projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add automated SSP user confirmation responses
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
1da177e4
LT		 48/* Handle HCI Event packets */
49
a9de9248 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 51{
a9de9248 52 __u8 status = *((__u8 *) skb->data);
1da177e4 53
a9de9248 54 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 55
a9de9248
MH		 56 if (status)
57 return;
1da177e4 58
314b2381
JH		 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
6bd57416 62
23bb5763 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 64
65 hci_conn_check_pending(hdev);
66}
6bd57416 67
a9de9248
MH		 68static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69{
70 __u8 status = *((__u8 *) skb->data);
6bd57416 71
a9de9248 72 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 73
a9de9248
MH		 74 if (status)
75 return;
1da177e4 76
314b2381
JH		 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
a9de9248
MH		 80
81 hci_conn_check_pending(hdev);
82}
83
84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 BT_DBG("%s", hdev->name);
87}
88
89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90{
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
1da177e4 107 }
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
a9de9248 137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
e4e8e37c
MH		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165}
166
167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168{
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
23bb5763 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 182}
183
a9de9248
MH		 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185{
186 __u8 status = *((__u8 *) skb->data);
04837f64 187
a9de9248 188 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 189
10572132
GP		 190 clear_bit(HCI_RESET, &hdev->flags);
191
23bb5763 192 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 193}
04837f64 194
a9de9248
MH		 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196{
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
04837f64 199
a9de9248 200 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 201
a9de9248
MH		 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
04837f64 205
b312b161
JH		 206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
1f6c6378 212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 213}
214
215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216{
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
1f6c6378 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 225}
226
227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228{
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 245 }
a9de9248 246
23bb5763 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 248}
249
a9de9248 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 251{
a9de9248 252 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 253 void *sent;
254
a9de9248 255 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 256
a9de9248
MH		 257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
1da177e4 260
a9de9248
MH		 261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
1da177e4 269
23bb5763 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 271}
1da177e4 272
a9de9248
MH		 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274{
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
1da177e4 277
a9de9248 278 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 279
a9de9248
MH		 280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
1da177e4 283
a9de9248
MH		 284 if (!status) {
285 __u8 param = *((__u8 *) sent);
9fbcbb45 286 int old_pscan, old_iscan;
1da177e4 287
9fbcbb45
JH		 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 290
73f22f62 291 if (param & SCAN_INQUIRY) {
a9de9248 292 set_bit(HCI_ISCAN, &hdev->flags);
9fbcbb45
JH		 293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
73f22f62 296 mgmt_discoverable(hdev->id, 0);
1da177e4 297
9fbcbb45 298 if (param & SCAN_PAGE) {
a9de9248 299 set_bit(HCI_PSCAN, &hdev->flags);
9fbcbb45
JH		 300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
a9de9248 304 }
1da177e4 305
23bb5763 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 307}
1da177e4 308
a9de9248
MH		 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310{
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 312
a9de9248 313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 314
a9de9248
MH		 315 if (rp->status)
316 return;
1da177e4 317
a9de9248 318 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 319
a9de9248
MH		 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322}
1da177e4 323
a9de9248
MH		 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325{
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
1da177e4 328
a9de9248 329 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 330
f383f275
MH		 331 if (status)
332 return;
333
a9de9248
MH		 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
1da177e4 337
f383f275 338 memcpy(hdev->dev_class, sent, 3);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
f383f275 353 if (hdev->voice_setting == setting)
a9de9248
MH		 354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365}
366
367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
f383f275 370 __u16 setting;
a9de9248
MH		 371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 374
f383f275
MH		 375 if (status)
376 return;
377
a9de9248
MH		 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
1da177e4 381
f383f275 382 setting = get_unaligned_le16(sent);
1da177e4 383
f383f275
MH		 384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
1da177e4 388
f383f275 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 390
f383f275
MH		 391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 395 }
396}
397
a9de9248 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 399{
a9de9248 400 __u8 status = *((__u8 *) skb->data);
1da177e4 401
a9de9248 402 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 403
23bb5763 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 405}
1143e5a6 406
333140b5
MH		 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408{
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417}
418
419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420{
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434}
435
d5859e22
JH		 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437{
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462}
463
464static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465{
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471}
472
473static void hci_setup_event_mask(struct hci_dev *hdev)
474{
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
480 /* Events for 1.2 and newer controllers */
481 if (hdev->lmp_ver > 1) {
482 events[4] |= 0x01; /* Flow Specification Complete */
483 events[4] |= 0x02; /* Inquiry Result with RSSI */
484 events[4] |= 0x04; /* Read Remote Extended Features Complete */
485 events[5] |= 0x08; /* Synchronous Connection Complete */
486 events[5] |= 0x10; /* Synchronous Connection Changed */
487 }
488
489 if (hdev->features[3] & LMP_RSSI_INQ)
490 events[4] |= 0x04; /* Inquiry Result with RSSI */
491
492 if (hdev->features[5] & LMP_SNIFF_SUBR)
493 events[5] |= 0x20; /* Sniff Subrating */
494
495 if (hdev->features[5] & LMP_PAUSE_ENC)
496 events[5] |= 0x80; /* Encryption Key Refresh Complete */
497
498 if (hdev->features[6] & LMP_EXT_INQ)
499 events[5] |= 0x40; /* Extended Inquiry Result */
500
501 if (hdev->features[6] & LMP_NO_FLUSH)
502 events[7] |= 0x01; /* Enhanced Flush Complete */
503
504 if (hdev->features[7] & LMP_LSTO)
505 events[6] |= 0x80; /* Link Supervision Timeout Changed */
506
507 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
508 events[6] |= 0x01; /* IO Capability Request */
509 events[6] |= 0x02; /* IO Capability Response */
510 events[6] |= 0x04; /* User Confirmation Request */
511 events[6] |= 0x08; /* User Passkey Request */
512 events[6] |= 0x10; /* Remote OOB Data Request */
513 events[6] |= 0x20; /* Simple Pairing Complete */
514 events[7] |= 0x04; /* User Passkey Notification */
515 events[7] |= 0x08; /* Keypress Notification */
516 events[7] |= 0x10; /* Remote Host Supported
517 * Features Notification */
518 }
519
520 if (hdev->features[4] & LMP_LE)
521 events[7] |= 0x20; /* LE Meta-Event */
522
523 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
524}
525
526static void hci_setup(struct hci_dev *hdev)
527{
528 hci_setup_event_mask(hdev);
529
530 if (hdev->lmp_ver > 1)
531 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
532
533 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
534 u8 mode = 0x01;
535 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
536 }
537
538 if (hdev->features[3] & LMP_RSSI_INQ)
539 hci_setup_inquiry_mode(hdev);
540
541 if (hdev->features[7] & LMP_INQ_TX_PWR)
542 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
543}
544
a9de9248
MH		 545static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
546{
547 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 548
a9de9248 549 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 550
a9de9248
MH		 551 if (rp->status)
552 return;
1143e5a6 553
a9de9248 554 hdev->hci_ver = rp->hci_ver;
