projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for setting LE advertising data
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
3159d384 231
3f0f524b
JH		 232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
3159d384 235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 236}
237
238static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239{
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
9f1db00c 242 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 243
244 if (rp->status)
245 return;
246
db99b5fc
JH		 247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 249}
250
251static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
9f1db00c 256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 269 }
a9de9248 270
33ef95ed
JH		 271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
23bb5763 274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 275}
276
a9de9248 277static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 278{
a9de9248 279 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 280 void *sent;
281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
1da177e4 287
a9de9248
MH		 288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301{
36f7fc7e
JH		 302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
a9de9248 304 void *sent;
1da177e4 305
9f1db00c 306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 307
a9de9248
MH		 308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
1da177e4 311
36f7fc7e
JH		 312 param = *((__u8 *) sent);
313
56e5cb86
JH		 314 hci_dev_lock(hdev);
315
fa1bd918 316 if (status) {
744cf19e 317 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
36f7fc7e
JH		 322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 332 to);
16ab91ab 333 }
36f7fc7e 334 } else if (old_iscan)
744cf19e 335 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
744cf19e 340 mgmt_connectable(hdev, 1);
36f7fc7e 341 } else if (old_pscan)
744cf19e 342 mgmt_connectable(hdev, 0);
1da177e4 343
36f7fc7e 344done:
56e5cb86 345 hci_dev_unlock(hdev);
23bb5763 346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 352
9f1db00c 353 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 354
a9de9248
MH		 355 if (rp->status)
356 return;
1da177e4 357
a9de9248 358 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 359
a9de9248 360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
1da177e4 374
7f9a903c
MH		 375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
a9de9248 384}
1da177e4 385
a9de9248
MH		 386static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
9f1db00c 391 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
f383f275 398 if (hdev->voice_setting == setting)
a9de9248
MH		 399 return;
400
401 hdev->voice_setting = setting;
402
9f1db00c 403 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 404
3c54711c 405 if (hdev->notify)
a9de9248 406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 407}
408
8fc9ced3
GP		 409static void hci_cc_write_voice_setting(struct hci_dev *hdev,
410 struct sk_buff *skb)
a9de9248
MH		 411{
412 __u8 status = *((__u8 *) skb->data);
f383f275 413 __u16 setting;
a9de9248
MH		 414 void *sent;
415
9f1db00c 416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 417
f383f275
MH		 418 if (status)
419 return;
420
a9de9248
MH		 421 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
422 if (!sent)
423 return;
1da177e4 424
f383f275 425 setting = get_unaligned_le16(sent);
1da177e4 426
f383f275
MH		 427 if (hdev->voice_setting == setting)
428 return;
429
430 hdev->voice_setting = setting;
1da177e4 431
9f1db00c 432 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 433
3c54711c 434 if (hdev->notify)
f383f275 435 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 436}
437
a9de9248 438static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 439{
a9de9248 440 __u8 status = *((__u8 *) skb->data);
1da177e4 441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 443
23bb5763 444 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 445}
1143e5a6 446
333140b5
MH		 447static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448{
449 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 450 struct hci_cp_write_ssp_mode *sent;
333140b5 451
9f1db00c 452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 453
333140b5
MH		 454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 if (!sent)
456 return;
457
5ed8eb2f
JH		 458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
ed2c4ee3 465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 467 else if (!status) {
5ed8eb2f 468 if (sent->mode)
c0ecddc2
JH		 469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 else
471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
472 }
333140b5
MH		 473}
474
d5859e22
JH		 475static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
476{
976eb20e 477 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 478 return 2;
479
976eb20e 480 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 481 return 1;
482
483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 484 hdev->lmp_subver == 0x0757)
d5859e22
JH		 485 return 1;
486
487 if (hdev->manufacturer == 15) {
488 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
489 return 1;
490 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
491 return 1;
492 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
493 return 1;
494 }
495
496 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 497 hdev->lmp_subver == 0x1805)
d5859e22
JH		 498 return 1;
499
500 return 0;
501}
502
503static void hci_setup_inquiry_mode(struct hci_dev *hdev)
504{
505 u8 mode;
506
507 mode = hci_get_inquiry_mode(hdev);
508
509 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
510}
511
512static void hci_setup_event_mask(struct hci_dev *hdev)
513{
514 /* The second byte is 0xff instead of 0x9f (two reserved bits
515 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
516 * command otherwise */
517 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
518
6de6c18d
VT		 519 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
520 * any event mask for pre 1.2 devices */
5a13b095 521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 522 return;
523
e1171e8d
JH		 524 if (lmp_bredr_capable(hdev)) {
525 events[4] |= 0x01; /* Flow Specification Complete */
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
d5859e22 531
976eb20e 532 if (lmp_inq_rssi_capable(hdev))
a24299e6 533 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 534
999dcd10 535 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 536 events[5] |= 0x20; /* Sniff Subrating */
537
976eb20e 538 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
540
976eb20e 541 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 542 events[5] |= 0x40; /* Extended Inquiry Result */
543
c58e810e 544 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 545 events[7] |= 0x01; /* Enhanced Flush Complete */
546
976eb20e 547 if (lmp_lsto_capable(hdev))
d5859e22
JH		 548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
549
9a1a1996 550 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 551 events[6] |= 0x01; /* IO Capability Request */
552 events[6] |= 0x02; /* IO Capability Response */
553 events[6] |= 0x04; /* User Confirmation Request */
554 events[6] |= 0x08; /* User Passkey Request */
555 events[6] |= 0x10; /* Remote OOB Data Request */
556 events[6] |= 0x20; /* Simple Pairing Complete */
557 events[7] |= 0x04; /* User Passkey Notification */
558 events[7] |= 0x08; /* Keypress Notification */
559 events[7] |= 0x10; /* Remote Host Supported
560 * Features Notification */
561 }
562
c383ddc4 563 if (lmp_le_capable(hdev))
d5859e22
JH		 564 events[7] |= 0x20; /* LE Meta-Event */
565
566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
d5859e22
JH		 574}
575
4611dfa8 576static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 577{
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605}
606
4611dfa8 607static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 608{
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 611
612 /* Read LE Advertising Channel TX Power */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 614}
615
d5859e22
JH		 616static void hci_setup(struct hci_dev *hdev)
617{
e61ef499
AE		 618 if (hdev->dev_type != HCI_BREDR)
619 return;
620
e1171e8d
JH		 621 /* Read BD Address */
622 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
623
624 if (lmp_bredr_capable(hdev))
4611dfa8 625 bredr_setup(hdev);
e1171e8d
JH		 626
627 if (lmp_le_capable(hdev))
4611dfa8 628 le_setup(hdev);
e1171e8d 629
d5859e22
JH		 630 hci_setup_event_mask(hdev);
631
d095c1eb 632 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 633 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
634
6d3c730f 635 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 636 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
637 u8 mode = 0x01;
638 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 639 sizeof(mode), &mode);
54d04dbb
JH		 640 } else {
641 struct hci_cp_write_eir cp;
642
643 memset(hdev->eir, 0, sizeof(hdev->eir));
644 memset(&cp, 0, sizeof(cp));
645
646 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
647 }
d5859e22
JH		 648 }
649
976eb20e 650 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 651 hci_setup_inquiry_mode(hdev);
652
976eb20e 653 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 654 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 655
976eb20e 656 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 657 struct hci_cp_read_local_ext_features cp;
658
659 cp.page = 0x01;
04124681
GP		 660 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
661 &cp);
971e3a4b 662 }
e6100a25 663
47990ea0
JH		 664 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
665 u8 enable = 1;
04124681
GP		 666 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
667 &enable);
47990ea0 668 }
d5859e22
JH		 669}
670
a9de9248
MH		 671static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
672{
673 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 674
9f1db00c 675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 676
a9de9248 677 if (rp->status)
28b8df77 678 goto done;
1143e5a6 679
a9de9248 680 hdev->hci_ver = rp->hci_ver;
e4e8e37c 681 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 682 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 683 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 684 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 685
9f1db00c 686 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 687 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 688
689 if (test_bit(HCI_INIT, &hdev->flags))
690 hci_setup(hdev);
28b8df77
AE		 691
692done:
693 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 694}
695
696static void hci_setup_link_policy(struct hci_dev *hdev)
697{
035100c8 698 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 699 u16 link_policy = 0;
700
9f92ebf6 701 if (lmp_rswitch_capable(hdev))
d5859e22 702 link_policy |= HCI_LP_RSWITCH;
976eb20e 703 if (lmp_hold_capable(hdev))
d5859e22 704 link_policy |= HCI_LP_HOLD;
6eded100 705 if (lmp_sniff_capable(hdev))
d5859e22 706 link_policy |= HCI_LP_SNIFF;
976eb20e 707 if (lmp_park_capable(hdev))
d5859e22
JH		 708 link_policy |= HCI_LP_PARK;
709
035100c8
AE		 710 cp.policy = cpu_to_le16(link_policy);
711 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 712}
1da177e4 713
8fc9ced3
GP		 714static void hci_cc_read_local_commands(struct hci_dev *hdev,
715 struct sk_buff *skb)
a9de9248
MH		 716{
717 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 718
9f1db00c 719 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 720
a9de9248 721 if (rp->status)
d5859e22 722 goto done;
1da177e4 723
a9de9248 724 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 725
726 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
727 hci_setup_link_policy(hdev);
728
729done:
730 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 731}
1da177e4 732
8fc9ced3
GP		 733static void hci_cc_read_local_features(struct hci_dev *hdev,
734 struct sk_buff *skb)
a9de9248
MH		 735{
736 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 739
a9de9248
MH		 740 if (rp->status)
741 return;
5b7f9909 742
a9de9248 743 memcpy(hdev->features, rp->features, 8);
5b7f9909 744
a9de9248
MH		 745 /* Adjust default settings according to features
746 * supported by device. */
1da177e4 747
a9de9248
MH		 748 if (hdev->features[0] & LMP_3SLOT)
749 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 750
a9de9248
MH		 751 if (hdev->features[0] & LMP_5SLOT)
752 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 753
a9de9248
MH		 754 if (hdev->features[1] & LMP_HV2) {
755 hdev->pkt_type |= (HCI_HV2);
756 hdev->esco_type |= (ESCO_HV2);
757 }
1da177e4 758
a9de9248
MH		 759 if (hdev->features[1] & LMP_HV3) {
760 hdev->pkt_type |= (HCI_HV3);
761 hdev->esco_type |= (ESCO_HV3);
762 }
1da177e4 763
45db810f 764 if (lmp_esco_capable(hdev))
a9de9248 765 hdev->esco_type |= (ESCO_EV3);
da1f5198 766
a9de9248
MH		 767 if (hdev->features[4] & LMP_EV4)
768 hdev->esco_type |= (ESCO_EV4);
da1f5198 769
a9de9248
MH		 770 if (hdev->features[4] & LMP_EV5)
771 hdev->esco_type |= (ESCO_EV5);
1da177e4 772
efc7688b
MH		 773 if (hdev->features[5] & LMP_EDR_ESCO_2M)
774 hdev->esco_type |= (ESCO_2EV3);
775
776 if (hdev->features[5] & LMP_EDR_ESCO_3M)
777 hdev->esco_type |= (ESCO_3EV3);
778
779 if (hdev->features[5] & LMP_EDR_3S_ESCO)
780 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
781
a9de9248 782 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 783 hdev->features[0], hdev->features[1],
784 hdev->features[2], hdev->features[3],
785 hdev->features[4], hdev->features[5],
786 hdev->features[6], hdev->features[7]);
a9de9248 787}
1da177e4 788
8f984dfa
JH		 789static void hci_set_le_support(struct hci_dev *hdev)
790{
791 struct hci_cp_write_le_host_supported cp;
792
793 memset(&cp, 0, sizeof(cp));
794
9d42820f 795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 796 cp.le = 1;
