projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Keep chan->state and sk->sk_state in sync
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
3c54711c 381 if (hdev->notify)
a9de9248 382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 383}
384
385static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
386{
387 __u8 status = *((__u8 *) skb->data);
f383f275 388 __u16 setting;
a9de9248
MH		 389 void *sent;
390
391 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 392
f383f275
MH		 393 if (status)
394 return;
395
a9de9248
MH		 396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
397 if (!sent)
398 return;
1da177e4 399
f383f275 400 setting = get_unaligned_le16(sent);
1da177e4 401
f383f275
MH		 402 if (hdev->voice_setting == setting)
403 return;
404
405 hdev->voice_setting = setting;
1da177e4 406
f383f275 407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 408
3c54711c 409 if (hdev->notify)
f383f275 410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 411}
412
a9de9248 413static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 414{
a9de9248 415 __u8 status = *((__u8 *) skb->data);
1da177e4 416
a9de9248 417 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 418
23bb5763 419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 420}
1143e5a6 421
333140b5
MH		 422static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423{
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->ssp_mode = rp->mode;
432}
433
434static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
435{
436 __u8 status = *((__u8 *) skb->data);
437 void *sent;
438
439 BT_DBG("%s status 0x%x", hdev->name, status);
440
441 if (status)
442 return;
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
448 hdev->ssp_mode = *((__u8 *) sent);
449}
450
d5859e22
JH		 451static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
452{
453 if (hdev->features[6] & LMP_EXT_INQ)
454 return 2;
455
456 if (hdev->features[3] & LMP_RSSI_INQ)
457 return 1;
458
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
461 return 1;
462
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
465 return 1;
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
469 return 1;
470 }
471
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
474 return 1;
475
476 return 0;
477}
478
479static void hci_setup_inquiry_mode(struct hci_dev *hdev)
480{
481 u8 mode;
482
483 mode = hci_get_inquiry_mode(hdev);
484
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
486}
487
488static void hci_setup_event_mask(struct hci_dev *hdev)
489{
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
494
6de6c18d
VT		 495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
5a13b095 497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 498 return;
499
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 505
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
508
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
511
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
514
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
517
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
520
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
535 }
536
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
539
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
541}
542
e6100a25
AG		 543static void hci_set_le_support(struct hci_dev *hdev)
544{
545 struct hci_cp_write_le_host_supported cp;
546
547 memset(&cp, 0, sizeof(cp));
548
549 if (enable_le) {
550 cp.le = 1;
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
552 }
553
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
555}
556
d5859e22
JH		 557static void hci_setup(struct hci_dev *hdev)
558{
e61ef499
AE		 559 if (hdev->dev_type != HCI_BREDR)
560 return;
561
d5859e22
JH		 562 hci_setup_event_mask(hdev);
563
d095c1eb 564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
566
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
568 u8 mode = 0x01;
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
570 }
571
572 if (hdev->features[3] & LMP_RSSI_INQ)
573 hci_setup_inquiry_mode(hdev);
574
575 if (hdev->features[7] & LMP_INQ_TX_PWR)
576 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 577
578 if (hdev->features[7] & LMP_EXTFEATURES) {
579 struct hci_cp_read_local_ext_features cp;
580
581 cp.page = 0x01;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 sizeof(cp), &cp);
584 }
e6100a25
AG		 585
586 if (hdev->features[4] & LMP_LE)
587 hci_set_le_support(hdev);
d5859e22
JH		 588}
589
a9de9248
MH		 590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 593
a9de9248 594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 595
a9de9248
MH		 596 if (rp->status)
597 return;
1143e5a6 598
a9de9248 599 hdev->hci_ver = rp->hci_ver;
e4e8e37c 600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 601 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 604
a9de9248
MH		 605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
606 hdev->manufacturer,
607 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 608
609 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev);
611}
612
613static void hci_setup_link_policy(struct hci_dev *hdev)
614{
615 u16 link_policy = 0;
616
617 if (hdev->features[0] & LMP_RSWITCH)
618 link_policy |= HCI_LP_RSWITCH;
619 if (hdev->features[0] & LMP_HOLD)
620 link_policy |= HCI_LP_HOLD;
621 if (hdev->features[0] & LMP_SNIFF)
622 link_policy |= HCI_LP_SNIFF;
623 if (hdev->features[1] & LMP_PARK)
624 link_policy |= HCI_LP_PARK;
625
626 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
628 sizeof(link_policy), &link_policy);
a9de9248 629}
1da177e4 630
a9de9248
MH		 631static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
632{
633 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 634
a9de9248 635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 636
a9de9248 637 if (rp->status)
d5859e22 638 goto done;
1da177e4 639
a9de9248 640 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 641
642 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
643 hci_setup_link_policy(hdev);
644
645done:
646 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 647}
1da177e4 648
a9de9248
MH		 649static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
650{
651 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 652
a9de9248 653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 654
a9de9248
MH		 655 if (rp->status)
656 return;
5b7f9909 657
a9de9248 658 memcpy(hdev->features, rp->features, 8);
5b7f9909 659
a9de9248
MH		 660 /* Adjust default settings according to features
661 * supported by device. */
1da177e4 662
a9de9248
MH		 663 if (hdev->features[0] & LMP_3SLOT)
664 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_5SLOT)
667 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[1] & LMP_HV2) {
670 hdev->pkt_type |= (HCI_HV2);
671 hdev->esco_type |= (ESCO_HV2);
672 }
1da177e4 673
a9de9248
MH		 674 if (hdev->features[1] & LMP_HV3) {
675 hdev->pkt_type |= (HCI_HV3);
676 hdev->esco_type |= (ESCO_HV3);
677 }
1da177e4 678
a9de9248
MH		 679 if (hdev->features[3] & LMP_ESCO)
680 hdev->esco_type |= (ESCO_EV3);
da1f5198 681
a9de9248
MH		 682 if (hdev->features[4] & LMP_EV4)
683 hdev->esco_type |= (ESCO_EV4);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV5)
686 hdev->esco_type |= (ESCO_EV5);
1da177e4 687
efc7688b
MH		 688 if (hdev->features[5] & LMP_EDR_ESCO_2M)
689 hdev->esco_type |= (ESCO_2EV3);
690
691 if (hdev->features[5] & LMP_EDR_ESCO_3M)
692 hdev->esco_type |= (ESCO_3EV3);
693
694 if (hdev->features[5] & LMP_EDR_3S_ESCO)
695 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
696
a9de9248
MH		 697 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
698 hdev->features[0], hdev->features[1],
699 hdev->features[2], hdev->features[3],
700 hdev->features[4], hdev->features[5],
701 hdev->features[6], hdev->features[7]);
702}
1da177e4 703
971e3a4b
AG		 704static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
705 struct sk_buff *skb)
706{
707 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
708
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
710
711 if (rp->status)
712 return;
713
b5b32b65
AG		 714 switch (rp->page) {
715 case 0:
716 memcpy(hdev->features, rp->features, 8);
717 break;
718 case 1:
719 memcpy(hdev->host_features, rp->features, 8);
720 break;
721 }
971e3a4b
AG		 722
723 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
724}
725
1e89cffb
AE		 726static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
727 struct sk_buff *skb)
728{
729 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
730
731 BT_DBG("%s status 0x%x", hdev->name, rp->status);
732
733 if (rp->status)
734 return;
735
736 hdev->flow_ctl_mode = rp->mode;
737
738 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
739}
740
a9de9248
MH		 741static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
742{
743 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 744
a9de9248 745 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 746
a9de9248
MH		 747 if (rp->status)
748 return;
1da177e4 749
a9de9248
MH		 750 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
751 hdev->sco_mtu = rp->sco_mtu;
752 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
753 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
754
755 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
756 hdev->sco_mtu = 64;
757 hdev->sco_pkts = 8;
1da177e4 758 }
a9de9248
MH		 759
760 hdev->acl_cnt = hdev->acl_pkts;
761 hdev->sco_cnt = hdev->sco_pkts;
762
763 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
764 hdev->acl_mtu, hdev->acl_pkts,
765 hdev->sco_mtu, hdev->sco_pkts);
766}
767
768static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
769{
770 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
771
772 BT_DBG("%s status 0x%x", hdev->name, rp->status);
773
774 if (!rp->status)
775 bacpy(&hdev->bdaddr, &rp->bdaddr);
776
23bb5763
JH		 777 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
778}
779
350ee4cf
AE		 780static void hci_cc_read_data_block_size(struct hci_dev *hdev,
781 struct sk_buff *skb)
782{
783 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
784
785 BT_DBG("%s status 0x%x", hdev->name, rp->status);
786
787 if (rp->status)
788 return;
789
790 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
791 hdev->block_len = __le16_to_cpu(rp->block_len);
