projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Periodic Inquiry and Discovery
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
a9de9248
MH		 58 if (status)
59 return;
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
63 mgmt_discovering(hdev->id, 0);
6bd57416 64
23bb5763 65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 66
67 hci_conn_check_pending(hdev);
68}
6bd57416 69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
a9de9248 74 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
a9de9248
MH		 79 hci_conn_check_pending(hdev);
80}
81
82static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
83{
84 BT_DBG("%s", hdev->name);
85}
86
87static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88{
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
91
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
93
94 if (rp->status)
95 return;
96
97 hci_dev_lock(hdev);
98
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 if (conn) {
101 if (rp->role)
102 conn->link_mode &= ~HCI_LM_MASTER;
103 else
104 conn->link_mode |= HCI_LM_MASTER;
1da177e4 105 }
a9de9248
MH		 106
107 hci_dev_unlock(hdev);
1da177e4
LT		 108}
109
e4e8e37c
MH		 110static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111{
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
114
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
116
117 if (rp->status)
118 return;
119
120 hci_dev_lock(hdev);
121
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 if (conn)
124 conn->link_policy = __le16_to_cpu(rp->policy);
125
126 hci_dev_unlock(hdev);
127}
128
a9de9248 129static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 130{
a9de9248 131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 132 struct hci_conn *conn;
04837f64 133 void *sent;
1da177e4 134
a9de9248 135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 136
a9de9248
MH		 137 if (rp->status)
138 return;
1da177e4 139
a9de9248
MH		 140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
141 if (!sent)
142 return;
1da177e4 143
a9de9248 144 hci_dev_lock(hdev);
1da177e4 145
a9de9248 146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 147 if (conn)
83985319 148 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 149
a9de9248
MH		 150 hci_dev_unlock(hdev);
151}
1da177e4 152
e4e8e37c
MH		 153static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
154{
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
158
159 if (rp->status)
160 return;
161
162 hdev->link_policy = __le16_to_cpu(rp->policy);
163}
164
165static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
166{
167 __u8 status = *((__u8 *) skb->data);
168 void *sent;
169
170 BT_DBG("%s status 0x%x", hdev->name, status);
171
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
173 if (!sent)
174 return;
175
176 if (!status)
177 hdev->link_policy = get_unaligned_le16(sent);
178
23bb5763 179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 180}
181
a9de9248
MH		 182static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183{
184 __u8 status = *((__u8 *) skb->data);
04837f64 185
a9de9248 186 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 187
10572132
GP		 188 clear_bit(HCI_RESET, &hdev->flags);
189
23bb5763 190 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 191}
04837f64 192
a9de9248
MH		 193static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
194{
195 __u8 status = *((__u8 *) skb->data);
196 void *sent;
04837f64 197
a9de9248 198 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 199
a9de9248
MH		 200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
201 if (!sent)
202 return;
04837f64 203
b312b161
JH		 204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev->id, sent, status);
206
207 if (status)
208 return;
209
1f6c6378 210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 211}
212
213static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214{
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
216
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
218
219 if (rp->status)
220 return;
221
1f6c6378 222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 223}
224
225static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
226{
227 __u8 status = *((__u8 *) skb->data);
228 void *sent;
229
230 BT_DBG("%s status 0x%x", hdev->name, status);
231
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
233 if (!sent)
234 return;
235
236 if (!status) {
237 __u8 param = *((__u8 *) sent);
238
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
241 else
242 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 243 }
a9de9248 244
23bb5763 245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 246}
247
a9de9248 248static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 249{
a9de9248 250 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 251 void *sent;
252
a9de9248 253 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 254
a9de9248
MH		 255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
256 if (!sent)
257 return;
1da177e4 258
a9de9248
MH		 259 if (!status) {
260 __u8 param = *((__u8 *) sent);
261
262 if (param)
263 set_bit(HCI_ENCRYPT, &hdev->flags);
264 else
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
266 }
1da177e4 267
23bb5763 268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 269}
1da177e4 270
a9de9248
MH		 271static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
272{
36f7fc7e
JH		 273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
a9de9248 275 void *sent;
1da177e4 276
a9de9248 277 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 278
a9de9248
MH		 279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
280 if (!sent)
281 return;
1da177e4 282
36f7fc7e
JH		 283 if (status != 0)
284 goto done;
285
286 param = *((__u8 *) sent);
287
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
290
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
293 if (!old_iscan)
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
297
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
300 if (!old_pscan)
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
1da177e4 304
36f7fc7e 305done:
23bb5763 306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 307}
1da177e4 308
a9de9248
MH		 309static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
310{
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 312
a9de9248 313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 314
a9de9248
MH		 315 if (rp->status)
316 return;
1da177e4 317
a9de9248 318 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 319
a9de9248
MH		 320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
322}
1da177e4 323
a9de9248
MH		 324static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
325{
326 __u8 status = *((__u8 *) skb->data);
327 void *sent;
1da177e4 328
a9de9248 329 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 330
f383f275
MH		 331 if (status)
332 return;
333
a9de9248
MH		 334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
335 if (!sent)
336 return;
1da177e4 337
f383f275 338 memcpy(hdev->dev_class, sent, 3);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
344 __u16 setting;
345
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
347
348 if (rp->status)
349 return;
350
351 setting = __le16_to_cpu(rp->voice_setting);
352
f383f275 353 if (hdev->voice_setting == setting)
a9de9248
MH		 354 return;
355
356 hdev->voice_setting = setting;
357
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
359
360 if (hdev->notify) {
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
364 }
365}
366
367static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
f383f275 370 __u16 setting;
a9de9248
MH		 371 void *sent;
372
373 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 374
f383f275
MH		 375 if (status)
376 return;
377
a9de9248
MH		 378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
379 if (!sent)
380 return;
1da177e4 381
f383f275 382 setting = get_unaligned_le16(sent);
1da177e4 383
f383f275
MH		 384 if (hdev->voice_setting == setting)
385 return;
386
387 hdev->voice_setting = setting;
1da177e4 388
f383f275 389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 390
f383f275
MH		 391 if (hdev->notify) {
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 395 }
396}
397
a9de9248 398static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 399{
a9de9248 400 __u8 status = *((__u8 *) skb->data);
1da177e4 401
a9de9248 402 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 403
23bb5763 404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 405}
1143e5a6 406
333140b5
MH		 407static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
408{
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
410
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
412
413 if (rp->status)
414 return;
415
416 hdev->ssp_mode = rp->mode;
417}
418
419static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
420{
421 __u8 status = *((__u8 *) skb->data);
422 void *sent;
423
424 BT_DBG("%s status 0x%x", hdev->name, status);
425
426 if (status)
427 return;
428
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
430 if (!sent)
431 return;
432
433 hdev->ssp_mode = *((__u8 *) sent);
434}
435
d5859e22
JH		 436static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
437{
438 if (hdev->features[6] & LMP_EXT_INQ)
439 return 2;
440
441 if (hdev->features[3] & LMP_RSSI_INQ)
442 return 1;
443
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
446 return 1;
447
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
450 return 1;
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
454 return 1;
455 }
456
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
459 return 1;
460
461 return 0;
462}
463
464static void hci_setup_inquiry_mode(struct hci_dev *hdev)
465{
466 u8 mode;
467
468 mode = hci_get_inquiry_mode(hdev);
469
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
471}
472
473static void hci_setup_event_mask(struct hci_dev *hdev)
474{
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
479
6de6c18d
