projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Don't mark non xfer isoc endpoint URBs with URB_ISO_ASAP
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
3c54711c 381 if (hdev->notify)
a9de9248 382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 383}
384
385static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
386{
387 __u8 status = *((__u8 *) skb->data);
f383f275 388 __u16 setting;
a9de9248
MH		 389 void *sent;
390
391 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 392
f383f275
MH		 393 if (status)
394 return;
395
a9de9248
MH		 396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
397 if (!sent)
398 return;
1da177e4 399
f383f275 400 setting = get_unaligned_le16(sent);
1da177e4 401
f383f275
MH		 402 if (hdev->voice_setting == setting)
403 return;
404
405 hdev->voice_setting = setting;
1da177e4 406
f383f275 407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 408
3c54711c 409 if (hdev->notify)
f383f275 410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 411}
412
a9de9248 413static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 414{
a9de9248 415 __u8 status = *((__u8 *) skb->data);
1da177e4 416
a9de9248 417 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 418
23bb5763 419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 420}
1143e5a6 421
333140b5
MH		 422static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423{
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->ssp_mode = rp->mode;
432}
433
434static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
435{
436 __u8 status = *((__u8 *) skb->data);
437 void *sent;
438
439 BT_DBG("%s status 0x%x", hdev->name, status);
440
441 if (status)
442 return;
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
448 hdev->ssp_mode = *((__u8 *) sent);
449}
450
d5859e22
JH		 451static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
452{
453 if (hdev->features[6] & LMP_EXT_INQ)
454 return 2;
455
456 if (hdev->features[3] & LMP_RSSI_INQ)
457 return 1;
458
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
461 return 1;
462
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
465 return 1;
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
469 return 1;
470 }
471
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
474 return 1;
475
476 return 0;
477}
478
479static void hci_setup_inquiry_mode(struct hci_dev *hdev)
480{
481 u8 mode;
482
483 mode = hci_get_inquiry_mode(hdev);
484
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
486}
487
488static void hci_setup_event_mask(struct hci_dev *hdev)
489{
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
494
6de6c18d
VT		 495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
5a13b095 497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 498 return;
499
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 505
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
508
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
511
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
514
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
517
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
520
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
535 }
536
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
539
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
541}
542
e6100a25
AG		 543static void hci_set_le_support(struct hci_dev *hdev)
544{
545 struct hci_cp_write_le_host_supported cp;
546
547 memset(&cp, 0, sizeof(cp));
548
549 if (enable_le) {
550 cp.le = 1;
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
552 }
553
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
555}
556
d5859e22
JH		 557static void hci_setup(struct hci_dev *hdev)
558{
e61ef499
AE		 559 if (hdev->dev_type != HCI_BREDR)
560 return;
561
d5859e22
JH		 562 hci_setup_event_mask(hdev);
563
d095c1eb 564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
566
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
568 u8 mode = 0x01;
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
570 }
571
572 if (hdev->features[3] & LMP_RSSI_INQ)
573 hci_setup_inquiry_mode(hdev);
574
575 if (hdev->features[7] & LMP_INQ_TX_PWR)
576 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 577
578 if (hdev->features[7] & LMP_EXTFEATURES) {
579 struct hci_cp_read_local_ext_features cp;
580
581 cp.page = 0x01;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 sizeof(cp), &cp);
584 }
e6100a25
AG		 585
586 if (hdev->features[4] & LMP_LE)
587 hci_set_le_support(hdev);
d5859e22
JH		 588}
589
a9de9248
MH		 590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 593
a9de9248 594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 595
a9de9248
MH		 596 if (rp->status)
597 return;
1143e5a6 598
a9de9248 599 hdev->hci_ver = rp->hci_ver;
e4e8e37c 600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 601 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 604
a9de9248
MH		 605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
606 hdev->manufacturer,
607 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 608
609 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev);
611}
612
613static void hci_setup_link_policy(struct hci_dev *hdev)
614{
615 u16 link_policy = 0;
616
617 if (hdev->features[0] & LMP_RSWITCH)
618 link_policy |= HCI_LP_RSWITCH;
619 if (hdev->features[0] & LMP_HOLD)
620 link_policy |= HCI_LP_HOLD;
621 if (hdev->features[0] & LMP_SNIFF)
622 link_policy |= HCI_LP_SNIFF;
623 if (hdev->features[1] & LMP_PARK)
624 link_policy |= HCI_LP_PARK;
625
626 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
628 sizeof(link_policy), &link_policy);
a9de9248 629}
1da177e4 630
a9de9248
MH		 631static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
632{
633 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 634
a9de9248 635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 636
a9de9248 637 if (rp->status)
d5859e22 638 goto done;
1da177e4 639
a9de9248 640 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 641
642 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
643 hci_setup_link_policy(hdev);
644
645done:
646 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 647}
1da177e4 648
a9de9248
MH		 649static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
650{
651 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 652
a9de9248 653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 654
a9de9248
MH		 655 if (rp->status)
656 return;
5b7f9909 657
a9de9248 658 memcpy(hdev->features, rp->features, 8);
5b7f9909 659
a9de9248
MH		 660 /* Adjust default settings according to features
661 * supported by device. */
1da177e4 662
a9de9248
MH		 663 if (hdev->features[0] & LMP_3SLOT)
664 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_5SLOT)
667 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[1] & LMP_HV2) {
670 hdev->pkt_type |= (HCI_HV2);
671 hdev->esco_type |= (ESCO_HV2);
672 }
1da177e4 673
a9de9248
MH		 674 if (hdev->features[1] & LMP_HV3) {
675 hdev->pkt_type |= (HCI_HV3);
676 hdev->esco_type |= (ESCO_HV3);
677 }
1da177e4 678
a9de9248
MH		 679 if (hdev->features[3] & LMP_ESCO)
680 hdev->esco_type |= (ESCO_EV3);
da1f5198 681
a9de9248
MH		 682 if (hdev->features[4] & LMP_EV4)
683 hdev->esco_type |= (ESCO_EV4);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV5)
686 hdev->esco_type |= (ESCO_EV5);
1da177e4 687
efc7688b
MH		 688 if (hdev->features[5] & LMP_EDR_ESCO_2M)
689 hdev->esco_type |= (ESCO_2EV3);
690
691 if (hdev->features[5] & LMP_EDR_ESCO_3M)
692 hdev->esco_type |= (ESCO_3EV3);
693
694 if (hdev->features[5] & LMP_EDR_3S_ESCO)
695 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
696
a9de9248
MH		 697 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
698 hdev->features[0], hdev->features[1],
699 hdev->features[2], hdev->features[3],
700 hdev->features[4], hdev->features[5],
701 hdev->features[6], hdev->features[7]);
702}
1da177e4 703
971e3a4b
AG		 704static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
705 struct sk_buff *skb)
706{
707 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
708
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
710
711 if (rp->status)
712 return;
713
b5b32b65
AG		 714 switch (rp->page) {
715 case 0:
716 memcpy(hdev->features, rp->features, 8);
717 break;
718 case 1:
719 memcpy(hdev->host_features, rp->features, 8);
720 break;
721 }
971e3a4b
AG		 722
723 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
724}
725
1e89cffb
AE		 726static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
727 struct sk_buff *skb)
728{
729 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
730
731 BT_DBG("%s status 0x%x", hdev->name, rp->status);
732
733 if (rp->status)
734 return;
735
736 hdev->flow_ctl_mode = rp->mode;
737
738 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
739}
740
a9de9248
MH		 741static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
742{
743 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 744
a9de9248 745 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 746
a9de9248
MH		 747 if (rp->status)
748 return;
1da177e4 749
a9de9248
MH		 750 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
751 hdev->sco_mtu = rp->sco_mtu;
752 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
753 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
754
755 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
756 hdev->sco_mtu = 64;
757 hdev->sco_pkts = 8;
1da177e4 758 }
a9de9248
MH		 759
760 hdev->acl_cnt = hdev->acl_pkts;
761 hdev->sco_cnt = hdev->sco_pkts;
762
763 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
764 hdev->acl_mtu, hdev->acl_pkts,
765 hdev->sco_mtu, hdev->sco_pkts);
766}
767
768static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
769{
770 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
771
772 BT_DBG("%s status 0x%x", hdev->name, rp->status);
773
774 if (!rp->status)
775 bacpy(&hdev->bdaddr, &rp->bdaddr);
776
23bb5763
JH		 777 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
778}
779
350ee4cf
AE		 780static void hci_cc_read_data_block_size(struct hci_dev *hdev,
781 struct sk_buff *skb)
782{
783 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
784
785 BT_DBG("%s status 0x%x", hdev->name, rp->status);
786
787 if (rp->status)
788 return;
789
790 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
791 hdev->block_len = __le16_to_cpu(rp->block_len);
792 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
793
794 hdev->block_cnt = hdev->num_blocks;
795
796 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
797 hdev->block_cnt, hdev->block_len);
798
799 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
800}
801
23bb5763
JH		 802static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
803{