976eb20e 797 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 798 }
799
976eb20e 800 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 801 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
802 &cp);
8f984dfa
JH		 803}
804
971e3a4b 805static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 806 struct sk_buff *skb)
971e3a4b
AG		 807{
808 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
809
9f1db00c 810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 811
812 if (rp->status)
8f984dfa 813 goto done;
971e3a4b 814
b5b32b65
AG		 815 switch (rp->page) {
816 case 0:
817 memcpy(hdev->features, rp->features, 8);
818 break;
819 case 1:
820 memcpy(hdev->host_features, rp->features, 8);
821 break;
822 }
971e3a4b 823
c383ddc4 824 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 825 hci_set_le_support(hdev);
826
827done:
971e3a4b
AG		 828 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
829}
830
1e89cffb 831static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 832 struct sk_buff *skb)
1e89cffb
AE		 833{
834 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
835
9f1db00c 836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 837
838 if (rp->status)
839 return;
840
841 hdev->flow_ctl_mode = rp->mode;
842
843 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
844}
845
a9de9248
MH		 846static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 849
9f1db00c 850 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 851
a9de9248
MH		 852 if (rp->status)
853 return;
1da177e4 854
a9de9248
MH		 855 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
856 hdev->sco_mtu = rp->sco_mtu;
857 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
858 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
859
860 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
861 hdev->sco_mtu = 64;
862 hdev->sco_pkts = 8;
1da177e4 863 }
a9de9248
MH		 864
865 hdev->acl_cnt = hdev->acl_pkts;
866 hdev->sco_cnt = hdev->sco_pkts;
867
807deac2
GP		 868 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
869 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 870}
871
872static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
873{
874 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
875
9f1db00c 876 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 877
878 if (!rp->status)
879 bacpy(&hdev->bdaddr, &rp->bdaddr);
880
23bb5763
JH		 881 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
882}
883
350ee4cf 884static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 885 struct sk_buff *skb)
350ee4cf
AE		 886{
887 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
888
9f1db00c 889 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 890
891 if (rp->status)
892 return;
893
894 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
895 hdev->block_len = __le16_to_cpu(rp->block_len);
896 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
897
898 hdev->block_cnt = hdev->num_blocks;
899
900 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 901 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 902
903 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
904}
905
23bb5763
JH		 906static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 911
912 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 913}
914
928abaa7 915static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 916 struct sk_buff *skb)
928abaa7
AE		 917{
918 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
919
9f1db00c 920 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 921
922 if (rp->status)
8e2a0d92 923 goto a2mp_rsp;
928abaa7
AE		 924
925 hdev->amp_status = rp->amp_status;
926 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
927 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
928 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
929 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
930 hdev->amp_type = rp->amp_type;
931 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
932 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
933 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
934 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
935
936 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 937
938a2mp_rsp:
939 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 940}
941
903e4541
AE		 942static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
943 struct sk_buff *skb)
944{
945 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
946 struct amp_assoc *assoc = &hdev->loc_assoc;
947 size_t rem_len, frag_len;
948
949 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950
951 if (rp->status)
952 goto a2mp_rsp;
953
954 frag_len = skb->len - sizeof(*rp);
955 rem_len = __le16_to_cpu(rp->rem_len);
956
957 if (rem_len > frag_len) {
2e430be3 958 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 959
960 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
961 assoc->offset += frag_len;
962
963 /* Read other fragments */
964 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
965
966 return;
967 }
968
969 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
970 assoc->len = assoc->offset + rem_len;
971 assoc->offset = 0;
972
973a2mp_rsp:
974 /* Send A2MP Rsp when all fragments are received */
975 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 976 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 977}
978
b0916ea0 979static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 980 struct sk_buff *skb)
b0916ea0
JH		 981{
982 __u8 status = *((__u8 *) skb->data);
983
9f1db00c 984 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 985
986 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
987}
988
d5859e22
JH		 989static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
990{
991 __u8 status = *((__u8 *) skb->data);
992
9f1db00c 993 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 994
995 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
996}
997
998static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 999 struct sk_buff *skb)
d5859e22
JH		 1000{
1001 __u8 status = *((__u8 *) skb->data);
1002
9f1db00c 1003 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1004
1005 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1006}
1007
1008static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1009 struct sk_buff *skb)
d5859e22 1010{
91c4e9b1 1011 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1014
1015 if (!rp->status)
1016 hdev->inq_tx_power = rp->tx_power;
d5859e22 1017
91c4e9b1 1018 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1019}
1020
1021static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 __u8 status = *((__u8 *) skb->data);
1024
9f1db00c 1025 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1026
1027 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1028}
1029
980e1a53
JH		 1030static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1031{
1032 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1033 struct hci_cp_pin_code_reply *cp;
1034 struct hci_conn *conn;
1035
9f1db00c 1036 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1037
56e5cb86
JH		 1038 hci_dev_lock(hdev);
1039
a8b2d5c2 1040 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1041 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1042
fa1bd918 1043 if (rp->status)
56e5cb86 1044 goto unlock;
980e1a53
JH		 1045
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1047 if (!cp)
56e5cb86 1048 goto unlock;
980e1a53
JH		 1049
1050 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1051 if (conn)
1052 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1053
1054unlock:
1055 hci_dev_unlock(hdev);
980e1a53
JH		 1056}
1057
1058static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1059{
1060 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1061
9f1db00c 1062 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1063
56e5cb86
JH		 1064 hci_dev_lock(hdev);
1065
a8b2d5c2 1066 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1067 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1068 rp->status);
56e5cb86
JH		 1069
1070 hci_dev_unlock(hdev);
980e1a53 1071}
56e5cb86 1072
6ed58ec5
VT		 1073static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1074 struct sk_buff *skb)
1075{
1076 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1077
9f1db00c 1078 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1079
1080 if (rp->status)
1081 return;
1082
1083 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1084 hdev->le_pkts = rp->le_max_pkt;
1085
1086 hdev->le_cnt = hdev->le_pkts;
1087
1088 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1089
1090 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1091}
980e1a53 1092
8fa19098
JH		 1093static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1094 struct sk_buff *skb)
1095{
1096 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1097
1098 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1099
3f0f524b 1100 if (!rp->status) {
8fa19098 1101 hdev->adv_tx_power = rp->tx_power;
3f0f524b
JH		 1102 if (!test_bit(HCI_INIT, &hdev->flags))
1103 hci_update_ad(hdev);
1104 }
8fa19098
JH		 1105
1106 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1107}
1108
e36b04c8
JH		 1109static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 __u8 status = *((__u8 *) skb->data);
1112
1113 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1114
1115 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1116}
1117
a5c29683
JH		 1118static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1121
9f1db00c 1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1123
56e5cb86
JH		 1124 hci_dev_lock(hdev);
1125
a8b2d5c2 1126 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1127 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1128 rp->status);
56e5cb86
JH		 1129
1130 hci_dev_unlock(hdev);
a5c29683
JH		 1131}
1132
1133static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1134 struct sk_buff *skb)
a5c29683
JH		 1135{
1136 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1137
9f1db00c 1138 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1139
56e5cb86
JH		 1140 hci_dev_lock(hdev);
1141
a8b2d5c2 1142 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1143 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1144 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1145
1146 hci_dev_unlock(hdev);
a5c29683
JH		 1147}
1148
1143d458
BG		 1149static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1150{
1151 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1152
9f1db00c 1153 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1154
1155 hci_dev_lock(hdev);
1156
a8b2d5c2 1157 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1158 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1159 0, rp->status);
1143d458
BG		 1160
1161 hci_dev_unlock(hdev);
1162}
1163
1164static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1165 struct sk_buff *skb)
1143d458
BG		 1166{
1167 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1168
9f1db00c 1169 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1170
1171 hci_dev_lock(hdev);
1172
a8b2d5c2 1173 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1174 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1175 ACL_LINK, 0, rp->status);
1143d458
BG		 1176
1177 hci_dev_unlock(hdev);
1178}
1179
c35938b2 1180static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1181 struct sk_buff *skb)
c35938b2
SJ		 1182{
1183 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1184
9f1db00c 1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1186
56e5cb86 1187 hci_dev_lock(hdev);
744cf19e 1188 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1189 rp->randomizer, rp->status);
56e5cb86 1190 hci_dev_unlock(hdev);
c35938b2
SJ		 1191}
1192
07f7fa5d
AG		 1193static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1194{
1195 __u8 status = *((__u8 *) skb->data);
1196
9f1db00c 1197 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1198
1199 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1200
1201 if (status) {
1202 hci_dev_lock(hdev);
1203 mgmt_start_discovery_failed(hdev, status);
1204 hci_dev_unlock(hdev);
1205 return;
1206 }
07f7fa5d
AG		 1207}
1208
eb9d91f5 1209static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1210 struct sk_buff *skb)
eb9d91f5
AG		 1211{
1212 struct hci_cp_le_set_scan_enable *cp;
1213 __u8 status = *((__u8 *) skb->data);
1214
9f1db00c 1215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1216
eb9d91f5
AG		 1217 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1218 if (!cp)
1219 return;
1220
68a8aea4
AE		 1221 switch (cp->enable) {
1222 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1223 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1224
3fd24153
AG		 1225 if (status) {
1226 hci_dev_lock(hdev);
1227 mgmt_start_discovery_failed(hdev, status);
1228 hci_dev_unlock(hdev);
7ba8b4be 1229 return;
3fd24153 1230 }
7ba8b4be 1231
d23264a8
AG		 1232 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1233
a8f13c8c 1234 hci_dev_lock(hdev);
343f935b 1235 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1236 hci_dev_unlock(hdev);
68a8aea4
AE		 1237 break;
1238
1239 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1240 if (status) {
1241 hci_dev_lock(hdev);
1242 mgmt_stop_discovery_failed(hdev, status);
1243 hci_dev_unlock(hdev);
7ba8b4be 1244 return;
c9ecc48e 1245 }
7ba8b4be 1246
d23264a8
AG		 1247 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1248
bc3dd33c
AG		 1249 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1250 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1251 mgmt_interleaved_discovery(hdev);
1252 } else {
1253 hci_dev_lock(hdev);
1254 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1255 hci_dev_unlock(hdev);
1256 }
1257
68a8aea4
AE		 1258 break;
1259
1260 default:
1261 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1262 break;
35815085 1263 }
eb9d91f5
AG		 1264}
1265
a7a595f6
VCG		 1266static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1267{