e4e8e37c 555 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 556 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 557 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 558 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 559
a9de9248
MH		 560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
561 hdev->manufacturer,
562 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 563
564 if (test_bit(HCI_INIT, &hdev->flags))
565 hci_setup(hdev);
566}
567
568static void hci_setup_link_policy(struct hci_dev *hdev)
569{
570 u16 link_policy = 0;
571
572 if (hdev->features[0] & LMP_RSWITCH)
573 link_policy |= HCI_LP_RSWITCH;
574 if (hdev->features[0] & LMP_HOLD)
575 link_policy |= HCI_LP_HOLD;
576 if (hdev->features[0] & LMP_SNIFF)
577 link_policy |= HCI_LP_SNIFF;
578 if (hdev->features[1] & LMP_PARK)
579 link_policy |= HCI_LP_PARK;
580
581 link_policy = cpu_to_le16(link_policy);
582 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
583 sizeof(link_policy), &link_policy);
a9de9248 584}
1da177e4 585
a9de9248
MH		 586static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
587{
588 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 589
a9de9248 590 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 591
a9de9248 592 if (rp->status)
d5859e22 593 goto done;
1da177e4 594
a9de9248 595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 596
597 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
598 hci_setup_link_policy(hdev);
599
600done:
601 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 602}
1da177e4 603
a9de9248
MH		 604static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
605{
606 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 607
a9de9248 608 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 609
a9de9248
MH		 610 if (rp->status)
611 return;
5b7f9909 612
a9de9248 613 memcpy(hdev->features, rp->features, 8);
5b7f9909 614
a9de9248
MH		 615 /* Adjust default settings according to features
616 * supported by device. */
1da177e4 617
a9de9248
MH		 618 if (hdev->features[0] & LMP_3SLOT)
619 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 620
a9de9248
MH		 621 if (hdev->features[0] & LMP_5SLOT)
622 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 623
a9de9248
MH		 624 if (hdev->features[1] & LMP_HV2) {
625 hdev->pkt_type |= (HCI_HV2);
626 hdev->esco_type |= (ESCO_HV2);
627 }
1da177e4 628
a9de9248
MH		 629 if (hdev->features[1] & LMP_HV3) {
630 hdev->pkt_type |= (HCI_HV3);
631 hdev->esco_type |= (ESCO_HV3);
632 }
1da177e4 633
a9de9248
MH		 634 if (hdev->features[3] & LMP_ESCO)
635 hdev->esco_type |= (ESCO_EV3);
da1f5198 636
a9de9248
MH		 637 if (hdev->features[4] & LMP_EV4)
638 hdev->esco_type |= (ESCO_EV4);
da1f5198 639
a9de9248
MH		 640 if (hdev->features[4] & LMP_EV5)
641 hdev->esco_type |= (ESCO_EV5);
1da177e4 642
efc7688b
MH		 643 if (hdev->features[5] & LMP_EDR_ESCO_2M)
644 hdev->esco_type |= (ESCO_2EV3);
645
646 if (hdev->features[5] & LMP_EDR_ESCO_3M)
647 hdev->esco_type |= (ESCO_3EV3);
648
649 if (hdev->features[5] & LMP_EDR_3S_ESCO)
650 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
651
a9de9248
MH		 652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
653 hdev->features[0], hdev->features[1],
654 hdev->features[2], hdev->features[3],
655 hdev->features[4], hdev->features[5],
656 hdev->features[6], hdev->features[7]);
657}
1da177e4 658
a9de9248
MH		 659static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
660{
661 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 662
a9de9248 663 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
1da177e4 667
a9de9248
MH		 668 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
669 hdev->sco_mtu = rp->sco_mtu;
670 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
671 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
672
673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
674 hdev->sco_mtu = 64;
675 hdev->sco_pkts = 8;
1da177e4 676 }
a9de9248
MH		 677
678 hdev->acl_cnt = hdev->acl_pkts;
679 hdev->sco_cnt = hdev->sco_pkts;
680
681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
682 hdev->acl_mtu, hdev->acl_pkts,
683 hdev->sco_mtu, hdev->sco_pkts);
684}
685
686static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
687{
688 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
689
690 BT_DBG("%s status 0x%x", hdev->name, rp->status);
691
692 if (!rp->status)
693 bacpy(&hdev->bdaddr, &rp->bdaddr);
694
23bb5763
JH		 695 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
696}
697
698static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
699{
700 __u8 status = *((__u8 *) skb->data);
701
702 BT_DBG("%s status 0x%x", hdev->name, status);
703
704 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 705}
706
b0916ea0
JH		 707static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 __u8 status = *((__u8 *) skb->data);
711
712 BT_DBG("%s status 0x%x", hdev->name, status);
713
714 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
715}
716
d5859e22
JH		 717static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
718{
719 __u8 status = *((__u8 *) skb->data);
720
721 BT_DBG("%s status 0x%x", hdev->name, status);
722
723 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
724}
725
726static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
727 struct sk_buff *skb)
728{
729 __u8 status = *((__u8 *) skb->data);
730
731 BT_DBG("%s status 0x%x", hdev->name, status);
732
733 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
734}
735
736static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
737 struct sk_buff *skb)
738{
739 __u8 status = *((__u8 *) skb->data);
740
741 BT_DBG("%s status 0x%x", hdev->name, status);
742
743 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
744}
745
746static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
747{
748 __u8 status = *((__u8 *) skb->data);
749
750 BT_DBG("%s status 0x%x", hdev->name, status);
751
752 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
753}
754
980e1a53
JH		 755static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
756{
757 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
758 struct hci_cp_pin_code_reply *cp;
759 struct hci_conn *conn;
760
761 BT_DBG("%s status 0x%x", hdev->name, rp->status);
762
763 if (test_bit(HCI_MGMT, &hdev->flags))
764 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
765
766 if (rp->status != 0)
767 return;
768
769 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
770 if (!cp)
771 return;
772
773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
774 if (conn)
775 conn->pin_length = cp->pin_len;
776}
777
778static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
779{
780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
781
782 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783
784 if (test_bit(HCI_MGMT, &hdev->flags))
785 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
786 rp->status);
787}
6ed58ec5
VT		 788static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
789 struct sk_buff *skb)
790{
791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
792
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
794
795 if (rp->status)
796 return;
797
798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
799 hdev->le_pkts = rp->le_max_pkt;
800
801 hdev->le_cnt = hdev->le_pkts;
802
803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
804
805 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
806}
980e1a53 807
a5c29683
JH		 808static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
809{
810 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
811
812 BT_DBG("%s status 0x%x", hdev->name, rp->status);
813
814 if (test_bit(HCI_MGMT, &hdev->flags))
815 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
816 rp->status);
817}
818
819static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
820 struct sk_buff *skb)
821{
822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
823
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
825
826 if (test_bit(HCI_MGMT, &hdev->flags))
827 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
828 rp->status);
829}
830
c35938b2
SJ		 831static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
832 struct sk_buff *skb)
833{
834 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
835
836 BT_DBG("%s status 0x%x", hdev->name, rp->status);
837
838 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
839 rp->randomizer, rp->status);
840}
841
a9de9248
MH		 842static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
843{
844 BT_DBG("%s status 0x%x", hdev->name, status);
845
846 if (status) {
23bb5763 847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 848 hci_conn_check_pending(hdev);
314b2381
JH		 849 return;
850 }
851
852 if (test_bit(HCI_MGMT, &hdev->flags) &&
853 !test_and_set_bit(HCI_INQUIRY,
854 &hdev->flags))
855 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 856}
857
1da177e4
LT		 858static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
859{
a9de9248 860 struct hci_cp_create_conn *cp;
1da177e4 861 struct hci_conn *conn;
1da177e4 862
a9de9248
MH		 863 BT_DBG("%s status 0x%x", hdev->name, status);
864
865 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 866 if (!cp)
867 return;
868
869 hci_dev_lock(hdev);
870
871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
872
a9de9248 873 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 874
875 if (status) {
