projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add SMP confirmation checks methods
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
1da177e4
LT		 48/* Handle HCI Event packets */
49
a9de9248 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 51{
a9de9248 52 __u8 status = *((__u8 *) skb->data);
1da177e4 53
a9de9248 54 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 55
a9de9248
MH		 56 if (status)
57 return;
1da177e4 58
314b2381
JH		 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
6bd57416 62
23bb5763 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 64
65 hci_conn_check_pending(hdev);
66}
6bd57416 67
a9de9248
MH		 68static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
69{
70 __u8 status = *((__u8 *) skb->data);
6bd57416 71
a9de9248 72 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 73
a9de9248
MH		 74 if (status)
75 return;
1da177e4 76
314b2381
JH		 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
a9de9248
MH		 80
81 hci_conn_check_pending(hdev);
82}
83
84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 BT_DBG("%s", hdev->name);
87}
88
89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90{
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
1da177e4 107 }
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
a9de9248 137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
e4e8e37c
MH		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165}
166
167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168{
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
23bb5763 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 182}
183
a9de9248
MH		 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185{
186 __u8 status = *((__u8 *) skb->data);
04837f64 187
a9de9248 188 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 189
10572132
GP		 190 clear_bit(HCI_RESET, &hdev->flags);
191
23bb5763 192 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 193}
04837f64 194
a9de9248
MH		 195static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
196{
197 __u8 status = *((__u8 *) skb->data);
198 void *sent;
04837f64 199
a9de9248 200 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 201
a9de9248
MH		 202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
203 if (!sent)
204 return;
04837f64 205
b312b161
JH		 206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
208
209 if (status)
210 return;
211
1f6c6378 212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 213}
214
215static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
216{
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
218
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
220
221 if (rp->status)
222 return;
223
1f6c6378 224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 225}
226
227static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
228{
229 __u8 status = *((__u8 *) skb->data);
230 void *sent;
231
232 BT_DBG("%s status 0x%x", hdev->name, status);
233
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
235 if (!sent)
236 return;
237
238 if (!status) {
239 __u8 param = *((__u8 *) sent);
240
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
243 else
244 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 245 }
a9de9248 246
23bb5763 247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 248}
249
a9de9248 250static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 251{
a9de9248 252 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 253 void *sent;
254
a9de9248 255 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 256
a9de9248
MH		 257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
258 if (!sent)
259 return;
1da177e4 260
a9de9248
MH		 261 if (!status) {
262 __u8 param = *((__u8 *) sent);
263
264 if (param)
265 set_bit(HCI_ENCRYPT, &hdev->flags);
266 else
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 }
1da177e4 269
23bb5763 270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 271}
1da177e4 272
a9de9248
MH		 273static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
274{
275 __u8 status = *((__u8 *) skb->data);
276 void *sent;
1da177e4 277
a9de9248 278 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 279
a9de9248
MH		 280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
281 if (!sent)
282 return;
1da177e4 283
a9de9248
MH		 284 if (!status) {
285 __u8 param = *((__u8 *) sent);
9fbcbb45 286 int old_pscan, old_iscan;
1da177e4 287
9fbcbb45
JH		 288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 290
73f22f62 291 if (param & SCAN_INQUIRY) {
a9de9248 292 set_bit(HCI_ISCAN, &hdev->flags);
9fbcbb45
JH		 293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
73f22f62 296 mgmt_discoverable(hdev->id, 0);
1da177e4 297
9fbcbb45 298 if (param & SCAN_PAGE) {
a9de9248 299 set_bit(HCI_PSCAN, &hdev->flags);
9fbcbb45
JH		 300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
a9de9248 304 }
1da177e4 305
23bb5763 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 307}
1da177e4 308
a9de9248
MH		 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310{
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 312
a9de9248 313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 314
a9de9248
MH		 315 if (rp->status)
316 return;
1da177e4 317
a9de9248 318 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 319
a9de9248
MH		 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322}
1da177e4 323
a9de9248
MH		 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325{
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
1da177e4 328
a9de9248 329 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 330
f383f275
MH		 331 if (status)
332 return;
333
a9de9248
MH		 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
1da177e4 337
f383f275 338 memcpy(hdev->dev_class, sent, 3);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
f383f275 353 if (hdev->voice_setting == setting)
a9de9248
MH		 354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365}
366
367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
f383f275 370 __u16 setting;
a9de9248
MH		 371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 374
f383f275
MH		 375 if (status)
376 return;
377
a9de9248
MH		 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
1da177e4 381
f383f275 382 setting = get_unaligned_le16(sent);
1da177e4 383
f383f275
MH		 384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
1da177e4 388
f383f275 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 390
f383f275
MH		 391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 395 }
396}
397
a9de9248 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 399{
a9de9248 400 __u8 status = *((__u8 *) skb->data);
1da177e4 401
a9de9248 402 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 403
23bb5763 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 405}
1143e5a6 406
333140b5
MH		 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408{
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417}
418
419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420{
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434}
435
d5859e22
JH		 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437{
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462}
463
464static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465{
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471}
472
473static void hci_setup_event_mask(struct hci_dev *hdev)
474{
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
6de6c18d
VT		 480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526}
527
528static void hci_setup(struct hci_dev *hdev)
529{
530 hci_setup_event_mask(hdev);
531
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
534
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
536 u8 mode = 0x01;
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 }
539
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
542
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545}
546
a9de9248
MH		 547static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
548{
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 550
a9de9248 551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 552
a9de9248
MH		 553 if (rp->status)
554 return;
1143e5a6 555
a9de9248 556 hdev->hci_ver = rp->hci_ver;
e4e8e37c 557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 558 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 561
a9de9248
MH		 562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
563 hdev->manufacturer,
564 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 565
566 if (test_bit(HCI_INIT, &hdev->flags))
567 hci_setup(hdev);
568}
569
570static void hci_setup_link_policy(struct hci_dev *hdev)
571{
572 u16 link_policy = 0;
573
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
582
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
a9de9248 586}
1da177e4 587
a9de9248
MH		 588static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
589{
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 591
a9de9248 592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 593
a9de9248 594 if (rp->status)
d5859e22 595 goto done;
1da177e4 596
a9de9248 597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 598
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
601
602done:
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 604}
1da177e4 605
