projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Centralize SMP pairing failure handling
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 197}
04837f64 198
a9de9248
MH		 199static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
200{
201 __u8 status = *((__u8 *) skb->data);
202 void *sent;
04837f64 203
a9de9248 204 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 205
a9de9248
MH		 206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
207 if (!sent)
208 return;
04837f64 209
56e5cb86
JH		 210 hci_dev_lock(hdev);
211
b312b161 212 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 213 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 214
56e5cb86
JH		 215 if (status == 0)
216 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 217
56e5cb86 218 hci_dev_unlock(hdev);
a9de9248
MH		 219}
220
221static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222{
223 struct hci_rp_read_local_name *rp = (void *) skb->data;
224
225 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226
227 if (rp->status)
228 return;
229
1f6c6378 230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 231}
232
233static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 __u8 status = *((__u8 *) skb->data);
236 void *sent;
237
238 BT_DBG("%s status 0x%x", hdev->name, status);
239
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 if (!sent)
242 return;
243
244 if (!status) {
245 __u8 param = *((__u8 *) sent);
246
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
249 else
250 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 251 }
a9de9248 252
23bb5763 253 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 254}
255
a9de9248 256static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 257{
a9de9248 258 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 259 void *sent;
260
a9de9248 261 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 262
a9de9248
MH		 263 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
264 if (!sent)
265 return;
1da177e4 266
a9de9248
MH		 267 if (!status) {
268 __u8 param = *((__u8 *) sent);
269
270 if (param)
271 set_bit(HCI_ENCRYPT, &hdev->flags);
272 else
273 clear_bit(HCI_ENCRYPT, &hdev->flags);
274 }
1da177e4 275
23bb5763 276 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 277}
1da177e4 278
a9de9248
MH		 279static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
280{
36f7fc7e
JH		 281 __u8 param, status = *((__u8 *) skb->data);
282 int old_pscan, old_iscan;
a9de9248 283 void *sent;
1da177e4 284
a9de9248 285 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 286
a9de9248
MH		 287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
288 if (!sent)
289 return;
1da177e4 290
36f7fc7e
JH		 291 param = *((__u8 *) sent);
292
56e5cb86
JH		 293 hci_dev_lock(hdev);
294
2d7cee58 295 if (status != 0) {
744cf19e 296 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 297 hdev->discov_timeout = 0;
298 goto done;
299 }
300
36f7fc7e
JH		 301 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
302 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
303
304 if (param & SCAN_INQUIRY) {
305 set_bit(HCI_ISCAN, &hdev->flags);
306 if (!old_iscan)
744cf19e 307 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 308 if (hdev->discov_timeout > 0) {
309 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
310 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
311 to);
312 }
36f7fc7e 313 } else if (old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 315
316 if (param & SCAN_PAGE) {
317 set_bit(HCI_PSCAN, &hdev->flags);
318 if (!old_pscan)
744cf19e 319 mgmt_connectable(hdev, 1);
36f7fc7e 320 } else if (old_pscan)
744cf19e 321 mgmt_connectable(hdev, 0);
1da177e4 322
36f7fc7e 323done:
56e5cb86 324 hci_dev_unlock(hdev);
23bb5763 325 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 326}
1da177e4 327
a9de9248
MH		 328static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
329{
330 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 331
a9de9248 332 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 333
a9de9248
MH		 334 if (rp->status)
335 return;
1da177e4 336
a9de9248 337 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 338
a9de9248
MH		 339 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
340 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
341}
1da177e4 342
a9de9248
MH		 343static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344{
345 __u8 status = *((__u8 *) skb->data);
346 void *sent;
1da177e4 347
a9de9248 348 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 349
f383f275
MH		 350 if (status)
351 return;
352
a9de9248
MH		 353 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
354 if (!sent)
355 return;
1da177e4 356
f383f275 357 memcpy(hdev->dev_class, sent, 3);
a9de9248 358}
1da177e4 359
a9de9248
MH		 360static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
361{
362 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
363 __u16 setting;
364
365 BT_DBG("%s status 0x%x", hdev->name, rp->status);
366
367 if (rp->status)
368 return;
369
370 setting = __le16_to_cpu(rp->voice_setting);
371
f383f275 372 if (hdev->voice_setting == setting)
a9de9248
MH		 373 return;
374
375 hdev->voice_setting = setting;
376
377 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
378
379 if (hdev->notify) {
380 tasklet_disable(&hdev->tx_task);
381 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
382 tasklet_enable(&hdev->tx_task);
383 }
384}
385
386static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 __u8 status = *((__u8 *) skb->data);
f383f275 389 __u16 setting;
a9de9248
MH		 390 void *sent;
391
392 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 393
f383f275
MH		 394 if (status)
395 return;
396
a9de9248
MH		 397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
398 if (!sent)
399 return;
1da177e4 400
f383f275 401 setting = get_unaligned_le16(sent);
1da177e4 402
f383f275
MH		 403 if (hdev->voice_setting == setting)
404 return;
405
406 hdev->voice_setting = setting;
1da177e4 407
f383f275 408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 409
f383f275
MH		 410 if (hdev->notify) {
411 tasklet_disable(&hdev->tx_task);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 414 }
415}
416
a9de9248 417static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 418{
a9de9248 419 __u8 status = *((__u8 *) skb->data);
1da177e4 420
a9de9248 421 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 422
23bb5763 423 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 424}
1143e5a6 425
333140b5
MH		 426static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
427{
428 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
429
430 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431
432 if (rp->status)
433 return;
434
435 hdev->ssp_mode = rp->mode;
436}
437
438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
441 void *sent;
442
443 BT_DBG("%s status 0x%x", hdev->name, status);
444
445 if (status)
446 return;
447
448 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 if (!sent)
450 return;
451
452 hdev->ssp_mode = *((__u8 *) sent);
453}
454
d5859e22
JH		 455static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
456{
457 if (hdev->features[6] & LMP_EXT_INQ)
458 return 2;
459
460 if (hdev->features[3] & LMP_RSSI_INQ)
461 return 1;
462
463 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
464 hdev->lmp_subver == 0x0757)
465 return 1;
466
467 if (hdev->manufacturer == 15) {
468 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
469 return 1;
470 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
471 return 1;
472 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
473 return 1;
474 }
475
476 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
477 hdev->lmp_subver == 0x1805)
478 return 1;
479
480 return 0;
481}
482
483static void hci_setup_inquiry_mode(struct hci_dev *hdev)
484{
485 u8 mode;
486
487 mode = hci_get_inquiry_mode(hdev);
488
489 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
490}
491
492static void hci_setup_event_mask(struct hci_dev *hdev)
493{
494 /* The second byte is 0xff instead of 0x9f (two reserved bits
495 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
496 * command otherwise */
497 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
498
6de6c18d
VT		 499 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
500 * any event mask for pre 1.2 devices */
501 if (hdev->lmp_ver <= 1)
502 return;
503
504 events[4] |= 0x01; /* Flow Specification Complete */
505 events[4] |= 0x02; /* Inquiry Result with RSSI */
506 events[4] |= 0x04; /* Read Remote Extended Features Complete */
507 events[5] |= 0x08; /* Synchronous Connection Complete */
508 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 509
510 if (hdev->features[3] & LMP_RSSI_INQ)
511 events[4] |= 0x04; /* Inquiry Result with RSSI */
512
513 if (hdev->features[5] & LMP_SNIFF_SUBR)
514 events[5] |= 0x20; /* Sniff Subrating */
515
516 if (hdev->features[5] & LMP_PAUSE_ENC)
517 events[5] |= 0x80; /* Encryption Key Refresh Complete */
518
519 if (hdev->features[6] & LMP_EXT_INQ)
520 events[5] |= 0x40; /* Extended Inquiry Result */
521
522 if (hdev->features[6] & LMP_NO_FLUSH)
523 events[7] |= 0x01; /* Enhanced Flush Complete */
524
525 if (hdev->features[7] & LMP_LSTO)
526 events[6] |= 0x80; /* Link Supervision Timeout Changed */
527
528 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
529 events[6] |= 0x01; /* IO Capability Request */
530 events[6] |= 0x02; /* IO Capability Response */
531 events[6] |= 0x04; /* User Confirmation Request */
532 events[6] |= 0x08; /* User Passkey Request */
533 events[6] |= 0x10; /* Remote OOB Data Request */
534 events[6] |= 0x20; /* Simple Pairing Complete */
535 events[7] |= 0x04; /* User Passkey Notification */
536 events[7] |= 0x08; /* Keypress Notification */
537 events[7] |= 0x10; /* Remote Host Supported
538 * Features Notification */
539 }
540
541 if (hdev->features[4] & LMP_LE)
542 events[7] |= 0x20; /* LE Meta-Event */
543
544 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
545}
546
e6100a25
AG		 547static void hci_set_le_support(struct hci_dev *hdev)
548{
549 struct hci_cp_write_le_host_supported cp;
550
551 memset(&cp, 0, sizeof(cp));
552
553 if (enable_le) {
554 cp.le = 1;
555 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
556 }
557
558 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
559}
560
d5859e22
JH		 561static void hci_setup(struct hci_dev *hdev)
562{
563 hci_setup_event_mask(hdev);
564
565 if (hdev->lmp_ver > 1)
566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567
568 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 u8 mode = 0x01;
570 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
571 }
572
573 if (hdev->features[3] & LMP_RSSI_INQ)
574 hci_setup_inquiry_mode(hdev);
575
576 if (hdev->features[7] & LMP_INQ_TX_PWR)
577 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 578
