projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Add support for Set Link Security command
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
7005ff17 198 /* Reset all flags, except persistent ones */
95947a39
HG		 199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
a9de9248 201}
04837f64 202
a9de9248
MH		 203static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204{
205 __u8 status = *((__u8 *) skb->data);
206 void *sent;
04837f64 207
a9de9248 208 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 209
a9de9248
MH		 210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
211 if (!sent)
212 return;
04837f64 213
56e5cb86
JH		 214 hci_dev_lock(hdev);
215
a8b2d5c2 216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 217 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 218
56e5cb86
JH		 219 if (status == 0)
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 221
56e5cb86 222 hci_dev_unlock(hdev);
a9de9248
MH		 223}
224
225static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
228
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
230
231 if (rp->status)
232 return;
233
1f6c6378 234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
33ef95ed
JH		 257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
23bb5763 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
a9de9248 268 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
1da177e4 282
23bb5763 283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
a9de9248 292 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
2d7cee58 302 if (status != 0) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
23bb5763 332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 333}
1da177e4 334
a9de9248
MH		 335static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336{
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 338
a9de9248 339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 340
a9de9248
MH		 341 if (rp->status)
342 return;
1da177e4 343
a9de9248 344 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 345
a9de9248
MH		 346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348}
1da177e4 349
a9de9248
MH		 350static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351{
352 __u8 status = *((__u8 *) skb->data);
353 void *sent;
1da177e4 354
a9de9248 355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
f383f275
MH		 357 if (status)
358 return;
359
a9de9248
MH		 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 if (!sent)
362 return;
1da177e4 363
f383f275 364 memcpy(hdev->dev_class, sent, 3);
a9de9248 365}
1da177e4 366
a9de9248
MH		 367static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
370 __u16 setting;
371
372 BT_DBG("%s status 0x%x", hdev->name, rp->status);
373
374 if (rp->status)
375 return;
376
377 setting = __le16_to_cpu(rp->voice_setting);
378
f383f275 379 if (hdev->voice_setting == setting)
a9de9248
MH		 380 return;
381
382 hdev->voice_setting = setting;
383
384 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
385
3c54711c 386 if (hdev->notify)
a9de9248 387 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 388}
389
390static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
391{
392 __u8 status = *((__u8 *) skb->data);
f383f275 393 __u16 setting;
a9de9248
MH		 394 void *sent;
395
396 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 397
f383f275
MH		 398 if (status)
399 return;
400
a9de9248
MH		 401 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 if (!sent)
403 return;
1da177e4 404
f383f275 405 setting = get_unaligned_le16(sent);
1da177e4 406
f383f275
MH		 407 if (hdev->voice_setting == setting)
408 return;
409
410 hdev->voice_setting = setting;
1da177e4 411
f383f275 412 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 413
3c54711c 414 if (hdev->notify)
f383f275 415 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 416}
417
a9de9248 418static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 419{
a9de9248 420 __u8 status = *((__u8 *) skb->data);
1da177e4 421
a9de9248 422 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 423
23bb5763 424 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 425}
1143e5a6 426
333140b5
MH		 427static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
428{
429 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
430
431 BT_DBG("%s status 0x%x", hdev->name, rp->status);
432
433 if (rp->status)
434 return;
435
84bde9d6
JH		 436 if (rp->mode)
437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
438 else
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
333140b5
MH		 440}
441
442static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443{
444 __u8 status = *((__u8 *) skb->data);
445 void *sent;
446
447 BT_DBG("%s status 0x%x", hdev->name, status);
448
449 if (status)
450 return;
451
452 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
453 if (!sent)
454 return;
455
84bde9d6
JH		 456 if (*((u8 *) sent))
457 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 else
459 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
333140b5
MH		 460}
461
d5859e22
JH		 462static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
463{
464 if (hdev->features[6] & LMP_EXT_INQ)
465 return 2;
466
467 if (hdev->features[3] & LMP_RSSI_INQ)
468 return 1;
469
470 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
471 hdev->lmp_subver == 0x0757)
472 return 1;
473
474 if (hdev->manufacturer == 15) {
475 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
476 return 1;
477 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
478 return 1;
479 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
480 return 1;
481 }
482
483 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
484 hdev->lmp_subver == 0x1805)
485 return 1;
486
487 return 0;
488}
489
490static void hci_setup_inquiry_mode(struct hci_dev *hdev)
491{
492 u8 mode;
493
494 mode = hci_get_inquiry_mode(hdev);
495
496 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
497}
498
499static void hci_setup_event_mask(struct hci_dev *hdev)
500{
501 /* The second byte is 0xff instead of 0x9f (two reserved bits
502 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
503 * command otherwise */
504 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
505
6de6c18d
VT		 506 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
507 * any event mask for pre 1.2 devices */
5a13b095 508 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 509 return;
510
511 events[4] |= 0x01; /* Flow Specification Complete */
512 events[4] |= 0x02; /* Inquiry Result with RSSI */
513 events[4] |= 0x04; /* Read Remote Extended Features Complete */
514 events[5] |= 0x08; /* Synchronous Connection Complete */
515 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 516
517 if (hdev->features[3] & LMP_RSSI_INQ)
518 events[4] |= 0x04; /* Inquiry Result with RSSI */
519
520 if (hdev->features[5] & LMP_SNIFF_SUBR)
521 events[5] |= 0x20; /* Sniff Subrating */
522
523 if (hdev->features[5] & LMP_PAUSE_ENC)
524 events[5] |= 0x80; /* Encryption Key Refresh Complete */
525
526 if (hdev->features[6] & LMP_EXT_INQ)
527 events[5] |= 0x40; /* Extended Inquiry Result */
528
529 if (hdev->features[6] & LMP_NO_FLUSH)
530 events[7] |= 0x01; /* Enhanced Flush Complete */
531
532 if (hdev->features[7] & LMP_LSTO)
533 events[6] |= 0x80; /* Link Supervision Timeout Changed */
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 events[6] |= 0x01; /* IO Capability Request */
537 events[6] |= 0x02; /* IO Capability Response */
538 events[6] |= 0x04; /* User Confirmation Request */
539 events[6] |= 0x08; /* User Passkey Request */
540 events[6] |= 0x10; /* Remote OOB Data Request */
541 events[6] |= 0x20; /* Simple Pairing Complete */
542 events[7] |= 0x04; /* User Passkey Notification */
543 events[7] |= 0x08; /* Keypress Notification */
544 events[7] |= 0x10; /* Remote Host Supported
545 * Features Notification */
546 }
547
548 if (hdev->features[4] & LMP_LE)
549 events[7] |= 0x20; /* LE Meta-Event */
550
551 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
552}
553
e6100a25
AG		 554static void hci_set_le_support(struct hci_dev *hdev)
555{
556 struct hci_cp_write_le_host_supported cp;
557
558 memset(&cp, 0, sizeof(cp));
559
560 if (enable_le) {
561 cp.le = 1;
562 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
563 }
564
565 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
566}
567
d5859e22
JH		 568static void hci_setup(struct hci_dev *hdev)
569{
e61ef499
AE		 570 if (hdev->dev_type != HCI_BREDR)
571 return;
572
d5859e22
JH		 573 hci_setup_event_mask(hdev);
574
d095c1eb 575 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 576 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
577
578 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
579 u8 mode = 0x01;
580 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
581 }
582
583 if (hdev->features[3] & LMP_RSSI_INQ)
584 hci_setup_inquiry_mode(hdev);
585
586 if (hdev->features[7] & LMP_INQ_TX_PWR)
587 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 588
589 if (hdev->features[7] & LMP_EXTFEATURES) {
590 struct hci_cp_read_local_ext_features cp;
591
592 cp.page = 0x01;
593 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
594 sizeof(cp), &cp);
595 }
e6100a25
AG		 596
597 if (hdev->features[4] & LMP_LE)
598 hci_set_le_support(hdev);
d5859e22
JH		 599}
600
a9de9248
MH		 601static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
602{
603 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 604
a9de9248 605 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 606
a9de9248
MH		 607 if (rp->status)
608 return;
1143e5a6 609
a9de9248 610 hdev->hci_ver = rp->hci_ver;
e4e8e37c 611 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 612 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 613 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 614 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 615
a9de9248
MH		 616 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
617 hdev->manufacturer,
618 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 619
620 if (test_bit(HCI_INIT, &hdev->flags))
621 hci_setup(hdev);
622}
623
624static void hci_setup_link_policy(struct hci_dev *hdev)
625{
626 u16 link_policy = 0;
627
628 if (hdev->features[0] & LMP_RSWITCH)
629 link_policy |= HCI_LP_RSWITCH;
630 if (hdev->features[0] & LMP_HOLD)
631 link_policy |= HCI_LP_HOLD;
632 if (hdev->features[0] & LMP_SNIFF)
633 link_policy |= HCI_LP_SNIFF;
634 if (hdev->features[1] & LMP_PARK)
635 link_policy |= HCI_LP_PARK;
636
637 link_policy = cpu_to_le16(link_policy);
638 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
639 sizeof(link_policy), &link_policy);
a9de9248 640}
1da177e4 641
a9de9248
MH		 642static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
643{
644 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 645
a9de9248 646 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 647
a9de9248 648 if (rp->status)
d5859e22 649 goto done;
1da177e4 650
a9de9248 651 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 652
653 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
654 hci_setup_link_policy(hdev);
655
656done:
657 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 658}
1da177e4 659
a9de9248
MH		 660static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
661{
662 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 663
a9de9248 664 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 665
a9de9248
MH		 666 if (rp->status)
667 return;
5b7f9909 668
a9de9248 669 memcpy(hdev->features, rp->features, 8);
5b7f9909 670
a9de9248
MH		 671 /* Adjust default settings according to features
672 * supported by device. */
1da177e4 673
a9de9248
MH		 674 if (hdev->features[0] & LMP_3SLOT)
675 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 676
a9de9248
MH		 677 if (hdev->features[0] & LMP_5SLOT)
678 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 679
a9de9248
MH		 680 if (hdev->features[1] & LMP_HV2) {