a9de9248
MH		 606static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
607{
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 609
a9de9248 610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 611
a9de9248
MH		 612 if (rp->status)
613 return;
5b7f9909 614
a9de9248 615 memcpy(hdev->features, rp->features, 8);
5b7f9909 616
a9de9248
MH		 617 /* Adjust default settings according to features
618 * supported by device. */
1da177e4 619
a9de9248
MH		 620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 622
a9de9248
MH		 623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 625
a9de9248
MH		 626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
629 }
1da177e4 630
a9de9248
MH		 631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
634 }
1da177e4 635
a9de9248
MH		 636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
da1f5198 638
a9de9248
MH		 639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
da1f5198 641
a9de9248
MH		 642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
1da177e4 644
efc7688b
MH		 645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
647
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
650
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
653
a9de9248
MH		 654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
659}
1da177e4 660
a9de9248
MH		 661static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
662{
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 664
a9de9248 665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 666
a9de9248
MH		 667 if (rp->status)
668 return;
1da177e4 669
a9de9248
MH		 670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
674
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
676 hdev->sco_mtu = 64;
677 hdev->sco_pkts = 8;
1da177e4 678 }
a9de9248
MH		 679
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
682
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
686}
687
688static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
689{
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
691
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693
694 if (!rp->status)
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
696
23bb5763
JH		 697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698}
699
700static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
701{
702 __u8 status = *((__u8 *) skb->data);
703
704 BT_DBG("%s status 0x%x", hdev->name, status);
705
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 707}
708
b0916ea0
JH		 709static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 struct sk_buff *skb)
711{
712 __u8 status = *((__u8 *) skb->data);
713
714 BT_DBG("%s status 0x%x", hdev->name, status);
715
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717}
718
d5859e22
JH		 719static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
720{
721 __u8 status = *((__u8 *) skb->data);
722
723 BT_DBG("%s status 0x%x", hdev->name, status);
724
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726}
727
728static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 struct sk_buff *skb)
730{
731 __u8 status = *((__u8 *) skb->data);
732
733 BT_DBG("%s status 0x%x", hdev->name, status);
734
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736}
737
738static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 struct sk_buff *skb)
740{
741 __u8 status = *((__u8 *) skb->data);
742
743 BT_DBG("%s status 0x%x", hdev->name, status);
744
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746}
747
748static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
749{
750 __u8 status = *((__u8 *) skb->data);
751
752 BT_DBG("%s status 0x%x", hdev->name, status);
753
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755}
756
980e1a53
JH		 757static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
758{
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
767
768 if (rp->status != 0)
769 return;
770
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
772 if (!cp)
773 return;
774
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
776 if (conn)
777 conn->pin_length = cp->pin_len;
778}
779
780static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 rp->status);
789}
6ed58ec5
VT		 790static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct sk_buff *skb)
792{
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (rp->status)
798 return;
799
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
802
803 hdev->le_cnt = hdev->le_pkts;
804
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808}
980e1a53 809
a5c29683
JH		 810static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
811{
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
818 rp->status);
819}
820
821static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct sk_buff *skb)
823{
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831}
832
c35938b2
SJ		 833static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct sk_buff *skb)
835{
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
837
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
839
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
842}
843
eb9d91f5
AG		 844static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
845 struct sk_buff *skb)
846{
847 struct hci_cp_le_set_scan_enable *cp;
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 if (status)
853 return;
854
855 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
856 if (!cp)
857 return;
858
859 hci_dev_lock(hdev);
860
35815085
AG		 861 if (cp->enable == 0x01) {
862 del_timer(&hdev->adv_timer);
eb9d91f5 863 hci_adv_entries_clear(hdev);
35815085
AG		 864 } else if (cp->enable == 0x00) {
865 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
866 }
eb9d91f5
AG		 867
868 hci_dev_unlock(hdev);
869}
870
a9de9248
MH		 871static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
872{
873 BT_DBG("%s status 0x%x", hdev->name, status);
874
875 if (status) {
23bb5763 876 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 877 hci_conn_check_pending(hdev);
314b2381
JH		 878 return;
879 }
880
881 if (test_bit(HCI_MGMT, &hdev->flags) &&
882 !test_and_set_bit(HCI_INQUIRY,
883 &hdev->flags))
884 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 885}
886
1da177e4
LT		 887static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
888{
a9de9248 889 struct hci_cp_create_conn *cp;
1da177e4 890 struct hci_conn *conn;
1da177e4 891
a9de9248
MH		 892 BT_DBG("%s status 0x%x", hdev->name, status);
893
894 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 895 if (!cp)
896 return;
897
898 hci_dev_lock(hdev);
899
900 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
901
a9de9248 902 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 903
904 if (status) {
905 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 906 if (status != 0x0c || conn->attempt > 2) {
907 conn->state = BT_CLOSED;
908 hci_proto_connect_cfm(conn, status);
909 hci_conn_del(conn);
910 } else
911 conn->state = BT_CONNECT2;
1da177e4
LT		 912 }
913 } else {
914 if (!conn) {
915 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
916 if (conn) {
917 conn->out = 1;
918 conn->link_mode |= HCI_LM_MASTER;
919 } else
893ef971 920 BT_ERR("No memory for new connection");
1da177e4
LT		 921 }
922 }
923
924 hci_dev_unlock(hdev);
925}
926
a9de9248 927static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 928{
a9de9248
MH		 929 struct hci_cp_add_sco *cp;
930 struct hci_conn *acl, *sco;
931 __u16 handle;
1da177e4 932
b6a0dc82
MH		 933 BT_DBG("%s status 0x%x", hdev->name, status);
934
a9de9248
MH		 935 if (!status)
936 return;
1da177e4 937
a9de9248
MH		 938 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
939 if (!cp)
940 return;
1da177e4 941
a9de9248 942 handle = __le16_to_cpu(cp->handle);
1da177e4 943
a9de9248 944 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 945
a9de9248 946 hci_dev_lock(hdev);
1da177e4 947
a9de9248 948 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 949 if (acl) {
950 sco = acl->link;
951 if (sco) {
952 sco->state = BT_CLOSED;
1da177e4 953
5a08ecce
AE		 954 hci_proto_connect_cfm(sco, status);
955 hci_conn_del(sco);
956 }
a9de9248 957 }
1da177e4 958
a9de9248
MH		 959 hci_dev_unlock(hdev);
960}
1da177e4 961
f8558555
MH		 962static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
963{
964 struct hci_cp_auth_requested *cp;
965 struct hci_conn *conn;
966
967 BT_DBG("%s status 0x%x", hdev->name, status);
968
969 if (!status)
970 return;
971
972 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
973 if (!cp)
974 return;
975
976 hci_dev_lock(hdev);
977
978 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
979 if (conn) {
980 if (conn->state == BT_CONFIG) {
981 hci_proto_connect_cfm(conn, status);
982 hci_conn_put(conn);
983 }
984 }
985
986 hci_dev_unlock(hdev);
987}
988
989static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
990{
991 struct hci_cp_set_conn_encrypt *cp;
992 struct hci_conn *conn;
993
994 BT_DBG("%s status 0x%x", hdev->name, status);
995
996 if (!status)
997 return;
998
999 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1000 if (!cp)
1001 return;
1002
1003 hci_dev_lock(hdev);
1004
1005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1006 if (conn) {
1007 if (conn->state == BT_CONFIG) {
1008 hci_proto_connect_cfm(conn, status);
1009 hci_conn_put(conn);
1010 }
1011 }
1012