VT		 480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
483 return;
484
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 490
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
493
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
496
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
499
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
502
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
505
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
508
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
520 }
521
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
524
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526}
527
e6100a25
AG		 528static void hci_set_le_support(struct hci_dev *hdev)
529{
530 struct hci_cp_write_le_host_supported cp;
531
532 memset(&cp, 0, sizeof(cp));
533
534 if (enable_le) {
535 cp.le = 1;
536 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
537 }
538
539 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
540}
541
d5859e22
JH		 542static void hci_setup(struct hci_dev *hdev)
543{
544 hci_setup_event_mask(hdev);
545
546 if (hdev->lmp_ver > 1)
547 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
548
549 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
550 u8 mode = 0x01;
551 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
552 }
553
554 if (hdev->features[3] & LMP_RSSI_INQ)
555 hci_setup_inquiry_mode(hdev);
556
557 if (hdev->features[7] & LMP_INQ_TX_PWR)
558 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 559
560 if (hdev->features[7] & LMP_EXTFEATURES) {
561 struct hci_cp_read_local_ext_features cp;
562
563 cp.page = 0x01;
564 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
565 sizeof(cp), &cp);
566 }
e6100a25
AG		 567
568 if (hdev->features[4] & LMP_LE)
569 hci_set_le_support(hdev);
d5859e22
JH		 570}
571
a9de9248
MH		 572static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
573{
574 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 575
a9de9248 576 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 577
a9de9248
MH		 578 if (rp->status)
579 return;
1143e5a6 580
a9de9248 581 hdev->hci_ver = rp->hci_ver;
e4e8e37c 582 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 583 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 584 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 585 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 586
a9de9248
MH		 587 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
588 hdev->manufacturer,
589 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 590
591 if (test_bit(HCI_INIT, &hdev->flags))
592 hci_setup(hdev);
593}
594
595static void hci_setup_link_policy(struct hci_dev *hdev)
596{
597 u16 link_policy = 0;
598
599 if (hdev->features[0] & LMP_RSWITCH)
600 link_policy |= HCI_LP_RSWITCH;
601 if (hdev->features[0] & LMP_HOLD)
602 link_policy |= HCI_LP_HOLD;
603 if (hdev->features[0] & LMP_SNIFF)
604 link_policy |= HCI_LP_SNIFF;
605 if (hdev->features[1] & LMP_PARK)
606 link_policy |= HCI_LP_PARK;
607
608 link_policy = cpu_to_le16(link_policy);
609 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
610 sizeof(link_policy), &link_policy);
a9de9248 611}
1da177e4 612
a9de9248
MH		 613static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
614{
615 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 616
a9de9248 617 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 618
a9de9248 619 if (rp->status)
d5859e22 620 goto done;
1da177e4 621
a9de9248 622 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 623
624 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
625 hci_setup_link_policy(hdev);
626
627done:
628 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 629}
1da177e4 630
a9de9248
MH		 631static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
632{
633 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 634
a9de9248 635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 636
a9de9248
MH		 637 if (rp->status)
638 return;
5b7f9909 639
a9de9248 640 memcpy(hdev->features, rp->features, 8);
5b7f9909 641
a9de9248
MH		 642 /* Adjust default settings according to features
643 * supported by device. */
1da177e4 644
a9de9248
MH		 645 if (hdev->features[0] & LMP_3SLOT)
646 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 647
a9de9248
MH		 648 if (hdev->features[0] & LMP_5SLOT)
649 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 650
a9de9248
MH		 651 if (hdev->features[1] & LMP_HV2) {
652 hdev->pkt_type |= (HCI_HV2);
653 hdev->esco_type |= (ESCO_HV2);
654 }
1da177e4 655
a9de9248
MH		 656 if (hdev->features[1] & LMP_HV3) {
657 hdev->pkt_type |= (HCI_HV3);
658 hdev->esco_type |= (ESCO_HV3);
659 }
1da177e4 660
a9de9248
MH		 661 if (hdev->features[3] & LMP_ESCO)
662 hdev->esco_type |= (ESCO_EV3);
da1f5198 663
a9de9248
MH		 664 if (hdev->features[4] & LMP_EV4)
665 hdev->esco_type |= (ESCO_EV4);
da1f5198 666
a9de9248
MH		 667 if (hdev->features[4] & LMP_EV5)
668 hdev->esco_type |= (ESCO_EV5);
1da177e4 669
efc7688b
MH		 670 if (hdev->features[5] & LMP_EDR_ESCO_2M)
671 hdev->esco_type |= (ESCO_2EV3);
672
673 if (hdev->features[5] & LMP_EDR_ESCO_3M)
674 hdev->esco_type |= (ESCO_3EV3);
675
676 if (hdev->features[5] & LMP_EDR_3S_ESCO)
677 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
678
a9de9248
MH		 679 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
680 hdev->features[0], hdev->features[1],
681 hdev->features[2], hdev->features[3],
682 hdev->features[4], hdev->features[5],
683 hdev->features[6], hdev->features[7]);
684}
1da177e4 685
971e3a4b
AG		 686static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
687 struct sk_buff *skb)
688{
689 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
690
691 BT_DBG("%s status 0x%x", hdev->name, rp->status);
692
693 if (rp->status)
694 return;
695
696 memcpy(hdev->extfeatures, rp->features, 8);
697
698 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
699}
700
a9de9248
MH		 701static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
702{
703 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 704
a9de9248 705 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 706
a9de9248
MH		 707 if (rp->status)
708 return;
1da177e4 709
a9de9248
MH		 710 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
711 hdev->sco_mtu = rp->sco_mtu;
712 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
713 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
714
715 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
716 hdev->sco_mtu = 64;
717 hdev->sco_pkts = 8;
1da177e4 718 }
a9de9248
MH		 719
720 hdev->acl_cnt = hdev->acl_pkts;
721 hdev->sco_cnt = hdev->sco_pkts;
722
723 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
724 hdev->acl_mtu, hdev->acl_pkts,
725 hdev->sco_mtu, hdev->sco_pkts);
726}
727
728static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
729{
730 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
731
732 BT_DBG("%s status 0x%x", hdev->name, rp->status);
733
734 if (!rp->status)
735 bacpy(&hdev->bdaddr, &rp->bdaddr);
736
23bb5763
JH		 737 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
738}
739
740static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
741{
742 __u8 status = *((__u8 *) skb->data);
743
744 BT_DBG("%s status 0x%x", hdev->name, status);
745
746 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 747}
748
928abaa7
AE		 749static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
750 struct sk_buff *skb)
751{
752 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
753
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
755
756 if (rp->status)
757 return;
758
759 hdev->amp_status = rp->amp_status;
760 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
761 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
762 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
763 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
764 hdev->amp_type = rp->amp_type;
765 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
766 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
767 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
768 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
769
770 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
771}
772
b0916ea0
JH		 773static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
774 struct sk_buff *skb)
775{
776 __u8 status = *((__u8 *) skb->data);
777
778 BT_DBG("%s status 0x%x", hdev->name, status);
779
780 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
781}
782
d5859e22
JH		 783static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
784{
785 __u8 status = *((__u8 *) skb->data);
786
787 BT_DBG("%s status 0x%x", hdev->name, status);
788
789 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
790}
791
792static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
793 struct sk_buff *skb)
794{
795 __u8 status = *((__u8 *) skb->data);
796
797 BT_DBG("%s status 0x%x", hdev->name, status);
798
799 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
800}
801
802static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
803 struct sk_buff *skb)
804{
805 __u8 status = *((__u8 *) skb->data);
806
807 BT_DBG("%s status 0x%x", hdev->name, status);
808
809 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
810}
811
812static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
813{
814 __u8 status = *((__u8 *) skb->data);
815
816 BT_DBG("%s status 0x%x", hdev->name, status);
817
818 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
819}
820
980e1a53
JH		 821static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
822{
823 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
824 struct hci_cp_pin_code_reply *cp;
825 struct hci_conn *conn;
826
827 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828
829 if (test_bit(HCI_MGMT, &hdev->flags))
830 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
831
832 if (rp->status != 0)
833 return;
834
835 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
836 if (!cp)
837 return;
838
839 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
840 if (conn)