804 __u8 status = *((__u8 *) skb->data);
805
806 BT_DBG("%s status 0x%x", hdev->name, status);
807
808 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 809}
810
928abaa7
AE		 811static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
812 struct sk_buff *skb)
813{
814 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
815
816 BT_DBG("%s status 0x%x", hdev->name, rp->status);
817
818 if (rp->status)
819 return;
820
821 hdev->amp_status = rp->amp_status;
822 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
823 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
824 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
825 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
826 hdev->amp_type = rp->amp_type;
827 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
828 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
829 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
830 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
831
832 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
833}
834
b0916ea0
JH		 835static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 __u8 status = *((__u8 *) skb->data);
839
840 BT_DBG("%s status 0x%x", hdev->name, status);
841
842 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
843}
844
d5859e22
JH		 845static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
846{
847 __u8 status = *((__u8 *) skb->data);
848
849 BT_DBG("%s status 0x%x", hdev->name, status);
850
851 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
852}
853
854static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
855 struct sk_buff *skb)
856{
857 __u8 status = *((__u8 *) skb->data);
858
859 BT_DBG("%s status 0x%x", hdev->name, status);
860
861 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
862}
863
864static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
865 struct sk_buff *skb)
866{
867 __u8 status = *((__u8 *) skb->data);
868
869 BT_DBG("%s status 0x%x", hdev->name, status);
870
871 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
872}
873
874static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
878 BT_DBG("%s status 0x%x", hdev->name, status);
879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
881}
882
980e1a53
JH		 883static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
884{
885 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
886 struct hci_cp_pin_code_reply *cp;
887 struct hci_conn *conn;
888
889 BT_DBG("%s status 0x%x", hdev->name, rp->status);
890
56e5cb86
JH		 891 hci_dev_lock(hdev);
892
980e1a53 893 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 894 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 895
896 if (rp->status != 0)
56e5cb86 897 goto unlock;
980e1a53
JH		 898
899 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
900 if (!cp)
56e5cb86 901 goto unlock;
980e1a53
JH		 902
903 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
904 if (conn)
905 conn->pin_length = cp->pin_len;
56e5cb86
JH		 906
907unlock:
908 hci_dev_unlock(hdev);
980e1a53
JH		 909}
910
911static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
912{
913 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
914
915 BT_DBG("%s status 0x%x", hdev->name, rp->status);
916
56e5cb86
JH		 917 hci_dev_lock(hdev);
918
980e1a53 919 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 920 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 921 rp->status);
56e5cb86
JH		 922
923 hci_dev_unlock(hdev);
980e1a53 924}
56e5cb86 925
6ed58ec5
VT		 926static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
927 struct sk_buff *skb)
928{
929 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
930
931 BT_DBG("%s status 0x%x", hdev->name, rp->status);
932
933 if (rp->status)
934 return;
935
936 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
937 hdev->le_pkts = rp->le_max_pkt;
938
939 hdev->le_cnt = hdev->le_pkts;
940
941 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
942
943 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
944}
980e1a53 945
a5c29683
JH		 946static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
947{
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
949
950 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951
56e5cb86
JH		 952 hci_dev_lock(hdev);
953
a5c29683 954 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 955 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 956 rp->status);
56e5cb86
JH		 957
958 hci_dev_unlock(hdev);
a5c29683
JH		 959}
960
961static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
962 struct sk_buff *skb)
963{
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965
966 BT_DBG("%s status 0x%x", hdev->name, rp->status);
967
56e5cb86
JH		 968 hci_dev_lock(hdev);
969
a5c29683 970 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 971 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 972 rp->status);
56e5cb86
JH		 973
974 hci_dev_unlock(hdev);
a5c29683
JH		 975}
976
1143d458
BG		 977static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
978{
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
980
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
982
983 hci_dev_lock(hdev);
984
985 if (test_bit(HCI_MGMT, &hdev->flags))
986 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
987 rp->status);
988
989 hci_dev_unlock(hdev);
990}
991
992static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
993 struct sk_buff *skb)
994{
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
996
997 BT_DBG("%s status 0x%x", hdev->name, rp->status);
998
999 hci_dev_lock(hdev);
1000
1001 if (test_bit(HCI_MGMT, &hdev->flags))
1002 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1003 rp->status);
1004
1005 hci_dev_unlock(hdev);
1006}
1007
c35938b2
SJ		 1008static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1010{
1011 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1014
56e5cb86 1015 hci_dev_lock(hdev);
744cf19e 1016 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1017 rp->randomizer, rp->status);
56e5cb86 1018 hci_dev_unlock(hdev);
c35938b2
SJ		 1019}
1020
07f7fa5d
AG		 1021static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 __u8 status = *((__u8 *) skb->data);
1024
1025 BT_DBG("%s status 0x%x", hdev->name, status);
1026}
1027
eb9d91f5
AG		 1028static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1029 struct sk_buff *skb)
1030{
1031 struct hci_cp_le_set_scan_enable *cp;
1032 __u8 status = *((__u8 *) skb->data);
1033
1034 BT_DBG("%s status 0x%x", hdev->name, status);
1035
1036 if (status)
1037 return;
1038
1039 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1040 if (!cp)
1041 return;
1042
68a8aea4
AE		 1043 switch (cp->enable) {
1044 case LE_SCANNING_ENABLED:
d23264a8
AG		 1045 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1046
db323f2f 1047 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1048
1049 hci_dev_lock(hdev);
eb9d91f5 1050 hci_adv_entries_clear(hdev);
a8f13c8c 1051 hci_dev_unlock(hdev);
68a8aea4
AE		 1052 break;
1053
1054 case LE_SCANNING_DISABLED:
d23264a8
AG		 1055 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1056
d084329e 1057 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1058 break;
1059
1060 default:
1061 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1062 break;
35815085 1063 }
eb9d91f5
AG		 1064}
1065
a7a595f6
VCG		 1066static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1067{
1068 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1069
1070 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1071
1072 if (rp->status)
1073 return;
1074
1075 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1076}
1077
1078static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1079{
1080 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1081
1082 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1083
1084 if (rp->status)
1085 return;
1086
1087 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1088}
1089
f9b49306
AG		 1090static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1091 struct sk_buff *skb)
1092{
1093 struct hci_cp_read_local_ext_features cp;
1094 __u8 status = *((__u8 *) skb->data);
1095
1096 BT_DBG("%s status 0x%x", hdev->name, status);
1097
1098 if (status)
1099 return;
1100
1101 cp.page = 0x01;
1102 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1103}
1104
a9de9248
MH		 1105static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1106{
1107 BT_DBG("%s status 0x%x", hdev->name, status);
1108
1109 if (status) {
23bb5763 1110 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1111 hci_conn_check_pending(hdev);
56e5cb86 1112 hci_dev_lock(hdev);
164a6e78 1113 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1114 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1115 hci_dev_unlock(hdev);
314b2381
JH		 1116 return;
1117 }
1118
89352e7d
AG		 1119 set_bit(HCI_INQUIRY, &hdev->flags);
1120
56e5cb86 1121 hci_dev_lock(hdev);
30dc78e1 1122 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1123 hci_dev_unlock(hdev);
1da177e4
LT		 1124}
1125
1da177e4
LT		 1126static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1127{
a9de9248 1128 struct hci_cp_create_conn *cp;
1da177e4 1129 struct hci_conn *conn;
1da177e4 1130
a9de9248
MH		 1131 BT_DBG("%s status 0x%x", hdev->name, status);
1132
1133 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1134 if (!cp)
1135 return;
1136
1137 hci_dev_lock(hdev);
1138
1139 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1140
a9de9248 1141 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1142
1143 if (status) {
1144 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1145 if (status != 0x0c || conn->attempt > 2) {
1146 conn->state = BT_CLOSED;
1147 hci_proto_connect_cfm(conn, status);
1148 hci_conn_del(conn);
1149 } else
1150 conn->state = BT_CONNECT2;
1da177e4
LT		 1151 }
1152 } else {
1153 if (!conn) {
1154 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1155 if (conn) {
1156 conn->out = 1;
1157 conn->link_mode |= HCI_LM_MASTER;
1158 } else
893ef971 1159 BT_ERR("No memory for new connection");
1da177e4
LT		 1160 }
1161 }
1162
1163 hci_dev_unlock(hdev);
1164}
1165
a9de9248 1166static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1167{
a9de9248
MH		 1168 struct hci_cp_add_sco *cp;
1169 struct hci_conn *acl, *sco;
1170 __u16 handle;
1da177e4 1171
b6a0dc82
MH		 1172 BT_DBG("%s status 0x%x", hdev->name, status);
1173
a9de9248
MH		 1174 if (!status)
1175 return;
1da177e4 1176
a9de9248
MH		 1177 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1178 if (!cp)
1179 return;
1da177e4 1180
a9de9248 1181 handle = __le16_to_cpu(cp->handle);
1da177e4 1182
a9de9248 1183 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1184
a9de9248 1185 hci_dev_lock(hdev);
1da177e4 1186