681 hdev->pkt_type |= (HCI_HV2);
682 hdev->esco_type |= (ESCO_HV2);
683 }
1da177e4 684
a9de9248
MH		 685 if (hdev->features[1] & LMP_HV3) {
686 hdev->pkt_type |= (HCI_HV3);
687 hdev->esco_type |= (ESCO_HV3);
688 }
1da177e4 689
a9de9248
MH		 690 if (hdev->features[3] & LMP_ESCO)
691 hdev->esco_type |= (ESCO_EV3);
da1f5198 692
a9de9248
MH		 693 if (hdev->features[4] & LMP_EV4)
694 hdev->esco_type |= (ESCO_EV4);
da1f5198 695
a9de9248
MH		 696 if (hdev->features[4] & LMP_EV5)
697 hdev->esco_type |= (ESCO_EV5);
1da177e4 698
efc7688b
MH		 699 if (hdev->features[5] & LMP_EDR_ESCO_2M)
700 hdev->esco_type |= (ESCO_2EV3);
701
702 if (hdev->features[5] & LMP_EDR_ESCO_3M)
703 hdev->esco_type |= (ESCO_3EV3);
704
705 if (hdev->features[5] & LMP_EDR_3S_ESCO)
706 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
707
a9de9248
MH		 708 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
709 hdev->features[0], hdev->features[1],
710 hdev->features[2], hdev->features[3],
711 hdev->features[4], hdev->features[5],
712 hdev->features[6], hdev->features[7]);
713}
1da177e4 714
971e3a4b
AG		 715static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
716 struct sk_buff *skb)
717{
718 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
719
720 BT_DBG("%s status 0x%x", hdev->name, rp->status);
721
722 if (rp->status)
723 return;
724
b5b32b65
AG		 725 switch (rp->page) {
726 case 0:
727 memcpy(hdev->features, rp->features, 8);
728 break;
729 case 1:
730 memcpy(hdev->host_features, rp->features, 8);
731 break;
732 }
971e3a4b
AG		 733
734 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
735}
736
1e89cffb
AE		 737static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
738 struct sk_buff *skb)
739{
740 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
741
742 BT_DBG("%s status 0x%x", hdev->name, rp->status);
743
744 if (rp->status)
745 return;
746
747 hdev->flow_ctl_mode = rp->mode;
748
749 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
750}
751
a9de9248
MH		 752static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
753{
754 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 755
a9de9248 756 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 757
a9de9248
MH		 758 if (rp->status)
759 return;
1da177e4 760
a9de9248
MH		 761 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
762 hdev->sco_mtu = rp->sco_mtu;
763 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
764 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
765
766 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
767 hdev->sco_mtu = 64;
768 hdev->sco_pkts = 8;
1da177e4 769 }
a9de9248
MH		 770
771 hdev->acl_cnt = hdev->acl_pkts;
772 hdev->sco_cnt = hdev->sco_pkts;
773
774 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
775 hdev->acl_mtu, hdev->acl_pkts,
776 hdev->sco_mtu, hdev->sco_pkts);
777}
778
779static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
780{
781 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
782
783 BT_DBG("%s status 0x%x", hdev->name, rp->status);
784
785 if (!rp->status)
786 bacpy(&hdev->bdaddr, &rp->bdaddr);
787
23bb5763
JH		 788 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
789}
790
350ee4cf
AE		 791static void hci_cc_read_data_block_size(struct hci_dev *hdev,
792 struct sk_buff *skb)
793{
794 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
795
796 BT_DBG("%s status 0x%x", hdev->name, rp->status);
797
798 if (rp->status)
799 return;
800
801 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
802 hdev->block_len = __le16_to_cpu(rp->block_len);
803 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
804
805 hdev->block_cnt = hdev->num_blocks;
806
807 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
808 hdev->block_cnt, hdev->block_len);
809
810 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
811}
812
23bb5763
JH		 813static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
814{
815 __u8 status = *((__u8 *) skb->data);
816
817 BT_DBG("%s status 0x%x", hdev->name, status);
818
819 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 820}
821
928abaa7
AE		 822static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
823 struct sk_buff *skb)
824{
825 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
826
827 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828
829 if (rp->status)
830 return;
831
832 hdev->amp_status = rp->amp_status;
833 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
834 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
835 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
836 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
837 hdev->amp_type = rp->amp_type;
838 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
839 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
840 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
841 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
842
843 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
844}
845
b0916ea0
JH		 846static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
847 struct sk_buff *skb)
848{
849 __u8 status = *((__u8 *) skb->data);
850
851 BT_DBG("%s status 0x%x", hdev->name, status);
852
853 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
854}
855
d5859e22
JH		 856static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
857{
858 __u8 status = *((__u8 *) skb->data);
859
860 BT_DBG("%s status 0x%x", hdev->name, status);
861
862 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
863}
864
865static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
866 struct sk_buff *skb)
867{
868 __u8 status = *((__u8 *) skb->data);
869
870 BT_DBG("%s status 0x%x", hdev->name, status);
871
872 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
873}
874
875static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
876 struct sk_buff *skb)
877{
878 __u8 status = *((__u8 *) skb->data);
879
880 BT_DBG("%s status 0x%x", hdev->name, status);
881
882 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
883}
884
885static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
886{
887 __u8 status = *((__u8 *) skb->data);
888
889 BT_DBG("%s status 0x%x", hdev->name, status);
890
891 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
892}
893
980e1a53
JH		 894static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
895{
896 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
897 struct hci_cp_pin_code_reply *cp;
898 struct hci_conn *conn;
899
900 BT_DBG("%s status 0x%x", hdev->name, rp->status);
901
56e5cb86
JH		 902 hci_dev_lock(hdev);
903
a8b2d5c2 904 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 905 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 906
907 if (rp->status != 0)
56e5cb86 908 goto unlock;
980e1a53
JH		 909
910 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
911 if (!cp)
56e5cb86 912 goto unlock;
980e1a53
JH		 913
914 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
915 if (conn)
916 conn->pin_length = cp->pin_len;
56e5cb86
JH		 917
918unlock:
919 hci_dev_unlock(hdev);
980e1a53
JH		 920}
921
922static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
923{
924 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
925
926 BT_DBG("%s status 0x%x", hdev->name, rp->status);
927
56e5cb86
JH		 928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 931 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 932 rp->status);
56e5cb86
JH		 933
934 hci_dev_unlock(hdev);
980e1a53 935}
56e5cb86 936
6ed58ec5
VT		 937static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
938 struct sk_buff *skb)
939{
940 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
941
942 BT_DBG("%s status 0x%x", hdev->name, rp->status);
943
944 if (rp->status)
945 return;
946
947 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
948 hdev->le_pkts = rp->le_max_pkt;
949
950 hdev->le_cnt = hdev->le_pkts;
951
952 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
953
954 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
955}
980e1a53 956
a5c29683
JH		 957static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
958{
959 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
960
961 BT_DBG("%s status 0x%x", hdev->name, rp->status);
962
56e5cb86
JH		 963 hci_dev_lock(hdev);
964
a8b2d5c2 965 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 966 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
967 0, rp->status);
56e5cb86
JH		 968
969 hci_dev_unlock(hdev);
a5c29683
JH		 970}
971
972static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
973 struct sk_buff *skb)
974{
975 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
976
977 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978
56e5cb86
JH		 979 hci_dev_lock(hdev);
980
a8b2d5c2 981 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 982 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 983 ACL_LINK, 0,
a5c29683 984 rp->status);
56e5cb86
JH		 985
986 hci_dev_unlock(hdev);
a5c29683
JH		 987}
988
1143d458
BG		 989static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
990{
991 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
992
993 BT_DBG("%s status 0x%x", hdev->name, rp->status);
994
995 hci_dev_lock(hdev);
996
a8b2d5c2 997 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 998 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
999 0, rp->status);
1143d458
BG		 1000
1001 hci_dev_unlock(hdev);
1002}
1003
1004static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1005 struct sk_buff *skb)
1006{
1007 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1008
1009 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1010
1011 hci_dev_lock(hdev);
1012
a8b2d5c2 1013 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1014 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1015 ACL_LINK, 0,
1143d458
BG		 1016 rp->status);
1017
1018 hci_dev_unlock(hdev);
1019}
1020
c35938b2
SJ		 1021static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1023{
1024 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1025
1026 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1027
56e5cb86 1028 hci_dev_lock(hdev);
744cf19e 1029 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1030 rp->randomizer, rp->status);
56e5cb86 1031 hci_dev_unlock(hdev);
c35938b2
SJ		 1032}
1033
07f7fa5d
AG		 1034static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1035{
1036 __u8 status = *((__u8 *) skb->data);
1037
1038 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1039
1040 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1041
1042 if (status) {
1043 hci_dev_lock(hdev);
1044 mgmt_start_discovery_failed(hdev, status);
1045 hci_dev_unlock(hdev);
1046 return;
1047 }
07f7fa5d
AG		 1048}
1049
eb9d91f5
AG		 1050static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1051 struct sk_buff *skb)
1052{
1053 struct hci_cp_le_set_scan_enable *cp;
1054 __u8 status = *((__u8 *) skb->data);
1055
1056 BT_DBG("%s status 0x%x", hdev->name, status);
1057
eb9d91f5
AG		 1058 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1059 if (!cp)
1060 return;
1061
68a8aea4
AE		 1062 switch (cp->enable) {
1063 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1064 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1065
3fd24153
AG		 1066 if (status) {
1067 hci_dev_lock(hdev);
1068 mgmt_start_discovery_failed(hdev, status);
1069 hci_dev_unlock(hdev);
7ba8b4be 1070 return;
3fd24153 1071 }
7ba8b4be 1072
d23264a8
AG		 1073 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1074
db323f2f 1075 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1076
1077 hci_dev_lock(hdev);
eb9d91f5 1078 hci_adv_entries_clear(hdev);
c599008f 1079 hci_discovery_set_state(hdev, DISCOVERY_LE_SCAN);
a8f13c8c 1080 hci_dev_unlock(hdev);
68a8aea4
AE		 1081 break;
1082
1083 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1084 if (status)
1085 return;
1086
d23264a8
AG		 1087 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1088
c599008f
AG		 1089 hci_dev_lock(hdev);
1090 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1091 hci_dev_unlock(hdev);
