projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Track discovery type
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
7005ff17 198 /* Reset all flags, except persistent ones */
95947a39
HG		 199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
a9de9248 201}
04837f64 202
a9de9248
MH		 203static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204{
205 __u8 status = *((__u8 *) skb->data);
206 void *sent;
04837f64 207
a9de9248 208 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 209
a9de9248
MH		 210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
211 if (!sent)
212 return;
04837f64 213
56e5cb86
JH		 214 hci_dev_lock(hdev);
215
a8b2d5c2 216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 217 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 218
56e5cb86
JH		 219 if (status == 0)
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 221
56e5cb86 222 hci_dev_unlock(hdev);
a9de9248
MH		 223}
224
225static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
228
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
230
231 if (rp->status)
232 return;
233
1f6c6378 234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
33ef95ed
JH		 257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
23bb5763 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
a9de9248 268 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
1da177e4 282
23bb5763 283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
a9de9248 292 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
2d7cee58 302 if (status != 0) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
23bb5763 332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 333}
1da177e4 334
a9de9248
MH		 335static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336{
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 338
a9de9248 339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 340
a9de9248
MH		 341 if (rp->status)
342 return;
1da177e4 343
a9de9248 344 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 345
a9de9248
MH		 346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348}
1da177e4 349
a9de9248
MH		 350static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351{
352 __u8 status = *((__u8 *) skb->data);
353 void *sent;
1da177e4 354
a9de9248 355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
f383f275
MH		 357 if (status)
358 return;
359
a9de9248
MH		 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 if (!sent)
362 return;
1da177e4 363
f383f275 364 memcpy(hdev->dev_class, sent, 3);
a9de9248 365}
1da177e4 366
a9de9248
MH		 367static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
370 __u16 setting;
371
372 BT_DBG("%s status 0x%x", hdev->name, rp->status);
373
374 if (rp->status)
375 return;
376
377 setting = __le16_to_cpu(rp->voice_setting);
378
f383f275 379 if (hdev->voice_setting == setting)
a9de9248
MH		 380 return;
381
382 hdev->voice_setting = setting;
383
384 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
385
3c54711c 386 if (hdev->notify)
a9de9248 387 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 388}
389
390static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
391{
392 __u8 status = *((__u8 *) skb->data);
f383f275 393 __u16 setting;
a9de9248
MH		 394 void *sent;
395
396 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 397
f383f275
MH		 398 if (status)
399 return;
400
a9de9248
MH		 401 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 if (!sent)
403 return;
1da177e4 404
f383f275 405 setting = get_unaligned_le16(sent);
1da177e4 406
f383f275
MH		 407 if (hdev->voice_setting == setting)
408 return;
409
410 hdev->voice_setting = setting;
1da177e4 411
f383f275 412 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 413
3c54711c 414 if (hdev->notify)
f383f275 415 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 416}
417
a9de9248 418static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 419{
a9de9248 420 __u8 status = *((__u8 *) skb->data);
1da177e4 421
a9de9248 422 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 423
23bb5763 424 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 425}
1143e5a6 426
333140b5
MH		 427static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
428{
429 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
430
431 BT_DBG("%s status 0x%x", hdev->name, rp->status);
432
433 if (rp->status)
434 return;
435
84bde9d6
JH		 436 if (rp->mode)
437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
438 else
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
333140b5
MH		 440}
441
442static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443{
444 __u8 status = *((__u8 *) skb->data);
445 void *sent;
446
447 BT_DBG("%s status 0x%x", hdev->name, status);
448
449 if (status)
ed2c4ee3 450 goto done;
333140b5
MH		 451
452 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
453 if (!sent)
454 return;
455
84bde9d6
JH		 456 if (*((u8 *) sent))
457 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 else
459 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 460
461done:
462 if (test_bit(HCI_MGMT, &hdev->dev_flags))
463 mgmt_ssp_enable_complete(hdev, status);
333140b5
MH		 464}
465
d5859e22
JH		 466static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
467{
468 if (hdev->features[6] & LMP_EXT_INQ)
469 return 2;
470
471 if (hdev->features[3] & LMP_RSSI_INQ)
472 return 1;
473
474 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
475 hdev->lmp_subver == 0x0757)
476 return 1;
477
478 if (hdev->manufacturer == 15) {
479 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
480 return 1;
481 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
482 return 1;
483 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
484 return 1;
485 }
486
487 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
488 hdev->lmp_subver == 0x1805)
489 return 1;
490
491 return 0;
492}
493
494static void hci_setup_inquiry_mode(struct hci_dev *hdev)
495{
496 u8 mode;
497
498 mode = hci_get_inquiry_mode(hdev);
499
500 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
501}
502
503static void hci_setup_event_mask(struct hci_dev *hdev)
504{
505 /* The second byte is 0xff instead of 0x9f (two reserved bits
506 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
507 * command otherwise */
508 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
509
6de6c18d
VT		 510 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
511 * any event mask for pre 1.2 devices */
5a13b095 512 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 513 return;
514
515 events[4] |= 0x01; /* Flow Specification Complete */
516 events[4] |= 0x02; /* Inquiry Result with RSSI */
517 events[4] |= 0x04; /* Read Remote Extended Features Complete */
518 events[5] |= 0x08; /* Synchronous Connection Complete */
519 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 520
521 if (hdev->features[3] & LMP_RSSI_INQ)
522 events[4] |= 0x04; /* Inquiry Result with RSSI */
523
524 if (hdev->features[5] & LMP_SNIFF_SUBR)
525 events[5] |= 0x20; /* Sniff Subrating */
526
527 if (hdev->features[5] & LMP_PAUSE_ENC)
528 events[5] |= 0x80; /* Encryption Key Refresh Complete */
529
530 if (hdev->features[6] & LMP_EXT_INQ)
531 events[5] |= 0x40; /* Extended Inquiry Result */
532
533 if (hdev->features[6] & LMP_NO_FLUSH)
534 events[7] |= 0x01; /* Enhanced Flush Complete */
535
536 if (hdev->features[7] & LMP_LSTO)
537 events[6] |= 0x80; /* Link Supervision Timeout Changed */
538
539 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
540 events[6] |= 0x01; /* IO Capability Request */
541 events[6] |= 0x02; /* IO Capability Response */
542 events[6] |= 0x04; /* User Confirmation Request */
543 events[6] |= 0x08; /* User Passkey Request */
544 events[6] |= 0x10; /* Remote OOB Data Request */
545 events[6] |= 0x20; /* Simple Pairing Complete */
546 events[7] |= 0x04; /* User Passkey Notification */
547 events[7] |= 0x08; /* Keypress Notification */
548 events[7] |= 0x10; /* Remote Host Supported
549 * Features Notification */
550 }
551
552 if (hdev->features[4] & LMP_LE)
553 events[7] |= 0x20; /* LE Meta-Event */
554
555 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
556}
557
e6100a25
AG		 558static void hci_set_le_support(struct hci_dev *hdev)
559{
560 struct hci_cp_write_le_host_supported cp;
561
562 memset(&cp, 0, sizeof(cp));
563
564 if (enable_le) {
565 cp.le = 1;
566 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
567 }
568
569 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
570}
571
d5859e22
JH		 572static void hci_setup(struct hci_dev *hdev)
573{
e61ef499
AE		 574 if (hdev->dev_type != HCI_BREDR)
575 return;
576
d5859e22
JH		 577 hci_setup_event_mask(hdev);
578
d095c1eb 579 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 580 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
581
582 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
583 u8 mode = 0x01;
584 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
585 }
586
587 if (hdev->features[3] & LMP_RSSI_INQ)
588 hci_setup_inquiry_mode(hdev);
589
590 if (hdev->features[7] & LMP_INQ_TX_PWR)
591 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 592
593 if (hdev->features[7] & LMP_EXTFEATURES) {
594 struct hci_cp_read_local_ext_features cp;
595
596 cp.page = 0x01;
597 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
598 sizeof(cp), &cp);
599 }
e6100a25
AG		 600
601 if (hdev->features[4] & LMP_LE)
602 hci_set_le_support(hdev);
d5859e22
JH		 603}
604
a9de9248
MH		 605static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
606{
607 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 608
a9de9248 609 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 610
a9de9248
MH		 611 if (rp->status)
612 return;
1143e5a6 613
a9de9248 614 hdev->hci_ver = rp->hci_ver;
e4e8e37c 615 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 616 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 617 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 618 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 619
a9de9248
MH		 620 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
621 hdev->manufacturer,
622 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 623
624 if (test_bit(HCI_INIT, &hdev->flags))
625 hci_setup(hdev);
626}
627
628static void hci_setup_link_policy(struct hci_dev *hdev)
629{
630 u16 link_policy = 0;
631
632 if (hdev->features[0] & LMP_RSWITCH)
633 link_policy |= HCI_LP_RSWITCH;
634 if (hdev->features[0] & LMP_HOLD)
635 link_policy |= HCI_LP_HOLD;
636 if (hdev->features[0] & LMP_SNIFF)
637 link_policy |= HCI_LP_SNIFF;
638 if (hdev->features[1] & LMP_PARK)
639 link_policy |= HCI_LP_PARK;
640
641 link_policy = cpu_to_le16(link_policy);
642 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
643 sizeof(link_policy), &link_policy);
a9de9248 644}
1da177e4 645
a9de9248
MH		 646static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
647{
648 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 649
a9de9248 650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 651
a9de9248 652 if (rp->status)
d5859e22 653 goto done;
1da177e4 654
a9de9248 655 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 656
657 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
658 hci_setup_link_policy(hdev);
659
660done:
661 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 662}
1da177e4 663
a9de9248
MH		 664static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
665{
666 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 667
a9de9248 668 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 669
a9de9248
MH		 670 if (rp->status)
671 return;
5b7f9909 672
a9de9248 673 memcpy(hdev->features, rp->features, 8);
5b7f9909 674
a9de9248
MH		 675 /* Adjust default settings according to features
676 * supported by device. */
1da177e4 677
a9de9248
MH		 678 if (hdev->features[0] & LMP_3SLOT)
679 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 680