876 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 877 if (status != 0x0c || conn->attempt > 2) {
878 conn->state = BT_CLOSED;
879 hci_proto_connect_cfm(conn, status);
880 hci_conn_del(conn);
881 } else
882 conn->state = BT_CONNECT2;
1da177e4
LT		 883 }
884 } else {
885 if (!conn) {
886 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
887 if (conn) {
888 conn->out = 1;
889 conn->link_mode |= HCI_LM_MASTER;
890 } else
893ef971 891 BT_ERR("No memory for new connection");
1da177e4
LT		 892 }
893 }
894
895 hci_dev_unlock(hdev);
896}
897
a9de9248 898static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 899{
a9de9248
MH		 900 struct hci_cp_add_sco *cp;
901 struct hci_conn *acl, *sco;
902 __u16 handle;
1da177e4 903
b6a0dc82
MH		 904 BT_DBG("%s status 0x%x", hdev->name, status);
905
a9de9248
MH		 906 if (!status)
907 return;
1da177e4 908
a9de9248
MH		 909 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
910 if (!cp)
911 return;
1da177e4 912
a9de9248 913 handle = __le16_to_cpu(cp->handle);
1da177e4 914
a9de9248 915 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 916
a9de9248 917 hci_dev_lock(hdev);
1da177e4 918
a9de9248 919 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 920 if (acl) {
921 sco = acl->link;
922 if (sco) {
923 sco->state = BT_CLOSED;
1da177e4 924
5a08ecce
AE		 925 hci_proto_connect_cfm(sco, status);
926 hci_conn_del(sco);
927 }
a9de9248 928 }
1da177e4 929
a9de9248
MH		 930 hci_dev_unlock(hdev);
931}
1da177e4 932
f8558555
MH		 933static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
934{
935 struct hci_cp_auth_requested *cp;
936 struct hci_conn *conn;
937
938 BT_DBG("%s status 0x%x", hdev->name, status);
939
940 if (!status)
941 return;
942
943 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
944 if (!cp)
945 return;
946
947 hci_dev_lock(hdev);
948
949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
950 if (conn) {
951 if (conn->state == BT_CONFIG) {
952 hci_proto_connect_cfm(conn, status);
953 hci_conn_put(conn);
954 }
955 }
956
957 hci_dev_unlock(hdev);
958}
959
960static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
961{
962 struct hci_cp_set_conn_encrypt *cp;
963 struct hci_conn *conn;
964
965 BT_DBG("%s status 0x%x", hdev->name, status);
966
967 if (!status)
968 return;
969
970 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
971 if (!cp)
972 return;
973
974 hci_dev_lock(hdev);
975
976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
977 if (conn) {
978 if (conn->state == BT_CONFIG) {
979 hci_proto_connect_cfm(conn, status);
980 hci_conn_put(conn);
981 }
982 }
983
984 hci_dev_unlock(hdev);
985}
986
127178d2 987static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 988 struct hci_conn *conn)
392599b9 989{
392599b9
JH		 990 if (conn->state != BT_CONFIG || !conn->out)
991 return 0;
992
765c2a96 993 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 994 return 0;
995
996 /* Only request authentication for SSP connections or non-SSP
997 * devices with sec_level HIGH */
998 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
765c2a96 999 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1000 return 0;
1001
392599b9
JH		 1002 return 1;
1003}
1004
a9de9248
MH		 1005static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1006{
127178d2
JH		 1007 struct hci_cp_remote_name_req *cp;
1008 struct hci_conn *conn;
1009
a9de9248 1010 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1011
1012 /* If successful wait for the name req complete event before
1013 * checking for the need to do authentication */
1014 if (!status)
1015 return;
1016
1017 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1018 if (!cp)
1019 return;
1020
1021 hci_dev_lock(hdev);
1022
1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1024 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1025 struct hci_cp_auth_requested cp;
1026 cp.handle = __cpu_to_le16(conn->handle);
1027 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1028 }
1029
1030 hci_dev_unlock(hdev);
a9de9248 1031}
1da177e4 1032
769be974
MH		 1033static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1034{
1035 struct hci_cp_read_remote_features *cp;
1036 struct hci_conn *conn;
1037
1038 BT_DBG("%s status 0x%x", hdev->name, status);
1039
1040 if (!status)
1041 return;
1042
1043 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1044 if (!cp)
1045 return;
1046
1047 hci_dev_lock(hdev);
1048
1049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1050 if (conn) {
1051 if (conn->state == BT_CONFIG) {
769be974
MH		 1052 hci_proto_connect_cfm(conn, status);
1053 hci_conn_put(conn);
1054 }
1055 }
1056
1057 hci_dev_unlock(hdev);
1058}
1059
1060static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1061{
1062 struct hci_cp_read_remote_ext_features *cp;
1063 struct hci_conn *conn;
1064
1065 BT_DBG("%s status 0x%x", hdev->name, status);
1066
1067 if (!status)
1068 return;
1069
1070 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1071 if (!cp)
1072 return;
1073
1074 hci_dev_lock(hdev);
1075
1076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1077 if (conn) {
1078 if (conn->state == BT_CONFIG) {
769be974
MH		 1079 hci_proto_connect_cfm(conn, status);
1080 hci_conn_put(conn);
1081 }
1082 }
1083
1084 hci_dev_unlock(hdev);
1085}
1086
a9de9248
MH		 1087static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1088{
b6a0dc82
MH		 1089 struct hci_cp_setup_sync_conn *cp;
1090 struct hci_conn *acl, *sco;
1091 __u16 handle;
1092
a9de9248 1093 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1094
1095 if (!status)
1096 return;
1097
1098 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1099 if (!cp)
1100 return;
1101
1102 handle = __le16_to_cpu(cp->handle);
1103
1104 BT_DBG("%s handle %d", hdev->name, handle);
1105
1106 hci_dev_lock(hdev);
1107
1108 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1109 if (acl) {
1110 sco = acl->link;
1111 if (sco) {
1112 sco->state = BT_CLOSED;
b6a0dc82 1113
5a08ecce
AE		 1114 hci_proto_connect_cfm(sco, status);
1115 hci_conn_del(sco);
1116 }
b6a0dc82
MH		 1117 }
1118
1119 hci_dev_unlock(hdev);
1da177e4
LT		 1120}
1121
a9de9248 1122static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1123{
a9de9248
MH		 1124 struct hci_cp_sniff_mode *cp;
1125 struct hci_conn *conn;
1da177e4 1126
a9de9248 1127 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1128
a9de9248
MH		 1129 if (!status)
1130 return;
04837f64 1131
a9de9248
MH		 1132 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1133 if (!cp)
1134 return;
04837f64 1135
a9de9248 1136 hci_dev_lock(hdev);
04837f64 1137
a9de9248 1138 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1139 if (conn) {
a9de9248 1140 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1141
e73439d8
MH		 1142 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1143 hci_sco_setup(conn, status);
1144 }
1145
a9de9248
MH		 1146 hci_dev_unlock(hdev);
1147}
04837f64 1148
a9de9248
MH		 1149static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1150{
1151 struct hci_cp_exit_sniff_mode *cp;
1152 struct hci_conn *conn;
04837f64 1153
a9de9248 1154 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1155
a9de9248
MH		 1156 if (!status)
1157 return;
04837f64 1158
a9de9248
MH		 1159 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1160 if (!cp)
1161 return;
04837f64 1162
a9de9248 1163 hci_dev_lock(hdev);
1da177e4 1164
a9de9248 1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1166 if (conn) {
a9de9248 1167 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1168
e73439d8
MH		 1169 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1170 hci_sco_setup(conn, status);
1171 }
1172
a9de9248 1173 hci_dev_unlock(hdev);
1da177e4
LT		 1174}
1175
fcd89c09
VT		 1176static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1177{
1178 struct hci_cp_le_create_conn *cp;
1179 struct hci_conn *conn;
1180
1181 BT_DBG("%s status 0x%x", hdev->name, status);
1182
1183 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1184 if (!cp)
1185 return;
1186
1187 hci_dev_lock(hdev);
1188
1189 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1190
1191 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1192 conn);
1193
1194 if (status) {
1195 if (conn && conn->state == BT_CONNECT) {
1196 conn->state = BT_CLOSED;
1197 hci_proto_connect_cfm(conn, status);
1198 hci_conn_del(conn);
1199 }
1200 } else {
1201 if (!conn) {
1202 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1203 if (conn)
1204 conn->out = 1;
1205 else
1206 BT_ERR("No memory for new connection");
1207 }
1208 }
1209
1210 hci_dev_unlock(hdev);
1211}
1212
1da177e4
LT		 1213static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1214{
1215 __u8 status = *((__u8 *) skb->data);
1216
1217 BT_DBG("%s status %d", hdev->name, status);
1218
314b2381
JH		 1219 if (test_bit(HCI_MGMT, &hdev->flags) &&
1220 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1221 mgmt_discovering(hdev->id, 0);
6bd57416 1222
23bb5763 1223 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1224
a9de9248 1225 hci_conn_check_pending(hdev);
1da177e4
LT		 1226}
1227
1da177e4
LT		 1228static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1229{
45bb4bf0 1230 struct inquiry_data data;
a9de9248 1231 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1232 int num_rsp = *((__u8 *) skb->data);
1233
1234 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1235
45bb4bf0
MH		 1236 if (!num_rsp)
