projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix count parameter in get_connections reply
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
40#include <asm/system.h>
70f23020 41#include <linux/uaccess.h>
1da177e4
LT		 42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46
1da177e4
LT		 47/* Handle HCI Event packets */
48
a9de9248 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 50{
a9de9248 51 __u8 status = *((__u8 *) skb->data);
1da177e4 52
a9de9248 53 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 54
e6d465cb
AG		 55 if (status) {
56 hci_dev_lock(hdev);
57 mgmt_stop_discovery_failed(hdev, status);
58 hci_dev_unlock(hdev);
a9de9248 59 return;
e6d465cb 60 }
1da177e4 61
89352e7d
AG		 62 clear_bit(HCI_INQUIRY, &hdev->flags);
63
56e5cb86 64 hci_dev_lock(hdev);
ff9ef578 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 66 hci_dev_unlock(hdev);
6bd57416 67
23bb5763 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 69
70 hci_conn_check_pending(hdev);
71}
6bd57416 72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
a9de9248 77 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
a9de9248 138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
e4e8e37c
MH		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
23bb5763 182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
a9de9248 189 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
23bb5763 193 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 194
a297e97c
JH		 195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
a9de9248 197}
04837f64 198
a9de9248
MH		 199static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
200{
201 __u8 status = *((__u8 *) skb->data);
202 void *sent;
04837f64 203
a9de9248 204 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 205
a9de9248
MH		 206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
207 if (!sent)
208 return;
04837f64 209
56e5cb86
JH		 210 hci_dev_lock(hdev);
211
f51d5b24
JH		 212 if (test_bit(HCI_MGMT, &hdev->dev_flags))
213 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 214 else if (!status)
215 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 216
56e5cb86 217 hci_dev_unlock(hdev);
a9de9248
MH		 218}
219
220static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
221{
222 struct hci_rp_read_local_name *rp = (void *) skb->data;
223
224 BT_DBG("%s status 0x%x", hdev->name, rp->status);
225
226 if (rp->status)
227 return;
228
db99b5fc
JH		 229 if (test_bit(HCI_SETUP, &hdev->dev_flags))
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 231}
232
233static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 __u8 status = *((__u8 *) skb->data);
236 void *sent;
237
238 BT_DBG("%s status 0x%x", hdev->name, status);
239
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 if (!sent)
242 return;
243
244 if (!status) {
245 __u8 param = *((__u8 *) sent);
246
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
249 else
250 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 251 }
a9de9248 252
33ef95ed
JH		 253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
255
23bb5763 256 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 257}
258
a9de9248 259static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 260{
a9de9248 261 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 262 void *sent;
263
a9de9248 264 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 265
a9de9248
MH		 266 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
267 if (!sent)
268 return;
1da177e4 269
a9de9248
MH		 270 if (!status) {
271 __u8 param = *((__u8 *) sent);
272
273 if (param)
274 set_bit(HCI_ENCRYPT, &hdev->flags);
275 else
276 clear_bit(HCI_ENCRYPT, &hdev->flags);
277 }
1da177e4 278
23bb5763 279 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 280}
1da177e4 281
a9de9248
MH		 282static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283{
36f7fc7e
JH		 284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
a9de9248 286 void *sent;
1da177e4 287
a9de9248 288 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 289
a9de9248
MH		 290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
291 if (!sent)
292 return;
1da177e4 293
36f7fc7e
JH		 294 param = *((__u8 *) sent);
295
56e5cb86
JH		 296 hci_dev_lock(hdev);
297
2d7cee58 298 if (status != 0) {
744cf19e 299 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 300 hdev->discov_timeout = 0;
301 goto done;
302 }
303
36f7fc7e
JH		 304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
309 if (!old_iscan)
744cf19e 310 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
314 to);
315 }
36f7fc7e 316 } else if (old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 318
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
321 if (!old_pscan)
744cf19e 322 mgmt_connectable(hdev, 1);
36f7fc7e 323 } else if (old_pscan)
744cf19e 324 mgmt_connectable(hdev, 0);
1da177e4 325
36f7fc7e 326done:
56e5cb86 327 hci_dev_unlock(hdev);
23bb5763 328 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 329}
1da177e4 330
a9de9248
MH		 331static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332{
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 334
a9de9248 335 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 336
a9de9248
MH		 337 if (rp->status)
338 return;
1da177e4 339
a9de9248 340 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 341
a9de9248
MH		 342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
344}
1da177e4 345
a9de9248
MH		 346static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347{
348 __u8 status = *((__u8 *) skb->data);
349 void *sent;
1da177e4 350
a9de9248 351 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 352
a9de9248
MH		 353 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
354 if (!sent)
355 return;
1da177e4 356
7f9a903c
MH		 357 hci_dev_lock(hdev);
358
359 if (status == 0)
360 memcpy(hdev->dev_class, sent, 3);
361
362 if (test_bit(HCI_MGMT, &hdev->dev_flags))
363 mgmt_set_class_of_dev_complete(hdev, sent, status);
364
365 hci_dev_unlock(hdev);
a9de9248 366}
1da177e4 367
a9de9248
MH		 368static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369{
370 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
371 __u16 setting;
372
373 BT_DBG("%s status 0x%x", hdev->name, rp->status);
374
375 if (rp->status)
376 return;
377
378 setting = __le16_to_cpu(rp->voice_setting);
379
f383f275 380 if (hdev->voice_setting == setting)
a9de9248
MH		 381 return;
382
383 hdev->voice_setting = setting;
384
385 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
386
3c54711c 387 if (hdev->notify)
a9de9248 388 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 389}
390
391static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
392{
393 __u8 status = *((__u8 *) skb->data);
f383f275 394 __u16 setting;
a9de9248
MH		 395 void *sent;
396
397 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 398
f383f275
MH		 399 if (status)
400 return;
401
a9de9248
MH		 402 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
403 if (!sent)
404 return;
1da177e4 405
f383f275 406 setting = get_unaligned_le16(sent);
1da177e4 407
f383f275
MH		 408 if (hdev->voice_setting == setting)
409 return;
410
411 hdev->voice_setting = setting;
1da177e4 412
f383f275 413 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 414
3c54711c 415 if (hdev->notify)
f383f275 416 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 417}
418
a9de9248 419static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 420{
a9de9248 421 __u8 status = *((__u8 *) skb->data);
1da177e4 422
a9de9248 423 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 424
23bb5763 425 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 426}
1143e5a6 427
333140b5
MH		 428static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429{
430 __u8 status = *((__u8 *) skb->data);
431 void *sent;
432
433 BT_DBG("%s status 0x%x", hdev->name, status);
434
333140b5
MH		 435 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
436 if (!sent)
437 return;
438
ed2c4ee3 439 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 440 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
441 else if (!status) {
442 if (*((u8 *) sent))
443 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
444 else
445 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446 }
333140b5
MH		 447}
448
d5859e22
JH		 449static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
450{
451 if (hdev->features[6] & LMP_EXT_INQ)
452 return 2;
453
454 if (hdev->features[3] & LMP_RSSI_INQ)
455 return 1;
456
457 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
458 hdev->lmp_subver == 0x0757)
459 return 1;
460
461 if (hdev->manufacturer == 15) {
462 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
463 return 1;
464 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
465 return 1;
466 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
467 return 1;
468 }
469
470 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
471 hdev->lmp_subver == 0x1805)
472 return 1;
473
474 return 0;
475}
476
477static void hci_setup_inquiry_mode(struct hci_dev *hdev)
478{
479 u8 mode;
480
481 mode = hci_get_inquiry_mode(hdev);
482
483 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
484}
485
486static void hci_setup_event_mask(struct hci_dev *hdev)
487{
488 /* The second byte is 0xff instead of 0x9f (two reserved bits
489 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
490 * command otherwise */
491 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
492
6de6c18d
VT		 493 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
494 * any event mask for pre 1.2 devices */
5a13b095 495 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 496 return;
497
498 events[4] |= 0x01; /* Flow Specification Complete */
499 events[4] |= 0x02; /* Inquiry Result with RSSI */
500 events[4] |= 0x04; /* Read Remote Extended Features Complete */
501 events[5] |= 0x08; /* Synchronous Connection Complete */
502 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 503
504 if (hdev->features[3] & LMP_RSSI_INQ)
505 events[4] |= 0x04; /* Inquiry Result with RSSI */
506
507 if (hdev->features[5] & LMP_SNIFF_SUBR)
508 events[5] |= 0x20; /* Sniff Subrating */
509
510 if (hdev->features[5] & LMP_PAUSE_ENC)
511 events[5] |= 0x80; /* Encryption Key Refresh Complete */
512
513 if (hdev->features[6] & LMP_EXT_INQ)
514 events[5] |= 0x40; /* Extended Inquiry Result */
515
516 if (hdev->features[6] & LMP_NO_FLUSH)
517 events[7] |= 0x01; /* Enhanced Flush Complete */
518
519 if (hdev->features[7] & LMP_LSTO)
520 events[6] |= 0x80; /* Link Supervision Timeout Changed */
521
522 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
523 events[6] |= 0x01; /* IO Capability Request */
524 events[6] |= 0x02; /* IO Capability Response */
525 events[6] |= 0x04; /* User Confirmation Request */
526 events[6] |= 0x08; /* User Passkey Request */
527 events[6] |= 0x10; /* Remote OOB Data Request */
528 events[6] |= 0x20; /* Simple Pairing Complete */
529 events[7] |= 0x04; /* User Passkey Notification */
530 events[7] |= 0x08; /* Keypress Notification */
531 events[7] |= 0x10; /* Remote Host Supported
532 * Features Notification */
533 }
534
535 if (hdev->features[4] & LMP_LE)
536 events[7] |= 0x20; /* LE Meta-Event */
537
538 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
539}
540
e6100a25
AG		 541static void hci_set_le_support(struct hci_dev *hdev)
542{
543 struct hci_cp_write_le_host_supported cp;
544
545 memset(&cp, 0, sizeof(cp));
546
06199cf8 547 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
e6100a25
AG		 548 cp.le = 1;
549 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
550 }
551
552 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
553}
554
d5859e22
JH		 555static void hci_setup(struct hci_dev *hdev)
556{
e61ef499
AE		 557 if (hdev->dev_type != HCI_BREDR)
558 return;
559
d5859e22
JH		 560 hci_setup_event_mask(hdev);
561
d095c1eb 562 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 563 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
564
28cc7bde
JH		 565 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
566 test_bit(HCI_MGMT, &hdev->dev_flags)) {
567 struct hci_cp_write_local_name cp;
568
569 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
570 hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
571 }
572
54d04dbb
JH		 573 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
