projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add LE Local Features reading support
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
3159d384 231
3f0f524b
JH		 232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
3159d384 235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 236}
237
238static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239{
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
9f1db00c 242 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 243
244 if (rp->status)
245 return;
246
db99b5fc
JH		 247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 249}
250
251static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
9f1db00c 256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 269 }
a9de9248 270
33ef95ed
JH		 271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
23bb5763 274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 275}
276
a9de9248 277static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 278{
a9de9248 279 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 280 void *sent;
281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
1da177e4 287
a9de9248
MH		 288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301{
36f7fc7e
JH		 302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
a9de9248 304 void *sent;
1da177e4 305
9f1db00c 306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 307
a9de9248
MH		 308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
1da177e4 311
36f7fc7e
JH		 312 param = *((__u8 *) sent);
313
56e5cb86
JH		 314 hci_dev_lock(hdev);
315
fa1bd918 316 if (status) {
744cf19e 317 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
36f7fc7e
JH		 322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 332 to);
16ab91ab 333 }
36f7fc7e 334 } else if (old_iscan)
744cf19e 335 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
744cf19e 340 mgmt_connectable(hdev, 1);
36f7fc7e 341 } else if (old_pscan)
744cf19e 342 mgmt_connectable(hdev, 0);
1da177e4 343
36f7fc7e 344done:
56e5cb86 345 hci_dev_unlock(hdev);
23bb5763 346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 352
9f1db00c 353 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 354
a9de9248
MH		 355 if (rp->status)
356 return;
1da177e4 357
a9de9248 358 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 359
a9de9248 360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
1da177e4 374
7f9a903c
MH		 375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
a9de9248 384}
1da177e4 385
a9de9248
MH		 386static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
9f1db00c 391 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
f383f275 398 if (hdev->voice_setting == setting)
a9de9248
MH		 399 return;
400
401 hdev->voice_setting = setting;
402
9f1db00c 403 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 404
3c54711c 405 if (hdev->notify)
a9de9248 406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 407}
408
8fc9ced3
GP		 409static void hci_cc_write_voice_setting(struct hci_dev *hdev,
410 struct sk_buff *skb)
a9de9248
MH		 411{
412 __u8 status = *((__u8 *) skb->data);
f383f275 413 __u16 setting;
a9de9248
MH		 414 void *sent;
415
9f1db00c 416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 417
f383f275
MH		 418 if (status)
419 return;
420
a9de9248
MH		 421 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
422 if (!sent)
423 return;
1da177e4 424
f383f275 425 setting = get_unaligned_le16(sent);
1da177e4 426
f383f275
MH		 427 if (hdev->voice_setting == setting)
428 return;
429
430 hdev->voice_setting = setting;
1da177e4 431
9f1db00c 432 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 433
3c54711c 434 if (hdev->notify)
f383f275 435 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 436}
437
a9de9248 438static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 439{
a9de9248 440 __u8 status = *((__u8 *) skb->data);
1da177e4 441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 443
23bb5763 444 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 445}
1143e5a6 446
333140b5
MH		 447static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448{
449 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 450 struct hci_cp_write_ssp_mode *sent;
333140b5 451
9f1db00c 452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 453
333140b5
MH		 454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 if (!sent)
456 return;
457
5ed8eb2f
JH		 458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
ed2c4ee3 465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 467 else if (!status) {
5ed8eb2f 468 if (sent->mode)
c0ecddc2
JH		 469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 else
471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
472 }
333140b5
MH		 473}
474
d5859e22
JH		 475static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
476{
976eb20e 477 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 478 return 2;
479
976eb20e 480 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 481 return 1;
482
483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 484 hdev->lmp_subver == 0x0757)
d5859e22
JH		 485 return 1;
486
487 if (hdev->manufacturer == 15) {
488 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
489 return 1;
490 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
491 return 1;
492 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
493 return 1;
494 }
495
496 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 497 hdev->lmp_subver == 0x1805)
d5859e22
JH		 498 return 1;
499
500 return 0;
501}
502
503static void hci_setup_inquiry_mode(struct hci_dev *hdev)
504{
505 u8 mode;
506
507 mode = hci_get_inquiry_mode(hdev);
508
509 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
510}
511
512static void hci_setup_event_mask(struct hci_dev *hdev)
513{
514 /* The second byte is 0xff instead of 0x9f (two reserved bits
515 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
516 * command otherwise */
517 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
518
6de6c18d
VT		 519 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
520 * any event mask for pre 1.2 devices */
5a13b095 521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 522 return;
523
e1171e8d
JH		 524 if (lmp_bredr_capable(hdev)) {
525 events[4] |= 0x01; /* Flow Specification Complete */
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
d5859e22 531
976eb20e 532 if (lmp_inq_rssi_capable(hdev))
a24299e6 533 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 534
999dcd10 535 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 536 events[5] |= 0x20; /* Sniff Subrating */
537
976eb20e 538 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
540
976eb20e 541 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 542 events[5] |= 0x40; /* Extended Inquiry Result */
543
c58e810e 544 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 545 events[7] |= 0x01; /* Enhanced Flush Complete */
546
976eb20e 547 if (lmp_lsto_capable(hdev))
d5859e22
JH		 548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
549
9a1a1996 550 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 551 events[6] |= 0x01; /* IO Capability Request */
552 events[6] |= 0x02; /* IO Capability Response */
553 events[6] |= 0x04; /* User Confirmation Request */
554 events[6] |= 0x08; /* User Passkey Request */
555 events[6] |= 0x10; /* Remote OOB Data Request */
556 events[6] |= 0x20; /* Simple Pairing Complete */
557 events[7] |= 0x04; /* User Passkey Notification */
558 events[7] |= 0x08; /* Keypress Notification */
559 events[7] |= 0x10; /* Remote Host Supported
560 * Features Notification */
561 }
562
c383ddc4 563 if (lmp_le_capable(hdev))
d5859e22
JH		 564 events[7] |= 0x20; /* LE Meta-Event */
565
566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
d5859e22
JH		 574}
575
4611dfa8 576static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 577{
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605}
606
4611dfa8 607static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 608{
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098 611
60e77321
JH		 612 /* Read LE Local Supported Features */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
614
8fa19098
JH		 615 /* Read LE Advertising Channel TX Power */
616 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 617}
618
d5859e22
JH		 619static void hci_setup(struct hci_dev *hdev)
620{
e61ef499
AE		 621 if (hdev->dev_type != HCI_BREDR)
622 return;
623
e1171e8d
JH		 624 /* Read BD Address */
625 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
626
627 if (lmp_bredr_capable(hdev))
4611dfa8 628 bredr_setup(hdev);
e1171e8d
JH		 629
630 if (lmp_le_capable(hdev))
4611dfa8 631 le_setup(hdev);
e1171e8d 632
d5859e22
JH		 633 hci_setup_event_mask(hdev);
634
d095c1eb 635 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 636 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
637
6d3c730f 638 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 639 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
640 u8 mode = 0x01;
641 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 642 sizeof(mode), &mode);
54d04dbb
JH		 643 } else {
644 struct hci_cp_write_eir cp;
645
646 memset(hdev->eir, 0, sizeof(hdev->eir));
647 memset(&cp, 0, sizeof(cp));
648
649 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
650 }
d5859e22
JH		 651 }
652
976eb20e 653 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 654 hci_setup_inquiry_mode(hdev);
655
976eb20e 656 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 657 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 658
976eb20e 659 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 660 struct hci_cp_read_local_ext_features cp;
661
662 cp.page = 0x01;
04124681
GP		 663 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
664 &cp);
971e3a4b 665 }
e6100a25 666
47990ea0
JH		 667 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
668 u8 enable = 1;
04124681
GP		 669 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
670 &enable);
47990ea0 671 }
d5859e22
JH		 672}
673
a9de9248
MH		 674static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
675{
676 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 677
9f1db00c 678 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 679
a9de9248 680 if (rp->status)
28b8df77 681 goto done;
1143e5a6 682
a9de9248 683 hdev->hci_ver = rp->hci_ver;
e4e8e37c 684 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 685 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 686 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 687 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 688
9f1db00c 689 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 690 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 691
692 if (test_bit(HCI_INIT, &hdev->flags))
693 hci_setup(hdev);
28b8df77
AE		 694
695done:
696 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 697}
698
699static void hci_setup_link_policy(struct hci_dev *hdev)
700{
035100c8 701 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 702 u16 link_policy = 0;
703
9f92ebf6 704 if (lmp_rswitch_capable(hdev))
d5859e22 705 link_policy |= HCI_LP_RSWITCH;
976eb20e 706 if (lmp_hold_capable(hdev))
d5859e22 707 link_policy |= HCI_LP_HOLD;
6eded100 708 if (lmp_sniff_capable(hdev))
d5859e22 709 link_policy |= HCI_LP_SNIFF;
976eb20e 710 if (lmp_park_capable(hdev))
d5859e22
JH		 711 link_policy |= HCI_LP_PARK;
712
035100c8
AE		 713 cp.policy = cpu_to_le16(link_policy);
714 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 715}
1da177e4 716
8fc9ced3
GP		 717static void hci_cc_read_local_commands(struct hci_dev *hdev,
718 struct sk_buff *skb)
a9de9248
MH		 719{
720 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 721
9f1db00c 722 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 723
a9de9248 724 if (rp->status)
d5859e22 725 goto done;
1da177e4 726
a9de9248 727 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 728
729 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
730 hci_setup_link_policy(hdev);
731
732done:
733 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 734}
1da177e4 735
8fc9ced3
GP		 736static void hci_cc_read_local_features(struct hci_dev *hdev,
737 struct sk_buff *skb)
a9de9248
MH		 738{
739 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 740
9f1db00c 741 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 742
a9de9248
MH		 743 if (rp->status)
744 return;
5b7f9909 745
a9de9248 746 memcpy(hdev->features, rp->features, 8);
5b7f9909 747
a9de9248
MH		 748 /* Adjust default settings according to features
749 * supported by device. */
1da177e4 750
a9de9248
MH		 751 if (hdev->features[0] & LMP_3SLOT)
752 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 753
a9de9248
MH		 754 if (hdev->features[0] & LMP_5SLOT)
755 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 756
a9de9248
MH		 757 if (hdev->features[1] & LMP_HV2) {
758 hdev->pkt_type |= (HCI_HV2);
759 hdev->esco_type |= (ESCO_HV2);
760 }
1da177e4 761
a9de9248
MH		 762 if (hdev->features[1] & LMP_HV3) {
763 hdev->pkt_type |= (HCI_HV3);
764 hdev->esco_type |= (ESCO_HV3);
765 }
1da177e4 766
45db810f 767 if (lmp_esco_capable(hdev))
a9de9248 768 hdev->esco_type |= (ESCO_EV3);
da1f5198 769
a9de9248
MH		 770 if (hdev->features[4] & LMP_EV4)
771 hdev->esco_type |= (ESCO_EV4);
da1f5198 772
a9de9248
MH		 773 if (hdev->features[4] & LMP_EV5)
774 hdev->esco_type |= (ESCO_EV5);
1da177e4 775
efc7688b
MH		 776 if (hdev->features[5] & LMP_EDR_ESCO_2M)
777 hdev->esco_type |= (ESCO_2EV3);
778
779 if (hdev->features[5] & LMP_EDR_ESCO_3M)
780 hdev->esco_type |= (ESCO_3EV3);
781
782 if (hdev->features[5] & LMP_EDR_3S_ESCO)
783 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
784
a9de9248 785 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 786 hdev->features[0], hdev->features[1],
787 hdev->features[2], hdev->features[3],
788 hdev->features[4], hdev->features[5],
789 hdev->features[6], hdev->features[7]);
a9de9248 790}
1da177e4 791
8f984dfa
JH		 792static void hci_set_le_support(struct hci_dev *hdev)
793{
794 struct hci_cp_write_le_host_supported cp;
795
796 memset(&cp, 0, sizeof(cp));
797
9d42820f 798 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 799 cp.le = 1;
ffa88e02 800 cp.simul = lmp_le_br_capable(hdev);
8f984dfa
JH		 801 }
802
ffa88e02 803 if (cp.le != lmp_host_le_capable(hdev))
04124681
GP		 804 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