a9de9248 1187 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1188 if (acl) {
1189 sco = acl->link;
1190 if (sco) {
1191 sco->state = BT_CLOSED;
1da177e4 1192
5a08ecce
AE		 1193 hci_proto_connect_cfm(sco, status);
1194 hci_conn_del(sco);
1195 }
a9de9248 1196 }
1da177e4 1197
a9de9248
MH		 1198 hci_dev_unlock(hdev);
1199}
1da177e4 1200
f8558555
MH		 1201static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1202{
1203 struct hci_cp_auth_requested *cp;
1204 struct hci_conn *conn;
1205
1206 BT_DBG("%s status 0x%x", hdev->name, status);
1207
1208 if (!status)
1209 return;
1210
1211 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1212 if (!cp)
1213 return;
1214
1215 hci_dev_lock(hdev);
1216
1217 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1218 if (conn) {
1219 if (conn->state == BT_CONFIG) {
1220 hci_proto_connect_cfm(conn, status);
1221 hci_conn_put(conn);
1222 }
1223 }
1224
1225 hci_dev_unlock(hdev);
1226}
1227
1228static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1229{
1230 struct hci_cp_set_conn_encrypt *cp;
1231 struct hci_conn *conn;
1232
1233 BT_DBG("%s status 0x%x", hdev->name, status);
1234
1235 if (!status)
1236 return;
1237
1238 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1239 if (!cp)
1240 return;
1241
1242 hci_dev_lock(hdev);
1243
1244 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1245 if (conn) {
1246 if (conn->state == BT_CONFIG) {
1247 hci_proto_connect_cfm(conn, status);
1248 hci_conn_put(conn);
1249 }
1250 }
1251
1252 hci_dev_unlock(hdev);
1253}
1254
127178d2 1255static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1256 struct hci_conn *conn)
392599b9 1257{
392599b9
JH		 1258 if (conn->state != BT_CONFIG || !conn->out)
1259 return 0;
1260
765c2a96 1261 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1262 return 0;
1263
1264 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1265 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1266 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1267 conn->pending_sec_level != BT_SECURITY_HIGH &&
1268 !(conn->auth_type & 0x01))
392599b9
JH		 1269 return 0;
1270
392599b9
JH		 1271 return 1;
1272}
1273
30dc78e1
JH		 1274static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1275{
1276 struct hci_cp_remote_name_req cp;
1277
1278 memset(&cp, 0, sizeof(cp));
1279
1280 bacpy(&cp.bdaddr, &e->data.bdaddr);
1281 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1282 cp.pscan_mode = e->data.pscan_mode;
1283 cp.clock_offset = e->data.clock_offset;
1284
1285 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1286}
1287
1288static void hci_resolve_next_name(struct hci_dev *hdev, bdaddr_t *bdaddr)
1289{
1290 struct discovery_state *discov = &hdev->discovery;
1291 struct inquiry_entry *e;
1292
1293 if (discov->state == DISCOVERY_STOPPING)
1294 goto discov_complete;
1295
1296 if (discov->state != DISCOVERY_RESOLVING)
1297 return;
1298
1299 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1300 if (e) {
1301 e->name_state = NAME_KNOWN;
1302 list_del(&e->list);
1303 }
1304
1305 if (list_empty(&discov->resolve))
1306 goto discov_complete;
1307
1308 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1309 if (hci_resolve_name(hdev, e) == 0) {
1310 e->name_state = NAME_PENDING;
1311 return;
1312 }
1313
1314discov_complete:
1315 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1316}
1317
a9de9248
MH		 1318static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1319{
127178d2
JH		 1320 struct hci_cp_remote_name_req *cp;
1321 struct hci_conn *conn;
1322
a9de9248 1323 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1324
1325 /* If successful wait for the name req complete event before
1326 * checking for the need to do authentication */
1327 if (!status)
1328 return;
1329
1330 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1331 if (!cp)
1332 return;
1333
1334 hci_dev_lock(hdev);
1335
30dc78e1
JH		 1336 if (test_bit(HCI_MGMT, &hdev->flags))
1337 hci_resolve_next_name(hdev, &cp->bdaddr);
1338
127178d2 1339 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1340 if (!conn)
1341 goto unlock;
1342
1343 if (!hci_outgoing_auth_needed(hdev, conn))
1344 goto unlock;
1345
1346 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1347 struct hci_cp_auth_requested cp;
1348 cp.handle = __cpu_to_le16(conn->handle);
1349 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1350 }
1351
79c6c70c 1352unlock:
127178d2 1353 hci_dev_unlock(hdev);
a9de9248 1354}
1da177e4 1355
769be974
MH		 1356static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1357{
1358 struct hci_cp_read_remote_features *cp;
1359 struct hci_conn *conn;
1360
1361 BT_DBG("%s status 0x%x", hdev->name, status);
1362
1363 if (!status)
1364 return;
1365
1366 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1367 if (!cp)
1368 return;
1369
1370 hci_dev_lock(hdev);
1371
1372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1373 if (conn) {
1374 if (conn->state == BT_CONFIG) {
769be974
MH		 1375 hci_proto_connect_cfm(conn, status);
1376 hci_conn_put(conn);
1377 }
1378 }
1379
1380 hci_dev_unlock(hdev);
1381}
1382
1383static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1384{
1385 struct hci_cp_read_remote_ext_features *cp;
1386 struct hci_conn *conn;
1387
1388 BT_DBG("%s status 0x%x", hdev->name, status);
1389
1390 if (!status)
1391 return;
1392
1393 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1394 if (!cp)
1395 return;
1396
1397 hci_dev_lock(hdev);
1398
1399 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1400 if (conn) {
1401 if (conn->state == BT_CONFIG) {
769be974
MH		 1402 hci_proto_connect_cfm(conn, status);
1403 hci_conn_put(conn);
1404 }
1405 }
1406
1407 hci_dev_unlock(hdev);
1408}
1409
a9de9248
MH		 1410static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1411{
b6a0dc82
MH		 1412 struct hci_cp_setup_sync_conn *cp;
1413 struct hci_conn *acl, *sco;
1414 __u16 handle;
1415
a9de9248 1416 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1417
1418 if (!status)
1419 return;
1420
1421 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1422 if (!cp)
1423 return;
1424
1425 handle = __le16_to_cpu(cp->handle);
1426
1427 BT_DBG("%s handle %d", hdev->name, handle);
1428
1429 hci_dev_lock(hdev);
1430
1431 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1432 if (acl) {
1433 sco = acl->link;
1434 if (sco) {
1435 sco->state = BT_CLOSED;
b6a0dc82 1436
5a08ecce
AE		 1437 hci_proto_connect_cfm(sco, status);
1438 hci_conn_del(sco);
1439 }
b6a0dc82
MH		 1440 }
1441
1442 hci_dev_unlock(hdev);
1da177e4
LT		 1443}
1444
a9de9248 1445static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1446{
a9de9248
MH		 1447 struct hci_cp_sniff_mode *cp;
1448 struct hci_conn *conn;
1da177e4 1449
a9de9248 1450 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1451
a9de9248
MH		 1452 if (!status)
1453 return;
04837f64 1454
a9de9248
MH		 1455 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1456 if (!cp)
1457 return;
04837f64 1458
a9de9248 1459 hci_dev_lock(hdev);
04837f64 1460
a9de9248 1461 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1462 if (conn) {
a9de9248 1463 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1464
e73439d8
MH		 1465 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1466 hci_sco_setup(conn, status);
1467 }
1468
a9de9248
MH		 1469 hci_dev_unlock(hdev);
1470}
04837f64 1471
a9de9248
MH		 1472static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1473{
1474 struct hci_cp_exit_sniff_mode *cp;
1475 struct hci_conn *conn;
04837f64 1476
a9de9248 1477 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1478
a9de9248
MH		 1479 if (!status)
1480 return;
04837f64 1481
a9de9248
MH		 1482 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1483 if (!cp)
1484 return;
04837f64 1485
a9de9248 1486 hci_dev_lock(hdev);
1da177e4 1487
a9de9248 1488 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1489 if (conn) {
a9de9248 1490 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1491
e73439d8
MH		 1492 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1493 hci_sco_setup(conn, status);
1494 }
1495
a9de9248 1496 hci_dev_unlock(hdev);
1da177e4
LT		 1497}
1498
fcd89c09
VT		 1499static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1500{
1501 struct hci_cp_le_create_conn *cp;
1502 struct hci_conn *conn;
1503
1504 BT_DBG("%s status 0x%x", hdev->name, status);
1505
1506 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1507 if (!cp)
1508 return;
1509
1510 hci_dev_lock(hdev);
1511
1512 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1513
1514 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1515 conn);
1516
1517 if (status) {
1518 if (conn && conn->state == BT_CONNECT) {
1519 conn->state = BT_CLOSED;
1520 hci_proto_connect_cfm(conn, status);
1521 hci_conn_del(conn);
1522 }
1523 } else {
1524 if (!conn) {
1525 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1526 if (conn) {
1527 conn->dst_type = cp->peer_addr_type;
fcd89c09 1528 conn->out = 1;
29b7988a 1529 } else {
fcd89c09 1530 BT_ERR("No memory for new connection");
29b7988a 1531 }
fcd89c09
VT		 1532 }
1533 }
1534
1535 hci_dev_unlock(hdev);
1536}
1537
a7a595f6
VCG		 1538static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1539{
1540 BT_DBG("%s status 0x%x", hdev->name, status);
1541}
1542
1da177e4
LT		 1543static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1544{
1545 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1546 struct discovery_state *discov = &hdev->discovery;
1547 struct inquiry_entry *e;
1da177e4
LT		 1548
1549 BT_DBG("%s status %d", hdev->name, status);
1550
23bb5763 1551 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1552
a9de9248 1553 hci_conn_check_pending(hdev);
89352e7d
AG		 1554
1555 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1556 return;
1557
30dc78e1
JH		 1558 if (!test_bit(HCI_MGMT, &hdev->flags))
1559 return;
1560
56e5cb86 1561 hci_dev_lock(hdev);
30dc78e1
JH		 1562
1563 if (discov->state != DISCOVERY_INQUIRY)
1564 goto unlock;
1565
1566 if (list_empty(&discov->resolve)) {
1567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1568 goto unlock;
1569 }
1570
1571 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1572 if (e && hci_resolve_name(hdev, e) == 0) {
1573 e->name_state = NAME_PENDING;
1574 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1575 } else {
1576 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1577 }
1578
1579unlock:
56e5cb86 1580 hci_dev_unlock(hdev);
1da177e4
LT		 1581}
1582
1da177e4
LT		 1583static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1584{
45bb4bf0 1585 struct inquiry_data data;
a9de9248 1586 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1587 int num_rsp = *((__u8 *) skb->data);
1588