574 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
575 u8 mode = 0x01;
576 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
577 sizeof(mode), &mode);
578 } else {
579 struct hci_cp_write_eir cp;
580
581 memset(hdev->eir, 0, sizeof(hdev->eir));
582 memset(&cp, 0, sizeof(cp));
583
584 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
585 }
d5859e22
JH		 586 }
587
588 if (hdev->features[3] & LMP_RSSI_INQ)
589 hci_setup_inquiry_mode(hdev);
590
591 if (hdev->features[7] & LMP_INQ_TX_PWR)
592 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 593
594 if (hdev->features[7] & LMP_EXTFEATURES) {
595 struct hci_cp_read_local_ext_features cp;
596
597 cp.page = 0x01;
598 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
599 sizeof(cp), &cp);
600 }
e6100a25 601
47990ea0
JH		 602 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
603 u8 enable = 1;
604 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
605 sizeof(enable), &enable);
606 }
607
e6100a25
AG		 608 if (hdev->features[4] & LMP_LE)
609 hci_set_le_support(hdev);
d5859e22
JH		 610}
611
a9de9248
MH		 612static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
613{
614 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 615
a9de9248 616 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 617
a9de9248
MH		 618 if (rp->status)
619 return;
1143e5a6 620
a9de9248 621 hdev->hci_ver = rp->hci_ver;
e4e8e37c 622 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 623 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 624 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 625 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 626
a9de9248
MH		 627 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
628 hdev->manufacturer,
629 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 630
631 if (test_bit(HCI_INIT, &hdev->flags))
632 hci_setup(hdev);
633}
634
635static void hci_setup_link_policy(struct hci_dev *hdev)
636{
637 u16 link_policy = 0;
638
639 if (hdev->features[0] & LMP_RSWITCH)
640 link_policy |= HCI_LP_RSWITCH;
641 if (hdev->features[0] & LMP_HOLD)
642 link_policy |= HCI_LP_HOLD;
643 if (hdev->features[0] & LMP_SNIFF)
644 link_policy |= HCI_LP_SNIFF;
645 if (hdev->features[1] & LMP_PARK)
646 link_policy |= HCI_LP_PARK;
647
648 link_policy = cpu_to_le16(link_policy);
649 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
650 sizeof(link_policy), &link_policy);
a9de9248 651}
1da177e4 652
a9de9248
MH		 653static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
654{
655 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 656
a9de9248 657 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 658
a9de9248 659 if (rp->status)
d5859e22 660 goto done;
1da177e4 661
a9de9248 662 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 663
664 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
665 hci_setup_link_policy(hdev);
666
667done:
668 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 669}
1da177e4 670
a9de9248
MH		 671static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
672{
673 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 674
a9de9248 675 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 676
a9de9248
MH		 677 if (rp->status)
678 return;
5b7f9909 679
a9de9248 680 memcpy(hdev->features, rp->features, 8);
5b7f9909 681
a9de9248
MH		 682 /* Adjust default settings according to features
683 * supported by device. */
1da177e4 684
a9de9248
MH		 685 if (hdev->features[0] & LMP_3SLOT)
686 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 687
a9de9248
MH		 688 if (hdev->features[0] & LMP_5SLOT)
689 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 690
a9de9248
MH		 691 if (hdev->features[1] & LMP_HV2) {
692 hdev->pkt_type |= (HCI_HV2);
693 hdev->esco_type |= (ESCO_HV2);
694 }
1da177e4 695
a9de9248
MH		 696 if (hdev->features[1] & LMP_HV3) {
697 hdev->pkt_type |= (HCI_HV3);
698 hdev->esco_type |= (ESCO_HV3);
699 }
1da177e4 700
a9de9248
MH		 701 if (hdev->features[3] & LMP_ESCO)
702 hdev->esco_type |= (ESCO_EV3);
da1f5198 703
a9de9248
MH		 704 if (hdev->features[4] & LMP_EV4)
705 hdev->esco_type |= (ESCO_EV4);
da1f5198 706
a9de9248
MH		 707 if (hdev->features[4] & LMP_EV5)
708 hdev->esco_type |= (ESCO_EV5);
1da177e4 709
efc7688b
MH		 710 if (hdev->features[5] & LMP_EDR_ESCO_2M)
711 hdev->esco_type |= (ESCO_2EV3);
712
713 if (hdev->features[5] & LMP_EDR_ESCO_3M)
714 hdev->esco_type |= (ESCO_3EV3);
715
716 if (hdev->features[5] & LMP_EDR_3S_ESCO)
717 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
718
a9de9248
MH		 719 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
720 hdev->features[0], hdev->features[1],
721 hdev->features[2], hdev->features[3],
722 hdev->features[4], hdev->features[5],
723 hdev->features[6], hdev->features[7]);
724}
1da177e4 725
971e3a4b
AG		 726static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
727 struct sk_buff *skb)
728{
729 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
730
731 BT_DBG("%s status 0x%x", hdev->name, rp->status);
732
733 if (rp->status)
734 return;
735
b5b32b65
AG		 736 switch (rp->page) {
737 case 0:
738 memcpy(hdev->features, rp->features, 8);
739 break;
740 case 1:
741 memcpy(hdev->host_features, rp->features, 8);
742 break;
743 }
971e3a4b
AG		 744
745 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
746}
747
1e89cffb
AE		 748static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
749 struct sk_buff *skb)
750{
751 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
752
753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
754
755 if (rp->status)
756 return;
757
758 hdev->flow_ctl_mode = rp->mode;
759
760 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
761}
762
a9de9248
MH		 763static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
764{
765 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 766
a9de9248 767 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 768
a9de9248
MH		 769 if (rp->status)
770 return;
1da177e4 771
a9de9248
MH		 772 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
773 hdev->sco_mtu = rp->sco_mtu;
774 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
775 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
776
777 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
778 hdev->sco_mtu = 64;
779 hdev->sco_pkts = 8;
1da177e4 780 }
a9de9248
MH		 781
782 hdev->acl_cnt = hdev->acl_pkts;
783 hdev->sco_cnt = hdev->sco_pkts;
784
785 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
786 hdev->acl_mtu, hdev->acl_pkts,
787 hdev->sco_mtu, hdev->sco_pkts);
788}
789
790static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
793
794 BT_DBG("%s status 0x%x", hdev->name, rp->status);
795
796 if (!rp->status)
797 bacpy(&hdev->bdaddr, &rp->bdaddr);
798
23bb5763
JH		 799 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
800}
801
350ee4cf
AE		 802static void hci_cc_read_data_block_size(struct hci_dev *hdev,
803 struct sk_buff *skb)
804{
805 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
806
807 BT_DBG("%s status 0x%x", hdev->name, rp->status);
808
809 if (rp->status)
810 return;
811
812 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
813 hdev->block_len = __le16_to_cpu(rp->block_len);
814 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
815
816 hdev->block_cnt = hdev->num_blocks;
817
818 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
819 hdev->block_cnt, hdev->block_len);
820
821 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
822}
823
23bb5763
JH		 824static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
825{
826 __u8 status = *((__u8 *) skb->data);
827
828 BT_DBG("%s status 0x%x", hdev->name, status);
829
830 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 831}
832
928abaa7
AE		 833static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 if (rp->status)
841 return;
842
843 hdev->amp_status = rp->amp_status;
844 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
845 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
846 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
847 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
848 hdev->amp_type = rp->amp_type;
849 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
850 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
851 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
852 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
853
854 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
855}
856
b0916ea0
JH		 857static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
858 struct sk_buff *skb)
859{
860 __u8 status = *((__u8 *) skb->data);
861
862 BT_DBG("%s status 0x%x", hdev->name, status);
863
864 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
865}
866
d5859e22
JH		 867static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
868{
869 __u8 status = *((__u8 *) skb->data);
870
871 BT_DBG("%s status 0x%x", hdev->name, status);
872
873 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
874}
875
876static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
877 struct sk_buff *skb)
878{
879 __u8 status = *((__u8 *) skb->data);
880
881 BT_DBG("%s status 0x%x", hdev->name, status);
882
883 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
884}
885
886static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
887 struct sk_buff *skb)
888{
889 __u8 status = *((__u8 *) skb->data);
890
891 BT_DBG("%s status 0x%x", hdev->name, status);
892
893 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
894}
895
896static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
897{
898 __u8 status = *((__u8 *) skb->data);
899
900 BT_DBG("%s status 0x%x", hdev->name, status);
901
902 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
903}
904
980e1a53
JH		 905static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
906{
907 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
908 struct hci_cp_pin_code_reply *cp;
909 struct hci_conn *conn;
910
911 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912
56e5cb86
JH		 913 hci_dev_lock(hdev);
914
a8b2d5c2 915 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 916 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 917
918 if (rp->status != 0)
56e5cb86 919 goto unlock;
980e1a53
JH		 920
921 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
922 if (!cp)
56e5cb86 923 goto unlock;
980e1a53
JH		 924
925 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
926 if (conn)
927 conn->pin_length = cp->pin_len;
56e5cb86
JH		 928
929unlock:
930 hci_dev_unlock(hdev);
980e1a53
JH		 931}
932
933static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
934{
935 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
936
937 BT_DBG("%s status 0x%x", hdev->name, rp->status);
938
56e5cb86
JH		 939 hci_dev_lock(hdev);
940
a8b2d5c2 941 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 942 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 943 rp->status);
56e5cb86
JH		 944
945 hci_dev_unlock(hdev);
980e1a53 946}
56e5cb86 947
6ed58ec5
VT		 948static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%x", hdev->name, rp->status);
954
955 if (rp->status)
956 return;
957
958 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
959 hdev->le_pkts = rp->le_max_pkt;
960
961 hdev->le_cnt = hdev->le_pkts;
962
963 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
964
965 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
966}
980e1a53 967
a5c29683
JH		 968static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
969{
970 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
971
972 BT_DBG("%s status 0x%x", hdev->name, rp->status);
973
56e5cb86
JH		 974 hci_dev_lock(hdev);
975
a8b2d5c2 976 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 977 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
978 0, rp->status);
56e5cb86
JH		 979
980 hci_dev_unlock(hdev);
a5c29683
JH		 981}
982
983static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
984 struct sk_buff *skb)
985{
986 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
987
988 BT_DBG("%s status 0x%x", hdev->name, rp->status);
989
56e5cb86
JH		 990 hci_dev_lock(hdev);
991
a8b2d5c2 992 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 993 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 994 ACL_LINK, 0,
a5c29683 995 rp->status);
56e5cb86
JH		 996
997 hci_dev_unlock(hdev);
a5c29683
JH		 998}
999
1143d458