579 if (hdev->features[7] & LMP_EXTFEATURES) {
580 struct hci_cp_read_local_ext_features cp;
581
582 cp.page = 0x01;
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
584 sizeof(cp), &cp);
585 }
e6100a25
AG		 586
587 if (hdev->features[4] & LMP_LE)
588 hci_set_le_support(hdev);
d5859e22
JH		 589}
590
a9de9248
MH		 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592{
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 594
a9de9248 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 596
a9de9248
MH		 597 if (rp->status)
598 return;
1143e5a6 599
a9de9248 600 hdev->hci_ver = rp->hci_ver;
e4e8e37c 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 602 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 605
a9de9248
MH		 606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->manufacturer,
608 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 609
610 if (test_bit(HCI_INIT, &hdev->flags))
611 hci_setup(hdev);
612}
613
614static void hci_setup_link_policy(struct hci_dev *hdev)
615{
616 u16 link_policy = 0;
617
618 if (hdev->features[0] & LMP_RSWITCH)
619 link_policy |= HCI_LP_RSWITCH;
620 if (hdev->features[0] & LMP_HOLD)
621 link_policy |= HCI_LP_HOLD;
622 if (hdev->features[0] & LMP_SNIFF)
623 link_policy |= HCI_LP_SNIFF;
624 if (hdev->features[1] & LMP_PARK)
625 link_policy |= HCI_LP_PARK;
626
627 link_policy = cpu_to_le16(link_policy);
628 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
629 sizeof(link_policy), &link_policy);
a9de9248 630}
1da177e4 631
a9de9248
MH		 632static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633{
634 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 635
a9de9248 636 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 637
a9de9248 638 if (rp->status)
d5859e22 639 goto done;
1da177e4 640
a9de9248 641 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 642
643 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
644 hci_setup_link_policy(hdev);
645
646done:
647 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 648}
1da177e4 649
a9de9248
MH		 650static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651{
652 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 653
a9de9248 654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 655
a9de9248
MH		 656 if (rp->status)
657 return;
5b7f9909 658
a9de9248 659 memcpy(hdev->features, rp->features, 8);
5b7f9909 660
a9de9248
MH		 661 /* Adjust default settings according to features
662 * supported by device. */
1da177e4 663
a9de9248
MH		 664 if (hdev->features[0] & LMP_3SLOT)
665 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 666
a9de9248
MH		 667 if (hdev->features[0] & LMP_5SLOT)
668 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 669
a9de9248
MH		 670 if (hdev->features[1] & LMP_HV2) {
671 hdev->pkt_type |= (HCI_HV2);
672 hdev->esco_type |= (ESCO_HV2);
673 }
1da177e4 674
a9de9248
MH		 675 if (hdev->features[1] & LMP_HV3) {
676 hdev->pkt_type |= (HCI_HV3);
677 hdev->esco_type |= (ESCO_HV3);
678 }
1da177e4 679
a9de9248
MH		 680 if (hdev->features[3] & LMP_ESCO)
681 hdev->esco_type |= (ESCO_EV3);
da1f5198 682
a9de9248
MH		 683 if (hdev->features[4] & LMP_EV4)
684 hdev->esco_type |= (ESCO_EV4);
da1f5198 685
a9de9248
MH		 686 if (hdev->features[4] & LMP_EV5)
687 hdev->esco_type |= (ESCO_EV5);
1da177e4 688
efc7688b
MH		 689 if (hdev->features[5] & LMP_EDR_ESCO_2M)
690 hdev->esco_type |= (ESCO_2EV3);
691
692 if (hdev->features[5] & LMP_EDR_ESCO_3M)
693 hdev->esco_type |= (ESCO_3EV3);
694
695 if (hdev->features[5] & LMP_EDR_3S_ESCO)
696 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697
a9de9248
MH		 698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
699 hdev->features[0], hdev->features[1],
700 hdev->features[2], hdev->features[3],
701 hdev->features[4], hdev->features[5],
702 hdev->features[6], hdev->features[7]);
703}
1da177e4 704
971e3a4b
AG		 705static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
706 struct sk_buff *skb)
707{
708 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711
712 if (rp->status)
713 return;
714
715 memcpy(hdev->extfeatures, rp->features, 8);
716
717 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
718}
719
a9de9248
MH		 720static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
721{
722 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 723
a9de9248 724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 725
a9de9248
MH		 726 if (rp->status)
727 return;
1da177e4 728
a9de9248
MH		 729 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
730 hdev->sco_mtu = rp->sco_mtu;
731 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
732 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
733
734 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
735 hdev->sco_mtu = 64;
736 hdev->sco_pkts = 8;
1da177e4 737 }
a9de9248
MH		 738
739 hdev->acl_cnt = hdev->acl_pkts;
740 hdev->sco_cnt = hdev->sco_pkts;
741
742 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
743 hdev->acl_mtu, hdev->acl_pkts,
744 hdev->sco_mtu, hdev->sco_pkts);
745}
746
747static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
748{
749 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
750
751 BT_DBG("%s status 0x%x", hdev->name, rp->status);
752
753 if (!rp->status)
754 bacpy(&hdev->bdaddr, &rp->bdaddr);
755
23bb5763
JH		 756 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
757}
758
759static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
760{
761 __u8 status = *((__u8 *) skb->data);
762
763 BT_DBG("%s status 0x%x", hdev->name, status);
764
765 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 766}
767
928abaa7
AE		 768static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
769 struct sk_buff *skb)
770{
771 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774
775 if (rp->status)
776 return;
777
778 hdev->amp_status = rp->amp_status;
779 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
780 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
781 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
782 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
783 hdev->amp_type = rp->amp_type;
784 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
785 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
786 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
787 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
788
789 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
790}
791
b0916ea0
JH		 792static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
793 struct sk_buff *skb)
794{
795 __u8 status = *((__u8 *) skb->data);
796
797 BT_DBG("%s status 0x%x", hdev->name, status);
798
799 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
800}
801
d5859e22
JH		 802static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
803{
804 __u8 status = *((__u8 *) skb->data);
805
806 BT_DBG("%s status 0x%x", hdev->name, status);
807
808 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
809}
810
811static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
812 struct sk_buff *skb)
813{
814 __u8 status = *((__u8 *) skb->data);
815
816 BT_DBG("%s status 0x%x", hdev->name, status);
817
818 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
819}
820
821static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
822 struct sk_buff *skb)
823{
824 __u8 status = *((__u8 *) skb->data);
825
826 BT_DBG("%s status 0x%x", hdev->name, status);
827
828 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
829}
830
831static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
835 BT_DBG("%s status 0x%x", hdev->name, status);
836
837 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
838}
839
980e1a53
JH		 840static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
841{
842 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
843 struct hci_cp_pin_code_reply *cp;
844 struct hci_conn *conn;
845
846 BT_DBG("%s status 0x%x", hdev->name, rp->status);
847
56e5cb86
JH		 848 hci_dev_lock(hdev);
849
980e1a53 850 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 851 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 852
853 if (rp->status != 0)
56e5cb86 854 goto unlock;
980e1a53
JH		 855
856 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
857 if (!cp)
56e5cb86 858 goto unlock;
980e1a53
JH		 859
860 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
861 if (conn)
862 conn->pin_length = cp->pin_len;
56e5cb86
JH		 863
864unlock:
865 hci_dev_unlock(hdev);
980e1a53
JH		 866}
867
868static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
869{
870 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
871
872 BT_DBG("%s status 0x%x", hdev->name, rp->status);
873
56e5cb86
JH		 874 hci_dev_lock(hdev);
875
980e1a53 876 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 877 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 878 rp->status);
56e5cb86
JH		 879
880 hci_dev_unlock(hdev);
980e1a53 881}
56e5cb86 882
6ed58ec5
VT		 883static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
884 struct sk_buff *skb)
885{
886 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
887
888 BT_DBG("%s status 0x%x", hdev->name, rp->status);
889
890 if (rp->status)
891 return;
892
893 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
894 hdev->le_pkts = rp->le_max_pkt;
895
896 hdev->le_cnt = hdev->le_pkts;
897
898 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
899
900 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
901}
980e1a53 902
a5c29683
JH		 903static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
904{
905 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
906
907 BT_DBG("%s status 0x%x", hdev->name, rp->status);
908
56e5cb86
JH		 909 hci_dev_lock(hdev);
910
a5c29683 911 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 912 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 913 rp->status);
56e5cb86
JH		 914
915 hci_dev_unlock(hdev);
a5c29683
JH		 916}
917
918static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
919 struct sk_buff *skb)
920{
921 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
922
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
924
56e5cb86
JH		 925 hci_dev_lock(hdev);
926
a5c29683 927 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 928 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 929 rp->status);
56e5cb86
JH		 930
931 hci_dev_unlock(hdev);
a5c29683
JH		 932}
933
1143d458
BG		 934static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
935{
936 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
937
938 BT_DBG("%s status 0x%x", hdev->name, rp->status);
939
940 hci_dev_lock(hdev);
941
942 if (test_bit(HCI_MGMT, &hdev->flags))
943 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
944 rp->status);
945
946 hci_dev_unlock(hdev);
947}
948
949static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
950 struct sk_buff *skb)
951{
952 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
