projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Clean up logic in hci_cc_write_scan_enable
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
a9de9248
MH		 58 if (status)
59 return;
1da177e4 60
2d20a26a
ON		 61 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
62 test_bit(HCI_MGMT, &hdev->flags))
314b2381 63 mgmt_discovering(hdev->id, 0);
6bd57416 64
23bb5763 65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 66
67 hci_conn_check_pending(hdev);
68}
6bd57416 69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
a9de9248 74 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
2d20a26a
ON		 79 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
80 test_bit(HCI_MGMT, &hdev->flags))
314b2381 81 mgmt_discovering(hdev->id, 0);
a9de9248
MH		 82
83 hci_conn_check_pending(hdev);
84}
85
86static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
96 BT_DBG("%s status 0x%x", hdev->name, rp->status);
97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
119 BT_DBG("%s status 0x%x", hdev->name, rp->status);
120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
a9de9248 139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
e4e8e37c
MH		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158{
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160
161 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162
163 if (rp->status)
164 return;
165
166 hdev->link_policy = __le16_to_cpu(rp->policy);
167}
168
169static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170{
171 __u8 status = *((__u8 *) skb->data);
172 void *sent;
173
174 BT_DBG("%s status 0x%x", hdev->name, status);
175
176 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 if (!sent)
178 return;
179
180 if (!status)
181 hdev->link_policy = get_unaligned_le16(sent);
182
23bb5763 183 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
a9de9248 190 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
23bb5763 194 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 195}
04837f64 196
a9de9248
MH		 197static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
198{
199 __u8 status = *((__u8 *) skb->data);
200 void *sent;
04837f64 201
a9de9248 202 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 203
a9de9248
MH		 204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
205 if (!sent)
206 return;
04837f64 207
b312b161
JH		 208 if (test_bit(HCI_MGMT, &hdev->flags))
209 mgmt_set_local_name_complete(hdev->id, sent, status);
210
211 if (status)
212 return;
213
1f6c6378 214 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 215}
216
217static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
218{
219 struct hci_rp_read_local_name *rp = (void *) skb->data;
220
221 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222
223 if (rp->status)
224 return;
225
1f6c6378 226 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 227}
228
229static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
230{
231 __u8 status = *((__u8 *) skb->data);
232 void *sent;
233
234 BT_DBG("%s status 0x%x", hdev->name, status);
235
236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 if (!sent)
238 return;
239
240 if (!status) {
241 __u8 param = *((__u8 *) sent);
242
243 if (param == AUTH_ENABLED)
244 set_bit(HCI_AUTH, &hdev->flags);
245 else
246 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 247 }
a9de9248 248
23bb5763 249 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 250}
251
a9de9248 252static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 253{
a9de9248 254 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 255 void *sent;
256
a9de9248 257 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 258
a9de9248
MH		 259 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 if (!sent)
261 return;
1da177e4 262
a9de9248
MH		 263 if (!status) {
264 __u8 param = *((__u8 *) sent);
265
266 if (param)
267 set_bit(HCI_ENCRYPT, &hdev->flags);
268 else
269 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 }
1da177e4 271
23bb5763 272 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 273}
1da177e4 274
a9de9248
MH		 275static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
276{
36f7fc7e
JH		 277 __u8 param, status = *((__u8 *) skb->data);
278 int old_pscan, old_iscan;
a9de9248 279 void *sent;
1da177e4 280
a9de9248 281 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 282
a9de9248
MH		 283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
284 if (!sent)
285 return;
1da177e4 286
36f7fc7e
JH		 287 if (status != 0)
288 goto done;
289
290 param = *((__u8 *) sent);
291
292 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
293 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
294
295 if (param & SCAN_INQUIRY) {
296 set_bit(HCI_ISCAN, &hdev->flags);
297 if (!old_iscan)
298 mgmt_discoverable(hdev->id, 1);
299 } else if (old_iscan)
300 mgmt_discoverable(hdev->id, 0);
301
302 if (param & SCAN_PAGE) {
303 set_bit(HCI_PSCAN, &hdev->flags);
304 if (!old_pscan)
305 mgmt_connectable(hdev->id, 1);
306 } else if (old_pscan)
307 mgmt_connectable(hdev->id, 0);
1da177e4 308
36f7fc7e 309done:
23bb5763 310 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 311}
1da177e4 312
a9de9248
MH		 313static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
314{
315 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 316
a9de9248 317 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 318
a9de9248
MH		 319 if (rp->status)
320 return;
1da177e4 321
a9de9248 322 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 323
a9de9248
MH		 324 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
325 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
326}
1da177e4 327
a9de9248
MH		 328static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
329{
330 __u8 status = *((__u8 *) skb->data);
331 void *sent;
1da177e4 332
a9de9248 333 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 334
f383f275
MH		 335 if (status)
336 return;
337
a9de9248
MH		 338 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
339 if (!sent)
340 return;
1da177e4 341
f383f275 342 memcpy(hdev->dev_class, sent, 3);
a9de9248 343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
348 __u16 setting;
349
350 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351
352 if (rp->status)
353 return;
354
355 setting = __le16_to_cpu(rp->voice_setting);
356
f383f275 357 if (hdev->voice_setting == setting)
a9de9248
MH		 358 return;
359
360 hdev->voice_setting = setting;
361
362 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
363
364 if (hdev->notify) {
365 tasklet_disable(&hdev->tx_task);
366 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
367 tasklet_enable(&hdev->tx_task);
368 }
369}
370
371static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 __u8 status = *((__u8 *) skb->data);
f383f275 374 __u16 setting;
a9de9248
MH		 375 void *sent;
376
377 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 378
f383f275
MH		 379 if (status)
380 return;
381
a9de9248
MH		 382 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
383 if (!sent)
384 return;
1da177e4 385
f383f275 386 setting = get_unaligned_le16(sent);
1da177e4 387
f383f275
MH		 388 if (hdev->voice_setting == setting)
389 return;
390
391 hdev->voice_setting = setting;
1da177e4 392
f383f275 393 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 394
f383f275
MH		 395 if (hdev->notify) {
396 tasklet_disable(&hdev->tx_task);
397 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
398 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 399 }
400}
401
a9de9248 402static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 403{
a9de9248 404 __u8 status = *((__u8 *) skb->data);
1da177e4 405
a9de9248 406 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 407
23bb5763 408 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 409}
1143e5a6 410
333140b5
MH		 411static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
412{
413 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
414
415 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416
417 if (rp->status)
418 return;
419
420 hdev->ssp_mode = rp->mode;
421}
422
423static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 __u8 status = *((__u8 *) skb->data);
426 void *sent;
427
428 BT_DBG("%s status 0x%x", hdev->name, status);
429
430 if (status)
431 return;
432
433 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
434 if (!sent)
435 return;
436
437 hdev->ssp_mode = *((__u8 *) sent);
438}
439
d5859e22
JH		 440static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
441{
442 if (hdev->features[6] & LMP_EXT_INQ)
443 return 2;
444
445 if (hdev->features[3] & LMP_RSSI_INQ)
446 return 1;
447
448 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
449 hdev->lmp_subver == 0x0757)
450 return 1;
451
452 if (hdev->manufacturer == 15) {
453 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
454 return 1;
455 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
456 return 1;
457 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
458 return 1;
459 }
460
461 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
462 hdev->lmp_subver == 0x1805)
463 return 1;
464
465 return 0;
466}
467
468static void hci_setup_inquiry_mode(struct hci_dev *hdev)
469{
470 u8 mode;
471
472 mode = hci_get_inquiry_mode(hdev);
473
474 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
475}
476
477static void hci_setup_event_mask(struct hci_dev *hdev)
478{
479 /* The second byte is 0xff instead of 0x9f (two reserved bits
480 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
481 * command otherwise */
482 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
483
6de6c18d
VT		 484 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
485 * any event mask for pre 1.2 devices */
486 if (hdev->lmp_ver <= 1)
487 return;
488
489 events[4] |= 0x01; /* Flow Specification Complete */
490 events[4] |= 0x02; /* Inquiry Result with RSSI */
491 events[4] |= 0x04; /* Read Remote Extended Features Complete */
492 events[5] |= 0x08; /* Synchronous Connection Complete */
493 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 494
495 if (hdev->features[3] & LMP_RSSI_INQ)
496 events[4] |= 0x04; /* Inquiry Result with RSSI */
497
498 if (hdev->features[5] & LMP_SNIFF_SUBR)
499 events[5] |= 0x20; /* Sniff Subrating */
500
501 if (hdev->features[5] & LMP_PAUSE_ENC)
502 events[5] |= 0x80; /* Encryption Key Refresh Complete */
503
504 if (hdev->features[6] & LMP_EXT_INQ)
505 events[5] |= 0x40; /* Extended Inquiry Result */
506
507 if (hdev->features[6] & LMP_NO_FLUSH)
508 events[7] |= 0x01; /* Enhanced Flush Complete */
509
510 if (hdev->features[7] & LMP_LSTO)
511 events[6] |= 0x80; /* Link Supervision Timeout Changed */
512
513 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
514 events[6] |= 0x01; /* IO Capability Request */
515 events[6] |= 0x02; /* IO Capability Response */
