}
401
8fc9ced3
GP		 402static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 struct sk_buff *skb)
a9de9248
MH		 404{
405 __u8 status = *((__u8 *) skb->data);
f383f275 406 __u16 setting;
a9de9248
MH		 407 void *sent;
408
9f1db00c 409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 410
f383f275
MH		 411 if (status)
412 return;
413
a9de9248
MH		 414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 if (!sent)
416 return;
1da177e4 417
f383f275 418 setting = get_unaligned_le16(sent);
1da177e4 419
f383f275
MH		 420 if (hdev->voice_setting == setting)
421 return;
422
423 hdev->voice_setting = setting;
1da177e4 424
9f1db00c 425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 426
3c54711c 427 if (hdev->notify)
f383f275 428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 429}
430
a9de9248 431static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 432{
a9de9248 433 __u8 status = *((__u8 *) skb->data);
1da177e4 434
9f1db00c 435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 436
23bb5763 437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 438}
1143e5a6 439
333140b5
MH		 440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
443 void *sent;
444
9f1db00c 445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 446
333140b5
MH		 447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (!sent)
449 return;
450
ed2c4ee3 451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
453 else if (!status) {
454 if (*((u8 *) sent))
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 else
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 }
333140b5
MH		 459}
460
d5859e22
JH		 461static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
462{
463 if (hdev->features[6] & LMP_EXT_INQ)
464 return 2;
465
466 if (hdev->features[3] & LMP_RSSI_INQ)
467 return 1;
468
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 470 hdev->lmp_subver == 0x0757)
d5859e22
JH		 471 return 1;
472
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
477 return 1;
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
479 return 1;
480 }
481
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 483 hdev->lmp_subver == 0x1805)
d5859e22
JH		 484 return 1;
485
486 return 0;
487}
488
489static void hci_setup_inquiry_mode(struct hci_dev *hdev)
490{
491 u8 mode;
492
493 mode = hci_get_inquiry_mode(hdev);
494
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496}
497
498static void hci_setup_event_mask(struct hci_dev *hdev)
499{
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
504
6de6c18d
VT		 505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
5a13b095 507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 508 return;
509
510 events[4] |= 0x01; /* Flow Specification Complete */
511 events[4] |= 0x02; /* Inquiry Result with RSSI */
512 events[4] |= 0x04; /* Read Remote Extended Features Complete */
513 events[5] |= 0x08; /* Synchronous Connection Complete */
514 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 515
516 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 517 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 518
999dcd10 519 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 520 events[5] |= 0x20; /* Sniff Subrating */
521
522 if (hdev->features[5] & LMP_PAUSE_ENC)
523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
524
525 if (hdev->features[6] & LMP_EXT_INQ)
526 events[5] |= 0x40; /* Extended Inquiry Result */
527
c58e810e 528 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 529 events[7] |= 0x01; /* Enhanced Flush Complete */
530
531 if (hdev->features[7] & LMP_LSTO)
532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
533
9a1a1996 534 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 535 events[6] |= 0x01; /* IO Capability Request */
536 events[6] |= 0x02; /* IO Capability Response */
537 events[6] |= 0x04; /* User Confirmation Request */
538 events[6] |= 0x08; /* User Passkey Request */
539 events[6] |= 0x10; /* Remote OOB Data Request */
540 events[6] |= 0x20; /* Simple Pairing Complete */
541 events[7] |= 0x04; /* User Passkey Notification */
542 events[7] |= 0x08; /* Keypress Notification */
543 events[7] |= 0x10; /* Remote Host Supported
544 * Features Notification */
545 }
546
c383ddc4 547 if (lmp_le_capable(hdev))
d5859e22
JH		 548 events[7] |= 0x20; /* LE Meta-Event */
549
550 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
551}
552
553static void hci_setup(struct hci_dev *hdev)
554{
e61ef499
AE		 555 if (hdev->dev_type != HCI_BREDR)
556 return;
557
d5859e22
JH		 558 hci_setup_event_mask(hdev);
559
d095c1eb 560 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 561 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
562
6d3c730f 563 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
565 u8 mode = 0x01;
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 567 sizeof(mode), &mode);
54d04dbb
JH		 568 } else {
569 struct hci_cp_write_eir cp;
570
571 memset(hdev->eir, 0, sizeof(hdev->eir));
572 memset(&cp, 0, sizeof(cp));
573
574 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 }
d5859e22
JH		 576 }
577
578 if (hdev->features[3] & LMP_RSSI_INQ)
579 hci_setup_inquiry_mode(hdev);
580
581 if (hdev->features[7] & LMP_INQ_TX_PWR)
582 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 583
584 if (hdev->features[7] & LMP_EXTFEATURES) {
585 struct hci_cp_read_local_ext_features cp;
586
587 cp.page = 0x01;
04124681
GP		 588 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
589 &cp);
971e3a4b 590 }
e6100a25 591
47990ea0
JH		 592 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
593 u8 enable = 1;
04124681
GP		 594 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
595 &enable);
47990ea0 596 }
d5859e22
JH		 597}
598
a9de9248
MH		 599static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600{
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 602
9f1db00c 603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 604
a9de9248 605 if (rp->status)
28b8df77 606 goto done;
1143e5a6 607
a9de9248 608 hdev->hci_ver = rp->hci_ver;
e4e8e37c 609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 610 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 613
9f1db00c 614 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 615 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 616
617 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_setup(hdev);
28b8df77
AE		 619
620done:
621 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 622}
623
624static void hci_setup_link_policy(struct hci_dev *hdev)
625{
035100c8 626 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 627 u16 link_policy = 0;
628
9f92ebf6 629 if (lmp_rswitch_capable(hdev))
d5859e22
JH		 630 link_policy |= HCI_LP_RSWITCH;
631 if (hdev->features[0] & LMP_HOLD)
632 link_policy |= HCI_LP_HOLD;
6eded100 633 if (lmp_sniff_capable(hdev))
d5859e22
JH		 634 link_policy |= HCI_LP_SNIFF;
635 if (hdev->features[1] & LMP_PARK)
636 link_policy |= HCI_LP_PARK;
637
035100c8
AE		 638 cp.policy = cpu_to_le16(link_policy);
639 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 640}
1da177e4 641
8fc9ced3
GP		 642static void hci_cc_read_local_commands(struct hci_dev *hdev,
643 struct sk_buff *skb)
a9de9248
MH		 644{
645 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 646
9f1db00c 647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 648
a9de9248 649 if (rp->status)
d5859e22 650 goto done;
1da177e4 651
a9de9248 652 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 653
654 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
655 hci_setup_link_policy(hdev);
656
657done:
658 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 659}
1da177e4 660
8fc9ced3
GP		 661static void hci_cc_read_local_features(struct hci_dev *hdev,
662 struct sk_buff *skb)
a9de9248
MH		 663{
664 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 665
9f1db00c 666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 667
a9de9248
MH		 668 if (rp->status)
669 return;
5b7f9909 670
a9de9248 671 memcpy(hdev->features, rp->features, 8);
5b7f9909 672
a9de9248
MH		 673 /* Adjust default settings according to features
674 * supported by device. */
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_3SLOT)
677 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[0] & LMP_5SLOT)
680 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 681
a9de9248
MH		 682 if (hdev->features[1] & LMP_HV2) {
683 hdev->pkt_type |= (HCI_HV2);
684 hdev->esco_type |= (ESCO_HV2);
685 }
1da177e4 686
a9de9248
MH		 687 if (hdev->features[1] & LMP_HV3) {
688 hdev->pkt_type |= (HCI_HV3);
689 hdev->esco_type |= (ESCO_HV3);
690 }
1da177e4 691
45db810f 692 if (lmp_esco_capable(hdev))
a9de9248 693 hdev->esco_type |= (ESCO_EV3);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV4)
696 hdev->esco_type |= (ESCO_EV4);
da1f5198 697
a9de9248
MH		 698 if (hdev->features[4] & LMP_EV5)
699 hdev->esco_type |= (ESCO_EV5);
1da177e4 700
efc7688b
MH		 701 if (hdev->features[5] & LMP_EDR_ESCO_2M)
702 hdev->esco_type |= (ESCO_2EV3);
703
704 if (hdev->features[5] & LMP_EDR_ESCO_3M)
705 hdev->esco_type |= (ESCO_3EV3);
706
707 if (hdev->features[5] & LMP_EDR_3S_ESCO)
708 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
709
a9de9248 710 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 711 hdev->features[0], hdev->features[1],
712 hdev->features[2], hdev->features[3],
713 hdev->features[4], hdev->features[5],
714 hdev->features[6], hdev->features[7]);
a9de9248 715}
1da177e4 716
8f984dfa
JH		 717static void hci_set_le_support(struct hci_dev *hdev)
718{
719 struct hci_cp_write_le_host_supported cp;
720
721 memset(&cp, 0, sizeof(cp));
722
9d42820f 723 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 724 cp.le = 1;
725 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
726 }
727
728 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 729 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
730 &cp);
8f984dfa
JH		 731}
732
971e3a4b 733static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 734 struct sk_buff *skb)
971e3a4b
AG		 735{
736 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 739
740 if (rp->status)
8f984dfa 741 goto done;
971e3a4b 742
b5b32b65
AG		 743 switch (rp->page) {
744 case 0:
745 memcpy(hdev->features, rp->features, 8);
746 break;
747 case 1:
748 memcpy(hdev->host_features, rp->features, 8);
749 break;
750 }
971e3a4b 751
c383ddc4 752 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 753 hci_set_le_support(hdev);
754
755done:
971e3a4b
AG		 756 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
757}
758
1e89cffb 759static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 760 struct sk_buff *skb)
1e89cffb
AE		 761{
762 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
763
9f1db00c 764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 765
766 if (rp->status)
767 return;
768
769 hdev->flow_ctl_mode = rp->mode;
770
771 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
772}
773
a9de9248
MH		 774static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
775{
776 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 777
9f1db00c 778 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 779
a9de9248
MH		 780 if (rp->status)
781 return;
1da177e4 782
a9de9248
MH		 783 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
784 hdev->sco_mtu = rp->sco_mtu;
785 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
786 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
787
788 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
789 hdev->sco_mtu = 64;
790 hdev->sco_pkts = 8;
1da177e4 791 }
a9de9248
MH		 792
793 hdev->acl_cnt = hdev->acl_pkts;
794 hdev->sco_cnt = hdev->sco_pkts;
795
807deac2
GP		 796 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
797 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 798}
799
800static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
801{
802 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
803
9f1db00c 804 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 805
806 if (!rp->status)
807 bacpy(&hdev->bdaddr, &rp->bdaddr);
808
23bb5763
JH		 809 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
810}
811
350ee4cf 812static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 813 struct sk_buff *skb)
350ee4cf
AE		 814{
815 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
816
9f1db00c 817 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 818
819 if (rp->status)
820 return;
821
822 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
823 hdev->block_len = __le16_to_cpu(rp->block_len);
824 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
825
826 hdev->block_cnt = hdev->num_blocks;
827