1092
d084329e 1093 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1094 break;
1095
1096 default:
1097 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1098 break;
35815085 1099 }
eb9d91f5
AG		 1100}
1101
a7a595f6
VCG		 1102static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1103{
1104 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1105
1106 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1107
1108 if (rp->status)
1109 return;
1110
1111 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1112}
1113
1114static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1115{
1116 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1117
1118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1119
1120 if (rp->status)
1121 return;
1122
1123 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1124}
1125
f9b49306
AG		 1126static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1127 struct sk_buff *skb)
1128{
1129 struct hci_cp_read_local_ext_features cp;
1130 __u8 status = *((__u8 *) skb->data);
1131
1132 BT_DBG("%s status 0x%x", hdev->name, status);
1133
1134 if (status)
1135 return;
1136
1137 cp.page = 0x01;
1138 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1139}
1140
a9de9248
MH		 1141static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1142{
1143 BT_DBG("%s status 0x%x", hdev->name, status);
1144
1145 if (status) {
23bb5763 1146 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1147 hci_conn_check_pending(hdev);
56e5cb86 1148 hci_dev_lock(hdev);
a8b2d5c2 1149 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1150 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1151 hci_dev_unlock(hdev);
314b2381
JH		 1152 return;
1153 }
1154
89352e7d
AG		 1155 set_bit(HCI_INQUIRY, &hdev->flags);
1156
56e5cb86 1157 hci_dev_lock(hdev);
30dc78e1 1158 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1159 hci_dev_unlock(hdev);
1da177e4
LT		 1160}
1161
1da177e4
LT		 1162static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1163{
a9de9248 1164 struct hci_cp_create_conn *cp;
1da177e4 1165 struct hci_conn *conn;
1da177e4 1166
a9de9248
MH		 1167 BT_DBG("%s status 0x%x", hdev->name, status);
1168
1169 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1170 if (!cp)
1171 return;
1172
1173 hci_dev_lock(hdev);
1174
1175 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1176
a9de9248 1177 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1178
1179 if (status) {
1180 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1181 if (status != 0x0c || conn->attempt > 2) {
1182 conn->state = BT_CLOSED;
1183 hci_proto_connect_cfm(conn, status);
1184 hci_conn_del(conn);
1185 } else
1186 conn->state = BT_CONNECT2;
1da177e4
LT		 1187 }
1188 } else {
1189 if (!conn) {
1190 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1191 if (conn) {
a0c808b3 1192 conn->out = true;
1da177e4
LT		 1193 conn->link_mode |= HCI_LM_MASTER;
1194 } else
893ef971 1195 BT_ERR("No memory for new connection");
1da177e4
LT		 1196 }
1197 }
1198
1199 hci_dev_unlock(hdev);
1200}
1201
a9de9248 1202static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1203{
a9de9248
MH		 1204 struct hci_cp_add_sco *cp;
1205 struct hci_conn *acl, *sco;
1206 __u16 handle;
1da177e4 1207
b6a0dc82
MH		 1208 BT_DBG("%s status 0x%x", hdev->name, status);
1209
a9de9248
MH		 1210 if (!status)
1211 return;
1da177e4 1212
a9de9248
MH		 1213 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1214 if (!cp)
1215 return;
1da177e4 1216
a9de9248 1217 handle = __le16_to_cpu(cp->handle);
1da177e4 1218
a9de9248 1219 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1220
a9de9248 1221 hci_dev_lock(hdev);
1da177e4 1222
a9de9248 1223 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1224 if (acl) {
1225 sco = acl->link;
1226 if (sco) {
1227 sco->state = BT_CLOSED;
1da177e4 1228
5a08ecce
AE		 1229 hci_proto_connect_cfm(sco, status);
1230 hci_conn_del(sco);
1231 }
a9de9248 1232 }
1da177e4 1233
a9de9248
MH		 1234 hci_dev_unlock(hdev);
1235}
1da177e4 1236
f8558555
MH		 1237static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1238{
1239 struct hci_cp_auth_requested *cp;
1240 struct hci_conn *conn;
1241
1242 BT_DBG("%s status 0x%x", hdev->name, status);
1243
1244 if (!status)
1245 return;
1246
1247 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1248 if (!cp)
1249 return;
1250
1251 hci_dev_lock(hdev);
1252
1253 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1254 if (conn) {
1255 if (conn->state == BT_CONFIG) {
1256 hci_proto_connect_cfm(conn, status);
1257 hci_conn_put(conn);
1258 }
1259 }
1260
1261 hci_dev_unlock(hdev);
1262}
1263
1264static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1265{
1266 struct hci_cp_set_conn_encrypt *cp;
1267 struct hci_conn *conn;
1268
1269 BT_DBG("%s status 0x%x", hdev->name, status);
1270
1271 if (!status)
1272 return;
1273
1274 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1275 if (!cp)
1276 return;
1277
1278 hci_dev_lock(hdev);
1279
1280 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1281 if (conn) {
1282 if (conn->state == BT_CONFIG) {
1283 hci_proto_connect_cfm(conn, status);
1284 hci_conn_put(conn);
1285 }
1286 }
1287
1288 hci_dev_unlock(hdev);
1289}
1290
127178d2 1291static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1292 struct hci_conn *conn)
392599b9 1293{
392599b9
JH		 1294 if (conn->state != BT_CONFIG || !conn->out)
1295 return 0;
1296
765c2a96 1297 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1298 return 0;
1299
1300 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1301 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1302 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1303 conn->pending_sec_level != BT_SECURITY_HIGH &&
1304 !(conn->auth_type & 0x01))
392599b9
JH		 1305 return 0;
1306
392599b9
JH		 1307 return 1;
1308}
1309
30dc78e1
JH		 1310static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1311{
1312 struct hci_cp_remote_name_req cp;
1313
1314 memset(&cp, 0, sizeof(cp));
1315
1316 bacpy(&cp.bdaddr, &e->data.bdaddr);
1317 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1318 cp.pscan_mode = e->data.pscan_mode;
1319 cp.clock_offset = e->data.clock_offset;
1320
1321 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1322}
1323
b644ba33 1324static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1325{
1326 struct discovery_state *discov = &hdev->discovery;
1327 struct inquiry_entry *e;
1328
b644ba33
JH		 1329 if (list_empty(&discov->resolve))
1330 return false;
1331
1332 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1333 if (hci_resolve_name(hdev, e) == 0) {
1334 e->name_state = NAME_PENDING;
1335 return true;
1336 }
1337
1338 return false;
1339}
1340
1341static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1342 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1343{
1344 struct discovery_state *discov = &hdev->discovery;
1345 struct inquiry_entry *e;
1346
1347 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1348 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1349 name, name_len, conn->dev_class);
1350
1351 if (discov->state == DISCOVERY_STOPPED)
1352 return;
1353
30dc78e1
JH		 1354 if (discov->state == DISCOVERY_STOPPING)
1355 goto discov_complete;
1356
1357 if (discov->state != DISCOVERY_RESOLVING)
1358 return;
1359
1360 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1361 if (e) {
1362 e->name_state = NAME_KNOWN;
1363 list_del(&e->list);
b644ba33
JH		 1364 if (name)
1365 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1366 e->data.rssi, name, name_len);
30dc78e1
JH		 1367 }
1368
b644ba33 1369 if (hci_resolve_next_name(hdev))
30dc78e1 1370 return;
30dc78e1
JH		 1371
1372discov_complete:
1373 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1374}
1375
a9de9248
MH		 1376static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1377{
127178d2
JH		 1378 struct hci_cp_remote_name_req *cp;
1379 struct hci_conn *conn;
1380
a9de9248 1381 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1382
1383 /* If successful wait for the name req complete event before
1384 * checking for the need to do authentication */
1385 if (!status)
1386 return;
1387
1388 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1389 if (!cp)
1390 return;
1391
1392 hci_dev_lock(hdev);
1393
b644ba33
JH		 1394 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1395
a8b2d5c2 1396 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1397 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1398
79c6c70c
JH		 1399 if (!conn)
1400 goto unlock;
1401
1402 if (!hci_outgoing_auth_needed(hdev, conn))
1403 goto unlock;
1404
51a8efd7 1405 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1406 struct hci_cp_auth_requested cp;
1407 cp.handle = __cpu_to_le16(conn->handle);
1408 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1409 }
1410
79c6c70c 1411unlock:
127178d2 1412 hci_dev_unlock(hdev);
a9de9248 1413}
1da177e4 1414
769be974
MH		 1415static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1416{
1417 struct hci_cp_read_remote_features *cp;
1418 struct hci_conn *conn;
1419
1420 BT_DBG("%s status 0x%x", hdev->name, status);
1421
1422 if (!status)
1423 return;
1424
1425 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1426 if (!cp)
1427 return;
1428
1429 hci_dev_lock(hdev);
1430
1431 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1432 if (conn) {
1433 if (conn->state == BT_CONFIG) {
769be974
MH		 1434 hci_proto_connect_cfm(conn, status);
1435 hci_conn_put(conn);
1436 }
1437 }
1438
1439 hci_dev_unlock(hdev);
1440}
1441
1442static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1443{
1444 struct hci_cp_read_remote_ext_features *cp;
1445 struct hci_conn *conn;
1446
1447 BT_DBG("%s status 0x%x", hdev->name, status);
1448
1449 if (!status)
1450 return;
1451
1452 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1453 if (!cp)
1454 return;
1455
1456 hci_dev_lock(hdev);
1457
1458 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1459 if (conn) {
1460 if (conn->state == BT_CONFIG) {
769be974
MH		 1461 hci_proto_connect_cfm(conn, status);
1462 hci_conn_put(conn);
1463 }
1464 }
1465
1466 hci_dev_unlock(hdev);
1467}
1468
a9de9248
MH		 1469static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1470{
b6a0dc82
MH		 1471 struct hci_cp_setup_sync_conn *cp;
1472 struct hci_conn *acl, *sco;
1473 __u16 handle;
1474
a9de9248 1475 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1476
1477 if (!status)
1478 return;
1479
1480 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1481 if (!cp)
1482 return;
1483
1484 handle = __le16_to_cpu(cp->handle);
1485
1486 BT_DBG("%s handle %d", hdev->name, handle);
1487
1488 hci_dev_lock(hdev);
1489
1490 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1491 if (acl) {
1492 sco = acl->link;
1493 if (sco) {
1494 sco->state = BT_CLOSED;
b6a0dc82 1495
5a08ecce
AE		 1496 hci_proto_connect_cfm(sco, status);
1497 hci_conn_del(sco);
1498 }
b6a0dc82
MH		 1499 }
1500
1501 hci_dev_unlock(hdev);
1da177e4
LT		 1502}
1503
a9de9248 1504static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1505{
a9de9248
MH		 1506 struct hci_cp_sniff_mode *cp;
1507 struct hci_conn *conn;
1da177e4 1508
a9de9248 1509 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1510
a9de9248
MH		 1511 if (!status)
1512 return;
04837f64 1513
a9de9248
MH		 1514 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1515 if (!cp)
1516 return;
04837f64 1517
a9de9248 1518 hci_dev_lock(hdev);
04837f64 1519
a9de9248 1520 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1521 if (conn) {
51a8efd7 1522 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1523
51a8efd7 1524 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1525 hci_sco_setup(conn, status);
1526 }
1527
a9de9248
MH		 1528 hci_dev_unlock(hdev);
1529}
04837f64 1530
a9de9248
MH		 1531static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1532{
1533 struct hci_cp_exit_sniff_mode *cp;
1534 struct hci_conn *conn;