1237 return;
1238
1da177e4 1239 hci_dev_lock(hdev);
45bb4bf0 1240
314b2381
JH		 1241 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1242
1243 if (test_bit(HCI_MGMT, &hdev->flags))
1244 mgmt_discovering(hdev->id, 1);
1245 }
1246
e17acd40 1247 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1248 bacpy(&data.bdaddr, &info->bdaddr);
1249 data.pscan_rep_mode = info->pscan_rep_mode;
1250 data.pscan_period_mode = info->pscan_period_mode;
1251 data.pscan_mode = info->pscan_mode;
1252 memcpy(data.dev_class, info->dev_class, 3);
1253 data.clock_offset = info->clock_offset;
1254 data.rssi = 0x00;
41a96212 1255 data.ssp_mode = 0x00;
1da177e4 1256 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1257 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1258 NULL);
1da177e4 1259 }
45bb4bf0 1260
1da177e4
LT		 1261 hci_dev_unlock(hdev);
1262}
1263
1da177e4
LT		 1264static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1265{
a9de9248
MH		 1266 struct hci_ev_conn_complete *ev = (void *) skb->data;
1267 struct hci_conn *conn;
1da177e4
LT		 1268
1269 BT_DBG("%s", hdev->name);
1270
1271 hci_dev_lock(hdev);
1272
1273 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1274 if (!conn) {
1275 if (ev->link_type != SCO_LINK)
1276 goto unlock;
1277
1278 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1279 if (!conn)
1280 goto unlock;
1281
1282 conn->type = SCO_LINK;
1283 }
1da177e4
LT		 1284
1285 if (!ev->status) {
1286 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1287
1288 if (conn->type == ACL_LINK) {
1289 conn->state = BT_CONFIG;
1290 hci_conn_hold(conn);
052b30b0 1291 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
f7520543 1292 mgmt_connected(hdev->id, &ev->bdaddr);
769be974
MH		 1293 } else
1294 conn->state = BT_CONNECTED;
1da177e4 1295
9eba32b8 1296 hci_conn_hold_device(conn);
7d0db0a3
MH		 1297 hci_conn_add_sysfs(conn);
1298
1da177e4
LT		 1299 if (test_bit(HCI_AUTH, &hdev->flags))
1300 conn->link_mode |= HCI_LM_AUTH;
1301
1302 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1303 conn->link_mode |= HCI_LM_ENCRYPT;
1304
04837f64
MH		 1305 /* Get remote features */
1306 if (conn->type == ACL_LINK) {
1307 struct hci_cp_read_remote_features cp;
1308 cp.handle = ev->handle;
769be974
MH		 1309 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1310 sizeof(cp), &cp);
04837f64
MH		 1311 }
1312
1da177e4 1313 /* Set packet type for incoming connection */
a8746417 1314 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1315 struct hci_cp_change_conn_ptype cp;
1316 cp.handle = ev->handle;
a8746417
MH		 1317 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1318 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1319 sizeof(cp), &cp);
1da177e4 1320 }
17d5c04c 1321 } else {
1da177e4 1322 conn->state = BT_CLOSED;
17d5c04c
JH		 1323 if (conn->type == ACL_LINK)
1324 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1325 }
1da177e4 1326
e73439d8
MH		 1327 if (conn->type == ACL_LINK)
1328 hci_sco_setup(conn, ev->status);
1da177e4 1329
769be974
MH		 1330 if (ev->status) {
1331 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1332 hci_conn_del(conn);
c89b6e6b
MH		 1333 } else if (ev->link_type != ACL_LINK)
1334 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1335
a9de9248 1336unlock:
1da177e4 1337 hci_dev_unlock(hdev);
1da177e4 1338
a9de9248 1339 hci_conn_check_pending(hdev);
1da177e4
LT		 1340}
1341
a9de9248 1342static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1343{
a9de9248
MH		 1344 struct hci_ev_conn_request *ev = (void *) skb->data;
1345 int mask = hdev->link_mode;
1da177e4 1346
a9de9248
MH		 1347 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1348 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1349
a9de9248 1350 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1351
138d22ef
SJ		 1352 if ((mask & HCI_LM_ACCEPT) &&
1353 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1354 /* Connection accepted */
c7bdd502 1355 struct inquiry_entry *ie;
1da177e4 1356 struct hci_conn *conn;
1da177e4 1357
a9de9248 1358 hci_dev_lock(hdev);
b6a0dc82 1359
cc11b9c1
AE		 1360 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1361 if (ie)
c7bdd502
MH		 1362 memcpy(ie->data.dev_class, ev->dev_class, 3);
1363
a9de9248
MH		 1364 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1365 if (!conn) {
cc11b9c1
AE		 1366 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1367 if (!conn) {
893ef971 1368 BT_ERR("No memory for new connection");
a9de9248
MH		 1369 hci_dev_unlock(hdev);
1370 return;
1da177e4
LT		 1371 }
1372 }
b6a0dc82 1373
a9de9248
MH		 1374 memcpy(conn->dev_class, ev->dev_class, 3);
1375 conn->state = BT_CONNECT;
b6a0dc82 1376
a9de9248 1377 hci_dev_unlock(hdev);
1da177e4 1378
b6a0dc82
MH		 1379 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1380 struct hci_cp_accept_conn_req cp;
1da177e4 1381
b6a0dc82
MH		 1382 bacpy(&cp.bdaddr, &ev->bdaddr);
1383
1384 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1385 cp.role = 0x00; /* Become master */
1386 else
1387 cp.role = 0x01; /* Remain slave */
1388
1389 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1390 sizeof(cp), &cp);
1391 } else {
1392 struct hci_cp_accept_sync_conn_req cp;
1393
1394 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1395 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1396
1397 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1398 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1399 cp.max_latency = cpu_to_le16(0xffff);
1400 cp.content_format = cpu_to_le16(hdev->voice_setting);
1401 cp.retrans_effort = 0xff;
1da177e4 1402
b6a0dc82
MH		 1403 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1404 sizeof(cp), &cp);
1405 }
a9de9248
MH		 1406 } else {
1407 /* Connection rejected */
1408 struct hci_cp_reject_conn_req cp;
1da177e4 1409
a9de9248
MH		 1410 bacpy(&cp.bdaddr, &ev->bdaddr);
1411 cp.reason = 0x0f;
1412 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1413 }
1da177e4
LT		 1414}
1415
a9de9248 1416static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1417{
a9de9248 1418 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1419 struct hci_conn *conn;
1420
1421 BT_DBG("%s status %d", hdev->name, ev->status);
1422
8962ee74
JH		 1423 if (ev->status) {
1424 mgmt_disconnect_failed(hdev->id);
a9de9248 1425 return;
8962ee74 1426 }
a9de9248 1427
04837f64
MH		 1428 hci_dev_lock(hdev);
1429
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1431 if (!conn)
1432 goto unlock;
7d0db0a3 1433
f7520543 1434 conn->state = BT_CLOSED;
04837f64 1435
f7520543
JH		 1436 if (conn->type == ACL_LINK)
1437 mgmt_disconnected(hdev->id, &conn->dst);
1438
1439 hci_proto_disconn_cfm(conn, ev->reason);
1440 hci_conn_del(conn);
1441
1442unlock:
04837f64
MH		 1443 hci_dev_unlock(hdev);
1444}
1445
1da177e4
LT		 1446static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1447{
a9de9248 1448 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1449 struct hci_conn *conn;
1da177e4
LT		 1450
1451 BT_DBG("%s status %d", hdev->name, ev->status);
1452
1453 hci_dev_lock(hdev);
1454
04837f64 1455 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4 1456 if (conn) {
765c2a96 1457 if (!ev->status) {
1da177e4 1458 conn->link_mode |= HCI_LM_AUTH;
765c2a96 1459 conn->sec_level = conn->pending_sec_level;
2a611692
JH		 1460 } else {
1461 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2a611692 1462 }
1da177e4
LT		 1463
1464 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1465
f8558555
MH		 1466 if (conn->state == BT_CONFIG) {
1467 if (!ev->status && hdev->ssp_mode > 0 &&
1468 conn->ssp_mode > 0) {
1469 struct hci_cp_set_conn_encrypt cp;
1470 cp.handle = ev->handle;
1471 cp.encrypt = 0x01;
1472 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1473 sizeof(cp), &cp);
1474 } else {
1475 conn->state = BT_CONNECTED;
1476 hci_proto_connect_cfm(conn, ev->status);
1477 hci_conn_put(conn);
1478 }
052b30b0 1479 } else {
f8558555 1480 hci_auth_cfm(conn, ev->status);
1da177e4 1481
052b30b0
MH		 1482 hci_conn_hold(conn);
1483 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1484 hci_conn_put(conn);
1485 }
1486
1da177e4
LT		 1487 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1488 if (!ev->status) {
1489 struct hci_cp_set_conn_encrypt cp;
f8558555
MH		 1490 cp.handle = ev->handle;
1491 cp.encrypt = 0x01;
1492 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1493 sizeof(cp), &cp);
1da177e4
LT		 1494 } else {
1495 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1496 hci_encrypt_cfm(conn, ev->status, 0x00);
1497 }
1498 }
1499 }
1500
1501 hci_dev_unlock(hdev);
1502}
1503
a9de9248 1504static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1505{
127178d2
JH		 1506 struct hci_ev_remote_name *ev = (void *) skb->data;
1507 struct hci_conn *conn;
1508
a9de9248 1509 BT_DBG("%s", hdev->name);
1da177e4 1510
a9de9248 1511 hci_conn_check_pending(hdev);
127178d2
JH		 1512
1513 hci_dev_lock(hdev);
1514
a88a9652
JH		 1515 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1516 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1517
127178d2
JH		 1518 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1519 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1520 struct hci_cp_auth_requested cp;
1521 cp.handle = __cpu_to_le16(conn->handle);
1522 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1523 }
1524
1525 hci_dev_unlock(hdev);