841 conn->pin_length = cp->pin_len;
842}
843
844static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
845{
846 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
847
848 BT_DBG("%s status 0x%x", hdev->name, rp->status);
849
850 if (test_bit(HCI_MGMT, &hdev->flags))
851 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
852 rp->status);
853}
6ed58ec5
VT		 854static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
855 struct sk_buff *skb)
856{
857 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
858
859 BT_DBG("%s status 0x%x", hdev->name, rp->status);
860
861 if (rp->status)
862 return;
863
864 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
865 hdev->le_pkts = rp->le_max_pkt;
866
867 hdev->le_cnt = hdev->le_pkts;
868
869 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
870
871 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
872}
980e1a53 873
a5c29683
JH		 874static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
877
878 BT_DBG("%s status 0x%x", hdev->name, rp->status);
879
880 if (test_bit(HCI_MGMT, &hdev->flags))
881 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
882 rp->status);
883}
884
885static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
886 struct sk_buff *skb)
887{
888 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
889
890 BT_DBG("%s status 0x%x", hdev->name, rp->status);
891
892 if (test_bit(HCI_MGMT, &hdev->flags))
893 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
894 rp->status);
895}
896
c35938b2
SJ		 897static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
898 struct sk_buff *skb)
899{
900 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
901
902 BT_DBG("%s status 0x%x", hdev->name, rp->status);
903
904 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
905 rp->randomizer, rp->status);
906}
907
eb9d91f5
AG		 908static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
909 struct sk_buff *skb)
910{
911 struct hci_cp_le_set_scan_enable *cp;
912 __u8 status = *((__u8 *) skb->data);
913
914 BT_DBG("%s status 0x%x", hdev->name, status);
915
916 if (status)
917 return;
918
919 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
920 if (!cp)
921 return;
922
35815085
AG		 923 if (cp->enable == 0x01) {
924 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 925
926 hci_dev_lock(hdev);
eb9d91f5 927 hci_adv_entries_clear(hdev);
a8f13c8c 928 hci_dev_unlock(hdev);
35815085
AG		 929 } else if (cp->enable == 0x00) {
930 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
931 }
eb9d91f5
AG		 932}
933
a7a595f6
VCG		 934static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
935{
936 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
937
938 BT_DBG("%s status 0x%x", hdev->name, rp->status);
939
940 if (rp->status)
941 return;
942
943 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
944}
945
946static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
947{
948 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
949
950 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951
952 if (rp->status)
953 return;
954
955 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
956}
957
f9b49306
AG		 958static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_cp_read_local_ext_features cp;
962 __u8 status = *((__u8 *) skb->data);
963
964 BT_DBG("%s status 0x%x", hdev->name, status);
965
966 if (status)
967 return;
968
969 cp.page = 0x01;
970 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
971}
972
a9de9248
MH		 973static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
974{
975 BT_DBG("%s status 0x%x", hdev->name, status);
976
977 if (status) {
23bb5763 978 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 979 hci_conn_check_pending(hdev);
164a6e78
JH		 980 if (test_bit(HCI_MGMT, &hdev->flags))
981 mgmt_inquiry_failed(hdev->id, status);
314b2381
JH		 982 return;
983 }
984
89352e7d
AG		 985 set_bit(HCI_INQUIRY, &hdev->flags);
986
987 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 988}
989
1da177e4
LT		 990static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
991{
a9de9248 992 struct hci_cp_create_conn *cp;
1da177e4 993 struct hci_conn *conn;
1da177e4 994
a9de9248
MH		 995 BT_DBG("%s status 0x%x", hdev->name, status);
996
997 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 998 if (!cp)
999 return;
1000
1001 hci_dev_lock(hdev);
1002
1003 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1004
a9de9248 1005 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1006
1007 if (status) {
1008 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1009 if (status != 0x0c || conn->attempt > 2) {
1010 conn->state = BT_CLOSED;
1011 hci_proto_connect_cfm(conn, status);
1012 hci_conn_del(conn);
1013 } else
1014 conn->state = BT_CONNECT2;
1da177e4
LT		 1015 }
1016 } else {
1017 if (!conn) {
1018 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1019 if (conn) {
1020 conn->out = 1;
1021 conn->link_mode |= HCI_LM_MASTER;
1022 } else
893ef971 1023 BT_ERR("No memory for new connection");
1da177e4
LT		 1024 }
1025 }
1026
1027 hci_dev_unlock(hdev);
1028}
1029
a9de9248 1030static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1031{
a9de9248
MH		 1032 struct hci_cp_add_sco *cp;
1033 struct hci_conn *acl, *sco;
1034 __u16 handle;
1da177e4 1035
b6a0dc82
MH		 1036 BT_DBG("%s status 0x%x", hdev->name, status);
1037
a9de9248
MH		 1038 if (!status)
1039 return;
1da177e4 1040
a9de9248
MH		 1041 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1042 if (!cp)
1043 return;
1da177e4 1044
a9de9248 1045 handle = __le16_to_cpu(cp->handle);
1da177e4 1046
a9de9248 1047 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1048
a9de9248 1049 hci_dev_lock(hdev);
1da177e4 1050
a9de9248 1051 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1052 if (acl) {
1053 sco = acl->link;
1054 if (sco) {
1055 sco->state = BT_CLOSED;
1da177e4 1056
5a08ecce
AE		 1057 hci_proto_connect_cfm(sco, status);
1058 hci_conn_del(sco);
1059 }
a9de9248 1060 }
1da177e4 1061
a9de9248
MH		 1062 hci_dev_unlock(hdev);
1063}
1da177e4 1064
f8558555
MH		 1065static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1066{
1067 struct hci_cp_auth_requested *cp;
1068 struct hci_conn *conn;
1069
1070 BT_DBG("%s status 0x%x", hdev->name, status);
1071
1072 if (!status)
1073 return;
1074
1075 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1076 if (!cp)
1077 return;
1078
1079 hci_dev_lock(hdev);
1080
1081 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1082 if (conn) {
1083 if (conn->state == BT_CONFIG) {
1084 hci_proto_connect_cfm(conn, status);
1085 hci_conn_put(conn);
1086 }
1087 }
1088
1089 hci_dev_unlock(hdev);
1090}
1091
1092static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1093{
1094 struct hci_cp_set_conn_encrypt *cp;
1095 struct hci_conn *conn;
1096
1097 BT_DBG("%s status 0x%x", hdev->name, status);
1098
1099 if (!status)
1100 return;
1101
1102 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1103 if (!cp)
1104 return;
1105
1106 hci_dev_lock(hdev);
1107
1108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1109 if (conn) {
1110 if (conn->state == BT_CONFIG) {
1111 hci_proto_connect_cfm(conn, status);
1112 hci_conn_put(conn);
1113 }
1114 }
1115
1116 hci_dev_unlock(hdev);
1117}
1118
127178d2 1119static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1120 struct hci_conn *conn)
392599b9 1121{
392599b9
JH		 1122 if (conn->state != BT_CONFIG || !conn->out)
1123 return 0;
1124
765c2a96 1125 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1126 return 0;
1127
1128 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1129 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1130 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1131 conn->pending_sec_level != BT_SECURITY_HIGH &&
1132 !(conn->auth_type & 0x01))
392599b9
JH		 1133 return 0;
1134
392599b9
JH		 1135 return 1;
1136}
1137
a9de9248
MH		 1138static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1139{
127178d2
JH		 1140 struct hci_cp_remote_name_req *cp;
1141 struct hci_conn *conn;
1142
a9de9248 1143 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1144
1145 /* If successful wait for the name req complete event before
1146 * checking for the need to do authentication */
1147 if (!status)
1148 return;
1149
1150 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1151 if (!cp)
1152 return;
1153
1154 hci_dev_lock(hdev);
1155
1156 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1157 if (!conn)
1158 goto unlock;
1159
1160 if (!hci_outgoing_auth_needed(hdev, conn))
1161 goto unlock;
1162
1163 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1164 struct hci_cp_auth_requested cp;
1165 cp.handle = __cpu_to_le16(conn->handle);
1166 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1167 }
1168
79c6c70c 1169unlock:
127178d2 1170 hci_dev_unlock(hdev);
a9de9248 1171}
1da177e4 1172
769be974
MH		 1173static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1174{
1175 struct hci_cp_read_remote_features *cp;
1176 struct hci_conn *conn;
1177
1178 BT_DBG("%s status 0x%x", hdev->name, status);
1179
1180 if (!status)
1181 return;
1182
1183 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1184 if (!cp)
1185 return;
1186
1187 hci_dev_lock(hdev);
1188
1189 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1190 if (conn) {
1191 if (conn->state == BT_CONFIG) {
769be974
MH		 1192 hci_proto_connect_cfm(conn, status);
1193 hci_conn_put(conn);
1194 }
1195 }
1196
1197 hci_dev_unlock(hdev);
1198}
1199
1200static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1201{
1202 struct hci_cp_read_remote_ext_features *cp;
1203 struct hci_conn *conn;
1204
1205 BT_DBG("%s status 0x%x", hdev->name, status);
1206
1207 if (!status)
1208 return;
1209
1210 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1211 if (!cp)
1212 return;
1213
1214 hci_dev_lock(hdev);
1215
1216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1217 if (conn) {
1218 if (conn->state == BT_CONFIG) {
769be974
MH		 1219 hci_proto_connect_cfm(conn, status);
1220 hci_conn_put(conn);
1221 }
1222 }
1223