04837f64 1535
a9de9248 1536 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1537
a9de9248
MH		 1538 if (!status)
1539 return;
04837f64 1540
a9de9248
MH		 1541 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1542 if (!cp)
1543 return;
04837f64 1544
a9de9248 1545 hci_dev_lock(hdev);
1da177e4 1546
a9de9248 1547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1548 if (conn) {
51a8efd7 1549 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1550
51a8efd7 1551 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1552 hci_sco_setup(conn, status);
1553 }
1554
a9de9248 1555 hci_dev_unlock(hdev);
1da177e4
LT		 1556}
1557
88c3df13
JH		 1558static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1559{
1560 struct hci_cp_disconnect *cp;
1561 struct hci_conn *conn;
1562
1563 if (!status)
1564 return;
1565
1566 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1567 if (!cp)
1568 return;
1569
1570 hci_dev_lock(hdev);
1571
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1573 if (conn)
1574 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1575 conn->dst_type, status);
1576
1577 hci_dev_unlock(hdev);
1578}
1579
fcd89c09
VT		 1580static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1581{
1582 struct hci_cp_le_create_conn *cp;
1583 struct hci_conn *conn;
1584
1585 BT_DBG("%s status 0x%x", hdev->name, status);
1586
1587 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1588 if (!cp)
1589 return;
1590
1591 hci_dev_lock(hdev);
1592
1593 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1594
1595 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1596 conn);
1597
1598 if (status) {
1599 if (conn && conn->state == BT_CONNECT) {
1600 conn->state = BT_CLOSED;
1601 hci_proto_connect_cfm(conn, status);
1602 hci_conn_del(conn);
1603 }
1604 } else {
1605 if (!conn) {
1606 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1607 if (conn) {
1608 conn->dst_type = cp->peer_addr_type;
a0c808b3 1609 conn->out = true;
29b7988a 1610 } else {
fcd89c09 1611 BT_ERR("No memory for new connection");
29b7988a 1612 }
fcd89c09
VT		 1613 }
1614 }
1615
1616 hci_dev_unlock(hdev);
1617}
1618
a7a595f6
VCG		 1619static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1620{
1621 BT_DBG("%s status 0x%x", hdev->name, status);
1622}
1623
1da177e4
LT		 1624static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1625{
1626 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1627 struct discovery_state *discov = &hdev->discovery;
1628 struct inquiry_entry *e;
1da177e4
LT		 1629
1630 BT_DBG("%s status %d", hdev->name, status);
1631
23bb5763 1632 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1633
a9de9248 1634 hci_conn_check_pending(hdev);
89352e7d
AG		 1635
1636 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1637 return;
1638
a8b2d5c2 1639 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1640 return;
1641
56e5cb86 1642 hci_dev_lock(hdev);
30dc78e1
JH		 1643
1644 if (discov->state != DISCOVERY_INQUIRY)
1645 goto unlock;
1646
1647 if (list_empty(&discov->resolve)) {
1648 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1649 goto unlock;
1650 }
1651
1652 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1653 if (e && hci_resolve_name(hdev, e) == 0) {
1654 e->name_state = NAME_PENDING;
1655 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1656 } else {
1657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1658 }
1659
1660unlock:
56e5cb86 1661 hci_dev_unlock(hdev);
1da177e4
LT		 1662}
1663
1da177e4
LT		 1664static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1665{
45bb4bf0 1666 struct inquiry_data data;
a9de9248 1667 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1668 int num_rsp = *((__u8 *) skb->data);
1669
1670 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1671
45bb4bf0
MH		 1672 if (!num_rsp)
1673 return;
1674
1da177e4 1675 hci_dev_lock(hdev);
45bb4bf0 1676
e17acd40 1677 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1678 bool name_known;
1679
1da177e4
LT		 1680 bacpy(&data.bdaddr, &info->bdaddr);
1681 data.pscan_rep_mode = info->pscan_rep_mode;
1682 data.pscan_period_mode = info->pscan_period_mode;
1683 data.pscan_mode = info->pscan_mode;
1684 memcpy(data.dev_class, info->dev_class, 3);
1685 data.clock_offset = info->clock_offset;
1686 data.rssi = 0x00;
41a96212 1687 data.ssp_mode = 0x00;
3175405b
JH		 1688
1689 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1690 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1691 info->dev_class, 0, !name_known,
1692 NULL, 0);
1da177e4 1693 }
45bb4bf0 1694
1da177e4
LT		 1695 hci_dev_unlock(hdev);
1696}
1697
1da177e4
LT		 1698static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1699{
a9de9248
MH		 1700 struct hci_ev_conn_complete *ev = (void *) skb->data;
1701 struct hci_conn *conn;
1da177e4
LT		 1702
1703 BT_DBG("%s", hdev->name);
1704
1705 hci_dev_lock(hdev);
1706
1707 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1708 if (!conn) {
1709 if (ev->link_type != SCO_LINK)
1710 goto unlock;
1711
1712 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1713 if (!conn)
1714 goto unlock;
1715
1716 conn->type = SCO_LINK;
1717 }
1da177e4
LT		 1718
1719 if (!ev->status) {
1720 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1721
1722 if (conn->type == ACL_LINK) {
1723 conn->state = BT_CONFIG;
1724 hci_conn_hold(conn);
052b30b0 1725 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1726 } else
1727 conn->state = BT_CONNECTED;
1da177e4 1728
9eba32b8 1729 hci_conn_hold_device(conn);
7d0db0a3
MH		 1730 hci_conn_add_sysfs(conn);
1731
1da177e4
LT		 1732 if (test_bit(HCI_AUTH, &hdev->flags))
1733 conn->link_mode |= HCI_LM_AUTH;
1734
1735 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1736 conn->link_mode |= HCI_LM_ENCRYPT;
1737
04837f64
MH		 1738 /* Get remote features */
1739 if (conn->type == ACL_LINK) {
1740 struct hci_cp_read_remote_features cp;
1741 cp.handle = ev->handle;
769be974
MH		 1742 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1743 sizeof(cp), &cp);
04837f64
MH		 1744 }
1745
1da177e4 1746 /* Set packet type for incoming connection */
d095c1eb 1747 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1748 struct hci_cp_change_conn_ptype cp;
1749 cp.handle = ev->handle;
a8746417
MH		 1750 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1751 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1752 sizeof(cp), &cp);
1da177e4 1753 }
17d5c04c 1754 } else {
1da177e4 1755 conn->state = BT_CLOSED;
17d5c04c 1756 if (conn->type == ACL_LINK)
744cf19e 1757 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1758 conn->dst_type, ev->status);
17d5c04c 1759 }
1da177e4 1760
e73439d8
MH		 1761 if (conn->type == ACL_LINK)
1762 hci_sco_setup(conn, ev->status);
1da177e4 1763
769be974
MH		 1764 if (ev->status) {
1765 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1766 hci_conn_del(conn);
c89b6e6b
MH		 1767 } else if (ev->link_type != ACL_LINK)
1768 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1769
a9de9248 1770unlock:
1da177e4 1771 hci_dev_unlock(hdev);
1da177e4 1772
a9de9248 1773 hci_conn_check_pending(hdev);
1da177e4
LT		 1774}
1775
a9de9248 1776static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1777{
a9de9248
MH		 1778 struct hci_ev_conn_request *ev = (void *) skb->data;
1779 int mask = hdev->link_mode;
1da177e4 1780
a9de9248
MH		 1781 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1782 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1783
a9de9248 1784 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1785
138d22ef
SJ		 1786 if ((mask & HCI_LM_ACCEPT) &&
1787 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1788 /* Connection accepted */
c7bdd502 1789 struct inquiry_entry *ie;
1da177e4 1790 struct hci_conn *conn;
1da177e4 1791
a9de9248 1792 hci_dev_lock(hdev);
b6a0dc82 1793
cc11b9c1
AE		 1794 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1795 if (ie)
c7bdd502
MH		 1796 memcpy(ie->data.dev_class, ev->dev_class, 3);
1797
a9de9248
MH		 1798 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1799 if (!conn) {
cc11b9c1
AE		 1800 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1801 if (!conn) {
893ef971 1802 BT_ERR("No memory for new connection");
a9de9248
MH		 1803 hci_dev_unlock(hdev);
1804 return;
1da177e4
LT		 1805 }
1806 }
b6a0dc82 1807
a9de9248
MH		 1808 memcpy(conn->dev_class, ev->dev_class, 3);
1809 conn->state = BT_CONNECT;
b6a0dc82 1810
a9de9248 1811 hci_dev_unlock(hdev);
1da177e4 1812
b6a0dc82
MH		 1813 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1814 struct hci_cp_accept_conn_req cp;
1da177e4 1815
b6a0dc82
MH		 1816 bacpy(&cp.bdaddr, &ev->bdaddr);
1817
1818 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1819 cp.role = 0x00; /* Become master */
1820 else
1821 cp.role = 0x01; /* Remain slave */
1822
1823 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1824 sizeof(cp), &cp);
1825 } else {
1826 struct hci_cp_accept_sync_conn_req cp;
1827
1828 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1829 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1830
1831 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1832 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1833 cp.max_latency = cpu_to_le16(0xffff);
1834 cp.content_format = cpu_to_le16(hdev->voice_setting);
1835 cp.retrans_effort = 0xff;
1da177e4 1836
b6a0dc82
MH		 1837 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1838 sizeof(cp), &cp);
1839 }
a9de9248
MH		 1840 } else {
1841 /* Connection rejected */
1842 struct hci_cp_reject_conn_req cp;
1da177e4 1843
a9de9248 1844 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1845 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1846 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1847 }
1da177e4
LT		 1848}
1849
a9de9248 1850static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1851{
a9de9248 1852 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1853 struct hci_conn *conn;
1854
1855 BT_DBG("%s status %d", hdev->name, ev->status);
1856
1857 hci_dev_lock(hdev);
1858
1859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1860 if (!conn)
1861 goto unlock;
7d0db0a3 1862
37d9ef76
JH		 1863 if (ev->status == 0)
1864 conn->state = BT_CLOSED;
04837f64 1865
b644ba33
JH		 1866 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1867 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1868 if (ev->status != 0)
88c3df13
JH		 1869 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1870 conn->dst_type, ev->status);
37d9ef76 1871 else
afc747a6 1872 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1873 conn->dst_type);
37d9ef76 1874 }
f7520543 1875
37d9ef76
JH		 1876 if (ev->status == 0) {
1877 hci_proto_disconn_cfm(conn, ev->reason);
1878 hci_conn_del(conn);
1879 }
f7520543
JH		 1880
1881unlock:
04837f64
MH		 1882 hci_dev_unlock(hdev);
1883}
1884
1da177e4
LT		 1885static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1886{
a9de9248 1887 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1888 struct hci_conn *conn;
1da177e4
LT		 1889
1890 BT_DBG("%s status %d", hdev->name, ev->status);
1891
1892 hci_dev_lock(hdev);
1893
04837f64 1894 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1895 if (!conn)
1896 goto unlock;
1897
1898 if (!ev->status) {
aa64a8b5
JH		 1899 if (!hci_conn_ssp_enabled(conn) &&
1900 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1901 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1902 } else {
d7556e20
WR		 1903 conn->link_mode |= HCI_LM_AUTH;
1904 conn->sec_level = conn->pending_sec_level;
2a611692 1905 }
d7556e20 1906 } else {
bab73cb6
JH		 1907 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1908 ev->status);
d7556e20 1909 }
1da177e4 1910
51a8efd7
JH		 1911 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1912 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1913
d7556e20 1914 if (conn->state == BT_CONFIG) {
aa64a8b5 1915 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1916 struct hci_cp_set_conn_encrypt cp;
1917 cp.handle = ev->handle;