a9de9248
MH		 681 if (hdev->features[0] & LMP_5SLOT)
682 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV2) {
685 hdev->pkt_type |= (HCI_HV2);
686 hdev->esco_type |= (ESCO_HV2);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[1] & LMP_HV3) {
690 hdev->pkt_type |= (HCI_HV3);
691 hdev->esco_type |= (ESCO_HV3);
692 }
1da177e4 693
a9de9248
MH		 694 if (hdev->features[3] & LMP_ESCO)
695 hdev->esco_type |= (ESCO_EV3);
da1f5198 696
a9de9248
MH		 697 if (hdev->features[4] & LMP_EV4)
698 hdev->esco_type |= (ESCO_EV4);
da1f5198 699
a9de9248
MH		 700 if (hdev->features[4] & LMP_EV5)
701 hdev->esco_type |= (ESCO_EV5);
1da177e4 702
efc7688b
MH		 703 if (hdev->features[5] & LMP_EDR_ESCO_2M)
704 hdev->esco_type |= (ESCO_2EV3);
705
706 if (hdev->features[5] & LMP_EDR_ESCO_3M)
707 hdev->esco_type |= (ESCO_3EV3);
708
709 if (hdev->features[5] & LMP_EDR_3S_ESCO)
710 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
711
a9de9248
MH		 712 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
713 hdev->features[0], hdev->features[1],
714 hdev->features[2], hdev->features[3],
715 hdev->features[4], hdev->features[5],
716 hdev->features[6], hdev->features[7]);
717}
1da177e4 718
971e3a4b
AG		 719static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
720 struct sk_buff *skb)
721{
722 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
723
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
725
726 if (rp->status)
727 return;
728
b5b32b65
AG		 729 switch (rp->page) {
730 case 0:
731 memcpy(hdev->features, rp->features, 8);
732 break;
733 case 1:
734 memcpy(hdev->host_features, rp->features, 8);
735 break;
736 }
971e3a4b
AG		 737
738 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
739}
740
1e89cffb
AE		 741static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
742 struct sk_buff *skb)
743{
744 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
745
746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
747
748 if (rp->status)
749 return;
750
751 hdev->flow_ctl_mode = rp->mode;
752
753 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
754}
755
a9de9248
MH		 756static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
757{
758 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 759
a9de9248 760 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 761
a9de9248
MH		 762 if (rp->status)
763 return;
1da177e4 764
a9de9248
MH		 765 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
766 hdev->sco_mtu = rp->sco_mtu;
767 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
768 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
769
770 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
771 hdev->sco_mtu = 64;
772 hdev->sco_pkts = 8;
1da177e4 773 }
a9de9248
MH		 774
775 hdev->acl_cnt = hdev->acl_pkts;
776 hdev->sco_cnt = hdev->sco_pkts;
777
778 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
779 hdev->acl_mtu, hdev->acl_pkts,
780 hdev->sco_mtu, hdev->sco_pkts);
781}
782
783static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
784{
785 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
786
787 BT_DBG("%s status 0x%x", hdev->name, rp->status);
788
789 if (!rp->status)
790 bacpy(&hdev->bdaddr, &rp->bdaddr);
791
23bb5763
JH		 792 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
793}
794
350ee4cf
AE		 795static void hci_cc_read_data_block_size(struct hci_dev *hdev,
796 struct sk_buff *skb)
797{
798 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
799
800 BT_DBG("%s status 0x%x", hdev->name, rp->status);
801
802 if (rp->status)
803 return;
804
805 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
806 hdev->block_len = __le16_to_cpu(rp->block_len);
807 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
808
809 hdev->block_cnt = hdev->num_blocks;
810
811 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
812 hdev->block_cnt, hdev->block_len);
813
814 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
815}
816
23bb5763
JH		 817static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status 0x%x", hdev->name, status);
822
823 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 824}
825
928abaa7
AE		 826static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
827 struct sk_buff *skb)
828{
829 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
830
831 BT_DBG("%s status 0x%x", hdev->name, rp->status);
832
833 if (rp->status)
834 return;
835
836 hdev->amp_status = rp->amp_status;
837 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
838 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
839 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
840 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
841 hdev->amp_type = rp->amp_type;
842 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
843 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
844 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
845 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
846
847 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
848}
849
b0916ea0
JH		 850static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
851 struct sk_buff *skb)
852{
853 __u8 status = *((__u8 *) skb->data);
854
855 BT_DBG("%s status 0x%x", hdev->name, status);
856
857 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
858}
859
d5859e22
JH		 860static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
861{
862 __u8 status = *((__u8 *) skb->data);
863
864 BT_DBG("%s status 0x%x", hdev->name, status);
865
866 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
867}
868
869static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
870 struct sk_buff *skb)
871{
872 __u8 status = *((__u8 *) skb->data);
873
874 BT_DBG("%s status 0x%x", hdev->name, status);
875
876 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
877}
878
879static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
880 struct sk_buff *skb)
881{
882 __u8 status = *((__u8 *) skb->data);
883
884 BT_DBG("%s status 0x%x", hdev->name, status);
885
886 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
887}
888
889static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
890{
891 __u8 status = *((__u8 *) skb->data);
892
893 BT_DBG("%s status 0x%x", hdev->name, status);
894
895 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
896}
897
980e1a53
JH		 898static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
901 struct hci_cp_pin_code_reply *cp;
902 struct hci_conn *conn;
903
904 BT_DBG("%s status 0x%x", hdev->name, rp->status);
905
56e5cb86
JH		 906 hci_dev_lock(hdev);
907
a8b2d5c2 908 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 909 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 910
911 if (rp->status != 0)
56e5cb86 912 goto unlock;
980e1a53
JH		 913
914 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
915 if (!cp)
56e5cb86 916 goto unlock;
980e1a53
JH		 917
918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
919 if (conn)
920 conn->pin_length = cp->pin_len;
56e5cb86
JH		 921
922unlock:
923 hci_dev_unlock(hdev);
980e1a53
JH		 924}
925
926static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
927{
928 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
929
930 BT_DBG("%s status 0x%x", hdev->name, rp->status);
931
56e5cb86
JH		 932 hci_dev_lock(hdev);
933
a8b2d5c2 934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 935 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 936 rp->status);
56e5cb86
JH		 937
938 hci_dev_unlock(hdev);
980e1a53 939}
56e5cb86 940
6ed58ec5
VT		 941static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
942 struct sk_buff *skb)
943{
944 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
945
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947
948 if (rp->status)
949 return;
950
951 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
952 hdev->le_pkts = rp->le_max_pkt;
953
954 hdev->le_cnt = hdev->le_pkts;
955
956 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
957
958 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
959}
980e1a53 960
a5c29683
JH		 961static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
962{
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
964
965 BT_DBG("%s status 0x%x", hdev->name, rp->status);
966
56e5cb86
JH		 967 hci_dev_lock(hdev);
968
a8b2d5c2 969 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 970 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
971 0, rp->status);
56e5cb86
JH		 972
973 hci_dev_unlock(hdev);
a5c29683
JH		 974}
975
976static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
977 struct sk_buff *skb)
978{
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
980
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
982
56e5cb86
JH		 983 hci_dev_lock(hdev);
984
a8b2d5c2 985 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 986 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 987 ACL_LINK, 0,
a5c29683 988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
1143d458
BG		 993static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
994{
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
996
997 BT_DBG("%s status 0x%x", hdev->name, rp->status);
998
999 hci_dev_lock(hdev);
1000
a8b2d5c2 1001 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 1002 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1003 0, rp->status);
1143d458
BG		 1004
1005 hci_dev_unlock(hdev);
1006}
1007
1008static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1018 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1019 ACL_LINK, 0,
1143d458
BG		 1020 rp->status);
1021
1022 hci_dev_unlock(hdev);
1023}
1024
c35938b2
SJ		 1025static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1027{
1028 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1029
1030 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1031
56e5cb86 1032 hci_dev_lock(hdev);
744cf19e 1033 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1034 rp->randomizer, rp->status);
56e5cb86 1035 hci_dev_unlock(hdev);
c35938b2
SJ		 1036}
1037
07f7fa5d
AG		 1038static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1039{
1040 __u8 status = *((__u8 *) skb->data);
1041
1042 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1043
1044 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1045
1046 if (status) {
1047 hci_dev_lock(hdev);
1048 mgmt_start_discovery_failed(hdev, status);
1049 hci_dev_unlock(hdev);
1050 return;
1051 }
07f7fa5d
AG		 1052}
1053
eb9d91f5
AG		 1054static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1055 struct sk_buff *skb)
1056{
1057 struct hci_cp_le_set_scan_enable *cp;
1058 __u8 status = *((__u8 *) skb->data);
1059
1060 BT_DBG("%s status 0x%x", hdev->name, status);
1061
eb9d91f5
AG		 1062 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1063 if (!cp)
1064 return;
1065
68a8aea4
AE		 1066 switch (cp->enable) {
1067 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1068 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1069
3fd24153
AG		 1070 if (status) {
1071 hci_dev_lock(hdev);
1072 mgmt_start_discovery_failed(hdev, status);
1073 hci_dev_unlock(hdev);
7ba8b4be 1074 return;
3fd24153 1075 }
7ba8b4be 1076
d23264a8
AG		 1077 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1078
db323f2f 1079 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1080
1081 hci_dev_lock(hdev);
eb9d91f5 1082 hci_adv_entries_clear(hdev);
c599008f 1083 hci_discovery_set_state(hdev, DISCOVERY_LE_SCAN);
a8f13c8c 1084 hci_dev_unlock(hdev);
68a8aea4
AE		 1085 break;
1086
1087 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1088 if (status)
1089 return;
1090
d23264a8
AG		 1091 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1092
c599008f
AG		 1093 hci_dev_lock(hdev);
1094 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1095 hci_dev_unlock(hdev);
1096
d084329e 1097 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1098 break;
1099
1100 default:
1101 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1102 break;