1013 hci_dev_unlock(hdev);
1014}
1015
127178d2 1016static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1017 struct hci_conn *conn)
392599b9 1018{
392599b9
JH		 1019 if (conn->state != BT_CONFIG || !conn->out)
1020 return 0;
1021
765c2a96 1022 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1023 return 0;
1024
1025 /* Only request authentication for SSP connections or non-SSP
1026 * devices with sec_level HIGH */
1027 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
765c2a96 1028 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1029 return 0;
1030
392599b9
JH		 1031 return 1;
1032}
1033
a9de9248
MH		 1034static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1035{
127178d2
JH		 1036 struct hci_cp_remote_name_req *cp;
1037 struct hci_conn *conn;
1038
a9de9248 1039 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1040
1041 /* If successful wait for the name req complete event before
1042 * checking for the need to do authentication */
1043 if (!status)
1044 return;
1045
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1047 if (!cp)
1048 return;
1049
1050 hci_dev_lock(hdev);
1051
1052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1053 if (!conn)
1054 goto unlock;
1055
1056 if (!hci_outgoing_auth_needed(hdev, conn))
1057 goto unlock;
1058
1059 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1060 struct hci_cp_auth_requested cp;
1061 cp.handle = __cpu_to_le16(conn->handle);
1062 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1063 }
1064
79c6c70c 1065unlock:
127178d2 1066 hci_dev_unlock(hdev);
a9de9248 1067}
1da177e4 1068
769be974
MH		 1069static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1070{
1071 struct hci_cp_read_remote_features *cp;
1072 struct hci_conn *conn;
1073
1074 BT_DBG("%s status 0x%x", hdev->name, status);
1075
1076 if (!status)
1077 return;
1078
1079 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1080 if (!cp)
1081 return;
1082
1083 hci_dev_lock(hdev);
1084
1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1086 if (conn) {
1087 if (conn->state == BT_CONFIG) {
769be974
MH		 1088 hci_proto_connect_cfm(conn, status);
1089 hci_conn_put(conn);
1090 }
1091 }
1092
1093 hci_dev_unlock(hdev);
1094}
1095
1096static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1097{
1098 struct hci_cp_read_remote_ext_features *cp;
1099 struct hci_conn *conn;
1100
1101 BT_DBG("%s status 0x%x", hdev->name, status);
1102
1103 if (!status)
1104 return;
1105
1106 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1107 if (!cp)
1108 return;
1109
1110 hci_dev_lock(hdev);
1111
1112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1113 if (conn) {
1114 if (conn->state == BT_CONFIG) {
769be974
MH		 1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_put(conn);
1117 }
1118 }
1119
1120 hci_dev_unlock(hdev);
1121}
1122
a9de9248
MH		 1123static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1124{
b6a0dc82
MH		 1125 struct hci_cp_setup_sync_conn *cp;
1126 struct hci_conn *acl, *sco;
1127 __u16 handle;
1128
a9de9248 1129 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1130
1131 if (!status)
1132 return;
1133
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1135 if (!cp)
1136 return;
1137
1138 handle = __le16_to_cpu(cp->handle);
1139
1140 BT_DBG("%s handle %d", hdev->name, handle);
1141
1142 hci_dev_lock(hdev);
1143
1144 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1145 if (acl) {
1146 sco = acl->link;
1147 if (sco) {
1148 sco->state = BT_CLOSED;
b6a0dc82 1149
5a08ecce
AE		 1150 hci_proto_connect_cfm(sco, status);
1151 hci_conn_del(sco);
1152 }
b6a0dc82
MH		 1153 }
1154
1155 hci_dev_unlock(hdev);
1da177e4
LT		 1156}
1157
a9de9248 1158static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1159{
a9de9248
MH		 1160 struct hci_cp_sniff_mode *cp;
1161 struct hci_conn *conn;
1da177e4 1162
a9de9248 1163 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1164
a9de9248
MH		 1165 if (!status)
1166 return;
04837f64 1167
a9de9248
MH		 1168 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1169 if (!cp)
1170 return;
04837f64 1171
a9de9248 1172 hci_dev_lock(hdev);
04837f64 1173
a9de9248 1174 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1175 if (conn) {
a9de9248 1176 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1177
e73439d8
MH		 1178 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1179 hci_sco_setup(conn, status);
1180 }
1181
a9de9248
MH		 1182 hci_dev_unlock(hdev);
1183}
04837f64 1184
a9de9248
MH		 1185static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1186{
1187 struct hci_cp_exit_sniff_mode *cp;
1188 struct hci_conn *conn;
04837f64 1189
a9de9248 1190 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1191
a9de9248
MH		 1192 if (!status)
1193 return;
04837f64 1194
a9de9248
MH		 1195 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1196 if (!cp)
1197 return;
04837f64 1198
a9de9248 1199 hci_dev_lock(hdev);
1da177e4 1200
a9de9248 1201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1202 if (conn) {
a9de9248 1203 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1204
e73439d8
MH		 1205 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1206 hci_sco_setup(conn, status);
1207 }
1208
a9de9248 1209 hci_dev_unlock(hdev);
1da177e4
LT		 1210}
1211
fcd89c09
VT		 1212static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1213{
1214 struct hci_cp_le_create_conn *cp;
1215 struct hci_conn *conn;
1216
1217 BT_DBG("%s status 0x%x", hdev->name, status);
1218
1219 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1220 if (!cp)
1221 return;
1222
1223 hci_dev_lock(hdev);
1224
1225 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1226
1227 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1228 conn);
1229
1230 if (status) {
1231 if (conn && conn->state == BT_CONNECT) {
1232 conn->state = BT_CLOSED;
1233 hci_proto_connect_cfm(conn, status);
1234 hci_conn_del(conn);
1235 }
1236 } else {
1237 if (!conn) {
1238 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1239 if (conn) {
1240 conn->dst_type = cp->peer_addr_type;
fcd89c09 1241 conn->out = 1;
29b7988a 1242 } else {
fcd89c09 1243 BT_ERR("No memory for new connection");
29b7988a 1244 }
fcd89c09
VT		 1245 }
1246 }
1247
1248 hci_dev_unlock(hdev);
1249}
1250
1da177e4
LT		 1251static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1252{
1253 __u8 status = *((__u8 *) skb->data);
1254
1255 BT_DBG("%s status %d", hdev->name, status);
1256
314b2381
JH		 1257 if (test_bit(HCI_MGMT, &hdev->flags) &&
1258 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1259 mgmt_discovering(hdev->id, 0);
6bd57416 1260
23bb5763 1261 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1262
a9de9248 1263 hci_conn_check_pending(hdev);
1da177e4
LT		 1264}
1265
1da177e4
LT		 1266static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1267{
45bb4bf0 1268 struct inquiry_data data;
a9de9248 1269 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1270 int num_rsp = *((__u8 *) skb->data);
1271
1272 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1273
45bb4bf0
MH		 1274 if (!num_rsp)
1275 return;
1276
1da177e4 1277 hci_dev_lock(hdev);
45bb4bf0 1278
314b2381
JH		 1279 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1280
1281 if (test_bit(HCI_MGMT, &hdev->flags))
1282 mgmt_discovering(hdev->id, 1);
1283 }
1284
e17acd40 1285 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1286 bacpy(&data.bdaddr, &info->bdaddr);
1287 data.pscan_rep_mode = info->pscan_rep_mode;
1288 data.pscan_period_mode = info->pscan_period_mode;
1289 data.pscan_mode = info->pscan_mode;
1290 memcpy(data.dev_class, info->dev_class, 3);
1291 data.clock_offset = info->clock_offset;
1292 data.rssi = 0x00;
41a96212 1293 data.ssp_mode = 0x00;
1da177e4 1294 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1295 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1296 NULL);
1da177e4 1297 }
45bb4bf0 1298
1da177e4
LT		 1299 hci_dev_unlock(hdev);
1300}
1301
1da177e4
LT		 1302static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1303{
a9de9248
MH		 1304 struct hci_ev_conn_complete *ev = (void *) skb->data;
1305 struct hci_conn *conn;
1da177e4
LT		 1306
1307 BT_DBG("%s", hdev->name);
1308
1309 hci_dev_lock(hdev);
1310
1311 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1312 if (!conn) {
1313 if (ev->link_type != SCO_LINK)
1314 goto unlock;
1315
1316 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1317 if (!conn)
1318 goto unlock;
1319
1320 conn->type = SCO_LINK;
1321 }
1da177e4
LT		 1322
1323 if (!ev->status) {
1324 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1325
1326 if (conn->type == ACL_LINK) {
1327 conn->state = BT_CONFIG;
1328 hci_conn_hold(conn);
052b30b0 1329 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
f7520543 1330 mgmt_connected(hdev->id, &ev->bdaddr);
769be974
MH		 1331 } else
1332 conn->state = BT_CONNECTED;
1da177e4 1333
9eba32b8 1334 hci_conn_hold_device(conn);
7d0db0a3
MH		 1335 hci_conn_add_sysfs(conn);
1336
1da177e4
LT		 1337 if (test_bit(HCI_AUTH, &hdev->flags))
1338 conn->link_mode |= HCI_LM_AUTH;
1339
1340 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1341 conn->link_mode |= HCI_LM_ENCRYPT;
1342
04837f64
MH		 1343 /* Get remote features */
1344 if (conn->type == ACL_LINK) {
1345 struct hci_cp_read_remote_features cp;
1346 cp.handle = ev->handle;
769be974
