projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix using a NULL inquiry cache entry
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
1da177e4
LT		 33/* Handle HCI Event packets */
34
a9de9248 35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 36{
a9de9248 37 __u8 status = *((__u8 *) skb->data);
1da177e4 38
9f1db00c 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 40
e6d465cb
AG		 41 if (status) {
42 hci_dev_lock(hdev);
43 mgmt_stop_discovery_failed(hdev, status);
44 hci_dev_unlock(hdev);
a9de9248 45 return;
e6d465cb 46 }
1da177e4 47
89352e7d
AG		 48 clear_bit(HCI_INQUIRY, &hdev->flags);
49
56e5cb86 50 hci_dev_lock(hdev);
ff9ef578 51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 52 hci_dev_unlock(hdev);
6bd57416 53
23bb5763 54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 55
56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
a297e97c 198 /* Reset all non-persistent flags */
ae854a70
AG		 199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 201
202 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
3159d384
JH		 224
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263
23bb5763 264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 265}
266
a9de9248 267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 268{
a9de9248 269 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 270 void *sent;
271
9f1db00c 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 273
a9de9248
MH		 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent)
276 return;
1da177e4 277
a9de9248
MH		 278 if (!status) {
279 __u8 param = *((__u8 *) sent);
280
281 if (param)
282 set_bit(HCI_ENCRYPT, &hdev->flags);
283 else
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
285 }
1da177e4 286
23bb5763 287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 288}
1da177e4 289
a9de9248
MH		 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
36f7fc7e
JH		 292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
a9de9248 294 void *sent;
1da177e4 295
9f1db00c 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 297
a9de9248
MH		 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
1da177e4 301
36f7fc7e
JH		 302 param = *((__u8 *) sent);
303
56e5cb86
JH		 304 hci_dev_lock(hdev);
305
2d7cee58 306 if (status != 0) {
744cf19e 307 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
36f7fc7e
JH		 312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
317 if (!old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 322 to);
16ab91ab 323 }
36f7fc7e 324 } else if (old_iscan)
744cf19e 325 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
744cf19e 330 mgmt_connectable(hdev, 1);
36f7fc7e 331 } else if (old_pscan)
744cf19e 332 mgmt_connectable(hdev, 0);
1da177e4 333
36f7fc7e 334done:
56e5cb86 335 hci_dev_unlock(hdev);
23bb5763 336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
a9de9248 428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 429{
a9de9248 430 __u8 status = *((__u8 *) skb->data);
1da177e4 431
9f1db00c 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 433
23bb5763 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 435}
1143e5a6 436
333140b5
MH		 437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438{
439 __u8 status = *((__u8 *) skb->data);
440 void *sent;
441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 443
333140b5
MH		 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
ed2c4ee3 448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
450 else if (!status) {
451 if (*((u8 *) sent))
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 else
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 }
333140b5
MH		 456}
457
d5859e22
JH		 458static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
459{
460 if (hdev->features[6] & LMP_EXT_INQ)
461 return 2;
462
463 if (hdev->features[3] & LMP_RSSI_INQ)
464 return 1;
465
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 467 hdev->lmp_subver == 0x0757)
d5859e22
JH		 468 return 1;
469
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
472 return 1;
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
476 return 1;
477 }
478
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 480 hdev->lmp_subver == 0x1805)
d5859e22
JH		 481 return 1;
482
483 return 0;
484}
485
486static void hci_setup_inquiry_mode(struct hci_dev *hdev)
487{
488 u8 mode;
489
490 mode = hci_get_inquiry_mode(hdev);
491
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
493}
494
495static void hci_setup_event_mask(struct hci_dev *hdev)
496{
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
501
6de6c18d
VT		 502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
5a13b095 504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 505 return;
506
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 512
513 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 514 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 515
516 if (hdev->features[5] & LMP_SNIFF_SUBR)
517 events[5] |= 0x20; /* Sniff Subrating */
518
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
521
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
524
525 if (hdev->features[6] & LMP_NO_FLUSH)
526 events[7] |= 0x01; /* Enhanced Flush Complete */
527
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
530
531 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
542 }
543
544 if (hdev->features[4] & LMP_LE)
545 events[7] |= 0x20; /* LE Meta-Event */
546
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
548}
549
550static void hci_setup(struct hci_dev *hdev)
551{
e61ef499
AE		 552 if (hdev->dev_type != HCI_BREDR)
553 return;
554
d5859e22
JH		 555 hci_setup_event_mask(hdev);
556
d095c1eb 557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
559
6d3c730f 560 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
562 u8 mode = 0x01;
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 564 sizeof(mode), &mode);
54d04dbb
JH		 565 } else {
566 struct hci_cp_write_eir cp;
567
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
570
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
572 }
d5859e22
JH		 573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
586 &cp);
971e3a4b 587 }
e6100a25 588
47990ea0
JH		 589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
590 u8 enable = 1;
04124681
GP		 591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
592 &enable);
47990ea0 593 }
d5859e22
JH		 594}
595
a9de9248
MH		 596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 599
9f1db00c 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 601
a9de9248 602 if (rp->status)
28b8df77 603 goto done;
1143e5a6 604
a9de9248 605 hdev->hci_ver = rp->hci_ver;
e4e8e37c 606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 607 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 610
9f1db00c 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 613
614 if (test_bit(HCI_INIT, &hdev->flags))
615 hci_setup(hdev);
28b8df77
AE		 616
617done:
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
035100c8 623 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 624 u16 link_policy = 0;
625
626 if (hdev->features[0] & LMP_RSWITCH)
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (hdev->features[0] & LMP_SNIFF)
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
634
035100c8
AE		 635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 637}
1da177e4 638
8fc9ced3
GP		 639static void hci_cc_read_local_commands(struct hci_dev *hdev,
640 struct sk_buff *skb)
a9de9248
MH		 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 643
9f1db00c 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 645
a9de9248 646 if (rp->status)
d5859e22 647 goto done;
1da177e4 648
a9de9248 649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 650
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
653
654done:
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 656}
1da177e4 657
8fc9ced3
GP		 658static void hci_cc_read_local_features(struct hci_dev *hdev,
659 struct sk_buff *skb)
a9de9248
MH		 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 662
9f1db00c 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
5b7f9909 667
a9de9248 668 memcpy(hdev->features, rp->features, 8);
5b7f9909 669
a9de9248
MH		 670 /* Adjust default settings according to features
671 * supported by device. */
1da177e4 672
a9de9248
MH		 673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[3] & LMP_ESCO)
690 hdev->esco_type |= (ESCO_EV3);
da1f5198 691
a9de9248
MH		 692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
1da177e4 697
efc7688b
MH		 698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
a9de9248 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
a9de9248 712}
1da177e4 713
8f984dfa
JH		 714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
9d42820f 720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
8f984dfa
JH		 728}
729
971e3a4b 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 731 struct sk_buff *skb)
971e3a4b
AG		 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
9f1db00c 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 736
737 if (rp->status)
8f984dfa 738 goto done;
971e3a4b 739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b 748
8f984dfa
JH		 749 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
750 hci_set_le_support(hdev);
751
752done:
971e3a4b
AG		 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
1e89cffb 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 757 struct sk_buff *skb)
1e89cffb
AE		 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
9f1db00c 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
a9de9248
MH		 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 774
9f1db00c 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 776
a9de9248
MH		 777 if (rp->status)
778 return;
1da177e4 779
a9de9248
MH		 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
1da177e4 788 }
a9de9248
MH		 789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
807deac2
GP		 793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 795}
796
797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800
9f1db00c 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 802
803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
805
23bb5763
JH		 806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
807}
808
350ee4cf 809static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 810 struct sk_buff *skb)
350ee4cf
AE		 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813
9f1db00c 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 815
816 if (rp->status)
817 return;
818
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
822
823 hdev->block_cnt = hdev->num_blocks;
824
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 826 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 827
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
829}
830
23bb5763
JH		 831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
9f1db00c 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 838}
839
928abaa7 840static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
928abaa7
AE		 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 846
847 if (rp->status)
848 return;
849