1589 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1590
45bb4bf0
MH		 1591 if (!num_rsp)
1592 return;
1593
1da177e4 1594 hci_dev_lock(hdev);
45bb4bf0 1595
e17acd40 1596 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1597 bool name_known;
1598
1da177e4
LT		 1599 bacpy(&data.bdaddr, &info->bdaddr);
1600 data.pscan_rep_mode = info->pscan_rep_mode;
1601 data.pscan_period_mode = info->pscan_period_mode;
1602 data.pscan_mode = info->pscan_mode;
1603 memcpy(data.dev_class, info->dev_class, 3);
1604 data.clock_offset = info->clock_offset;
1605 data.rssi = 0x00;
41a96212 1606 data.ssp_mode = 0x00;
3175405b
JH		 1607
1608 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1609 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3175405b 1610 info->dev_class, 0, !name_known, NULL);
1da177e4 1611 }
45bb4bf0 1612
1da177e4
LT		 1613 hci_dev_unlock(hdev);
1614}
1615
1da177e4
LT		 1616static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1617{
a9de9248
MH		 1618 struct hci_ev_conn_complete *ev = (void *) skb->data;
1619 struct hci_conn *conn;
1da177e4
LT		 1620
1621 BT_DBG("%s", hdev->name);
1622
1623 hci_dev_lock(hdev);
1624
1625 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1626 if (!conn) {
1627 if (ev->link_type != SCO_LINK)
1628 goto unlock;
1629
1630 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1631 if (!conn)
1632 goto unlock;
1633
1634 conn->type = SCO_LINK;
1635 }
1da177e4
LT		 1636
1637 if (!ev->status) {
1638 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1639
1640 if (conn->type == ACL_LINK) {
1641 conn->state = BT_CONFIG;
1642 hci_conn_hold(conn);
052b30b0 1643 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1644 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1645 conn->dst_type);
769be974
MH		 1646 } else
1647 conn->state = BT_CONNECTED;
1da177e4 1648
9eba32b8 1649 hci_conn_hold_device(conn);
7d0db0a3
MH		 1650 hci_conn_add_sysfs(conn);
1651
1da177e4
LT		 1652 if (test_bit(HCI_AUTH, &hdev->flags))
1653 conn->link_mode |= HCI_LM_AUTH;
1654
1655 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1656 conn->link_mode |= HCI_LM_ENCRYPT;
1657
04837f64
MH		 1658 /* Get remote features */
1659 if (conn->type == ACL_LINK) {
1660 struct hci_cp_read_remote_features cp;
1661 cp.handle = ev->handle;
769be974
MH		 1662 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1663 sizeof(cp), &cp);
04837f64
MH		 1664 }
1665
1da177e4 1666 /* Set packet type for incoming connection */
d095c1eb 1667 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1668 struct hci_cp_change_conn_ptype cp;
1669 cp.handle = ev->handle;
a8746417
MH		 1670 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1671 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1672 sizeof(cp), &cp);
1da177e4 1673 }
17d5c04c 1674 } else {
1da177e4 1675 conn->state = BT_CLOSED;
17d5c04c 1676 if (conn->type == ACL_LINK)
744cf19e 1677 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1678 conn->dst_type, ev->status);
17d5c04c 1679 }
1da177e4 1680
e73439d8
MH		 1681 if (conn->type == ACL_LINK)
1682 hci_sco_setup(conn, ev->status);
1da177e4 1683
769be974
MH		 1684 if (ev->status) {
1685 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1686 hci_conn_del(conn);
c89b6e6b
MH		 1687 } else if (ev->link_type != ACL_LINK)
1688 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1689
a9de9248 1690unlock:
1da177e4 1691 hci_dev_unlock(hdev);
1da177e4 1692
a9de9248 1693 hci_conn_check_pending(hdev);
1da177e4
LT		 1694}
1695
a9de9248 1696static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1697{
a9de9248
MH		 1698 struct hci_ev_conn_request *ev = (void *) skb->data;
1699 int mask = hdev->link_mode;
1da177e4 1700
a9de9248
MH		 1701 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1702 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1703
a9de9248 1704 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1705
138d22ef
SJ		 1706 if ((mask & HCI_LM_ACCEPT) &&
1707 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1708 /* Connection accepted */
c7bdd502 1709 struct inquiry_entry *ie;
1da177e4 1710 struct hci_conn *conn;
1da177e4 1711
a9de9248 1712 hci_dev_lock(hdev);
b6a0dc82 1713
cc11b9c1
AE		 1714 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1715 if (ie)
c7bdd502
MH		 1716 memcpy(ie->data.dev_class, ev->dev_class, 3);
1717
a9de9248
MH		 1718 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1719 if (!conn) {
cc11b9c1
AE		 1720 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1721 if (!conn) {
893ef971 1722 BT_ERR("No memory for new connection");
a9de9248
MH		 1723 hci_dev_unlock(hdev);
1724 return;
1da177e4
LT		 1725 }
1726 }
b6a0dc82 1727
a9de9248
MH		 1728 memcpy(conn->dev_class, ev->dev_class, 3);
1729 conn->state = BT_CONNECT;
b6a0dc82 1730
a9de9248 1731 hci_dev_unlock(hdev);
1da177e4 1732
b6a0dc82
MH		 1733 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1734 struct hci_cp_accept_conn_req cp;
1da177e4 1735
b6a0dc82
MH		 1736 bacpy(&cp.bdaddr, &ev->bdaddr);
1737
1738 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1739 cp.role = 0x00; /* Become master */
1740 else
1741 cp.role = 0x01; /* Remain slave */
1742
1743 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1744 sizeof(cp), &cp);
1745 } else {
1746 struct hci_cp_accept_sync_conn_req cp;
1747
1748 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1749 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1750
1751 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1752 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1753 cp.max_latency = cpu_to_le16(0xffff);
1754 cp.content_format = cpu_to_le16(hdev->voice_setting);
1755 cp.retrans_effort = 0xff;
1da177e4 1756
b6a0dc82
MH		 1757 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1758 sizeof(cp), &cp);
1759 }
a9de9248
MH		 1760 } else {
1761 /* Connection rejected */
1762 struct hci_cp_reject_conn_req cp;
1da177e4 1763
a9de9248 1764 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1765 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1766 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1767 }
1da177e4
LT		 1768}
1769
a9de9248 1770static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1771{
a9de9248 1772 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1773 struct hci_conn *conn;
1774
1775 BT_DBG("%s status %d", hdev->name, ev->status);
1776
1777 hci_dev_lock(hdev);
1778
1779 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1780 if (!conn)
1781 goto unlock;
7d0db0a3 1782
37d9ef76
JH		 1783 if (ev->status == 0)
1784 conn->state = BT_CLOSED;
04837f64 1785
37d9ef76
JH		 1786 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1787 if (ev->status != 0)
1788 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1789 else
1790 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1791 conn->dst_type);
37d9ef76 1792 }
f7520543 1793
37d9ef76
JH		 1794 if (ev->status == 0) {
1795 hci_proto_disconn_cfm(conn, ev->reason);
1796 hci_conn_del(conn);
1797 }
f7520543
JH		 1798
1799unlock:
04837f64
MH		 1800 hci_dev_unlock(hdev);
1801}
1802
1da177e4
LT		 1803static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1804{
a9de9248 1805 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1806 struct hci_conn *conn;
1da177e4
LT		 1807
1808 BT_DBG("%s status %d", hdev->name, ev->status);
1809
1810 hci_dev_lock(hdev);
1811
04837f64 1812 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1813 if (!conn)
1814 goto unlock;
1815
1816 if (!ev->status) {
1817 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1818 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1819 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1820 } else {
d7556e20
WR		 1821 conn->link_mode |= HCI_LM_AUTH;
1822 conn->sec_level = conn->pending_sec_level;
2a611692 1823 }
d7556e20 1824 } else {
744cf19e 1825 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1826 }
1da177e4 1827
d7556e20
WR		 1828 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1829 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1830
d7556e20
WR		 1831 if (conn->state == BT_CONFIG) {
1832 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1833 struct hci_cp_set_conn_encrypt cp;
1834 cp.handle = ev->handle;
1835 cp.encrypt = 0x01;
1836 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1837 &cp);
052b30b0 1838 } else {
d7556e20
WR		 1839 conn->state = BT_CONNECTED;
1840 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1841 hci_conn_put(conn);
1842 }
d7556e20
WR		 1843 } else {
1844 hci_auth_cfm(conn, ev->status);
052b30b0 1845
d7556e20
WR		 1846 hci_conn_hold(conn);
1847 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1848 hci_conn_put(conn);
1849 }
1850
1851 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1852 if (!ev->status) {
1853 struct hci_cp_set_conn_encrypt cp;
1854 cp.handle = ev->handle;
1855 cp.encrypt = 0x01;
1856 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1857 &cp);
1858 } else {
1859 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1860 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1861 }
1862 }
1863
d7556e20 1864unlock:
1da177e4
LT		 1865 hci_dev_unlock(hdev);
1866}
1867
a9de9248 1868static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1869{
127178d2
JH		 1870 struct hci_ev_remote_name *ev = (void *) skb->data;
1871 struct hci_conn *conn;
1872
a9de9248 1873 BT_DBG("%s", hdev->name);
1da177e4 1874
a9de9248 1875 hci_conn_check_pending(hdev);
127178d2
JH		 1876
1877 hci_dev_lock(hdev);
1878
30dc78e1
JH		 1879 if (test_bit(HCI_MGMT, &hdev->flags)) {
1880 if (ev->status == 0)
1881 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1882
1883 hci_resolve_next_name(hdev, &ev->bdaddr);
1884 }
a88a9652 1885
127178d2 1886 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1887 if (!conn)
1888 goto unlock;
1889
1890 if (!hci_outgoing_auth_needed(hdev, conn))
1891 goto unlock;
1892
1893 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1894 struct hci_cp_auth_requested cp;
1895 cp.handle = __cpu_to_le16(conn->handle);
1896 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1897 }
1898
79c6c70c 1899unlock:
127178d2 1900 hci_dev_unlock(hdev);
a9de9248
MH		 1901}
1902
1903static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1904{
1905 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1906 struct hci_conn *conn;
1907
1908 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1909
1910 hci_dev_lock(hdev);
1911
04837f64 1912 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1913 if (conn) {
1914 if (!ev->status) {
ae293196
MH		 1915 if (ev->encrypt) {
1916 /* Encryption implies authentication */
1917 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1918 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1919 conn->sec_level = conn->pending_sec_level;