792 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
793
794 hdev->block_cnt = hdev->num_blocks;
795
796 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
797 hdev->block_cnt, hdev->block_len);
798
799 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
800}
801
23bb5763
JH		 802static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
803{
804 __u8 status = *((__u8 *) skb->data);
805
806 BT_DBG("%s status 0x%x", hdev->name, status);
807
808 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 809}
810
928abaa7
AE		 811static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
812 struct sk_buff *skb)
813{
814 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
815
816 BT_DBG("%s status 0x%x", hdev->name, rp->status);
817
818 if (rp->status)
819 return;
820
821 hdev->amp_status = rp->amp_status;
822 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
823 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
824 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
825 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
826 hdev->amp_type = rp->amp_type;
827 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
828 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
829 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
830 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
831
832 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
833}
834
b0916ea0
JH		 835static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 __u8 status = *((__u8 *) skb->data);
839
840 BT_DBG("%s status 0x%x", hdev->name, status);
841
842 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
843}
844
d5859e22
JH		 845static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
846{
847 __u8 status = *((__u8 *) skb->data);
848
849 BT_DBG("%s status 0x%x", hdev->name, status);
850
851 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
852}
853
854static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
855 struct sk_buff *skb)
856{
857 __u8 status = *((__u8 *) skb->data);
858
859 BT_DBG("%s status 0x%x", hdev->name, status);
860
861 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
862}
863
864static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 __u8 status = *((__u8 *) skb->data);
868
869 BT_DBG("%s status 0x%x", hdev->name, status);
870
871 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
872}
873
874static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
878 BT_DBG("%s status 0x%x", hdev->name, status);
879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
881}
882
980e1a53
JH		 883static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
884{
885 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
886 struct hci_cp_pin_code_reply *cp;
887 struct hci_conn *conn;
888
889 BT_DBG("%s status 0x%x", hdev->name, rp->status);
890
56e5cb86
JH		 891 hci_dev_lock(hdev);
892
980e1a53 893 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 894 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 895
896 if (rp->status != 0)
56e5cb86 897 goto unlock;
980e1a53
JH		 898
899 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
900 if (!cp)
56e5cb86 901 goto unlock;
980e1a53
JH		 902
903 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
904 if (conn)
905 conn->pin_length = cp->pin_len;
56e5cb86
JH		 906
907unlock:
908 hci_dev_unlock(hdev);
980e1a53
JH		 909}
910
911static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
912{
913 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
914
915 BT_DBG("%s status 0x%x", hdev->name, rp->status);
916
56e5cb86
JH		 917 hci_dev_lock(hdev);
918
980e1a53 919 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 920 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 921 rp->status);
56e5cb86
JH		 922
923 hci_dev_unlock(hdev);
980e1a53 924}
56e5cb86 925
6ed58ec5
VT		 926static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
927 struct sk_buff *skb)
928{
929 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
930
931 BT_DBG("%s status 0x%x", hdev->name, rp->status);
932
933 if (rp->status)
934 return;
935
936 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
937 hdev->le_pkts = rp->le_max_pkt;
938
939 hdev->le_cnt = hdev->le_pkts;
940
941 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
942
943 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
944}
980e1a53 945
a5c29683
JH		 946static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
947{
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
949
950 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951
56e5cb86
JH		 952 hci_dev_lock(hdev);
953
a5c29683 954 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 955 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 956 rp->status);
56e5cb86
JH		 957
958 hci_dev_unlock(hdev);
a5c29683
JH		 959}
960
961static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
962 struct sk_buff *skb)
963{
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965
966 BT_DBG("%s status 0x%x", hdev->name, rp->status);
967
56e5cb86
JH		 968 hci_dev_lock(hdev);
969
a5c29683 970 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 971 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 972 rp->status);
56e5cb86
JH		 973
974 hci_dev_unlock(hdev);
a5c29683
JH		 975}
976
1143d458
BG		 977static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
978{
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
980
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
982
983 hci_dev_lock(hdev);
984
985 if (test_bit(HCI_MGMT, &hdev->flags))
986 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
987 rp->status);
988
989 hci_dev_unlock(hdev);
990}
991
992static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
993 struct sk_buff *skb)
994{
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
996
997 BT_DBG("%s status 0x%x", hdev->name, rp->status);
998
999 hci_dev_lock(hdev);
1000
1001 if (test_bit(HCI_MGMT, &hdev->flags))
1002 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1003 rp->status);
1004
1005 hci_dev_unlock(hdev);
1006}
1007
c35938b2
SJ		 1008static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1010{
1011 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1014
56e5cb86 1015 hci_dev_lock(hdev);
744cf19e 1016 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1017 rp->randomizer, rp->status);
56e5cb86 1018 hci_dev_unlock(hdev);
c35938b2
SJ		 1019}
1020
07f7fa5d
AG		 1021static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 __u8 status = *((__u8 *) skb->data);
1024
1025 BT_DBG("%s status 0x%x", hdev->name, status);
1026}
1027
eb9d91f5
AG		 1028static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1029 struct sk_buff *skb)
1030{
1031 struct hci_cp_le_set_scan_enable *cp;
1032 __u8 status = *((__u8 *) skb->data);
1033
1034 BT_DBG("%s status 0x%x", hdev->name, status);
1035
1036 if (status)
1037 return;
1038
1039 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1040 if (!cp)
1041 return;
1042
68a8aea4
AE		 1043 switch (cp->enable) {
1044 case LE_SCANNING_ENABLED:
d23264a8
AG		 1045 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1046
db323f2f 1047 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1048
1049 hci_dev_lock(hdev);
eb9d91f5 1050 hci_adv_entries_clear(hdev);
a8f13c8c 1051 hci_dev_unlock(hdev);
68a8aea4
AE		 1052 break;
1053
1054 case LE_SCANNING_DISABLED:
d23264a8
AG		 1055 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1056
d084329e 1057 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1058 break;
1059
1060 default:
1061 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1062 break;
35815085 1063 }
eb9d91f5
AG		 1064}
1065
a7a595f6
VCG		 1066static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1067{
1068 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1069
1070 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1071
1072 if (rp->status)
1073 return;
1074
1075 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1076}
1077
1078static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1079{
1080 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1081
1082 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1083
1084 if (rp->status)
1085 return;
1086
1087 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1088}
1089
f9b49306
AG		 1090static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1091 struct sk_buff *skb)
1092{
1093 struct hci_cp_read_local_ext_features cp;
1094 __u8 status = *((__u8 *) skb->data);
1095
1096 BT_DBG("%s status 0x%x", hdev->name, status);
1097
1098 if (status)
1099 return;
1100
1101 cp.page = 0x01;
1102 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1103}
1104
a9de9248
MH		 1105static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1106{
1107 BT_DBG("%s status 0x%x", hdev->name, status);
1108
1109 if (status) {
23bb5763 1110 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1111 hci_conn_check_pending(hdev);
56e5cb86 1112 hci_dev_lock(hdev);
164a6e78 1113 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1114 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1115 hci_dev_unlock(hdev);
314b2381
JH		 1116 return;
1117 }
1118
89352e7d
AG		 1119 set_bit(HCI_INQUIRY, &hdev->flags);
1120
56e5cb86 1121 hci_dev_lock(hdev);
744cf19e 1122 mgmt_discovering(hdev, 1);
56e5cb86 1123 hci_dev_unlock(hdev);
1da177e4
LT		 1124}
1125
1da177e4
LT		 1126static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1127{
a9de9248 1128 struct hci_cp_create_conn *cp;
1da177e4 1129 struct hci_conn *conn;
1da177e4 1130
a9de9248
MH		 1131 BT_DBG("%s status 0x%x", hdev->name, status);
1132
1133 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1134 if (!cp)
1135 return;
1136
1137 hci_dev_lock(hdev);
1138
1139 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1140
a9de9248 1141 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1142
1143 if (status) {
1144 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1145 if (status != 0x0c || conn->attempt > 2) {
1146 conn->state = BT_CLOSED;
1147 hci_proto_connect_cfm(conn, status);
1148 hci_conn_del(conn);
1149 } else
1150 conn->state = BT_CONNECT2;
1da177e4
LT		 1151 }
1152 } else {
1153 if (!conn) {
1154 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1155 if (conn) {
1156 conn->out = 1;
1157 conn->link_mode |= HCI_LM_MASTER;
1158 } else