a9de9248
MH		 1526}
1527
1528static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1529{
1530 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1531 struct hci_conn *conn;
1532
1533 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1534
1535 hci_dev_lock(hdev);
1536
04837f64 1537 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1538 if (conn) {
1539 if (!ev->status) {
ae293196
MH		 1540 if (ev->encrypt) {
1541 /* Encryption implies authentication */
1542 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1543 conn->link_mode |= HCI_LM_ENCRYPT;
ae293196 1544 } else
1da177e4
LT		 1545 conn->link_mode &= ~HCI_LM_ENCRYPT;
1546 }
1547
1548 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1549
f8558555
MH		 1550 if (conn->state == BT_CONFIG) {
1551 if (!ev->status)
1552 conn->state = BT_CONNECTED;
1553
1554 hci_proto_connect_cfm(conn, ev->status);
1555 hci_conn_put(conn);
1556 } else
1557 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1558 }
1559
1560 hci_dev_unlock(hdev);
1561}
1562
a9de9248 1563static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1564{
a9de9248 1565 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1566 struct hci_conn *conn;
1da177e4
LT		 1567
1568 BT_DBG("%s status %d", hdev->name, ev->status);
1569
1570 hci_dev_lock(hdev);
1571
04837f64 1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1573 if (conn) {
1574 if (!ev->status)
1575 conn->link_mode |= HCI_LM_SECURE;
1576
1577 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1578
1579 hci_key_change_cfm(conn, ev->status);
1580 }
1581
1582 hci_dev_unlock(hdev);
1583}
1584
a9de9248 1585static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1586{
a9de9248
MH		 1587 struct hci_ev_remote_features *ev = (void *) skb->data;
1588 struct hci_conn *conn;
1589
1590 BT_DBG("%s status %d", hdev->name, ev->status);
1591
a9de9248
MH		 1592 hci_dev_lock(hdev);
1593
1594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1595 if (!conn)
1596 goto unlock;
769be974 1597
ccd556fe
JH		 1598 if (!ev->status)
1599 memcpy(conn->features, ev->features, 8);
1600
1601 if (conn->state != BT_CONFIG)
1602 goto unlock;
1603
1604 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1605 struct hci_cp_read_remote_ext_features cp;
1606 cp.handle = ev->handle;
1607 cp.page = 0x01;
1608 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1609 sizeof(cp), &cp);
392599b9
JH		 1610 goto unlock;
1611 }
1612
127178d2
JH		 1613 if (!ev->status) {
1614 struct hci_cp_remote_name_req cp;
1615 memset(&cp, 0, sizeof(cp));
1616 bacpy(&cp.bdaddr, &conn->dst);
1617 cp.pscan_rep_mode = 0x02;
1618 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1619 }
392599b9 1620
127178d2 1621 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1622 conn->state = BT_CONNECTED;
1623 hci_proto_connect_cfm(conn, ev->status);
1624 hci_conn_put(conn);
769be974 1625 }
a9de9248 1626
ccd556fe 1627unlock:
a9de9248 1628 hci_dev_unlock(hdev);
1da177e4
LT		 1629}
1630
a9de9248 1631static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1632{
a9de9248 1633 BT_DBG("%s", hdev->name);
1da177e4
LT		 1634}
1635
a9de9248 1636static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1637{
a9de9248 1638 BT_DBG("%s", hdev->name);
1da177e4
LT		 1639}
1640
a9de9248
MH		 1641static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1642{
1643 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1644 __u16 opcode;
1645
1646 skb_pull(skb, sizeof(*ev));
1647
1648 opcode = __le16_to_cpu(ev->opcode);
1649
1650 switch (opcode) {
1651 case HCI_OP_INQUIRY_CANCEL:
1652 hci_cc_inquiry_cancel(hdev, skb);
1653 break;
1654
1655 case HCI_OP_EXIT_PERIODIC_INQ:
1656 hci_cc_exit_periodic_inq(hdev, skb);
1657 break;
1658
1659 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1660 hci_cc_remote_name_req_cancel(hdev, skb);
1661 break;
1662
1663 case HCI_OP_ROLE_DISCOVERY:
1664 hci_cc_role_discovery(hdev, skb);
1665 break;
1666
e4e8e37c
MH		 1667 case HCI_OP_READ_LINK_POLICY:
1668 hci_cc_read_link_policy(hdev, skb);
1669 break;
1670
a9de9248
MH		 1671 case HCI_OP_WRITE_LINK_POLICY:
1672 hci_cc_write_link_policy(hdev, skb);
1673 break;
1674
e4e8e37c
MH		 1675 case HCI_OP_READ_DEF_LINK_POLICY:
1676 hci_cc_read_def_link_policy(hdev, skb);
1677 break;
1678
1679 case HCI_OP_WRITE_DEF_LINK_POLICY:
1680 hci_cc_write_def_link_policy(hdev, skb);
1681 break;
1682
a9de9248
MH		 1683 case HCI_OP_RESET:
1684 hci_cc_reset(hdev, skb);
1685 break;
1686
1687 case HCI_OP_WRITE_LOCAL_NAME:
1688 hci_cc_write_local_name(hdev, skb);
1689 break;
1690
1691 case HCI_OP_READ_LOCAL_NAME:
1692 hci_cc_read_local_name(hdev, skb);
1693 break;
1694
1695 case HCI_OP_WRITE_AUTH_ENABLE:
1696 hci_cc_write_auth_enable(hdev, skb);
1697 break;
1698
1699 case HCI_OP_WRITE_ENCRYPT_MODE:
1700 hci_cc_write_encrypt_mode(hdev, skb);
1701 break;
1702
1703 case HCI_OP_WRITE_SCAN_ENABLE:
1704 hci_cc_write_scan_enable(hdev, skb);
1705 break;
1706
1707 case HCI_OP_READ_CLASS_OF_DEV:
1708 hci_cc_read_class_of_dev(hdev, skb);
1709 break;
1710
1711 case HCI_OP_WRITE_CLASS_OF_DEV:
1712 hci_cc_write_class_of_dev(hdev, skb);
1713 break;
1714
1715 case HCI_OP_READ_VOICE_SETTING:
1716 hci_cc_read_voice_setting(hdev, skb);
1717 break;
1718
1719 case HCI_OP_WRITE_VOICE_SETTING:
1720 hci_cc_write_voice_setting(hdev, skb);
1721 break;
1722
1723 case HCI_OP_HOST_BUFFER_SIZE:
1724 hci_cc_host_buffer_size(hdev, skb);
1725 break;
1726
333140b5
MH		 1727 case HCI_OP_READ_SSP_MODE:
1728 hci_cc_read_ssp_mode(hdev, skb);
1729 break;
1730
1731 case HCI_OP_WRITE_SSP_MODE:
1732 hci_cc_write_ssp_mode(hdev, skb);
1733 break;
1734
a9de9248
MH		 1735 case HCI_OP_READ_LOCAL_VERSION:
1736 hci_cc_read_local_version(hdev, skb);
1737 break;
1738
1739 case HCI_OP_READ_LOCAL_COMMANDS:
1740 hci_cc_read_local_commands(hdev, skb);
1741 break;
1742
1743 case HCI_OP_READ_LOCAL_FEATURES:
1744 hci_cc_read_local_features(hdev, skb);
1745 break;
1746
1747 case HCI_OP_READ_BUFFER_SIZE:
1748 hci_cc_read_buffer_size(hdev, skb);
1749 break;
1750
1751 case HCI_OP_READ_BD_ADDR:
1752 hci_cc_read_bd_addr(hdev, skb);
1753 break;
1754
23bb5763
JH		 1755 case HCI_OP_WRITE_CA_TIMEOUT:
1756 hci_cc_write_ca_timeout(hdev, skb);
1757 break;
1758
b0916ea0
JH		 1759 case HCI_OP_DELETE_STORED_LINK_KEY:
1760 hci_cc_delete_stored_link_key(hdev, skb);
1761 break;
1762
d5859e22
JH		 1763 case HCI_OP_SET_EVENT_MASK:
1764 hci_cc_set_event_mask(hdev, skb);
1765 break;
1766
1767 case HCI_OP_WRITE_INQUIRY_MODE:
1768 hci_cc_write_inquiry_mode(hdev, skb);
1769 break;
1770
1771 case HCI_OP_READ_INQ_RSP_TX_POWER:
1772 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1773 break;
1774
1775 case HCI_OP_SET_EVENT_FLT:
1776 hci_cc_set_event_flt(hdev, skb);
1777 break;
1778
980e1a53
JH		 1779 case HCI_OP_PIN_CODE_REPLY:
1780 hci_cc_pin_code_reply(hdev, skb);
1781 break;
1782
1783 case HCI_OP_PIN_CODE_NEG_REPLY:
1784 hci_cc_pin_code_neg_reply(hdev, skb);
1785 break;
1786
c35938b2
SJ		 1787 case HCI_OP_READ_LOCAL_OOB_DATA:
1788 hci_cc_read_local_oob_data_reply(hdev, skb);
1789 break;
1790
6ed58ec5
VT		 1791 case HCI_OP_LE_READ_BUFFER_SIZE:
1792 hci_cc_le_read_buffer_size(hdev, skb);
1793 break;
1794
a5c29683
JH		 1795 case HCI_OP_USER_CONFIRM_REPLY:
1796 hci_cc_user_confirm_reply(hdev, skb);
1797 break;
1798
1799 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1800 hci_cc_user_confirm_neg_reply(hdev, skb);
1801 break;
1802
a9de9248
MH		 1803 default:
1804 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1805 break;
1806 }
1807
6bd32326
VT		 1808 if (ev->opcode != HCI_OP_NOP)
1809 del_timer(&hdev->cmd_timer);
1810
a9de9248
MH		 1811 if (ev->ncmd) {
1812 atomic_set(&hdev->cmd_cnt, 1);
1813 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1814 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1815 }
1816}
1817
1818static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1819{
1820 struct hci_ev_cmd_status *ev = (void *) skb->data;
1821 __u16 opcode;
1822
1823 skb_pull(skb, sizeof(*ev));
1824
1825 opcode = __le16_to_cpu(ev->opcode);
1826
1827 switch (opcode) {
1828 case HCI_OP_INQUIRY:
1829 hci_cs_inquiry(hdev, ev->status);
1830 break;
1831
1832 case HCI_OP_CREATE_CONN:
1833 hci_cs_create_conn(hdev, ev->status);
1834 break;
1835
1836 case HCI_OP_ADD_SCO:
1837 hci_cs_add_sco(hdev, ev->status);
1838 break;
1839
f8558555
MH		 1840 case HCI_OP_AUTH_REQUESTED:
1841 hci_cs_auth_requested(hdev, ev->status);
1842 break;
1843
1844 case HCI_OP_SET_CONN_ENCRYPT:
1845 hci_cs_set_conn_encrypt(hdev, ev->status);
1846 break;
1847
a9de9248
MH		 1848 case HCI_OP_REMOTE_NAME_REQ:
1849 hci_cs_remote_name_req(hdev, ev->status);
1850 break;
1851
769be974
MH		 1852 case HCI_OP_READ_REMOTE_FEATURES:
1853 hci_cs_read_remote_features(hdev, ev->status);
1854 break;
1855
1856 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1857 hci_cs_read_remote_ext_features(hdev, ev->status);
1858 break;
1859
a9de9248
MH		 1860 case HCI_OP_SETUP_SYNC_CONN:
1861 hci_cs_setup_sync_conn(hdev, ev->status);
1862 break;
1863
1864 case HCI_OP_SNIFF_MODE:
1865 hci_cs_sniff_mode(hdev, ev->status);
1866 break;
1867
1868 case HCI_OP_EXIT_SNIFF_MODE:
1869 hci_cs_exit_sniff_mode(hdev, ev->status);
1870 break;
1871
8962ee74
JH		 1872 case HCI_OP_DISCONNECT:
1873 if (ev->status != 0)
1874 mgmt_disconnect_failed(hdev->id);
1875 break;
1876
fcd89c09
VT		 1877 case HCI_OP_LE_CREATE_CONN:
1878 hci_cs_le_create_conn(hdev, ev->status);