1268 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1269
9f1db00c 1270 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1271
1272 if (rp->status)
1273 return;
1274
1275 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1276}
1277
1278static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1279{
1280 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1281
9f1db00c 1282 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1283
1284 if (rp->status)
1285 return;
1286
1287 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1288}
1289
6039aa73
GP		 1290static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1291 struct sk_buff *skb)
f9b49306 1292{
06199cf8 1293 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1294 __u8 status = *((__u8 *) skb->data);
1295
9f1db00c 1296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1297
06199cf8 1298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1299 if (!sent)
f9b49306
AG		 1300 return;
1301
8f984dfa
JH		 1302 if (!status) {
1303 if (sent->le)
1304 hdev->host_features[0] |= LMP_HOST_LE;
1305 else
1306 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1307
1308 if (sent->simul)
1309 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1310 else
1311 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1312 }
1313
1314 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1315 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1316 mgmt_le_enable_complete(hdev, sent->le, status);
1317
1318 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1319}
1320
93c284ee
AE		 1321static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1322 struct sk_buff *skb)
1323{
1324 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1325
1326 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1327 hdev->name, rp->status, rp->phy_handle);
1328
1329 if (rp->status)
1330 return;
1331
1332 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1333}
1334
6039aa73 1335static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1336{
9f1db00c 1337 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1338
1339 if (status) {
23bb5763 1340 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1341 hci_conn_check_pending(hdev);
56e5cb86 1342 hci_dev_lock(hdev);
a8b2d5c2 1343 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1344 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1345 hci_dev_unlock(hdev);
314b2381
JH		 1346 return;
1347 }
1348
89352e7d
AG		 1349 set_bit(HCI_INQUIRY, &hdev->flags);
1350
56e5cb86 1351 hci_dev_lock(hdev);
343f935b 1352 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1353 hci_dev_unlock(hdev);
1da177e4
LT		 1354}
1355
6039aa73 1356static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1357{
a9de9248 1358 struct hci_cp_create_conn *cp;
1da177e4 1359 struct hci_conn *conn;
1da177e4 1360
9f1db00c 1361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1362
1363 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1364 if (!cp)
1365 return;
1366
1367 hci_dev_lock(hdev);
1368
1369 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1370
6ed93dc6 1371 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1372
1373 if (status) {
1374 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1375 if (status != 0x0c || conn->attempt > 2) {
1376 conn->state = BT_CLOSED;
1377 hci_proto_connect_cfm(conn, status);
1378 hci_conn_del(conn);
1379 } else
1380 conn->state = BT_CONNECT2;
1da177e4
LT		 1381 }
1382 } else {
1383 if (!conn) {
1384 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1385 if (conn) {
a0c808b3 1386 conn->out = true;
1da177e4
LT		 1387 conn->link_mode |= HCI_LM_MASTER;
1388 } else
893ef971 1389 BT_ERR("No memory for new connection");
1da177e4
LT		 1390 }
1391 }
1392
1393 hci_dev_unlock(hdev);
1394}
1395
a9de9248 1396static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1397{
a9de9248
MH		 1398 struct hci_cp_add_sco *cp;
1399 struct hci_conn *acl, *sco;
1400 __u16 handle;
1da177e4 1401
9f1db00c 1402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1403
a9de9248
MH		 1404 if (!status)
1405 return;
1da177e4 1406
a9de9248
MH		 1407 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1408 if (!cp)
1409 return;
1da177e4 1410
a9de9248 1411 handle = __le16_to_cpu(cp->handle);
1da177e4 1412
9f1db00c 1413 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1414
a9de9248 1415 hci_dev_lock(hdev);
1da177e4 1416
a9de9248 1417 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1418 if (acl) {
1419 sco = acl->link;
1420 if (sco) {
1421 sco->state = BT_CLOSED;
1da177e4 1422
5a08ecce
AE		 1423 hci_proto_connect_cfm(sco, status);
1424 hci_conn_del(sco);
1425 }
a9de9248 1426 }
1da177e4 1427
a9de9248
MH		 1428 hci_dev_unlock(hdev);
1429}
1da177e4 1430
f8558555
MH		 1431static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1432{
1433 struct hci_cp_auth_requested *cp;
1434 struct hci_conn *conn;
1435
9f1db00c 1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1437
1438 if (!status)
1439 return;
1440
1441 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1442 if (!cp)
1443 return;
1444
1445 hci_dev_lock(hdev);
1446
1447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1448 if (conn) {
1449 if (conn->state == BT_CONFIG) {
1450 hci_proto_connect_cfm(conn, status);
1451 hci_conn_put(conn);
1452 }
1453 }
1454
1455 hci_dev_unlock(hdev);
1456}
1457
1458static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1459{
1460 struct hci_cp_set_conn_encrypt *cp;
1461 struct hci_conn *conn;
1462
9f1db00c 1463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1464
1465 if (!status)
1466 return;
1467
1468 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1469 if (!cp)
1470 return;
1471
1472 hci_dev_lock(hdev);
1473
1474 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1475 if (conn) {
1476 if (conn->state == BT_CONFIG) {
1477 hci_proto_connect_cfm(conn, status);
1478 hci_conn_put(conn);
1479 }
1480 }
1481
1482 hci_dev_unlock(hdev);
1483}
1484
127178d2 1485static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1486 struct hci_conn *conn)
392599b9 1487{
392599b9
JH		 1488 if (conn->state != BT_CONFIG || !conn->out)
1489 return 0;
1490
765c2a96 1491 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1492 return 0;
1493
1494 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1495 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1496 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1497 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1498 return 0;
1499
392599b9
JH		 1500 return 1;
1501}
1502
6039aa73 1503static int hci_resolve_name(struct hci_dev *hdev,
04124681 1504 struct inquiry_entry *e)
30dc78e1
JH		 1505{
1506 struct hci_cp_remote_name_req cp;
1507
1508 memset(&cp, 0, sizeof(cp));
1509
1510 bacpy(&cp.bdaddr, &e->data.bdaddr);
1511 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1512 cp.pscan_mode = e->data.pscan_mode;
1513 cp.clock_offset = e->data.clock_offset;
1514
1515 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1516}
1517
b644ba33 1518static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1519{
1520 struct discovery_state *discov = &hdev->discovery;
1521 struct inquiry_entry *e;
1522
b644ba33
JH		 1523 if (list_empty(&discov->resolve))
1524 return false;
1525
1526 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1527 if (!e)
1528 return false;
1529
b644ba33
JH		 1530 if (hci_resolve_name(hdev, e) == 0) {
1531 e->name_state = NAME_PENDING;
1532 return true;
1533 }
1534
1535 return false;
1536}
1537
1538static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1539 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1540{
1541 struct discovery_state *discov = &hdev->discovery;
1542 struct inquiry_entry *e;
1543
1544 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1545 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1546 name_len, conn->dev_class);
b644ba33
JH		 1547
1548 if (discov->state == DISCOVERY_STOPPED)
1549 return;
1550
30dc78e1
JH		 1551 if (discov->state == DISCOVERY_STOPPING)
1552 goto discov_complete;
1553
1554 if (discov->state != DISCOVERY_RESOLVING)
1555 return;
1556
1557 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1558 /* If the device was not found in a list of found devices names of which
1559 * are pending. there is no need to continue resolving a next name as it
1560 * will be done upon receiving another Remote Name Request Complete
1561 * Event */
1562 if (!e)
1563 return;
1564
1565 list_del(&e->list);
1566 if (name) {
30dc78e1 1567 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1568 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1569 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1570 } else {
1571 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1572 }
1573
b644ba33 1574 if (hci_resolve_next_name(hdev))
30dc78e1 1575 return;
30dc78e1
JH		 1576
1577discov_complete:
1578 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1579}
1580
a9de9248
MH		 1581static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1582{
127178d2
JH		 1583 struct hci_cp_remote_name_req *cp;
1584 struct hci_conn *conn;
1585
9f1db00c 1586 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1587
1588 /* If successful wait for the name req complete event before
1589 * checking for the need to do authentication */
1590 if (!status)
1591 return;
1592
1593 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1594 if (!cp)
1595 return;
1596
1597 hci_dev_lock(hdev);
1598
b644ba33
JH		 1599 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1600
a8b2d5c2 1601 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1602 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1603
79c6c70c
JH		 1604 if (!conn)
1605 goto unlock;
1606
1607 if (!hci_outgoing_auth_needed(hdev, conn))
1608 goto unlock;
1609
51a8efd7 1610 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1611 struct hci_cp_auth_requested cp;
1612 cp.handle = __cpu_to_le16(conn->handle);
1613 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1614 }
1615
79c6c70c 1616unlock:
127178d2 1617 hci_dev_unlock(hdev);
a9de9248 1618}
1da177e4 1619
769be974
MH		 1620static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1621{
1622 struct hci_cp_read_remote_features *cp;
1623 struct hci_conn *conn;
1624
9f1db00c 1625 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1626
1627 if (!status)
1628 return;
1629
1630 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1631 if (!cp)
1632 return;
1633
1634 hci_dev_lock(hdev);
1635
1636 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1637 if (conn) {
1638 if (conn->state == BT_CONFIG) {
769be974
MH		 1639 hci_proto_connect_cfm(conn, status);
1640 hci_conn_put(conn);
1641 }
1642 }
1643
1644 hci_dev_unlock(hdev);
1645}
1646
1647static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1648{
1649 struct hci_cp_read_remote_ext_features *cp;
1650 struct hci_conn *conn;
1651
9f1db00c 1652 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1653
1654 if (!status)
1655 return;
1656
1657 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1658 if (!cp)
1659 return;
1660
1661 hci_dev_lock(hdev);
1662
1663 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1664 if (conn) {
1665 if (conn->state == BT_CONFIG) {
769be974
MH		 1666 hci_proto_connect_cfm(conn, status);
1667 hci_conn_put(conn);
1668 }
1669 }
1670
1671 hci_dev_unlock(hdev);
1672}
1673
a9de9248
MH		 1674static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1675{
b6a0dc82
MH		 1676 struct hci_cp_setup_sync_conn *cp;
1677 struct hci_conn *acl, *sco;
1678 __u16 handle;
1679
9f1db00c 1680 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1681
1682 if (!status)
1683 return;
1684
1685 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1686 if (!cp)
1687 return;
1688
1689 handle = __le16_to_cpu(cp->handle);
1690
9f1db00c 1691 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1692
1693 hci_dev_lock(hdev);
1694
1695 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1696 if (acl) {
1697 sco = acl->link;
1698 if (sco) {
1699 sco->state = BT_CLOSED;
b6a0dc82 1700
5a08ecce
AE		 1701 hci_proto_connect_cfm(sco, status);
1702 hci_conn_del(sco);
1703 }
b6a0dc82
MH		 1704 }
1705
1706 hci_dev_unlock(hdev);
1da177e4
LT		 1707}
1708
a9de9248 1709static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1710{
a9de9248
MH		 1711 struct hci_cp_sniff_mode *cp;
1712 struct hci_conn *conn;
1da177e4 1713
9f1db00c 1714 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1715
a9de9248
MH		 1716 if (!status)
1717 return;
04837f64 1718
a9de9248
MH		 1719 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1720 if (!cp)
1721 return;
04837f64 1722
a9de9248 1723 hci_dev_lock(hdev);
04837f64 1724
a9de9248 1725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1726 if (conn) {
51a8efd7 1727 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1728
51a8efd7 1729 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1730 hci_sco_setup(conn, status);
1731 }
1732
a9de9248
MH		 1733 hci_dev_unlock(hdev);
1734}
04837f64 1735
a9de9248
MH		 1736static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1737{
1738 struct hci_cp_exit_sniff_mode *cp;
1739 struct hci_conn *conn;
04837f64 1740
9f1db00c 1741 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1742
a9de9248
MH		 1743 if (!status)
1744 return;
04837f64 1745
a9de9248
MH		 1746 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1747 if (!cp)
1748 return;
04837f64 1749
a9de9248 1750 hci_dev_lock(hdev);
1da177e4 1751
a9de9248 1752 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1753 if (conn) {
51a8efd7 1754 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1755
51a8efd7 1756 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1757 hci_sco_setup(conn, status);
1758 }
1759
a9de9248 1760 hci_dev_unlock(hdev);
1da177e4
LT		 1761}
1762
88c3df13
JH		 1763static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1764{
1765 struct hci_cp_disconnect *cp;
1766 struct hci_conn *conn;
1767
1768 if (!status)
1769 return;
1770