953
954 BT_DBG("%s status 0x%x", hdev->name, rp->status);
955
956 hci_dev_lock(hdev);
957
958 if (test_bit(HCI_MGMT, &hdev->flags))
959 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
960 rp->status);
961
962 hci_dev_unlock(hdev);
963}
964
c35938b2
SJ		 965static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
966 struct sk_buff *skb)
967{
968 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
969
970 BT_DBG("%s status 0x%x", hdev->name, rp->status);
971
56e5cb86 972 hci_dev_lock(hdev);
744cf19e 973 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 974 rp->randomizer, rp->status);
56e5cb86 975 hci_dev_unlock(hdev);
c35938b2
SJ		 976}
977
eb9d91f5
AG		 978static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
979 struct sk_buff *skb)
980{
981 struct hci_cp_le_set_scan_enable *cp;
982 __u8 status = *((__u8 *) skb->data);
983
984 BT_DBG("%s status 0x%x", hdev->name, status);
985
986 if (status)
987 return;
988
989 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
990 if (!cp)
991 return;
992
35815085
AG		 993 if (cp->enable == 0x01) {
994 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 995
996 hci_dev_lock(hdev);
eb9d91f5 997 hci_adv_entries_clear(hdev);
a8f13c8c 998 hci_dev_unlock(hdev);
35815085
AG		 999 } else if (cp->enable == 0x00) {
1000 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
1001 }
eb9d91f5
AG		 1002}
1003
a7a595f6
VCG		 1004static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1005{
1006 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1007
1008 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009
1010 if (rp->status)
1011 return;
1012
1013 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1014}
1015
1016static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1017{
1018 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1021
1022 if (rp->status)
1023 return;
1024
1025 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1026}
1027
f9b49306
AG		 1028static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1029 struct sk_buff *skb)
1030{
1031 struct hci_cp_read_local_ext_features cp;
1032 __u8 status = *((__u8 *) skb->data);
1033
1034 BT_DBG("%s status 0x%x", hdev->name, status);
1035
1036 if (status)
1037 return;
1038
1039 cp.page = 0x01;
1040 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1041}
1042
a9de9248
MH		 1043static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1044{
1045 BT_DBG("%s status 0x%x", hdev->name, status);
1046
1047 if (status) {
23bb5763 1048 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1049 hci_conn_check_pending(hdev);
56e5cb86 1050 hci_dev_lock(hdev);
164a6e78 1051 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1052 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1053 hci_dev_unlock(hdev);
314b2381
JH		 1054 return;
1055 }
1056
89352e7d
AG		 1057 set_bit(HCI_INQUIRY, &hdev->flags);
1058
56e5cb86 1059 hci_dev_lock(hdev);
744cf19e 1060 mgmt_discovering(hdev, 1);
56e5cb86 1061 hci_dev_unlock(hdev);
1da177e4
LT		 1062}
1063
1da177e4
LT		 1064static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1065{
a9de9248 1066 struct hci_cp_create_conn *cp;
1da177e4 1067 struct hci_conn *conn;
1da177e4 1068
a9de9248
MH		 1069 BT_DBG("%s status 0x%x", hdev->name, status);
1070
1071 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1072 if (!cp)
1073 return;
1074
1075 hci_dev_lock(hdev);
1076
1077 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1078
a9de9248 1079 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1080
1081 if (status) {
1082 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1083 if (status != 0x0c || conn->attempt > 2) {
1084 conn->state = BT_CLOSED;
1085 hci_proto_connect_cfm(conn, status);
1086 hci_conn_del(conn);
1087 } else
1088 conn->state = BT_CONNECT2;
1da177e4
LT		 1089 }
1090 } else {
1091 if (!conn) {
1092 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1093 if (conn) {
1094 conn->out = 1;
1095 conn->link_mode |= HCI_LM_MASTER;
1096 } else
893ef971 1097 BT_ERR("No memory for new connection");
1da177e4
LT		 1098 }
1099 }
1100
1101 hci_dev_unlock(hdev);
1102}
1103
a9de9248 1104static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1105{
a9de9248
MH		 1106 struct hci_cp_add_sco *cp;
1107 struct hci_conn *acl, *sco;
1108 __u16 handle;
1da177e4 1109
b6a0dc82
MH		 1110 BT_DBG("%s status 0x%x", hdev->name, status);
1111
a9de9248
MH		 1112 if (!status)
1113 return;
1da177e4 1114
a9de9248
MH		 1115 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1116 if (!cp)
1117 return;
1da177e4 1118
a9de9248 1119 handle = __le16_to_cpu(cp->handle);
1da177e4 1120
a9de9248 1121 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1122
a9de9248 1123 hci_dev_lock(hdev);
1da177e4 1124
a9de9248 1125 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1126 if (acl) {
1127 sco = acl->link;
1128 if (sco) {
1129 sco->state = BT_CLOSED;
1da177e4 1130
5a08ecce
AE		 1131 hci_proto_connect_cfm(sco, status);
1132 hci_conn_del(sco);
1133 }
a9de9248 1134 }
1da177e4 1135
a9de9248
MH		 1136 hci_dev_unlock(hdev);
1137}
1da177e4 1138
f8558555
MH		 1139static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1140{
1141 struct hci_cp_auth_requested *cp;
1142 struct hci_conn *conn;
1143
1144 BT_DBG("%s status 0x%x", hdev->name, status);
1145
1146 if (!status)
1147 return;
1148
1149 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1150 if (!cp)
1151 return;
1152
1153 hci_dev_lock(hdev);
1154
1155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1156 if (conn) {
1157 if (conn->state == BT_CONFIG) {
1158 hci_proto_connect_cfm(conn, status);
1159 hci_conn_put(conn);
1160 }
1161 }
1162
1163 hci_dev_unlock(hdev);
1164}
1165
1166static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1167{
1168 struct hci_cp_set_conn_encrypt *cp;
1169 struct hci_conn *conn;
1170
1171 BT_DBG("%s status 0x%x", hdev->name, status);
1172
1173 if (!status)
1174 return;
1175
1176 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1177 if (!cp)
1178 return;
1179
1180 hci_dev_lock(hdev);
1181
1182 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1183 if (conn) {
1184 if (conn->state == BT_CONFIG) {
1185 hci_proto_connect_cfm(conn, status);
1186 hci_conn_put(conn);
1187 }
1188 }
1189
1190 hci_dev_unlock(hdev);
1191}
1192
127178d2 1193static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1194 struct hci_conn *conn)
392599b9 1195{
392599b9
JH		 1196 if (conn->state != BT_CONFIG || !conn->out)
1197 return 0;
1198
765c2a96 1199 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1200 return 0;
1201
1202 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1203 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1204 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1205 conn->pending_sec_level != BT_SECURITY_HIGH &&
1206 !(conn->auth_type & 0x01))
392599b9
JH		 1207 return 0;
1208
392599b9
JH		 1209 return 1;
1210}
1211
a9de9248
MH		 1212static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1213{
127178d2
JH		 1214 struct hci_cp_remote_name_req *cp;
1215 struct hci_conn *conn;
1216
a9de9248 1217 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1218
1219 /* If successful wait for the name req complete event before
1220 * checking for the need to do authentication */
1221 if (!status)
1222 return;
1223
1224 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1225 if (!cp)
1226 return;
1227
1228 hci_dev_lock(hdev);
1229
1230 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1231 if (!conn)
1232 goto unlock;
1233
1234 if (!hci_outgoing_auth_needed(hdev, conn))
1235 goto unlock;
1236
1237 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1238 struct hci_cp_auth_requested cp;
1239 cp.handle = __cpu_to_le16(conn->handle);
1240 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1241 }
1242
79c6c70c 1243unlock:
127178d2 1244 hci_dev_unlock(hdev);
a9de9248 1245}
1da177e4 1246
769be974
MH		 1247static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1248{
1249 struct hci_cp_read_remote_features *cp;
1250 struct hci_conn *conn;
1251
1252 BT_DBG("%s status 0x%x", hdev->name, status);
1253
1254 if (!status)
1255 return;
1256
1257 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1258 if (!cp)
1259 return;
1260
1261 hci_dev_lock(hdev);
1262
1263 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1264 if (conn) {
1265 if (conn->state == BT_CONFIG) {
769be974
MH		 1266 hci_proto_connect_cfm(conn, status);
1267 hci_conn_put(conn);
1268 }
1269 }
1270
1271 hci_dev_unlock(hdev);
1272}
1273
1274static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1275{
1276 struct hci_cp_read_remote_ext_features *cp;
1277 struct hci_conn *conn;
1278
1279 BT_DBG("%s status 0x%x", hdev->name, status);
1280
1281 if (!status)
1282 return;
1283
1284 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1285 if (!cp)
1286 return;
1287
1288 hci_dev_lock(hdev);
1289
1290 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1291 if (conn) {
1292 if (conn->state == BT_CONFIG) {
769be974
MH		 1293 hci_proto_connect_cfm(conn, status);
1294 hci_conn_put(conn);
1295 }
1296 }
1297
1298 hci_dev_unlock(hdev);
1299}
1300
a9de9248
MH		 1301static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1302{
b6a0dc82
MH		 1303 struct hci_cp_setup_sync_conn *cp;
1304 struct hci_conn *acl, *sco;
1305 __u16 handle;
1306
a9de9248 1307 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1308
1309 if (!status)
1310 return;
1311
1312 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1313 if (!cp)
1314 return;
1315
1316 handle = __le16_to_cpu(cp->handle);
1317
1318 BT_DBG("%s handle %d", hdev->name, handle);
1319
1320 hci_dev_lock(hdev);
1321
1322 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1323 if (acl) {
1324 sco = acl->link;
1325 if (sco) {
1326 sco->state = BT_CLOSED;
b6a0dc82 1327
5a08ecce
AE		 1328 hci_proto_connect_cfm(sco, status);
1329 hci_conn_del(sco);
1330 }
b6a0dc82
MH		 1331 }
1332
1333 hci_dev_unlock(hdev);
1da177e4
LT		 1334}
1335
a9de9248 1336static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1337{
a9de9248
MH		 1338 struct hci_cp_sniff_mode *cp;
1339 struct hci_conn *conn;
1da177e4 1340
a9de9248 1341 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1342
a9de9248
MH		 1343 if (!status)
1344 return;
04837f64 1345
a9de9248
MH		 1346 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1347 if (!cp)
1348 return;
04837f64 1349
a9de9248 1350 hci_dev_lock(hdev);
04837f64 1351
a9de9248 1352 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1353 if (conn) {
a9de9248 1354 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1355
e73439d8
MH		 1356 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1357 hci_sco_setup(conn, status);
1358 }
1359
a9de9248
MH		 1360 hci_dev_unlock(hdev);
1361}
04837f64 1362
a9de9248
MH		 1363static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1364{
1365 struct hci_cp_exit_sniff_mode *cp;