516 events[6] |= 0x04; /* User Confirmation Request */
517 events[6] |= 0x08; /* User Passkey Request */
518 events[6] |= 0x10; /* Remote OOB Data Request */
519 events[6] |= 0x20; /* Simple Pairing Complete */
520 events[7] |= 0x04; /* User Passkey Notification */
521 events[7] |= 0x08; /* Keypress Notification */
522 events[7] |= 0x10; /* Remote Host Supported
523 * Features Notification */
524 }
525
526 if (hdev->features[4] & LMP_LE)
527 events[7] |= 0x20; /* LE Meta-Event */
528
529 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
530}
531
e6100a25
AG		 532static void hci_set_le_support(struct hci_dev *hdev)
533{
534 struct hci_cp_write_le_host_supported cp;
535
536 memset(&cp, 0, sizeof(cp));
537
538 if (enable_le) {
539 cp.le = 1;
540 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
541 }
542
543 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
544}
545
d5859e22
JH		 546static void hci_setup(struct hci_dev *hdev)
547{
548 hci_setup_event_mask(hdev);
549
550 if (hdev->lmp_ver > 1)
551 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
552
553 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
554 u8 mode = 0x01;
555 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
556 }
557
558 if (hdev->features[3] & LMP_RSSI_INQ)
559 hci_setup_inquiry_mode(hdev);
560
561 if (hdev->features[7] & LMP_INQ_TX_PWR)
562 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 563
564 if (hdev->features[7] & LMP_EXTFEATURES) {
565 struct hci_cp_read_local_ext_features cp;
566
567 cp.page = 0x01;
568 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
569 sizeof(cp), &cp);
570 }
e6100a25
AG		 571
572 if (hdev->features[4] & LMP_LE)
573 hci_set_le_support(hdev);
d5859e22
JH		 574}
575
a9de9248
MH		 576static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
577{
578 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 579
a9de9248 580 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 581
a9de9248
MH		 582 if (rp->status)
583 return;
1143e5a6 584
a9de9248 585 hdev->hci_ver = rp->hci_ver;
e4e8e37c 586 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 587 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 588 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 589 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 590
a9de9248
MH		 591 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
592 hdev->manufacturer,
593 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 594
595 if (test_bit(HCI_INIT, &hdev->flags))
596 hci_setup(hdev);
597}
598
599static void hci_setup_link_policy(struct hci_dev *hdev)
600{
601 u16 link_policy = 0;
602
603 if (hdev->features[0] & LMP_RSWITCH)
604 link_policy |= HCI_LP_RSWITCH;
605 if (hdev->features[0] & LMP_HOLD)
606 link_policy |= HCI_LP_HOLD;
607 if (hdev->features[0] & LMP_SNIFF)
608 link_policy |= HCI_LP_SNIFF;
609 if (hdev->features[1] & LMP_PARK)
610 link_policy |= HCI_LP_PARK;
611
612 link_policy = cpu_to_le16(link_policy);
613 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
614 sizeof(link_policy), &link_policy);
a9de9248 615}
1da177e4 616
a9de9248
MH		 617static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
618{
619 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 620
a9de9248 621 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 622
a9de9248 623 if (rp->status)
d5859e22 624 goto done;
1da177e4 625
a9de9248 626 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 627
628 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
629 hci_setup_link_policy(hdev);
630
631done:
632 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 633}
1da177e4 634
a9de9248
MH		 635static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
636{
637 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 638
a9de9248 639 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 640
a9de9248
MH		 641 if (rp->status)
642 return;
5b7f9909 643
a9de9248 644 memcpy(hdev->features, rp->features, 8);
5b7f9909 645
a9de9248
MH		 646 /* Adjust default settings according to features
647 * supported by device. */
1da177e4 648
a9de9248
MH		 649 if (hdev->features[0] & LMP_3SLOT)
650 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 651
a9de9248
MH		 652 if (hdev->features[0] & LMP_5SLOT)
653 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 654
a9de9248
MH		 655 if (hdev->features[1] & LMP_HV2) {
656 hdev->pkt_type |= (HCI_HV2);
657 hdev->esco_type |= (ESCO_HV2);
658 }
1da177e4 659
a9de9248
MH		 660 if (hdev->features[1] & LMP_HV3) {
661 hdev->pkt_type |= (HCI_HV3);
662 hdev->esco_type |= (ESCO_HV3);
663 }
1da177e4 664
a9de9248
MH		 665 if (hdev->features[3] & LMP_ESCO)
666 hdev->esco_type |= (ESCO_EV3);
da1f5198 667
a9de9248
MH		 668 if (hdev->features[4] & LMP_EV4)
669 hdev->esco_type |= (ESCO_EV4);
da1f5198 670
a9de9248
MH		 671 if (hdev->features[4] & LMP_EV5)
672 hdev->esco_type |= (ESCO_EV5);
1da177e4 673
efc7688b
MH		 674 if (hdev->features[5] & LMP_EDR_ESCO_2M)
675 hdev->esco_type |= (ESCO_2EV3);
676
677 if (hdev->features[5] & LMP_EDR_ESCO_3M)
678 hdev->esco_type |= (ESCO_3EV3);
679
680 if (hdev->features[5] & LMP_EDR_3S_ESCO)
681 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
682
a9de9248
MH		 683 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
684 hdev->features[0], hdev->features[1],
685 hdev->features[2], hdev->features[3],
686 hdev->features[4], hdev->features[5],
687 hdev->features[6], hdev->features[7]);
688}
1da177e4 689
971e3a4b
AG		 690static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
691 struct sk_buff *skb)
692{
693 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
694
695 BT_DBG("%s status 0x%x", hdev->name, rp->status);
696
697 if (rp->status)
698 return;
699
700 memcpy(hdev->extfeatures, rp->features, 8);
701
702 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
703}
704
a9de9248
MH		 705static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
706{
707 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 708
a9de9248 709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 710
a9de9248
MH		 711 if (rp->status)
712 return;
1da177e4 713
a9de9248
MH		 714 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
715 hdev->sco_mtu = rp->sco_mtu;
716 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
717 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
718
719 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
720 hdev->sco_mtu = 64;
721 hdev->sco_pkts = 8;
1da177e4 722 }
a9de9248
MH		 723
724 hdev->acl_cnt = hdev->acl_pkts;
725 hdev->sco_cnt = hdev->sco_pkts;
726
727 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
728 hdev->acl_mtu, hdev->acl_pkts,
729 hdev->sco_mtu, hdev->sco_pkts);
730}
731
732static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
733{
734 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
735
736 BT_DBG("%s status 0x%x", hdev->name, rp->status);
737
738 if (!rp->status)
739 bacpy(&hdev->bdaddr, &rp->bdaddr);
740
23bb5763
JH		 741 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
742}
743
744static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
745{
746 __u8 status = *((__u8 *) skb->data);
747
748 BT_DBG("%s status 0x%x", hdev->name, status);
749
750 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 751}
752
928abaa7
AE		 753static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
754 struct sk_buff *skb)
755{
756 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
757
758 BT_DBG("%s status 0x%x", hdev->name, rp->status);
759
760 if (rp->status)
761 return;
762
763 hdev->amp_status = rp->amp_status;
764 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
765 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
766 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
767 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
768 hdev->amp_type = rp->amp_type;
769 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
770 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
771 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
772 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
773
774 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
775}
776
b0916ea0
JH		 777static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
778 struct sk_buff *skb)
779{
780 __u8 status = *((__u8 *) skb->data);
781
782 BT_DBG("%s status 0x%x", hdev->name, status);
783
784 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
785}
786
d5859e22
JH		 787static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
788{
789 __u8 status = *((__u8 *) skb->data);
790
791 BT_DBG("%s status 0x%x", hdev->name, status);
792
793 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
794}
795
796static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
797 struct sk_buff *skb)
798{
799 __u8 status = *((__u8 *) skb->data);
800
801 BT_DBG("%s status 0x%x", hdev->name, status);
802
803 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
804}
805
806static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807 struct sk_buff *skb)
808{
809 __u8 status = *((__u8 *) skb->data);
810
811 BT_DBG("%s status 0x%x", hdev->name, status);
812
813 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
814}
815
816static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
817{
818 __u8 status = *((__u8 *) skb->data);
819
820 BT_DBG("%s status 0x%x", hdev->name, status);
821
822 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
823}
824
980e1a53
JH		 825static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
826{
827 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
828 struct hci_cp_pin_code_reply *cp;
829 struct hci_conn *conn;
830
831 BT_DBG("%s status 0x%x", hdev->name, rp->status);
832
833 if (test_bit(HCI_MGMT, &hdev->flags))
834 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
835
836 if (rp->status != 0)
837 return;
838
839 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
840 if (!cp)
841 return;
842
843 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
844 if (conn)
845 conn->pin_length = cp->pin_len;
846}
847
848static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
849{
850 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
851
852 BT_DBG("%s status 0x%x", hdev->name, rp->status);
853
854 if (test_bit(HCI_MGMT, &hdev->flags))
855 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
856 rp->status);
857}
6ed58ec5
VT		 858static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
859 struct sk_buff *skb)
860{
861 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
862
863 BT_DBG("%s status 0x%x", hdev->name, rp->status);
864
865 if (rp->status)
866 return;
867
868 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
869 hdev->le_pkts = rp->le_max_pkt;
870
871 hdev->le_cnt = hdev->le_pkts;
872
873 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
874
875 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