MH		 1347 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1348 sizeof(cp), &cp);
04837f64
MH		 1349 }
1350
1da177e4 1351 /* Set packet type for incoming connection */
a8746417 1352 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1353 struct hci_cp_change_conn_ptype cp;
1354 cp.handle = ev->handle;
a8746417
MH		 1355 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1356 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1357 sizeof(cp), &cp);
1da177e4 1358 }
17d5c04c 1359 } else {
1da177e4 1360 conn->state = BT_CLOSED;
17d5c04c
JH		 1361 if (conn->type == ACL_LINK)
1362 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1363 }
1da177e4 1364
e73439d8
MH		 1365 if (conn->type == ACL_LINK)
1366 hci_sco_setup(conn, ev->status);
1da177e4 1367
769be974
MH		 1368 if (ev->status) {
1369 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1370 hci_conn_del(conn);
c89b6e6b
MH		 1371 } else if (ev->link_type != ACL_LINK)
1372 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1373
a9de9248 1374unlock:
1da177e4 1375 hci_dev_unlock(hdev);
1da177e4 1376
a9de9248 1377 hci_conn_check_pending(hdev);
1da177e4
LT		 1378}
1379
a9de9248 1380static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1381{
a9de9248
MH		 1382 struct hci_ev_conn_request *ev = (void *) skb->data;
1383 int mask = hdev->link_mode;
1da177e4 1384
a9de9248
MH		 1385 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1386 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1387
a9de9248 1388 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1389
138d22ef
SJ		 1390 if ((mask & HCI_LM_ACCEPT) &&
1391 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1392 /* Connection accepted */
c7bdd502 1393 struct inquiry_entry *ie;
1da177e4 1394 struct hci_conn *conn;
1da177e4 1395
a9de9248 1396 hci_dev_lock(hdev);
b6a0dc82 1397
cc11b9c1
AE		 1398 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1399 if (ie)
c7bdd502
MH		 1400 memcpy(ie->data.dev_class, ev->dev_class, 3);
1401
a9de9248
MH		 1402 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1403 if (!conn) {
cc11b9c1
AE		 1404 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1405 if (!conn) {
893ef971 1406 BT_ERR("No memory for new connection");
a9de9248
MH		 1407 hci_dev_unlock(hdev);
1408 return;
1da177e4
LT		 1409 }
1410 }
b6a0dc82 1411
a9de9248
MH		 1412 memcpy(conn->dev_class, ev->dev_class, 3);
1413 conn->state = BT_CONNECT;
b6a0dc82 1414
a9de9248 1415 hci_dev_unlock(hdev);
1da177e4 1416
b6a0dc82
MH		 1417 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1418 struct hci_cp_accept_conn_req cp;
1da177e4 1419
b6a0dc82
MH		 1420 bacpy(&cp.bdaddr, &ev->bdaddr);
1421
1422 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1423 cp.role = 0x00; /* Become master */
1424 else
1425 cp.role = 0x01; /* Remain slave */
1426
1427 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1428 sizeof(cp), &cp);
1429 } else {
1430 struct hci_cp_accept_sync_conn_req cp;
1431
1432 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1433 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1434
1435 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1436 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1437 cp.max_latency = cpu_to_le16(0xffff);
1438 cp.content_format = cpu_to_le16(hdev->voice_setting);
1439 cp.retrans_effort = 0xff;
1da177e4 1440
b6a0dc82
MH		 1441 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1442 sizeof(cp), &cp);
1443 }
a9de9248
MH		 1444 } else {
1445 /* Connection rejected */
1446 struct hci_cp_reject_conn_req cp;
1da177e4 1447
a9de9248
MH		 1448 bacpy(&cp.bdaddr, &ev->bdaddr);
1449 cp.reason = 0x0f;
1450 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1451 }
1da177e4
LT		 1452}
1453
a9de9248 1454static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1455{
a9de9248 1456 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1457 struct hci_conn *conn;
1458
1459 BT_DBG("%s status %d", hdev->name, ev->status);
1460
8962ee74
JH		 1461 if (ev->status) {
1462 mgmt_disconnect_failed(hdev->id);
a9de9248 1463 return;
8962ee74 1464 }
a9de9248 1465
04837f64
MH		 1466 hci_dev_lock(hdev);
1467
1468 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1469 if (!conn)
1470 goto unlock;
7d0db0a3 1471
f7520543 1472 conn->state = BT_CLOSED;
04837f64 1473
83bc71b4 1474 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1475 mgmt_disconnected(hdev->id, &conn->dst);
1476
1477 hci_proto_disconn_cfm(conn, ev->reason);
1478 hci_conn_del(conn);
1479
1480unlock:
04837f64
MH		 1481 hci_dev_unlock(hdev);
1482}
1483
1da177e4
LT		 1484static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1485{
a9de9248 1486 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1487 struct hci_conn *conn;
1da177e4
LT		 1488
1489 BT_DBG("%s status %d", hdev->name, ev->status);
1490
1491 hci_dev_lock(hdev);
1492
04837f64 1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1494 if (!conn)
1495 goto unlock;
1496
1497 if (!ev->status) {
1498 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1499 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1500 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1501 } else {
d7556e20
WR		 1502 conn->link_mode |= HCI_LM_AUTH;
1503 conn->sec_level = conn->pending_sec_level;
2a611692 1504 }
d7556e20
WR		 1505 } else {
1506 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1507 }
1da177e4 1508
d7556e20
WR		 1509 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1510 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1511
d7556e20
WR		 1512 if (conn->state == BT_CONFIG) {
1513 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1514 struct hci_cp_set_conn_encrypt cp;
1515 cp.handle = ev->handle;
1516 cp.encrypt = 0x01;
1517 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1518 &cp);
052b30b0 1519 } else {
d7556e20
WR		 1520 conn->state = BT_CONNECTED;
1521 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1522 hci_conn_put(conn);
1523 }
d7556e20
WR		 1524 } else {
1525 hci_auth_cfm(conn, ev->status);
052b30b0 1526
d7556e20
WR		 1527 hci_conn_hold(conn);
1528 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1529 hci_conn_put(conn);
1530 }
1531
1532 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1533 if (!ev->status) {
1534 struct hci_cp_set_conn_encrypt cp;
1535 cp.handle = ev->handle;
1536 cp.encrypt = 0x01;
1537 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1538 &cp);
1539 } else {
1540 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1541 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1542 }
1543 }
1544
d7556e20 1545unlock:
1da177e4
LT		 1546 hci_dev_unlock(hdev);
1547}
1548
a9de9248 1549static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1550{
127178d2
JH		 1551 struct hci_ev_remote_name *ev = (void *) skb->data;
1552 struct hci_conn *conn;
1553
a9de9248 1554 BT_DBG("%s", hdev->name);
1da177e4 1555
a9de9248 1556 hci_conn_check_pending(hdev);
127178d2
JH		 1557
1558 hci_dev_lock(hdev);
1559
a88a9652
JH		 1560 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1561 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1562
127178d2 1563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1564 if (!conn)
1565 goto unlock;
1566
1567 if (!hci_outgoing_auth_needed(hdev, conn))
1568 goto unlock;
1569
1570 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1571 struct hci_cp_auth_requested cp;
1572 cp.handle = __cpu_to_le16(conn->handle);
1573 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1574 }
1575
79c6c70c 1576unlock:
127178d2 1577 hci_dev_unlock(hdev);
a9de9248
MH		 1578}
1579
1580static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1581{
1582 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1583 struct hci_conn *conn;
1584
1585 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1586
1587 hci_dev_lock(hdev);
1588
04837f64 1589 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1590 if (conn) {
1591 if (!ev->status) {
ae293196
MH		 1592 if (ev->encrypt) {
1593 /* Encryption implies authentication */
1594 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1595 conn->link_mode |= HCI_LM_ENCRYPT;
ae293196 1596 } else
1da177e4
LT		 1597 conn->link_mode &= ~HCI_LM_ENCRYPT;
1598 }
1599
1600 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1601
f8558555
MH		 1602 if (conn->state == BT_CONFIG) {
1603 if (!ev->status)
1604 conn->state = BT_CONNECTED;
1605
1606 hci_proto_connect_cfm(conn, ev->status);
1607 hci_conn_put(conn);
1608 } else
1609 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1610 }
1611
1612 hci_dev_unlock(hdev);
1613}
1614
a9de9248 1615static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1616{
a9de9248 1617 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1618 struct hci_conn *conn;
1da177e4
LT		 1619
1620 BT_DBG("%s status %d", hdev->name, ev->status);
1621
1622 hci_dev_lock(hdev);
1623
04837f64 1624 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1625 if (conn) {
1626 if (!ev->status)
1627 conn->link_mode |= HCI_LM_SECURE;
1628
1629 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1630
1631 hci_key_change_cfm(conn, ev->status);
1632 }
1633
1634 hci_dev_unlock(hdev);
1635}
1636
a9de9248 1637static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1638{
a9de9248
MH		 1639 struct hci_ev_remote_features *ev = (void *) skb->data;
1640 struct hci_conn *conn;
1641
1642 BT_DBG("%s status %d", hdev->name, ev->status);