35815085 1103 }
eb9d91f5
AG		 1104}
1105
a7a595f6
VCG		 1106static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1107{
1108 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1109
1110 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1111
1112 if (rp->status)
1113 return;
1114
1115 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1116}
1117
1118static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1123
1124 if (rp->status)
1125 return;
1126
1127 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1128}
1129
f9b49306
AG		 1130static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1131 struct sk_buff *skb)
1132{
1133 struct hci_cp_read_local_ext_features cp;
1134 __u8 status = *((__u8 *) skb->data);
1135
1136 BT_DBG("%s status 0x%x", hdev->name, status);
1137
1138 if (status)
1139 return;
1140
1141 cp.page = 0x01;
1142 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1143}
1144
a9de9248
MH		 1145static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1146{
1147 BT_DBG("%s status 0x%x", hdev->name, status);
1148
1149 if (status) {
23bb5763 1150 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1151 hci_conn_check_pending(hdev);
56e5cb86 1152 hci_dev_lock(hdev);
a8b2d5c2 1153 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1154 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1155 hci_dev_unlock(hdev);
314b2381
JH		 1156 return;
1157 }
1158
89352e7d
AG		 1159 set_bit(HCI_INQUIRY, &hdev->flags);
1160
56e5cb86 1161 hci_dev_lock(hdev);
30dc78e1 1162 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1163 hci_dev_unlock(hdev);
1da177e4
LT		 1164}
1165
1da177e4
LT		 1166static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1167{
a9de9248 1168 struct hci_cp_create_conn *cp;
1da177e4 1169 struct hci_conn *conn;
1da177e4 1170
a9de9248
MH		 1171 BT_DBG("%s status 0x%x", hdev->name, status);
1172
1173 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1174 if (!cp)
1175 return;
1176
1177 hci_dev_lock(hdev);
1178
1179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1180
a9de9248 1181 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1182
1183 if (status) {
1184 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1185 if (status != 0x0c || conn->attempt > 2) {
1186 conn->state = BT_CLOSED;
1187 hci_proto_connect_cfm(conn, status);
1188 hci_conn_del(conn);
1189 } else
1190 conn->state = BT_CONNECT2;
1da177e4
LT		 1191 }
1192 } else {
1193 if (!conn) {
1194 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1195 if (conn) {
a0c808b3 1196 conn->out = true;
1da177e4
LT		 1197 conn->link_mode |= HCI_LM_MASTER;
1198 } else
893ef971 1199 BT_ERR("No memory for new connection");
1da177e4
LT		 1200 }
1201 }
1202
1203 hci_dev_unlock(hdev);
1204}
1205
a9de9248 1206static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1207{
a9de9248
MH		 1208 struct hci_cp_add_sco *cp;
1209 struct hci_conn *acl, *sco;
1210 __u16 handle;
1da177e4 1211
b6a0dc82
MH		 1212 BT_DBG("%s status 0x%x", hdev->name, status);
1213
a9de9248
MH		 1214 if (!status)
1215 return;
1da177e4 1216
a9de9248
MH		 1217 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1218 if (!cp)
1219 return;
1da177e4 1220
a9de9248 1221 handle = __le16_to_cpu(cp->handle);
1da177e4 1222
a9de9248 1223 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1224
a9de9248 1225 hci_dev_lock(hdev);
1da177e4 1226
a9de9248 1227 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1228 if (acl) {
1229 sco = acl->link;
1230 if (sco) {
1231 sco->state = BT_CLOSED;
1da177e4 1232
5a08ecce
AE		 1233 hci_proto_connect_cfm(sco, status);
1234 hci_conn_del(sco);
1235 }
a9de9248 1236 }
1da177e4 1237
a9de9248
MH		 1238 hci_dev_unlock(hdev);
1239}
1da177e4 1240
f8558555
MH		 1241static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1242{
1243 struct hci_cp_auth_requested *cp;
1244 struct hci_conn *conn;
1245
1246 BT_DBG("%s status 0x%x", hdev->name, status);
1247
1248 if (!status)
1249 return;
1250
1251 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1252 if (!cp)
1253 return;
1254
1255 hci_dev_lock(hdev);
1256
1257 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1258 if (conn) {
1259 if (conn->state == BT_CONFIG) {
1260 hci_proto_connect_cfm(conn, status);
1261 hci_conn_put(conn);
1262 }
1263 }
1264
1265 hci_dev_unlock(hdev);
1266}
1267
1268static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1269{
1270 struct hci_cp_set_conn_encrypt *cp;
1271 struct hci_conn *conn;
1272
1273 BT_DBG("%s status 0x%x", hdev->name, status);
1274
1275 if (!status)
1276 return;
1277
1278 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1279 if (!cp)
1280 return;
1281
1282 hci_dev_lock(hdev);
1283
1284 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1285 if (conn) {
1286 if (conn->state == BT_CONFIG) {
1287 hci_proto_connect_cfm(conn, status);
1288 hci_conn_put(conn);
1289 }
1290 }
1291
1292 hci_dev_unlock(hdev);
1293}
1294
127178d2 1295static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1296 struct hci_conn *conn)
392599b9 1297{
392599b9
JH		 1298 if (conn->state != BT_CONFIG || !conn->out)
1299 return 0;
1300
765c2a96 1301 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1302 return 0;
1303
1304 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1305 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1306 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1307 conn->pending_sec_level != BT_SECURITY_HIGH &&
1308 !(conn->auth_type & 0x01))
392599b9
JH		 1309 return 0;
1310
392599b9
JH		 1311 return 1;
1312}
1313
30dc78e1
JH		 1314static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1315{
1316 struct hci_cp_remote_name_req cp;
1317
1318 memset(&cp, 0, sizeof(cp));
1319
1320 bacpy(&cp.bdaddr, &e->data.bdaddr);
1321 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1322 cp.pscan_mode = e->data.pscan_mode;
1323 cp.clock_offset = e->data.clock_offset;
1324
1325 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1326}
1327
b644ba33 1328static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1329{
1330 struct discovery_state *discov = &hdev->discovery;
1331 struct inquiry_entry *e;
1332
b644ba33
JH		 1333 if (list_empty(&discov->resolve))
1334 return false;
1335
1336 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1337 if (hci_resolve_name(hdev, e) == 0) {
1338 e->name_state = NAME_PENDING;
1339 return true;
1340 }
1341
1342 return false;
1343}
1344
1345static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1346 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1347{
1348 struct discovery_state *discov = &hdev->discovery;
1349 struct inquiry_entry *e;
1350
1351 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1352 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1353 name, name_len, conn->dev_class);
1354
1355 if (discov->state == DISCOVERY_STOPPED)
1356 return;
1357
30dc78e1
JH		 1358 if (discov->state == DISCOVERY_STOPPING)
1359 goto discov_complete;
1360
1361 if (discov->state != DISCOVERY_RESOLVING)
1362 return;
1363
1364 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1365 if (e) {
1366 e->name_state = NAME_KNOWN;
1367 list_del(&e->list);
b644ba33
JH		 1368 if (name)
1369 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1370 e->data.rssi, name, name_len);
30dc78e1
JH		 1371 }
1372
b644ba33 1373 if (hci_resolve_next_name(hdev))
30dc78e1 1374 return;
30dc78e1
JH		 1375
1376discov_complete:
1377 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1378}
1379
a9de9248
MH		 1380static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1381{
127178d2
JH		 1382 struct hci_cp_remote_name_req *cp;
1383 struct hci_conn *conn;
1384
a9de9248 1385 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1386
1387 /* If successful wait for the name req complete event before
1388 * checking for the need to do authentication */
1389 if (!status)
1390 return;
1391
1392 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1393 if (!cp)
1394 return;
1395
1396 hci_dev_lock(hdev);
1397
b644ba33
JH		 1398 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1399
a8b2d5c2 1400 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1401 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1402
79c6c70c
JH		 1403 if (!conn)
1404 goto unlock;
1405
1406 if (!hci_outgoing_auth_needed(hdev, conn))
1407 goto unlock;
1408
51a8efd7 1409 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1410 struct hci_cp_auth_requested cp;
1411 cp.handle = __cpu_to_le16(conn->handle);
1412 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1413 }
1414
79c6c70c 1415unlock:
127178d2 1416 hci_dev_unlock(hdev);
a9de9248 1417}
1da177e4 1418
769be974
MH		 1419static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1420{
1421 struct hci_cp_read_remote_features *cp;
1422 struct hci_conn *conn;
1423
1424 BT_DBG("%s status 0x%x", hdev->name, status);
1425
1426 if (!status)
1427 return;
1428
1429 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1430 if (!cp)
1431 return;
1432
1433 hci_dev_lock(hdev);
1434
1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1436 if (conn) {
1437 if (conn->state == BT_CONFIG) {
769be974
MH		 1438 hci_proto_connect_cfm(conn, status);
1439 hci_conn_put(conn);
1440 }
1441 }
1442
1443 hci_dev_unlock(hdev);
1444}
1445
1446static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1447{
1448 struct hci_cp_read_remote_ext_features *cp;
1449 struct hci_conn *conn;
1450
1451 BT_DBG("%s status 0x%x", hdev->name, status);
1452
1453 if (!status)
1454 return;
1455
1456 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1457 if (!cp)
1458 return;
1459
1460 hci_dev_lock(hdev);
1461
1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1463 if (conn) {
1464 if (conn->state == BT_CONFIG) {
769be974
MH		 1465 hci_proto_connect_cfm(conn, status);
1466 hci_conn_put(conn);
1467 }
1468 }
1469
1470 hci_dev_unlock(hdev);
1471}
1472
a9de9248
MH		 1473static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1474{
b6a0dc82
MH		 1475 struct hci_cp_setup_sync_conn *cp;
1476 struct hci_conn *acl, *sco;
1477 __u16 handle;
1478
a9de9248 1479 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1480
1481 if (!status)
1482 return;
1483
1484 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1485 if (!cp)
1486 return;
1487
1488 handle = __le16_to_cpu(cp->handle);
1489
1490 BT_DBG("%s handle %d", hdev->name, handle);
1491
1492 hci_dev_lock(hdev);
1493
1494 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1495 if (acl) {
1496 sco = acl->link;
1497 if (sco) {
1498 sco->state = BT_CLOSED;
b6a0dc82 1499
5a08ecce
AE		 1500 hci_proto_connect_cfm(sco, status);
1501 hci_conn_del(sco);
1502 }
b6a0dc82
MH		 1503 }
1504
1505 hci_dev_unlock(hdev);
1da177e4
LT		 1506}
1507
a9de9248 1508static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1509{
a9de9248
MH		 1510 struct hci_cp_sniff_mode *cp;
1511 struct hci_conn *conn;
1da177e4 1512
a9de9248 1513 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1514
a9de9248
MH		 1515 if (!status)
1516 return;
04837f64 1517
a9de9248
MH		 1518 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1519 if (!cp)
1520 return;
04837f64 1521
a9de9248 1522 hci_dev_lock(hdev);
04837f64 1523
a9de9248 1524 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1525 if (conn) {
51a8efd7 1526 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1527
51a8efd7 1528 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1529 hci_sco_setup(conn, status);
1530 }
1531
a9de9248
MH		 1532 hci_dev_unlock(hdev);
1533}
04837f64 1534
a9de9248
MH		 1535static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1536{
1537 struct hci_cp_exit_sniff_mode *cp;
1538 struct hci_conn *conn;
04837f64 1539
a9de9248 1540 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1541
a9de9248
MH		 1542 if (!status)
1543 return;
04837f64 1544
a9de9248
MH		 1545 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1546 if (!cp)
1547 return;
04837f64 1548
a9de9248 1549 hci_dev_lock(hdev);
