projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move pending management command list into struct hci_dev
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
a9de9248
MH		 58 if (status)
59 return;
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
744cf19e 63 mgmt_discovering(hdev, 0);
6bd57416 64
23bb5763 65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 66
67 hci_conn_check_pending(hdev);
68}
6bd57416 69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
a9de9248 74 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
a9de9248
MH		 79 hci_conn_check_pending(hdev);
80}
81
82static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
83{
84 BT_DBG("%s", hdev->name);
85}
86
87static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88{
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
91
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
93
94 if (rp->status)
95 return;
96
97 hci_dev_lock(hdev);
98
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 if (conn) {
101 if (rp->role)
102 conn->link_mode &= ~HCI_LM_MASTER;
103 else
104 conn->link_mode |= HCI_LM_MASTER;
1da177e4 105 }
a9de9248
MH		 106
107 hci_dev_unlock(hdev);
1da177e4
LT		 108}
109
e4e8e37c
MH		 110static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111{
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
114
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
116
117 if (rp->status)
118 return;
119
120 hci_dev_lock(hdev);
121
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 if (conn)
124 conn->link_policy = __le16_to_cpu(rp->policy);
125
126 hci_dev_unlock(hdev);
127}
128
a9de9248 129static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 130{
a9de9248 131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 132 struct hci_conn *conn;
04837f64 133 void *sent;
1da177e4 134
a9de9248 135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 136
a9de9248
MH		 137 if (rp->status)
138 return;
1da177e4 139
a9de9248
MH		 140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
141 if (!sent)
142 return;
1da177e4 143
a9de9248 144 hci_dev_lock(hdev);
1da177e4 145
a9de9248 146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 147 if (conn)
83985319 148 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 149
a9de9248
MH		 150 hci_dev_unlock(hdev);
151}
1da177e4 152
e4e8e37c
MH		 153static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
165static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
166{
167 __u8 status = *((__u8 *) skb->data);
168 void *sent;
169
170 BT_DBG("%s status 0x%x", hdev->name, status);
171
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
173 if (!sent)
174 return;
175
176 if (!status)
177 hdev->link_policy = get_unaligned_le16(sent);
178
23bb5763 179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 180}
181
a9de9248
MH		 182static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183{
184 __u8 status = *((__u8 *) skb->data);
04837f64 185
a9de9248 186 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 187
10572132
GP		 188 clear_bit(HCI_RESET, &hdev->flags);
189
23bb5763 190 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 191}
04837f64 192
a9de9248
MH		 193static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
04837f64 197
a9de9248 198 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 199
a9de9248
MH		 200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
201 if (!sent)
202 return;
04837f64 203
b312b161 204 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 205 mgmt_set_local_name_complete(hdev, sent, status);
b312b161
JH		 206
207 if (status)
208 return;
209
1f6c6378 210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 211}
212
213static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214{
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
216
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
218
219 if (rp->status)
220 return;
221
1f6c6378 222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 223}
224
225static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 __u8 status = *((__u8 *) skb->data);
228 void *sent;
229
230 BT_DBG("%s status 0x%x", hdev->name, status);
231
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
233 if (!sent)
234 return;
235
236 if (!status) {
237 __u8 param = *((__u8 *) sent);
238
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
241 else
242 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 243 }
a9de9248 244
23bb5763 245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 246}
247
a9de9248 248static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 249{
a9de9248 250 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 251 void *sent;
252
a9de9248 253 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 254
a9de9248
MH		 255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
256 if (!sent)
257 return;
1da177e4 258
a9de9248
MH		 259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param)
263 set_bit(HCI_ENCRYPT, &hdev->flags);
264 else
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
266 }
1da177e4 267
23bb5763 268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 269}
1da177e4 270
a9de9248
MH		 271static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
272{
36f7fc7e
JH		 273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
a9de9248 275 void *sent;
1da177e4 276
a9de9248 277 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 278
a9de9248
MH		 279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
280 if (!sent)
281 return;
1da177e4 282
36f7fc7e
JH		 283 param = *((__u8 *) sent);
284
2d7cee58 285 if (status != 0) {
744cf19e 286 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 287 hdev->discov_timeout = 0;
288 goto done;
289 }
290
36f7fc7e
JH		 291 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
292 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
293
294 if (param & SCAN_INQUIRY) {
295 set_bit(HCI_ISCAN, &hdev->flags);
296 if (!old_iscan)
744cf19e 297 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 298 if (hdev->discov_timeout > 0) {
299 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
300 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
301 to);
302 }
36f7fc7e 303 } else if (old_iscan)
744cf19e 304 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 305
306 if (param & SCAN_PAGE) {
307 set_bit(HCI_PSCAN, &hdev->flags);
308 if (!old_pscan)
744cf19e 309 mgmt_connectable(hdev, 1);
36f7fc7e 310 } else if (old_pscan)
744cf19e 311 mgmt_connectable(hdev, 0);
1da177e4 312
36f7fc7e 313done:
23bb5763 314 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 315}
1da177e4 316
a9de9248
MH		 317static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
318{
319 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 320
a9de9248 321 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 322
a9de9248
MH		 323 if (rp->status)
324 return;
1da177e4 325
a9de9248 326 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 327
a9de9248
MH		 328 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
329 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 __u8 status = *((__u8 *) skb->data);
335 void *sent;
1da177e4 336
a9de9248 337 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 338
f383f275
MH		 339 if (status)
340 return;
341
a9de9248
MH		 342 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
343 if (!sent)
344 return;
1da177e4 345
f383f275 346 memcpy(hdev->dev_class, sent, 3);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
352 __u16 setting;
353
354 BT_DBG("%s status 0x%x", hdev->name, rp->status);
355
356 if (rp->status)
357 return;
358
359 setting = __le16_to_cpu(rp->voice_setting);
360
f383f275 361 if (hdev->voice_setting == setting)
a9de9248
MH		 362 return;
363
364 hdev->voice_setting = setting;
365
366 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
367
368 if (hdev->notify) {
369 tasklet_disable(&hdev->tx_task);
370 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
371 tasklet_enable(&hdev->tx_task);
372 }
373}
374
375static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
376{
377 __u8 status = *((__u8 *) skb->data);
f383f275 378 __u16 setting;
a9de9248
MH		 379 void *sent;
380
381 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 382
f383f275
MH		 383 if (status)
384 return;
385
a9de9248
MH		 386 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
387 if (!sent)
388 return;
1da177e4 389
f383f275 390 setting = get_unaligned_le16(sent);
1da177e4 391
f383f275
MH		 392 if (hdev->voice_setting == setting)
393 return;
394
395 hdev->voice_setting = setting;
1da177e4 396
f383f275 397 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 398
f383f275
MH		 399 if (hdev->notify) {
400 tasklet_disable(&hdev->tx_task);
401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 403 }
404}
405
a9de9248 406static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 407{
a9de9248 408 __u8 status = *((__u8 *) skb->data);
1da177e4 409
a9de9248 410 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 411
23bb5763 412 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 413}
1143e5a6 414
333140b5
MH		 415static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
416{
417 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
418
419 BT_DBG("%s status 0x%x", hdev->name, rp->status);
420
421 if (rp->status)
422 return;
423
424 hdev->ssp_mode = rp->mode;
425}
426
427static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
428{
429 __u8 status = *((__u8 *) skb->data);
430 void *sent;
431
432 BT_DBG("%s status 0x%x", hdev->name, status);
433
434 if (status)
435 return;
436
437 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
438 if (!sent)
439 return;
440
441 hdev->ssp_mode = *((__u8 *) sent);
442}
443
d5859e22
JH		 444static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
445{
446 if (hdev->features[6] & LMP_EXT_INQ)
447 return 2;
448
449 if (hdev->features[3] & LMP_RSSI_INQ)
450 return 1;
451
452 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
453 hdev->lmp_subver == 0x0757)
454 return 1;
455
456 if (hdev->manufacturer == 15) {
457 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
458 return 1;
459 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
460 return 1;
461 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
462 return 1;
463 }
464
465 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
466 hdev->lmp_subver == 0x1805)
467 return 1;
468
469 return 0;
470}
471
472static void hci_setup_inquiry_mode(struct hci_dev *hdev)
473{
474 u8 mode;
475
476 mode = hci_get_inquiry_mode(hdev);
477
478 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
479}
480
481static void hci_setup_event_mask(struct hci_dev *hdev)
482{
483 /* The second byte is 0xff instead of 0x9f (two reserved bits
484 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
485 * command otherwise */
486 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
487
6de6c18d