805 &cp);
8f984dfa
JH		 806}
807
971e3a4b 808static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 809 struct sk_buff *skb)
971e3a4b
AG		 810{
811 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
812
9f1db00c 813 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 814
815 if (rp->status)
8f984dfa 816 goto done;
971e3a4b 817
b5b32b65
AG		 818 switch (rp->page) {
819 case 0:
820 memcpy(hdev->features, rp->features, 8);
821 break;
822 case 1:
823 memcpy(hdev->host_features, rp->features, 8);
824 break;
825 }
971e3a4b 826
c383ddc4 827 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 828 hci_set_le_support(hdev);
829
830done:
971e3a4b
AG		 831 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
832}
833
1e89cffb 834static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 835 struct sk_buff *skb)
1e89cffb
AE		 836{
837 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
838
9f1db00c 839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 840
841 if (rp->status)
842 return;
843
844 hdev->flow_ctl_mode = rp->mode;
845
846 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
847}
848
a9de9248
MH		 849static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
850{
851 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 852
9f1db00c 853 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 854
a9de9248
MH		 855 if (rp->status)
856 return;
1da177e4 857
a9de9248
MH		 858 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
859 hdev->sco_mtu = rp->sco_mtu;
860 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
861 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
862
863 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
864 hdev->sco_mtu = 64;
865 hdev->sco_pkts = 8;
1da177e4 866 }
a9de9248
MH		 867
868 hdev->acl_cnt = hdev->acl_pkts;
869 hdev->sco_cnt = hdev->sco_pkts;
870
807deac2
GP		 871 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
872 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 873}
874
875static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 880
881 if (!rp->status)
882 bacpy(&hdev->bdaddr, &rp->bdaddr);
883
23bb5763
JH		 884 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
885}
886
350ee4cf 887static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 888 struct sk_buff *skb)
350ee4cf
AE		 889{
890 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
891
9f1db00c 892 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 893
894 if (rp->status)
895 return;
896
897 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
898 hdev->block_len = __le16_to_cpu(rp->block_len);
899 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
900
901 hdev->block_cnt = hdev->num_blocks;
902
903 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 904 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 905
906 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
907}
908
23bb5763
JH		 909static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
910{
911 __u8 status = *((__u8 *) skb->data);
912
9f1db00c 913 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 914
915 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 916}
917
928abaa7 918static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 919 struct sk_buff *skb)
928abaa7
AE		 920{
921 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
922
9f1db00c 923 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 924
925 if (rp->status)
8e2a0d92 926 goto a2mp_rsp;
928abaa7
AE		 927
928 hdev->amp_status = rp->amp_status;
929 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
930 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
931 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
932 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
933 hdev->amp_type = rp->amp_type;
934 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
935 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
936 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
937 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
938
939 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 940
941a2mp_rsp:
942 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 943}
944
903e4541
AE		 945static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
946 struct sk_buff *skb)
947{
948 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
949 struct amp_assoc *assoc = &hdev->loc_assoc;
950 size_t rem_len, frag_len;
951
952 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
953
954 if (rp->status)
955 goto a2mp_rsp;
956
957 frag_len = skb->len - sizeof(*rp);
958 rem_len = __le16_to_cpu(rp->rem_len);
959
960 if (rem_len > frag_len) {
2e430be3 961 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 962
963 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
964 assoc->offset += frag_len;
965
966 /* Read other fragments */
967 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
968
969 return;
970 }
971
972 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
973 assoc->len = assoc->offset + rem_len;
974 assoc->offset = 0;
975
976a2mp_rsp:
977 /* Send A2MP Rsp when all fragments are received */
978 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 979 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 980}
981
b0916ea0 982static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 983 struct sk_buff *skb)
b0916ea0
JH		 984{
985 __u8 status = *((__u8 *) skb->data);
986
9f1db00c 987 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 988
989 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
990}
991
d5859e22
JH		 992static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
993{
994 __u8 status = *((__u8 *) skb->data);
995
9f1db00c 996 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 997
998 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
999}
1000
1001static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 1002 struct sk_buff *skb)
d5859e22
JH		 1003{
1004 __u8 status = *((__u8 *) skb->data);
1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1007
1008 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1009}
1010
1011static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1012 struct sk_buff *skb)
d5859e22 1013{
91c4e9b1 1014 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1015
9f1db00c 1016 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1017
1018 if (!rp->status)
1019 hdev->inq_tx_power = rp->tx_power;
d5859e22 1020
91c4e9b1 1021 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1022}
1023
1024static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1025{
1026 __u8 status = *((__u8 *) skb->data);
1027
9f1db00c 1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1029
1030 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1031}
1032
980e1a53
JH		 1033static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1034{
1035 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1036 struct hci_cp_pin_code_reply *cp;
1037 struct hci_conn *conn;
1038
9f1db00c 1039 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1040
56e5cb86
JH		 1041 hci_dev_lock(hdev);
1042
a8b2d5c2 1043 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1044 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1045
fa1bd918 1046 if (rp->status)
56e5cb86 1047 goto unlock;
980e1a53
JH		 1048
1049 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1050 if (!cp)
56e5cb86 1051 goto unlock;
980e1a53
JH		 1052
1053 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1054 if (conn)
1055 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1056
1057unlock:
1058 hci_dev_unlock(hdev);
980e1a53
JH		 1059}
1060
1061static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1062{
1063 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1064
9f1db00c 1065 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1066
56e5cb86
JH		 1067 hci_dev_lock(hdev);
1068
a8b2d5c2 1069 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1070 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1071 rp->status);
56e5cb86
JH		 1072
1073 hci_dev_unlock(hdev);
980e1a53 1074}
56e5cb86 1075
6ed58ec5
VT		 1076static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1077 struct sk_buff *skb)
1078{
1079 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1080
9f1db00c 1081 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1082
1083 if (rp->status)
1084 return;
1085
1086 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1087 hdev->le_pkts = rp->le_max_pkt;
1088
1089 hdev->le_cnt = hdev->le_pkts;
1090
1091 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1092
1093 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1094}
980e1a53 1095
60e77321
JH		 1096static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1097 struct sk_buff *skb)
1098{
1099 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1100
1101 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1102
1103 if (!rp->status)
1104 memcpy(hdev->le_features, rp->features, 8);
1105
1106 hci_req_complete(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, rp->status);
1107}
1108
8fa19098
JH		 1109static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1110 struct sk_buff *skb)
1111{
1112 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1113
1114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1115
3f0f524b 1116 if (!rp->status) {
8fa19098 1117 hdev->adv_tx_power = rp->tx_power;
3f0f524b
JH		 1118 if (!test_bit(HCI_INIT, &hdev->flags))
1119 hci_update_ad(hdev);
1120 }
8fa19098
JH		 1121
1122 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1123}
1124
e36b04c8
JH		 1125static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1126{
1127 __u8 status = *((__u8 *) skb->data);
1128
1129 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1130
1131 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1132}
1133
a5c29683
JH		 1134static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1135{
1136 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1137
9f1db00c 1138 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1139
56e5cb86
JH		 1140 hci_dev_lock(hdev);
1141
a8b2d5c2 1142 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1143 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1144 rp->status);
56e5cb86
JH		 1145
1146 hci_dev_unlock(hdev);
a5c29683
JH		 1147}
1148
1149static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1150 struct sk_buff *skb)
a5c29683
JH		 1151{
1152 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1153
9f1db00c 1154 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1155
56e5cb86
JH		 1156 hci_dev_lock(hdev);
1157
a8b2d5c2 1158 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1159 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1160 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1161
1162 hci_dev_unlock(hdev);
a5c29683
JH		 1163}
1164
1143d458
BG		 1165static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1166{
1167 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1168
9f1db00c 1169 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1170
1171 hci_dev_lock(hdev);
1172
a8b2d5c2 1173 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1174 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1175 0, rp->status);
1143d458
BG		 1176
1177 hci_dev_unlock(hdev);
1178}
1179
1180static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1181 struct sk_buff *skb)
1143d458
BG		 1182{
1183 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1184
9f1db00c 1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1186
1187 hci_dev_lock(hdev);
1188
a8b2d5c2 1189 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1190 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1191 ACL_LINK, 0, rp->status);
1143d458
BG		 1192
1193 hci_dev_unlock(hdev);
1194}
1195
c35938b2 1196static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1197 struct sk_buff *skb)
c35938b2
SJ		 1198{
1199 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1200
9f1db00c 1201 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1202
56e5cb86 1203 hci_dev_lock(hdev);
744cf19e 1204 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1205 rp->randomizer, rp->status);
56e5cb86 1206 hci_dev_unlock(hdev);
c35938b2
SJ		 1207}
1208
c1d5dc4a
JH		 1209static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1210{
1211 __u8 *sent, status = *((__u8 *) skb->data);
1212
1213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1214
1215 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1216 if (!sent)
1217 return;
1218
1219 hci_dev_lock(hdev);
1220
1221 if (!status) {
1222 if (*sent)
1223 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1224 else
1225 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1226 }
1227
1228 hci_dev_unlock(hdev);
1229
1230 if (!test_bit(HCI_INIT, &hdev->flags))
1231 hci_update_ad(hdev);
1232
1233 hci_req_complete(hdev, HCI_OP_LE_SET_ADV_ENABLE, status);
1234}
1235
07f7fa5d
AG		 1236static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1237{
1238 __u8 status = *((__u8 *) skb->data);
1239
9f1db00c 1240 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1241
1242 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1243
1244 if (status) {
1245 hci_dev_lock(hdev);
1246 mgmt_start_discovery_failed(hdev, status);
1247 hci_dev_unlock(hdev);
1248 return;
1249 }
07f7fa5d
AG		 1250}
1251
eb9d91f5 1252static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1253 struct sk_buff *skb)
eb9d91f5
AG		 1254{
1255 struct hci_cp_le_set_scan_enable *cp;
1256 __u8 status = *((__u8 *) skb->data);
1257
9f1db00c 1258 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1259
eb9d91f5
AG		 1260 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1261 if (!cp)
1262 return;
1263
68a8aea4
AE		 1264 switch (cp->enable) {
1265 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1266 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1267
3fd24153
AG		 1268 if (status) {
1269 hci_dev_lock(hdev);
1270 mgmt_start_discovery_failed(hdev, status);
1271 hci_dev_unlock(hdev);
7ba8b4be 1272 return;
3fd24153 1273 }
7ba8b4be 1274
d23264a8
AG		 1275 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1276
a8f13c8c 1277 hci_dev_lock(hdev);
343f935b 1278 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1279 hci_dev_unlock(hdev);
68a8aea4
AE		 1280 break;
1281
1282 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1283 if (status) {
1284 hci_dev_lock(hdev);
1285 mgmt_stop_discovery_failed(hdev, status);