ae293196 1920 } else
1da177e4
LT		 1921 conn->link_mode &= ~HCI_LM_ENCRYPT;
1922 }
1923
1924 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1925
f8558555
MH		 1926 if (conn->state == BT_CONFIG) {
1927 if (!ev->status)
1928 conn->state = BT_CONNECTED;
1929
1930 hci_proto_connect_cfm(conn, ev->status);
1931 hci_conn_put(conn);
1932 } else
1933 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1934 }
1935
1936 hci_dev_unlock(hdev);
1937}
1938
a9de9248 1939static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1940{
a9de9248 1941 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1942 struct hci_conn *conn;
1da177e4
LT		 1943
1944 BT_DBG("%s status %d", hdev->name, ev->status);
1945
1946 hci_dev_lock(hdev);
1947
04837f64 1948 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1949 if (conn) {
1950 if (!ev->status)
1951 conn->link_mode |= HCI_LM_SECURE;
1952
1953 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1954
1955 hci_key_change_cfm(conn, ev->status);
1956 }
1957
1958 hci_dev_unlock(hdev);
1959}
1960
a9de9248 1961static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1962{
a9de9248
MH		 1963 struct hci_ev_remote_features *ev = (void *) skb->data;
1964 struct hci_conn *conn;
1965
1966 BT_DBG("%s status %d", hdev->name, ev->status);
1967
a9de9248
MH		 1968 hci_dev_lock(hdev);
1969
1970 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1971 if (!conn)
1972 goto unlock;
769be974 1973
ccd556fe
JH		 1974 if (!ev->status)
1975 memcpy(conn->features, ev->features, 8);
1976
1977 if (conn->state != BT_CONFIG)
1978 goto unlock;
1979
1980 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1981 struct hci_cp_read_remote_ext_features cp;
1982 cp.handle = ev->handle;
1983 cp.page = 0x01;
1984 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1985 sizeof(cp), &cp);
392599b9
JH		 1986 goto unlock;
1987 }
1988
127178d2
JH		 1989 if (!ev->status) {
1990 struct hci_cp_remote_name_req cp;
1991 memset(&cp, 0, sizeof(cp));
1992 bacpy(&cp.bdaddr, &conn->dst);
1993 cp.pscan_rep_mode = 0x02;
1994 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1995 }
392599b9 1996
127178d2 1997 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1998 conn->state = BT_CONNECTED;
1999 hci_proto_connect_cfm(conn, ev->status);
2000 hci_conn_put(conn);
769be974 2001 }
a9de9248 2002
ccd556fe 2003unlock:
a9de9248 2004 hci_dev_unlock(hdev);
1da177e4
LT		 2005}
2006
a9de9248 2007static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2008{
a9de9248 2009 BT_DBG("%s", hdev->name);
1da177e4
LT		 2010}
2011
a9de9248 2012static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2013{
a9de9248 2014 BT_DBG("%s", hdev->name);
1da177e4
LT		 2015}
2016
a9de9248
MH		 2017static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2018{
2019 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2020 __u16 opcode;
2021
2022 skb_pull(skb, sizeof(*ev));
2023
2024 opcode = __le16_to_cpu(ev->opcode);
2025
2026 switch (opcode) {
2027 case HCI_OP_INQUIRY_CANCEL:
2028 hci_cc_inquiry_cancel(hdev, skb);
2029 break;
2030
2031 case HCI_OP_EXIT_PERIODIC_INQ:
2032 hci_cc_exit_periodic_inq(hdev, skb);
2033 break;
2034
2035 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2036 hci_cc_remote_name_req_cancel(hdev, skb);
2037 break;
2038
2039 case HCI_OP_ROLE_DISCOVERY:
2040 hci_cc_role_discovery(hdev, skb);
2041 break;
2042
e4e8e37c
MH		 2043 case HCI_OP_READ_LINK_POLICY:
2044 hci_cc_read_link_policy(hdev, skb);
2045 break;
2046
a9de9248
MH		 2047 case HCI_OP_WRITE_LINK_POLICY:
2048 hci_cc_write_link_policy(hdev, skb);
2049 break;
2050
e4e8e37c
MH		 2051 case HCI_OP_READ_DEF_LINK_POLICY:
2052 hci_cc_read_def_link_policy(hdev, skb);
2053 break;
2054
2055 case HCI_OP_WRITE_DEF_LINK_POLICY:
2056 hci_cc_write_def_link_policy(hdev, skb);
2057 break;
2058
a9de9248
MH		 2059 case HCI_OP_RESET:
2060 hci_cc_reset(hdev, skb);
2061 break;
2062
2063 case HCI_OP_WRITE_LOCAL_NAME:
2064 hci_cc_write_local_name(hdev, skb);
2065 break;
2066
2067 case HCI_OP_READ_LOCAL_NAME:
2068 hci_cc_read_local_name(hdev, skb);
2069 break;
2070
2071 case HCI_OP_WRITE_AUTH_ENABLE:
2072 hci_cc_write_auth_enable(hdev, skb);
2073 break;
2074
2075 case HCI_OP_WRITE_ENCRYPT_MODE:
2076 hci_cc_write_encrypt_mode(hdev, skb);
2077 break;
2078
2079 case HCI_OP_WRITE_SCAN_ENABLE:
2080 hci_cc_write_scan_enable(hdev, skb);
2081 break;
2082
2083 case HCI_OP_READ_CLASS_OF_DEV:
2084 hci_cc_read_class_of_dev(hdev, skb);
2085 break;
2086
2087 case HCI_OP_WRITE_CLASS_OF_DEV:
2088 hci_cc_write_class_of_dev(hdev, skb);
2089 break;
2090
2091 case HCI_OP_READ_VOICE_SETTING:
2092 hci_cc_read_voice_setting(hdev, skb);
2093 break;
2094
2095 case HCI_OP_WRITE_VOICE_SETTING:
2096 hci_cc_write_voice_setting(hdev, skb);
2097 break;
2098
2099 case HCI_OP_HOST_BUFFER_SIZE:
2100 hci_cc_host_buffer_size(hdev, skb);
2101 break;
2102
333140b5
MH		 2103 case HCI_OP_READ_SSP_MODE:
2104 hci_cc_read_ssp_mode(hdev, skb);
2105 break;
2106
2107 case HCI_OP_WRITE_SSP_MODE:
2108 hci_cc_write_ssp_mode(hdev, skb);
2109 break;
2110
a9de9248
MH		 2111 case HCI_OP_READ_LOCAL_VERSION:
2112 hci_cc_read_local_version(hdev, skb);
2113 break;
2114
2115 case HCI_OP_READ_LOCAL_COMMANDS:
2116 hci_cc_read_local_commands(hdev, skb);
2117 break;
2118
2119 case HCI_OP_READ_LOCAL_FEATURES:
2120 hci_cc_read_local_features(hdev, skb);
2121 break;
2122
971e3a4b
AG		 2123 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2124 hci_cc_read_local_ext_features(hdev, skb);
2125 break;
2126
a9de9248
MH		 2127 case HCI_OP_READ_BUFFER_SIZE:
2128 hci_cc_read_buffer_size(hdev, skb);
2129 break;
2130
2131 case HCI_OP_READ_BD_ADDR:
2132 hci_cc_read_bd_addr(hdev, skb);
2133 break;
2134
350ee4cf
AE		 2135 case HCI_OP_READ_DATA_BLOCK_SIZE:
2136 hci_cc_read_data_block_size(hdev, skb);
2137 break;
2138
23bb5763
JH		 2139 case HCI_OP_WRITE_CA_TIMEOUT:
2140 hci_cc_write_ca_timeout(hdev, skb);
2141 break;
2142
1e89cffb
AE		 2143 case HCI_OP_READ_FLOW_CONTROL_MODE:
2144 hci_cc_read_flow_control_mode(hdev, skb);
2145 break;
2146
928abaa7
AE		 2147 case HCI_OP_READ_LOCAL_AMP_INFO:
2148 hci_cc_read_local_amp_info(hdev, skb);
2149 break;
2150
b0916ea0
JH		 2151 case HCI_OP_DELETE_STORED_LINK_KEY:
2152 hci_cc_delete_stored_link_key(hdev, skb);
2153 break;
2154
d5859e22
JH		 2155 case HCI_OP_SET_EVENT_MASK:
2156 hci_cc_set_event_mask(hdev, skb);
2157 break;
2158
2159 case HCI_OP_WRITE_INQUIRY_MODE:
2160 hci_cc_write_inquiry_mode(hdev, skb);
2161 break;
2162
2163 case HCI_OP_READ_INQ_RSP_TX_POWER:
2164 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2165 break;
2166
2167 case HCI_OP_SET_EVENT_FLT:
2168 hci_cc_set_event_flt(hdev, skb);
2169 break;
2170
980e1a53
JH		 2171 case HCI_OP_PIN_CODE_REPLY:
2172 hci_cc_pin_code_reply(hdev, skb);
2173 break;
2174
2175 case HCI_OP_PIN_CODE_NEG_REPLY:
2176 hci_cc_pin_code_neg_reply(hdev, skb);
2177 break;
2178
c35938b2
SJ		 2179 case HCI_OP_READ_LOCAL_OOB_DATA:
2180 hci_cc_read_local_oob_data_reply(hdev, skb);
2181 break;
2182
6ed58ec5
VT		 2183 case HCI_OP_LE_READ_BUFFER_SIZE:
2184 hci_cc_le_read_buffer_size(hdev, skb);
2185 break;
2186
a5c29683
JH		 2187 case HCI_OP_USER_CONFIRM_REPLY:
2188 hci_cc_user_confirm_reply(hdev, skb);
2189 break;
2190
2191 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2192 hci_cc_user_confirm_neg_reply(hdev, skb);
2193 break;
2194
1143d458
BG		 2195 case HCI_OP_USER_PASSKEY_REPLY:
2196 hci_cc_user_passkey_reply(hdev, skb);
2197 break;
2198
2199 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2200 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2201
2202 case HCI_OP_LE_SET_SCAN_PARAM:
2203 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2204 break;
2205
eb9d91f5
AG		 2206 case HCI_OP_LE_SET_SCAN_ENABLE:
2207 hci_cc_le_set_scan_enable(hdev, skb);
2208 break;
2209
a7a595f6
VCG		 2210 case HCI_OP_LE_LTK_REPLY:
2211 hci_cc_le_ltk_reply(hdev, skb);
2212 break;
2213
2214 case HCI_OP_LE_LTK_NEG_REPLY:
2215 hci_cc_le_ltk_neg_reply(hdev, skb);
2216 break;
2217
f9b49306
AG		 2218 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2219 hci_cc_write_le_host_supported(hdev, skb);
2220 break;
2221
a9de9248
MH		 2222 default:
2223 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2224 break;
2225 }
2226
6bd32326
VT		 2227 if (ev->opcode != HCI_OP_NOP)
2228 del_timer(&hdev->cmd_timer);
2229
a9de9248
MH		 2230 if (ev->ncmd) {
2231 atomic_set(&hdev->cmd_cnt, 1);
2232 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2233 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2234 }
2235}
2236
2237static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2238{
2239 struct hci_ev_cmd_status *ev = (void *) skb->data;
2240 __u16 opcode;
2241
2242 skb_pull(skb, sizeof(*ev));
2243
2244 opcode = __le16_to_cpu(ev->opcode);
2245
2246 switch (opcode) {
2247 case HCI_OP_INQUIRY:
2248 hci_cs_inquiry(hdev, ev->status);
2249 break;
2250
2251 case HCI_OP_CREATE_CONN:
2252 hci_cs_create_conn(hdev, ev->status);
2253 break;
2254
2255 case HCI_OP_ADD_SCO:
2256 hci_cs_add_sco(hdev, ev->status);
2257 break;
2258
f8558555
MH		 2259 case HCI_OP_AUTH_REQUESTED:
2260 hci_cs_auth_requested(hdev, ev->status);
2261 break;
2262
2263 case HCI_OP_SET_CONN_ENCRYPT:
2264 hci_cs_set_conn_encrypt(hdev, ev->status);
2265 break;
2266
a9de9248
MH		 2267 case HCI_OP_REMOTE_NAME_REQ:
2268 hci_cs_remote_name_req(hdev, ev->status);
2269 break;
2270
769be974
MH		 2271 case HCI_OP_READ_REMOTE_FEATURES:
2272 hci_cs_read_remote_features(hdev, ev->status);
2273 break;
2274
2275 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2276 hci_cs_read_remote_ext_features(hdev, ev->status);
2277 break;
2278
a9de9248
MH		 2279 case HCI_OP_SETUP_SYNC_CONN:
2280 hci_cs_setup_sync_conn(hdev, ev->status);
2281 break;
2282
2283 case HCI_OP_SNIFF_MODE:
2284 hci_cs_sniff_mode(hdev, ev->status);
2285 break;
2286
2287 case HCI_OP_EXIT_SNIFF_MODE:
2288 hci_cs_exit_sniff_mode(hdev, ev->status);
2289 break;
2290
8962ee74
JH		 2291 case HCI_OP_DISCONNECT:
2292 if (ev->status != 0)
37d9ef76 2293 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2294 break;
2295
fcd89c09
VT		 2296 case HCI_OP_LE_CREATE_CONN:
2297 hci_cs_le_create_conn(hdev, ev->status);
2298 break;
2299
a7a595f6
VCG		 2300 case HCI_OP_LE_START_ENC:
2301 hci_cs_le_start_enc(hdev, ev->status);
2302 break;
2303
a9de9248
MH		 2304 default:
2305 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2306 break;
2307 }
2308
6bd32326
VT		 2309 if (ev->opcode != HCI_OP_NOP)
2310 del_timer(&hdev->cmd_timer);
2311
10572132 2312 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2313 atomic_set(&hdev->cmd_cnt, 1);
2314 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2315 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2316 }
2317}
2318