1879 break;
1880
a9de9248
MH		 1881 default:
1882 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1883 break;
1884 }
1885
6bd32326
VT		 1886 if (ev->opcode != HCI_OP_NOP)
1887 del_timer(&hdev->cmd_timer);
1888
10572132 1889 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 1890 atomic_set(&hdev->cmd_cnt, 1);
1891 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1892 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1893 }
1894}
1895
1896static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1897{
1898 struct hci_ev_role_change *ev = (void *) skb->data;
1899 struct hci_conn *conn;
1900
1901 BT_DBG("%s status %d", hdev->name, ev->status);
1902
1903 hci_dev_lock(hdev);
1904
1905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1906 if (conn) {
1907 if (!ev->status) {
1908 if (ev->role)
1909 conn->link_mode &= ~HCI_LM_MASTER;
1910 else
1911 conn->link_mode |= HCI_LM_MASTER;
1912 }
1913
1914 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1915
1916 hci_role_switch_cfm(conn, ev->status, ev->role);
1917 }
1918
1919 hci_dev_unlock(hdev);
1920}
1921
1922static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1923{
1924 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1925 __le16 *ptr;
1926 int i;
1927
1928 skb_pull(skb, sizeof(*ev));
1929
1930 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1931
1932 if (skb->len < ev->num_hndl * 4) {
1933 BT_DBG("%s bad parameters", hdev->name);
1934 return;
1935 }
1936
1937 tasklet_disable(&hdev->tx_task);
1938
1939 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1940 struct hci_conn *conn;
1941 __u16 handle, count;
1942
83985319
HH		 1943 handle = get_unaligned_le16(ptr++);
1944 count = get_unaligned_le16(ptr++);
a9de9248
MH		 1945
1946 conn = hci_conn_hash_lookup_handle(hdev, handle);
1947 if (conn) {
1948 conn->sent -= count;
1949
1950 if (conn->type == ACL_LINK) {
70f23020
AE		 1951 hdev->acl_cnt += count;
1952 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 1953 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 1954 } else if (conn->type == LE_LINK) {
1955 if (hdev->le_pkts) {
1956 hdev->le_cnt += count;
1957 if (hdev->le_cnt > hdev->le_pkts)
1958 hdev->le_cnt = hdev->le_pkts;
1959 } else {
1960 hdev->acl_cnt += count;
1961 if (hdev->acl_cnt > hdev->acl_pkts)
1962 hdev->acl_cnt = hdev->acl_pkts;
1963 }
a9de9248 1964 } else {
70f23020
AE		 1965 hdev->sco_cnt += count;
1966 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 1967 hdev->sco_cnt = hdev->sco_pkts;
1968 }
1969 }
1970 }
1971
c78ae283 1972 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 1973
1974 tasklet_enable(&hdev->tx_task);
1975}
1976
1977static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1978{
a9de9248 1979 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 1980 struct hci_conn *conn;
1981
1982 BT_DBG("%s status %d", hdev->name, ev->status);
1983
1984 hci_dev_lock(hdev);
1985
1986 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 1987 if (conn) {
1988 conn->mode = ev->mode;
1989 conn->interval = __le16_to_cpu(ev->interval);
1990
1991 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1992 if (conn->mode == HCI_CM_ACTIVE)
1993 conn->power_save = 1;
1994 else
1995 conn->power_save = 0;
1996 }
e73439d8
MH		 1997
1998 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1999 hci_sco_setup(conn, ev->status);
04837f64
MH		 2000 }
2001
2002 hci_dev_unlock(hdev);
2003}
2004
a9de9248
MH		 2005static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2006{
052b30b0
MH		 2007 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2008 struct hci_conn *conn;
2009
a9de9248 2010 BT_DBG("%s", hdev->name);
052b30b0
MH		 2011
2012 hci_dev_lock(hdev);
2013
2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3d7a9d1c 2015 if (conn && conn->state == BT_CONNECTED) {
052b30b0
MH		 2016 hci_conn_hold(conn);
2017 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2018 hci_conn_put(conn);
2019 }
2020
03b555e1
JH		 2021 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2022 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2023 sizeof(ev->bdaddr), &ev->bdaddr);
2024
a770bb5a
WR		 2025 if (test_bit(HCI_MGMT, &hdev->flags)) {
2026 u8 secure;
2027
2028 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2029 secure = 1;
2030 else
2031 secure = 0;
2032
2033 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2034 }
980e1a53 2035
052b30b0 2036 hci_dev_unlock(hdev);
a9de9248
MH		 2037}
2038
2039static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2040{
55ed8ca1
JH		 2041 struct hci_ev_link_key_req *ev = (void *) skb->data;
2042 struct hci_cp_link_key_reply cp;
2043 struct hci_conn *conn;
2044 struct link_key *key;
2045
a9de9248 2046 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2047
2048 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2049 return;
2050
2051 hci_dev_lock(hdev);
2052
2053 key = hci_find_link_key(hdev, &ev->bdaddr);
2054 if (!key) {
2055 BT_DBG("%s link key not found for %s", hdev->name,
2056 batostr(&ev->bdaddr));
2057 goto not_found;
2058 }
2059
2060 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2061 batostr(&ev->bdaddr));
2062
b6020ba0
WR		 2063 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2064 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2065 BT_DBG("%s ignoring debug key", hdev->name);
2066 goto not_found;
2067 }
2068
2069 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2070 if (conn) {
2071 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2072 conn->auth_type != 0xff &&
2073 (conn->auth_type & 0x01)) {
2074 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2075 goto not_found;
2076 }
55ed8ca1 2077
60b83f57
WR		 2078 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2079 conn->pending_sec_level == BT_SECURITY_HIGH) {
2080 BT_DBG("%s ignoring key unauthenticated for high \
2081 security", hdev->name);
2082 goto not_found;
2083 }
2084
2085 conn->key_type = key->type;
2086 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2087 }
2088
2089 bacpy(&cp.bdaddr, &ev->bdaddr);
2090 memcpy(cp.link_key, key->val, 16);
2091
2092 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2093
2094 hci_dev_unlock(hdev);
2095
2096 return;
2097
2098not_found:
2099 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2100 hci_dev_unlock(hdev);
a9de9248
MH		 2101}
2102
2103static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2104{
052b30b0
MH		 2105 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2106 struct hci_conn *conn;
55ed8ca1 2107 u8 pin_len = 0;
052b30b0 2108
a9de9248 2109 BT_DBG("%s", hdev->name);
052b30b0
MH		 2110
2111 hci_dev_lock(hdev);
2112
2113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2114 if (conn) {
2115 hci_conn_hold(conn);
2116 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2117 pin_len = conn->pin_length;
13d39315
WR		 2118
2119 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2120 conn->key_type = ev->key_type;
2121
052b30b0
MH		 2122 hci_conn_put(conn);
2123 }
2124
55ed8ca1
JH		 2125 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2126 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2127 ev->key_type, pin_len);
2128
052b30b0 2129 hci_dev_unlock(hdev);
a9de9248
MH		 2130}
2131
1da177e4
LT		 2132static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2133{
a9de9248 2134 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2135 struct hci_conn *conn;
1da177e4
LT		 2136
2137 BT_DBG("%s status %d", hdev->name, ev->status);
2138
2139 hci_dev_lock(hdev);
2140
04837f64 2141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2142 if (conn && !ev->status) {
2143 struct inquiry_entry *ie;
2144
cc11b9c1
AE		 2145 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2146 if (ie) {
1da177e4
LT		 2147 ie->data.clock_offset = ev->clock_offset;
2148 ie->timestamp = jiffies;
2149 }
2150 }
2151
2152 hci_dev_unlock(hdev);
2153}
2154
a8746417
MH		 2155static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2156{
2157 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2158 struct hci_conn *conn;
2159
2160 BT_DBG("%s status %d", hdev->name, ev->status);
2161
2162 hci_dev_lock(hdev);
2163
2164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2165 if (conn && !ev->status)
2166 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2167
2168 hci_dev_unlock(hdev);
2169}
2170
85a1e930
MH		 2171static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2172{
a9de9248 2173 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2174 struct inquiry_entry *ie;
2175
2176 BT_DBG("%s", hdev->name);
2177
2178 hci_dev_lock(hdev);
2179
cc11b9c1
AE		 2180 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2181 if (ie) {
85a1e930
MH		 2182 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2183 ie->timestamp = jiffies;
2184 }
2185
2186 hci_dev_unlock(hdev);
2187}
2188
a9de9248
MH		 2189static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2190{
2191 struct inquiry_data data;
2192 int num_rsp = *((__u8 *) skb->data);
2193
2194 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2195
2196 if (!num_rsp)
2197 return;
2198
2199 hci_dev_lock(hdev);
2200
314b2381
JH		 2201 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2202
2203 if (test_bit(HCI_MGMT, &hdev->flags))
2204 mgmt_discovering(hdev->id, 1);
2205 }
2206
a9de9248 2207 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2208 struct inquiry_info_with_rssi_and_pscan_mode *info;