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
860
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
862}
863
b0916ea0 864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 865 struct sk_buff *skb)
b0916ea0
JH		 866{
867 __u8 status = *((__u8 *) skb->data);
868
9f1db00c 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872}
873
d5859e22
JH		 874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
9f1db00c 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881}
882
883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 884 struct sk_buff *skb)
d5859e22
JH		 885{
886 __u8 status = *((__u8 *) skb->data);
887
9f1db00c 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891}
892
893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 894 struct sk_buff *skb)
d5859e22 895{
91c4e9b1 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 897
9f1db00c 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 899
900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power;
d5859e22 902
91c4e9b1 903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
980e1a53
JH		 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 927
928 if (rp->status != 0)
56e5cb86 929 goto unlock;
980e1a53
JH		 930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
56e5cb86 933 goto unlock;
980e1a53
JH		 934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
56e5cb86
JH		 938
939unlock:
940 hci_dev_unlock(hdev);
980e1a53
JH		 941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
9f1db00c 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 948
56e5cb86
JH		 949 hci_dev_lock(hdev);
950
a8b2d5c2 951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 953 rp->status);
56e5cb86
JH		 954
955 hci_dev_unlock(hdev);
980e1a53 956}
56e5cb86 957
6ed58ec5
VT		 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
9f1db00c 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
980e1a53 977
a5c29683
JH		 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 983
56e5cb86
JH		 984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 994 struct sk_buff *skb)
a5c29683
JH		 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
9f1db00c 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 999
56e5cb86
JH		 1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1004 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1005
1006 hci_dev_unlock(hdev);
a5c29683
JH		 1007}
1008
1143d458
BG		 1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1019 0, rp->status);
1143d458
BG		 1020
1021 hci_dev_unlock(hdev);
1022}
1023
1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1025 struct sk_buff *skb)
1143d458
BG		 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1030
1031 hci_dev_lock(hdev);
1032
a8b2d5c2 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1035 ACL_LINK, 0, rp->status);
1143d458
BG		 1036
1037 hci_dev_unlock(hdev);
1038}
1039
c35938b2 1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1041 struct sk_buff *skb)
c35938b2
SJ		 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044
9f1db00c 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1046
56e5cb86 1047 hci_dev_lock(hdev);
744cf19e 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1049 rp->randomizer, rp->status);
56e5cb86 1050 hci_dev_unlock(hdev);
c35938b2
SJ		 1051}
1052
07f7fa5d
AG		 1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 __u8 status = *((__u8 *) skb->data);
1056
9f1db00c 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1060
1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1065 return;
1066 }
07f7fa5d
AG		 1067}
1068
eb9d91f5 1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1070 struct sk_buff *skb)
eb9d91f5
AG		 1071{
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1076
eb9d91f5
AG		 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp)
1079 return;
1080
68a8aea4
AE		 1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1084
3fd24153
AG		 1085 if (status) {
1086 hci_dev_lock(hdev);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
7ba8b4be 1089 return;
3fd24153 1090 }
7ba8b4be 1091
d23264a8
AG		 1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093
a8f13c8c 1094 hci_dev_lock(hdev);
343f935b 1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1096 hci_dev_unlock(hdev);
68a8aea4
AE		 1097 break;
1098
1099 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1100 if (status) {
1101 hci_dev_lock(hdev);
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
7ba8b4be 1104 return;
c9ecc48e 1105 }
7ba8b4be 1106
d23264a8
AG		 1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1108
bc3dd33c
AG		 1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1111 mgmt_interleaved_discovery(hdev);
1112 } else {
1113 hci_dev_lock(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1116 }
1117
68a8aea4
AE		 1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
35815085 1123 }
eb9d91f5
AG		 1124}
1125
a7a595f6
VCG		 1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129
9f1db00c 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1131
1132 if (rp->status)
1133 return;
1134
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1136}
1137
1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1143
1144 if (rp->status)
1145 return;
1146
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1148}
1149
6039aa73
GP		 1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
f9b49306 1152{
06199cf8 1153 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1154 __u8 status = *((__u8 *) skb->data);
1155
9f1db00c 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1157
06199cf8 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1159 if (!sent)
f9b49306
AG		 1160 return;
1161
8f984dfa
JH		 1162 if (!status) {
1163 if (sent->le)
1164 hdev->host_features[0] |= LMP_HOST_LE;
1165 else
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1167 }
1168
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1170 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1171 mgmt_le_enable_complete(hdev, sent->le, status);
1172
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1174}
1175
6039aa73 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1177{
9f1db00c 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1179
1180 if (status) {
23bb5763 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1182 hci_conn_check_pending(hdev);
56e5cb86 1183 hci_dev_lock(hdev);
a8b2d5c2 1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1185 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1186 hci_dev_unlock(hdev);
314b2381
JH		 1187 return;
1188 }
1189
89352e7d
AG		 1190 set_bit(HCI_INQUIRY, &hdev->flags);
1191
56e5cb86 1192 hci_dev_lock(hdev);
343f935b 1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1194 hci_dev_unlock(hdev);
1da177e4
LT		 1195}
1196
6039aa73 1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1198{
a9de9248 1199 struct hci_cp_create_conn *cp;
1da177e4 1200 struct hci_conn *conn;
1da177e4 1201
9f1db00c 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211
9f1db00c 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1213
1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1219 hci_conn_del(conn);
1220 } else
1221 conn->state = BT_CONNECT2;
1da177e4
LT		 1222 }
1223 } else {
1224 if (!conn) {
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1226 if (conn) {
a0c808b3 1227 conn->out = true;
1da177e4
LT		 1228 conn->link_mode |= HCI_LM_MASTER;
1229 } else
893ef971 1230 BT_ERR("No memory for new connection");
1da177e4
LT		 1231 }
1232 }
1233
1234 hci_dev_unlock(hdev);
1235}
1236
a9de9248 1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1238{
a9de9248
MH		 1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1241 __u16 handle;
1da177e4 1242
9f1db00c 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1244
a9de9248
MH		 1245 if (!status)
1246 return;
1da177e4 1247
a9de9248
MH		 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1249 if (!cp)
1250 return;
1da177e4 1251
a9de9248 1252 handle = __le16_to_cpu(cp->handle);
1da177e4 1253
9f1db00c 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1255
a9de9248 1256 hci_dev_lock(hdev);
1da177e4 1257
a9de9248 1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1259 if (acl) {
1260 sco = acl->link;
1261 if (sco) {
1262 sco->state = BT_CLOSED;
1da177e4 1263
5a08ecce
AE		 1264 hci_proto_connect_cfm(sco, status);
1265 hci_conn_del(sco);
1266 }
a9de9248 1267 }
1da177e4 1268
a9de9248
MH		 1269 hci_dev_unlock(hdev);
1270}
1da177e4 1271
f8558555
MH		 1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1273{
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1276
9f1db00c 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1278
1279 if (!status)
1280 return;
1281
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1283 if (!cp)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn) {
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1292 hci_conn_put(conn);
1293 }
1294 }
1295
1296 hci_dev_unlock(hdev);
1297}
1298
1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1300{
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1303
9f1db00c 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1305
1306 if (!status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn) {
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1319 hci_conn_put(conn);
1320 }
1321 }
1322
1323 hci_dev_unlock(hdev);
1324}
1325
127178d2 1326static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1327 struct hci_conn *conn)
392599b9 1328{
392599b9
JH		 1329 if (conn->state != BT_CONFIG || !conn->out)
1330 return 0;
1331
765c2a96 1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1333 return 0;
1334
1335 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1336 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1339 return 0;
1340
392599b9
JH		 1341 return 1;
1342}
1343
6039aa73 1344static int hci_resolve_name(struct hci_dev *hdev,
04124681 1345 struct inquiry_entry *e)
30dc78e1
JH		 1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
b644ba33 1359static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
b644ba33
JH		 1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1368 if (!e)
1369 return false;
1370
b644ba33
JH		 1371 if (hci_resolve_name(hdev, e) == 0) {
1372 e->name_state = NAME_PENDING;
1373 return true;
1374 }
1375
1376 return false;
1377}
1378
1379static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1380 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1381{
1382 struct discovery_state *discov = &hdev->discovery;
1383 struct inquiry_entry *e;
1384
1385 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1386 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1387 name_len, conn->dev_class);
b644ba33
JH		 1388
1389 if (discov->state == DISCOVERY_STOPPED)
1390 return;
1391
30dc78e1
JH		 1392 if (discov->state == DISCOVERY_STOPPING)
1393 goto discov_complete;
1394
1395 if (discov->state != DISCOVERY_RESOLVING)
1396 return;
1397
1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1399 /* If the device was not found in a list of found devices names of which
1400 * are pending. there is no need to continue resolving a next name as it
1401 * will be done upon receiving another Remote Name Request Complete