1da177e4 1550
a9de9248 1551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1552 if (conn) {
51a8efd7 1553 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1554
51a8efd7 1555 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1556 hci_sco_setup(conn, status);
1557 }
1558
a9de9248 1559 hci_dev_unlock(hdev);
1da177e4
LT		 1560}
1561
88c3df13
JH		 1562static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1563{
1564 struct hci_cp_disconnect *cp;
1565 struct hci_conn *conn;
1566
1567 if (!status)
1568 return;
1569
1570 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1571 if (!cp)
1572 return;
1573
1574 hci_dev_lock(hdev);
1575
1576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1577 if (conn)
1578 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1579 conn->dst_type, status);
1580
1581 hci_dev_unlock(hdev);
1582}
1583
fcd89c09
VT		 1584static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1585{
1586 struct hci_cp_le_create_conn *cp;
1587 struct hci_conn *conn;
1588
1589 BT_DBG("%s status 0x%x", hdev->name, status);
1590
1591 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1592 if (!cp)
1593 return;
1594
1595 hci_dev_lock(hdev);
1596
1597 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1598
1599 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1600 conn);
1601
1602 if (status) {
1603 if (conn && conn->state == BT_CONNECT) {
1604 conn->state = BT_CLOSED;
1605 hci_proto_connect_cfm(conn, status);
1606 hci_conn_del(conn);
1607 }
1608 } else {
1609 if (!conn) {
1610 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1611 if (conn) {
1612 conn->dst_type = cp->peer_addr_type;
a0c808b3 1613 conn->out = true;
29b7988a 1614 } else {
fcd89c09 1615 BT_ERR("No memory for new connection");
29b7988a 1616 }
fcd89c09
VT		 1617 }
1618 }
1619
1620 hci_dev_unlock(hdev);
1621}
1622
a7a595f6
VCG		 1623static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1624{
1625 BT_DBG("%s status 0x%x", hdev->name, status);
1626}
1627
1da177e4
LT		 1628static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1629{
1630 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1631 struct discovery_state *discov = &hdev->discovery;
1632 struct inquiry_entry *e;
1da177e4
LT		 1633
1634 BT_DBG("%s status %d", hdev->name, status);
1635
23bb5763 1636 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1637
a9de9248 1638 hci_conn_check_pending(hdev);
89352e7d
AG		 1639
1640 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1641 return;
1642
a8b2d5c2 1643 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1644 return;
1645
56e5cb86 1646 hci_dev_lock(hdev);
30dc78e1
JH		 1647
1648 if (discov->state != DISCOVERY_INQUIRY)
1649 goto unlock;
1650
1651 if (list_empty(&discov->resolve)) {
1652 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1653 goto unlock;
1654 }
1655
1656 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1657 if (e && hci_resolve_name(hdev, e) == 0) {
1658 e->name_state = NAME_PENDING;
1659 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1660 } else {
1661 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1662 }
1663
1664unlock:
56e5cb86 1665 hci_dev_unlock(hdev);
1da177e4
LT		 1666}
1667
1da177e4
LT		 1668static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1669{
45bb4bf0 1670 struct inquiry_data data;
a9de9248 1671 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1672 int num_rsp = *((__u8 *) skb->data);
1673
1674 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1675
45bb4bf0
MH		 1676 if (!num_rsp)
1677 return;
1678
1da177e4 1679 hci_dev_lock(hdev);
45bb4bf0 1680
e17acd40 1681 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1682 bool name_known;
1683
1da177e4
LT		 1684 bacpy(&data.bdaddr, &info->bdaddr);
1685 data.pscan_rep_mode = info->pscan_rep_mode;
1686 data.pscan_period_mode = info->pscan_period_mode;
1687 data.pscan_mode = info->pscan_mode;
1688 memcpy(data.dev_class, info->dev_class, 3);
1689 data.clock_offset = info->clock_offset;
1690 data.rssi = 0x00;
41a96212 1691 data.ssp_mode = 0x00;
3175405b
JH		 1692
1693 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1694 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1695 info->dev_class, 0, !name_known,
1696 NULL, 0);
1da177e4 1697 }
45bb4bf0 1698
1da177e4
LT		 1699 hci_dev_unlock(hdev);
1700}
1701
1da177e4
LT		 1702static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1703{
a9de9248
MH		 1704 struct hci_ev_conn_complete *ev = (void *) skb->data;
1705 struct hci_conn *conn;
1da177e4
LT		 1706
1707 BT_DBG("%s", hdev->name);
1708
1709 hci_dev_lock(hdev);
1710
1711 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1712 if (!conn) {
1713 if (ev->link_type != SCO_LINK)
1714 goto unlock;
1715
1716 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1717 if (!conn)
1718 goto unlock;
1719
1720 conn->type = SCO_LINK;
1721 }
1da177e4
LT		 1722
1723 if (!ev->status) {
1724 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1725
1726 if (conn->type == ACL_LINK) {
1727 conn->state = BT_CONFIG;
1728 hci_conn_hold(conn);
052b30b0 1729 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1730 } else
1731 conn->state = BT_CONNECTED;
1da177e4 1732
9eba32b8 1733 hci_conn_hold_device(conn);
7d0db0a3
MH		 1734 hci_conn_add_sysfs(conn);
1735
1da177e4
LT		 1736 if (test_bit(HCI_AUTH, &hdev->flags))
1737 conn->link_mode |= HCI_LM_AUTH;
1738
1739 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1740 conn->link_mode |= HCI_LM_ENCRYPT;
1741
04837f64
MH		 1742 /* Get remote features */
1743 if (conn->type == ACL_LINK) {
1744 struct hci_cp_read_remote_features cp;
1745 cp.handle = ev->handle;
769be974
MH		 1746 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1747 sizeof(cp), &cp);
04837f64
MH		 1748 }
1749
1da177e4 1750 /* Set packet type for incoming connection */
d095c1eb 1751 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1752 struct hci_cp_change_conn_ptype cp;
1753 cp.handle = ev->handle;
a8746417
MH		 1754 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1755 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1756 sizeof(cp), &cp);
1da177e4 1757 }
17d5c04c 1758 } else {
1da177e4 1759 conn->state = BT_CLOSED;
17d5c04c 1760 if (conn->type == ACL_LINK)
744cf19e 1761 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1762 conn->dst_type, ev->status);
17d5c04c 1763 }
1da177e4 1764
e73439d8
MH		 1765 if (conn->type == ACL_LINK)
1766 hci_sco_setup(conn, ev->status);
1da177e4 1767
769be974
MH		 1768 if (ev->status) {
1769 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1770 hci_conn_del(conn);
c89b6e6b
MH		 1771 } else if (ev->link_type != ACL_LINK)
1772 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1773
a9de9248 1774unlock:
1da177e4 1775 hci_dev_unlock(hdev);
1da177e4 1776
a9de9248 1777 hci_conn_check_pending(hdev);
1da177e4
LT		 1778}
1779
a9de9248 1780static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1781{
a9de9248
MH		 1782 struct hci_ev_conn_request *ev = (void *) skb->data;
1783 int mask = hdev->link_mode;
1da177e4 1784
a9de9248
MH		 1785 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1786 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1787
a9de9248 1788 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1789
138d22ef
SJ		 1790 if ((mask & HCI_LM_ACCEPT) &&
1791 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1792 /* Connection accepted */
c7bdd502 1793 struct inquiry_entry *ie;
1da177e4 1794 struct hci_conn *conn;
1da177e4 1795
a9de9248 1796 hci_dev_lock(hdev);
b6a0dc82 1797
cc11b9c1
AE		 1798 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1799 if (ie)
c7bdd502
MH		 1800 memcpy(ie->data.dev_class, ev->dev_class, 3);
1801
a9de9248
MH		 1802 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1803 if (!conn) {
cc11b9c1
AE		 1804 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1805 if (!conn) {
893ef971 1806 BT_ERR("No memory for new connection");
a9de9248
MH		 1807 hci_dev_unlock(hdev);
1808 return;
1da177e4
LT		 1809 }
1810 }
b6a0dc82 1811
a9de9248
MH		 1812 memcpy(conn->dev_class, ev->dev_class, 3);
1813 conn->state = BT_CONNECT;
b6a0dc82 1814
a9de9248 1815 hci_dev_unlock(hdev);
1da177e4 1816
b6a0dc82
MH		 1817 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1818 struct hci_cp_accept_conn_req cp;
1da177e4 1819
b6a0dc82
MH		 1820 bacpy(&cp.bdaddr, &ev->bdaddr);
1821
1822 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1823 cp.role = 0x00; /* Become master */
1824 else
1825 cp.role = 0x01; /* Remain slave */
1826
1827 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1828 sizeof(cp), &cp);
1829 } else {
1830 struct hci_cp_accept_sync_conn_req cp;
1831
1832 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1833 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1834
1835 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1836 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1837 cp.max_latency = cpu_to_le16(0xffff);
1838 cp.content_format = cpu_to_le16(hdev->voice_setting);
1839 cp.retrans_effort = 0xff;
1da177e4 1840
b6a0dc82
MH		 1841 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1842 sizeof(cp), &cp);
1843 }
a9de9248
MH		 1844 } else {
1845 /* Connection rejected */
1846 struct hci_cp_reject_conn_req cp;
1da177e4 1847
a9de9248 1848 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1849 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1850 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1851 }
1da177e4
LT		 1852}
1853
a9de9248 1854static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1855{
a9de9248 1856 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1857 struct hci_conn *conn;
1858
1859 BT_DBG("%s status %d", hdev->name, ev->status);
1860
1861 hci_dev_lock(hdev);
1862
1863 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1864 if (!conn)
1865 goto unlock;
7d0db0a3 1866
37d9ef76
JH		 1867 if (ev->status == 0)
1868 conn->state = BT_CLOSED;
04837f64 1869
b644ba33
JH		 1870 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1871 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1872 if (ev->status != 0)
88c3df13
JH		 1873 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1874 conn->dst_type, ev->status);
37d9ef76 1875 else
afc747a6 1876 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1877 conn->dst_type);
37d9ef76 1878 }
f7520543 1879
37d9ef76
JH		 1880 if (ev->status == 0) {
1881 hci_proto_disconn_cfm(conn, ev->reason);
1882 hci_conn_del(conn);
1883 }
f7520543
JH		 1884
1885unlock:
04837f64
MH		 1886 hci_dev_unlock(hdev);
1887}
1888
1da177e4
LT		 1889static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1890{
a9de9248 1891 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1892 struct hci_conn *conn;
1da177e4
LT		 1893
1894 BT_DBG("%s status %d", hdev->name, ev->status);
1895
1896 hci_dev_lock(hdev);
1897
04837f64 1898 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1899 if (!conn)
1900 goto unlock;
1901
1902 if (!ev->status) {
aa64a8b5
JH		 1903 if (!hci_conn_ssp_enabled(conn) &&
1904 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1905 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1906 } else {
d7556e20
WR		 1907 conn->link_mode |= HCI_LM_AUTH;
1908 conn->sec_level = conn->pending_sec_level;
2a611692 1909 }
d7556e20 1910 } else {
bab73cb6
JH		 1911 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1912 ev->status);
d7556e20 1913 }
1da177e4 1914
51a8efd7
JH		 1915 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1916 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1917
d7556e20 1918 if (conn->state == BT_CONFIG) {
aa64a8b5 1919 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1920 struct hci_cp_set_conn_encrypt cp;
1921 cp.handle = ev->handle;
1922 cp.encrypt = 0x01;
1923 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1924 &cp);
052b30b0 1925 } else {
d7556e20
WR		 1926 conn->state = BT_CONNECTED;
1927 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1928 hci_conn_put(conn);