828 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 829 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 830
831 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
832}
833
23bb5763
JH		 834static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
835{
836 __u8 status = *((__u8 *) skb->data);
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 839
840 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 841}
842
928abaa7 843static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 844 struct sk_buff *skb)
928abaa7
AE		 845{
846 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
847
9f1db00c 848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 849
850 if (rp->status)
8e2a0d92 851 goto a2mp_rsp;
928abaa7
AE		 852
853 hdev->amp_status = rp->amp_status;
854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
855 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
856 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
857 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
858 hdev->amp_type = rp->amp_type;
859 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
860 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
861 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
863
864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 865
866a2mp_rsp:
867 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 868}
869
903e4541
AE		 870static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
871 struct sk_buff *skb)
872{
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
876
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879 if (rp->status)
880 goto a2mp_rsp;
881
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
884
885 if (rem_len > frag_len) {
392f44d3 886 BT_DBG("frag_len %ld rem_len %ld", frag_len, rem_len);
903e4541
AE		 887
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
890
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
893
894 return;
895 }
896
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
899 assoc->offset = 0;
900
901a2mp_rsp:
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 904 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 905}
906
b0916ea0 907static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 908 struct sk_buff *skb)
b0916ea0
JH		 909{
910 __u8 status = *((__u8 *) skb->data);
911
9f1db00c 912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 913
914 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
915}
916
d5859e22
JH		 917static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
918{
919 __u8 status = *((__u8 *) skb->data);
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 922
923 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
924}
925
926static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 927 struct sk_buff *skb)
d5859e22
JH		 928{
929 __u8 status = *((__u8 *) skb->data);
930
9f1db00c 931 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 932
933 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
934}
935
936static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 937 struct sk_buff *skb)
d5859e22 938{
91c4e9b1 939 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 940
9f1db00c 941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 942
943 if (!rp->status)
944 hdev->inq_tx_power = rp->tx_power;
d5859e22 945
91c4e9b1 946 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 947}
948
949static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
950{
951 __u8 status = *((__u8 *) skb->data);
952
9f1db00c 953 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 954
955 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
956}
957
980e1a53
JH		 958static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
959{
960 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
961 struct hci_cp_pin_code_reply *cp;
962 struct hci_conn *conn;
963
9f1db00c 964 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 965
56e5cb86
JH		 966 hci_dev_lock(hdev);
967
a8b2d5c2 968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 969 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 970
fa1bd918 971 if (rp->status)
56e5cb86 972 goto unlock;
980e1a53
JH		 973
974 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
975 if (!cp)
56e5cb86 976 goto unlock;
980e1a53
JH		 977
978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
979 if (conn)
980 conn->pin_length = cp->pin_len;
56e5cb86
JH		 981
982unlock:
983 hci_dev_unlock(hdev);
980e1a53
JH		 984}
985
986static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
987{
988 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
989
9f1db00c 990 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 991
56e5cb86
JH		 992 hci_dev_lock(hdev);
993
a8b2d5c2 994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 995 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 996 rp->status);
56e5cb86
JH		 997
998 hci_dev_unlock(hdev);
980e1a53 999}
56e5cb86 1000
6ed58ec5
VT		 1001static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1003{
1004 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1007
1008 if (rp->status)
1009 return;
1010
1011 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1012 hdev->le_pkts = rp->le_max_pkt;
1013
1014 hdev->le_cnt = hdev->le_pkts;
1015
1016 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1017
1018 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1019}
980e1a53 1020
a5c29683
JH		 1021static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1024
9f1db00c 1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1026
56e5cb86
JH		 1027 hci_dev_lock(hdev);
1028
a8b2d5c2 1029 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1030 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1031 rp->status);
56e5cb86
JH		 1032
1033 hci_dev_unlock(hdev);
a5c29683
JH		 1034}
1035
1036static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1037 struct sk_buff *skb)
a5c29683
JH		 1038{
1039 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1040
9f1db00c 1041 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1042
56e5cb86
JH		 1043 hci_dev_lock(hdev);
1044
a8b2d5c2 1045 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1046 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1047 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1048
1049 hci_dev_unlock(hdev);
a5c29683
JH		 1050}
1051
1143d458
BG		 1052static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1053{
1054 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1055
9f1db00c 1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1057
1058 hci_dev_lock(hdev);
1059
a8b2d5c2 1060 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1061 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1062 0, rp->status);
1143d458
BG		 1063
1064 hci_dev_unlock(hdev);
1065}
1066
1067static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1068 struct sk_buff *skb)
1143d458
BG		 1069{
1070 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1071
9f1db00c 1072 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1073
1074 hci_dev_lock(hdev);
1075
a8b2d5c2 1076 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1077 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1078 ACL_LINK, 0, rp->status);
1143d458
BG		 1079
1080 hci_dev_unlock(hdev);
1081}
1082
c35938b2 1083static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1084 struct sk_buff *skb)
c35938b2
SJ		 1085{
1086 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1087
9f1db00c 1088 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1089
56e5cb86 1090 hci_dev_lock(hdev);
744cf19e 1091 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1092 rp->randomizer, rp->status);
56e5cb86 1093 hci_dev_unlock(hdev);
c35938b2
SJ		 1094}
1095
07f7fa5d
AG		 1096static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1097{
1098 __u8 status = *((__u8 *) skb->data);
1099
9f1db00c 1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1101
1102 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1103
1104 if (status) {
1105 hci_dev_lock(hdev);
1106 mgmt_start_discovery_failed(hdev, status);
1107 hci_dev_unlock(hdev);
1108 return;
1109 }
07f7fa5d
AG		 1110}
1111
eb9d91f5 1112static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1113 struct sk_buff *skb)
eb9d91f5
AG		 1114{
1115 struct hci_cp_le_set_scan_enable *cp;
1116 __u8 status = *((__u8 *) skb->data);
1117
9f1db00c 1118 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1119
eb9d91f5
AG		 1120 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1121 if (!cp)
1122 return;
1123
68a8aea4
AE		 1124 switch (cp->enable) {
1125 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1126 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1127
3fd24153
AG		 1128 if (status) {
1129 hci_dev_lock(hdev);
1130 mgmt_start_discovery_failed(hdev, status);
1131 hci_dev_unlock(hdev);
7ba8b4be 1132 return;
3fd24153 1133 }
7ba8b4be 1134
d23264a8
AG		 1135 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1136
a8f13c8c 1137 hci_dev_lock(hdev);
343f935b 1138 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1139 hci_dev_unlock(hdev);
68a8aea4
AE		 1140 break;
1141
1142 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1143 if (status) {
1144 hci_dev_lock(hdev);
1145 mgmt_stop_discovery_failed(hdev, status);
1146 hci_dev_unlock(hdev);
7ba8b4be 1147 return;
c9ecc48e 1148 }
7ba8b4be 1149
d23264a8
AG		 1150 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1151
bc3dd33c
AG		 1152 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1153 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1154 mgmt_interleaved_discovery(hdev);
1155 } else {
1156 hci_dev_lock(hdev);
1157 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1158 hci_dev_unlock(hdev);
1159 }
1160
68a8aea4
AE		 1161 break;
1162
1163 default:
1164 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1165 break;
35815085 1166 }
eb9d91f5
AG		 1167}
1168
a7a595f6
VCG		 1169static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1170{
1171 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1172
9f1db00c 1173 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1174
1175 if (rp->status)
1176 return;
1177
1178 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1179}
1180
1181static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1182{
1183 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1184
9f1db00c 1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1186
1187 if (rp->status)
1188 return;
1189
1190 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1191}
1192
6039aa73
GP		 1193static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1194 struct sk_buff *skb)
f9b49306 1195{
06199cf8 1196 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1197 __u8 status = *((__u8 *) skb->data);
1198
9f1db00c 1199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1200
06199cf8 1201 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1202 if (!sent)
f9b49306
AG		 1203 return;
1204
8f984dfa
JH		 1205 if (!status) {
1206 if (sent->le)
1207 hdev->host_features[0] |= LMP_HOST_LE;
1208 else
1209 hdev->host_features[0] &= ~LMP_HOST_LE;
1210 }
1211
1212 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1213 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1214 mgmt_le_enable_complete(hdev, sent->le, status);
1215
1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1217}
1218
93c284ee
AE		 1219static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1221{
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1223
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1226
1227 if (rp->status)
1228 return;
1229
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1231}
1232
6039aa73 1233static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1234{
9f1db00c 1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1236
1237 if (status) {
23bb5763 1238 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1239 hci_conn_check_pending(hdev);
56e5cb86 1240 hci_dev_lock(hdev);
a8b2d5c2 1241 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1242 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1243 hci_dev_unlock(hdev);
314b2381
JH		 1244 return;
1245 }
1246
89352e7d
AG		 1247 set_bit(HCI_INQUIRY, &hdev->flags);
1248
56e5cb86 1249 hci_dev_lock(hdev);
343f935b 1250 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1251 hci_dev_unlock(hdev);
1da177e4
LT		 1252}
1253
6039aa73 1254static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1255{
a9de9248 1256 struct hci_cp_create_conn *cp;
1da177e4 1257 struct hci_conn *conn;
1da177e4 1258
9f1db00c 1259 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1260
1261 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1262 if (!cp)
1263 return;
1264
1265 hci_dev_lock(hdev);
1266