1643
a9de9248
MH		 1644 hci_dev_lock(hdev);
1645
1646 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1647 if (!conn)
1648 goto unlock;
769be974 1649
ccd556fe
JH		 1650 if (!ev->status)
1651 memcpy(conn->features, ev->features, 8);
1652
1653 if (conn->state != BT_CONFIG)
1654 goto unlock;
1655
1656 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1657 struct hci_cp_read_remote_ext_features cp;
1658 cp.handle = ev->handle;
1659 cp.page = 0x01;
1660 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1661 sizeof(cp), &cp);
392599b9
JH		 1662 goto unlock;
1663 }
1664
127178d2
JH		 1665 if (!ev->status) {
1666 struct hci_cp_remote_name_req cp;
1667 memset(&cp, 0, sizeof(cp));
1668 bacpy(&cp.bdaddr, &conn->dst);
1669 cp.pscan_rep_mode = 0x02;
1670 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1671 }
392599b9 1672
127178d2 1673 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1674 conn->state = BT_CONNECTED;
1675 hci_proto_connect_cfm(conn, ev->status);
1676 hci_conn_put(conn);
769be974 1677 }
a9de9248 1678
ccd556fe 1679unlock:
a9de9248 1680 hci_dev_unlock(hdev);
1da177e4
LT		 1681}
1682
a9de9248 1683static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1684{
a9de9248 1685 BT_DBG("%s", hdev->name);
1da177e4
LT		 1686}
1687
a9de9248 1688static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1689{
a9de9248 1690 BT_DBG("%s", hdev->name);
1da177e4
LT		 1691}
1692
a9de9248
MH		 1693static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694{
1695 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1696 __u16 opcode;
1697
1698 skb_pull(skb, sizeof(*ev));
1699
1700 opcode = __le16_to_cpu(ev->opcode);
1701
1702 switch (opcode) {
1703 case HCI_OP_INQUIRY_CANCEL:
1704 hci_cc_inquiry_cancel(hdev, skb);
1705 break;
1706
1707 case HCI_OP_EXIT_PERIODIC_INQ:
1708 hci_cc_exit_periodic_inq(hdev, skb);
1709 break;
1710
1711 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1712 hci_cc_remote_name_req_cancel(hdev, skb);
1713 break;
1714
1715 case HCI_OP_ROLE_DISCOVERY:
1716 hci_cc_role_discovery(hdev, skb);
1717 break;
1718
e4e8e37c
MH		 1719 case HCI_OP_READ_LINK_POLICY:
1720 hci_cc_read_link_policy(hdev, skb);
1721 break;
1722
a9de9248
MH		 1723 case HCI_OP_WRITE_LINK_POLICY:
1724 hci_cc_write_link_policy(hdev, skb);
1725 break;
1726
e4e8e37c
MH		 1727 case HCI_OP_READ_DEF_LINK_POLICY:
1728 hci_cc_read_def_link_policy(hdev, skb);
1729 break;
1730
1731 case HCI_OP_WRITE_DEF_LINK_POLICY:
1732 hci_cc_write_def_link_policy(hdev, skb);
1733 break;
1734
a9de9248
MH		 1735 case HCI_OP_RESET:
1736 hci_cc_reset(hdev, skb);
1737 break;
1738
1739 case HCI_OP_WRITE_LOCAL_NAME:
1740 hci_cc_write_local_name(hdev, skb);
1741 break;
1742
1743 case HCI_OP_READ_LOCAL_NAME:
1744 hci_cc_read_local_name(hdev, skb);
1745 break;
1746
1747 case HCI_OP_WRITE_AUTH_ENABLE:
1748 hci_cc_write_auth_enable(hdev, skb);
1749 break;
1750
1751 case HCI_OP_WRITE_ENCRYPT_MODE:
1752 hci_cc_write_encrypt_mode(hdev, skb);
1753 break;
1754
1755 case HCI_OP_WRITE_SCAN_ENABLE:
1756 hci_cc_write_scan_enable(hdev, skb);
1757 break;
1758
1759 case HCI_OP_READ_CLASS_OF_DEV:
1760 hci_cc_read_class_of_dev(hdev, skb);
1761 break;
1762
1763 case HCI_OP_WRITE_CLASS_OF_DEV:
1764 hci_cc_write_class_of_dev(hdev, skb);
1765 break;
1766
1767 case HCI_OP_READ_VOICE_SETTING:
1768 hci_cc_read_voice_setting(hdev, skb);
1769 break;
1770
1771 case HCI_OP_WRITE_VOICE_SETTING:
1772 hci_cc_write_voice_setting(hdev, skb);
1773 break;
1774
1775 case HCI_OP_HOST_BUFFER_SIZE:
1776 hci_cc_host_buffer_size(hdev, skb);
1777 break;
1778
333140b5
MH		 1779 case HCI_OP_READ_SSP_MODE:
1780 hci_cc_read_ssp_mode(hdev, skb);
1781 break;
1782
1783 case HCI_OP_WRITE_SSP_MODE:
1784 hci_cc_write_ssp_mode(hdev, skb);
1785 break;
1786
a9de9248
MH		 1787 case HCI_OP_READ_LOCAL_VERSION:
1788 hci_cc_read_local_version(hdev, skb);
1789 break;
1790
1791 case HCI_OP_READ_LOCAL_COMMANDS:
1792 hci_cc_read_local_commands(hdev, skb);
1793 break;
1794
1795 case HCI_OP_READ_LOCAL_FEATURES:
1796 hci_cc_read_local_features(hdev, skb);
1797 break;
1798
1799 case HCI_OP_READ_BUFFER_SIZE:
1800 hci_cc_read_buffer_size(hdev, skb);
1801 break;
1802
1803 case HCI_OP_READ_BD_ADDR:
1804 hci_cc_read_bd_addr(hdev, skb);
1805 break;
1806
23bb5763
JH		 1807 case HCI_OP_WRITE_CA_TIMEOUT:
1808 hci_cc_write_ca_timeout(hdev, skb);
1809 break;
1810
b0916ea0
JH		 1811 case HCI_OP_DELETE_STORED_LINK_KEY:
1812 hci_cc_delete_stored_link_key(hdev, skb);
1813 break;
1814
d5859e22
JH		 1815 case HCI_OP_SET_EVENT_MASK:
1816 hci_cc_set_event_mask(hdev, skb);
1817 break;
1818
1819 case HCI_OP_WRITE_INQUIRY_MODE:
1820 hci_cc_write_inquiry_mode(hdev, skb);
1821 break;
1822
1823 case HCI_OP_READ_INQ_RSP_TX_POWER:
1824 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1825 break;
1826
1827 case HCI_OP_SET_EVENT_FLT:
1828 hci_cc_set_event_flt(hdev, skb);
1829 break;
1830
980e1a53
JH		 1831 case HCI_OP_PIN_CODE_REPLY:
1832 hci_cc_pin_code_reply(hdev, skb);
1833 break;
1834
1835 case HCI_OP_PIN_CODE_NEG_REPLY:
1836 hci_cc_pin_code_neg_reply(hdev, skb);
1837 break;
1838
c35938b2
SJ		 1839 case HCI_OP_READ_LOCAL_OOB_DATA:
1840 hci_cc_read_local_oob_data_reply(hdev, skb);
1841 break;
1842
6ed58ec5
VT		 1843 case HCI_OP_LE_READ_BUFFER_SIZE:
1844 hci_cc_le_read_buffer_size(hdev, skb);
1845 break;
1846
a5c29683
JH		 1847 case HCI_OP_USER_CONFIRM_REPLY:
1848 hci_cc_user_confirm_reply(hdev, skb);
1849 break;
1850
1851 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1852 hci_cc_user_confirm_neg_reply(hdev, skb);
1853 break;
1854
eb9d91f5
AG		 1855 case HCI_OP_LE_SET_SCAN_ENABLE:
1856 hci_cc_le_set_scan_enable(hdev, skb);
1857 break;
1858
a9de9248
MH		 1859 default:
1860 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1861 break;
1862 }
1863
6bd32326
VT		 1864 if (ev->opcode != HCI_OP_NOP)
1865 del_timer(&hdev->cmd_timer);
1866
a9de9248
MH		 1867 if (ev->ncmd) {
1868 atomic_set(&hdev->cmd_cnt, 1);
1869 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1870 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1871 }
1872}
1873
1874static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1875{
1876 struct hci_ev_cmd_status *ev = (void *) skb->data;
1877 __u16 opcode;
1878
1879 skb_pull(skb, sizeof(*ev));
1880
1881 opcode = __le16_to_cpu(ev->opcode);
1882
1883 switch (opcode) {
1884 case HCI_OP_INQUIRY:
1885 hci_cs_inquiry(hdev, ev->status);
1886 break;
1887
1888 case HCI_OP_CREATE_CONN:
1889 hci_cs_create_conn(hdev, ev->status);
1890 break;
1891
1892 case HCI_OP_ADD_SCO:
1893 hci_cs_add_sco(hdev, ev->status);
1894 break;
1895
f8558555
MH		 1896 case HCI_OP_AUTH_REQUESTED:
1897 hci_cs_auth_requested(hdev, ev->status);
1898 break;
1899
1900 case HCI_OP_SET_CONN_ENCRYPT:
1901 hci_cs_set_conn_encrypt(hdev, ev->status);
1902 break;
1903
a9de9248
MH		 1904 case HCI_OP_REMOTE_NAME_REQ:
1905 hci_cs_remote_name_req(hdev, ev->status);
1906 break;
1907
769be974
MH		 1908 case HCI_OP_READ_REMOTE_FEATURES:
1909 hci_cs_read_remote_features(hdev, ev->status);
1910 break;
1911
1912 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1913 hci_cs_read_remote_ext_features(hdev, ev->status);
1914 break;
1915
a9de9248
MH		 1916 case HCI_OP_SETUP_SYNC_CONN:
1917 hci_cs_setup_sync_conn(hdev, ev->status);
1918 break;
1919
1920 case HCI_OP_SNIFF_MODE:
1921 hci_cs_sniff_mode(hdev, ev->status);
1922 break;
1923
1924 case HCI_OP_EXIT_SNIFF_MODE:
1925 hci_cs_exit_sniff_mode(hdev, ev->status);
1926 break;
1927
8962ee74
JH		 1928 case HCI_OP_DISCONNECT:
1929 if (ev->status != 0)
1930 mgmt_disconnect_failed(hdev->id);
1931 break;
1932
fcd89c09
VT		 1933 case HCI_OP_LE_CREATE_CONN:
1934 hci_cs_le_create_conn(hdev, ev->status);
1935 break;
1936
a9de9248
MH		 1937 default:
1938 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1939 break;
1940 }
1941
6bd32326
VT		 1942 if (ev->opcode != HCI_OP_NOP)
1943 del_timer(&hdev->cmd_timer);
1944
10572132 1945 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 1946 atomic_set(&hdev->cmd_cnt, 1);
1947 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1948 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1949 }
1950}
1951
1952static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1953{
1954 struct hci_ev_role_change *ev = (void *) skb->data;
1955 struct hci_conn *conn;
1956
1957 BT_DBG("%s status %d", hdev->name, ev->status);
1958
1959 hci_dev_lock(hdev);
1960
1961 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1962 if (conn) {
1963 if (!ev->status) {
1964 if (ev->role)
1965 conn->link_mode &= ~HCI_LM_MASTER;
1966 else
1967 conn->link_mode |= HCI_LM_MASTER;
1968 }
1969
1970 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1971
1972 hci_role_switch_cfm(conn, ev->status, ev->role);
1973 }
1974
1975 hci_dev_unlock(hdev);
1976}
1977
1978static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1979{
1980 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1981 __le16 *ptr;
1982 int i;
1983
1984 skb_pull(skb, sizeof(*ev));
1985
1986 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1987
1988 if (skb->len < ev->num_hndl * 4) {
1989 BT_DBG("%s bad parameters", hdev->name);
1990 return;
1991 }
1992
1993 tasklet_disable(&hdev->tx_task);
1994
1995 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1996 struct hci_conn *conn;
1997 __u16 handle, count;
1998
83985319
HH		 1999 handle = get_unaligned_le16(ptr++);