1286 hci_dev_unlock(hdev);
7ba8b4be 1287 return;
c9ecc48e 1288 }
7ba8b4be 1289
d23264a8
AG		 1290 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1291
bc3dd33c
AG		 1292 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1293 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1294 mgmt_interleaved_discovery(hdev);
1295 } else {
1296 hci_dev_lock(hdev);
1297 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1298 hci_dev_unlock(hdev);
1299 }
1300
68a8aea4
AE		 1301 break;
1302
1303 default:
1304 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1305 break;
35815085 1306 }
eb9d91f5
AG		 1307}
1308
a7a595f6
VCG		 1309static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1310{
1311 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1312
9f1db00c 1313 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1314
1315 if (rp->status)
1316 return;
1317
1318 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1319}
1320
1321static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1322{
1323 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1324
9f1db00c 1325 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1326
1327 if (rp->status)
1328 return;
1329
1330 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1331}
1332
6039aa73
GP		 1333static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1334 struct sk_buff *skb)
f9b49306 1335{
06199cf8 1336 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1337 __u8 status = *((__u8 *) skb->data);
1338
9f1db00c 1339 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1340
06199cf8 1341 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1342 if (!sent)
f9b49306
AG		 1343 return;
1344
8f984dfa
JH		 1345 if (!status) {
1346 if (sent->le)
1347 hdev->host_features[0] |= LMP_HOST_LE;
1348 else
1349 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1350
1351 if (sent->simul)
1352 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1353 else
1354 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1355 }
1356
1357 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1358 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1359 mgmt_le_enable_complete(hdev, sent->le, status);
1360
1361 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1362}
1363
93c284ee
AE		 1364static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1365 struct sk_buff *skb)
1366{
1367 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1368
1369 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1370 hdev->name, rp->status, rp->phy_handle);
1371
1372 if (rp->status)
1373 return;
1374
1375 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1376}
1377
6039aa73 1378static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1379{
9f1db00c 1380 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1381
1382 if (status) {
23bb5763 1383 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1384 hci_conn_check_pending(hdev);
56e5cb86 1385 hci_dev_lock(hdev);
a8b2d5c2 1386 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1387 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1388 hci_dev_unlock(hdev);
314b2381
JH		 1389 return;
1390 }
1391
89352e7d
AG		 1392 set_bit(HCI_INQUIRY, &hdev->flags);
1393
56e5cb86 1394 hci_dev_lock(hdev);
343f935b 1395 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1396 hci_dev_unlock(hdev);
1da177e4
LT		 1397}
1398
6039aa73 1399static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1400{
a9de9248 1401 struct hci_cp_create_conn *cp;
1da177e4 1402 struct hci_conn *conn;
1da177e4 1403
9f1db00c 1404 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1405
1406 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1407 if (!cp)
1408 return;
1409
1410 hci_dev_lock(hdev);
1411
1412 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1413
6ed93dc6 1414 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1415
1416 if (status) {
1417 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1418 if (status != 0x0c || conn->attempt > 2) {
1419 conn->state = BT_CLOSED;
1420 hci_proto_connect_cfm(conn, status);
1421 hci_conn_del(conn);
1422 } else
1423 conn->state = BT_CONNECT2;
1da177e4
LT		 1424 }
1425 } else {
1426 if (!conn) {
1427 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1428 if (conn) {
a0c808b3 1429 conn->out = true;
1da177e4
LT		 1430 conn->link_mode |= HCI_LM_MASTER;
1431 } else
893ef971 1432 BT_ERR("No memory for new connection");
1da177e4
LT		 1433 }
1434 }
1435
1436 hci_dev_unlock(hdev);
1437}
1438
a9de9248 1439static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1440{
a9de9248
MH		 1441 struct hci_cp_add_sco *cp;
1442 struct hci_conn *acl, *sco;
1443 __u16 handle;
1da177e4 1444
9f1db00c 1445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1446
a9de9248
MH		 1447 if (!status)
1448 return;
1da177e4 1449
a9de9248
MH		 1450 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1451 if (!cp)
1452 return;
1da177e4 1453
a9de9248 1454 handle = __le16_to_cpu(cp->handle);
1da177e4 1455
9f1db00c 1456 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1457
a9de9248 1458 hci_dev_lock(hdev);
1da177e4 1459
a9de9248 1460 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1461 if (acl) {
1462 sco = acl->link;
1463 if (sco) {
1464 sco->state = BT_CLOSED;
1da177e4 1465
5a08ecce
AE		 1466 hci_proto_connect_cfm(sco, status);
1467 hci_conn_del(sco);
1468 }
a9de9248 1469 }
1da177e4 1470
a9de9248
MH		 1471 hci_dev_unlock(hdev);
1472}
1da177e4 1473
f8558555
MH		 1474static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1475{
1476 struct hci_cp_auth_requested *cp;
1477 struct hci_conn *conn;
1478
9f1db00c 1479 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1480
1481 if (!status)
1482 return;
1483
1484 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1485 if (!cp)
1486 return;
1487
1488 hci_dev_lock(hdev);
1489
1490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1491 if (conn) {
1492 if (conn->state == BT_CONFIG) {
1493 hci_proto_connect_cfm(conn, status);
1494 hci_conn_put(conn);
1495 }
1496 }
1497
1498 hci_dev_unlock(hdev);
1499}
1500
1501static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1502{
1503 struct hci_cp_set_conn_encrypt *cp;
1504 struct hci_conn *conn;
1505
9f1db00c 1506 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1507
1508 if (!status)
1509 return;
1510
1511 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1512 if (!cp)
1513 return;
1514
1515 hci_dev_lock(hdev);
1516
1517 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1518 if (conn) {
1519 if (conn->state == BT_CONFIG) {
1520 hci_proto_connect_cfm(conn, status);
1521 hci_conn_put(conn);
1522 }
1523 }
1524
1525 hci_dev_unlock(hdev);
1526}
1527
127178d2 1528static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1529 struct hci_conn *conn)
392599b9 1530{
392599b9
JH		 1531 if (conn->state != BT_CONFIG || !conn->out)
1532 return 0;
1533
765c2a96 1534 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1535 return 0;
1536
1537 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1538 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1539 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1540 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1541 return 0;
1542
392599b9
JH		 1543 return 1;
1544}
1545
6039aa73 1546static int hci_resolve_name(struct hci_dev *hdev,
04124681 1547 struct inquiry_entry *e)
30dc78e1
JH		 1548{
1549 struct hci_cp_remote_name_req cp;
1550
1551 memset(&cp, 0, sizeof(cp));
1552
1553 bacpy(&cp.bdaddr, &e->data.bdaddr);
1554 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1555 cp.pscan_mode = e->data.pscan_mode;
1556 cp.clock_offset = e->data.clock_offset;
1557
1558 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1559}
1560
b644ba33 1561static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1562{
1563 struct discovery_state *discov = &hdev->discovery;
1564 struct inquiry_entry *e;
1565
b644ba33
JH		 1566 if (list_empty(&discov->resolve))
1567 return false;
1568
1569 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1570 if (!e)
1571 return false;
1572
b644ba33
JH		 1573 if (hci_resolve_name(hdev, e) == 0) {
1574 e->name_state = NAME_PENDING;
1575 return true;
1576 }
1577
1578 return false;
1579}
1580
1581static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1582 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1583{
1584 struct discovery_state *discov = &hdev->discovery;
1585 struct inquiry_entry *e;
1586
1587 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1588 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1589 name_len, conn->dev_class);
b644ba33
JH		 1590
1591 if (discov->state == DISCOVERY_STOPPED)
1592 return;
1593
30dc78e1
JH		 1594 if (discov->state == DISCOVERY_STOPPING)
1595 goto discov_complete;
1596
1597 if (discov->state != DISCOVERY_RESOLVING)
1598 return;
1599
1600 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1601 /* If the device was not found in a list of found devices names of which
1602 * are pending. there is no need to continue resolving a next name as it
1603 * will be done upon receiving another Remote Name Request Complete
1604 * Event */
1605 if (!e)
1606 return;
1607
1608 list_del(&e->list);
1609 if (name) {
30dc78e1 1610 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1611 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1612 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1613 } else {
1614 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1615 }
1616
b644ba33 1617 if (hci_resolve_next_name(hdev))
30dc78e1 1618 return;
30dc78e1
JH		 1619
1620discov_complete:
1621 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1622}
1623
a9de9248
MH		 1624static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1625{
127178d2
JH		 1626 struct hci_cp_remote_name_req *cp;
1627 struct hci_conn *conn;
1628
9f1db00c 1629 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1630
1631 /* If successful wait for the name req complete event before
1632 * checking for the need to do authentication */
1633 if (!status)
1634 return;
1635
1636 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1637 if (!cp)
1638 return;
1639
1640 hci_dev_lock(hdev);
1641
b644ba33
JH		 1642 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1643
a8b2d5c2 1644 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1645 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1646
79c6c70c
JH		 1647 if (!conn)
1648 goto unlock;
1649
1650 if (!hci_outgoing_auth_needed(hdev, conn))
1651 goto unlock;
1652
51a8efd7 1653 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1654 struct hci_cp_auth_requested cp;
1655 cp.handle = __cpu_to_le16(conn->handle);
1656 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1657 }
1658
79c6c70c 1659unlock:
127178d2 1660 hci_dev_unlock(hdev);
a9de9248 1661}
1da177e4 1662
769be974
MH		 1663static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1664{
1665 struct hci_cp_read_remote_features *cp;
1666 struct hci_conn *conn;
1667
9f1db00c 1668 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1669
1670 if (!status)
1671 return;
1672
1673 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1674 if (!cp)
1675 return;
1676
1677 hci_dev_lock(hdev);
1678
1679 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1680 if (conn) {
1681 if (conn->state == BT_CONFIG) {
769be974
MH		 1682 hci_proto_connect_cfm(conn, status);
1683 hci_conn_put(conn);
1684 }
1685 }
1686
1687 hci_dev_unlock(hdev);
1688}
1689
1690static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1691{
1692 struct hci_cp_read_remote_ext_features *cp;
1693 struct hci_conn *conn;
1694
9f1db00c 1695 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1696
1697 if (!status)
1698 return;
1699
1700 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1701 if (!cp)
1702 return;
1703
1704 hci_dev_lock(hdev);
1705
1706 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1707 if (conn) {
1708 if (conn->state == BT_CONFIG) {
769be974
MH		 1709 hci_proto_connect_cfm(conn, status);
1710 hci_conn_put(conn);
1711 }
1712 }
1713
1714 hci_dev_unlock(hdev);
1715}
1716
a9de9248
MH		 1717static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1718{
b6a0dc82
MH		 1719 struct hci_cp_setup_sync_conn *cp;
1720 struct hci_conn *acl, *sco;
1721 __u16 handle;
1722
9f1db00c 1723 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1724
1725 if (!status)
1726 return;
1727
1728 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1729 if (!cp)
1730 return;
1731
1732 handle = __le16_to_cpu(cp->handle);
1733
9f1db00c 1734 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1735
1736 hci_dev_lock(hdev);
1737
1738 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1739 if (acl) {
1740 sco = acl->link;
1741 if (sco) {
1742 sco->state = BT_CLOSED;
b6a0dc82 1743
5a08ecce
AE		 1744 hci_proto_connect_cfm(sco, status);
1745 hci_conn_del(sco);
1746 }
b6a0dc82
MH		 1747 }
1748
1749 hci_dev_unlock(hdev);
1da177e4
LT		 1750}
1751
a9de9248 1752static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1753{
a9de9248
MH		 1754 struct hci_cp_sniff_mode *cp;
1755 struct hci_conn *conn;
1da177e4 1756
9f1db00c 1757 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1758
a9de9248
MH		 1759 if (!status)
1760 return;
04837f64 1761
a9de9248
MH		 1762 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1763 if (!cp)
1764 return;
04837f64 1765
a9de9248 1766 hci_dev_lock(hdev);
04837f64 1767
a9de9248 1768 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1769 if (conn) {
51a8efd7 1770 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1771
51a8efd7 1772 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1773 hci_sco_setup(conn, status);
1774 }
1775
a9de9248
MH		 1776 hci_dev_unlock(hdev);
1777}
04837f64 1778
a9de9248
MH		 1779static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1780{
1781 struct hci_cp_exit_sniff_mode *cp;
1782 struct hci_conn *conn;
04837f64 1783
9f1db00c 1784 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1785
a9de9248
MH		 1786 if (!status)
1787 return;
04837f64 1788
a9de9248
MH		 1789 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1790 if (!cp)
1791 return;
04837f64 1792
a9de9248 1793 hci_dev_lock(hdev);
1da177e4 1794
a9de9248 1795 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1796 if (conn) {
51a8efd7 1797 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1798
51a8efd7 1799 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1800 hci_sco_setup(conn, status);