1224 hci_dev_unlock(hdev);
1225}
1226
a9de9248
MH		 1227static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1228{
b6a0dc82
MH		 1229 struct hci_cp_setup_sync_conn *cp;
1230 struct hci_conn *acl, *sco;
1231 __u16 handle;
1232
a9de9248 1233 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1234
1235 if (!status)
1236 return;
1237
1238 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1239 if (!cp)
1240 return;
1241
1242 handle = __le16_to_cpu(cp->handle);
1243
1244 BT_DBG("%s handle %d", hdev->name, handle);
1245
1246 hci_dev_lock(hdev);
1247
1248 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1249 if (acl) {
1250 sco = acl->link;
1251 if (sco) {
1252 sco->state = BT_CLOSED;
b6a0dc82 1253
5a08ecce
AE		 1254 hci_proto_connect_cfm(sco, status);
1255 hci_conn_del(sco);
1256 }
b6a0dc82
MH		 1257 }
1258
1259 hci_dev_unlock(hdev);
1da177e4
LT		 1260}
1261
a9de9248 1262static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1263{
a9de9248
MH		 1264 struct hci_cp_sniff_mode *cp;
1265 struct hci_conn *conn;
1da177e4 1266
a9de9248 1267 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1268
a9de9248
MH		 1269 if (!status)
1270 return;
04837f64 1271
a9de9248
MH		 1272 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1273 if (!cp)
1274 return;
04837f64 1275
a9de9248 1276 hci_dev_lock(hdev);
04837f64 1277
a9de9248 1278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1279 if (conn) {
a9de9248 1280 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1281
e73439d8
MH		 1282 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1283 hci_sco_setup(conn, status);
1284 }
1285
a9de9248
MH		 1286 hci_dev_unlock(hdev);
1287}
04837f64 1288
a9de9248
MH		 1289static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1290{
1291 struct hci_cp_exit_sniff_mode *cp;
1292 struct hci_conn *conn;
04837f64 1293
a9de9248 1294 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1295
a9de9248
MH		 1296 if (!status)
1297 return;
04837f64 1298
a9de9248
MH		 1299 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1300 if (!cp)
1301 return;
04837f64 1302
a9de9248 1303 hci_dev_lock(hdev);
1da177e4 1304
a9de9248 1305 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1306 if (conn) {
a9de9248 1307 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1308
e73439d8
MH		 1309 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1310 hci_sco_setup(conn, status);
1311 }
1312
a9de9248 1313 hci_dev_unlock(hdev);
1da177e4
LT		 1314}
1315
fcd89c09
VT		 1316static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1317{
1318 struct hci_cp_le_create_conn *cp;
1319 struct hci_conn *conn;
1320
1321 BT_DBG("%s status 0x%x", hdev->name, status);
1322
1323 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1324 if (!cp)
1325 return;
1326
1327 hci_dev_lock(hdev);
1328
1329 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1330
1331 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1332 conn);
1333
1334 if (status) {
1335 if (conn && conn->state == BT_CONNECT) {
1336 conn->state = BT_CLOSED;
1337 hci_proto_connect_cfm(conn, status);
1338 hci_conn_del(conn);
1339 }
1340 } else {
1341 if (!conn) {
1342 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1343 if (conn) {
1344 conn->dst_type = cp->peer_addr_type;
fcd89c09 1345 conn->out = 1;
29b7988a 1346 } else {
fcd89c09 1347 BT_ERR("No memory for new connection");
29b7988a 1348 }
fcd89c09
VT		 1349 }
1350 }
1351
1352 hci_dev_unlock(hdev);
1353}
1354
a7a595f6
VCG		 1355static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1356{
1357 BT_DBG("%s status 0x%x", hdev->name, status);
1358}
1359
1da177e4
LT		 1360static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1361{
1362 __u8 status = *((__u8 *) skb->data);
1363
1364 BT_DBG("%s status %d", hdev->name, status);
1365
23bb5763 1366 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1367
a9de9248 1368 hci_conn_check_pending(hdev);
89352e7d
AG		 1369
1370 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1371 return;
1372
1373 mgmt_discovering(hdev->id, 0);
1da177e4
LT		 1374}
1375
1da177e4
LT		 1376static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1377{
45bb4bf0 1378 struct inquiry_data data;
a9de9248 1379 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1380 int num_rsp = *((__u8 *) skb->data);
1381
1382 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1383
45bb4bf0
MH		 1384 if (!num_rsp)
1385 return;
1386
1da177e4 1387 hci_dev_lock(hdev);
45bb4bf0 1388
e17acd40 1389 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1390 bacpy(&data.bdaddr, &info->bdaddr);
1391 data.pscan_rep_mode = info->pscan_rep_mode;
1392 data.pscan_period_mode = info->pscan_period_mode;
1393 data.pscan_mode = info->pscan_mode;
1394 memcpy(data.dev_class, info->dev_class, 3);
1395 data.clock_offset = info->clock_offset;
1396 data.rssi = 0x00;
41a96212 1397 data.ssp_mode = 0x00;
1da177e4 1398 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1399 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1400 NULL);
1da177e4 1401 }
45bb4bf0 1402
1da177e4
LT		 1403 hci_dev_unlock(hdev);
1404}
1405
1da177e4
LT		 1406static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1407{
a9de9248
MH		 1408 struct hci_ev_conn_complete *ev = (void *) skb->data;
1409 struct hci_conn *conn;
1da177e4
LT		 1410
1411 BT_DBG("%s", hdev->name);
1412
1413 hci_dev_lock(hdev);
1414
1415 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1416 if (!conn) {
1417 if (ev->link_type != SCO_LINK)
1418 goto unlock;
1419
1420 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1421 if (!conn)
1422 goto unlock;
1423
1424 conn->type = SCO_LINK;
1425 }
1da177e4
LT		 1426
1427 if (!ev->status) {
1428 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1429
1430 if (conn->type == ACL_LINK) {
1431 conn->state = BT_CONFIG;
1432 hci_conn_hold(conn);
052b30b0 1433 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
cfafccf7 1434 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
769be974
MH		 1435 } else
1436 conn->state = BT_CONNECTED;
1da177e4 1437
9eba32b8 1438 hci_conn_hold_device(conn);
7d0db0a3
MH		 1439 hci_conn_add_sysfs(conn);
1440
1da177e4
LT		 1441 if (test_bit(HCI_AUTH, &hdev->flags))
1442 conn->link_mode |= HCI_LM_AUTH;
1443
1444 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1445 conn->link_mode |= HCI_LM_ENCRYPT;
1446
04837f64
MH		 1447 /* Get remote features */
1448 if (conn->type == ACL_LINK) {
1449 struct hci_cp_read_remote_features cp;
1450 cp.handle = ev->handle;
769be974
MH		 1451 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1452 sizeof(cp), &cp);
04837f64
MH		 1453 }
1454
1da177e4 1455 /* Set packet type for incoming connection */
a8746417 1456 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1457 struct hci_cp_change_conn_ptype cp;
1458 cp.handle = ev->handle;
a8746417
MH		 1459 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1460 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1461 sizeof(cp), &cp);
1da177e4 1462 }
17d5c04c 1463 } else {
1da177e4 1464 conn->state = BT_CLOSED;
17d5c04c
JH		 1465 if (conn->type == ACL_LINK)
1466 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1467 }
1da177e4 1468
e73439d8
MH		 1469 if (conn->type == ACL_LINK)
1470 hci_sco_setup(conn, ev->status);
1da177e4 1471
769be974
MH		 1472 if (ev->status) {
1473 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1474 hci_conn_del(conn);
c89b6e6b
MH		 1475 } else if (ev->link_type != ACL_LINK)
1476 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1477
a9de9248 1478unlock:
1da177e4 1479 hci_dev_unlock(hdev);
1da177e4 1480
a9de9248 1481 hci_conn_check_pending(hdev);
1da177e4
LT		 1482}
1483
a9de9248 1484static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1485{
a9de9248
MH		 1486 struct hci_ev_conn_request *ev = (void *) skb->data;
1487 int mask = hdev->link_mode;
1da177e4 1488
a9de9248
MH		 1489 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1490 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1491
a9de9248 1492 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1493
138d22ef
SJ		 1494 if ((mask & HCI_LM_ACCEPT) &&
1495 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1496 /* Connection accepted */
c7bdd502 1497 struct inquiry_entry *ie;
1da177e4 1498 struct hci_conn *conn;
1da177e4 1499
a9de9248 1500 hci_dev_lock(hdev);
b6a0dc82 1501
cc11b9c1
AE		 1502 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1503 if (ie)
c7bdd502
MH		 1504 memcpy(ie->data.dev_class, ev->dev_class, 3);
1505
a9de9248
MH		 1506 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1507 if (!conn) {
cc11b9c1
AE		 1508 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1509 if (!conn) {
893ef971 1510 BT_ERR("No memory for new connection");
a9de9248
MH		 1511 hci_dev_unlock(hdev);
1512 return;
1da177e4
LT		 1513 }
1514 }
b6a0dc82 1515
a9de9248
MH		 1516 memcpy(conn->dev_class, ev->dev_class, 3);
1517 conn->state = BT_CONNECT;
b6a0dc82 1518
a9de9248 1519 hci_dev_unlock(hdev);
1da177e4 1520
b6a0dc82
MH		 1521 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1522 struct hci_cp_accept_conn_req cp;
1da177e4 1523
b6a0dc82
MH		 1524 bacpy(&cp.bdaddr, &ev->bdaddr);
1525
1526 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1527 cp.role = 0x00; /* Become master */
1528 else
1529 cp.role = 0x01; /* Remain slave */
1530
1531 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1532 sizeof(cp), &cp);
1533 } else {
1534 struct hci_cp_accept_sync_conn_req cp;
1535
1536 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1537 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1538
1539 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1540 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1541 cp.max_latency = cpu_to_le16(0xffff);
1542 cp.content_format = cpu_to_le16(hdev->voice_setting);
1543 cp.retrans_effort = 0xff;
1da177e4 1544
b6a0dc82
MH		 1545 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1546 sizeof(cp), &cp);
1547 }
a9de9248
MH		 1548 } else {
1549 /* Connection rejected */
1550 struct hci_cp_reject_conn_req cp;
1da177e4 1551