893ef971 1159 BT_ERR("No memory for new connection");
1da177e4
LT		 1160 }
1161 }
1162
1163 hci_dev_unlock(hdev);
1164}
1165
a9de9248 1166static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1167{
a9de9248
MH		 1168 struct hci_cp_add_sco *cp;
1169 struct hci_conn *acl, *sco;
1170 __u16 handle;
1da177e4 1171
b6a0dc82
MH		 1172 BT_DBG("%s status 0x%x", hdev->name, status);
1173
a9de9248
MH		 1174 if (!status)
1175 return;
1da177e4 1176
a9de9248
MH		 1177 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1178 if (!cp)
1179 return;
1da177e4 1180
a9de9248 1181 handle = __le16_to_cpu(cp->handle);
1da177e4 1182
a9de9248 1183 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1184
a9de9248 1185 hci_dev_lock(hdev);
1da177e4 1186
a9de9248 1187 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1188 if (acl) {
1189 sco = acl->link;
1190 if (sco) {
1191 sco->state = BT_CLOSED;
1da177e4 1192
5a08ecce
AE		 1193 hci_proto_connect_cfm(sco, status);
1194 hci_conn_del(sco);
1195 }
a9de9248 1196 }
1da177e4 1197
a9de9248
MH		 1198 hci_dev_unlock(hdev);
1199}
1da177e4 1200
f8558555
MH		 1201static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1202{
1203 struct hci_cp_auth_requested *cp;
1204 struct hci_conn *conn;
1205
1206 BT_DBG("%s status 0x%x", hdev->name, status);
1207
1208 if (!status)
1209 return;
1210
1211 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1212 if (!cp)
1213 return;
1214
1215 hci_dev_lock(hdev);
1216
1217 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1218 if (conn) {
1219 if (conn->state == BT_CONFIG) {
1220 hci_proto_connect_cfm(conn, status);
1221 hci_conn_put(conn);
1222 }
1223 }
1224
1225 hci_dev_unlock(hdev);
1226}
1227
1228static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1229{
1230 struct hci_cp_set_conn_encrypt *cp;
1231 struct hci_conn *conn;
1232
1233 BT_DBG("%s status 0x%x", hdev->name, status);
1234
1235 if (!status)
1236 return;
1237
1238 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1239 if (!cp)
1240 return;
1241
1242 hci_dev_lock(hdev);
1243
1244 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1245 if (conn) {
1246 if (conn->state == BT_CONFIG) {
1247 hci_proto_connect_cfm(conn, status);
1248 hci_conn_put(conn);
1249 }
1250 }
1251
1252 hci_dev_unlock(hdev);
1253}
1254
127178d2 1255static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1256 struct hci_conn *conn)
392599b9 1257{
392599b9
JH		 1258 if (conn->state != BT_CONFIG || !conn->out)
1259 return 0;
1260
765c2a96 1261 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1262 return 0;
1263
1264 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1265 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1266 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1267 conn->pending_sec_level != BT_SECURITY_HIGH &&
1268 !(conn->auth_type & 0x01))
392599b9
JH		 1269 return 0;
1270
392599b9
JH		 1271 return 1;
1272}
1273
a9de9248
MH		 1274static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1275{
127178d2
JH		 1276 struct hci_cp_remote_name_req *cp;
1277 struct hci_conn *conn;
1278
a9de9248 1279 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1280
1281 /* If successful wait for the name req complete event before
1282 * checking for the need to do authentication */
1283 if (!status)
1284 return;
1285
1286 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1287 if (!cp)
1288 return;
1289
1290 hci_dev_lock(hdev);
1291
1292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1293 if (!conn)
1294 goto unlock;
1295
1296 if (!hci_outgoing_auth_needed(hdev, conn))
1297 goto unlock;
1298
1299 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1300 struct hci_cp_auth_requested cp;
1301 cp.handle = __cpu_to_le16(conn->handle);
1302 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1303 }
1304
79c6c70c 1305unlock:
127178d2 1306 hci_dev_unlock(hdev);
a9de9248 1307}
1da177e4 1308
769be974
MH		 1309static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1310{
1311 struct hci_cp_read_remote_features *cp;
1312 struct hci_conn *conn;
1313
1314 BT_DBG("%s status 0x%x", hdev->name, status);
1315
1316 if (!status)
1317 return;
1318
1319 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1320 if (!cp)
1321 return;
1322
1323 hci_dev_lock(hdev);
1324
1325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1326 if (conn) {
1327 if (conn->state == BT_CONFIG) {
769be974
MH		 1328 hci_proto_connect_cfm(conn, status);
1329 hci_conn_put(conn);
1330 }
1331 }
1332
1333 hci_dev_unlock(hdev);
1334}
1335
1336static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1337{
1338 struct hci_cp_read_remote_ext_features *cp;
1339 struct hci_conn *conn;
1340
1341 BT_DBG("%s status 0x%x", hdev->name, status);
1342
1343 if (!status)
1344 return;
1345
1346 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1347 if (!cp)
1348 return;
1349
1350 hci_dev_lock(hdev);
1351
1352 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1353 if (conn) {
1354 if (conn->state == BT_CONFIG) {
769be974
MH		 1355 hci_proto_connect_cfm(conn, status);
1356 hci_conn_put(conn);
1357 }
1358 }
1359
1360 hci_dev_unlock(hdev);
1361}
1362
a9de9248
MH		 1363static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1364{
b6a0dc82
MH		 1365 struct hci_cp_setup_sync_conn *cp;
1366 struct hci_conn *acl, *sco;
1367 __u16 handle;
1368
a9de9248 1369 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1370
1371 if (!status)
1372 return;
1373
1374 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1375 if (!cp)
1376 return;
1377
1378 handle = __le16_to_cpu(cp->handle);
1379
1380 BT_DBG("%s handle %d", hdev->name, handle);
1381
1382 hci_dev_lock(hdev);
1383
1384 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1385 if (acl) {
1386 sco = acl->link;
1387 if (sco) {
1388 sco->state = BT_CLOSED;
b6a0dc82 1389
5a08ecce
AE		 1390 hci_proto_connect_cfm(sco, status);
1391 hci_conn_del(sco);
1392 }
b6a0dc82
MH		 1393 }
1394
1395 hci_dev_unlock(hdev);
1da177e4
LT		 1396}
1397
a9de9248 1398static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1399{
a9de9248
MH		 1400 struct hci_cp_sniff_mode *cp;
1401 struct hci_conn *conn;
1da177e4 1402
a9de9248 1403 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1404
a9de9248
MH		 1405 if (!status)
1406 return;
04837f64 1407
a9de9248
MH		 1408 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1409 if (!cp)
1410 return;
04837f64 1411
a9de9248 1412 hci_dev_lock(hdev);
04837f64 1413
a9de9248 1414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1415 if (conn) {
a9de9248 1416 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1417
e73439d8
MH		 1418 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1419 hci_sco_setup(conn, status);
1420 }
1421
a9de9248
MH		 1422 hci_dev_unlock(hdev);
1423}
04837f64 1424
a9de9248
MH		 1425static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1426{
1427 struct hci_cp_exit_sniff_mode *cp;
1428 struct hci_conn *conn;
04837f64 1429
a9de9248 1430 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1431
a9de9248
MH		 1432 if (!status)
1433 return;
04837f64 1434
a9de9248
MH		 1435 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1436 if (!cp)
1437 return;
04837f64 1438
a9de9248 1439 hci_dev_lock(hdev);
1da177e4 1440
a9de9248 1441 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1442 if (conn) {
a9de9248 1443 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1444
e73439d8
MH		 1445 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1446 hci_sco_setup(conn, status);
1447 }
1448
a9de9248 1449 hci_dev_unlock(hdev);
1da177e4
LT		 1450}
1451
fcd89c09
VT		 1452static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1453{
1454 struct hci_cp_le_create_conn *cp;
1455 struct hci_conn *conn;
1456
1457 BT_DBG("%s status 0x%x", hdev->name, status);
1458
1459 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1460 if (!cp)
1461 return;
1462
1463 hci_dev_lock(hdev);
1464
1465 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1466
1467 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1468 conn);
1469
1470 if (status) {
1471 if (conn && conn->state == BT_CONNECT) {
1472 conn->state = BT_CLOSED;
1473 hci_proto_connect_cfm(conn, status);
1474 hci_conn_del(conn);
1475 }
1476 } else {
1477 if (!conn) {
1478 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1479 if (conn) {
1480 conn->dst_type = cp->peer_addr_type;
fcd89c09 1481 conn->out = 1;
29b7988a 1482 } else {
fcd89c09 1483 BT_ERR("No memory for new connection");
29b7988a 1484 }
fcd89c09
VT		 1485 }
1486 }
1487
1488 hci_dev_unlock(hdev);
1489}
1490
a7a595f6
VCG		 1491static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1492{
1493 BT_DBG("%s status 0x%x", hdev->name, status);
1494}
1495
1da177e4
LT		 1496static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1497{
1498 __u8 status = *((__u8 *) skb->data);
1499
1500 BT_DBG("%s status %d", hdev->name, status);
1501
23bb5763 1502 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1503
a9de9248 1504 hci_conn_check_pending(hdev);
89352e7d
AG		 1505
1506 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1507 return;
1508
56e5cb86 1509 hci_dev_lock(hdev);
744cf19e 1510 mgmt_discovering(hdev, 0);
56e5cb86 1511 hci_dev_unlock(hdev);
1da177e4
LT		 1512}
1513
1da177e4
LT		 1514static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1515{
45bb4bf0 1516 struct inquiry_data data;
a9de9248 1517 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1518 int num_rsp = *((__u8 *) skb->data);
1519
1520 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1521
45bb4bf0
MH		 1522 if (!num_rsp)
1523 return;
1524
1da177e4 1525 hci_dev_lock(hdev);
45bb4bf0 1526
e17acd40 1527 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1528 bacpy(&data.bdaddr, &info->bdaddr);
1529 data.pscan_rep_mode = info->pscan_rep_mode;
1530 data.pscan_period_mode = info->pscan_period_mode;
1531 data.pscan_mode = info->pscan_mode;
1532 memcpy(data.dev_class, info->dev_class, 3);
1533 data.clock_offset = info->clock_offset;
1534 data.rssi = 0x00;
41a96212 1535 data.ssp_mode = 0x00;
1da177e4 1536 hci_inquiry_cache_update(hdev, &data);
48264f06 1537 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1538 info->dev_class, 0, NULL);
1da177e4 1539 }
45bb4bf0 1540
1da177e4
LT		 1541 hci_dev_unlock(hdev);
1542}
1543
1da177e4
LT		 1544static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1545{
