projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Force the process of unpair command if disconnect failed
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
8e2a0d92 33#include <net/bluetooth/a2mp.h>
903e4541 34#include <net/bluetooth/amp.h>
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
e6d465cb
AG		 44 if (status) {
45 hci_dev_lock(hdev);
46 mgmt_stop_discovery_failed(hdev, status);
47 hci_dev_unlock(hdev);
a9de9248 48 return;
e6d465cb 49 }
1da177e4 50
89352e7d
AG		 51 clear_bit(HCI_INQUIRY, &hdev->flags);
52
56e5cb86 53 hci_dev_lock(hdev);
ff9ef578 54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 55 hci_dev_unlock(hdev);
6bd57416 56
23bb5763 57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 58
59 hci_conn_check_pending(hdev);
60}
6bd57416 61
4d93483b
AG		 62static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63{
64 __u8 status = *((__u8 *) skb->data);
65
9f1db00c 66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 67
68 if (status)
69 return;
70
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 72}
73
a9de9248
MH		 74static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75{
76 __u8 status = *((__u8 *) skb->data);
6bd57416 77
9f1db00c 78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 79
a9de9248
MH		 80 if (status)
81 return;
1da177e4 82
ae854a70
AG		 83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
807deac2
GP		 88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
89 struct sk_buff *skb)
a9de9248
MH		 90{
91 BT_DBG("%s", hdev->name);
92}
93
94static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95{
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
98
9f1db00c 99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 100
101 if (rp->status)
102 return;
103
104 hci_dev_lock(hdev);
105
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
107 if (conn) {
108 if (rp->role)
109 conn->link_mode &= ~HCI_LM_MASTER;
110 else
111 conn->link_mode |= HCI_LM_MASTER;
1da177e4 112 }
a9de9248
MH		 113
114 hci_dev_unlock(hdev);
1da177e4
LT		 115}
116
e4e8e37c
MH		 117static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 if (conn)
131 conn->link_policy = __le16_to_cpu(rp->policy);
132
133 hci_dev_unlock(hdev);
134}
135
a9de9248 136static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 137{
a9de9248 138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 139 struct hci_conn *conn;
04837f64 140 void *sent;
1da177e4 141
9f1db00c 142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 143
a9de9248
MH		 144 if (rp->status)
145 return;
1da177e4 146
a9de9248
MH		 147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 if (!sent)
149 return;
1da177e4 150
a9de9248 151 hci_dev_lock(hdev);
1da177e4 152
a9de9248 153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 154 if (conn)
83985319 155 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 156
a9de9248
MH		 157 hci_dev_unlock(hdev);
158}
1da177e4 159
807deac2
GP		 160static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct sk_buff *skb)
e4e8e37c
MH		 162{
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164
9f1db00c 165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 166
167 if (rp->status)
168 return;
169
170 hdev->link_policy = __le16_to_cpu(rp->policy);
171}
172
807deac2
GP		 173static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 struct sk_buff *skb)
e4e8e37c
MH		 175{
176 __u8 status = *((__u8 *) skb->data);
177 void *sent;
178
9f1db00c 179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 180
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
185 if (!status)
186 hdev->link_policy = get_unaligned_le16(sent);
187
23bb5763 188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 189}
190
a9de9248
MH		 191static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
192{
193 __u8 status = *((__u8 *) skb->data);
04837f64 194
9f1db00c 195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 196
10572132
GP		 197 clear_bit(HCI_RESET, &hdev->flags);
198
23bb5763 199 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 200
a297e97c 201 /* Reset all non-persistent flags */
ae854a70
AG		 202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 204
205 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 206}
04837f64 207
a9de9248
MH		 208static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209{
210 __u8 status = *((__u8 *) skb->data);
211 void *sent;
04837f64 212
9f1db00c 213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 214
a9de9248
MH		 215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (!sent)
217 return;
04837f64 218
56e5cb86
JH		 219 hci_dev_lock(hdev);
220
f51d5b24
JH		 221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 223 else if (!status)
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 225
56e5cb86 226 hci_dev_unlock(hdev);
3159d384
JH		 227
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 229}
230
231static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232{
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
234
9f1db00c 235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 236
237 if (rp->status)
238 return;
239
db99b5fc
JH		 240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 242}
243
244static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245{
246 __u8 status = *((__u8 *) skb->data);
247 void *sent;
248
9f1db00c 249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252 if (!sent)
253 return;
254
255 if (!status) {
256 __u8 param = *((__u8 *) sent);
257
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
260 else
261 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 262 }
a9de9248 263
33ef95ed
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
266
23bb5763 267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
1da177e4 289
23bb5763 290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 291}
1da177e4 292
a9de9248
MH		 293static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
294{
36f7fc7e
JH		 295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
a9de9248 297 void *sent;
1da177e4 298
9f1db00c 299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 300
a9de9248
MH		 301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 if (!sent)
303 return;
1da177e4 304
36f7fc7e
JH		 305 param = *((__u8 *) sent);
306
56e5cb86
JH		 307 hci_dev_lock(hdev);
308
fa1bd918 309 if (status) {
744cf19e 310 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 311 hdev->discov_timeout = 0;
312 goto done;
313 }
314
36f7fc7e
JH		 315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
317
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
320 if (!old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 325 to);
16ab91ab 326 }
36f7fc7e 327 } else if (old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 329
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
332 if (!old_pscan)
744cf19e 333 mgmt_connectable(hdev, 1);
36f7fc7e 334 } else if (old_pscan)
744cf19e 335 mgmt_connectable(hdev, 0);
1da177e4 336
36f7fc7e 337done:
56e5cb86 338 hci_dev_unlock(hdev);
23bb5763 339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 340}
1da177e4 341
a9de9248
MH		 342static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343{
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 347
a9de9248
MH		 348 if (rp->status)
349 return;
1da177e4 350
a9de9248 351 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 352
a9de9248 353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 355}
1da177e4 356
a9de9248
MH		 357static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
358{
359 __u8 status = *((__u8 *) skb->data);
360 void *sent;
1da177e4 361
9f1db00c 362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 363
a9de9248
MH		 364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
365 if (!sent)
366 return;
1da177e4 367
7f9a903c
MH		 368 hci_dev_lock(hdev);
369
370 if (status == 0)
371 memcpy(hdev->dev_class, sent, 3);
372
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
375
376 hci_dev_unlock(hdev);
a9de9248 377}
1da177e4 378
a9de9248
MH		 379static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
380{
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
382 __u16 setting;
383
9f1db00c 384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 385
386 if (rp->status)
387 return;
388
389 setting = __le16_to_cpu(rp->voice_setting);
390
f383f275 391 if (hdev->voice_setting == setting)
a9de9248
MH		 392 return;
393
394 hdev->voice_setting = setting;
395
9f1db00c 396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 397
3c54711c 398 if (hdev->notify)
a9de9248 399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 400}
401
8fc9ced3
GP		 402static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 struct sk_buff *skb)
a9de9248
MH		 404{
405 __u8 status = *((__u8 *) skb->data);
f383f275 406 __u16 setting;
a9de9248
MH		 407 void *sent;
408
9f1db00c 409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 410
f383f275
MH		 411 if (status)
412 return;
413
a9de9248
MH		 414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 if (!sent)
416 return;
1da177e4 417
f383f275 418 setting = get_unaligned_le16(sent);
1da177e4 419
f383f275
MH		 420 if (hdev->voice_setting == setting)
421 return;
422
423 hdev->voice_setting = setting;
1da177e4 424
9f1db00c 425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 426
3c54711c 427 if (hdev->notify)
f383f275 428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 429}
430
a9de9248 431static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 432{
a9de9248 433 __u8 status = *((__u8 *) skb->data);
1da177e4 434
9f1db00c 435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 436
23bb5763 437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 438}
1143e5a6 439
333140b5
MH		 440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
443 void *sent;
444
9f1db00c 445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 446
333140b5
MH		 447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (!sent)
449 return;
450
ed2c4ee3 451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
453 else if (!status) {
454 if (*((u8 *) sent))
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 else
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 }
333140b5
MH		 459}
460
d5859e22
JH		 461static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
462{
463 if (hdev->features[6] & LMP_EXT_INQ)
464 return 2;
465
466 if (hdev->features[3] & LMP_RSSI_INQ)
467 return 1;
468
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 470 hdev->lmp_subver == 0x0757)
d5859e22
JH		 471 return 1;
472
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
477 return 1;
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
479 return 1;
480 }
481
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 483 hdev->lmp_subver == 0x1805)
d5859e22
JH		 484 return 1;
485
486 return 0;
487}
488
489static void hci_setup_inquiry_mode(struct hci_dev *hdev)
490{
491 u8 mode;
492
493 mode = hci_get_inquiry_mode(hdev);
494
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496}
497
498static void hci_setup_event_mask(struct hci_dev *hdev)
499{
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
504
6de6c18d
VT		 505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
5a13b095 507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 508 return;
509
510 events[4] |= 0x01; /* Flow Specification Complete */
511 events[4] |= 0x02; /* Inquiry Result with RSSI */
512 events[4] |= 0x04; /* Read Remote Extended Features Complete */
513 events[5] |= 0x08; /* Synchronous Connection Complete */
514 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 515
516 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 517 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 518
999dcd10 519 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 520 events[5] |= 0x20; /* Sniff Subrating */
521
522 if (hdev->features[5] & LMP_PAUSE_ENC)
523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
524
525 if (hdev->features[6] & LMP_EXT_INQ)
526 events[5] |= 0x40; /* Extended Inquiry Result */
527
c58e810e 528 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 529 events[7] |= 0x01; /* Enhanced Flush Complete */
530
531 if (hdev->features[7] & LMP_LSTO)
532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
533
9a1a1996 534 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 535 events[6] |= 0x01; /* IO Capability Request */
536 events[6] |= 0x02; /* IO Capability Response */
537 events[6] |= 0x04; /* User Confirmation Request */
538 events[6] |= 0x08; /* User Passkey Request */
539 events[6] |= 0x10; /* Remote OOB Data Request */
540 events[6] |= 0x20; /* Simple Pairing Complete */
541 events[7] |= 0x04; /* User Passkey Notification */
542 events[7] |= 0x08; /* Keypress Notification */
543 events[7] |= 0x10; /* Remote Host Supported
544 * Features Notification */
545 }
546
c383ddc4 547 if (lmp_le_capable(hdev))
d5859e22
JH		 548 events[7] |= 0x20; /* LE Meta-Event */
549
550 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
551}
552
553static void hci_setup(struct hci_dev *hdev)
554{
e61ef499
AE		 555 if (hdev->dev_type != HCI_BREDR)
556 return;
557
d5859e22
JH		 558 hci_setup_event_mask(hdev);
559
d095c1eb 560 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 561 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
562
6d3c730f 563 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
565 u8 mode = 0x01;
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 567 sizeof(mode), &mode);
54d04dbb
JH		 568 } else {
569 struct hci_cp_write_eir cp;
570
571 memset(hdev->eir, 0, sizeof(hdev->eir));
572 memset(&cp, 0, sizeof(cp));
573
574 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 }
d5859e22
JH		 576 }
577
578 if (hdev->features[3] & LMP_RSSI_INQ)