1918 cp.encrypt = 0x01;
1919 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1920 &cp);
052b30b0 1921 } else {
d7556e20
WR		 1922 conn->state = BT_CONNECTED;
1923 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1924 hci_conn_put(conn);
1925 }
d7556e20
WR		 1926 } else {
1927 hci_auth_cfm(conn, ev->status);
052b30b0 1928
d7556e20
WR		 1929 hci_conn_hold(conn);
1930 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1931 hci_conn_put(conn);
1932 }
1933
51a8efd7 1934 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1935 if (!ev->status) {
1936 struct hci_cp_set_conn_encrypt cp;
1937 cp.handle = ev->handle;
1938 cp.encrypt = 0x01;
1939 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1940 &cp);
1941 } else {
51a8efd7 1942 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1943 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1944 }
1945 }
1946
d7556e20 1947unlock:
1da177e4
LT		 1948 hci_dev_unlock(hdev);
1949}
1950
a9de9248 1951static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1952{
127178d2
JH		 1953 struct hci_ev_remote_name *ev = (void *) skb->data;
1954 struct hci_conn *conn;
1955
a9de9248 1956 BT_DBG("%s", hdev->name);
1da177e4 1957
a9de9248 1958 hci_conn_check_pending(hdev);
127178d2
JH		 1959
1960 hci_dev_lock(hdev);
1961
b644ba33 1962 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1963
b644ba33
JH		 1964 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1965 goto check_auth;
a88a9652 1966
b644ba33
JH		 1967 if (ev->status == 0)
1968 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1969 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1970 else
1971 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1972
1973check_auth:
79c6c70c
JH		 1974 if (!conn)
1975 goto unlock;
1976
1977 if (!hci_outgoing_auth_needed(hdev, conn))
1978 goto unlock;
1979
51a8efd7 1980 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1981 struct hci_cp_auth_requested cp;
1982 cp.handle = __cpu_to_le16(conn->handle);
1983 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1984 }
1985
79c6c70c 1986unlock:
127178d2 1987 hci_dev_unlock(hdev);
a9de9248
MH		 1988}
1989
1990static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1991{
1992 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1993 struct hci_conn *conn;
1994
1995 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1996
1997 hci_dev_lock(hdev);
1998
04837f64 1999 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2000 if (conn) {
2001 if (!ev->status) {
ae293196
MH		 2002 if (ev->encrypt) {
2003 /* Encryption implies authentication */
2004 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2005 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2006 conn->sec_level = conn->pending_sec_level;
ae293196 2007 } else
1da177e4
LT		 2008 conn->link_mode &= ~HCI_LM_ENCRYPT;
2009 }
2010
51a8efd7 2011 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2012
f8558555
MH		 2013 if (conn->state == BT_CONFIG) {
2014 if (!ev->status)
2015 conn->state = BT_CONNECTED;
2016
2017 hci_proto_connect_cfm(conn, ev->status);
2018 hci_conn_put(conn);
2019 } else
2020 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2021 }
2022
2023 hci_dev_unlock(hdev);
2024}
2025
a9de9248 2026static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2027{
a9de9248 2028 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2029 struct hci_conn *conn;
1da177e4
LT		 2030
2031 BT_DBG("%s status %d", hdev->name, ev->status);
2032
2033 hci_dev_lock(hdev);
2034
04837f64 2035 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2036 if (conn) {
2037 if (!ev->status)
2038 conn->link_mode |= HCI_LM_SECURE;
2039
51a8efd7 2040 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2041
2042 hci_key_change_cfm(conn, ev->status);
2043 }
2044
2045 hci_dev_unlock(hdev);
2046}
2047
a9de9248 2048static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2049{
a9de9248
MH		 2050 struct hci_ev_remote_features *ev = (void *) skb->data;
2051 struct hci_conn *conn;
2052
2053 BT_DBG("%s status %d", hdev->name, ev->status);
2054
a9de9248
MH		 2055 hci_dev_lock(hdev);
2056
2057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2058 if (!conn)
2059 goto unlock;
769be974 2060
ccd556fe
JH		 2061 if (!ev->status)
2062 memcpy(conn->features, ev->features, 8);
2063
2064 if (conn->state != BT_CONFIG)
2065 goto unlock;
2066
2067 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2068 struct hci_cp_read_remote_ext_features cp;
2069 cp.handle = ev->handle;
2070 cp.page = 0x01;
2071 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2072 sizeof(cp), &cp);
392599b9
JH		 2073 goto unlock;
2074 }
2075
127178d2
JH		 2076 if (!ev->status) {
2077 struct hci_cp_remote_name_req cp;
2078 memset(&cp, 0, sizeof(cp));
2079 bacpy(&cp.bdaddr, &conn->dst);
2080 cp.pscan_rep_mode = 0x02;
2081 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2082 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2083 mgmt_device_connected(hdev, &conn->dst, conn->type,
2084 conn->dst_type, NULL, 0,
2085 conn->dev_class);
392599b9 2086
127178d2 2087 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2088 conn->state = BT_CONNECTED;
2089 hci_proto_connect_cfm(conn, ev->status);
2090 hci_conn_put(conn);
769be974 2091 }
a9de9248 2092
ccd556fe 2093unlock:
a9de9248 2094 hci_dev_unlock(hdev);
1da177e4
LT		 2095}
2096
a9de9248 2097static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2098{
a9de9248 2099 BT_DBG("%s", hdev->name);
1da177e4
LT		 2100}
2101
a9de9248 2102static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2103{
a9de9248 2104 BT_DBG("%s", hdev->name);
1da177e4
LT		 2105}
2106
a9de9248
MH		 2107static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2108{
2109 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2110 __u16 opcode;
2111
2112 skb_pull(skb, sizeof(*ev));
2113
2114 opcode = __le16_to_cpu(ev->opcode);
2115
2116 switch (opcode) {
2117 case HCI_OP_INQUIRY_CANCEL:
2118 hci_cc_inquiry_cancel(hdev, skb);
2119 break;
2120
2121 case HCI_OP_EXIT_PERIODIC_INQ:
2122 hci_cc_exit_periodic_inq(hdev, skb);
2123 break;
2124
2125 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2126 hci_cc_remote_name_req_cancel(hdev, skb);
2127 break;
2128
2129 case HCI_OP_ROLE_DISCOVERY:
2130 hci_cc_role_discovery(hdev, skb);
2131 break;
2132
e4e8e37c
MH		 2133 case HCI_OP_READ_LINK_POLICY:
2134 hci_cc_read_link_policy(hdev, skb);
2135 break;
2136
a9de9248
MH		 2137 case HCI_OP_WRITE_LINK_POLICY:
2138 hci_cc_write_link_policy(hdev, skb);
2139 break;
2140
e4e8e37c
MH		 2141 case HCI_OP_READ_DEF_LINK_POLICY:
2142 hci_cc_read_def_link_policy(hdev, skb);
2143 break;
2144
2145 case HCI_OP_WRITE_DEF_LINK_POLICY:
2146 hci_cc_write_def_link_policy(hdev, skb);
2147 break;
2148
a9de9248
MH		 2149 case HCI_OP_RESET:
2150 hci_cc_reset(hdev, skb);
2151 break;
2152
2153 case HCI_OP_WRITE_LOCAL_NAME:
2154 hci_cc_write_local_name(hdev, skb);
2155 break;
2156
2157 case HCI_OP_READ_LOCAL_NAME:
2158 hci_cc_read_local_name(hdev, skb);
2159 break;
2160
2161 case HCI_OP_WRITE_AUTH_ENABLE:
2162 hci_cc_write_auth_enable(hdev, skb);
2163 break;
2164
2165 case HCI_OP_WRITE_ENCRYPT_MODE:
2166 hci_cc_write_encrypt_mode(hdev, skb);
2167 break;
2168
2169 case HCI_OP_WRITE_SCAN_ENABLE:
2170 hci_cc_write_scan_enable(hdev, skb);
2171 break;
2172
2173 case HCI_OP_READ_CLASS_OF_DEV:
2174 hci_cc_read_class_of_dev(hdev, skb);
2175 break;
2176
2177 case HCI_OP_WRITE_CLASS_OF_DEV:
2178 hci_cc_write_class_of_dev(hdev, skb);
2179 break;
2180
2181 case HCI_OP_READ_VOICE_SETTING:
2182 hci_cc_read_voice_setting(hdev, skb);
2183 break;
2184
2185 case HCI_OP_WRITE_VOICE_SETTING:
2186 hci_cc_write_voice_setting(hdev, skb);
2187 break;
2188
2189 case HCI_OP_HOST_BUFFER_SIZE:
2190 hci_cc_host_buffer_size(hdev, skb);
2191 break;
2192
333140b5
MH		 2193 case HCI_OP_READ_SSP_MODE:
2194 hci_cc_read_ssp_mode(hdev, skb);
2195 break;
2196
2197 case HCI_OP_WRITE_SSP_MODE:
2198 hci_cc_write_ssp_mode(hdev, skb);
2199 break;
2200
a9de9248
MH		 2201 case HCI_OP_READ_LOCAL_VERSION:
2202 hci_cc_read_local_version(hdev, skb);
2203 break;
2204
2205 case HCI_OP_READ_LOCAL_COMMANDS:
2206 hci_cc_read_local_commands(hdev, skb);
2207 break;
2208
2209 case HCI_OP_READ_LOCAL_FEATURES:
2210 hci_cc_read_local_features(hdev, skb);
2211 break;
2212
971e3a4b
AG		 2213 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2214 hci_cc_read_local_ext_features(hdev, skb);
2215 break;
2216
a9de9248
MH		 2217 case HCI_OP_READ_BUFFER_SIZE:
2218 hci_cc_read_buffer_size(hdev, skb);
2219 break;
2220
2221 case HCI_OP_READ_BD_ADDR:
2222 hci_cc_read_bd_addr(hdev, skb);
2223 break;
2224
350ee4cf
AE		 2225 case HCI_OP_READ_DATA_BLOCK_SIZE:
2226 hci_cc_read_data_block_size(hdev, skb);
2227 break;
2228
23bb5763
JH		 2229 case HCI_OP_WRITE_CA_TIMEOUT:
2230 hci_cc_write_ca_timeout(hdev, skb);
2231 break;
2232
1e89cffb
AE		 2233 case HCI_OP_READ_FLOW_CONTROL_MODE:
2234 hci_cc_read_flow_control_mode(hdev, skb);
2235 break;
2236
928abaa7
AE		 2237 case HCI_OP_READ_LOCAL_AMP_INFO:
2238 hci_cc_read_local_amp_info(hdev, skb);
2239 break;
2240
b0916ea0
JH		 2241 case HCI_OP_DELETE_STORED_LINK_KEY:
2242 hci_cc_delete_stored_link_key(hdev, skb);
2243 break;
2244
d5859e22
JH		 2245 case HCI_OP_SET_EVENT_MASK:
2246 hci_cc_set_event_mask(hdev, skb);
2247 break;
2248
2249 case HCI_OP_WRITE_INQUIRY_MODE:
2250 hci_cc_write_inquiry_mode(hdev, skb);
2251 break;
2252
2253 case HCI_OP_READ_INQ_RSP_TX_POWER:
2254 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2255 break;
2256
2257 case HCI_OP_SET_EVENT_FLT:
2258 hci_cc_set_event_flt(hdev, skb);
2259 break;
2260
980e1a53
JH		 2261 case HCI_OP_PIN_CODE_REPLY:
2262 hci_cc_pin_code_reply(hdev, skb);
2263 break;
2264
2265 case HCI_OP_PIN_CODE_NEG_REPLY:
2266 hci_cc_pin_code_neg_reply(hdev, skb);
2267 break;
2268
c35938b2
SJ		 2269 case HCI_OP_READ_LOCAL_OOB_DATA:
2270 hci_cc_read_local_oob_data_reply(hdev, skb);
2271 break;
2272
6ed58ec5
VT		 2273 case HCI_OP_LE_READ_BUFFER_SIZE:
2274 hci_cc_le_read_buffer_size(hdev, skb);
2275 break;
2276
a5c29683
JH		 2277 case HCI_OP_USER_CONFIRM_REPLY:
2278 hci_cc_user_confirm_reply(hdev, skb);
2279 break;
2280
2281 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2282 hci_cc_user_confirm_neg_reply(hdev, skb);
2283 break;
2284
1143d458
BG		 2285 case HCI_OP_USER_PASSKEY_REPLY:
2286 hci_cc_user_passkey_reply(hdev, skb);
2287 break;
2288
2289 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2290 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2291
2292 case HCI_OP_LE_SET_SCAN_PARAM:
2293 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2294 break;
2295
eb9d91f5
AG		 2296 case HCI_OP_LE_SET_SCAN_ENABLE:
2297 hci_cc_le_set_scan_enable(hdev, skb);
2298 break;
2299
a7a595f6
VCG		 2300 case HCI_OP_LE_LTK_REPLY:
2301 hci_cc_le_ltk_reply(hdev, skb);
2302 break;
2303
2304 case HCI_OP_LE_LTK_NEG_REPLY:
2305 hci_cc_le_ltk_neg_reply(hdev, skb);
2306 break;
2307
f9b49306
AG		 2308 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2309 hci_cc_write_le_host_supported(hdev, skb);
2310 break;
2311
a9de9248
MH		 2312 default:
2313 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2314 break;
2315 }
2316
6bd32326
VT		 2317 if (ev->opcode != HCI_OP_NOP)
2318 del_timer(&hdev->cmd_timer);
2319
a9de9248
MH		 2320 if (ev->ncmd) {
2321 atomic_set(&hdev->cmd_cnt, 1);
2322 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2323 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2324 }
2325}
2326
2327static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2328{
2329 struct hci_ev_cmd_status *ev = (void *) skb->data;
2330 __u16 opcode;
2331
2332 skb_pull(skb, sizeof(*ev));
2333
2334 opcode = __le16_to_cpu(ev->opcode);
2335
2336 switch (opcode) {
2337 case HCI_OP_INQUIRY:
2338 hci_cs_inquiry(hdev, ev->status);
2339 break;
2340
2341 case HCI_OP_CREATE_CONN:
2342 hci_cs_create_conn(hdev, ev->status);
2343 break;
2344
2345 case HCI_OP_ADD_SCO:
2346 hci_cs_add_sco(hdev, ev->status);
2347 break;
2348
f8558555