1771 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1772 if (!cp)
1773 return;
1774
1775 hci_dev_lock(hdev);
1776
1777 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1778 if (conn)
1779 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1780 conn->dst_type, status);
88c3df13
JH		 1781
1782 hci_dev_unlock(hdev);
1783}
1784
fcd89c09
VT		 1785static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1786{
fcd89c09
VT		 1787 struct hci_conn *conn;
1788
9f1db00c 1789 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1790
f00a06ac
AG		 1791 if (status) {
1792 hci_dev_lock(hdev);
fcd89c09 1793
0c95ab78 1794 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1795 if (!conn) {
1796 hci_dev_unlock(hdev);
1797 return;
1798 }
fcd89c09 1799
6ed93dc6 1800 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1801
f00a06ac 1802 conn->state = BT_CLOSED;
0c95ab78 1803 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1804 conn->dst_type, status);
1805 hci_proto_connect_cfm(conn, status);
1806 hci_conn_del(conn);
fcd89c09 1807
f00a06ac
AG		 1808 hci_dev_unlock(hdev);
1809 }
fcd89c09
VT		 1810}
1811
a7a595f6
VCG		 1812static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1813{
9f1db00c 1814 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1815}
1816
a02226d6
AE		 1817static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1818{
93c284ee
AE		 1819 struct hci_cp_create_phy_link *cp;
1820
a02226d6 1821 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1822
93c284ee
AE		 1823 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1824 if (!cp)
1825 return;
1826
e58917b9
AE		 1827 hci_dev_lock(hdev);
1828
1829 if (status) {
1830 struct hci_conn *hcon;
1831
1832 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1833 if (hcon)
1834 hci_conn_del(hcon);
1835 } else {
1836 amp_write_remote_assoc(hdev, cp->phy_handle);
1837 }
1838
1839 hci_dev_unlock(hdev);
a02226d6
AE		 1840}
1841
0b26ab9d
AE		 1842static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1843{
1844 struct hci_cp_accept_phy_link *cp;
1845
1846 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1847
1848 if (status)
1849 return;
1850
1851 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1852 if (!cp)
1853 return;
1854
1855 amp_write_remote_assoc(hdev, cp->phy_handle);
1856}
1857
5ce66b59
AE		 1858static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1859{
1860 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1861}
1862
6039aa73 1863static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1864{
1865 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1866 struct discovery_state *discov = &hdev->discovery;
1867 struct inquiry_entry *e;
1da177e4 1868
9f1db00c 1869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1870
23bb5763 1871 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1872
a9de9248 1873 hci_conn_check_pending(hdev);
89352e7d
AG		 1874
1875 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1876 return;
1877
a8b2d5c2 1878 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1879 return;
1880
56e5cb86 1881 hci_dev_lock(hdev);
30dc78e1 1882
343f935b 1883 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1884 goto unlock;
1885
1886 if (list_empty(&discov->resolve)) {
1887 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1888 goto unlock;
1889 }
1890
1891 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1892 if (e && hci_resolve_name(hdev, e) == 0) {
1893 e->name_state = NAME_PENDING;
1894 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1895 } else {
1896 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1897 }
1898
1899unlock:
56e5cb86 1900 hci_dev_unlock(hdev);
1da177e4
LT		 1901}
1902
6039aa73 1903static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1904{
45bb4bf0 1905 struct inquiry_data data;
a9de9248 1906 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1907 int num_rsp = *((__u8 *) skb->data);
1908
1909 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1910
45bb4bf0
MH		 1911 if (!num_rsp)
1912 return;
1913
1519cc17
AG		 1914 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1915 return;
1916
1da177e4 1917 hci_dev_lock(hdev);
45bb4bf0 1918
e17acd40 1919 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1920 bool name_known, ssp;
3175405b 1921
1da177e4
LT		 1922 bacpy(&data.bdaddr, &info->bdaddr);
1923 data.pscan_rep_mode = info->pscan_rep_mode;
1924 data.pscan_period_mode = info->pscan_period_mode;
1925 data.pscan_mode = info->pscan_mode;
1926 memcpy(data.dev_class, info->dev_class, 3);
1927 data.clock_offset = info->clock_offset;
1928 data.rssi = 0x00;
41a96212 1929 data.ssp_mode = 0x00;
3175405b 1930
388fc8fa 1931 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1932 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1933 info->dev_class, 0, !name_known, ssp, NULL,
1934 0);
1da177e4 1935 }
45bb4bf0 1936
1da177e4
LT		 1937 hci_dev_unlock(hdev);
1938}
1939
6039aa73 1940static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1941{
a9de9248
MH		 1942 struct hci_ev_conn_complete *ev = (void *) skb->data;
1943 struct hci_conn *conn;
1da177e4
LT		 1944
1945 BT_DBG("%s", hdev->name);
1946
1947 hci_dev_lock(hdev);
1948
1949 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1950 if (!conn) {
1951 if (ev->link_type != SCO_LINK)
1952 goto unlock;
1953
1954 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1955 if (!conn)
1956 goto unlock;
1957
1958 conn->type = SCO_LINK;
1959 }
1da177e4
LT		 1960
1961 if (!ev->status) {
1962 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1963
1964 if (conn->type == ACL_LINK) {
1965 conn->state = BT_CONFIG;
1966 hci_conn_hold(conn);
a9ea3ed9
SJ		 1967
1968 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1969 !hci_find_link_key(hdev, &ev->bdaddr))
1970 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1971 else
1972 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1973 } else
1974 conn->state = BT_CONNECTED;
1da177e4 1975
9eba32b8 1976 hci_conn_hold_device(conn);
7d0db0a3
MH		 1977 hci_conn_add_sysfs(conn);
1978
1da177e4
LT		 1979 if (test_bit(HCI_AUTH, &hdev->flags))
1980 conn->link_mode |= HCI_LM_AUTH;
1981
1982 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1983 conn->link_mode |= HCI_LM_ENCRYPT;
1984
04837f64
MH		 1985 /* Get remote features */
1986 if (conn->type == ACL_LINK) {
1987 struct hci_cp_read_remote_features cp;
1988 cp.handle = ev->handle;
769be974 1989 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1990 sizeof(cp), &cp);
04837f64
MH		 1991 }
1992
1da177e4 1993 /* Set packet type for incoming connection */
d095c1eb 1994 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1995 struct hci_cp_change_conn_ptype cp;
1996 cp.handle = ev->handle;
a8746417 1997 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1998 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1999 &cp);
1da177e4 2000 }
17d5c04c 2001 } else {
1da177e4 2002 conn->state = BT_CLOSED;
17d5c04c 2003 if (conn->type == ACL_LINK)
744cf19e 2004 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 2005 conn->dst_type, ev->status);
17d5c04c 2006 }
1da177e4 2007
e73439d8
MH		 2008 if (conn->type == ACL_LINK)
2009 hci_sco_setup(conn, ev->status);
1da177e4 2010
769be974
MH		 2011 if (ev->status) {
2012 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2013 hci_conn_del(conn);
c89b6e6b
MH		 2014 } else if (ev->link_type != ACL_LINK)
2015 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2016
a9de9248 2017unlock:
1da177e4 2018 hci_dev_unlock(hdev);
1da177e4 2019
a9de9248 2020 hci_conn_check_pending(hdev);
1da177e4
LT		 2021}
2022
6039aa73 2023static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2024{
a9de9248
MH		 2025 struct hci_ev_conn_request *ev = (void *) skb->data;
2026 int mask = hdev->link_mode;
1da177e4 2027
6ed93dc6 2028 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2029 ev->link_type);
1da177e4 2030
a9de9248 2031 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2032
138d22ef 2033 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2034 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2035 /* Connection accepted */
c7bdd502 2036 struct inquiry_entry *ie;
1da177e4 2037 struct hci_conn *conn;
1da177e4 2038
a9de9248 2039 hci_dev_lock(hdev);
b6a0dc82 2040
cc11b9c1
AE		 2041 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2042 if (ie)
c7bdd502
MH		 2043 memcpy(ie->data.dev_class, ev->dev_class, 3);
2044
8fc9ced3
GP		 2045 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2046 &ev->bdaddr);
a9de9248 2047 if (!conn) {
cc11b9c1
AE		 2048 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2049 if (!conn) {
893ef971 2050 BT_ERR("No memory for new connection");
a9de9248
MH		 2051 hci_dev_unlock(hdev);
2052 return;
1da177e4
LT		 2053 }
2054 }
b6a0dc82 2055
a9de9248
MH		 2056 memcpy(conn->dev_class, ev->dev_class, 3);
2057 conn->state = BT_CONNECT;
b6a0dc82 2058
a9de9248 2059 hci_dev_unlock(hdev);
1da177e4 2060
b6a0dc82
MH		 2061 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2062 struct hci_cp_accept_conn_req cp;
1da177e4 2063
b6a0dc82
MH		 2064 bacpy(&cp.bdaddr, &ev->bdaddr);
2065
2066 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2067 cp.role = 0x00; /* Become master */
2068 else
2069 cp.role = 0x01; /* Remain slave */
2070
04124681
GP		 2071 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2072 &cp);
b6a0dc82
MH		 2073 } else {
2074 struct hci_cp_accept_sync_conn_req cp;
2075
2076 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2077 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2078
82781e63
AE		 2079 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2080 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2081 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2082 cp.content_format = cpu_to_le16(hdev->voice_setting);
2083 cp.retrans_effort = 0xff;
1da177e4 2084
b6a0dc82 2085 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2086 sizeof(cp), &cp);
b6a0dc82 2087 }
a9de9248
MH		 2088 } else {
2089 /* Connection rejected */
2090 struct hci_cp_reject_conn_req cp;
1da177e4 2091
a9de9248 2092 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2093 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2094 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2095 }
1da177e4
LT		 2096}
2097
f0d6a0ea
MA		 2098static u8 hci_to_mgmt_reason(u8 err)
2099{
2100 switch (err) {
2101 case HCI_ERROR_CONNECTION_TIMEOUT:
2102 return MGMT_DEV_DISCONN_TIMEOUT;
2103 case HCI_ERROR_REMOTE_USER_TERM:
2104 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2105 case HCI_ERROR_REMOTE_POWER_OFF:
2106 return MGMT_DEV_DISCONN_REMOTE;
2107 case HCI_ERROR_LOCAL_HOST_TERM:
2108 return MGMT_DEV_DISCONN_LOCAL_HOST;
2109 default:
2110 return MGMT_DEV_DISCONN_UNKNOWN;
2111 }
2112}
2113
6039aa73 2114static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2115{
a9de9248 2116 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2117 struct hci_conn *conn;
2118
9f1db00c 2119 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2120
2121 hci_dev_lock(hdev);
2122
2123 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2124 if (!conn)
2125 goto unlock;
7d0db0a3 2126
37d9ef76
JH		 2127 if (ev->status == 0)
2128 conn->state = BT_CLOSED;
04837f64 2129
b644ba33 2130 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2131 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2132 if (ev->status) {
88c3df13 2133 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2134 conn->dst_type, ev->status);
f0d6a0ea
MA		 2135 } else {
2136 u8 reason = hci_to_mgmt_reason(ev->reason);
2137
afc747a6 2138 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2139 conn->dst_type, reason);
2140 }
37d9ef76 2141 }
f7520543 2142
37d9ef76 2143 if (ev->status == 0) {
6ec5bcad
VA		 2144 if (conn->type == ACL_LINK && conn->flush_key)
2145 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2146 hci_proto_disconn_cfm(conn, ev->reason);
2147 hci_conn_del(conn);
2148 }
f7520543
JH		 2149
2150unlock:
04837f64
MH		 2151 hci_dev_unlock(hdev);
2152}
2153
6039aa73 2154static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2155{
a9de9248 2156 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2157 struct hci_conn *conn;
1da177e4 2158
9f1db00c 2159 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2160
2161 hci_dev_lock(hdev);
2162
04837f64 2163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2164 if (!conn)
2165 goto unlock;
2166
2167 if (!ev->status) {
aa64a8b5 2168 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2169 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2170 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2171 } else {
d7556e20
WR		 2172 conn->link_mode |= HCI_LM_AUTH;
2173 conn->sec_level = conn->pending_sec_level;
2a611692 2174 }
d7556e20 2175 } else {
bab73cb6 2176 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2177 ev->status);
d7556e20 2178 }
1da177e4 2179
51a8efd7
JH		 2180 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2181 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2182
d7556e20 2183 if (conn->state == BT_CONFIG) {
aa64a8b5 2184 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2185 struct hci_cp_set_conn_encrypt cp;
2186 cp.handle = ev->handle;
2187 cp.encrypt = 0x01;
2188 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2189 &cp);
052b30b0 2190 } else {
d7556e20
WR		 2191 conn->state = BT_CONNECTED;
2192 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2193 hci_conn_put(conn);
2194 }
d7556e20
WR		 2195 } else {
2196 hci_auth_cfm(conn, ev->status);
052b30b0 2197
d7556e20
WR		 2198 hci_conn_hold(conn);
2199 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2200 hci_conn_put(conn);
2201 }
2202
51a8efd7 2203 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2204 if (!ev->status) {
2205 struct hci_cp_set_conn_encrypt cp;
2206 cp.handle = ev->handle;
2207 cp.encrypt = 0x01;
2208 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2209 &cp);
d7556e20 2210 } else {
51a8efd7 2211 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2212 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2213 }