1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1268
6ed93dc6 1269 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1270
1271 if (status) {
1272 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1273 if (status != 0x0c || conn->attempt > 2) {
1274 conn->state = BT_CLOSED;
1275 hci_proto_connect_cfm(conn, status);
1276 hci_conn_del(conn);
1277 } else
1278 conn->state = BT_CONNECT2;
1da177e4
LT		 1279 }
1280 } else {
1281 if (!conn) {
1282 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1283 if (conn) {
a0c808b3 1284 conn->out = true;
1da177e4
LT		 1285 conn->link_mode |= HCI_LM_MASTER;
1286 } else
893ef971 1287 BT_ERR("No memory for new connection");
1da177e4
LT		 1288 }
1289 }
1290
1291 hci_dev_unlock(hdev);
1292}
1293
a9de9248 1294static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1295{
a9de9248
MH		 1296 struct hci_cp_add_sco *cp;
1297 struct hci_conn *acl, *sco;
1298 __u16 handle;
1da177e4 1299
9f1db00c 1300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1301
a9de9248
MH		 1302 if (!status)
1303 return;
1da177e4 1304
a9de9248
MH		 1305 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1306 if (!cp)
1307 return;
1da177e4 1308
a9de9248 1309 handle = __le16_to_cpu(cp->handle);
1da177e4 1310
9f1db00c 1311 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1312
a9de9248 1313 hci_dev_lock(hdev);
1da177e4 1314
a9de9248 1315 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1316 if (acl) {
1317 sco = acl->link;
1318 if (sco) {
1319 sco->state = BT_CLOSED;
1da177e4 1320
5a08ecce
AE		 1321 hci_proto_connect_cfm(sco, status);
1322 hci_conn_del(sco);
1323 }
a9de9248 1324 }
1da177e4 1325
a9de9248
MH		 1326 hci_dev_unlock(hdev);
1327}
1da177e4 1328
f8558555
MH		 1329static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1330{
1331 struct hci_cp_auth_requested *cp;
1332 struct hci_conn *conn;
1333
9f1db00c 1334 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1335
1336 if (!status)
1337 return;
1338
1339 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1340 if (!cp)
1341 return;
1342
1343 hci_dev_lock(hdev);
1344
1345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1346 if (conn) {
1347 if (conn->state == BT_CONFIG) {
1348 hci_proto_connect_cfm(conn, status);
1349 hci_conn_put(conn);
1350 }
1351 }
1352
1353 hci_dev_unlock(hdev);
1354}
1355
1356static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1357{
1358 struct hci_cp_set_conn_encrypt *cp;
1359 struct hci_conn *conn;
1360
9f1db00c 1361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1362
1363 if (!status)
1364 return;
1365
1366 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1367 if (!cp)
1368 return;
1369
1370 hci_dev_lock(hdev);
1371
1372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1373 if (conn) {
1374 if (conn->state == BT_CONFIG) {
1375 hci_proto_connect_cfm(conn, status);
1376 hci_conn_put(conn);
1377 }
1378 }
1379
1380 hci_dev_unlock(hdev);
1381}
1382
127178d2 1383static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1384 struct hci_conn *conn)
392599b9 1385{
392599b9
JH		 1386 if (conn->state != BT_CONFIG || !conn->out)
1387 return 0;
1388
765c2a96 1389 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1390 return 0;
1391
1392 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1393 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1394 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1395 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1396 return 0;
1397
392599b9
JH		 1398 return 1;
1399}
1400
6039aa73 1401static int hci_resolve_name(struct hci_dev *hdev,
04124681 1402 struct inquiry_entry *e)
30dc78e1
JH		 1403{
1404 struct hci_cp_remote_name_req cp;
1405
1406 memset(&cp, 0, sizeof(cp));
1407
1408 bacpy(&cp.bdaddr, &e->data.bdaddr);
1409 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1410 cp.pscan_mode = e->data.pscan_mode;
1411 cp.clock_offset = e->data.clock_offset;
1412
1413 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1414}
1415
b644ba33 1416static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1417{
1418 struct discovery_state *discov = &hdev->discovery;
1419 struct inquiry_entry *e;
1420
b644ba33
JH		 1421 if (list_empty(&discov->resolve))
1422 return false;
1423
1424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1425 if (!e)
1426 return false;
1427
b644ba33
JH		 1428 if (hci_resolve_name(hdev, e) == 0) {
1429 e->name_state = NAME_PENDING;
1430 return true;
1431 }
1432
1433 return false;
1434}
1435
1436static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1437 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1438{
1439 struct discovery_state *discov = &hdev->discovery;
1440 struct inquiry_entry *e;
1441
1442 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1443 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1444 name_len, conn->dev_class);
b644ba33
JH		 1445
1446 if (discov->state == DISCOVERY_STOPPED)
1447 return;
1448
30dc78e1
JH		 1449 if (discov->state == DISCOVERY_STOPPING)
1450 goto discov_complete;
1451
1452 if (discov->state != DISCOVERY_RESOLVING)
1453 return;
1454
1455 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1456 /* If the device was not found in a list of found devices names of which
1457 * are pending. there is no need to continue resolving a next name as it
1458 * will be done upon receiving another Remote Name Request Complete
1459 * Event */
1460 if (!e)
1461 return;
1462
1463 list_del(&e->list);
1464 if (name) {
30dc78e1 1465 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1466 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1467 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1468 } else {
1469 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1470 }
1471
b644ba33 1472 if (hci_resolve_next_name(hdev))
30dc78e1 1473 return;
30dc78e1
JH		 1474
1475discov_complete:
1476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1477}
1478
a9de9248
MH		 1479static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1480{
127178d2
JH		 1481 struct hci_cp_remote_name_req *cp;
1482 struct hci_conn *conn;
1483
9f1db00c 1484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1485
1486 /* If successful wait for the name req complete event before
1487 * checking for the need to do authentication */
1488 if (!status)
1489 return;
1490
1491 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1492 if (!cp)
1493 return;
1494
1495 hci_dev_lock(hdev);
1496
b644ba33
JH		 1497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1498
a8b2d5c2 1499 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1500 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1501
79c6c70c
JH		 1502 if (!conn)
1503 goto unlock;
1504
1505 if (!hci_outgoing_auth_needed(hdev, conn))
1506 goto unlock;
1507
51a8efd7 1508 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1509 struct hci_cp_auth_requested cp;
1510 cp.handle = __cpu_to_le16(conn->handle);
1511 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1512 }
1513
79c6c70c 1514unlock:
127178d2 1515 hci_dev_unlock(hdev);
a9de9248 1516}
1da177e4 1517
769be974
MH		 1518static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1519{
1520 struct hci_cp_read_remote_features *cp;
1521 struct hci_conn *conn;
1522
9f1db00c 1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1524
1525 if (!status)
1526 return;
1527
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1529 if (!cp)
1530 return;
1531
1532 hci_dev_lock(hdev);
1533
1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1535 if (conn) {
1536 if (conn->state == BT_CONFIG) {
769be974
MH		 1537 hci_proto_connect_cfm(conn, status);
1538 hci_conn_put(conn);
1539 }
1540 }
1541
1542 hci_dev_unlock(hdev);
1543}
1544
1545static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1546{
1547 struct hci_cp_read_remote_ext_features *cp;
1548 struct hci_conn *conn;
1549
9f1db00c 1550 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1551
1552 if (!status)
1553 return;
1554
1555 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1556 if (!cp)
1557 return;
1558
1559 hci_dev_lock(hdev);
1560
1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1562 if (conn) {
1563 if (conn->state == BT_CONFIG) {
769be974
MH		 1564 hci_proto_connect_cfm(conn, status);
1565 hci_conn_put(conn);
1566 }
1567 }
1568
1569 hci_dev_unlock(hdev);
1570}
1571
a9de9248
MH		 1572static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1573{
b6a0dc82
MH		 1574 struct hci_cp_setup_sync_conn *cp;
1575 struct hci_conn *acl, *sco;
1576 __u16 handle;
1577
9f1db00c 1578 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1579
1580 if (!status)
1581 return;
1582
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1584 if (!cp)
1585 return;
1586
1587 handle = __le16_to_cpu(cp->handle);
1588
9f1db00c 1589 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1590
1591 hci_dev_lock(hdev);
1592
1593 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1594 if (acl) {
1595 sco = acl->link;
1596 if (sco) {
1597 sco->state = BT_CLOSED;
b6a0dc82 1598
5a08ecce
AE		 1599 hci_proto_connect_cfm(sco, status);
1600 hci_conn_del(sco);
1601 }
b6a0dc82
MH		 1602 }
1603
1604 hci_dev_unlock(hdev);
1da177e4
LT		 1605}
1606
a9de9248 1607static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1608{
a9de9248
MH		 1609 struct hci_cp_sniff_mode *cp;
1610 struct hci_conn *conn;
1da177e4 1611
9f1db00c 1612 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1613
a9de9248
MH		 1614 if (!status)
1615 return;
04837f64 1616
a9de9248
MH		 1617 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1618 if (!cp)
1619 return;
04837f64 1620
a9de9248 1621 hci_dev_lock(hdev);
04837f64 1622
a9de9248 1623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1624 if (conn) {
51a8efd7 1625 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1626
51a8efd7 1627 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1628 hci_sco_setup(conn, status);
1629 }
1630
a9de9248
MH		 1631 hci_dev_unlock(hdev);
1632}
04837f64 1633
a9de9248
MH		 1634static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1635{
1636 struct hci_cp_exit_sniff_mode *cp;
1637 struct hci_conn *conn;
04837f64 1638
9f1db00c 1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1640
a9de9248
MH		 1641 if (!status)
1642 return;
04837f64 1643
a9de9248
MH		 1644 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1645 if (!cp)
1646 return;
04837f64 1647
a9de9248 1648 hci_dev_lock(hdev);
1da177e4 1649
a9de9248 1650 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1651 if (conn) {
51a8efd7 1652 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1653
51a8efd7 1654 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1655 hci_sco_setup(conn, status);
1656 }
1657
a9de9248 1658 hci_dev_unlock(hdev);
1da177e4
LT		 1659}
1660
88c3df13
JH		 1661static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1662{
1663 struct hci_cp_disconnect *cp;
1664 struct hci_conn *conn;
1665
1666 if (!status)
1667 return;
1668
1669 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1670 if (!cp)
1671 return;
1672
1673 hci_dev_lock(hdev);
1674
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1676 if (conn)
1677 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1678 conn->dst_type, status);
88c3df13
JH		 1679
1680 hci_dev_unlock(hdev);
1681}
1682
fcd89c09
VT		 1683static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1684{
fcd89c09
VT		 1685 struct hci_conn *conn;
1686
9f1db00c 1687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1688
f00a06ac
AG		 1689 if (status) {
1690 hci_dev_lock(hdev);
fcd89c09 1691
0c95ab78 1692 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1693 if (!conn) {
1694 hci_dev_unlock(hdev);
1695 return;
1696 }
fcd89c09 1697
6ed93dc6 1698 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1699
f00a06ac 1700 conn->state = BT_CLOSED;
0c95ab78 1701 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1702 conn->dst_type, status);
1703 hci_proto_connect_cfm(conn, status);
1704 hci_conn_del(conn);
fcd89c09 1705
f00a06ac
AG		 1706 hci_dev_unlock(hdev);
1707 }
fcd89c09
VT		 1708}
1709
a7a595f6
VCG		 1710static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1711{
9f1db00c 1712 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1713}
1714
a02226d6
AE		 1715static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1716{
93c284ee
AE		 1717 struct hci_cp_create_phy_link *cp;
1718
a02226d6 1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee
AE		 1720
1721 if (status)
1722 return;
1723
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1725 if (!cp)
1726 return;
1727
1728 amp_write_remote_assoc(hdev, cp->phy_handle);
a02226d6
AE		 1729}
1730
0b26ab9d
AE		 1731static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1732{