a9de9248 1552 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1553 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1554 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1555 }
1da177e4
LT		 1556}
1557
a9de9248 1558static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1559{
a9de9248 1560 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1561 struct hci_conn *conn;
1562
1563 BT_DBG("%s status %d", hdev->name, ev->status);
1564
8962ee74
JH		 1565 if (ev->status) {
1566 mgmt_disconnect_failed(hdev->id);
a9de9248 1567 return;
8962ee74 1568 }
a9de9248 1569
04837f64
MH		 1570 hci_dev_lock(hdev);
1571
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1573 if (!conn)
1574 goto unlock;
7d0db0a3 1575
f7520543 1576 conn->state = BT_CLOSED;
04837f64 1577
83bc71b4 1578 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1579 mgmt_disconnected(hdev->id, &conn->dst);
1580
1581 hci_proto_disconn_cfm(conn, ev->reason);
1582 hci_conn_del(conn);
1583
1584unlock:
04837f64
MH		 1585 hci_dev_unlock(hdev);
1586}
1587
1da177e4
LT		 1588static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1589{
a9de9248 1590 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1591 struct hci_conn *conn;
1da177e4
LT		 1592
1593 BT_DBG("%s status %d", hdev->name, ev->status);
1594
1595 hci_dev_lock(hdev);
1596
04837f64 1597 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1598 if (!conn)
1599 goto unlock;
1600
1601 if (!ev->status) {
1602 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1603 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1604 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1605 } else {
d7556e20
WR		 1606 conn->link_mode |= HCI_LM_AUTH;
1607 conn->sec_level = conn->pending_sec_level;
2a611692 1608 }
d7556e20
WR		 1609 } else {
1610 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1611 }
1da177e4 1612
d7556e20
WR		 1613 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1614 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1615
d7556e20
WR		 1616 if (conn->state == BT_CONFIG) {
1617 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1618 struct hci_cp_set_conn_encrypt cp;
1619 cp.handle = ev->handle;
1620 cp.encrypt = 0x01;
1621 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1622 &cp);
052b30b0 1623 } else {
d7556e20
WR		 1624 conn->state = BT_CONNECTED;
1625 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1626 hci_conn_put(conn);
1627 }
d7556e20
WR		 1628 } else {
1629 hci_auth_cfm(conn, ev->status);
052b30b0 1630
d7556e20
WR		 1631 hci_conn_hold(conn);
1632 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1633 hci_conn_put(conn);
1634 }
1635
1636 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1637 if (!ev->status) {
1638 struct hci_cp_set_conn_encrypt cp;
1639 cp.handle = ev->handle;
1640 cp.encrypt = 0x01;
1641 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1642 &cp);
1643 } else {
1644 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1645 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1646 }
1647 }
1648
d7556e20 1649unlock:
1da177e4
LT		 1650 hci_dev_unlock(hdev);
1651}
1652
a9de9248 1653static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1654{
127178d2
JH		 1655 struct hci_ev_remote_name *ev = (void *) skb->data;
1656 struct hci_conn *conn;
1657
a9de9248 1658 BT_DBG("%s", hdev->name);
1da177e4 1659
a9de9248 1660 hci_conn_check_pending(hdev);
127178d2
JH		 1661
1662 hci_dev_lock(hdev);
1663
a88a9652
JH		 1664 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1665 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1666
127178d2 1667 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1668 if (!conn)
1669 goto unlock;
1670
1671 if (!hci_outgoing_auth_needed(hdev, conn))
1672 goto unlock;
1673
1674 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1675 struct hci_cp_auth_requested cp;
1676 cp.handle = __cpu_to_le16(conn->handle);
1677 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1678 }
1679
79c6c70c 1680unlock:
127178d2 1681 hci_dev_unlock(hdev);
a9de9248
MH		 1682}
1683
1684static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1685{
1686 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1687 struct hci_conn *conn;
1688
1689 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1690
1691 hci_dev_lock(hdev);
1692
04837f64 1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1694 if (conn) {
1695 if (!ev->status) {
ae293196
MH		 1696 if (ev->encrypt) {
1697 /* Encryption implies authentication */
1698 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1699 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1700 conn->sec_level = conn->pending_sec_level;
ae293196 1701 } else
1da177e4
LT		 1702 conn->link_mode &= ~HCI_LM_ENCRYPT;
1703 }
1704
1705 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1706
f8558555
MH		 1707 if (conn->state == BT_CONFIG) {
1708 if (!ev->status)
1709 conn->state = BT_CONNECTED;
1710
1711 hci_proto_connect_cfm(conn, ev->status);
1712 hci_conn_put(conn);
1713 } else
1714 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1715 }
1716
1717 hci_dev_unlock(hdev);
1718}
1719
a9de9248 1720static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1721{
a9de9248 1722 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1723 struct hci_conn *conn;
1da177e4
LT		 1724
1725 BT_DBG("%s status %d", hdev->name, ev->status);
1726
1727 hci_dev_lock(hdev);
1728
04837f64 1729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1730 if (conn) {
1731 if (!ev->status)
1732 conn->link_mode |= HCI_LM_SECURE;
1733
1734 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1735
1736 hci_key_change_cfm(conn, ev->status);
1737 }
1738
1739 hci_dev_unlock(hdev);
1740}
1741
a9de9248 1742static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1743{
a9de9248
MH		 1744 struct hci_ev_remote_features *ev = (void *) skb->data;
1745 struct hci_conn *conn;
1746
1747 BT_DBG("%s status %d", hdev->name, ev->status);
1748
a9de9248
MH		 1749 hci_dev_lock(hdev);
1750
1751 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1752 if (!conn)
1753 goto unlock;
769be974 1754
ccd556fe
JH		 1755 if (!ev->status)
1756 memcpy(conn->features, ev->features, 8);
1757
1758 if (conn->state != BT_CONFIG)
1759 goto unlock;
1760
1761 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1762 struct hci_cp_read_remote_ext_features cp;
1763 cp.handle = ev->handle;
1764 cp.page = 0x01;
1765 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1766 sizeof(cp), &cp);
392599b9
JH		 1767 goto unlock;
1768 }
1769
127178d2
JH		 1770 if (!ev->status) {
1771 struct hci_cp_remote_name_req cp;
1772 memset(&cp, 0, sizeof(cp));
1773 bacpy(&cp.bdaddr, &conn->dst);
1774 cp.pscan_rep_mode = 0x02;
1775 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1776 }
392599b9 1777
127178d2 1778 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1779 conn->state = BT_CONNECTED;
1780 hci_proto_connect_cfm(conn, ev->status);
1781 hci_conn_put(conn);
769be974 1782 }
a9de9248 1783
ccd556fe 1784unlock:
a9de9248 1785 hci_dev_unlock(hdev);
1da177e4
LT		 1786}
1787
a9de9248 1788static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1789{
a9de9248 1790 BT_DBG("%s", hdev->name);
1da177e4
LT		 1791}
1792
a9de9248 1793static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1794{
a9de9248 1795 BT_DBG("%s", hdev->name);
1da177e4
LT		 1796}
1797
a9de9248
MH		 1798static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1799{
1800 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1801 __u16 opcode;
1802
1803 skb_pull(skb, sizeof(*ev));
1804
1805 opcode = __le16_to_cpu(ev->opcode);
1806
1807 switch (opcode) {
1808 case HCI_OP_INQUIRY_CANCEL:
1809 hci_cc_inquiry_cancel(hdev, skb);
1810 break;
1811
1812 case HCI_OP_EXIT_PERIODIC_INQ:
1813 hci_cc_exit_periodic_inq(hdev, skb);
1814 break;
1815
1816 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1817 hci_cc_remote_name_req_cancel(hdev, skb);
1818 break;
1819
1820 case HCI_OP_ROLE_DISCOVERY:
1821 hci_cc_role_discovery(hdev, skb);
1822 break;
1823
e4e8e37c
MH		 1824 case HCI_OP_READ_LINK_POLICY:
1825 hci_cc_read_link_policy(hdev, skb);
1826 break;
1827
a9de9248
MH		 1828 case HCI_OP_WRITE_LINK_POLICY:
1829 hci_cc_write_link_policy(hdev, skb);
1830 break;
1831
e4e8e37c
MH		 1832 case HCI_OP_READ_DEF_LINK_POLICY:
1833 hci_cc_read_def_link_policy(hdev, skb);
1834 break;
1835
1836 case HCI_OP_WRITE_DEF_LINK_POLICY:
1837 hci_cc_write_def_link_policy(hdev, skb);
1838 break;
1839
a9de9248
MH		 1840 case HCI_OP_RESET:
1841 hci_cc_reset(hdev, skb);
1842 break;
1843
1844 case HCI_OP_WRITE_LOCAL_NAME:
1845 hci_cc_write_local_name(hdev, skb);
1846 break;
1847
1848 case HCI_OP_READ_LOCAL_NAME:
1849 hci_cc_read_local_name(hdev, skb);
1850 break;
1851
1852 case HCI_OP_WRITE_AUTH_ENABLE:
1853 hci_cc_write_auth_enable(hdev, skb);
1854 break;
1855
1856 case HCI_OP_WRITE_ENCRYPT_MODE:
1857 hci_cc_write_encrypt_mode(hdev, skb);
1858 break;
1859
1860 case HCI_OP_WRITE_SCAN_ENABLE:
1861 hci_cc_write_scan_enable(hdev, skb);
1862 break;
1863
1864 case HCI_OP_READ_CLASS_OF_DEV:
1865 hci_cc_read_class_of_dev(hdev, skb);
1866 break;
1867
1868 case HCI_OP_WRITE_CLASS_OF_DEV:
1869 hci_cc_write_class_of_dev(hdev, skb);
1870 break;
1871
1872 case HCI_OP_READ_VOICE_SETTING:
1873 hci_cc_read_voice_setting(hdev, skb);
1874 break;
1875
1876 case HCI_OP_WRITE_VOICE_SETTING:
1877 hci_cc_write_voice_setting(hdev, skb);
1878 break;
1879
1880 case HCI_OP_HOST_BUFFER_SIZE:
1881 hci_cc_host_buffer_size(hdev, skb);
1882 break;
1883
333140b5
MH		 1884 case HCI_OP_READ_SSP_MODE:
1885 hci_cc_read_ssp_mode(hdev, skb);
1886 break;
1887
1888 case HCI_OP_WRITE_SSP_MODE:
1889 hci_cc_write_ssp_mode(hdev, skb);
1890 break;
1891
a9de9248
MH		 1892 case HCI_OP_READ_LOCAL_VERSION:
1893 hci_cc_read_local_version(hdev, skb);
1894 break;
1895
1896 case HCI_OP_READ_LOCAL_COMMANDS:
1897 hci_cc_read_local_commands(hdev, skb);
1898 break;
1899
1900 case HCI_OP_READ_LOCAL_FEATURES:
1901 hci_cc_read_local_features(hdev, skb);
1902 break;
1903
971e3a4b