VT		 488 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
489 * any event mask for pre 1.2 devices */
490 if (hdev->lmp_ver <= 1)
491 return;
492
493 events[4] |= 0x01; /* Flow Specification Complete */
494 events[4] |= 0x02; /* Inquiry Result with RSSI */
495 events[4] |= 0x04; /* Read Remote Extended Features Complete */
496 events[5] |= 0x08; /* Synchronous Connection Complete */
497 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 498
499 if (hdev->features[3] & LMP_RSSI_INQ)
500 events[4] |= 0x04; /* Inquiry Result with RSSI */
501
502 if (hdev->features[5] & LMP_SNIFF_SUBR)
503 events[5] |= 0x20; /* Sniff Subrating */
504
505 if (hdev->features[5] & LMP_PAUSE_ENC)
506 events[5] |= 0x80; /* Encryption Key Refresh Complete */
507
508 if (hdev->features[6] & LMP_EXT_INQ)
509 events[5] |= 0x40; /* Extended Inquiry Result */
510
511 if (hdev->features[6] & LMP_NO_FLUSH)
512 events[7] |= 0x01; /* Enhanced Flush Complete */
513
514 if (hdev->features[7] & LMP_LSTO)
515 events[6] |= 0x80; /* Link Supervision Timeout Changed */
516
517 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
518 events[6] |= 0x01; /* IO Capability Request */
519 events[6] |= 0x02; /* IO Capability Response */
520 events[6] |= 0x04; /* User Confirmation Request */
521 events[6] |= 0x08; /* User Passkey Request */
522 events[6] |= 0x10; /* Remote OOB Data Request */
523 events[6] |= 0x20; /* Simple Pairing Complete */
524 events[7] |= 0x04; /* User Passkey Notification */
525 events[7] |= 0x08; /* Keypress Notification */
526 events[7] |= 0x10; /* Remote Host Supported
527 * Features Notification */
528 }
529
530 if (hdev->features[4] & LMP_LE)
531 events[7] |= 0x20; /* LE Meta-Event */
532
533 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
534}
535
e6100a25
AG		 536static void hci_set_le_support(struct hci_dev *hdev)
537{
538 struct hci_cp_write_le_host_supported cp;
539
540 memset(&cp, 0, sizeof(cp));
541
542 if (enable_le) {
543 cp.le = 1;
544 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
545 }
546
547 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
548}
549
d5859e22
JH		 550static void hci_setup(struct hci_dev *hdev)
551{
552 hci_setup_event_mask(hdev);
553
554 if (hdev->lmp_ver > 1)
555 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
556
557 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
558 u8 mode = 0x01;
559 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
560 }
561
562 if (hdev->features[3] & LMP_RSSI_INQ)
563 hci_setup_inquiry_mode(hdev);
564
565 if (hdev->features[7] & LMP_INQ_TX_PWR)
566 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 567
568 if (hdev->features[7] & LMP_EXTFEATURES) {
569 struct hci_cp_read_local_ext_features cp;
570
571 cp.page = 0x01;
572 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
573 sizeof(cp), &cp);
574 }
e6100a25
AG		 575
576 if (hdev->features[4] & LMP_LE)
577 hci_set_le_support(hdev);
d5859e22
JH		 578}
579
a9de9248
MH		 580static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
581{
582 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 583
a9de9248 584 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 585
a9de9248
MH		 586 if (rp->status)
587 return;
1143e5a6 588
a9de9248 589 hdev->hci_ver = rp->hci_ver;
e4e8e37c 590 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 591 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 592 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 593 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 594
a9de9248
MH		 595 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
596 hdev->manufacturer,
597 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 598
599 if (test_bit(HCI_INIT, &hdev->flags))
600 hci_setup(hdev);
601}
602
603static void hci_setup_link_policy(struct hci_dev *hdev)
604{
605 u16 link_policy = 0;
606
607 if (hdev->features[0] & LMP_RSWITCH)
608 link_policy |= HCI_LP_RSWITCH;
609 if (hdev->features[0] & LMP_HOLD)
610 link_policy |= HCI_LP_HOLD;
611 if (hdev->features[0] & LMP_SNIFF)
612 link_policy |= HCI_LP_SNIFF;
613 if (hdev->features[1] & LMP_PARK)
614 link_policy |= HCI_LP_PARK;
615
616 link_policy = cpu_to_le16(link_policy);
617 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
618 sizeof(link_policy), &link_policy);
a9de9248 619}
1da177e4 620
a9de9248
MH		 621static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
622{
623 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 624
a9de9248 625 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 626
a9de9248 627 if (rp->status)
d5859e22 628 goto done;
1da177e4 629
a9de9248 630 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 631
632 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
633 hci_setup_link_policy(hdev);
634
635done:
636 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 637}
1da177e4 638
a9de9248
MH		 639static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
640{
641 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 642
a9de9248 643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 644
a9de9248
MH		 645 if (rp->status)
646 return;
5b7f9909 647
a9de9248 648 memcpy(hdev->features, rp->features, 8);
5b7f9909 649
a9de9248
MH		 650 /* Adjust default settings according to features
651 * supported by device. */
1da177e4 652
a9de9248
MH		 653 if (hdev->features[0] & LMP_3SLOT)
654 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 655
a9de9248
MH		 656 if (hdev->features[0] & LMP_5SLOT)
657 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 658
a9de9248
MH		 659 if (hdev->features[1] & LMP_HV2) {
660 hdev->pkt_type |= (HCI_HV2);
661 hdev->esco_type |= (ESCO_HV2);
662 }
1da177e4 663
a9de9248
MH		 664 if (hdev->features[1] & LMP_HV3) {
665 hdev->pkt_type |= (HCI_HV3);
666 hdev->esco_type |= (ESCO_HV3);
667 }
1da177e4 668
a9de9248
MH		 669 if (hdev->features[3] & LMP_ESCO)
670 hdev->esco_type |= (ESCO_EV3);
da1f5198 671
a9de9248
MH		 672 if (hdev->features[4] & LMP_EV4)
673 hdev->esco_type |= (ESCO_EV4);
da1f5198 674
a9de9248
MH		 675 if (hdev->features[4] & LMP_EV5)
676 hdev->esco_type |= (ESCO_EV5);
1da177e4 677
efc7688b
MH		 678 if (hdev->features[5] & LMP_EDR_ESCO_2M)
679 hdev->esco_type |= (ESCO_2EV3);
680
681 if (hdev->features[5] & LMP_EDR_ESCO_3M)
682 hdev->esco_type |= (ESCO_3EV3);
683
684 if (hdev->features[5] & LMP_EDR_3S_ESCO)
685 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
686
a9de9248
MH		 687 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
688 hdev->features[0], hdev->features[1],
689 hdev->features[2], hdev->features[3],
690 hdev->features[4], hdev->features[5],
691 hdev->features[6], hdev->features[7]);
692}
1da177e4 693
971e3a4b
AG		 694static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
695 struct sk_buff *skb)
696{
697 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
698
699 BT_DBG("%s status 0x%x", hdev->name, rp->status);
700
701 if (rp->status)
702 return;
703
704 memcpy(hdev->extfeatures, rp->features, 8);
705
706 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
707}
708
a9de9248
MH		 709static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
710{
711 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 712
a9de9248 713 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 714
a9de9248
MH		 715 if (rp->status)
716 return;
1da177e4 717
a9de9248
MH		 718 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
719 hdev->sco_mtu = rp->sco_mtu;
720 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
721 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
722
723 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
724 hdev->sco_mtu = 64;
725 hdev->sco_pkts = 8;
1da177e4 726 }
a9de9248
MH		 727
728 hdev->acl_cnt = hdev->acl_pkts;
729 hdev->sco_cnt = hdev->sco_pkts;
730
731 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
732 hdev->acl_mtu, hdev->acl_pkts,
733 hdev->sco_mtu, hdev->sco_pkts);
734}
735
736static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
737{
738 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
739
740 BT_DBG("%s status 0x%x", hdev->name, rp->status);
741
742 if (!rp->status)
743 bacpy(&hdev->bdaddr, &rp->bdaddr);
744
23bb5763
JH		 745 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
746}
747
748static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
749{
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 755}
756
928abaa7
AE		 757static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
758 struct sk_buff *skb)
759{
760 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
761
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
763
764 if (rp->status)
765 return;
766
767 hdev->amp_status = rp->amp_status;
768 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
769 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
770 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
771 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
772 hdev->amp_type = rp->amp_type;
773 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
774 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
775 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
776 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
777
778 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
779}
780
b0916ea0
JH		 781static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
782 struct sk_buff *skb)
783{
784 __u8 status = *((__u8 *) skb->data);
785
786 BT_DBG("%s status 0x%x", hdev->name, status);
787
788 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
789}
790
d5859e22
JH		 791static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
792{
793 __u8 status = *((__u8 *) skb->data);
794
795 BT_DBG("%s status 0x%x", hdev->name, status);
796
797 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
798}
799
800static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
801 struct sk_buff *skb)
802{
803 __u8 status = *((__u8 *) skb->data);
804
805 BT_DBG("%s status 0x%x", hdev->name, status);
806
807 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
808}
809
810static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
811 struct sk_buff *skb)
812{
813 __u8 status = *((__u8 *) skb->data);
814
815 BT_DBG("%s status 0x%x", hdev->name, status);
816
817 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
818}
819
820static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
821{
822 __u8 status = *((__u8 *) skb->data);
823
824 BT_DBG("%s status 0x%x", hdev->name, status);
825
826 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
827}
828
980e1a53
JH		 829static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
830{
831 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
832 struct hci_cp_pin_code_reply *cp;
833 struct hci_conn *conn;
834
835 BT_DBG("%s status 0x%x", hdev->name, rp->status);
836
837 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 838 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 839
840 if (rp->status != 0)
841 return;
842
843 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