BG		 1000static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1001{
1002 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1003
1004 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1005
1006 hci_dev_lock(hdev);
1007
a8b2d5c2 1008 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 1009 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1010 0, rp->status);
1143d458
BG		 1011
1012 hci_dev_unlock(hdev);
1013}
1014
1015static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1016 struct sk_buff *skb)
1017{
1018 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1019
1020 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1021
1022 hci_dev_lock(hdev);
1023
a8b2d5c2 1024 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1025 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1026 ACL_LINK, 0,
1143d458
BG		 1027 rp->status);
1028
1029 hci_dev_unlock(hdev);
1030}
1031
c35938b2
SJ		 1032static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1033 struct sk_buff *skb)
1034{
1035 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1036
1037 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1038
56e5cb86 1039 hci_dev_lock(hdev);
744cf19e 1040 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1041 rp->randomizer, rp->status);
56e5cb86 1042 hci_dev_unlock(hdev);
c35938b2
SJ		 1043}
1044
07f7fa5d
AG		 1045static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1046{
1047 __u8 status = *((__u8 *) skb->data);
1048
1049 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1050
1051 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1052
1053 if (status) {
1054 hci_dev_lock(hdev);
1055 mgmt_start_discovery_failed(hdev, status);
1056 hci_dev_unlock(hdev);
1057 return;
1058 }
07f7fa5d
AG		 1059}
1060
eb9d91f5
AG		 1061static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1062 struct sk_buff *skb)
1063{
1064 struct hci_cp_le_set_scan_enable *cp;
1065 __u8 status = *((__u8 *) skb->data);
1066
1067 BT_DBG("%s status 0x%x", hdev->name, status);
1068
eb9d91f5
AG		 1069 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1070 if (!cp)
1071 return;
1072
68a8aea4
AE		 1073 switch (cp->enable) {
1074 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1075 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1076
3fd24153
AG		 1077 if (status) {
1078 hci_dev_lock(hdev);
1079 mgmt_start_discovery_failed(hdev, status);
1080 hci_dev_unlock(hdev);
7ba8b4be 1081 return;
3fd24153 1082 }
7ba8b4be 1083
d23264a8
AG		 1084 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1085
db323f2f 1086 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1087
1088 hci_dev_lock(hdev);
eb9d91f5 1089 hci_adv_entries_clear(hdev);
343f935b 1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1091 hci_dev_unlock(hdev);
68a8aea4
AE		 1092 break;
1093
1094 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1095 if (status)
1096 return;
1097
d23264a8
AG		 1098 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1099
d084329e 1100 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0
AG		 1101
1102 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1103 mgmt_interleaved_discovery(hdev);
1104 } else {
1105 hci_dev_lock(hdev);
1106 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1107 hci_dev_unlock(hdev);
1108 }
1109
68a8aea4
AE		 1110 break;
1111
1112 default:
1113 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1114 break;
35815085 1115 }
eb9d91f5
AG		 1116}
1117
a7a595f6
VCG		 1118static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1123
1124 if (rp->status)
1125 return;
1126
1127 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1128}
1129
1130static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1131{
1132 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1133
1134 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1135
1136 if (rp->status)
1137 return;
1138
1139 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1140}
1141
f9b49306
AG		 1142static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1143 struct sk_buff *skb)
1144{
1145 struct hci_cp_read_local_ext_features cp;
06199cf8 1146 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1147 __u8 status = *((__u8 *) skb->data);
1148
1149 BT_DBG("%s status 0x%x", hdev->name, status);
1150
06199cf8
JH		 1151 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1152 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1153 mgmt_le_enable_complete(hdev, sent->le, status);
1154
f9b49306
AG		 1155 if (status)
1156 return;
1157
1158 cp.page = 0x01;
1159 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1160}
1161
a9de9248
MH		 1162static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1163{
1164 BT_DBG("%s status 0x%x", hdev->name, status);
1165
1166 if (status) {
23bb5763 1167 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1168 hci_conn_check_pending(hdev);
56e5cb86 1169 hci_dev_lock(hdev);
a8b2d5c2 1170 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1171 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1172 hci_dev_unlock(hdev);
314b2381
JH		 1173 return;
1174 }
1175
89352e7d
AG		 1176 set_bit(HCI_INQUIRY, &hdev->flags);
1177
56e5cb86 1178 hci_dev_lock(hdev);
343f935b 1179 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1180 hci_dev_unlock(hdev);
1da177e4
LT		 1181}
1182
1da177e4
LT		 1183static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1184{
a9de9248 1185 struct hci_cp_create_conn *cp;
1da177e4 1186 struct hci_conn *conn;
1da177e4 1187
a9de9248
MH		 1188 BT_DBG("%s status 0x%x", hdev->name, status);
1189
1190 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1191 if (!cp)
1192 return;
1193
1194 hci_dev_lock(hdev);
1195
1196 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1197
a9de9248 1198 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1199
1200 if (status) {
1201 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1202 if (status != 0x0c || conn->attempt > 2) {
1203 conn->state = BT_CLOSED;
1204 hci_proto_connect_cfm(conn, status);
1205 hci_conn_del(conn);
1206 } else
1207 conn->state = BT_CONNECT2;
1da177e4
LT		 1208 }
1209 } else {
1210 if (!conn) {
1211 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1212 if (conn) {
a0c808b3 1213 conn->out = true;
1da177e4
LT		 1214 conn->link_mode |= HCI_LM_MASTER;
1215 } else
893ef971 1216 BT_ERR("No memory for new connection");
1da177e4
LT		 1217 }
1218 }
1219
1220 hci_dev_unlock(hdev);
1221}
1222
a9de9248 1223static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1224{
a9de9248
MH		 1225 struct hci_cp_add_sco *cp;
1226 struct hci_conn *acl, *sco;
1227 __u16 handle;
1da177e4 1228
b6a0dc82
MH		 1229 BT_DBG("%s status 0x%x", hdev->name, status);
1230
a9de9248
MH		 1231 if (!status)
1232 return;
1da177e4 1233
a9de9248
MH		 1234 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1235 if (!cp)
1236 return;
1da177e4 1237
a9de9248 1238 handle = __le16_to_cpu(cp->handle);
1da177e4 1239
a9de9248 1240 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1241
a9de9248 1242 hci_dev_lock(hdev);
1da177e4 1243
a9de9248 1244 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1245 if (acl) {
1246 sco = acl->link;
1247 if (sco) {
1248 sco->state = BT_CLOSED;
1da177e4 1249
5a08ecce
AE		 1250 hci_proto_connect_cfm(sco, status);
1251 hci_conn_del(sco);
1252 }
a9de9248 1253 }
1da177e4 1254
a9de9248
MH		 1255 hci_dev_unlock(hdev);
1256}
1da177e4 1257
f8558555
MH		 1258static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1259{
1260 struct hci_cp_auth_requested *cp;
1261 struct hci_conn *conn;
1262
1263 BT_DBG("%s status 0x%x", hdev->name, status);
1264
1265 if (!status)
1266 return;
1267
1268 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1269 if (!cp)
1270 return;
1271
1272 hci_dev_lock(hdev);
1273
1274 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1275 if (conn) {
1276 if (conn->state == BT_CONFIG) {
1277 hci_proto_connect_cfm(conn, status);
1278 hci_conn_put(conn);
1279 }
1280 }
1281
1282 hci_dev_unlock(hdev);
1283}
1284
1285static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1286{
1287 struct hci_cp_set_conn_encrypt *cp;
1288 struct hci_conn *conn;
1289
1290 BT_DBG("%s status 0x%x", hdev->name, status);
1291
1292 if (!status)
1293 return;
1294
1295 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1296 if (!cp)
1297 return;
1298
1299 hci_dev_lock(hdev);
1300
1301 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1302 if (conn) {
1303 if (conn->state == BT_CONFIG) {
1304 hci_proto_connect_cfm(conn, status);
1305 hci_conn_put(conn);
1306 }
1307 }
1308
1309 hci_dev_unlock(hdev);
1310}
1311
127178d2 1312static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1313 struct hci_conn *conn)
392599b9 1314{
392599b9
JH		 1315 if (conn->state != BT_CONFIG || !conn->out)
1316 return 0;
1317
765c2a96 1318 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1319 return 0;
1320
1321 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1322 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1323 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1324 conn->pending_sec_level != BT_SECURITY_HIGH &&
1325 !(conn->auth_type & 0x01))
392599b9
JH		 1326 return 0;
1327
392599b9
JH		 1328 return 1;
1329}
1330
30dc78e1
JH		 1331static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1332{
1333 struct hci_cp_remote_name_req cp;
1334
1335 memset(&cp, 0, sizeof(cp));
1336
1337 bacpy(&cp.bdaddr, &e->data.bdaddr);
1338 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1339 cp.pscan_mode = e->data.pscan_mode;
1340 cp.clock_offset = e->data.clock_offset;
1341
1342 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1343}
1344
b644ba33 1345static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1346{
1347 struct discovery_state *discov = &hdev->discovery;
1348 struct inquiry_entry *e;
1349
b644ba33
JH		 1350 if (list_empty(&discov->resolve))
1351 return false;
1352
1353 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1354 if (hci_resolve_name(hdev, e) == 0) {
1355 e->name_state = NAME_PENDING;
1356 return true;
1357 }
1358
1359 return false;
1360}
1361
1362static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1363 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1364{
1365 struct discovery_state *discov = &hdev->discovery;
1366 struct inquiry_entry *e;
1367
1368 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1369 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1370 name, name_len, conn->dev_class);
1371
1372 if (discov->state == DISCOVERY_STOPPED)
1373 return;
1374
30dc78e1
JH		 1375 if (discov->state == DISCOVERY_STOPPING)
1376 goto discov_complete;
1377
1378 if (discov->state != DISCOVERY_RESOLVING)
1379 return;
1380
1381 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1382 if (e) {
1383 e->name_state = NAME_KNOWN;
1384 list_del(&e->list);
b644ba33
JH		 1385 if (name)
1386 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1387 e->data.rssi, name, name_len);
30dc78e1
JH		 1388 }
1389
b644ba33 1390 if (hci_resolve_next_name(hdev))
30dc78e1 1391 return;
30dc78e1
JH		 1392
1393discov_complete:
1394 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1395}
1396
a9de9248
MH		 1397static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1398{
127178d2
JH		 1399 struct hci_cp_remote_name_req *cp;
1400 struct hci_conn *conn;
1401
a9de9248 1402 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1403
1404 /* If successful wait for the name req complete event before
1405 * checking for the need to do authentication */
1406 if (!status)
1407 return;
1408
1409 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1410 if (!cp)
1411 return;
1412
1413 hci_dev_lock(hdev);
1414
b644ba33
JH		 1415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1416
a8b2d5c2 1417 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1418 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1419
79c6c70c
JH		 1420 if (!conn)
1421 goto unlock;
1422
1423 if (!hci_outgoing_auth_needed(hdev, conn))
1424 goto unlock;
1425
51a8efd7 1426 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1427 struct hci_cp_auth_requested cp;
1428 cp.handle = __cpu_to_le16(conn->handle);
1429 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1430 }
1431
79c6c70c 1432unlock:
127178d2 1433 hci_dev_unlock(hdev);
a9de9248 1434}
1da177e4 1435
769be974
MH		 1436static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1437{
1438 struct hci_cp_read_remote_features *cp;