1801 }
1802
a9de9248 1803 hci_dev_unlock(hdev);
1da177e4
LT		 1804}
1805
88c3df13
JH		 1806static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1807{
1808 struct hci_cp_disconnect *cp;
1809 struct hci_conn *conn;
1810
1811 if (!status)
1812 return;
1813
1814 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1815 if (!cp)
1816 return;
1817
1818 hci_dev_lock(hdev);
1819
1820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1821 if (conn)
1822 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1823 conn->dst_type, status);
88c3df13
JH		 1824
1825 hci_dev_unlock(hdev);
1826}
1827
fcd89c09
VT		 1828static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1829{
fcd89c09
VT		 1830 struct hci_conn *conn;
1831
9f1db00c 1832 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1833
f00a06ac
AG		 1834 if (status) {
1835 hci_dev_lock(hdev);
fcd89c09 1836
0c95ab78 1837 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1838 if (!conn) {
1839 hci_dev_unlock(hdev);
1840 return;
1841 }
fcd89c09 1842
6ed93dc6 1843 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1844
f00a06ac 1845 conn->state = BT_CLOSED;
0c95ab78 1846 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1847 conn->dst_type, status);
1848 hci_proto_connect_cfm(conn, status);
1849 hci_conn_del(conn);
fcd89c09 1850
f00a06ac
AG		 1851 hci_dev_unlock(hdev);
1852 }
fcd89c09
VT		 1853}
1854
a7a595f6
VCG		 1855static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1856{
9f1db00c 1857 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1858}
1859
a02226d6
AE		 1860static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1861{
93c284ee
AE		 1862 struct hci_cp_create_phy_link *cp;
1863
a02226d6 1864 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1865
93c284ee
AE		 1866 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1867 if (!cp)
1868 return;
1869
e58917b9
AE		 1870 hci_dev_lock(hdev);
1871
1872 if (status) {
1873 struct hci_conn *hcon;
1874
1875 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1876 if (hcon)
1877 hci_conn_del(hcon);
1878 } else {
1879 amp_write_remote_assoc(hdev, cp->phy_handle);
1880 }
1881
1882 hci_dev_unlock(hdev);
a02226d6
AE		 1883}
1884
0b26ab9d
AE		 1885static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1886{
1887 struct hci_cp_accept_phy_link *cp;
1888
1889 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1890
1891 if (status)
1892 return;
1893
1894 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1895 if (!cp)
1896 return;
1897
1898 amp_write_remote_assoc(hdev, cp->phy_handle);
1899}
1900
5ce66b59
AE		 1901static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1902{
1903 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1904}
1905
6039aa73 1906static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1907{
1908 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1909 struct discovery_state *discov = &hdev->discovery;
1910 struct inquiry_entry *e;
1da177e4 1911
9f1db00c 1912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1913
23bb5763 1914 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1915
a9de9248 1916 hci_conn_check_pending(hdev);
89352e7d
AG		 1917
1918 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1919 return;
1920
a8b2d5c2 1921 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1922 return;
1923
56e5cb86 1924 hci_dev_lock(hdev);
30dc78e1 1925
343f935b 1926 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1927 goto unlock;
1928
1929 if (list_empty(&discov->resolve)) {
1930 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1931 goto unlock;
1932 }
1933
1934 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1935 if (e && hci_resolve_name(hdev, e) == 0) {
1936 e->name_state = NAME_PENDING;
1937 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1938 } else {
1939 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1940 }
1941
1942unlock:
56e5cb86 1943 hci_dev_unlock(hdev);
1da177e4
LT		 1944}
1945
6039aa73 1946static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1947{
45bb4bf0 1948 struct inquiry_data data;
a9de9248 1949 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1950 int num_rsp = *((__u8 *) skb->data);
1951
1952 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1953
45bb4bf0
MH		 1954 if (!num_rsp)
1955 return;
1956
1519cc17
AG		 1957 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1958 return;
1959
1da177e4 1960 hci_dev_lock(hdev);
45bb4bf0 1961
e17acd40 1962 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1963 bool name_known, ssp;
3175405b 1964
1da177e4
LT		 1965 bacpy(&data.bdaddr, &info->bdaddr);
1966 data.pscan_rep_mode = info->pscan_rep_mode;
1967 data.pscan_period_mode = info->pscan_period_mode;
1968 data.pscan_mode = info->pscan_mode;
1969 memcpy(data.dev_class, info->dev_class, 3);
1970 data.clock_offset = info->clock_offset;
1971 data.rssi = 0x00;
41a96212 1972 data.ssp_mode = 0x00;
3175405b 1973
388fc8fa 1974 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1975 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1976 info->dev_class, 0, !name_known, ssp, NULL,
1977 0);
1da177e4 1978 }
45bb4bf0 1979
1da177e4
LT		 1980 hci_dev_unlock(hdev);
1981}
1982
6039aa73 1983static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1984{
a9de9248
MH		 1985 struct hci_ev_conn_complete *ev = (void *) skb->data;
1986 struct hci_conn *conn;
1da177e4
LT		 1987
1988 BT_DBG("%s", hdev->name);
1989
1990 hci_dev_lock(hdev);
1991
1992 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1993 if (!conn) {
1994 if (ev->link_type != SCO_LINK)
1995 goto unlock;
1996
1997 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1998 if (!conn)
1999 goto unlock;
2000
2001 conn->type = SCO_LINK;
2002 }
1da177e4
LT		 2003
2004 if (!ev->status) {
2005 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2006
2007 if (conn->type == ACL_LINK) {
2008 conn->state = BT_CONFIG;
2009 hci_conn_hold(conn);
a9ea3ed9
SJ		 2010
2011 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2012 !hci_find_link_key(hdev, &ev->bdaddr))
2013 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2014 else
2015 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2016 } else
2017 conn->state = BT_CONNECTED;
1da177e4 2018
9eba32b8 2019 hci_conn_hold_device(conn);
7d0db0a3
MH		 2020 hci_conn_add_sysfs(conn);
2021
1da177e4
LT		 2022 if (test_bit(HCI_AUTH, &hdev->flags))
2023 conn->link_mode |= HCI_LM_AUTH;
2024
2025 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2026 conn->link_mode |= HCI_LM_ENCRYPT;
2027
04837f64
MH		 2028 /* Get remote features */
2029 if (conn->type == ACL_LINK) {
2030 struct hci_cp_read_remote_features cp;
2031 cp.handle = ev->handle;
769be974 2032 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2033 sizeof(cp), &cp);
04837f64
MH		 2034 }
2035
1da177e4 2036 /* Set packet type for incoming connection */
d095c1eb 2037 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2038 struct hci_cp_change_conn_ptype cp;
2039 cp.handle = ev->handle;
a8746417 2040 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2041 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2042 &cp);
1da177e4 2043 }
17d5c04c 2044 } else {
1da177e4 2045 conn->state = BT_CLOSED;
17d5c04c 2046 if (conn->type == ACL_LINK)
744cf19e 2047 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 2048 conn->dst_type, ev->status);
17d5c04c 2049 }
1da177e4 2050
e73439d8
MH		 2051 if (conn->type == ACL_LINK)
2052 hci_sco_setup(conn, ev->status);
1da177e4 2053
769be974
MH		 2054 if (ev->status) {
2055 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2056 hci_conn_del(conn);
c89b6e6b
MH		 2057 } else if (ev->link_type != ACL_LINK)
2058 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2059
a9de9248 2060unlock:
1da177e4 2061 hci_dev_unlock(hdev);
1da177e4 2062
a9de9248 2063 hci_conn_check_pending(hdev);
1da177e4
LT		 2064}
2065
20714bfe
FD		 2066void hci_conn_accept(struct hci_conn *conn, int mask)
2067{
2068 struct hci_dev *hdev = conn->hdev;
2069
2070 BT_DBG("conn %p", conn);
2071
2072 conn->state = BT_CONFIG;
2073
2074 if (!lmp_esco_capable(hdev)) {
2075 struct hci_cp_accept_conn_req cp;
2076
2077 bacpy(&cp.bdaddr, &conn->dst);
2078
2079 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2080 cp.role = 0x00; /* Become master */
2081 else
2082 cp.role = 0x01; /* Remain slave */
2083
2084 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2085 } else /* lmp_esco_capable(hdev)) */ {
2086 struct hci_cp_accept_sync_conn_req cp;
2087
2088 bacpy(&cp.bdaddr, &conn->dst);
2089 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2090
2091 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2092 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2093 cp.max_latency = __constant_cpu_to_le16(0xffff);
2094 cp.content_format = cpu_to_le16(hdev->voice_setting);
2095 cp.retrans_effort = 0xff;
2096
2097 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2098 sizeof(cp), &cp);
2099 }
2100}
2101
6039aa73 2102static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2103{
a9de9248
MH		 2104 struct hci_ev_conn_request *ev = (void *) skb->data;
2105 int mask = hdev->link_mode;
20714bfe 2106 __u8 flags = 0;
1da177e4 2107
6ed93dc6 2108 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2109 ev->link_type);
1da177e4 2110
20714bfe
FD		 2111 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2112 &flags);
1da177e4 2113
138d22ef 2114 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2115 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2116 /* Connection accepted */
c7bdd502 2117 struct inquiry_entry *ie;
1da177e4 2118 struct hci_conn *conn;
1da177e4 2119
a9de9248 2120 hci_dev_lock(hdev);
b6a0dc82 2121
cc11b9c1
AE		 2122 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2123 if (ie)
c7bdd502
MH		 2124 memcpy(ie->data.dev_class, ev->dev_class, 3);
2125
8fc9ced3
GP		 2126 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2127 &ev->bdaddr);
a9de9248 2128 if (!conn) {
cc11b9c1
AE		 2129 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2130 if (!conn) {
893ef971 2131 BT_ERR("No memory for new connection");
a9de9248
MH		 2132 hci_dev_unlock(hdev);
2133 return;
1da177e4
LT		 2134 }
2135 }
b6a0dc82 2136
a9de9248 2137 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2138
a9de9248 2139 hci_dev_unlock(hdev);
1da177e4 2140
20714bfe
FD		 2141 if (ev->link_type == ACL_LINK ||
2142 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2143 struct hci_cp_accept_conn_req cp;
20714bfe 2144 conn->state = BT_CONNECT;
1da177e4 2145
b6a0dc82
MH		 2146 bacpy(&cp.bdaddr, &ev->bdaddr);
2147
2148 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2149 cp.role = 0x00; /* Become master */
2150 else
2151 cp.role = 0x01; /* Remain slave */
2152
04124681
GP		 2153 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2154 &cp);
20714bfe 2155 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2156 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2157 conn->state = BT_CONNECT;
b6a0dc82
MH		 2158
2159 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2160 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2161
82781e63
AE		 2162 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2163 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2164 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2165 cp.content_format = cpu_to_le16(hdev->voice_setting);
2166 cp.retrans_effort = 0xff;
1da177e4 2167
b6a0dc82 2168 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2169 sizeof(cp), &cp);
20714bfe
FD		 2170 } else {
2171 conn->state = BT_CONNECT2;
2172 hci_proto_connect_cfm(conn, 0);
2173 hci_conn_put(conn);
b6a0dc82 2174 }
a9de9248
MH		 2175 } else {
2176 /* Connection rejected */
2177 struct hci_cp_reject_conn_req cp;
1da177e4 2178
a9de9248 2179 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2180 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2181 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2182 }
1da177e4
LT		 2183}
2184
f0d6a0ea
MA		 2185static u8 hci_to_mgmt_reason(u8 err)
2186{
2187 switch (err) {
2188 case HCI_ERROR_CONNECTION_TIMEOUT:
2189 return MGMT_DEV_DISCONN_TIMEOUT;
2190 case HCI_ERROR_REMOTE_USER_TERM:
2191 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2192 case HCI_ERROR_REMOTE_POWER_OFF:
2193 return MGMT_DEV_DISCONN_REMOTE;
2194 case HCI_ERROR_LOCAL_HOST_TERM:
2195 return MGMT_DEV_DISCONN_LOCAL_HOST;
2196 default:
2197 return MGMT_DEV_DISCONN_UNKNOWN;
2198 }
2199}
2200
6039aa73 2201static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2202{
a9de9248 2203 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2204 struct hci_conn *conn;
2205
9f1db00c 2206 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2207
2208 hci_dev_lock(hdev);
2209
2210 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2211 if (!conn)
2212 goto unlock;
7d0db0a3 2213
37d9ef76
JH		 2214 if (ev->status == 0)
2215 conn->state = BT_CLOSED;
04837f64 2216
b644ba33 2217 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2218 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2219 if (ev->status) {
88c3df13 2220 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2221 conn->dst_type, ev->status);
f0d6a0ea
MA		 2222 } else {
2223 u8 reason = hci_to_mgmt_reason(ev->reason);
2224
afc747a6 2225 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2226 conn->dst_type, reason);
2227 }
37d9ef76 2228 }
f7520543 2229
37d9ef76 2230 if (ev->status == 0) {
6ec5bcad
VA		 2231 if (conn->type == ACL_LINK && conn->flush_key)
2232 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2233 hci_proto_disconn_cfm(conn, ev->reason);
2234 hci_conn_del(conn);
2235 }
f7520543
JH		 2236
2237unlock:
04837f64
MH		 2238 hci_dev_unlock(hdev);
2239}
2240
6039aa73 2241static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2242{
a9de9248 2243 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2244 struct hci_conn *conn;
1da177e4 2245
9f1db00c 2246 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2247
2248 hci_dev_lock(hdev);
2249
04837f64 2250 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2251 if (!conn)
2252 goto unlock;
2253
2254 if (!ev->status) {
aa64a8b5 2255 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2256 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2257 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2258 } else {
d7556e20
WR		 2259 conn->link_mode |= HCI_LM_AUTH;
2260 conn->sec_level = conn->pending_sec_level;