MH		 2349 case HCI_OP_AUTH_REQUESTED:
2350 hci_cs_auth_requested(hdev, ev->status);
2351 break;
2352
2353 case HCI_OP_SET_CONN_ENCRYPT:
2354 hci_cs_set_conn_encrypt(hdev, ev->status);
2355 break;
2356
a9de9248
MH		 2357 case HCI_OP_REMOTE_NAME_REQ:
2358 hci_cs_remote_name_req(hdev, ev->status);
2359 break;
2360
769be974
MH		 2361 case HCI_OP_READ_REMOTE_FEATURES:
2362 hci_cs_read_remote_features(hdev, ev->status);
2363 break;
2364
2365 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2366 hci_cs_read_remote_ext_features(hdev, ev->status);
2367 break;
2368
a9de9248
MH		 2369 case HCI_OP_SETUP_SYNC_CONN:
2370 hci_cs_setup_sync_conn(hdev, ev->status);
2371 break;
2372
2373 case HCI_OP_SNIFF_MODE:
2374 hci_cs_sniff_mode(hdev, ev->status);
2375 break;
2376
2377 case HCI_OP_EXIT_SNIFF_MODE:
2378 hci_cs_exit_sniff_mode(hdev, ev->status);
2379 break;
2380
8962ee74 2381 case HCI_OP_DISCONNECT:
88c3df13 2382 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2383 break;
2384
fcd89c09
VT		 2385 case HCI_OP_LE_CREATE_CONN:
2386 hci_cs_le_create_conn(hdev, ev->status);
2387 break;
2388
a7a595f6
VCG		 2389 case HCI_OP_LE_START_ENC:
2390 hci_cs_le_start_enc(hdev, ev->status);
2391 break;
2392
a9de9248
MH		 2393 default:
2394 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2395 break;
2396 }
2397
6bd32326
VT		 2398 if (ev->opcode != HCI_OP_NOP)
2399 del_timer(&hdev->cmd_timer);
2400
10572132 2401 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2402 atomic_set(&hdev->cmd_cnt, 1);
2403 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2404 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2405 }
2406}
2407
2408static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2409{
2410 struct hci_ev_role_change *ev = (void *) skb->data;
2411 struct hci_conn *conn;
2412
2413 BT_DBG("%s status %d", hdev->name, ev->status);
2414
2415 hci_dev_lock(hdev);
2416
2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2418 if (conn) {
2419 if (!ev->status) {
2420 if (ev->role)
2421 conn->link_mode &= ~HCI_LM_MASTER;
2422 else
2423 conn->link_mode |= HCI_LM_MASTER;
2424 }
2425
51a8efd7 2426 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2427
2428 hci_role_switch_cfm(conn, ev->status, ev->role);
2429 }
2430
2431 hci_dev_unlock(hdev);
2432}
2433
2434static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2435{
2436 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2437 int i;
2438
32ac5b9b
AE		 2439 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2440 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2441 return;
2442 }
2443
c5993de8
AE		 2444 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2445 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2446 BT_DBG("%s bad parameters", hdev->name);
2447 return;
2448 }
2449
c5993de8
AE		 2450 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2451
613a1c0c
AE		 2452 for (i = 0; i < ev->num_hndl; i++) {
2453 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2454 struct hci_conn *conn;
2455 __u16 handle, count;
2456
613a1c0c
AE		 2457 handle = __le16_to_cpu(info->handle);
2458 count = __le16_to_cpu(info->count);
a9de9248
MH		 2459
2460 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2461 if (!conn)
2462 continue;
2463
2464 conn->sent -= count;
2465
2466 switch (conn->type) {
2467 case ACL_LINK:
2468 hdev->acl_cnt += count;
2469 if (hdev->acl_cnt > hdev->acl_pkts)
2470 hdev->acl_cnt = hdev->acl_pkts;
2471 break;
2472
2473 case LE_LINK:
2474 if (hdev->le_pkts) {
2475 hdev->le_cnt += count;
2476 if (hdev->le_cnt > hdev->le_pkts)
2477 hdev->le_cnt = hdev->le_pkts;
2478 } else {
70f23020
AE		 2479 hdev->acl_cnt += count;
2480 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2481 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2482 }
f4280918
AE		 2483 break;
2484
2485 case SCO_LINK:
2486 hdev->sco_cnt += count;
2487 if (hdev->sco_cnt > hdev->sco_pkts)
2488 hdev->sco_cnt = hdev->sco_pkts;
2489 break;
2490
2491 default:
2492 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2493 break;
a9de9248
MH		 2494 }
2495 }
2496
3eff45ea 2497 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2498}
2499
25e89e99
AE		 2500static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2501 struct sk_buff *skb)
2502{
2503 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2504 int i;
2505
2506 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2507 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2508 return;
2509 }
2510
2511 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2512 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2513 BT_DBG("%s bad parameters", hdev->name);
2514 return;
2515 }
2516
2517 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2518 ev->num_hndl);
2519
2520 for (i = 0; i < ev->num_hndl; i++) {
2521 struct hci_comp_blocks_info *info = &ev->handles[i];
2522 struct hci_conn *conn;
2523 __u16 handle, block_count;
2524
2525 handle = __le16_to_cpu(info->handle);
2526 block_count = __le16_to_cpu(info->blocks);
2527
2528 conn = hci_conn_hash_lookup_handle(hdev, handle);
2529 if (!conn)
2530 continue;
2531
2532 conn->sent -= block_count;
2533
2534 switch (conn->type) {
2535 case ACL_LINK:
2536 hdev->block_cnt += block_count;
2537 if (hdev->block_cnt > hdev->num_blocks)
2538 hdev->block_cnt = hdev->num_blocks;
2539 break;
2540
2541 default:
2542 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2543 break;
2544 }
2545 }
2546
2547 queue_work(hdev->workqueue, &hdev->tx_work);
2548}
2549
a9de9248 2550static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2551{
a9de9248 2552 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2553 struct hci_conn *conn;
2554
2555 BT_DBG("%s status %d", hdev->name, ev->status);
2556
2557 hci_dev_lock(hdev);
2558
2559 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2560 if (conn) {
2561 conn->mode = ev->mode;
2562 conn->interval = __le16_to_cpu(ev->interval);
2563
51a8efd7 2564 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2565 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2566 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2567 else
58a681ef 2568 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2569 }
e73439d8 2570
51a8efd7 2571 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2572 hci_sco_setup(conn, ev->status);
04837f64
MH		 2573 }
2574
2575 hci_dev_unlock(hdev);
2576}
2577
a9de9248
MH		 2578static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2579{
052b30b0
MH		 2580 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2581 struct hci_conn *conn;
2582
a9de9248 2583 BT_DBG("%s", hdev->name);
052b30b0
MH		 2584
2585 hci_dev_lock(hdev);
2586
2587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2588 if (!conn)
2589 goto unlock;
2590
2591 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2592 hci_conn_hold(conn);
2593 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2594 hci_conn_put(conn);
2595 }
2596
a8b2d5c2 2597 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2598 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2599 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2600 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2601 u8 secure;
2602
2603 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2604 secure = 1;
2605 else
2606 secure = 0;
2607
744cf19e 2608 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2609 }
980e1a53 2610
b6f98044 2611unlock:
052b30b0 2612 hci_dev_unlock(hdev);
a9de9248
MH		 2613}
2614
2615static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2616{
55ed8ca1
JH		 2617 struct hci_ev_link_key_req *ev = (void *) skb->data;
2618 struct hci_cp_link_key_reply cp;
2619 struct hci_conn *conn;
2620 struct link_key *key;
2621
a9de9248 2622 BT_DBG("%s", hdev->name);
55ed8ca1 2623
a8b2d5c2 2624 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2625 return;
2626
2627 hci_dev_lock(hdev);
2628
2629 key = hci_find_link_key(hdev, &ev->bdaddr);
2630 if (!key) {
2631 BT_DBG("%s link key not found for %s", hdev->name,
2632 batostr(&ev->bdaddr));
2633 goto not_found;
2634 }
2635
2636 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2637 batostr(&ev->bdaddr));
2638
a8b2d5c2 2639 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2640 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2641 BT_DBG("%s ignoring debug key", hdev->name);
2642 goto not_found;
2643 }
2644
2645 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2646 if (conn) {
2647 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2648 conn->auth_type != 0xff &&
2649 (conn->auth_type & 0x01)) {
2650 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2651 goto not_found;
2652 }
55ed8ca1 2653
60b83f57
WR		 2654 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2655 conn->pending_sec_level == BT_SECURITY_HIGH) {
2656 BT_DBG("%s ignoring key unauthenticated for high \
2657 security", hdev->name);
2658 goto not_found;
2659 }
2660
2661 conn->key_type = key->type;
2662 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2663 }
2664
2665 bacpy(&cp.bdaddr, &ev->bdaddr);
2666 memcpy(cp.link_key, key->val, 16);
2667
2668 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2669
2670 hci_dev_unlock(hdev);
2671
2672 return;
2673
2674not_found:
2675 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2676 hci_dev_unlock(hdev);
a9de9248
MH		 2677}
2678
2679static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2680{
052b30b0
MH		 2681 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2682 struct hci_conn *conn;
55ed8ca1 2683 u8 pin_len = 0;
052b30b0 2684
a9de9248 2685 BT_DBG("%s", hdev->name);
052b30b0
MH		 2686
2687 hci_dev_lock(hdev);
2688
2689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2690 if (conn) {
2691 hci_conn_hold(conn);
2692 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2693 pin_len = conn->pin_length;
13d39315
WR		 2694
2695 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2696 conn->key_type = ev->key_type;
2697
052b30b0
MH		 2698 hci_conn_put(conn);
2699 }
2700
a8b2d5c2 2701 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2702 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2703 ev->key_type, pin_len);
2704
052b30b0 2705 hci_dev_unlock(hdev);
a9de9248
MH		 2706}
2707
1da177e4
LT		 2708static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2709{
a9de9248 2710 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2711 struct hci_conn *conn;
1da177e4
LT		 2712
2713 BT_DBG("%s status %d", hdev->name, ev->status);
2714
2715 hci_dev_lock(hdev);
2716
04837f64 2717 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2718 if (conn && !ev->status) {
2719 struct inquiry_entry *ie;
2720
cc11b9c1
AE		 2721 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2722 if (ie) {
1da177e4
LT		 2723 ie->data.clock_offset = ev->clock_offset;
2724 ie->timestamp = jiffies;
2725 }
2726 }
2727
2728 hci_dev_unlock(hdev);
2729}
2730
a8746417
MH		 2731static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2732{
2733 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2734 struct hci_conn *conn;
2735
2736 BT_DBG("%s status %d", hdev->name, ev->status);
2737
2738 hci_dev_lock(hdev);
2739
2740 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2741 if (conn && !ev->status)
2742 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2743
2744 hci_dev_unlock(hdev);
2745}
2746
85a1e930
MH		 2747static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2748{
a9de9248 2749 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2750 struct inquiry_entry *ie;
2751
2752 BT_DBG("%s", hdev->name);
2753
2754 hci_dev_lock(hdev);
2755
cc11b9c1
AE		 2756 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2757 if (ie) {
85a1e930
MH		 2758 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2759 ie->timestamp = jiffies;
2760 }
2761
2762 hci_dev_unlock(hdev);
2763}
2764
a9de9248
MH		 2765static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2766{
2767 struct inquiry_data data;
2768 int num_rsp = *((__u8 *) skb->data);