1439 struct hci_conn *conn;
1440
1441 BT_DBG("%s status 0x%x", hdev->name, status);
1442
1443 if (!status)
1444 return;
1445
1446 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1447 if (!cp)
1448 return;
1449
1450 hci_dev_lock(hdev);
1451
1452 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1453 if (conn) {
1454 if (conn->state == BT_CONFIG) {
769be974
MH		 1455 hci_proto_connect_cfm(conn, status);
1456 hci_conn_put(conn);
1457 }
1458 }
1459
1460 hci_dev_unlock(hdev);
1461}
1462
1463static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1464{
1465 struct hci_cp_read_remote_ext_features *cp;
1466 struct hci_conn *conn;
1467
1468 BT_DBG("%s status 0x%x", hdev->name, status);
1469
1470 if (!status)
1471 return;
1472
1473 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1474 if (!cp)
1475 return;
1476
1477 hci_dev_lock(hdev);
1478
1479 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1480 if (conn) {
1481 if (conn->state == BT_CONFIG) {
769be974
MH		 1482 hci_proto_connect_cfm(conn, status);
1483 hci_conn_put(conn);
1484 }
1485 }
1486
1487 hci_dev_unlock(hdev);
1488}
1489
a9de9248
MH		 1490static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1491{
b6a0dc82
MH		 1492 struct hci_cp_setup_sync_conn *cp;
1493 struct hci_conn *acl, *sco;
1494 __u16 handle;
1495
a9de9248 1496 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1497
1498 if (!status)
1499 return;
1500
1501 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1502 if (!cp)
1503 return;
1504
1505 handle = __le16_to_cpu(cp->handle);
1506
1507 BT_DBG("%s handle %d", hdev->name, handle);
1508
1509 hci_dev_lock(hdev);
1510
1511 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1512 if (acl) {
1513 sco = acl->link;
1514 if (sco) {
1515 sco->state = BT_CLOSED;
b6a0dc82 1516
5a08ecce
AE		 1517 hci_proto_connect_cfm(sco, status);
1518 hci_conn_del(sco);
1519 }
b6a0dc82
MH		 1520 }
1521
1522 hci_dev_unlock(hdev);
1da177e4
LT		 1523}
1524
a9de9248 1525static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1526{
a9de9248
MH		 1527 struct hci_cp_sniff_mode *cp;
1528 struct hci_conn *conn;
1da177e4 1529
a9de9248 1530 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1531
a9de9248
MH		 1532 if (!status)
1533 return;
04837f64 1534
a9de9248
MH		 1535 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1536 if (!cp)
1537 return;
04837f64 1538
a9de9248 1539 hci_dev_lock(hdev);
04837f64 1540
a9de9248 1541 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1542 if (conn) {
51a8efd7 1543 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1544
51a8efd7 1545 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1546 hci_sco_setup(conn, status);
1547 }
1548
a9de9248
MH		 1549 hci_dev_unlock(hdev);
1550}
04837f64 1551
a9de9248
MH		 1552static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1553{
1554 struct hci_cp_exit_sniff_mode *cp;
1555 struct hci_conn *conn;
04837f64 1556
a9de9248 1557 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1558
a9de9248
MH		 1559 if (!status)
1560 return;
04837f64 1561
a9de9248
MH		 1562 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1563 if (!cp)
1564 return;
04837f64 1565
a9de9248 1566 hci_dev_lock(hdev);
1da177e4 1567
a9de9248 1568 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1569 if (conn) {
51a8efd7 1570 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1571
51a8efd7 1572 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1573 hci_sco_setup(conn, status);
1574 }
1575
a9de9248 1576 hci_dev_unlock(hdev);
1da177e4
LT		 1577}
1578
88c3df13
JH		 1579static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1580{
1581 struct hci_cp_disconnect *cp;
1582 struct hci_conn *conn;
1583
1584 if (!status)
1585 return;
1586
1587 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1588 if (!cp)
1589 return;
1590
1591 hci_dev_lock(hdev);
1592
1593 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1594 if (conn)
1595 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1596 conn->dst_type, status);
1597
1598 hci_dev_unlock(hdev);
1599}
1600
fcd89c09
VT		 1601static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1602{
1603 struct hci_cp_le_create_conn *cp;
1604 struct hci_conn *conn;
1605
1606 BT_DBG("%s status 0x%x", hdev->name, status);
1607
1608 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1609 if (!cp)
1610 return;
1611
1612 hci_dev_lock(hdev);
1613
1614 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1615
1616 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1617 conn);
1618
1619 if (status) {
1620 if (conn && conn->state == BT_CONNECT) {
1621 conn->state = BT_CLOSED;
1622 hci_proto_connect_cfm(conn, status);
1623 hci_conn_del(conn);
1624 }
1625 } else {
1626 if (!conn) {
1627 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1628 if (conn) {
1629 conn->dst_type = cp->peer_addr_type;
a0c808b3 1630 conn->out = true;
29b7988a 1631 } else {
fcd89c09 1632 BT_ERR("No memory for new connection");
29b7988a 1633 }
fcd89c09
VT		 1634 }
1635 }
1636
1637 hci_dev_unlock(hdev);
1638}
1639
a7a595f6
VCG		 1640static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1641{
1642 BT_DBG("%s status 0x%x", hdev->name, status);
1643}
1644
1da177e4
LT		 1645static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1646{
1647 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1648 struct discovery_state *discov = &hdev->discovery;
1649 struct inquiry_entry *e;
1da177e4
LT		 1650
1651 BT_DBG("%s status %d", hdev->name, status);
1652
23bb5763 1653 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1654
a9de9248 1655 hci_conn_check_pending(hdev);
89352e7d
AG		 1656
1657 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1658 return;
1659
a8b2d5c2 1660 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1661 return;
1662
56e5cb86 1663 hci_dev_lock(hdev);
30dc78e1 1664
343f935b 1665 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1666 goto unlock;
1667
1668 if (list_empty(&discov->resolve)) {
1669 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1670 goto unlock;
1671 }
1672
1673 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1674 if (e && hci_resolve_name(hdev, e) == 0) {
1675 e->name_state = NAME_PENDING;
1676 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1677 } else {
1678 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1679 }
1680
1681unlock:
56e5cb86 1682 hci_dev_unlock(hdev);
1da177e4
LT		 1683}
1684
1da177e4
LT		 1685static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686{
45bb4bf0 1687 struct inquiry_data data;
a9de9248 1688 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1689 int num_rsp = *((__u8 *) skb->data);
1690
1691 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1692
45bb4bf0
MH		 1693 if (!num_rsp)
1694 return;
1695
1da177e4 1696 hci_dev_lock(hdev);
45bb4bf0 1697
e17acd40 1698 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1699 bool name_known, ssp;
3175405b 1700
1da177e4
LT		 1701 bacpy(&data.bdaddr, &info->bdaddr);
1702 data.pscan_rep_mode = info->pscan_rep_mode;
1703 data.pscan_period_mode = info->pscan_period_mode;
1704 data.pscan_mode = info->pscan_mode;
1705 memcpy(data.dev_class, info->dev_class, 3);
1706 data.clock_offset = info->clock_offset;
1707 data.rssi = 0x00;
41a96212 1708 data.ssp_mode = 0x00;
3175405b 1709
388fc8fa 1710 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1711 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
388fc8fa 1712 info->dev_class, 0, !name_known, ssp,
7d262f86 1713 NULL, 0);
1da177e4 1714 }
45bb4bf0 1715
1da177e4
LT		 1716 hci_dev_unlock(hdev);
1717}
1718
1da177e4
LT		 1719static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1720{
a9de9248
MH		 1721 struct hci_ev_conn_complete *ev = (void *) skb->data;
1722 struct hci_conn *conn;
1da177e4
LT		 1723
1724 BT_DBG("%s", hdev->name);
1725
1726 hci_dev_lock(hdev);
1727
1728 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1729 if (!conn) {
1730 if (ev->link_type != SCO_LINK)
1731 goto unlock;
1732
1733 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1734 if (!conn)
1735 goto unlock;
1736
1737 conn->type = SCO_LINK;
1738 }
1da177e4
LT		 1739
1740 if (!ev->status) {
1741 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1742
1743 if (conn->type == ACL_LINK) {
1744 conn->state = BT_CONFIG;
1745 hci_conn_hold(conn);
052b30b0 1746 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1747 } else
1748 conn->state = BT_CONNECTED;
1da177e4 1749
9eba32b8 1750 hci_conn_hold_device(conn);
7d0db0a3
MH		 1751 hci_conn_add_sysfs(conn);
1752
1da177e4
LT		 1753 if (test_bit(HCI_AUTH, &hdev->flags))
1754 conn->link_mode |= HCI_LM_AUTH;
1755
1756 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1757 conn->link_mode |= HCI_LM_ENCRYPT;
1758
04837f64
MH		 1759 /* Get remote features */
1760 if (conn->type == ACL_LINK) {
1761 struct hci_cp_read_remote_features cp;
1762 cp.handle = ev->handle;
769be974
MH		 1763 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1764 sizeof(cp), &cp);
04837f64
MH		 1765 }
1766
1da177e4 1767 /* Set packet type for incoming connection */
d095c1eb 1768 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1769 struct hci_cp_change_conn_ptype cp;
1770 cp.handle = ev->handle;
a8746417
MH		 1771 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1772 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1773 sizeof(cp), &cp);
1da177e4 1774 }
17d5c04c 1775 } else {
1da177e4 1776 conn->state = BT_CLOSED;
17d5c04c 1777 if (conn->type == ACL_LINK)
744cf19e 1778 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1779 conn->dst_type, ev->status);
17d5c04c 1780 }
1da177e4 1781
e73439d8
MH		 1782 if (conn->type == ACL_LINK)
1783 hci_sco_setup(conn, ev->status);
1da177e4 1784
769be974
MH		 1785 if (ev->status) {
1786 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1787 hci_conn_del(conn);
c89b6e6b
MH		 1788 } else if (ev->link_type != ACL_LINK)
1789 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1790
a9de9248 1791unlock:
1da177e4 1792 hci_dev_unlock(hdev);
1da177e4 1793
a9de9248 1794 hci_conn_check_pending(hdev);
1da177e4
LT		 1795}
1796
a9de9248 1797static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1798{
a9de9248
MH		 1799 struct hci_ev_conn_request *ev = (void *) skb->data;
1800 int mask = hdev->link_mode;
1da177e4 1801
a9de9248
MH		 1802 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1803 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1804
a9de9248 1805 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1806
138d22ef
SJ		 1807 if ((mask & HCI_LM_ACCEPT) &&
1808 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1809 /* Connection accepted */
c7bdd502 1810 struct inquiry_entry *ie;
1da177e4 1811 struct hci_conn *conn;
1da177e4 1812
a9de9248 1813 hci_dev_lock(hdev);
b6a0dc82 1814
cc11b9c1
AE		 1815 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1816 if (ie)
c7bdd502
MH		 1817 memcpy(ie->data.dev_class, ev->dev_class, 3);
1818
a9de9248
MH		 1819 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1820 if (!conn) {
cc11b9c1
AE		 1821 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1822 if (!conn) {
893ef971 1823 BT_ERR("No memory for new connection");
a9de9248
MH		 1824 hci_dev_unlock(hdev);
1825 return;
1da177e4
LT		 1826 }
1827 }
b6a0dc82 1828
a9de9248
MH		 1829 memcpy(conn->dev_class, ev->dev_class, 3);
1830 conn->state = BT_CONNECT;
b6a0dc82 1831
a9de9248 1832 hci_dev_unlock(hdev);
1da177e4 1833
b6a0dc82
MH		 1834 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1835 struct hci_cp_accept_conn_req cp;
1da177e4 1836
b6a0dc82
MH		 1837 bacpy(&cp.bdaddr, &ev->bdaddr);
1838
1839 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1840 cp.role = 0x00; /* Become master */
1841 else
1842 cp.role = 0x01; /* Remain slave */
1843
1844 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1845 sizeof(cp), &cp);
1846 } else {
1847 struct hci_cp_accept_sync_conn_req cp;
1848
1849 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1850 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1851
1852 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1853 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1854 cp.max_latency = cpu_to_le16(0xffff);
1855 cp.content_format = cpu_to_le16(hdev->voice_setting);
1856 cp.retrans_effort = 0xff;
1da177e4 1857
b6a0dc82
MH		 1858 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1859 sizeof(cp), &cp);