1929 }
d7556e20
WR		 1930 } else {
1931 hci_auth_cfm(conn, ev->status);
052b30b0 1932
d7556e20
WR		 1933 hci_conn_hold(conn);
1934 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1935 hci_conn_put(conn);
1936 }
1937
51a8efd7 1938 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1939 if (!ev->status) {
1940 struct hci_cp_set_conn_encrypt cp;
1941 cp.handle = ev->handle;
1942 cp.encrypt = 0x01;
1943 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1944 &cp);
1945 } else {
51a8efd7 1946 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1947 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1948 }
1949 }
1950
d7556e20 1951unlock:
1da177e4
LT		 1952 hci_dev_unlock(hdev);
1953}
1954
a9de9248 1955static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1956{
127178d2
JH		 1957 struct hci_ev_remote_name *ev = (void *) skb->data;
1958 struct hci_conn *conn;
1959
a9de9248 1960 BT_DBG("%s", hdev->name);
1da177e4 1961
a9de9248 1962 hci_conn_check_pending(hdev);
127178d2
JH		 1963
1964 hci_dev_lock(hdev);
1965
b644ba33 1966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1967
b644ba33
JH		 1968 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1969 goto check_auth;
a88a9652 1970
b644ba33
JH		 1971 if (ev->status == 0)
1972 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1973 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1974 else
1975 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1976
1977check_auth:
79c6c70c
JH		 1978 if (!conn)
1979 goto unlock;
1980
1981 if (!hci_outgoing_auth_needed(hdev, conn))
1982 goto unlock;
1983
51a8efd7 1984 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1985 struct hci_cp_auth_requested cp;
1986 cp.handle = __cpu_to_le16(conn->handle);
1987 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1988 }
1989
79c6c70c 1990unlock:
127178d2 1991 hci_dev_unlock(hdev);
a9de9248
MH		 1992}
1993
1994static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1995{
1996 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1997 struct hci_conn *conn;
1998
1999 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2000
2001 hci_dev_lock(hdev);
2002
04837f64 2003 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2004 if (conn) {
2005 if (!ev->status) {
ae293196
MH		 2006 if (ev->encrypt) {
2007 /* Encryption implies authentication */
2008 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2009 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2010 conn->sec_level = conn->pending_sec_level;
ae293196 2011 } else
1da177e4
LT		 2012 conn->link_mode &= ~HCI_LM_ENCRYPT;
2013 }
2014
51a8efd7 2015 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2016
f8558555
MH		 2017 if (conn->state == BT_CONFIG) {
2018 if (!ev->status)
2019 conn->state = BT_CONNECTED;
2020
2021 hci_proto_connect_cfm(conn, ev->status);
2022 hci_conn_put(conn);
2023 } else
2024 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2025 }
2026
2027 hci_dev_unlock(hdev);
2028}
2029
a9de9248 2030static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2031{
a9de9248 2032 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2033 struct hci_conn *conn;
1da177e4
LT		 2034
2035 BT_DBG("%s status %d", hdev->name, ev->status);
2036
2037 hci_dev_lock(hdev);
2038
04837f64 2039 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2040 if (conn) {
2041 if (!ev->status)
2042 conn->link_mode |= HCI_LM_SECURE;
2043
51a8efd7 2044 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2045
2046 hci_key_change_cfm(conn, ev->status);
2047 }
2048
2049 hci_dev_unlock(hdev);
2050}
2051
a9de9248 2052static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2053{
a9de9248
MH		 2054 struct hci_ev_remote_features *ev = (void *) skb->data;
2055 struct hci_conn *conn;
2056
2057 BT_DBG("%s status %d", hdev->name, ev->status);
2058
a9de9248
MH		 2059 hci_dev_lock(hdev);
2060
2061 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2062 if (!conn)
2063 goto unlock;
769be974 2064
ccd556fe
JH		 2065 if (!ev->status)
2066 memcpy(conn->features, ev->features, 8);
2067
2068 if (conn->state != BT_CONFIG)
2069 goto unlock;
2070
2071 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2072 struct hci_cp_read_remote_ext_features cp;
2073 cp.handle = ev->handle;
2074 cp.page = 0x01;
2075 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2076 sizeof(cp), &cp);
392599b9
JH		 2077 goto unlock;
2078 }
2079
127178d2
JH		 2080 if (!ev->status) {
2081 struct hci_cp_remote_name_req cp;
2082 memset(&cp, 0, sizeof(cp));
2083 bacpy(&cp.bdaddr, &conn->dst);
2084 cp.pscan_rep_mode = 0x02;
2085 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2086 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2087 mgmt_device_connected(hdev, &conn->dst, conn->type,
2088 conn->dst_type, NULL, 0,
2089 conn->dev_class);
392599b9 2090
127178d2 2091 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2092 conn->state = BT_CONNECTED;
2093 hci_proto_connect_cfm(conn, ev->status);
2094 hci_conn_put(conn);
769be974 2095 }
a9de9248 2096
ccd556fe 2097unlock:
a9de9248 2098 hci_dev_unlock(hdev);
1da177e4
LT		 2099}
2100
a9de9248 2101static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2102{
a9de9248 2103 BT_DBG("%s", hdev->name);
1da177e4
LT		 2104}
2105
a9de9248 2106static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2107{
a9de9248 2108 BT_DBG("%s", hdev->name);
1da177e4
LT		 2109}
2110
a9de9248
MH		 2111static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2112{
2113 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2114 __u16 opcode;
2115
2116 skb_pull(skb, sizeof(*ev));
2117
2118 opcode = __le16_to_cpu(ev->opcode);
2119
2120 switch (opcode) {
2121 case HCI_OP_INQUIRY_CANCEL:
2122 hci_cc_inquiry_cancel(hdev, skb);
2123 break;
2124
2125 case HCI_OP_EXIT_PERIODIC_INQ:
2126 hci_cc_exit_periodic_inq(hdev, skb);
2127 break;
2128
2129 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2130 hci_cc_remote_name_req_cancel(hdev, skb);
2131 break;
2132
2133 case HCI_OP_ROLE_DISCOVERY:
2134 hci_cc_role_discovery(hdev, skb);
2135 break;
2136
e4e8e37c
MH		 2137 case HCI_OP_READ_LINK_POLICY:
2138 hci_cc_read_link_policy(hdev, skb);
2139 break;
2140
a9de9248
MH		 2141 case HCI_OP_WRITE_LINK_POLICY:
2142 hci_cc_write_link_policy(hdev, skb);
2143 break;
2144
e4e8e37c
MH		 2145 case HCI_OP_READ_DEF_LINK_POLICY:
2146 hci_cc_read_def_link_policy(hdev, skb);
2147 break;
2148
2149 case HCI_OP_WRITE_DEF_LINK_POLICY:
2150 hci_cc_write_def_link_policy(hdev, skb);
2151 break;
2152
a9de9248
MH		 2153 case HCI_OP_RESET:
2154 hci_cc_reset(hdev, skb);
2155 break;
2156
2157 case HCI_OP_WRITE_LOCAL_NAME:
2158 hci_cc_write_local_name(hdev, skb);
2159 break;
2160
2161 case HCI_OP_READ_LOCAL_NAME:
2162 hci_cc_read_local_name(hdev, skb);
2163 break;
2164
2165 case HCI_OP_WRITE_AUTH_ENABLE:
2166 hci_cc_write_auth_enable(hdev, skb);
2167 break;
2168
2169 case HCI_OP_WRITE_ENCRYPT_MODE:
2170 hci_cc_write_encrypt_mode(hdev, skb);
2171 break;
2172
2173 case HCI_OP_WRITE_SCAN_ENABLE:
2174 hci_cc_write_scan_enable(hdev, skb);
2175 break;
2176
2177 case HCI_OP_READ_CLASS_OF_DEV:
2178 hci_cc_read_class_of_dev(hdev, skb);
2179 break;
2180
2181 case HCI_OP_WRITE_CLASS_OF_DEV:
2182 hci_cc_write_class_of_dev(hdev, skb);
2183 break;
2184
2185 case HCI_OP_READ_VOICE_SETTING:
2186 hci_cc_read_voice_setting(hdev, skb);
2187 break;
2188
2189 case HCI_OP_WRITE_VOICE_SETTING:
2190 hci_cc_write_voice_setting(hdev, skb);
2191 break;
2192
2193 case HCI_OP_HOST_BUFFER_SIZE:
2194 hci_cc_host_buffer_size(hdev, skb);
2195 break;
2196
333140b5
MH		 2197 case HCI_OP_READ_SSP_MODE:
2198 hci_cc_read_ssp_mode(hdev, skb);
2199 break;
2200
2201 case HCI_OP_WRITE_SSP_MODE:
2202 hci_cc_write_ssp_mode(hdev, skb);
2203 break;
2204
a9de9248
MH		 2205 case HCI_OP_READ_LOCAL_VERSION:
2206 hci_cc_read_local_version(hdev, skb);
2207 break;
2208
2209 case HCI_OP_READ_LOCAL_COMMANDS:
2210 hci_cc_read_local_commands(hdev, skb);
2211 break;
2212
2213 case HCI_OP_READ_LOCAL_FEATURES:
2214 hci_cc_read_local_features(hdev, skb);
2215 break;
2216
971e3a4b
AG		 2217 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2218 hci_cc_read_local_ext_features(hdev, skb);
2219 break;
2220
a9de9248
MH		 2221 case HCI_OP_READ_BUFFER_SIZE:
2222 hci_cc_read_buffer_size(hdev, skb);
2223 break;
2224
2225 case HCI_OP_READ_BD_ADDR:
2226 hci_cc_read_bd_addr(hdev, skb);
2227 break;
2228
350ee4cf
AE		 2229 case HCI_OP_READ_DATA_BLOCK_SIZE:
2230 hci_cc_read_data_block_size(hdev, skb);
2231 break;
2232
23bb5763
JH		 2233 case HCI_OP_WRITE_CA_TIMEOUT:
2234 hci_cc_write_ca_timeout(hdev, skb);
2235 break;
2236
1e89cffb
AE		 2237 case HCI_OP_READ_FLOW_CONTROL_MODE:
2238 hci_cc_read_flow_control_mode(hdev, skb);
2239 break;
2240
928abaa7
AE		 2241 case HCI_OP_READ_LOCAL_AMP_INFO:
2242 hci_cc_read_local_amp_info(hdev, skb);
2243 break;
2244
b0916ea0
JH		 2245 case HCI_OP_DELETE_STORED_LINK_KEY:
2246 hci_cc_delete_stored_link_key(hdev, skb);
2247 break;
2248
d5859e22
JH		 2249 case HCI_OP_SET_EVENT_MASK:
2250 hci_cc_set_event_mask(hdev, skb);
2251 break;
2252
2253 case HCI_OP_WRITE_INQUIRY_MODE:
2254 hci_cc_write_inquiry_mode(hdev, skb);
2255 break;
2256
2257 case HCI_OP_READ_INQ_RSP_TX_POWER:
2258 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2259 break;
2260
2261 case HCI_OP_SET_EVENT_FLT:
2262 hci_cc_set_event_flt(hdev, skb);
2263 break;
2264
980e1a53
JH		 2265 case HCI_OP_PIN_CODE_REPLY:
2266 hci_cc_pin_code_reply(hdev, skb);
2267 break;
2268
2269 case HCI_OP_PIN_CODE_NEG_REPLY:
2270 hci_cc_pin_code_neg_reply(hdev, skb);
2271 break;
2272
c35938b2
SJ		 2273 case HCI_OP_READ_LOCAL_OOB_DATA:
2274 hci_cc_read_local_oob_data_reply(hdev, skb);
2275 break;
2276
6ed58ec5
VT		 2277 case HCI_OP_LE_READ_BUFFER_SIZE:
2278 hci_cc_le_read_buffer_size(hdev, skb);
2279 break;
2280
a5c29683
JH		 2281 case HCI_OP_USER_CONFIRM_REPLY:
2282 hci_cc_user_confirm_reply(hdev, skb);
2283 break;
2284
2285 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2286 hci_cc_user_confirm_neg_reply(hdev, skb);
2287 break;
2288
1143d458
BG		 2289 case HCI_OP_USER_PASSKEY_REPLY:
2290 hci_cc_user_passkey_reply(hdev, skb);
2291 break;
2292
2293 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2294 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2295
2296 case HCI_OP_LE_SET_SCAN_PARAM:
2297 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2298 break;
2299
eb9d91f5
AG		 2300 case HCI_OP_LE_SET_SCAN_ENABLE:
2301 hci_cc_le_set_scan_enable(hdev, skb);
2302 break;
2303
a7a595f6
VCG		 2304 case HCI_OP_LE_LTK_REPLY:
2305 hci_cc_le_ltk_reply(hdev, skb);
2306 break;
2307
2308 case HCI_OP_LE_LTK_NEG_REPLY:
2309 hci_cc_le_ltk_neg_reply(hdev, skb);
2310 break;
2311
f9b49306
AG		 2312 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2313 hci_cc_write_le_host_supported(hdev, skb);
2314 break;
2315
a9de9248
MH		 2316 default:
2317 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2318 break;
2319 }
2320
6bd32326
VT		 2321 if (ev->opcode != HCI_OP_NOP)
2322 del_timer(&hdev->cmd_timer);
2323
a9de9248
MH		 2324 if (ev->ncmd) {
2325 atomic_set(&hdev->cmd_cnt, 1);
2326 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2327 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2328 }
2329}
2330
2331static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2332{
2333 struct hci_ev_cmd_status *ev = (void *) skb->data;
2334 __u16 opcode;
2335
2336 skb_pull(skb, sizeof(*ev));
2337
2338 opcode = __le16_to_cpu(ev->opcode);
2339
2340 switch (opcode) {
2341 case HCI_OP_INQUIRY:
2342 hci_cs_inquiry(hdev, ev->status);
2343 break;
2344
2345 case HCI_OP_CREATE_CONN:
2346 hci_cs_create_conn(hdev, ev->status);
2347 break;
2348
2349 case HCI_OP_ADD_SCO:
2350 hci_cs_add_sco(hdev, ev->status);
2351 break;
2352
f8558555
MH		 2353 case HCI_OP_AUTH_REQUESTED:
2354 hci_cs_auth_requested(hdev, ev->status);
2355 break;
2356
2357 case HCI_OP_SET_CONN_ENCRYPT:
2358 hci_cs_set_conn_encrypt(hdev, ev->status);