3175405b 2769 bool name_known;
a9de9248
MH		 2770
2771 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2772
2773 if (!num_rsp)
2774 return;
2775
2776 hci_dev_lock(hdev);
2777
2778 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2779 struct inquiry_info_with_rssi_and_pscan_mode *info;
2780 info = (void *) (skb->data + 1);
a9de9248 2781
e17acd40 2782 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2783 bacpy(&data.bdaddr, &info->bdaddr);
2784 data.pscan_rep_mode = info->pscan_rep_mode;
2785 data.pscan_period_mode = info->pscan_period_mode;
2786 data.pscan_mode = info->pscan_mode;
2787 memcpy(data.dev_class, info->dev_class, 3);
2788 data.clock_offset = info->clock_offset;
2789 data.rssi = info->rssi;
41a96212 2790 data.ssp_mode = 0x00;
3175405b
JH		 2791
2792 name_known = hci_inquiry_cache_update(hdev, &data,
2793 false);
48264f06 2794 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2795 info->dev_class, info->rssi,
7d262f86 2796 !name_known, NULL, 0);
a9de9248
MH		 2797 }
2798 } else {
2799 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2800
e17acd40 2801 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2802 bacpy(&data.bdaddr, &info->bdaddr);
2803 data.pscan_rep_mode = info->pscan_rep_mode;
2804 data.pscan_period_mode = info->pscan_period_mode;
2805 data.pscan_mode = 0x00;
2806 memcpy(data.dev_class, info->dev_class, 3);
2807 data.clock_offset = info->clock_offset;
2808 data.rssi = info->rssi;
41a96212 2809 data.ssp_mode = 0x00;
3175405b
JH		 2810 name_known = hci_inquiry_cache_update(hdev, &data,
2811 false);
48264f06 2812 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2813 info->dev_class, info->rssi,
7d262f86 2814 !name_known, NULL, 0);
a9de9248
MH		 2815 }
2816 }
2817
2818 hci_dev_unlock(hdev);
2819}
2820
2821static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2822{
41a96212
MH		 2823 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2824 struct hci_conn *conn;
2825
a9de9248 2826 BT_DBG("%s", hdev->name);
41a96212 2827
41a96212
MH		 2828 hci_dev_lock(hdev);
2829
2830 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2831 if (!conn)
2832 goto unlock;
41a96212 2833
ccd556fe
JH		 2834 if (!ev->status && ev->page == 0x01) {
2835 struct inquiry_entry *ie;
41a96212 2836
cc11b9c1
AE		 2837 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2838 if (ie)
ccd556fe 2839 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2840
58a681ef
JH		 2841 if (ev->features[0] & 0x01)
2842 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2843 }
2844
2845 if (conn->state != BT_CONFIG)
2846 goto unlock;
2847
127178d2
JH		 2848 if (!ev->status) {
2849 struct hci_cp_remote_name_req cp;
2850 memset(&cp, 0, sizeof(cp));
2851 bacpy(&cp.bdaddr, &conn->dst);
2852 cp.pscan_rep_mode = 0x02;
2853 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2854 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2855 mgmt_device_connected(hdev, &conn->dst, conn->type,
2856 conn->dst_type, NULL, 0,
2857 conn->dev_class);
392599b9 2858
127178d2 2859 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2860 conn->state = BT_CONNECTED;
2861 hci_proto_connect_cfm(conn, ev->status);
2862 hci_conn_put(conn);
41a96212
MH		 2863 }
2864
ccd556fe 2865unlock:
41a96212 2866 hci_dev_unlock(hdev);
a9de9248
MH		 2867}
2868
2869static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2870{
b6a0dc82
MH		 2871 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2872 struct hci_conn *conn;
2873
2874 BT_DBG("%s status %d", hdev->name, ev->status);
2875
2876 hci_dev_lock(hdev);
2877
2878 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2879 if (!conn) {
2880 if (ev->link_type == ESCO_LINK)
2881 goto unlock;
2882
2883 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2884 if (!conn)
2885 goto unlock;
2886
2887 conn->type = SCO_LINK;
2888 }
b6a0dc82 2889
732547f9
MH		 2890 switch (ev->status) {
2891 case 0x00:
b6a0dc82
MH		 2892 conn->handle = __le16_to_cpu(ev->handle);
2893 conn->state = BT_CONNECTED;
7d0db0a3 2894
9eba32b8 2895 hci_conn_hold_device(conn);
7d0db0a3 2896 hci_conn_add_sysfs(conn);
732547f9
MH		 2897 break;
2898
705e5711 2899 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2900 case 0x1c: /* SCO interval rejected */
1038a00b 2901 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2902 case 0x1f: /* Unspecified error */
2903 if (conn->out && conn->attempt < 2) {
2904 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2905 (hdev->esco_type & EDR_ESCO_MASK);
2906 hci_setup_sync(conn, conn->link->handle);
2907 goto unlock;
2908 }
2909 /* fall through */
2910
2911 default:
b6a0dc82 2912 conn->state = BT_CLOSED;
732547f9
MH		 2913 break;
2914 }
b6a0dc82
MH		 2915
2916 hci_proto_connect_cfm(conn, ev->status);
2917 if (ev->status)
2918 hci_conn_del(conn);
2919
2920unlock:
2921 hci_dev_unlock(hdev);
a9de9248
MH		 2922}
2923
2924static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2925{
2926 BT_DBG("%s", hdev->name);
2927}
2928
04837f64
MH		 2929static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2930{
a9de9248 2931 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2932
2933 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2934}
2935
a9de9248 2936static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2937{
a9de9248
MH		 2938 struct inquiry_data data;
2939 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2940 int num_rsp = *((__u8 *) skb->data);
1da177e4 2941
a9de9248 2942 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2943
a9de9248
MH		 2944 if (!num_rsp)
2945 return;
1da177e4 2946
a9de9248
MH		 2947 hci_dev_lock(hdev);
2948
e17acd40 2949 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2950 bool name_known;
2951
a9de9248 2952 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2953 data.pscan_rep_mode = info->pscan_rep_mode;
2954 data.pscan_period_mode = info->pscan_period_mode;
2955 data.pscan_mode = 0x00;
a9de9248 2956 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2957 data.clock_offset = info->clock_offset;
2958 data.rssi = info->rssi;
41a96212 2959 data.ssp_mode = 0x01;
561aafbc 2960
a8b2d5c2 2961 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2962 name_known = eir_has_data_type(info->data,
2963 sizeof(info->data),
2964 EIR_NAME_COMPLETE);
561aafbc
JH		 2965 else
2966 name_known = true;
2967
3175405b 2968 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2969 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2970 info->dev_class, info->rssi,
7d262f86
AG		 2971 !name_known, info->data,
2972 sizeof(info->data));
a9de9248
MH		 2973 }
2974
2975 hci_dev_unlock(hdev);
2976}
1da177e4 2977
17fa4b9d
JH		 2978static inline u8 hci_get_auth_req(struct hci_conn *conn)
2979{
2980 /* If remote requests dedicated bonding follow that lead */
2981 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2982 /* If both remote and local IO capabilities allow MITM
2983 * protection then require it, otherwise don't */
2984 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2985 return 0x02;
2986 else
2987 return 0x03;
2988 }
2989
2990 /* If remote requests no-bonding follow that lead */
2991 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2992 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2993
2994 return conn->auth_type;
2995}
2996
0493684e
MH		 2997static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2998{
2999 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3000 struct hci_conn *conn;
3001
3002 BT_DBG("%s", hdev->name);
3003
3004 hci_dev_lock(hdev);
3005
3006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3007 if (!conn)
3008 goto unlock;
3009
3010 hci_conn_hold(conn);
3011
a8b2d5c2 3012 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3013 goto unlock;
3014
a8b2d5c2 3015 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3016 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3017 struct hci_cp_io_capability_reply cp;
3018
3019 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3020 /* Change the IO capability from KeyboardDisplay
3021 * to DisplayYesNo as it is not supported by BT spec. */
3022 cp.capability = (conn->io_capability == 0x04) ?
3023 0x01 : conn->io_capability;
7cbc9bd9
JH		 3024 conn->auth_type = hci_get_auth_req(conn);
3025 cp.authentication = conn->auth_type;
17fa4b9d 3026
58a681ef 3027 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3028 hci_find_remote_oob_data(hdev, &conn->dst))
3029 cp.oob_data = 0x01;
3030 else
3031 cp.oob_data = 0x00;
3032
17fa4b9d
JH		 3033 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3034 sizeof(cp), &cp);
03b555e1
JH		 3035 } else {
3036 struct hci_cp_io_capability_neg_reply cp;
3037
3038 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3039 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3040
03b555e1
JH		 3041 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3042 sizeof(cp), &cp);
3043 }
3044
3045unlock:
3046 hci_dev_unlock(hdev);
3047}
3048
3049static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3050{
3051 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
3054 BT_DBG("%s", hdev->name);
3055
3056 hci_dev_lock(hdev);
3057
3058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3059 if (!conn)
3060 goto unlock;
3061
03b555e1 3062 conn->remote_cap = ev->capability;
03b555e1 3063 conn->remote_auth = ev->authentication;
58a681ef
JH		 3064 if (ev->oob_data)
3065 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3066
3067unlock:
0493684e
MH		 3068 hci_dev_unlock(hdev);
3069}
3070
a5c29683
JH		 3071static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3072 struct sk_buff *skb)
3073{
3074 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3075 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3076 struct hci_conn *conn;
a5c29683
JH		 3077
3078 BT_DBG("%s", hdev->name);
3079
3080 hci_dev_lock(hdev);
3081
a8b2d5c2 3082 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3083 goto unlock;
a5c29683 3084
7a828908
JH		 3085 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3086 if (!conn)
3087 goto unlock;
3088
3089 loc_mitm = (conn->auth_type & 0x01);
3090 rem_mitm = (conn->remote_auth & 0x01);
3091
3092 /* If we require MITM but the remote device can't provide that
3093 * (it has NoInputNoOutput) then reject the confirmation
3094 * request. The only exception is when we're dedicated bonding
3095 * initiators (connect_cfm_cb set) since then we always have the MITM
3096 * bit set. */
3097 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3098 BT_DBG("Rejecting request: remote device can't provide MITM");
3099 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3100 sizeof(ev->bdaddr), &ev->bdaddr);
3101 goto unlock;
3102 }
3103
3104 /* If no side requires MITM protection; auto-accept */
3105 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3106 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3107
3108 /* If we're not the initiators request authorization to
3109 * proceed from user space (mgmt_user_confirm with
3110 * confirm_hint set to 1). */
51a8efd7 3111 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3112 BT_DBG("Confirming auto-accept as acceptor");
3113 confirm_hint = 1;
3114 goto confirm;
3115 }
3116
9f61656a
JH		 3117 BT_DBG("Auto-accept of user confirmation with %ums delay",
3118 hdev->auto_accept_delay);
3119
3120 if (hdev->auto_accept_delay > 0) {
3121 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3122 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3123 goto unlock;
3124 }
3125
7a828908
JH		 3126 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3127 sizeof(ev->bdaddr), &ev->bdaddr);
3128 goto unlock;
3129 }
3130
55bc1a37 3131confirm:
272d90df 3132 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3133 confirm_hint);
7a828908
JH		 3134
3135unlock:
a5c29683
JH		 3136 hci_dev_unlock(hdev);
3137}
3138
1143d458
BG		 3139static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3140 struct sk_buff *skb)
3141{
3142 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3143
3144 BT_DBG("%s", hdev->name);