1860 }
a9de9248
MH		 1861 } else {
1862 /* Connection rejected */
1863 struct hci_cp_reject_conn_req cp;
1da177e4 1864
a9de9248 1865 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1866 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1867 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1868 }
1da177e4
LT		 1869}
1870
a9de9248 1871static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1872{
a9de9248 1873 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1874 struct hci_conn *conn;
1875
1876 BT_DBG("%s status %d", hdev->name, ev->status);
1877
1878 hci_dev_lock(hdev);
1879
1880 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1881 if (!conn)
1882 goto unlock;
7d0db0a3 1883
37d9ef76
JH		 1884 if (ev->status == 0)
1885 conn->state = BT_CLOSED;
04837f64 1886
b644ba33
JH		 1887 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1888 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1889 if (ev->status != 0)
88c3df13
JH		 1890 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1891 conn->dst_type, ev->status);
37d9ef76 1892 else
afc747a6 1893 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1894 conn->dst_type);
37d9ef76 1895 }
f7520543 1896
37d9ef76
JH		 1897 if (ev->status == 0) {
1898 hci_proto_disconn_cfm(conn, ev->reason);
1899 hci_conn_del(conn);
1900 }
f7520543
JH		 1901
1902unlock:
04837f64
MH		 1903 hci_dev_unlock(hdev);
1904}
1905
1da177e4
LT		 1906static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1907{
a9de9248 1908 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1909 struct hci_conn *conn;
1da177e4
LT		 1910
1911 BT_DBG("%s status %d", hdev->name, ev->status);
1912
1913 hci_dev_lock(hdev);
1914
04837f64 1915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1916 if (!conn)
1917 goto unlock;
1918
1919 if (!ev->status) {
aa64a8b5
JH		 1920 if (!hci_conn_ssp_enabled(conn) &&
1921 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1922 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1923 } else {
d7556e20
WR		 1924 conn->link_mode |= HCI_LM_AUTH;
1925 conn->sec_level = conn->pending_sec_level;
2a611692 1926 }
d7556e20 1927 } else {
bab73cb6
JH		 1928 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1929 ev->status);
d7556e20 1930 }
1da177e4 1931
51a8efd7
JH		 1932 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1933 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1934
d7556e20 1935 if (conn->state == BT_CONFIG) {
aa64a8b5 1936 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1937 struct hci_cp_set_conn_encrypt cp;
1938 cp.handle = ev->handle;
1939 cp.encrypt = 0x01;
1940 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1941 &cp);
052b30b0 1942 } else {
d7556e20
WR		 1943 conn->state = BT_CONNECTED;
1944 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1945 hci_conn_put(conn);
1946 }
d7556e20
WR		 1947 } else {
1948 hci_auth_cfm(conn, ev->status);
052b30b0 1949
d7556e20
WR		 1950 hci_conn_hold(conn);
1951 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1952 hci_conn_put(conn);
1953 }
1954
51a8efd7 1955 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1956 if (!ev->status) {
1957 struct hci_cp_set_conn_encrypt cp;
1958 cp.handle = ev->handle;
1959 cp.encrypt = 0x01;
1960 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1961 &cp);
1962 } else {
51a8efd7 1963 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1964 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1965 }
1966 }
1967
d7556e20 1968unlock:
1da177e4
LT		 1969 hci_dev_unlock(hdev);
1970}
1971
a9de9248 1972static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1973{
127178d2
JH		 1974 struct hci_ev_remote_name *ev = (void *) skb->data;
1975 struct hci_conn *conn;
1976
a9de9248 1977 BT_DBG("%s", hdev->name);
1da177e4 1978
a9de9248 1979 hci_conn_check_pending(hdev);
127178d2
JH		 1980
1981 hci_dev_lock(hdev);
1982
b644ba33 1983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1984
b644ba33
JH		 1985 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1986 goto check_auth;
a88a9652 1987
b644ba33
JH		 1988 if (ev->status == 0)
1989 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1990 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1991 else
1992 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1993
1994check_auth:
79c6c70c
JH		 1995 if (!conn)
1996 goto unlock;
1997
1998 if (!hci_outgoing_auth_needed(hdev, conn))
1999 goto unlock;
2000
51a8efd7 2001 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2002 struct hci_cp_auth_requested cp;
2003 cp.handle = __cpu_to_le16(conn->handle);
2004 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2005 }
2006
79c6c70c 2007unlock:
127178d2 2008 hci_dev_unlock(hdev);
a9de9248
MH		 2009}
2010
2011static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2012{
2013 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2014 struct hci_conn *conn;
2015
2016 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2017
2018 hci_dev_lock(hdev);
2019
04837f64 2020 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2021 if (conn) {
2022 if (!ev->status) {
ae293196
MH		 2023 if (ev->encrypt) {
2024 /* Encryption implies authentication */
2025 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2026 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2027 conn->sec_level = conn->pending_sec_level;
ae293196 2028 } else
1da177e4
LT		 2029 conn->link_mode &= ~HCI_LM_ENCRYPT;
2030 }
2031
51a8efd7 2032 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2033
f8558555
MH		 2034 if (conn->state == BT_CONFIG) {
2035 if (!ev->status)
2036 conn->state = BT_CONNECTED;
2037
2038 hci_proto_connect_cfm(conn, ev->status);
2039 hci_conn_put(conn);
2040 } else
2041 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2042 }
2043
2044 hci_dev_unlock(hdev);
2045}
2046
a9de9248 2047static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2048{
a9de9248 2049 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2050 struct hci_conn *conn;
1da177e4
LT		 2051
2052 BT_DBG("%s status %d", hdev->name, ev->status);
2053
2054 hci_dev_lock(hdev);
2055
04837f64 2056 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2057 if (conn) {
2058 if (!ev->status)
2059 conn->link_mode |= HCI_LM_SECURE;
2060
51a8efd7 2061 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2062
2063 hci_key_change_cfm(conn, ev->status);
2064 }
2065
2066 hci_dev_unlock(hdev);
2067}
2068
a9de9248 2069static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2070{
a9de9248
MH		 2071 struct hci_ev_remote_features *ev = (void *) skb->data;
2072 struct hci_conn *conn;
2073
2074 BT_DBG("%s status %d", hdev->name, ev->status);
2075
a9de9248
MH		 2076 hci_dev_lock(hdev);
2077
2078 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2079 if (!conn)
2080 goto unlock;
769be974 2081
ccd556fe
JH		 2082 if (!ev->status)
2083 memcpy(conn->features, ev->features, 8);
2084
2085 if (conn->state != BT_CONFIG)
2086 goto unlock;
2087
2088 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2089 struct hci_cp_read_remote_ext_features cp;
2090 cp.handle = ev->handle;
2091 cp.page = 0x01;
2092 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2093 sizeof(cp), &cp);
392599b9
JH		 2094 goto unlock;
2095 }
2096
127178d2
JH		 2097 if (!ev->status) {
2098 struct hci_cp_remote_name_req cp;
2099 memset(&cp, 0, sizeof(cp));
2100 bacpy(&cp.bdaddr, &conn->dst);
2101 cp.pscan_rep_mode = 0x02;
2102 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2103 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2104 mgmt_device_connected(hdev, &conn->dst, conn->type,
2105 conn->dst_type, NULL, 0,
2106 conn->dev_class);
392599b9 2107
127178d2 2108 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2109 conn->state = BT_CONNECTED;
2110 hci_proto_connect_cfm(conn, ev->status);
2111 hci_conn_put(conn);
769be974 2112 }
a9de9248 2113
ccd556fe 2114unlock:
a9de9248 2115 hci_dev_unlock(hdev);
1da177e4
LT		 2116}
2117
a9de9248 2118static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2119{
a9de9248 2120 BT_DBG("%s", hdev->name);
1da177e4
LT		 2121}
2122
a9de9248 2123static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2124{
a9de9248 2125 BT_DBG("%s", hdev->name);
1da177e4
LT		 2126}
2127
a9de9248
MH		 2128static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2129{
2130 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2131 __u16 opcode;
2132
2133 skb_pull(skb, sizeof(*ev));
2134
2135 opcode = __le16_to_cpu(ev->opcode);
2136
2137 switch (opcode) {
2138 case HCI_OP_INQUIRY_CANCEL:
2139 hci_cc_inquiry_cancel(hdev, skb);
2140 break;
2141
2142 case HCI_OP_EXIT_PERIODIC_INQ:
2143 hci_cc_exit_periodic_inq(hdev, skb);
2144 break;
2145
2146 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2147 hci_cc_remote_name_req_cancel(hdev, skb);
2148 break;
2149
2150 case HCI_OP_ROLE_DISCOVERY:
2151 hci_cc_role_discovery(hdev, skb);
2152 break;
2153
e4e8e37c
MH		 2154 case HCI_OP_READ_LINK_POLICY:
2155 hci_cc_read_link_policy(hdev, skb);
2156 break;
2157
a9de9248
MH		 2158 case HCI_OP_WRITE_LINK_POLICY:
2159 hci_cc_write_link_policy(hdev, skb);
2160 break;
2161
e4e8e37c
MH		 2162 case HCI_OP_READ_DEF_LINK_POLICY:
2163 hci_cc_read_def_link_policy(hdev, skb);
2164 break;
2165
2166 case HCI_OP_WRITE_DEF_LINK_POLICY:
2167 hci_cc_write_def_link_policy(hdev, skb);
2168 break;
2169
a9de9248
MH		 2170 case HCI_OP_RESET:
2171 hci_cc_reset(hdev, skb);
2172 break;
2173
2174 case HCI_OP_WRITE_LOCAL_NAME:
2175 hci_cc_write_local_name(hdev, skb);
2176 break;
2177
2178 case HCI_OP_READ_LOCAL_NAME:
2179 hci_cc_read_local_name(hdev, skb);
2180 break;
2181
2182 case HCI_OP_WRITE_AUTH_ENABLE:
2183 hci_cc_write_auth_enable(hdev, skb);
2184 break;
2185
2186 case HCI_OP_WRITE_ENCRYPT_MODE:
2187 hci_cc_write_encrypt_mode(hdev, skb);
2188 break;
2189
2190 case HCI_OP_WRITE_SCAN_ENABLE:
2191 hci_cc_write_scan_enable(hdev, skb);
2192 break;
2193
2194 case HCI_OP_READ_CLASS_OF_DEV:
2195 hci_cc_read_class_of_dev(hdev, skb);
2196 break;
2197
2198 case HCI_OP_WRITE_CLASS_OF_DEV:
2199 hci_cc_write_class_of_dev(hdev, skb);
2200 break;
2201
2202 case HCI_OP_READ_VOICE_SETTING:
2203 hci_cc_read_voice_setting(hdev, skb);
2204 break;
2205
2206 case HCI_OP_WRITE_VOICE_SETTING:
2207 hci_cc_write_voice_setting(hdev, skb);
2208 break;
2209
2210 case HCI_OP_HOST_BUFFER_SIZE:
2211 hci_cc_host_buffer_size(hdev, skb);
2212 break;
2213
333140b5
MH		 2214 case HCI_OP_WRITE_SSP_MODE:
2215 hci_cc_write_ssp_mode(hdev, skb);
2216 break;
2217
a9de9248
MH		 2218 case HCI_OP_READ_LOCAL_VERSION:
2219 hci_cc_read_local_version(hdev, skb);
2220 break;
2221
2222 case HCI_OP_READ_LOCAL_COMMANDS:
2223 hci_cc_read_local_commands(hdev, skb);
2224 break;
2225
2226 case HCI_OP_READ_LOCAL_FEATURES:
2227 hci_cc_read_local_features(hdev, skb);
2228 break;
2229
971e3a4b
AG		 2230 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2231 hci_cc_read_local_ext_features(hdev, skb);
2232 break;
2233
a9de9248
MH		 2234 case HCI_OP_READ_BUFFER_SIZE:
2235 hci_cc_read_buffer_size(hdev, skb);
2236 break;
2237
2238 case HCI_OP_READ_BD_ADDR:
2239 hci_cc_read_bd_addr(hdev, skb);
2240 break;
2241
350ee4cf
AE		 2242 case HCI_OP_READ_DATA_BLOCK_SIZE:
2243 hci_cc_read_data_block_size(hdev, skb);
2244 break;
2245
23bb5763
JH		 2246 case HCI_OP_WRITE_CA_TIMEOUT:
2247 hci_cc_write_ca_timeout(hdev, skb);
2248 break;
2249
1e89cffb
AE		 2250 case HCI_OP_READ_FLOW_CONTROL_MODE:
2251 hci_cc_read_flow_control_mode(hdev, skb);
2252 break;
2253
928abaa7
AE		 2254 case HCI_OP_READ_LOCAL_AMP_INFO:
2255 hci_cc_read_local_amp_info(hdev, skb);
2256 break;
2257
b0916ea0
JH		 2258 case HCI_OP_DELETE_STORED_LINK_KEY:
2259 hci_cc_delete_stored_link_key(hdev, skb);
2260 break;
2261
d5859e22
JH		 2262 case HCI_OP_SET_EVENT_MASK:
2263 hci_cc_set_event_mask(hdev, skb);
2264 break;
2265
2266 case HCI_OP_WRITE_INQUIRY_MODE:
2267 hci_cc_write_inquiry_mode(hdev, skb);
2268 break;
2269
2270 case HCI_OP_READ_INQ_RSP_TX_POWER:
2271 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2272 break;
2273
2274 case HCI_OP_SET_EVENT_FLT:
2275 hci_cc_set_event_flt(hdev, skb);
2276 break;
2277
980e1a53
JH		 2278 case HCI_OP_PIN_CODE_REPLY:
2279 hci_cc_pin_code_reply(hdev, skb);
2280 break;
2281
2282 case HCI_OP_PIN_CODE_NEG_REPLY:
2283 hci_cc_pin_code_neg_reply(hdev, skb);
2284 break;
2285
c35938b2
SJ		 2286 case HCI_OP_READ_LOCAL_OOB_DATA:
2287 hci_cc_read_local_oob_data_reply(hdev, skb);