1402 * Event */
1403 if (!e)
1404 return;
1405
1406 list_del(&e->list);
1407 if (name) {
30dc78e1 1408 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1409 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1410 e->data.rssi, name, name_len);
30dc78e1
JH		 1411 }
1412
b644ba33 1413 if (hci_resolve_next_name(hdev))
30dc78e1 1414 return;
30dc78e1
JH		 1415
1416discov_complete:
1417 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1418}
1419
a9de9248
MH		 1420static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1421{
127178d2
JH		 1422 struct hci_cp_remote_name_req *cp;
1423 struct hci_conn *conn;
1424
9f1db00c 1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1426
1427 /* If successful wait for the name req complete event before
1428 * checking for the need to do authentication */
1429 if (!status)
1430 return;
1431
1432 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1433 if (!cp)
1434 return;
1435
1436 hci_dev_lock(hdev);
1437
b644ba33
JH		 1438 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1439
a8b2d5c2 1440 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1441 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1442
79c6c70c
JH		 1443 if (!conn)
1444 goto unlock;
1445
1446 if (!hci_outgoing_auth_needed(hdev, conn))
1447 goto unlock;
1448
51a8efd7 1449 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1450 struct hci_cp_auth_requested cp;
1451 cp.handle = __cpu_to_le16(conn->handle);
1452 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1453 }
1454
79c6c70c 1455unlock:
127178d2 1456 hci_dev_unlock(hdev);
a9de9248 1457}
1da177e4 1458
769be974
MH		 1459static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1460{
1461 struct hci_cp_read_remote_features *cp;
1462 struct hci_conn *conn;
1463
9f1db00c 1464 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1465
1466 if (!status)
1467 return;
1468
1469 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1470 if (!cp)
1471 return;
1472
1473 hci_dev_lock(hdev);
1474
1475 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1476 if (conn) {
1477 if (conn->state == BT_CONFIG) {
769be974
MH		 1478 hci_proto_connect_cfm(conn, status);
1479 hci_conn_put(conn);
1480 }
1481 }
1482
1483 hci_dev_unlock(hdev);
1484}
1485
1486static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1487{
1488 struct hci_cp_read_remote_ext_features *cp;
1489 struct hci_conn *conn;
1490
9f1db00c 1491 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1492
1493 if (!status)
1494 return;
1495
1496 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1497 if (!cp)
1498 return;
1499
1500 hci_dev_lock(hdev);
1501
1502 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1503 if (conn) {
1504 if (conn->state == BT_CONFIG) {
769be974
MH		 1505 hci_proto_connect_cfm(conn, status);
1506 hci_conn_put(conn);
1507 }
1508 }
1509
1510 hci_dev_unlock(hdev);
1511}
1512
a9de9248
MH		 1513static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1514{
b6a0dc82
MH		 1515 struct hci_cp_setup_sync_conn *cp;
1516 struct hci_conn *acl, *sco;
1517 __u16 handle;
1518
9f1db00c 1519 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1520
1521 if (!status)
1522 return;
1523
1524 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1525 if (!cp)
1526 return;
1527
1528 handle = __le16_to_cpu(cp->handle);
1529
9f1db00c 1530 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1531
1532 hci_dev_lock(hdev);
1533
1534 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1535 if (acl) {
1536 sco = acl->link;
1537 if (sco) {
1538 sco->state = BT_CLOSED;
b6a0dc82 1539
5a08ecce
AE		 1540 hci_proto_connect_cfm(sco, status);
1541 hci_conn_del(sco);
1542 }
b6a0dc82
MH		 1543 }
1544
1545 hci_dev_unlock(hdev);
1da177e4
LT		 1546}
1547
a9de9248 1548static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1549{
a9de9248
MH		 1550 struct hci_cp_sniff_mode *cp;
1551 struct hci_conn *conn;
1da177e4 1552
9f1db00c 1553 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1554
a9de9248
MH		 1555 if (!status)
1556 return;
04837f64 1557
a9de9248
MH		 1558 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1559 if (!cp)
1560 return;
04837f64 1561
a9de9248 1562 hci_dev_lock(hdev);
04837f64 1563
a9de9248 1564 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1565 if (conn) {
51a8efd7 1566 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1567
51a8efd7 1568 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1569 hci_sco_setup(conn, status);
1570 }
1571
a9de9248
MH		 1572 hci_dev_unlock(hdev);
1573}
04837f64 1574
a9de9248
MH		 1575static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1576{
1577 struct hci_cp_exit_sniff_mode *cp;
1578 struct hci_conn *conn;
04837f64 1579
9f1db00c 1580 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1581
a9de9248
MH		 1582 if (!status)
1583 return;
04837f64 1584
a9de9248
MH		 1585 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1586 if (!cp)
1587 return;
04837f64 1588
a9de9248 1589 hci_dev_lock(hdev);
1da177e4 1590
a9de9248 1591 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1592 if (conn) {
51a8efd7 1593 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1594
51a8efd7 1595 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1596 hci_sco_setup(conn, status);
1597 }
1598
a9de9248 1599 hci_dev_unlock(hdev);
1da177e4
LT		 1600}
1601
88c3df13
JH		 1602static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1603{
1604 struct hci_cp_disconnect *cp;
1605 struct hci_conn *conn;
1606
1607 if (!status)
1608 return;
1609
1610 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1611 if (!cp)
1612 return;
1613
1614 hci_dev_lock(hdev);
1615
1616 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1617 if (conn)
1618 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1619 conn->dst_type, status);
88c3df13
JH		 1620
1621 hci_dev_unlock(hdev);
1622}
1623
fcd89c09
VT		 1624static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1625{
1626 struct hci_cp_le_create_conn *cp;
1627 struct hci_conn *conn;
1628
9f1db00c 1629 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09
VT		 1630
1631 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1632 if (!cp)
1633 return;
1634
1635 hci_dev_lock(hdev);
1636
1637 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1638
1639 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
807deac2 1640 conn);
fcd89c09
VT		 1641
1642 if (status) {
1643 if (conn && conn->state == BT_CONNECT) {
1644 conn->state = BT_CLOSED;
328c9248
HG		 1645 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1646 conn->dst_type, status);
fcd89c09
VT		 1647 hci_proto_connect_cfm(conn, status);
1648 hci_conn_del(conn);
1649 }
1650 } else {
1651 if (!conn) {
1652 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1653 if (conn) {
1654 conn->dst_type = cp->peer_addr_type;
a0c808b3 1655 conn->out = true;
29b7988a 1656 } else {
fcd89c09 1657 BT_ERR("No memory for new connection");
29b7988a 1658 }
fcd89c09
VT		 1659 }
1660 }
1661
1662 hci_dev_unlock(hdev);
1663}
1664
a7a595f6
VCG		 1665static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1666{
9f1db00c 1667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1668}
1669
6039aa73 1670static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1671{
1672 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1673 struct discovery_state *discov = &hdev->discovery;
1674 struct inquiry_entry *e;
1da177e4 1675
9f1db00c 1676 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1677
23bb5763 1678 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1679
a9de9248 1680 hci_conn_check_pending(hdev);
89352e7d
AG		 1681
1682 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1683 return;
1684
a8b2d5c2 1685 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1686 return;
1687
56e5cb86 1688 hci_dev_lock(hdev);
30dc78e1 1689
343f935b 1690 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1691 goto unlock;
1692
1693 if (list_empty(&discov->resolve)) {
1694 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1695 goto unlock;
1696 }
1697
1698 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1699 if (e && hci_resolve_name(hdev, e) == 0) {
1700 e->name_state = NAME_PENDING;
1701 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1702 } else {
1703 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1704 }
1705
1706unlock:
56e5cb86 1707 hci_dev_unlock(hdev);
1da177e4
LT		 1708}
1709
6039aa73 1710static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1711{
45bb4bf0 1712 struct inquiry_data data;
a9de9248 1713 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1714 int num_rsp = *((__u8 *) skb->data);
1715
1716 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1717
45bb4bf0
MH		 1718 if (!num_rsp)
1719 return;
1720
1519cc17
AG		 1721 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1722 return;
1723
1da177e4 1724 hci_dev_lock(hdev);
45bb4bf0 1725
e17acd40 1726 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1727 bool name_known, ssp;
3175405b 1728
1da177e4
LT		 1729 bacpy(&data.bdaddr, &info->bdaddr);
1730 data.pscan_rep_mode = info->pscan_rep_mode;
1731 data.pscan_period_mode = info->pscan_period_mode;
1732 data.pscan_mode = info->pscan_mode;
1733 memcpy(data.dev_class, info->dev_class, 3);
1734 data.clock_offset = info->clock_offset;
1735 data.rssi = 0x00;
41a96212 1736 data.ssp_mode = 0x00;
3175405b 1737
388fc8fa 1738 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1739 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1740 info->dev_class, 0, !name_known, ssp, NULL,
1741 0);
1da177e4 1742 }
45bb4bf0 1743
1da177e4
LT		 1744 hci_dev_unlock(hdev);
1745}
1746
6039aa73 1747static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1748{
a9de9248
MH		 1749 struct hci_ev_conn_complete *ev = (void *) skb->data;
1750 struct hci_conn *conn;
1da177e4
LT		 1751
1752 BT_DBG("%s", hdev->name);
1753
1754 hci_dev_lock(hdev);
1755
1756 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1757 if (!conn) {
1758 if (ev->link_type != SCO_LINK)
1759 goto unlock;
1760
1761 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1762 if (!conn)
1763 goto unlock;
1764
1765 conn->type = SCO_LINK;
1766 }
1da177e4
LT		 1767
1768 if (!ev->status) {
1769 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1770
1771 if (conn->type == ACL_LINK) {
1772 conn->state = BT_CONFIG;
1773 hci_conn_hold(conn);
a9ea3ed9
SJ		 1774
1775 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1776 !hci_find_link_key(hdev, &ev->bdaddr))
1777 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1778 else
1779 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1780 } else
1781 conn->state = BT_CONNECTED;
1da177e4 1782
9eba32b8 1783 hci_conn_hold_device(conn);
7d0db0a3
MH		 1784 hci_conn_add_sysfs(conn);
1785
1da177e4
LT		 1786 if (test_bit(HCI_AUTH, &hdev->flags))
1787 conn->link_mode |= HCI_LM_AUTH;
1788
1789 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1790 conn->link_mode |= HCI_LM_ENCRYPT;
1791
04837f64
MH		 1792 /* Get remote features */
1793 if (conn->type == ACL_LINK) {
1794 struct hci_cp_read_remote_features cp;
1795 cp.handle = ev->handle;