a9de9248
MH		 1546 struct hci_ev_conn_complete *ev = (void *) skb->data;
1547 struct hci_conn *conn;
1da177e4
LT		 1548
1549 BT_DBG("%s", hdev->name);
1550
1551 hci_dev_lock(hdev);
1552
1553 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1554 if (!conn) {
1555 if (ev->link_type != SCO_LINK)
1556 goto unlock;
1557
1558 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1559 if (!conn)
1560 goto unlock;
1561
1562 conn->type = SCO_LINK;
1563 }
1da177e4
LT		 1564
1565 if (!ev->status) {
1566 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1567
1568 if (conn->type == ACL_LINK) {
1569 conn->state = BT_CONFIG;
1570 hci_conn_hold(conn);
052b30b0 1571 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1572 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1573 conn->dst_type);
769be974
MH		 1574 } else
1575 conn->state = BT_CONNECTED;
1da177e4 1576
9eba32b8 1577 hci_conn_hold_device(conn);
7d0db0a3
MH		 1578 hci_conn_add_sysfs(conn);
1579
1da177e4
LT		 1580 if (test_bit(HCI_AUTH, &hdev->flags))
1581 conn->link_mode |= HCI_LM_AUTH;
1582
1583 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1584 conn->link_mode |= HCI_LM_ENCRYPT;
1585
04837f64
MH		 1586 /* Get remote features */
1587 if (conn->type == ACL_LINK) {
1588 struct hci_cp_read_remote_features cp;
1589 cp.handle = ev->handle;
769be974
MH		 1590 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1591 sizeof(cp), &cp);
04837f64
MH		 1592 }
1593
1da177e4 1594 /* Set packet type for incoming connection */
d095c1eb 1595 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1596 struct hci_cp_change_conn_ptype cp;
1597 cp.handle = ev->handle;
a8746417
MH		 1598 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1599 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1600 sizeof(cp), &cp);
1da177e4 1601 }
17d5c04c 1602 } else {
1da177e4 1603 conn->state = BT_CLOSED;
17d5c04c 1604 if (conn->type == ACL_LINK)
744cf19e 1605 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1606 conn->dst_type, ev->status);
17d5c04c 1607 }
1da177e4 1608
e73439d8
MH		 1609 if (conn->type == ACL_LINK)
1610 hci_sco_setup(conn, ev->status);
1da177e4 1611
769be974
MH		 1612 if (ev->status) {
1613 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1614 hci_conn_del(conn);
c89b6e6b
MH		 1615 } else if (ev->link_type != ACL_LINK)
1616 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1617
a9de9248 1618unlock:
1da177e4 1619 hci_dev_unlock(hdev);
1da177e4 1620
a9de9248 1621 hci_conn_check_pending(hdev);
1da177e4
LT		 1622}
1623
a9de9248 1624static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1625{
a9de9248
MH		 1626 struct hci_ev_conn_request *ev = (void *) skb->data;
1627 int mask = hdev->link_mode;
1da177e4 1628
a9de9248
MH		 1629 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1630 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1631
a9de9248 1632 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1633
138d22ef
SJ		 1634 if ((mask & HCI_LM_ACCEPT) &&
1635 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1636 /* Connection accepted */
c7bdd502 1637 struct inquiry_entry *ie;
1da177e4 1638 struct hci_conn *conn;
1da177e4 1639
a9de9248 1640 hci_dev_lock(hdev);
b6a0dc82 1641
cc11b9c1
AE		 1642 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1643 if (ie)
c7bdd502
MH		 1644 memcpy(ie->data.dev_class, ev->dev_class, 3);
1645
a9de9248
MH		 1646 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1647 if (!conn) {
cc11b9c1
AE		 1648 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1649 if (!conn) {
893ef971 1650 BT_ERR("No memory for new connection");
a9de9248
MH		 1651 hci_dev_unlock(hdev);
1652 return;
1da177e4
LT		 1653 }
1654 }
b6a0dc82 1655
a9de9248
MH		 1656 memcpy(conn->dev_class, ev->dev_class, 3);
1657 conn->state = BT_CONNECT;
b6a0dc82 1658
a9de9248 1659 hci_dev_unlock(hdev);
1da177e4 1660
b6a0dc82
MH		 1661 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1662 struct hci_cp_accept_conn_req cp;
1da177e4 1663
b6a0dc82
MH		 1664 bacpy(&cp.bdaddr, &ev->bdaddr);
1665
1666 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1667 cp.role = 0x00; /* Become master */
1668 else
1669 cp.role = 0x01; /* Remain slave */
1670
1671 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1672 sizeof(cp), &cp);
1673 } else {
1674 struct hci_cp_accept_sync_conn_req cp;
1675
1676 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1677 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1678
1679 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1680 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1681 cp.max_latency = cpu_to_le16(0xffff);
1682 cp.content_format = cpu_to_le16(hdev->voice_setting);
1683 cp.retrans_effort = 0xff;
1da177e4 1684
b6a0dc82
MH		 1685 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1686 sizeof(cp), &cp);
1687 }
a9de9248
MH		 1688 } else {
1689 /* Connection rejected */
1690 struct hci_cp_reject_conn_req cp;
1da177e4 1691
a9de9248 1692 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1693 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1694 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1695 }
1da177e4
LT		 1696}
1697
a9de9248 1698static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1699{
a9de9248 1700 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1701 struct hci_conn *conn;
1702
1703 BT_DBG("%s status %d", hdev->name, ev->status);
1704
1705 hci_dev_lock(hdev);
1706
1707 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1708 if (!conn)
1709 goto unlock;
7d0db0a3 1710
37d9ef76
JH		 1711 if (ev->status == 0)
1712 conn->state = BT_CLOSED;
04837f64 1713
37d9ef76
JH		 1714 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1715 if (ev->status != 0)
1716 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1717 else
1718 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1719 conn->dst_type);
37d9ef76 1720 }
f7520543 1721
37d9ef76
JH		 1722 if (ev->status == 0) {
1723 hci_proto_disconn_cfm(conn, ev->reason);
1724 hci_conn_del(conn);
1725 }
f7520543
JH		 1726
1727unlock:
04837f64
MH		 1728 hci_dev_unlock(hdev);
1729}
1730
1da177e4
LT		 1731static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1732{
a9de9248 1733 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1734 struct hci_conn *conn;
1da177e4
LT		 1735
1736 BT_DBG("%s status %d", hdev->name, ev->status);
1737
1738 hci_dev_lock(hdev);
1739
04837f64 1740 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1741 if (!conn)
1742 goto unlock;
1743
1744 if (!ev->status) {
1745 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1746 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1747 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1748 } else {
d7556e20
WR		 1749 conn->link_mode |= HCI_LM_AUTH;
1750 conn->sec_level = conn->pending_sec_level;
2a611692 1751 }
d7556e20 1752 } else {
744cf19e 1753 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1754 }
1da177e4 1755
d7556e20
WR		 1756 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1757 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1758
d7556e20
WR		 1759 if (conn->state == BT_CONFIG) {
1760 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1761 struct hci_cp_set_conn_encrypt cp;
1762 cp.handle = ev->handle;
1763 cp.encrypt = 0x01;
1764 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1765 &cp);
052b30b0 1766 } else {
d7556e20
WR		 1767 conn->state = BT_CONNECTED;
1768 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1769 hci_conn_put(conn);
1770 }
d7556e20
WR		 1771 } else {
1772 hci_auth_cfm(conn, ev->status);
052b30b0 1773
d7556e20
WR		 1774 hci_conn_hold(conn);
1775 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1776 hci_conn_put(conn);
1777 }
1778
1779 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1780 if (!ev->status) {
1781 struct hci_cp_set_conn_encrypt cp;
1782 cp.handle = ev->handle;
1783 cp.encrypt = 0x01;
1784 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1785 &cp);
1786 } else {
1787 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1788 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1789 }
1790 }
1791
d7556e20 1792unlock:
1da177e4
LT		 1793 hci_dev_unlock(hdev);
1794}
1795
a9de9248 1796static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1797{
127178d2
JH		 1798 struct hci_ev_remote_name *ev = (void *) skb->data;
1799 struct hci_conn *conn;
1800
a9de9248 1801 BT_DBG("%s", hdev->name);
1da177e4 1802
a9de9248 1803 hci_conn_check_pending(hdev);
127178d2
JH		 1804
1805 hci_dev_lock(hdev);
1806
a88a9652 1807 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1808 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1809
127178d2 1810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1811 if (!conn)
1812 goto unlock;
1813
1814 if (!hci_outgoing_auth_needed(hdev, conn))
1815 goto unlock;
1816
1817 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1818 struct hci_cp_auth_requested cp;
1819 cp.handle = __cpu_to_le16(conn->handle);
1820 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1821 }
1822
79c6c70c 1823unlock:
127178d2 1824 hci_dev_unlock(hdev);
a9de9248
MH		 1825}
1826
1827static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1828{
1829 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1830 struct hci_conn *conn;
1831
1832 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1833
1834 hci_dev_lock(hdev);
1835
04837f64 1836 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1837 if (conn) {
1838 if (!ev->status) {
ae293196
MH		 1839 if (ev->encrypt) {
1840 /* Encryption implies authentication */
1841 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1842 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1843 conn->sec_level = conn->pending_sec_level;
ae293196 1844 } else
1da177e4
LT		 1845 conn->link_mode &= ~HCI_LM_ENCRYPT;
1846 }
1847
1848 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1849
f8558555
MH		 1850 if (conn->state == BT_CONFIG) {
1851 if (!ev->status)
1852 conn->state = BT_CONNECTED;
1853
1854 hci_proto_connect_cfm(conn, ev->status);
1855 hci_conn_put(conn);
1856 } else
1857 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1858 }
1859
1860 hci_dev_unlock(hdev);
1861}
1862
a9de9248 1863static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1864{
a9de9248 1865 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1866 struct hci_conn *conn;