2288 break;
2289
6ed58ec5
VT		 2290 case HCI_OP_LE_READ_BUFFER_SIZE:
2291 hci_cc_le_read_buffer_size(hdev, skb);
2292 break;
2293
a5c29683
JH		 2294 case HCI_OP_USER_CONFIRM_REPLY:
2295 hci_cc_user_confirm_reply(hdev, skb);
2296 break;
2297
2298 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2299 hci_cc_user_confirm_neg_reply(hdev, skb);
2300 break;
2301
1143d458
BG		 2302 case HCI_OP_USER_PASSKEY_REPLY:
2303 hci_cc_user_passkey_reply(hdev, skb);
2304 break;
2305
2306 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2307 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2308
2309 case HCI_OP_LE_SET_SCAN_PARAM:
2310 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2311 break;
2312
eb9d91f5
AG		 2313 case HCI_OP_LE_SET_SCAN_ENABLE:
2314 hci_cc_le_set_scan_enable(hdev, skb);
2315 break;
2316
a7a595f6
VCG		 2317 case HCI_OP_LE_LTK_REPLY:
2318 hci_cc_le_ltk_reply(hdev, skb);
2319 break;
2320
2321 case HCI_OP_LE_LTK_NEG_REPLY:
2322 hci_cc_le_ltk_neg_reply(hdev, skb);
2323 break;
2324
f9b49306
AG		 2325 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2326 hci_cc_write_le_host_supported(hdev, skb);
2327 break;
2328
a9de9248
MH		 2329 default:
2330 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2331 break;
2332 }
2333
6bd32326
VT		 2334 if (ev->opcode != HCI_OP_NOP)
2335 del_timer(&hdev->cmd_timer);
2336
a9de9248
MH		 2337 if (ev->ncmd) {
2338 atomic_set(&hdev->cmd_cnt, 1);
2339 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2340 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2341 }
2342}
2343
2344static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2345{
2346 struct hci_ev_cmd_status *ev = (void *) skb->data;
2347 __u16 opcode;
2348
2349 skb_pull(skb, sizeof(*ev));
2350
2351 opcode = __le16_to_cpu(ev->opcode);
2352
2353 switch (opcode) {
2354 case HCI_OP_INQUIRY:
2355 hci_cs_inquiry(hdev, ev->status);
2356 break;
2357
2358 case HCI_OP_CREATE_CONN:
2359 hci_cs_create_conn(hdev, ev->status);
2360 break;
2361
2362 case HCI_OP_ADD_SCO:
2363 hci_cs_add_sco(hdev, ev->status);
2364 break;
2365
f8558555
MH		 2366 case HCI_OP_AUTH_REQUESTED:
2367 hci_cs_auth_requested(hdev, ev->status);
2368 break;
2369
2370 case HCI_OP_SET_CONN_ENCRYPT:
2371 hci_cs_set_conn_encrypt(hdev, ev->status);
2372 break;
2373
a9de9248
MH		 2374 case HCI_OP_REMOTE_NAME_REQ:
2375 hci_cs_remote_name_req(hdev, ev->status);
2376 break;
2377
769be974
MH		 2378 case HCI_OP_READ_REMOTE_FEATURES:
2379 hci_cs_read_remote_features(hdev, ev->status);
2380 break;
2381
2382 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2383 hci_cs_read_remote_ext_features(hdev, ev->status);
2384 break;
2385
a9de9248
MH		 2386 case HCI_OP_SETUP_SYNC_CONN:
2387 hci_cs_setup_sync_conn(hdev, ev->status);
2388 break;
2389
2390 case HCI_OP_SNIFF_MODE:
2391 hci_cs_sniff_mode(hdev, ev->status);
2392 break;
2393
2394 case HCI_OP_EXIT_SNIFF_MODE:
2395 hci_cs_exit_sniff_mode(hdev, ev->status);
2396 break;
2397
8962ee74 2398 case HCI_OP_DISCONNECT:
88c3df13 2399 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2400 break;
2401
fcd89c09
VT		 2402 case HCI_OP_LE_CREATE_CONN:
2403 hci_cs_le_create_conn(hdev, ev->status);
2404 break;
2405
a7a595f6
VCG		 2406 case HCI_OP_LE_START_ENC:
2407 hci_cs_le_start_enc(hdev, ev->status);
2408 break;
2409
a9de9248
MH		 2410 default:
2411 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2412 break;
2413 }
2414
6bd32326
VT		 2415 if (ev->opcode != HCI_OP_NOP)
2416 del_timer(&hdev->cmd_timer);
2417
10572132 2418 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2419 atomic_set(&hdev->cmd_cnt, 1);
2420 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2421 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2422 }
2423}
2424
2425static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2426{
2427 struct hci_ev_role_change *ev = (void *) skb->data;
2428 struct hci_conn *conn;
2429
2430 BT_DBG("%s status %d", hdev->name, ev->status);
2431
2432 hci_dev_lock(hdev);
2433
2434 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2435 if (conn) {
2436 if (!ev->status) {
2437 if (ev->role)
2438 conn->link_mode &= ~HCI_LM_MASTER;
2439 else
2440 conn->link_mode |= HCI_LM_MASTER;
2441 }
2442
51a8efd7 2443 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2444
2445 hci_role_switch_cfm(conn, ev->status, ev->role);
2446 }
2447
2448 hci_dev_unlock(hdev);
2449}
2450
2451static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2452{
2453 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2454 int i;
2455
32ac5b9b
AE		 2456 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2457 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2458 return;
2459 }
2460
c5993de8
AE		 2461 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2462 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2463 BT_DBG("%s bad parameters", hdev->name);
2464 return;
2465 }
2466
c5993de8
AE		 2467 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2468
613a1c0c
AE		 2469 for (i = 0; i < ev->num_hndl; i++) {
2470 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2471 struct hci_conn *conn;
2472 __u16 handle, count;
2473
613a1c0c
AE		 2474 handle = __le16_to_cpu(info->handle);
2475 count = __le16_to_cpu(info->count);
a9de9248
MH		 2476
2477 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2478 if (!conn)
2479 continue;
2480
2481 conn->sent -= count;
2482
2483 switch (conn->type) {
2484 case ACL_LINK:
2485 hdev->acl_cnt += count;
2486 if (hdev->acl_cnt > hdev->acl_pkts)
2487 hdev->acl_cnt = hdev->acl_pkts;
2488 break;
2489
2490 case LE_LINK:
2491 if (hdev->le_pkts) {
2492 hdev->le_cnt += count;
2493 if (hdev->le_cnt > hdev->le_pkts)
2494 hdev->le_cnt = hdev->le_pkts;
2495 } else {
70f23020
AE		 2496 hdev->acl_cnt += count;
2497 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2498 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2499 }
f4280918
AE		 2500 break;
2501
2502 case SCO_LINK:
2503 hdev->sco_cnt += count;
2504 if (hdev->sco_cnt > hdev->sco_pkts)
2505 hdev->sco_cnt = hdev->sco_pkts;
2506 break;
2507
2508 default:
2509 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2510 break;
a9de9248
MH		 2511 }
2512 }
2513
3eff45ea 2514 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2515}
2516
25e89e99
AE		 2517static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2518 struct sk_buff *skb)
2519{
2520 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2521 int i;
2522
2523 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2524 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2525 return;
2526 }
2527
2528 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2529 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2530 BT_DBG("%s bad parameters", hdev->name);
2531 return;
2532 }
2533
2534 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2535 ev->num_hndl);
2536
2537 for (i = 0; i < ev->num_hndl; i++) {
2538 struct hci_comp_blocks_info *info = &ev->handles[i];
2539 struct hci_conn *conn;
2540 __u16 handle, block_count;
2541
2542 handle = __le16_to_cpu(info->handle);
2543 block_count = __le16_to_cpu(info->blocks);
2544
2545 conn = hci_conn_hash_lookup_handle(hdev, handle);
2546 if (!conn)
2547 continue;
2548
2549 conn->sent -= block_count;
2550
2551 switch (conn->type) {
2552 case ACL_LINK:
2553 hdev->block_cnt += block_count;
2554 if (hdev->block_cnt > hdev->num_blocks)
2555 hdev->block_cnt = hdev->num_blocks;
2556 break;
2557
2558 default:
2559 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2560 break;
2561 }
2562 }
2563
2564 queue_work(hdev->workqueue, &hdev->tx_work);
2565}
2566
a9de9248 2567static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2568{
a9de9248 2569 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2570 struct hci_conn *conn;
2571
2572 BT_DBG("%s status %d", hdev->name, ev->status);
2573
2574 hci_dev_lock(hdev);
2575
2576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2577 if (conn) {
2578 conn->mode = ev->mode;
2579 conn->interval = __le16_to_cpu(ev->interval);
2580
51a8efd7 2581 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2582 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2583 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2584 else
58a681ef 2585 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2586 }
e73439d8 2587
51a8efd7 2588 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2589 hci_sco_setup(conn, ev->status);
04837f64
MH		 2590 }
2591
2592 hci_dev_unlock(hdev);
2593}
2594
a9de9248
MH		 2595static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2596{
052b30b0
MH		 2597 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2598 struct hci_conn *conn;
2599
a9de9248 2600 BT_DBG("%s", hdev->name);
052b30b0
MH		 2601
2602 hci_dev_lock(hdev);
2603
2604 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2605 if (!conn)
2606 goto unlock;
2607
2608 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2609 hci_conn_hold(conn);
2610 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2611 hci_conn_put(conn);
2612 }
2613
a8b2d5c2 2614 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2615 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2616 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2617 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2618 u8 secure;
2619
2620 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2621 secure = 1;
2622 else
2623 secure = 0;
2624
744cf19e 2625 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2626 }
980e1a53 2627
b6f98044 2628unlock:
052b30b0 2629 hci_dev_unlock(hdev);
a9de9248
MH		 2630}
2631
2632static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2633{
55ed8ca1
JH		 2634 struct hci_ev_link_key_req *ev = (void *) skb->data;
2635 struct hci_cp_link_key_reply cp;
2636 struct hci_conn *conn;
2637 struct link_key *key;
2638
a9de9248 2639 BT_DBG("%s", hdev->name);
55ed8ca1 2640
a8b2d5c2 2641 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2642 return;
2643
2644 hci_dev_lock(hdev);
2645
2646 key = hci_find_link_key(hdev, &ev->bdaddr);
2647 if (!key) {
2648 BT_DBG("%s link key not found for %s", hdev->name,
2649 batostr(&ev->bdaddr));
2650 goto not_found;
2651 }
2652
2653 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2654 batostr(&ev->bdaddr));
2655
a8b2d5c2 2656 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2657 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2658 BT_DBG("%s ignoring debug key", hdev->name);
2659 goto not_found;
2660 }
2661
2662 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2663 if (conn) {
2664 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2665 conn->auth_type != 0xff &&
2666 (conn->auth_type & 0x01)) {
2667 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2668 goto not_found;
2669 }
55ed8ca1 2670
60b83f57
WR		 2671 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2672 conn->pending_sec_level == BT_SECURITY_HIGH) {
2673 BT_DBG("%s ignoring key unauthenticated for high \
2674 security", hdev->name);
2675 goto not_found;
2676 }
2677
2678 conn->key_type = key->type;
2679 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2680 }
2681
2682 bacpy(&cp.bdaddr, &ev->bdaddr);
2683 memcpy(cp.link_key, key->val, 16);
2684
2685 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2686
2687 hci_dev_unlock(hdev);
2688
2689 return;
2690
2691not_found:
2692 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2693 hci_dev_unlock(hdev);
a9de9248
MH		 2694}
2695
2696static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2697{
052b30b0
MH		 2698 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2699 struct hci_conn *conn;
55ed8ca1 2700 u8 pin_len = 0;
052b30b0 2701
a9de9248 2702 BT_DBG("%s", hdev->name);
052b30b0
MH		 2703
2704 hci_dev_lock(hdev);
2705
2706 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2707 if (conn) {
2708 hci_conn_hold(conn);
2709 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2710 pin_len = conn->pin_length;
13d39315
WR		 2711
2712 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2713 conn->key_type = ev->key_type;
2714
052b30b0
MH		 2715 hci_conn_put(conn);
2716 }
2717
a8b2d5c2 2718 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2719 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2720 ev->key_type, pin_len);
2721
052b30b0 2722 hci_dev_unlock(hdev);
a9de9248
MH		 2723}
2724
1da177e4
LT		 2725static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2726{