769be974 1796 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1797 sizeof(cp), &cp);
04837f64
MH		 1798 }
1799
1da177e4 1800 /* Set packet type for incoming connection */
d095c1eb 1801 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1802 struct hci_cp_change_conn_ptype cp;
1803 cp.handle = ev->handle;
a8746417 1804 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1805 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1806 &cp);
1da177e4 1807 }
17d5c04c 1808 } else {
1da177e4 1809 conn->state = BT_CLOSED;
17d5c04c 1810 if (conn->type == ACL_LINK)
744cf19e 1811 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1812 conn->dst_type, ev->status);
17d5c04c 1813 }
1da177e4 1814
e73439d8
MH		 1815 if (conn->type == ACL_LINK)
1816 hci_sco_setup(conn, ev->status);
1da177e4 1817
769be974
MH		 1818 if (ev->status) {
1819 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1820 hci_conn_del(conn);
c89b6e6b
MH		 1821 } else if (ev->link_type != ACL_LINK)
1822 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1823
a9de9248 1824unlock:
1da177e4 1825 hci_dev_unlock(hdev);
1da177e4 1826
a9de9248 1827 hci_conn_check_pending(hdev);
1da177e4
LT		 1828}
1829
6039aa73 1830static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1831{
a9de9248
MH		 1832 struct hci_ev_conn_request *ev = (void *) skb->data;
1833 int mask = hdev->link_mode;
1da177e4 1834
807deac2
GP		 1835 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1836 ev->link_type);
1da177e4 1837
a9de9248 1838 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1839
138d22ef 1840 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1841 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1842 /* Connection accepted */
c7bdd502 1843 struct inquiry_entry *ie;
1da177e4 1844 struct hci_conn *conn;
1da177e4 1845
a9de9248 1846 hci_dev_lock(hdev);
b6a0dc82 1847
cc11b9c1
AE		 1848 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1849 if (ie)
c7bdd502
MH		 1850 memcpy(ie->data.dev_class, ev->dev_class, 3);
1851
8fc9ced3
GP		 1852 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1853 &ev->bdaddr);
a9de9248 1854 if (!conn) {
cc11b9c1
AE		 1855 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1856 if (!conn) {
893ef971 1857 BT_ERR("No memory for new connection");
a9de9248
MH		 1858 hci_dev_unlock(hdev);
1859 return;
1da177e4
LT		 1860 }
1861 }
b6a0dc82 1862
a9de9248
MH		 1863 memcpy(conn->dev_class, ev->dev_class, 3);
1864 conn->state = BT_CONNECT;
b6a0dc82 1865
a9de9248 1866 hci_dev_unlock(hdev);
1da177e4 1867
b6a0dc82
MH		 1868 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1869 struct hci_cp_accept_conn_req cp;
1da177e4 1870
b6a0dc82
MH		 1871 bacpy(&cp.bdaddr, &ev->bdaddr);
1872
1873 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1874 cp.role = 0x00; /* Become master */
1875 else
1876 cp.role = 0x01; /* Remain slave */
1877
04124681
GP		 1878 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1879 &cp);
b6a0dc82
MH		 1880 } else {
1881 struct hci_cp_accept_sync_conn_req cp;
1882
1883 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1884 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1885
82781e63
AE		 1886 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1887 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1888 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1889 cp.content_format = cpu_to_le16(hdev->voice_setting);
1890 cp.retrans_effort = 0xff;
1da177e4 1891
b6a0dc82 1892 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1893 sizeof(cp), &cp);
b6a0dc82 1894 }
a9de9248
MH		 1895 } else {
1896 /* Connection rejected */
1897 struct hci_cp_reject_conn_req cp;
1da177e4 1898
a9de9248 1899 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1900 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1901 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1902 }
1da177e4
LT		 1903}
1904
6039aa73 1905static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1906{
a9de9248 1907 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1908 struct hci_conn *conn;
1909
9f1db00c 1910 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1911
1912 hci_dev_lock(hdev);
1913
1914 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1915 if (!conn)
1916 goto unlock;
7d0db0a3 1917
37d9ef76
JH		 1918 if (ev->status == 0)
1919 conn->state = BT_CLOSED;
04837f64 1920
b644ba33 1921 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1922 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1923 if (ev->status != 0)
88c3df13 1924 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1925 conn->dst_type, ev->status);
37d9ef76 1926 else
afc747a6 1927 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1928 conn->dst_type);
37d9ef76 1929 }
f7520543 1930
37d9ef76 1931 if (ev->status == 0) {
6ec5bcad
VA		 1932 if (conn->type == ACL_LINK && conn->flush_key)
1933 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1934 hci_proto_disconn_cfm(conn, ev->reason);
1935 hci_conn_del(conn);
1936 }
f7520543
JH		 1937
1938unlock:
04837f64
MH		 1939 hci_dev_unlock(hdev);
1940}
1941
6039aa73 1942static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1943{
a9de9248 1944 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1945 struct hci_conn *conn;
1da177e4 1946
9f1db00c 1947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1948
1949 hci_dev_lock(hdev);
1950
04837f64 1951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1952 if (!conn)
1953 goto unlock;
1954
1955 if (!ev->status) {
aa64a8b5 1956 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1957 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1958 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1959 } else {
d7556e20
WR		 1960 conn->link_mode |= HCI_LM_AUTH;
1961 conn->sec_level = conn->pending_sec_level;
2a611692 1962 }
d7556e20 1963 } else {
bab73cb6 1964 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1965 ev->status);
d7556e20 1966 }
1da177e4 1967
51a8efd7
JH		 1968 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1969 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1970
d7556e20 1971 if (conn->state == BT_CONFIG) {
aa64a8b5 1972 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1973 struct hci_cp_set_conn_encrypt cp;
1974 cp.handle = ev->handle;
1975 cp.encrypt = 0x01;
1976 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1977 &cp);
052b30b0 1978 } else {
d7556e20
WR		 1979 conn->state = BT_CONNECTED;
1980 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1981 hci_conn_put(conn);
1982 }
d7556e20
WR		 1983 } else {
1984 hci_auth_cfm(conn, ev->status);
052b30b0 1985
d7556e20
WR		 1986 hci_conn_hold(conn);
1987 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1988 hci_conn_put(conn);
1989 }
1990
51a8efd7 1991 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1992 if (!ev->status) {
1993 struct hci_cp_set_conn_encrypt cp;
1994 cp.handle = ev->handle;
1995 cp.encrypt = 0x01;
1996 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1997 &cp);
d7556e20 1998 } else {
51a8efd7 1999 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2000 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2001 }
2002 }
2003
d7556e20 2004unlock:
1da177e4
LT		 2005 hci_dev_unlock(hdev);
2006}
2007
6039aa73 2008static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2009{
127178d2
JH		 2010 struct hci_ev_remote_name *ev = (void *) skb->data;
2011 struct hci_conn *conn;
2012
a9de9248 2013 BT_DBG("%s", hdev->name);
1da177e4 2014
a9de9248 2015 hci_conn_check_pending(hdev);
127178d2
JH		 2016
2017 hci_dev_lock(hdev);
2018
b644ba33 2019 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2020
b644ba33
JH		 2021 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2022 goto check_auth;
a88a9652 2023
b644ba33
JH		 2024 if (ev->status == 0)
2025 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2026 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2027 else
2028 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2029
2030check_auth:
79c6c70c
JH		 2031 if (!conn)
2032 goto unlock;
2033
2034 if (!hci_outgoing_auth_needed(hdev, conn))
2035 goto unlock;
2036
51a8efd7 2037 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2038 struct hci_cp_auth_requested cp;
2039 cp.handle = __cpu_to_le16(conn->handle);
2040 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2041 }
2042
79c6c70c 2043unlock:
127178d2 2044 hci_dev_unlock(hdev);
a9de9248
MH		 2045}
2046
6039aa73 2047static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2048{
2049 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2050 struct hci_conn *conn;
2051
9f1db00c 2052 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2053
2054 hci_dev_lock(hdev);
2055
04837f64 2056 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2057 if (conn) {
2058 if (!ev->status) {
ae293196
MH		 2059 if (ev->encrypt) {
2060 /* Encryption implies authentication */
2061 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2062 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2063 conn->sec_level = conn->pending_sec_level;
ae293196 2064 } else
1da177e4
LT		 2065 conn->link_mode &= ~HCI_LM_ENCRYPT;
2066 }
2067
51a8efd7 2068 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2069
a7d7723a 2070 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2071 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2072 hci_conn_put(conn);
2073 goto unlock;
2074 }
2075
f8558555
MH		 2076 if (conn->state == BT_CONFIG) {
2077 if (!ev->status)
2078 conn->state = BT_CONNECTED;
2079
2080 hci_proto_connect_cfm(conn, ev->status);
2081 hci_conn_put(conn);
2082 } else
2083 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2084 }
2085
a7d7723a 2086unlock:
1da177e4
LT		 2087 hci_dev_unlock(hdev);
2088}
2089
6039aa73
GP		 2090static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2091 struct sk_buff *skb)
1da177e4 2092{
a9de9248 2093 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2094 struct hci_conn *conn;
1da177e4 2095
9f1db00c 2096 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2097
2098 hci_dev_lock(hdev);
2099
04837f64 2100 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2101 if (conn) {
2102 if (!ev->status)
2103 conn->link_mode |= HCI_LM_SECURE;
2104
51a8efd7 2105 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2106
2107 hci_key_change_cfm(conn, ev->status);
2108 }
2109
2110 hci_dev_unlock(hdev);
2111}
2112
6039aa73
GP		 2113static void hci_remote_features_evt(struct hci_dev *hdev,
2114 struct sk_buff *skb)
1da177e4 2115{
a9de9248
MH		 2116 struct hci_ev_remote_features *ev = (void *) skb->data;
2117 struct hci_conn *conn;
2118
9f1db00c 2119 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2120
a9de9248
MH		 2121 hci_dev_lock(hdev);
2122
2123 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2124 if (!conn)
2125 goto unlock;
769be974 2126
ccd556fe
JH		 2127 if (!ev->status)
2128 memcpy(conn->features, ev->features, 8);
2129
2130 if (conn->state != BT_CONFIG)
2131 goto unlock;
2132
2133 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2134 struct hci_cp_read_remote_ext_features cp;
2135 cp.handle = ev->handle;
2136 cp.page = 0x01;
2137 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2138 sizeof(cp), &cp);
392599b9
JH		 2139 goto unlock;
2140 }