3145
3146 hci_dev_lock(hdev);
3147
a8b2d5c2 3148 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3149 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3150
3151 hci_dev_unlock(hdev);
3152}
3153
0493684e
MH		 3154static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3155{
3156 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3157 struct hci_conn *conn;
3158
3159 BT_DBG("%s", hdev->name);
3160
3161 hci_dev_lock(hdev);
3162
3163 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3164 if (!conn)
3165 goto unlock;
3166
3167 /* To avoid duplicate auth_failed events to user space we check
3168 * the HCI_CONN_AUTH_PEND flag which will be set if we
3169 * initiated the authentication. A traditional auth_complete
3170 * event gets always produced as initiator and is also mapped to
3171 * the mgmt_auth_failed event */
51a8efd7 3172 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3173 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3174 ev->status);
0493684e 3175
2a611692
JH		 3176 hci_conn_put(conn);
3177
3178unlock:
0493684e
MH		 3179 hci_dev_unlock(hdev);
3180}
3181
41a96212
MH		 3182static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3183{
3184 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3185 struct inquiry_entry *ie;
3186
3187 BT_DBG("%s", hdev->name);
3188
3189 hci_dev_lock(hdev);
3190
cc11b9c1
AE		 3191 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3192 if (ie)
41a96212
MH		 3193 ie->data.ssp_mode = (ev->features[0] & 0x01);
3194
3195 hci_dev_unlock(hdev);
3196}
3197
2763eda6
SJ		 3198static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3199 struct sk_buff *skb)
3200{
3201 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3202 struct oob_data *data;
3203
3204 BT_DBG("%s", hdev->name);
3205
3206 hci_dev_lock(hdev);
3207
a8b2d5c2 3208 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3209 goto unlock;
3210
2763eda6
SJ		 3211 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3212 if (data) {
3213 struct hci_cp_remote_oob_data_reply cp;
3214
3215 bacpy(&cp.bdaddr, &ev->bdaddr);
3216 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3217 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3218
3219 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3220 &cp);
3221 } else {
3222 struct hci_cp_remote_oob_data_neg_reply cp;
3223
3224 bacpy(&cp.bdaddr, &ev->bdaddr);
3225 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3226 &cp);
3227 }
3228
e1ba1f15 3229unlock:
2763eda6
SJ		 3230 hci_dev_unlock(hdev);
3231}
3232
fcd89c09
VT		 3233static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3234{
3235 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3236 struct hci_conn *conn;
3237
3238 BT_DBG("%s status %d", hdev->name, ev->status);
3239
3240 hci_dev_lock(hdev);
3241
3242 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3243 if (!conn) {
3244 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3245 if (!conn) {
3246 BT_ERR("No memory for new connection");
3247 hci_dev_unlock(hdev);
3248 return;
3249 }
29b7988a
AG		 3250
3251 conn->dst_type = ev->bdaddr_type;
b62f328b 3252 }
fcd89c09
VT		 3253
3254 if (ev->status) {
48264f06
JH		 3255 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3256 conn->dst_type, ev->status);
fcd89c09
VT		 3257 hci_proto_connect_cfm(conn, ev->status);
3258 conn->state = BT_CLOSED;
3259 hci_conn_del(conn);
3260 goto unlock;
3261 }
3262
b644ba33
JH		 3263 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3264 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3265 conn->dst_type, NULL, 0, 0);
83bc71b4 3266
7b5c0d52 3267 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3268 conn->handle = __le16_to_cpu(ev->handle);
3269 conn->state = BT_CONNECTED;
3270
3271 hci_conn_hold_device(conn);
3272 hci_conn_add_sysfs(conn);
3273
3274 hci_proto_connect_cfm(conn, ev->status);
3275
3276unlock:
3277 hci_dev_unlock(hdev);
3278}
3279
9aa04c91
AG		 3280static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3281 struct sk_buff *skb)
3282{
e95beb41
AG		 3283 u8 num_reports = skb->data[0];
3284 void *ptr = &skb->data[1];
3c9e9195 3285 s8 rssi;
9aa04c91
AG		 3286
3287 hci_dev_lock(hdev);
3288
e95beb41
AG		 3289 while (num_reports--) {
3290 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3291
9aa04c91 3292 hci_add_adv_entry(hdev, ev);
e95beb41 3293
3c9e9195
AG		 3294 rssi = ev->data[ev->length];
3295 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3296 NULL, rssi, 0, ev->data, ev->length);
3297
e95beb41 3298 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3299 }
3300
3301 hci_dev_unlock(hdev);
3302}
3303
a7a595f6
VCG		 3304static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3305 struct sk_buff *skb)
3306{
3307 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3308 struct hci_cp_le_ltk_reply cp;
bea710fe 3309 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3310 struct hci_conn *conn;
c9839a11 3311 struct smp_ltk *ltk;
a7a595f6
VCG		 3312
3313 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3314
3315 hci_dev_lock(hdev);
3316
3317 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3318 if (conn == NULL)
3319 goto not_found;
a7a595f6 3320
bea710fe
VCG		 3321 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3322 if (ltk == NULL)
3323 goto not_found;
3324
3325 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3326 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3327
3328 if (ltk->authenticated)
3329 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3330
3331 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3332
c9839a11
VCG		 3333 if (ltk->type & HCI_SMP_STK) {
3334 list_del(&ltk->list);
3335 kfree(ltk);
3336 }
3337
a7a595f6 3338 hci_dev_unlock(hdev);
bea710fe
VCG		 3339
3340 return;
3341
3342not_found:
3343 neg.handle = ev->handle;
3344 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3345 hci_dev_unlock(hdev);
a7a595f6
VCG		 3346}
3347
fcd89c09
VT		 3348static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3349{
3350 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3351
3352 skb_pull(skb, sizeof(*le_ev));
3353
3354 switch (le_ev->subevent) {
3355 case HCI_EV_LE_CONN_COMPLETE:
3356 hci_le_conn_complete_evt(hdev, skb);
3357 break;
3358
9aa04c91
AG		 3359 case HCI_EV_LE_ADVERTISING_REPORT:
3360 hci_le_adv_report_evt(hdev, skb);
3361 break;
3362
a7a595f6
VCG		 3363 case HCI_EV_LE_LTK_REQ:
3364 hci_le_ltk_request_evt(hdev, skb);
3365 break;
3366
fcd89c09
VT		 3367 default:
3368 break;
3369 }
3370}
3371
a9de9248
MH		 3372void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3373{
3374 struct hci_event_hdr *hdr = (void *) skb->data;
3375 __u8 event = hdr->evt;
3376
3377 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3378
3379 switch (event) {
1da177e4
LT		 3380 case HCI_EV_INQUIRY_COMPLETE:
3381 hci_inquiry_complete_evt(hdev, skb);
3382 break;
3383
3384 case HCI_EV_INQUIRY_RESULT:
3385 hci_inquiry_result_evt(hdev, skb);
3386 break;
3387
a9de9248
MH		 3388 case HCI_EV_CONN_COMPLETE:
3389 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3390 break;
3391
1da177e4
LT		 3392 case HCI_EV_CONN_REQUEST:
3393 hci_conn_request_evt(hdev, skb);
3394 break;
3395
1da177e4
LT		 3396 case HCI_EV_DISCONN_COMPLETE:
3397 hci_disconn_complete_evt(hdev, skb);
3398 break;
3399
1da177e4
LT		 3400 case HCI_EV_AUTH_COMPLETE:
3401 hci_auth_complete_evt(hdev, skb);
3402 break;
3403
a9de9248
MH		 3404 case HCI_EV_REMOTE_NAME:
3405 hci_remote_name_evt(hdev, skb);
3406 break;
3407
1da177e4
LT		 3408 case HCI_EV_ENCRYPT_CHANGE:
3409 hci_encrypt_change_evt(hdev, skb);
3410 break;
3411
a9de9248
MH		 3412 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3413 hci_change_link_key_complete_evt(hdev, skb);
3414 break;
3415
3416 case HCI_EV_REMOTE_FEATURES:
3417 hci_remote_features_evt(hdev, skb);
3418 break;
3419
3420 case HCI_EV_REMOTE_VERSION:
3421 hci_remote_version_evt(hdev, skb);
3422 break;
3423
3424 case HCI_EV_QOS_SETUP_COMPLETE:
3425 hci_qos_setup_complete_evt(hdev, skb);
3426 break;
3427
3428 case HCI_EV_CMD_COMPLETE:
3429 hci_cmd_complete_evt(hdev, skb);
3430 break;
3431
3432 case HCI_EV_CMD_STATUS:
3433 hci_cmd_status_evt(hdev, skb);
3434 break;
3435
3436 case HCI_EV_ROLE_CHANGE:
3437 hci_role_change_evt(hdev, skb);
3438 break;
3439
3440 case HCI_EV_NUM_COMP_PKTS:
3441 hci_num_comp_pkts_evt(hdev, skb);
3442 break;
3443
3444 case HCI_EV_MODE_CHANGE:
3445 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3446 break;
3447
3448 case HCI_EV_PIN_CODE_REQ:
3449 hci_pin_code_request_evt(hdev, skb);
3450 break;
3451
3452 case HCI_EV_LINK_KEY_REQ:
3453 hci_link_key_request_evt(hdev, skb);
3454 break;
3455
3456 case HCI_EV_LINK_KEY_NOTIFY:
3457 hci_link_key_notify_evt(hdev, skb);
3458 break;
3459
3460 case HCI_EV_CLOCK_OFFSET:
3461 hci_clock_offset_evt(hdev, skb);
3462 break;
3463
a8746417
MH		 3464 case HCI_EV_PKT_TYPE_CHANGE:
3465 hci_pkt_type_change_evt(hdev, skb);
3466 break;
3467
85a1e930
MH		 3468 case HCI_EV_PSCAN_REP_MODE:
3469 hci_pscan_rep_mode_evt(hdev, skb);
3470 break;
3471
a9de9248
MH		 3472 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3473 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3474 break;
3475
a9de9248
MH		 3476 case HCI_EV_REMOTE_EXT_FEATURES:
3477 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3478 break;
3479
a9de9248
MH		 3480 case HCI_EV_SYNC_CONN_COMPLETE:
3481 hci_sync_conn_complete_evt(hdev, skb);
3482 break;
1da177e4 3483
a9de9248
MH		 3484 case HCI_EV_SYNC_CONN_CHANGED:
3485 hci_sync_conn_changed_evt(hdev, skb);
3486 break;
1da177e4 3487
a9de9248
MH		 3488 case HCI_EV_SNIFF_SUBRATE:
3489 hci_sniff_subrate_evt(hdev, skb);
3490 break;
1da177e4 3491
a9de9248
MH		 3492 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3493 hci_extended_inquiry_result_evt(hdev, skb);
3494 break;
1da177e4 3495
0493684e
MH		 3496 case HCI_EV_IO_CAPA_REQUEST:
3497 hci_io_capa_request_evt(hdev, skb);
3498 break;
3499
03b555e1
JH		 3500 case HCI_EV_IO_CAPA_REPLY:
3501 hci_io_capa_reply_evt(hdev, skb);
3502 break;
3503
a5c29683
JH		 3504 case HCI_EV_USER_CONFIRM_REQUEST:
3505 hci_user_confirm_request_evt(hdev, skb);
3506 break;
3507
1143d458
BG		 3508 case HCI_EV_USER_PASSKEY_REQUEST:
3509 hci_user_passkey_request_evt(hdev, skb);
3510 break;
3511
0493684e
MH		 3512 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3513 hci_simple_pair_complete_evt(hdev, skb);
3514 break;
3515
41a96212
MH		 3516 case HCI_EV_REMOTE_HOST_FEATURES:
3517 hci_remote_host_features_evt(hdev, skb);
3518 break;
3519
fcd89c09
VT		 3520 case HCI_EV_LE_META:
3521 hci_le_meta_evt(hdev, skb);
3522 break;
3523
2763eda6
SJ		 3524 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3525 hci_remote_oob_data_request_evt(hdev, skb);
3526 break;
3527
25e89e99
AE		 3528 case HCI_EV_NUM_COMP_BLOCKS:
3529 hci_num_comp_blocks_evt(hdev, skb);
3530 break;
3531
a9de9248
MH		 3532 default:
3533 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3534 break;
3535 }
3536
3537 kfree_skb(skb);
3538 hdev->stat.evt_rx++;
3539}
3540
3541/* Generate internal stack event */
3542void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3543{
3544 struct hci_event_hdr *hdr;
3545 struct hci_ev_stack_internal *ev;
3546 struct sk_buff *skb;
3547
3548 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3549 if (!skb)
3550 return;
3551
3552 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3553 hdr->evt = HCI_EV_STACK_INTERNAL;
3554 hdr->plen = sizeof(*ev) + dlen;
3555
3556 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3557 ev->type = type;
3558 memcpy(ev->data, data, dlen);
3559
576c7d85 3560 bt_cb(skb)->incoming = 1;
a61bbcf2 3561 __net_timestamp(skb);
576c7d85 3562
0d48d939 3563 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3564 skb->dev = (void *) hdev;
eec8d2bc 3565 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3566 kfree_skb(skb);
3567}
e6100a25 3568
669bb396 3569module_param(enable_le, bool, 0644);
e6100a25 3570MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)