2319static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2320{
2321 struct hci_ev_role_change *ev = (void *) skb->data;
2322 struct hci_conn *conn;
2323
2324 BT_DBG("%s status %d", hdev->name, ev->status);
2325
2326 hci_dev_lock(hdev);
2327
2328 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2329 if (conn) {
2330 if (!ev->status) {
2331 if (ev->role)
2332 conn->link_mode &= ~HCI_LM_MASTER;
2333 else
2334 conn->link_mode |= HCI_LM_MASTER;
2335 }
2336
2337 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2338
2339 hci_role_switch_cfm(conn, ev->status, ev->role);
2340 }
2341
2342 hci_dev_unlock(hdev);
2343}
2344
2345static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2346{
2347 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2348 int i;
2349
32ac5b9b
AE		 2350 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2351 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2352 return;
2353 }
2354
c5993de8
AE		 2355 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2356 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2357 BT_DBG("%s bad parameters", hdev->name);
2358 return;
2359 }
2360
c5993de8
AE		 2361 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2362
613a1c0c
AE		 2363 for (i = 0; i < ev->num_hndl; i++) {
2364 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2365 struct hci_conn *conn;
2366 __u16 handle, count;
2367
613a1c0c
AE		 2368 handle = __le16_to_cpu(info->handle);
2369 count = __le16_to_cpu(info->count);
a9de9248
MH		 2370
2371 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2372 if (!conn)
2373 continue;
2374
2375 conn->sent -= count;
2376
2377 switch (conn->type) {
2378 case ACL_LINK:
2379 hdev->acl_cnt += count;
2380 if (hdev->acl_cnt > hdev->acl_pkts)
2381 hdev->acl_cnt = hdev->acl_pkts;
2382 break;
2383
2384 case LE_LINK:
2385 if (hdev->le_pkts) {
2386 hdev->le_cnt += count;
2387 if (hdev->le_cnt > hdev->le_pkts)
2388 hdev->le_cnt = hdev->le_pkts;
2389 } else {
70f23020
AE		 2390 hdev->acl_cnt += count;
2391 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2392 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2393 }
f4280918
AE		 2394 break;
2395
2396 case SCO_LINK:
2397 hdev->sco_cnt += count;
2398 if (hdev->sco_cnt > hdev->sco_pkts)
2399 hdev->sco_cnt = hdev->sco_pkts;
2400 break;
2401
2402 default:
2403 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2404 break;
a9de9248
MH		 2405 }
2406 }
2407
3eff45ea 2408 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2409}
2410
2411static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2412{
a9de9248 2413 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2414 struct hci_conn *conn;
2415
2416 BT_DBG("%s status %d", hdev->name, ev->status);
2417
2418 hci_dev_lock(hdev);
2419
2420 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2421 if (conn) {
2422 conn->mode = ev->mode;
2423 conn->interval = __le16_to_cpu(ev->interval);
2424
2425 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2426 if (conn->mode == HCI_CM_ACTIVE)
2427 conn->power_save = 1;
2428 else
2429 conn->power_save = 0;
2430 }
e73439d8
MH		 2431
2432 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2433 hci_sco_setup(conn, ev->status);
04837f64
MH		 2434 }
2435
2436 hci_dev_unlock(hdev);
2437}
2438
a9de9248
MH		 2439static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2440{
052b30b0
MH		 2441 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2442 struct hci_conn *conn;
2443
a9de9248 2444 BT_DBG("%s", hdev->name);
052b30b0
MH		 2445
2446 hci_dev_lock(hdev);
2447
2448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2449 if (!conn)
2450 goto unlock;
2451
2452 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2453 hci_conn_hold(conn);
2454 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2455 hci_conn_put(conn);
2456 }
2457
03b555e1
JH		 2458 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2459 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2460 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2461 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2462 u8 secure;
2463
2464 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2465 secure = 1;
2466 else
2467 secure = 0;
2468
744cf19e 2469 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2470 }
980e1a53 2471
b6f98044 2472unlock:
052b30b0 2473 hci_dev_unlock(hdev);
a9de9248
MH		 2474}
2475
2476static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2477{
55ed8ca1
JH		 2478 struct hci_ev_link_key_req *ev = (void *) skb->data;
2479 struct hci_cp_link_key_reply cp;
2480 struct hci_conn *conn;
2481 struct link_key *key;
2482
a9de9248 2483 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2484
2485 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2486 return;
2487
2488 hci_dev_lock(hdev);
2489
2490 key = hci_find_link_key(hdev, &ev->bdaddr);
2491 if (!key) {
2492 BT_DBG("%s link key not found for %s", hdev->name,
2493 batostr(&ev->bdaddr));
2494 goto not_found;
2495 }
2496
2497 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2498 batostr(&ev->bdaddr));
2499
b6020ba0
WR		 2500 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2501 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2502 BT_DBG("%s ignoring debug key", hdev->name);
2503 goto not_found;
2504 }
2505
2506 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2507 if (conn) {
2508 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2509 conn->auth_type != 0xff &&
2510 (conn->auth_type & 0x01)) {
2511 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2512 goto not_found;
2513 }
55ed8ca1 2514
60b83f57
WR		 2515 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2516 conn->pending_sec_level == BT_SECURITY_HIGH) {
2517 BT_DBG("%s ignoring key unauthenticated for high \
2518 security", hdev->name);
2519 goto not_found;
2520 }
2521
2522 conn->key_type = key->type;
2523 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2524 }
2525
2526 bacpy(&cp.bdaddr, &ev->bdaddr);
2527 memcpy(cp.link_key, key->val, 16);
2528
2529 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2530
2531 hci_dev_unlock(hdev);
2532
2533 return;
2534
2535not_found:
2536 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2537 hci_dev_unlock(hdev);
a9de9248
MH		 2538}
2539
2540static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2541{
052b30b0
MH		 2542 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2543 struct hci_conn *conn;
55ed8ca1 2544 u8 pin_len = 0;
052b30b0 2545
a9de9248 2546 BT_DBG("%s", hdev->name);
052b30b0
MH		 2547
2548 hci_dev_lock(hdev);
2549
2550 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2551 if (conn) {
2552 hci_conn_hold(conn);
2553 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2554 pin_len = conn->pin_length;
13d39315
WR		 2555
2556 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2557 conn->key_type = ev->key_type;
2558
052b30b0
MH		 2559 hci_conn_put(conn);
2560 }
2561
55ed8ca1 2562 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2563 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2564 ev->key_type, pin_len);
2565
052b30b0 2566 hci_dev_unlock(hdev);
a9de9248
MH		 2567}
2568
1da177e4
LT		 2569static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570{
a9de9248 2571 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2572 struct hci_conn *conn;
1da177e4
LT		 2573
2574 BT_DBG("%s status %d", hdev->name, ev->status);
2575
2576 hci_dev_lock(hdev);
2577
04837f64 2578 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2579 if (conn && !ev->status) {
2580 struct inquiry_entry *ie;
2581
cc11b9c1
AE		 2582 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2583 if (ie) {
1da177e4
LT		 2584 ie->data.clock_offset = ev->clock_offset;
2585 ie->timestamp = jiffies;
2586 }
2587 }
2588
2589 hci_dev_unlock(hdev);
2590}
2591
a8746417
MH		 2592static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2593{
2594 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2595 struct hci_conn *conn;
2596
2597 BT_DBG("%s status %d", hdev->name, ev->status);
2598
2599 hci_dev_lock(hdev);
2600
2601 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2602 if (conn && !ev->status)
2603 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2604
2605 hci_dev_unlock(hdev);
2606}
2607
85a1e930
MH		 2608static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609{
a9de9248 2610 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2611 struct inquiry_entry *ie;
2612
2613 BT_DBG("%s", hdev->name);
2614
2615 hci_dev_lock(hdev);
2616
cc11b9c1
AE		 2617 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2618 if (ie) {
85a1e930
MH		 2619 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2620 ie->timestamp = jiffies;
2621 }
2622
2623 hci_dev_unlock(hdev);
2624}
2625
a9de9248
MH		 2626static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2627{
2628 struct inquiry_data data;
2629 int num_rsp = *((__u8 *) skb->data);
3175405b 2630 bool name_known;
a9de9248
MH		 2631
2632 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2633
2634 if (!num_rsp)
2635 return;
2636
2637 hci_dev_lock(hdev);
2638
2639 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2640 struct inquiry_info_with_rssi_and_pscan_mode *info;
2641 info = (void *) (skb->data + 1);
a9de9248 2642
e17acd40 2643 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2644 bacpy(&data.bdaddr, &info->bdaddr);
2645 data.pscan_rep_mode = info->pscan_rep_mode;
2646 data.pscan_period_mode = info->pscan_period_mode;
2647 data.pscan_mode = info->pscan_mode;
2648 memcpy(data.dev_class, info->dev_class, 3);
2649 data.clock_offset = info->clock_offset;
2650 data.rssi = info->rssi;
41a96212 2651 data.ssp_mode = 0x00;
3175405b
JH		 2652
2653 name_known = hci_inquiry_cache_update(hdev, &data,
2654 false);
48264f06 2655 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2656 info->dev_class, info->rssi,
3175405b 2657 !name_known, NULL);
a9de9248
MH		 2658 }
2659 } else {
2660 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2661
e17acd40 2662 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2663 bacpy(&data.bdaddr, &info->bdaddr);
2664 data.pscan_rep_mode = info->pscan_rep_mode;
2665 data.pscan_period_mode = info->pscan_period_mode;
2666 data.pscan_mode = 0x00;
2667 memcpy(data.dev_class, info->dev_class, 3);
2668 data.clock_offset = info->clock_offset;
2669 data.rssi = info->rssi;
41a96212 2670 data.ssp_mode = 0x00;
3175405b
JH		 2671 name_known = hci_inquiry_cache_update(hdev, &data,
2672 false);
48264f06 2673 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2674 info->dev_class, info->rssi,
3175405b 2675 !name_known, NULL);
a9de9248
MH		 2676 }
2677 }
2678
2679 hci_dev_unlock(hdev);
2680}
2681
2682static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2683{
41a96212