1da177e4
LT		 1867
1868 BT_DBG("%s status %d", hdev->name, ev->status);
1869
1870 hci_dev_lock(hdev);
1871
04837f64 1872 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1873 if (conn) {
1874 if (!ev->status)
1875 conn->link_mode |= HCI_LM_SECURE;
1876
1877 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1878
1879 hci_key_change_cfm(conn, ev->status);
1880 }
1881
1882 hci_dev_unlock(hdev);
1883}
1884
a9de9248 1885static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1886{
a9de9248
MH		 1887 struct hci_ev_remote_features *ev = (void *) skb->data;
1888 struct hci_conn *conn;
1889
1890 BT_DBG("%s status %d", hdev->name, ev->status);
1891
a9de9248
MH		 1892 hci_dev_lock(hdev);
1893
1894 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1895 if (!conn)
1896 goto unlock;
769be974 1897
ccd556fe
JH		 1898 if (!ev->status)
1899 memcpy(conn->features, ev->features, 8);
1900
1901 if (conn->state != BT_CONFIG)
1902 goto unlock;
1903
1904 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1905 struct hci_cp_read_remote_ext_features cp;
1906 cp.handle = ev->handle;
1907 cp.page = 0x01;
1908 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1909 sizeof(cp), &cp);
392599b9
JH		 1910 goto unlock;
1911 }
1912
127178d2
JH		 1913 if (!ev->status) {
1914 struct hci_cp_remote_name_req cp;
1915 memset(&cp, 0, sizeof(cp));
1916 bacpy(&cp.bdaddr, &conn->dst);
1917 cp.pscan_rep_mode = 0x02;
1918 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1919 }
392599b9 1920
127178d2 1921 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1922 conn->state = BT_CONNECTED;
1923 hci_proto_connect_cfm(conn, ev->status);
1924 hci_conn_put(conn);
769be974 1925 }
a9de9248 1926
ccd556fe 1927unlock:
a9de9248 1928 hci_dev_unlock(hdev);
1da177e4
LT		 1929}
1930
a9de9248 1931static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1932{
a9de9248 1933 BT_DBG("%s", hdev->name);
1da177e4
LT		 1934}
1935
a9de9248 1936static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1937{
a9de9248 1938 BT_DBG("%s", hdev->name);
1da177e4
LT		 1939}
1940
a9de9248
MH		 1941static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1942{
1943 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1944 __u16 opcode;
1945
1946 skb_pull(skb, sizeof(*ev));
1947
1948 opcode = __le16_to_cpu(ev->opcode);
1949
1950 switch (opcode) {
1951 case HCI_OP_INQUIRY_CANCEL:
1952 hci_cc_inquiry_cancel(hdev, skb);
1953 break;
1954
1955 case HCI_OP_EXIT_PERIODIC_INQ:
1956 hci_cc_exit_periodic_inq(hdev, skb);
1957 break;
1958
1959 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1960 hci_cc_remote_name_req_cancel(hdev, skb);
1961 break;
1962
1963 case HCI_OP_ROLE_DISCOVERY:
1964 hci_cc_role_discovery(hdev, skb);
1965 break;
1966
e4e8e37c
MH		 1967 case HCI_OP_READ_LINK_POLICY:
1968 hci_cc_read_link_policy(hdev, skb);
1969 break;
1970
a9de9248
MH		 1971 case HCI_OP_WRITE_LINK_POLICY:
1972 hci_cc_write_link_policy(hdev, skb);
1973 break;
1974
e4e8e37c
MH		 1975 case HCI_OP_READ_DEF_LINK_POLICY:
1976 hci_cc_read_def_link_policy(hdev, skb);
1977 break;
1978
1979 case HCI_OP_WRITE_DEF_LINK_POLICY:
1980 hci_cc_write_def_link_policy(hdev, skb);
1981 break;
1982
a9de9248
MH		 1983 case HCI_OP_RESET:
1984 hci_cc_reset(hdev, skb);
1985 break;
1986
1987 case HCI_OP_WRITE_LOCAL_NAME:
1988 hci_cc_write_local_name(hdev, skb);
1989 break;
1990
1991 case HCI_OP_READ_LOCAL_NAME:
1992 hci_cc_read_local_name(hdev, skb);
1993 break;
1994
1995 case HCI_OP_WRITE_AUTH_ENABLE:
1996 hci_cc_write_auth_enable(hdev, skb);
1997 break;
1998
1999 case HCI_OP_WRITE_ENCRYPT_MODE:
2000 hci_cc_write_encrypt_mode(hdev, skb);
2001 break;
2002
2003 case HCI_OP_WRITE_SCAN_ENABLE:
2004 hci_cc_write_scan_enable(hdev, skb);
2005 break;
2006
2007 case HCI_OP_READ_CLASS_OF_DEV:
2008 hci_cc_read_class_of_dev(hdev, skb);
2009 break;
2010
2011 case HCI_OP_WRITE_CLASS_OF_DEV:
2012 hci_cc_write_class_of_dev(hdev, skb);
2013 break;
2014
2015 case HCI_OP_READ_VOICE_SETTING:
2016 hci_cc_read_voice_setting(hdev, skb);
2017 break;
2018
2019 case HCI_OP_WRITE_VOICE_SETTING:
2020 hci_cc_write_voice_setting(hdev, skb);
2021 break;
2022
2023 case HCI_OP_HOST_BUFFER_SIZE:
2024 hci_cc_host_buffer_size(hdev, skb);
2025 break;
2026
333140b5
MH		 2027 case HCI_OP_READ_SSP_MODE:
2028 hci_cc_read_ssp_mode(hdev, skb);
2029 break;
2030
2031 case HCI_OP_WRITE_SSP_MODE:
2032 hci_cc_write_ssp_mode(hdev, skb);
2033 break;
2034
a9de9248
MH		 2035 case HCI_OP_READ_LOCAL_VERSION:
2036 hci_cc_read_local_version(hdev, skb);
2037 break;
2038
2039 case HCI_OP_READ_LOCAL_COMMANDS:
2040 hci_cc_read_local_commands(hdev, skb);
2041 break;
2042
2043 case HCI_OP_READ_LOCAL_FEATURES:
2044 hci_cc_read_local_features(hdev, skb);
2045 break;
2046
971e3a4b
AG		 2047 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2048 hci_cc_read_local_ext_features(hdev, skb);
2049 break;
2050
a9de9248
MH		 2051 case HCI_OP_READ_BUFFER_SIZE:
2052 hci_cc_read_buffer_size(hdev, skb);
2053 break;
2054
2055 case HCI_OP_READ_BD_ADDR:
2056 hci_cc_read_bd_addr(hdev, skb);
2057 break;
2058
350ee4cf
AE		 2059 case HCI_OP_READ_DATA_BLOCK_SIZE:
2060 hci_cc_read_data_block_size(hdev, skb);
2061 break;
2062
23bb5763
JH		 2063 case HCI_OP_WRITE_CA_TIMEOUT:
2064 hci_cc_write_ca_timeout(hdev, skb);
2065 break;
2066
1e89cffb
AE		 2067 case HCI_OP_READ_FLOW_CONTROL_MODE:
2068 hci_cc_read_flow_control_mode(hdev, skb);
2069 break;
2070
928abaa7
AE		 2071 case HCI_OP_READ_LOCAL_AMP_INFO:
2072 hci_cc_read_local_amp_info(hdev, skb);
2073 break;
2074
b0916ea0
JH		 2075 case HCI_OP_DELETE_STORED_LINK_KEY:
2076 hci_cc_delete_stored_link_key(hdev, skb);
2077 break;
2078
d5859e22
JH		 2079 case HCI_OP_SET_EVENT_MASK:
2080 hci_cc_set_event_mask(hdev, skb);
2081 break;
2082
2083 case HCI_OP_WRITE_INQUIRY_MODE:
2084 hci_cc_write_inquiry_mode(hdev, skb);
2085 break;
2086
2087 case HCI_OP_READ_INQ_RSP_TX_POWER:
2088 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2089 break;
2090
2091 case HCI_OP_SET_EVENT_FLT:
2092 hci_cc_set_event_flt(hdev, skb);
2093 break;
2094
980e1a53
JH		 2095 case HCI_OP_PIN_CODE_REPLY:
2096 hci_cc_pin_code_reply(hdev, skb);
2097 break;
2098
2099 case HCI_OP_PIN_CODE_NEG_REPLY:
2100 hci_cc_pin_code_neg_reply(hdev, skb);
2101 break;
2102
c35938b2
SJ		 2103 case HCI_OP_READ_LOCAL_OOB_DATA:
2104 hci_cc_read_local_oob_data_reply(hdev, skb);
2105 break;
2106
6ed58ec5
VT		 2107 case HCI_OP_LE_READ_BUFFER_SIZE:
2108 hci_cc_le_read_buffer_size(hdev, skb);
2109 break;
2110
a5c29683
JH		 2111 case HCI_OP_USER_CONFIRM_REPLY:
2112 hci_cc_user_confirm_reply(hdev, skb);
2113 break;
2114
2115 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2116 hci_cc_user_confirm_neg_reply(hdev, skb);
2117 break;
2118
1143d458
BG		 2119 case HCI_OP_USER_PASSKEY_REPLY:
2120 hci_cc_user_passkey_reply(hdev, skb);
2121 break;
2122
2123 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2124 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2125
2126 case HCI_OP_LE_SET_SCAN_PARAM:
2127 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2128 break;
2129
eb9d91f5
AG		 2130 case HCI_OP_LE_SET_SCAN_ENABLE:
2131 hci_cc_le_set_scan_enable(hdev, skb);
2132 break;
2133
a7a595f6
VCG		 2134 case HCI_OP_LE_LTK_REPLY:
2135 hci_cc_le_ltk_reply(hdev, skb);
2136 break;
2137
2138 case HCI_OP_LE_LTK_NEG_REPLY:
2139 hci_cc_le_ltk_neg_reply(hdev, skb);
2140 break;
2141
f9b49306
AG		 2142 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2143 hci_cc_write_le_host_supported(hdev, skb);
2144 break;
2145
a9de9248
MH		 2146 default:
2147 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2148 break;
2149 }
2150
6bd32326
VT		 2151 if (ev->opcode != HCI_OP_NOP)
2152 del_timer(&hdev->cmd_timer);
2153
a9de9248
MH		 2154 if (ev->ncmd) {
2155 atomic_set(&hdev->cmd_cnt, 1);
2156 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2157 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2158 }
2159}
2160
2161static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2162{
2163 struct hci_ev_cmd_status *ev = (void *) skb->data;
2164 __u16 opcode;
2165
2166 skb_pull(skb, sizeof(*ev));
2167
2168 opcode = __le16_to_cpu(ev->opcode);
2169
2170 switch (opcode) {
2171 case HCI_OP_INQUIRY:
2172 hci_cs_inquiry(hdev, ev->status);
2173 break;
2174
2175 case HCI_OP_CREATE_CONN:
2176 hci_cs_create_conn(hdev, ev->status);
2177 break;
2178
2179 case HCI_OP_ADD_SCO:
2180 hci_cs_add_sco(hdev, ev->status);
2181 break;
2182
f8558555
MH		 2183 case HCI_OP_AUTH_REQUESTED:
2184 hci_cs_auth_requested(hdev, ev->status);
2185 break;
2186
2187 case HCI_OP_SET_CONN_ENCRYPT:
2188 hci_cs_set_conn_encrypt(hdev, ev->status);
2189 break;
2190
a9de9248
MH		 2191 case HCI_OP_REMOTE_NAME_REQ:
2192 hci_cs_remote_name_req(hdev, ev->status);
2193 break;
2194
769be974
MH		 2195 case HCI_OP_READ_REMOTE_FEATURES:
2196 hci_cs_read_remote_features(hdev, ev->status);
2197 break;
2198
2199 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2200 hci_cs_read_remote_ext_features(hdev, ev->status);
2201 break;
2202
a9de9248
MH		 2203 case HCI_OP_SETUP_SYNC_CONN:
2204 hci_cs_setup_sync_conn(hdev, ev->status);
2205 break;
2206
2207 case HCI_OP_SNIFF_MODE:
2208 hci_cs_sniff_mode(hdev, ev->status);
2209 break;
2210
2211 case HCI_OP_EXIT_SNIFF_MODE:
2212 hci_cs_exit_sniff_mode(hdev, ev->status);
2213 break;
2214
8962ee74
JH		 2215 case HCI_OP_DISCONNECT:
2216 if (ev->status != 0)
37d9ef76 2217 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2218 break;
2219
fcd89c09
VT		 2220 case HCI_OP_LE_CREATE_CONN:
2221 hci_cs_le_create_conn(hdev, ev->status);
2222 break;
2223
a7a595f6
VCG		 2224 case HCI_OP_LE_START_ENC:
2225 hci_cs_le_start_enc(hdev, ev->status);
2226 break;
2227
a9de9248
MH		 2228 default:
2229 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2230 break;
2231 }
2232
6bd32326
VT		 2233 if (ev->opcode != HCI_OP_NOP)
2234 del_timer(&hdev->cmd_timer);
2235
10572132 2236 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2237 atomic_set(&hdev->cmd_cnt, 1);
2238 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2239 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2240 }
2241}
2242
2243static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2244{
2245 struct hci_ev_role_change *ev = (void *) skb->data;
2246 struct hci_conn *conn;
2247
2248 BT_DBG("%s status %d", hdev->name, ev->status);
2249
2250 hci_dev_lock(hdev);