876}
980e1a53 877
a5c29683
JH		 878static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
879{
880 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
881
882 BT_DBG("%s status 0x%x", hdev->name, rp->status);
883
884 if (test_bit(HCI_MGMT, &hdev->flags))
885 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
886 rp->status);
887}
888
889static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
890 struct sk_buff *skb)
891{
892 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
893
894 BT_DBG("%s status 0x%x", hdev->name, rp->status);
895
896 if (test_bit(HCI_MGMT, &hdev->flags))
897 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
898 rp->status);
899}
900
c35938b2
SJ		 901static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
902 struct sk_buff *skb)
903{
904 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
905
906 BT_DBG("%s status 0x%x", hdev->name, rp->status);
907
908 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
909 rp->randomizer, rp->status);
910}
911
eb9d91f5
AG		 912static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
913 struct sk_buff *skb)
914{
915 struct hci_cp_le_set_scan_enable *cp;
916 __u8 status = *((__u8 *) skb->data);
917
918 BT_DBG("%s status 0x%x", hdev->name, status);
919
920 if (status)
921 return;
922
923 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
924 if (!cp)
925 return;
926
35815085
AG		 927 if (cp->enable == 0x01) {
928 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 929
930 hci_dev_lock(hdev);
eb9d91f5 931 hci_adv_entries_clear(hdev);
a8f13c8c 932 hci_dev_unlock(hdev);
35815085
AG		 933 } else if (cp->enable == 0x00) {
934 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
935 }
eb9d91f5
AG		 936}
937
a7a595f6
VCG		 938static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
939{
940 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
941
942 BT_DBG("%s status 0x%x", hdev->name, rp->status);
943
944 if (rp->status)
945 return;
946
947 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
948}
949
950static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
951{
952 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
953
954 BT_DBG("%s status 0x%x", hdev->name, rp->status);
955
956 if (rp->status)
957 return;
958
959 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
960}
961
f9b49306
AG		 962static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
963 struct sk_buff *skb)
964{
965 struct hci_cp_read_local_ext_features cp;
966 __u8 status = *((__u8 *) skb->data);
967
968 BT_DBG("%s status 0x%x", hdev->name, status);
969
970 if (status)
971 return;
972
973 cp.page = 0x01;
974 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
975}
976
a9de9248
MH		 977static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
978{
979 BT_DBG("%s status 0x%x", hdev->name, status);
980
981 if (status) {
23bb5763 982 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 983 hci_conn_check_pending(hdev);
164a6e78
JH		 984 if (test_bit(HCI_MGMT, &hdev->flags))
985 mgmt_inquiry_failed(hdev->id, status);
314b2381
JH		 986 return;
987 }
988
2d20a26a
ON		 989 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
990 test_bit(HCI_MGMT, &hdev->flags))
314b2381 991 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 992}
993
1da177e4
LT		 994static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
995{
a9de9248 996 struct hci_cp_create_conn *cp;
1da177e4 997 struct hci_conn *conn;
1da177e4 998
a9de9248
MH		 999 BT_DBG("%s status 0x%x", hdev->name, status);
1000
1001 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1002 if (!cp)
1003 return;
1004
1005 hci_dev_lock(hdev);
1006
1007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1008
a9de9248 1009 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1010
1011 if (status) {
1012 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1013 if (status != 0x0c || conn->attempt > 2) {
1014 conn->state = BT_CLOSED;
1015 hci_proto_connect_cfm(conn, status);
1016 hci_conn_del(conn);
1017 } else
1018 conn->state = BT_CONNECT2;
1da177e4
LT		 1019 }
1020 } else {
1021 if (!conn) {
1022 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1023 if (conn) {
1024 conn->out = 1;
1025 conn->link_mode |= HCI_LM_MASTER;
1026 } else
893ef971 1027 BT_ERR("No memory for new connection");
1da177e4
LT		 1028 }
1029 }
1030
1031 hci_dev_unlock(hdev);
1032}
1033
a9de9248 1034static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1035{
a9de9248
MH		 1036 struct hci_cp_add_sco *cp;
1037 struct hci_conn *acl, *sco;
1038 __u16 handle;
1da177e4 1039
b6a0dc82
MH		 1040 BT_DBG("%s status 0x%x", hdev->name, status);
1041
a9de9248
MH		 1042 if (!status)
1043 return;
1da177e4 1044
a9de9248
MH		 1045 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1046 if (!cp)
1047 return;
1da177e4 1048
a9de9248 1049 handle = __le16_to_cpu(cp->handle);
1da177e4 1050
a9de9248 1051 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1052
a9de9248 1053 hci_dev_lock(hdev);
1da177e4 1054
a9de9248 1055 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1056 if (acl) {
1057 sco = acl->link;
1058 if (sco) {
1059 sco->state = BT_CLOSED;
1da177e4 1060
5a08ecce
AE		 1061 hci_proto_connect_cfm(sco, status);
1062 hci_conn_del(sco);
1063 }
a9de9248 1064 }
1da177e4 1065
a9de9248
MH		 1066 hci_dev_unlock(hdev);
1067}
1da177e4 1068
f8558555
MH		 1069static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1070{
1071 struct hci_cp_auth_requested *cp;
1072 struct hci_conn *conn;
1073
1074 BT_DBG("%s status 0x%x", hdev->name, status);
1075
1076 if (!status)
1077 return;
1078
1079 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1080 if (!cp)
1081 return;
1082
1083 hci_dev_lock(hdev);
1084
1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1086 if (conn) {
1087 if (conn->state == BT_CONFIG) {
1088 hci_proto_connect_cfm(conn, status);
1089 hci_conn_put(conn);
1090 }
1091 }
1092
1093 hci_dev_unlock(hdev);
1094}
1095
1096static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1097{
1098 struct hci_cp_set_conn_encrypt *cp;
1099 struct hci_conn *conn;
1100
1101 BT_DBG("%s status 0x%x", hdev->name, status);
1102
1103 if (!status)
1104 return;
1105
1106 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1107 if (!cp)
1108 return;
1109
1110 hci_dev_lock(hdev);
1111
1112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1113 if (conn) {
1114 if (conn->state == BT_CONFIG) {
1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_put(conn);
1117 }
1118 }
1119
1120 hci_dev_unlock(hdev);
1121}
1122
127178d2 1123static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1124 struct hci_conn *conn)
392599b9 1125{
392599b9
JH		 1126 if (conn->state != BT_CONFIG || !conn->out)
1127 return 0;
1128
765c2a96 1129 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1130 return 0;
1131
1132 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1133 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1134 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1135 conn->pending_sec_level != BT_SECURITY_HIGH &&
1136 !(conn->auth_type & 0x01))
392599b9
JH		 1137 return 0;
1138
392599b9
JH		 1139 return 1;
1140}
1141
a9de9248
MH		 1142static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1143{
127178d2
JH		 1144 struct hci_cp_remote_name_req *cp;
1145 struct hci_conn *conn;
1146
a9de9248 1147 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1148
1149 /* If successful wait for the name req complete event before
1150 * checking for the need to do authentication */
1151 if (!status)
1152 return;
1153
1154 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1155 if (!cp)
1156 return;
1157
1158 hci_dev_lock(hdev);
1159
1160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1161 if (!conn)
1162 goto unlock;
1163
1164 if (!hci_outgoing_auth_needed(hdev, conn))
1165 goto unlock;
1166
1167 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1168 struct hci_cp_auth_requested cp;
1169 cp.handle = __cpu_to_le16(conn->handle);
1170 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1171 }
1172
79c6c70c 1173unlock:
127178d2 1174 hci_dev_unlock(hdev);
a9de9248 1175}
1da177e4 1176
769be974
MH		 1177static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1178{
1179 struct hci_cp_read_remote_features *cp;
1180 struct hci_conn *conn;
1181
1182 BT_DBG("%s status 0x%x", hdev->name, status);
1183
1184 if (!status)
1185 return;
1186
1187 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1188 if (!cp)
1189 return;
1190
1191 hci_dev_lock(hdev);
1192
1193 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1194 if (conn) {
1195 if (conn->state == BT_CONFIG) {
769be974
MH		 1196 hci_proto_connect_cfm(conn, status);
1197 hci_conn_put(conn);
1198 }
1199 }
1200
1201 hci_dev_unlock(hdev);
1202}
1203
1204static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1205{
1206 struct hci_cp_read_remote_ext_features *cp;
1207 struct hci_conn *conn;
1208
1209 BT_DBG("%s status 0x%x", hdev->name, status);
1210
1211 if (!status)
1212 return;
1213
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1215 if (!cp)
1216 return;
1217
1218 hci_dev_lock(hdev);
1219
1220 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1221 if (conn) {
1222 if (conn->state == BT_CONFIG) {
769be974
MH		 1223 hci_proto_connect_cfm(conn, status);
1224 hci_conn_put(conn);
1225 }
1226 }
1227
1228 hci_dev_unlock(hdev);
1229}
1230
a9de9248
MH		 1231static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1232{
b6a0dc82
MH		 1233 struct hci_cp_setup_sync_conn *cp;
1234 struct hci_conn *acl, *sco;
1235 __u16 handle;
1236
a9de9248 1237 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1238
1239 if (!status)
1240 return;
1241
1242 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1243 if (!cp)
1244 return;
1245
1246 handle = __le16_to_cpu(cp->handle);
1247
1248 BT_DBG("%s handle %d", hdev->name, handle);
1249
1250 hci_dev_lock(hdev);
1251
1252 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1253 if (acl) {
1254 sco = acl->link;
1255 if (sco) {
1256 sco->state = BT_CLOSED;
b6a0dc82 1257
5a08ecce
AE		 1258 hci_proto_connect_cfm(sco, status);
1259 hci_conn_del(sco);
1260 }
b6a0dc82
MH		 1261 }
1262
1263 hci_dev_unlock(hdev);
1da177e4
LT		 1264}
1265
a9de9248 1266static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1267{
a9de9248
MH		 1268 struct hci_cp_sniff_mode *cp;
1269 struct hci_conn *conn;
1da177e4 1270
a9de9248 1271 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1272
a9de9248
MH		 1273 if (!status)
1274 return;
04837f64 1275
a9de9248
MH		 1276 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1277 if (!cp)
1278 return;
04837f64 1279
a9de9248 1280 hci_dev_lock(hdev);
04837f64 1281
a9de9248 1282 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1283 if (conn) {
a9de9248 1284 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1285