2214 }
2215
d7556e20 2216unlock:
1da177e4
LT		 2217 hci_dev_unlock(hdev);
2218}
2219
6039aa73 2220static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2221{
127178d2
JH		 2222 struct hci_ev_remote_name *ev = (void *) skb->data;
2223 struct hci_conn *conn;
2224
a9de9248 2225 BT_DBG("%s", hdev->name);
1da177e4 2226
a9de9248 2227 hci_conn_check_pending(hdev);
127178d2
JH		 2228
2229 hci_dev_lock(hdev);
2230
b644ba33 2231 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2232
b644ba33
JH		 2233 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2234 goto check_auth;
a88a9652 2235
b644ba33
JH		 2236 if (ev->status == 0)
2237 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2238 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2239 else
2240 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2241
2242check_auth:
79c6c70c
JH		 2243 if (!conn)
2244 goto unlock;
2245
2246 if (!hci_outgoing_auth_needed(hdev, conn))
2247 goto unlock;
2248
51a8efd7 2249 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2250 struct hci_cp_auth_requested cp;
2251 cp.handle = __cpu_to_le16(conn->handle);
2252 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2253 }
2254
79c6c70c 2255unlock:
127178d2 2256 hci_dev_unlock(hdev);
a9de9248
MH		 2257}
2258
6039aa73 2259static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2260{
2261 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2262 struct hci_conn *conn;
2263
9f1db00c 2264 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2265
2266 hci_dev_lock(hdev);
2267
04837f64 2268 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2269 if (conn) {
2270 if (!ev->status) {
ae293196
MH		 2271 if (ev->encrypt) {
2272 /* Encryption implies authentication */
2273 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2274 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2275 conn->sec_level = conn->pending_sec_level;
ae293196 2276 } else
1da177e4
LT		 2277 conn->link_mode &= ~HCI_LM_ENCRYPT;
2278 }
2279
51a8efd7 2280 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2281
a7d7723a 2282 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2283 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2284 hci_conn_put(conn);
2285 goto unlock;
2286 }
2287
f8558555
MH		 2288 if (conn->state == BT_CONFIG) {
2289 if (!ev->status)
2290 conn->state = BT_CONNECTED;
2291
2292 hci_proto_connect_cfm(conn, ev->status);
2293 hci_conn_put(conn);
2294 } else
2295 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2296 }
2297
a7d7723a 2298unlock:
1da177e4
LT		 2299 hci_dev_unlock(hdev);
2300}
2301
6039aa73
GP		 2302static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2303 struct sk_buff *skb)
1da177e4 2304{
a9de9248 2305 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2306 struct hci_conn *conn;
1da177e4 2307
9f1db00c 2308 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2309
2310 hci_dev_lock(hdev);
2311
04837f64 2312 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2313 if (conn) {
2314 if (!ev->status)
2315 conn->link_mode |= HCI_LM_SECURE;
2316
51a8efd7 2317 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2318
2319 hci_key_change_cfm(conn, ev->status);
2320 }
2321
2322 hci_dev_unlock(hdev);
2323}
2324
6039aa73
GP		 2325static void hci_remote_features_evt(struct hci_dev *hdev,
2326 struct sk_buff *skb)
1da177e4 2327{
a9de9248
MH		 2328 struct hci_ev_remote_features *ev = (void *) skb->data;
2329 struct hci_conn *conn;
2330
9f1db00c 2331 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2332
a9de9248
MH		 2333 hci_dev_lock(hdev);
2334
2335 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2336 if (!conn)
2337 goto unlock;
769be974 2338
ccd556fe
JH		 2339 if (!ev->status)
2340 memcpy(conn->features, ev->features, 8);
2341
2342 if (conn->state != BT_CONFIG)
2343 goto unlock;
2344
2345 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2346 struct hci_cp_read_remote_ext_features cp;
2347 cp.handle = ev->handle;
2348 cp.page = 0x01;
2349 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2350 sizeof(cp), &cp);
392599b9
JH		 2351 goto unlock;
2352 }
2353
671267bf 2354 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2355 struct hci_cp_remote_name_req cp;
2356 memset(&cp, 0, sizeof(cp));
2357 bacpy(&cp.bdaddr, &conn->dst);
2358 cp.pscan_rep_mode = 0x02;
2359 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2360 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2361 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2362 conn->dst_type, 0, NULL, 0,
2363 conn->dev_class);
392599b9 2364
127178d2 2365 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2366 conn->state = BT_CONNECTED;
2367 hci_proto_connect_cfm(conn, ev->status);
2368 hci_conn_put(conn);
769be974 2369 }
a9de9248 2370
ccd556fe 2371unlock:
a9de9248 2372 hci_dev_unlock(hdev);
1da177e4
LT		 2373}
2374
6039aa73 2375static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2376{
a9de9248 2377 BT_DBG("%s", hdev->name);
1da177e4
LT		 2378}
2379
6039aa73
GP		 2380static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2381 struct sk_buff *skb)
1da177e4 2382{
a9de9248 2383 BT_DBG("%s", hdev->name);
1da177e4
LT		 2384}
2385
6039aa73 2386static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2387{
2388 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2389 __u16 opcode;
2390
2391 skb_pull(skb, sizeof(*ev));
2392
2393 opcode = __le16_to_cpu(ev->opcode);
2394
2395 switch (opcode) {
2396 case HCI_OP_INQUIRY_CANCEL:
2397 hci_cc_inquiry_cancel(hdev, skb);
2398 break;
2399
4d93483b
AG		 2400 case HCI_OP_PERIODIC_INQ:
2401 hci_cc_periodic_inq(hdev, skb);
2402 break;
2403
a9de9248
MH		 2404 case HCI_OP_EXIT_PERIODIC_INQ:
2405 hci_cc_exit_periodic_inq(hdev, skb);
2406 break;
2407
2408 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2409 hci_cc_remote_name_req_cancel(hdev, skb);
2410 break;
2411
2412 case HCI_OP_ROLE_DISCOVERY:
2413 hci_cc_role_discovery(hdev, skb);
2414 break;
2415
e4e8e37c
MH		 2416 case HCI_OP_READ_LINK_POLICY:
2417 hci_cc_read_link_policy(hdev, skb);
2418 break;
2419
a9de9248
MH		 2420 case HCI_OP_WRITE_LINK_POLICY:
2421 hci_cc_write_link_policy(hdev, skb);
2422 break;
2423
e4e8e37c
MH		 2424 case HCI_OP_READ_DEF_LINK_POLICY:
2425 hci_cc_read_def_link_policy(hdev, skb);
2426 break;
2427
2428 case HCI_OP_WRITE_DEF_LINK_POLICY:
2429 hci_cc_write_def_link_policy(hdev, skb);
2430 break;
2431
a9de9248
MH		 2432 case HCI_OP_RESET:
2433 hci_cc_reset(hdev, skb);
2434 break;
2435
2436 case HCI_OP_WRITE_LOCAL_NAME:
2437 hci_cc_write_local_name(hdev, skb);
2438 break;
2439
2440 case HCI_OP_READ_LOCAL_NAME:
2441 hci_cc_read_local_name(hdev, skb);
2442 break;
2443
2444 case HCI_OP_WRITE_AUTH_ENABLE:
2445 hci_cc_write_auth_enable(hdev, skb);
2446 break;
2447
2448 case HCI_OP_WRITE_ENCRYPT_MODE:
2449 hci_cc_write_encrypt_mode(hdev, skb);
2450 break;
2451
2452 case HCI_OP_WRITE_SCAN_ENABLE:
2453 hci_cc_write_scan_enable(hdev, skb);
2454 break;
2455
2456 case HCI_OP_READ_CLASS_OF_DEV:
2457 hci_cc_read_class_of_dev(hdev, skb);
2458 break;
2459
2460 case HCI_OP_WRITE_CLASS_OF_DEV:
2461 hci_cc_write_class_of_dev(hdev, skb);
2462 break;
2463
2464 case HCI_OP_READ_VOICE_SETTING:
2465 hci_cc_read_voice_setting(hdev, skb);
2466 break;
2467
2468 case HCI_OP_WRITE_VOICE_SETTING:
2469 hci_cc_write_voice_setting(hdev, skb);
2470 break;
2471
2472 case HCI_OP_HOST_BUFFER_SIZE:
2473 hci_cc_host_buffer_size(hdev, skb);
2474 break;
2475
333140b5
MH		 2476 case HCI_OP_WRITE_SSP_MODE:
2477 hci_cc_write_ssp_mode(hdev, skb);
2478 break;
2479
a9de9248
MH		 2480 case HCI_OP_READ_LOCAL_VERSION:
2481 hci_cc_read_local_version(hdev, skb);
2482 break;
2483
2484 case HCI_OP_READ_LOCAL_COMMANDS:
2485 hci_cc_read_local_commands(hdev, skb);
2486 break;
2487
2488 case HCI_OP_READ_LOCAL_FEATURES:
2489 hci_cc_read_local_features(hdev, skb);
2490 break;
2491
971e3a4b
AG		 2492 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2493 hci_cc_read_local_ext_features(hdev, skb);
2494 break;
2495
a9de9248
MH		 2496 case HCI_OP_READ_BUFFER_SIZE:
2497 hci_cc_read_buffer_size(hdev, skb);
2498 break;
2499
2500 case HCI_OP_READ_BD_ADDR:
2501 hci_cc_read_bd_addr(hdev, skb);
2502 break;
2503
350ee4cf
AE		 2504 case HCI_OP_READ_DATA_BLOCK_SIZE:
2505 hci_cc_read_data_block_size(hdev, skb);
2506 break;
2507
23bb5763
JH		 2508 case HCI_OP_WRITE_CA_TIMEOUT:
2509 hci_cc_write_ca_timeout(hdev, skb);
2510 break;
2511
1e89cffb
AE		 2512 case HCI_OP_READ_FLOW_CONTROL_MODE:
2513 hci_cc_read_flow_control_mode(hdev, skb);
2514 break;
2515
928abaa7
AE		 2516 case HCI_OP_READ_LOCAL_AMP_INFO:
2517 hci_cc_read_local_amp_info(hdev, skb);
2518 break;
2519
903e4541
AE		 2520 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2521 hci_cc_read_local_amp_assoc(hdev, skb);
2522 break;
2523
b0916ea0
JH		 2524 case HCI_OP_DELETE_STORED_LINK_KEY:
2525 hci_cc_delete_stored_link_key(hdev, skb);
2526 break;
2527
d5859e22
JH		 2528 case HCI_OP_SET_EVENT_MASK:
2529 hci_cc_set_event_mask(hdev, skb);
2530 break;
2531
2532 case HCI_OP_WRITE_INQUIRY_MODE:
2533 hci_cc_write_inquiry_mode(hdev, skb);
2534 break;
2535
2536 case HCI_OP_READ_INQ_RSP_TX_POWER:
2537 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2538 break;
2539
2540 case HCI_OP_SET_EVENT_FLT:
2541 hci_cc_set_event_flt(hdev, skb);
2542 break;
2543
980e1a53
JH		 2544 case HCI_OP_PIN_CODE_REPLY:
2545 hci_cc_pin_code_reply(hdev, skb);
2546 break;
2547
2548 case HCI_OP_PIN_CODE_NEG_REPLY:
2549 hci_cc_pin_code_neg_reply(hdev, skb);
2550 break;
2551
c35938b2
SJ		 2552 case HCI_OP_READ_LOCAL_OOB_DATA:
2553 hci_cc_read_local_oob_data_reply(hdev, skb);
2554 break;
2555
6ed58ec5
VT		 2556 case HCI_OP_LE_READ_BUFFER_SIZE:
2557 hci_cc_le_read_buffer_size(hdev, skb);
2558 break;
2559
8fa19098
JH		 2560 case HCI_OP_LE_READ_ADV_TX_POWER:
2561 hci_cc_le_read_adv_tx_power(hdev, skb);
2562 break;
2563
e36b04c8
JH		 2564 case HCI_OP_LE_SET_EVENT_MASK:
2565 hci_cc_le_set_event_mask(hdev, skb);
2566 break;
2567
a5c29683
JH		 2568 case HCI_OP_USER_CONFIRM_REPLY:
2569 hci_cc_user_confirm_reply(hdev, skb);
2570 break;
2571
2572 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2573 hci_cc_user_confirm_neg_reply(hdev, skb);
2574 break;
2575
1143d458
BG		 2576 case HCI_OP_USER_PASSKEY_REPLY:
2577 hci_cc_user_passkey_reply(hdev, skb);
2578 break;
2579
2580 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2581 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2582 break;
07f7fa5d
AG		 2583
2584 case HCI_OP_LE_SET_SCAN_PARAM:
2585 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2586 break;
2587
eb9d91f5
AG		 2588 case HCI_OP_LE_SET_SCAN_ENABLE:
2589 hci_cc_le_set_scan_enable(hdev, skb);
2590 break;
2591
a7a595f6
VCG		 2592 case HCI_OP_LE_LTK_REPLY:
2593 hci_cc_le_ltk_reply(hdev, skb);
2594 break;
2595
2596 case HCI_OP_LE_LTK_NEG_REPLY:
2597 hci_cc_le_ltk_neg_reply(hdev, skb);
2598 break;
2599
f9b49306
AG		 2600 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2601 hci_cc_write_le_host_supported(hdev, skb);
2602 break;
2603
93c284ee
AE		 2604 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2605 hci_cc_write_remote_amp_assoc(hdev, skb);
2606 break;
2607
a9de9248 2608 default:
9f1db00c 2609 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2610 break;
2611 }
2612
6bd32326
VT		 2613 if (ev->opcode != HCI_OP_NOP)
2614 del_timer(&hdev->cmd_timer);
2615
a9de9248
MH		 2616 if (ev->ncmd) {
2617 atomic_set(&hdev->cmd_cnt, 1);
2618 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2619 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2620 }
2621}
2622
6039aa73 2623static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2624{
2625 struct hci_ev_cmd_status *ev = (void *) skb->data;
2626 __u16 opcode;
2627
2628 skb_pull(skb, sizeof(*ev));
2629
2630 opcode = __le16_to_cpu(ev->opcode);
2631
2632 switch (opcode) {
2633 case HCI_OP_INQUIRY:
2634 hci_cs_inquiry(hdev, ev->status);
2635 break;
2636
2637 case HCI_OP_CREATE_CONN:
2638 hci_cs_create_conn(hdev, ev->status);
2639 break;
2640
2641 case HCI_OP_ADD_SCO:
2642 hci_cs_add_sco(hdev, ev->status);
2643 break;
2644
f8558555
MH		 2645 case HCI_OP_AUTH_REQUESTED:
2646 hci_cs_auth_requested(hdev, ev->status);
2647 break;
2648
2649 case HCI_OP_SET_CONN_ENCRYPT:
2650 hci_cs_set_conn_encrypt(hdev, ev->status);
2651 break;
2652
a9de9248
MH		 2653 case HCI_OP_REMOTE_NAME_REQ:
2654 hci_cs_remote_name_req(hdev, ev->status);
2655 break;
2656
769be974
MH		 2657 case HCI_OP_READ_REMOTE_FEATURES:
2658 hci_cs_read_remote_features(hdev, ev->status);
2659 break;
2660
2661 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2662 hci_cs_read_remote_ext_features(hdev, ev->status);
2663 break;
2664
a9de9248
MH		 2665 case HCI_OP_SETUP_SYNC_CONN:
2666 hci_cs_setup_sync_conn(hdev, ev->status);
2667 break;
2668
2669 case HCI_OP_SNIFF_MODE:
2670 hci_cs_sniff_mode(hdev, ev->status);
2671 break;
2672
2673 case HCI_OP_EXIT_SNIFF_MODE:
2674 hci_cs_exit_sniff_mode(hdev, ev->status);
2675 break;
2676
8962ee74 2677 case HCI_OP_DISCONNECT:
88c3df13 2678 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2679 break;
2680
fcd89c09
VT		 2681 case HCI_OP_LE_CREATE_CONN:
2682 hci_cs_le_create_conn(hdev, ev->status);
2683 break;
2684
a7a595f6
VCG		 2685 case HCI_OP_LE_START_ENC:
2686 hci_cs_le_start_enc(hdev, ev->status);
2687 break;
2688
a02226d6
AE		 2689 case HCI_OP_CREATE_PHY_LINK:
2690 hci_cs_create_phylink(hdev, ev->status);
2691 break;
2692
0b26ab9d
AE		 2693 case HCI_OP_ACCEPT_PHY_LINK:
2694 hci_cs_accept_phylink(hdev, ev->status);
2695 break;
2696
5ce66b59
AE		 2697 case HCI_OP_CREATE_LOGICAL_LINK:
2698 hci_cs_create_logical_link(hdev, ev->status);
2699 break;
2700
a9de9248 2701 default:
9f1db00c 2702 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2703 break;
2704 }
2705
6bd32326
VT		 2706 if (ev->opcode != HCI_OP_NOP)
2707 del_timer(&hdev->cmd_timer);
2708
10572132 2709 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2710 atomic_set(&hdev->cmd_cnt, 1);
2711 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2712 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2713 }