2359 break;
2360
a9de9248
MH		 2361 case HCI_OP_REMOTE_NAME_REQ:
2362 hci_cs_remote_name_req(hdev, ev->status);
2363 break;
2364
769be974
MH		 2365 case HCI_OP_READ_REMOTE_FEATURES:
2366 hci_cs_read_remote_features(hdev, ev->status);
2367 break;
2368
2369 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2370 hci_cs_read_remote_ext_features(hdev, ev->status);
2371 break;
2372
a9de9248
MH		 2373 case HCI_OP_SETUP_SYNC_CONN:
2374 hci_cs_setup_sync_conn(hdev, ev->status);
2375 break;
2376
2377 case HCI_OP_SNIFF_MODE:
2378 hci_cs_sniff_mode(hdev, ev->status);
2379 break;
2380
2381 case HCI_OP_EXIT_SNIFF_MODE:
2382 hci_cs_exit_sniff_mode(hdev, ev->status);
2383 break;
2384
8962ee74 2385 case HCI_OP_DISCONNECT:
88c3df13 2386 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2387 break;
2388
fcd89c09
VT		 2389 case HCI_OP_LE_CREATE_CONN:
2390 hci_cs_le_create_conn(hdev, ev->status);
2391 break;
2392
a7a595f6
VCG		 2393 case HCI_OP_LE_START_ENC:
2394 hci_cs_le_start_enc(hdev, ev->status);
2395 break;
2396
a9de9248
MH		 2397 default:
2398 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2399 break;
2400 }
2401
6bd32326
VT		 2402 if (ev->opcode != HCI_OP_NOP)
2403 del_timer(&hdev->cmd_timer);
2404
10572132 2405 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2406 atomic_set(&hdev->cmd_cnt, 1);
2407 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2408 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2409 }
2410}
2411
2412static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2413{
2414 struct hci_ev_role_change *ev = (void *) skb->data;
2415 struct hci_conn *conn;
2416
2417 BT_DBG("%s status %d", hdev->name, ev->status);
2418
2419 hci_dev_lock(hdev);
2420
2421 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2422 if (conn) {
2423 if (!ev->status) {
2424 if (ev->role)
2425 conn->link_mode &= ~HCI_LM_MASTER;
2426 else
2427 conn->link_mode |= HCI_LM_MASTER;
2428 }
2429
51a8efd7 2430 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2431
2432 hci_role_switch_cfm(conn, ev->status, ev->role);
2433 }
2434
2435 hci_dev_unlock(hdev);
2436}
2437
2438static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2439{
2440 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2441 int i;
2442
32ac5b9b
AE		 2443 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2444 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2445 return;
2446 }
2447
c5993de8
AE		 2448 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2449 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2450 BT_DBG("%s bad parameters", hdev->name);
2451 return;
2452 }
2453
c5993de8
AE		 2454 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2455
613a1c0c
AE		 2456 for (i = 0; i < ev->num_hndl; i++) {
2457 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2458 struct hci_conn *conn;
2459 __u16 handle, count;
2460
613a1c0c
AE		 2461 handle = __le16_to_cpu(info->handle);
2462 count = __le16_to_cpu(info->count);
a9de9248
MH		 2463
2464 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2465 if (!conn)
2466 continue;
2467
2468 conn->sent -= count;
2469
2470 switch (conn->type) {
2471 case ACL_LINK:
2472 hdev->acl_cnt += count;
2473 if (hdev->acl_cnt > hdev->acl_pkts)
2474 hdev->acl_cnt = hdev->acl_pkts;
2475 break;
2476
2477 case LE_LINK:
2478 if (hdev->le_pkts) {
2479 hdev->le_cnt += count;
2480 if (hdev->le_cnt > hdev->le_pkts)
2481 hdev->le_cnt = hdev->le_pkts;
2482 } else {
70f23020
AE		 2483 hdev->acl_cnt += count;
2484 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2485 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2486 }
f4280918
AE		 2487 break;
2488
2489 case SCO_LINK:
2490 hdev->sco_cnt += count;
2491 if (hdev->sco_cnt > hdev->sco_pkts)
2492 hdev->sco_cnt = hdev->sco_pkts;
2493 break;
2494
2495 default:
2496 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2497 break;
a9de9248
MH		 2498 }
2499 }
2500
3eff45ea 2501 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2502}
2503
25e89e99
AE		 2504static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2505 struct sk_buff *skb)
2506{
2507 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2508 int i;
2509
2510 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2511 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2512 return;
2513 }
2514
2515 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2516 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2517 BT_DBG("%s bad parameters", hdev->name);
2518 return;
2519 }
2520
2521 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2522 ev->num_hndl);
2523
2524 for (i = 0; i < ev->num_hndl; i++) {
2525 struct hci_comp_blocks_info *info = &ev->handles[i];
2526 struct hci_conn *conn;
2527 __u16 handle, block_count;
2528
2529 handle = __le16_to_cpu(info->handle);
2530 block_count = __le16_to_cpu(info->blocks);
2531
2532 conn = hci_conn_hash_lookup_handle(hdev, handle);
2533 if (!conn)
2534 continue;
2535
2536 conn->sent -= block_count;
2537
2538 switch (conn->type) {
2539 case ACL_LINK:
2540 hdev->block_cnt += block_count;
2541 if (hdev->block_cnt > hdev->num_blocks)
2542 hdev->block_cnt = hdev->num_blocks;
2543 break;
2544
2545 default:
2546 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2547 break;
2548 }
2549 }
2550
2551 queue_work(hdev->workqueue, &hdev->tx_work);
2552}
2553
a9de9248 2554static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2555{
a9de9248 2556 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2557 struct hci_conn *conn;
2558
2559 BT_DBG("%s status %d", hdev->name, ev->status);
2560
2561 hci_dev_lock(hdev);
2562
2563 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2564 if (conn) {
2565 conn->mode = ev->mode;
2566 conn->interval = __le16_to_cpu(ev->interval);
2567
51a8efd7 2568 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2569 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2570 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2571 else
58a681ef 2572 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2573 }
e73439d8 2574
51a8efd7 2575 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2576 hci_sco_setup(conn, ev->status);
04837f64
MH		 2577 }
2578
2579 hci_dev_unlock(hdev);
2580}
2581
a9de9248
MH		 2582static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2583{
052b30b0
MH		 2584 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2585 struct hci_conn *conn;
2586
a9de9248 2587 BT_DBG("%s", hdev->name);
052b30b0
MH		 2588
2589 hci_dev_lock(hdev);
2590
2591 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2592 if (!conn)
2593 goto unlock;
2594
2595 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2596 hci_conn_hold(conn);
2597 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2598 hci_conn_put(conn);
2599 }
2600
a8b2d5c2 2601 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2602 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2603 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2604 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2605 u8 secure;
2606
2607 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2608 secure = 1;
2609 else
2610 secure = 0;
2611
744cf19e 2612 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2613 }
980e1a53 2614
b6f98044 2615unlock:
052b30b0 2616 hci_dev_unlock(hdev);
a9de9248
MH		 2617}
2618
2619static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2620{
55ed8ca1
JH		 2621 struct hci_ev_link_key_req *ev = (void *) skb->data;
2622 struct hci_cp_link_key_reply cp;
2623 struct hci_conn *conn;
2624 struct link_key *key;
2625
a9de9248 2626 BT_DBG("%s", hdev->name);
55ed8ca1 2627
a8b2d5c2 2628 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2629 return;
2630
2631 hci_dev_lock(hdev);
2632
2633 key = hci_find_link_key(hdev, &ev->bdaddr);
2634 if (!key) {
2635 BT_DBG("%s link key not found for %s", hdev->name,
2636 batostr(&ev->bdaddr));
2637 goto not_found;
2638 }
2639
2640 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2641 batostr(&ev->bdaddr));
2642
a8b2d5c2 2643 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2644 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2645 BT_DBG("%s ignoring debug key", hdev->name);
2646 goto not_found;
2647 }
2648
2649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2650 if (conn) {
2651 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2652 conn->auth_type != 0xff &&
2653 (conn->auth_type & 0x01)) {
2654 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2655 goto not_found;
2656 }
55ed8ca1 2657
60b83f57
WR		 2658 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2659 conn->pending_sec_level == BT_SECURITY_HIGH) {
2660 BT_DBG("%s ignoring key unauthenticated for high \
2661 security", hdev->name);
2662 goto not_found;
2663 }
2664
2665 conn->key_type = key->type;
2666 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2667 }
2668
2669 bacpy(&cp.bdaddr, &ev->bdaddr);
2670 memcpy(cp.link_key, key->val, 16);
2671
2672 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2673
2674 hci_dev_unlock(hdev);
2675
2676 return;
2677
2678not_found:
2679 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2680 hci_dev_unlock(hdev);
a9de9248
MH		 2681}
2682
2683static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2684{
052b30b0
MH		 2685 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2686 struct hci_conn *conn;
55ed8ca1 2687 u8 pin_len = 0;
052b30b0 2688
a9de9248 2689 BT_DBG("%s", hdev->name);
052b30b0
MH		 2690
2691 hci_dev_lock(hdev);
2692
2693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2694 if (conn) {
2695 hci_conn_hold(conn);
2696 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2697 pin_len = conn->pin_length;
13d39315
WR		 2698
2699 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2700 conn->key_type = ev->key_type;
2701
052b30b0
MH		 2702 hci_conn_put(conn);
2703 }
2704
a8b2d5c2 2705 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2706 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2707 ev->key_type, pin_len);
2708
052b30b0 2709 hci_dev_unlock(hdev);
a9de9248
MH		 2710}
2711
1da177e4
LT		 2712static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2713{
a9de9248 2714 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2715 struct hci_conn *conn;
1da177e4
LT		 2716
2717 BT_DBG("%s status %d", hdev->name, ev->status);
2718
2719 hci_dev_lock(hdev);
2720
04837f64 2721 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2722 if (conn && !ev->status) {
2723 struct inquiry_entry *ie;
2724
cc11b9c1
AE		 2725 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2726 if (ie) {
1da177e4
LT		 2727 ie->data.clock_offset = ev->clock_offset;
2728 ie->timestamp = jiffies;
2729 }
2730 }
2731
2732 hci_dev_unlock(hdev);
2733}
2734
a8746417
MH		 2735static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2736{
2737 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2738 struct hci_conn *conn;
2739
2740 BT_DBG("%s status %d", hdev->name, ev->status);
2741
2742 hci_dev_lock(hdev);
2743
2744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2745 if (conn && !ev->status)
2746 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2747
2748 hci_dev_unlock(hdev);
2749}
2750
85a1e930
MH		 2751static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2752{
a9de9248 2753 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2754 struct inquiry_entry *ie;
2755
2756 BT_DBG("%s", hdev->name);
2757
2758 hci_dev_lock(hdev);
2759
cc11b9c1
AE		 2760 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2761 if (ie) {
85a1e930
MH		 2762 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2763 ie->timestamp = jiffies;
2764 }
2765
2766 hci_dev_unlock(hdev);
2767}
2768
a9de9248
MH		 2769static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2770{
2771 struct inquiry_data data;
2772 int num_rsp = *((__u8 *) skb->data);
3175405b 2773 bool name_known;
a9de9248
MH		 2774
2775 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2776