2000 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2001
2002 conn = hci_conn_hash_lookup_handle(hdev, handle);
2003 if (conn) {
2004 conn->sent -= count;
2005
2006 if (conn->type == ACL_LINK) {
70f23020
AE		 2007 hdev->acl_cnt += count;
2008 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2009 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2010 } else if (conn->type == LE_LINK) {
2011 if (hdev->le_pkts) {
2012 hdev->le_cnt += count;
2013 if (hdev->le_cnt > hdev->le_pkts)
2014 hdev->le_cnt = hdev->le_pkts;
2015 } else {
2016 hdev->acl_cnt += count;
2017 if (hdev->acl_cnt > hdev->acl_pkts)
2018 hdev->acl_cnt = hdev->acl_pkts;
2019 }
a9de9248 2020 } else {
70f23020
AE		 2021 hdev->sco_cnt += count;
2022 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2023 hdev->sco_cnt = hdev->sco_pkts;
2024 }
2025 }
2026 }
2027
c78ae283 2028 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2029
2030 tasklet_enable(&hdev->tx_task);
2031}
2032
2033static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2034{
a9de9248 2035 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2036 struct hci_conn *conn;
2037
2038 BT_DBG("%s status %d", hdev->name, ev->status);
2039
2040 hci_dev_lock(hdev);
2041
2042 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2043 if (conn) {
2044 conn->mode = ev->mode;
2045 conn->interval = __le16_to_cpu(ev->interval);
2046
2047 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2048 if (conn->mode == HCI_CM_ACTIVE)
2049 conn->power_save = 1;
2050 else
2051 conn->power_save = 0;
2052 }
e73439d8
MH		 2053
2054 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2055 hci_sco_setup(conn, ev->status);
04837f64
MH		 2056 }
2057
2058 hci_dev_unlock(hdev);
2059}
2060
a9de9248
MH		 2061static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2062{
052b30b0
MH		 2063 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2064 struct hci_conn *conn;
2065
a9de9248 2066 BT_DBG("%s", hdev->name);
052b30b0
MH		 2067
2068 hci_dev_lock(hdev);
2069
2070 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3d7a9d1c 2071 if (conn && conn->state == BT_CONNECTED) {
052b30b0
MH		 2072 hci_conn_hold(conn);
2073 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2074 hci_conn_put(conn);
2075 }
2076
03b555e1
JH		 2077 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2078 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2079 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2080 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2081 u8 secure;
2082
2083 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2084 secure = 1;
2085 else
2086 secure = 0;
2087
2088 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2089 }
980e1a53 2090
052b30b0 2091 hci_dev_unlock(hdev);
a9de9248
MH		 2092}
2093
2094static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2095{
55ed8ca1
JH		 2096 struct hci_ev_link_key_req *ev = (void *) skb->data;
2097 struct hci_cp_link_key_reply cp;
2098 struct hci_conn *conn;
2099 struct link_key *key;
2100
a9de9248 2101 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2102
2103 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2104 return;
2105
2106 hci_dev_lock(hdev);
2107
2108 key = hci_find_link_key(hdev, &ev->bdaddr);
2109 if (!key) {
2110 BT_DBG("%s link key not found for %s", hdev->name,
2111 batostr(&ev->bdaddr));
2112 goto not_found;
2113 }
2114
2115 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2116 batostr(&ev->bdaddr));
2117
b6020ba0
WR		 2118 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2119 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2120 BT_DBG("%s ignoring debug key", hdev->name);
2121 goto not_found;
2122 }
2123
2124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2125 if (conn) {
2126 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2127 conn->auth_type != 0xff &&
2128 (conn->auth_type & 0x01)) {
2129 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2130 goto not_found;
2131 }
55ed8ca1 2132
60b83f57
WR		 2133 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2134 conn->pending_sec_level == BT_SECURITY_HIGH) {
2135 BT_DBG("%s ignoring key unauthenticated for high \
2136 security", hdev->name);
2137 goto not_found;
2138 }
2139
2140 conn->key_type = key->type;
2141 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2142 }
2143
2144 bacpy(&cp.bdaddr, &ev->bdaddr);
2145 memcpy(cp.link_key, key->val, 16);
2146
2147 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2148
2149 hci_dev_unlock(hdev);
2150
2151 return;
2152
2153not_found:
2154 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2155 hci_dev_unlock(hdev);
a9de9248
MH		 2156}
2157
2158static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2159{
052b30b0
MH		 2160 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2161 struct hci_conn *conn;
55ed8ca1 2162 u8 pin_len = 0;
052b30b0 2163
a9de9248 2164 BT_DBG("%s", hdev->name);
052b30b0
MH		 2165
2166 hci_dev_lock(hdev);
2167
2168 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2169 if (conn) {
2170 hci_conn_hold(conn);
2171 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2172 pin_len = conn->pin_length;
13d39315
WR		 2173
2174 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2175 conn->key_type = ev->key_type;
2176
052b30b0
MH		 2177 hci_conn_put(conn);
2178 }
2179
55ed8ca1 2180 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2181 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2182 ev->key_type, pin_len);
2183
052b30b0 2184 hci_dev_unlock(hdev);
a9de9248
MH		 2185}
2186
1da177e4
LT		 2187static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2188{
a9de9248 2189 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2190 struct hci_conn *conn;
1da177e4
LT		 2191
2192 BT_DBG("%s status %d", hdev->name, ev->status);
2193
2194 hci_dev_lock(hdev);
2195
04837f64 2196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2197 if (conn && !ev->status) {
2198 struct inquiry_entry *ie;
2199
cc11b9c1
AE		 2200 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2201 if (ie) {
1da177e4
LT		 2202 ie->data.clock_offset = ev->clock_offset;
2203 ie->timestamp = jiffies;
2204 }
2205 }
2206
2207 hci_dev_unlock(hdev);
2208}
2209
a8746417
MH		 2210static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2211{
2212 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2213 struct hci_conn *conn;
2214
2215 BT_DBG("%s status %d", hdev->name, ev->status);
2216
2217 hci_dev_lock(hdev);
2218
2219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2220 if (conn && !ev->status)
2221 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2222
2223 hci_dev_unlock(hdev);
2224}
2225
85a1e930
MH		 2226static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2227{
a9de9248 2228 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2229 struct inquiry_entry *ie;
2230
2231 BT_DBG("%s", hdev->name);
2232
2233 hci_dev_lock(hdev);
2234
cc11b9c1
AE		 2235 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2236 if (ie) {
85a1e930
MH		 2237 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2238 ie->timestamp = jiffies;
2239 }
2240
2241 hci_dev_unlock(hdev);
2242}
2243
a9de9248
MH		 2244static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2245{
2246 struct inquiry_data data;
2247 int num_rsp = *((__u8 *) skb->data);
2248
2249 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2250
2251 if (!num_rsp)
2252 return;
2253
2254 hci_dev_lock(hdev);
2255
314b2381
JH		 2256 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2257
2258 if (test_bit(HCI_MGMT, &hdev->flags))
2259 mgmt_discovering(hdev->id, 1);
2260 }
2261
a9de9248 2262 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2263 struct inquiry_info_with_rssi_and_pscan_mode *info;
2264 info = (void *) (skb->data + 1);
a9de9248 2265
e17acd40 2266 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2267 bacpy(&data.bdaddr, &info->bdaddr);
2268 data.pscan_rep_mode = info->pscan_rep_mode;
2269 data.pscan_period_mode = info->pscan_period_mode;
2270 data.pscan_mode = info->pscan_mode;
2271 memcpy(data.dev_class, info->dev_class, 3);
2272 data.clock_offset = info->clock_offset;
2273 data.rssi = info->rssi;
41a96212 2274 data.ssp_mode = 0x00;
a9de9248 2275 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2276 mgmt_device_found(hdev->id, &info->bdaddr,
2277 info->dev_class, info->rssi,
2278 NULL);
a9de9248
MH		 2279 }
2280 } else {
2281 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2282
e17acd40 2283 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2284 bacpy(&data.bdaddr, &info->bdaddr);
2285 data.pscan_rep_mode = info->pscan_rep_mode;
2286 data.pscan_period_mode = info->pscan_period_mode;
2287 data.pscan_mode = 0x00;
2288 memcpy(data.dev_class, info->dev_class, 3);
2289 data.clock_offset = info->clock_offset;
2290 data.rssi = info->rssi;
41a96212 2291 data.ssp_mode = 0x00;
a9de9248 2292 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2293 mgmt_device_found(hdev->id, &info->bdaddr,
2294 info->dev_class, info->rssi,
2295 NULL);
a9de9248
MH		 2296 }
2297 }
2298
2299 hci_dev_unlock(hdev);
2300}
2301
2302static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2303{
41a96212
MH		 2304 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2305 struct hci_conn *conn;
2306
a9de9248 2307 BT_DBG("%s", hdev->name);
41a96212 2308
41a96212