2714}
2715
6039aa73 2716static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2717{
2718 struct hci_ev_role_change *ev = (void *) skb->data;
2719 struct hci_conn *conn;
2720
9f1db00c 2721 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2722
2723 hci_dev_lock(hdev);
2724
2725 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2726 if (conn) {
2727 if (!ev->status) {
2728 if (ev->role)
2729 conn->link_mode &= ~HCI_LM_MASTER;
2730 else
2731 conn->link_mode |= HCI_LM_MASTER;
2732 }
2733
51a8efd7 2734 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2735
2736 hci_role_switch_cfm(conn, ev->status, ev->role);
2737 }
2738
2739 hci_dev_unlock(hdev);
2740}
2741
6039aa73 2742static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2743{
2744 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2745 int i;
2746
32ac5b9b
AE		 2747 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2748 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2749 return;
2750 }
2751
c5993de8 2752 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2753 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2754 BT_DBG("%s bad parameters", hdev->name);
2755 return;
2756 }
2757
c5993de8
AE		 2758 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2759
613a1c0c
AE		 2760 for (i = 0; i < ev->num_hndl; i++) {
2761 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2762 struct hci_conn *conn;
2763 __u16 handle, count;
2764
613a1c0c
AE		 2765 handle = __le16_to_cpu(info->handle);
2766 count = __le16_to_cpu(info->count);
a9de9248
MH		 2767
2768 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2769 if (!conn)
2770 continue;
2771
2772 conn->sent -= count;
2773
2774 switch (conn->type) {
2775 case ACL_LINK:
2776 hdev->acl_cnt += count;
2777 if (hdev->acl_cnt > hdev->acl_pkts)
2778 hdev->acl_cnt = hdev->acl_pkts;
2779 break;
2780
2781 case LE_LINK:
2782 if (hdev->le_pkts) {
2783 hdev->le_cnt += count;
2784 if (hdev->le_cnt > hdev->le_pkts)
2785 hdev->le_cnt = hdev->le_pkts;
2786 } else {
70f23020
AE		 2787 hdev->acl_cnt += count;
2788 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2789 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2790 }
f4280918
AE		 2791 break;
2792
2793 case SCO_LINK:
2794 hdev->sco_cnt += count;
2795 if (hdev->sco_cnt > hdev->sco_pkts)
2796 hdev->sco_cnt = hdev->sco_pkts;
2797 break;
2798
2799 default:
2800 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2801 break;
a9de9248
MH		 2802 }
2803 }
2804
3eff45ea 2805 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2806}
2807
76ef7cf7
AE		 2808static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2809 __u16 handle)
2810{
2811 struct hci_chan *chan;
2812
2813 switch (hdev->dev_type) {
2814 case HCI_BREDR:
2815 return hci_conn_hash_lookup_handle(hdev, handle);
2816 case HCI_AMP:
2817 chan = hci_chan_lookup_handle(hdev, handle);
2818 if (chan)
2819 return chan->conn;
2820 break;
2821 default:
2822 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2823 break;
2824 }
2825
2826 return NULL;
2827}
2828
6039aa73 2829static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2830{
2831 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2832 int i;
2833
2834 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2835 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2836 return;
2837 }
2838
2839 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2840 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2841 BT_DBG("%s bad parameters", hdev->name);
2842 return;
2843 }
2844
2845 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2846 ev->num_hndl);
25e89e99
AE		 2847
2848 for (i = 0; i < ev->num_hndl; i++) {
2849 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2850 struct hci_conn *conn = NULL;
25e89e99
AE		 2851 __u16 handle, block_count;
2852
2853 handle = __le16_to_cpu(info->handle);
2854 block_count = __le16_to_cpu(info->blocks);
2855
76ef7cf7 2856 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2857 if (!conn)
2858 continue;
2859
2860 conn->sent -= block_count;
2861
2862 switch (conn->type) {
2863 case ACL_LINK:
bd1eb66b 2864 case AMP_LINK:
25e89e99
AE		 2865 hdev->block_cnt += block_count;
2866 if (hdev->block_cnt > hdev->num_blocks)
2867 hdev->block_cnt = hdev->num_blocks;
2868 break;
2869
2870 default:
2871 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2872 break;
2873 }
2874 }
2875
2876 queue_work(hdev->workqueue, &hdev->tx_work);
2877}
2878
6039aa73 2879static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2880{
a9de9248 2881 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2882 struct hci_conn *conn;
2883
9f1db00c 2884 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2885
2886 hci_dev_lock(hdev);
2887
2888 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2889 if (conn) {
2890 conn->mode = ev->mode;
2891 conn->interval = __le16_to_cpu(ev->interval);
2892
8fc9ced3
GP		 2893 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2894 &conn->flags)) {
a9de9248 2895 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2896 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2897 else
58a681ef 2898 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2899 }
e73439d8 2900
51a8efd7 2901 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2902 hci_sco_setup(conn, ev->status);
04837f64
MH		 2903 }
2904
2905 hci_dev_unlock(hdev);
2906}
2907
6039aa73 2908static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2909{
052b30b0
MH		 2910 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2911 struct hci_conn *conn;
2912
a9de9248 2913 BT_DBG("%s", hdev->name);
052b30b0
MH		 2914
2915 hci_dev_lock(hdev);
2916
2917 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2918 if (!conn)
2919 goto unlock;
2920
2921 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2922 hci_conn_hold(conn);
2923 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2924 hci_conn_put(conn);
2925 }
2926
a8b2d5c2 2927 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2928 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2929 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2930 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2931 u8 secure;
2932
2933 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2934 secure = 1;
2935 else
2936 secure = 0;
2937
744cf19e 2938 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2939 }
980e1a53 2940
b6f98044 2941unlock:
052b30b0 2942 hci_dev_unlock(hdev);
a9de9248
MH		 2943}
2944
6039aa73 2945static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2946{
55ed8ca1
JH		 2947 struct hci_ev_link_key_req *ev = (void *) skb->data;
2948 struct hci_cp_link_key_reply cp;
2949 struct hci_conn *conn;
2950 struct link_key *key;
2951
a9de9248 2952 BT_DBG("%s", hdev->name);
55ed8ca1 2953
a8b2d5c2 2954 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2955 return;
2956
2957 hci_dev_lock(hdev);
2958
2959 key = hci_find_link_key(hdev, &ev->bdaddr);
2960 if (!key) {
6ed93dc6
AE		 2961 BT_DBG("%s link key not found for %pMR", hdev->name,
2962 &ev->bdaddr);
55ed8ca1
JH		 2963 goto not_found;
2964 }
2965
6ed93dc6
AE		 2966 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2967 &ev->bdaddr);
55ed8ca1 2968
a8b2d5c2 2969 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2970 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2971 BT_DBG("%s ignoring debug key", hdev->name);
2972 goto not_found;
2973 }
2974
2975 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2976 if (conn) {
2977 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2978 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2979 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2980 goto not_found;
2981 }
55ed8ca1 2982
60b83f57 2983 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2984 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2985 BT_DBG("%s ignoring key unauthenticated for high security",
2986 hdev->name);
60b83f57
WR		 2987 goto not_found;
2988 }
2989
2990 conn->key_type = key->type;
2991 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2992 }
2993
2994 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2995 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2996
2997 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2998
2999 hci_dev_unlock(hdev);
3000
3001 return;
3002
3003not_found:
3004 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3005 hci_dev_unlock(hdev);
a9de9248
MH		 3006}
3007
6039aa73 3008static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3009{
052b30b0
MH		 3010 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3011 struct hci_conn *conn;
55ed8ca1 3012 u8 pin_len = 0;
052b30b0 3013
a9de9248 3014 BT_DBG("%s", hdev->name);
052b30b0
MH		 3015
3016 hci_dev_lock(hdev);
3017
3018 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3019 if (conn) {
3020 hci_conn_hold(conn);
3021 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3022 pin_len = conn->pin_length;
13d39315
WR		 3023
3024 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3025 conn->key_type = ev->key_type;
3026
052b30b0
MH		 3027 hci_conn_put(conn);
3028 }
3029
a8b2d5c2 3030 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3031 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3032 ev->key_type, pin_len);
55ed8ca1 3033
052b30b0 3034 hci_dev_unlock(hdev);
a9de9248
MH		 3035}
3036
6039aa73 3037static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3038{
a9de9248 3039 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3040 struct hci_conn *conn;
1da177e4 3041
9f1db00c 3042 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3043
3044 hci_dev_lock(hdev);
3045
04837f64 3046 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3047 if (conn && !ev->status) {
3048 struct inquiry_entry *ie;
3049
cc11b9c1
AE		 3050 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3051 if (ie) {
1da177e4
LT		 3052 ie->data.clock_offset = ev->clock_offset;
3053 ie->timestamp = jiffies;
3054 }
3055 }
3056
3057 hci_dev_unlock(hdev);
3058}
3059
6039aa73 3060static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3061{
3062 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3064
9f1db00c 3065 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3066
3067 hci_dev_lock(hdev);
3068
3069 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3070 if (conn && !ev->status)
3071 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3072
3073 hci_dev_unlock(hdev);
3074}
3075
6039aa73 3076static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3077{
a9de9248 3078 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3079 struct inquiry_entry *ie;
3080
3081 BT_DBG("%s", hdev->name);
3082
3083 hci_dev_lock(hdev);
3084
cc11b9c1
AE		 3085 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3086 if (ie) {
85a1e930
MH		 3087 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3088 ie->timestamp = jiffies;
3089 }
3090
3091 hci_dev_unlock(hdev);
3092}
3093
6039aa73
GP		 3094static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3095 struct sk_buff *skb)
a9de9248
MH		 3096{
3097 struct inquiry_data data;
3098 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3099 bool name_known, ssp;
a9de9248
MH		 3100
3101 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3102
3103 if (!num_rsp)
3104 return;
3105
1519cc17
AG		 3106 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3107 return;
3108
a9de9248
MH		 3109 hci_dev_lock(hdev);
3110
3111 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3112 struct inquiry_info_with_rssi_and_pscan_mode *info;
3113 info = (void *) (skb->data + 1);
a9de9248 3114
e17acd40 3115 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3116 bacpy(&data.bdaddr, &info->bdaddr);
3117 data.pscan_rep_mode = info->pscan_rep_mode;
3118 data.pscan_period_mode = info->pscan_period_mode;
3119 data.pscan_mode = info->pscan_mode;
3120 memcpy(data.dev_class, info->dev_class, 3);
3121 data.clock_offset = info->clock_offset;
3122 data.rssi = info->rssi;
41a96212 3123 data.ssp_mode = 0x00;
3175405b
JH		 3124
3125 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3126 false, &ssp);
48264f06 3127 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3128 info->dev_class, info->rssi,
3129 !name_known, ssp, NULL, 0);
a9de9248
MH		 3130 }
3131 } else {
3132 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3133
e17acd40 3134 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3135 bacpy(&data.bdaddr, &info->bdaddr);
3136 data.pscan_rep_mode = info->pscan_rep_mode;
3137 data.pscan_period_mode = info->pscan_period_mode;
3138 data.pscan_mode = 0x00;
3139 memcpy(data.dev_class, info->dev_class, 3);
3140 data.clock_offset = info->clock_offset;
3141 data.rssi = info->rssi;
41a96212 3142 data.ssp_mode = 0x00;
3175405b 3143 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3144 false, &ssp);
48264f06 3145 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3146 info->dev_class, info->rssi,
3147 !name_known, ssp, NULL, 0);
a9de9248
MH		 3148 }
3149 }
3150
3151 hci_dev_unlock(hdev);
3152}
3153
6039aa73
GP		 3154static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3155 struct sk_buff *skb)
a9de9248 3156{
41a96212
MH		 3157 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3158 struct hci_conn *conn;
3159
a9de9248 3160 BT_DBG("%s", hdev->name);
41a96212 3161
41a96212
MH		 3162 hci_dev_lock(hdev);
3163
3164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3165 if (!conn)
3166 goto unlock;
41a96212 3167
ccd556fe
JH		 3168 if (!ev->status && ev->page == 0x01) {
3169 struct inquiry_entry *ie;
41a96212 3170
cc11b9c1
AE		 3171 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3172 if (ie)
02b7cc62 3173 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3174
02b7cc62 3175 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3176 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3177 }
3178
3179 if (conn->state != BT_CONFIG)
3180 goto unlock;
3181
671267bf 3182 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3183 struct hci_cp_remote_name_req cp;