AG		 1904 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1905 hci_cc_read_local_ext_features(hdev, skb);
1906 break;
1907
a9de9248
MH		 1908 case HCI_OP_READ_BUFFER_SIZE:
1909 hci_cc_read_buffer_size(hdev, skb);
1910 break;
1911
1912 case HCI_OP_READ_BD_ADDR:
1913 hci_cc_read_bd_addr(hdev, skb);
1914 break;
1915
23bb5763
JH		 1916 case HCI_OP_WRITE_CA_TIMEOUT:
1917 hci_cc_write_ca_timeout(hdev, skb);
1918 break;
1919
928abaa7
AE		 1920 case HCI_OP_READ_LOCAL_AMP_INFO:
1921 hci_cc_read_local_amp_info(hdev, skb);
1922 break;
1923
b0916ea0
JH		 1924 case HCI_OP_DELETE_STORED_LINK_KEY:
1925 hci_cc_delete_stored_link_key(hdev, skb);
1926 break;
1927
d5859e22
JH		 1928 case HCI_OP_SET_EVENT_MASK:
1929 hci_cc_set_event_mask(hdev, skb);
1930 break;
1931
1932 case HCI_OP_WRITE_INQUIRY_MODE:
1933 hci_cc_write_inquiry_mode(hdev, skb);
1934 break;
1935
1936 case HCI_OP_READ_INQ_RSP_TX_POWER:
1937 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1938 break;
1939
1940 case HCI_OP_SET_EVENT_FLT:
1941 hci_cc_set_event_flt(hdev, skb);
1942 break;
1943
980e1a53
JH		 1944 case HCI_OP_PIN_CODE_REPLY:
1945 hci_cc_pin_code_reply(hdev, skb);
1946 break;
1947
1948 case HCI_OP_PIN_CODE_NEG_REPLY:
1949 hci_cc_pin_code_neg_reply(hdev, skb);
1950 break;
1951
c35938b2
SJ		 1952 case HCI_OP_READ_LOCAL_OOB_DATA:
1953 hci_cc_read_local_oob_data_reply(hdev, skb);
1954 break;
1955
6ed58ec5
VT		 1956 case HCI_OP_LE_READ_BUFFER_SIZE:
1957 hci_cc_le_read_buffer_size(hdev, skb);
1958 break;
1959
a5c29683
JH		 1960 case HCI_OP_USER_CONFIRM_REPLY:
1961 hci_cc_user_confirm_reply(hdev, skb);
1962 break;
1963
1964 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1965 hci_cc_user_confirm_neg_reply(hdev, skb);
1966 break;
1967
eb9d91f5
AG		 1968 case HCI_OP_LE_SET_SCAN_ENABLE:
1969 hci_cc_le_set_scan_enable(hdev, skb);
1970 break;
1971
a7a595f6
VCG		 1972 case HCI_OP_LE_LTK_REPLY:
1973 hci_cc_le_ltk_reply(hdev, skb);
1974 break;
1975
1976 case HCI_OP_LE_LTK_NEG_REPLY:
1977 hci_cc_le_ltk_neg_reply(hdev, skb);
1978 break;
1979
f9b49306
AG		 1980 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1981 hci_cc_write_le_host_supported(hdev, skb);
1982 break;
1983
a9de9248
MH		 1984 default:
1985 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1986 break;
1987 }
1988
6bd32326
VT		 1989 if (ev->opcode != HCI_OP_NOP)
1990 del_timer(&hdev->cmd_timer);
1991
a9de9248
MH		 1992 if (ev->ncmd) {
1993 atomic_set(&hdev->cmd_cnt, 1);
1994 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1995 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1996 }
1997}
1998
1999static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2000{
2001 struct hci_ev_cmd_status *ev = (void *) skb->data;
2002 __u16 opcode;
2003
2004 skb_pull(skb, sizeof(*ev));
2005
2006 opcode = __le16_to_cpu(ev->opcode);
2007
2008 switch (opcode) {
2009 case HCI_OP_INQUIRY:
2010 hci_cs_inquiry(hdev, ev->status);
2011 break;
2012
2013 case HCI_OP_CREATE_CONN:
2014 hci_cs_create_conn(hdev, ev->status);
2015 break;
2016
2017 case HCI_OP_ADD_SCO:
2018 hci_cs_add_sco(hdev, ev->status);
2019 break;
2020
f8558555
MH		 2021 case HCI_OP_AUTH_REQUESTED:
2022 hci_cs_auth_requested(hdev, ev->status);
2023 break;
2024
2025 case HCI_OP_SET_CONN_ENCRYPT:
2026 hci_cs_set_conn_encrypt(hdev, ev->status);
2027 break;
2028
a9de9248
MH		 2029 case HCI_OP_REMOTE_NAME_REQ:
2030 hci_cs_remote_name_req(hdev, ev->status);
2031 break;
2032
769be974
MH		 2033 case HCI_OP_READ_REMOTE_FEATURES:
2034 hci_cs_read_remote_features(hdev, ev->status);
2035 break;
2036
2037 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2038 hci_cs_read_remote_ext_features(hdev, ev->status);
2039 break;
2040
a9de9248
MH		 2041 case HCI_OP_SETUP_SYNC_CONN:
2042 hci_cs_setup_sync_conn(hdev, ev->status);
2043 break;
2044
2045 case HCI_OP_SNIFF_MODE:
2046 hci_cs_sniff_mode(hdev, ev->status);
2047 break;
2048
2049 case HCI_OP_EXIT_SNIFF_MODE:
2050 hci_cs_exit_sniff_mode(hdev, ev->status);
2051 break;
2052
8962ee74
JH		 2053 case HCI_OP_DISCONNECT:
2054 if (ev->status != 0)
2055 mgmt_disconnect_failed(hdev->id);
2056 break;
2057
fcd89c09
VT		 2058 case HCI_OP_LE_CREATE_CONN:
2059 hci_cs_le_create_conn(hdev, ev->status);
2060 break;
2061
a7a595f6
VCG		 2062 case HCI_OP_LE_START_ENC:
2063 hci_cs_le_start_enc(hdev, ev->status);
2064 break;
2065
a9de9248
MH		 2066 default:
2067 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2068 break;
2069 }
2070
6bd32326
VT		 2071 if (ev->opcode != HCI_OP_NOP)
2072 del_timer(&hdev->cmd_timer);
2073
10572132 2074 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2075 atomic_set(&hdev->cmd_cnt, 1);
2076 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2077 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2078 }
2079}
2080
2081static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2082{
2083 struct hci_ev_role_change *ev = (void *) skb->data;
2084 struct hci_conn *conn;
2085
2086 BT_DBG("%s status %d", hdev->name, ev->status);
2087
2088 hci_dev_lock(hdev);
2089
2090 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2091 if (conn) {
2092 if (!ev->status) {
2093 if (ev->role)
2094 conn->link_mode &= ~HCI_LM_MASTER;
2095 else
2096 conn->link_mode |= HCI_LM_MASTER;
2097 }
2098
2099 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2100
2101 hci_role_switch_cfm(conn, ev->status, ev->role);
2102 }
2103
2104 hci_dev_unlock(hdev);
2105}
2106
2107static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2108{
2109 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2110 __le16 *ptr;
2111 int i;
2112
2113 skb_pull(skb, sizeof(*ev));
2114
2115 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2116
2117 if (skb->len < ev->num_hndl * 4) {
2118 BT_DBG("%s bad parameters", hdev->name);
2119 return;
2120 }
2121
2122 tasklet_disable(&hdev->tx_task);
2123
2124 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2125 struct hci_conn *conn;
2126 __u16 handle, count;
2127
83985319
HH		 2128 handle = get_unaligned_le16(ptr++);
2129 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2130
2131 conn = hci_conn_hash_lookup_handle(hdev, handle);
2132 if (conn) {
2133 conn->sent -= count;
2134
2135 if (conn->type == ACL_LINK) {
70f23020
AE		 2136 hdev->acl_cnt += count;
2137 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2138 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2139 } else if (conn->type == LE_LINK) {
2140 if (hdev->le_pkts) {
2141 hdev->le_cnt += count;
2142 if (hdev->le_cnt > hdev->le_pkts)
2143 hdev->le_cnt = hdev->le_pkts;
2144 } else {
2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
2147 hdev->acl_cnt = hdev->acl_pkts;
2148 }
a9de9248 2149 } else {
70f23020
AE		 2150 hdev->sco_cnt += count;
2151 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2152 hdev->sco_cnt = hdev->sco_pkts;
2153 }
2154 }
2155 }
2156
c78ae283 2157 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2158
2159 tasklet_enable(&hdev->tx_task);
2160}
2161
2162static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2163{
a9de9248 2164 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2165 struct hci_conn *conn;
2166
2167 BT_DBG("%s status %d", hdev->name, ev->status);
2168
2169 hci_dev_lock(hdev);
2170
2171 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2172 if (conn) {
2173 conn->mode = ev->mode;
2174 conn->interval = __le16_to_cpu(ev->interval);
2175
2176 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2177 if (conn->mode == HCI_CM_ACTIVE)
2178 conn->power_save = 1;
2179 else
2180 conn->power_save = 0;
2181 }
e73439d8
MH		 2182
2183 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2184 hci_sco_setup(conn, ev->status);
04837f64
MH		 2185 }
2186
2187 hci_dev_unlock(hdev);
2188}
2189
a9de9248
MH		 2190static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2191{
052b30b0
MH		 2192 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2193 struct hci_conn *conn;
2194
a9de9248 2195 BT_DBG("%s", hdev->name);
052b30b0
MH		 2196
2197 hci_dev_lock(hdev);
2198
2199 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2200 if (!conn)
2201 goto unlock;
2202
2203 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2204 hci_conn_hold(conn);
2205 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2206 hci_conn_put(conn);
2207 }
2208
03b555e1
JH		 2209 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2210 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2211 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2212 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2213 u8 secure;
2214
2215 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2216 secure = 1;
2217 else
2218 secure = 0;
2219
2220 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2221 }
980e1a53 2222
b6f98044 2223unlock:
052b30b0 2224 hci_dev_unlock(hdev);
a9de9248
MH		 2225}
2226
2227static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2228{
55ed8ca1
JH		 2229 struct hci_ev_link_key_req *ev = (void *) skb->data;
2230 struct hci_cp_link_key_reply cp;
2231 struct hci_conn *conn;
2232 struct link_key *key;
2233
a9de9248 2234 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2235
2236 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2237 return;
2238
2239 hci_dev_lock(hdev);
2240
2241 key = hci_find_link_key(hdev, &ev->bdaddr);
2242 if (!key) {
2243 BT_DBG("%s link key not found for %s", hdev->name,
2244 batostr(&ev->bdaddr));
2245 goto not_found;
2246 }
2247
2248 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2249 batostr(&ev->bdaddr));
2250
b6020ba0
WR		 2251 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2252 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2253 BT_DBG("%s ignoring debug key", hdev->name);
2254 goto not_found;
2255 }
2256
2257 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2258 if (conn) {
2259 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2260 conn->auth_type != 0xff &&
2261 (conn->auth_type & 0x01)) {
2262 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2263 goto not_found;
2264 }
55ed8ca1 2265
60b83f57
WR		 2266 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2267 conn->pending_sec_level == BT_SECURITY_HIGH) {