1733 struct hci_cp_accept_phy_link *cp;
1734
1735 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1736
1737 if (status)
1738 return;
1739
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1741 if (!cp)
1742 return;
1743
1744 amp_write_remote_assoc(hdev, cp->phy_handle);
1745}
1746
6039aa73 1747static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1748{
1749 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1750 struct discovery_state *discov = &hdev->discovery;
1751 struct inquiry_entry *e;
1da177e4 1752
9f1db00c 1753 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1754
23bb5763 1755 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1756
a9de9248 1757 hci_conn_check_pending(hdev);
89352e7d
AG		 1758
1759 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1760 return;
1761
a8b2d5c2 1762 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1763 return;
1764
56e5cb86 1765 hci_dev_lock(hdev);
30dc78e1 1766
343f935b 1767 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1768 goto unlock;
1769
1770 if (list_empty(&discov->resolve)) {
1771 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1772 goto unlock;
1773 }
1774
1775 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1776 if (e && hci_resolve_name(hdev, e) == 0) {
1777 e->name_state = NAME_PENDING;
1778 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1779 } else {
1780 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1781 }
1782
1783unlock:
56e5cb86 1784 hci_dev_unlock(hdev);
1da177e4
LT		 1785}
1786
6039aa73 1787static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1788{
45bb4bf0 1789 struct inquiry_data data;
a9de9248 1790 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1791 int num_rsp = *((__u8 *) skb->data);
1792
1793 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1794
45bb4bf0
MH		 1795 if (!num_rsp)
1796 return;
1797
1519cc17
AG		 1798 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1799 return;
1800
1da177e4 1801 hci_dev_lock(hdev);
45bb4bf0 1802
e17acd40 1803 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1804 bool name_known, ssp;
3175405b 1805
1da177e4
LT		 1806 bacpy(&data.bdaddr, &info->bdaddr);
1807 data.pscan_rep_mode = info->pscan_rep_mode;
1808 data.pscan_period_mode = info->pscan_period_mode;
1809 data.pscan_mode = info->pscan_mode;
1810 memcpy(data.dev_class, info->dev_class, 3);
1811 data.clock_offset = info->clock_offset;
1812 data.rssi = 0x00;
41a96212 1813 data.ssp_mode = 0x00;
3175405b 1814
388fc8fa 1815 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1816 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1817 info->dev_class, 0, !name_known, ssp, NULL,
1818 0);
1da177e4 1819 }
45bb4bf0 1820
1da177e4
LT		 1821 hci_dev_unlock(hdev);
1822}
1823
6039aa73 1824static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1825{
a9de9248
MH		 1826 struct hci_ev_conn_complete *ev = (void *) skb->data;
1827 struct hci_conn *conn;
1da177e4
LT		 1828
1829 BT_DBG("%s", hdev->name);
1830
1831 hci_dev_lock(hdev);
1832
1833 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1834 if (!conn) {
1835 if (ev->link_type != SCO_LINK)
1836 goto unlock;
1837
1838 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1839 if (!conn)
1840 goto unlock;
1841
1842 conn->type = SCO_LINK;
1843 }
1da177e4
LT		 1844
1845 if (!ev->status) {
1846 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1847
1848 if (conn->type == ACL_LINK) {
1849 conn->state = BT_CONFIG;
1850 hci_conn_hold(conn);
a9ea3ed9
SJ		 1851
1852 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1853 !hci_find_link_key(hdev, &ev->bdaddr))
1854 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1855 else
1856 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1857 } else
1858 conn->state = BT_CONNECTED;
1da177e4 1859
9eba32b8 1860 hci_conn_hold_device(conn);
7d0db0a3
MH		 1861 hci_conn_add_sysfs(conn);
1862
1da177e4
LT		 1863 if (test_bit(HCI_AUTH, &hdev->flags))
1864 conn->link_mode |= HCI_LM_AUTH;
1865
1866 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1867 conn->link_mode |= HCI_LM_ENCRYPT;
1868
04837f64
MH		 1869 /* Get remote features */
1870 if (conn->type == ACL_LINK) {
1871 struct hci_cp_read_remote_features cp;
1872 cp.handle = ev->handle;
769be974 1873 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1874 sizeof(cp), &cp);
04837f64
MH		 1875 }
1876
1da177e4 1877 /* Set packet type for incoming connection */
d095c1eb 1878 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1879 struct hci_cp_change_conn_ptype cp;
1880 cp.handle = ev->handle;
a8746417 1881 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1882 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1883 &cp);
1da177e4 1884 }
17d5c04c 1885 } else {
1da177e4 1886 conn->state = BT_CLOSED;
17d5c04c 1887 if (conn->type == ACL_LINK)
744cf19e 1888 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1889 conn->dst_type, ev->status);
17d5c04c 1890 }
1da177e4 1891
e73439d8
MH		 1892 if (conn->type == ACL_LINK)
1893 hci_sco_setup(conn, ev->status);
1da177e4 1894
769be974
MH		 1895 if (ev->status) {
1896 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1897 hci_conn_del(conn);
c89b6e6b
MH		 1898 } else if (ev->link_type != ACL_LINK)
1899 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1900
a9de9248 1901unlock:
1da177e4 1902 hci_dev_unlock(hdev);
1da177e4 1903
a9de9248 1904 hci_conn_check_pending(hdev);
1da177e4
LT		 1905}
1906
6039aa73 1907static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1908{
a9de9248
MH		 1909 struct hci_ev_conn_request *ev = (void *) skb->data;
1910 int mask = hdev->link_mode;
1da177e4 1911
6ed93dc6 1912 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1913 ev->link_type);
1da177e4 1914
a9de9248 1915 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1916
138d22ef 1917 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1918 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1919 /* Connection accepted */
c7bdd502 1920 struct inquiry_entry *ie;
1da177e4 1921 struct hci_conn *conn;
1da177e4 1922
a9de9248 1923 hci_dev_lock(hdev);
b6a0dc82 1924
cc11b9c1
AE		 1925 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1926 if (ie)
c7bdd502
MH		 1927 memcpy(ie->data.dev_class, ev->dev_class, 3);
1928
8fc9ced3
GP		 1929 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1930 &ev->bdaddr);
a9de9248 1931 if (!conn) {
cc11b9c1
AE		 1932 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1933 if (!conn) {
893ef971 1934 BT_ERR("No memory for new connection");
a9de9248
MH		 1935 hci_dev_unlock(hdev);
1936 return;
1da177e4
LT		 1937 }
1938 }
b6a0dc82 1939
a9de9248
MH		 1940 memcpy(conn->dev_class, ev->dev_class, 3);
1941 conn->state = BT_CONNECT;
b6a0dc82 1942
a9de9248 1943 hci_dev_unlock(hdev);
1da177e4 1944
b6a0dc82
MH		 1945 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1946 struct hci_cp_accept_conn_req cp;
1da177e4 1947
b6a0dc82
MH		 1948 bacpy(&cp.bdaddr, &ev->bdaddr);
1949
1950 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1951 cp.role = 0x00; /* Become master */
1952 else
1953 cp.role = 0x01; /* Remain slave */
1954
04124681
GP		 1955 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1956 &cp);
b6a0dc82
MH		 1957 } else {
1958 struct hci_cp_accept_sync_conn_req cp;
1959
1960 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1961 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1962
82781e63
AE		 1963 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1964 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1965 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1966 cp.content_format = cpu_to_le16(hdev->voice_setting);
1967 cp.retrans_effort = 0xff;
1da177e4 1968
b6a0dc82 1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1970 sizeof(cp), &cp);
b6a0dc82 1971 }
a9de9248
MH		 1972 } else {
1973 /* Connection rejected */
1974 struct hci_cp_reject_conn_req cp;
1da177e4 1975
a9de9248 1976 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1977 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1978 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1979 }
1da177e4
LT		 1980}
1981
f0d6a0ea
MA		 1982static u8 hci_to_mgmt_reason(u8 err)
1983{
1984 switch (err) {
1985 case HCI_ERROR_CONNECTION_TIMEOUT:
1986 return MGMT_DEV_DISCONN_TIMEOUT;
1987 case HCI_ERROR_REMOTE_USER_TERM:
1988 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1989 case HCI_ERROR_REMOTE_POWER_OFF:
1990 return MGMT_DEV_DISCONN_REMOTE;
1991 case HCI_ERROR_LOCAL_HOST_TERM:
1992 return MGMT_DEV_DISCONN_LOCAL_HOST;
1993 default:
1994 return MGMT_DEV_DISCONN_UNKNOWN;
1995 }
1996}
1997
6039aa73 1998static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1999{
a9de9248 2000 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2001 struct hci_conn *conn;
2002
9f1db00c 2003 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2004
2005 hci_dev_lock(hdev);
2006
2007 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2008 if (!conn)
2009 goto unlock;
7d0db0a3 2010
37d9ef76
JH		 2011 if (ev->status == 0)
2012 conn->state = BT_CLOSED;
04837f64 2013
b644ba33 2014 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2015 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2016 if (ev->status) {
88c3df13 2017 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2018 conn->dst_type, ev->status);
f0d6a0ea
MA		 2019 } else {
2020 u8 reason = hci_to_mgmt_reason(ev->reason);
2021
afc747a6 2022 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2023 conn->dst_type, reason);
2024 }
37d9ef76 2025 }
f7520543 2026
37d9ef76 2027 if (ev->status == 0) {
6ec5bcad
VA		 2028 if (conn->type == ACL_LINK && conn->flush_key)
2029 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2030 hci_proto_disconn_cfm(conn, ev->reason);
2031 hci_conn_del(conn);
2032 }
f7520543
JH		 2033
2034unlock:
04837f64
MH		 2035 hci_dev_unlock(hdev);
2036}
2037
6039aa73 2038static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2039{
a9de9248 2040 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2041 struct hci_conn *conn;
1da177e4 2042
9f1db00c 2043 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2044
2045 hci_dev_lock(hdev);
2046
04837f64 2047 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2048 if (!conn)
2049 goto unlock;
2050
2051 if (!ev->status) {
aa64a8b5 2052 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2053 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2054 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2055 } else {
d7556e20
WR		 2056 conn->link_mode |= HCI_LM_AUTH;
2057 conn->sec_level = conn->pending_sec_level;
2a611692 2058 }
d7556e20 2059 } else {
bab73cb6 2060 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2061 ev->status);
d7556e20 2062 }
1da177e4 2063
51a8efd7
JH		 2064 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2065 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2066
d7556e20 2067 if (conn->state == BT_CONFIG) {
aa64a8b5 2068 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2069 struct hci_cp_set_conn_encrypt cp;
2070 cp.handle = ev->handle;
2071 cp.encrypt = 0x01;
2072 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2073 &cp);
052b30b0 2074 } else {
d7556e20
WR		 2075 conn->state = BT_CONNECTED;
2076 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2077 hci_conn_put(conn);
2078 }
d7556e20
WR		 2079 } else {
2080 hci_auth_cfm(conn, ev->status);
052b30b0 2081
d7556e20
WR		 2082 hci_conn_hold(conn);
2083 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2084 hci_conn_put(conn);
2085 }
2086
51a8efd7 2087 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2088 if (!ev->status) {
2089 struct hci_cp_set_conn_encrypt cp;
2090 cp.handle = ev->handle;
2091 cp.encrypt = 0x01;
2092 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2093 &cp);
d7556e20 2094 } else {
51a8efd7 2095 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2096 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2097 }
2098 }
2099
d7556e20 2100unlock:
1da177e4
LT		 2101 hci_dev_unlock(hdev);
2102}
2103
6039aa73 2104static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2105{
127178d2
JH		 2106 struct hci_ev_remote_name *ev = (void *) skb->data;
2107 struct hci_conn *conn;
2108
a9de9248 2109 BT_DBG("%s", hdev->name);
1da177e4 2110
a9de9248 2111 hci_conn_check_pending(hdev);
127178d2
JH		 2112
2113 hci_dev_lock(hdev);
2114
b644ba33 2115 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2116
b644ba33
JH		 2117 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2118 goto check_auth;
a88a9652 2119
b644ba33
JH		 2120 if (ev->status == 0)
2121 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2122 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2123 else