579 hci_setup_inquiry_mode(hdev);
580
581 if (hdev->features[7] & LMP_INQ_TX_PWR)
582 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 583
584 if (hdev->features[7] & LMP_EXTFEATURES) {
585 struct hci_cp_read_local_ext_features cp;
586
587 cp.page = 0x01;
04124681
GP		 588 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
589 &cp);
971e3a4b 590 }
e6100a25 591
47990ea0
JH		 592 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
593 u8 enable = 1;
04124681
GP		 594 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
595 &enable);
47990ea0 596 }
d5859e22
JH		 597}
598
a9de9248
MH		 599static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600{
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 602
9f1db00c 603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 604
a9de9248 605 if (rp->status)
28b8df77 606 goto done;
1143e5a6 607
a9de9248 608 hdev->hci_ver = rp->hci_ver;
e4e8e37c 609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 610 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 613
9f1db00c 614 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 615 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 616
617 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_setup(hdev);
28b8df77
AE		 619
620done:
621 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 622}
623
624static void hci_setup_link_policy(struct hci_dev *hdev)
625{
035100c8 626 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 627 u16 link_policy = 0;
628
9f92ebf6 629 if (lmp_rswitch_capable(hdev))
d5859e22
JH		 630 link_policy |= HCI_LP_RSWITCH;
631 if (hdev->features[0] & LMP_HOLD)
632 link_policy |= HCI_LP_HOLD;
6eded100 633 if (lmp_sniff_capable(hdev))
d5859e22
JH		 634 link_policy |= HCI_LP_SNIFF;
635 if (hdev->features[1] & LMP_PARK)
636 link_policy |= HCI_LP_PARK;
637
035100c8
AE		 638 cp.policy = cpu_to_le16(link_policy);
639 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 640}
1da177e4 641
8fc9ced3
GP		 642static void hci_cc_read_local_commands(struct hci_dev *hdev,
643 struct sk_buff *skb)
a9de9248
MH		 644{
645 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 646
9f1db00c 647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 648
a9de9248 649 if (rp->status)
d5859e22 650 goto done;
1da177e4 651
a9de9248 652 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 653
654 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
655 hci_setup_link_policy(hdev);
656
657done:
658 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 659}
1da177e4 660
8fc9ced3
GP		 661static void hci_cc_read_local_features(struct hci_dev *hdev,
662 struct sk_buff *skb)
a9de9248
MH		 663{
664 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 665
9f1db00c 666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 667
a9de9248
MH		 668 if (rp->status)
669 return;
5b7f9909 670
a9de9248 671 memcpy(hdev->features, rp->features, 8);
5b7f9909 672
a9de9248
MH		 673 /* Adjust default settings according to features
674 * supported by device. */
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_3SLOT)
677 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[0] & LMP_5SLOT)
680 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 681
a9de9248
MH		 682 if (hdev->features[1] & LMP_HV2) {
683 hdev->pkt_type |= (HCI_HV2);
684 hdev->esco_type |= (ESCO_HV2);
685 }
1da177e4 686
a9de9248
MH		 687 if (hdev->features[1] & LMP_HV3) {
688 hdev->pkt_type |= (HCI_HV3);
689 hdev->esco_type |= (ESCO_HV3);
690 }
1da177e4 691
45db810f 692 if (lmp_esco_capable(hdev))
a9de9248 693 hdev->esco_type |= (ESCO_EV3);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV4)
696 hdev->esco_type |= (ESCO_EV4);
da1f5198 697
a9de9248
MH		 698 if (hdev->features[4] & LMP_EV5)
699 hdev->esco_type |= (ESCO_EV5);
1da177e4 700
efc7688b
MH		 701 if (hdev->features[5] & LMP_EDR_ESCO_2M)
702 hdev->esco_type |= (ESCO_2EV3);
703
704 if (hdev->features[5] & LMP_EDR_ESCO_3M)
705 hdev->esco_type |= (ESCO_3EV3);
706
707 if (hdev->features[5] & LMP_EDR_3S_ESCO)
708 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
709
a9de9248 710 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 711 hdev->features[0], hdev->features[1],
712 hdev->features[2], hdev->features[3],
713 hdev->features[4], hdev->features[5],
714 hdev->features[6], hdev->features[7]);
a9de9248 715}
1da177e4 716
8f984dfa
JH		 717static void hci_set_le_support(struct hci_dev *hdev)
718{
719 struct hci_cp_write_le_host_supported cp;
720
721 memset(&cp, 0, sizeof(cp));
722
9d42820f 723 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 724 cp.le = 1;
725 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
726 }
727
728 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 729 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
730 &cp);
8f984dfa
JH		 731}
732
971e3a4b 733static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 734 struct sk_buff *skb)
971e3a4b
AG		 735{
736 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 739
740 if (rp->status)
8f984dfa 741 goto done;
971e3a4b 742
b5b32b65
AG		 743 switch (rp->page) {
744 case 0:
745 memcpy(hdev->features, rp->features, 8);
746 break;
747 case 1:
748 memcpy(hdev->host_features, rp->features, 8);
749 break;
750 }
971e3a4b 751
c383ddc4 752 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 753 hci_set_le_support(hdev);
754
755done:
971e3a4b
AG		 756 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
757}
758
1e89cffb 759static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 760 struct sk_buff *skb)
1e89cffb
AE		 761{
762 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
763
9f1db00c 764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 765
766 if (rp->status)
767 return;
768
769 hdev->flow_ctl_mode = rp->mode;
770
771 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
772}
773
a9de9248
MH		 774static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
775{
776 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 777
9f1db00c 778 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 779
a9de9248
MH		 780 if (rp->status)
781 return;
1da177e4 782
a9de9248
MH		 783 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
784 hdev->sco_mtu = rp->sco_mtu;
785 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
786 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
787
788 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
789 hdev->sco_mtu = 64;
790 hdev->sco_pkts = 8;
1da177e4 791 }
a9de9248
MH		 792
793 hdev->acl_cnt = hdev->acl_pkts;
794 hdev->sco_cnt = hdev->sco_pkts;
795
807deac2
GP		 796 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
797 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 798}
799
800static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
801{
802 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
803
9f1db00c 804 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 805
806 if (!rp->status)
807 bacpy(&hdev->bdaddr, &rp->bdaddr);
808
23bb5763
JH		 809 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
810}
811
350ee4cf 812static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 813 struct sk_buff *skb)
350ee4cf
AE		 814{
815 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
816
9f1db00c 817 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 818
819 if (rp->status)
820 return;
821
822 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
823 hdev->block_len = __le16_to_cpu(rp->block_len);
824 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
825
826 hdev->block_cnt = hdev->num_blocks;
827
828 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 829 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 830
831 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
832}
833
23bb5763
JH		 834static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
835{
836 __u8 status = *((__u8 *) skb->data);
837
9f1db00c 838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 839
840 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 841}
842
928abaa7 843static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 844 struct sk_buff *skb)
928abaa7
AE		 845{
846 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
847
9f1db00c 848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 849
850 if (rp->status)
8e2a0d92 851 goto a2mp_rsp;
928abaa7
AE		 852
853 hdev->amp_status = rp->amp_status;
854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
855 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
856 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
857 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
858 hdev->amp_type = rp->amp_type;
859 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
860 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
861 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
863
864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 865
866a2mp_rsp:
867 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 868}
869
903e4541
AE		 870static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
871 struct sk_buff *skb)
872{
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
876
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879 if (rp->status)
880 goto a2mp_rsp;
881
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
884
885 if (rem_len > frag_len) {
392f44d3 886 BT_DBG("frag_len %ld rem_len %ld", frag_len, rem_len);
903e4541
AE		 887
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
890
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
893
894 return;
895 }
896
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
899 assoc->offset = 0;
900
901a2mp_rsp:
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 904 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 905}
906
b0916ea0 907static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 908 struct sk_buff *skb)
b0916ea0
JH		 909{
910 __u8 status = *((__u8 *) skb->data);
911
9f1db00c 912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 913
914 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
915}
916
d5859e22
JH		 917static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
918{
919 __u8 status = *((__u8 *) skb->data);
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 922
923 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
924}
925
926static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 927 struct sk_buff *skb)
d5859e22
JH		 928{
929 __u8 status = *((__u8 *) skb->data);
930
9f1db00c 931 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 932
933 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
934}
935
936static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 937 struct sk_buff *skb)
d5859e22 938{
91c4e9b1 939 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 940
9f1db00c 941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 942
943 if (!rp->status)
944 hdev->inq_tx_power = rp->tx_power;
d5859e22 945
91c4e9b1 946 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 947}
948
949static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
950{
951 __u8 status = *((__u8 *) skb->data);
952
9f1db00c 953 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 954
955 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
956}
957
980e1a53
JH		 958static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
959{
960 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
961 struct hci_cp_pin_code_reply *cp;
962 struct hci_conn *conn;
963
9f1db00c 964 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 965
56e5cb86
JH		 966 hci_dev_lock(hdev);
967
a8b2d5c2 968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 969 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 970
fa1bd918 971 if (rp->status)
56e5cb86 972 goto unlock;
980e1a53
JH		 973
974 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
975 if (!cp)
56e5cb86 976 goto unlock;
980e1a53
JH		 977
978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
979 if (conn)
980 conn->pin_length = cp->pin_len;
56e5cb86
JH		 981
982unlock:
983 hci_dev_unlock(hdev);
980e1a53
JH		 984}
985
986static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
987{
988 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
989
9f1db00c 990 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 991
56e5cb86
JH		 992 hci_dev_lock(hdev);
993
a8b2d5c2 994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 995 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 996 rp->status);
56e5cb86
JH		 997
998 hci_dev_unlock(hdev);
980e1a53 999}
56e5cb86 1000
6ed58ec5
VT		 1001static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1003{
1004 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1007
1008 if (rp->status)
1009 return;
1010
1011 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1012 hdev->le_pkts = rp->le_max_pkt;
1013
1014 hdev->le_cnt = hdev->le_pkts;
1015
1016 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1017
1018 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1019}
980e1a53 1020
a5c29683
JH		 1021static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1024
9f1db00c 1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1026
56e5cb86
JH		 1027 hci_dev_lock(hdev);
1028
a8b2d5c2 1029 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1030 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1031 rp->status);
56e5cb86
JH		 1032
1033 hci_dev_unlock(hdev);
a5c29683
JH		 1034}
1035
1036static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1037 struct sk_buff *skb)
a5c29683
JH		 1038{
1039 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1040
9f1db00c 1041 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1042
56e5cb86
JH		 1043 hci_dev_lock(hdev);
1044
a8b2d5c2 1045 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1046 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1047 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1048