MH		 2309 hci_dev_lock(hdev);
2310
2311 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2312 if (!conn)
2313 goto unlock;
41a96212 2314
ccd556fe
JH		 2315 if (!ev->status && ev->page == 0x01) {
2316 struct inquiry_entry *ie;
41a96212 2317
cc11b9c1
AE		 2318 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2319 if (ie)
ccd556fe 2320 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2321
ccd556fe
JH		 2322 conn->ssp_mode = (ev->features[0] & 0x01);
2323 }
2324
2325 if (conn->state != BT_CONFIG)
2326 goto unlock;
2327
127178d2
JH		 2328 if (!ev->status) {
2329 struct hci_cp_remote_name_req cp;
2330 memset(&cp, 0, sizeof(cp));
2331 bacpy(&cp.bdaddr, &conn->dst);
2332 cp.pscan_rep_mode = 0x02;
2333 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2334 }
392599b9 2335
127178d2 2336 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2337 conn->state = BT_CONNECTED;
2338 hci_proto_connect_cfm(conn, ev->status);
2339 hci_conn_put(conn);
41a96212
MH		 2340 }
2341
ccd556fe 2342unlock:
41a96212 2343 hci_dev_unlock(hdev);
a9de9248
MH		 2344}
2345
2346static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347{
b6a0dc82
MH		 2348 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2349 struct hci_conn *conn;
2350
2351 BT_DBG("%s status %d", hdev->name, ev->status);
2352
2353 hci_dev_lock(hdev);
2354
2355 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2356 if (!conn) {
2357 if (ev->link_type == ESCO_LINK)
2358 goto unlock;
2359
2360 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2361 if (!conn)
2362 goto unlock;
2363
2364 conn->type = SCO_LINK;
2365 }
b6a0dc82 2366
732547f9
MH		 2367 switch (ev->status) {
2368 case 0x00:
b6a0dc82
MH		 2369 conn->handle = __le16_to_cpu(ev->handle);
2370 conn->state = BT_CONNECTED;
7d0db0a3 2371
9eba32b8 2372 hci_conn_hold_device(conn);
7d0db0a3 2373 hci_conn_add_sysfs(conn);
732547f9
MH		 2374 break;
2375
705e5711 2376 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2377 case 0x1c: /* SCO interval rejected */
1038a00b 2378 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2379 case 0x1f: /* Unspecified error */
2380 if (conn->out && conn->attempt < 2) {
2381 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2382 (hdev->esco_type & EDR_ESCO_MASK);
2383 hci_setup_sync(conn, conn->link->handle);
2384 goto unlock;
2385 }
2386 /* fall through */
2387
2388 default:
b6a0dc82 2389 conn->state = BT_CLOSED;
732547f9
MH		 2390 break;
2391 }
b6a0dc82
MH		 2392
2393 hci_proto_connect_cfm(conn, ev->status);
2394 if (ev->status)
2395 hci_conn_del(conn);
2396
2397unlock:
2398 hci_dev_unlock(hdev);
a9de9248
MH		 2399}
2400
2401static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2402{
2403 BT_DBG("%s", hdev->name);
2404}
2405
04837f64
MH		 2406static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2407{
a9de9248 2408 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2409
2410 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2411}
2412
a9de9248 2413static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2414{
a9de9248
MH		 2415 struct inquiry_data data;
2416 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2417 int num_rsp = *((__u8 *) skb->data);
1da177e4 2418
a9de9248 2419 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2420
a9de9248
MH		 2421 if (!num_rsp)
2422 return;
1da177e4 2423
314b2381
JH		 2424 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2425
2426 if (test_bit(HCI_MGMT, &hdev->flags))
2427 mgmt_discovering(hdev->id, 1);
2428 }
2429
a9de9248
MH		 2430 hci_dev_lock(hdev);
2431
e17acd40 2432 for (; num_rsp; num_rsp--, info++) {
a9de9248 2433 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2434 data.pscan_rep_mode = info->pscan_rep_mode;
2435 data.pscan_period_mode = info->pscan_period_mode;
2436 data.pscan_mode = 0x00;
a9de9248 2437 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2438 data.clock_offset = info->clock_offset;
2439 data.rssi = info->rssi;
41a96212 2440 data.ssp_mode = 0x01;
a9de9248 2441 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2442 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2443 info->rssi, info->data);
a9de9248
MH		 2444 }
2445
2446 hci_dev_unlock(hdev);
2447}
1da177e4 2448
17fa4b9d
JH		 2449static inline u8 hci_get_auth_req(struct hci_conn *conn)
2450{
2451 /* If remote requests dedicated bonding follow that lead */
2452 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2453 /* If both remote and local IO capabilities allow MITM
2454 * protection then require it, otherwise don't */
2455 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2456 return 0x02;
2457 else
2458 return 0x03;
2459 }
2460
2461 /* If remote requests no-bonding follow that lead */
2462 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2463 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2464
2465 return conn->auth_type;
2466}
2467
0493684e
MH		 2468static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2469{
2470 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2471 struct hci_conn *conn;
2472
2473 BT_DBG("%s", hdev->name);
2474
2475 hci_dev_lock(hdev);
2476
2477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2478 if (!conn)
2479 goto unlock;
2480
2481 hci_conn_hold(conn);
2482
2483 if (!test_bit(HCI_MGMT, &hdev->flags))
2484 goto unlock;
2485
2486 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2487 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2488 struct hci_cp_io_capability_reply cp;
2489
2490 bacpy(&cp.bdaddr, &ev->bdaddr);
2491 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2492 conn->auth_type = hci_get_auth_req(conn);
2493 cp.authentication = conn->auth_type;
17fa4b9d 2494
ce85ee13
SJ		 2495 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2496 hci_find_remote_oob_data(hdev, &conn->dst))
2497 cp.oob_data = 0x01;
2498 else
2499 cp.oob_data = 0x00;
2500
17fa4b9d
JH		 2501 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2502 sizeof(cp), &cp);
03b555e1
JH		 2503 } else {
2504 struct hci_cp_io_capability_neg_reply cp;
2505
2506 bacpy(&cp.bdaddr, &ev->bdaddr);
be77159c 2507 cp.reason = 0x18; /* Pairing not allowed */
0493684e 2508
03b555e1
JH		 2509 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2510 sizeof(cp), &cp);
2511 }
2512
2513unlock:
2514 hci_dev_unlock(hdev);
2515}
2516
2517static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2518{
2519 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2520 struct hci_conn *conn;
2521
2522 BT_DBG("%s", hdev->name);
2523
2524 hci_dev_lock(hdev);
2525
2526 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2527 if (!conn)
2528 goto unlock;
2529
03b555e1
JH		 2530 conn->remote_cap = ev->capability;
2531 conn->remote_oob = ev->oob_data;
2532 conn->remote_auth = ev->authentication;
2533
2534unlock:
0493684e
MH		 2535 hci_dev_unlock(hdev);
2536}
2537
a5c29683
JH		 2538static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2539 struct sk_buff *skb)
2540{
2541 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2542 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2543 struct hci_conn *conn;
a5c29683
JH		 2544
2545 BT_DBG("%s", hdev->name);
2546
2547 hci_dev_lock(hdev);
2548
7a828908
JH		 2549 if (!test_bit(HCI_MGMT, &hdev->flags))
2550 goto unlock;
a5c29683 2551
7a828908
JH		 2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2553 if (!conn)
2554 goto unlock;
2555
2556 loc_mitm = (conn->auth_type & 0x01);
2557 rem_mitm = (conn->remote_auth & 0x01);
2558
2559 /* If we require MITM but the remote device can't provide that
2560 * (it has NoInputNoOutput) then reject the confirmation
2561 * request. The only exception is when we're dedicated bonding
2562 * initiators (connect_cfm_cb set) since then we always have the MITM
2563 * bit set. */
2564 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2565 BT_DBG("Rejecting request: remote device can't provide MITM");
2566 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2567 sizeof(ev->bdaddr), &ev->bdaddr);
2568 goto unlock;
2569 }
2570
2571 /* If no side requires MITM protection; auto-accept */
2572 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2573 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2574
2575 /* If we're not the initiators request authorization to
2576 * proceed from user space (mgmt_user_confirm with
2577 * confirm_hint set to 1). */
2578 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2579 BT_DBG("Confirming auto-accept as acceptor");
2580 confirm_hint = 1;
2581 goto confirm;
2582 }
2583
9f61656a
JH		 2584 BT_DBG("Auto-accept of user confirmation with %ums delay",
2585 hdev->auto_accept_delay);
2586
2587 if (hdev->auto_accept_delay > 0) {
2588 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2589 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2590 goto unlock;
2591 }
2592
7a828908
JH		 2593 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2594 sizeof(ev->bdaddr), &ev->bdaddr);
2595 goto unlock;
2596 }
2597
55bc1a37
JH		 2598confirm:
2599 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2600 confirm_hint);
7a828908
JH		 2601
2602unlock:
a5c29683
JH		 2603 hci_dev_unlock(hdev);
2604}
2605
0493684e
MH		 2606static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2607{
2608 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2609 struct hci_conn *conn;
2610
2611 BT_DBG("%s", hdev->name);
2612
2613 hci_dev_lock(hdev);