2124 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2125
2126check_auth:
79c6c70c
JH		 2127 if (!conn)
2128 goto unlock;
2129
2130 if (!hci_outgoing_auth_needed(hdev, conn))
2131 goto unlock;
2132
51a8efd7 2133 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2134 struct hci_cp_auth_requested cp;
2135 cp.handle = __cpu_to_le16(conn->handle);
2136 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2137 }
2138
79c6c70c 2139unlock:
127178d2 2140 hci_dev_unlock(hdev);
a9de9248
MH		 2141}
2142
6039aa73 2143static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2144{
2145 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2146 struct hci_conn *conn;
2147
9f1db00c 2148 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2149
2150 hci_dev_lock(hdev);
2151
04837f64 2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2153 if (conn) {
2154 if (!ev->status) {
ae293196
MH		 2155 if (ev->encrypt) {
2156 /* Encryption implies authentication */
2157 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2158 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2159 conn->sec_level = conn->pending_sec_level;
ae293196 2160 } else
1da177e4
LT		 2161 conn->link_mode &= ~HCI_LM_ENCRYPT;
2162 }
2163
51a8efd7 2164 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2165
a7d7723a 2166 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2167 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2168 hci_conn_put(conn);
2169 goto unlock;
2170 }
2171
f8558555
MH		 2172 if (conn->state == BT_CONFIG) {
2173 if (!ev->status)
2174 conn->state = BT_CONNECTED;
2175
2176 hci_proto_connect_cfm(conn, ev->status);
2177 hci_conn_put(conn);
2178 } else
2179 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2180 }
2181
a7d7723a 2182unlock:
1da177e4
LT		 2183 hci_dev_unlock(hdev);
2184}
2185
6039aa73
GP		 2186static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2187 struct sk_buff *skb)
1da177e4 2188{
a9de9248 2189 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2190 struct hci_conn *conn;
1da177e4 2191
9f1db00c 2192 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2193
2194 hci_dev_lock(hdev);
2195
04837f64 2196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2197 if (conn) {
2198 if (!ev->status)
2199 conn->link_mode |= HCI_LM_SECURE;
2200
51a8efd7 2201 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2202
2203 hci_key_change_cfm(conn, ev->status);
2204 }
2205
2206 hci_dev_unlock(hdev);
2207}
2208
6039aa73
GP		 2209static void hci_remote_features_evt(struct hci_dev *hdev,
2210 struct sk_buff *skb)
1da177e4 2211{
a9de9248
MH		 2212 struct hci_ev_remote_features *ev = (void *) skb->data;
2213 struct hci_conn *conn;
2214
9f1db00c 2215 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2216
a9de9248
MH		 2217 hci_dev_lock(hdev);
2218
2219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2220 if (!conn)
2221 goto unlock;
769be974 2222
ccd556fe
JH		 2223 if (!ev->status)
2224 memcpy(conn->features, ev->features, 8);
2225
2226 if (conn->state != BT_CONFIG)
2227 goto unlock;
2228
2229 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2230 struct hci_cp_read_remote_ext_features cp;
2231 cp.handle = ev->handle;
2232 cp.page = 0x01;
2233 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2234 sizeof(cp), &cp);
392599b9
JH		 2235 goto unlock;
2236 }
2237
671267bf 2238 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2239 struct hci_cp_remote_name_req cp;
2240 memset(&cp, 0, sizeof(cp));
2241 bacpy(&cp.bdaddr, &conn->dst);
2242 cp.pscan_rep_mode = 0x02;
2243 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2244 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2245 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2246 conn->dst_type, 0, NULL, 0,
2247 conn->dev_class);
392599b9 2248
127178d2 2249 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2250 conn->state = BT_CONNECTED;
2251 hci_proto_connect_cfm(conn, ev->status);
2252 hci_conn_put(conn);
769be974 2253 }
a9de9248 2254
ccd556fe 2255unlock:
a9de9248 2256 hci_dev_unlock(hdev);
1da177e4
LT		 2257}
2258
6039aa73 2259static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2260{
a9de9248 2261 BT_DBG("%s", hdev->name);
1da177e4
LT		 2262}
2263
6039aa73
GP		 2264static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2265 struct sk_buff *skb)
1da177e4 2266{
a9de9248 2267 BT_DBG("%s", hdev->name);
1da177e4
LT		 2268}
2269
6039aa73 2270static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2271{
2272 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2273 __u16 opcode;
2274
2275 skb_pull(skb, sizeof(*ev));
2276
2277 opcode = __le16_to_cpu(ev->opcode);
2278
2279 switch (opcode) {
2280 case HCI_OP_INQUIRY_CANCEL:
2281 hci_cc_inquiry_cancel(hdev, skb);
2282 break;
2283
4d93483b
AG		 2284 case HCI_OP_PERIODIC_INQ:
2285 hci_cc_periodic_inq(hdev, skb);
2286 break;
2287
a9de9248
MH		 2288 case HCI_OP_EXIT_PERIODIC_INQ:
2289 hci_cc_exit_periodic_inq(hdev, skb);
2290 break;
2291
2292 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2293 hci_cc_remote_name_req_cancel(hdev, skb);
2294 break;
2295
2296 case HCI_OP_ROLE_DISCOVERY:
2297 hci_cc_role_discovery(hdev, skb);
2298 break;
2299
e4e8e37c
MH		 2300 case HCI_OP_READ_LINK_POLICY:
2301 hci_cc_read_link_policy(hdev, skb);
2302 break;
2303
a9de9248
MH		 2304 case HCI_OP_WRITE_LINK_POLICY:
2305 hci_cc_write_link_policy(hdev, skb);
2306 break;
2307
e4e8e37c
MH		 2308 case HCI_OP_READ_DEF_LINK_POLICY:
2309 hci_cc_read_def_link_policy(hdev, skb);
2310 break;
2311
2312 case HCI_OP_WRITE_DEF_LINK_POLICY:
2313 hci_cc_write_def_link_policy(hdev, skb);
2314 break;
2315
a9de9248
MH		 2316 case HCI_OP_RESET:
2317 hci_cc_reset(hdev, skb);
2318 break;
2319
2320 case HCI_OP_WRITE_LOCAL_NAME:
2321 hci_cc_write_local_name(hdev, skb);
2322 break;
2323
2324 case HCI_OP_READ_LOCAL_NAME:
2325 hci_cc_read_local_name(hdev, skb);
2326 break;
2327
2328 case HCI_OP_WRITE_AUTH_ENABLE:
2329 hci_cc_write_auth_enable(hdev, skb);
2330 break;
2331
2332 case HCI_OP_WRITE_ENCRYPT_MODE:
2333 hci_cc_write_encrypt_mode(hdev, skb);
2334 break;
2335
2336 case HCI_OP_WRITE_SCAN_ENABLE:
2337 hci_cc_write_scan_enable(hdev, skb);
2338 break;
2339
2340 case HCI_OP_READ_CLASS_OF_DEV:
2341 hci_cc_read_class_of_dev(hdev, skb);
2342 break;
2343
2344 case HCI_OP_WRITE_CLASS_OF_DEV:
2345 hci_cc_write_class_of_dev(hdev, skb);
2346 break;
2347
2348 case HCI_OP_READ_VOICE_SETTING:
2349 hci_cc_read_voice_setting(hdev, skb);
2350 break;
2351
2352 case HCI_OP_WRITE_VOICE_SETTING:
2353 hci_cc_write_voice_setting(hdev, skb);
2354 break;
2355
2356 case HCI_OP_HOST_BUFFER_SIZE:
2357 hci_cc_host_buffer_size(hdev, skb);
2358 break;
2359
333140b5
MH		 2360 case HCI_OP_WRITE_SSP_MODE:
2361 hci_cc_write_ssp_mode(hdev, skb);
2362 break;
2363
a9de9248
MH		 2364 case HCI_OP_READ_LOCAL_VERSION:
2365 hci_cc_read_local_version(hdev, skb);
2366 break;
2367
2368 case HCI_OP_READ_LOCAL_COMMANDS:
2369 hci_cc_read_local_commands(hdev, skb);
2370 break;
2371
2372 case HCI_OP_READ_LOCAL_FEATURES:
2373 hci_cc_read_local_features(hdev, skb);
2374 break;
2375
971e3a4b
AG		 2376 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2377 hci_cc_read_local_ext_features(hdev, skb);
2378 break;
2379
a9de9248
MH		 2380 case HCI_OP_READ_BUFFER_SIZE:
2381 hci_cc_read_buffer_size(hdev, skb);
2382 break;
2383
2384 case HCI_OP_READ_BD_ADDR:
2385 hci_cc_read_bd_addr(hdev, skb);
2386 break;
2387
350ee4cf
AE		 2388 case HCI_OP_READ_DATA_BLOCK_SIZE:
2389 hci_cc_read_data_block_size(hdev, skb);
2390 break;
2391
23bb5763
JH		 2392 case HCI_OP_WRITE_CA_TIMEOUT:
2393 hci_cc_write_ca_timeout(hdev, skb);
2394 break;
2395
1e89cffb
AE		 2396 case HCI_OP_READ_FLOW_CONTROL_MODE:
2397 hci_cc_read_flow_control_mode(hdev, skb);
2398 break;
2399
928abaa7
AE		 2400 case HCI_OP_READ_LOCAL_AMP_INFO:
2401 hci_cc_read_local_amp_info(hdev, skb);
2402 break;
2403
903e4541
AE		 2404 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2405 hci_cc_read_local_amp_assoc(hdev, skb);
2406 break;
2407
b0916ea0
JH		 2408 case HCI_OP_DELETE_STORED_LINK_KEY:
2409 hci_cc_delete_stored_link_key(hdev, skb);
2410 break;
2411
d5859e22
JH		 2412 case HCI_OP_SET_EVENT_MASK:
2413 hci_cc_set_event_mask(hdev, skb);
2414 break;
2415
2416 case HCI_OP_WRITE_INQUIRY_MODE:
2417 hci_cc_write_inquiry_mode(hdev, skb);
2418 break;
2419
2420 case HCI_OP_READ_INQ_RSP_TX_POWER:
2421 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2422 break;
2423
2424 case HCI_OP_SET_EVENT_FLT:
2425 hci_cc_set_event_flt(hdev, skb);
2426 break;
2427
980e1a53
JH		 2428 case HCI_OP_PIN_CODE_REPLY:
2429 hci_cc_pin_code_reply(hdev, skb);
2430 break;
2431
2432 case HCI_OP_PIN_CODE_NEG_REPLY:
2433 hci_cc_pin_code_neg_reply(hdev, skb);
2434 break;
2435
c35938b2
SJ		 2436 case HCI_OP_READ_LOCAL_OOB_DATA:
2437 hci_cc_read_local_oob_data_reply(hdev, skb);
2438 break;
2439
6ed58ec5
VT		 2440 case HCI_OP_LE_READ_BUFFER_SIZE:
2441 hci_cc_le_read_buffer_size(hdev, skb);
2442 break;
2443
a5c29683
JH		 2444 case HCI_OP_USER_CONFIRM_REPLY:
2445 hci_cc_user_confirm_reply(hdev, skb);
2446 break;
2447
2448 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2449 hci_cc_user_confirm_neg_reply(hdev, skb);
2450 break;
2451
1143d458
BG		 2452 case HCI_OP_USER_PASSKEY_REPLY:
2453 hci_cc_user_passkey_reply(hdev, skb);
2454 break;
2455
2456 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2457 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2458 break;
07f7fa5d
AG		 2459
2460 case HCI_OP_LE_SET_SCAN_PARAM:
2461 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2462 break;
2463
eb9d91f5
AG		 2464 case HCI_OP_LE_SET_SCAN_ENABLE:
2465 hci_cc_le_set_scan_enable(hdev, skb);
2466 break;
2467
a7a595f6
VCG		 2468 case HCI_OP_LE_LTK_REPLY:
2469 hci_cc_le_ltk_reply(hdev, skb);
2470 break;
2471
2472 case HCI_OP_LE_LTK_NEG_REPLY:
2473 hci_cc_le_ltk_neg_reply(hdev, skb);
2474 break;
2475
f9b49306
AG		 2476 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2477 hci_cc_write_le_host_supported(hdev, skb);
2478 break;
2479
93c284ee
AE		 2480 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2481 hci_cc_write_remote_amp_assoc(hdev, skb);
2482 break;
2483
a9de9248 2484 default:
9f1db00c 2485 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2486 break;
2487 }
2488
6bd32326
VT		 2489 if (ev->opcode != HCI_OP_NOP)
2490 del_timer(&hdev->cmd_timer);
2491
a9de9248
MH		 2492 if (ev->ncmd) {
2493 atomic_set(&hdev->cmd_cnt, 1);
2494 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2495 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2496 }
2497}
2498
6039aa73 2499static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2500{
2501 struct hci_ev_cmd_status *ev = (void *) skb->data;
2502 __u16 opcode;
2503
2504 skb_pull(skb, sizeof(*ev));
2505
2506 opcode = __le16_to_cpu(ev->opcode);
2507
2508 switch (opcode) {
2509 case HCI_OP_INQUIRY:
2510 hci_cs_inquiry(hdev, ev->status);
2511 break;
2512
2513 case HCI_OP_CREATE_CONN:
2514 hci_cs_create_conn(hdev, ev->status);
2515 break;
2516
2517 case HCI_OP_ADD_SCO:
2518 hci_cs_add_sco(hdev, ev->status);
2519 break;
2520
f8558555
MH		 2521 case HCI_OP_AUTH_REQUESTED:
2522 hci_cs_auth_requested(hdev, ev->status);
2523 break;
2524
2525 case HCI_OP_SET_CONN_ENCRYPT:
2526 hci_cs_set_conn_encrypt(hdev, ev->status);
2527 break;
2528
a9de9248
MH		 2529 case HCI_OP_REMOTE_NAME_REQ:
2530 hci_cs_remote_name_req(hdev, ev->status);
2531 break;
2532
769be974
MH		 2533 case HCI_OP_READ_REMOTE_FEATURES:
2534 hci_cs_read_remote_features(hdev, ev->status);
2535 break;
2536
2537 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2538 hci_cs_read_remote_ext_features(hdev, ev->status);
2539 break;
2540
a9de9248
MH		 2541 case HCI_OP_SETUP_SYNC_CONN:
2542 hci_cs_setup_sync_conn(hdev, ev->status);
2543 break;
2544
2545 case HCI_OP_SNIFF_MODE:
2546 hci_cs_sniff_mode(hdev, ev->status);
2547 break;
2548
2549 case HCI_OP_EXIT_SNIFF_MODE:
2550 hci_cs_exit_sniff_mode(hdev, ev->status);
2551 break;
2552
8962ee74 2553 case HCI_OP_DISCONNECT:
88c3df13 2554 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2555 break;
2556
fcd89c09
VT		 2557 case HCI_OP_LE_CREATE_CONN:
2558 hci_cs_le_create_conn(hdev, ev->status);
2559 break;
2560
a7a595f6
VCG		 2561 case HCI_OP_LE_START_ENC:
2562 hci_cs_le_start_enc(hdev, ev->status);
2563 break;
2564
a02226d6
AE		 2565 case HCI_OP_CREATE_PHY_LINK:
2566 hci_cs_create_phylink(hdev, ev->status);
2567 break;
2568
0b26ab9d
AE		 2569 case HCI_OP_ACCEPT_PHY_LINK:
2570 hci_cs_accept_phylink(hdev, ev->status);
2571 break;
2572
a9de9248 2573 default:
9f1db00c 2574 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2575 break;
2576 }
2577
6bd32326
VT		 2578 if (ev->opcode != HCI_OP_NOP)
2579 del_timer(&hdev->cmd_timer);
2580