1366 struct hci_conn *conn;
04837f64 1367
a9de9248 1368 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1369
a9de9248
MH		 1370 if (!status)
1371 return;
04837f64 1372
a9de9248
MH		 1373 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1374 if (!cp)
1375 return;
04837f64 1376
a9de9248 1377 hci_dev_lock(hdev);
1da177e4 1378
a9de9248 1379 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1380 if (conn) {
a9de9248 1381 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1382
e73439d8
MH		 1383 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1384 hci_sco_setup(conn, status);
1385 }
1386
a9de9248 1387 hci_dev_unlock(hdev);
1da177e4
LT		 1388}
1389
fcd89c09
VT		 1390static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1391{
1392 struct hci_cp_le_create_conn *cp;
1393 struct hci_conn *conn;
1394
1395 BT_DBG("%s status 0x%x", hdev->name, status);
1396
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1398 if (!cp)
1399 return;
1400
1401 hci_dev_lock(hdev);
1402
1403 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1404
1405 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1406 conn);
1407
1408 if (status) {
1409 if (conn && conn->state == BT_CONNECT) {
1410 conn->state = BT_CLOSED;
1411 hci_proto_connect_cfm(conn, status);
1412 hci_conn_del(conn);
1413 }
1414 } else {
1415 if (!conn) {
1416 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1417 if (conn) {
1418 conn->dst_type = cp->peer_addr_type;
fcd89c09 1419 conn->out = 1;
29b7988a 1420 } else {
fcd89c09 1421 BT_ERR("No memory for new connection");
29b7988a 1422 }
fcd89c09
VT		 1423 }
1424 }
1425
1426 hci_dev_unlock(hdev);
1427}
1428
a7a595f6
VCG		 1429static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1430{
1431 BT_DBG("%s status 0x%x", hdev->name, status);
1432}
1433
1da177e4
LT		 1434static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1435{
1436 __u8 status = *((__u8 *) skb->data);
1437
1438 BT_DBG("%s status %d", hdev->name, status);
1439
23bb5763 1440 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1441
a9de9248 1442 hci_conn_check_pending(hdev);
89352e7d
AG		 1443
1444 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1445 return;
1446
56e5cb86 1447 hci_dev_lock(hdev);
744cf19e 1448 mgmt_discovering(hdev, 0);
56e5cb86 1449 hci_dev_unlock(hdev);
1da177e4
LT		 1450}
1451
1da177e4
LT		 1452static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1453{
45bb4bf0 1454 struct inquiry_data data;
a9de9248 1455 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1456 int num_rsp = *((__u8 *) skb->data);
1457
1458 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1459
45bb4bf0
MH		 1460 if (!num_rsp)
1461 return;
1462
1da177e4 1463 hci_dev_lock(hdev);
45bb4bf0 1464
e17acd40 1465 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1466 bacpy(&data.bdaddr, &info->bdaddr);
1467 data.pscan_rep_mode = info->pscan_rep_mode;
1468 data.pscan_period_mode = info->pscan_period_mode;
1469 data.pscan_mode = info->pscan_mode;
1470 memcpy(data.dev_class, info->dev_class, 3);
1471 data.clock_offset = info->clock_offset;
1472 data.rssi = 0x00;
41a96212 1473 data.ssp_mode = 0x00;
1da177e4 1474 hci_inquiry_cache_update(hdev, &data);
48264f06 1475 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1476 info->dev_class, 0, NULL);
1da177e4 1477 }
45bb4bf0 1478
1da177e4
LT		 1479 hci_dev_unlock(hdev);
1480}
1481
1da177e4
LT		 1482static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1483{
a9de9248
MH		 1484 struct hci_ev_conn_complete *ev = (void *) skb->data;
1485 struct hci_conn *conn;
1da177e4
LT		 1486
1487 BT_DBG("%s", hdev->name);
1488
1489 hci_dev_lock(hdev);
1490
1491 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1492 if (!conn) {
1493 if (ev->link_type != SCO_LINK)
1494 goto unlock;
1495
1496 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1497 if (!conn)
1498 goto unlock;
1499
1500 conn->type = SCO_LINK;
1501 }
1da177e4
LT		 1502
1503 if (!ev->status) {
1504 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1505
1506 if (conn->type == ACL_LINK) {
1507 conn->state = BT_CONFIG;
1508 hci_conn_hold(conn);
052b30b0 1509 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1510 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1511 conn->dst_type);
769be974
MH		 1512 } else
1513 conn->state = BT_CONNECTED;
1da177e4 1514
9eba32b8 1515 hci_conn_hold_device(conn);
7d0db0a3
MH		 1516 hci_conn_add_sysfs(conn);
1517
1da177e4
LT		 1518 if (test_bit(HCI_AUTH, &hdev->flags))
1519 conn->link_mode |= HCI_LM_AUTH;
1520
1521 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1522 conn->link_mode |= HCI_LM_ENCRYPT;
1523
04837f64
MH		 1524 /* Get remote features */
1525 if (conn->type == ACL_LINK) {
1526 struct hci_cp_read_remote_features cp;
1527 cp.handle = ev->handle;
769be974
MH		 1528 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1529 sizeof(cp), &cp);
04837f64
MH		 1530 }
1531
1da177e4 1532 /* Set packet type for incoming connection */
a8746417 1533 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1534 struct hci_cp_change_conn_ptype cp;
1535 cp.handle = ev->handle;
a8746417
MH		 1536 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1537 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1538 sizeof(cp), &cp);
1da177e4 1539 }
17d5c04c 1540 } else {
1da177e4 1541 conn->state = BT_CLOSED;
17d5c04c 1542 if (conn->type == ACL_LINK)
744cf19e 1543 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1544 conn->dst_type, ev->status);
17d5c04c 1545 }
1da177e4 1546
e73439d8
MH		 1547 if (conn->type == ACL_LINK)
1548 hci_sco_setup(conn, ev->status);
1da177e4 1549
769be974
MH		 1550 if (ev->status) {
1551 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1552 hci_conn_del(conn);
c89b6e6b
MH		 1553 } else if (ev->link_type != ACL_LINK)
1554 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1555
a9de9248 1556unlock:
1da177e4 1557 hci_dev_unlock(hdev);
1da177e4 1558
a9de9248 1559 hci_conn_check_pending(hdev);
1da177e4
LT		 1560}
1561
a9de9248 1562static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1563{
a9de9248
MH		 1564 struct hci_ev_conn_request *ev = (void *) skb->data;
1565 int mask = hdev->link_mode;
1da177e4 1566
a9de9248
MH		 1567 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1568 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1569
a9de9248 1570 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1571
138d22ef
SJ		 1572 if ((mask & HCI_LM_ACCEPT) &&
1573 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1574 /* Connection accepted */
c7bdd502 1575 struct inquiry_entry *ie;
1da177e4 1576 struct hci_conn *conn;
1da177e4 1577
a9de9248 1578 hci_dev_lock(hdev);
b6a0dc82 1579
cc11b9c1
AE		 1580 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1581 if (ie)
c7bdd502
MH		 1582 memcpy(ie->data.dev_class, ev->dev_class, 3);
1583
a9de9248
MH		 1584 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1585 if (!conn) {
cc11b9c1
AE		 1586 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1587 if (!conn) {
893ef971 1588 BT_ERR("No memory for new connection");
a9de9248
MH		 1589 hci_dev_unlock(hdev);
1590 return;
1da177e4
LT		 1591 }
1592 }
b6a0dc82 1593
a9de9248
MH		 1594 memcpy(conn->dev_class, ev->dev_class, 3);
1595 conn->state = BT_CONNECT;
b6a0dc82 1596
a9de9248 1597 hci_dev_unlock(hdev);
1da177e4 1598
b6a0dc82
MH		 1599 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1600 struct hci_cp_accept_conn_req cp;
1da177e4 1601
b6a0dc82
MH		 1602 bacpy(&cp.bdaddr, &ev->bdaddr);
1603
1604 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1605 cp.role = 0x00; /* Become master */
1606 else
1607 cp.role = 0x01; /* Remain slave */
1608
1609 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1610 sizeof(cp), &cp);
1611 } else {
1612 struct hci_cp_accept_sync_conn_req cp;
1613
1614 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1615 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1616
1617 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1618 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1619 cp.max_latency = cpu_to_le16(0xffff);
1620 cp.content_format = cpu_to_le16(hdev->voice_setting);
1621 cp.retrans_effort = 0xff;
1da177e4 1622
b6a0dc82
MH		 1623 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1624 sizeof(cp), &cp);
1625 }
a9de9248
MH		 1626 } else {
1627 /* Connection rejected */
1628 struct hci_cp_reject_conn_req cp;
1da177e4 1629
a9de9248 1630 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1631 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1632 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1633 }
1da177e4
LT		 1634}
1635
a9de9248 1636static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1637{
a9de9248 1638 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1639 struct hci_conn *conn;
1640
1641 BT_DBG("%s status %d", hdev->name, ev->status);
1642
1643 hci_dev_lock(hdev);
1644
1645 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1646 if (!conn)
1647 goto unlock;
7d0db0a3 1648
37d9ef76
JH		 1649 if (ev->status == 0)
1650 conn->state = BT_CLOSED;
04837f64 1651
37d9ef76
JH		 1652 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1653 if (ev->status != 0)
1654 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1655 else
1656 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1657 conn->dst_type);
37d9ef76 1658 }
f7520543 1659
37d9ef76
JH		 1660 if (ev->status == 0) {
1661 hci_proto_disconn_cfm(conn, ev->reason);
1662 hci_conn_del(conn);
1663 }
f7520543
JH		 1664
1665unlock:
04837f64
MH		 1666 hci_dev_unlock(hdev);
1667}
1668
1da177e4
LT		 1669static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1670{
a9de9248 1671 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1672 struct hci_conn *conn;
1da177e4
LT		 1673
1674 BT_DBG("%s status %d", hdev->name, ev->status);
1675
1676 hci_dev_lock(hdev);
1677
04837f64 1678 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1679 if (!conn)
1680 goto unlock;
1681
1682 if (!ev->status) {
1683 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1684 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1685 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1686 } else {
d7556e20
WR		 1687 conn->link_mode |= HCI_LM_AUTH;
1688 conn->sec_level = conn->pending_sec_level;
2a611692 1689 }
d7556e20 1690 } else {
744cf19e 1691 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1692 }
1da177e4 1693
d7556e20
WR		 1694 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1695 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1696
d7556e20
WR		 1697 if (conn->state == BT_CONFIG) {
1698 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1699 struct hci_cp_set_conn_encrypt cp;
1700 cp.handle = ev->handle;
1701 cp.encrypt = 0x01;
1702 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1703 &cp);
052b30b0 1704 } else {
d7556e20
WR		 1705 conn->state = BT_CONNECTED;
1706 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1707 hci_conn_put(conn);