e73439d8
MH		 1286 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1287 hci_sco_setup(conn, status);
1288 }
1289
a9de9248
MH		 1290 hci_dev_unlock(hdev);
1291}
04837f64 1292
a9de9248
MH		 1293static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1294{
1295 struct hci_cp_exit_sniff_mode *cp;
1296 struct hci_conn *conn;
04837f64 1297
a9de9248 1298 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1299
a9de9248
MH		 1300 if (!status)
1301 return;
04837f64 1302
a9de9248
MH		 1303 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1304 if (!cp)
1305 return;
04837f64 1306
a9de9248 1307 hci_dev_lock(hdev);
1da177e4 1308
a9de9248 1309 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1310 if (conn) {
a9de9248 1311 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1312
e73439d8
MH		 1313 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1314 hci_sco_setup(conn, status);
1315 }
1316
a9de9248 1317 hci_dev_unlock(hdev);
1da177e4
LT		 1318}
1319
fcd89c09
VT		 1320static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1321{
1322 struct hci_cp_le_create_conn *cp;
1323 struct hci_conn *conn;
1324
1325 BT_DBG("%s status 0x%x", hdev->name, status);
1326
1327 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1328 if (!cp)
1329 return;
1330
1331 hci_dev_lock(hdev);
1332
1333 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1334
1335 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1336 conn);
1337
1338 if (status) {
1339 if (conn && conn->state == BT_CONNECT) {
1340 conn->state = BT_CLOSED;
1341 hci_proto_connect_cfm(conn, status);
1342 hci_conn_del(conn);
1343 }
1344 } else {
1345 if (!conn) {
1346 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1347 if (conn) {
1348 conn->dst_type = cp->peer_addr_type;
fcd89c09 1349 conn->out = 1;
29b7988a 1350 } else {
fcd89c09 1351 BT_ERR("No memory for new connection");
29b7988a 1352 }
fcd89c09
VT		 1353 }
1354 }
1355
1356 hci_dev_unlock(hdev);
1357}
1358
a7a595f6
VCG		 1359static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1360{
1361 BT_DBG("%s status 0x%x", hdev->name, status);
1362}
1363
1da177e4
LT		 1364static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1365{
1366 __u8 status = *((__u8 *) skb->data);
1367
1368 BT_DBG("%s status %d", hdev->name, status);
1369
2d20a26a
ON		 1370 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1371 test_bit(HCI_MGMT, &hdev->flags))
314b2381 1372 mgmt_discovering(hdev->id, 0);
6bd57416 1373
23bb5763 1374 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1375
a9de9248 1376 hci_conn_check_pending(hdev);
1da177e4
LT		 1377}
1378
1da177e4
LT		 1379static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1380{
45bb4bf0 1381 struct inquiry_data data;
a9de9248 1382 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1383 int num_rsp = *((__u8 *) skb->data);
1384
1385 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1386
45bb4bf0
MH		 1387 if (!num_rsp)
1388 return;
1389
1da177e4 1390 hci_dev_lock(hdev);
45bb4bf0 1391
314b2381
JH		 1392 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1393
1394 if (test_bit(HCI_MGMT, &hdev->flags))
1395 mgmt_discovering(hdev->id, 1);
1396 }
1397
e17acd40 1398 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1399 bacpy(&data.bdaddr, &info->bdaddr);
1400 data.pscan_rep_mode = info->pscan_rep_mode;
1401 data.pscan_period_mode = info->pscan_period_mode;
1402 data.pscan_mode = info->pscan_mode;
1403 memcpy(data.dev_class, info->dev_class, 3);
1404 data.clock_offset = info->clock_offset;
1405 data.rssi = 0x00;
41a96212 1406 data.ssp_mode = 0x00;
1da177e4 1407 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1408 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1409 NULL);
1da177e4 1410 }
45bb4bf0 1411
1da177e4
LT		 1412 hci_dev_unlock(hdev);
1413}
1414
1da177e4
LT		 1415static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1416{
a9de9248
MH		 1417 struct hci_ev_conn_complete *ev = (void *) skb->data;
1418 struct hci_conn *conn;
1da177e4
LT		 1419
1420 BT_DBG("%s", hdev->name);
1421
1422 hci_dev_lock(hdev);
1423
1424 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1425 if (!conn) {
1426 if (ev->link_type != SCO_LINK)
1427 goto unlock;
1428
1429 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1430 if (!conn)
1431 goto unlock;
1432
1433 conn->type = SCO_LINK;
1434 }
1da177e4
LT		 1435
1436 if (!ev->status) {
1437 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1438
1439 if (conn->type == ACL_LINK) {
1440 conn->state = BT_CONFIG;
1441 hci_conn_hold(conn);
052b30b0 1442 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
cfafccf7 1443 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
769be974
MH		 1444 } else
1445 conn->state = BT_CONNECTED;
1da177e4 1446
9eba32b8 1447 hci_conn_hold_device(conn);
7d0db0a3
MH		 1448 hci_conn_add_sysfs(conn);
1449
1da177e4
LT		 1450 if (test_bit(HCI_AUTH, &hdev->flags))
1451 conn->link_mode |= HCI_LM_AUTH;
1452
1453 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1454 conn->link_mode |= HCI_LM_ENCRYPT;
1455
04837f64
MH		 1456 /* Get remote features */
1457 if (conn->type == ACL_LINK) {
1458 struct hci_cp_read_remote_features cp;
1459 cp.handle = ev->handle;
769be974
MH		 1460 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1461 sizeof(cp), &cp);
04837f64
MH		 1462 }
1463
1da177e4 1464 /* Set packet type for incoming connection */
a8746417 1465 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1466 struct hci_cp_change_conn_ptype cp;
1467 cp.handle = ev->handle;
a8746417
MH		 1468 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1469 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1470 sizeof(cp), &cp);
1da177e4 1471 }
17d5c04c 1472 } else {
1da177e4 1473 conn->state = BT_CLOSED;
17d5c04c
JH		 1474 if (conn->type == ACL_LINK)
1475 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1476 }
1da177e4 1477
e73439d8
MH		 1478 if (conn->type == ACL_LINK)
1479 hci_sco_setup(conn, ev->status);
1da177e4 1480
769be974
MH		 1481 if (ev->status) {
1482 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1483 hci_conn_del(conn);
c89b6e6b
MH		 1484 } else if (ev->link_type != ACL_LINK)
1485 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1486
a9de9248 1487unlock:
1da177e4 1488 hci_dev_unlock(hdev);
1da177e4 1489
a9de9248 1490 hci_conn_check_pending(hdev);
1da177e4
LT		 1491}
1492
a9de9248 1493static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1494{
a9de9248
MH		 1495 struct hci_ev_conn_request *ev = (void *) skb->data;
1496 int mask = hdev->link_mode;
1da177e4 1497
a9de9248
MH		 1498 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1499 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1500
a9de9248 1501 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1502
138d22ef
SJ		 1503 if ((mask & HCI_LM_ACCEPT) &&
1504 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1505 /* Connection accepted */
c7bdd502 1506 struct inquiry_entry *ie;
1da177e4 1507 struct hci_conn *conn;
1da177e4 1508
a9de9248 1509 hci_dev_lock(hdev);
b6a0dc82 1510
cc11b9c1
AE		 1511 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1512 if (ie)
c7bdd502
MH		 1513 memcpy(ie->data.dev_class, ev->dev_class, 3);
1514
a9de9248
MH		 1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1516 if (!conn) {
cc11b9c1
AE		 1517 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1518 if (!conn) {
893ef971 1519 BT_ERR("No memory for new connection");
a9de9248
MH		 1520 hci_dev_unlock(hdev);
1521 return;
1da177e4
LT		 1522 }
1523 }
b6a0dc82 1524
a9de9248
MH		 1525 memcpy(conn->dev_class, ev->dev_class, 3);
1526 conn->state = BT_CONNECT;
b6a0dc82 1527
a9de9248 1528 hci_dev_unlock(hdev);
1da177e4 1529
b6a0dc82
MH		 1530 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1531 struct hci_cp_accept_conn_req cp;
1da177e4 1532
b6a0dc82
MH		 1533 bacpy(&cp.bdaddr, &ev->bdaddr);
1534
1535 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1536 cp.role = 0x00; /* Become master */
1537 else
1538 cp.role = 0x01; /* Remain slave */
1539
1540 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1541 sizeof(cp), &cp);
1542 } else {
1543 struct hci_cp_accept_sync_conn_req cp;
1544
1545 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1546 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1547
1548 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1549 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1550 cp.max_latency = cpu_to_le16(0xffff);
1551 cp.content_format = cpu_to_le16(hdev->voice_setting);
1552 cp.retrans_effort = 0xff;
1da177e4 1553
b6a0dc82
MH		 1554 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1555 sizeof(cp), &cp);
1556 }
a9de9248
MH		 1557 } else {
1558 /* Connection rejected */
1559 struct hci_cp_reject_conn_req cp;
1da177e4 1560
a9de9248
MH		 1561 bacpy(&cp.bdaddr, &ev->bdaddr);
1562 cp.reason = 0x0f;
1563 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1564 }
1da177e4
LT		 1565}
1566
a9de9248 1567static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1568{
a9de9248 1569 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1570 struct hci_conn *conn;
1571
1572 BT_DBG("%s status %d", hdev->name, ev->status);
1573
8962ee74
JH		 1574 if (ev->status) {
1575 mgmt_disconnect_failed(hdev->id);
a9de9248 1576 return;
8962ee74 1577 }
a9de9248 1578
04837f64
MH		 1579 hci_dev_lock(hdev);
1580
1581 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1582 if (!conn)
1583 goto unlock;
7d0db0a3 1584
f7520543 1585 conn->state = BT_CLOSED;
04837f64 1586
83bc71b4 1587 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1588 mgmt_disconnected(hdev->id, &conn->dst);
1589
1590 hci_proto_disconn_cfm(conn, ev->reason);
1591 hci_conn_del(conn);
1592
1593unlock:
04837f64
MH		 1594 hci_dev_unlock(hdev);
1595}
1596
1da177e4
LT		 1597static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598{
a9de9248 1599 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1600 struct hci_conn *conn;
1da177e4
LT		 1601
1602 BT_DBG("%s status %d", hdev->name, ev->status);
1603
1604 hci_dev_lock(hdev);
1605
04837f64 1606 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1607 if (!conn)
1608 goto unlock;
1609
1610 if (!ev->status) {
1611 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1612 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1613 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1614 } else {
d7556e20
WR		 1615 conn->link_mode |= HCI_LM_AUTH;
1616 conn->sec_level = conn->pending_sec_level;
2a611692 1617 }
d7556e20
WR		 1618 } else {
1619 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1620 }
1da177e4 1621
d7556e20
WR		 1622 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1623 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1624
d7556e20
WR		 1625 if (conn->state == BT_CONFIG) {
1626 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1627 struct hci_cp_set_conn_encrypt cp;