10572132 2581 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2582 atomic_set(&hdev->cmd_cnt, 1);
2583 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2584 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2585 }
2586}
2587
6039aa73 2588static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2589{
2590 struct hci_ev_role_change *ev = (void *) skb->data;
2591 struct hci_conn *conn;
2592
9f1db00c 2593 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2594
2595 hci_dev_lock(hdev);
2596
2597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2598 if (conn) {
2599 if (!ev->status) {
2600 if (ev->role)
2601 conn->link_mode &= ~HCI_LM_MASTER;
2602 else
2603 conn->link_mode |= HCI_LM_MASTER;
2604 }
2605
51a8efd7 2606 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2607
2608 hci_role_switch_cfm(conn, ev->status, ev->role);
2609 }
2610
2611 hci_dev_unlock(hdev);
2612}
2613
6039aa73 2614static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2615{
2616 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2617 int i;
2618
32ac5b9b
AE		 2619 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2620 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2621 return;
2622 }
2623
c5993de8 2624 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2625 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2626 BT_DBG("%s bad parameters", hdev->name);
2627 return;
2628 }
2629
c5993de8
AE		 2630 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2631
613a1c0c
AE		 2632 for (i = 0; i < ev->num_hndl; i++) {
2633 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2634 struct hci_conn *conn;
2635 __u16 handle, count;
2636
613a1c0c
AE		 2637 handle = __le16_to_cpu(info->handle);
2638 count = __le16_to_cpu(info->count);
a9de9248
MH		 2639
2640 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2641 if (!conn)
2642 continue;
2643
2644 conn->sent -= count;
2645
2646 switch (conn->type) {
2647 case ACL_LINK:
2648 hdev->acl_cnt += count;
2649 if (hdev->acl_cnt > hdev->acl_pkts)
2650 hdev->acl_cnt = hdev->acl_pkts;
2651 break;
2652
2653 case LE_LINK:
2654 if (hdev->le_pkts) {
2655 hdev->le_cnt += count;
2656 if (hdev->le_cnt > hdev->le_pkts)
2657 hdev->le_cnt = hdev->le_pkts;
2658 } else {
70f23020
AE		 2659 hdev->acl_cnt += count;
2660 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2661 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2662 }
f4280918
AE		 2663 break;
2664
2665 case SCO_LINK:
2666 hdev->sco_cnt += count;
2667 if (hdev->sco_cnt > hdev->sco_pkts)
2668 hdev->sco_cnt = hdev->sco_pkts;
2669 break;
2670
2671 default:
2672 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2673 break;
a9de9248
MH		 2674 }
2675 }
2676
3eff45ea 2677 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2678}
2679
6039aa73 2680static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2681{
2682 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2683 int i;
2684
2685 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2686 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2687 return;
2688 }
2689
2690 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2691 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2692 BT_DBG("%s bad parameters", hdev->name);
2693 return;
2694 }
2695
2696 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2697 ev->num_hndl);
25e89e99
AE		 2698
2699 for (i = 0; i < ev->num_hndl; i++) {
2700 struct hci_comp_blocks_info *info = &ev->handles[i];
2701 struct hci_conn *conn;
2702 __u16 handle, block_count;
2703
2704 handle = __le16_to_cpu(info->handle);
2705 block_count = __le16_to_cpu(info->blocks);
2706
2707 conn = hci_conn_hash_lookup_handle(hdev, handle);
2708 if (!conn)
2709 continue;
2710
2711 conn->sent -= block_count;
2712
2713 switch (conn->type) {
2714 case ACL_LINK:
2715 hdev->block_cnt += block_count;
2716 if (hdev->block_cnt > hdev->num_blocks)
2717 hdev->block_cnt = hdev->num_blocks;
2718 break;
2719
2720 default:
2721 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2722 break;
2723 }
2724 }
2725
2726 queue_work(hdev->workqueue, &hdev->tx_work);
2727}
2728
6039aa73 2729static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2730{
a9de9248 2731 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2732 struct hci_conn *conn;
2733
9f1db00c 2734 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2735
2736 hci_dev_lock(hdev);
2737
2738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2739 if (conn) {
2740 conn->mode = ev->mode;
2741 conn->interval = __le16_to_cpu(ev->interval);
2742
8fc9ced3
GP		 2743 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2744 &conn->flags)) {
a9de9248 2745 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2746 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2747 else
58a681ef 2748 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2749 }
e73439d8 2750
51a8efd7 2751 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2752 hci_sco_setup(conn, ev->status);
04837f64
MH		 2753 }
2754
2755 hci_dev_unlock(hdev);
2756}
2757
6039aa73 2758static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2759{
052b30b0
MH		 2760 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2761 struct hci_conn *conn;
2762
a9de9248 2763 BT_DBG("%s", hdev->name);
052b30b0
MH		 2764
2765 hci_dev_lock(hdev);
2766
2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2768 if (!conn)
2769 goto unlock;
2770
2771 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2772 hci_conn_hold(conn);
2773 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2774 hci_conn_put(conn);
2775 }
2776
a8b2d5c2 2777 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2778 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2779 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2780 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2781 u8 secure;
2782
2783 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2784 secure = 1;
2785 else
2786 secure = 0;
2787
744cf19e 2788 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2789 }
980e1a53 2790
b6f98044 2791unlock:
052b30b0 2792 hci_dev_unlock(hdev);
a9de9248
MH		 2793}
2794
6039aa73 2795static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2796{
55ed8ca1
JH		 2797 struct hci_ev_link_key_req *ev = (void *) skb->data;
2798 struct hci_cp_link_key_reply cp;
2799 struct hci_conn *conn;
2800 struct link_key *key;
2801
a9de9248 2802 BT_DBG("%s", hdev->name);
55ed8ca1 2803
a8b2d5c2 2804 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2805 return;
2806
2807 hci_dev_lock(hdev);
2808
2809 key = hci_find_link_key(hdev, &ev->bdaddr);
2810 if (!key) {
6ed93dc6
AE		 2811 BT_DBG("%s link key not found for %pMR", hdev->name,
2812 &ev->bdaddr);
55ed8ca1
JH		 2813 goto not_found;
2814 }
2815
6ed93dc6
AE		 2816 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2817 &ev->bdaddr);
55ed8ca1 2818
a8b2d5c2 2819 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2820 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2821 BT_DBG("%s ignoring debug key", hdev->name);
2822 goto not_found;
2823 }
2824
2825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2826 if (conn) {
2827 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2828 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2829 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2830 goto not_found;
2831 }
55ed8ca1 2832
60b83f57 2833 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2834 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2835 BT_DBG("%s ignoring key unauthenticated for high security",
2836 hdev->name);
60b83f57
WR		 2837 goto not_found;
2838 }
2839
2840 conn->key_type = key->type;
2841 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2842 }
2843
2844 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2845 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2846
2847 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2848
2849 hci_dev_unlock(hdev);
2850
2851 return;
2852
2853not_found:
2854 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2855 hci_dev_unlock(hdev);
a9de9248
MH		 2856}
2857
6039aa73 2858static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2859{
052b30b0
MH		 2860 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2861 struct hci_conn *conn;
55ed8ca1 2862 u8 pin_len = 0;
052b30b0 2863
a9de9248 2864 BT_DBG("%s", hdev->name);
052b30b0
MH		 2865
2866 hci_dev_lock(hdev);
2867
2868 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2869 if (conn) {
2870 hci_conn_hold(conn);
2871 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2872 pin_len = conn->pin_length;
13d39315
WR		 2873
2874 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2875 conn->key_type = ev->key_type;
2876
052b30b0
MH		 2877 hci_conn_put(conn);
2878 }
2879
a8b2d5c2 2880 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2881 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2882 ev->key_type, pin_len);
55ed8ca1 2883
052b30b0 2884 hci_dev_unlock(hdev);
a9de9248
MH		 2885}
2886
6039aa73 2887static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2888{
a9de9248 2889 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2890 struct hci_conn *conn;
1da177e4 2891
9f1db00c 2892 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2893
2894 hci_dev_lock(hdev);
2895
04837f64 2896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2897 if (conn && !ev->status) {
2898 struct inquiry_entry *ie;
2899
cc11b9c1
AE		 2900 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2901 if (ie) {
1da177e4
LT		 2902 ie->data.clock_offset = ev->clock_offset;
2903 ie->timestamp = jiffies;
2904 }
2905 }
2906
2907 hci_dev_unlock(hdev);
2908}
2909
6039aa73 2910static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2911{
2912 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2913 struct hci_conn *conn;
2914
9f1db00c 2915 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2916
2917 hci_dev_lock(hdev);
2918
2919 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2920 if (conn && !ev->status)
2921 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2922
2923 hci_dev_unlock(hdev);
2924}
2925
6039aa73 2926static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2927{
a9de9248 2928 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2929 struct inquiry_entry *ie;
2930
2931 BT_DBG("%s", hdev->name);
2932
2933 hci_dev_lock(hdev);
2934
cc11b9c1
AE		 2935 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2936 if (ie) {
85a1e930
MH		 2937 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2938 ie->timestamp = jiffies;
2939 }
2940
2941 hci_dev_unlock(hdev);
2942}
2943
6039aa73
GP		 2944static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2945 struct sk_buff *skb)
a9de9248
MH		 2946{
2947 struct inquiry_data data;
2948 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2949 bool name_known, ssp;
a9de9248
MH		 2950
2951 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2952
2953 if (!num_rsp)
2954 return;
2955
1519cc17
AG		 2956 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2957 return;
2958
a9de9248
MH		 2959 hci_dev_lock(hdev);
2960
2961 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2962 struct inquiry_info_with_rssi_and_pscan_mode *info;
2963 info = (void *) (skb->data + 1);
a9de9248 2964
e17acd40 2965 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2966 bacpy(&data.bdaddr, &info->bdaddr);
2967 data.pscan_rep_mode = info->pscan_rep_mode;
2968 data.pscan_period_mode = info->pscan_period_mode;
2969 data.pscan_mode = info->pscan_mode;
2970 memcpy(data.dev_class, info->dev_class, 3);
2971 data.clock_offset = info->clock_offset;
2972 data.rssi = info->rssi;
41a96212 2973 data.ssp_mode = 0x00;
3175405b
JH		 2974
2975 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2976 false, &ssp);
48264f06 2977 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2978 info->dev_class, info->rssi,
2979 !name_known, ssp, NULL, 0);
a9de9248
MH		 2980 }
2981 } else {
2982 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2983
e17acd40 2984 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2985 bacpy(&data.bdaddr, &info->bdaddr);
2986 data.pscan_rep_mode = info->pscan_rep_mode;
2987 data.pscan_period_mode = info->pscan_period_mode;
2988 data.pscan_mode = 0x00;
2989 memcpy(data.dev_class, info->dev_class, 3);
2990 data.clock_offset = info->clock_offset;
2991 data.rssi = info->rssi;
41a96212 2992 data.ssp_mode = 0x00;
3175405b 2993 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2994 false, &ssp);
48264f06 2995 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2996 info->dev_class, info->rssi,
2997 !name_known, ssp, NULL, 0);
a9de9248
MH		 2998 }
2999 }
3000
3001 hci_dev_unlock(hdev);
3002}
3003
6039aa73