2251
2252 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2253 if (conn) {
2254 if (!ev->status) {
2255 if (ev->role)
2256 conn->link_mode &= ~HCI_LM_MASTER;
2257 else
2258 conn->link_mode |= HCI_LM_MASTER;
2259 }
2260
2261 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2262
2263 hci_role_switch_cfm(conn, ev->status, ev->role);
2264 }
2265
2266 hci_dev_unlock(hdev);
2267}
2268
2269static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2270{
2271 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2272 int i;
2273
2274 skb_pull(skb, sizeof(*ev));
2275
2276 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2277
32ac5b9b
AE		 2278 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2279 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2280 return;
2281 }
2282
a9de9248
MH		 2283 if (skb->len < ev->num_hndl * 4) {
2284 BT_DBG("%s bad parameters", hdev->name);
2285 return;
2286 }
2287
613a1c0c
AE		 2288 for (i = 0; i < ev->num_hndl; i++) {
2289 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2290 struct hci_conn *conn;
2291 __u16 handle, count;
2292
613a1c0c
AE		 2293 handle = __le16_to_cpu(info->handle);
2294 count = __le16_to_cpu(info->count);
a9de9248
MH		 2295
2296 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2297 if (!conn)
2298 continue;
2299
2300 conn->sent -= count;
2301
2302 switch (conn->type) {
2303 case ACL_LINK:
2304 hdev->acl_cnt += count;
2305 if (hdev->acl_cnt > hdev->acl_pkts)
2306 hdev->acl_cnt = hdev->acl_pkts;
2307 break;
2308
2309 case LE_LINK:
2310 if (hdev->le_pkts) {
2311 hdev->le_cnt += count;
2312 if (hdev->le_cnt > hdev->le_pkts)
2313 hdev->le_cnt = hdev->le_pkts;
2314 } else {
70f23020
AE		 2315 hdev->acl_cnt += count;
2316 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2317 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2318 }
f4280918
AE		 2319 break;
2320
2321 case SCO_LINK:
2322 hdev->sco_cnt += count;
2323 if (hdev->sco_cnt > hdev->sco_pkts)
2324 hdev->sco_cnt = hdev->sco_pkts;
2325 break;
2326
2327 default:
2328 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2329 break;
a9de9248
MH		 2330 }
2331 }
2332
3eff45ea 2333 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2334}
2335
2336static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2337{
a9de9248 2338 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2339 struct hci_conn *conn;
2340
2341 BT_DBG("%s status %d", hdev->name, ev->status);
2342
2343 hci_dev_lock(hdev);
2344
2345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2346 if (conn) {
2347 conn->mode = ev->mode;
2348 conn->interval = __le16_to_cpu(ev->interval);
2349
2350 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2351 if (conn->mode == HCI_CM_ACTIVE)
2352 conn->power_save = 1;
2353 else
2354 conn->power_save = 0;
2355 }
e73439d8
MH		 2356
2357 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2358 hci_sco_setup(conn, ev->status);
04837f64
MH		 2359 }
2360
2361 hci_dev_unlock(hdev);
2362}
2363
a9de9248
MH		 2364static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2365{
052b30b0
MH		 2366 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2367 struct hci_conn *conn;
2368
a9de9248 2369 BT_DBG("%s", hdev->name);
052b30b0
MH		 2370
2371 hci_dev_lock(hdev);
2372
2373 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2374 if (!conn)
2375 goto unlock;
2376
2377 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2378 hci_conn_hold(conn);
2379 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2380 hci_conn_put(conn);
2381 }
2382
03b555e1
JH		 2383 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2384 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2385 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2386 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2387 u8 secure;
2388
2389 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2390 secure = 1;
2391 else
2392 secure = 0;
2393
744cf19e 2394 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2395 }
980e1a53 2396
b6f98044 2397unlock:
052b30b0 2398 hci_dev_unlock(hdev);
a9de9248
MH		 2399}
2400
2401static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2402{
55ed8ca1
JH		 2403 struct hci_ev_link_key_req *ev = (void *) skb->data;
2404 struct hci_cp_link_key_reply cp;
2405 struct hci_conn *conn;
2406 struct link_key *key;
2407
a9de9248 2408 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2409
2410 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2411 return;
2412
2413 hci_dev_lock(hdev);
2414
2415 key = hci_find_link_key(hdev, &ev->bdaddr);
2416 if (!key) {
2417 BT_DBG("%s link key not found for %s", hdev->name,
2418 batostr(&ev->bdaddr));
2419 goto not_found;
2420 }
2421
2422 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2423 batostr(&ev->bdaddr));
2424
b6020ba0
WR		 2425 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2426 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2427 BT_DBG("%s ignoring debug key", hdev->name);
2428 goto not_found;
2429 }
2430
2431 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2432 if (conn) {
2433 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2434 conn->auth_type != 0xff &&
2435 (conn->auth_type & 0x01)) {
2436 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2437 goto not_found;
2438 }
55ed8ca1 2439
60b83f57
WR		 2440 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2441 conn->pending_sec_level == BT_SECURITY_HIGH) {
2442 BT_DBG("%s ignoring key unauthenticated for high \
2443 security", hdev->name);
2444 goto not_found;
2445 }
2446
2447 conn->key_type = key->type;
2448 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2449 }
2450
2451 bacpy(&cp.bdaddr, &ev->bdaddr);
2452 memcpy(cp.link_key, key->val, 16);
2453
2454 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2455
2456 hci_dev_unlock(hdev);
2457
2458 return;
2459
2460not_found:
2461 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2462 hci_dev_unlock(hdev);
a9de9248
MH		 2463}
2464
2465static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2466{
052b30b0
MH		 2467 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2468 struct hci_conn *conn;
55ed8ca1 2469 u8 pin_len = 0;
052b30b0 2470
a9de9248 2471 BT_DBG("%s", hdev->name);
052b30b0
MH		 2472
2473 hci_dev_lock(hdev);
2474
2475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2476 if (conn) {
2477 hci_conn_hold(conn);
2478 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2479 pin_len = conn->pin_length;
13d39315
WR		 2480
2481 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2482 conn->key_type = ev->key_type;
2483
052b30b0
MH		 2484 hci_conn_put(conn);
2485 }
2486
55ed8ca1 2487 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2488 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2489 ev->key_type, pin_len);
2490
052b30b0 2491 hci_dev_unlock(hdev);
a9de9248
MH		 2492}
2493
1da177e4
LT		 2494static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2495{
a9de9248 2496 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2497 struct hci_conn *conn;
1da177e4
LT		 2498
2499 BT_DBG("%s status %d", hdev->name, ev->status);
2500
2501 hci_dev_lock(hdev);
2502
04837f64 2503 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2504 if (conn && !ev->status) {
2505 struct inquiry_entry *ie;
2506
cc11b9c1
AE		 2507 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2508 if (ie) {
1da177e4
LT		 2509 ie->data.clock_offset = ev->clock_offset;
2510 ie->timestamp = jiffies;
2511 }
2512 }
2513
2514 hci_dev_unlock(hdev);
2515}
2516
a8746417
MH		 2517static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2518{
2519 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2520 struct hci_conn *conn;
2521
2522 BT_DBG("%s status %d", hdev->name, ev->status);
2523
2524 hci_dev_lock(hdev);
2525
2526 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2527 if (conn && !ev->status)
2528 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2529
2530 hci_dev_unlock(hdev);
2531}
2532
85a1e930
MH		 2533static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2534{
a9de9248 2535 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2536 struct inquiry_entry *ie;
2537
2538 BT_DBG("%s", hdev->name);
2539
2540 hci_dev_lock(hdev);
2541
cc11b9c1
AE		 2542 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2543 if (ie) {
85a1e930
MH		 2544 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2545 ie->timestamp = jiffies;
2546 }
2547
2548 hci_dev_unlock(hdev);
2549}
2550
a9de9248
MH		 2551static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2552{
2553 struct inquiry_data data;
2554 int num_rsp = *((__u8 *) skb->data);
2555
2556 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2557
2558 if (!num_rsp)
2559 return;
2560
2561 hci_dev_lock(hdev);
2562
2563 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2564 struct inquiry_info_with_rssi_and_pscan_mode *info;
2565 info = (void *) (skb->data + 1);
a9de9248 2566
e17acd40 2567 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2568 bacpy(&data.bdaddr, &info->bdaddr);
2569 data.pscan_rep_mode = info->pscan_rep_mode;
2570 data.pscan_period_mode = info->pscan_period_mode;
2571 data.pscan_mode = info->pscan_mode;
2572 memcpy(data.dev_class, info->dev_class, 3);
2573 data.clock_offset = info->clock_offset;
2574 data.rssi = info->rssi;
41a96212 2575 data.ssp_mode = 0x00;
a9de9248 2576 hci_inquiry_cache_update(hdev, &data);
48264f06 2577 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2578 info->dev_class, info->rssi,
2579 NULL);
a9de9248
MH		 2580 }
2581 } else {
2582 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2583
e17acd40 2584 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2585 bacpy(&data.bdaddr, &info->bdaddr);
2586 data.pscan_rep_mode = info->pscan_rep_mode;
2587 data.pscan_period_mode = info->pscan_period_mode;
2588 data.pscan_mode = 0x00;
2589 memcpy(data.dev_class, info->dev_class, 3);
2590 data.clock_offset = info->clock_offset;
2591 data.rssi = info->rssi;
41a96212 2592 data.ssp_mode = 0x00;
a9de9248 2593 hci_inquiry_cache_update(hdev, &data);
48264f06 2594 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2595 info->dev_class, info->rssi,
2596 NULL);
a9de9248
MH		 2597 }
2598 }
2599
2600 hci_dev_unlock(hdev);
2601}
2602
2603static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2604{
41a96212