MH		 2684 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2685 struct hci_conn *conn;
2686
a9de9248 2687 BT_DBG("%s", hdev->name);
41a96212 2688
41a96212
MH		 2689 hci_dev_lock(hdev);
2690
2691 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2692 if (!conn)
2693 goto unlock;
41a96212 2694
ccd556fe
JH		 2695 if (!ev->status && ev->page == 0x01) {
2696 struct inquiry_entry *ie;
41a96212 2697
cc11b9c1
AE		 2698 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2699 if (ie)
ccd556fe 2700 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2701
ccd556fe
JH		 2702 conn->ssp_mode = (ev->features[0] & 0x01);
2703 }
2704
2705 if (conn->state != BT_CONFIG)
2706 goto unlock;
2707
127178d2
JH		 2708 if (!ev->status) {
2709 struct hci_cp_remote_name_req cp;
2710 memset(&cp, 0, sizeof(cp));
2711 bacpy(&cp.bdaddr, &conn->dst);
2712 cp.pscan_rep_mode = 0x02;
2713 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2714 }
392599b9 2715
127178d2 2716 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2717 conn->state = BT_CONNECTED;
2718 hci_proto_connect_cfm(conn, ev->status);
2719 hci_conn_put(conn);
41a96212
MH		 2720 }
2721
ccd556fe 2722unlock:
41a96212 2723 hci_dev_unlock(hdev);
a9de9248
MH		 2724}
2725
2726static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2727{
b6a0dc82
MH		 2728 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2729 struct hci_conn *conn;
2730
2731 BT_DBG("%s status %d", hdev->name, ev->status);
2732
2733 hci_dev_lock(hdev);
2734
2735 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2736 if (!conn) {
2737 if (ev->link_type == ESCO_LINK)
2738 goto unlock;
2739
2740 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2741 if (!conn)
2742 goto unlock;
2743
2744 conn->type = SCO_LINK;
2745 }
b6a0dc82 2746
732547f9
MH		 2747 switch (ev->status) {
2748 case 0x00:
b6a0dc82
MH		 2749 conn->handle = __le16_to_cpu(ev->handle);
2750 conn->state = BT_CONNECTED;
7d0db0a3 2751
9eba32b8 2752 hci_conn_hold_device(conn);
7d0db0a3 2753 hci_conn_add_sysfs(conn);
732547f9
MH		 2754 break;
2755
705e5711 2756 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2757 case 0x1c: /* SCO interval rejected */
1038a00b 2758 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2759 case 0x1f: /* Unspecified error */
2760 if (conn->out && conn->attempt < 2) {
2761 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2762 (hdev->esco_type & EDR_ESCO_MASK);
2763 hci_setup_sync(conn, conn->link->handle);
2764 goto unlock;
2765 }
2766 /* fall through */
2767
2768 default:
b6a0dc82 2769 conn->state = BT_CLOSED;
732547f9
MH		 2770 break;
2771 }
b6a0dc82
MH		 2772
2773 hci_proto_connect_cfm(conn, ev->status);
2774 if (ev->status)
2775 hci_conn_del(conn);
2776
2777unlock:
2778 hci_dev_unlock(hdev);
a9de9248
MH		 2779}
2780
2781static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782{
2783 BT_DBG("%s", hdev->name);
2784}
2785
04837f64
MH		 2786static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2787{
a9de9248 2788 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2789
2790 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2791}
2792
561aafbc
JH		 2793static inline bool eir_has_complete_name(u8 *data, size_t data_len)
2794{
2795 u8 field_len;
2796 size_t parsed;
2797
2798 for (parsed = 0; parsed < data_len - 1; parsed += field_len) {
2799 field_len = data[0];
2800
2801 if (field_len == 0)
2802 break;
2803
2804 parsed += field_len + 1;
2805
2806 if (parsed > data_len)
2807 break;
2808
2809 if (data[1] == EIR_NAME_COMPLETE)
2810 return true;
2811
2812 data += field_len + 1;
2813 }
2814
2815 return false;
2816}
2817
a9de9248 2818static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2819{
a9de9248
MH		 2820 struct inquiry_data data;
2821 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2822 int num_rsp = *((__u8 *) skb->data);
1da177e4 2823
a9de9248 2824 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2825
a9de9248
MH		 2826 if (!num_rsp)
2827 return;
1da177e4 2828
a9de9248
MH		 2829 hci_dev_lock(hdev);
2830
e17acd40 2831 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2832 bool name_known;
2833
a9de9248 2834 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2835 data.pscan_rep_mode = info->pscan_rep_mode;
2836 data.pscan_period_mode = info->pscan_period_mode;
2837 data.pscan_mode = 0x00;
a9de9248 2838 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2839 data.clock_offset = info->clock_offset;
2840 data.rssi = info->rssi;
41a96212 2841 data.ssp_mode = 0x01;
561aafbc
JH		 2842
2843 if (test_bit(HCI_MGMT, &hdev->flags))
2844 name_known = eir_has_complete_name(info->data,
2845 sizeof(info->data));
2846 else
2847 name_known = true;
2848
3175405b 2849 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2850 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc
JH		 2851 info->dev_class, info->rssi,
2852 !name_known, info->data);
a9de9248
MH		 2853 }
2854
2855 hci_dev_unlock(hdev);
2856}
1da177e4 2857
17fa4b9d
JH		 2858static inline u8 hci_get_auth_req(struct hci_conn *conn)
2859{
2860 /* If remote requests dedicated bonding follow that lead */
2861 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2862 /* If both remote and local IO capabilities allow MITM
2863 * protection then require it, otherwise don't */
2864 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2865 return 0x02;
2866 else
2867 return 0x03;
2868 }
2869
2870 /* If remote requests no-bonding follow that lead */
2871 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2872 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2873
2874 return conn->auth_type;
2875}
2876
0493684e
MH		 2877static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2878{
2879 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2880 struct hci_conn *conn;
2881
2882 BT_DBG("%s", hdev->name);
2883
2884 hci_dev_lock(hdev);
2885
2886 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2887 if (!conn)
2888 goto unlock;
2889
2890 hci_conn_hold(conn);
2891
2892 if (!test_bit(HCI_MGMT, &hdev->flags))
2893 goto unlock;
2894
2895 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2896 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2897 struct hci_cp_io_capability_reply cp;
2898
2899 bacpy(&cp.bdaddr, &ev->bdaddr);
2900 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2901 conn->auth_type = hci_get_auth_req(conn);
2902 cp.authentication = conn->auth_type;
17fa4b9d 2903
ce85ee13
SJ		 2904 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2905 hci_find_remote_oob_data(hdev, &conn->dst))
2906 cp.oob_data = 0x01;
2907 else
2908 cp.oob_data = 0x00;
2909
17fa4b9d
JH		 2910 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2911 sizeof(cp), &cp);
03b555e1
JH		 2912 } else {
2913 struct hci_cp_io_capability_neg_reply cp;
2914
2915 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2916 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2917
03b555e1
JH		 2918 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2919 sizeof(cp), &cp);
2920 }
2921
2922unlock:
2923 hci_dev_unlock(hdev);
2924}
2925
2926static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2927{
2928 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2929 struct hci_conn *conn;
2930
2931 BT_DBG("%s", hdev->name);
2932
2933 hci_dev_lock(hdev);
2934
2935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2936 if (!conn)
2937 goto unlock;
2938
03b555e1
JH		 2939 conn->remote_cap = ev->capability;
2940 conn->remote_oob = ev->oob_data;
2941 conn->remote_auth = ev->authentication;
2942
2943unlock:
0493684e
MH		 2944 hci_dev_unlock(hdev);
2945}
2946
a5c29683
JH		 2947static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2948 struct sk_buff *skb)
2949{
2950 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2951 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2952 struct hci_conn *conn;
a5c29683
JH		 2953
2954 BT_DBG("%s", hdev->name);
2955
2956 hci_dev_lock(hdev);
2957
7a828908
JH		 2958 if (!test_bit(HCI_MGMT, &hdev->flags))
2959 goto unlock;
a5c29683 2960
7a828908
JH		 2961 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2962 if (!conn)
2963 goto unlock;
2964
2965 loc_mitm = (conn->auth_type & 0x01);
2966 rem_mitm = (conn->remote_auth & 0x01);
2967
2968 /* If we require MITM but the remote device can't provide that
2969 * (it has NoInputNoOutput) then reject the confirmation
2970 * request. The only exception is when we're dedicated bonding
2971 * initiators (connect_cfm_cb set) since then we always have the MITM
2972 * bit set. */
2973 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2974 BT_DBG("Rejecting request: remote device can't provide MITM");
2975 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2976 sizeof(ev->bdaddr), &ev->bdaddr);
2977 goto unlock;
2978 }
2979
2980 /* If no side requires MITM protection; auto-accept */
2981 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2982 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2983
2984 /* If we're not the initiators request authorization to
2985 * proceed from user space (mgmt_user_confirm with
2986 * confirm_hint set to 1). */
2987 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2988 BT_DBG("Confirming auto-accept as acceptor");
2989 confirm_hint = 1;
2990 goto confirm;
2991 }
2992
9f61656a
JH		 2993 BT_DBG("Auto-accept of user confirmation with %ums delay",
2994 hdev->auto_accept_delay);
2995
2996 if (hdev->auto_accept_delay > 0) {
2997 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2998 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2999 goto unlock;
3000 }
3001
7a828908
JH		 3002 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3003 sizeof(ev->bdaddr), &ev->bdaddr);
3004 goto unlock;
3005 }
3006
55bc1a37 3007confirm:
744cf19e 3008 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 3009 confirm_hint);
7a828908
JH		 3010
3011unlock:
a5c29683
JH		 3012 hci_dev_unlock(hdev);
3013}
3014
1143d458
BG		 3015static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3016 struct sk_buff *skb)
3017{
3018 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3019
3020 BT_DBG("%s", hdev->name);
3021
3022 hci_dev_lock(hdev);
3023
3024 if (test_bit(HCI_MGMT, &hdev->flags))
3025 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3026
3027 hci_dev_unlock(hdev);
3028}
3029
0493684e
MH		 3030static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3031{
3032 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3033 struct hci_conn *conn;
3034
3035 BT_DBG("%s", hdev->name);
3036
3037 hci_dev_lock(hdev);
3038
3039 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3040 if (!conn)
3041 goto unlock;
3042
3043 /* To avoid duplicate auth_failed events to user space we check
3044 * the HCI_CONN_AUTH_PEND flag which will be set if we