1628 cp.handle = ev->handle;
1629 cp.encrypt = 0x01;
1630 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1631 &cp);
052b30b0 1632 } else {
d7556e20
WR		 1633 conn->state = BT_CONNECTED;
1634 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1635 hci_conn_put(conn);
1636 }
d7556e20
WR		 1637 } else {
1638 hci_auth_cfm(conn, ev->status);
052b30b0 1639
d7556e20
WR		 1640 hci_conn_hold(conn);
1641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1642 hci_conn_put(conn);
1643 }
1644
1645 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1646 if (!ev->status) {
1647 struct hci_cp_set_conn_encrypt cp;
1648 cp.handle = ev->handle;
1649 cp.encrypt = 0x01;
1650 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1651 &cp);
1652 } else {
1653 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1654 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1655 }
1656 }
1657
d7556e20 1658unlock:
1da177e4
LT		 1659 hci_dev_unlock(hdev);
1660}
1661
a9de9248 1662static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1663{
127178d2
JH		 1664 struct hci_ev_remote_name *ev = (void *) skb->data;
1665 struct hci_conn *conn;
1666
a9de9248 1667 BT_DBG("%s", hdev->name);
1da177e4 1668
a9de9248 1669 hci_conn_check_pending(hdev);
127178d2
JH		 1670
1671 hci_dev_lock(hdev);
1672
a88a9652
JH		 1673 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1674 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1675
127178d2 1676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1677 if (!conn)
1678 goto unlock;
1679
1680 if (!hci_outgoing_auth_needed(hdev, conn))
1681 goto unlock;
1682
1683 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1684 struct hci_cp_auth_requested cp;
1685 cp.handle = __cpu_to_le16(conn->handle);
1686 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1687 }
1688
79c6c70c 1689unlock:
127178d2 1690 hci_dev_unlock(hdev);
a9de9248
MH		 1691}
1692
1693static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694{
1695 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1696 struct hci_conn *conn;
1697
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1699
1700 hci_dev_lock(hdev);
1701
04837f64 1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1703 if (conn) {
1704 if (!ev->status) {
ae293196
MH		 1705 if (ev->encrypt) {
1706 /* Encryption implies authentication */
1707 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1708 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1709 conn->sec_level = conn->pending_sec_level;
ae293196 1710 } else
1da177e4
LT		 1711 conn->link_mode &= ~HCI_LM_ENCRYPT;
1712 }
1713
1714 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1715
f8558555
MH		 1716 if (conn->state == BT_CONFIG) {
1717 if (!ev->status)
1718 conn->state = BT_CONNECTED;
1719
1720 hci_proto_connect_cfm(conn, ev->status);
1721 hci_conn_put(conn);
1722 } else
1723 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1724 }
1725
1726 hci_dev_unlock(hdev);
1727}
1728
a9de9248 1729static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1730{
a9de9248 1731 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1732 struct hci_conn *conn;
1da177e4
LT		 1733
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1735
1736 hci_dev_lock(hdev);
1737
04837f64 1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1739 if (conn) {
1740 if (!ev->status)
1741 conn->link_mode |= HCI_LM_SECURE;
1742
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744
1745 hci_key_change_cfm(conn, ev->status);
1746 }
1747
1748 hci_dev_unlock(hdev);
1749}
1750
a9de9248 1751static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1752{
a9de9248
MH		 1753 struct hci_ev_remote_features *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1755
1756 BT_DBG("%s status %d", hdev->name, ev->status);
1757
a9de9248
MH		 1758 hci_dev_lock(hdev);
1759
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1761 if (!conn)
1762 goto unlock;
769be974 1763
ccd556fe
JH		 1764 if (!ev->status)
1765 memcpy(conn->features, ev->features, 8);
1766
1767 if (conn->state != BT_CONFIG)
1768 goto unlock;
1769
1770 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1771 struct hci_cp_read_remote_ext_features cp;
1772 cp.handle = ev->handle;
1773 cp.page = 0x01;
1774 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1775 sizeof(cp), &cp);
392599b9
JH		 1776 goto unlock;
1777 }
1778
127178d2
JH		 1779 if (!ev->status) {
1780 struct hci_cp_remote_name_req cp;
1781 memset(&cp, 0, sizeof(cp));
1782 bacpy(&cp.bdaddr, &conn->dst);
1783 cp.pscan_rep_mode = 0x02;
1784 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1785 }
392599b9 1786
127178d2 1787 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1788 conn->state = BT_CONNECTED;
1789 hci_proto_connect_cfm(conn, ev->status);
1790 hci_conn_put(conn);
769be974 1791 }
a9de9248 1792
ccd556fe 1793unlock:
a9de9248 1794 hci_dev_unlock(hdev);
1da177e4
LT		 1795}
1796
a9de9248 1797static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1798{
a9de9248 1799 BT_DBG("%s", hdev->name);
1da177e4
LT		 1800}
1801
a9de9248 1802static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1803{
a9de9248 1804 BT_DBG("%s", hdev->name);
1da177e4
LT		 1805}
1806
a9de9248
MH		 1807static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1808{
1809 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1810 __u16 opcode;
1811
1812 skb_pull(skb, sizeof(*ev));
1813
1814 opcode = __le16_to_cpu(ev->opcode);
1815
1816 switch (opcode) {
1817 case HCI_OP_INQUIRY_CANCEL:
1818 hci_cc_inquiry_cancel(hdev, skb);
1819 break;
1820
1821 case HCI_OP_EXIT_PERIODIC_INQ:
1822 hci_cc_exit_periodic_inq(hdev, skb);
1823 break;
1824
1825 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1826 hci_cc_remote_name_req_cancel(hdev, skb);
1827 break;
1828
1829 case HCI_OP_ROLE_DISCOVERY:
1830 hci_cc_role_discovery(hdev, skb);
1831 break;
1832
e4e8e37c
MH		 1833 case HCI_OP_READ_LINK_POLICY:
1834 hci_cc_read_link_policy(hdev, skb);
1835 break;
1836
a9de9248
MH		 1837 case HCI_OP_WRITE_LINK_POLICY:
1838 hci_cc_write_link_policy(hdev, skb);
1839 break;
1840
e4e8e37c
MH		 1841 case HCI_OP_READ_DEF_LINK_POLICY:
1842 hci_cc_read_def_link_policy(hdev, skb);
1843 break;
1844
1845 case HCI_OP_WRITE_DEF_LINK_POLICY:
1846 hci_cc_write_def_link_policy(hdev, skb);
1847 break;
1848
a9de9248
MH		 1849 case HCI_OP_RESET:
1850 hci_cc_reset(hdev, skb);
1851 break;
1852
1853 case HCI_OP_WRITE_LOCAL_NAME:
1854 hci_cc_write_local_name(hdev, skb);
1855 break;
1856
1857 case HCI_OP_READ_LOCAL_NAME:
1858 hci_cc_read_local_name(hdev, skb);
1859 break;
1860
1861 case HCI_OP_WRITE_AUTH_ENABLE:
1862 hci_cc_write_auth_enable(hdev, skb);
1863 break;
1864
1865 case HCI_OP_WRITE_ENCRYPT_MODE:
1866 hci_cc_write_encrypt_mode(hdev, skb);
1867 break;
1868
1869 case HCI_OP_WRITE_SCAN_ENABLE:
1870 hci_cc_write_scan_enable(hdev, skb);
1871 break;
1872
1873 case HCI_OP_READ_CLASS_OF_DEV:
1874 hci_cc_read_class_of_dev(hdev, skb);
1875 break;
1876
1877 case HCI_OP_WRITE_CLASS_OF_DEV:
1878 hci_cc_write_class_of_dev(hdev, skb);
1879 break;
1880
1881 case HCI_OP_READ_VOICE_SETTING:
1882 hci_cc_read_voice_setting(hdev, skb);
1883 break;
1884
1885 case HCI_OP_WRITE_VOICE_SETTING:
1886 hci_cc_write_voice_setting(hdev, skb);
1887 break;
1888
1889 case HCI_OP_HOST_BUFFER_SIZE:
1890 hci_cc_host_buffer_size(hdev, skb);
1891 break;
1892
333140b5
MH		 1893 case HCI_OP_READ_SSP_MODE:
1894 hci_cc_read_ssp_mode(hdev, skb);
1895 break;
1896
1897 case HCI_OP_WRITE_SSP_MODE:
1898 hci_cc_write_ssp_mode(hdev, skb);
1899 break;
1900
a9de9248
MH		 1901 case HCI_OP_READ_LOCAL_VERSION:
1902 hci_cc_read_local_version(hdev, skb);
1903 break;
1904
1905 case HCI_OP_READ_LOCAL_COMMANDS:
1906 hci_cc_read_local_commands(hdev, skb);
1907 break;
1908
1909 case HCI_OP_READ_LOCAL_FEATURES:
1910 hci_cc_read_local_features(hdev, skb);
1911 break;
1912
971e3a4b
AG		 1913 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1914 hci_cc_read_local_ext_features(hdev, skb);
1915 break;
1916
a9de9248
MH		 1917 case HCI_OP_READ_BUFFER_SIZE:
1918 hci_cc_read_buffer_size(hdev, skb);
1919 break;
1920
1921 case HCI_OP_READ_BD_ADDR:
1922 hci_cc_read_bd_addr(hdev, skb);
1923 break;
1924
23bb5763
JH		 1925 case HCI_OP_WRITE_CA_TIMEOUT:
1926 hci_cc_write_ca_timeout(hdev, skb);
1927 break;
1928
928abaa7
AE		 1929 case HCI_OP_READ_LOCAL_AMP_INFO:
1930 hci_cc_read_local_amp_info(hdev, skb);
1931 break;
1932
b0916ea0
JH		 1933 case HCI_OP_DELETE_STORED_LINK_KEY:
1934 hci_cc_delete_stored_link_key(hdev, skb);
1935 break;
1936
d5859e22
JH		 1937 case HCI_OP_SET_EVENT_MASK:
1938 hci_cc_set_event_mask(hdev, skb);
1939 break;
1940
1941 case HCI_OP_WRITE_INQUIRY_MODE:
1942 hci_cc_write_inquiry_mode(hdev, skb);
1943 break;
1944
1945 case HCI_OP_READ_INQ_RSP_TX_POWER:
1946 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1947 break;
1948
1949 case HCI_OP_SET_EVENT_FLT:
1950 hci_cc_set_event_flt(hdev, skb);
1951 break;
1952
980e1a53
JH		 1953 case HCI_OP_PIN_CODE_REPLY:
1954 hci_cc_pin_code_reply(hdev, skb);
1955 break;
1956
1957 case HCI_OP_PIN_CODE_NEG_REPLY:
1958 hci_cc_pin_code_neg_reply(hdev, skb);
1959 break;
1960
c35938b2
SJ		 1961 case HCI_OP_READ_LOCAL_OOB_DATA:
1962 hci_cc_read_local_oob_data_reply(hdev, skb);
1963 break;
1964
6ed58ec5
VT		 1965 case HCI_OP_LE_READ_BUFFER_SIZE:
1966 hci_cc_le_read_buffer_size(hdev, skb);
1967 break;
1968
a5c29683
JH		 1969 case HCI_OP_USER_CONFIRM_REPLY:
1970 hci_cc_user_confirm_reply(hdev, skb);
1971 break;
1972
1973 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1974 hci_cc_user_confirm_neg_reply(hdev, skb);
1975 break;
1976
eb9d91f5
AG		 1977 case HCI_OP_LE_SET_SCAN_ENABLE:
1978 hci_cc_le_set_scan_enable(hdev, skb);
1979 break;
1980
a7a595f6
VCG		 1981 case HCI_OP_LE_LTK_REPLY:
1982 hci_cc_le_ltk_reply(hdev, skb);
1983 break;
1984
1985 case HCI_OP_LE_LTK_NEG_REPLY:
1986 hci_cc_le_ltk_neg_reply(hdev, skb);
1987 break;
1988
f9b49306
AG		 1989 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1990 hci_cc_write_le_host_supported(hdev, skb);
1991 break;
1992
a9de9248
MH		 1993 default:
1994 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1995 break;
1996 }
1997
6bd32326
VT		 1998 if (ev->opcode != HCI_OP_NOP)
1999 del_timer(&hdev->cmd_timer);
2000
a9de9248
MH		 2001 if (ev->ncmd) {
2002 atomic_set(&hdev->cmd_cnt, 1);
2003 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2004 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2005 }
2006}
2007
2008static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2009{
2010 struct hci_ev_cmd_status *ev = (void *) skb->data;
2011 __u16 opcode;
2012
2013 skb_pull(skb, sizeof(*ev));
2014
2015 opcode = __le16_to_cpu(ev->opcode);
2016
2017 switch (opcode) {
2018 case HCI_OP_INQUIRY:
2019 hci_cs_inquiry(hdev, ev->status);
2020 break;
2021
2022 case HCI_OP_CREATE_CONN:
2023 hci_cs_create_conn(hdev, ev->status);
2024 break;
2025
2026 case HCI_OP_ADD_SCO:
2027 hci_cs_add_sco(hdev, ev->status);
2028 break;
2029
f8558555
MH		 2030 case HCI_OP_AUTH_REQUESTED:
2031 hci_cs_auth_requested(hdev, ev->status);
2032 break;
2033
2034 case HCI_OP_SET_CONN_ENCRYPT:
2035 hci_cs_set_conn_encrypt(hdev, ev->status);
2036 break;
2037
a9de9248
MH		 2038 case HCI_OP_REMOTE_NAME_REQ:
2039 hci_cs_remote_name_req(hdev, ev->status);
2040 break;
2041
769be974
MH		 2042 case HCI_OP_READ_REMOTE_FEATURES:
2043 hci_cs_read_remote_features(hdev, ev->status);
2044 break;
2045
2046 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2047 hci_cs_read_remote_ext_features(hdev, ev->status);
2048 break;
2049
a9de9248
MH		 2050 case HCI_OP_SETUP_SYNC_CONN:
2051 hci_cs_setup_sync_conn(hdev, ev->status);
2052 break;
2053
2054 case HCI_OP_SNIFF_MODE:
2055 hci_cs_sniff_mode(hdev, ev->status);
2056 break;
2057
2058 case HCI_OP_EXIT_SNIFF_MODE:
2059 hci_cs_exit_sniff_mode(hdev, ev->status);
2060 break;
2061
8962ee74
JH		 2062 case HCI_OP_DISCONNECT:
2063 if (ev->status != 0)
2064 mgmt_disconnect_failed(hdev->id);
2065 break;
2066
fcd89c09
VT		 2067 case HCI_OP_LE_CREATE_CONN:
2068 hci_cs_le_create_conn(hdev, ev->status);
2069 break;
2070
a7a595f6
VCG		 2071 case HCI_OP_LE_START_ENC:
2072 hci_cs_le_start_enc(hdev, ev->status);
2073 break;
2074
a9de9248
MH		 2075 default:
2076 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2077 break;
2078 }
2079
6bd32326
VT		 2080 if (ev->opcode != HCI_OP_NOP)
2081 del_timer(&hdev->cmd_timer);
2082
10572132 2083 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2084 atomic_set(&hdev->cmd_cnt, 1);
2085 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2086 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2087 }
2088}
2089
2090static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2091{
2092 struct hci_ev_role_change *ev = (void *) skb->data;
2093 struct hci_conn *conn;
2094
2095 BT_DBG("%s status %d", hdev->name, ev->status);
2096
2097 hci_dev_lock(hdev);
2098
2099 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2100 if (conn) {
2101 if (!ev->status) {
2102 if (ev->role)
2103 conn->link_mode &= ~HCI_LM_MASTER;
2104 else
2105 conn->link_mode |= HCI_LM_MASTER;
2106 }
2107
2108 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2109
2110 hci_role_switch_cfm(conn, ev->status, ev->role);
2111 }
2112
2113 hci_dev_unlock(hdev);
2114}
2115
2116static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117{
2118 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2119 __le16 *ptr;
2120 int i;
2121
2122 skb_pull(skb, sizeof(*ev));
2123
2124 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2125
2126 if (skb->len < ev->num_hndl * 4) {
2127 BT_DBG("%s bad parameters", hdev->name);
2128 return;
2129 }
2130
2131 tasklet_disable(&hdev->tx_task);
2132
2133 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2134 struct hci_conn *conn;
2135 __u16 handle, count;
2136
83985319
HH		 2137 handle = get_unaligned_le16(ptr++);
2138 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2139
2140 conn = hci_conn_hash_lookup_handle(hdev, handle);
2141 if (conn) {
2142 conn->sent -= count;
2143
2144 if (conn->type == ACL_LINK) {
70f23020
AE		 2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2147 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2148 } else if (conn->type == LE_LINK) {
2149 if (hdev->le_pkts) {
2150 hdev->le_cnt += count;
2151 if (hdev->le_cnt > hdev->le_pkts)
2152 hdev->le_cnt = hdev->le_pkts;
2153 } else {
2154 hdev->acl_cnt += count;
2155 if (hdev->acl_cnt > hdev->acl_pkts)
2156 hdev->acl_cnt = hdev->acl_pkts;
2157 }
a9de9248 2158 } else {
70f23020
AE		 2159 hdev->sco_cnt += count;
2160 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2161 hdev->sco_cnt = hdev->sco_pkts;
2162 }
2163 }
2164 }
2165
c78ae283 2166 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2167
2168 tasklet_enable(&hdev->tx_task);
2169}
2170
2171static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2172{
a9de9248 2173 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2174 struct hci_conn *conn;
2175
2176 BT_DBG("%s status %d", hdev->name, ev->status);
2177
2178 hci_dev_lock(hdev);
2179
2180 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2181 if (conn) {
2182 conn->mode = ev->mode;
2183 conn->interval = __le16_to_cpu(ev->interval);
2184
2185 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2186 if (conn->mode == HCI_CM_ACTIVE)
2187 conn->power_save = 1;
2188 else
2189 conn->power_save = 0;
2190 }
e73439d8
MH		 2191
2192 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2193 hci_sco_setup(conn, ev->status);
04837f64
MH		 2194 }
2195
2196 hci_dev_unlock(hdev);
2197}
2198
a9de9248
MH		 2199static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2200{
052b30b0
MH		 2201 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2202 struct hci_conn *conn;
2203
a9de9248 2204 BT_DBG("%s", hdev->name);
052b30b0
MH		 2205
2206 hci_dev_lock(hdev);
2207
2208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2209 if (!conn)
2210 goto unlock;
2211
2212 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2213 hci_conn_hold(conn);
2214 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2215 hci_conn_put(conn);
2216 }
2217
03b555e1
JH		 2218 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2219 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2220 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2221 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2222 u8 secure;
2223
2224 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2225 secure = 1;
2226 else
2227 secure = 0;
2228
2229 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2230 }
980e1a53 2231
b6f98044 2232unlock:
052b30b0 2233 hci_dev_unlock(hdev);
a9de9248
MH		 2234}
2235
2236static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2237{
55ed8ca1
JH		 2238 struct hci_ev_link_key_req *ev = (void *) skb->data;
2239 struct hci_cp_link_key_reply cp;
2240 struct hci_conn *conn;
2241 struct link_key *key;
2242
a9de9248 2243 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2244
2245 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2246 return;
2247
2248 hci_dev_lock(hdev);
2249
2250 key = hci_find_link_key(hdev, &ev->bdaddr);
2251 if (!key) {
2252 BT_DBG("%s link key not found for %s", hdev->name,
2253 batostr(&ev->bdaddr));
2254 goto not_found;
2255 }
2256
2257 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2258 batostr(&ev->bdaddr));
2259
b6020ba0
WR		 2260 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2261 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2262 BT_DBG("%s ignoring debug key", hdev->name);
2263 goto not_found;
2264 }
2265
2266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2267 if (conn) {
2268 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2269 conn->auth_type != 0xff &&
2270 (conn->auth_type & 0x01)) {
2271 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2272 goto not_found;
2273 }
55ed8ca1 2274
60b83f57
WR		 2275 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2276 conn->pending_sec_level == BT_SECURITY_HIGH) {
2277 BT_DBG("%s ignoring key unauthenticated for high \
2278 security", hdev->name);
2279 goto not_found;
2280 }
2281
2282 conn->key_type = key->type;
2283 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2284 }
2285
2286 bacpy(&cp.bdaddr, &ev->bdaddr);
2287 memcpy(cp.link_key, key->val, 16);
2288
2289 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2290
2291 hci_dev_unlock(hdev);
2292
2293 return;
2294
2295not_found:
2296 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2297 hci_dev_unlock(hdev);
a9de9248
MH		 2298}
2299
2300static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2301{
052b30b0
MH		 2302 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2303 struct hci_conn *conn;
55ed8ca1 2304 u8 pin_len = 0;
052b30b0 2305
a9de9248 2306 BT_DBG("%s", hdev->name);
052b30b0
MH		 2307
2308 hci_dev_lock(hdev);
2309
2310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2311 if (conn) {
2312 hci_conn_hold(conn);
2313 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2314 pin_len = conn->pin_length;
13d39315
WR		 2315
2316 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2317 conn->key_type = ev->key_type;
2318
052b30b0
MH		 2319 hci_conn_put(conn);
2320 }
2321
55ed8ca1 2322 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2323 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2324 ev->key_type, pin_len);
2325
052b30b0 2326 hci_dev_unlock(hdev);
a9de9248
MH		 2327}
2328
1da177e4
LT		 2329static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2330{
a9de9248 2331 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2332 struct hci_conn *conn;
1da177e4
LT		 2333
2334 BT_DBG("%s status %d", hdev->name, ev->status);
2335
2336 hci_dev_lock(hdev);
2337
04837f64 2338 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2339 if (conn && !ev->status) {
2340 struct inquiry_entry *ie;
2341
cc11b9c1
AE		 2342 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2343 if (ie) {
1da177e4
LT		 2344 ie->data.clock_offset = ev->clock_offset;
2345 ie->timestamp = jiffies;
2346 }
2347 }
2348
2349 hci_dev_unlock(hdev);
2350}
2351
a8746417
MH		 2352static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2353{
2354 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2355 struct hci_conn *conn;
2356
2357 BT_DBG("%s status %d", hdev->name, ev->status);
2358
2359 hci_dev_lock(hdev);
2360
2361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2362 if (conn && !ev->status)
2363 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2364
2365 hci_dev_unlock(hdev);
2366}
2367
85a1e930
MH		 2368static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2369{
a9de9248 2370 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2371 struct inquiry_entry *ie;
2372
2373 BT_DBG("%s", hdev->name);
2374
2375 hci_dev_lock(hdev);
2376
cc11b9c1
AE		 2377 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2378 if (ie) {
85a1e930
MH		 2379 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2380 ie->timestamp = jiffies;
2381 }
2382
2383 hci_dev_unlock(hdev);
2384}
2385
a9de9248
MH		 2386static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2387{
2388 struct inquiry_data data;
2389 int num_rsp = *((__u8 *) skb->data);
2390
2391 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2392
2393 if (!num_rsp)
2394 return;
2395
2396 hci_dev_lock(hdev);
2397
314b2381
JH		 2398 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2399
2400 if (test_bit(HCI_MGMT, &hdev->flags))
2401 mgmt_discovering(hdev->id, 1);
2402 }
2403
a9de9248 2404 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2405 struct inquiry_info_with_rssi_and_pscan_mode *info;
2406 info = (void *) (skb->data + 1);
a9de9248 2407