MH		 2605 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2606 struct hci_conn *conn;
2607
a9de9248 2608 BT_DBG("%s", hdev->name);
41a96212 2609
41a96212
MH		 2610 hci_dev_lock(hdev);
2611
2612 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2613 if (!conn)
2614 goto unlock;
41a96212 2615
ccd556fe
JH		 2616 if (!ev->status && ev->page == 0x01) {
2617 struct inquiry_entry *ie;
41a96212 2618
cc11b9c1
AE		 2619 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2620 if (ie)
ccd556fe 2621 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2622
ccd556fe
JH		 2623 conn->ssp_mode = (ev->features[0] & 0x01);
2624 }
2625
2626 if (conn->state != BT_CONFIG)
2627 goto unlock;
2628
127178d2
JH		 2629 if (!ev->status) {
2630 struct hci_cp_remote_name_req cp;
2631 memset(&cp, 0, sizeof(cp));
2632 bacpy(&cp.bdaddr, &conn->dst);
2633 cp.pscan_rep_mode = 0x02;
2634 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2635 }
392599b9 2636
127178d2 2637 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2638 conn->state = BT_CONNECTED;
2639 hci_proto_connect_cfm(conn, ev->status);
2640 hci_conn_put(conn);
41a96212
MH		 2641 }
2642
ccd556fe 2643unlock:
41a96212 2644 hci_dev_unlock(hdev);
a9de9248
MH		 2645}
2646
2647static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2648{
b6a0dc82
MH		 2649 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2650 struct hci_conn *conn;
2651
2652 BT_DBG("%s status %d", hdev->name, ev->status);
2653
2654 hci_dev_lock(hdev);
2655
2656 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2657 if (!conn) {
2658 if (ev->link_type == ESCO_LINK)
2659 goto unlock;
2660
2661 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2662 if (!conn)
2663 goto unlock;
2664
2665 conn->type = SCO_LINK;
2666 }
b6a0dc82 2667
732547f9
MH		 2668 switch (ev->status) {
2669 case 0x00:
b6a0dc82
MH		 2670 conn->handle = __le16_to_cpu(ev->handle);
2671 conn->state = BT_CONNECTED;
7d0db0a3 2672
9eba32b8 2673 hci_conn_hold_device(conn);
7d0db0a3 2674 hci_conn_add_sysfs(conn);
732547f9
MH		 2675 break;
2676
705e5711 2677 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2678 case 0x1c: /* SCO interval rejected */
1038a00b 2679 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2680 case 0x1f: /* Unspecified error */
2681 if (conn->out && conn->attempt < 2) {
2682 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2683 (hdev->esco_type & EDR_ESCO_MASK);
2684 hci_setup_sync(conn, conn->link->handle);
2685 goto unlock;
2686 }
2687 /* fall through */
2688
2689 default:
b6a0dc82 2690 conn->state = BT_CLOSED;
732547f9
MH		 2691 break;
2692 }
b6a0dc82
MH		 2693
2694 hci_proto_connect_cfm(conn, ev->status);
2695 if (ev->status)
2696 hci_conn_del(conn);
2697
2698unlock:
2699 hci_dev_unlock(hdev);
a9de9248
MH		 2700}
2701
2702static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2703{
2704 BT_DBG("%s", hdev->name);
2705}
2706
04837f64
MH		 2707static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2708{
a9de9248 2709 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2710
2711 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2712}
2713
a9de9248 2714static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2715{
a9de9248
MH		 2716 struct inquiry_data data;
2717 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2718 int num_rsp = *((__u8 *) skb->data);
1da177e4 2719
a9de9248 2720 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2721
a9de9248
MH		 2722 if (!num_rsp)
2723 return;
1da177e4 2724
a9de9248
MH		 2725 hci_dev_lock(hdev);
2726
e17acd40 2727 for (; num_rsp; num_rsp--, info++) {
a9de9248 2728 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2729 data.pscan_rep_mode = info->pscan_rep_mode;
2730 data.pscan_period_mode = info->pscan_period_mode;
2731 data.pscan_mode = 0x00;
a9de9248 2732 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2733 data.clock_offset = info->clock_offset;
2734 data.rssi = info->rssi;
41a96212 2735 data.ssp_mode = 0x01;
a9de9248 2736 hci_inquiry_cache_update(hdev, &data);
48264f06 2737 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2738 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2739 }
2740
2741 hci_dev_unlock(hdev);
2742}
1da177e4 2743
17fa4b9d
JH		 2744static inline u8 hci_get_auth_req(struct hci_conn *conn)
2745{
2746 /* If remote requests dedicated bonding follow that lead */
2747 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2748 /* If both remote and local IO capabilities allow MITM
2749 * protection then require it, otherwise don't */
2750 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2751 return 0x02;
2752 else
2753 return 0x03;
2754 }
2755
2756 /* If remote requests no-bonding follow that lead */
2757 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2758 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2759
2760 return conn->auth_type;
2761}
2762
0493684e
MH		 2763static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2764{
2765 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2766 struct hci_conn *conn;
2767
2768 BT_DBG("%s", hdev->name);
2769
2770 hci_dev_lock(hdev);
2771
2772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2773 if (!conn)
2774 goto unlock;
2775
2776 hci_conn_hold(conn);
2777
2778 if (!test_bit(HCI_MGMT, &hdev->flags))
2779 goto unlock;
2780
2781 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2782 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2783 struct hci_cp_io_capability_reply cp;
2784
2785 bacpy(&cp.bdaddr, &ev->bdaddr);
2786 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2787 conn->auth_type = hci_get_auth_req(conn);
2788 cp.authentication = conn->auth_type;
17fa4b9d 2789
ce85ee13
SJ		 2790 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2791 hci_find_remote_oob_data(hdev, &conn->dst))
2792 cp.oob_data = 0x01;
2793 else
2794 cp.oob_data = 0x00;
2795
17fa4b9d
JH		 2796 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2797 sizeof(cp), &cp);
03b555e1
JH		 2798 } else {
2799 struct hci_cp_io_capability_neg_reply cp;
2800
2801 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2802 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2803
03b555e1
JH		 2804 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2805 sizeof(cp), &cp);
2806 }
2807
2808unlock:
2809 hci_dev_unlock(hdev);
2810}
2811
2812static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2813{
2814 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2815 struct hci_conn *conn;
2816
2817 BT_DBG("%s", hdev->name);
2818
2819 hci_dev_lock(hdev);
2820
2821 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2822 if (!conn)
2823 goto unlock;
2824
03b555e1
JH		 2825 conn->remote_cap = ev->capability;
2826 conn->remote_oob = ev->oob_data;
2827 conn->remote_auth = ev->authentication;
2828
2829unlock:
0493684e
MH		 2830 hci_dev_unlock(hdev);
2831}
2832
a5c29683
JH		 2833static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2834 struct sk_buff *skb)
2835{
2836 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2837 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2838 struct hci_conn *conn;
a5c29683
JH		 2839
2840 BT_DBG("%s", hdev->name);
2841
2842 hci_dev_lock(hdev);
2843
7a828908
JH		 2844 if (!test_bit(HCI_MGMT, &hdev->flags))
2845 goto unlock;
a5c29683 2846
7a828908
JH		 2847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2848 if (!conn)
2849 goto unlock;
2850
2851 loc_mitm = (conn->auth_type & 0x01);
2852 rem_mitm = (conn->remote_auth & 0x01);
2853
2854 /* If we require MITM but the remote device can't provide that
2855 * (it has NoInputNoOutput) then reject the confirmation
2856 * request. The only exception is when we're dedicated bonding
2857 * initiators (connect_cfm_cb set) since then we always have the MITM
2858 * bit set. */
2859 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2860 BT_DBG("Rejecting request: remote device can't provide MITM");
2861 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2862 sizeof(ev->bdaddr), &ev->bdaddr);
2863 goto unlock;
2864 }
2865
2866 /* If no side requires MITM protection; auto-accept */
2867 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2868 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2869
2870 /* If we're not the initiators request authorization to
2871 * proceed from user space (mgmt_user_confirm with
2872 * confirm_hint set to 1). */
2873 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2874 BT_DBG("Confirming auto-accept as acceptor");
2875 confirm_hint = 1;
2876 goto confirm;
2877 }
2878
9f61656a
JH		 2879 BT_DBG("Auto-accept of user confirmation with %ums delay",
2880 hdev->auto_accept_delay);
2881
2882 if (hdev->auto_accept_delay > 0) {
2883 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2884 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2885 goto unlock;
2886 }
2887
7a828908
JH		 2888 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2889 sizeof(ev->bdaddr), &ev->bdaddr);
2890 goto unlock;
2891 }
2892
55bc1a37 2893confirm:
744cf19e 2894 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2895 confirm_hint);
7a828908
JH		 2896
2897unlock:
a5c29683
JH		 2898 hci_dev_unlock(hdev);
2899}
2900
1143d458
BG		 2901static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2902 struct sk_buff *skb)
2903{
2904 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2905
2906 BT_DBG("%s", hdev->name);
2907
2908 hci_dev_lock(hdev);
2909
2910 if (test_bit(HCI_MGMT, &hdev->flags))
2911 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2912
2913 hci_dev_unlock(hdev);
2914}
2915
0493684e
MH		 2916static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2917{
2918 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2919 struct hci_conn *conn;
2920
2921 BT_DBG("%s", hdev->name);
2922
2923 hci_dev_lock(hdev);
2924
2925 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2926 if (!conn)
2927 goto unlock;
2928
2929 /* To avoid duplicate auth_failed events to user space we check
2930 * the HCI_CONN_AUTH_PEND flag which will be set if we
2931 * initiated the authentication. A traditional auth_complete
2932 * event gets always produced as initiator and is also mapped to
2933 * the mgmt_auth_failed event */
2934 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2935 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2936
2a611692
JH		 2937 hci_conn_put(conn);
2938
2939unlock:
0493684e
MH		 2940 hci_dev_unlock(hdev);