2a611692 2261 }
d7556e20 2262 } else {
bab73cb6 2263 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2264 ev->status);
d7556e20 2265 }
1da177e4 2266
51a8efd7
JH		 2267 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2268 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2269
d7556e20 2270 if (conn->state == BT_CONFIG) {
aa64a8b5 2271 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2272 struct hci_cp_set_conn_encrypt cp;
2273 cp.handle = ev->handle;
2274 cp.encrypt = 0x01;
2275 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2276 &cp);
052b30b0 2277 } else {
d7556e20
WR		 2278 conn->state = BT_CONNECTED;
2279 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2280 hci_conn_put(conn);
2281 }
d7556e20
WR		 2282 } else {
2283 hci_auth_cfm(conn, ev->status);
052b30b0 2284
d7556e20
WR		 2285 hci_conn_hold(conn);
2286 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2287 hci_conn_put(conn);
2288 }
2289
51a8efd7 2290 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2291 if (!ev->status) {
2292 struct hci_cp_set_conn_encrypt cp;
2293 cp.handle = ev->handle;
2294 cp.encrypt = 0x01;
2295 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2296 &cp);
d7556e20 2297 } else {
51a8efd7 2298 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2299 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2300 }
2301 }
2302
d7556e20 2303unlock:
1da177e4
LT		 2304 hci_dev_unlock(hdev);
2305}
2306
6039aa73 2307static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2308{
127178d2
JH		 2309 struct hci_ev_remote_name *ev = (void *) skb->data;
2310 struct hci_conn *conn;
2311
a9de9248 2312 BT_DBG("%s", hdev->name);
1da177e4 2313
a9de9248 2314 hci_conn_check_pending(hdev);
127178d2
JH		 2315
2316 hci_dev_lock(hdev);
2317
b644ba33 2318 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2319
b644ba33
JH		 2320 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2321 goto check_auth;
a88a9652 2322
b644ba33
JH		 2323 if (ev->status == 0)
2324 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2325 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2326 else
2327 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2328
2329check_auth:
79c6c70c
JH		 2330 if (!conn)
2331 goto unlock;
2332
2333 if (!hci_outgoing_auth_needed(hdev, conn))
2334 goto unlock;
2335
51a8efd7 2336 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2337 struct hci_cp_auth_requested cp;
2338 cp.handle = __cpu_to_le16(conn->handle);
2339 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2340 }
2341
79c6c70c 2342unlock:
127178d2 2343 hci_dev_unlock(hdev);
a9de9248
MH		 2344}
2345
6039aa73 2346static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2347{
2348 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2349 struct hci_conn *conn;
2350
9f1db00c 2351 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2352
2353 hci_dev_lock(hdev);
2354
04837f64 2355 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2356 if (conn) {
2357 if (!ev->status) {
ae293196
MH		 2358 if (ev->encrypt) {
2359 /* Encryption implies authentication */
2360 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2361 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2362 conn->sec_level = conn->pending_sec_level;
ae293196 2363 } else
1da177e4
LT		 2364 conn->link_mode &= ~HCI_LM_ENCRYPT;
2365 }
2366
51a8efd7 2367 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2368
a7d7723a 2369 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2370 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2371 hci_conn_put(conn);
2372 goto unlock;
2373 }
2374
f8558555
MH		 2375 if (conn->state == BT_CONFIG) {
2376 if (!ev->status)
2377 conn->state = BT_CONNECTED;
2378
2379 hci_proto_connect_cfm(conn, ev->status);
2380 hci_conn_put(conn);
2381 } else
2382 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2383 }
2384
a7d7723a 2385unlock:
1da177e4
LT		 2386 hci_dev_unlock(hdev);
2387}
2388
6039aa73
GP		 2389static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2390 struct sk_buff *skb)
1da177e4 2391{
a9de9248 2392 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2393 struct hci_conn *conn;
1da177e4 2394
9f1db00c 2395 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2396
2397 hci_dev_lock(hdev);
2398
04837f64 2399 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2400 if (conn) {
2401 if (!ev->status)
2402 conn->link_mode |= HCI_LM_SECURE;
2403
51a8efd7 2404 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2405
2406 hci_key_change_cfm(conn, ev->status);
2407 }
2408
2409 hci_dev_unlock(hdev);
2410}
2411
6039aa73
GP		 2412static void hci_remote_features_evt(struct hci_dev *hdev,
2413 struct sk_buff *skb)
1da177e4 2414{
a9de9248
MH		 2415 struct hci_ev_remote_features *ev = (void *) skb->data;
2416 struct hci_conn *conn;
2417
9f1db00c 2418 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2419
a9de9248
MH		 2420 hci_dev_lock(hdev);
2421
2422 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2423 if (!conn)
2424 goto unlock;
769be974 2425
ccd556fe
JH		 2426 if (!ev->status)
2427 memcpy(conn->features, ev->features, 8);
2428
2429 if (conn->state != BT_CONFIG)
2430 goto unlock;
2431
2432 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2433 struct hci_cp_read_remote_ext_features cp;
2434 cp.handle = ev->handle;
2435 cp.page = 0x01;
2436 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2437 sizeof(cp), &cp);
392599b9
JH		 2438 goto unlock;
2439 }
2440
671267bf 2441 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2442 struct hci_cp_remote_name_req cp;
2443 memset(&cp, 0, sizeof(cp));
2444 bacpy(&cp.bdaddr, &conn->dst);
2445 cp.pscan_rep_mode = 0x02;
2446 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2447 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2448 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2449 conn->dst_type, 0, NULL, 0,
2450 conn->dev_class);
392599b9 2451
127178d2 2452 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2453 conn->state = BT_CONNECTED;
2454 hci_proto_connect_cfm(conn, ev->status);
2455 hci_conn_put(conn);
769be974 2456 }
a9de9248 2457
ccd556fe 2458unlock:
a9de9248 2459 hci_dev_unlock(hdev);
1da177e4
LT		 2460}
2461
6039aa73 2462static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2463{
a9de9248 2464 BT_DBG("%s", hdev->name);
1da177e4
LT		 2465}
2466
6039aa73
GP		 2467static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2468 struct sk_buff *skb)
1da177e4 2469{
a9de9248 2470 BT_DBG("%s", hdev->name);
1da177e4
LT		 2471}
2472
6039aa73 2473static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2474{
2475 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2476 __u16 opcode;
2477
2478 skb_pull(skb, sizeof(*ev));
2479
2480 opcode = __le16_to_cpu(ev->opcode);
2481
2482 switch (opcode) {
2483 case HCI_OP_INQUIRY_CANCEL:
2484 hci_cc_inquiry_cancel(hdev, skb);
2485 break;
2486
4d93483b
AG		 2487 case HCI_OP_PERIODIC_INQ:
2488 hci_cc_periodic_inq(hdev, skb);
2489 break;
2490
a9de9248
MH		 2491 case HCI_OP_EXIT_PERIODIC_INQ:
2492 hci_cc_exit_periodic_inq(hdev, skb);
2493 break;
2494
2495 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2496 hci_cc_remote_name_req_cancel(hdev, skb);
2497 break;
2498
2499 case HCI_OP_ROLE_DISCOVERY:
2500 hci_cc_role_discovery(hdev, skb);
2501 break;
2502
e4e8e37c
MH		 2503 case HCI_OP_READ_LINK_POLICY:
2504 hci_cc_read_link_policy(hdev, skb);
2505 break;
2506
a9de9248
MH		 2507 case HCI_OP_WRITE_LINK_POLICY:
2508 hci_cc_write_link_policy(hdev, skb);
2509 break;
2510
e4e8e37c
MH		 2511 case HCI_OP_READ_DEF_LINK_POLICY:
2512 hci_cc_read_def_link_policy(hdev, skb);
2513 break;
2514
2515 case HCI_OP_WRITE_DEF_LINK_POLICY:
2516 hci_cc_write_def_link_policy(hdev, skb);
2517 break;
2518
a9de9248
MH		 2519 case HCI_OP_RESET:
2520 hci_cc_reset(hdev, skb);
2521 break;
2522
2523 case HCI_OP_WRITE_LOCAL_NAME:
2524 hci_cc_write_local_name(hdev, skb);
2525 break;
2526
2527 case HCI_OP_READ_LOCAL_NAME:
2528 hci_cc_read_local_name(hdev, skb);
2529 break;
2530
2531 case HCI_OP_WRITE_AUTH_ENABLE:
2532 hci_cc_write_auth_enable(hdev, skb);
2533 break;
2534
2535 case HCI_OP_WRITE_ENCRYPT_MODE:
2536 hci_cc_write_encrypt_mode(hdev, skb);
2537 break;
2538
2539 case HCI_OP_WRITE_SCAN_ENABLE:
2540 hci_cc_write_scan_enable(hdev, skb);
2541 break;
2542
2543 case HCI_OP_READ_CLASS_OF_DEV:
2544 hci_cc_read_class_of_dev(hdev, skb);
2545 break;
2546
2547 case HCI_OP_WRITE_CLASS_OF_DEV:
2548 hci_cc_write_class_of_dev(hdev, skb);
2549 break;
2550
2551 case HCI_OP_READ_VOICE_SETTING:
2552 hci_cc_read_voice_setting(hdev, skb);
2553 break;
2554
2555 case HCI_OP_WRITE_VOICE_SETTING:
2556 hci_cc_write_voice_setting(hdev, skb);
2557 break;
2558
2559 case HCI_OP_HOST_BUFFER_SIZE:
2560 hci_cc_host_buffer_size(hdev, skb);
2561 break;
2562
333140b5
MH		 2563 case HCI_OP_WRITE_SSP_MODE:
2564 hci_cc_write_ssp_mode(hdev, skb);
2565 break;
2566
a9de9248
MH		 2567 case HCI_OP_READ_LOCAL_VERSION:
2568 hci_cc_read_local_version(hdev, skb);
2569 break;
2570
2571 case HCI_OP_READ_LOCAL_COMMANDS:
2572 hci_cc_read_local_commands(hdev, skb);
2573 break;
2574
2575 case HCI_OP_READ_LOCAL_FEATURES:
2576 hci_cc_read_local_features(hdev, skb);
2577 break;
2578
971e3a4b
AG		 2579 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2580 hci_cc_read_local_ext_features(hdev, skb);
2581 break;
2582
a9de9248
MH		 2583 case HCI_OP_READ_BUFFER_SIZE:
2584 hci_cc_read_buffer_size(hdev, skb);
2585 break;
2586
2587 case HCI_OP_READ_BD_ADDR:
2588 hci_cc_read_bd_addr(hdev, skb);
2589 break;
2590
350ee4cf
AE		 2591 case HCI_OP_READ_DATA_BLOCK_SIZE:
2592 hci_cc_read_data_block_size(hdev, skb);
2593 break;
2594
23bb5763
JH		 2595 case HCI_OP_WRITE_CA_TIMEOUT:
2596 hci_cc_write_ca_timeout(hdev, skb);
2597 break;
2598
1e89cffb
AE		 2599 case HCI_OP_READ_FLOW_CONTROL_MODE:
2600 hci_cc_read_flow_control_mode(hdev, skb);
2601 break;
2602
928abaa7
AE		 2603 case HCI_OP_READ_LOCAL_AMP_INFO:
2604 hci_cc_read_local_amp_info(hdev, skb);
2605 break;
2606
903e4541
AE		 2607 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2608 hci_cc_read_local_amp_assoc(hdev, skb);
2609 break;
2610
b0916ea0
JH		 2611 case HCI_OP_DELETE_STORED_LINK_KEY:
2612 hci_cc_delete_stored_link_key(hdev, skb);
2613 break;
2614
d5859e22
JH		 2615 case HCI_OP_SET_EVENT_MASK:
2616 hci_cc_set_event_mask(hdev, skb);
2617 break;
2618
2619 case HCI_OP_WRITE_INQUIRY_MODE:
2620 hci_cc_write_inquiry_mode(hdev, skb);
2621 break;
2622
2623 case HCI_OP_READ_INQ_RSP_TX_POWER:
2624 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2625 break;
2626
2627 case HCI_OP_SET_EVENT_FLT:
2628 hci_cc_set_event_flt(hdev, skb);
2629 break;
2630
980e1a53
JH		 2631 case HCI_OP_PIN_CODE_REPLY:
2632 hci_cc_pin_code_reply(hdev, skb);
2633 break;
2634
2635 case HCI_OP_PIN_CODE_NEG_REPLY:
2636 hci_cc_pin_code_neg_reply(hdev, skb);
2637 break;
2638
c35938b2
SJ		 2639 case HCI_OP_READ_LOCAL_OOB_DATA:
2640 hci_cc_read_local_oob_data_reply(hdev, skb);
2641 break;
2642
6ed58ec5
VT		 2643 case HCI_OP_LE_READ_BUFFER_SIZE:
2644 hci_cc_le_read_buffer_size(hdev, skb);
2645 break;
2646
60e77321
JH		 2647 case HCI_OP_LE_READ_LOCAL_FEATURES:
2648 hci_cc_le_read_local_features(hdev, skb);
2649 break;
2650
8fa19098
JH		 2651 case HCI_OP_LE_READ_ADV_TX_POWER:
2652 hci_cc_le_read_adv_tx_power(hdev, skb);
2653 break;
2654
e36b04c8
JH		 2655 case HCI_OP_LE_SET_EVENT_MASK:
2656 hci_cc_le_set_event_mask(hdev, skb);
2657 break;
2658
a5c29683
JH		 2659 case HCI_OP_USER_CONFIRM_REPLY:
2660 hci_cc_user_confirm_reply(hdev, skb);
2661 break;
2662
2663 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2664 hci_cc_user_confirm_neg_reply(hdev, skb);
2665 break;
2666
1143d458
BG		 2667 case HCI_OP_USER_PASSKEY_REPLY:
2668 hci_cc_user_passkey_reply(hdev, skb);
2669 break;
2670
2671 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2672 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2673 break;
07f7fa5d
AG		 2674
2675 case HCI_OP_LE_SET_SCAN_PARAM:
2676 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2677 break;
2678
c1d5dc4a
JH		 2679 case HCI_OP_LE_SET_ADV_ENABLE:
2680 hci_cc_le_set_adv_enable(hdev, skb);
2681 break;
2682
eb9d91f5
AG		 2683 case HCI_OP_LE_SET_SCAN_ENABLE:
2684 hci_cc_le_set_scan_enable(hdev, skb);
2685 break;
2686
a7a595f6
VCG		 2687 case HCI_OP_LE_LTK_REPLY:
2688 hci_cc_le_ltk_reply(hdev, skb);
2689 break;
2690
2691 case HCI_OP_LE_LTK_NEG_REPLY:
2692 hci_cc_le_ltk_neg_reply(hdev, skb);
2693 break;
2694
f9b49306
AG		 2695 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2696 hci_cc_write_le_host_supported(hdev, skb);
2697 break;
2698
93c284ee
AE		 2699 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2700 hci_cc_write_remote_amp_assoc(hdev, skb);
2701 break;
2702
a9de9248 2703 default:
9f1db00c 2704 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2705 break;
2706 }
2707
6bd32326
VT		 2708 if (ev->opcode != HCI_OP_NOP)
2709 del_timer(&hdev->cmd_timer);
2710
a9de9248
MH		 2711 if (ev->ncmd) {
2712 atomic_set(&hdev->cmd_cnt, 1);
2713 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2714 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2715 }
2716}
2717
6039aa73 2718static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2719{
2720 struct hci_ev_cmd_status *ev = (void *) skb->data;
2721 __u16 opcode;
2722
2723 skb_pull(skb, sizeof(*ev));
2724
2725 opcode = __le16_to_cpu(ev->opcode);
2726
2727 switch (opcode) {
2728 case HCI_OP_INQUIRY:
2729 hci_cs_inquiry(hdev, ev->status);
2730 break;
2731
2732 case HCI_OP_CREATE_CONN:
2733 hci_cs_create_conn(hdev, ev->status);
2734 break;
2735
2736 case HCI_OP_ADD_SCO:
2737 hci_cs_add_sco(hdev, ev->status);
2738 break;
2739
f8558555
MH		 2740 case HCI_OP_AUTH_REQUESTED:
2741 hci_cs_auth_requested(hdev, ev->status);
2742 break;
2743
2744 case HCI_OP_SET_CONN_ENCRYPT:
2745 hci_cs_set_conn_encrypt(hdev, ev->status);
2746 break;
2747
a9de9248
MH		 2748 case HCI_OP_REMOTE_NAME_REQ:
2749 hci_cs_remote_name_req(hdev, ev->status);
2750 break;
2751
769be974
MH		 2752 case HCI_OP_READ_REMOTE_FEATURES:
2753 hci_cs_read_remote_features(hdev, ev->status);
2754 break;
2755
2756 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2757 hci_cs_read_remote_ext_features(hdev, ev->status);
2758 break;
2759
a9de9248
MH		 2760 case HCI_OP_SETUP_SYNC_CONN:
2761 hci_cs_setup_sync_conn(hdev, ev->status);
2762 break;
2763
2764 case HCI_OP_SNIFF_MODE:
2765 hci_cs_sniff_mode(hdev, ev->status);
2766 break;
2767