GP		 3004static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3005 struct sk_buff *skb)
a9de9248 3006{
41a96212
MH		 3007 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3008 struct hci_conn *conn;
3009
a9de9248 3010 BT_DBG("%s", hdev->name);
41a96212 3011
41a96212
MH		 3012 hci_dev_lock(hdev);
3013
3014 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3015 if (!conn)
3016 goto unlock;
41a96212 3017
ccd556fe
JH		 3018 if (!ev->status && ev->page == 0x01) {
3019 struct inquiry_entry *ie;
41a96212 3020
cc11b9c1
AE		 3021 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3022 if (ie)
02b7cc62 3023 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3024
02b7cc62 3025 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3026 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3027 }
3028
3029 if (conn->state != BT_CONFIG)
3030 goto unlock;
3031
671267bf 3032 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3033 struct hci_cp_remote_name_req cp;
3034 memset(&cp, 0, sizeof(cp));
3035 bacpy(&cp.bdaddr, &conn->dst);
3036 cp.pscan_rep_mode = 0x02;
3037 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3038 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3039 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3040 conn->dst_type, 0, NULL, 0,
3041 conn->dev_class);
392599b9 3042
127178d2 3043 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3044 conn->state = BT_CONNECTED;
3045 hci_proto_connect_cfm(conn, ev->status);
3046 hci_conn_put(conn);
41a96212
MH		 3047 }
3048
ccd556fe 3049unlock:
41a96212 3050 hci_dev_unlock(hdev);
a9de9248
MH		 3051}
3052
6039aa73
GP		 3053static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3054 struct sk_buff *skb)
a9de9248 3055{
b6a0dc82
MH		 3056 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3057 struct hci_conn *conn;
3058
9f1db00c 3059 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3060
3061 hci_dev_lock(hdev);
3062
3063 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3064 if (!conn) {
3065 if (ev->link_type == ESCO_LINK)
3066 goto unlock;
3067
3068 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3069 if (!conn)
3070 goto unlock;
3071
3072 conn->type = SCO_LINK;
3073 }
b6a0dc82 3074
732547f9
MH		 3075 switch (ev->status) {
3076 case 0x00:
b6a0dc82
MH		 3077 conn->handle = __le16_to_cpu(ev->handle);
3078 conn->state = BT_CONNECTED;
7d0db0a3 3079
9eba32b8 3080 hci_conn_hold_device(conn);
7d0db0a3 3081 hci_conn_add_sysfs(conn);
732547f9
MH		 3082 break;
3083
705e5711 3084 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3085 case 0x1c: /* SCO interval rejected */
1038a00b 3086 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3087 case 0x1f: /* Unspecified error */
3088 if (conn->out && conn->attempt < 2) {
3089 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3090 (hdev->esco_type & EDR_ESCO_MASK);
3091 hci_setup_sync(conn, conn->link->handle);
3092 goto unlock;
3093 }
3094 /* fall through */
3095
3096 default:
b6a0dc82 3097 conn->state = BT_CLOSED;
732547f9
MH		 3098 break;
3099 }
b6a0dc82
MH		 3100
3101 hci_proto_connect_cfm(conn, ev->status);
3102 if (ev->status)
3103 hci_conn_del(conn);
3104
3105unlock:
3106 hci_dev_unlock(hdev);
a9de9248
MH		 3107}
3108
6039aa73 3109static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3110{
3111 BT_DBG("%s", hdev->name);
3112}
3113
6039aa73 3114static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3115{
a9de9248 3116 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3117
9f1db00c 3118 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3119}
3120
6039aa73
GP		 3121static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3122 struct sk_buff *skb)
1da177e4 3123{
a9de9248
MH		 3124 struct inquiry_data data;
3125 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3126 int num_rsp = *((__u8 *) skb->data);
9d939d94 3127 size_t eir_len;
1da177e4 3128
a9de9248 3129 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3130
a9de9248
MH		 3131 if (!num_rsp)
3132 return;
1da177e4 3133
1519cc17
AG		 3134 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3135 return;
3136
a9de9248
MH		 3137 hci_dev_lock(hdev);
3138
e17acd40 3139 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3140 bool name_known, ssp;
561aafbc 3141
a9de9248 3142 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3143 data.pscan_rep_mode = info->pscan_rep_mode;
3144 data.pscan_period_mode = info->pscan_period_mode;
3145 data.pscan_mode = 0x00;
a9de9248 3146 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3147 data.clock_offset = info->clock_offset;
3148 data.rssi = info->rssi;
41a96212 3149 data.ssp_mode = 0x01;
561aafbc 3150
a8b2d5c2 3151 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3152 name_known = eir_has_data_type(info->data,
04124681
GP		 3153 sizeof(info->data),
3154 EIR_NAME_COMPLETE);
561aafbc
JH		 3155 else
3156 name_known = true;
3157
388fc8fa 3158 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3159 &ssp);
9d939d94 3160 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3161 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3162 info->dev_class, info->rssi, !name_known,
9d939d94 3163 ssp, info->data, eir_len);
a9de9248
MH		 3164 }
3165
3166 hci_dev_unlock(hdev);
3167}
1da177e4 3168
1c2e0041
JH		 3169static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3170 struct sk_buff *skb)
3171{
3172 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3173 struct hci_conn *conn;
3174
9f1db00c 3175 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3176 __le16_to_cpu(ev->handle));
3177
3178 hci_dev_lock(hdev);
3179
3180 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3181 if (!conn)
3182 goto unlock;
3183
3184 if (!ev->status)
3185 conn->sec_level = conn->pending_sec_level;
3186
3187 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3188
3189 if (ev->status && conn->state == BT_CONNECTED) {
3190 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3191 hci_conn_put(conn);
3192 goto unlock;
3193 }
3194
3195 if (conn->state == BT_CONFIG) {
3196 if (!ev->status)
3197 conn->state = BT_CONNECTED;
3198
3199 hci_proto_connect_cfm(conn, ev->status);
3200 hci_conn_put(conn);
3201 } else {
3202 hci_auth_cfm(conn, ev->status);
3203
3204 hci_conn_hold(conn);
3205 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3206 hci_conn_put(conn);
3207 }
3208
3209unlock:
3210 hci_dev_unlock(hdev);
3211}
3212
6039aa73 3213static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3214{
3215 /* If remote requests dedicated bonding follow that lead */
3216 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3217 /* If both remote and local IO capabilities allow MITM
3218 * protection then require it, otherwise don't */
3219 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3220 return 0x02;
3221 else
3222 return 0x03;
3223 }
3224
3225 /* If remote requests no-bonding follow that lead */
3226 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3227 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3228
3229 return conn->auth_type;
3230}
3231
6039aa73 3232static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3233{
3234 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3235 struct hci_conn *conn;
3236
3237 BT_DBG("%s", hdev->name);
3238
3239 hci_dev_lock(hdev);
3240
3241 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3242 if (!conn)
3243 goto unlock;
3244
3245 hci_conn_hold(conn);
3246
a8b2d5c2 3247 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3248 goto unlock;
3249
a8b2d5c2 3250 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3251 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3252 struct hci_cp_io_capability_reply cp;
3253
3254 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3255 /* Change the IO capability from KeyboardDisplay
3256 * to DisplayYesNo as it is not supported by BT spec. */
3257 cp.capability = (conn->io_capability == 0x04) ?
3258 0x01 : conn->io_capability;
7cbc9bd9
JH		 3259 conn->auth_type = hci_get_auth_req(conn);
3260 cp.authentication = conn->auth_type;
17fa4b9d 3261
8fc9ced3
GP		 3262 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3263 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3264 cp.oob_data = 0x01;
3265 else
3266 cp.oob_data = 0x00;
3267
17fa4b9d 3268 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3269 sizeof(cp), &cp);
03b555e1
JH		 3270 } else {
3271 struct hci_cp_io_capability_neg_reply cp;
3272
3273 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3274 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3275
03b555e1 3276 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3277 sizeof(cp), &cp);
03b555e1
JH		 3278 }
3279
3280unlock:
3281 hci_dev_unlock(hdev);
3282}
3283
6039aa73 3284static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3285{
3286 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3287 struct hci_conn *conn;
3288
3289 BT_DBG("%s", hdev->name);
3290
3291 hci_dev_lock(hdev);
3292
3293 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3294 if (!conn)
3295 goto unlock;
3296
03b555e1 3297 conn->remote_cap = ev->capability;
03b555e1 3298 conn->remote_auth = ev->authentication;
58a681ef
JH		 3299 if (ev->oob_data)
3300 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3301
3302unlock:
0493684e
MH		 3303 hci_dev_unlock(hdev);
3304}
3305
6039aa73
GP		 3306static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3307 struct sk_buff *skb)
a5c29683
JH		 3308{
3309 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3310 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3311 struct hci_conn *conn;
a5c29683
JH		 3312
3313 BT_DBG("%s", hdev->name);
3314
3315 hci_dev_lock(hdev);
3316
a8b2d5c2 3317 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3318 goto unlock;
a5c29683 3319
7a828908
JH		 3320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3321 if (!conn)
3322 goto unlock;
3323
3324 loc_mitm = (conn->auth_type & 0x01);
3325 rem_mitm = (conn->remote_auth & 0x01);
3326
3327 /* If we require MITM but the remote device can't provide that
3328 * (it has NoInputNoOutput) then reject the confirmation
3329 * request. The only exception is when we're dedicated bonding
3330 * initiators (connect_cfm_cb set) since then we always have the MITM
3331 * bit set. */
3332 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3333 BT_DBG("Rejecting request: remote device can't provide MITM");
3334 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3335 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3336 goto unlock;
3337 }
3338
3339 /* If no side requires MITM protection; auto-accept */
3340 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3341 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3342
3343 /* If we're not the initiators request authorization to
3344 * proceed from user space (mgmt_user_confirm with
3345 * confirm_hint set to 1). */
51a8efd7 3346 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3347 BT_DBG("Confirming auto-accept as acceptor");
3348 confirm_hint = 1;
3349 goto confirm;
3350 }
3351
9f61656a 3352 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3353 hdev->auto_accept_delay);
9f61656a
JH		 3354
3355 if (hdev->auto_accept_delay > 0) {
3356 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3357 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3358 goto unlock;
3359 }
3360
7a828908 3361 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3362 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3363 goto unlock;
3364 }
3365
55bc1a37 3366confirm:
272d90df 3367 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3368 confirm_hint);
7a828908
JH		 3369
3370unlock:
a5c29683
JH		 3371 hci_dev_unlock(hdev);
3372}
3373
6039aa73
GP		 3374static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3375 struct sk_buff *skb)
1143d458
BG		 3376{
3377 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3378
3379 BT_DBG("%s", hdev->name);
3380
a8b2d5c2 3381 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3382 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3383}
3384
92a25256
JH		 3385static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3386 struct sk_buff *skb)
3387{
3388 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3389 struct hci_conn *conn;
3390
3391 BT_DBG("%s", hdev->name);
3392
3393 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3394 if (!conn)
3395 return;
3396
3397 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3398 conn->passkey_entered = 0;
3399
3400 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3401 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3402 conn->dst_type, conn->passkey_notify,
3403 conn->passkey_entered);
3404}
3405
3406static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3407{