844 if (!cp)
845 return;
846
847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
848 if (conn)
849 conn->pin_length = cp->pin_len;
850}
851
852static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
853{
854 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%x", hdev->name, rp->status);
857
858 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 859 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53
JH		 860 rp->status);
861}
6ed58ec5
VT		 862static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
863 struct sk_buff *skb)
864{
865 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
866
867 BT_DBG("%s status 0x%x", hdev->name, rp->status);
868
869 if (rp->status)
870 return;
871
872 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
873 hdev->le_pkts = rp->le_max_pkt;
874
875 hdev->le_cnt = hdev->le_pkts;
876
877 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
878
879 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
880}
980e1a53 881
a5c29683
JH		 882static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
883{
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
885
886 BT_DBG("%s status 0x%x", hdev->name, rp->status);
887
888 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 889 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683
JH		 890 rp->status);
891}
892
893static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
894 struct sk_buff *skb)
895{
896 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
897
898 BT_DBG("%s status 0x%x", hdev->name, rp->status);
899
900 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 901 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683
JH		 902 rp->status);
903}
904
c35938b2
SJ		 905static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
906 struct sk_buff *skb)
907{
908 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
909
910 BT_DBG("%s status 0x%x", hdev->name, rp->status);
911
744cf19e 912 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2
SJ		 913 rp->randomizer, rp->status);
914}
915
eb9d91f5
AG		 916static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
917 struct sk_buff *skb)
918{
919 struct hci_cp_le_set_scan_enable *cp;
920 __u8 status = *((__u8 *) skb->data);
921
922 BT_DBG("%s status 0x%x", hdev->name, status);
923
924 if (status)
925 return;
926
927 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
928 if (!cp)
929 return;
930
35815085
AG		 931 if (cp->enable == 0x01) {
932 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 933
934 hci_dev_lock(hdev);
eb9d91f5 935 hci_adv_entries_clear(hdev);
a8f13c8c 936 hci_dev_unlock(hdev);
35815085
AG		 937 } else if (cp->enable == 0x00) {
938 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
939 }
eb9d91f5
AG		 940}
941
a7a595f6
VCG		 942static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
943{
944 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
945
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947
948 if (rp->status)
949 return;
950
951 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
952}
953
954static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
955{
956 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
957
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
959
960 if (rp->status)
961 return;
962
963 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
964}
965
f9b49306
AG		 966static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
967 struct sk_buff *skb)
968{
969 struct hci_cp_read_local_ext_features cp;
970 __u8 status = *((__u8 *) skb->data);
971
972 BT_DBG("%s status 0x%x", hdev->name, status);
973
974 if (status)
975 return;
976
977 cp.page = 0x01;
978 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
979}
980
a9de9248
MH		 981static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
982{
983 BT_DBG("%s status 0x%x", hdev->name, status);
984
985 if (status) {
23bb5763 986 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 987 hci_conn_check_pending(hdev);
164a6e78 988 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 989 mgmt_inquiry_failed(hdev, status);
314b2381
JH		 990 return;
991 }
992
89352e7d
AG		 993 set_bit(HCI_INQUIRY, &hdev->flags);
994
744cf19e 995 mgmt_discovering(hdev, 1);
1da177e4
LT		 996}
997
1da177e4
LT		 998static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
999{
a9de9248 1000 struct hci_cp_create_conn *cp;
1da177e4 1001 struct hci_conn *conn;
1da177e4 1002
a9de9248
MH		 1003 BT_DBG("%s status 0x%x", hdev->name, status);
1004
1005 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1006 if (!cp)
1007 return;
1008
1009 hci_dev_lock(hdev);
1010
1011 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1012
a9de9248 1013 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1014
1015 if (status) {
1016 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1017 if (status != 0x0c || conn->attempt > 2) {
1018 conn->state = BT_CLOSED;
1019 hci_proto_connect_cfm(conn, status);
1020 hci_conn_del(conn);
1021 } else
1022 conn->state = BT_CONNECT2;
1da177e4
LT		 1023 }
1024 } else {
1025 if (!conn) {
1026 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1027 if (conn) {
1028 conn->out = 1;
1029 conn->link_mode |= HCI_LM_MASTER;
1030 } else
893ef971 1031 BT_ERR("No memory for new connection");
1da177e4
LT		 1032 }
1033 }
1034
1035 hci_dev_unlock(hdev);
1036}
1037
a9de9248 1038static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1039{
a9de9248
MH		 1040 struct hci_cp_add_sco *cp;
1041 struct hci_conn *acl, *sco;
1042 __u16 handle;
1da177e4 1043
b6a0dc82
MH		 1044 BT_DBG("%s status 0x%x", hdev->name, status);
1045
a9de9248
MH		 1046 if (!status)
1047 return;
1da177e4 1048
a9de9248
MH		 1049 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1050 if (!cp)
1051 return;
1da177e4 1052
a9de9248 1053 handle = __le16_to_cpu(cp->handle);
1da177e4 1054
a9de9248 1055 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1056
a9de9248 1057 hci_dev_lock(hdev);
1da177e4 1058
a9de9248 1059 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1060 if (acl) {
1061 sco = acl->link;
1062 if (sco) {
1063 sco->state = BT_CLOSED;
1da177e4 1064
5a08ecce
AE		 1065 hci_proto_connect_cfm(sco, status);
1066 hci_conn_del(sco);
1067 }
a9de9248 1068 }
1da177e4 1069
a9de9248
MH		 1070 hci_dev_unlock(hdev);
1071}
1da177e4 1072
f8558555
MH		 1073static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1074{
1075 struct hci_cp_auth_requested *cp;
1076 struct hci_conn *conn;
1077
1078 BT_DBG("%s status 0x%x", hdev->name, status);
1079
1080 if (!status)
1081 return;
1082
1083 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1084 if (!cp)
1085 return;
1086
1087 hci_dev_lock(hdev);
1088
1089 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1090 if (conn) {
1091 if (conn->state == BT_CONFIG) {
1092 hci_proto_connect_cfm(conn, status);
1093 hci_conn_put(conn);
1094 }
1095 }
1096
1097 hci_dev_unlock(hdev);
1098}
1099
1100static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1101{
1102 struct hci_cp_set_conn_encrypt *cp;
1103 struct hci_conn *conn;
1104
1105 BT_DBG("%s status 0x%x", hdev->name, status);
1106
1107 if (!status)
1108 return;
1109
1110 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1111 if (!cp)
1112 return;
1113
1114 hci_dev_lock(hdev);
1115
1116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1117 if (conn) {
1118 if (conn->state == BT_CONFIG) {
1119 hci_proto_connect_cfm(conn, status);
1120 hci_conn_put(conn);
1121 }
1122 }
1123
1124 hci_dev_unlock(hdev);
1125}
1126
127178d2 1127static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1128 struct hci_conn *conn)
392599b9 1129{
392599b9
JH		 1130 if (conn->state != BT_CONFIG || !conn->out)
1131 return 0;
1132
765c2a96 1133 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1134 return 0;
1135
1136 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1137 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1138 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1139 conn->pending_sec_level != BT_SECURITY_HIGH &&
1140 !(conn->auth_type & 0x01))
392599b9
JH		 1141 return 0;
1142
392599b9
JH		 1143 return 1;
1144}
1145
a9de9248
MH		 1146static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1147{
127178d2
JH		 1148 struct hci_cp_remote_name_req *cp;
1149 struct hci_conn *conn;
1150
a9de9248 1151 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1152
1153 /* If successful wait for the name req complete event before
1154 * checking for the need to do authentication */
1155 if (!status)
1156 return;
1157
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1159 if (!cp)
1160 return;
1161
1162 hci_dev_lock(hdev);
1163
1164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1165 if (!conn)
1166 goto unlock;
1167
1168 if (!hci_outgoing_auth_needed(hdev, conn))
1169 goto unlock;
1170
1171 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1172 struct hci_cp_auth_requested cp;
1173 cp.handle = __cpu_to_le16(conn->handle);
1174 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1175 }
1176
79c6c70c 1177unlock:
127178d2 1178 hci_dev_unlock(hdev);
a9de9248 1179}
1da177e4 1180
769be974
MH		 1181static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1182{
1183 struct hci_cp_read_remote_features *cp;
1184 struct hci_conn *conn;
1185
1186 BT_DBG("%s status 0x%x", hdev->name, status);
1187
1188 if (!status)
1189 return;
1190
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1192 if (!cp)
1193 return;
1194
1195 hci_dev_lock(hdev);
1196
1197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1198 if (conn) {
1199 if (conn->state == BT_CONFIG) {
769be974
MH		 1200 hci_proto_connect_cfm(conn, status);
1201 hci_conn_put(conn);
1202 }
1203 }
1204
1205 hci_dev_unlock(hdev);
1206}
1207
1208static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1209{
1210 struct hci_cp_read_remote_ext_features *cp;
1211 struct hci_conn *conn;
1212
1213 BT_DBG("%s status 0x%x", hdev->name, status);
1214
1215 if (!status)
1216 return;
1217
1218 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1219 if (!cp)
1220 return;
1221
1222 hci_dev_lock(hdev);
1223
1224 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1225 if (conn) {
1226 if (conn->state == BT_CONFIG) {
769be974
MH		 1227 hci_proto_connect_cfm(conn, status);
1228 hci_conn_put(conn);
1229 }
1230 }
1231
1232 hci_dev_unlock(hdev);
1233}
1234
a9de9248
MH		 1235static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1236{
b6a0dc82
MH		 1237 struct hci_cp_setup_sync_conn *cp;
1238 struct hci_conn *acl, *sco;
1239 __u16 handle;
1240
a9de9248 1241 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1242
1243 if (!status)
1244 return;
1245
1246 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1247 if (!cp)
1248 return;
1249
1250 handle = __le16_to_cpu(cp->handle);
1251
1252 BT_DBG("%s handle %d", hdev->name, handle);
1253
1254 hci_dev_lock(hdev);
1255
1256 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1257 if (acl) {