e17acd40 2408 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2409 bacpy(&data.bdaddr, &info->bdaddr);
2410 data.pscan_rep_mode = info->pscan_rep_mode;
2411 data.pscan_period_mode = info->pscan_period_mode;
2412 data.pscan_mode = info->pscan_mode;
2413 memcpy(data.dev_class, info->dev_class, 3);
2414 data.clock_offset = info->clock_offset;
2415 data.rssi = info->rssi;
41a96212 2416 data.ssp_mode = 0x00;
a9de9248 2417 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2418 mgmt_device_found(hdev->id, &info->bdaddr,
2419 info->dev_class, info->rssi,
2420 NULL);
a9de9248
MH		 2421 }
2422 } else {
2423 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2424
e17acd40 2425 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2426 bacpy(&data.bdaddr, &info->bdaddr);
2427 data.pscan_rep_mode = info->pscan_rep_mode;
2428 data.pscan_period_mode = info->pscan_period_mode;
2429 data.pscan_mode = 0x00;
2430 memcpy(data.dev_class, info->dev_class, 3);
2431 data.clock_offset = info->clock_offset;
2432 data.rssi = info->rssi;
41a96212 2433 data.ssp_mode = 0x00;
a9de9248 2434 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2435 mgmt_device_found(hdev->id, &info->bdaddr,
2436 info->dev_class, info->rssi,
2437 NULL);
a9de9248
MH		 2438 }
2439 }
2440
2441 hci_dev_unlock(hdev);
2442}
2443
2444static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445{
41a96212
MH		 2446 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2447 struct hci_conn *conn;
2448
a9de9248 2449 BT_DBG("%s", hdev->name);
41a96212 2450
41a96212
MH		 2451 hci_dev_lock(hdev);
2452
2453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2454 if (!conn)
2455 goto unlock;
41a96212 2456
ccd556fe
JH		 2457 if (!ev->status && ev->page == 0x01) {
2458 struct inquiry_entry *ie;
41a96212 2459
cc11b9c1
AE		 2460 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2461 if (ie)
ccd556fe 2462 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2463
ccd556fe
JH		 2464 conn->ssp_mode = (ev->features[0] & 0x01);
2465 }
2466
2467 if (conn->state != BT_CONFIG)
2468 goto unlock;
2469
127178d2
JH		 2470 if (!ev->status) {
2471 struct hci_cp_remote_name_req cp;
2472 memset(&cp, 0, sizeof(cp));
2473 bacpy(&cp.bdaddr, &conn->dst);
2474 cp.pscan_rep_mode = 0x02;
2475 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2476 }
392599b9 2477
127178d2 2478 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2479 conn->state = BT_CONNECTED;
2480 hci_proto_connect_cfm(conn, ev->status);
2481 hci_conn_put(conn);
41a96212
MH		 2482 }
2483
ccd556fe 2484unlock:
41a96212 2485 hci_dev_unlock(hdev);
a9de9248
MH		 2486}
2487
2488static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2489{
b6a0dc82
MH		 2490 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2491 struct hci_conn *conn;
2492
2493 BT_DBG("%s status %d", hdev->name, ev->status);
2494
2495 hci_dev_lock(hdev);
2496
2497 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2498 if (!conn) {
2499 if (ev->link_type == ESCO_LINK)
2500 goto unlock;
2501
2502 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2503 if (!conn)
2504 goto unlock;
2505
2506 conn->type = SCO_LINK;
2507 }
b6a0dc82 2508
732547f9
MH		 2509 switch (ev->status) {
2510 case 0x00:
b6a0dc82
MH		 2511 conn->handle = __le16_to_cpu(ev->handle);
2512 conn->state = BT_CONNECTED;
7d0db0a3 2513
9eba32b8 2514 hci_conn_hold_device(conn);
7d0db0a3 2515 hci_conn_add_sysfs(conn);
732547f9
MH		 2516 break;
2517
705e5711 2518 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2519 case 0x1c: /* SCO interval rejected */
1038a00b 2520 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2521 case 0x1f: /* Unspecified error */
2522 if (conn->out && conn->attempt < 2) {
2523 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2524 (hdev->esco_type & EDR_ESCO_MASK);
2525 hci_setup_sync(conn, conn->link->handle);
2526 goto unlock;
2527 }
2528 /* fall through */
2529
2530 default:
b6a0dc82 2531 conn->state = BT_CLOSED;
732547f9
MH		 2532 break;
2533 }
b6a0dc82
MH		 2534
2535 hci_proto_connect_cfm(conn, ev->status);
2536 if (ev->status)
2537 hci_conn_del(conn);
2538
2539unlock:
2540 hci_dev_unlock(hdev);
a9de9248
MH		 2541}
2542
2543static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2544{
2545 BT_DBG("%s", hdev->name);
2546}
2547
04837f64
MH		 2548static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2549{
a9de9248 2550 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2551
2552 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2553}
2554
a9de9248 2555static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2556{
a9de9248
MH		 2557 struct inquiry_data data;
2558 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2559 int num_rsp = *((__u8 *) skb->data);
1da177e4 2560
a9de9248 2561 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2562
a9de9248
MH		 2563 if (!num_rsp)
2564 return;
1da177e4 2565
314b2381
JH		 2566 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2567
2568 if (test_bit(HCI_MGMT, &hdev->flags))
2569 mgmt_discovering(hdev->id, 1);
2570 }
2571
a9de9248
MH		 2572 hci_dev_lock(hdev);
2573
e17acd40 2574 for (; num_rsp; num_rsp--, info++) {
a9de9248 2575 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2576 data.pscan_rep_mode = info->pscan_rep_mode;
2577 data.pscan_period_mode = info->pscan_period_mode;
2578 data.pscan_mode = 0x00;
a9de9248 2579 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2580 data.clock_offset = info->clock_offset;
2581 data.rssi = info->rssi;
41a96212 2582 data.ssp_mode = 0x01;
a9de9248 2583 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2584 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2585 info->rssi, info->data);
a9de9248
MH		 2586 }
2587
2588 hci_dev_unlock(hdev);
2589}
1da177e4 2590
17fa4b9d
JH		 2591static inline u8 hci_get_auth_req(struct hci_conn *conn)
2592{
2593 /* If remote requests dedicated bonding follow that lead */
2594 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2595 /* If both remote and local IO capabilities allow MITM
2596 * protection then require it, otherwise don't */
2597 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2598 return 0x02;
2599 else
2600 return 0x03;
2601 }
2602
2603 /* If remote requests no-bonding follow that lead */
2604 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2605 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2606
2607 return conn->auth_type;
2608}
2609
0493684e
MH		 2610static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2611{
2612 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2613 struct hci_conn *conn;
2614
2615 BT_DBG("%s", hdev->name);
2616
2617 hci_dev_lock(hdev);
2618
2619 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2620 if (!conn)
2621 goto unlock;
2622
2623 hci_conn_hold(conn);
2624
2625 if (!test_bit(HCI_MGMT, &hdev->flags))
2626 goto unlock;
2627
2628 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2629 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2630 struct hci_cp_io_capability_reply cp;
2631
2632 bacpy(&cp.bdaddr, &ev->bdaddr);
2633 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2634 conn->auth_type = hci_get_auth_req(conn);
2635 cp.authentication = conn->auth_type;
17fa4b9d 2636
ce85ee13
SJ		 2637 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2638 hci_find_remote_oob_data(hdev, &conn->dst))
2639 cp.oob_data = 0x01;
2640 else
2641 cp.oob_data = 0x00;
2642
17fa4b9d
JH		 2643 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2644 sizeof(cp), &cp);
03b555e1
JH		 2645 } else {
2646 struct hci_cp_io_capability_neg_reply cp;
2647
2648 bacpy(&cp.bdaddr, &ev->bdaddr);
be77159c 2649 cp.reason = 0x18; /* Pairing not allowed */
0493684e 2650
03b555e1
JH		 2651 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2652 sizeof(cp), &cp);
2653 }
2654
2655unlock:
2656 hci_dev_unlock(hdev);
2657}
2658
2659static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2660{
2661 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2662 struct hci_conn *conn;
2663
2664 BT_DBG("%s", hdev->name);
2665
2666 hci_dev_lock(hdev);
2667
2668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2669 if (!conn)
2670 goto unlock;
2671
03b555e1
JH		 2672 conn->remote_cap = ev->capability;
2673 conn->remote_oob = ev->oob_data;
2674 conn->remote_auth = ev->authentication;
2675
2676unlock:
0493684e
MH		 2677 hci_dev_unlock(hdev);
2678}
2679
a5c29683
JH		 2680static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2681 struct sk_buff *skb)
2682{
2683 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2684 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2685 struct hci_conn *conn;
a5c29683
JH		 2686
2687 BT_DBG("%s", hdev->name);
2688
2689 hci_dev_lock(hdev);
2690
7a828908
JH		 2691 if (!test_bit(HCI_MGMT, &hdev->flags))
2692 goto unlock;
a5c29683 2693
7a828908
JH		 2694 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2695 if (!conn)
2696 goto unlock;
2697
2698 loc_mitm = (conn->auth_type & 0x01);
2699 rem_mitm = (conn->remote_auth & 0x01);
2700
2701 /* If we require MITM but the remote device can't provide that
2702 * (it has NoInputNoOutput) then reject the confirmation
2703 * request. The only exception is when we're dedicated bonding
2704 * initiators (connect_cfm_cb set) since then we always have the MITM
2705 * bit set. */
2706 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2707 BT_DBG("Rejecting request: remote device can't provide MITM");
2708 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2709 sizeof(ev->bdaddr), &ev->bdaddr);
2710 goto unlock;
2711 }
2712
2713 /* If no side requires MITM protection; auto-accept */
2714 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2715 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2716
2717 /* If we're not the initiators request authorization to
2718 * proceed from user space (mgmt_user_confirm with
2719 * confirm_hint set to 1). */
2720 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2721 BT_DBG("Confirming auto-accept as acceptor");
2722 confirm_hint = 1;
2723 goto confirm;
2724 }
2725
9f61656a
JH		 2726 BT_DBG("Auto-accept of user confirmation with %ums delay",
2727 hdev->auto_accept_delay);
2728
2729 if (hdev->auto_accept_delay > 0) {
2730 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2731 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2732 goto unlock;
2733 }
2734
7a828908
JH		 2735 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2736 sizeof(ev->bdaddr), &ev->bdaddr);
2737 goto unlock;
2738 }
2739
55bc1a37
JH		 2740confirm:
2741 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2742 confirm_hint);
7a828908
JH		 2743
2744unlock:
a5c29683
JH		 2745 hci_dev_unlock(hdev);
2746}
2747
0493684e
MH		 2748static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2749{
2750 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2751 struct hci_conn *conn;
2752