2768 case HCI_OP_EXIT_SNIFF_MODE:
2769 hci_cs_exit_sniff_mode(hdev, ev->status);
2770 break;
2771
8962ee74 2772 case HCI_OP_DISCONNECT:
88c3df13 2773 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2774 break;
2775
fcd89c09
VT		 2776 case HCI_OP_LE_CREATE_CONN:
2777 hci_cs_le_create_conn(hdev, ev->status);
2778 break;
2779
a7a595f6
VCG		 2780 case HCI_OP_LE_START_ENC:
2781 hci_cs_le_start_enc(hdev, ev->status);
2782 break;
2783
a02226d6
AE		 2784 case HCI_OP_CREATE_PHY_LINK:
2785 hci_cs_create_phylink(hdev, ev->status);
2786 break;
2787
0b26ab9d
AE		 2788 case HCI_OP_ACCEPT_PHY_LINK:
2789 hci_cs_accept_phylink(hdev, ev->status);
2790 break;
2791
5ce66b59
AE		 2792 case HCI_OP_CREATE_LOGICAL_LINK:
2793 hci_cs_create_logical_link(hdev, ev->status);
2794 break;
2795
a9de9248 2796 default:
9f1db00c 2797 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2798 break;
2799 }
2800
6bd32326
VT		 2801 if (ev->opcode != HCI_OP_NOP)
2802 del_timer(&hdev->cmd_timer);
2803
10572132 2804 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2805 atomic_set(&hdev->cmd_cnt, 1);
2806 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2807 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2808 }
2809}
2810
6039aa73 2811static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2812{
2813 struct hci_ev_role_change *ev = (void *) skb->data;
2814 struct hci_conn *conn;
2815
9f1db00c 2816 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2817
2818 hci_dev_lock(hdev);
2819
2820 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2821 if (conn) {
2822 if (!ev->status) {
2823 if (ev->role)
2824 conn->link_mode &= ~HCI_LM_MASTER;
2825 else
2826 conn->link_mode |= HCI_LM_MASTER;
2827 }
2828
51a8efd7 2829 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2830
2831 hci_role_switch_cfm(conn, ev->status, ev->role);
2832 }
2833
2834 hci_dev_unlock(hdev);
2835}
2836
6039aa73 2837static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2838{
2839 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2840 int i;
2841
32ac5b9b
AE		 2842 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2843 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2844 return;
2845 }
2846
c5993de8 2847 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2848 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2849 BT_DBG("%s bad parameters", hdev->name);
2850 return;
2851 }
2852
c5993de8
AE		 2853 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2854
613a1c0c
AE		 2855 for (i = 0; i < ev->num_hndl; i++) {
2856 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2857 struct hci_conn *conn;
2858 __u16 handle, count;
2859
613a1c0c
AE		 2860 handle = __le16_to_cpu(info->handle);
2861 count = __le16_to_cpu(info->count);
a9de9248
MH		 2862
2863 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2864 if (!conn)
2865 continue;
2866
2867 conn->sent -= count;
2868
2869 switch (conn->type) {
2870 case ACL_LINK:
2871 hdev->acl_cnt += count;
2872 if (hdev->acl_cnt > hdev->acl_pkts)
2873 hdev->acl_cnt = hdev->acl_pkts;
2874 break;
2875
2876 case LE_LINK:
2877 if (hdev->le_pkts) {
2878 hdev->le_cnt += count;
2879 if (hdev->le_cnt > hdev->le_pkts)
2880 hdev->le_cnt = hdev->le_pkts;
2881 } else {
70f23020
AE		 2882 hdev->acl_cnt += count;
2883 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2884 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2885 }
f4280918
AE		 2886 break;
2887
2888 case SCO_LINK:
2889 hdev->sco_cnt += count;
2890 if (hdev->sco_cnt > hdev->sco_pkts)
2891 hdev->sco_cnt = hdev->sco_pkts;
2892 break;
2893
2894 default:
2895 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2896 break;
a9de9248
MH		 2897 }
2898 }
2899
3eff45ea 2900 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2901}
2902
76ef7cf7
AE		 2903static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2904 __u16 handle)
2905{
2906 struct hci_chan *chan;
2907
2908 switch (hdev->dev_type) {
2909 case HCI_BREDR:
2910 return hci_conn_hash_lookup_handle(hdev, handle);
2911 case HCI_AMP:
2912 chan = hci_chan_lookup_handle(hdev, handle);
2913 if (chan)
2914 return chan->conn;
2915 break;
2916 default:
2917 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2918 break;
2919 }
2920
2921 return NULL;
2922}
2923
6039aa73 2924static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2925{
2926 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2927 int i;
2928
2929 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2930 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2931 return;
2932 }
2933
2934 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2935 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2936 BT_DBG("%s bad parameters", hdev->name);
2937 return;
2938 }
2939
2940 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2941 ev->num_hndl);
25e89e99
AE		 2942
2943 for (i = 0; i < ev->num_hndl; i++) {
2944 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2945 struct hci_conn *conn = NULL;
25e89e99
AE		 2946 __u16 handle, block_count;
2947
2948 handle = __le16_to_cpu(info->handle);
2949 block_count = __le16_to_cpu(info->blocks);
2950
76ef7cf7 2951 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2952 if (!conn)
2953 continue;
2954
2955 conn->sent -= block_count;
2956
2957 switch (conn->type) {
2958 case ACL_LINK:
bd1eb66b 2959 case AMP_LINK:
25e89e99
AE		 2960 hdev->block_cnt += block_count;
2961 if (hdev->block_cnt > hdev->num_blocks)
2962 hdev->block_cnt = hdev->num_blocks;
2963 break;
2964
2965 default:
2966 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2967 break;
2968 }
2969 }
2970
2971 queue_work(hdev->workqueue, &hdev->tx_work);
2972}
2973
6039aa73 2974static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2975{
a9de9248 2976 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2977 struct hci_conn *conn;
2978
9f1db00c 2979 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2980
2981 hci_dev_lock(hdev);
2982
2983 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2984 if (conn) {
2985 conn->mode = ev->mode;
2986 conn->interval = __le16_to_cpu(ev->interval);
2987
8fc9ced3
GP		 2988 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2989 &conn->flags)) {
a9de9248 2990 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2991 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2992 else
58a681ef 2993 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2994 }
e73439d8 2995
51a8efd7 2996 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2997 hci_sco_setup(conn, ev->status);
04837f64
MH		 2998 }
2999
3000 hci_dev_unlock(hdev);
3001}
3002
6039aa73 3003static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3004{
052b30b0
MH		 3005 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3006 struct hci_conn *conn;
3007
a9de9248 3008 BT_DBG("%s", hdev->name);
052b30b0
MH		 3009
3010 hci_dev_lock(hdev);
3011
3012 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3013 if (!conn)
3014 goto unlock;
3015
3016 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3017 hci_conn_hold(conn);
3018 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3019 hci_conn_put(conn);
3020 }
3021
a8b2d5c2 3022 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3023 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3024 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3025 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3026 u8 secure;
3027
3028 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3029 secure = 1;
3030 else
3031 secure = 0;
3032
744cf19e 3033 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3034 }
980e1a53 3035
b6f98044 3036unlock:
052b30b0 3037 hci_dev_unlock(hdev);
a9de9248
MH		 3038}
3039
6039aa73 3040static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3041{
55ed8ca1
JH		 3042 struct hci_ev_link_key_req *ev = (void *) skb->data;
3043 struct hci_cp_link_key_reply cp;
3044 struct hci_conn *conn;
3045 struct link_key *key;
3046
a9de9248 3047 BT_DBG("%s", hdev->name);
55ed8ca1 3048
a8b2d5c2 3049 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 3050 return;
3051
3052 hci_dev_lock(hdev);
3053
3054 key = hci_find_link_key(hdev, &ev->bdaddr);
3055 if (!key) {
6ed93dc6
AE		 3056 BT_DBG("%s link key not found for %pMR", hdev->name,
3057 &ev->bdaddr);
55ed8ca1
JH		 3058 goto not_found;
3059 }
3060
6ed93dc6
AE		 3061 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3062 &ev->bdaddr);
55ed8ca1 3063
a8b2d5c2 3064 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3065 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3066 BT_DBG("%s ignoring debug key", hdev->name);
3067 goto not_found;
3068 }
3069
3070 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 3071 if (conn) {
3072 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 3073 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3074 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3075 goto not_found;
3076 }
55ed8ca1 3077
60b83f57 3078 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 3079 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 3080 BT_DBG("%s ignoring key unauthenticated for high security",
3081 hdev->name);
60b83f57
WR		 3082 goto not_found;
3083 }
3084
3085 conn->key_type = key->type;
3086 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3087 }
3088
3089 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3090 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3091
3092 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3093
3094 hci_dev_unlock(hdev);
3095
3096 return;
3097
3098not_found:
3099 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3100 hci_dev_unlock(hdev);
a9de9248
MH		 3101}
3102
6039aa73 3103static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3104{
052b30b0
MH		 3105 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3106 struct hci_conn *conn;
55ed8ca1 3107 u8 pin_len = 0;
052b30b0 3108
a9de9248 3109 BT_DBG("%s", hdev->name);
052b30b0
MH		 3110
3111 hci_dev_lock(hdev);
3112
3113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3114 if (conn) {
3115 hci_conn_hold(conn);
3116 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3117 pin_len = conn->pin_length;
13d39315
WR		 3118
3119 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3120 conn->key_type = ev->key_type;
3121
052b30b0
MH		 3122 hci_conn_put(conn);
3123 }
3124
a8b2d5c2 3125 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3126 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3127 ev->key_type, pin_len);
55ed8ca1 3128
052b30b0 3129 hci_dev_unlock(hdev);
a9de9248
MH		 3130}
3131
6039aa73 3132static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3133{
a9de9248 3134 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3135 struct hci_conn *conn;
1da177e4 3136
9f1db00c 3137 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3138
3139 hci_dev_lock(hdev);
3140
04837f64 3141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3142 if (conn && !ev->status) {
3143 struct inquiry_entry *ie;
3144
cc11b9c1
AE		 3145 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3146 if (ie) {
1da177e4
LT		 3147 ie->data.clock_offset = ev->clock_offset;
3148 ie->timestamp = jiffies;
3149 }
3150 }
3151
3152 hci_dev_unlock(hdev);
3153}
3154
6039aa73 3155static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3156{
3157 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3158 struct hci_conn *conn;
3159
9f1db00c 3160 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3161
3162 hci_dev_lock(hdev);
3163
3164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3165 if (conn && !ev->status)
3166 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3167
3168 hci_dev_unlock(hdev);
3169}
3170
6039aa73 3171static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3172{
a9de9248 3173 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3174 struct inquiry_entry *ie;
3175
3176 BT_DBG("%s", hdev->name);
3177
3178 hci_dev_lock(hdev);
3179
cc11b9c1
AE		 3180 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3181 if (ie) {
85a1e930
MH		 3182 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3183 ie->timestamp = jiffies;
3184 }
3185
3186 hci_dev_unlock(hdev);
3187}
3188
6039aa73
GP		 3189static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3190 struct sk_buff *skb)
a9de9248
MH		 3191{
3192 struct inquiry_data data;
3193 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3194 bool name_known, ssp;
a9de9248
MH		 3195
3196 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3197
3198 if (!num_rsp)
3199 return;
3200
1519cc17
AG		 3201 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3202 return;
3203
a9de9248
MH		 3204 hci_dev_lock(hdev);
3205
3206 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3207 struct inquiry_info_with_rssi_and_pscan_mode *info;
3208 info = (void *) (skb->data + 1);
a9de9248 3209
e17acd40 3210 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3211 bacpy(&data.bdaddr, &info->bdaddr);
3212 data.pscan_rep_mode = info->pscan_rep_mode;
3213 data.pscan_period_mode = info->pscan_period_mode;
3214 data.pscan_mode = info->pscan_mode;
3215 memcpy(data.dev_class, info->dev_class, 3);
3216 data.clock_offset = info->clock_offset;
3217 data.rssi = info->rssi;
41a96212 3218 data.ssp_mode = 0x00;
3175405b
JH		 3219
3220 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3221 false, &ssp);
48264f06 3222 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3223 info->dev_class, info->rssi,
3224 !name_known, ssp, NULL, 0);
a9de9248
MH		 3225 }
3226 } else {
3227 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3228
e17acd40 3229 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3230 bacpy(&data.bdaddr, &info->bdaddr);
3231 data.pscan_rep_mode = info->pscan_rep_mode;
3232 data.pscan_period_mode = info->pscan_period_mode;
3233 data.pscan_mode = 0x00;
3234 memcpy(data.dev_class, info->dev_class, 3);
3235 data.clock_offset = info->clock_offset;
3236 data.rssi = info->rssi;
41a96212 3237 data.ssp_mode = 0x00;
3175405b 3238 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3239 false, &ssp);
48264f06 3240 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3241 info->dev_class, info->rssi,
3242 !name_known, ssp, NULL, 0);
a9de9248
MH		 3243 }
3244 }
3245
3246 hci_dev_unlock(hdev);
3247}
3248
6039aa73
GP		 3249static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3250 struct sk_buff *skb)
a9de9248 3251{
41a96212
MH		 3252 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3253 struct hci_conn *conn;