1258 sco = acl->link;
1259 if (sco) {
1260 sco->state = BT_CLOSED;
b6a0dc82 1261
5a08ecce
AE		 1262 hci_proto_connect_cfm(sco, status);
1263 hci_conn_del(sco);
1264 }
b6a0dc82
MH		 1265 }
1266
1267 hci_dev_unlock(hdev);
1da177e4
LT		 1268}
1269
a9de9248 1270static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1271{
a9de9248
MH		 1272 struct hci_cp_sniff_mode *cp;
1273 struct hci_conn *conn;
1da177e4 1274
a9de9248 1275 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1276
a9de9248
MH		 1277 if (!status)
1278 return;
04837f64 1279
a9de9248
MH		 1280 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1281 if (!cp)
1282 return;
04837f64 1283
a9de9248 1284 hci_dev_lock(hdev);
04837f64 1285
a9de9248 1286 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1287 if (conn) {
a9de9248 1288 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1289
e73439d8
MH		 1290 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1291 hci_sco_setup(conn, status);
1292 }
1293
a9de9248
MH		 1294 hci_dev_unlock(hdev);
1295}
04837f64 1296
a9de9248
MH		 1297static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1298{
1299 struct hci_cp_exit_sniff_mode *cp;
1300 struct hci_conn *conn;
04837f64 1301
a9de9248 1302 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1303
a9de9248
MH		 1304 if (!status)
1305 return;
04837f64 1306
a9de9248
MH		 1307 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1308 if (!cp)
1309 return;
04837f64 1310
a9de9248 1311 hci_dev_lock(hdev);
1da177e4 1312
a9de9248 1313 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1314 if (conn) {
a9de9248 1315 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1316
e73439d8
MH		 1317 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1318 hci_sco_setup(conn, status);
1319 }
1320
a9de9248 1321 hci_dev_unlock(hdev);
1da177e4
LT		 1322}
1323
fcd89c09
VT		 1324static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1325{
1326 struct hci_cp_le_create_conn *cp;
1327 struct hci_conn *conn;
1328
1329 BT_DBG("%s status 0x%x", hdev->name, status);
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
1337 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1338
1339 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1340 conn);
1341
1342 if (status) {
1343 if (conn && conn->state == BT_CONNECT) {
1344 conn->state = BT_CLOSED;
1345 hci_proto_connect_cfm(conn, status);
1346 hci_conn_del(conn);
1347 }
1348 } else {
1349 if (!conn) {
1350 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1351 if (conn) {
1352 conn->dst_type = cp->peer_addr_type;
fcd89c09 1353 conn->out = 1;
29b7988a 1354 } else {
fcd89c09 1355 BT_ERR("No memory for new connection");
29b7988a 1356 }
fcd89c09
VT		 1357 }
1358 }
1359
1360 hci_dev_unlock(hdev);
1361}
1362
a7a595f6
VCG		 1363static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1364{
1365 BT_DBG("%s status 0x%x", hdev->name, status);
1366}
1367
1da177e4
LT		 1368static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1369{
1370 __u8 status = *((__u8 *) skb->data);
1371
1372 BT_DBG("%s status %d", hdev->name, status);
1373
23bb5763 1374 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1375
a9de9248 1376 hci_conn_check_pending(hdev);
89352e7d
AG		 1377
1378 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1379 return;
1380
744cf19e 1381 mgmt_discovering(hdev, 0);
1da177e4
LT		 1382}
1383
1da177e4
LT		 1384static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1385{
45bb4bf0 1386 struct inquiry_data data;
a9de9248 1387 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1388 int num_rsp = *((__u8 *) skb->data);
1389
1390 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1391
45bb4bf0
MH		 1392 if (!num_rsp)
1393 return;
1394
1da177e4 1395 hci_dev_lock(hdev);
45bb4bf0 1396
e17acd40 1397 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1398 bacpy(&data.bdaddr, &info->bdaddr);
1399 data.pscan_rep_mode = info->pscan_rep_mode;
1400 data.pscan_period_mode = info->pscan_period_mode;
1401 data.pscan_mode = info->pscan_mode;
1402 memcpy(data.dev_class, info->dev_class, 3);
1403 data.clock_offset = info->clock_offset;
1404 data.rssi = 0x00;
41a96212 1405 data.ssp_mode = 0x00;
1da177e4 1406 hci_inquiry_cache_update(hdev, &data);
744cf19e 1407 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
4c659c39 1408 info->dev_class, 0, NULL);
1da177e4 1409 }
45bb4bf0 1410
1da177e4
LT		 1411 hci_dev_unlock(hdev);
1412}
1413
1da177e4
LT		 1414static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1415{
a9de9248
MH		 1416 struct hci_ev_conn_complete *ev = (void *) skb->data;
1417 struct hci_conn *conn;
1da177e4
LT		 1418
1419 BT_DBG("%s", hdev->name);
1420
1421 hci_dev_lock(hdev);
1422
1423 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1424 if (!conn) {
1425 if (ev->link_type != SCO_LINK)
1426 goto unlock;
1427
1428 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1429 if (!conn)
1430 goto unlock;
1431
1432 conn->type = SCO_LINK;
1433 }
1da177e4
LT		 1434
1435 if (!ev->status) {
1436 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1437
1438 if (conn->type == ACL_LINK) {
1439 conn->state = BT_CONFIG;
1440 hci_conn_hold(conn);
052b30b0 1441 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
744cf19e 1442 mgmt_connected(hdev, &ev->bdaddr, conn->type);
769be974
MH		 1443 } else
1444 conn->state = BT_CONNECTED;
1da177e4 1445
9eba32b8 1446 hci_conn_hold_device(conn);
7d0db0a3
MH		 1447 hci_conn_add_sysfs(conn);
1448
1da177e4
LT		 1449 if (test_bit(HCI_AUTH, &hdev->flags))
1450 conn->link_mode |= HCI_LM_AUTH;
1451
1452 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1453 conn->link_mode |= HCI_LM_ENCRYPT;
1454
04837f64
MH		 1455 /* Get remote features */
1456 if (conn->type == ACL_LINK) {
1457 struct hci_cp_read_remote_features cp;
1458 cp.handle = ev->handle;
769be974
MH		 1459 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1460 sizeof(cp), &cp);
04837f64
MH		 1461 }
1462
1da177e4 1463 /* Set packet type for incoming connection */
a8746417 1464 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1465 struct hci_cp_change_conn_ptype cp;
1466 cp.handle = ev->handle;
a8746417
MH		 1467 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1468 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1469 sizeof(cp), &cp);
1da177e4 1470 }
17d5c04c 1471 } else {
1da177e4 1472 conn->state = BT_CLOSED;
17d5c04c 1473 if (conn->type == ACL_LINK)
744cf19e 1474 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
4c659c39 1475 ev->status);
17d5c04c 1476 }
1da177e4 1477
e73439d8
MH		 1478 if (conn->type == ACL_LINK)
1479 hci_sco_setup(conn, ev->status);
1da177e4 1480
769be974
MH		 1481 if (ev->status) {
1482 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1483 hci_conn_del(conn);
c89b6e6b
MH		 1484 } else if (ev->link_type != ACL_LINK)
1485 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1486
a9de9248 1487unlock:
1da177e4 1488 hci_dev_unlock(hdev);
1da177e4 1489
a9de9248 1490 hci_conn_check_pending(hdev);
1da177e4
LT		 1491}
1492
a9de9248 1493static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1494{
a9de9248
MH		 1495 struct hci_ev_conn_request *ev = (void *) skb->data;
1496 int mask = hdev->link_mode;
1da177e4 1497
a9de9248
MH		 1498 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1499 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1500
a9de9248 1501 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1502
138d22ef
SJ		 1503 if ((mask & HCI_LM_ACCEPT) &&
1504 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1505 /* Connection accepted */
c7bdd502 1506 struct inquiry_entry *ie;
1da177e4 1507 struct hci_conn *conn;
1da177e4 1508
a9de9248 1509 hci_dev_lock(hdev);
b6a0dc82 1510
cc11b9c1
AE		 1511 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1512 if (ie)
c7bdd502
MH		 1513 memcpy(ie->data.dev_class, ev->dev_class, 3);
1514
a9de9248
MH		 1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1516 if (!conn) {
cc11b9c1
AE		 1517 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1518 if (!conn) {
893ef971 1519 BT_ERR("No memory for new connection");
a9de9248
MH		 1520 hci_dev_unlock(hdev);
1521 return;
1da177e4
LT		 1522 }
1523 }
b6a0dc82 1524
a9de9248
MH		 1525 memcpy(conn->dev_class, ev->dev_class, 3);
1526 conn->state = BT_CONNECT;
b6a0dc82 1527
a9de9248 1528 hci_dev_unlock(hdev);
1da177e4 1529
b6a0dc82
MH		 1530 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1531 struct hci_cp_accept_conn_req cp;
1da177e4 1532
b6a0dc82
MH		 1533 bacpy(&cp.bdaddr, &ev->bdaddr);
1534
1535 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1536 cp.role = 0x00; /* Become master */
1537 else
1538 cp.role = 0x01; /* Remain slave */
1539
1540 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1541 sizeof(cp), &cp);
1542 } else {
1543 struct hci_cp_accept_sync_conn_req cp;
1544
1545 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1546 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1547
1548 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1549 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1550 cp.max_latency = cpu_to_le16(0xffff);
1551 cp.content_format = cpu_to_le16(hdev->voice_setting);
1552 cp.retrans_effort = 0xff;
1da177e4 1553
b6a0dc82
MH		 1554 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1555 sizeof(cp), &cp);
1556 }
a9de9248
MH		 1557 } else {
1558 /* Connection rejected */
1559 struct hci_cp_reject_conn_req cp;
1da177e4 1560
a9de9248 1561 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1562 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1563 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1564 }
1da177e4
LT		 1565}
1566
a9de9248 1567static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1568{
a9de9248 1569 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1570 struct hci_conn *conn;
1571
1572 BT_DBG("%s status %d", hdev->name, ev->status);
1573
8962ee74 1574 if (ev->status) {
744cf19e 1575 mgmt_disconnect_failed(hdev);
a9de9248 1576 return;
8962ee74 1577 }
a9de9248 1578
04837f64
MH		 1579 hci_dev_lock(hdev);
1580
1581 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1582 if (!conn)
1583 goto unlock;
7d0db0a3 1584
f7520543 1585 conn->state = BT_CLOSED;
04837f64 1586
83bc71b4 1587 if (conn->type == ACL_LINK || conn->type == LE_LINK)
744cf19e 1588 mgmt_disconnected(hdev, &conn->dst, conn->type);
f7520543
JH		 1589
1590 hci_proto_disconn_cfm(conn, ev->reason);
1591 hci_conn_del(conn);
1592
1593unlock:
04837f64
MH		 1594 hci_dev_unlock(hdev);
1595}
1596
1da177e4
LT		 1597static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598{
a9de9248 1599 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1600 struct hci_conn *conn;
1da177e4
LT		 1601
1602 BT_DBG("%s status %d", hdev->name, ev->status);
1603
1604 hci_dev_lock(hdev);
1605
04837f64 1606 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1607 if (!conn)
1608 goto unlock;
1609
1610 if (!ev->status) {