2141
671267bf 2142 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2143 struct hci_cp_remote_name_req cp;
2144 memset(&cp, 0, sizeof(cp));
2145 bacpy(&cp.bdaddr, &conn->dst);
2146 cp.pscan_rep_mode = 0x02;
2147 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2148 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2149 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2150 conn->dst_type, 0, NULL, 0,
2151 conn->dev_class);
392599b9 2152
127178d2 2153 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2154 conn->state = BT_CONNECTED;
2155 hci_proto_connect_cfm(conn, ev->status);
2156 hci_conn_put(conn);
769be974 2157 }
a9de9248 2158
ccd556fe 2159unlock:
a9de9248 2160 hci_dev_unlock(hdev);
1da177e4
LT		 2161}
2162
6039aa73 2163static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2164{
a9de9248 2165 BT_DBG("%s", hdev->name);
1da177e4
LT		 2166}
2167
6039aa73
GP		 2168static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2169 struct sk_buff *skb)
1da177e4 2170{
a9de9248 2171 BT_DBG("%s", hdev->name);
1da177e4
LT		 2172}
2173
6039aa73 2174static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2175{
2176 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2177 __u16 opcode;
2178
2179 skb_pull(skb, sizeof(*ev));
2180
2181 opcode = __le16_to_cpu(ev->opcode);
2182
2183 switch (opcode) {
2184 case HCI_OP_INQUIRY_CANCEL:
2185 hci_cc_inquiry_cancel(hdev, skb);
2186 break;
2187
4d93483b
AG		 2188 case HCI_OP_PERIODIC_INQ:
2189 hci_cc_periodic_inq(hdev, skb);
2190 break;
2191
a9de9248
MH		 2192 case HCI_OP_EXIT_PERIODIC_INQ:
2193 hci_cc_exit_periodic_inq(hdev, skb);
2194 break;
2195
2196 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2197 hci_cc_remote_name_req_cancel(hdev, skb);
2198 break;
2199
2200 case HCI_OP_ROLE_DISCOVERY:
2201 hci_cc_role_discovery(hdev, skb);
2202 break;
2203
e4e8e37c
MH		 2204 case HCI_OP_READ_LINK_POLICY:
2205 hci_cc_read_link_policy(hdev, skb);
2206 break;
2207
a9de9248
MH		 2208 case HCI_OP_WRITE_LINK_POLICY:
2209 hci_cc_write_link_policy(hdev, skb);
2210 break;
2211
e4e8e37c
MH		 2212 case HCI_OP_READ_DEF_LINK_POLICY:
2213 hci_cc_read_def_link_policy(hdev, skb);
2214 break;
2215
2216 case HCI_OP_WRITE_DEF_LINK_POLICY:
2217 hci_cc_write_def_link_policy(hdev, skb);
2218 break;
2219
a9de9248
MH		 2220 case HCI_OP_RESET:
2221 hci_cc_reset(hdev, skb);
2222 break;
2223
2224 case HCI_OP_WRITE_LOCAL_NAME:
2225 hci_cc_write_local_name(hdev, skb);
2226 break;
2227
2228 case HCI_OP_READ_LOCAL_NAME:
2229 hci_cc_read_local_name(hdev, skb);
2230 break;
2231
2232 case HCI_OP_WRITE_AUTH_ENABLE:
2233 hci_cc_write_auth_enable(hdev, skb);
2234 break;
2235
2236 case HCI_OP_WRITE_ENCRYPT_MODE:
2237 hci_cc_write_encrypt_mode(hdev, skb);
2238 break;
2239
2240 case HCI_OP_WRITE_SCAN_ENABLE:
2241 hci_cc_write_scan_enable(hdev, skb);
2242 break;
2243
2244 case HCI_OP_READ_CLASS_OF_DEV:
2245 hci_cc_read_class_of_dev(hdev, skb);
2246 break;
2247
2248 case HCI_OP_WRITE_CLASS_OF_DEV:
2249 hci_cc_write_class_of_dev(hdev, skb);
2250 break;
2251
2252 case HCI_OP_READ_VOICE_SETTING:
2253 hci_cc_read_voice_setting(hdev, skb);
2254 break;
2255
2256 case HCI_OP_WRITE_VOICE_SETTING:
2257 hci_cc_write_voice_setting(hdev, skb);
2258 break;
2259
2260 case HCI_OP_HOST_BUFFER_SIZE:
2261 hci_cc_host_buffer_size(hdev, skb);
2262 break;
2263
333140b5
MH		 2264 case HCI_OP_WRITE_SSP_MODE:
2265 hci_cc_write_ssp_mode(hdev, skb);
2266 break;
2267
a9de9248
MH		 2268 case HCI_OP_READ_LOCAL_VERSION:
2269 hci_cc_read_local_version(hdev, skb);
2270 break;
2271
2272 case HCI_OP_READ_LOCAL_COMMANDS:
2273 hci_cc_read_local_commands(hdev, skb);
2274 break;
2275
2276 case HCI_OP_READ_LOCAL_FEATURES:
2277 hci_cc_read_local_features(hdev, skb);
2278 break;
2279
971e3a4b
AG		 2280 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2281 hci_cc_read_local_ext_features(hdev, skb);
2282 break;
2283
a9de9248
MH		 2284 case HCI_OP_READ_BUFFER_SIZE:
2285 hci_cc_read_buffer_size(hdev, skb);
2286 break;
2287
2288 case HCI_OP_READ_BD_ADDR:
2289 hci_cc_read_bd_addr(hdev, skb);
2290 break;
2291
350ee4cf
AE		 2292 case HCI_OP_READ_DATA_BLOCK_SIZE:
2293 hci_cc_read_data_block_size(hdev, skb);
2294 break;
2295
23bb5763
JH		 2296 case HCI_OP_WRITE_CA_TIMEOUT:
2297 hci_cc_write_ca_timeout(hdev, skb);
2298 break;
2299
1e89cffb
AE		 2300 case HCI_OP_READ_FLOW_CONTROL_MODE:
2301 hci_cc_read_flow_control_mode(hdev, skb);
2302 break;
2303
928abaa7
AE		 2304 case HCI_OP_READ_LOCAL_AMP_INFO:
2305 hci_cc_read_local_amp_info(hdev, skb);
2306 break;
2307
b0916ea0
JH		 2308 case HCI_OP_DELETE_STORED_LINK_KEY:
2309 hci_cc_delete_stored_link_key(hdev, skb);
2310 break;
2311
d5859e22
JH		 2312 case HCI_OP_SET_EVENT_MASK:
2313 hci_cc_set_event_mask(hdev, skb);
2314 break;
2315
2316 case HCI_OP_WRITE_INQUIRY_MODE:
2317 hci_cc_write_inquiry_mode(hdev, skb);
2318 break;
2319
2320 case HCI_OP_READ_INQ_RSP_TX_POWER:
2321 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2322 break;
2323
2324 case HCI_OP_SET_EVENT_FLT:
2325 hci_cc_set_event_flt(hdev, skb);
2326 break;
2327
980e1a53
JH		 2328 case HCI_OP_PIN_CODE_REPLY:
2329 hci_cc_pin_code_reply(hdev, skb);
2330 break;
2331
2332 case HCI_OP_PIN_CODE_NEG_REPLY:
2333 hci_cc_pin_code_neg_reply(hdev, skb);
2334 break;
2335
c35938b2
SJ		 2336 case HCI_OP_READ_LOCAL_OOB_DATA:
2337 hci_cc_read_local_oob_data_reply(hdev, skb);
2338 break;
2339
6ed58ec5
VT		 2340 case HCI_OP_LE_READ_BUFFER_SIZE:
2341 hci_cc_le_read_buffer_size(hdev, skb);
2342 break;
2343
a5c29683
JH		 2344 case HCI_OP_USER_CONFIRM_REPLY:
2345 hci_cc_user_confirm_reply(hdev, skb);
2346 break;
2347
2348 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2349 hci_cc_user_confirm_neg_reply(hdev, skb);
2350 break;
2351
1143d458
BG		 2352 case HCI_OP_USER_PASSKEY_REPLY:
2353 hci_cc_user_passkey_reply(hdev, skb);
2354 break;
2355
2356 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2357 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2358 break;
07f7fa5d
AG		 2359
2360 case HCI_OP_LE_SET_SCAN_PARAM:
2361 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2362 break;
2363
eb9d91f5
AG		 2364 case HCI_OP_LE_SET_SCAN_ENABLE:
2365 hci_cc_le_set_scan_enable(hdev, skb);
2366 break;
2367
a7a595f6
VCG		 2368 case HCI_OP_LE_LTK_REPLY:
2369 hci_cc_le_ltk_reply(hdev, skb);
2370 break;
2371
2372 case HCI_OP_LE_LTK_NEG_REPLY:
2373 hci_cc_le_ltk_neg_reply(hdev, skb);
2374 break;
2375
f9b49306
AG		 2376 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2377 hci_cc_write_le_host_supported(hdev, skb);
2378 break;
2379
a9de9248 2380 default:
9f1db00c 2381 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2382 break;
2383 }
2384
6bd32326
VT		 2385 if (ev->opcode != HCI_OP_NOP)
2386 del_timer(&hdev->cmd_timer);
2387
a9de9248
MH		 2388 if (ev->ncmd) {
2389 atomic_set(&hdev->cmd_cnt, 1);
2390 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2391 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2392 }
2393}
2394
6039aa73 2395static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2396{
2397 struct hci_ev_cmd_status *ev = (void *) skb->data;
2398 __u16 opcode;
2399
2400 skb_pull(skb, sizeof(*ev));
2401
2402 opcode = __le16_to_cpu(ev->opcode);
2403
2404 switch (opcode) {
2405 case HCI_OP_INQUIRY:
2406 hci_cs_inquiry(hdev, ev->status);
2407 break;
2408
2409 case HCI_OP_CREATE_CONN:
2410 hci_cs_create_conn(hdev, ev->status);
2411 break;
2412
2413 case HCI_OP_ADD_SCO:
2414 hci_cs_add_sco(hdev, ev->status);
2415 break;
2416
f8558555
MH		 2417 case HCI_OP_AUTH_REQUESTED:
2418 hci_cs_auth_requested(hdev, ev->status);
2419 break;
2420
2421 case HCI_OP_SET_CONN_ENCRYPT:
2422 hci_cs_set_conn_encrypt(hdev, ev->status);
2423 break;
2424
a9de9248
MH		 2425 case HCI_OP_REMOTE_NAME_REQ:
2426 hci_cs_remote_name_req(hdev, ev->status);
2427 break;
2428
769be974
MH		 2429 case HCI_OP_READ_REMOTE_FEATURES:
2430 hci_cs_read_remote_features(hdev, ev->status);
2431 break;
2432
2433 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2434 hci_cs_read_remote_ext_features(hdev, ev->status);
2435 break;
2436
a9de9248
MH		 2437 case HCI_OP_SETUP_SYNC_CONN:
2438 hci_cs_setup_sync_conn(hdev, ev->status);
2439 break;
2440
2441 case HCI_OP_SNIFF_MODE:
2442 hci_cs_sniff_mode(hdev, ev->status);
2443 break;
2444
2445 case HCI_OP_EXIT_SNIFF_MODE:
2446 hci_cs_exit_sniff_mode(hdev, ev->status);
2447 break;
2448
8962ee74 2449 case HCI_OP_DISCONNECT:
88c3df13 2450 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2451 break;
2452
fcd89c09
VT		 2453 case HCI_OP_LE_CREATE_CONN:
2454 hci_cs_le_create_conn(hdev, ev->status);
2455 break;
2456
a7a595f6
VCG		 2457 case HCI_OP_LE_START_ENC:
2458 hci_cs_le_start_enc(hdev, ev->status);
2459 break;
2460
a9de9248 2461 default:
9f1db00c 2462 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2463 break;
2464 }
2465
6bd32326
VT		 2466 if (ev->opcode != HCI_OP_NOP)
2467 del_timer(&hdev->cmd_timer);
2468
10572132 2469 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2470 atomic_set(&hdev->cmd_cnt, 1);
2471 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2472 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2473 }
2474}
2475
6039aa73 2476static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2477{
2478 struct hci_ev_role_change *ev = (void *) skb->data;
2479 struct hci_conn *conn;
2480
9f1db00c 2481 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2482
2483 hci_dev_lock(hdev);
2484
2485 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2486 if (conn) {
2487 if (!ev->status) {
2488 if (ev->role)
2489 conn->link_mode &= ~HCI_LM_MASTER;
2490 else
2491 conn->link_mode |= HCI_LM_MASTER;
2492 }
2493
51a8efd7 2494 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2495
2496 hci_role_switch_cfm(conn, ev->status, ev->role);
2497 }
2498
2499 hci_dev_unlock(hdev);
2500}
2501
6039aa73 2502static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2503{
2504 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2505 int i;
2506
32ac5b9b
AE		 2507 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2508 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2509 return;
2510 }
2511
c5993de8 2512 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2513 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2514 BT_DBG("%s bad parameters", hdev->name);
2515 return;
2516 }
2517
c5993de8
AE		 2518 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2519
613a1c0c
AE		 2520 for (i = 0; i < ev->num_hndl; i++) {
2521 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2522 struct hci_conn *conn;
2523 __u16 handle, count;
2524
613a1c0c
AE		 2525 handle = __le16_to_cpu(info->handle);
2526 count = __le16_to_cpu(info->count);
a9de9248
MH		 2527
2528 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2529 if (!conn)
2530 continue;
2531
2532 conn->sent -= count;
2533
2534 switch (conn->type) {
2535 case ACL_LINK:
2536 hdev->acl_cnt += count;
2537 if (hdev->acl_cnt > hdev->acl_pkts)
2538 hdev->acl_cnt = hdev->acl_pkts;
2539 break;
2540
2541 case LE_LINK:
2542 if (hdev->le_pkts) {
2543 hdev->le_cnt += count;
2544 if (hdev->le_cnt > hdev->le_pkts)
2545 hdev->le_cnt = hdev->le_pkts;
2546 } else {
70f23020
AE		 2547 hdev->acl_cnt += count;