1049 hci_dev_unlock(hdev);
a5c29683
JH		 1050}
1051
1143d458
BG		 1052static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1053{
1054 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1055
9f1db00c 1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1057
1058 hci_dev_lock(hdev);
1059
a8b2d5c2 1060 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1061 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1062 0, rp->status);
1143d458
BG		 1063
1064 hci_dev_unlock(hdev);
1065}
1066
1067static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1068 struct sk_buff *skb)
1143d458
BG		 1069{
1070 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1071
9f1db00c 1072 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1073
1074 hci_dev_lock(hdev);
1075
a8b2d5c2 1076 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1077 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1078 ACL_LINK, 0, rp->status);
1143d458
BG		 1079
1080 hci_dev_unlock(hdev);
1081}
1082
c35938b2 1083static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1084 struct sk_buff *skb)
c35938b2
SJ		 1085{
1086 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1087
9f1db00c 1088 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1089
56e5cb86 1090 hci_dev_lock(hdev);
744cf19e 1091 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1092 rp->randomizer, rp->status);
56e5cb86 1093 hci_dev_unlock(hdev);
c35938b2
SJ		 1094}
1095
07f7fa5d
AG		 1096static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1097{
1098 __u8 status = *((__u8 *) skb->data);
1099
9f1db00c 1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1101
1102 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1103
1104 if (status) {
1105 hci_dev_lock(hdev);
1106 mgmt_start_discovery_failed(hdev, status);
1107 hci_dev_unlock(hdev);
1108 return;
1109 }
07f7fa5d
AG		 1110}
1111
eb9d91f5 1112static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1113 struct sk_buff *skb)
eb9d91f5
AG		 1114{
1115 struct hci_cp_le_set_scan_enable *cp;
1116 __u8 status = *((__u8 *) skb->data);
1117
9f1db00c 1118 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1119
eb9d91f5
AG		 1120 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1121 if (!cp)
1122 return;
1123
68a8aea4
AE		 1124 switch (cp->enable) {
1125 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1126 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1127
3fd24153
AG		 1128 if (status) {
1129 hci_dev_lock(hdev);
1130 mgmt_start_discovery_failed(hdev, status);
1131 hci_dev_unlock(hdev);
7ba8b4be 1132 return;
3fd24153 1133 }
7ba8b4be 1134
d23264a8
AG		 1135 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1136
a8f13c8c 1137 hci_dev_lock(hdev);
343f935b 1138 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1139 hci_dev_unlock(hdev);
68a8aea4
AE		 1140 break;
1141
1142 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1143 if (status) {
1144 hci_dev_lock(hdev);
1145 mgmt_stop_discovery_failed(hdev, status);
1146 hci_dev_unlock(hdev);
7ba8b4be 1147 return;
c9ecc48e 1148 }
7ba8b4be 1149
d23264a8
AG		 1150 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1151
bc3dd33c
AG		 1152 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1153 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1154 mgmt_interleaved_discovery(hdev);
1155 } else {
1156 hci_dev_lock(hdev);
1157 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1158 hci_dev_unlock(hdev);
1159 }
1160
68a8aea4
AE		 1161 break;
1162
1163 default:
1164 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1165 break;
35815085 1166 }
eb9d91f5
AG		 1167}
1168
a7a595f6
VCG		 1169static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1170{
1171 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1172
9f1db00c 1173 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1174
1175 if (rp->status)
1176 return;
1177
1178 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1179}
1180
1181static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1182{
1183 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1184
9f1db00c 1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1186
1187 if (rp->status)
1188 return;
1189
1190 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1191}
1192
6039aa73
GP		 1193static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1194 struct sk_buff *skb)
f9b49306 1195{
06199cf8 1196 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1197 __u8 status = *((__u8 *) skb->data);
1198
9f1db00c 1199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1200
06199cf8 1201 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1202 if (!sent)
f9b49306
AG		 1203 return;
1204
8f984dfa
JH		 1205 if (!status) {
1206 if (sent->le)
1207 hdev->host_features[0] |= LMP_HOST_LE;
1208 else
1209 hdev->host_features[0] &= ~LMP_HOST_LE;
1210 }
1211
1212 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1213 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1214 mgmt_le_enable_complete(hdev, sent->le, status);
1215
1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1217}
1218
93c284ee
AE		 1219static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1221{
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1223
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1226
1227 if (rp->status)
1228 return;
1229
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1231}
1232
6039aa73 1233static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1234{
9f1db00c 1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1236
1237 if (status) {
23bb5763 1238 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1239 hci_conn_check_pending(hdev);
56e5cb86 1240 hci_dev_lock(hdev);
a8b2d5c2 1241 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1242 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1243 hci_dev_unlock(hdev);
314b2381
JH		 1244 return;
1245 }
1246
89352e7d
AG		 1247 set_bit(HCI_INQUIRY, &hdev->flags);
1248
56e5cb86 1249 hci_dev_lock(hdev);
343f935b 1250 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1251 hci_dev_unlock(hdev);
1da177e4
LT		 1252}
1253
6039aa73 1254static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1255{
a9de9248 1256 struct hci_cp_create_conn *cp;
1da177e4 1257 struct hci_conn *conn;
1da177e4 1258
9f1db00c 1259 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1260
1261 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1262 if (!cp)
1263 return;
1264
1265 hci_dev_lock(hdev);
1266
1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1268
9f1db00c 1269 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1270
1271 if (status) {
1272 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1273 if (status != 0x0c || conn->attempt > 2) {
1274 conn->state = BT_CLOSED;
1275 hci_proto_connect_cfm(conn, status);
1276 hci_conn_del(conn);
1277 } else
1278 conn->state = BT_CONNECT2;
1da177e4
LT		 1279 }
1280 } else {
1281 if (!conn) {
1282 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1283 if (conn) {
a0c808b3 1284 conn->out = true;
1da177e4
LT		 1285 conn->link_mode |= HCI_LM_MASTER;
1286 } else
893ef971 1287 BT_ERR("No memory for new connection");
1da177e4
LT		 1288 }
1289 }
1290
1291 hci_dev_unlock(hdev);
1292}
1293
a9de9248 1294static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1295{
a9de9248
MH		 1296 struct hci_cp_add_sco *cp;
1297 struct hci_conn *acl, *sco;
1298 __u16 handle;
1da177e4 1299
9f1db00c 1300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1301
a9de9248
MH		 1302 if (!status)
1303 return;
1da177e4 1304
a9de9248
MH		 1305 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1306 if (!cp)
1307 return;
1da177e4 1308
a9de9248 1309 handle = __le16_to_cpu(cp->handle);
1da177e4 1310
9f1db00c 1311 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1312
a9de9248 1313 hci_dev_lock(hdev);
1da177e4 1314
a9de9248 1315 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1316 if (acl) {
1317 sco = acl->link;
1318 if (sco) {
1319 sco->state = BT_CLOSED;
1da177e4 1320
5a08ecce
AE		 1321 hci_proto_connect_cfm(sco, status);
1322 hci_conn_del(sco);
1323 }
a9de9248 1324 }
1da177e4 1325
a9de9248
MH		 1326 hci_dev_unlock(hdev);
1327}
1da177e4 1328
f8558555
MH		 1329static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1330{
1331 struct hci_cp_auth_requested *cp;
1332 struct hci_conn *conn;
1333
9f1db00c 1334 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1335
1336 if (!status)
1337 return;
1338
1339 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1340 if (!cp)
1341 return;
1342
1343 hci_dev_lock(hdev);
1344
1345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1346 if (conn) {
1347 if (conn->state == BT_CONFIG) {
1348 hci_proto_connect_cfm(conn, status);
1349 hci_conn_put(conn);
1350 }
1351 }
1352
1353 hci_dev_unlock(hdev);
1354}
1355
1356static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1357{
1358 struct hci_cp_set_conn_encrypt *cp;
1359 struct hci_conn *conn;
1360
9f1db00c 1361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1362
1363 if (!status)
1364 return;
1365
1366 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1367 if (!cp)
1368 return;
1369
1370 hci_dev_lock(hdev);
1371
1372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1373 if (conn) {
1374 if (conn->state == BT_CONFIG) {
1375 hci_proto_connect_cfm(conn, status);
1376 hci_conn_put(conn);
1377 }
1378 }
1379
1380 hci_dev_unlock(hdev);
1381}
1382
127178d2 1383static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1384 struct hci_conn *conn)
392599b9 1385{
392599b9
JH		 1386 if (conn->state != BT_CONFIG || !conn->out)
1387 return 0;
1388
765c2a96 1389 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1390 return 0;
1391
1392 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1393 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1394 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1395 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1396 return 0;
1397
392599b9
JH		 1398 return 1;
1399}
1400
6039aa73 1401static int hci_resolve_name(struct hci_dev *hdev,
04124681 1402 struct inquiry_entry *e)
30dc78e1
JH		 1403{
1404 struct hci_cp_remote_name_req cp;
1405
1406 memset(&cp, 0, sizeof(cp));
1407
1408 bacpy(&cp.bdaddr, &e->data.bdaddr);
1409 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1410 cp.pscan_mode = e->data.pscan_mode;
1411 cp.clock_offset = e->data.clock_offset;
1412
1413 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1414}
1415
b644ba33 1416static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1417{
1418 struct discovery_state *discov = &hdev->discovery;
1419 struct inquiry_entry *e;
1420
b644ba33
JH		 1421 if (list_empty(&discov->resolve))
1422 return false;
1423
1424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1425 if (!e)
1426 return false;
1427
b644ba33
JH		 1428 if (hci_resolve_name(hdev, e) == 0) {
1429 e->name_state = NAME_PENDING;
1430 return true;
1431 }
1432
1433 return false;
1434}
1435
1436static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1437 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1438{
1439 struct discovery_state *discov = &hdev->discovery;
1440 struct inquiry_entry *e;
1441
1442 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1443 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1444 name_len, conn->dev_class);
b644ba33
JH		 1445
1446 if (discov->state == DISCOVERY_STOPPED)
1447 return;
1448
30dc78e1
JH		 1449 if (discov->state == DISCOVERY_STOPPING)
1450 goto discov_complete;
1451
1452 if (discov->state != DISCOVERY_RESOLVING)
1453 return;
1454
1455 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1456 /* If the device was not found in a list of found devices names of which
1457 * are pending. there is no need to continue resolving a next name as it
1458 * will be done upon receiving another Remote Name Request Complete
1459 * Event */
1460 if (!e)
1461 return;
1462
1463 list_del(&e->list);
1464 if (name) {
30dc78e1 1465 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1466 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1467 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1468 } else {
1469 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1470 }
1471
b644ba33 1472 if (hci_resolve_next_name(hdev))
30dc78e1 1473 return;
30dc78e1
JH		 1474
1475discov_complete:
1476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1477}
1478
a9de9248
MH		 1479static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1480{
127178d2
JH		 1481 struct hci_cp_remote_name_req *cp;
1482 struct hci_conn *conn;
1483
9f1db00c 1484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1485
1486 /* If successful wait for the name req complete event before
1487 * checking for the need to do authentication */
1488 if (!status)
1489 return;
1490
1491 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1492 if (!cp)
1493 return;
1494
1495 hci_dev_lock(hdev);
1496
b644ba33
JH		 1497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1498
a8b2d5c2 1499 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1500 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1501
79c6c70c
JH		 1502 if (!conn)
1503 goto unlock;
1504
1505 if (!hci_outgoing_auth_needed(hdev, conn))
1506 goto unlock;
1507
51a8efd7 1508 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1509 struct hci_cp_auth_requested cp;
1510 cp.handle = __cpu_to_le16(conn->handle);
1511 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1512 }
1513
79c6c70c 1514unlock:
127178d2 1515 hci_dev_unlock(hdev);
a9de9248 1516}
1da177e4 1517
769be974
MH		 1518static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1519{
1520 struct hci_cp_read_remote_features *cp;
1521 struct hci_conn *conn;
1522
9f1db00c 1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1524