1611 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1612 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1613 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1614 } else {
d7556e20
WR		 1615 conn->link_mode |= HCI_LM_AUTH;
1616 conn->sec_level = conn->pending_sec_level;
2a611692 1617 }
d7556e20 1618 } else {
744cf19e 1619 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1620 }
1da177e4 1621
d7556e20
WR		 1622 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1623 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1624
d7556e20
WR		 1625 if (conn->state == BT_CONFIG) {
1626 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1627 struct hci_cp_set_conn_encrypt cp;
1628 cp.handle = ev->handle;
1629 cp.encrypt = 0x01;
1630 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1631 &cp);
052b30b0 1632 } else {
d7556e20
WR		 1633 conn->state = BT_CONNECTED;
1634 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1635 hci_conn_put(conn);
1636 }
d7556e20
WR		 1637 } else {
1638 hci_auth_cfm(conn, ev->status);
052b30b0 1639
d7556e20
WR		 1640 hci_conn_hold(conn);
1641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1642 hci_conn_put(conn);
1643 }
1644
1645 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1646 if (!ev->status) {
1647 struct hci_cp_set_conn_encrypt cp;
1648 cp.handle = ev->handle;
1649 cp.encrypt = 0x01;
1650 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1651 &cp);
1652 } else {
1653 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1654 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1655 }
1656 }
1657
d7556e20 1658unlock:
1da177e4
LT		 1659 hci_dev_unlock(hdev);
1660}
1661
a9de9248 1662static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1663{
127178d2
JH		 1664 struct hci_ev_remote_name *ev = (void *) skb->data;
1665 struct hci_conn *conn;
1666
a9de9248 1667 BT_DBG("%s", hdev->name);
1da177e4 1668
a9de9248 1669 hci_conn_check_pending(hdev);
127178d2
JH		 1670
1671 hci_dev_lock(hdev);
1672
a88a9652 1673 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1674 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1675
127178d2 1676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1677 if (!conn)
1678 goto unlock;
1679
1680 if (!hci_outgoing_auth_needed(hdev, conn))
1681 goto unlock;
1682
1683 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1684 struct hci_cp_auth_requested cp;
1685 cp.handle = __cpu_to_le16(conn->handle);
1686 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1687 }
1688
79c6c70c 1689unlock:
127178d2 1690 hci_dev_unlock(hdev);
a9de9248
MH		 1691}
1692
1693static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694{
1695 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1696 struct hci_conn *conn;
1697
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1699
1700 hci_dev_lock(hdev);
1701
04837f64 1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1703 if (conn) {
1704 if (!ev->status) {
ae293196
MH		 1705 if (ev->encrypt) {
1706 /* Encryption implies authentication */
1707 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1708 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1709 conn->sec_level = conn->pending_sec_level;
ae293196 1710 } else
1da177e4
LT		 1711 conn->link_mode &= ~HCI_LM_ENCRYPT;
1712 }
1713
1714 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1715
f8558555
MH		 1716 if (conn->state == BT_CONFIG) {
1717 if (!ev->status)
1718 conn->state = BT_CONNECTED;
1719
1720 hci_proto_connect_cfm(conn, ev->status);
1721 hci_conn_put(conn);
1722 } else
1723 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1724 }
1725
1726 hci_dev_unlock(hdev);
1727}
1728
a9de9248 1729static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1730{
a9de9248 1731 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1732 struct hci_conn *conn;
1da177e4
LT		 1733
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1735
1736 hci_dev_lock(hdev);
1737
04837f64 1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1739 if (conn) {
1740 if (!ev->status)
1741 conn->link_mode |= HCI_LM_SECURE;
1742
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744
1745 hci_key_change_cfm(conn, ev->status);
1746 }
1747
1748 hci_dev_unlock(hdev);
1749}
1750
a9de9248 1751static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1752{
a9de9248
MH		 1753 struct hci_ev_remote_features *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1755
1756 BT_DBG("%s status %d", hdev->name, ev->status);
1757
a9de9248
MH		 1758 hci_dev_lock(hdev);
1759
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1761 if (!conn)
1762 goto unlock;
769be974 1763
ccd556fe
JH		 1764 if (!ev->status)
1765 memcpy(conn->features, ev->features, 8);
1766
1767 if (conn->state != BT_CONFIG)
1768 goto unlock;
1769
1770 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1771 struct hci_cp_read_remote_ext_features cp;
1772 cp.handle = ev->handle;
1773 cp.page = 0x01;
1774 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1775 sizeof(cp), &cp);
392599b9
JH		 1776 goto unlock;
1777 }
1778
127178d2
JH		 1779 if (!ev->status) {
1780 struct hci_cp_remote_name_req cp;
1781 memset(&cp, 0, sizeof(cp));
1782 bacpy(&cp.bdaddr, &conn->dst);
1783 cp.pscan_rep_mode = 0x02;
1784 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1785 }
392599b9 1786
127178d2 1787 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1788 conn->state = BT_CONNECTED;
1789 hci_proto_connect_cfm(conn, ev->status);
1790 hci_conn_put(conn);
769be974 1791 }
a9de9248 1792
ccd556fe 1793unlock:
a9de9248 1794 hci_dev_unlock(hdev);
1da177e4
LT		 1795}
1796
a9de9248 1797static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1798{
a9de9248 1799 BT_DBG("%s", hdev->name);
1da177e4
LT		 1800}
1801
a9de9248 1802static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1803{
a9de9248 1804 BT_DBG("%s", hdev->name);
1da177e4
LT		 1805}
1806
a9de9248
MH		 1807static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1808{
1809 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1810 __u16 opcode;
1811
1812 skb_pull(skb, sizeof(*ev));
1813
1814 opcode = __le16_to_cpu(ev->opcode);
1815
1816 switch (opcode) {
1817 case HCI_OP_INQUIRY_CANCEL:
1818 hci_cc_inquiry_cancel(hdev, skb);
1819 break;
1820
1821 case HCI_OP_EXIT_PERIODIC_INQ:
1822 hci_cc_exit_periodic_inq(hdev, skb);
1823 break;
1824
1825 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1826 hci_cc_remote_name_req_cancel(hdev, skb);
1827 break;
1828
1829 case HCI_OP_ROLE_DISCOVERY:
1830 hci_cc_role_discovery(hdev, skb);
1831 break;
1832
e4e8e37c
MH		 1833 case HCI_OP_READ_LINK_POLICY:
1834 hci_cc_read_link_policy(hdev, skb);
1835 break;
1836
a9de9248
MH		 1837 case HCI_OP_WRITE_LINK_POLICY:
1838 hci_cc_write_link_policy(hdev, skb);
1839 break;
1840
e4e8e37c
MH		 1841 case HCI_OP_READ_DEF_LINK_POLICY:
1842 hci_cc_read_def_link_policy(hdev, skb);
1843 break;
1844
1845 case HCI_OP_WRITE_DEF_LINK_POLICY:
1846 hci_cc_write_def_link_policy(hdev, skb);
1847 break;
1848
a9de9248
MH		 1849 case HCI_OP_RESET:
1850 hci_cc_reset(hdev, skb);
1851 break;
1852
1853 case HCI_OP_WRITE_LOCAL_NAME:
1854 hci_cc_write_local_name(hdev, skb);
1855 break;
1856
1857 case HCI_OP_READ_LOCAL_NAME:
1858 hci_cc_read_local_name(hdev, skb);
1859 break;
1860
1861 case HCI_OP_WRITE_AUTH_ENABLE:
1862 hci_cc_write_auth_enable(hdev, skb);
1863 break;
1864
1865 case HCI_OP_WRITE_ENCRYPT_MODE:
1866 hci_cc_write_encrypt_mode(hdev, skb);
1867 break;
1868
1869 case HCI_OP_WRITE_SCAN_ENABLE:
1870 hci_cc_write_scan_enable(hdev, skb);
1871 break;
1872
1873 case HCI_OP_READ_CLASS_OF_DEV:
1874 hci_cc_read_class_of_dev(hdev, skb);
1875 break;
1876
1877 case HCI_OP_WRITE_CLASS_OF_DEV:
1878 hci_cc_write_class_of_dev(hdev, skb);
1879 break;
1880
1881 case HCI_OP_READ_VOICE_SETTING:
1882 hci_cc_read_voice_setting(hdev, skb);
1883 break;
1884
1885 case HCI_OP_WRITE_VOICE_SETTING:
1886 hci_cc_write_voice_setting(hdev, skb);
1887 break;
1888
1889 case HCI_OP_HOST_BUFFER_SIZE:
1890 hci_cc_host_buffer_size(hdev, skb);
1891 break;
1892
333140b5
MH		 1893 case HCI_OP_READ_SSP_MODE:
1894 hci_cc_read_ssp_mode(hdev, skb);
1895 break;
1896
1897 case HCI_OP_WRITE_SSP_MODE:
1898 hci_cc_write_ssp_mode(hdev, skb);
1899 break;
1900
a9de9248
MH		 1901 case HCI_OP_READ_LOCAL_VERSION:
1902 hci_cc_read_local_version(hdev, skb);
1903 break;
1904
1905 case HCI_OP_READ_LOCAL_COMMANDS:
1906 hci_cc_read_local_commands(hdev, skb);
1907 break;
1908
1909 case HCI_OP_READ_LOCAL_FEATURES:
1910 hci_cc_read_local_features(hdev, skb);
1911 break;
1912
971e3a4b
AG		 1913 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1914 hci_cc_read_local_ext_features(hdev, skb);
1915 break;
1916
a9de9248
MH		 1917 case HCI_OP_READ_BUFFER_SIZE:
1918 hci_cc_read_buffer_size(hdev, skb);
1919 break;
1920
1921 case HCI_OP_READ_BD_ADDR:
1922 hci_cc_read_bd_addr(hdev, skb);
1923 break;
1924
23bb5763
JH		 1925 case HCI_OP_WRITE_CA_TIMEOUT:
1926 hci_cc_write_ca_timeout(hdev, skb);
1927 break;
1928
928abaa7
AE		 1929 case HCI_OP_READ_LOCAL_AMP_INFO:
1930 hci_cc_read_local_amp_info(hdev, skb);
1931 break;
1932
b0916ea0
JH		 1933 case HCI_OP_DELETE_STORED_LINK_KEY:
1934 hci_cc_delete_stored_link_key(hdev, skb);
1935 break;
1936
d5859e22
JH		 1937 case HCI_OP_SET_EVENT_MASK:
1938 hci_cc_set_event_mask(hdev, skb);
1939 break;
1940
1941 case HCI_OP_WRITE_INQUIRY_MODE:
1942 hci_cc_write_inquiry_mode(hdev, skb);
1943 break;
1944
1945 case HCI_OP_READ_INQ_RSP_TX_POWER:
1946 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1947 break;
1948
1949 case HCI_OP_SET_EVENT_FLT:
1950 hci_cc_set_event_flt(hdev, skb);
1951 break;
1952
980e1a53
JH		 1953 case HCI_OP_PIN_CODE_REPLY:
1954 hci_cc_pin_code_reply(hdev, skb);
1955 break;
1956
1957 case HCI_OP_PIN_CODE_NEG_REPLY:
1958 hci_cc_pin_code_neg_reply(hdev, skb);
1959 break;
1960
c35938b2
SJ		 1961 case HCI_OP_READ_LOCAL_OOB_DATA:
1962 hci_cc_read_local_oob_data_reply(hdev, skb);
1963 break;
1964
6ed58ec5
VT		 1965 case HCI_OP_LE_READ_BUFFER_SIZE:
1966 hci_cc_le_read_buffer_size(hdev, skb);
1967 break;
1968
a5c29683
JH		 1969 case HCI_OP_USER_CONFIRM_REPLY:
1970 hci_cc_user_confirm_reply(hdev, skb);
1971 break;
1972
1973 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1974 hci_cc_user_confirm_neg_reply(hdev, skb);
1975 break;
1976
eb9d91f5
AG		 1977 case HCI_OP_LE_SET_SCAN_ENABLE:
1978 hci_cc_le_set_scan_enable(hdev, skb);
1979 break;
1980
a7a595f6
VCG		 1981 case HCI_OP_LE_LTK_REPLY:
1982 hci_cc_le_ltk_reply(hdev, skb);
1983 break;
1984
1985 case HCI_OP_LE_LTK_NEG_REPLY:
1986 hci_cc_le_ltk_neg_reply(hdev, skb);
1987 break;
1988
f9b49306
AG		 1989 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1990 hci_cc_write_le_host_supported(hdev, skb);
1991 break;
1992
a9de9248
MH		 1993 default:
1994 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1995 break;
1996 }
1997
6bd32326
VT		 1998 if (ev->opcode != HCI_OP_NOP)
1999 del_timer(&hdev->cmd_timer);
2000
a9de9248
MH		 2001 if (ev->ncmd) {