3254
a9de9248 3255 BT_DBG("%s", hdev->name);
41a96212 3256
41a96212
MH		 3257 hci_dev_lock(hdev);
3258
3259 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3260 if (!conn)
3261 goto unlock;
41a96212 3262
ccd556fe
JH		 3263 if (!ev->status && ev->page == 0x01) {
3264 struct inquiry_entry *ie;
41a96212 3265
cc11b9c1
AE		 3266 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3267 if (ie)
02b7cc62 3268 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3269
02b7cc62 3270 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3271 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3272 }
3273
3274 if (conn->state != BT_CONFIG)
3275 goto unlock;
3276
671267bf 3277 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3278 struct hci_cp_remote_name_req cp;
3279 memset(&cp, 0, sizeof(cp));
3280 bacpy(&cp.bdaddr, &conn->dst);
3281 cp.pscan_rep_mode = 0x02;
3282 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3283 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3284 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3285 conn->dst_type, 0, NULL, 0,
3286 conn->dev_class);
392599b9 3287
127178d2 3288 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3289 conn->state = BT_CONNECTED;
3290 hci_proto_connect_cfm(conn, ev->status);
3291 hci_conn_put(conn);
41a96212
MH		 3292 }
3293
ccd556fe 3294unlock:
41a96212 3295 hci_dev_unlock(hdev);
a9de9248
MH		 3296}
3297
6039aa73
GP		 3298static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3299 struct sk_buff *skb)
a9de9248 3300{
b6a0dc82
MH		 3301 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3302 struct hci_conn *conn;
3303
9f1db00c 3304 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3305
3306 hci_dev_lock(hdev);
3307
3308 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3309 if (!conn) {
3310 if (ev->link_type == ESCO_LINK)
3311 goto unlock;
3312
3313 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3314 if (!conn)
3315 goto unlock;
3316
3317 conn->type = SCO_LINK;
3318 }
b6a0dc82 3319
732547f9
MH		 3320 switch (ev->status) {
3321 case 0x00:
b6a0dc82
MH		 3322 conn->handle = __le16_to_cpu(ev->handle);
3323 conn->state = BT_CONNECTED;
7d0db0a3 3324
9eba32b8 3325 hci_conn_hold_device(conn);
7d0db0a3 3326 hci_conn_add_sysfs(conn);
732547f9
MH		 3327 break;
3328
705e5711 3329 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3330 case 0x1c: /* SCO interval rejected */
1038a00b 3331 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3332 case 0x1f: /* Unspecified error */
3333 if (conn->out && conn->attempt < 2) {
3334 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3335 (hdev->esco_type & EDR_ESCO_MASK);
3336 hci_setup_sync(conn, conn->link->handle);
3337 goto unlock;
3338 }
3339 /* fall through */
3340
3341 default:
b6a0dc82 3342 conn->state = BT_CLOSED;
732547f9
MH		 3343 break;
3344 }
b6a0dc82
MH		 3345
3346 hci_proto_connect_cfm(conn, ev->status);
3347 if (ev->status)
3348 hci_conn_del(conn);
3349
3350unlock:
3351 hci_dev_unlock(hdev);
a9de9248
MH		 3352}
3353
6039aa73 3354static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3355{
3356 BT_DBG("%s", hdev->name);
3357}
3358
6039aa73 3359static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3360{
a9de9248 3361 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3362
9f1db00c 3363 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3364}
3365
6039aa73
GP		 3366static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3367 struct sk_buff *skb)
1da177e4 3368{
a9de9248
MH		 3369 struct inquiry_data data;
3370 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3371 int num_rsp = *((__u8 *) skb->data);
9d939d94 3372 size_t eir_len;
1da177e4 3373
a9de9248 3374 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3375
a9de9248
MH		 3376 if (!num_rsp)
3377 return;
1da177e4 3378
1519cc17
AG		 3379 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3380 return;
3381
a9de9248
MH		 3382 hci_dev_lock(hdev);
3383
e17acd40 3384 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3385 bool name_known, ssp;
561aafbc 3386
a9de9248 3387 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3388 data.pscan_rep_mode = info->pscan_rep_mode;
3389 data.pscan_period_mode = info->pscan_period_mode;
3390 data.pscan_mode = 0x00;
a9de9248 3391 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3392 data.clock_offset = info->clock_offset;
3393 data.rssi = info->rssi;
41a96212 3394 data.ssp_mode = 0x01;
561aafbc 3395
a8b2d5c2 3396 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3397 name_known = eir_has_data_type(info->data,
04124681
GP		 3398 sizeof(info->data),
3399 EIR_NAME_COMPLETE);
561aafbc
JH		 3400 else
3401 name_known = true;
3402
388fc8fa 3403 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3404 &ssp);
9d939d94 3405 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3406 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3407 info->dev_class, info->rssi, !name_known,
9d939d94 3408 ssp, info->data, eir_len);
a9de9248
MH		 3409 }
3410
3411 hci_dev_unlock(hdev);
3412}
1da177e4 3413
1c2e0041
JH		 3414static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3415 struct sk_buff *skb)
3416{
3417 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3418 struct hci_conn *conn;
3419
9f1db00c 3420 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3421 __le16_to_cpu(ev->handle));
3422
3423 hci_dev_lock(hdev);
3424
3425 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3426 if (!conn)
3427 goto unlock;
3428
3429 if (!ev->status)
3430 conn->sec_level = conn->pending_sec_level;
3431
3432 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3433
3434 if (ev->status && conn->state == BT_CONNECTED) {
3435 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3436 hci_conn_put(conn);
3437 goto unlock;
3438 }
3439
3440 if (conn->state == BT_CONFIG) {
3441 if (!ev->status)
3442 conn->state = BT_CONNECTED;
3443
3444 hci_proto_connect_cfm(conn, ev->status);
3445 hci_conn_put(conn);
3446 } else {
3447 hci_auth_cfm(conn, ev->status);
3448
3449 hci_conn_hold(conn);
3450 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3451 hci_conn_put(conn);
3452 }
3453
3454unlock:
3455 hci_dev_unlock(hdev);
3456}
3457
6039aa73 3458static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3459{
3460 /* If remote requests dedicated bonding follow that lead */
3461 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3462 /* If both remote and local IO capabilities allow MITM
3463 * protection then require it, otherwise don't */
3464 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3465 return 0x02;
3466 else
3467 return 0x03;
3468 }
3469
3470 /* If remote requests no-bonding follow that lead */
3471 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3472 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3473
3474 return conn->auth_type;
3475}
3476
6039aa73 3477static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3478{
3479 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3480 struct hci_conn *conn;
3481
3482 BT_DBG("%s", hdev->name);
3483
3484 hci_dev_lock(hdev);
3485
3486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3487 if (!conn)
3488 goto unlock;
3489
3490 hci_conn_hold(conn);
3491
a8b2d5c2 3492 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3493 goto unlock;
3494
a8b2d5c2 3495 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3496 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3497 struct hci_cp_io_capability_reply cp;
3498
3499 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3500 /* Change the IO capability from KeyboardDisplay
3501 * to DisplayYesNo as it is not supported by BT spec. */
3502 cp.capability = (conn->io_capability == 0x04) ?
3503 0x01 : conn->io_capability;
7cbc9bd9
JH		 3504 conn->auth_type = hci_get_auth_req(conn);
3505 cp.authentication = conn->auth_type;
17fa4b9d 3506
8fc9ced3
GP		 3507 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3508 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3509 cp.oob_data = 0x01;
3510 else
3511 cp.oob_data = 0x00;
3512
17fa4b9d 3513 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3514 sizeof(cp), &cp);
03b555e1
JH		 3515 } else {
3516 struct hci_cp_io_capability_neg_reply cp;
3517
3518 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3519 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3520
03b555e1 3521 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3522 sizeof(cp), &cp);
03b555e1
JH		 3523 }
3524
3525unlock:
3526 hci_dev_unlock(hdev);
3527}
3528
6039aa73 3529static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3530{
3531 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3532 struct hci_conn *conn;
3533
3534 BT_DBG("%s", hdev->name);
3535
3536 hci_dev_lock(hdev);
3537
3538 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3539 if (!conn)
3540 goto unlock;
3541
03b555e1 3542 conn->remote_cap = ev->capability;
03b555e1 3543 conn->remote_auth = ev->authentication;
58a681ef
JH		 3544 if (ev->oob_data)
3545 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3546
3547unlock:
0493684e
MH		 3548 hci_dev_unlock(hdev);
3549}
3550
6039aa73
GP		 3551static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3552 struct sk_buff *skb)
a5c29683
JH		 3553{
3554 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3555 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3556 struct hci_conn *conn;
a5c29683
JH		 3557
3558 BT_DBG("%s", hdev->name);
3559
3560 hci_dev_lock(hdev);
3561
a8b2d5c2 3562 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3563 goto unlock;
a5c29683 3564
7a828908
JH		 3565 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3566 if (!conn)
3567 goto unlock;
3568
3569 loc_mitm = (conn->auth_type & 0x01);
3570 rem_mitm = (conn->remote_auth & 0x01);
3571
3572 /* If we require MITM but the remote device can't provide that
3573 * (it has NoInputNoOutput) then reject the confirmation
3574 * request. The only exception is when we're dedicated bonding
3575 * initiators (connect_cfm_cb set) since then we always have the MITM
3576 * bit set. */
3577 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3578 BT_DBG("Rejecting request: remote device can't provide MITM");
3579 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3580 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3581 goto unlock;
3582 }
3583
3584 /* If no side requires MITM protection; auto-accept */
3585 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3586 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3587
3588 /* If we're not the initiators request authorization to
3589 * proceed from user space (mgmt_user_confirm with
3590 * confirm_hint set to 1). */
51a8efd7 3591 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3592 BT_DBG("Confirming auto-accept as acceptor");
3593 confirm_hint = 1;
3594 goto confirm;
3595 }
3596
9f61656a 3597 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3598 hdev->auto_accept_delay);
9f61656a
JH		 3599
3600 if (hdev->auto_accept_delay > 0) {
3601 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3602 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3603 goto unlock;
3604 }
3605
7a828908 3606 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3607 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3608 goto unlock;
3609 }
3610
55bc1a37 3611confirm:
272d90df 3612 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3613 confirm_hint);
7a828908
JH		 3614
3615unlock:
a5c29683
JH		 3616 hci_dev_unlock(hdev);
3617}
3618
6039aa73
GP		 3619static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3620 struct sk_buff *skb)
1143d458
BG		 3621{
3622 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3623
3624 BT_DBG("%s", hdev->name);
3625
a8b2d5c2 3626 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3627 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3628}
3629
92a25256
JH		 3630static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3631 struct sk_buff *skb)
3632{
3633 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3634 struct hci_conn *conn;
3635
3636 BT_DBG("%s", hdev->name);
3637
3638 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3639 if (!conn)
3640 return;
3641
3642 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3643 conn->passkey_entered = 0;
3644
3645 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3646 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3647 conn->dst_type, conn->passkey_notify,
3648 conn->passkey_entered);
3649}
3650
3651static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3652{
3653 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3654 struct hci_conn *conn;
3655
3656 BT_DBG("%s", hdev->name);
3657
3658 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3659 if (!conn)
3660 return;
3661
3662 switch (ev->type) {
3663 case HCI_KEYPRESS_STARTED:
3664 conn->passkey_entered = 0;
3665 return;
3666
3667 case HCI_KEYPRESS_ENTERED:
3668 conn->passkey_entered++;
3669 break;
3670
3671 case HCI_KEYPRESS_ERASED:
3672 conn->passkey_entered--;
3673 break;
3674
3675 case HCI_KEYPRESS_CLEARED:
3676 conn->passkey_entered = 0;
3677 break;
3678
3679 case HCI_KEYPRESS_COMPLETED:
3680 return;
3681 }
3682
3683 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3684 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3685 conn->dst_type, conn->passkey_notify,
3686 conn->passkey_entered);
3687}
3688
6039aa73
GP		 3689static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3690 struct sk_buff *skb)
0493684e
MH		 3691{
3692 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3693 struct hci_conn *conn;
3694
3695 BT_DBG("%s", hdev->name);
3696
3697 hci_dev_lock(hdev);
3698
3699 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3700 if (!conn)
3701 goto unlock;
3702
3703 /* To avoid duplicate auth_failed events to user space we check
3704 * the HCI_CONN_AUTH_PEND flag which will be set if we
3705 * initiated the authentication. A traditional auth_complete
3706 * event gets always produced as initiator and is also mapped to
3707 * the mgmt_auth_failed event */
fa1bd918 3708 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3709 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3710 ev->status);
0493684e 3711
2a611692
JH		 3712 hci_conn_put(conn);
3713
3714unlock:
0493684e
MH		 3715 hci_dev_unlock(hdev);
3716}
3717
6039aa73
GP		 3718static void hci_remote_host_features_evt(struct hci_dev *hdev,
3719 struct sk_buff *skb)
41a96212
MH		 3720{