2777 if (!num_rsp)
2778 return;
2779
2780 hci_dev_lock(hdev);
2781
2782 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2783 struct inquiry_info_with_rssi_and_pscan_mode *info;
2784 info = (void *) (skb->data + 1);
a9de9248 2785
e17acd40 2786 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2787 bacpy(&data.bdaddr, &info->bdaddr);
2788 data.pscan_rep_mode = info->pscan_rep_mode;
2789 data.pscan_period_mode = info->pscan_period_mode;
2790 data.pscan_mode = info->pscan_mode;
2791 memcpy(data.dev_class, info->dev_class, 3);
2792 data.clock_offset = info->clock_offset;
2793 data.rssi = info->rssi;
41a96212 2794 data.ssp_mode = 0x00;
3175405b
JH		 2795
2796 name_known = hci_inquiry_cache_update(hdev, &data,
2797 false);
48264f06 2798 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2799 info->dev_class, info->rssi,
7d262f86 2800 !name_known, NULL, 0);
a9de9248
MH		 2801 }
2802 } else {
2803 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2804
e17acd40 2805 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2806 bacpy(&data.bdaddr, &info->bdaddr);
2807 data.pscan_rep_mode = info->pscan_rep_mode;
2808 data.pscan_period_mode = info->pscan_period_mode;
2809 data.pscan_mode = 0x00;
2810 memcpy(data.dev_class, info->dev_class, 3);
2811 data.clock_offset = info->clock_offset;
2812 data.rssi = info->rssi;
41a96212 2813 data.ssp_mode = 0x00;
3175405b
JH		 2814 name_known = hci_inquiry_cache_update(hdev, &data,
2815 false);
48264f06 2816 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2817 info->dev_class, info->rssi,
7d262f86 2818 !name_known, NULL, 0);
a9de9248
MH		 2819 }
2820 }
2821
2822 hci_dev_unlock(hdev);
2823}
2824
2825static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2826{
41a96212
MH		 2827 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2828 struct hci_conn *conn;
2829
a9de9248 2830 BT_DBG("%s", hdev->name);
41a96212 2831
41a96212
MH		 2832 hci_dev_lock(hdev);
2833
2834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2835 if (!conn)
2836 goto unlock;
41a96212 2837
ccd556fe
JH		 2838 if (!ev->status && ev->page == 0x01) {
2839 struct inquiry_entry *ie;
41a96212 2840
cc11b9c1
AE		 2841 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2842 if (ie)
ccd556fe 2843 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2844
58a681ef
JH		 2845 if (ev->features[0] & 0x01)
2846 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2847 }
2848
2849 if (conn->state != BT_CONFIG)
2850 goto unlock;
2851
127178d2
JH		 2852 if (!ev->status) {
2853 struct hci_cp_remote_name_req cp;
2854 memset(&cp, 0, sizeof(cp));
2855 bacpy(&cp.bdaddr, &conn->dst);
2856 cp.pscan_rep_mode = 0x02;
2857 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2858 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2859 mgmt_device_connected(hdev, &conn->dst, conn->type,
2860 conn->dst_type, NULL, 0,
2861 conn->dev_class);
392599b9 2862
127178d2 2863 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2864 conn->state = BT_CONNECTED;
2865 hci_proto_connect_cfm(conn, ev->status);
2866 hci_conn_put(conn);
41a96212
MH		 2867 }
2868
ccd556fe 2869unlock:
41a96212 2870 hci_dev_unlock(hdev);
a9de9248
MH		 2871}
2872
2873static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2874{
b6a0dc82
MH		 2875 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2876 struct hci_conn *conn;
2877
2878 BT_DBG("%s status %d", hdev->name, ev->status);
2879
2880 hci_dev_lock(hdev);
2881
2882 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2883 if (!conn) {
2884 if (ev->link_type == ESCO_LINK)
2885 goto unlock;
2886
2887 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2888 if (!conn)
2889 goto unlock;
2890
2891 conn->type = SCO_LINK;
2892 }
b6a0dc82 2893
732547f9
MH		 2894 switch (ev->status) {
2895 case 0x00:
b6a0dc82
MH		 2896 conn->handle = __le16_to_cpu(ev->handle);
2897 conn->state = BT_CONNECTED;
7d0db0a3 2898
9eba32b8 2899 hci_conn_hold_device(conn);
7d0db0a3 2900 hci_conn_add_sysfs(conn);
732547f9
MH		 2901 break;
2902
705e5711 2903 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2904 case 0x1c: /* SCO interval rejected */
1038a00b 2905 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2906 case 0x1f: /* Unspecified error */
2907 if (conn->out && conn->attempt < 2) {
2908 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2909 (hdev->esco_type & EDR_ESCO_MASK);
2910 hci_setup_sync(conn, conn->link->handle);
2911 goto unlock;
2912 }
2913 /* fall through */
2914
2915 default:
b6a0dc82 2916 conn->state = BT_CLOSED;
732547f9
MH		 2917 break;
2918 }
b6a0dc82
MH		 2919
2920 hci_proto_connect_cfm(conn, ev->status);
2921 if (ev->status)
2922 hci_conn_del(conn);
2923
2924unlock:
2925 hci_dev_unlock(hdev);
a9de9248
MH		 2926}
2927
2928static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2929{
2930 BT_DBG("%s", hdev->name);
2931}
2932
04837f64
MH		 2933static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2934{
a9de9248 2935 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2936
2937 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2938}
2939
a9de9248 2940static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2941{
a9de9248
MH		 2942 struct inquiry_data data;
2943 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2944 int num_rsp = *((__u8 *) skb->data);
1da177e4 2945
a9de9248 2946 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2947
a9de9248
MH		 2948 if (!num_rsp)
2949 return;
1da177e4 2950
a9de9248
MH		 2951 hci_dev_lock(hdev);
2952
e17acd40 2953 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2954 bool name_known;
2955
a9de9248 2956 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2957 data.pscan_rep_mode = info->pscan_rep_mode;
2958 data.pscan_period_mode = info->pscan_period_mode;
2959 data.pscan_mode = 0x00;
a9de9248 2960 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2961 data.clock_offset = info->clock_offset;
2962 data.rssi = info->rssi;
41a96212 2963 data.ssp_mode = 0x01;
561aafbc 2964
a8b2d5c2 2965 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2966 name_known = eir_has_data_type(info->data,
2967 sizeof(info->data),
2968 EIR_NAME_COMPLETE);
561aafbc
JH		 2969 else
2970 name_known = true;
2971
3175405b 2972 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2973 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2974 info->dev_class, info->rssi,
7d262f86
AG		 2975 !name_known, info->data,
2976 sizeof(info->data));
a9de9248
MH		 2977 }
2978
2979 hci_dev_unlock(hdev);
2980}
1da177e4 2981
17fa4b9d
JH		 2982static inline u8 hci_get_auth_req(struct hci_conn *conn)
2983{
2984 /* If remote requests dedicated bonding follow that lead */
2985 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2986 /* If both remote and local IO capabilities allow MITM
2987 * protection then require it, otherwise don't */
2988 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2989 return 0x02;
2990 else
2991 return 0x03;
2992 }
2993
2994 /* If remote requests no-bonding follow that lead */
2995 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2996 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2997
2998 return conn->auth_type;
2999}
3000
0493684e
MH		 3001static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3002{
3003 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3004 struct hci_conn *conn;
3005
3006 BT_DBG("%s", hdev->name);
3007
3008 hci_dev_lock(hdev);
3009
3010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3011 if (!conn)
3012 goto unlock;
3013
3014 hci_conn_hold(conn);
3015
a8b2d5c2 3016 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3017 goto unlock;
3018
a8b2d5c2 3019 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3020 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3021 struct hci_cp_io_capability_reply cp;
3022
3023 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3024 /* Change the IO capability from KeyboardDisplay
3025 * to DisplayYesNo as it is not supported by BT spec. */
3026 cp.capability = (conn->io_capability == 0x04) ?
3027 0x01 : conn->io_capability;
7cbc9bd9
JH		 3028 conn->auth_type = hci_get_auth_req(conn);
3029 cp.authentication = conn->auth_type;
17fa4b9d 3030
58a681ef 3031 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3032 hci_find_remote_oob_data(hdev, &conn->dst))
3033 cp.oob_data = 0x01;
3034 else
3035 cp.oob_data = 0x00;
3036
17fa4b9d
JH		 3037 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3038 sizeof(cp), &cp);
03b555e1
JH		 3039 } else {
3040 struct hci_cp_io_capability_neg_reply cp;
3041
3042 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3043 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3044
03b555e1
JH		 3045 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3046 sizeof(cp), &cp);
3047 }
3048
3049unlock:
3050 hci_dev_unlock(hdev);
3051}
3052
3053static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3054{
3055 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3056 struct hci_conn *conn;
3057
3058 BT_DBG("%s", hdev->name);
3059
3060 hci_dev_lock(hdev);
3061
3062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3063 if (!conn)
3064 goto unlock;
3065
03b555e1 3066 conn->remote_cap = ev->capability;
03b555e1 3067 conn->remote_auth = ev->authentication;
58a681ef
JH		 3068 if (ev->oob_data)
3069 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3070
3071unlock:
0493684e
MH		 3072 hci_dev_unlock(hdev);
3073}
3074
a5c29683
JH		 3075static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3076 struct sk_buff *skb)
3077{
3078 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3079 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3080 struct hci_conn *conn;
a5c29683
JH		 3081
3082 BT_DBG("%s", hdev->name);
3083
3084 hci_dev_lock(hdev);
3085
a8b2d5c2 3086 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3087 goto unlock;
a5c29683 3088
7a828908
JH		 3089 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3090 if (!conn)
3091 goto unlock;
3092
3093 loc_mitm = (conn->auth_type & 0x01);
3094 rem_mitm = (conn->remote_auth & 0x01);
3095
3096 /* If we require MITM but the remote device can't provide that
3097 * (it has NoInputNoOutput) then reject the confirmation
3098 * request. The only exception is when we're dedicated bonding
3099 * initiators (connect_cfm_cb set) since then we always have the MITM
3100 * bit set. */
3101 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3102 BT_DBG("Rejecting request: remote device can't provide MITM");
3103 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3104 sizeof(ev->bdaddr), &ev->bdaddr);
3105 goto unlock;
3106 }
3107
3108 /* If no side requires MITM protection; auto-accept */
3109 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3110 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3111
3112 /* If we're not the initiators request authorization to
3113 * proceed from user space (mgmt_user_confirm with
3114 * confirm_hint set to 1). */
51a8efd7 3115 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3116 BT_DBG("Confirming auto-accept as acceptor");
3117 confirm_hint = 1;
3118 goto confirm;
3119 }
3120
9f61656a
JH		 3121 BT_DBG("Auto-accept of user confirmation with %ums delay",
3122 hdev->auto_accept_delay);
3123
3124 if (hdev->auto_accept_delay > 0) {
3125 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3126 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3127 goto unlock;
3128 }
3129
7a828908
JH		 3130 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3131 sizeof(ev->bdaddr), &ev->bdaddr);
3132 goto unlock;
3133 }
3134
55bc1a37 3135confirm:
272d90df 3136 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3137 confirm_hint);
7a828908
JH		 3138
3139unlock:
a5c29683
JH		 3140 hci_dev_unlock(hdev);
3141}
3142
1143d458
BG		 3143static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3144 struct sk_buff *skb)
3145{
3146 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3147
3148 BT_DBG("%s", hdev->name);