3184 memset(&cp, 0, sizeof(cp));
3185 bacpy(&cp.bdaddr, &conn->dst);
3186 cp.pscan_rep_mode = 0x02;
3187 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3188 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3189 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3190 conn->dst_type, 0, NULL, 0,
3191 conn->dev_class);
392599b9 3192
127178d2 3193 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3194 conn->state = BT_CONNECTED;
3195 hci_proto_connect_cfm(conn, ev->status);
3196 hci_conn_put(conn);
41a96212
MH		 3197 }
3198
ccd556fe 3199unlock:
41a96212 3200 hci_dev_unlock(hdev);
a9de9248
MH		 3201}
3202
6039aa73
GP		 3203static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3204 struct sk_buff *skb)
a9de9248 3205{
b6a0dc82
MH		 3206 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3207 struct hci_conn *conn;
3208
9f1db00c 3209 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3210
3211 hci_dev_lock(hdev);
3212
3213 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3214 if (!conn) {
3215 if (ev->link_type == ESCO_LINK)
3216 goto unlock;
3217
3218 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3219 if (!conn)
3220 goto unlock;
3221
3222 conn->type = SCO_LINK;
3223 }
b6a0dc82 3224
732547f9
MH		 3225 switch (ev->status) {
3226 case 0x00:
b6a0dc82
MH		 3227 conn->handle = __le16_to_cpu(ev->handle);
3228 conn->state = BT_CONNECTED;
7d0db0a3 3229
9eba32b8 3230 hci_conn_hold_device(conn);
7d0db0a3 3231 hci_conn_add_sysfs(conn);
732547f9
MH		 3232 break;
3233
705e5711 3234 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3235 case 0x1c: /* SCO interval rejected */
1038a00b 3236 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3237 case 0x1f: /* Unspecified error */
3238 if (conn->out && conn->attempt < 2) {
3239 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3240 (hdev->esco_type & EDR_ESCO_MASK);
3241 hci_setup_sync(conn, conn->link->handle);
3242 goto unlock;
3243 }
3244 /* fall through */
3245
3246 default:
b6a0dc82 3247 conn->state = BT_CLOSED;
732547f9
MH		 3248 break;
3249 }
b6a0dc82
MH		 3250
3251 hci_proto_connect_cfm(conn, ev->status);
3252 if (ev->status)
3253 hci_conn_del(conn);
3254
3255unlock:
3256 hci_dev_unlock(hdev);
a9de9248
MH		 3257}
3258
6039aa73 3259static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3260{
3261 BT_DBG("%s", hdev->name);
3262}
3263
6039aa73 3264static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3265{
a9de9248 3266 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3267
9f1db00c 3268 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3269}
3270
6039aa73
GP		 3271static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3272 struct sk_buff *skb)
1da177e4 3273{
a9de9248
MH		 3274 struct inquiry_data data;
3275 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3276 int num_rsp = *((__u8 *) skb->data);
9d939d94 3277 size_t eir_len;
1da177e4 3278
a9de9248 3279 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3280
a9de9248
MH		 3281 if (!num_rsp)
3282 return;
1da177e4 3283
1519cc17
AG		 3284 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3285 return;
3286
a9de9248
MH		 3287 hci_dev_lock(hdev);
3288
e17acd40 3289 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3290 bool name_known, ssp;
561aafbc 3291
a9de9248 3292 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3293 data.pscan_rep_mode = info->pscan_rep_mode;
3294 data.pscan_period_mode = info->pscan_period_mode;
3295 data.pscan_mode = 0x00;
a9de9248 3296 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3297 data.clock_offset = info->clock_offset;
3298 data.rssi = info->rssi;
41a96212 3299 data.ssp_mode = 0x01;
561aafbc 3300
a8b2d5c2 3301 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3302 name_known = eir_has_data_type(info->data,
04124681
GP		 3303 sizeof(info->data),
3304 EIR_NAME_COMPLETE);
561aafbc
JH		 3305 else
3306 name_known = true;
3307
388fc8fa 3308 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3309 &ssp);
9d939d94 3310 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3311 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3312 info->dev_class, info->rssi, !name_known,
9d939d94 3313 ssp, info->data, eir_len);
a9de9248
MH		 3314 }
3315
3316 hci_dev_unlock(hdev);
3317}
1da177e4 3318
1c2e0041
JH		 3319static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3320 struct sk_buff *skb)
3321{
3322 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3323 struct hci_conn *conn;
3324
9f1db00c 3325 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3326 __le16_to_cpu(ev->handle));
3327
3328 hci_dev_lock(hdev);
3329
3330 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3331 if (!conn)
3332 goto unlock;
3333
3334 if (!ev->status)
3335 conn->sec_level = conn->pending_sec_level;
3336
3337 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3338
3339 if (ev->status && conn->state == BT_CONNECTED) {
3340 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3341 hci_conn_put(conn);
3342 goto unlock;
3343 }
3344
3345 if (conn->state == BT_CONFIG) {
3346 if (!ev->status)
3347 conn->state = BT_CONNECTED;
3348
3349 hci_proto_connect_cfm(conn, ev->status);
3350 hci_conn_put(conn);
3351 } else {
3352 hci_auth_cfm(conn, ev->status);
3353
3354 hci_conn_hold(conn);
3355 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3356 hci_conn_put(conn);
3357 }
3358
3359unlock:
3360 hci_dev_unlock(hdev);
3361}
3362
6039aa73 3363static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3364{
3365 /* If remote requests dedicated bonding follow that lead */
3366 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3367 /* If both remote and local IO capabilities allow MITM
3368 * protection then require it, otherwise don't */
3369 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3370 return 0x02;
3371 else
3372 return 0x03;
3373 }
3374
3375 /* If remote requests no-bonding follow that lead */
3376 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3377 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3378
3379 return conn->auth_type;
3380}
3381
6039aa73 3382static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3383{
3384 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3385 struct hci_conn *conn;
3386
3387 BT_DBG("%s", hdev->name);
3388
3389 hci_dev_lock(hdev);
3390
3391 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3392 if (!conn)
3393 goto unlock;
3394
3395 hci_conn_hold(conn);
3396
a8b2d5c2 3397 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3398 goto unlock;
3399
a8b2d5c2 3400 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3401 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3402 struct hci_cp_io_capability_reply cp;
3403
3404 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3405 /* Change the IO capability from KeyboardDisplay
3406 * to DisplayYesNo as it is not supported by BT spec. */
3407 cp.capability = (conn->io_capability == 0x04) ?
3408 0x01 : conn->io_capability;
7cbc9bd9
JH		 3409 conn->auth_type = hci_get_auth_req(conn);
3410 cp.authentication = conn->auth_type;
17fa4b9d 3411
8fc9ced3
GP		 3412 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3413 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3414 cp.oob_data = 0x01;
3415 else
3416 cp.oob_data = 0x00;
3417
17fa4b9d 3418 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3419 sizeof(cp), &cp);
03b555e1
JH		 3420 } else {
3421 struct hci_cp_io_capability_neg_reply cp;
3422
3423 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3424 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3425
03b555e1 3426 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3427 sizeof(cp), &cp);
03b555e1
JH		 3428 }
3429
3430unlock:
3431 hci_dev_unlock(hdev);
3432}
3433
6039aa73 3434static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3435{
3436 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3437 struct hci_conn *conn;
3438
3439 BT_DBG("%s", hdev->name);
3440
3441 hci_dev_lock(hdev);
3442
3443 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3444 if (!conn)
3445 goto unlock;
3446
03b555e1 3447 conn->remote_cap = ev->capability;
03b555e1 3448 conn->remote_auth = ev->authentication;
58a681ef
JH		 3449 if (ev->oob_data)
3450 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3451
3452unlock:
0493684e
MH		 3453 hci_dev_unlock(hdev);
3454}
3455
6039aa73
GP		 3456static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3457 struct sk_buff *skb)
a5c29683
JH		 3458{
3459 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3460 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3461 struct hci_conn *conn;
a5c29683
JH		 3462
3463 BT_DBG("%s", hdev->name);
3464
3465 hci_dev_lock(hdev);
3466
a8b2d5c2 3467 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3468 goto unlock;
a5c29683 3469
7a828908
JH		 3470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3471 if (!conn)
3472 goto unlock;
3473
3474 loc_mitm = (conn->auth_type & 0x01);
3475 rem_mitm = (conn->remote_auth & 0x01);
3476
3477 /* If we require MITM but the remote device can't provide that
3478 * (it has NoInputNoOutput) then reject the confirmation
3479 * request. The only exception is when we're dedicated bonding
3480 * initiators (connect_cfm_cb set) since then we always have the MITM
3481 * bit set. */
3482 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3483 BT_DBG("Rejecting request: remote device can't provide MITM");
3484 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3485 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3486 goto unlock;
3487 }
3488
3489 /* If no side requires MITM protection; auto-accept */
3490 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3491 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3492
3493 /* If we're not the initiators request authorization to
3494 * proceed from user space (mgmt_user_confirm with
3495 * confirm_hint set to 1). */
51a8efd7 3496 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3497 BT_DBG("Confirming auto-accept as acceptor");
3498 confirm_hint = 1;
3499 goto confirm;
3500 }
3501
9f61656a 3502 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3503 hdev->auto_accept_delay);
9f61656a
JH		 3504
3505 if (hdev->auto_accept_delay > 0) {
3506 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3507 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3508 goto unlock;
3509 }
3510
7a828908 3511 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3512 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3513 goto unlock;
3514 }
3515
55bc1a37 3516confirm:
272d90df 3517 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3518 confirm_hint);
7a828908
JH		 3519
3520unlock:
a5c29683
JH		 3521 hci_dev_unlock(hdev);
3522}
3523
6039aa73
GP		 3524static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3525 struct sk_buff *skb)
1143d458
BG		 3526{
3527 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3528
3529 BT_DBG("%s", hdev->name);
3530
a8b2d5c2 3531 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3532 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3533}
3534
92a25256
JH		 3535static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3536 struct sk_buff *skb)
3537{
3538 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3539 struct hci_conn *conn;
3540
3541 BT_DBG("%s", hdev->name);
3542
3543 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3544 if (!conn)
3545 return;
3546
3547 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3548 conn->passkey_entered = 0;
3549
3550 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3551 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3552 conn->dst_type, conn->passkey_notify,
3553 conn->passkey_entered);
3554}
3555
3556static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3557{
3558 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3559 struct hci_conn *conn;
3560
3561 BT_DBG("%s", hdev->name);
3562
3563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3564 if (!conn)
3565 return;
3566
3567 switch (ev->type) {
3568 case HCI_KEYPRESS_STARTED:
3569 conn->passkey_entered = 0;
3570 return;
3571
3572 case HCI_KEYPRESS_ENTERED:
3573 conn->passkey_entered++;
3574 break;
3575
3576 case HCI_KEYPRESS_ERASED:
3577 conn->passkey_entered--;
3578 break;
3579
3580 case HCI_KEYPRESS_CLEARED:
3581 conn->passkey_entered = 0;
3582 break;
3583
3584 case HCI_KEYPRESS_COMPLETED:
3585 return;
3586 }
3587
3588 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3589 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3590 conn->dst_type, conn->passkey_notify,
3591 conn->passkey_entered);
3592}
3593
6039aa73
GP		 3594static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3595 struct sk_buff *skb)
0493684e
MH		 3596{
3597 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3598 struct hci_conn *conn;
3599
3600 BT_DBG("%s", hdev->name);
3601
3602 hci_dev_lock(hdev);
3603
3604 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3605 if (!conn)
3606 goto unlock;
3607
3608 /* To avoid duplicate auth_failed events to user space we check
3609 * the HCI_CONN_AUTH_PEND flag which will be set if we
3610 * initiated the authentication. A traditional auth_complete
3611 * event gets always produced as initiator and is also mapped to
3612 * the mgmt_auth_failed event */
fa1bd918 3613 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3614 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3615 ev->status);
0493684e 3616
2a611692
JH		 3617 hci_conn_put(conn);
3618
3619unlock:
0493684e
MH		 3620 hci_dev_unlock(hdev);
3621}
3622
6039aa73
GP		 3623static void hci_remote_host_features_evt(struct hci_dev *hdev,
3624 struct sk_buff *skb)
41a96212
MH		 3625{
3626 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3627 struct inquiry_entry *ie;
3628
3629 BT_DBG("%s", hdev->name);
3630
3631 hci_dev_lock(hdev);
3632
cc11b9c1
AE		 3633 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3634 if (ie)
02b7cc62 3635 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3636
3637 hci_dev_unlock(hdev);
3638}
3639
6039aa73