1708 }
d7556e20
WR		 1709 } else {
1710 hci_auth_cfm(conn, ev->status);
052b30b0 1711
d7556e20
WR		 1712 hci_conn_hold(conn);
1713 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1714 hci_conn_put(conn);
1715 }
1716
1717 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1718 if (!ev->status) {
1719 struct hci_cp_set_conn_encrypt cp;
1720 cp.handle = ev->handle;
1721 cp.encrypt = 0x01;
1722 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1723 &cp);
1724 } else {
1725 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1726 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1727 }
1728 }
1729
d7556e20 1730unlock:
1da177e4
LT		 1731 hci_dev_unlock(hdev);
1732}
1733
a9de9248 1734static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1735{
127178d2
JH		 1736 struct hci_ev_remote_name *ev = (void *) skb->data;
1737 struct hci_conn *conn;
1738
a9de9248 1739 BT_DBG("%s", hdev->name);
1da177e4 1740
a9de9248 1741 hci_conn_check_pending(hdev);
127178d2
JH		 1742
1743 hci_dev_lock(hdev);
1744
a88a9652 1745 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1746 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1747
127178d2 1748 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1749 if (!conn)
1750 goto unlock;
1751
1752 if (!hci_outgoing_auth_needed(hdev, conn))
1753 goto unlock;
1754
1755 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1756 struct hci_cp_auth_requested cp;
1757 cp.handle = __cpu_to_le16(conn->handle);
1758 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1759 }
1760
79c6c70c 1761unlock:
127178d2 1762 hci_dev_unlock(hdev);
a9de9248
MH		 1763}
1764
1765static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1766{
1767 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1768 struct hci_conn *conn;
1769
1770 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1771
1772 hci_dev_lock(hdev);
1773
04837f64 1774 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1775 if (conn) {
1776 if (!ev->status) {
ae293196
MH		 1777 if (ev->encrypt) {
1778 /* Encryption implies authentication */
1779 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1780 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1781 conn->sec_level = conn->pending_sec_level;
ae293196 1782 } else
1da177e4
LT		 1783 conn->link_mode &= ~HCI_LM_ENCRYPT;
1784 }
1785
1786 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1787
f8558555
MH		 1788 if (conn->state == BT_CONFIG) {
1789 if (!ev->status)
1790 conn->state = BT_CONNECTED;
1791
1792 hci_proto_connect_cfm(conn, ev->status);
1793 hci_conn_put(conn);
1794 } else
1795 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1796 }
1797
1798 hci_dev_unlock(hdev);
1799}
1800
a9de9248 1801static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1802{
a9de9248 1803 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1804 struct hci_conn *conn;
1da177e4
LT		 1805
1806 BT_DBG("%s status %d", hdev->name, ev->status);
1807
1808 hci_dev_lock(hdev);
1809
04837f64 1810 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1811 if (conn) {
1812 if (!ev->status)
1813 conn->link_mode |= HCI_LM_SECURE;
1814
1815 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1816
1817 hci_key_change_cfm(conn, ev->status);
1818 }
1819
1820 hci_dev_unlock(hdev);
1821}
1822
a9de9248 1823static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1824{
a9de9248
MH		 1825 struct hci_ev_remote_features *ev = (void *) skb->data;
1826 struct hci_conn *conn;
1827
1828 BT_DBG("%s status %d", hdev->name, ev->status);
1829
a9de9248
MH		 1830 hci_dev_lock(hdev);
1831
1832 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1833 if (!conn)
1834 goto unlock;
769be974 1835
ccd556fe
JH		 1836 if (!ev->status)
1837 memcpy(conn->features, ev->features, 8);
1838
1839 if (conn->state != BT_CONFIG)
1840 goto unlock;
1841
1842 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1843 struct hci_cp_read_remote_ext_features cp;
1844 cp.handle = ev->handle;
1845 cp.page = 0x01;
1846 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1847 sizeof(cp), &cp);
392599b9
JH		 1848 goto unlock;
1849 }
1850
127178d2
JH		 1851 if (!ev->status) {
1852 struct hci_cp_remote_name_req cp;
1853 memset(&cp, 0, sizeof(cp));
1854 bacpy(&cp.bdaddr, &conn->dst);
1855 cp.pscan_rep_mode = 0x02;
1856 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1857 }
392599b9 1858
127178d2 1859 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1860 conn->state = BT_CONNECTED;
1861 hci_proto_connect_cfm(conn, ev->status);
1862 hci_conn_put(conn);
769be974 1863 }
a9de9248 1864
ccd556fe 1865unlock:
a9de9248 1866 hci_dev_unlock(hdev);
1da177e4
LT		 1867}
1868
a9de9248 1869static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1870{
a9de9248 1871 BT_DBG("%s", hdev->name);
1da177e4
LT		 1872}
1873
a9de9248 1874static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1875{
a9de9248 1876 BT_DBG("%s", hdev->name);
1da177e4
LT		 1877}
1878
a9de9248
MH		 1879static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1880{
1881 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1882 __u16 opcode;
1883
1884 skb_pull(skb, sizeof(*ev));
1885
1886 opcode = __le16_to_cpu(ev->opcode);
1887
1888 switch (opcode) {
1889 case HCI_OP_INQUIRY_CANCEL:
1890 hci_cc_inquiry_cancel(hdev, skb);
1891 break;
1892
1893 case HCI_OP_EXIT_PERIODIC_INQ:
1894 hci_cc_exit_periodic_inq(hdev, skb);
1895 break;
1896
1897 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1898 hci_cc_remote_name_req_cancel(hdev, skb);
1899 break;
1900
1901 case HCI_OP_ROLE_DISCOVERY:
1902 hci_cc_role_discovery(hdev, skb);
1903 break;
1904
e4e8e37c
MH		 1905 case HCI_OP_READ_LINK_POLICY:
1906 hci_cc_read_link_policy(hdev, skb);
1907 break;
1908
a9de9248
MH		 1909 case HCI_OP_WRITE_LINK_POLICY:
1910 hci_cc_write_link_policy(hdev, skb);
1911 break;
1912
e4e8e37c
MH		 1913 case HCI_OP_READ_DEF_LINK_POLICY:
1914 hci_cc_read_def_link_policy(hdev, skb);
1915 break;
1916
1917 case HCI_OP_WRITE_DEF_LINK_POLICY:
1918 hci_cc_write_def_link_policy(hdev, skb);
1919 break;
1920
a9de9248
MH		 1921 case HCI_OP_RESET:
1922 hci_cc_reset(hdev, skb);
1923 break;
1924
1925 case HCI_OP_WRITE_LOCAL_NAME:
1926 hci_cc_write_local_name(hdev, skb);
1927 break;
1928
1929 case HCI_OP_READ_LOCAL_NAME:
1930 hci_cc_read_local_name(hdev, skb);
1931 break;
1932
1933 case HCI_OP_WRITE_AUTH_ENABLE:
1934 hci_cc_write_auth_enable(hdev, skb);
1935 break;
1936
1937 case HCI_OP_WRITE_ENCRYPT_MODE:
1938 hci_cc_write_encrypt_mode(hdev, skb);
1939 break;
1940
1941 case HCI_OP_WRITE_SCAN_ENABLE:
1942 hci_cc_write_scan_enable(hdev, skb);
1943 break;
1944
1945 case HCI_OP_READ_CLASS_OF_DEV:
1946 hci_cc_read_class_of_dev(hdev, skb);
1947 break;
1948
1949 case HCI_OP_WRITE_CLASS_OF_DEV:
1950 hci_cc_write_class_of_dev(hdev, skb);
1951 break;
1952
1953 case HCI_OP_READ_VOICE_SETTING:
1954 hci_cc_read_voice_setting(hdev, skb);
1955 break;
1956
1957 case HCI_OP_WRITE_VOICE_SETTING:
1958 hci_cc_write_voice_setting(hdev, skb);
1959 break;
1960
1961 case HCI_OP_HOST_BUFFER_SIZE:
1962 hci_cc_host_buffer_size(hdev, skb);
1963 break;
1964
333140b5
MH		 1965 case HCI_OP_READ_SSP_MODE:
1966 hci_cc_read_ssp_mode(hdev, skb);
1967 break;
1968
1969 case HCI_OP_WRITE_SSP_MODE:
1970 hci_cc_write_ssp_mode(hdev, skb);
1971 break;
1972
a9de9248
MH		 1973 case HCI_OP_READ_LOCAL_VERSION:
1974 hci_cc_read_local_version(hdev, skb);
1975 break;
1976
1977 case HCI_OP_READ_LOCAL_COMMANDS:
1978 hci_cc_read_local_commands(hdev, skb);
1979 break;
1980
1981 case HCI_OP_READ_LOCAL_FEATURES:
1982 hci_cc_read_local_features(hdev, skb);
1983 break;
1984
971e3a4b
AG		 1985 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1986 hci_cc_read_local_ext_features(hdev, skb);
1987 break;
1988
a9de9248
MH		 1989 case HCI_OP_READ_BUFFER_SIZE:
1990 hci_cc_read_buffer_size(hdev, skb);
1991 break;
1992
1993 case HCI_OP_READ_BD_ADDR:
1994 hci_cc_read_bd_addr(hdev, skb);
1995 break;
1996
23bb5763
JH		 1997 case HCI_OP_WRITE_CA_TIMEOUT:
1998 hci_cc_write_ca_timeout(hdev, skb);
1999 break;
2000
928abaa7
AE		 2001 case HCI_OP_READ_LOCAL_AMP_INFO:
2002 hci_cc_read_local_amp_info(hdev, skb);
2003 break;
2004
b0916ea0
JH		 2005 case HCI_OP_DELETE_STORED_LINK_KEY:
2006 hci_cc_delete_stored_link_key(hdev, skb);
2007 break;
2008
d5859e22
JH		 2009 case HCI_OP_SET_EVENT_MASK:
2010 hci_cc_set_event_mask(hdev, skb);
2011 break;
2012
2013 case HCI_OP_WRITE_INQUIRY_MODE:
2014 hci_cc_write_inquiry_mode(hdev, skb);
2015 break;
2016
2017 case HCI_OP_READ_INQ_RSP_TX_POWER:
2018 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2019 break;
2020
2021 case HCI_OP_SET_EVENT_FLT:
2022 hci_cc_set_event_flt(hdev, skb);
2023 break;
2024
980e1a53
JH		 2025 case HCI_OP_PIN_CODE_REPLY:
2026 hci_cc_pin_code_reply(hdev, skb);
2027 break;
2028
2029 case HCI_OP_PIN_CODE_NEG_REPLY:
2030 hci_cc_pin_code_neg_reply(hdev, skb);
2031 break;
2032
c35938b2
SJ		 2033 case HCI_OP_READ_LOCAL_OOB_DATA:
2034 hci_cc_read_local_oob_data_reply(hdev, skb);
2035 break;
2036
6ed58ec5
VT		 2037 case HCI_OP_LE_READ_BUFFER_SIZE:
2038 hci_cc_le_read_buffer_size(hdev, skb);
2039 break;
2040
a5c29683
JH		 2041 case HCI_OP_USER_CONFIRM_REPLY:
2042 hci_cc_user_confirm_reply(hdev, skb);
2043 break;
2044
2045 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2046 hci_cc_user_confirm_neg_reply(hdev, skb);
2047 break;
2048
1143d458
BG		 2049 case HCI_OP_USER_PASSKEY_REPLY:
2050 hci_cc_user_passkey_reply(hdev, skb);
2051 break;
2052
2053 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2054 hci_cc_user_passkey_neg_reply(hdev, skb);
2055 break;
2056
eb9d91f5
AG		 2057 case HCI_OP_LE_SET_SCAN_ENABLE:
2058 hci_cc_le_set_scan_enable(hdev, skb);
2059 break;
2060
a7a595f6
VCG		 2061 case HCI_OP_LE_LTK_REPLY:
2062 hci_cc_le_ltk_reply(hdev, skb);
2063 break;
2064
2065 case HCI_OP_LE_LTK_NEG_REPLY:
2066 hci_cc_le_ltk_neg_reply(hdev, skb);
2067 break;
2068
f9b49306
AG		 2069 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2070 hci_cc_write_le_host_supported(hdev, skb);
2071 break;
2072
a9de9248
MH		 2073 default:
2074 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2075 break;
2076 }
2077
6bd32326
VT		 2078 if (ev->opcode != HCI_OP_NOP)
2079 del_timer(&hdev->cmd_timer);
2080
a9de9248
MH		 2081 if (ev->ncmd) {
2082 atomic_set(&hdev->cmd_cnt, 1);
2083 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2084 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2085 }
2086}
2087
2088static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2089{
2090 struct hci_ev_cmd_status *ev = (void *) skb->data;
2091 __u16 opcode;
2092
2093 skb_pull(skb, sizeof(*ev));
2094
2095 opcode = __le16_to_cpu(ev->opcode);
2096
2097 switch (opcode) {
2098 case HCI_OP_INQUIRY:
2099 hci_cs_inquiry(hdev, ev->status);
2100 break;
2101
2102 case HCI_OP_CREATE_CONN:
2103 hci_cs_create_conn(hdev, ev->status);
2104 break;
2105
2106 case HCI_OP_ADD_SCO:
2107 hci_cs_add_sco(hdev, ev->status);
2108 break;
2109
f8558555
MH		 2110 case HCI_OP_AUTH_REQUESTED:
2111 hci_cs_auth_requested(hdev, ev->status);
2112 break;
2113
2114 case HCI_OP_SET_CONN_ENCRYPT:
2115 hci_cs_set_conn_encrypt(hdev, ev->status);
2116 break;
2117
a9de9248
MH		 2118 case HCI_OP_REMOTE_NAME_REQ:
2119 hci_cs_remote_name_req(hdev, ev->status);
2120 break;
2121
769be974
MH		 2122 case HCI_OP_READ_REMOTE_FEATURES:
2123 hci_cs_read_remote_features(hdev, ev->status);
2124 break;
2125
2126 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2127 hci_cs_read_remote_ext_features(hdev, ev->status);
2128 break;
2129
a9de9248
MH		 2130 case HCI_OP_SETUP_SYNC_CONN:
2131 hci_cs_setup_sync_conn(hdev, ev->status);
2132 break;
2133
2134 case HCI_OP_SNIFF_MODE:
2135 hci_cs_sniff_mode(hdev, ev->status);
2136 break;
2137
2138 case HCI_OP_EXIT_SNIFF_MODE:
2139 hci_cs_exit_sniff_mode(hdev, ev->status);
2140 break;
2141
8962ee74
JH		 2142 case HCI_OP_DISCONNECT:
2143 if (ev->status != 0)
37d9ef76 2144 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2145 break;
2146
fcd89c09
VT		 2147 case HCI_OP_LE_CREATE_CONN:
2148 hci_cs_le_create_conn(hdev, ev->status);
2149 break;
2150
a7a595f6
VCG		 2151 case HCI_OP_LE_START_ENC:
2152 hci_cs_le_start_enc(hdev, ev->status);
2153 break;
2154
a9de9248
MH		 2155 default:
2156 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2157 break;
2158 }
2159
6bd32326
VT		 2160 if (ev->opcode != HCI_OP_NOP)
2161 del_timer(&hdev->cmd_timer);
2162
10572132 2163 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2164 atomic_set(&hdev->cmd_cnt, 1);
2165 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2166 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2167 }
2168}
2169
2170static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2171{
2172 struct hci_ev_role_change *ev = (void *) skb->data;
2173 struct hci_conn *conn;
2174
2175 BT_DBG("%s status %d", hdev->name, ev->status);
2176
2177 hci_dev_lock(hdev);
2178
2179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2180 if (conn) {
2181 if (!ev->status) {
2182 if (ev->role)
2183 conn->link_mode &= ~HCI_LM_MASTER;
2184 else
2185 conn->link_mode |= HCI_LM_MASTER;
2186 }
2187
2188 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2189
2190 hci_role_switch_cfm(conn, ev->status, ev->role);
2191 }
2192
2193 hci_dev_unlock(hdev);
2194}
2195
2196static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2197{
2198 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2199 __le16 *ptr;
2200 int i;
2201
2202 skb_pull(skb, sizeof(*ev));
2203
2204 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2205
2206 if (skb->len < ev->num_hndl * 4) {
2207 BT_DBG("%s bad parameters", hdev->name);
2208 return;
2209 }
2210
2211 tasklet_disable(&hdev->tx_task);
2212
2213 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2214 struct hci_conn *conn;
2215 __u16 handle, count;
2216
83985319
HH		 2217 handle = get_unaligned_le16(ptr++);
2218 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2219
2220 conn = hci_conn_hash_lookup_handle(hdev, handle);
2221 if (conn) {
2222 conn->sent -= count;
2223
2224 if (conn->type == ACL_LINK) {
70f23020
AE		 2225 hdev->acl_cnt += count;
2226 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2227 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2228 } else if (conn->type == LE_LINK) {
2229 if (hdev->le_pkts) {
2230 hdev->le_cnt += count;
2231 if (hdev->le_cnt > hdev->le_pkts)
2232 hdev->le_cnt = hdev->le_pkts;
2233 } else {
2234 hdev->acl_cnt += count;
2235 if (hdev->acl_cnt > hdev->acl_pkts)
2236 hdev->acl_cnt = hdev->acl_pkts;
2237 }
a9de9248 2238 } else {
70f23020
AE		 2239 hdev->sco_cnt += count;
2240 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2241 hdev->sco_cnt = hdev->sco_pkts;
2242 }
2243 }
2244 }
2245
c78ae283 2246 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2247
2248 tasklet_enable(&hdev->tx_task);
2249}
2250
2251static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2252{
a9de9248 2253 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2254 struct hci_conn *conn;
2255
2256 BT_DBG("%s status %d", hdev->name, ev->status);
2257
2258 hci_dev_lock(hdev);
2259
2260 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2261 if (conn) {
2262 conn->mode = ev->mode;
2263 conn->interval = __le16_to_cpu(ev->interval);
2264
2265 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2266 if (conn->mode == HCI_CM_ACTIVE)
2267 conn->power_save = 1;
2268 else
2269 conn->power_save = 0;
2270 }
e73439d8
MH		 2271
2272 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2273 hci_sco_setup(conn, ev->status);
04837f64
MH		 2274 }
2275
2276 hci_dev_unlock(hdev);
2277}
2278
a9de9248
MH		 2279static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2280{
052b30b0
MH		 2281 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2282 struct hci_conn *conn;
2283
a9de9248 2284 BT_DBG("%s", hdev->name);
052b30b0
MH		 2285
2286 hci_dev_lock(hdev);
2287
2288 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2289 if (!conn)
2290 goto unlock;
2291
2292 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2293 hci_conn_hold(conn);
2294 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2295 hci_conn_put(conn);
2296 }
2297
03b555e1
JH		 2298 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2299 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2300 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2301 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2302 u8 secure;
2303
2304 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2305 secure = 1;
2306 else
2307 secure = 0;
2308
744cf19e 2309 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2310 }
980e1a53 2311
b6f98044 2312unlock:
052b30b0 2313 hci_dev_unlock(hdev);
a9de9248
MH		 2314}
2315
2316static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2317{
55ed8ca1
JH		 2318 struct hci_ev_link_key_req *ev = (void *) skb->data;
2319 struct hci_cp_link_key_reply cp;
2320 struct hci_conn *conn;
2321 struct link_key *key;
2322
a9de9248 2323 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2324
2325 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2326 return;
2327
2328 hci_dev_lock(hdev);
2329
2330 key = hci_find_link_key(hdev, &ev->bdaddr);
2331 if (!key) {
2332 BT_DBG("%s link key not found for %s", hdev->name,
2333 batostr(&ev->bdaddr));
2334 goto not_found;
2335 }
2336
2337 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2338 batostr(&ev->bdaddr));
2339
b6020ba0
WR		 2340 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2341 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2342 BT_DBG("%s ignoring debug key", hdev->name);
2343 goto not_found;
2344 }
2345
2346 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2347 if (conn) {
2348 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2349 conn->auth_type != 0xff &&
2350 (conn->auth_type & 0x01)) {
2351 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2352 goto not_found;
2353 }
55ed8ca1 2354
60b83f57
WR		 2355 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2356 conn->pending_sec_level == BT_SECURITY_HIGH) {
2357 BT_DBG("%s ignoring key unauthenticated for high \
2358 security", hdev->name);
2359 goto not_found;
2360 }
2361
2362 conn->key_type = key->type;
2363 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2364 }
2365
2366 bacpy(&cp.bdaddr, &ev->bdaddr);
2367 memcpy(cp.link_key, key->val, 16);
2368
2369 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2370
2371 hci_dev_unlock(hdev);
2372
2373 return;
2374
2375not_found:
2376 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2377 hci_dev_unlock(hdev);
a9de9248
MH		 2378}
2379
2380static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2381{
052b30b0
MH		 2382 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2383 struct hci_conn *conn;
55ed8ca1 2384 u8 pin_len = 0;
052b30b0 2385
a9de9248 2386 BT_DBG("%s", hdev->name);
052b30b0
MH		 2387
2388 hci_dev_lock(hdev);
2389
2390 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2391 if (conn) {
2392 hci_conn_hold(conn);
2393 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2394 pin_len = conn->pin_length;
13d39315
WR		 2395
2396 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2397 conn->key_type = ev->key_type;
2398
052b30b0
MH		 2399 hci_conn_put(conn);
2400 }
2401
55ed8ca1 2402 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2403 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2404 ev->key_type, pin_len);
2405
052b30b0 2406 hci_dev_unlock(hdev);
a9de9248
MH		 2407}
2408
1da177e4
LT		 2409static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2410{
a9de9248 2411 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2412 struct hci_conn *conn;
1da177e4
LT		 2413
2414 BT_DBG("%s status %d", hdev->name, ev->status);
2415
2416 hci_dev_lock(hdev);
2417
04837f64 2418 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2419 if (conn && !ev->status) {
2420 struct inquiry_entry *ie;
2421
cc11b9c1
AE		 2422 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2423 if (ie) {
1da177e4
LT		 2424 ie->data.clock_offset = ev->clock_offset;
2425 ie->timestamp = jiffies;
2426 }
2427 }
2428
2429 hci_dev_unlock(hdev);
2430}
2431
a8746417
MH		 2432static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2433{
2434 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2435 struct hci_conn *conn;
2436
2437 BT_DBG("%s status %d", hdev->name, ev->status);
2438
2439 hci_dev_lock(hdev);
2440
2441 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2442 if (conn && !ev->status)
2443 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2444
2445 hci_dev_unlock(hdev);
2446}
2447
85a1e930
MH		 2448static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2449{
a9de9248 2450 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2451 struct inquiry_entry *ie;
2452
2453 BT_DBG("%s", hdev->name);
2454
2455 hci_dev_lock(hdev);
2456
cc11b9c1
AE		 2457 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2458 if (ie) {
85a1e930
MH		 2459 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2460 ie->timestamp = jiffies;
2461 }
2462
2463 hci_dev_unlock(hdev);
2464}
2465
a9de9248
MH		 2466static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2467{
2468 struct inquiry_data data;
2469 int num_rsp = *((__u8 *) skb->data);
2470
2471 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2472
2473 if (!num_rsp)
2474 return;
2475
2476 hci_dev_lock(hdev);
2477
2478 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2479 struct inquiry_info_with_rssi_and_pscan_mode *info;
2480 info = (void *) (skb->data + 1);
a9de9248 2481
e17acd40 2482 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2483 bacpy(&data.bdaddr, &info->bdaddr);
2484 data.pscan_rep_mode = info->pscan_rep_mode;
2485 data.pscan_period_mode = info->pscan_period_mode;
2486 data.pscan_mode = info->pscan_mode;
2487 memcpy(data.dev_class, info->dev_class, 3);