3149
3150 hci_dev_lock(hdev);
3151
a8b2d5c2 3152 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3153 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3154
3155 hci_dev_unlock(hdev);
3156}
3157
0493684e
MH		 3158static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3159{
3160 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3161 struct hci_conn *conn;
3162
3163 BT_DBG("%s", hdev->name);
3164
3165 hci_dev_lock(hdev);
3166
3167 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3168 if (!conn)
3169 goto unlock;
3170
3171 /* To avoid duplicate auth_failed events to user space we check
3172 * the HCI_CONN_AUTH_PEND flag which will be set if we
3173 * initiated the authentication. A traditional auth_complete
3174 * event gets always produced as initiator and is also mapped to
3175 * the mgmt_auth_failed event */
51a8efd7 3176 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3177 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3178 ev->status);
0493684e 3179
2a611692
JH		 3180 hci_conn_put(conn);
3181
3182unlock:
0493684e
MH		 3183 hci_dev_unlock(hdev);
3184}
3185
41a96212
MH		 3186static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3187{
3188 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3189 struct inquiry_entry *ie;
3190
3191 BT_DBG("%s", hdev->name);
3192
3193 hci_dev_lock(hdev);
3194
cc11b9c1
AE		 3195 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3196 if (ie)
41a96212
MH		 3197 ie->data.ssp_mode = (ev->features[0] & 0x01);
3198
3199 hci_dev_unlock(hdev);
3200}
3201
2763eda6
SJ		 3202static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3203 struct sk_buff *skb)
3204{
3205 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3206 struct oob_data *data;
3207
3208 BT_DBG("%s", hdev->name);
3209
3210 hci_dev_lock(hdev);
3211
a8b2d5c2 3212 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3213 goto unlock;
3214
2763eda6
SJ		 3215 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3216 if (data) {
3217 struct hci_cp_remote_oob_data_reply cp;
3218
3219 bacpy(&cp.bdaddr, &ev->bdaddr);
3220 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3221 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3222
3223 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3224 &cp);
3225 } else {
3226 struct hci_cp_remote_oob_data_neg_reply cp;
3227
3228 bacpy(&cp.bdaddr, &ev->bdaddr);
3229 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3230 &cp);
3231 }
3232
e1ba1f15 3233unlock:
2763eda6
SJ		 3234 hci_dev_unlock(hdev);
3235}
3236
fcd89c09
VT		 3237static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3238{
3239 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3240 struct hci_conn *conn;
3241
3242 BT_DBG("%s status %d", hdev->name, ev->status);
3243
3244 hci_dev_lock(hdev);
3245
3246 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3247 if (!conn) {
3248 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3249 if (!conn) {
3250 BT_ERR("No memory for new connection");
3251 hci_dev_unlock(hdev);
3252 return;
3253 }
29b7988a
AG		 3254
3255 conn->dst_type = ev->bdaddr_type;
b62f328b 3256 }
fcd89c09
VT		 3257
3258 if (ev->status) {
48264f06
JH		 3259 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3260 conn->dst_type, ev->status);
fcd89c09
VT		 3261 hci_proto_connect_cfm(conn, ev->status);
3262 conn->state = BT_CLOSED;
3263 hci_conn_del(conn);
3264 goto unlock;
3265 }
3266
b644ba33
JH		 3267 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3268 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3269 conn->dst_type, NULL, 0, 0);
83bc71b4 3270
7b5c0d52 3271 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3272 conn->handle = __le16_to_cpu(ev->handle);
3273 conn->state = BT_CONNECTED;
3274
3275 hci_conn_hold_device(conn);
3276 hci_conn_add_sysfs(conn);
3277
3278 hci_proto_connect_cfm(conn, ev->status);
3279
3280unlock:
3281 hci_dev_unlock(hdev);
3282}
3283
9aa04c91
AG		 3284static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3286{
e95beb41
AG		 3287 u8 num_reports = skb->data[0];
3288 void *ptr = &skb->data[1];
3c9e9195 3289 s8 rssi;
9aa04c91
AG		 3290
3291 hci_dev_lock(hdev);
3292
e95beb41
AG		 3293 while (num_reports--) {
3294 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3295
9aa04c91 3296 hci_add_adv_entry(hdev, ev);
e95beb41 3297
3c9e9195
AG		 3298 rssi = ev->data[ev->length];
3299 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3300 NULL, rssi, 0, ev->data, ev->length);
3301
e95beb41 3302 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3303 }
3304
3305 hci_dev_unlock(hdev);
3306}
3307
a7a595f6
VCG		 3308static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3310{
3311 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3312 struct hci_cp_le_ltk_reply cp;
bea710fe 3313 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3314 struct hci_conn *conn;
c9839a11 3315 struct smp_ltk *ltk;
a7a595f6
VCG		 3316
3317 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3318
3319 hci_dev_lock(hdev);
3320
3321 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3322 if (conn == NULL)
3323 goto not_found;
a7a595f6 3324
bea710fe
VCG		 3325 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3326 if (ltk == NULL)
3327 goto not_found;
3328
3329 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3330 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3331
3332 if (ltk->authenticated)
3333 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3334
3335 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3336
c9839a11
VCG		 3337 if (ltk->type & HCI_SMP_STK) {
3338 list_del(&ltk->list);
3339 kfree(ltk);
3340 }
3341
a7a595f6 3342 hci_dev_unlock(hdev);
bea710fe
VCG		 3343
3344 return;
3345
3346not_found:
3347 neg.handle = ev->handle;
3348 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3349 hci_dev_unlock(hdev);
a7a595f6
VCG		 3350}
3351
fcd89c09
VT		 3352static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3353{
3354 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3355
3356 skb_pull(skb, sizeof(*le_ev));
3357
3358 switch (le_ev->subevent) {
3359 case HCI_EV_LE_CONN_COMPLETE:
3360 hci_le_conn_complete_evt(hdev, skb);
3361 break;
3362
9aa04c91
AG		 3363 case HCI_EV_LE_ADVERTISING_REPORT:
3364 hci_le_adv_report_evt(hdev, skb);
3365 break;
3366
a7a595f6
VCG		 3367 case HCI_EV_LE_LTK_REQ:
3368 hci_le_ltk_request_evt(hdev, skb);
3369 break;
3370
fcd89c09
VT		 3371 default:
3372 break;
3373 }
3374}
3375
a9de9248
MH		 3376void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3377{
3378 struct hci_event_hdr *hdr = (void *) skb->data;
3379 __u8 event = hdr->evt;
3380
3381 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3382
3383 switch (event) {
1da177e4
LT		 3384 case HCI_EV_INQUIRY_COMPLETE:
3385 hci_inquiry_complete_evt(hdev, skb);
3386 break;
3387
3388 case HCI_EV_INQUIRY_RESULT:
3389 hci_inquiry_result_evt(hdev, skb);
3390 break;
3391
a9de9248
MH		 3392 case HCI_EV_CONN_COMPLETE:
3393 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3394 break;
3395
1da177e4
LT		 3396 case HCI_EV_CONN_REQUEST:
3397 hci_conn_request_evt(hdev, skb);
3398 break;
3399
1da177e4
LT		 3400 case HCI_EV_DISCONN_COMPLETE:
3401 hci_disconn_complete_evt(hdev, skb);
3402 break;
3403
1da177e4
LT		 3404 case HCI_EV_AUTH_COMPLETE:
3405 hci_auth_complete_evt(hdev, skb);
3406 break;
3407
a9de9248
MH		 3408 case HCI_EV_REMOTE_NAME:
3409 hci_remote_name_evt(hdev, skb);
3410 break;
3411
1da177e4
LT		 3412 case HCI_EV_ENCRYPT_CHANGE:
3413 hci_encrypt_change_evt(hdev, skb);
3414 break;
3415
a9de9248
MH		 3416 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3417 hci_change_link_key_complete_evt(hdev, skb);
3418 break;
3419
3420 case HCI_EV_REMOTE_FEATURES:
3421 hci_remote_features_evt(hdev, skb);
3422 break;
3423
3424 case HCI_EV_REMOTE_VERSION:
3425 hci_remote_version_evt(hdev, skb);
3426 break;
3427
3428 case HCI_EV_QOS_SETUP_COMPLETE:
3429 hci_qos_setup_complete_evt(hdev, skb);
3430 break;
3431
3432 case HCI_EV_CMD_COMPLETE:
3433 hci_cmd_complete_evt(hdev, skb);
3434 break;
3435
3436 case HCI_EV_CMD_STATUS:
3437 hci_cmd_status_evt(hdev, skb);
3438 break;
3439
3440 case HCI_EV_ROLE_CHANGE:
3441 hci_role_change_evt(hdev, skb);
3442 break;
3443
3444 case HCI_EV_NUM_COMP_PKTS:
3445 hci_num_comp_pkts_evt(hdev, skb);
3446 break;
3447
3448 case HCI_EV_MODE_CHANGE:
3449 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3450 break;
3451
3452 case HCI_EV_PIN_CODE_REQ:
3453 hci_pin_code_request_evt(hdev, skb);
3454 break;
3455
3456 case HCI_EV_LINK_KEY_REQ:
3457 hci_link_key_request_evt(hdev, skb);
3458 break;
3459
3460 case HCI_EV_LINK_KEY_NOTIFY:
3461 hci_link_key_notify_evt(hdev, skb);
3462 break;
3463
3464 case HCI_EV_CLOCK_OFFSET:
3465 hci_clock_offset_evt(hdev, skb);
3466 break;
3467
a8746417
MH		 3468 case HCI_EV_PKT_TYPE_CHANGE:
3469 hci_pkt_type_change_evt(hdev, skb);
3470 break;
3471
85a1e930
MH		 3472 case HCI_EV_PSCAN_REP_MODE:
3473 hci_pscan_rep_mode_evt(hdev, skb);
3474 break;
3475
a9de9248
MH		 3476 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3477 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3478 break;
3479
a9de9248
MH		 3480 case HCI_EV_REMOTE_EXT_FEATURES:
3481 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3482 break;
3483
a9de9248
MH		 3484 case HCI_EV_SYNC_CONN_COMPLETE:
3485 hci_sync_conn_complete_evt(hdev, skb);
3486 break;
1da177e4 3487
a9de9248
MH		 3488 case HCI_EV_SYNC_CONN_CHANGED:
3489 hci_sync_conn_changed_evt(hdev, skb);
3490 break;
1da177e4 3491
a9de9248
MH		 3492 case HCI_EV_SNIFF_SUBRATE:
3493 hci_sniff_subrate_evt(hdev, skb);
3494 break;
1da177e4 3495
a9de9248
MH		 3496 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3497 hci_extended_inquiry_result_evt(hdev, skb);
3498 break;
1da177e4 3499
0493684e
MH		 3500 case HCI_EV_IO_CAPA_REQUEST:
3501 hci_io_capa_request_evt(hdev, skb);
3502 break;
3503
03b555e1
JH		 3504 case HCI_EV_IO_CAPA_REPLY:
3505 hci_io_capa_reply_evt(hdev, skb);
3506 break;
3507
a5c29683
JH		 3508 case HCI_EV_USER_CONFIRM_REQUEST:
3509 hci_user_confirm_request_evt(hdev, skb);
3510 break;
3511
1143d458
BG		 3512 case HCI_EV_USER_PASSKEY_REQUEST:
3513 hci_user_passkey_request_evt(hdev, skb);
3514 break;
3515
0493684e
MH		 3516 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3517 hci_simple_pair_complete_evt(hdev, skb);
3518 break;
3519
41a96212
MH		 3520 case HCI_EV_REMOTE_HOST_FEATURES:
3521 hci_remote_host_features_evt(hdev, skb);
3522 break;
3523
fcd89c09
VT		 3524 case HCI_EV_LE_META:
3525 hci_le_meta_evt(hdev, skb);
3526 break;
3527
2763eda6
SJ		 3528 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3529 hci_remote_oob_data_request_evt(hdev, skb);
3530 break;
3531
25e89e99
AE		 3532 case HCI_EV_NUM_COMP_BLOCKS:
3533 hci_num_comp_blocks_evt(hdev, skb);
3534 break;
3535
a9de9248
MH		 3536 default:
3537 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3538 break;
3539 }
3540
3541 kfree_skb(skb);
3542 hdev->stat.evt_rx++;
3543}
3544
3545/* Generate internal stack event */
3546void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3547{
3548 struct hci_event_hdr *hdr;
3549 struct hci_ev_stack_internal *ev;
3550 struct sk_buff *skb;
3551
3552 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3553 if (!skb)
3554 return;
3555
3556 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3557 hdr->evt = HCI_EV_STACK_INTERNAL;
3558 hdr->plen = sizeof(*ev) + dlen;
3559
3560 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3561 ev->type = type;
3562 memcpy(ev->data, data, dlen);
3563
576c7d85 3564 bt_cb(skb)->incoming = 1;
a61bbcf2 3565 __net_timestamp(skb);
576c7d85 3566
0d48d939 3567 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3568 skb->dev = (void *) hdev;
eec8d2bc 3569 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3570 kfree_skb(skb);
3571}
e6100a25 3572
669bb396 3573module_param(enable_le, bool, 0644);
e6100a25 3574MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)