2941}
2942
41a96212
MH		 2943static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2944{
2945 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2946 struct inquiry_entry *ie;
2947
2948 BT_DBG("%s", hdev->name);
2949
2950 hci_dev_lock(hdev);
2951
cc11b9c1
AE		 2952 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2953 if (ie)
41a96212
MH		 2954 ie->data.ssp_mode = (ev->features[0] & 0x01);
2955
2956 hci_dev_unlock(hdev);
2957}
2958
2763eda6
SJ		 2959static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2960 struct sk_buff *skb)
2961{
2962 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2963 struct oob_data *data;
2964
2965 BT_DBG("%s", hdev->name);
2966
2967 hci_dev_lock(hdev);
2968
e1ba1f15
SJ		 2969 if (!test_bit(HCI_MGMT, &hdev->flags))
2970 goto unlock;
2971
2763eda6
SJ		 2972 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2973 if (data) {
2974 struct hci_cp_remote_oob_data_reply cp;
2975
2976 bacpy(&cp.bdaddr, &ev->bdaddr);
2977 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2978 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2979
2980 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2981 &cp);
2982 } else {
2983 struct hci_cp_remote_oob_data_neg_reply cp;
2984
2985 bacpy(&cp.bdaddr, &ev->bdaddr);
2986 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2987 &cp);
2988 }
2989
e1ba1f15 2990unlock:
2763eda6
SJ		 2991 hci_dev_unlock(hdev);
2992}
2993
fcd89c09
VT		 2994static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2995{
2996 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2997 struct hci_conn *conn;
2998
2999 BT_DBG("%s status %d", hdev->name, ev->status);
3000
3001 hci_dev_lock(hdev);
3002
3003 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3004 if (!conn) {
3005 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3006 if (!conn) {
3007 BT_ERR("No memory for new connection");
3008 hci_dev_unlock(hdev);
3009 return;
3010 }
29b7988a
AG		 3011
3012 conn->dst_type = ev->bdaddr_type;
b62f328b 3013 }
fcd89c09
VT		 3014
3015 if (ev->status) {
48264f06
JH		 3016 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3017 conn->dst_type, ev->status);
fcd89c09
VT		 3018 hci_proto_connect_cfm(conn, ev->status);
3019 conn->state = BT_CLOSED;
3020 hci_conn_del(conn);
3021 goto unlock;
3022 }
3023
48264f06 3024 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 3025
7b5c0d52 3026 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3027 conn->handle = __le16_to_cpu(ev->handle);
3028 conn->state = BT_CONNECTED;
3029
3030 hci_conn_hold_device(conn);
3031 hci_conn_add_sysfs(conn);
3032
3033 hci_proto_connect_cfm(conn, ev->status);
3034
3035unlock:
3036 hci_dev_unlock(hdev);
3037}
3038
9aa04c91
AG		 3039static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3040 struct sk_buff *skb)
3041{
e95beb41
AG		 3042 u8 num_reports = skb->data[0];
3043 void *ptr = &skb->data[1];
9aa04c91
AG		 3044
3045 hci_dev_lock(hdev);
3046
e95beb41
AG		 3047 while (num_reports--) {
3048 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3049
9aa04c91 3050 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 3051
3052 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3053 }
3054
3055 hci_dev_unlock(hdev);
3056}
3057
a7a595f6
VCG		 3058static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3059 struct sk_buff *skb)
3060{
3061 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3062 struct hci_cp_le_ltk_reply cp;
bea710fe 3063 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3064 struct hci_conn *conn;
bea710fe 3065 struct link_key *ltk;
a7a595f6
VCG		 3066
3067 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3068
3069 hci_dev_lock(hdev);
3070
3071 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3072 if (conn == NULL)
3073 goto not_found;
a7a595f6 3074
bea710fe
VCG		 3075 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3076 if (ltk == NULL)
3077 goto not_found;
3078
3079 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3080 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3081 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3082
3083 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3084
3085 hci_dev_unlock(hdev);
bea710fe
VCG		 3086
3087 return;
3088
3089not_found:
3090 neg.handle = ev->handle;
3091 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3092 hci_dev_unlock(hdev);
a7a595f6
VCG		 3093}
3094
fcd89c09
VT		 3095static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3096{
3097 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3098
3099 skb_pull(skb, sizeof(*le_ev));
3100
3101 switch (le_ev->subevent) {
3102 case HCI_EV_LE_CONN_COMPLETE:
3103 hci_le_conn_complete_evt(hdev, skb);
3104 break;
3105
9aa04c91
AG		 3106 case HCI_EV_LE_ADVERTISING_REPORT:
3107 hci_le_adv_report_evt(hdev, skb);
3108 break;
3109
a7a595f6
VCG		 3110 case HCI_EV_LE_LTK_REQ:
3111 hci_le_ltk_request_evt(hdev, skb);
3112 break;
3113
fcd89c09
VT		 3114 default:
3115 break;
3116 }
3117}
3118
a9de9248
MH		 3119void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3120{
3121 struct hci_event_hdr *hdr = (void *) skb->data;
3122 __u8 event = hdr->evt;
3123
3124 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3125
3126 switch (event) {
1da177e4
LT		 3127 case HCI_EV_INQUIRY_COMPLETE:
3128 hci_inquiry_complete_evt(hdev, skb);
3129 break;
3130
3131 case HCI_EV_INQUIRY_RESULT:
3132 hci_inquiry_result_evt(hdev, skb);
3133 break;
3134
a9de9248
MH		 3135 case HCI_EV_CONN_COMPLETE:
3136 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3137 break;
3138
1da177e4
LT		 3139 case HCI_EV_CONN_REQUEST:
3140 hci_conn_request_evt(hdev, skb);
3141 break;
3142
1da177e4
LT		 3143 case HCI_EV_DISCONN_COMPLETE:
3144 hci_disconn_complete_evt(hdev, skb);
3145 break;
3146
1da177e4
LT		 3147 case HCI_EV_AUTH_COMPLETE:
3148 hci_auth_complete_evt(hdev, skb);
3149 break;
3150
a9de9248
MH		 3151 case HCI_EV_REMOTE_NAME:
3152 hci_remote_name_evt(hdev, skb);
3153 break;
3154
1da177e4
LT		 3155 case HCI_EV_ENCRYPT_CHANGE:
3156 hci_encrypt_change_evt(hdev, skb);
3157 break;
3158
a9de9248
MH		 3159 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3160 hci_change_link_key_complete_evt(hdev, skb);
3161 break;
3162
3163 case HCI_EV_REMOTE_FEATURES:
3164 hci_remote_features_evt(hdev, skb);
3165 break;
3166
3167 case HCI_EV_REMOTE_VERSION:
3168 hci_remote_version_evt(hdev, skb);
3169 break;
3170
3171 case HCI_EV_QOS_SETUP_COMPLETE:
3172 hci_qos_setup_complete_evt(hdev, skb);
3173 break;
3174
3175 case HCI_EV_CMD_COMPLETE:
3176 hci_cmd_complete_evt(hdev, skb);
3177 break;
3178
3179 case HCI_EV_CMD_STATUS:
3180 hci_cmd_status_evt(hdev, skb);
3181 break;
3182
3183 case HCI_EV_ROLE_CHANGE:
3184 hci_role_change_evt(hdev, skb);
3185 break;
3186
3187 case HCI_EV_NUM_COMP_PKTS:
3188 hci_num_comp_pkts_evt(hdev, skb);
3189 break;
3190
3191 case HCI_EV_MODE_CHANGE:
3192 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3193 break;
3194
3195 case HCI_EV_PIN_CODE_REQ:
3196 hci_pin_code_request_evt(hdev, skb);
3197 break;
3198
3199 case HCI_EV_LINK_KEY_REQ:
3200 hci_link_key_request_evt(hdev, skb);
3201 break;
3202
3203 case HCI_EV_LINK_KEY_NOTIFY:
3204 hci_link_key_notify_evt(hdev, skb);
3205 break;
3206
3207 case HCI_EV_CLOCK_OFFSET:
3208 hci_clock_offset_evt(hdev, skb);
3209 break;
3210
a8746417
MH		 3211 case HCI_EV_PKT_TYPE_CHANGE:
3212 hci_pkt_type_change_evt(hdev, skb);
3213 break;
3214
85a1e930
MH		 3215 case HCI_EV_PSCAN_REP_MODE:
3216 hci_pscan_rep_mode_evt(hdev, skb);
3217 break;
3218
a9de9248
MH		 3219 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3220 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3221 break;
3222
a9de9248
MH		 3223 case HCI_EV_REMOTE_EXT_FEATURES:
3224 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3225 break;
3226
a9de9248
MH		 3227 case HCI_EV_SYNC_CONN_COMPLETE:
3228 hci_sync_conn_complete_evt(hdev, skb);
3229 break;
1da177e4 3230
a9de9248
MH		 3231 case HCI_EV_SYNC_CONN_CHANGED:
3232 hci_sync_conn_changed_evt(hdev, skb);
3233 break;
1da177e4 3234
a9de9248
MH		 3235 case HCI_EV_SNIFF_SUBRATE:
3236 hci_sniff_subrate_evt(hdev, skb);
3237 break;
1da177e4 3238
a9de9248
MH		 3239 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3240 hci_extended_inquiry_result_evt(hdev, skb);
3241 break;
1da177e4 3242
0493684e
MH		 3243 case HCI_EV_IO_CAPA_REQUEST:
3244 hci_io_capa_request_evt(hdev, skb);
3245 break;
3246
03b555e1
JH		 3247 case HCI_EV_IO_CAPA_REPLY:
3248 hci_io_capa_reply_evt(hdev, skb);
3249 break;
3250
a5c29683
JH		 3251 case HCI_EV_USER_CONFIRM_REQUEST:
3252 hci_user_confirm_request_evt(hdev, skb);
3253 break;
3254
1143d458
BG		 3255 case HCI_EV_USER_PASSKEY_REQUEST:
3256 hci_user_passkey_request_evt(hdev, skb);
3257 break;
3258
0493684e
MH		 3259 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3260 hci_simple_pair_complete_evt(hdev, skb);
3261 break;
3262
41a96212
MH		 3263 case HCI_EV_REMOTE_HOST_FEATURES:
3264 hci_remote_host_features_evt(hdev, skb);
3265 break;
3266
fcd89c09
VT		 3267 case HCI_EV_LE_META:
3268 hci_le_meta_evt(hdev, skb);
3269 break;
3270
2763eda6
SJ		 3271 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3272 hci_remote_oob_data_request_evt(hdev, skb);
3273 break;
3274
a9de9248
MH		 3275 default:
3276 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3277 break;
3278 }
3279
3280 kfree_skb(skb);
3281 hdev->stat.evt_rx++;
3282}
3283
3284/* Generate internal stack event */
3285void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3286{
3287 struct hci_event_hdr *hdr;
3288 struct hci_ev_stack_internal *ev;
3289 struct sk_buff *skb;
3290
3291 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3292 if (!skb)
3293 return;
3294
3295 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3296 hdr->evt = HCI_EV_STACK_INTERNAL;
3297 hdr->plen = sizeof(*ev) + dlen;
3298
3299 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3300 ev->type = type;
3301 memcpy(ev->data, data, dlen);
3302
576c7d85 3303 bt_cb(skb)->incoming = 1;
a61bbcf2 3304 __net_timestamp(skb);
576c7d85 3305
0d48d939 3306 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3307 skb->dev = (void *) hdev;
eec8d2bc 3308 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3309 kfree_skb(skb);
3310}
e6100a25 3311
669bb396 3312module_param(enable_le, bool, 0644);
e6100a25 3313MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)