2548 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2549 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2550 }
f4280918
AE		 2551 break;
2552
2553 case SCO_LINK:
2554 hdev->sco_cnt += count;
2555 if (hdev->sco_cnt > hdev->sco_pkts)
2556 hdev->sco_cnt = hdev->sco_pkts;
2557 break;
2558
2559 default:
2560 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2561 break;
a9de9248
MH		 2562 }
2563 }
2564
3eff45ea 2565 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2566}
2567
6039aa73 2568static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2569{
2570 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2571 int i;
2572
2573 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2574 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2575 return;
2576 }
2577
2578 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2579 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2580 BT_DBG("%s bad parameters", hdev->name);
2581 return;
2582 }
2583
2584 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2585 ev->num_hndl);
25e89e99
AE		 2586
2587 for (i = 0; i < ev->num_hndl; i++) {
2588 struct hci_comp_blocks_info *info = &ev->handles[i];
2589 struct hci_conn *conn;
2590 __u16 handle, block_count;
2591
2592 handle = __le16_to_cpu(info->handle);
2593 block_count = __le16_to_cpu(info->blocks);
2594
2595 conn = hci_conn_hash_lookup_handle(hdev, handle);
2596 if (!conn)
2597 continue;
2598
2599 conn->sent -= block_count;
2600
2601 switch (conn->type) {
2602 case ACL_LINK:
2603 hdev->block_cnt += block_count;
2604 if (hdev->block_cnt > hdev->num_blocks)
2605 hdev->block_cnt = hdev->num_blocks;
2606 break;
2607
2608 default:
2609 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2610 break;
2611 }
2612 }
2613
2614 queue_work(hdev->workqueue, &hdev->tx_work);
2615}
2616
6039aa73 2617static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2618{
a9de9248 2619 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2620 struct hci_conn *conn;
2621
9f1db00c 2622 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2623
2624 hci_dev_lock(hdev);
2625
2626 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2627 if (conn) {
2628 conn->mode = ev->mode;
2629 conn->interval = __le16_to_cpu(ev->interval);
2630
8fc9ced3
GP		 2631 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2632 &conn->flags)) {
a9de9248 2633 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2634 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2635 else
58a681ef 2636 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2637 }
e73439d8 2638
51a8efd7 2639 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2640 hci_sco_setup(conn, ev->status);
04837f64
MH		 2641 }
2642
2643 hci_dev_unlock(hdev);
2644}
2645
6039aa73 2646static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2647{
052b30b0
MH		 2648 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2649 struct hci_conn *conn;
2650
a9de9248 2651 BT_DBG("%s", hdev->name);
052b30b0
MH		 2652
2653 hci_dev_lock(hdev);
2654
2655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2656 if (!conn)
2657 goto unlock;
2658
2659 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2660 hci_conn_hold(conn);
2661 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2662 hci_conn_put(conn);
2663 }
2664
a8b2d5c2 2665 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2666 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2667 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2668 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2669 u8 secure;
2670
2671 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2672 secure = 1;
2673 else
2674 secure = 0;
2675
744cf19e 2676 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2677 }
980e1a53 2678
b6f98044 2679unlock:
052b30b0 2680 hci_dev_unlock(hdev);
a9de9248
MH		 2681}
2682
6039aa73 2683static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2684{
55ed8ca1
JH		 2685 struct hci_ev_link_key_req *ev = (void *) skb->data;
2686 struct hci_cp_link_key_reply cp;
2687 struct hci_conn *conn;
2688 struct link_key *key;
2689
a9de9248 2690 BT_DBG("%s", hdev->name);
55ed8ca1 2691
a8b2d5c2 2692 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2693 return;
2694
2695 hci_dev_lock(hdev);
2696
2697 key = hci_find_link_key(hdev, &ev->bdaddr);
2698 if (!key) {
2699 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2700 batostr(&ev->bdaddr));
55ed8ca1
JH		 2701 goto not_found;
2702 }
2703
2704 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2705 batostr(&ev->bdaddr));
55ed8ca1 2706
a8b2d5c2 2707 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2708 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2709 BT_DBG("%s ignoring debug key", hdev->name);
2710 goto not_found;
2711 }
2712
2713 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2714 if (conn) {
2715 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2716 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2717 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2718 goto not_found;
2719 }
55ed8ca1 2720
60b83f57 2721 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2722 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2723 BT_DBG("%s ignoring key unauthenticated for high security",
2724 hdev->name);
60b83f57
WR		 2725 goto not_found;
2726 }
2727
2728 conn->key_type = key->type;
2729 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2730 }
2731
2732 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2733 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2734
2735 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2736
2737 hci_dev_unlock(hdev);
2738
2739 return;
2740
2741not_found:
2742 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2743 hci_dev_unlock(hdev);
a9de9248
MH		 2744}
2745
6039aa73 2746static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2747{
052b30b0
MH		 2748 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2749 struct hci_conn *conn;
55ed8ca1 2750 u8 pin_len = 0;
052b30b0 2751
a9de9248 2752 BT_DBG("%s", hdev->name);
052b30b0
MH		 2753
2754 hci_dev_lock(hdev);
2755
2756 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2757 if (conn) {
2758 hci_conn_hold(conn);
2759 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2760 pin_len = conn->pin_length;
13d39315
WR		 2761
2762 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2763 conn->key_type = ev->key_type;
2764
052b30b0
MH		 2765 hci_conn_put(conn);
2766 }
2767
a8b2d5c2 2768 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2769 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2770 ev->key_type, pin_len);
55ed8ca1 2771
052b30b0 2772 hci_dev_unlock(hdev);
a9de9248
MH		 2773}
2774
6039aa73 2775static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2776{
a9de9248 2777 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2778 struct hci_conn *conn;
1da177e4 2779
9f1db00c 2780 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2781
2782 hci_dev_lock(hdev);
2783
04837f64 2784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2785 if (conn && !ev->status) {
2786 struct inquiry_entry *ie;
2787
cc11b9c1
AE		 2788 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2789 if (ie) {
1da177e4
LT		 2790 ie->data.clock_offset = ev->clock_offset;
2791 ie->timestamp = jiffies;
2792 }
2793 }
2794
2795 hci_dev_unlock(hdev);
2796}
2797
6039aa73 2798static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2799{
2800 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2801 struct hci_conn *conn;
2802
9f1db00c 2803 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2804
2805 hci_dev_lock(hdev);
2806
2807 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2808 if (conn && !ev->status)
2809 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2810
2811 hci_dev_unlock(hdev);
2812}
2813
6039aa73 2814static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2815{
a9de9248 2816 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2817 struct inquiry_entry *ie;
2818
2819 BT_DBG("%s", hdev->name);
2820
2821 hci_dev_lock(hdev);
2822
cc11b9c1
AE		 2823 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2824 if (ie) {
85a1e930
MH		 2825 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2826 ie->timestamp = jiffies;
2827 }
2828
2829 hci_dev_unlock(hdev);
2830}
2831
6039aa73
GP		 2832static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2833 struct sk_buff *skb)
a9de9248
MH		 2834{
2835 struct inquiry_data data;
2836 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2837 bool name_known, ssp;
a9de9248
MH		 2838
2839 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2840
2841 if (!num_rsp)
2842 return;
2843
1519cc17
AG		 2844 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2845 return;
2846
a9de9248
MH		 2847 hci_dev_lock(hdev);
2848
2849 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2850 struct inquiry_info_with_rssi_and_pscan_mode *info;
2851 info = (void *) (skb->data + 1);
a9de9248 2852
e17acd40 2853 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2854 bacpy(&data.bdaddr, &info->bdaddr);
2855 data.pscan_rep_mode = info->pscan_rep_mode;
2856 data.pscan_period_mode = info->pscan_period_mode;
2857 data.pscan_mode = info->pscan_mode;
2858 memcpy(data.dev_class, info->dev_class, 3);
2859 data.clock_offset = info->clock_offset;
2860 data.rssi = info->rssi;
41a96212 2861 data.ssp_mode = 0x00;
3175405b
JH		 2862
2863 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2864 false, &ssp);
48264f06 2865 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2866 info->dev_class, info->rssi,
2867 !name_known, ssp, NULL, 0);
a9de9248
MH		 2868 }
2869 } else {
2870 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2871
e17acd40 2872 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2873 bacpy(&data.bdaddr, &info->bdaddr);
2874 data.pscan_rep_mode = info->pscan_rep_mode;
2875 data.pscan_period_mode = info->pscan_period_mode;
2876 data.pscan_mode = 0x00;
2877 memcpy(data.dev_class, info->dev_class, 3);
2878 data.clock_offset = info->clock_offset;
2879 data.rssi = info->rssi;
41a96212 2880 data.ssp_mode = 0x00;
3175405b 2881 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2882 false, &ssp);
48264f06 2883 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2884 info->dev_class, info->rssi,
2885 !name_known, ssp, NULL, 0);
a9de9248
MH		 2886 }
2887 }
2888
2889 hci_dev_unlock(hdev);
2890}
2891
6039aa73
GP		 2892static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2893 struct sk_buff *skb)
a9de9248 2894{
41a96212
MH		 2895 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2896 struct hci_conn *conn;
2897
a9de9248 2898 BT_DBG("%s", hdev->name);
41a96212 2899
41a96212
MH		 2900 hci_dev_lock(hdev);
2901
2902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2903 if (!conn)
2904 goto unlock;
41a96212 2905
ccd556fe
JH		 2906 if (!ev->status && ev->page == 0x01) {
2907 struct inquiry_entry *ie;
41a96212 2908
cc11b9c1
AE		 2909 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2910 if (ie)
02b7cc62 2911 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2912
02b7cc62 2913 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2914 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2915 }