2488 data.clock_offset = info->clock_offset;
2489 data.rssi = info->rssi;
41a96212 2490 data.ssp_mode = 0x00;
a9de9248 2491 hci_inquiry_cache_update(hdev, &data);
48264f06 2492 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2493 info->dev_class, info->rssi,
2494 NULL);
a9de9248
MH		 2495 }
2496 } else {
2497 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2498
e17acd40 2499 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2500 bacpy(&data.bdaddr, &info->bdaddr);
2501 data.pscan_rep_mode = info->pscan_rep_mode;
2502 data.pscan_period_mode = info->pscan_period_mode;
2503 data.pscan_mode = 0x00;
2504 memcpy(data.dev_class, info->dev_class, 3);
2505 data.clock_offset = info->clock_offset;
2506 data.rssi = info->rssi;
41a96212 2507 data.ssp_mode = 0x00;
a9de9248 2508 hci_inquiry_cache_update(hdev, &data);
48264f06 2509 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2510 info->dev_class, info->rssi,
2511 NULL);
a9de9248
MH		 2512 }
2513 }
2514
2515 hci_dev_unlock(hdev);
2516}
2517
2518static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2519{
41a96212
MH		 2520 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2521 struct hci_conn *conn;
2522
a9de9248 2523 BT_DBG("%s", hdev->name);
41a96212 2524
41a96212
MH		 2525 hci_dev_lock(hdev);
2526
2527 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2528 if (!conn)
2529 goto unlock;
41a96212 2530
ccd556fe
JH		 2531 if (!ev->status && ev->page == 0x01) {
2532 struct inquiry_entry *ie;
41a96212 2533
cc11b9c1
AE		 2534 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2535 if (ie)
ccd556fe 2536 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2537
ccd556fe
JH		 2538 conn->ssp_mode = (ev->features[0] & 0x01);
2539 }
2540
2541 if (conn->state != BT_CONFIG)
2542 goto unlock;
2543
127178d2
JH		 2544 if (!ev->status) {
2545 struct hci_cp_remote_name_req cp;
2546 memset(&cp, 0, sizeof(cp));
2547 bacpy(&cp.bdaddr, &conn->dst);
2548 cp.pscan_rep_mode = 0x02;
2549 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2550 }
392599b9 2551
127178d2 2552 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2553 conn->state = BT_CONNECTED;
2554 hci_proto_connect_cfm(conn, ev->status);
2555 hci_conn_put(conn);
41a96212
MH		 2556 }
2557
ccd556fe 2558unlock:
41a96212 2559 hci_dev_unlock(hdev);
a9de9248
MH		 2560}
2561
2562static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2563{
b6a0dc82
MH		 2564 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2565 struct hci_conn *conn;
2566
2567 BT_DBG("%s status %d", hdev->name, ev->status);
2568
2569 hci_dev_lock(hdev);
2570
2571 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2572 if (!conn) {
2573 if (ev->link_type == ESCO_LINK)
2574 goto unlock;
2575
2576 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2577 if (!conn)
2578 goto unlock;
2579
2580 conn->type = SCO_LINK;
2581 }
b6a0dc82 2582
732547f9
MH		 2583 switch (ev->status) {
2584 case 0x00:
b6a0dc82
MH		 2585 conn->handle = __le16_to_cpu(ev->handle);
2586 conn->state = BT_CONNECTED;
7d0db0a3 2587
9eba32b8 2588 hci_conn_hold_device(conn);
7d0db0a3 2589 hci_conn_add_sysfs(conn);
732547f9
MH		 2590 break;
2591
705e5711 2592 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2593 case 0x1c: /* SCO interval rejected */
1038a00b 2594 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2595 case 0x1f: /* Unspecified error */
2596 if (conn->out && conn->attempt < 2) {
2597 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2598 (hdev->esco_type & EDR_ESCO_MASK);
2599 hci_setup_sync(conn, conn->link->handle);
2600 goto unlock;
2601 }
2602 /* fall through */
2603
2604 default:
b6a0dc82 2605 conn->state = BT_CLOSED;
732547f9
MH		 2606 break;
2607 }
b6a0dc82
MH		 2608
2609 hci_proto_connect_cfm(conn, ev->status);
2610 if (ev->status)
2611 hci_conn_del(conn);
2612
2613unlock:
2614 hci_dev_unlock(hdev);
a9de9248
MH		 2615}
2616
2617static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2618{
2619 BT_DBG("%s", hdev->name);
2620}
2621
04837f64
MH		 2622static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2623{
a9de9248 2624 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2625
2626 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2627}
2628
a9de9248 2629static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2630{
a9de9248
MH		 2631 struct inquiry_data data;
2632 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2633 int num_rsp = *((__u8 *) skb->data);
1da177e4 2634
a9de9248 2635 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2636
a9de9248
MH		 2637 if (!num_rsp)
2638 return;
1da177e4 2639
a9de9248
MH		 2640 hci_dev_lock(hdev);
2641
e17acd40 2642 for (; num_rsp; num_rsp--, info++) {
a9de9248 2643 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2644 data.pscan_rep_mode = info->pscan_rep_mode;
2645 data.pscan_period_mode = info->pscan_period_mode;
2646 data.pscan_mode = 0x00;
a9de9248 2647 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2648 data.clock_offset = info->clock_offset;
2649 data.rssi = info->rssi;
41a96212 2650 data.ssp_mode = 0x01;
a9de9248 2651 hci_inquiry_cache_update(hdev, &data);
48264f06 2652 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2653 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2654 }
2655
2656 hci_dev_unlock(hdev);
2657}
1da177e4 2658
17fa4b9d
JH		 2659static inline u8 hci_get_auth_req(struct hci_conn *conn)
2660{
2661 /* If remote requests dedicated bonding follow that lead */
2662 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2663 /* If both remote and local IO capabilities allow MITM
2664 * protection then require it, otherwise don't */
2665 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2666 return 0x02;
2667 else
2668 return 0x03;
2669 }
2670
2671 /* If remote requests no-bonding follow that lead */
2672 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2673 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2674
2675 return conn->auth_type;
2676}
2677
0493684e
MH		 2678static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2679{
2680 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2681 struct hci_conn *conn;
2682
2683 BT_DBG("%s", hdev->name);
2684
2685 hci_dev_lock(hdev);
2686
2687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2688 if (!conn)
2689 goto unlock;
2690
2691 hci_conn_hold(conn);
2692
2693 if (!test_bit(HCI_MGMT, &hdev->flags))
2694 goto unlock;
2695
2696 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2697 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2698 struct hci_cp_io_capability_reply cp;
2699
2700 bacpy(&cp.bdaddr, &ev->bdaddr);
2701 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2702 conn->auth_type = hci_get_auth_req(conn);
2703 cp.authentication = conn->auth_type;
17fa4b9d 2704
ce85ee13
SJ		 2705 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2706 hci_find_remote_oob_data(hdev, &conn->dst))
2707 cp.oob_data = 0x01;
2708 else
2709 cp.oob_data = 0x00;
2710
17fa4b9d
JH		 2711 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2712 sizeof(cp), &cp);
03b555e1
JH		 2713 } else {
2714 struct hci_cp_io_capability_neg_reply cp;
2715
2716 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2717 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2718
03b555e1
JH		 2719 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2720 sizeof(cp), &cp);
2721 }
2722
2723unlock:
2724 hci_dev_unlock(hdev);
2725}
2726
2727static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2728{
2729 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2730 struct hci_conn *conn;
2731
2732 BT_DBG("%s", hdev->name);
2733
2734 hci_dev_lock(hdev);
2735
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2737 if (!conn)
2738 goto unlock;
2739
03b555e1
JH		 2740 conn->remote_cap = ev->capability;
2741 conn->remote_oob = ev->oob_data;
2742 conn->remote_auth = ev->authentication;
2743
2744unlock:
0493684e
MH		 2745 hci_dev_unlock(hdev);
2746}
2747
a5c29683
JH		 2748static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2749 struct sk_buff *skb)
2750{
2751 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2752 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2753 struct hci_conn *conn;
a5c29683
JH		 2754
2755 BT_DBG("%s", hdev->name);
2756
2757 hci_dev_lock(hdev);
2758
7a828908
JH		 2759 if (!test_bit(HCI_MGMT, &hdev->flags))
2760 goto unlock;
a5c29683 2761
7a828908
JH		 2762 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2763 if (!conn)
2764 goto unlock;
2765
2766 loc_mitm = (conn->auth_type & 0x01);
2767 rem_mitm = (conn->remote_auth & 0x01);
2768
2769 /* If we require MITM but the remote device can't provide that
2770 * (it has NoInputNoOutput) then reject the confirmation
2771 * request. The only exception is when we're dedicated bonding
2772 * initiators (connect_cfm_cb set) since then we always have the MITM
2773 * bit set. */
2774 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2775 BT_DBG("Rejecting request: remote device can't provide MITM");
2776 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2777 sizeof(ev->bdaddr), &ev->bdaddr);
2778 goto unlock;
2779 }
2780
2781 /* If no side requires MITM protection; auto-accept */
2782 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2783 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2784
2785 /* If we're not the initiators request authorization to
2786 * proceed from user space (mgmt_user_confirm with
2787 * confirm_hint set to 1). */
2788 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2789 BT_DBG("Confirming auto-accept as acceptor");
2790 confirm_hint = 1;
2791 goto confirm;
2792 }
2793
9f61656a
JH		 2794 BT_DBG("Auto-accept of user confirmation with %ums delay",
2795 hdev->auto_accept_delay);
2796
2797 if (hdev->auto_accept_delay > 0) {
2798 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2799 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2800 goto unlock;
2801 }
2802
7a828908
JH		 2803 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2804 sizeof(ev->bdaddr), &ev->bdaddr);
2805 goto unlock;
2806 }
2807
55bc1a37 2808confirm:
744cf19e 2809 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2810 confirm_hint);
7a828908
JH		 2811
2812unlock:
a5c29683
JH		 2813 hci_dev_unlock(hdev);
2814}
2815
1143d458
BG		 2816static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2817 struct sk_buff *skb)
2818{
2819 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2820
2821 BT_DBG("%s", hdev->name);
2822
2823 hci_dev_lock(hdev);
2824
2825 if (test_bit(HCI_MGMT, &hdev->flags))
2826 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2827
2828 hci_dev_unlock(hdev);
2829}
2830
0493684e
MH		 2831static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2832{
2833 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2834 struct hci_conn *conn;
2835
2836 BT_DBG("%s", hdev->name);
2837
2838 hci_dev_lock(hdev);
2839
2840 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2841 if (!conn)