2002 atomic_set(&hdev->cmd_cnt, 1);
2003 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2004 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2005 }
2006}
2007
2008static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2009{
2010 struct hci_ev_cmd_status *ev = (void *) skb->data;
2011 __u16 opcode;
2012
2013 skb_pull(skb, sizeof(*ev));
2014
2015 opcode = __le16_to_cpu(ev->opcode);
2016
2017 switch (opcode) {
2018 case HCI_OP_INQUIRY:
2019 hci_cs_inquiry(hdev, ev->status);
2020 break;
2021
2022 case HCI_OP_CREATE_CONN:
2023 hci_cs_create_conn(hdev, ev->status);
2024 break;
2025
2026 case HCI_OP_ADD_SCO:
2027 hci_cs_add_sco(hdev, ev->status);
2028 break;
2029
f8558555
MH		 2030 case HCI_OP_AUTH_REQUESTED:
2031 hci_cs_auth_requested(hdev, ev->status);
2032 break;
2033
2034 case HCI_OP_SET_CONN_ENCRYPT:
2035 hci_cs_set_conn_encrypt(hdev, ev->status);
2036 break;
2037
a9de9248
MH		 2038 case HCI_OP_REMOTE_NAME_REQ:
2039 hci_cs_remote_name_req(hdev, ev->status);
2040 break;
2041
769be974
MH		 2042 case HCI_OP_READ_REMOTE_FEATURES:
2043 hci_cs_read_remote_features(hdev, ev->status);
2044 break;
2045
2046 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2047 hci_cs_read_remote_ext_features(hdev, ev->status);
2048 break;
2049
a9de9248
MH		 2050 case HCI_OP_SETUP_SYNC_CONN:
2051 hci_cs_setup_sync_conn(hdev, ev->status);
2052 break;
2053
2054 case HCI_OP_SNIFF_MODE:
2055 hci_cs_sniff_mode(hdev, ev->status);
2056 break;
2057
2058 case HCI_OP_EXIT_SNIFF_MODE:
2059 hci_cs_exit_sniff_mode(hdev, ev->status);
2060 break;
2061
8962ee74
JH		 2062 case HCI_OP_DISCONNECT:
2063 if (ev->status != 0)
744cf19e 2064 mgmt_disconnect_failed(hdev);
8962ee74
JH		 2065 break;
2066
fcd89c09
VT		 2067 case HCI_OP_LE_CREATE_CONN:
2068 hci_cs_le_create_conn(hdev, ev->status);
2069 break;
2070
a7a595f6
VCG		 2071 case HCI_OP_LE_START_ENC:
2072 hci_cs_le_start_enc(hdev, ev->status);
2073 break;
2074
a9de9248
MH		 2075 default:
2076 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2077 break;
2078 }
2079
6bd32326
VT		 2080 if (ev->opcode != HCI_OP_NOP)
2081 del_timer(&hdev->cmd_timer);
2082
10572132 2083 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2084 atomic_set(&hdev->cmd_cnt, 1);
2085 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2086 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2087 }
2088}
2089
2090static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2091{
2092 struct hci_ev_role_change *ev = (void *) skb->data;
2093 struct hci_conn *conn;
2094
2095 BT_DBG("%s status %d", hdev->name, ev->status);
2096
2097 hci_dev_lock(hdev);
2098
2099 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2100 if (conn) {
2101 if (!ev->status) {
2102 if (ev->role)
2103 conn->link_mode &= ~HCI_LM_MASTER;
2104 else
2105 conn->link_mode |= HCI_LM_MASTER;
2106 }
2107
2108 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2109
2110 hci_role_switch_cfm(conn, ev->status, ev->role);
2111 }
2112
2113 hci_dev_unlock(hdev);
2114}
2115
2116static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117{
2118 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2119 __le16 *ptr;
2120 int i;
2121
2122 skb_pull(skb, sizeof(*ev));
2123
2124 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2125
2126 if (skb->len < ev->num_hndl * 4) {
2127 BT_DBG("%s bad parameters", hdev->name);
2128 return;
2129 }
2130
2131 tasklet_disable(&hdev->tx_task);
2132
2133 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2134 struct hci_conn *conn;
2135 __u16 handle, count;
2136
83985319
HH		 2137 handle = get_unaligned_le16(ptr++);
2138 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2139
2140 conn = hci_conn_hash_lookup_handle(hdev, handle);
2141 if (conn) {
2142 conn->sent -= count;
2143
2144 if (conn->type == ACL_LINK) {
70f23020
AE		 2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2147 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2148 } else if (conn->type == LE_LINK) {
2149 if (hdev->le_pkts) {
2150 hdev->le_cnt += count;
2151 if (hdev->le_cnt > hdev->le_pkts)
2152 hdev->le_cnt = hdev->le_pkts;
2153 } else {
2154 hdev->acl_cnt += count;
2155 if (hdev->acl_cnt > hdev->acl_pkts)
2156 hdev->acl_cnt = hdev->acl_pkts;
2157 }
a9de9248 2158 } else {
70f23020
AE		 2159 hdev->sco_cnt += count;
2160 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2161 hdev->sco_cnt = hdev->sco_pkts;
2162 }
2163 }
2164 }
2165
c78ae283 2166 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2167
2168 tasklet_enable(&hdev->tx_task);
2169}
2170
2171static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2172{
a9de9248 2173 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2174 struct hci_conn *conn;
2175
2176 BT_DBG("%s status %d", hdev->name, ev->status);
2177
2178 hci_dev_lock(hdev);
2179
2180 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2181 if (conn) {
2182 conn->mode = ev->mode;
2183 conn->interval = __le16_to_cpu(ev->interval);
2184
2185 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2186 if (conn->mode == HCI_CM_ACTIVE)
2187 conn->power_save = 1;
2188 else
2189 conn->power_save = 0;
2190 }
e73439d8
MH		 2191
2192 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2193 hci_sco_setup(conn, ev->status);
04837f64
MH		 2194 }
2195
2196 hci_dev_unlock(hdev);
2197}
2198
a9de9248
MH		 2199static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2200{
052b30b0
MH		 2201 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2202 struct hci_conn *conn;
2203
a9de9248 2204 BT_DBG("%s", hdev->name);
052b30b0
MH		 2205
2206 hci_dev_lock(hdev);
2207
2208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2209 if (!conn)
2210 goto unlock;
2211
2212 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2213 hci_conn_hold(conn);
2214 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2215 hci_conn_put(conn);
2216 }
2217
03b555e1
JH		 2218 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2219 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2220 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2221 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2222 u8 secure;
2223
2224 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2225 secure = 1;
2226 else
2227 secure = 0;
2228
744cf19e 2229 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2230 }
980e1a53 2231
b6f98044 2232unlock:
052b30b0 2233 hci_dev_unlock(hdev);
a9de9248
MH		 2234}
2235
2236static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2237{
55ed8ca1
JH		 2238 struct hci_ev_link_key_req *ev = (void *) skb->data;
2239 struct hci_cp_link_key_reply cp;
2240 struct hci_conn *conn;
2241 struct link_key *key;
2242
a9de9248 2243 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2244
2245 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2246 return;
2247
2248 hci_dev_lock(hdev);
2249
2250 key = hci_find_link_key(hdev, &ev->bdaddr);
2251 if (!key) {
2252 BT_DBG("%s link key not found for %s", hdev->name,
2253 batostr(&ev->bdaddr));
2254 goto not_found;
2255 }
2256
2257 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2258 batostr(&ev->bdaddr));
2259
b6020ba0
WR		 2260 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2261 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2262 BT_DBG("%s ignoring debug key", hdev->name);
2263 goto not_found;
2264 }
2265
2266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2267 if (conn) {
2268 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2269 conn->auth_type != 0xff &&
2270 (conn->auth_type & 0x01)) {
2271 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2272 goto not_found;
2273 }
55ed8ca1 2274
60b83f57
WR		 2275 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2276 conn->pending_sec_level == BT_SECURITY_HIGH) {
2277 BT_DBG("%s ignoring key unauthenticated for high \
2278 security", hdev->name);
2279 goto not_found;
2280 }
2281
2282 conn->key_type = key->type;
2283 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2284 }
2285
2286 bacpy(&cp.bdaddr, &ev->bdaddr);
2287 memcpy(cp.link_key, key->val, 16);
2288
2289 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2290
2291 hci_dev_unlock(hdev);
2292
2293 return;
2294
2295not_found:
2296 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2297 hci_dev_unlock(hdev);
a9de9248
MH		 2298}
2299
2300static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2301{
052b30b0
MH		 2302 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2303 struct hci_conn *conn;
55ed8ca1 2304 u8 pin_len = 0;
052b30b0 2305
a9de9248 2306 BT_DBG("%s", hdev->name);
052b30b0
MH		 2307
2308 hci_dev_lock(hdev);
2309
2310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2311 if (conn) {
2312 hci_conn_hold(conn);
2313 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2314 pin_len = conn->pin_length;
13d39315
WR		 2315
2316 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2317 conn->key_type = ev->key_type;
2318
052b30b0
MH		 2319 hci_conn_put(conn);
2320 }
2321
55ed8ca1 2322 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2323 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2324 ev->key_type, pin_len);
2325
052b30b0 2326 hci_dev_unlock(hdev);
a9de9248
MH		 2327}
2328
1da177e4
LT		 2329static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2330{
a9de9248 2331 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2332 struct hci_conn *conn;
1da177e4
LT		 2333
2334 BT_DBG("%s status %d", hdev->name, ev->status);
2335
2336 hci_dev_lock(hdev);
2337
04837f64 2338 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2339 if (conn && !ev->status) {
2340 struct inquiry_entry *ie;
2341
cc11b9c1
AE		 2342 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2343 if (ie) {
1da177e4
LT		 2344 ie->data.clock_offset = ev->clock_offset;
2345 ie->timestamp = jiffies;
2346 }
2347 }
2348
2349 hci_dev_unlock(hdev);
2350}
2351
a8746417
MH		 2352static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2353{
2354 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2355 struct hci_conn *conn;
2356
2357 BT_DBG("%s status %d", hdev->name, ev->status);
2358
2359 hci_dev_lock(hdev);
2360
2361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2362 if (conn && !ev->status)
2363 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2364
2365 hci_dev_unlock(hdev);
2366}
2367
85a1e930
MH		 2368static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2369{
a9de9248 2370 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2371 struct inquiry_entry *ie;
2372
2373 BT_DBG("%s", hdev->name);
2374
2375 hci_dev_lock(hdev);
2376
cc11b9c1
AE		 2377 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2378 if (ie) {
85a1e930
MH		 2379 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2380 ie->timestamp = jiffies;
2381 }
2382
2383 hci_dev_unlock(hdev);
2384}
2385
a9de9248
MH		 2386static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2387{
2388 struct inquiry_data data;
2389 int num_rsp = *((__u8 *) skb->data);
2390
2391 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2392