1525 if (!status)
1526 return;
1527
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1529 if (!cp)
1530 return;
1531
1532 hci_dev_lock(hdev);
1533
1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1535 if (conn) {
1536 if (conn->state == BT_CONFIG) {
769be974
MH		 1537 hci_proto_connect_cfm(conn, status);
1538 hci_conn_put(conn);
1539 }
1540 }
1541
1542 hci_dev_unlock(hdev);
1543}
1544
1545static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1546{
1547 struct hci_cp_read_remote_ext_features *cp;
1548 struct hci_conn *conn;
1549
9f1db00c 1550 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1551
1552 if (!status)
1553 return;
1554
1555 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1556 if (!cp)
1557 return;
1558
1559 hci_dev_lock(hdev);
1560
1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1562 if (conn) {
1563 if (conn->state == BT_CONFIG) {
769be974
MH		 1564 hci_proto_connect_cfm(conn, status);
1565 hci_conn_put(conn);
1566 }
1567 }
1568
1569 hci_dev_unlock(hdev);
1570}
1571
a9de9248
MH		 1572static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1573{
b6a0dc82
MH		 1574 struct hci_cp_setup_sync_conn *cp;
1575 struct hci_conn *acl, *sco;
1576 __u16 handle;
1577
9f1db00c 1578 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1579
1580 if (!status)
1581 return;
1582
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1584 if (!cp)
1585 return;
1586
1587 handle = __le16_to_cpu(cp->handle);
1588
9f1db00c 1589 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1590
1591 hci_dev_lock(hdev);
1592
1593 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1594 if (acl) {
1595 sco = acl->link;
1596 if (sco) {
1597 sco->state = BT_CLOSED;
b6a0dc82 1598
5a08ecce
AE		 1599 hci_proto_connect_cfm(sco, status);
1600 hci_conn_del(sco);
1601 }
b6a0dc82
MH		 1602 }
1603
1604 hci_dev_unlock(hdev);
1da177e4
LT		 1605}
1606
a9de9248 1607static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1608{
a9de9248
MH		 1609 struct hci_cp_sniff_mode *cp;
1610 struct hci_conn *conn;
1da177e4 1611
9f1db00c 1612 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1613
a9de9248
MH		 1614 if (!status)
1615 return;
04837f64 1616
a9de9248
MH		 1617 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1618 if (!cp)
1619 return;
04837f64 1620
a9de9248 1621 hci_dev_lock(hdev);
04837f64 1622
a9de9248 1623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1624 if (conn) {
51a8efd7 1625 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1626
51a8efd7 1627 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1628 hci_sco_setup(conn, status);
1629 }
1630
a9de9248
MH		 1631 hci_dev_unlock(hdev);
1632}
04837f64 1633
a9de9248
MH		 1634static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1635{
1636 struct hci_cp_exit_sniff_mode *cp;
1637 struct hci_conn *conn;
04837f64 1638
9f1db00c 1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1640
a9de9248
MH		 1641 if (!status)
1642 return;
04837f64 1643
a9de9248
MH		 1644 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1645 if (!cp)
1646 return;
04837f64 1647
a9de9248 1648 hci_dev_lock(hdev);
1da177e4 1649
a9de9248 1650 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1651 if (conn) {
51a8efd7 1652 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1653
51a8efd7 1654 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1655 hci_sco_setup(conn, status);
1656 }
1657
a9de9248 1658 hci_dev_unlock(hdev);
1da177e4
LT		 1659}
1660
88c3df13
JH		 1661static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1662{
1663 struct hci_cp_disconnect *cp;
1664 struct hci_conn *conn;
1665
1666 if (!status)
1667 return;
1668
1669 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1670 if (!cp)
1671 return;
1672
1673 hci_dev_lock(hdev);
1674
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1676 if (conn)
1677 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1678 conn->dst_type, status);
88c3df13
JH		 1679
1680 hci_dev_unlock(hdev);
1681}
1682
fcd89c09
VT		 1683static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1684{
fcd89c09
VT		 1685 struct hci_conn *conn;
1686
9f1db00c 1687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1688
f00a06ac
AG		 1689 if (status) {
1690 hci_dev_lock(hdev);
fcd89c09 1691
0c95ab78 1692 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1693 if (!conn) {
1694 hci_dev_unlock(hdev);
1695 return;
1696 }
fcd89c09 1697
0c95ab78 1698 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
f00a06ac 1699 conn);
fcd89c09 1700
f00a06ac 1701 conn->state = BT_CLOSED;
0c95ab78 1702 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1703 conn->dst_type, status);
1704 hci_proto_connect_cfm(conn, status);
1705 hci_conn_del(conn);
fcd89c09 1706
f00a06ac
AG		 1707 hci_dev_unlock(hdev);
1708 }
fcd89c09
VT		 1709}
1710
a7a595f6
VCG		 1711static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1712{
9f1db00c 1713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1714}
1715
a02226d6
AE		 1716static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1717{
93c284ee
AE		 1718 struct hci_cp_create_phy_link *cp;
1719
a02226d6 1720 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee
AE		 1721
1722 if (status)
1723 return;
1724
1725 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1726 if (!cp)
1727 return;
1728
1729 amp_write_remote_assoc(hdev, cp->phy_handle);
a02226d6
AE		 1730}
1731
0b26ab9d
AE		 1732static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1733{
1734 struct hci_cp_accept_phy_link *cp;
1735
1736 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1737
1738 if (status)
1739 return;
1740
1741 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1742 if (!cp)
1743 return;
1744
1745 amp_write_remote_assoc(hdev, cp->phy_handle);
1746}
1747
6039aa73 1748static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1749{
1750 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1751 struct discovery_state *discov = &hdev->discovery;
1752 struct inquiry_entry *e;
1da177e4 1753
9f1db00c 1754 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1755
23bb5763 1756 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1757
a9de9248 1758 hci_conn_check_pending(hdev);
89352e7d
AG		 1759
1760 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1761 return;
1762
a8b2d5c2 1763 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1764 return;
1765
56e5cb86 1766 hci_dev_lock(hdev);
30dc78e1 1767
343f935b 1768 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1769 goto unlock;
1770
1771 if (list_empty(&discov->resolve)) {
1772 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1773 goto unlock;
1774 }
1775
1776 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1777 if (e && hci_resolve_name(hdev, e) == 0) {
1778 e->name_state = NAME_PENDING;
1779 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1780 } else {
1781 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1782 }
1783
1784unlock:
56e5cb86 1785 hci_dev_unlock(hdev);
1da177e4
LT		 1786}
1787
6039aa73 1788static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1789{
45bb4bf0 1790 struct inquiry_data data;
a9de9248 1791 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1792 int num_rsp = *((__u8 *) skb->data);
1793
1794 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1795
45bb4bf0
MH		 1796 if (!num_rsp)
1797 return;
1798
1519cc17
AG		 1799 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1800 return;
1801
1da177e4 1802 hci_dev_lock(hdev);
45bb4bf0 1803
e17acd40 1804 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1805 bool name_known, ssp;
3175405b 1806
1da177e4
LT		 1807 bacpy(&data.bdaddr, &info->bdaddr);
1808 data.pscan_rep_mode = info->pscan_rep_mode;
1809 data.pscan_period_mode = info->pscan_period_mode;
1810 data.pscan_mode = info->pscan_mode;
1811 memcpy(data.dev_class, info->dev_class, 3);
1812 data.clock_offset = info->clock_offset;
1813 data.rssi = 0x00;
41a96212 1814 data.ssp_mode = 0x00;
3175405b 1815
388fc8fa 1816 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1817 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1818 info->dev_class, 0, !name_known, ssp, NULL,
1819 0);
1da177e4 1820 }
45bb4bf0 1821
1da177e4
LT		 1822 hci_dev_unlock(hdev);
1823}
1824
6039aa73 1825static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1826{
a9de9248
MH		 1827 struct hci_ev_conn_complete *ev = (void *) skb->data;
1828 struct hci_conn *conn;
1da177e4
LT		 1829
1830 BT_DBG("%s", hdev->name);
1831
1832 hci_dev_lock(hdev);
1833
1834 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1835 if (!conn) {
1836 if (ev->link_type != SCO_LINK)
1837 goto unlock;
1838
1839 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1840 if (!conn)
1841 goto unlock;
1842
1843 conn->type = SCO_LINK;
1844 }
1da177e4
LT		 1845
1846 if (!ev->status) {
1847 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1848
1849 if (conn->type == ACL_LINK) {
1850 conn->state = BT_CONFIG;
1851 hci_conn_hold(conn);
a9ea3ed9
SJ		 1852
1853 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1854 !hci_find_link_key(hdev, &ev->bdaddr))
1855 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1856 else
1857 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1858 } else
1859 conn->state = BT_CONNECTED;
1da177e4 1860
9eba32b8 1861 hci_conn_hold_device(conn);
7d0db0a3
MH		 1862 hci_conn_add_sysfs(conn);
1863
1da177e4
LT		 1864 if (test_bit(HCI_AUTH, &hdev->flags))
1865 conn->link_mode |= HCI_LM_AUTH;
1866
1867 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1868 conn->link_mode |= HCI_LM_ENCRYPT;
1869
04837f64
MH		 1870 /* Get remote features */
1871 if (conn->type == ACL_LINK) {
1872 struct hci_cp_read_remote_features cp;
1873 cp.handle = ev->handle;
769be974 1874 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1875 sizeof(cp), &cp);
04837f64
MH		 1876 }
1877
1da177e4 1878 /* Set packet type for incoming connection */
d095c1eb 1879 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1880 struct hci_cp_change_conn_ptype cp;
1881 cp.handle = ev->handle;
a8746417 1882 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1883 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1884 &cp);
1da177e4 1885 }
17d5c04c 1886 } else {
1da177e4 1887 conn->state = BT_CLOSED;
17d5c04c 1888 if (conn->type == ACL_LINK)
744cf19e 1889 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1890 conn->dst_type, ev->status);
17d5c04c 1891 }
1da177e4 1892
e73439d8
MH		 1893 if (conn->type == ACL_LINK)
1894 hci_sco_setup(conn, ev->status);
1da177e4 1895
769be974
MH		 1896 if (ev->status) {
1897 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1898 hci_conn_del(conn);
c89b6e6b
MH		 1899 } else if (ev->link_type != ACL_LINK)
1900 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1901
a9de9248 1902unlock:
1da177e4 1903 hci_dev_unlock(hdev);
1da177e4 1904
a9de9248 1905 hci_conn_check_pending(hdev);
1da177e4
LT		 1906}
1907
6039aa73 1908static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1909{
a9de9248
MH		 1910 struct hci_ev_conn_request *ev = (void *) skb->data;
1911 int mask = hdev->link_mode;
1da177e4 1912
807deac2
GP		 1913 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1914 ev->link_type);
1da177e4 1915
a9de9248 1916 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1917
138d22ef 1918 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1919 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1920 /* Connection accepted */
c7bdd502 1921 struct inquiry_entry *ie;
1da177e4 1922 struct hci_conn *conn;
1da177e4 1923
a9de9248 1924 hci_dev_lock(hdev);
b6a0dc82 1925
cc11b9c1
AE		 1926 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1927 if (ie)
c7bdd502
MH		 1928 memcpy(ie->data.dev_class, ev->dev_class, 3);
1929
8fc9ced3
GP		 1930 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1931 &ev->bdaddr);
a9de9248 1932 if (!conn) {
cc11b9c1
AE		 1933 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1934 if (!conn) {
893ef971 1935 BT_ERR("No memory for new connection");
a9de9248
MH		 1936 hci_dev_unlock(hdev);
1937 return;
1da177e4
LT		 1938 }
1939 }
b6a0dc82 1940
a9de9248
MH		 1941 memcpy(conn->dev_class, ev->dev_class, 3);
1942 conn->state = BT_CONNECT;
b6a0dc82 1943
a9de9248 1944 hci_dev_unlock(hdev);
1da177e4 1945
b6a0dc82
MH		 1946 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1947 struct hci_cp_accept_conn_req cp;
1da177e4 1948
b6a0dc82
MH		 1949 bacpy(&cp.bdaddr, &ev->bdaddr);
1950
1951 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1952 cp.role = 0x00; /* Become master */
1953 else
1954 cp.role = 0x01; /* Remain slave */
1955
04124681
GP		 1956 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1957 &cp);
b6a0dc82
MH		 1958 } else {
1959 struct hci_cp_accept_sync_conn_req cp;
1960
1961 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1962 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1963
82781e63
AE		 1964 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1965 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1966 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1967 cp.content_format = cpu_to_le16(hdev->voice_setting);
1968 cp.retrans_effort = 0xff;
1da177e4 1969
b6a0dc82 1970 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1971 sizeof(cp), &cp);
b6a0dc82 1972 }
a9de9248
MH		 1973 } else {
1974 /* Connection rejected */
1975 struct hci_cp_reject_conn_req cp;
1da177e4 1976
a9de9248 1977 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1978 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1979 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1980 }
1da177e4
LT		 1981}
1982
f0d6a0ea
MA		 1983static u8 hci_to_mgmt_reason(u8 err)
1984{
1985 switch (err) {
1986 case HCI_ERROR_CONNECTION_TIMEOUT:
1987 return MGMT_DEV_DISCONN_TIMEOUT;
1988 case HCI_ERROR_REMOTE_USER_TERM:
1989 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1990 case HCI_ERROR_REMOTE_POWER_OFF:
1991 return MGMT_DEV_DISCONN_REMOTE;
1992 case HCI_ERROR_LOCAL_HOST_TERM:
1993 return MGMT_DEV_DISCONN_LOCAL_HOST;
1994 default:
1995 return MGMT_DEV_DISCONN_UNKNOWN;
1996 }
1997}
1998
6039aa73 1999static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2000{
a9de9248 2001 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2002 struct hci_conn *conn;
2003
9f1db00c 2004 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2005
2006 hci_dev_lock(hdev);
2007
2008 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2009 if (!conn)
2010 goto unlock;
7d0db0a3 2011
37d9ef76
JH		 2012 if (ev->status == 0)
2013 conn->state = BT_CLOSED;
04837f64 2014
b644ba33 2015 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2016 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2017 if (ev->status) {
88c3df13 2018 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2019 conn->dst_type, ev->status);
f0d6a0ea
MA		 2020 } else {
2021 u8 reason = hci_to_mgmt_reason(ev->reason);
2022
afc747a6 2023 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2024 conn->dst_type, reason);
2025 }
37d9ef76 2026 }
f7520543 2027
37d9ef76 2028 if (ev->status == 0) {
6ec5bcad
VA		 2029 if (conn->type == ACL_LINK && conn->flush_key)
2030 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2031 hci_proto_disconn_cfm(conn, ev->reason);
2032 hci_conn_del(conn);
2033 }
f7520543
JH		 2034
2035unlock:
04837f64
MH		 2036 hci_dev_unlock(hdev);
2037}
2038
6039aa73 2039static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2040{
a9de9248 2041 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2042 struct hci_conn *conn;
1da177e4 2043
9f1db00c 2044 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2045
2046 hci_dev_lock(hdev);
2047
04837f64 2048 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2049 if (!conn)
2050 goto unlock;
2051
2052 if (!ev->status) {
aa64a8b5 2053 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2054 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2055 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2056 } else {
d7556e20
WR		 2057 conn->link_mode |= HCI_LM_AUTH;
2058 conn->sec_level = conn->pending_sec_level;
2a611692 2059 }
d7556e20 2060 } else {
bab73cb6 2061 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2062 ev->status);
d7556e20 2063 }
1da177e4 2064
51a8efd7
JH		 2065 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2066 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2067
d7556e20 2068 if (conn->state == BT_CONFIG) {
aa64a8b5 2069 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2070 struct hci_cp_set_conn_encrypt cp;
2071 cp.handle = ev->handle;
2072 cp.encrypt = 0x01;
2073 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2074 &cp);
052b30b0 2075 } else {
d7556e20
WR		 2076 conn->state = BT_CONNECTED;
2077 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2078 hci_conn_put(conn);
2079 }
d7556e20
WR		 2080 } else {
2081 hci_auth_cfm(conn, ev->status);
052b30b0 2082
d7556e20
WR		 2083 hci_conn_hold(conn);
2084 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2085 hci_conn_put(conn);
2086 }
2087
51a8efd7 2088 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2089 if (!ev->status) {
2090 struct hci_cp_set_conn_encrypt cp;
2091 cp.handle = ev->handle;
2092 cp.encrypt = 0x01;
2093 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2094 &cp);
d7556e20 2095 } else {
51a8efd7 2096 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2097 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2098 }
2099 }
2100
d7556e20 2101unlock:
1da177e4
LT		 2102 hci_dev_unlock(hdev);
2103}
2104
6039aa73 2105static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2106{
127178d2
JH		 2107 struct hci_ev_remote_name *ev = (void *) skb->data;
2108 struct hci_conn *conn;
2109
a9de9248 2110 BT_DBG("%s", hdev->name);
1da177e4 2111
a9de9248 2112 hci_conn_check_pending(hdev);
127178d2
JH		 2113
2114 hci_dev_lock(hdev);
2115
b644ba33 2116 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2117
b644ba33
JH		 2118 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2119 goto check_auth;
a88a9652 2120
b644ba33
JH		 2121 if (ev->status == 0)
2122 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2123 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2124 else
2125 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2126
2127check_auth:
79c6c70c
JH		 2128 if (!conn)
2129 goto unlock;
2130
2131 if (!hci_outgoing_auth_needed(hdev, conn))
2132 goto unlock;
2133
51a8efd7 2134 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2135 struct hci_cp_auth_requested cp;
2136 cp.handle = __cpu_to_le16(conn->handle);
2137 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2138 }
2139
79c6c70c 2140unlock:
127178d2 2141 hci_dev_unlock(hdev);
a9de9248
MH		 2142}
2143
6039aa73 2144static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2145{
2146 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2147 struct hci_conn *conn;
2148
9f1db00c 2149 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2150
2151 hci_dev_lock(hdev);
2152
04837f64 2153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2154 if (conn) {
2155 if (!ev->status) {
ae293196
MH		 2156 if (ev->encrypt) {
2157 /* Encryption implies authentication */
2158 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2159 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2160 conn->sec_level = conn->pending_sec_level;
ae293196 2161 } else
1da177e4
LT		 2162 conn->link_mode &= ~HCI_LM_ENCRYPT;
2163 }
2164
51a8efd7 2165 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2166
a7d7723a 2167 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2168 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2169 hci_conn_put(conn);
2170 goto unlock;
2171 }
2172
f8558555
MH		 2173 if (conn->state == BT_CONFIG) {
2174 if (!ev->status)
2175 conn->state = BT_CONNECTED;
2176
2177 hci_proto_connect_cfm(conn, ev->status);
2178 hci_conn_put(conn);
2179 } else
2180 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2181 }
2182
a7d7723a 2183unlock:
1da177e4
LT		 2184 hci_dev_unlock(hdev);
2185}
2186
6039aa73
GP		 2187static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2188 struct sk_buff *skb)
1da177e4 2189{
a9de9248 2190 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2191 struct hci_conn *conn;
1da177e4 2192
9f1db00c 2193 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2194
2195 hci_dev_lock(hdev);
2196
04837f64 2197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2198 if (conn) {
2199 if (!ev->status)
2200 conn->link_mode |= HCI_LM_SECURE;
2201
51a8efd7 2202 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2203
2204 hci_key_change_cfm(conn, ev->status);
2205 }
2206
2207 hci_dev_unlock(hdev);
2208}
2209
6039aa73
GP		 2210static void hci_remote_features_evt(struct hci_dev *hdev,
2211 struct sk_buff *skb)
1da177e4 2212{
a9de9248
MH		 2213 struct hci_ev_remote_features *ev = (void *) skb->data;
2214 struct hci_conn *conn;
2215
9f1db00c 2216 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2217
a9de9248
MH		 2218 hci_dev_lock(hdev);
2219
2220 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2221 if (!conn)
2222 goto unlock;
769be974 2223
ccd556fe
JH		 2224 if (!ev->status)
2225 memcpy(conn->features, ev->features, 8);
2226
2227 if (conn->state != BT_CONFIG)
2228 goto unlock;
2229
2230 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2231 struct hci_cp_read_remote_ext_features cp;
2232 cp.handle = ev->handle;
2233 cp.page = 0x01;
2234 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2235 sizeof(cp), &cp);
392599b9
JH		 2236 goto unlock;
2237 }
2238
671267bf 2239 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2240 struct hci_cp_remote_name_req cp;
2241 memset(&cp, 0, sizeof(cp));
2242 bacpy(&cp.bdaddr, &conn->dst);
2243 cp.pscan_rep_mode = 0x02;
2244 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2245 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2246 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2247 conn->dst_type, 0, NULL, 0,
2248 conn->dev_class);
392599b9 2249
127178d2 2250 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2251 conn->state = BT_CONNECTED;
2252 hci_proto_connect_cfm(conn, ev->status);
2253 hci_conn_put(conn);
769be974 2254 }
a9de9248 2255
ccd556fe 2256unlock:
a9de9248 2257 hci_dev_unlock(hdev);
1da177e4
LT		 2258}
2259
6039aa73 2260static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2261{
a9de9248 2262 BT_DBG("%s", hdev->name);
1da177e4
LT		 2263}
2264
6039aa73
GP		 2265static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2266 struct sk_buff *skb)
1da177e4 2267{
a9de9248 2268 BT_DBG("%s", hdev->name);
1da177e4
LT		 2269}
2270
6039aa73 2271static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2272{
2273 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2274 __u16 opcode;
2275
2276 skb_pull(skb, sizeof(*ev));
2277
2278 opcode = __le16_to_cpu(ev->opcode);
2279
2280 switch (opcode) {
2281 case HCI_OP_INQUIRY_CANCEL:
2282 hci_cc_inquiry_cancel(hdev, skb);
2283 break;
2284
4d93483b
AG		 2285 case HCI_OP_PERIODIC_INQ:
2286 hci_cc_periodic_inq(hdev, skb);
2287 break;
2288
a9de9248
MH		 2289 case HCI_OP_EXIT_PERIODIC_INQ:
2290 hci_cc_exit_periodic_inq(hdev, skb);
2291 break;
2292
2293 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2294 hci_cc_remote_name_req_cancel(hdev, skb);
2295 break;
2296
2297 case HCI_OP_ROLE_DISCOVERY:
2298 hci_cc_role_discovery(hdev, skb);
2299 break;
2300
e4e8e37c
MH		 2301 case HCI_OP_READ_LINK_POLICY:
2302 hci_cc_read_link_policy(hdev, skb);
2303 break;
2304
a9de9248
MH		 2305 case HCI_OP_WRITE_LINK_POLICY:
2306 hci_cc_write_link_policy(hdev, skb);
2307 break;
2308
e4e8e37c
MH		 2309 case HCI_OP_READ_DEF_LINK_POLICY:
2310 hci_cc_read_def_link_policy(hdev, skb);
2311 break;
2312
2313 case HCI_OP_WRITE_DEF_LINK_POLICY:
2314 hci_cc_write_def_link_policy(hdev, skb);
2315 break;
2316
a9de9248
MH		 2317 case HCI_OP_RESET:
2318 hci_cc_reset(hdev, skb);
2319 break;
2320
2321 case HCI_OP_WRITE_LOCAL_NAME:
2322 hci_cc_write_local_name(hdev, skb);
2323 break;
2324
2325 case HCI_OP_READ_LOCAL_NAME:
2326 hci_cc_read_local_name(hdev, skb);
2327 break;
2328
2329 case HCI_OP_WRITE_AUTH_ENABLE:
2330 hci_cc_write_auth_enable(hdev, skb);
2331 break;
2332
2333 case HCI_OP_WRITE_ENCRYPT_MODE:
2334 hci_cc_write_encrypt_mode(hdev, skb);
2335 break;
2336
2337 case HCI_OP_WRITE_SCAN_ENABLE:
2338 hci_cc_write_scan_enable(hdev, skb);
2339 break;
2340
2341 case HCI_OP_READ_CLASS_OF_DEV:
2342 hci_cc_read_class_of_dev(hdev, skb);
2343 break;
2344
2345 case HCI_OP_WRITE_CLASS_OF_DEV:
2346 hci_cc_write_class_of_dev(hdev, skb);
2347 break;
2348
2349 case HCI_OP_READ_VOICE_SETTING:
2350 hci_cc_read_voice_setting(hdev, skb);
2351 break;
2352
2353 case HCI_OP_WRITE_VOICE_SETTING:
2354 hci_cc_write_voice_setting(hdev, skb);
2355 break;
2356
2357 case HCI_OP_HOST_BUFFER_SIZE:
2358 hci_cc_host_buffer_size(hdev, skb);
2359 break;
2360
333140b5
MH		 2361 case HCI_OP_WRITE_SSP_MODE:
2362 hci_cc_write_ssp_mode(hdev, skb);
2363 break;
2364
a9de9248
MH		 2365 case HCI_OP_READ_LOCAL_VERSION:
2366 hci_cc_read_local_version(hdev, skb);
2367 break;
2368
2369 case HCI_OP_READ_LOCAL_COMMANDS:
2370 hci_cc_read_local_commands(hdev, skb);
2371 break;
2372
2373 case HCI_OP_READ_LOCAL_FEATURES:
2374 hci_cc_read_local_features(hdev, skb);
2375 break;
2376
971e3a4b
AG		 2377 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2378 hci_cc_read_local_ext_features(hdev, skb);
2379 break;
2380
a9de9248
MH		 2381 case HCI_OP_READ_BUFFER_SIZE:
2382 hci_cc_read_buffer_size(hdev, skb);
2383 break;
2384
2385 case HCI_OP_READ_BD_ADDR:
2386 hci_cc_read_bd_addr(hdev, skb);
2387 break;
2388
350ee4cf
AE		 2389 case HCI_OP_READ_DATA_BLOCK_SIZE:
2390 hci_cc_read_data_block_size(hdev, skb);
2391 break;
2392
23bb5763
JH		 2393 case HCI_OP_WRITE_CA_TIMEOUT:
2394 hci_cc_write_ca_timeout(hdev, skb);
2395 break;
2396
1e89cffb
AE		 2397 case HCI_OP_READ_FLOW_CONTROL_MODE:
2398 hci_cc_read_flow_control_mode(hdev, skb);
2399 break;
2400
928abaa7
AE		 2401 case HCI_OP_READ_LOCAL_AMP_INFO:
2402 hci_cc_read_local_amp_info(hdev, skb);
2403 break;
2404
903e4541
AE		 2405 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2406 hci_cc_read_local_amp_assoc(hdev, skb);
2407 break;
2408
b0916ea0
JH		 2409 case HCI_OP_DELETE_STORED_LINK_KEY:
2410 hci_cc_delete_stored_link_key(hdev, skb);
2411 break;
2412
d5859e22
JH		 2413 case HCI_OP_SET_EVENT_MASK:
2414 hci_cc_set_event_mask(hdev, skb);
2415 break;
2416
2417 case HCI_OP_WRITE_INQUIRY_MODE:
2418 hci_cc_write_inquiry_mode(hdev, skb);
2419 break;
2420
2421 case HCI_OP_READ_INQ_RSP_TX_POWER:
2422 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2423 break;
2424
2425 case HCI_OP_SET_EVENT_FLT:
2426 hci_cc_set_event_flt(hdev, skb);
2427 break;
2428
980e1a53
JH		 2429 case HCI_OP_PIN_CODE_REPLY:
2430 hci_cc_pin_code_reply(hdev, skb);
2431 break;
2432
2433 case HCI_OP_PIN_CODE_NEG_REPLY:
2434 hci_cc_pin_code_neg_reply(hdev, skb);
2435 break;
2436
c35938b2
SJ		 2437 case HCI_OP_READ_LOCAL_OOB_DATA:
2438 hci_cc_read_local_oob_data_reply(hdev, skb);
2439 break;
2440
6ed58ec5
VT		 2441 case HCI_OP_LE_READ_BUFFER_SIZE:
2442 hci_cc_le_read_buffer_size(hdev, skb);
2443 break;
2444
a5c29683
JH		 2445 case HCI_OP_USER_CONFIRM_REPLY:
2446 hci_cc_user_confirm_reply(hdev, skb);
2447 break;
2448
2449 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2450 hci_cc_user_confirm_neg_reply(hdev, skb);
2451 break;
2452
1143d458
BG		 2453 case HCI_OP_USER_PASSKEY_REPLY:
2454 hci_cc_user_passkey_reply(hdev, skb);
2455 break;
2456
2457 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2458 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2459 break;