2842 goto unlock;
2843
2844 /* To avoid duplicate auth_failed events to user space we check
2845 * the HCI_CONN_AUTH_PEND flag which will be set if we
2846 * initiated the authentication. A traditional auth_complete
2847 * event gets always produced as initiator and is also mapped to
2848 * the mgmt_auth_failed event */
2849 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2850 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2851
2a611692
JH		 2852 hci_conn_put(conn);
2853
2854unlock:
0493684e
MH		 2855 hci_dev_unlock(hdev);
2856}
2857
41a96212
MH		 2858static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2859{
2860 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2861 struct inquiry_entry *ie;
2862
2863 BT_DBG("%s", hdev->name);
2864
2865 hci_dev_lock(hdev);
2866
cc11b9c1
AE		 2867 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2868 if (ie)
41a96212
MH		 2869 ie->data.ssp_mode = (ev->features[0] & 0x01);
2870
2871 hci_dev_unlock(hdev);
2872}
2873
2763eda6
SJ		 2874static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2875 struct sk_buff *skb)
2876{
2877 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2878 struct oob_data *data;
2879
2880 BT_DBG("%s", hdev->name);
2881
2882 hci_dev_lock(hdev);
2883
e1ba1f15
SJ		 2884 if (!test_bit(HCI_MGMT, &hdev->flags))
2885 goto unlock;
2886
2763eda6
SJ		 2887 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2888 if (data) {
2889 struct hci_cp_remote_oob_data_reply cp;
2890
2891 bacpy(&cp.bdaddr, &ev->bdaddr);
2892 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2893 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2894
2895 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2896 &cp);
2897 } else {
2898 struct hci_cp_remote_oob_data_neg_reply cp;
2899
2900 bacpy(&cp.bdaddr, &ev->bdaddr);
2901 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2902 &cp);
2903 }
2904
e1ba1f15 2905unlock:
2763eda6
SJ		 2906 hci_dev_unlock(hdev);
2907}
2908
fcd89c09
VT		 2909static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2910{
2911 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2912 struct hci_conn *conn;
2913
2914 BT_DBG("%s status %d", hdev->name, ev->status);
2915
2916 hci_dev_lock(hdev);
2917
2918 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2919 if (!conn) {
2920 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2921 if (!conn) {
2922 BT_ERR("No memory for new connection");
2923 hci_dev_unlock(hdev);
2924 return;
2925 }
29b7988a
AG		 2926
2927 conn->dst_type = ev->bdaddr_type;
b62f328b 2928 }
fcd89c09
VT		 2929
2930 if (ev->status) {
48264f06
JH		 2931 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2932 conn->dst_type, ev->status);
fcd89c09
VT		 2933 hci_proto_connect_cfm(conn, ev->status);
2934 conn->state = BT_CLOSED;
2935 hci_conn_del(conn);
2936 goto unlock;
2937 }
2938
48264f06 2939 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 2940
7b5c0d52 2941 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2942 conn->handle = __le16_to_cpu(ev->handle);
2943 conn->state = BT_CONNECTED;
2944
2945 hci_conn_hold_device(conn);
2946 hci_conn_add_sysfs(conn);
2947
2948 hci_proto_connect_cfm(conn, ev->status);
2949
2950unlock:
2951 hci_dev_unlock(hdev);
2952}
2953
9aa04c91
AG		 2954static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2955 struct sk_buff *skb)
2956{
e95beb41
AG		 2957 u8 num_reports = skb->data[0];
2958 void *ptr = &skb->data[1];
9aa04c91
AG		 2959
2960 hci_dev_lock(hdev);
2961
e95beb41
AG		 2962 while (num_reports--) {
2963 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2964
9aa04c91 2965 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2966
2967 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2968 }
2969
2970 hci_dev_unlock(hdev);
2971}
2972
a7a595f6
VCG		 2973static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2974 struct sk_buff *skb)
2975{
2976 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2977 struct hci_cp_le_ltk_reply cp;
bea710fe 2978 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2979 struct hci_conn *conn;
bea710fe 2980 struct link_key *ltk;
a7a595f6
VCG		 2981
2982 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2983
2984 hci_dev_lock(hdev);
2985
2986 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2987 if (conn == NULL)
2988 goto not_found;
a7a595f6 2989
bea710fe
VCG		 2990 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2991 if (ltk == NULL)
2992 goto not_found;
2993
2994 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2995 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2996 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2997
2998 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2999
3000 hci_dev_unlock(hdev);
bea710fe
VCG		 3001
3002 return;
3003
3004not_found:
3005 neg.handle = ev->handle;
3006 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3007 hci_dev_unlock(hdev);
a7a595f6
VCG		 3008}
3009
fcd89c09
VT		 3010static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3011{
3012 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3013
3014 skb_pull(skb, sizeof(*le_ev));
3015
3016 switch (le_ev->subevent) {
3017 case HCI_EV_LE_CONN_COMPLETE:
3018 hci_le_conn_complete_evt(hdev, skb);
3019 break;
3020
9aa04c91
AG		 3021 case HCI_EV_LE_ADVERTISING_REPORT:
3022 hci_le_adv_report_evt(hdev, skb);
3023 break;
3024
a7a595f6
VCG		 3025 case HCI_EV_LE_LTK_REQ:
3026 hci_le_ltk_request_evt(hdev, skb);
3027 break;
3028
fcd89c09
VT		 3029 default:
3030 break;
3031 }
3032}
3033
a9de9248
MH		 3034void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3035{
3036 struct hci_event_hdr *hdr = (void *) skb->data;
3037 __u8 event = hdr->evt;
3038
3039 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3040
3041 switch (event) {
1da177e4
LT		 3042 case HCI_EV_INQUIRY_COMPLETE:
3043 hci_inquiry_complete_evt(hdev, skb);
3044 break;
3045
3046 case HCI_EV_INQUIRY_RESULT:
3047 hci_inquiry_result_evt(hdev, skb);
3048 break;
3049
a9de9248
MH		 3050 case HCI_EV_CONN_COMPLETE:
3051 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3052 break;
3053
1da177e4
LT		 3054 case HCI_EV_CONN_REQUEST:
3055 hci_conn_request_evt(hdev, skb);
3056 break;
3057
1da177e4
LT		 3058 case HCI_EV_DISCONN_COMPLETE:
3059 hci_disconn_complete_evt(hdev, skb);
3060 break;
3061
1da177e4
LT		 3062 case HCI_EV_AUTH_COMPLETE:
3063 hci_auth_complete_evt(hdev, skb);
3064 break;
3065
a9de9248
MH		 3066 case HCI_EV_REMOTE_NAME:
3067 hci_remote_name_evt(hdev, skb);
3068 break;
3069
1da177e4
LT		 3070 case HCI_EV_ENCRYPT_CHANGE:
3071 hci_encrypt_change_evt(hdev, skb);
3072 break;
3073
a9de9248
MH		 3074 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3075 hci_change_link_key_complete_evt(hdev, skb);
3076 break;
3077
3078 case HCI_EV_REMOTE_FEATURES:
3079 hci_remote_features_evt(hdev, skb);
3080 break;
3081
3082 case HCI_EV_REMOTE_VERSION:
3083 hci_remote_version_evt(hdev, skb);
3084 break;
3085
3086 case HCI_EV_QOS_SETUP_COMPLETE:
3087 hci_qos_setup_complete_evt(hdev, skb);
3088 break;
3089
3090 case HCI_EV_CMD_COMPLETE:
3091 hci_cmd_complete_evt(hdev, skb);
3092 break;
3093
3094 case HCI_EV_CMD_STATUS:
3095 hci_cmd_status_evt(hdev, skb);
3096 break;
3097
3098 case HCI_EV_ROLE_CHANGE:
3099 hci_role_change_evt(hdev, skb);
3100 break;
3101
3102 case HCI_EV_NUM_COMP_PKTS:
3103 hci_num_comp_pkts_evt(hdev, skb);
3104 break;
3105
3106 case HCI_EV_MODE_CHANGE:
3107 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3108 break;
3109
3110 case HCI_EV_PIN_CODE_REQ:
3111 hci_pin_code_request_evt(hdev, skb);
3112 break;
3113
3114 case HCI_EV_LINK_KEY_REQ:
3115 hci_link_key_request_evt(hdev, skb);
3116 break;
3117
3118 case HCI_EV_LINK_KEY_NOTIFY:
3119 hci_link_key_notify_evt(hdev, skb);
3120 break;
3121
3122 case HCI_EV_CLOCK_OFFSET:
3123 hci_clock_offset_evt(hdev, skb);
3124 break;
3125
a8746417
MH		 3126 case HCI_EV_PKT_TYPE_CHANGE:
3127 hci_pkt_type_change_evt(hdev, skb);
3128 break;
3129
85a1e930
MH		 3130 case HCI_EV_PSCAN_REP_MODE:
3131 hci_pscan_rep_mode_evt(hdev, skb);
3132 break;
3133
a9de9248
MH		 3134 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3135 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3136 break;
3137
a9de9248
MH		 3138 case HCI_EV_REMOTE_EXT_FEATURES:
3139 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3140 break;
3141
a9de9248
MH		 3142 case HCI_EV_SYNC_CONN_COMPLETE:
3143 hci_sync_conn_complete_evt(hdev, skb);
3144 break;
1da177e4 3145
a9de9248
MH		 3146 case HCI_EV_SYNC_CONN_CHANGED:
3147 hci_sync_conn_changed_evt(hdev, skb);
3148 break;
1da177e4 3149
a9de9248
MH		 3150 case HCI_EV_SNIFF_SUBRATE:
3151 hci_sniff_subrate_evt(hdev, skb);
3152 break;
1da177e4 3153
a9de9248
MH		 3154 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3155 hci_extended_inquiry_result_evt(hdev, skb);
3156 break;
1da177e4 3157
0493684e
MH		 3158 case HCI_EV_IO_CAPA_REQUEST:
3159 hci_io_capa_request_evt(hdev, skb);
3160 break;
3161
03b555e1
JH		 3162 case HCI_EV_IO_CAPA_REPLY:
3163 hci_io_capa_reply_evt(hdev, skb);
3164 break;
3165
a5c29683
JH		 3166 case HCI_EV_USER_CONFIRM_REQUEST:
3167 hci_user_confirm_request_evt(hdev, skb);
3168 break;
3169
1143d458
BG		 3170 case HCI_EV_USER_PASSKEY_REQUEST:
3171 hci_user_passkey_request_evt(hdev, skb);
3172 break;
3173
0493684e
MH		 3174 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3175 hci_simple_pair_complete_evt(hdev, skb);
3176 break;
3177
41a96212
MH		 3178 case HCI_EV_REMOTE_HOST_FEATURES:
3179 hci_remote_host_features_evt(hdev, skb);
3180 break;
3181
fcd89c09
VT		 3182 case HCI_EV_LE_META:
3183 hci_le_meta_evt(hdev, skb);
3184 break;
3185
2763eda6
SJ		 3186 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3187 hci_remote_oob_data_request_evt(hdev, skb);
3188 break;
3189
a9de9248
MH		 3190 default:
3191 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3192 break;
3193 }
3194
3195 kfree_skb(skb);
3196 hdev->stat.evt_rx++;
3197}
3198
3199/* Generate internal stack event */
3200void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3201{
3202 struct hci_event_hdr *hdr;
3203 struct hci_ev_stack_internal *ev;
3204 struct sk_buff *skb;
3205
3206 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3207 if (!skb)
3208 return;
3209
3210 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3211 hdr->evt = HCI_EV_STACK_INTERNAL;
3212 hdr->plen = sizeof(*ev) + dlen;
3213
3214 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3215 ev->type = type;
3216 memcpy(ev->data, data, dlen);
3217
576c7d85 3218 bt_cb(skb)->incoming = 1;
a61bbcf2 3219 __net_timestamp(skb);
576c7d85 3220
0d48d939 3221 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3222 skb->dev = (void *) hdev;
eec8d2bc 3223 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3224 kfree_skb(skb);
3225}
e6100a25 3226
669bb396 3227module_param(enable_le, bool, 0644);
e6100a25 3228MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)