2268 BT_DBG("%s ignoring key unauthenticated for high \
2269 security", hdev->name);
2270 goto not_found;
2271 }
2272
2273 conn->key_type = key->type;
2274 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2275 }
2276
2277 bacpy(&cp.bdaddr, &ev->bdaddr);
2278 memcpy(cp.link_key, key->val, 16);
2279
2280 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2281
2282 hci_dev_unlock(hdev);
2283
2284 return;
2285
2286not_found:
2287 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2288 hci_dev_unlock(hdev);
a9de9248
MH		 2289}
2290
2291static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2292{
052b30b0
MH		 2293 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2294 struct hci_conn *conn;
55ed8ca1 2295 u8 pin_len = 0;
052b30b0 2296
a9de9248 2297 BT_DBG("%s", hdev->name);
052b30b0
MH		 2298
2299 hci_dev_lock(hdev);
2300
2301 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2302 if (conn) {
2303 hci_conn_hold(conn);
2304 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2305 pin_len = conn->pin_length;
13d39315
WR		 2306
2307 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2308 conn->key_type = ev->key_type;
2309
052b30b0
MH		 2310 hci_conn_put(conn);
2311 }
2312
55ed8ca1 2313 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2314 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2315 ev->key_type, pin_len);
2316
052b30b0 2317 hci_dev_unlock(hdev);
a9de9248
MH		 2318}
2319
1da177e4
LT		 2320static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2321{
a9de9248 2322 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2323 struct hci_conn *conn;
1da177e4
LT		 2324
2325 BT_DBG("%s status %d", hdev->name, ev->status);
2326
2327 hci_dev_lock(hdev);
2328
04837f64 2329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2330 if (conn && !ev->status) {
2331 struct inquiry_entry *ie;
2332
cc11b9c1
AE		 2333 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2334 if (ie) {
1da177e4
LT		 2335 ie->data.clock_offset = ev->clock_offset;
2336 ie->timestamp = jiffies;
2337 }
2338 }
2339
2340 hci_dev_unlock(hdev);
2341}
2342
a8746417
MH		 2343static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2344{
2345 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2346 struct hci_conn *conn;
2347
2348 BT_DBG("%s status %d", hdev->name, ev->status);
2349
2350 hci_dev_lock(hdev);
2351
2352 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2353 if (conn && !ev->status)
2354 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2355
2356 hci_dev_unlock(hdev);
2357}
2358
85a1e930
MH		 2359static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2360{
a9de9248 2361 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2362 struct inquiry_entry *ie;
2363
2364 BT_DBG("%s", hdev->name);
2365
2366 hci_dev_lock(hdev);
2367
cc11b9c1
AE		 2368 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2369 if (ie) {
85a1e930
MH		 2370 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2371 ie->timestamp = jiffies;
2372 }
2373
2374 hci_dev_unlock(hdev);
2375}
2376
a9de9248
MH		 2377static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2378{
2379 struct inquiry_data data;
2380 int num_rsp = *((__u8 *) skb->data);
2381
2382 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2383
2384 if (!num_rsp)
2385 return;
2386
2387 hci_dev_lock(hdev);
2388
2389 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2390 struct inquiry_info_with_rssi_and_pscan_mode *info;
2391 info = (void *) (skb->data + 1);
a9de9248 2392
e17acd40 2393 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2394 bacpy(&data.bdaddr, &info->bdaddr);
2395 data.pscan_rep_mode = info->pscan_rep_mode;
2396 data.pscan_period_mode = info->pscan_period_mode;
2397 data.pscan_mode = info->pscan_mode;
2398 memcpy(data.dev_class, info->dev_class, 3);
2399 data.clock_offset = info->clock_offset;
2400 data.rssi = info->rssi;
41a96212 2401 data.ssp_mode = 0x00;
a9de9248 2402 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2403 mgmt_device_found(hdev->id, &info->bdaddr,
2404 info->dev_class, info->rssi,
2405 NULL);
a9de9248
MH		 2406 }
2407 } else {
2408 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2409
e17acd40 2410 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2411 bacpy(&data.bdaddr, &info->bdaddr);
2412 data.pscan_rep_mode = info->pscan_rep_mode;
2413 data.pscan_period_mode = info->pscan_period_mode;
2414 data.pscan_mode = 0x00;
2415 memcpy(data.dev_class, info->dev_class, 3);
2416 data.clock_offset = info->clock_offset;
2417 data.rssi = info->rssi;
41a96212 2418 data.ssp_mode = 0x00;
a9de9248 2419 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2420 mgmt_device_found(hdev->id, &info->bdaddr,
2421 info->dev_class, info->rssi,
2422 NULL);
a9de9248
MH		 2423 }
2424 }
2425
2426 hci_dev_unlock(hdev);
2427}
2428
2429static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2430{
41a96212
MH		 2431 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2433
a9de9248 2434 BT_DBG("%s", hdev->name);
41a96212 2435
41a96212
MH		 2436 hci_dev_lock(hdev);
2437
2438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2439 if (!conn)
2440 goto unlock;
41a96212 2441
ccd556fe
JH		 2442 if (!ev->status && ev->page == 0x01) {
2443 struct inquiry_entry *ie;
41a96212 2444
cc11b9c1
AE		 2445 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2446 if (ie)
ccd556fe 2447 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2448
ccd556fe
JH		 2449 conn->ssp_mode = (ev->features[0] & 0x01);
2450 }
2451
2452 if (conn->state != BT_CONFIG)
2453 goto unlock;
2454
127178d2
JH		 2455 if (!ev->status) {
2456 struct hci_cp_remote_name_req cp;
2457 memset(&cp, 0, sizeof(cp));
2458 bacpy(&cp.bdaddr, &conn->dst);
2459 cp.pscan_rep_mode = 0x02;
2460 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2461 }
392599b9 2462
127178d2 2463 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2464 conn->state = BT_CONNECTED;
2465 hci_proto_connect_cfm(conn, ev->status);
2466 hci_conn_put(conn);
41a96212
MH		 2467 }
2468
ccd556fe 2469unlock:
41a96212 2470 hci_dev_unlock(hdev);
a9de9248
MH		 2471}
2472
2473static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2474{
b6a0dc82
MH		 2475 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2476 struct hci_conn *conn;
2477
2478 BT_DBG("%s status %d", hdev->name, ev->status);
2479
2480 hci_dev_lock(hdev);
2481
2482 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2483 if (!conn) {
2484 if (ev->link_type == ESCO_LINK)
2485 goto unlock;
2486
2487 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2488 if (!conn)
2489 goto unlock;
2490
2491 conn->type = SCO_LINK;
2492 }
b6a0dc82 2493
732547f9
MH		 2494 switch (ev->status) {
2495 case 0x00:
b6a0dc82
MH		 2496 conn->handle = __le16_to_cpu(ev->handle);
2497 conn->state = BT_CONNECTED;
7d0db0a3 2498
9eba32b8 2499 hci_conn_hold_device(conn);
7d0db0a3 2500 hci_conn_add_sysfs(conn);
732547f9
MH		 2501 break;
2502
705e5711 2503 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2504 case 0x1c: /* SCO interval rejected */
1038a00b 2505 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2506 case 0x1f: /* Unspecified error */
2507 if (conn->out && conn->attempt < 2) {
2508 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2509 (hdev->esco_type & EDR_ESCO_MASK);
2510 hci_setup_sync(conn, conn->link->handle);
2511 goto unlock;
2512 }
2513 /* fall through */
2514
2515 default:
b6a0dc82 2516 conn->state = BT_CLOSED;
732547f9
MH		 2517 break;
2518 }
b6a0dc82
MH		 2519
2520 hci_proto_connect_cfm(conn, ev->status);
2521 if (ev->status)
2522 hci_conn_del(conn);
2523
2524unlock:
2525 hci_dev_unlock(hdev);
a9de9248
MH		 2526}
2527
2528static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2529{
2530 BT_DBG("%s", hdev->name);
2531}
2532
04837f64
MH		 2533static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2534{
a9de9248 2535 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2536
2537 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2538}
2539
a9de9248 2540static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2541{
a9de9248
MH		 2542 struct inquiry_data data;
2543 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2544 int num_rsp = *((__u8 *) skb->data);
1da177e4 2545
a9de9248 2546 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2547
a9de9248
MH		 2548 if (!num_rsp)
2549 return;
1da177e4 2550
a9de9248
MH		 2551 hci_dev_lock(hdev);
2552
e17acd40 2553 for (; num_rsp; num_rsp--, info++) {
a9de9248 2554 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2555 data.pscan_rep_mode = info->pscan_rep_mode;
2556 data.pscan_period_mode = info->pscan_period_mode;
2557 data.pscan_mode = 0x00;
a9de9248 2558 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2559 data.clock_offset = info->clock_offset;
2560 data.rssi = info->rssi;
41a96212 2561 data.ssp_mode = 0x01;
a9de9248 2562 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2563 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2564 info->rssi, info->data);
a9de9248
MH		 2565 }
2566
2567 hci_dev_unlock(hdev);
2568}
1da177e4 2569
17fa4b9d
JH		 2570static inline u8 hci_get_auth_req(struct hci_conn *conn)
2571{
2572 /* If remote requests dedicated bonding follow that lead */
2573 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2574 /* If both remote and local IO capabilities allow MITM
2575 * protection then require it, otherwise don't */
2576 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2577 return 0x02;
2578 else
2579 return 0x03;
2580 }
2581
2582 /* If remote requests no-bonding follow that lead */
2583 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2584 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2585
2586 return conn->auth_type;
2587}
2588
0493684e
MH		 2589static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2590{
2591 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2592 struct hci_conn *conn;
2593
2594 BT_DBG("%s", hdev->name);
2595
2596 hci_dev_lock(hdev);
2597
2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2599 if (!conn)
2600 goto unlock;
2601