07f7fa5d
AG		 2460
2461 case HCI_OP_LE_SET_SCAN_PARAM:
2462 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2463 break;
2464
eb9d91f5
AG		 2465 case HCI_OP_LE_SET_SCAN_ENABLE:
2466 hci_cc_le_set_scan_enable(hdev, skb);
2467 break;
2468
a7a595f6
VCG		 2469 case HCI_OP_LE_LTK_REPLY:
2470 hci_cc_le_ltk_reply(hdev, skb);
2471 break;
2472
2473 case HCI_OP_LE_LTK_NEG_REPLY:
2474 hci_cc_le_ltk_neg_reply(hdev, skb);
2475 break;
2476
f9b49306
AG		 2477 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2478 hci_cc_write_le_host_supported(hdev, skb);
2479 break;
2480
93c284ee
AE		 2481 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2482 hci_cc_write_remote_amp_assoc(hdev, skb);
2483 break;
2484
a9de9248 2485 default:
9f1db00c 2486 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2487 break;
2488 }
2489
6bd32326
VT		 2490 if (ev->opcode != HCI_OP_NOP)
2491 del_timer(&hdev->cmd_timer);
2492
a9de9248
MH		 2493 if (ev->ncmd) {
2494 atomic_set(&hdev->cmd_cnt, 1);
2495 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2496 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2497 }
2498}
2499
6039aa73 2500static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2501{
2502 struct hci_ev_cmd_status *ev = (void *) skb->data;
2503 __u16 opcode;
2504
2505 skb_pull(skb, sizeof(*ev));
2506
2507 opcode = __le16_to_cpu(ev->opcode);
2508
2509 switch (opcode) {
2510 case HCI_OP_INQUIRY:
2511 hci_cs_inquiry(hdev, ev->status);
2512 break;
2513
2514 case HCI_OP_CREATE_CONN:
2515 hci_cs_create_conn(hdev, ev->status);
2516 break;
2517
2518 case HCI_OP_ADD_SCO:
2519 hci_cs_add_sco(hdev, ev->status);
2520 break;
2521
f8558555
MH		 2522 case HCI_OP_AUTH_REQUESTED:
2523 hci_cs_auth_requested(hdev, ev->status);
2524 break;
2525
2526 case HCI_OP_SET_CONN_ENCRYPT:
2527 hci_cs_set_conn_encrypt(hdev, ev->status);
2528 break;
2529
a9de9248
MH		 2530 case HCI_OP_REMOTE_NAME_REQ:
2531 hci_cs_remote_name_req(hdev, ev->status);
2532 break;
2533
769be974
MH		 2534 case HCI_OP_READ_REMOTE_FEATURES:
2535 hci_cs_read_remote_features(hdev, ev->status);
2536 break;
2537
2538 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2539 hci_cs_read_remote_ext_features(hdev, ev->status);
2540 break;
2541
a9de9248
MH		 2542 case HCI_OP_SETUP_SYNC_CONN:
2543 hci_cs_setup_sync_conn(hdev, ev->status);
2544 break;
2545
2546 case HCI_OP_SNIFF_MODE:
2547 hci_cs_sniff_mode(hdev, ev->status);
2548 break;
2549
2550 case HCI_OP_EXIT_SNIFF_MODE:
2551 hci_cs_exit_sniff_mode(hdev, ev->status);
2552 break;
2553
8962ee74 2554 case HCI_OP_DISCONNECT:
88c3df13 2555 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2556 break;
2557
fcd89c09
VT		 2558 case HCI_OP_LE_CREATE_CONN:
2559 hci_cs_le_create_conn(hdev, ev->status);
2560 break;
2561
a7a595f6
VCG		 2562 case HCI_OP_LE_START_ENC:
2563 hci_cs_le_start_enc(hdev, ev->status);
2564 break;
2565
a02226d6
AE		 2566 case HCI_OP_CREATE_PHY_LINK:
2567 hci_cs_create_phylink(hdev, ev->status);
2568 break;
2569
0b26ab9d
AE		 2570 case HCI_OP_ACCEPT_PHY_LINK:
2571 hci_cs_accept_phylink(hdev, ev->status);
2572 break;
2573
a9de9248 2574 default:
9f1db00c 2575 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2576 break;
2577 }
2578
6bd32326
VT		 2579 if (ev->opcode != HCI_OP_NOP)
2580 del_timer(&hdev->cmd_timer);
2581
10572132 2582 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2583 atomic_set(&hdev->cmd_cnt, 1);
2584 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2585 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2586 }
2587}
2588
6039aa73 2589static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2590{
2591 struct hci_ev_role_change *ev = (void *) skb->data;
2592 struct hci_conn *conn;
2593
9f1db00c 2594 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2595
2596 hci_dev_lock(hdev);
2597
2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2599 if (conn) {
2600 if (!ev->status) {
2601 if (ev->role)
2602 conn->link_mode &= ~HCI_LM_MASTER;
2603 else
2604 conn->link_mode |= HCI_LM_MASTER;
2605 }
2606
51a8efd7 2607 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2608
2609 hci_role_switch_cfm(conn, ev->status, ev->role);
2610 }
2611
2612 hci_dev_unlock(hdev);
2613}
2614
6039aa73 2615static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2616{
2617 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2618 int i;
2619
32ac5b9b
AE		 2620 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2621 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2622 return;
2623 }
2624
c5993de8 2625 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2626 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2627 BT_DBG("%s bad parameters", hdev->name);
2628 return;
2629 }
2630
c5993de8
AE		 2631 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2632
613a1c0c
AE		 2633 for (i = 0; i < ev->num_hndl; i++) {
2634 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2635 struct hci_conn *conn;
2636 __u16 handle, count;
2637
613a1c0c
AE		 2638 handle = __le16_to_cpu(info->handle);
2639 count = __le16_to_cpu(info->count);
a9de9248
MH		 2640
2641 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2642 if (!conn)
2643 continue;
2644
2645 conn->sent -= count;
2646
2647 switch (conn->type) {
2648 case ACL_LINK:
2649 hdev->acl_cnt += count;
2650 if (hdev->acl_cnt > hdev->acl_pkts)
2651 hdev->acl_cnt = hdev->acl_pkts;
2652 break;
2653
2654 case LE_LINK:
2655 if (hdev->le_pkts) {
2656 hdev->le_cnt += count;
2657 if (hdev->le_cnt > hdev->le_pkts)
2658 hdev->le_cnt = hdev->le_pkts;
2659 } else {
70f23020
AE		 2660 hdev->acl_cnt += count;
2661 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2662 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2663 }
f4280918
AE		 2664 break;
2665
2666 case SCO_LINK:
2667 hdev->sco_cnt += count;
2668 if (hdev->sco_cnt > hdev->sco_pkts)
2669 hdev->sco_cnt = hdev->sco_pkts;
2670 break;
2671
2672 default:
2673 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2674 break;
a9de9248
MH		 2675 }
2676 }
2677
3eff45ea 2678 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2679}
2680
6039aa73 2681static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2682{
2683 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2684 int i;
2685
2686 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2687 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2688 return;
2689 }
2690
2691 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2692 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2693 BT_DBG("%s bad parameters", hdev->name);
2694 return;
2695 }
2696
2697 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2698 ev->num_hndl);
25e89e99
AE		 2699
2700 for (i = 0; i < ev->num_hndl; i++) {
2701 struct hci_comp_blocks_info *info = &ev->handles[i];
2702 struct hci_conn *conn;
2703 __u16 handle, block_count;
2704
2705 handle = __le16_to_cpu(info->handle);
2706 block_count = __le16_to_cpu(info->blocks);
2707
2708 conn = hci_conn_hash_lookup_handle(hdev, handle);
2709 if (!conn)
2710 continue;
2711
2712 conn->sent -= block_count;
2713
2714 switch (conn->type) {
2715 case ACL_LINK:
2716 hdev->block_cnt += block_count;
2717 if (hdev->block_cnt > hdev->num_blocks)
2718 hdev->block_cnt = hdev->num_blocks;
2719 break;
2720
2721 default:
2722 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2723 break;
2724 }
2725 }
2726
2727 queue_work(hdev->workqueue, &hdev->tx_work);
2728}
2729
6039aa73 2730static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2731{
a9de9248 2732 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2733 struct hci_conn *conn;
2734
9f1db00c 2735 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2736
2737 hci_dev_lock(hdev);
2738
2739 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2740 if (conn) {
2741 conn->mode = ev->mode;
2742 conn->interval = __le16_to_cpu(ev->interval);
2743
8fc9ced3
GP		 2744 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2745 &conn->flags)) {
a9de9248 2746 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2747 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2748 else
58a681ef 2749 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2750 }
e73439d8 2751
51a8efd7 2752 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2753 hci_sco_setup(conn, ev->status);
04837f64
MH		 2754 }
2755
2756 hci_dev_unlock(hdev);
2757}
2758
6039aa73 2759static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2760{
052b30b0
MH		 2761 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2762 struct hci_conn *conn;
2763
a9de9248 2764 BT_DBG("%s", hdev->name);
052b30b0
MH		 2765
2766 hci_dev_lock(hdev);
2767
2768 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2769 if (!conn)
2770 goto unlock;
2771
2772 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2773 hci_conn_hold(conn);
2774 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2775 hci_conn_put(conn);
2776 }
2777
a8b2d5c2 2778 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2779 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2780 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2781 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2782 u8 secure;
2783
2784 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2785 secure = 1;
2786 else
2787 secure = 0;
2788
744cf19e 2789 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2790 }
980e1a53 2791
b6f98044 2792unlock:
052b30b0 2793 hci_dev_unlock(hdev);
a9de9248
MH		 2794}
2795
6039aa73 2796static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2797{
55ed8ca1
JH		 2798 struct hci_ev_link_key_req *ev = (void *) skb->data;
2799 struct hci_cp_link_key_reply cp;
2800 struct hci_conn *conn;
2801 struct link_key *key;
2802
a9de9248 2803 BT_DBG("%s", hdev->name);
55ed8ca1 2804
a8b2d5c2 2805 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2806 return;
2807
2808 hci_dev_lock(hdev);
2809
2810 key = hci_find_link_key(hdev, &ev->bdaddr);
2811 if (!key) {
2812 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2813 batostr(&ev->bdaddr));
55ed8ca1
JH		 2814 goto not_found;
2815 }
2816
2817 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2818 batostr(&ev->bdaddr));
55ed8ca1 2819
a8b2d5c2 2820 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2821 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2822 BT_DBG("%s ignoring debug key", hdev->name);
2823 goto not_found;
2824 }
2825
2826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2827 if (conn) {
2828 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2829 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2830 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2831 goto not_found;
2832 }
55ed8ca1 2833
60b83f57 2834 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2835 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2836 BT_DBG("%s ignoring key unauthenticated for high security",
2837 hdev->name);
60b83f57
WR		 2838 goto not_found;
2839 }
2840
2841 conn->key_type = key->type;
2842 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2843 }
2844
2845 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2846 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2847
2848 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2849
2850 hci_dev_unlock(hdev);
2851
2852 return;
2853
2854not_found:
2855 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2856 hci_dev_unlock(hdev);
a9de9248
MH		 2857}
2858
6039aa73 2859static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2860{
052b30b0
MH		 2861 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2862 struct hci_conn *conn;
55ed8ca1 2863 u8 pin_len = 0;
052b30b0 2864
a9de9248 2865 BT_DBG("%s", hdev->name);
052b30b0
MH		 2866
2867 hci_dev_lock(hdev);
2868
2869 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2870 if (conn) {
2871 hci_conn_hold(conn);
2872 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2873 pin_len = conn->pin_length;
13d39315
WR		 2874
2875 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2876 conn->key_type = ev->key_type;
2877
052b30b0
MH		 2878 hci_conn_put(conn);
2879 }
2880
a8b2d5c2 2881 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2882 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2883 ev->key_type, pin_len);
55ed8ca1 2884
052b30b0 2885 hci_dev_unlock(hdev);
a9de9248
MH		 2886}
2887
6039aa73 2888static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2889{
a9de9248 2890 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2891 struct hci_conn *conn;
1da177e4 2892
9f1db00c 2893 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2894
2895 hci_dev_lock(hdev);
2896
04837f64 2897 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2898 if (conn && !ev->status) {
2899 struct inquiry_entry *ie;
2900
cc11b9c1
AE		 2901 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2902 if (ie) {
1da177e4
LT		 2903 ie->data.clock_offset = ev->clock_offset;
2904 ie->timestamp = jiffies;
2905 }
2906 }
2907
2908 hci_dev_unlock(hdev);
2909}
2910
6039aa73 2911static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2912{
2913 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2914 struct hci_conn *conn;
2915
9f1db00c 2916 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2917
2918 hci_dev_lock(hdev);
2919
2920 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2921 if (conn && !ev->status)
2922 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2923
2924 hci_dev_unlock(hdev);
2925}
2926
6039aa73 2927static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2928{
a9de9248 2929 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2930 struct inquiry_entry *ie;
2931
2932 BT_DBG("%s", hdev->name);
2933
2934 hci_dev_lock(hdev);
2935
cc11b9c1
AE		 2936 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2937 if (ie) {
85a1e930
MH		 2938 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2939 ie->timestamp = jiffies;