2393 if (!num_rsp)
2394 return;
2395
2396 hci_dev_lock(hdev);
2397
2398 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2399 struct inquiry_info_with_rssi_and_pscan_mode *info;
2400 info = (void *) (skb->data + 1);
a9de9248 2401
e17acd40 2402 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2403 bacpy(&data.bdaddr, &info->bdaddr);
2404 data.pscan_rep_mode = info->pscan_rep_mode;
2405 data.pscan_period_mode = info->pscan_period_mode;
2406 data.pscan_mode = info->pscan_mode;
2407 memcpy(data.dev_class, info->dev_class, 3);
2408 data.clock_offset = info->clock_offset;
2409 data.rssi = info->rssi;
41a96212 2410 data.ssp_mode = 0x00;
a9de9248 2411 hci_inquiry_cache_update(hdev, &data);
744cf19e 2412 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
e17acd40
JH		 2413 info->dev_class, info->rssi,
2414 NULL);
a9de9248
MH		 2415 }
2416 } else {
2417 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2418
e17acd40 2419 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2420 bacpy(&data.bdaddr, &info->bdaddr);
2421 data.pscan_rep_mode = info->pscan_rep_mode;
2422 data.pscan_period_mode = info->pscan_period_mode;
2423 data.pscan_mode = 0x00;
2424 memcpy(data.dev_class, info->dev_class, 3);
2425 data.clock_offset = info->clock_offset;
2426 data.rssi = info->rssi;
41a96212 2427 data.ssp_mode = 0x00;
a9de9248 2428 hci_inquiry_cache_update(hdev, &data);
744cf19e 2429 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
e17acd40
JH		 2430 info->dev_class, info->rssi,
2431 NULL);
a9de9248
MH		 2432 }
2433 }
2434
2435 hci_dev_unlock(hdev);
2436}
2437
2438static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2439{
41a96212
MH		 2440 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2441 struct hci_conn *conn;
2442
a9de9248 2443 BT_DBG("%s", hdev->name);
41a96212 2444
41a96212
MH		 2445 hci_dev_lock(hdev);
2446
2447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2448 if (!conn)
2449 goto unlock;
41a96212 2450
ccd556fe
JH		 2451 if (!ev->status && ev->page == 0x01) {
2452 struct inquiry_entry *ie;
41a96212 2453
cc11b9c1
AE		 2454 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2455 if (ie)
ccd556fe 2456 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2457
ccd556fe
JH		 2458 conn->ssp_mode = (ev->features[0] & 0x01);
2459 }
2460
2461 if (conn->state != BT_CONFIG)
2462 goto unlock;
2463
127178d2
JH		 2464 if (!ev->status) {
2465 struct hci_cp_remote_name_req cp;
2466 memset(&cp, 0, sizeof(cp));
2467 bacpy(&cp.bdaddr, &conn->dst);
2468 cp.pscan_rep_mode = 0x02;
2469 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2470 }
392599b9 2471
127178d2 2472 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2473 conn->state = BT_CONNECTED;
2474 hci_proto_connect_cfm(conn, ev->status);
2475 hci_conn_put(conn);
41a96212
MH		 2476 }
2477
ccd556fe 2478unlock:
41a96212 2479 hci_dev_unlock(hdev);
a9de9248
MH		 2480}
2481
2482static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2483{
b6a0dc82
MH		 2484 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2485 struct hci_conn *conn;
2486
2487 BT_DBG("%s status %d", hdev->name, ev->status);
2488
2489 hci_dev_lock(hdev);
2490
2491 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2492 if (!conn) {
2493 if (ev->link_type == ESCO_LINK)
2494 goto unlock;
2495
2496 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2497 if (!conn)
2498 goto unlock;
2499
2500 conn->type = SCO_LINK;
2501 }
b6a0dc82 2502
732547f9
MH		 2503 switch (ev->status) {
2504 case 0x00:
b6a0dc82
MH		 2505 conn->handle = __le16_to_cpu(ev->handle);
2506 conn->state = BT_CONNECTED;
7d0db0a3 2507
9eba32b8 2508 hci_conn_hold_device(conn);
7d0db0a3 2509 hci_conn_add_sysfs(conn);
732547f9
MH		 2510 break;
2511
705e5711 2512 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2513 case 0x1c: /* SCO interval rejected */
1038a00b 2514 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2515 case 0x1f: /* Unspecified error */
2516 if (conn->out && conn->attempt < 2) {
2517 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2518 (hdev->esco_type & EDR_ESCO_MASK);
2519 hci_setup_sync(conn, conn->link->handle);
2520 goto unlock;
2521 }
2522 /* fall through */
2523
2524 default:
b6a0dc82 2525 conn->state = BT_CLOSED;
732547f9
MH		 2526 break;
2527 }
b6a0dc82
MH		 2528
2529 hci_proto_connect_cfm(conn, ev->status);
2530 if (ev->status)
2531 hci_conn_del(conn);
2532
2533unlock:
2534 hci_dev_unlock(hdev);
a9de9248
MH		 2535}
2536
2537static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2538{
2539 BT_DBG("%s", hdev->name);
2540}
2541
04837f64
MH		 2542static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2543{
a9de9248 2544 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2545
2546 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2547}
2548
a9de9248 2549static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2550{
a9de9248
MH		 2551 struct inquiry_data data;
2552 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2553 int num_rsp = *((__u8 *) skb->data);
1da177e4 2554
a9de9248 2555 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2556
a9de9248
MH		 2557 if (!num_rsp)
2558 return;
1da177e4 2559
a9de9248
MH		 2560 hci_dev_lock(hdev);
2561
e17acd40 2562 for (; num_rsp; num_rsp--, info++) {
a9de9248 2563 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2564 data.pscan_rep_mode = info->pscan_rep_mode;
2565 data.pscan_period_mode = info->pscan_period_mode;
2566 data.pscan_mode = 0x00;
a9de9248 2567 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2568 data.clock_offset = info->clock_offset;
2569 data.rssi = info->rssi;
41a96212 2570 data.ssp_mode = 0x01;
a9de9248 2571 hci_inquiry_cache_update(hdev, &data);
744cf19e 2572 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
4c659c39 2573 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2574 }
2575
2576 hci_dev_unlock(hdev);
2577}
1da177e4 2578
17fa4b9d
JH		 2579static inline u8 hci_get_auth_req(struct hci_conn *conn)
2580{
2581 /* If remote requests dedicated bonding follow that lead */
2582 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2583 /* If both remote and local IO capabilities allow MITM
2584 * protection then require it, otherwise don't */
2585 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2586 return 0x02;
2587 else
2588 return 0x03;
2589 }
2590
2591 /* If remote requests no-bonding follow that lead */
2592 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2593 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2594
2595 return conn->auth_type;
2596}
2597
0493684e
MH		 2598static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599{
2600 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2601 struct hci_conn *conn;
2602
2603 BT_DBG("%s", hdev->name);
2604
2605 hci_dev_lock(hdev);
2606
2607 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2608 if (!conn)
2609 goto unlock;
2610
2611 hci_conn_hold(conn);
2612
2613 if (!test_bit(HCI_MGMT, &hdev->flags))
2614 goto unlock;
2615
2616 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2617 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2618 struct hci_cp_io_capability_reply cp;
2619
2620 bacpy(&cp.bdaddr, &ev->bdaddr);
2621 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2622 conn->auth_type = hci_get_auth_req(conn);
2623 cp.authentication = conn->auth_type;
17fa4b9d 2624
ce85ee13
SJ		 2625 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2626 hci_find_remote_oob_data(hdev, &conn->dst))
2627 cp.oob_data = 0x01;
2628 else
2629 cp.oob_data = 0x00;
2630
17fa4b9d
JH		 2631 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2632 sizeof(cp), &cp);
03b555e1
JH		 2633 } else {
2634 struct hci_cp_io_capability_neg_reply cp;
2635
2636 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2637 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2638
03b555e1
JH		 2639 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2640 sizeof(cp), &cp);
2641 }
2642
2643unlock:
2644 hci_dev_unlock(hdev);
2645}
2646
2647static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2648{
2649 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2650 struct hci_conn *conn;
2651
2652 BT_DBG("%s", hdev->name);
2653
2654 hci_dev_lock(hdev);
2655
2656 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2657 if (!conn)
2658 goto unlock;
2659
03b555e1
JH		 2660 conn->remote_cap = ev->capability;
2661 conn->remote_oob = ev->oob_data;
2662 conn->remote_auth = ev->authentication;
2663
2664unlock:
0493684e
MH		 2665 hci_dev_unlock(hdev);
2666}
2667
a5c29683
JH		 2668static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2669 struct sk_buff *skb)
2670{
2671 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2672 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2673 struct hci_conn *conn;
a5c29683
JH		 2674
2675 BT_DBG("%s", hdev->name);
2676
2677 hci_dev_lock(hdev);
2678
7a828908
JH		 2679 if (!test_bit(HCI_MGMT, &hdev->flags))
2680 goto unlock;
a5c29683 2681
7a828908
JH		 2682 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2683 if (!conn)
2684 goto unlock;
2685
2686 loc_mitm = (conn->auth_type & 0x01);
2687 rem_mitm = (conn->remote_auth & 0x01);
2688
2689 /* If we require MITM but the remote device can't provide that
2690 * (it has NoInputNoOutput) then reject the confirmation
2691 * request. The only exception is when we're dedicated bonding
2692 * initiators (connect_cfm_cb set) since then we always have the MITM
2693 * bit set. */
2694 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2695 BT_DBG("Rejecting request: remote device can't provide MITM");
2696 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2697 sizeof(ev->bdaddr), &ev->bdaddr);
2698 goto unlock;
2699 }
2700
2701 /* If no side requires MITM protection; auto-accept */
2702 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2703 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2704
2705 /* If we're not the initiators request authorization to
2706 * proceed from user space (mgmt_user_confirm with
2707 * confirm_hint set to 1). */
2708 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2709 BT_DBG("Confirming auto-accept as acceptor");
2710 confirm_hint = 1;
2711 goto confirm;
2712 }
2713
9f61656a
JH		 2714 BT_DBG("Auto-accept of user confirmation with %ums delay",
2715 hdev->auto_accept_delay);
2716
2717 if (hdev->auto_accept_delay > 0) {
2718 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2719 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2720 goto unlock;
2721 }
2722
7a828908
JH		 2723 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2724 sizeof(ev->bdaddr), &ev->bdaddr);
2725 goto unlock;
2726 }
2727
55bc1a37 2728confirm:
744cf19e 2729 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2730 confirm_hint);
7a828908
JH		 2731
2732unlock:
a5c29683
JH		 2733 hci_dev_unlock(hdev);
2734}
2735
0493684e
MH		 2736static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737{