GP		 3640static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3641 struct sk_buff *skb)
2763eda6
SJ		 3642{
3643 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3644 struct oob_data *data;
3645
3646 BT_DBG("%s", hdev->name);
3647
3648 hci_dev_lock(hdev);
3649
a8b2d5c2 3650 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3651 goto unlock;
3652
2763eda6
SJ		 3653 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3654 if (data) {
3655 struct hci_cp_remote_oob_data_reply cp;
3656
3657 bacpy(&cp.bdaddr, &ev->bdaddr);
3658 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3659 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3660
3661 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3662 &cp);
2763eda6
SJ		 3663 } else {
3664 struct hci_cp_remote_oob_data_neg_reply cp;
3665
3666 bacpy(&cp.bdaddr, &ev->bdaddr);
3667 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3668 &cp);
2763eda6
SJ		 3669 }
3670
e1ba1f15 3671unlock:
2763eda6
SJ		 3672 hci_dev_unlock(hdev);
3673}
3674
d5e91192
AE		 3675static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3676 struct sk_buff *skb)
3677{
3678 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3679 struct hci_conn *hcon, *bredr_hcon;
3680
3681 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3682 ev->status);
3683
3684 hci_dev_lock(hdev);
3685
3686 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3687 if (!hcon) {
3688 hci_dev_unlock(hdev);
3689 return;
3690 }
3691
3692 if (ev->status) {
3693 hci_conn_del(hcon);
3694 hci_dev_unlock(hdev);
3695 return;
3696 }
3697
3698 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3699
3700 hcon->state = BT_CONNECTED;
3701 bacpy(&hcon->dst, &bredr_hcon->dst);
3702
3703 hci_conn_hold(hcon);
3704 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3705 hci_conn_put(hcon);
3706
3707 hci_conn_hold_device(hcon);
3708 hci_conn_add_sysfs(hcon);
3709
cf70ff22 3710 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3711
cf70ff22 3712 hci_dev_unlock(hdev);
d5e91192
AE		 3713}
3714
27695fb4
AE		 3715static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3716{
3717 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3718 struct hci_conn *hcon;
3719 struct hci_chan *hchan;
3720 struct amp_mgr *mgr;
3721
3722 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3723 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3724 ev->status);
3725
3726 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3727 if (!hcon)
3728 return;
3729
3730 /* Create AMP hchan */
3731 hchan = hci_chan_create(hcon);
3732 if (!hchan)
3733 return;
3734
3735 hchan->handle = le16_to_cpu(ev->handle);
3736
3737 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3738
3739 mgr = hcon->amp_mgr;
3740 if (mgr && mgr->bredr_chan) {
3741 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3742
3743 l2cap_chan_lock(bredr_chan);
3744
3745 bredr_chan->conn->mtu = hdev->block_mtu;
3746 l2cap_logical_cfm(bredr_chan, hchan, 0);
3747 hci_conn_hold(hcon);
3748
3749 l2cap_chan_unlock(bredr_chan);
3750 }
3751}
3752
606e2a10
AE		 3753static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3754 struct sk_buff *skb)
3755{
3756 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3757 struct hci_chan *hchan;
3758
3759 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3760 le16_to_cpu(ev->handle), ev->status);
3761
3762 if (ev->status)
3763 return;
3764
3765 hci_dev_lock(hdev);
3766
3767 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3768 if (!hchan)
3769 goto unlock;
3770
3771 amp_destroy_logical_link(hchan, ev->reason);
3772
3773unlock:
3774 hci_dev_unlock(hdev);
3775}
3776
9eef6b3a
AE		 3777static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3779{
3780 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3781 struct hci_conn *hcon;
3782
3783 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3784
3785 if (ev->status)
3786 return;
3787
3788 hci_dev_lock(hdev);
3789
3790 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3791 if (hcon) {
3792 hcon->state = BT_CLOSED;
3793 hci_conn_del(hcon);
3794 }
3795
3796 hci_dev_unlock(hdev);
3797}
3798
6039aa73 3799static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3800{
3801 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3802 struct hci_conn *conn;
3803
9f1db00c 3804 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3805
3806 hci_dev_lock(hdev);
3807
b47a09b3 3808 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3809 if (!conn) {
3810 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3811 if (!conn) {
3812 BT_ERR("No memory for new connection");
230fd16a 3813 goto unlock;
b62f328b 3814 }
29b7988a
AG		 3815
3816 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3817
3818 if (ev->role == LE_CONN_ROLE_MASTER) {
3819 conn->out = true;
3820 conn->link_mode |= HCI_LM_MASTER;
3821 }
b62f328b 3822 }
fcd89c09 3823
cd17decb
AG		 3824 if (ev->status) {
3825 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3826 conn->dst_type, ev->status);
3827 hci_proto_connect_cfm(conn, ev->status);
3828 conn->state = BT_CLOSED;
3829 hci_conn_del(conn);
3830 goto unlock;
3831 }
3832
b644ba33
JH		 3833 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3834 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3835 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3836
7b5c0d52 3837 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3838 conn->handle = __le16_to_cpu(ev->handle);
3839 conn->state = BT_CONNECTED;
3840
3841 hci_conn_hold_device(conn);
3842 hci_conn_add_sysfs(conn);
3843
3844 hci_proto_connect_cfm(conn, ev->status);
3845
3846unlock:
3847 hci_dev_unlock(hdev);
3848}
3849
6039aa73 3850static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3851{
e95beb41
AG		 3852 u8 num_reports = skb->data[0];
3853 void *ptr = &skb->data[1];
3c9e9195 3854 s8 rssi;
9aa04c91
AG		 3855
3856 hci_dev_lock(hdev);
3857
e95beb41
AG		 3858 while (num_reports--) {
3859 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3860
3c9e9195
AG		 3861 rssi = ev->data[ev->length];
3862 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3863 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3864
e95beb41 3865 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3866 }
3867
3868 hci_dev_unlock(hdev);
3869}
3870
6039aa73 3871static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3872{
3873 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3874 struct hci_cp_le_ltk_reply cp;
bea710fe 3875 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3876 struct hci_conn *conn;
c9839a11 3877 struct smp_ltk *ltk;
a7a595f6 3878
9f1db00c 3879 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3880
3881 hci_dev_lock(hdev);
3882
3883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3884 if (conn == NULL)
3885 goto not_found;
a7a595f6 3886
bea710fe
VCG		 3887 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3888 if (ltk == NULL)
3889 goto not_found;
3890
3891 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3892 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3893
3894 if (ltk->authenticated)
3895 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3896
3897 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3898
c9839a11
VCG		 3899 if (ltk->type & HCI_SMP_STK) {
3900 list_del(&ltk->list);
3901 kfree(ltk);
3902 }
3903
a7a595f6 3904 hci_dev_unlock(hdev);
bea710fe
VCG		 3905
3906 return;
3907
3908not_found:
3909 neg.handle = ev->handle;
3910 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3911 hci_dev_unlock(hdev);
a7a595f6
VCG		 3912}
3913
6039aa73 3914static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3915{
3916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3917
3918 skb_pull(skb, sizeof(*le_ev));
3919
3920 switch (le_ev->subevent) {
3921 case HCI_EV_LE_CONN_COMPLETE:
3922 hci_le_conn_complete_evt(hdev, skb);
3923 break;
3924
9aa04c91
AG		 3925 case HCI_EV_LE_ADVERTISING_REPORT:
3926 hci_le_adv_report_evt(hdev, skb);
3927 break;
3928
a7a595f6
VCG		 3929 case HCI_EV_LE_LTK_REQ:
3930 hci_le_ltk_request_evt(hdev, skb);
3931 break;
3932
fcd89c09
VT		 3933 default:
3934 break;
3935 }
3936}
3937
9495b2ee
AE		 3938static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3939{
3940 struct hci_ev_channel_selected *ev = (void *) skb->data;
3941 struct hci_conn *hcon;
3942
3943 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3944
3945 skb_pull(skb, sizeof(*ev));
3946
3947 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3948 if (!hcon)
3949 return;
3950
3951 amp_read_loc_assoc_final_data(hdev, hcon);
3952}
3953
a9de9248
MH		 3954void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3955{
3956 struct hci_event_hdr *hdr = (void *) skb->data;
3957 __u8 event = hdr->evt;
3958
3959 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3960
3961 switch (event) {
1da177e4
LT		 3962 case HCI_EV_INQUIRY_COMPLETE:
3963 hci_inquiry_complete_evt(hdev, skb);
3964 break;
3965
3966 case HCI_EV_INQUIRY_RESULT:
3967 hci_inquiry_result_evt(hdev, skb);
3968 break;
3969
a9de9248
MH		 3970 case HCI_EV_CONN_COMPLETE:
3971 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3972 break;
3973
1da177e4
LT		 3974 case HCI_EV_CONN_REQUEST:
3975 hci_conn_request_evt(hdev, skb);
3976 break;
3977
1da177e4
LT		 3978 case HCI_EV_DISCONN_COMPLETE:
3979 hci_disconn_complete_evt(hdev, skb);
3980 break;
3981
1da177e4
LT		 3982 case HCI_EV_AUTH_COMPLETE:
3983 hci_auth_complete_evt(hdev, skb);
3984 break;
3985
a9de9248
MH		 3986 case HCI_EV_REMOTE_NAME:
3987 hci_remote_name_evt(hdev, skb);
3988 break;
3989
1da177e4
LT		 3990 case HCI_EV_ENCRYPT_CHANGE:
3991 hci_encrypt_change_evt(hdev, skb);
3992 break;
3993
a9de9248
MH		 3994 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3995 hci_change_link_key_complete_evt(hdev, skb);
3996 break;
3997
3998 case HCI_EV_REMOTE_FEATURES:
3999 hci_remote_features_evt(hdev, skb);
4000 break;
4001
4002 case HCI_EV_REMOTE_VERSION:
4003 hci_remote_version_evt(hdev, skb);
4004 break;
4005
4006 case HCI_EV_QOS_SETUP_COMPLETE:
4007 hci_qos_setup_complete_evt(hdev, skb);
4008 break;
4009
4010 case HCI_EV_CMD_COMPLETE:
4011 hci_cmd_complete_evt(hdev, skb);
4012 break;
4013
4014 case HCI_EV_CMD_STATUS:
4015 hci_cmd_status_evt(hdev, skb);
4016 break;
4017
4018 case HCI_EV_ROLE_CHANGE:
4019 hci_role_change_evt(hdev, skb);
4020 break;
4021
4022 case HCI_EV_NUM_COMP_PKTS:
4023 hci_num_comp_pkts_evt(hdev, skb);
4024 break;
4025
4026 case HCI_EV_MODE_CHANGE:
4027 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4028 break;
4029
4030 case HCI_EV_PIN_CODE_REQ:
4031 hci_pin_code_request_evt(hdev, skb);
4032 break;
4033
4034 case HCI_EV_LINK_KEY_REQ:
4035 hci_link_key_request_evt(hdev, skb);
4036 break;
4037
4038 case HCI_EV_LINK_KEY_NOTIFY:
4039 hci_link_key_notify_evt(hdev, skb);
4040 break;
4041
4042 case HCI_EV_CLOCK_OFFSET:
4043 hci_clock_offset_evt(hdev, skb);
4044 break;
4045
a8746417
MH		 4046 case HCI_EV_PKT_TYPE_CHANGE:
4047 hci_pkt_type_change_evt(hdev, skb);
4048 break;
4049
85a1e930
MH		 4050 case HCI_EV_PSCAN_REP_MODE:
4051 hci_pscan_rep_mode_evt(hdev, skb);
4052 break;
4053
a9de9248
MH		 4054 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4055 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4056 break;
4057
a9de9248
MH		 4058 case HCI_EV_REMOTE_EXT_FEATURES:
4059 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4060 break;
4061
a9de9248
MH		 4062 case HCI_EV_SYNC_CONN_COMPLETE:
4063 hci_sync_conn_complete_evt(hdev, skb);
4064 break;
1da177e4 4065
a9de9248
MH		 4066 case HCI_EV_SYNC_CONN_CHANGED:
4067 hci_sync_conn_changed_evt(hdev, skb);
4068 break;
1da177e4 4069
a9de9248
MH		 4070 case HCI_EV_SNIFF_SUBRATE:
4071 hci_sniff_subrate_evt(hdev, skb);
4072 break;
1da177e4 4073
a9de9248
MH		 4074 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4075 hci_extended_inquiry_result_evt(hdev, skb);
4076 break;
1da177e4 4077
1c2e0041
JH		 4078 case HCI_EV_KEY_REFRESH_COMPLETE:
4079 hci_key_refresh_complete_evt(hdev, skb);
4080 break;
4081
0493684e
MH		 4082 case HCI_EV_IO_CAPA_REQUEST:
4083 hci_io_capa_request_evt(hdev, skb);
4084 break;
4085
03b555e1
JH		 4086 case HCI_EV_IO_CAPA_REPLY:
4087 hci_io_capa_reply_evt(hdev, skb);
4088 break;
4089
a5c29683
JH		 4090 case HCI_EV_USER_CONFIRM_REQUEST:
4091 hci_user_confirm_request_evt(hdev, skb);
4092 break;
4093
1143d458
BG		 4094 case HCI_EV_USER_PASSKEY_REQUEST:
4095 hci_user_passkey_request_evt(hdev, skb);
4096 break;
4097
92a25256
JH		 4098 case HCI_EV_USER_PASSKEY_NOTIFY:
4099 hci_user_passkey_notify_evt(hdev, skb);
4100 break;
4101
4102 case HCI_EV_KEYPRESS_NOTIFY:
4103 hci_keypress_notify_evt(hdev, skb);
4104 break;
4105
0493684e
MH		 4106 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4107 hci_simple_pair_complete_evt(hdev, skb);
4108 break;
4109
41a96212
MH		 4110 case HCI_EV_REMOTE_HOST_FEATURES:
4111 hci_remote_host_features_evt(hdev, skb);
4112 break;
4113
fcd89c09
VT		 4114 case HCI_EV_LE_META:
4115 hci_le_meta_evt(hdev, skb);
4116 break;
4117
9495b2ee
AE		 4118 case HCI_EV_CHANNEL_SELECTED:
4119 hci_chan_selected_evt(hdev, skb);
4120 break;
4121
2763eda6
SJ		 4122 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4123 hci_remote_oob_data_request_evt(hdev, skb);
4124 break;
4125
d5e91192
AE		 4126 case HCI_EV_PHY_LINK_COMPLETE:
4127 hci_phy_link_complete_evt(hdev, skb);
4128 break;
4129
27695fb4
AE		 4130 case HCI_EV_LOGICAL_LINK_COMPLETE:
4131 hci_loglink_complete_evt(hdev, skb);
4132 break;
4133
606e2a10
AE		 4134 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4135 hci_disconn_loglink_complete_evt(hdev, skb);
4136 break;
4137
9eef6b3a
AE		 4138 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4139 hci_disconn_phylink_complete_evt(hdev, skb);
4140 break;
4141
25e89e99
AE		 4142 case HCI_EV_NUM_COMP_BLOCKS:
4143 hci_num_comp_blocks_evt(hdev, skb);
4144 break;
4145
a9de9248 4146 default:
9f1db00c 4147 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4148 break;
4149 }
4150
4151 kfree_skb(skb);
4152 hdev->stat.evt_rx++;
4153}
kernel source for telekom puls (alcatel/mediatek)