3408 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3409 struct hci_conn *conn;
3410
3411 BT_DBG("%s", hdev->name);
3412
3413 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3414 if (!conn)
3415 return;
3416
3417 switch (ev->type) {
3418 case HCI_KEYPRESS_STARTED:
3419 conn->passkey_entered = 0;
3420 return;
3421
3422 case HCI_KEYPRESS_ENTERED:
3423 conn->passkey_entered++;
3424 break;
3425
3426 case HCI_KEYPRESS_ERASED:
3427 conn->passkey_entered--;
3428 break;
3429
3430 case HCI_KEYPRESS_CLEARED:
3431 conn->passkey_entered = 0;
3432 break;
3433
3434 case HCI_KEYPRESS_COMPLETED:
3435 return;
3436 }
3437
3438 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3439 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3440 conn->dst_type, conn->passkey_notify,
3441 conn->passkey_entered);
3442}
3443
6039aa73
GP		 3444static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3445 struct sk_buff *skb)
0493684e
MH		 3446{
3447 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3448 struct hci_conn *conn;
3449
3450 BT_DBG("%s", hdev->name);
3451
3452 hci_dev_lock(hdev);
3453
3454 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3455 if (!conn)
3456 goto unlock;
3457
3458 /* To avoid duplicate auth_failed events to user space we check
3459 * the HCI_CONN_AUTH_PEND flag which will be set if we
3460 * initiated the authentication. A traditional auth_complete
3461 * event gets always produced as initiator and is also mapped to
3462 * the mgmt_auth_failed event */
fa1bd918 3463 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3464 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3465 ev->status);
0493684e 3466
2a611692
JH		 3467 hci_conn_put(conn);
3468
3469unlock:
0493684e
MH		 3470 hci_dev_unlock(hdev);
3471}
3472
6039aa73
GP		 3473static void hci_remote_host_features_evt(struct hci_dev *hdev,
3474 struct sk_buff *skb)
41a96212
MH		 3475{
3476 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3477 struct inquiry_entry *ie;
3478
3479 BT_DBG("%s", hdev->name);
3480
3481 hci_dev_lock(hdev);
3482
cc11b9c1
AE		 3483 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3484 if (ie)
02b7cc62 3485 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3486
3487 hci_dev_unlock(hdev);
3488}
3489
6039aa73
GP		 3490static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3491 struct sk_buff *skb)
2763eda6
SJ		 3492{
3493 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3494 struct oob_data *data;
3495
3496 BT_DBG("%s", hdev->name);
3497
3498 hci_dev_lock(hdev);
3499
a8b2d5c2 3500 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3501 goto unlock;
3502
2763eda6
SJ		 3503 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3504 if (data) {
3505 struct hci_cp_remote_oob_data_reply cp;
3506
3507 bacpy(&cp.bdaddr, &ev->bdaddr);
3508 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3509 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3510
3511 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3512 &cp);
2763eda6
SJ		 3513 } else {
3514 struct hci_cp_remote_oob_data_neg_reply cp;
3515
3516 bacpy(&cp.bdaddr, &ev->bdaddr);
3517 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3518 &cp);
2763eda6
SJ		 3519 }
3520
e1ba1f15 3521unlock:
2763eda6
SJ		 3522 hci_dev_unlock(hdev);
3523}
3524
6039aa73 3525static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3526{
3527 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3528 struct hci_conn *conn;
3529
9f1db00c 3530 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3531
3532 hci_dev_lock(hdev);
3533
b47a09b3 3534 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3535 if (!conn) {
3536 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3537 if (!conn) {
3538 BT_ERR("No memory for new connection");
230fd16a 3539 goto unlock;
b62f328b 3540 }
29b7988a
AG		 3541
3542 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3543
3544 if (ev->role == LE_CONN_ROLE_MASTER) {
3545 conn->out = true;
3546 conn->link_mode |= HCI_LM_MASTER;
3547 }
b62f328b 3548 }
fcd89c09 3549
cd17decb
AG		 3550 if (ev->status) {
3551 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3552 conn->dst_type, ev->status);
3553 hci_proto_connect_cfm(conn, ev->status);
3554 conn->state = BT_CLOSED;
3555 hci_conn_del(conn);
3556 goto unlock;
3557 }
3558
b644ba33
JH		 3559 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3560 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3561 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3562
7b5c0d52 3563 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3564 conn->handle = __le16_to_cpu(ev->handle);
3565 conn->state = BT_CONNECTED;
3566
3567 hci_conn_hold_device(conn);
3568 hci_conn_add_sysfs(conn);
3569
3570 hci_proto_connect_cfm(conn, ev->status);
3571
3572unlock:
3573 hci_dev_unlock(hdev);
3574}
3575
6039aa73 3576static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3577{
e95beb41
AG		 3578 u8 num_reports = skb->data[0];
3579 void *ptr = &skb->data[1];
3c9e9195 3580 s8 rssi;
9aa04c91
AG		 3581
3582 hci_dev_lock(hdev);
3583
e95beb41
AG		 3584 while (num_reports--) {
3585 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3586
3c9e9195
AG		 3587 rssi = ev->data[ev->length];
3588 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3589 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3590
e95beb41 3591 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3592 }
3593
3594 hci_dev_unlock(hdev);
3595}
3596
6039aa73 3597static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3598{
3599 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3600 struct hci_cp_le_ltk_reply cp;
bea710fe 3601 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3602 struct hci_conn *conn;
c9839a11 3603 struct smp_ltk *ltk;
a7a595f6 3604
9f1db00c 3605 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3606
3607 hci_dev_lock(hdev);
3608
3609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3610 if (conn == NULL)
3611 goto not_found;
a7a595f6 3612
bea710fe
VCG		 3613 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3614 if (ltk == NULL)
3615 goto not_found;
3616
3617 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3618 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3619
3620 if (ltk->authenticated)
3621 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3622
3623 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3624
c9839a11
VCG		 3625 if (ltk->type & HCI_SMP_STK) {
3626 list_del(&ltk->list);
3627 kfree(ltk);
3628 }
3629
a7a595f6 3630 hci_dev_unlock(hdev);
bea710fe
VCG		 3631
3632 return;
3633
3634not_found:
3635 neg.handle = ev->handle;
3636 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3637 hci_dev_unlock(hdev);
a7a595f6
VCG		 3638}
3639
6039aa73 3640static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3641{
3642 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3643
3644 skb_pull(skb, sizeof(*le_ev));
3645
3646 switch (le_ev->subevent) {
3647 case HCI_EV_LE_CONN_COMPLETE:
3648 hci_le_conn_complete_evt(hdev, skb);
3649 break;
3650
9aa04c91
AG		 3651 case HCI_EV_LE_ADVERTISING_REPORT:
3652 hci_le_adv_report_evt(hdev, skb);
3653 break;
3654
a7a595f6
VCG		 3655 case HCI_EV_LE_LTK_REQ:
3656 hci_le_ltk_request_evt(hdev, skb);
3657 break;
3658
fcd89c09
VT		 3659 default:
3660 break;
3661 }
3662}
3663
9495b2ee
AE		 3664static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3665{
3666 struct hci_ev_channel_selected *ev = (void *) skb->data;
3667 struct hci_conn *hcon;
3668
3669 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3670
3671 skb_pull(skb, sizeof(*ev));
3672
3673 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3674 if (!hcon)
3675 return;
3676
3677 amp_read_loc_assoc_final_data(hdev, hcon);
3678}
3679
a9de9248
MH		 3680void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3681{
3682 struct hci_event_hdr *hdr = (void *) skb->data;
3683 __u8 event = hdr->evt;
3684
3685 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3686
3687 switch (event) {
1da177e4
LT		 3688 case HCI_EV_INQUIRY_COMPLETE:
3689 hci_inquiry_complete_evt(hdev, skb);
3690 break;
3691
3692 case HCI_EV_INQUIRY_RESULT:
3693 hci_inquiry_result_evt(hdev, skb);
3694 break;
3695
a9de9248
MH		 3696 case HCI_EV_CONN_COMPLETE:
3697 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3698 break;
3699
1da177e4
LT		 3700 case HCI_EV_CONN_REQUEST:
3701 hci_conn_request_evt(hdev, skb);
3702 break;
3703
1da177e4
LT		 3704 case HCI_EV_DISCONN_COMPLETE:
3705 hci_disconn_complete_evt(hdev, skb);
3706 break;
3707
1da177e4
LT		 3708 case HCI_EV_AUTH_COMPLETE:
3709 hci_auth_complete_evt(hdev, skb);
3710 break;
3711
a9de9248
MH		 3712 case HCI_EV_REMOTE_NAME:
3713 hci_remote_name_evt(hdev, skb);
3714 break;
3715
1da177e4
LT		 3716 case HCI_EV_ENCRYPT_CHANGE:
3717 hci_encrypt_change_evt(hdev, skb);
3718 break;
3719
a9de9248
MH		 3720 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3721 hci_change_link_key_complete_evt(hdev, skb);
3722 break;
3723
3724 case HCI_EV_REMOTE_FEATURES:
3725 hci_remote_features_evt(hdev, skb);
3726 break;
3727
3728 case HCI_EV_REMOTE_VERSION:
3729 hci_remote_version_evt(hdev, skb);
3730 break;
3731
3732 case HCI_EV_QOS_SETUP_COMPLETE:
3733 hci_qos_setup_complete_evt(hdev, skb);
3734 break;
3735
3736 case HCI_EV_CMD_COMPLETE:
3737 hci_cmd_complete_evt(hdev, skb);
3738 break;
3739
3740 case HCI_EV_CMD_STATUS:
3741 hci_cmd_status_evt(hdev, skb);
3742 break;
3743
3744 case HCI_EV_ROLE_CHANGE:
3745 hci_role_change_evt(hdev, skb);
3746 break;
3747
3748 case HCI_EV_NUM_COMP_PKTS:
3749 hci_num_comp_pkts_evt(hdev, skb);
3750 break;
3751
3752 case HCI_EV_MODE_CHANGE:
3753 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3754 break;
3755
3756 case HCI_EV_PIN_CODE_REQ:
3757 hci_pin_code_request_evt(hdev, skb);
3758 break;
3759
3760 case HCI_EV_LINK_KEY_REQ:
3761 hci_link_key_request_evt(hdev, skb);
3762 break;
3763
3764 case HCI_EV_LINK_KEY_NOTIFY:
3765 hci_link_key_notify_evt(hdev, skb);
3766 break;
3767
3768 case HCI_EV_CLOCK_OFFSET:
3769 hci_clock_offset_evt(hdev, skb);
3770 break;
3771
a8746417
MH		 3772 case HCI_EV_PKT_TYPE_CHANGE:
3773 hci_pkt_type_change_evt(hdev, skb);
3774 break;
3775
85a1e930
MH		 3776 case HCI_EV_PSCAN_REP_MODE:
3777 hci_pscan_rep_mode_evt(hdev, skb);
3778 break;
3779
a9de9248
MH		 3780 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3781 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3782 break;
3783
a9de9248
MH		 3784 case HCI_EV_REMOTE_EXT_FEATURES:
3785 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3786 break;
3787
a9de9248
MH		 3788 case HCI_EV_SYNC_CONN_COMPLETE:
3789 hci_sync_conn_complete_evt(hdev, skb);
3790 break;
1da177e4 3791
a9de9248
MH		 3792 case HCI_EV_SYNC_CONN_CHANGED:
3793 hci_sync_conn_changed_evt(hdev, skb);
3794 break;
1da177e4 3795
a9de9248
MH		 3796 case HCI_EV_SNIFF_SUBRATE:
3797 hci_sniff_subrate_evt(hdev, skb);
3798 break;
1da177e4 3799
a9de9248
MH		 3800 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3801 hci_extended_inquiry_result_evt(hdev, skb);
3802 break;
1da177e4 3803
1c2e0041
JH		 3804 case HCI_EV_KEY_REFRESH_COMPLETE:
3805 hci_key_refresh_complete_evt(hdev, skb);
3806 break;
3807
0493684e
MH		 3808 case HCI_EV_IO_CAPA_REQUEST:
3809 hci_io_capa_request_evt(hdev, skb);
3810 break;
3811
03b555e1
JH		 3812 case HCI_EV_IO_CAPA_REPLY:
3813 hci_io_capa_reply_evt(hdev, skb);
3814 break;
3815
a5c29683
JH		 3816 case HCI_EV_USER_CONFIRM_REQUEST:
3817 hci_user_confirm_request_evt(hdev, skb);
3818 break;
3819
1143d458
BG		 3820 case HCI_EV_USER_PASSKEY_REQUEST:
3821 hci_user_passkey_request_evt(hdev, skb);
3822 break;
3823
92a25256
JH		 3824 case HCI_EV_USER_PASSKEY_NOTIFY:
3825 hci_user_passkey_notify_evt(hdev, skb);
3826 break;
3827
3828 case HCI_EV_KEYPRESS_NOTIFY:
3829 hci_keypress_notify_evt(hdev, skb);
3830 break;
3831
0493684e
MH		 3832 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3833 hci_simple_pair_complete_evt(hdev, skb);
3834 break;
3835
41a96212
MH		 3836 case HCI_EV_REMOTE_HOST_FEATURES:
3837 hci_remote_host_features_evt(hdev, skb);
3838 break;
3839
fcd89c09
VT		 3840 case HCI_EV_LE_META:
3841 hci_le_meta_evt(hdev, skb);
3842 break;
3843
9495b2ee
AE		 3844 case HCI_EV_CHANNEL_SELECTED:
3845 hci_chan_selected_evt(hdev, skb);
3846 break;
3847
2763eda6
SJ		 3848 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3849 hci_remote_oob_data_request_evt(hdev, skb);
3850 break;
3851
25e89e99
AE		 3852 case HCI_EV_NUM_COMP_BLOCKS:
3853 hci_num_comp_blocks_evt(hdev, skb);
3854 break;
3855
a9de9248 3856 default:
9f1db00c 3857 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3858 break;
3859 }
3860
3861 kfree_skb(skb);
3862 hdev->stat.evt_rx++;
3863}
kernel source for telekom puls (alcatel/mediatek)