2916
2917 if (conn->state != BT_CONFIG)
2918 goto unlock;
2919
671267bf 2920 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2921 struct hci_cp_remote_name_req cp;
2922 memset(&cp, 0, sizeof(cp));
2923 bacpy(&cp.bdaddr, &conn->dst);
2924 cp.pscan_rep_mode = 0x02;
2925 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2926 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2927 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2928 conn->dst_type, 0, NULL, 0,
2929 conn->dev_class);
392599b9 2930
127178d2 2931 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2932 conn->state = BT_CONNECTED;
2933 hci_proto_connect_cfm(conn, ev->status);
2934 hci_conn_put(conn);
41a96212
MH		 2935 }
2936
ccd556fe 2937unlock:
41a96212 2938 hci_dev_unlock(hdev);
a9de9248
MH		 2939}
2940
6039aa73
GP		 2941static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2942 struct sk_buff *skb)
a9de9248 2943{
b6a0dc82
MH		 2944 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2945 struct hci_conn *conn;
2946
9f1db00c 2947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2948
2949 hci_dev_lock(hdev);
2950
2951 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2952 if (!conn) {
2953 if (ev->link_type == ESCO_LINK)
2954 goto unlock;
2955
2956 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2957 if (!conn)
2958 goto unlock;
2959
2960 conn->type = SCO_LINK;
2961 }
b6a0dc82 2962
732547f9
MH		 2963 switch (ev->status) {
2964 case 0x00:
b6a0dc82
MH		 2965 conn->handle = __le16_to_cpu(ev->handle);
2966 conn->state = BT_CONNECTED;
7d0db0a3 2967
9eba32b8 2968 hci_conn_hold_device(conn);
7d0db0a3 2969 hci_conn_add_sysfs(conn);
732547f9
MH		 2970 break;
2971
705e5711 2972 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2973 case 0x1c: /* SCO interval rejected */
1038a00b 2974 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2975 case 0x1f: /* Unspecified error */
2976 if (conn->out && conn->attempt < 2) {
2977 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2978 (hdev->esco_type & EDR_ESCO_MASK);
2979 hci_setup_sync(conn, conn->link->handle);
2980 goto unlock;
2981 }
2982 /* fall through */
2983
2984 default:
b6a0dc82 2985 conn->state = BT_CLOSED;
732547f9
MH		 2986 break;
2987 }
b6a0dc82
MH		 2988
2989 hci_proto_connect_cfm(conn, ev->status);
2990 if (ev->status)
2991 hci_conn_del(conn);
2992
2993unlock:
2994 hci_dev_unlock(hdev);
a9de9248
MH		 2995}
2996
6039aa73 2997static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2998{
2999 BT_DBG("%s", hdev->name);
3000}
3001
6039aa73 3002static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3003{
a9de9248 3004 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3005
9f1db00c 3006 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3007}
3008
6039aa73
GP		 3009static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3010 struct sk_buff *skb)
1da177e4 3011{
a9de9248
MH		 3012 struct inquiry_data data;
3013 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3014 int num_rsp = *((__u8 *) skb->data);
9d939d94 3015 size_t eir_len;
1da177e4 3016
a9de9248 3017 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3018
a9de9248
MH		 3019 if (!num_rsp)
3020 return;
1da177e4 3021
1519cc17
AG		 3022 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3023 return;
3024
a9de9248
MH		 3025 hci_dev_lock(hdev);
3026
e17acd40 3027 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3028 bool name_known, ssp;
561aafbc 3029
a9de9248 3030 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3031 data.pscan_rep_mode = info->pscan_rep_mode;
3032 data.pscan_period_mode = info->pscan_period_mode;
3033 data.pscan_mode = 0x00;
a9de9248 3034 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3035 data.clock_offset = info->clock_offset;
3036 data.rssi = info->rssi;
41a96212 3037 data.ssp_mode = 0x01;
561aafbc 3038
a8b2d5c2 3039 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3040 name_known = eir_has_data_type(info->data,
04124681
GP		 3041 sizeof(info->data),
3042 EIR_NAME_COMPLETE);
561aafbc
JH		 3043 else
3044 name_known = true;
3045
388fc8fa 3046 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3047 &ssp);
9d939d94 3048 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3049 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3050 info->dev_class, info->rssi, !name_known,
9d939d94 3051 ssp, info->data, eir_len);
a9de9248
MH		 3052 }
3053
3054 hci_dev_unlock(hdev);
3055}
1da177e4 3056
1c2e0041
JH		 3057static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3058 struct sk_buff *skb)
3059{
3060 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3061 struct hci_conn *conn;
3062
9f1db00c 3063 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3064 __le16_to_cpu(ev->handle));
3065
3066 hci_dev_lock(hdev);
3067
3068 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3069 if (!conn)
3070 goto unlock;
3071
3072 if (!ev->status)
3073 conn->sec_level = conn->pending_sec_level;
3074
3075 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3076
3077 if (ev->status && conn->state == BT_CONNECTED) {
3078 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3079 hci_conn_put(conn);
3080 goto unlock;
3081 }
3082
3083 if (conn->state == BT_CONFIG) {
3084 if (!ev->status)
3085 conn->state = BT_CONNECTED;
3086
3087 hci_proto_connect_cfm(conn, ev->status);
3088 hci_conn_put(conn);
3089 } else {
3090 hci_auth_cfm(conn, ev->status);
3091
3092 hci_conn_hold(conn);
3093 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3094 hci_conn_put(conn);
3095 }
3096
3097unlock:
3098 hci_dev_unlock(hdev);
3099}
3100
6039aa73 3101static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3102{
3103 /* If remote requests dedicated bonding follow that lead */
3104 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3105 /* If both remote and local IO capabilities allow MITM
3106 * protection then require it, otherwise don't */
3107 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3108 return 0x02;
3109 else
3110 return 0x03;
3111 }
3112
3113 /* If remote requests no-bonding follow that lead */
3114 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3115 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3116
3117 return conn->auth_type;
3118}
3119
6039aa73 3120static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3121{
3122 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3123 struct hci_conn *conn;
3124
3125 BT_DBG("%s", hdev->name);
3126
3127 hci_dev_lock(hdev);
3128
3129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3130 if (!conn)
3131 goto unlock;
3132
3133 hci_conn_hold(conn);
3134
a8b2d5c2 3135 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3136 goto unlock;
3137
a8b2d5c2 3138 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3139 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3140 struct hci_cp_io_capability_reply cp;
3141
3142 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3143 /* Change the IO capability from KeyboardDisplay
3144 * to DisplayYesNo as it is not supported by BT spec. */
3145 cp.capability = (conn->io_capability == 0x04) ?
3146 0x01 : conn->io_capability;
7cbc9bd9
JH		 3147 conn->auth_type = hci_get_auth_req(conn);
3148 cp.authentication = conn->auth_type;
17fa4b9d 3149
8fc9ced3
GP		 3150 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3151 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3152 cp.oob_data = 0x01;
3153 else
3154 cp.oob_data = 0x00;
3155
17fa4b9d 3156 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3157 sizeof(cp), &cp);
03b555e1
JH		 3158 } else {
3159 struct hci_cp_io_capability_neg_reply cp;
3160
3161 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3162 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3163
03b555e1 3164 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3165 sizeof(cp), &cp);
03b555e1
JH		 3166 }
3167
3168unlock:
3169 hci_dev_unlock(hdev);
3170}
3171
6039aa73 3172static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3173{
3174 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3175 struct hci_conn *conn;
3176
3177 BT_DBG("%s", hdev->name);
3178
3179 hci_dev_lock(hdev);
3180
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3182 if (!conn)
3183 goto unlock;
3184
03b555e1 3185 conn->remote_cap = ev->capability;
03b555e1 3186 conn->remote_auth = ev->authentication;
58a681ef
JH		 3187 if (ev->oob_data)
3188 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3189
3190unlock:
0493684e
MH		 3191 hci_dev_unlock(hdev);
3192}
3193
6039aa73
GP		 3194static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3195 struct sk_buff *skb)
a5c29683
JH		 3196{
3197 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3198 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3199 struct hci_conn *conn;
a5c29683
JH		 3200
3201 BT_DBG("%s", hdev->name);
3202
3203 hci_dev_lock(hdev);
3204
a8b2d5c2 3205 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3206 goto unlock;
a5c29683 3207
7a828908
JH		 3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3209 if (!conn)
3210 goto unlock;
3211
3212 loc_mitm = (conn->auth_type & 0x01);
3213 rem_mitm = (conn->remote_auth & 0x01);
3214
3215 /* If we require MITM but the remote device can't provide that
3216 * (it has NoInputNoOutput) then reject the confirmation
3217 * request. The only exception is when we're dedicated bonding
3218 * initiators (connect_cfm_cb set) since then we always have the MITM
3219 * bit set. */
3220 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3221 BT_DBG("Rejecting request: remote device can't provide MITM");
3222 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3223 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3224 goto unlock;
3225 }
3226
3227 /* If no side requires MITM protection; auto-accept */
3228 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3229 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3230
3231 /* If we're not the initiators request authorization to
3232 * proceed from user space (mgmt_user_confirm with
3233 * confirm_hint set to 1). */
51a8efd7 3234 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3235 BT_DBG("Confirming auto-accept as acceptor");
3236 confirm_hint = 1;
3237 goto confirm;
3238 }
3239
9f61656a 3240 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3241 hdev->auto_accept_delay);
9f61656a
JH		 3242
3243 if (hdev->auto_accept_delay > 0) {
3244 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3245 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3246 goto unlock;
3247 }
3248
7a828908 3249 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3250 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3251 goto unlock;
3252 }
3253
55bc1a37 3254confirm:
272d90df 3255 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3256 confirm_hint);
7a828908
JH		 3257
3258unlock:
a5c29683
JH		 3259 hci_dev_unlock(hdev);
3260}
3261
6039aa73
GP		 3262static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3263 struct sk_buff *skb)
1143d458
BG		 3264{
3265 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3266
3267 BT_DBG("%s", hdev->name);
3268
3269 hci_dev_lock(hdev);
3270
a8b2d5c2 3271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3272 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3273