2940 }
2941
2942 hci_dev_unlock(hdev);
2943}
2944
6039aa73
GP		 2945static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2946 struct sk_buff *skb)
a9de9248
MH		 2947{
2948 struct inquiry_data data;
2949 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2950 bool name_known, ssp;
a9de9248
MH		 2951
2952 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2953
2954 if (!num_rsp)
2955 return;
2956
1519cc17
AG		 2957 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2958 return;
2959
a9de9248
MH		 2960 hci_dev_lock(hdev);
2961
2962 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2963 struct inquiry_info_with_rssi_and_pscan_mode *info;
2964 info = (void *) (skb->data + 1);
a9de9248 2965
e17acd40 2966 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2967 bacpy(&data.bdaddr, &info->bdaddr);
2968 data.pscan_rep_mode = info->pscan_rep_mode;
2969 data.pscan_period_mode = info->pscan_period_mode;
2970 data.pscan_mode = info->pscan_mode;
2971 memcpy(data.dev_class, info->dev_class, 3);
2972 data.clock_offset = info->clock_offset;
2973 data.rssi = info->rssi;
41a96212 2974 data.ssp_mode = 0x00;
3175405b
JH		 2975
2976 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2977 false, &ssp);
48264f06 2978 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2979 info->dev_class, info->rssi,
2980 !name_known, ssp, NULL, 0);
a9de9248
MH		 2981 }
2982 } else {
2983 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2984
e17acd40 2985 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2986 bacpy(&data.bdaddr, &info->bdaddr);
2987 data.pscan_rep_mode = info->pscan_rep_mode;
2988 data.pscan_period_mode = info->pscan_period_mode;
2989 data.pscan_mode = 0x00;
2990 memcpy(data.dev_class, info->dev_class, 3);
2991 data.clock_offset = info->clock_offset;
2992 data.rssi = info->rssi;
41a96212 2993 data.ssp_mode = 0x00;
3175405b 2994 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2995 false, &ssp);
48264f06 2996 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2997 info->dev_class, info->rssi,
2998 !name_known, ssp, NULL, 0);
a9de9248
MH		 2999 }
3000 }
3001
3002 hci_dev_unlock(hdev);
3003}
3004
6039aa73
GP		 3005static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3006 struct sk_buff *skb)
a9de9248 3007{
41a96212
MH		 3008 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3009 struct hci_conn *conn;
3010
a9de9248 3011 BT_DBG("%s", hdev->name);
41a96212 3012
41a96212
MH		 3013 hci_dev_lock(hdev);
3014
3015 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3016 if (!conn)
3017 goto unlock;
41a96212 3018
ccd556fe
JH		 3019 if (!ev->status && ev->page == 0x01) {
3020 struct inquiry_entry *ie;
41a96212 3021
cc11b9c1
AE		 3022 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3023 if (ie)
02b7cc62 3024 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3025
02b7cc62 3026 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3027 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3028 }
3029
3030 if (conn->state != BT_CONFIG)
3031 goto unlock;
3032
671267bf 3033 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3034 struct hci_cp_remote_name_req cp;
3035 memset(&cp, 0, sizeof(cp));
3036 bacpy(&cp.bdaddr, &conn->dst);
3037 cp.pscan_rep_mode = 0x02;
3038 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3039 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3040 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3041 conn->dst_type, 0, NULL, 0,
3042 conn->dev_class);
392599b9 3043
127178d2 3044 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3045 conn->state = BT_CONNECTED;
3046 hci_proto_connect_cfm(conn, ev->status);
3047 hci_conn_put(conn);
41a96212
MH		 3048 }
3049
ccd556fe 3050unlock:
41a96212 3051 hci_dev_unlock(hdev);
a9de9248
MH		 3052}
3053
6039aa73
GP		 3054static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3055 struct sk_buff *skb)
a9de9248 3056{
b6a0dc82
MH		 3057 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3058 struct hci_conn *conn;
3059
9f1db00c 3060 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3061
3062 hci_dev_lock(hdev);
3063
3064 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3065 if (!conn) {
3066 if (ev->link_type == ESCO_LINK)
3067 goto unlock;
3068
3069 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3070 if (!conn)
3071 goto unlock;
3072
3073 conn->type = SCO_LINK;
3074 }
b6a0dc82 3075
732547f9
MH		 3076 switch (ev->status) {
3077 case 0x00:
b6a0dc82
MH		 3078 conn->handle = __le16_to_cpu(ev->handle);
3079 conn->state = BT_CONNECTED;
7d0db0a3 3080
9eba32b8 3081 hci_conn_hold_device(conn);
7d0db0a3 3082 hci_conn_add_sysfs(conn);
732547f9
MH		 3083 break;
3084
705e5711 3085 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3086 case 0x1c: /* SCO interval rejected */
1038a00b 3087 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3088 case 0x1f: /* Unspecified error */
3089 if (conn->out && conn->attempt < 2) {
3090 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3091 (hdev->esco_type & EDR_ESCO_MASK);
3092 hci_setup_sync(conn, conn->link->handle);
3093 goto unlock;
3094 }
3095 /* fall through */
3096
3097 default:
b6a0dc82 3098 conn->state = BT_CLOSED;
732547f9
MH		 3099 break;
3100 }
b6a0dc82
MH		 3101
3102 hci_proto_connect_cfm(conn, ev->status);
3103 if (ev->status)
3104 hci_conn_del(conn);
3105
3106unlock:
3107 hci_dev_unlock(hdev);
a9de9248
MH		 3108}
3109
6039aa73 3110static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3111{
3112 BT_DBG("%s", hdev->name);
3113}
3114
6039aa73 3115static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3116{
a9de9248 3117 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3118
9f1db00c 3119 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3120}
3121
6039aa73
GP		 3122static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3123 struct sk_buff *skb)
1da177e4 3124{
a9de9248
MH		 3125 struct inquiry_data data;
3126 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3127 int num_rsp = *((__u8 *) skb->data);
9d939d94 3128 size_t eir_len;
1da177e4 3129
a9de9248 3130 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3131
a9de9248
MH		 3132 if (!num_rsp)
3133 return;
1da177e4 3134
1519cc17
AG		 3135 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3136 return;
3137
a9de9248
MH		 3138 hci_dev_lock(hdev);
3139
e17acd40 3140 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3141 bool name_known, ssp;
561aafbc 3142
a9de9248 3143 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3144 data.pscan_rep_mode = info->pscan_rep_mode;
3145 data.pscan_period_mode = info->pscan_period_mode;
3146 data.pscan_mode = 0x00;
a9de9248 3147 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3148 data.clock_offset = info->clock_offset;
3149 data.rssi = info->rssi;
41a96212 3150 data.ssp_mode = 0x01;
561aafbc 3151
a8b2d5c2 3152 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3153 name_known = eir_has_data_type(info->data,
04124681
GP		 3154 sizeof(info->data),
3155 EIR_NAME_COMPLETE);
561aafbc
JH		 3156 else
3157 name_known = true;
3158
388fc8fa 3159 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3160 &ssp);
9d939d94 3161 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3162 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3163 info->dev_class, info->rssi, !name_known,
9d939d94 3164 ssp, info->data, eir_len);
a9de9248
MH		 3165 }
3166
3167 hci_dev_unlock(hdev);
3168}
1da177e4 3169
1c2e0041
JH		 3170static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3171 struct sk_buff *skb)
3172{
3173 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3174 struct hci_conn *conn;
3175
9f1db00c 3176 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3177 __le16_to_cpu(ev->handle));
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3182 if (!conn)
3183 goto unlock;
3184
3185 if (!ev->status)
3186 conn->sec_level = conn->pending_sec_level;
3187
3188 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3189
3190 if (ev->status && conn->state == BT_CONNECTED) {
3191 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3192 hci_conn_put(conn);
3193 goto unlock;
3194 }
3195
3196 if (conn->state == BT_CONFIG) {
3197 if (!ev->status)
3198 conn->state = BT_CONNECTED;
3199
3200 hci_proto_connect_cfm(conn, ev->status);
3201 hci_conn_put(conn);
3202 } else {
3203 hci_auth_cfm(conn, ev->status);
3204
3205 hci_conn_hold(conn);
3206 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3207 hci_conn_put(conn);
3208 }
3209
3210unlock:
3211 hci_dev_unlock(hdev);
3212}
3213
6039aa73 3214static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3215{
3216 /* If remote requests dedicated bonding follow that lead */
3217 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3218 /* If both remote and local IO capabilities allow MITM
3219 * protection then require it, otherwise don't */
3220 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3221 return 0x02;
3222 else
3223 return 0x03;
3224 }
3225
3226 /* If remote requests no-bonding follow that lead */
3227 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3228 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3229
3230 return conn->auth_type;
3231}
3232
6039aa73 3233static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3234{
3235 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3236 struct hci_conn *conn;
3237
3238 BT_DBG("%s", hdev->name);
3239
3240 hci_dev_lock(hdev);
3241
3242 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3243 if (!conn)
3244 goto unlock;
3245
3246 hci_conn_hold(conn);
3247
a8b2d5c2 3248 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3249 goto unlock;
3250
a8b2d5c2 3251 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3252 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3253 struct hci_cp_io_capability_reply cp;
3254
3255 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3256 /* Change the IO capability from KeyboardDisplay
3257 * to DisplayYesNo as it is not supported by BT spec. */
3258 cp.capability = (conn->io_capability == 0x04) ?
3259 0x01 : conn->io_capability;
7cbc9bd9
JH		 3260 conn->auth_type = hci_get_auth_req(conn);
3261 cp.authentication = conn->auth_type;
17fa4b9d 3262
8fc9ced3
GP		 3263 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3264 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3265 cp.oob_data = 0x01;
3266 else
3267 cp.oob_data = 0x00;
3268
17fa4b9d 3269 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3270 sizeof(cp), &cp);
03b555e1
JH		 3271 } else {
3272 struct hci_cp_io_capability_neg_reply cp;
3273
3274 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3275 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3276
03b555e1 3277 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3278 sizeof(cp), &cp);
03b555e1
JH		 3279 }
3280
3281unlock:
3282 hci_dev_unlock(hdev);
3283}
3284
6039aa73 3285static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3286{
3287 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3288 struct hci_conn *conn;
3289
3290 BT_DBG("%s", hdev->name);
3291
3292 hci_dev_lock(hdev);
3293
3294 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3295 if (!conn)
3296 goto unlock;
3297
03b555e1 3298 conn->remote_cap = ev->capability;
03b555e1 3299 conn->remote_auth = ev->authentication;
58a681ef
JH		 3300 if (ev->oob_data)
3301 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3302
3303unlock:
0493684e
MH		 3304 hci_dev_unlock(hdev);
3305}
3306
6039aa73
GP		 3307static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3308 struct sk_buff *skb)
a5c29683
JH		 3309{
3310 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3311 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3312 struct hci_conn *conn;
a5c29683
JH		 3313
3314 BT_DBG("%s", hdev->name);
3315
3316 hci_dev_lock(hdev);
3317
a8b2d5c2 3318 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3319 goto unlock;
a5c29683 3320
7a828908
JH		 3321 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3322 if (!conn)
3323 goto unlock;
3324
3325 loc_mitm = (conn->auth_type & 0x01);
3326 rem_mitm = (conn->remote_auth & 0x01);
3327
3328 /* If we require MITM but the remote device can't provide that
3329 * (it has NoInputNoOutput) then reject the confirmation
3330 * request. The only exception is when we're dedicated bonding
3331 * initiators (connect_cfm_cb set) since then we always have the MITM
3332 * bit set. */
3333 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3334 BT_DBG("Rejecting request: remote device can't provide MITM");
3335 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3336 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3337 goto unlock;
3338 }
3339
3340 /* If no side requires MITM protection; auto-accept */
3341 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3342 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3343
3344 /* If we're not the initiators request authorization to
3345 * proceed from user space (mgmt_user_confirm with
3346 * confirm_hint set to 1). */
51a8efd7 3347 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3348 BT_DBG("Confirming auto-accept as acceptor");
3349 confirm_hint = 1;
3350 goto confirm;
3351 }
3352
9f61656a 3353 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3354 hdev->auto_accept_delay);
9f61656a
JH		 3355
3356 if (hdev->auto_accept_delay > 0) {
3357 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3358 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3359 goto unlock;
3360 }
3361
7a828908 3362 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3363 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3364 goto unlock;
3365 }
3366
55bc1a37 3367confirm:
272d90df 3368 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3369 confirm_hint);
7a828908
JH		 3370