3721 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3722 struct inquiry_entry *ie;
3723
3724 BT_DBG("%s", hdev->name);
3725
3726 hci_dev_lock(hdev);
3727
cc11b9c1
AE		 3728 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3729 if (ie)
02b7cc62 3730 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3731
3732 hci_dev_unlock(hdev);
3733}
3734
6039aa73
GP		 3735static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3736 struct sk_buff *skb)
2763eda6
SJ		 3737{
3738 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3739 struct oob_data *data;
3740
3741 BT_DBG("%s", hdev->name);
3742
3743 hci_dev_lock(hdev);
3744
a8b2d5c2 3745 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3746 goto unlock;
3747
2763eda6
SJ		 3748 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3749 if (data) {
3750 struct hci_cp_remote_oob_data_reply cp;
3751
3752 bacpy(&cp.bdaddr, &ev->bdaddr);
3753 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3754 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3755
3756 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3757 &cp);
2763eda6
SJ		 3758 } else {
3759 struct hci_cp_remote_oob_data_neg_reply cp;
3760
3761 bacpy(&cp.bdaddr, &ev->bdaddr);
3762 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3763 &cp);
2763eda6
SJ		 3764 }
3765
e1ba1f15 3766unlock:
2763eda6
SJ		 3767 hci_dev_unlock(hdev);
3768}
3769
d5e91192
AE		 3770static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3771 struct sk_buff *skb)
3772{
3773 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3774 struct hci_conn *hcon, *bredr_hcon;
3775
3776 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3777 ev->status);
3778
3779 hci_dev_lock(hdev);
3780
3781 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3782 if (!hcon) {
3783 hci_dev_unlock(hdev);
3784 return;
3785 }
3786
3787 if (ev->status) {
3788 hci_conn_del(hcon);
3789 hci_dev_unlock(hdev);
3790 return;
3791 }
3792
3793 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3794
3795 hcon->state = BT_CONNECTED;
3796 bacpy(&hcon->dst, &bredr_hcon->dst);
3797
3798 hci_conn_hold(hcon);
3799 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3800 hci_conn_put(hcon);
3801
3802 hci_conn_hold_device(hcon);
3803 hci_conn_add_sysfs(hcon);
3804
cf70ff22 3805 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3806
cf70ff22 3807 hci_dev_unlock(hdev);
d5e91192
AE		 3808}
3809
27695fb4
AE		 3810static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3811{
3812 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3813 struct hci_conn *hcon;
3814 struct hci_chan *hchan;
3815 struct amp_mgr *mgr;
3816
3817 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3818 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3819 ev->status);
3820
3821 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3822 if (!hcon)
3823 return;
3824
3825 /* Create AMP hchan */
3826 hchan = hci_chan_create(hcon);
3827 if (!hchan)
3828 return;
3829
3830 hchan->handle = le16_to_cpu(ev->handle);
3831
3832 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3833
3834 mgr = hcon->amp_mgr;
3835 if (mgr && mgr->bredr_chan) {
3836 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3837
3838 l2cap_chan_lock(bredr_chan);
3839
3840 bredr_chan->conn->mtu = hdev->block_mtu;
3841 l2cap_logical_cfm(bredr_chan, hchan, 0);
3842 hci_conn_hold(hcon);
3843
3844 l2cap_chan_unlock(bredr_chan);
3845 }
3846}
3847
606e2a10
AE		 3848static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3849 struct sk_buff *skb)
3850{
3851 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3852 struct hci_chan *hchan;
3853
3854 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3855 le16_to_cpu(ev->handle), ev->status);
3856
3857 if (ev->status)
3858 return;
3859
3860 hci_dev_lock(hdev);
3861
3862 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3863 if (!hchan)
3864 goto unlock;
3865
3866 amp_destroy_logical_link(hchan, ev->reason);
3867
3868unlock:
3869 hci_dev_unlock(hdev);
3870}
3871
9eef6b3a
AE		 3872static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3873 struct sk_buff *skb)
3874{
3875 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3876 struct hci_conn *hcon;
3877
3878 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3879
3880 if (ev->status)
3881 return;
3882
3883 hci_dev_lock(hdev);
3884
3885 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3886 if (hcon) {
3887 hcon->state = BT_CLOSED;
3888 hci_conn_del(hcon);
3889 }
3890
3891 hci_dev_unlock(hdev);
3892}
3893
6039aa73 3894static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3895{
3896 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3897 struct hci_conn *conn;
3898
9f1db00c 3899 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3900
3901 hci_dev_lock(hdev);
3902
b47a09b3 3903 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3904 if (!conn) {
3905 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3906 if (!conn) {
3907 BT_ERR("No memory for new connection");
230fd16a 3908 goto unlock;
b62f328b 3909 }
29b7988a
AG		 3910
3911 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3912
3913 if (ev->role == LE_CONN_ROLE_MASTER) {
3914 conn->out = true;
3915 conn->link_mode |= HCI_LM_MASTER;
3916 }
b62f328b 3917 }
fcd89c09 3918
cd17decb
AG		 3919 if (ev->status) {
3920 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3921 conn->dst_type, ev->status);
3922 hci_proto_connect_cfm(conn, ev->status);
3923 conn->state = BT_CLOSED;
3924 hci_conn_del(conn);
3925 goto unlock;
3926 }
3927
b644ba33
JH		 3928 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3929 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3930 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3931
7b5c0d52 3932 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3933 conn->handle = __le16_to_cpu(ev->handle);
3934 conn->state = BT_CONNECTED;
3935
3936 hci_conn_hold_device(conn);
3937 hci_conn_add_sysfs(conn);
3938
3939 hci_proto_connect_cfm(conn, ev->status);
3940
3941unlock:
3942 hci_dev_unlock(hdev);
3943}
3944
6039aa73 3945static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3946{
e95beb41
AG		 3947 u8 num_reports = skb->data[0];
3948 void *ptr = &skb->data[1];
3c9e9195 3949 s8 rssi;
9aa04c91
AG		 3950
3951 hci_dev_lock(hdev);
3952
e95beb41
AG		 3953 while (num_reports--) {
3954 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3955
3c9e9195
AG		 3956 rssi = ev->data[ev->length];
3957 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3958 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3959
e95beb41 3960 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3961 }
3962
3963 hci_dev_unlock(hdev);
3964}
3965
6039aa73 3966static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3967{
3968 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3969 struct hci_cp_le_ltk_reply cp;
bea710fe 3970 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3971 struct hci_conn *conn;
c9839a11 3972 struct smp_ltk *ltk;
a7a595f6 3973
9f1db00c 3974 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3975
3976 hci_dev_lock(hdev);
3977
3978 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3979 if (conn == NULL)
3980 goto not_found;
a7a595f6 3981
bea710fe
VCG		 3982 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3983 if (ltk == NULL)
3984 goto not_found;
3985
3986 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3987 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3988
3989 if (ltk->authenticated)
3990 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3991
3992 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3993
c9839a11
VCG		 3994 if (ltk->type & HCI_SMP_STK) {
3995 list_del(&ltk->list);
3996 kfree(ltk);
3997 }
3998
a7a595f6 3999 hci_dev_unlock(hdev);
bea710fe
VCG		 4000
4001 return;
4002
4003not_found:
4004 neg.handle = ev->handle;
4005 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4006 hci_dev_unlock(hdev);
a7a595f6
VCG		 4007}
4008
6039aa73 4009static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4010{
4011 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4012
4013 skb_pull(skb, sizeof(*le_ev));
4014
4015 switch (le_ev->subevent) {
4016 case HCI_EV_LE_CONN_COMPLETE:
4017 hci_le_conn_complete_evt(hdev, skb);
4018 break;
4019
9aa04c91
AG		 4020 case HCI_EV_LE_ADVERTISING_REPORT:
4021 hci_le_adv_report_evt(hdev, skb);
4022 break;
4023
a7a595f6
VCG		 4024 case HCI_EV_LE_LTK_REQ:
4025 hci_le_ltk_request_evt(hdev, skb);
4026 break;
4027
fcd89c09
VT		 4028 default:
4029 break;
4030 }
4031}
4032
9495b2ee
AE		 4033static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4034{
4035 struct hci_ev_channel_selected *ev = (void *) skb->data;
4036 struct hci_conn *hcon;
4037
4038 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4039
4040 skb_pull(skb, sizeof(*ev));
4041
4042 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4043 if (!hcon)
4044 return;
4045
4046 amp_read_loc_assoc_final_data(hdev, hcon);
4047}
4048
a9de9248
MH		 4049void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4050{
4051 struct hci_event_hdr *hdr = (void *) skb->data;
4052 __u8 event = hdr->evt;
4053
4054 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4055
4056 switch (event) {
1da177e4
LT		 4057 case HCI_EV_INQUIRY_COMPLETE:
4058 hci_inquiry_complete_evt(hdev, skb);
4059 break;
4060
4061 case HCI_EV_INQUIRY_RESULT:
4062 hci_inquiry_result_evt(hdev, skb);
4063 break;
4064
a9de9248
MH		 4065 case HCI_EV_CONN_COMPLETE:
4066 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4067 break;
4068
1da177e4
LT		 4069 case HCI_EV_CONN_REQUEST:
4070 hci_conn_request_evt(hdev, skb);
4071 break;
4072
1da177e4
LT		 4073 case HCI_EV_DISCONN_COMPLETE:
4074 hci_disconn_complete_evt(hdev, skb);
4075 break;
4076
1da177e4
LT		 4077 case HCI_EV_AUTH_COMPLETE:
4078 hci_auth_complete_evt(hdev, skb);
4079 break;
4080
a9de9248
MH		 4081 case HCI_EV_REMOTE_NAME:
4082 hci_remote_name_evt(hdev, skb);
4083 break;
4084
1da177e4
LT		 4085 case HCI_EV_ENCRYPT_CHANGE:
4086 hci_encrypt_change_evt(hdev, skb);
4087 break;
4088
a9de9248
MH		 4089 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4090 hci_change_link_key_complete_evt(hdev, skb);
4091 break;
4092
4093 case HCI_EV_REMOTE_FEATURES:
4094 hci_remote_features_evt(hdev, skb);
4095 break;
4096
4097 case HCI_EV_REMOTE_VERSION:
4098 hci_remote_version_evt(hdev, skb);
4099 break;
4100
4101 case HCI_EV_QOS_SETUP_COMPLETE:
4102 hci_qos_setup_complete_evt(hdev, skb);
4103 break;
4104
4105 case HCI_EV_CMD_COMPLETE:
4106 hci_cmd_complete_evt(hdev, skb);
4107 break;
4108
4109 case HCI_EV_CMD_STATUS:
4110 hci_cmd_status_evt(hdev, skb);
4111 break;
4112
4113 case HCI_EV_ROLE_CHANGE:
4114 hci_role_change_evt(hdev, skb);
4115 break;
4116
4117 case HCI_EV_NUM_COMP_PKTS:
4118 hci_num_comp_pkts_evt(hdev, skb);
4119 break;
4120
4121 case HCI_EV_MODE_CHANGE:
4122 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4123 break;
4124
4125 case HCI_EV_PIN_CODE_REQ:
4126 hci_pin_code_request_evt(hdev, skb);
4127 break;
4128
4129 case HCI_EV_LINK_KEY_REQ:
4130 hci_link_key_request_evt(hdev, skb);
4131 break;
4132
4133 case HCI_EV_LINK_KEY_NOTIFY:
4134 hci_link_key_notify_evt(hdev, skb);
4135 break;
4136
4137 case HCI_EV_CLOCK_OFFSET:
4138 hci_clock_offset_evt(hdev, skb);
4139 break;
4140
a8746417
MH		 4141 case HCI_EV_PKT_TYPE_CHANGE:
4142 hci_pkt_type_change_evt(hdev, skb);
4143 break;
4144
85a1e930
MH		 4145 case HCI_EV_PSCAN_REP_MODE:
4146 hci_pscan_rep_mode_evt(hdev, skb);
4147 break;
4148
a9de9248
MH		 4149 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4150 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4151 break;
4152
a9de9248
MH		 4153 case HCI_EV_REMOTE_EXT_FEATURES:
4154 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4155 break;
4156
a9de9248
MH		 4157 case HCI_EV_SYNC_CONN_COMPLETE:
4158 hci_sync_conn_complete_evt(hdev, skb);
4159 break;
1da177e4 4160
a9de9248
MH		 4161 case HCI_EV_SYNC_CONN_CHANGED:
4162 hci_sync_conn_changed_evt(hdev, skb);
4163 break;
1da177e4 4164
a9de9248
MH		 4165 case HCI_EV_SNIFF_SUBRATE:
4166 hci_sniff_subrate_evt(hdev, skb);
4167 break;
1da177e4 4168
a9de9248
MH		 4169 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4170 hci_extended_inquiry_result_evt(hdev, skb);
4171 break;
1da177e4 4172
1c2e0041
JH		 4173 case HCI_EV_KEY_REFRESH_COMPLETE:
4174 hci_key_refresh_complete_evt(hdev, skb);
4175 break;
4176
0493684e
MH		 4177 case HCI_EV_IO_CAPA_REQUEST:
4178 hci_io_capa_request_evt(hdev, skb);
4179 break;
4180
03b555e1
JH		 4181 case HCI_EV_IO_CAPA_REPLY:
4182 hci_io_capa_reply_evt(hdev, skb);
4183 break;
4184
a5c29683
JH		 4185 case HCI_EV_USER_CONFIRM_REQUEST:
4186 hci_user_confirm_request_evt(hdev, skb);
4187 break;
4188
1143d458
BG		 4189 case HCI_EV_USER_PASSKEY_REQUEST:
4190 hci_user_passkey_request_evt(hdev, skb);
4191 break;
4192
92a25256
JH		 4193 case HCI_EV_USER_PASSKEY_NOTIFY:
4194 hci_user_passkey_notify_evt(hdev, skb);
4195 break;
4196
4197 case HCI_EV_KEYPRESS_NOTIFY:
4198 hci_keypress_notify_evt(hdev, skb);
4199 break;
4200
0493684e
MH		 4201 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4202 hci_simple_pair_complete_evt(hdev, skb);
4203 break;
4204
41a96212
MH		 4205 case HCI_EV_REMOTE_HOST_FEATURES:
4206 hci_remote_host_features_evt(hdev, skb);
4207 break;
4208
fcd89c09
VT		 4209 case HCI_EV_LE_META:
4210 hci_le_meta_evt(hdev, skb);
4211 break;
4212
9495b2ee
AE		 4213 case HCI_EV_CHANNEL_SELECTED:
4214 hci_chan_selected_evt(hdev, skb);
4215 break;
4216
2763eda6
SJ		 4217 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4218 hci_remote_oob_data_request_evt(hdev, skb);
4219 break;
4220
d5e91192
AE		 4221 case HCI_EV_PHY_LINK_COMPLETE:
4222 hci_phy_link_complete_evt(hdev, skb);
4223 break;
4224
27695fb4
AE		 4225 case HCI_EV_LOGICAL_LINK_COMPLETE:
4226 hci_loglink_complete_evt(hdev, skb);
4227 break;
4228
606e2a10
AE		 4229 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4230 hci_disconn_loglink_complete_evt(hdev, skb);
4231 break;
4232
9eef6b3a
AE		 4233 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4234 hci_disconn_phylink_complete_evt(hdev, skb);
4235 break;
4236
25e89e99
AE		 4237 case HCI_EV_NUM_COMP_BLOCKS:
4238 hci_num_comp_blocks_evt(hdev, skb);
4239 break;
4240
a9de9248 4241 default:
9f1db00c 4242 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4243 break;
4244 }
4245
4246 kfree_skb(skb);
4247 hdev->stat.evt_rx++;
4248}
kernel source for telekom puls (alcatel/mediatek)