3274 hci_dev_unlock(hdev);
3275}
3276
6039aa73
GP		 3277static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3278 struct sk_buff *skb)
0493684e
MH		 3279{
3280 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3281 struct hci_conn *conn;
3282
3283 BT_DBG("%s", hdev->name);
3284
3285 hci_dev_lock(hdev);
3286
3287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3288 if (!conn)
3289 goto unlock;
3290
3291 /* To avoid duplicate auth_failed events to user space we check
3292 * the HCI_CONN_AUTH_PEND flag which will be set if we
3293 * initiated the authentication. A traditional auth_complete
3294 * event gets always produced as initiator and is also mapped to
3295 * the mgmt_auth_failed event */
51a8efd7 3296 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3297 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3298 ev->status);
0493684e 3299
2a611692
JH		 3300 hci_conn_put(conn);
3301
3302unlock:
0493684e
MH		 3303 hci_dev_unlock(hdev);
3304}
3305
6039aa73
GP		 3306static void hci_remote_host_features_evt(struct hci_dev *hdev,
3307 struct sk_buff *skb)
41a96212
MH		 3308{
3309 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3310 struct inquiry_entry *ie;
3311
3312 BT_DBG("%s", hdev->name);
3313
3314 hci_dev_lock(hdev);
3315
cc11b9c1
AE		 3316 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3317 if (ie)
02b7cc62 3318 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3319
3320 hci_dev_unlock(hdev);
3321}
3322
6039aa73
GP		 3323static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3324 struct sk_buff *skb)
2763eda6
SJ		 3325{
3326 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3327 struct oob_data *data;
3328
3329 BT_DBG("%s", hdev->name);
3330
3331 hci_dev_lock(hdev);
3332
a8b2d5c2 3333 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3334 goto unlock;
3335
2763eda6
SJ		 3336 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3337 if (data) {
3338 struct hci_cp_remote_oob_data_reply cp;
3339
3340 bacpy(&cp.bdaddr, &ev->bdaddr);
3341 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3342 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3343
3344 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3345 &cp);
2763eda6
SJ		 3346 } else {
3347 struct hci_cp_remote_oob_data_neg_reply cp;
3348
3349 bacpy(&cp.bdaddr, &ev->bdaddr);
3350 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3351 &cp);
2763eda6
SJ		 3352 }
3353
e1ba1f15 3354unlock:
2763eda6
SJ		 3355 hci_dev_unlock(hdev);
3356}
3357
6039aa73 3358static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3359{
3360 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3361 struct hci_conn *conn;
3362
9f1db00c 3363 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3364
3365 hci_dev_lock(hdev);
3366
4f72b329
AK		 3367 if (ev->status) {
3368 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3369 if (!conn)
3370 goto unlock;
3371
3372 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3373 conn->dst_type, ev->status);
3374 hci_proto_connect_cfm(conn, ev->status);
3375 conn->state = BT_CLOSED;
3376 hci_conn_del(conn);
3377 goto unlock;
3378 }
3379
fcd89c09 3380 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3381 if (!conn) {
3382 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3383 if (!conn) {
3384 BT_ERR("No memory for new connection");
3385 hci_dev_unlock(hdev);
3386 return;
3387 }
29b7988a
AG		 3388
3389 conn->dst_type = ev->bdaddr_type;
b62f328b 3390 }
fcd89c09 3391
b644ba33
JH		 3392 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3393 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3394 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3395
7b5c0d52 3396 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3397 conn->handle = __le16_to_cpu(ev->handle);
3398 conn->state = BT_CONNECTED;
3399
3400 hci_conn_hold_device(conn);
3401 hci_conn_add_sysfs(conn);
3402
3403 hci_proto_connect_cfm(conn, ev->status);
3404
3405unlock:
3406 hci_dev_unlock(hdev);
3407}
3408
6039aa73 3409static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3410{
e95beb41
AG		 3411 u8 num_reports = skb->data[0];
3412 void *ptr = &skb->data[1];
3c9e9195 3413 s8 rssi;
9aa04c91
AG		 3414
3415 hci_dev_lock(hdev);
3416
e95beb41
AG		 3417 while (num_reports--) {
3418 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3419
3c9e9195
AG		 3420 rssi = ev->data[ev->length];
3421 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3422 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3423
e95beb41 3424 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3425 }
3426
3427 hci_dev_unlock(hdev);
3428}
3429
6039aa73 3430static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3431{
3432 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3433 struct hci_cp_le_ltk_reply cp;
bea710fe 3434 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3435 struct hci_conn *conn;
c9839a11 3436 struct smp_ltk *ltk;
a7a595f6 3437
9f1db00c 3438 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3439
3440 hci_dev_lock(hdev);
3441
3442 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3443 if (conn == NULL)
3444 goto not_found;
a7a595f6 3445
bea710fe
VCG		 3446 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3447 if (ltk == NULL)
3448 goto not_found;
3449
3450 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3451 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3452
3453 if (ltk->authenticated)
3454 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3455
3456 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3457
c9839a11
VCG		 3458 if (ltk->type & HCI_SMP_STK) {
3459 list_del(&ltk->list);
3460 kfree(ltk);
3461 }
3462
a7a595f6 3463 hci_dev_unlock(hdev);
bea710fe
VCG		 3464
3465 return;
3466
3467not_found:
3468 neg.handle = ev->handle;
3469 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3470 hci_dev_unlock(hdev);
a7a595f6
VCG		 3471}
3472
6039aa73 3473static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3474{
3475 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3476
3477 skb_pull(skb, sizeof(*le_ev));
3478
3479 switch (le_ev->subevent) {
3480 case HCI_EV_LE_CONN_COMPLETE:
3481 hci_le_conn_complete_evt(hdev, skb);
3482 break;
3483
9aa04c91
AG		 3484 case HCI_EV_LE_ADVERTISING_REPORT:
3485 hci_le_adv_report_evt(hdev, skb);
3486 break;
3487
a7a595f6
VCG		 3488 case HCI_EV_LE_LTK_REQ:
3489 hci_le_ltk_request_evt(hdev, skb);
3490 break;
3491
fcd89c09
VT		 3492 default:
3493 break;
3494 }
3495}
3496
a9de9248
MH		 3497void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3498{
3499 struct hci_event_hdr *hdr = (void *) skb->data;
3500 __u8 event = hdr->evt;
3501
3502 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3503
3504 switch (event) {
1da177e4
LT		 3505 case HCI_EV_INQUIRY_COMPLETE:
3506 hci_inquiry_complete_evt(hdev, skb);
3507 break;
3508
3509 case HCI_EV_INQUIRY_RESULT:
3510 hci_inquiry_result_evt(hdev, skb);
3511 break;
3512
a9de9248
MH		 3513 case HCI_EV_CONN_COMPLETE:
3514 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3515 break;
3516
1da177e4
LT		 3517 case HCI_EV_CONN_REQUEST:
3518 hci_conn_request_evt(hdev, skb);
3519 break;
3520
1da177e4
LT		 3521 case HCI_EV_DISCONN_COMPLETE:
3522 hci_disconn_complete_evt(hdev, skb);
3523 break;
3524
1da177e4
LT		 3525 case HCI_EV_AUTH_COMPLETE:
3526 hci_auth_complete_evt(hdev, skb);
3527 break;
3528
a9de9248
MH		 3529 case HCI_EV_REMOTE_NAME:
3530 hci_remote_name_evt(hdev, skb);
3531 break;
3532
1da177e4
LT		 3533 case HCI_EV_ENCRYPT_CHANGE:
3534 hci_encrypt_change_evt(hdev, skb);
3535 break;
3536
a9de9248
MH		 3537 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3538 hci_change_link_key_complete_evt(hdev, skb);
3539 break;
3540
3541 case HCI_EV_REMOTE_FEATURES:
3542 hci_remote_features_evt(hdev, skb);
3543 break;
3544
3545 case HCI_EV_REMOTE_VERSION:
3546 hci_remote_version_evt(hdev, skb);
3547 break;
3548
3549 case HCI_EV_QOS_SETUP_COMPLETE:
3550 hci_qos_setup_complete_evt(hdev, skb);
3551 break;
3552
3553 case HCI_EV_CMD_COMPLETE:
3554 hci_cmd_complete_evt(hdev, skb);
3555 break;
3556
3557 case HCI_EV_CMD_STATUS:
3558 hci_cmd_status_evt(hdev, skb);
3559 break;
3560
3561 case HCI_EV_ROLE_CHANGE:
3562 hci_role_change_evt(hdev, skb);
3563 break;
3564
3565 case HCI_EV_NUM_COMP_PKTS:
3566 hci_num_comp_pkts_evt(hdev, skb);
3567 break;
3568
3569 case HCI_EV_MODE_CHANGE:
3570 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3571 break;
3572
3573 case HCI_EV_PIN_CODE_REQ:
3574 hci_pin_code_request_evt(hdev, skb);
3575 break;
3576
3577 case HCI_EV_LINK_KEY_REQ:
3578 hci_link_key_request_evt(hdev, skb);
3579 break;
3580
3581 case HCI_EV_LINK_KEY_NOTIFY:
3582 hci_link_key_notify_evt(hdev, skb);
3583 break;
3584
3585 case HCI_EV_CLOCK_OFFSET:
3586 hci_clock_offset_evt(hdev, skb);
3587 break;
3588
a8746417
MH		 3589 case HCI_EV_PKT_TYPE_CHANGE:
3590 hci_pkt_type_change_evt(hdev, skb);
3591 break;
3592
85a1e930
MH		 3593 case HCI_EV_PSCAN_REP_MODE:
3594 hci_pscan_rep_mode_evt(hdev, skb);
3595 break;
3596
a9de9248
MH		 3597 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3598 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3599 break;
3600
a9de9248
MH		 3601 case HCI_EV_REMOTE_EXT_FEATURES:
3602 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3603 break;
3604
a9de9248
MH		 3605 case HCI_EV_SYNC_CONN_COMPLETE:
3606 hci_sync_conn_complete_evt(hdev, skb);
3607 break;
1da177e4 3608
a9de9248
MH		 3609 case HCI_EV_SYNC_CONN_CHANGED:
3610 hci_sync_conn_changed_evt(hdev, skb);
3611 break;
1da177e4 3612
a9de9248
MH		 3613 case HCI_EV_SNIFF_SUBRATE:
3614 hci_sniff_subrate_evt(hdev, skb);
3615 break;
1da177e4 3616
a9de9248
MH		 3617 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3618 hci_extended_inquiry_result_evt(hdev, skb);
3619 break;
1da177e4 3620
1c2e0041
JH		 3621 case HCI_EV_KEY_REFRESH_COMPLETE:
3622 hci_key_refresh_complete_evt(hdev, skb);
3623 break;
3624
0493684e
MH		 3625 case HCI_EV_IO_CAPA_REQUEST:
3626 hci_io_capa_request_evt(hdev, skb);
3627 break;
3628
03b555e1
JH		 3629 case HCI_EV_IO_CAPA_REPLY:
3630 hci_io_capa_reply_evt(hdev, skb);
3631 break;
3632
a5c29683
JH		 3633 case HCI_EV_USER_CONFIRM_REQUEST:
3634 hci_user_confirm_request_evt(hdev, skb);
3635 break;
3636
1143d458
BG		 3637 case HCI_EV_USER_PASSKEY_REQUEST:
3638 hci_user_passkey_request_evt(hdev, skb);
3639 break;
3640
0493684e
MH		 3641 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3642 hci_simple_pair_complete_evt(hdev, skb);
3643 break;
3644
41a96212
MH		 3645 case HCI_EV_REMOTE_HOST_FEATURES:
3646 hci_remote_host_features_evt(hdev, skb);
3647 break;
3648
fcd89c09
VT		 3649 case HCI_EV_LE_META:
3650 hci_le_meta_evt(hdev, skb);
3651 break;
3652
2763eda6
SJ		 3653 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3654 hci_remote_oob_data_request_evt(hdev, skb);
3655 break;
3656
25e89e99
AE		 3657 case HCI_EV_NUM_COMP_BLOCKS:
3658 hci_num_comp_blocks_evt(hdev, skb);
3659 break;
3660
a9de9248 3661 default:
9f1db00c 3662 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3663 break;
3664 }
3665
3666 kfree_skb(skb);
3667 hdev->stat.evt_rx++;
3668}
kernel source for telekom puls (alcatel/mediatek)