2753 BT_DBG("%s", hdev->name);
2754
2755 hci_dev_lock(hdev);
2756
2757 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2758 if (!conn)
2759 goto unlock;
2760
2761 /* To avoid duplicate auth_failed events to user space we check
2762 * the HCI_CONN_AUTH_PEND flag which will be set if we
2763 * initiated the authentication. A traditional auth_complete
2764 * event gets always produced as initiator and is also mapped to
2765 * the mgmt_auth_failed event */
2766 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2767 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2768
2a611692
JH		 2769 hci_conn_put(conn);
2770
2771unlock:
0493684e
MH		 2772 hci_dev_unlock(hdev);
2773}
2774
41a96212
MH		 2775static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2776{
2777 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2778 struct inquiry_entry *ie;
2779
2780 BT_DBG("%s", hdev->name);
2781
2782 hci_dev_lock(hdev);
2783
cc11b9c1
AE		 2784 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2785 if (ie)
41a96212
MH		 2786 ie->data.ssp_mode = (ev->features[0] & 0x01);
2787
2788 hci_dev_unlock(hdev);
2789}
2790
2763eda6
SJ		 2791static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2792 struct sk_buff *skb)
2793{
2794 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2795 struct oob_data *data;
2796
2797 BT_DBG("%s", hdev->name);
2798
2799 hci_dev_lock(hdev);
2800
e1ba1f15
SJ		 2801 if (!test_bit(HCI_MGMT, &hdev->flags))
2802 goto unlock;
2803
2763eda6
SJ		 2804 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2805 if (data) {
2806 struct hci_cp_remote_oob_data_reply cp;
2807
2808 bacpy(&cp.bdaddr, &ev->bdaddr);
2809 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2810 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2811
2812 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2813 &cp);
2814 } else {
2815 struct hci_cp_remote_oob_data_neg_reply cp;
2816
2817 bacpy(&cp.bdaddr, &ev->bdaddr);
2818 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2819 &cp);
2820 }
2821
e1ba1f15 2822unlock:
2763eda6
SJ		 2823 hci_dev_unlock(hdev);
2824}
2825
fcd89c09
VT		 2826static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2827{
2828 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2829 struct hci_conn *conn;
2830
2831 BT_DBG("%s status %d", hdev->name, ev->status);
2832
2833 hci_dev_lock(hdev);
2834
2835 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2836 if (!conn) {
2837 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2838 if (!conn) {
2839 BT_ERR("No memory for new connection");
2840 hci_dev_unlock(hdev);
2841 return;
2842 }
29b7988a
AG		 2843
2844 conn->dst_type = ev->bdaddr_type;
b62f328b 2845 }
fcd89c09
VT		 2846
2847 if (ev->status) {
83bc71b4 2848 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2849 hci_proto_connect_cfm(conn, ev->status);
2850 conn->state = BT_CLOSED;
2851 hci_conn_del(conn);
2852 goto unlock;
2853 }
2854
cfafccf7 2855 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
83bc71b4 2856
7b5c0d52 2857 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2858 conn->handle = __le16_to_cpu(ev->handle);
2859 conn->state = BT_CONNECTED;
2860
2861 hci_conn_hold_device(conn);
2862 hci_conn_add_sysfs(conn);
2863
2864 hci_proto_connect_cfm(conn, ev->status);
2865
2866unlock:
2867 hci_dev_unlock(hdev);
2868}
2869
9aa04c91
AG		 2870static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2871 struct sk_buff *skb)
2872{
e95beb41
AG		 2873 u8 num_reports = skb->data[0];
2874 void *ptr = &skb->data[1];
9aa04c91
AG		 2875
2876 hci_dev_lock(hdev);
2877
e95beb41
AG		 2878 while (num_reports--) {
2879 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2880
9aa04c91 2881 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2882
2883 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2884 }
2885
2886 hci_dev_unlock(hdev);
2887}
2888
a7a595f6
VCG		 2889static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2890 struct sk_buff *skb)
2891{
2892 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2893 struct hci_cp_le_ltk_reply cp;
bea710fe 2894 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2895 struct hci_conn *conn;
bea710fe 2896 struct link_key *ltk;
a7a595f6
VCG		 2897
2898 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2899
2900 hci_dev_lock(hdev);
2901
2902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2903 if (conn == NULL)
2904 goto not_found;
a7a595f6 2905
bea710fe
VCG		 2906 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2907 if (ltk == NULL)
2908 goto not_found;
2909
2910 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2911 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2912 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2913
2914 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2915
2916 hci_dev_unlock(hdev);
bea710fe
VCG		 2917
2918 return;
2919
2920not_found:
2921 neg.handle = ev->handle;
2922 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2923 hci_dev_unlock(hdev);
a7a595f6
VCG		 2924}
2925
fcd89c09
VT		 2926static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2927{
2928 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2929
2930 skb_pull(skb, sizeof(*le_ev));
2931
2932 switch (le_ev->subevent) {
2933 case HCI_EV_LE_CONN_COMPLETE:
2934 hci_le_conn_complete_evt(hdev, skb);
2935 break;
2936
9aa04c91
AG		 2937 case HCI_EV_LE_ADVERTISING_REPORT:
2938 hci_le_adv_report_evt(hdev, skb);
2939 break;
2940
a7a595f6
VCG		 2941 case HCI_EV_LE_LTK_REQ:
2942 hci_le_ltk_request_evt(hdev, skb);
2943 break;
2944
fcd89c09
VT		 2945 default:
2946 break;
2947 }
2948}
2949
a9de9248
MH		 2950void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2951{
2952 struct hci_event_hdr *hdr = (void *) skb->data;
2953 __u8 event = hdr->evt;
2954
2955 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2956
2957 switch (event) {
1da177e4
LT		 2958 case HCI_EV_INQUIRY_COMPLETE:
2959 hci_inquiry_complete_evt(hdev, skb);
2960 break;
2961
2962 case HCI_EV_INQUIRY_RESULT:
2963 hci_inquiry_result_evt(hdev, skb);
2964 break;
2965
a9de9248
MH		 2966 case HCI_EV_CONN_COMPLETE:
2967 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2968 break;
2969
1da177e4
LT		 2970 case HCI_EV_CONN_REQUEST:
2971 hci_conn_request_evt(hdev, skb);
2972 break;
2973
1da177e4
LT		 2974 case HCI_EV_DISCONN_COMPLETE:
2975 hci_disconn_complete_evt(hdev, skb);
2976 break;
2977
1da177e4
LT		 2978 case HCI_EV_AUTH_COMPLETE:
2979 hci_auth_complete_evt(hdev, skb);
2980 break;
2981
a9de9248
MH		 2982 case HCI_EV_REMOTE_NAME:
2983 hci_remote_name_evt(hdev, skb);
2984 break;
2985
1da177e4
LT		 2986 case HCI_EV_ENCRYPT_CHANGE:
2987 hci_encrypt_change_evt(hdev, skb);
2988 break;
2989
a9de9248
MH		 2990 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2991 hci_change_link_key_complete_evt(hdev, skb);
2992 break;
2993
2994 case HCI_EV_REMOTE_FEATURES:
2995 hci_remote_features_evt(hdev, skb);
2996 break;
2997
2998 case HCI_EV_REMOTE_VERSION:
2999 hci_remote_version_evt(hdev, skb);
3000 break;
3001
3002 case HCI_EV_QOS_SETUP_COMPLETE:
3003 hci_qos_setup_complete_evt(hdev, skb);
3004 break;
3005
3006 case HCI_EV_CMD_COMPLETE:
3007 hci_cmd_complete_evt(hdev, skb);
3008 break;
3009
3010 case HCI_EV_CMD_STATUS:
3011 hci_cmd_status_evt(hdev, skb);
3012 break;
3013
3014 case HCI_EV_ROLE_CHANGE:
3015 hci_role_change_evt(hdev, skb);
3016 break;
3017
3018 case HCI_EV_NUM_COMP_PKTS:
3019 hci_num_comp_pkts_evt(hdev, skb);
3020 break;
3021
3022 case HCI_EV_MODE_CHANGE:
3023 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3024 break;
3025
3026 case HCI_EV_PIN_CODE_REQ:
3027 hci_pin_code_request_evt(hdev, skb);
3028 break;
3029
3030 case HCI_EV_LINK_KEY_REQ:
3031 hci_link_key_request_evt(hdev, skb);
3032 break;
3033
3034 case HCI_EV_LINK_KEY_NOTIFY:
3035 hci_link_key_notify_evt(hdev, skb);
3036 break;
3037
3038 case HCI_EV_CLOCK_OFFSET:
3039 hci_clock_offset_evt(hdev, skb);
3040 break;
3041
a8746417
MH		 3042 case HCI_EV_PKT_TYPE_CHANGE:
3043 hci_pkt_type_change_evt(hdev, skb);
3044 break;
3045
85a1e930
MH		 3046 case HCI_EV_PSCAN_REP_MODE:
3047 hci_pscan_rep_mode_evt(hdev, skb);
3048 break;
3049
a9de9248
MH		 3050 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3051 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3052 break;
3053
a9de9248
MH		 3054 case HCI_EV_REMOTE_EXT_FEATURES:
3055 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3056 break;
3057
a9de9248
MH		 3058 case HCI_EV_SYNC_CONN_COMPLETE:
3059 hci_sync_conn_complete_evt(hdev, skb);
3060 break;
1da177e4 3061
a9de9248
MH		 3062 case HCI_EV_SYNC_CONN_CHANGED:
3063 hci_sync_conn_changed_evt(hdev, skb);
3064 break;
1da177e4 3065
a9de9248
MH		 3066 case HCI_EV_SNIFF_SUBRATE:
3067 hci_sniff_subrate_evt(hdev, skb);
3068 break;
1da177e4 3069
a9de9248
MH		 3070 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3071 hci_extended_inquiry_result_evt(hdev, skb);
3072 break;
1da177e4 3073
0493684e
MH		 3074 case HCI_EV_IO_CAPA_REQUEST:
3075 hci_io_capa_request_evt(hdev, skb);
3076 break;
3077
03b555e1
JH		 3078 case HCI_EV_IO_CAPA_REPLY:
3079 hci_io_capa_reply_evt(hdev, skb);
3080 break;
3081
a5c29683
JH		 3082 case HCI_EV_USER_CONFIRM_REQUEST:
3083 hci_user_confirm_request_evt(hdev, skb);
3084 break;
3085
0493684e
MH		 3086 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3087 hci_simple_pair_complete_evt(hdev, skb);
3088 break;
3089
41a96212
MH		 3090 case HCI_EV_REMOTE_HOST_FEATURES:
3091 hci_remote_host_features_evt(hdev, skb);
3092 break;
3093
fcd89c09
VT		 3094 case HCI_EV_LE_META:
3095 hci_le_meta_evt(hdev, skb);
3096 break;
3097
2763eda6
SJ		 3098 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3099 hci_remote_oob_data_request_evt(hdev, skb);
3100 break;
3101
a9de9248
MH		 3102 default:
3103 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3104 break;
3105 }
3106
3107 kfree_skb(skb);
3108 hdev->stat.evt_rx++;
3109}
3110
3111/* Generate internal stack event */
3112void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3113{
3114 struct hci_event_hdr *hdr;
3115 struct hci_ev_stack_internal *ev;
3116 struct sk_buff *skb;
3117
3118 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3119 if (!skb)
3120 return;
3121
3122 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3123 hdr->evt = HCI_EV_STACK_INTERNAL;
3124 hdr->plen = sizeof(*ev) + dlen;
3125
3126 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3127 ev->type = type;
3128 memcpy(ev->data, data, dlen);
3129
576c7d85 3130 bt_cb(skb)->incoming = 1;
a61bbcf2 3131 __net_timestamp(skb);
576c7d85 3132
0d48d939 3133 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3134 skb->dev = (void *) hdev;
eec8d2bc 3135 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3136 kfree_skb(skb);
3137}
e6100a25 3138
669bb396 3139module_param(enable_le, bool, 0644);
e6100a25 3140MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)