2209 info = (void *) (skb->data + 1);
a9de9248 2210
e17acd40 2211 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2212 bacpy(&data.bdaddr, &info->bdaddr);
2213 data.pscan_rep_mode = info->pscan_rep_mode;
2214 data.pscan_period_mode = info->pscan_period_mode;
2215 data.pscan_mode = info->pscan_mode;
2216 memcpy(data.dev_class, info->dev_class, 3);
2217 data.clock_offset = info->clock_offset;
2218 data.rssi = info->rssi;
41a96212 2219 data.ssp_mode = 0x00;
a9de9248 2220 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2221 mgmt_device_found(hdev->id, &info->bdaddr,
2222 info->dev_class, info->rssi,
2223 NULL);
a9de9248
MH		 2224 }
2225 } else {
2226 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2227
e17acd40 2228 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2229 bacpy(&data.bdaddr, &info->bdaddr);
2230 data.pscan_rep_mode = info->pscan_rep_mode;
2231 data.pscan_period_mode = info->pscan_period_mode;
2232 data.pscan_mode = 0x00;
2233 memcpy(data.dev_class, info->dev_class, 3);
2234 data.clock_offset = info->clock_offset;
2235 data.rssi = info->rssi;
41a96212 2236 data.ssp_mode = 0x00;
a9de9248 2237 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2238 mgmt_device_found(hdev->id, &info->bdaddr,
2239 info->dev_class, info->rssi,
2240 NULL);
a9de9248
MH		 2241 }
2242 }
2243
2244 hci_dev_unlock(hdev);
2245}
2246
2247static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2248{
41a96212
MH		 2249 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2250 struct hci_conn *conn;
2251
a9de9248 2252 BT_DBG("%s", hdev->name);
41a96212 2253
41a96212
MH		 2254 hci_dev_lock(hdev);
2255
2256 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2257 if (!conn)
2258 goto unlock;
41a96212 2259
ccd556fe
JH		 2260 if (!ev->status && ev->page == 0x01) {
2261 struct inquiry_entry *ie;
41a96212 2262
cc11b9c1
AE		 2263 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2264 if (ie)
ccd556fe 2265 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2266
ccd556fe
JH		 2267 conn->ssp_mode = (ev->features[0] & 0x01);
2268 }
2269
2270 if (conn->state != BT_CONFIG)
2271 goto unlock;
2272
127178d2
JH		 2273 if (!ev->status) {
2274 struct hci_cp_remote_name_req cp;
2275 memset(&cp, 0, sizeof(cp));
2276 bacpy(&cp.bdaddr, &conn->dst);
2277 cp.pscan_rep_mode = 0x02;
2278 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2279 }
392599b9 2280
127178d2 2281 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2282 conn->state = BT_CONNECTED;
2283 hci_proto_connect_cfm(conn, ev->status);
2284 hci_conn_put(conn);
41a96212
MH		 2285 }
2286
ccd556fe 2287unlock:
41a96212 2288 hci_dev_unlock(hdev);
a9de9248
MH		 2289}
2290
2291static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2292{
b6a0dc82
MH		 2293 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2294 struct hci_conn *conn;
2295
2296 BT_DBG("%s status %d", hdev->name, ev->status);
2297
2298 hci_dev_lock(hdev);
2299
2300 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2301 if (!conn) {
2302 if (ev->link_type == ESCO_LINK)
2303 goto unlock;
2304
2305 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2306 if (!conn)
2307 goto unlock;
2308
2309 conn->type = SCO_LINK;
2310 }
b6a0dc82 2311
732547f9
MH		 2312 switch (ev->status) {
2313 case 0x00:
b6a0dc82
MH		 2314 conn->handle = __le16_to_cpu(ev->handle);
2315 conn->state = BT_CONNECTED;
7d0db0a3 2316
9eba32b8 2317 hci_conn_hold_device(conn);
7d0db0a3 2318 hci_conn_add_sysfs(conn);
732547f9
MH		 2319 break;
2320
705e5711 2321 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2322 case 0x1c: /* SCO interval rejected */
1038a00b 2323 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2324 case 0x1f: /* Unspecified error */
2325 if (conn->out && conn->attempt < 2) {
2326 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2327 (hdev->esco_type & EDR_ESCO_MASK);
2328 hci_setup_sync(conn, conn->link->handle);
2329 goto unlock;
2330 }
2331 /* fall through */
2332
2333 default:
b6a0dc82 2334 conn->state = BT_CLOSED;
732547f9
MH		 2335 break;
2336 }
b6a0dc82
MH		 2337
2338 hci_proto_connect_cfm(conn, ev->status);
2339 if (ev->status)
2340 hci_conn_del(conn);
2341
2342unlock:
2343 hci_dev_unlock(hdev);
a9de9248
MH		 2344}
2345
2346static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347{
2348 BT_DBG("%s", hdev->name);
2349}
2350
04837f64
MH		 2351static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2352{
a9de9248 2353 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2354
2355 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2356}
2357
a9de9248 2358static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2359{
a9de9248
MH		 2360 struct inquiry_data data;
2361 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2362 int num_rsp = *((__u8 *) skb->data);
1da177e4 2363
a9de9248 2364 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2365
a9de9248
MH		 2366 if (!num_rsp)
2367 return;
1da177e4 2368
314b2381
JH		 2369 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2370
2371 if (test_bit(HCI_MGMT, &hdev->flags))
2372 mgmt_discovering(hdev->id, 1);
2373 }
2374
a9de9248
MH		 2375 hci_dev_lock(hdev);
2376
e17acd40 2377 for (; num_rsp; num_rsp--, info++) {
a9de9248 2378 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2379 data.pscan_rep_mode = info->pscan_rep_mode;
2380 data.pscan_period_mode = info->pscan_period_mode;
2381 data.pscan_mode = 0x00;
a9de9248 2382 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2383 data.clock_offset = info->clock_offset;
2384 data.rssi = info->rssi;
41a96212 2385 data.ssp_mode = 0x01;
a9de9248 2386 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2387 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2388 info->rssi, info->data);
a9de9248
MH		 2389 }
2390
2391 hci_dev_unlock(hdev);
2392}
1da177e4 2393
17fa4b9d
JH		 2394static inline u8 hci_get_auth_req(struct hci_conn *conn)
2395{
2396 /* If remote requests dedicated bonding follow that lead */
2397 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2398 /* If both remote and local IO capabilities allow MITM
2399 * protection then require it, otherwise don't */
2400 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2401 return 0x02;
2402 else
2403 return 0x03;
2404 }
2405
2406 /* If remote requests no-bonding follow that lead */
2407 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2408 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2409
2410 return conn->auth_type;
2411}
2412
0493684e
MH		 2413static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2414{
2415 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2416 struct hci_conn *conn;
2417
2418 BT_DBG("%s", hdev->name);
2419
2420 hci_dev_lock(hdev);
2421
2422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2423 if (!conn)
2424 goto unlock;
2425
2426 hci_conn_hold(conn);
2427
2428 if (!test_bit(HCI_MGMT, &hdev->flags))
2429 goto unlock;
2430
2431 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2432 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2433 struct hci_cp_io_capability_reply cp;
2434
2435 bacpy(&cp.bdaddr, &ev->bdaddr);
2436 cp.capability = conn->io_capability;
17fa4b9d
JH		 2437 cp.authentication = hci_get_auth_req(conn);
2438
ce85ee13
SJ		 2439 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2440 hci_find_remote_oob_data(hdev, &conn->dst))
2441 cp.oob_data = 0x01;
2442 else
2443 cp.oob_data = 0x00;
2444
17fa4b9d
JH		 2445 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2446 sizeof(cp), &cp);
03b555e1
JH		 2447 } else {
2448 struct hci_cp_io_capability_neg_reply cp;
2449
2450 bacpy(&cp.bdaddr, &ev->bdaddr);
2451 cp.reason = 0x16; /* Pairing not allowed */
0493684e 2452
03b555e1
JH		 2453 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2454 sizeof(cp), &cp);
2455 }
2456
2457unlock:
2458 hci_dev_unlock(hdev);
2459}
2460
2461static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462{
2463 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2464 struct hci_conn *conn;
2465
2466 BT_DBG("%s", hdev->name);
2467
2468 hci_dev_lock(hdev);
2469
2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2471 if (!conn)
2472 goto unlock;
2473
03b555e1
JH		 2474 conn->remote_cap = ev->capability;
2475 conn->remote_oob = ev->oob_data;
2476 conn->remote_auth = ev->authentication;
2477
2478unlock:
0493684e
MH		 2479 hci_dev_unlock(hdev);
2480}
2481
a5c29683
JH		 2482static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2483 struct sk_buff *skb)
2484{
2485 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
7a828908
JH		 2486 int loc_mitm, rem_mitm;
2487 struct hci_conn *conn;
a5c29683
JH		 2488
2489 BT_DBG("%s", hdev->name);
2490
2491 hci_dev_lock(hdev);
2492
7a828908
JH		 2493 if (!test_bit(HCI_MGMT, &hdev->flags))
2494 goto unlock;
a5c29683 2495
7a828908
JH		 2496 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2497 if (!conn)
2498 goto unlock;
2499
2500 loc_mitm = (conn->auth_type & 0x01);
2501 rem_mitm = (conn->remote_auth & 0x01);
2502
2503 /* If we require MITM but the remote device can't provide that
2504 * (it has NoInputNoOutput) then reject the confirmation
2505 * request. The only exception is when we're dedicated bonding
2506 * initiators (connect_cfm_cb set) since then we always have the MITM
2507 * bit set. */
2508 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2509 BT_DBG("Rejecting request: remote device can't provide MITM");