3045 * initiated the authentication. A traditional auth_complete
3046 * event gets always produced as initiator and is also mapped to
3047 * the mgmt_auth_failed event */
3048 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 3049 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 3050
2a611692
JH		 3051 hci_conn_put(conn);
3052
3053unlock:
0493684e
MH		 3054 hci_dev_unlock(hdev);
3055}
3056
41a96212
MH		 3057static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3058{
3059 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3060 struct inquiry_entry *ie;
3061
3062 BT_DBG("%s", hdev->name);
3063
3064 hci_dev_lock(hdev);
3065
cc11b9c1
AE		 3066 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3067 if (ie)
41a96212
MH		 3068 ie->data.ssp_mode = (ev->features[0] & 0x01);
3069
3070 hci_dev_unlock(hdev);
3071}
3072
2763eda6
SJ		 3073static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3074 struct sk_buff *skb)
3075{
3076 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3077 struct oob_data *data;
3078
3079 BT_DBG("%s", hdev->name);
3080
3081 hci_dev_lock(hdev);
3082
e1ba1f15
SJ		 3083 if (!test_bit(HCI_MGMT, &hdev->flags))
3084 goto unlock;
3085
2763eda6
SJ		 3086 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3087 if (data) {
3088 struct hci_cp_remote_oob_data_reply cp;
3089
3090 bacpy(&cp.bdaddr, &ev->bdaddr);
3091 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3092 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3093
3094 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3095 &cp);
3096 } else {
3097 struct hci_cp_remote_oob_data_neg_reply cp;
3098
3099 bacpy(&cp.bdaddr, &ev->bdaddr);
3100 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3101 &cp);
3102 }
3103
e1ba1f15 3104unlock:
2763eda6
SJ		 3105 hci_dev_unlock(hdev);
3106}
3107
fcd89c09
VT		 3108static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3109{
3110 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3111 struct hci_conn *conn;
3112
3113 BT_DBG("%s status %d", hdev->name, ev->status);
3114
3115 hci_dev_lock(hdev);
3116
3117 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3118 if (!conn) {
3119 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3120 if (!conn) {
3121 BT_ERR("No memory for new connection");
3122 hci_dev_unlock(hdev);
3123 return;
3124 }
29b7988a
AG		 3125
3126 conn->dst_type = ev->bdaddr_type;
b62f328b 3127 }
fcd89c09
VT		 3128
3129 if (ev->status) {
48264f06
JH		 3130 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3131 conn->dst_type, ev->status);
fcd89c09
VT		 3132 hci_proto_connect_cfm(conn, ev->status);
3133 conn->state = BT_CLOSED;
3134 hci_conn_del(conn);
3135 goto unlock;
3136 }
3137
48264f06 3138 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 3139
7b5c0d52 3140 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3141 conn->handle = __le16_to_cpu(ev->handle);
3142 conn->state = BT_CONNECTED;
3143
3144 hci_conn_hold_device(conn);
3145 hci_conn_add_sysfs(conn);
3146
3147 hci_proto_connect_cfm(conn, ev->status);
3148
3149unlock:
3150 hci_dev_unlock(hdev);
3151}
3152
9aa04c91
AG		 3153static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3154 struct sk_buff *skb)
3155{
e95beb41
AG		 3156 u8 num_reports = skb->data[0];
3157 void *ptr = &skb->data[1];
9aa04c91
AG		 3158
3159 hci_dev_lock(hdev);
3160
e95beb41
AG		 3161 while (num_reports--) {
3162 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3163
9aa04c91 3164 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 3165
3166 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3167 }
3168
3169 hci_dev_unlock(hdev);
3170}
3171
a7a595f6
VCG		 3172static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3173 struct sk_buff *skb)
3174{
3175 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3176 struct hci_cp_le_ltk_reply cp;
bea710fe 3177 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3178 struct hci_conn *conn;
bea710fe 3179 struct link_key *ltk;
a7a595f6
VCG		 3180
3181 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3182
3183 hci_dev_lock(hdev);
3184
3185 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3186 if (conn == NULL)
3187 goto not_found;
a7a595f6 3188
bea710fe
VCG		 3189 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3190 if (ltk == NULL)
3191 goto not_found;
3192
3193 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3194 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3195 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3196
3197 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3198
3199 hci_dev_unlock(hdev);
bea710fe
VCG		 3200
3201 return;
3202
3203not_found:
3204 neg.handle = ev->handle;
3205 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3206 hci_dev_unlock(hdev);
a7a595f6
VCG		 3207}
3208
fcd89c09
VT		 3209static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3210{
3211 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3212
3213 skb_pull(skb, sizeof(*le_ev));
3214
3215 switch (le_ev->subevent) {
3216 case HCI_EV_LE_CONN_COMPLETE:
3217 hci_le_conn_complete_evt(hdev, skb);
3218 break;
3219
9aa04c91
AG		 3220 case HCI_EV_LE_ADVERTISING_REPORT:
3221 hci_le_adv_report_evt(hdev, skb);
3222 break;
3223
a7a595f6
VCG		 3224 case HCI_EV_LE_LTK_REQ:
3225 hci_le_ltk_request_evt(hdev, skb);
3226 break;
3227
fcd89c09
VT		 3228 default:
3229 break;
3230 }
3231}
3232
a9de9248
MH		 3233void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3234{
3235 struct hci_event_hdr *hdr = (void *) skb->data;
3236 __u8 event = hdr->evt;
3237
3238 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3239
3240 switch (event) {
1da177e4
LT		 3241 case HCI_EV_INQUIRY_COMPLETE:
3242 hci_inquiry_complete_evt(hdev, skb);
3243 break;
3244
3245 case HCI_EV_INQUIRY_RESULT:
3246 hci_inquiry_result_evt(hdev, skb);
3247 break;
3248
a9de9248
MH		 3249 case HCI_EV_CONN_COMPLETE:
3250 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3251 break;
3252
1da177e4
LT		 3253 case HCI_EV_CONN_REQUEST:
3254 hci_conn_request_evt(hdev, skb);
3255 break;
3256
1da177e4
LT		 3257 case HCI_EV_DISCONN_COMPLETE:
3258 hci_disconn_complete_evt(hdev, skb);
3259 break;
3260
1da177e4
LT		 3261 case HCI_EV_AUTH_COMPLETE:
3262 hci_auth_complete_evt(hdev, skb);
3263 break;
3264
a9de9248
MH		 3265 case HCI_EV_REMOTE_NAME:
3266 hci_remote_name_evt(hdev, skb);
3267 break;
3268
1da177e4
LT		 3269 case HCI_EV_ENCRYPT_CHANGE:
3270 hci_encrypt_change_evt(hdev, skb);
3271 break;
3272
a9de9248
MH		 3273 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3274 hci_change_link_key_complete_evt(hdev, skb);
3275 break;
3276
3277 case HCI_EV_REMOTE_FEATURES:
3278 hci_remote_features_evt(hdev, skb);
3279 break;
3280
3281 case HCI_EV_REMOTE_VERSION:
3282 hci_remote_version_evt(hdev, skb);
3283 break;
3284
3285 case HCI_EV_QOS_SETUP_COMPLETE:
3286 hci_qos_setup_complete_evt(hdev, skb);
3287 break;
3288
3289 case HCI_EV_CMD_COMPLETE:
3290 hci_cmd_complete_evt(hdev, skb);
3291 break;
3292
3293 case HCI_EV_CMD_STATUS:
3294 hci_cmd_status_evt(hdev, skb);
3295 break;
3296
3297 case HCI_EV_ROLE_CHANGE:
3298 hci_role_change_evt(hdev, skb);
3299 break;
3300
3301 case HCI_EV_NUM_COMP_PKTS:
3302 hci_num_comp_pkts_evt(hdev, skb);
3303 break;
3304
3305 case HCI_EV_MODE_CHANGE:
3306 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3307 break;
3308
3309 case HCI_EV_PIN_CODE_REQ:
3310 hci_pin_code_request_evt(hdev, skb);
3311 break;
3312
3313 case HCI_EV_LINK_KEY_REQ:
3314 hci_link_key_request_evt(hdev, skb);
3315 break;
3316
3317 case HCI_EV_LINK_KEY_NOTIFY:
3318 hci_link_key_notify_evt(hdev, skb);
3319 break;
3320
3321 case HCI_EV_CLOCK_OFFSET:
3322 hci_clock_offset_evt(hdev, skb);
3323 break;
3324
a8746417
MH		 3325 case HCI_EV_PKT_TYPE_CHANGE:
3326 hci_pkt_type_change_evt(hdev, skb);
3327 break;
3328
85a1e930
MH		 3329 case HCI_EV_PSCAN_REP_MODE:
3330 hci_pscan_rep_mode_evt(hdev, skb);
3331 break;
3332
a9de9248
MH		 3333 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3334 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3335 break;
3336
a9de9248
MH		 3337 case HCI_EV_REMOTE_EXT_FEATURES:
3338 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3339 break;
3340
a9de9248
MH		 3341 case HCI_EV_SYNC_CONN_COMPLETE:
3342 hci_sync_conn_complete_evt(hdev, skb);
3343 break;
1da177e4 3344
a9de9248
MH		 3345 case HCI_EV_SYNC_CONN_CHANGED:
3346 hci_sync_conn_changed_evt(hdev, skb);
3347 break;
1da177e4 3348
a9de9248
MH		 3349 case HCI_EV_SNIFF_SUBRATE:
3350 hci_sniff_subrate_evt(hdev, skb);
3351 break;
1da177e4 3352
a9de9248
MH		 3353 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3354 hci_extended_inquiry_result_evt(hdev, skb);
3355 break;
1da177e4 3356
0493684e
MH		 3357 case HCI_EV_IO_CAPA_REQUEST:
3358 hci_io_capa_request_evt(hdev, skb);
3359 break;
3360
03b555e1
JH		 3361 case HCI_EV_IO_CAPA_REPLY:
3362 hci_io_capa_reply_evt(hdev, skb);
3363 break;
3364
a5c29683
JH		 3365 case HCI_EV_USER_CONFIRM_REQUEST:
3366 hci_user_confirm_request_evt(hdev, skb);
3367 break;
3368
1143d458
BG		 3369 case HCI_EV_USER_PASSKEY_REQUEST:
3370 hci_user_passkey_request_evt(hdev, skb);
3371 break;
3372
0493684e
MH		 3373 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3374 hci_simple_pair_complete_evt(hdev, skb);
3375 break;
3376
41a96212
MH		 3377 case HCI_EV_REMOTE_HOST_FEATURES:
3378 hci_remote_host_features_evt(hdev, skb);
3379 break;
3380
fcd89c09
VT		 3381 case HCI_EV_LE_META:
3382 hci_le_meta_evt(hdev, skb);
3383 break;
3384
2763eda6
SJ		 3385 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3386 hci_remote_oob_data_request_evt(hdev, skb);
3387 break;
3388
a9de9248
MH		 3389 default:
3390 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3391 break;
3392 }
3393
3394 kfree_skb(skb);
3395 hdev->stat.evt_rx++;
3396}
3397
3398/* Generate internal stack event */
3399void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3400{
3401 struct hci_event_hdr *hdr;
3402 struct hci_ev_stack_internal *ev;
3403 struct sk_buff *skb;
3404
3405 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3406 if (!skb)
3407 return;
3408
3409 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3410 hdr->evt = HCI_EV_STACK_INTERNAL;
3411 hdr->plen = sizeof(*ev) + dlen;
3412
3413 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3414 ev->type = type;
3415 memcpy(ev->data, data, dlen);
3416
576c7d85 3417 bt_cb(skb)->incoming = 1;
a61bbcf2 3418 __net_timestamp(skb);
576c7d85 3419
0d48d939 3420 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3421 skb->dev = (void *) hdev;
eec8d2bc 3422 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3423 kfree_skb(skb);
3424}
e6100a25 3425
669bb396 3426module_param(enable_le, bool, 0644);
e6100a25 3427MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)