2614
2615 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2616 if (!conn)
2617 goto unlock;
2618
2619 /* To avoid duplicate auth_failed events to user space we check
2620 * the HCI_CONN_AUTH_PEND flag which will be set if we
2621 * initiated the authentication. A traditional auth_complete
2622 * event gets always produced as initiator and is also mapped to
2623 * the mgmt_auth_failed event */
2624 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2625 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2626
2a611692
JH		 2627 hci_conn_put(conn);
2628
2629unlock:
0493684e
MH		 2630 hci_dev_unlock(hdev);
2631}
2632
41a96212
MH		 2633static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2634{
2635 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2636 struct inquiry_entry *ie;
2637
2638 BT_DBG("%s", hdev->name);
2639
2640 hci_dev_lock(hdev);
2641
cc11b9c1
AE		 2642 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2643 if (ie)
41a96212
MH		 2644 ie->data.ssp_mode = (ev->features[0] & 0x01);
2645
2646 hci_dev_unlock(hdev);
2647}
2648
2763eda6
SJ		 2649static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2650 struct sk_buff *skb)
2651{
2652 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2653 struct oob_data *data;
2654
2655 BT_DBG("%s", hdev->name);
2656
2657 hci_dev_lock(hdev);
2658
e1ba1f15
SJ		 2659 if (!test_bit(HCI_MGMT, &hdev->flags))
2660 goto unlock;
2661
2763eda6
SJ		 2662 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2663 if (data) {
2664 struct hci_cp_remote_oob_data_reply cp;
2665
2666 bacpy(&cp.bdaddr, &ev->bdaddr);
2667 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2668 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2669
2670 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2671 &cp);
2672 } else {
2673 struct hci_cp_remote_oob_data_neg_reply cp;
2674
2675 bacpy(&cp.bdaddr, &ev->bdaddr);
2676 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2677 &cp);
2678 }
2679
e1ba1f15 2680unlock:
2763eda6
SJ		 2681 hci_dev_unlock(hdev);
2682}
2683
fcd89c09
VT		 2684static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2685{
2686 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2687 struct hci_conn *conn;
2688
2689 BT_DBG("%s status %d", hdev->name, ev->status);
2690
2691 hci_dev_lock(hdev);
2692
2693 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2694 if (!conn) {
2695 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2696 if (!conn) {
2697 BT_ERR("No memory for new connection");
2698 hci_dev_unlock(hdev);
2699 return;
2700 }
29b7988a
AG		 2701
2702 conn->dst_type = ev->bdaddr_type;
b62f328b 2703 }
fcd89c09
VT		 2704
2705 if (ev->status) {
83bc71b4 2706 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2707 hci_proto_connect_cfm(conn, ev->status);
2708 conn->state = BT_CLOSED;
2709 hci_conn_del(conn);
2710 goto unlock;
2711 }
2712
83bc71b4
VCG		 2713 mgmt_connected(hdev->id, &ev->bdaddr);
2714
fcd89c09
VT		 2715 conn->handle = __le16_to_cpu(ev->handle);
2716 conn->state = BT_CONNECTED;
2717
2718 hci_conn_hold_device(conn);
2719 hci_conn_add_sysfs(conn);
2720
2721 hci_proto_connect_cfm(conn, ev->status);
2722
2723unlock:
2724 hci_dev_unlock(hdev);
2725}
2726
9aa04c91
AG		 2727static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2728 struct sk_buff *skb)
2729{
2730 struct hci_ev_le_advertising_info *ev;
2731 u8 num_reports;
2732
2733 num_reports = skb->data[0];
2734 ev = (void *) &skb->data[1];
2735
2736 hci_dev_lock(hdev);
2737
2738 hci_add_adv_entry(hdev, ev);
2739
2740 while (--num_reports) {
2741 ev = (void *) (ev->data + ev->length + 1);
2742 hci_add_adv_entry(hdev, ev);
2743 }
2744
2745 hci_dev_unlock(hdev);
2746}
2747
fcd89c09
VT		 2748static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2749{
2750 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2751
2752 skb_pull(skb, sizeof(*le_ev));
2753
2754 switch (le_ev->subevent) {
2755 case HCI_EV_LE_CONN_COMPLETE:
2756 hci_le_conn_complete_evt(hdev, skb);
2757 break;
2758
9aa04c91
AG		 2759 case HCI_EV_LE_ADVERTISING_REPORT:
2760 hci_le_adv_report_evt(hdev, skb);
2761 break;
2762
fcd89c09
VT		 2763 default:
2764 break;
2765 }
2766}
2767
a9de9248
MH		 2768void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2769{
2770 struct hci_event_hdr *hdr = (void *) skb->data;
2771 __u8 event = hdr->evt;
2772
2773 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2774
2775 switch (event) {
1da177e4
LT		 2776 case HCI_EV_INQUIRY_COMPLETE:
2777 hci_inquiry_complete_evt(hdev, skb);
2778 break;
2779
2780 case HCI_EV_INQUIRY_RESULT:
2781 hci_inquiry_result_evt(hdev, skb);
2782 break;
2783
a9de9248
MH		 2784 case HCI_EV_CONN_COMPLETE:
2785 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2786 break;
2787
1da177e4
LT		 2788 case HCI_EV_CONN_REQUEST:
2789 hci_conn_request_evt(hdev, skb);
2790 break;
2791
1da177e4
LT		 2792 case HCI_EV_DISCONN_COMPLETE:
2793 hci_disconn_complete_evt(hdev, skb);
2794 break;
2795
1da177e4
LT		 2796 case HCI_EV_AUTH_COMPLETE:
2797 hci_auth_complete_evt(hdev, skb);
2798 break;
2799
a9de9248
MH		 2800 case HCI_EV_REMOTE_NAME:
2801 hci_remote_name_evt(hdev, skb);
2802 break;
2803
1da177e4
LT		 2804 case HCI_EV_ENCRYPT_CHANGE:
2805 hci_encrypt_change_evt(hdev, skb);
2806 break;
2807
a9de9248
MH		 2808 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2809 hci_change_link_key_complete_evt(hdev, skb);
2810 break;
2811
2812 case HCI_EV_REMOTE_FEATURES:
2813 hci_remote_features_evt(hdev, skb);
2814 break;
2815
2816 case HCI_EV_REMOTE_VERSION:
2817 hci_remote_version_evt(hdev, skb);
2818 break;
2819
2820 case HCI_EV_QOS_SETUP_COMPLETE:
2821 hci_qos_setup_complete_evt(hdev, skb);
2822 break;
2823
2824 case HCI_EV_CMD_COMPLETE:
2825 hci_cmd_complete_evt(hdev, skb);
2826 break;
2827
2828 case HCI_EV_CMD_STATUS:
2829 hci_cmd_status_evt(hdev, skb);
2830 break;
2831
2832 case HCI_EV_ROLE_CHANGE:
2833 hci_role_change_evt(hdev, skb);
2834 break;
2835
2836 case HCI_EV_NUM_COMP_PKTS:
2837 hci_num_comp_pkts_evt(hdev, skb);
2838 break;
2839
2840 case HCI_EV_MODE_CHANGE:
2841 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 2842 break;
2843
2844 case HCI_EV_PIN_CODE_REQ:
2845 hci_pin_code_request_evt(hdev, skb);
2846 break;
2847
2848 case HCI_EV_LINK_KEY_REQ:
2849 hci_link_key_request_evt(hdev, skb);
2850 break;
2851
2852 case HCI_EV_LINK_KEY_NOTIFY:
2853 hci_link_key_notify_evt(hdev, skb);
2854 break;
2855
2856 case HCI_EV_CLOCK_OFFSET:
2857 hci_clock_offset_evt(hdev, skb);
2858 break;
2859
a8746417
MH		 2860 case HCI_EV_PKT_TYPE_CHANGE:
2861 hci_pkt_type_change_evt(hdev, skb);
2862 break;
2863
85a1e930
MH		 2864 case HCI_EV_PSCAN_REP_MODE:
2865 hci_pscan_rep_mode_evt(hdev, skb);
2866 break;
2867
a9de9248
MH		 2868 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2869 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 2870 break;
2871
a9de9248
MH		 2872 case HCI_EV_REMOTE_EXT_FEATURES:
2873 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 2874 break;
2875
a9de9248
MH		 2876 case HCI_EV_SYNC_CONN_COMPLETE:
2877 hci_sync_conn_complete_evt(hdev, skb);
2878 break;
1da177e4 2879
a9de9248
MH		 2880 case HCI_EV_SYNC_CONN_CHANGED:
2881 hci_sync_conn_changed_evt(hdev, skb);
2882 break;
1da177e4 2883
a9de9248
MH		 2884 case HCI_EV_SNIFF_SUBRATE:
2885 hci_sniff_subrate_evt(hdev, skb);
2886 break;
1da177e4 2887
a9de9248
MH		 2888 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2889 hci_extended_inquiry_result_evt(hdev, skb);
2890 break;
1da177e4 2891
0493684e
MH		 2892 case HCI_EV_IO_CAPA_REQUEST:
2893 hci_io_capa_request_evt(hdev, skb);
2894 break;
2895
03b555e1
JH		 2896 case HCI_EV_IO_CAPA_REPLY:
2897 hci_io_capa_reply_evt(hdev, skb);
2898 break;
2899
a5c29683
JH		 2900 case HCI_EV_USER_CONFIRM_REQUEST:
2901 hci_user_confirm_request_evt(hdev, skb);
2902 break;
2903
0493684e
MH		 2904 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2905 hci_simple_pair_complete_evt(hdev, skb);
2906 break;
2907
41a96212
MH		 2908 case HCI_EV_REMOTE_HOST_FEATURES:
2909 hci_remote_host_features_evt(hdev, skb);
2910 break;
2911
fcd89c09
VT		 2912 case HCI_EV_LE_META:
2913 hci_le_meta_evt(hdev, skb);
2914 break;
2915
2763eda6
SJ		 2916 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2917 hci_remote_oob_data_request_evt(hdev, skb);
2918 break;
2919
a9de9248
MH		 2920 default:
2921 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 2922 break;
2923 }
2924
2925 kfree_skb(skb);
2926 hdev->stat.evt_rx++;
2927}
2928
2929/* Generate internal stack event */
2930void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2931{
2932 struct hci_event_hdr *hdr;
2933 struct hci_ev_stack_internal *ev;
2934 struct sk_buff *skb;
2935
2936 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2937 if (!skb)
2938 return;
2939
2940 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2941 hdr->evt = HCI_EV_STACK_INTERNAL;
2942 hdr->plen = sizeof(*ev) + dlen;
2943
2944 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2945 ev->type = type;
2946 memcpy(ev->data, data, dlen);
2947
576c7d85 2948 bt_cb(skb)->incoming = 1;
a61bbcf2 2949 __net_timestamp(skb);
576c7d85 2950
0d48d939 2951 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 2952 skb->dev = (void *) hdev;
eec8d2bc 2953 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2954 kfree_skb(skb);
2955}
kernel source for telekom puls (alcatel/mediatek)