2510 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2511 sizeof(ev->bdaddr), &ev->bdaddr);
2512 goto unlock;
2513 }
2514
2515 /* If no side requires MITM protection; auto-accept */
2516 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2517 (!rem_mitm || conn->io_capability == 0x03)) {
2518 BT_DBG("Auto-accept of user confirmation");
2519 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2520 sizeof(ev->bdaddr), &ev->bdaddr);
2521 goto unlock;
2522 }
2523
2524 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
2525
2526unlock:
a5c29683
JH		 2527 hci_dev_unlock(hdev);
2528}
2529
0493684e
MH		 2530static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2531{
2532 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2533 struct hci_conn *conn;
2534
2535 BT_DBG("%s", hdev->name);
2536
2537 hci_dev_lock(hdev);
2538
2539 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2540 if (!conn)
2541 goto unlock;
2542
2543 /* To avoid duplicate auth_failed events to user space we check
2544 * the HCI_CONN_AUTH_PEND flag which will be set if we
2545 * initiated the authentication. A traditional auth_complete
2546 * event gets always produced as initiator and is also mapped to
2547 * the mgmt_auth_failed event */
2548 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2549 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2550
2a611692
JH		 2551 hci_conn_put(conn);
2552
2553unlock:
0493684e
MH		 2554 hci_dev_unlock(hdev);
2555}
2556
41a96212
MH		 2557static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2558{
2559 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2560 struct inquiry_entry *ie;
2561
2562 BT_DBG("%s", hdev->name);
2563
2564 hci_dev_lock(hdev);
2565
cc11b9c1
AE		 2566 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2567 if (ie)
41a96212
MH		 2568 ie->data.ssp_mode = (ev->features[0] & 0x01);
2569
2570 hci_dev_unlock(hdev);
2571}
2572
2763eda6
SJ		 2573static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2574 struct sk_buff *skb)
2575{
2576 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2577 struct oob_data *data;
2578
2579 BT_DBG("%s", hdev->name);
2580
2581 hci_dev_lock(hdev);
2582
e1ba1f15
SJ		 2583 if (!test_bit(HCI_MGMT, &hdev->flags))
2584 goto unlock;
2585
2763eda6
SJ		 2586 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2587 if (data) {
2588 struct hci_cp_remote_oob_data_reply cp;
2589
2590 bacpy(&cp.bdaddr, &ev->bdaddr);
2591 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2592 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2593
2594 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2595 &cp);
2596 } else {
2597 struct hci_cp_remote_oob_data_neg_reply cp;
2598
2599 bacpy(&cp.bdaddr, &ev->bdaddr);
2600 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2601 &cp);
2602 }
2603
e1ba1f15 2604unlock:
2763eda6
SJ		 2605 hci_dev_unlock(hdev);
2606}
2607
fcd89c09
VT		 2608static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609{
2610 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2611 struct hci_conn *conn;
2612
2613 BT_DBG("%s status %d", hdev->name, ev->status);
2614
2615 hci_dev_lock(hdev);
2616
2617 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2618 if (!conn) {
2619 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2620 if (!conn) {
2621 BT_ERR("No memory for new connection");
2622 hci_dev_unlock(hdev);
2623 return;
2624 }
2625 }
fcd89c09
VT		 2626
2627 if (ev->status) {
2628 hci_proto_connect_cfm(conn, ev->status);
2629 conn->state = BT_CLOSED;
2630 hci_conn_del(conn);
2631 goto unlock;
2632 }
2633
2634 conn->handle = __le16_to_cpu(ev->handle);
2635 conn->state = BT_CONNECTED;
2636
2637 hci_conn_hold_device(conn);
2638 hci_conn_add_sysfs(conn);
2639
2640 hci_proto_connect_cfm(conn, ev->status);
2641
2642unlock:
2643 hci_dev_unlock(hdev);
2644}
2645
2646static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2647{
2648 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2649
2650 skb_pull(skb, sizeof(*le_ev));
2651
2652 switch (le_ev->subevent) {
2653 case HCI_EV_LE_CONN_COMPLETE:
2654 hci_le_conn_complete_evt(hdev, skb);
2655 break;
2656
2657 default:
2658 break;
2659 }
2660}
2661
a9de9248
MH		 2662void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2663{
2664 struct hci_event_hdr *hdr = (void *) skb->data;
2665 __u8 event = hdr->evt;
2666
2667 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2668
2669 switch (event) {
1da177e4
LT		 2670 case HCI_EV_INQUIRY_COMPLETE:
2671 hci_inquiry_complete_evt(hdev, skb);
2672 break;
2673
2674 case HCI_EV_INQUIRY_RESULT:
2675 hci_inquiry_result_evt(hdev, skb);
2676 break;
2677
a9de9248
MH		 2678 case HCI_EV_CONN_COMPLETE:
2679 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2680 break;
2681
1da177e4
LT		 2682 case HCI_EV_CONN_REQUEST:
2683 hci_conn_request_evt(hdev, skb);
2684 break;
2685
1da177e4
LT		 2686 case HCI_EV_DISCONN_COMPLETE:
2687 hci_disconn_complete_evt(hdev, skb);
2688 break;
2689
1da177e4
LT		 2690 case HCI_EV_AUTH_COMPLETE:
2691 hci_auth_complete_evt(hdev, skb);
2692 break;
2693
a9de9248
MH		 2694 case HCI_EV_REMOTE_NAME:
2695 hci_remote_name_evt(hdev, skb);
2696 break;
2697
1da177e4
LT		 2698 case HCI_EV_ENCRYPT_CHANGE:
2699 hci_encrypt_change_evt(hdev, skb);
2700 break;
2701
a9de9248
MH		 2702 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2703 hci_change_link_key_complete_evt(hdev, skb);
2704 break;
2705
2706 case HCI_EV_REMOTE_FEATURES:
2707 hci_remote_features_evt(hdev, skb);
2708 break;
2709
2710 case HCI_EV_REMOTE_VERSION:
2711 hci_remote_version_evt(hdev, skb);
2712 break;
2713
2714 case HCI_EV_QOS_SETUP_COMPLETE:
2715 hci_qos_setup_complete_evt(hdev, skb);
2716 break;
2717
2718 case HCI_EV_CMD_COMPLETE:
2719 hci_cmd_complete_evt(hdev, skb);
2720 break;
2721
2722 case HCI_EV_CMD_STATUS:
2723 hci_cmd_status_evt(hdev, skb);
2724 break;
2725
2726 case HCI_EV_ROLE_CHANGE:
2727 hci_role_change_evt(hdev, skb);
2728 break;
2729
2730 case HCI_EV_NUM_COMP_PKTS:
2731 hci_num_comp_pkts_evt(hdev, skb);
2732 break;
2733
2734 case HCI_EV_MODE_CHANGE:
2735 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 2736 break;
2737
2738 case HCI_EV_PIN_CODE_REQ:
2739 hci_pin_code_request_evt(hdev, skb);
2740 break;
2741
2742 case HCI_EV_LINK_KEY_REQ:
2743 hci_link_key_request_evt(hdev, skb);
2744 break;
2745
2746 case HCI_EV_LINK_KEY_NOTIFY:
2747 hci_link_key_notify_evt(hdev, skb);
2748 break;
2749
2750 case HCI_EV_CLOCK_OFFSET:
2751 hci_clock_offset_evt(hdev, skb);
2752 break;
2753
a8746417
MH		 2754 case HCI_EV_PKT_TYPE_CHANGE:
2755 hci_pkt_type_change_evt(hdev, skb);
2756 break;
2757
85a1e930
MH		 2758 case HCI_EV_PSCAN_REP_MODE:
2759 hci_pscan_rep_mode_evt(hdev, skb);
2760 break;
2761
a9de9248
MH		 2762 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2763 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 2764 break;
2765
a9de9248
MH		 2766 case HCI_EV_REMOTE_EXT_FEATURES:
2767 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 2768 break;
2769
a9de9248
MH		 2770 case HCI_EV_SYNC_CONN_COMPLETE:
2771 hci_sync_conn_complete_evt(hdev, skb);
2772 break;
1da177e4 2773
a9de9248
MH		 2774 case HCI_EV_SYNC_CONN_CHANGED:
2775 hci_sync_conn_changed_evt(hdev, skb);
2776 break;
1da177e4 2777
a9de9248
MH		 2778 case HCI_EV_SNIFF_SUBRATE:
2779 hci_sniff_subrate_evt(hdev, skb);
2780 break;
1da177e4 2781
a9de9248
MH		 2782 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2783 hci_extended_inquiry_result_evt(hdev, skb);
2784 break;
1da177e4 2785
0493684e
MH		 2786 case HCI_EV_IO_CAPA_REQUEST:
2787 hci_io_capa_request_evt(hdev, skb);
2788 break;
2789
03b555e1
JH		 2790 case HCI_EV_IO_CAPA_REPLY:
2791 hci_io_capa_reply_evt(hdev, skb);
2792 break;
2793
a5c29683
JH		 2794 case HCI_EV_USER_CONFIRM_REQUEST:
2795 hci_user_confirm_request_evt(hdev, skb);
2796 break;
2797
0493684e
MH		 2798 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2799 hci_simple_pair_complete_evt(hdev, skb);
2800 break;
2801
41a96212
MH		 2802 case HCI_EV_REMOTE_HOST_FEATURES:
2803 hci_remote_host_features_evt(hdev, skb);
2804 break;
2805
fcd89c09
VT		 2806 case HCI_EV_LE_META:
2807 hci_le_meta_evt(hdev, skb);
2808 break;
2809
2763eda6
SJ		 2810 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2811 hci_remote_oob_data_request_evt(hdev, skb);
2812 break;
2813
a9de9248
MH		 2814 default:
2815 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 2816 break;
2817 }
2818
2819 kfree_skb(skb);
2820 hdev->stat.evt_rx++;
2821}
2822
2823/* Generate internal stack event */
2824void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2825{
2826 struct hci_event_hdr *hdr;
2827 struct hci_ev_stack_internal *ev;
2828 struct sk_buff *skb;
2829
2830 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2831 if (!skb)
2832 return;
2833
2834 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2835 hdr->evt = HCI_EV_STACK_INTERNAL;
2836 hdr->plen = sizeof(*ev) + dlen;
2837
2838 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2839 ev->type = type;
2840 memcpy(ev->data, data, dlen);
2841
576c7d85 2842 bt_cb(skb)->incoming = 1;
a61bbcf2 2843 __net_timestamp(skb);
576c7d85 2844
0d48d939 2845 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 2846 skb->dev = (void *) hdev;
eec8d2bc 2847 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2848 kfree_skb(skb);
2849}
kernel source for telekom puls (alcatel/mediatek)