3371unlock:
a5c29683
JH		 3372 hci_dev_unlock(hdev);
3373}
3374
6039aa73
GP		 3375static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3376 struct sk_buff *skb)
1143d458
BG		 3377{
3378 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3379
3380 BT_DBG("%s", hdev->name);
3381
a8b2d5c2 3382 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3383 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3384}
3385
92a25256
JH		 3386static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
3388{
3389 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3390 struct hci_conn *conn;
3391
3392 BT_DBG("%s", hdev->name);
3393
3394 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3395 if (!conn)
3396 return;
3397
3398 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3399 conn->passkey_entered = 0;
3400
3401 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3402 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3403 conn->dst_type, conn->passkey_notify,
3404 conn->passkey_entered);
3405}
3406
3407static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3408{
3409 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3410 struct hci_conn *conn;
3411
3412 BT_DBG("%s", hdev->name);
3413
3414 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3415 if (!conn)
3416 return;
3417
3418 switch (ev->type) {
3419 case HCI_KEYPRESS_STARTED:
3420 conn->passkey_entered = 0;
3421 return;
3422
3423 case HCI_KEYPRESS_ENTERED:
3424 conn->passkey_entered++;
3425 break;
3426
3427 case HCI_KEYPRESS_ERASED:
3428 conn->passkey_entered--;
3429 break;
3430
3431 case HCI_KEYPRESS_CLEARED:
3432 conn->passkey_entered = 0;
3433 break;
3434
3435 case HCI_KEYPRESS_COMPLETED:
3436 return;
3437 }
3438
3439 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3440 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3441 conn->dst_type, conn->passkey_notify,
3442 conn->passkey_entered);
3443}
3444
6039aa73
GP		 3445static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3446 struct sk_buff *skb)
0493684e
MH		 3447{
3448 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3449 struct hci_conn *conn;
3450
3451 BT_DBG("%s", hdev->name);
3452
3453 hci_dev_lock(hdev);
3454
3455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3456 if (!conn)
3457 goto unlock;
3458
3459 /* To avoid duplicate auth_failed events to user space we check
3460 * the HCI_CONN_AUTH_PEND flag which will be set if we
3461 * initiated the authentication. A traditional auth_complete
3462 * event gets always produced as initiator and is also mapped to
3463 * the mgmt_auth_failed event */
fa1bd918 3464 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3465 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3466 ev->status);
0493684e 3467
2a611692
JH		 3468 hci_conn_put(conn);
3469
3470unlock:
0493684e
MH		 3471 hci_dev_unlock(hdev);
3472}
3473
6039aa73
GP		 3474static void hci_remote_host_features_evt(struct hci_dev *hdev,
3475 struct sk_buff *skb)
41a96212
MH		 3476{
3477 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3478 struct inquiry_entry *ie;
3479
3480 BT_DBG("%s", hdev->name);
3481
3482 hci_dev_lock(hdev);
3483
cc11b9c1
AE		 3484 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3485 if (ie)
02b7cc62 3486 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3487
3488 hci_dev_unlock(hdev);
3489}
3490
6039aa73
GP		 3491static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3492 struct sk_buff *skb)
2763eda6
SJ		 3493{
3494 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3495 struct oob_data *data;
3496
3497 BT_DBG("%s", hdev->name);
3498
3499 hci_dev_lock(hdev);
3500
a8b2d5c2 3501 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3502 goto unlock;
3503
2763eda6
SJ		 3504 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3505 if (data) {
3506 struct hci_cp_remote_oob_data_reply cp;
3507
3508 bacpy(&cp.bdaddr, &ev->bdaddr);
3509 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3510 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3511
3512 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3513 &cp);
2763eda6
SJ		 3514 } else {
3515 struct hci_cp_remote_oob_data_neg_reply cp;
3516
3517 bacpy(&cp.bdaddr, &ev->bdaddr);
3518 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3519 &cp);
2763eda6
SJ		 3520 }
3521
e1ba1f15 3522unlock:
2763eda6
SJ		 3523 hci_dev_unlock(hdev);
3524}
3525
6039aa73 3526static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3527{
3528 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3529 struct hci_conn *conn;
3530
9f1db00c 3531 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3532
3533 hci_dev_lock(hdev);
3534
b47a09b3 3535 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3536 if (!conn) {
3537 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3538 if (!conn) {
3539 BT_ERR("No memory for new connection");
230fd16a 3540 goto unlock;
b62f328b 3541 }
29b7988a
AG		 3542
3543 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3544
3545 if (ev->role == LE_CONN_ROLE_MASTER) {
3546 conn->out = true;
3547 conn->link_mode |= HCI_LM_MASTER;
3548 }
b62f328b 3549 }
fcd89c09 3550
cd17decb
AG		 3551 if (ev->status) {
3552 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3553 conn->dst_type, ev->status);
3554 hci_proto_connect_cfm(conn, ev->status);
3555 conn->state = BT_CLOSED;
3556 hci_conn_del(conn);
3557 goto unlock;
3558 }
3559
b644ba33
JH		 3560 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3561 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3562 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3563
7b5c0d52 3564 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3565 conn->handle = __le16_to_cpu(ev->handle);
3566 conn->state = BT_CONNECTED;
3567
3568 hci_conn_hold_device(conn);
3569 hci_conn_add_sysfs(conn);
3570
3571 hci_proto_connect_cfm(conn, ev->status);
3572
3573unlock:
3574 hci_dev_unlock(hdev);
3575}
3576
6039aa73 3577static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3578{
e95beb41
AG		 3579 u8 num_reports = skb->data[0];
3580 void *ptr = &skb->data[1];
3c9e9195 3581 s8 rssi;
9aa04c91
AG		 3582
3583 hci_dev_lock(hdev);
3584
e95beb41
AG		 3585 while (num_reports--) {
3586 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3587
3c9e9195
AG		 3588 rssi = ev->data[ev->length];
3589 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3590 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3591
e95beb41 3592 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3593 }
3594
3595 hci_dev_unlock(hdev);
3596}
3597
6039aa73 3598static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3599{
3600 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3601 struct hci_cp_le_ltk_reply cp;
bea710fe 3602 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3603 struct hci_conn *conn;
c9839a11 3604 struct smp_ltk *ltk;
a7a595f6 3605
9f1db00c 3606 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3607
3608 hci_dev_lock(hdev);
3609
3610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3611 if (conn == NULL)
3612 goto not_found;
a7a595f6 3613
bea710fe
VCG		 3614 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3615 if (ltk == NULL)
3616 goto not_found;
3617
3618 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3619 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3620
3621 if (ltk->authenticated)
3622 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3623
3624 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3625
c9839a11
VCG		 3626 if (ltk->type & HCI_SMP_STK) {
3627 list_del(&ltk->list);
3628 kfree(ltk);
3629 }
3630
a7a595f6 3631 hci_dev_unlock(hdev);
bea710fe
VCG		 3632
3633 return;
3634
3635not_found:
3636 neg.handle = ev->handle;
3637 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3638 hci_dev_unlock(hdev);
a7a595f6
VCG		 3639}
3640
6039aa73 3641static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3642{
3643 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3644
3645 skb_pull(skb, sizeof(*le_ev));
3646
3647 switch (le_ev->subevent) {
3648 case HCI_EV_LE_CONN_COMPLETE:
3649 hci_le_conn_complete_evt(hdev, skb);
3650 break;
3651
9aa04c91
AG		 3652 case HCI_EV_LE_ADVERTISING_REPORT:
3653 hci_le_adv_report_evt(hdev, skb);
3654 break;
3655
a7a595f6
VCG		 3656 case HCI_EV_LE_LTK_REQ:
3657 hci_le_ltk_request_evt(hdev, skb);
3658 break;
3659
fcd89c09
VT		 3660 default:
3661 break;
3662 }
3663}
3664
9495b2ee
AE		 3665static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3666{
3667 struct hci_ev_channel_selected *ev = (void *) skb->data;
3668 struct hci_conn *hcon;
3669
3670 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3671
3672 skb_pull(skb, sizeof(*ev));
3673
3674 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3675 if (!hcon)
3676 return;
3677
3678 amp_read_loc_assoc_final_data(hdev, hcon);
3679}
3680
a9de9248
MH		 3681void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3682{
3683 struct hci_event_hdr *hdr = (void *) skb->data;
3684 __u8 event = hdr->evt;
3685
3686 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3687
3688 switch (event) {
1da177e4
LT		 3689 case HCI_EV_INQUIRY_COMPLETE:
3690 hci_inquiry_complete_evt(hdev, skb);
3691 break;
3692
3693 case HCI_EV_INQUIRY_RESULT:
3694 hci_inquiry_result_evt(hdev, skb);
3695 break;
3696
a9de9248
MH		 3697 case HCI_EV_CONN_COMPLETE:
3698 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3699 break;
3700
1da177e4
LT		 3701 case HCI_EV_CONN_REQUEST:
3702 hci_conn_request_evt(hdev, skb);
3703 break;
3704
1da177e4
LT		 3705 case HCI_EV_DISCONN_COMPLETE:
3706 hci_disconn_complete_evt(hdev, skb);
3707 break;
3708
1da177e4
LT		 3709 case HCI_EV_AUTH_COMPLETE:
3710 hci_auth_complete_evt(hdev, skb);
3711 break;
3712
a9de9248
MH		 3713 case HCI_EV_REMOTE_NAME:
3714 hci_remote_name_evt(hdev, skb);
3715 break;
3716
1da177e4
LT		 3717 case HCI_EV_ENCRYPT_CHANGE:
3718 hci_encrypt_change_evt(hdev, skb);
3719 break;
3720
a9de9248
MH		 3721 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3722 hci_change_link_key_complete_evt(hdev, skb);
3723 break;
3724
3725 case HCI_EV_REMOTE_FEATURES:
3726 hci_remote_features_evt(hdev, skb);
3727 break;
3728
3729 case HCI_EV_REMOTE_VERSION:
3730 hci_remote_version_evt(hdev, skb);
3731 break;
3732
3733 case HCI_EV_QOS_SETUP_COMPLETE:
3734 hci_qos_setup_complete_evt(hdev, skb);
3735 break;
3736
3737 case HCI_EV_CMD_COMPLETE:
3738 hci_cmd_complete_evt(hdev, skb);
3739 break;
3740
3741 case HCI_EV_CMD_STATUS:
3742 hci_cmd_status_evt(hdev, skb);
3743 break;
3744
3745 case HCI_EV_ROLE_CHANGE:
3746 hci_role_change_evt(hdev, skb);
3747 break;
3748
3749 case HCI_EV_NUM_COMP_PKTS:
3750 hci_num_comp_pkts_evt(hdev, skb);
3751 break;
3752
3753 case HCI_EV_MODE_CHANGE:
3754 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3755 break;
3756
3757 case HCI_EV_PIN_CODE_REQ:
3758 hci_pin_code_request_evt(hdev, skb);
3759 break;
3760
3761 case HCI_EV_LINK_KEY_REQ:
3762 hci_link_key_request_evt(hdev, skb);
3763 break;
3764
3765 case HCI_EV_LINK_KEY_NOTIFY:
3766 hci_link_key_notify_evt(hdev, skb);
3767 break;
3768
3769 case HCI_EV_CLOCK_OFFSET:
3770 hci_clock_offset_evt(hdev, skb);
3771 break;
3772
a8746417
MH		 3773 case HCI_EV_PKT_TYPE_CHANGE:
3774 hci_pkt_type_change_evt(hdev, skb);
3775 break;
3776
85a1e930
MH		 3777 case HCI_EV_PSCAN_REP_MODE:
3778 hci_pscan_rep_mode_evt(hdev, skb);
3779 break;
3780
a9de9248
MH		 3781 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3782 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3783 break;
3784
a9de9248
MH		 3785 case HCI_EV_REMOTE_EXT_FEATURES:
3786 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3787 break;
3788
a9de9248
MH		 3789 case HCI_EV_SYNC_CONN_COMPLETE:
3790 hci_sync_conn_complete_evt(hdev, skb);
3791 break;
1da177e4 3792
a9de9248
MH		 3793 case HCI_EV_SYNC_CONN_CHANGED:
3794 hci_sync_conn_changed_evt(hdev, skb);
3795 break;
1da177e4 3796
a9de9248
MH		 3797 case HCI_EV_SNIFF_SUBRATE:
3798 hci_sniff_subrate_evt(hdev, skb);
3799 break;
1da177e4 3800
a9de9248
MH		 3801 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3802 hci_extended_inquiry_result_evt(hdev, skb);
3803 break;
1da177e4 3804
1c2e0041
JH		 3805 case HCI_EV_KEY_REFRESH_COMPLETE:
3806 hci_key_refresh_complete_evt(hdev, skb);
3807 break;
3808
0493684e
MH		 3809 case HCI_EV_IO_CAPA_REQUEST:
3810 hci_io_capa_request_evt(hdev, skb);
3811 break;
3812
03b555e1
JH		 3813 case HCI_EV_IO_CAPA_REPLY:
3814 hci_io_capa_reply_evt(hdev, skb);
3815 break;
3816
a5c29683
JH		 3817 case HCI_EV_USER_CONFIRM_REQUEST:
3818 hci_user_confirm_request_evt(hdev, skb);
3819 break;
3820
1143d458
BG		 3821 case HCI_EV_USER_PASSKEY_REQUEST:
3822 hci_user_passkey_request_evt(hdev, skb);
3823 break;
3824
92a25256
JH		 3825 case HCI_EV_USER_PASSKEY_NOTIFY:
3826 hci_user_passkey_notify_evt(hdev, skb);
3827 break;
3828
3829 case HCI_EV_KEYPRESS_NOTIFY:
3830 hci_keypress_notify_evt(hdev, skb);
3831 break;
3832
0493684e
MH		 3833 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3834 hci_simple_pair_complete_evt(hdev, skb);
3835 break;
3836
41a96212
MH		 3837 case HCI_EV_REMOTE_HOST_FEATURES:
3838 hci_remote_host_features_evt(hdev, skb);
3839 break;
3840
fcd89c09
VT		 3841 case HCI_EV_LE_META:
3842 hci_le_meta_evt(hdev, skb);
3843 break;
3844
9495b2ee
AE		 3845 case HCI_EV_CHANNEL_SELECTED:
3846 hci_chan_selected_evt(hdev, skb);
3847 break;
3848
2763eda6
SJ		 3849 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3850 hci_remote_oob_data_request_evt(hdev, skb);
3851 break;
3852
25e89e99
AE		 3853 case HCI_EV_NUM_COMP_BLOCKS:
3854 hci_num_comp_blocks_evt(hdev, skb);
3855 break;
3856
a9de9248 3857 default:
9f1db00c 3858 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3859 break;
3860 }
3861
3862 kfree_skb(skb);
3863 hdev->stat.evt_rx++;
3864}
kernel source for telekom puls (alcatel/mediatek)