a9de9248 2727 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2728 struct hci_conn *conn;
1da177e4
LT		 2729
2730 BT_DBG("%s status %d", hdev->name, ev->status);
2731
2732 hci_dev_lock(hdev);
2733
04837f64 2734 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2735 if (conn && !ev->status) {
2736 struct inquiry_entry *ie;
2737
cc11b9c1
AE		 2738 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2739 if (ie) {
1da177e4
LT		 2740 ie->data.clock_offset = ev->clock_offset;
2741 ie->timestamp = jiffies;
2742 }
2743 }
2744
2745 hci_dev_unlock(hdev);
2746}
2747
a8746417
MH		 2748static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2749{
2750 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2751 struct hci_conn *conn;
2752
2753 BT_DBG("%s status %d", hdev->name, ev->status);
2754
2755 hci_dev_lock(hdev);
2756
2757 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2758 if (conn && !ev->status)
2759 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2760
2761 hci_dev_unlock(hdev);
2762}
2763
85a1e930
MH		 2764static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765{
a9de9248 2766 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2767 struct inquiry_entry *ie;
2768
2769 BT_DBG("%s", hdev->name);
2770
2771 hci_dev_lock(hdev);
2772
cc11b9c1
AE		 2773 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2774 if (ie) {
85a1e930
MH		 2775 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2776 ie->timestamp = jiffies;
2777 }
2778
2779 hci_dev_unlock(hdev);
2780}
2781
a9de9248
MH		 2782static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2783{
2784 struct inquiry_data data;
2785 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2786 bool name_known, ssp;
a9de9248
MH		 2787
2788 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2789
2790 if (!num_rsp)
2791 return;
2792
2793 hci_dev_lock(hdev);
2794
2795 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2796 struct inquiry_info_with_rssi_and_pscan_mode *info;
2797 info = (void *) (skb->data + 1);
a9de9248 2798
e17acd40 2799 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2800 bacpy(&data.bdaddr, &info->bdaddr);
2801 data.pscan_rep_mode = info->pscan_rep_mode;
2802 data.pscan_period_mode = info->pscan_period_mode;
2803 data.pscan_mode = info->pscan_mode;
2804 memcpy(data.dev_class, info->dev_class, 3);
2805 data.clock_offset = info->clock_offset;
2806 data.rssi = info->rssi;
41a96212 2807 data.ssp_mode = 0x00;
3175405b
JH		 2808
2809 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2810 false, &ssp);
48264f06 2811 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2812 info->dev_class, info->rssi,
388fc8fa 2813 !name_known, ssp, NULL, 0);
a9de9248
MH		 2814 }
2815 } else {
2816 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2817
e17acd40 2818 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2819 bacpy(&data.bdaddr, &info->bdaddr);
2820 data.pscan_rep_mode = info->pscan_rep_mode;
2821 data.pscan_period_mode = info->pscan_period_mode;
2822 data.pscan_mode = 0x00;
2823 memcpy(data.dev_class, info->dev_class, 3);
2824 data.clock_offset = info->clock_offset;
2825 data.rssi = info->rssi;
41a96212 2826 data.ssp_mode = 0x00;
3175405b 2827 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2828 false, &ssp);
48264f06 2829 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2830 info->dev_class, info->rssi,
388fc8fa 2831 !name_known, ssp, NULL, 0);
a9de9248
MH		 2832 }
2833 }
2834
2835 hci_dev_unlock(hdev);
2836}
2837
2838static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2839{
41a96212
MH		 2840 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2841 struct hci_conn *conn;
2842
a9de9248 2843 BT_DBG("%s", hdev->name);
41a96212 2844
41a96212
MH		 2845 hci_dev_lock(hdev);
2846
2847 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2848 if (!conn)
2849 goto unlock;
41a96212 2850
ccd556fe
JH		 2851 if (!ev->status && ev->page == 0x01) {
2852 struct inquiry_entry *ie;
41a96212 2853
cc11b9c1
AE		 2854 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2855 if (ie)
ccd556fe 2856 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2857
58a681ef
JH		 2858 if (ev->features[0] & 0x01)
2859 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2860 }
2861
2862 if (conn->state != BT_CONFIG)
2863 goto unlock;
2864
127178d2
JH		 2865 if (!ev->status) {
2866 struct hci_cp_remote_name_req cp;
2867 memset(&cp, 0, sizeof(cp));
2868 bacpy(&cp.bdaddr, &conn->dst);
2869 cp.pscan_rep_mode = 0x02;
2870 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2871 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2872 mgmt_device_connected(hdev, &conn->dst, conn->type,
2873 conn->dst_type, NULL, 0,
2874 conn->dev_class);
392599b9 2875
127178d2 2876 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2877 conn->state = BT_CONNECTED;
2878 hci_proto_connect_cfm(conn, ev->status);
2879 hci_conn_put(conn);
41a96212
MH		 2880 }
2881
ccd556fe 2882unlock:
41a96212 2883 hci_dev_unlock(hdev);
a9de9248
MH		 2884}
2885
2886static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2887{
b6a0dc82
MH		 2888 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2889 struct hci_conn *conn;
2890
2891 BT_DBG("%s status %d", hdev->name, ev->status);
2892
2893 hci_dev_lock(hdev);
2894
2895 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2896 if (!conn) {
2897 if (ev->link_type == ESCO_LINK)
2898 goto unlock;
2899
2900 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2901 if (!conn)
2902 goto unlock;
2903
2904 conn->type = SCO_LINK;
2905 }
b6a0dc82 2906
732547f9
MH		 2907 switch (ev->status) {
2908 case 0x00:
b6a0dc82
MH		 2909 conn->handle = __le16_to_cpu(ev->handle);
2910 conn->state = BT_CONNECTED;
7d0db0a3 2911
9eba32b8 2912 hci_conn_hold_device(conn);
7d0db0a3 2913 hci_conn_add_sysfs(conn);
732547f9
MH		 2914 break;
2915
705e5711 2916 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2917 case 0x1c: /* SCO interval rejected */
1038a00b 2918 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2919 case 0x1f: /* Unspecified error */
2920 if (conn->out && conn->attempt < 2) {
2921 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2922 (hdev->esco_type & EDR_ESCO_MASK);
2923 hci_setup_sync(conn, conn->link->handle);
2924 goto unlock;
2925 }
2926 /* fall through */
2927
2928 default:
b6a0dc82 2929 conn->state = BT_CLOSED;
732547f9
MH		 2930 break;
2931 }
b6a0dc82
MH		 2932
2933 hci_proto_connect_cfm(conn, ev->status);
2934 if (ev->status)
2935 hci_conn_del(conn);
2936
2937unlock:
2938 hci_dev_unlock(hdev);
a9de9248
MH		 2939}
2940
2941static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2942{
2943 BT_DBG("%s", hdev->name);
2944}
2945
04837f64
MH		 2946static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2947{
a9de9248 2948 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2949
2950 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2951}
2952
a9de9248 2953static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2954{
a9de9248
MH		 2955 struct inquiry_data data;
2956 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2957 int num_rsp = *((__u8 *) skb->data);
1da177e4 2958
a9de9248 2959 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2960
a9de9248
MH		 2961 if (!num_rsp)
2962 return;
1da177e4 2963
a9de9248
MH		 2964 hci_dev_lock(hdev);
2965
e17acd40 2966 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2967 bool name_known, ssp;
561aafbc 2968
a9de9248 2969 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2970 data.pscan_rep_mode = info->pscan_rep_mode;
2971 data.pscan_period_mode = info->pscan_period_mode;
2972 data.pscan_mode = 0x00;
a9de9248 2973 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2974 data.clock_offset = info->clock_offset;
2975 data.rssi = info->rssi;
41a96212 2976 data.ssp_mode = 0x01;
561aafbc 2977
a8b2d5c2 2978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2979 name_known = eir_has_data_type(info->data,
2980 sizeof(info->data),
2981 EIR_NAME_COMPLETE);
561aafbc
JH		 2982 else
2983 name_known = true;
2984
388fc8fa
JH		 2985 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2986 &ssp);
48264f06 2987 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2988 info->dev_class, info->rssi,
388fc8fa 2989 !name_known, ssp, info->data,
7d262f86 2990 sizeof(info->data));
a9de9248
MH		 2991 }
2992
2993 hci_dev_unlock(hdev);
2994}
1da177e4 2995
17fa4b9d
JH		 2996static inline u8 hci_get_auth_req(struct hci_conn *conn)
2997{
2998 /* If remote requests dedicated bonding follow that lead */
2999 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3000 /* If both remote and local IO capabilities allow MITM
3001 * protection then require it, otherwise don't */
3002 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3003 return 0x02;
3004 else
3005 return 0x03;
3006 }
3007
3008 /* If remote requests no-bonding follow that lead */
3009 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3010 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3011
3012 return conn->auth_type;
3013}
3014
0493684e
MH		 3015static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3016{
3017 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3018 struct hci_conn *conn;
3019
3020 BT_DBG("%s", hdev->name);
3021
3022 hci_dev_lock(hdev);
3023
3024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3025 if (!conn)
3026 goto unlock;
3027
3028 hci_conn_hold(conn);
3029
a8b2d5c2 3030 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3031 goto unlock;
3032
a8b2d5c2 3033 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3034 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3035 struct hci_cp_io_capability_reply cp;
3036
3037 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3038 /* Change the IO capability from KeyboardDisplay
3039 * to DisplayYesNo as it is not supported by BT spec. */
3040 cp.capability = (conn->io_capability == 0x04) ?
3041 0x01 : conn->io_capability;
7cbc9bd9
JH		 3042 conn->auth_type = hci_get_auth_req(conn);
3043 cp.authentication = conn->auth_type;
17fa4b9d 3044
58a681ef 3045 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3046 hci_find_remote_oob_data(hdev, &conn->dst))
3047 cp.oob_data = 0x01;
3048 else
3049 cp.oob_data = 0x00;
3050
17fa4b9d
JH		 3051 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3052 sizeof(cp), &cp);
03b555e1
JH		 3053 } else {
3054 struct hci_cp_io_capability_neg_reply cp;
3055
3056 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3057 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3058
03b555e1
JH		 3059 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3060 sizeof(cp), &cp);
3061 }
3062
3063unlock:
3064 hci_dev_unlock(hdev);
3065}
3066
3067static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3068{
3069 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3070 struct hci_conn *conn;
3071
3072 BT_DBG("%s", hdev->name);
3073
3074 hci_dev_lock(hdev);
3075
3076 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3077 if (!conn)
3078 goto unlock;
3079
03b555e1 3080 conn->remote_cap = ev->capability;
03b555e1 3081 conn->remote_auth = ev->authentication;
58a681ef
JH		 3082 if (ev->oob_data)
3083 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3084
3085unlock:
0493684e
MH		 3086 hci_dev_unlock(hdev);
3087}
3088
a5c29683
JH		 3089static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3090 struct sk_buff *skb)
3091{
3092 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3093 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3094 struct hci_conn *conn;
a5c29683
JH		 3095
3096 BT_DBG("%s", hdev->name);
3097
3098 hci_dev_lock(hdev);
3099
a8b2d5c2 3100 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3101 goto unlock;
a5c29683 3102
7a828908
JH		 3103 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3104 if (!conn)
3105 goto unlock;
3106
3107 loc_mitm = (conn->auth_type & 0x01);
3108 rem_mitm = (conn->remote_auth & 0x01);
3109
3110 /* If we require MITM but the remote device can't provide that
3111 * (it has NoInputNoOutput) then reject the confirmation
3112 * request. The only exception is when we're dedicated bonding
3113 * initiators (connect_cfm_cb set) since then we always have the MITM
3114 * bit set. */
3115 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3116 BT_DBG("Rejecting request: remote device can't provide MITM");
3117 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3118 sizeof(ev->bdaddr), &ev->bdaddr);