2738 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2739 struct hci_conn *conn;
2740
2741 BT_DBG("%s", hdev->name);
2742
2743 hci_dev_lock(hdev);
2744
2745 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2746 if (!conn)
2747 goto unlock;
2748
2749 /* To avoid duplicate auth_failed events to user space we check
2750 * the HCI_CONN_AUTH_PEND flag which will be set if we
2751 * initiated the authentication. A traditional auth_complete
2752 * event gets always produced as initiator and is also mapped to
2753 * the mgmt_auth_failed event */
2754 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2755 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2756
2a611692
JH		 2757 hci_conn_put(conn);
2758
2759unlock:
0493684e
MH		 2760 hci_dev_unlock(hdev);
2761}
2762
41a96212
MH		 2763static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2764{
2765 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2766 struct inquiry_entry *ie;
2767
2768 BT_DBG("%s", hdev->name);
2769
2770 hci_dev_lock(hdev);
2771
cc11b9c1
AE		 2772 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2773 if (ie)
41a96212
MH		 2774 ie->data.ssp_mode = (ev->features[0] & 0x01);
2775
2776 hci_dev_unlock(hdev);
2777}
2778
2763eda6
SJ		 2779static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2780 struct sk_buff *skb)
2781{
2782 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2783 struct oob_data *data;
2784
2785 BT_DBG("%s", hdev->name);
2786
2787 hci_dev_lock(hdev);
2788
e1ba1f15
SJ		 2789 if (!test_bit(HCI_MGMT, &hdev->flags))
2790 goto unlock;
2791
2763eda6
SJ		 2792 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2793 if (data) {
2794 struct hci_cp_remote_oob_data_reply cp;
2795
2796 bacpy(&cp.bdaddr, &ev->bdaddr);
2797 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2798 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2799
2800 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2801 &cp);
2802 } else {
2803 struct hci_cp_remote_oob_data_neg_reply cp;
2804
2805 bacpy(&cp.bdaddr, &ev->bdaddr);
2806 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2807 &cp);
2808 }
2809
e1ba1f15 2810unlock:
2763eda6
SJ		 2811 hci_dev_unlock(hdev);
2812}
2813
fcd89c09
VT		 2814static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2815{
2816 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2817 struct hci_conn *conn;
2818
2819 BT_DBG("%s status %d", hdev->name, ev->status);
2820
2821 hci_dev_lock(hdev);
2822
2823 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2824 if (!conn) {
2825 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2826 if (!conn) {
2827 BT_ERR("No memory for new connection");
2828 hci_dev_unlock(hdev);
2829 return;
2830 }
29b7988a
AG		 2831
2832 conn->dst_type = ev->bdaddr_type;
b62f328b 2833 }
fcd89c09
VT		 2834
2835 if (ev->status) {
744cf19e 2836 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, ev->status);
fcd89c09
VT		 2837 hci_proto_connect_cfm(conn, ev->status);
2838 conn->state = BT_CLOSED;
2839 hci_conn_del(conn);
2840 goto unlock;
2841 }
2842
744cf19e 2843 mgmt_connected(hdev, &ev->bdaddr, conn->type);
83bc71b4 2844
7b5c0d52 2845 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2846 conn->handle = __le16_to_cpu(ev->handle);
2847 conn->state = BT_CONNECTED;
2848
2849 hci_conn_hold_device(conn);
2850 hci_conn_add_sysfs(conn);
2851
2852 hci_proto_connect_cfm(conn, ev->status);
2853
2854unlock:
2855 hci_dev_unlock(hdev);
2856}
2857
9aa04c91
AG		 2858static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2859 struct sk_buff *skb)
2860{
e95beb41
AG		 2861 u8 num_reports = skb->data[0];
2862 void *ptr = &skb->data[1];
9aa04c91
AG		 2863
2864 hci_dev_lock(hdev);
2865
e95beb41
AG		 2866 while (num_reports--) {
2867 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2868
9aa04c91 2869 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2870
2871 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2872 }
2873
2874 hci_dev_unlock(hdev);
2875}
2876
a7a595f6
VCG		 2877static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2878 struct sk_buff *skb)
2879{
2880 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2881 struct hci_cp_le_ltk_reply cp;
bea710fe 2882 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2883 struct hci_conn *conn;
bea710fe 2884 struct link_key *ltk;
a7a595f6
VCG		 2885
2886 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2887
2888 hci_dev_lock(hdev);
2889
2890 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2891 if (conn == NULL)
2892 goto not_found;
a7a595f6 2893
bea710fe
VCG		 2894 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2895 if (ltk == NULL)
2896 goto not_found;
2897
2898 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2899 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2900 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2901
2902 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2903
2904 hci_dev_unlock(hdev);
bea710fe
VCG		 2905
2906 return;
2907
2908not_found:
2909 neg.handle = ev->handle;
2910 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2911 hci_dev_unlock(hdev);
a7a595f6
VCG		 2912}
2913
fcd89c09
VT		 2914static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2915{
2916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2917
2918 skb_pull(skb, sizeof(*le_ev));
2919
2920 switch (le_ev->subevent) {
2921 case HCI_EV_LE_CONN_COMPLETE:
2922 hci_le_conn_complete_evt(hdev, skb);
2923 break;
2924
9aa04c91
AG		 2925 case HCI_EV_LE_ADVERTISING_REPORT:
2926 hci_le_adv_report_evt(hdev, skb);
2927 break;
2928
a7a595f6
VCG		 2929 case HCI_EV_LE_LTK_REQ:
2930 hci_le_ltk_request_evt(hdev, skb);
2931 break;
2932
fcd89c09
VT		 2933 default:
2934 break;
2935 }
2936}
2937
a9de9248
MH		 2938void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2939{
2940 struct hci_event_hdr *hdr = (void *) skb->data;
2941 __u8 event = hdr->evt;
2942
2943 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2944
2945 switch (event) {
1da177e4
LT		 2946 case HCI_EV_INQUIRY_COMPLETE:
2947 hci_inquiry_complete_evt(hdev, skb);
2948 break;
2949
2950 case HCI_EV_INQUIRY_RESULT:
2951 hci_inquiry_result_evt(hdev, skb);
2952 break;
2953
a9de9248
MH		 2954 case HCI_EV_CONN_COMPLETE:
2955 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2956 break;
2957
1da177e4
LT		 2958 case HCI_EV_CONN_REQUEST:
2959 hci_conn_request_evt(hdev, skb);
2960 break;
2961
1da177e4
LT		 2962 case HCI_EV_DISCONN_COMPLETE:
2963 hci_disconn_complete_evt(hdev, skb);
2964 break;
2965
1da177e4
LT		 2966 case HCI_EV_AUTH_COMPLETE:
2967 hci_auth_complete_evt(hdev, skb);
2968 break;
2969
a9de9248
MH		 2970 case HCI_EV_REMOTE_NAME:
2971 hci_remote_name_evt(hdev, skb);
2972 break;
2973
1da177e4
LT		 2974 case HCI_EV_ENCRYPT_CHANGE:
2975 hci_encrypt_change_evt(hdev, skb);
2976 break;
2977
a9de9248
MH		 2978 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2979 hci_change_link_key_complete_evt(hdev, skb);
2980 break;
2981
2982 case HCI_EV_REMOTE_FEATURES:
2983 hci_remote_features_evt(hdev, skb);
2984 break;
2985
2986 case HCI_EV_REMOTE_VERSION:
2987 hci_remote_version_evt(hdev, skb);
2988 break;
2989
2990 case HCI_EV_QOS_SETUP_COMPLETE:
2991 hci_qos_setup_complete_evt(hdev, skb);
2992 break;
2993
2994 case HCI_EV_CMD_COMPLETE:
2995 hci_cmd_complete_evt(hdev, skb);
2996 break;
2997
2998 case HCI_EV_CMD_STATUS:
2999 hci_cmd_status_evt(hdev, skb);
3000 break;
3001
3002 case HCI_EV_ROLE_CHANGE:
3003 hci_role_change_evt(hdev, skb);
3004 break;
3005
3006 case HCI_EV_NUM_COMP_PKTS:
3007 hci_num_comp_pkts_evt(hdev, skb);
3008 break;
3009
3010 case HCI_EV_MODE_CHANGE:
3011 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3012 break;
3013
3014 case HCI_EV_PIN_CODE_REQ:
3015 hci_pin_code_request_evt(hdev, skb);
3016 break;
3017
3018 case HCI_EV_LINK_KEY_REQ:
3019 hci_link_key_request_evt(hdev, skb);
3020 break;
3021
3022 case HCI_EV_LINK_KEY_NOTIFY:
3023 hci_link_key_notify_evt(hdev, skb);
3024 break;
3025
3026 case HCI_EV_CLOCK_OFFSET:
3027 hci_clock_offset_evt(hdev, skb);
3028 break;
3029
a8746417
MH		 3030 case HCI_EV_PKT_TYPE_CHANGE:
3031 hci_pkt_type_change_evt(hdev, skb);
3032 break;
3033
85a1e930
MH		 3034 case HCI_EV_PSCAN_REP_MODE:
3035 hci_pscan_rep_mode_evt(hdev, skb);
3036 break;
3037
a9de9248
MH		 3038 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3039 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3040 break;
3041
a9de9248
MH		 3042 case HCI_EV_REMOTE_EXT_FEATURES:
3043 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3044 break;
3045
a9de9248
MH		 3046 case HCI_EV_SYNC_CONN_COMPLETE:
3047 hci_sync_conn_complete_evt(hdev, skb);
3048 break;
1da177e4 3049
a9de9248
MH		 3050 case HCI_EV_SYNC_CONN_CHANGED:
3051 hci_sync_conn_changed_evt(hdev, skb);
3052 break;
1da177e4 3053
a9de9248
MH		 3054 case HCI_EV_SNIFF_SUBRATE:
3055 hci_sniff_subrate_evt(hdev, skb);
3056 break;
1da177e4 3057
a9de9248
MH		 3058 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3059 hci_extended_inquiry_result_evt(hdev, skb);
3060 break;
1da177e4 3061
0493684e
MH		 3062 case HCI_EV_IO_CAPA_REQUEST:
3063 hci_io_capa_request_evt(hdev, skb);
3064 break;
3065
03b555e1
JH		 3066 case HCI_EV_IO_CAPA_REPLY:
3067 hci_io_capa_reply_evt(hdev, skb);
3068 break;
3069
a5c29683
JH		 3070 case HCI_EV_USER_CONFIRM_REQUEST:
3071 hci_user_confirm_request_evt(hdev, skb);
3072 break;
3073
0493684e
MH		 3074 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3075 hci_simple_pair_complete_evt(hdev, skb);
3076 break;
3077
41a96212
MH		 3078 case HCI_EV_REMOTE_HOST_FEATURES:
3079 hci_remote_host_features_evt(hdev, skb);
3080 break;
3081
fcd89c09
VT		 3082 case HCI_EV_LE_META:
3083 hci_le_meta_evt(hdev, skb);
3084 break;
3085
2763eda6
SJ		 3086 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3087 hci_remote_oob_data_request_evt(hdev, skb);
3088 break;
3089
a9de9248
MH		 3090 default:
3091 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3092 break;
3093 }
3094
3095 kfree_skb(skb);
3096 hdev->stat.evt_rx++;
3097}
3098
3099/* Generate internal stack event */
3100void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3101{
3102 struct hci_event_hdr *hdr;
3103 struct hci_ev_stack_internal *ev;
3104 struct sk_buff *skb;
3105
3106 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3107 if (!skb)
3108 return;
3109
3110 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3111 hdr->evt = HCI_EV_STACK_INTERNAL;
3112 hdr->plen = sizeof(*ev) + dlen;
3113
3114 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3115 ev->type = type;
3116 memcpy(ev->data, data, dlen);
3117
576c7d85 3118 bt_cb(skb)->incoming = 1;
a61bbcf2 3119 __net_timestamp(skb);
576c7d85 3120
0d48d939 3121 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3122 skb->dev = (void *) hdev;
eec8d2bc 3123 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3124 kfree_skb(skb);
3125}
e6100a25 3126
669bb396 3127module_param(enable_le, bool, 0644);
e6100a25 3128MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)