3119 goto unlock;
3120 }
3121
3122 /* If no side requires MITM protection; auto-accept */
3123 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3124 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3125
3126 /* If we're not the initiators request authorization to
3127 * proceed from user space (mgmt_user_confirm with
3128 * confirm_hint set to 1). */
51a8efd7 3129 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3130 BT_DBG("Confirming auto-accept as acceptor");
3131 confirm_hint = 1;
3132 goto confirm;
3133 }
3134
9f61656a
JH		 3135 BT_DBG("Auto-accept of user confirmation with %ums delay",
3136 hdev->auto_accept_delay);
3137
3138 if (hdev->auto_accept_delay > 0) {
3139 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3140 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3141 goto unlock;
3142 }
3143
7a828908
JH		 3144 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3145 sizeof(ev->bdaddr), &ev->bdaddr);
3146 goto unlock;
3147 }
3148
55bc1a37 3149confirm:
272d90df 3150 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3151 confirm_hint);
7a828908
JH		 3152
3153unlock:
a5c29683
JH		 3154 hci_dev_unlock(hdev);
3155}
3156
1143d458
BG		 3157static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3158 struct sk_buff *skb)
3159{
3160 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3161
3162 BT_DBG("%s", hdev->name);
3163
3164 hci_dev_lock(hdev);
3165
a8b2d5c2 3166 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3167 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3168
3169 hci_dev_unlock(hdev);
3170}
3171
0493684e
MH		 3172static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3173{
3174 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s", hdev->name);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3182 if (!conn)
3183 goto unlock;
3184
3185 /* To avoid duplicate auth_failed events to user space we check
3186 * the HCI_CONN_AUTH_PEND flag which will be set if we
3187 * initiated the authentication. A traditional auth_complete
3188 * event gets always produced as initiator and is also mapped to
3189 * the mgmt_auth_failed event */
51a8efd7 3190 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3191 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3192 ev->status);
0493684e 3193
2a611692
JH		 3194 hci_conn_put(conn);
3195
3196unlock:
0493684e
MH		 3197 hci_dev_unlock(hdev);
3198}
3199
41a96212
MH		 3200static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3201{
3202 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3203 struct inquiry_entry *ie;
3204
3205 BT_DBG("%s", hdev->name);
3206
3207 hci_dev_lock(hdev);
3208
cc11b9c1
AE		 3209 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3210 if (ie)
41a96212
MH		 3211 ie->data.ssp_mode = (ev->features[0] & 0x01);
3212
3213 hci_dev_unlock(hdev);
3214}
3215
2763eda6
SJ		 3216static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3217 struct sk_buff *skb)
3218{
3219 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3220 struct oob_data *data;
3221
3222 BT_DBG("%s", hdev->name);
3223
3224 hci_dev_lock(hdev);
3225
a8b2d5c2 3226 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3227 goto unlock;
3228
2763eda6
SJ		 3229 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3230 if (data) {
3231 struct hci_cp_remote_oob_data_reply cp;
3232
3233 bacpy(&cp.bdaddr, &ev->bdaddr);
3234 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3235 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3236
3237 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3238 &cp);
3239 } else {
3240 struct hci_cp_remote_oob_data_neg_reply cp;
3241
3242 bacpy(&cp.bdaddr, &ev->bdaddr);
3243 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3244 &cp);
3245 }
3246
e1ba1f15 3247unlock:
2763eda6
SJ		 3248 hci_dev_unlock(hdev);
3249}
3250
fcd89c09
VT		 3251static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3252{
3253 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3254 struct hci_conn *conn;
3255
3256 BT_DBG("%s status %d", hdev->name, ev->status);
3257
3258 hci_dev_lock(hdev);
3259
3260 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3261 if (!conn) {
3262 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3263 if (!conn) {
3264 BT_ERR("No memory for new connection");
3265 hci_dev_unlock(hdev);
3266 return;
3267 }
29b7988a
AG		 3268
3269 conn->dst_type = ev->bdaddr_type;
b62f328b 3270 }
fcd89c09
VT		 3271
3272 if (ev->status) {
48264f06
JH		 3273 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3274 conn->dst_type, ev->status);
fcd89c09
VT		 3275 hci_proto_connect_cfm(conn, ev->status);
3276 conn->state = BT_CLOSED;
3277 hci_conn_del(conn);
3278 goto unlock;
3279 }
3280
b644ba33
JH		 3281 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3282 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3283 conn->dst_type, NULL, 0, 0);
83bc71b4 3284
7b5c0d52 3285 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3286 conn->handle = __le16_to_cpu(ev->handle);
3287 conn->state = BT_CONNECTED;
3288
3289 hci_conn_hold_device(conn);
3290 hci_conn_add_sysfs(conn);
3291
3292 hci_proto_connect_cfm(conn, ev->status);
3293
3294unlock:
3295 hci_dev_unlock(hdev);
3296}
3297
9aa04c91
AG		 3298static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3299 struct sk_buff *skb)
3300{
e95beb41
AG		 3301 u8 num_reports = skb->data[0];
3302 void *ptr = &skb->data[1];
3c9e9195 3303 s8 rssi;
9aa04c91
AG		 3304
3305 hci_dev_lock(hdev);
3306
e95beb41
AG		 3307 while (num_reports--) {
3308 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3309
9aa04c91 3310 hci_add_adv_entry(hdev, ev);
e95beb41 3311
3c9e9195
AG		 3312 rssi = ev->data[ev->length];
3313 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
388fc8fa
JH		 3314 NULL, rssi, 0, 1, ev->data,
3315 ev->length);
3c9e9195 3316
e95beb41 3317 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3318 }
3319
3320 hci_dev_unlock(hdev);
3321}
3322
a7a595f6
VCG		 3323static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3324 struct sk_buff *skb)
3325{
3326 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3327 struct hci_cp_le_ltk_reply cp;
bea710fe 3328 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3329 struct hci_conn *conn;
c9839a11 3330 struct smp_ltk *ltk;
a7a595f6
VCG		 3331
3332 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3333
3334 hci_dev_lock(hdev);
3335
3336 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3337 if (conn == NULL)
3338 goto not_found;
a7a595f6 3339
bea710fe
VCG		 3340 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3341 if (ltk == NULL)
3342 goto not_found;
3343
3344 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3345 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3346
3347 if (ltk->authenticated)
3348 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3349
3350 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3351
c9839a11
VCG		 3352 if (ltk->type & HCI_SMP_STK) {
3353 list_del(&ltk->list);
3354 kfree(ltk);
3355 }
3356
a7a595f6 3357 hci_dev_unlock(hdev);
bea710fe
VCG		 3358
3359 return;
3360
3361not_found:
3362 neg.handle = ev->handle;
3363 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3364 hci_dev_unlock(hdev);
a7a595f6
VCG		 3365}
3366
fcd89c09
VT		 3367static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3368{
3369 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3370
3371 skb_pull(skb, sizeof(*le_ev));
3372
3373 switch (le_ev->subevent) {
3374 case HCI_EV_LE_CONN_COMPLETE:
3375 hci_le_conn_complete_evt(hdev, skb);
3376 break;
3377
9aa04c91
AG		 3378 case HCI_EV_LE_ADVERTISING_REPORT:
3379 hci_le_adv_report_evt(hdev, skb);
3380 break;
3381
a7a595f6
VCG		 3382 case HCI_EV_LE_LTK_REQ:
3383 hci_le_ltk_request_evt(hdev, skb);
3384 break;
3385
fcd89c09
VT		 3386 default:
3387 break;
3388 }
3389}
3390
a9de9248
MH		 3391void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3392{
3393 struct hci_event_hdr *hdr = (void *) skb->data;
3394 __u8 event = hdr->evt;
3395
3396 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3397
3398 switch (event) {
1da177e4
LT		 3399 case HCI_EV_INQUIRY_COMPLETE:
3400 hci_inquiry_complete_evt(hdev, skb);
3401 break;
3402
3403 case HCI_EV_INQUIRY_RESULT:
3404 hci_inquiry_result_evt(hdev, skb);
3405 break;
3406
a9de9248
MH		 3407 case HCI_EV_CONN_COMPLETE:
3408 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3409 break;
3410
1da177e4
LT		 3411 case HCI_EV_CONN_REQUEST:
3412 hci_conn_request_evt(hdev, skb);
3413 break;
3414
1da177e4
LT		 3415 case HCI_EV_DISCONN_COMPLETE:
3416 hci_disconn_complete_evt(hdev, skb);
3417 break;
3418
1da177e4
LT		 3419 case HCI_EV_AUTH_COMPLETE:
3420 hci_auth_complete_evt(hdev, skb);
3421 break;
3422
a9de9248
MH		 3423 case HCI_EV_REMOTE_NAME:
3424 hci_remote_name_evt(hdev, skb);
3425 break;
3426
1da177e4
LT		 3427 case HCI_EV_ENCRYPT_CHANGE:
3428 hci_encrypt_change_evt(hdev, skb);
3429 break;
3430
a9de9248
MH		 3431 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3432 hci_change_link_key_complete_evt(hdev, skb);
3433 break;
3434
3435 case HCI_EV_REMOTE_FEATURES:
3436 hci_remote_features_evt(hdev, skb);
3437 break;
3438
3439 case HCI_EV_REMOTE_VERSION:
3440 hci_remote_version_evt(hdev, skb);
3441 break;
3442
3443 case HCI_EV_QOS_SETUP_COMPLETE:
3444 hci_qos_setup_complete_evt(hdev, skb);
3445 break;
3446
3447 case HCI_EV_CMD_COMPLETE:
3448 hci_cmd_complete_evt(hdev, skb);
3449 break;
3450
3451 case HCI_EV_CMD_STATUS:
3452 hci_cmd_status_evt(hdev, skb);
3453 break;
3454
3455 case HCI_EV_ROLE_CHANGE:
3456 hci_role_change_evt(hdev, skb);
3457 break;
3458
3459 case HCI_EV_NUM_COMP_PKTS:
3460 hci_num_comp_pkts_evt(hdev, skb);
3461 break;
3462
3463 case HCI_EV_MODE_CHANGE:
3464 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3465 break;
3466
3467 case HCI_EV_PIN_CODE_REQ:
3468 hci_pin_code_request_evt(hdev, skb);
3469 break;
3470
3471 case HCI_EV_LINK_KEY_REQ:
3472 hci_link_key_request_evt(hdev, skb);
3473 break;
3474
3475 case HCI_EV_LINK_KEY_NOTIFY:
3476 hci_link_key_notify_evt(hdev, skb);
3477 break;
3478
3479 case HCI_EV_CLOCK_OFFSET:
3480 hci_clock_offset_evt(hdev, skb);
3481 break;
3482
a8746417
MH		 3483 case HCI_EV_PKT_TYPE_CHANGE:
3484 hci_pkt_type_change_evt(hdev, skb);
3485 break;
3486
85a1e930
MH		 3487 case HCI_EV_PSCAN_REP_MODE:
3488 hci_pscan_rep_mode_evt(hdev, skb);
3489 break;
3490
a9de9248
MH		 3491 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3492 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3493 break;
3494
a9de9248
MH		 3495 case HCI_EV_REMOTE_EXT_FEATURES:
3496 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3497 break;
3498
a9de9248
MH		 3499 case HCI_EV_SYNC_CONN_COMPLETE:
3500 hci_sync_conn_complete_evt(hdev, skb);
3501 break;
1da177e4 3502
a9de9248
MH		 3503 case HCI_EV_SYNC_CONN_CHANGED:
3504 hci_sync_conn_changed_evt(hdev, skb);
3505 break;
1da177e4 3506
a9de9248
MH		 3507 case HCI_EV_SNIFF_SUBRATE:
3508 hci_sniff_subrate_evt(hdev, skb);
3509 break;
1da177e4 3510
a9de9248
MH		 3511 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3512 hci_extended_inquiry_result_evt(hdev, skb);
3513 break;
1da177e4 3514
0493684e
MH		 3515 case HCI_EV_IO_CAPA_REQUEST:
3516 hci_io_capa_request_evt(hdev, skb);
3517 break;
3518
03b555e1
JH		 3519 case HCI_EV_IO_CAPA_REPLY:
3520 hci_io_capa_reply_evt(hdev, skb);
3521 break;
3522
a5c29683
JH		 3523 case HCI_EV_USER_CONFIRM_REQUEST:
3524 hci_user_confirm_request_evt(hdev, skb);
3525 break;
3526
1143d458
BG		 3527 case HCI_EV_USER_PASSKEY_REQUEST:
3528 hci_user_passkey_request_evt(hdev, skb);
3529 break;
3530
0493684e
MH		 3531 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3532 hci_simple_pair_complete_evt(hdev, skb);
3533 break;
3534
41a96212
MH		 3535 case HCI_EV_REMOTE_HOST_FEATURES:
3536 hci_remote_host_features_evt(hdev, skb);
3537 break;
3538
fcd89c09
VT		 3539 case HCI_EV_LE_META:
3540 hci_le_meta_evt(hdev, skb);
3541 break;
3542
2763eda6
SJ		 3543 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3544 hci_remote_oob_data_request_evt(hdev, skb);
3545 break;
3546
25e89e99
AE		 3547 case HCI_EV_NUM_COMP_BLOCKS:
3548 hci_num_comp_blocks_evt(hdev, skb);
3549 break;
3550
a9de9248
MH		 3551 default:
3552 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3553 break;
3554 }
3555
3556 kfree_skb(skb);
3557 hdev->stat.evt_rx++;
3558}
kernel source for telekom puls (alcatel/mediatek)