2602 hci_conn_hold(conn);
2603
2604 if (!test_bit(HCI_MGMT, &hdev->flags))
2605 goto unlock;
2606
2607 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2608 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2609 struct hci_cp_io_capability_reply cp;
2610
2611 bacpy(&cp.bdaddr, &ev->bdaddr);
2612 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2613 conn->auth_type = hci_get_auth_req(conn);
2614 cp.authentication = conn->auth_type;
17fa4b9d 2615
ce85ee13
SJ		 2616 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2617 hci_find_remote_oob_data(hdev, &conn->dst))
2618 cp.oob_data = 0x01;
2619 else
2620 cp.oob_data = 0x00;
2621
17fa4b9d
JH		 2622 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2623 sizeof(cp), &cp);
03b555e1
JH		 2624 } else {
2625 struct hci_cp_io_capability_neg_reply cp;
2626
2627 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2628 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2629
03b555e1
JH		 2630 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2631 sizeof(cp), &cp);
2632 }
2633
2634unlock:
2635 hci_dev_unlock(hdev);
2636}
2637
2638static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2639{
2640 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2642
2643 BT_DBG("%s", hdev->name);
2644
2645 hci_dev_lock(hdev);
2646
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2648 if (!conn)
2649 goto unlock;
2650
03b555e1
JH		 2651 conn->remote_cap = ev->capability;
2652 conn->remote_oob = ev->oob_data;
2653 conn->remote_auth = ev->authentication;
2654
2655unlock:
0493684e
MH		 2656 hci_dev_unlock(hdev);
2657}
2658
a5c29683
JH		 2659static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2660 struct sk_buff *skb)
2661{
2662 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2663 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2664 struct hci_conn *conn;
a5c29683
JH		 2665
2666 BT_DBG("%s", hdev->name);
2667
2668 hci_dev_lock(hdev);
2669
7a828908
JH		 2670 if (!test_bit(HCI_MGMT, &hdev->flags))
2671 goto unlock;
a5c29683 2672
7a828908
JH		 2673 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2674 if (!conn)
2675 goto unlock;
2676
2677 loc_mitm = (conn->auth_type & 0x01);
2678 rem_mitm = (conn->remote_auth & 0x01);
2679
2680 /* If we require MITM but the remote device can't provide that
2681 * (it has NoInputNoOutput) then reject the confirmation
2682 * request. The only exception is when we're dedicated bonding
2683 * initiators (connect_cfm_cb set) since then we always have the MITM
2684 * bit set. */
2685 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2686 BT_DBG("Rejecting request: remote device can't provide MITM");
2687 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2688 sizeof(ev->bdaddr), &ev->bdaddr);
2689 goto unlock;
2690 }
2691
2692 /* If no side requires MITM protection; auto-accept */
2693 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2694 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2695
2696 /* If we're not the initiators request authorization to
2697 * proceed from user space (mgmt_user_confirm with
2698 * confirm_hint set to 1). */
2699 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2700 BT_DBG("Confirming auto-accept as acceptor");
2701 confirm_hint = 1;
2702 goto confirm;
2703 }
2704
9f61656a
JH		 2705 BT_DBG("Auto-accept of user confirmation with %ums delay",
2706 hdev->auto_accept_delay);
2707
2708 if (hdev->auto_accept_delay > 0) {
2709 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2710 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2711 goto unlock;
2712 }
2713
7a828908
JH		 2714 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2715 sizeof(ev->bdaddr), &ev->bdaddr);
2716 goto unlock;
2717 }
2718
55bc1a37
JH		 2719confirm:
2720 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2721 confirm_hint);
7a828908
JH		 2722
2723unlock:
a5c29683
JH		 2724 hci_dev_unlock(hdev);
2725}
2726
0493684e
MH		 2727static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2728{
2729 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2730 struct hci_conn *conn;
2731
2732 BT_DBG("%s", hdev->name);
2733
2734 hci_dev_lock(hdev);
2735
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2737 if (!conn)
2738 goto unlock;
2739
2740 /* To avoid duplicate auth_failed events to user space we check
2741 * the HCI_CONN_AUTH_PEND flag which will be set if we
2742 * initiated the authentication. A traditional auth_complete
2743 * event gets always produced as initiator and is also mapped to
2744 * the mgmt_auth_failed event */
2745 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2746 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2747
2a611692
JH		 2748 hci_conn_put(conn);
2749
2750unlock:
0493684e
MH		 2751 hci_dev_unlock(hdev);
2752}
2753
41a96212
MH		 2754static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2755{
2756 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2757 struct inquiry_entry *ie;
2758
2759 BT_DBG("%s", hdev->name);
2760
2761 hci_dev_lock(hdev);
2762
cc11b9c1
AE		 2763 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2764 if (ie)
41a96212
MH		 2765 ie->data.ssp_mode = (ev->features[0] & 0x01);
2766
2767 hci_dev_unlock(hdev);
2768}
2769
2763eda6
SJ		 2770static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2771 struct sk_buff *skb)
2772{
2773 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2774 struct oob_data *data;
2775
2776 BT_DBG("%s", hdev->name);
2777
2778 hci_dev_lock(hdev);
2779
e1ba1f15
SJ		 2780 if (!test_bit(HCI_MGMT, &hdev->flags))
2781 goto unlock;
2782
2763eda6
SJ		 2783 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2784 if (data) {
2785 struct hci_cp_remote_oob_data_reply cp;
2786
2787 bacpy(&cp.bdaddr, &ev->bdaddr);
2788 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2789 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2790
2791 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2792 &cp);
2793 } else {
2794 struct hci_cp_remote_oob_data_neg_reply cp;
2795
2796 bacpy(&cp.bdaddr, &ev->bdaddr);
2797 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2798 &cp);
2799 }
2800
e1ba1f15 2801unlock:
2763eda6
SJ		 2802 hci_dev_unlock(hdev);
2803}
2804
fcd89c09
VT		 2805static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2806{
2807 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2808 struct hci_conn *conn;
2809
2810 BT_DBG("%s status %d", hdev->name, ev->status);
2811
2812 hci_dev_lock(hdev);
2813
2814 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2815 if (!conn) {
2816 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2817 if (!conn) {
2818 BT_ERR("No memory for new connection");
2819 hci_dev_unlock(hdev);
2820 return;
2821 }
29b7988a
AG		 2822
2823 conn->dst_type = ev->bdaddr_type;
b62f328b 2824 }
fcd89c09
VT		 2825
2826 if (ev->status) {
83bc71b4 2827 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2828 hci_proto_connect_cfm(conn, ev->status);
2829 conn->state = BT_CLOSED;
2830 hci_conn_del(conn);
2831 goto unlock;
2832 }
2833
cfafccf7 2834 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
83bc71b4 2835
7b5c0d52 2836 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2837 conn->handle = __le16_to_cpu(ev->handle);
2838 conn->state = BT_CONNECTED;
2839
2840 hci_conn_hold_device(conn);
2841 hci_conn_add_sysfs(conn);
2842
2843 hci_proto_connect_cfm(conn, ev->status);
2844
2845unlock:
2846 hci_dev_unlock(hdev);
2847}
2848
9aa04c91
AG		 2849static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2850 struct sk_buff *skb)
2851{
e95beb41
AG		 2852 u8 num_reports = skb->data[0];
2853 void *ptr = &skb->data[1];
9aa04c91
AG		 2854
2855 hci_dev_lock(hdev);
2856
e95beb41
AG		 2857 while (num_reports--) {
2858 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2859
9aa04c91 2860 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2861
2862 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2863 }
2864
2865 hci_dev_unlock(hdev);
2866}
2867
a7a595f6
VCG		 2868static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2869 struct sk_buff *skb)
2870{
2871 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2872 struct hci_cp_le_ltk_reply cp;
bea710fe 2873 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2874 struct hci_conn *conn;
bea710fe 2875 struct link_key *ltk;
a7a595f6
VCG		 2876
2877 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2878
2879 hci_dev_lock(hdev);
2880
2881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2882 if (conn == NULL)
2883 goto not_found;
a7a595f6 2884
bea710fe
VCG		 2885 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2886 if (ltk == NULL)
2887 goto not_found;
2888
2889 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2890 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2891 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2892
2893 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2894
2895 hci_dev_unlock(hdev);
bea710fe
VCG		 2896
2897 return;
2898
2899not_found:
2900 neg.handle = ev->handle;
2901 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2902 hci_dev_unlock(hdev);
a7a595f6
VCG		 2903}
2904
fcd89c09
VT		 2905static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2906{
2907 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2908
2909 skb_pull(skb, sizeof(*le_ev));
2910
2911 switch (le_ev->subevent) {
2912 case HCI_EV_LE_CONN_COMPLETE:
2913 hci_le_conn_complete_evt(hdev, skb);
2914 break;
2915
9aa04c91
AG		 2916 case HCI_EV_LE_ADVERTISING_REPORT:
2917 hci_le_adv_report_evt(hdev, skb);
2918 break;
2919
a7a595f6
VCG		 2920 case HCI_EV_LE_LTK_REQ:
2921 hci_le_ltk_request_evt(hdev, skb);
2922 break;
2923
fcd89c09
VT		 2924 default:
2925 break;
2926 }
2927}
2928
a9de9248
MH		 2929void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2930{
2931 struct hci_event_hdr *hdr = (void *) skb->data;
2932 __u8 event = hdr->evt;
2933
2934 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2935
2936 switch (event) {
1da177e4
LT		 2937 case HCI_EV_INQUIRY_COMPLETE:
2938 hci_inquiry_complete_evt(hdev, skb);
2939 break;
2940
2941 case HCI_EV_INQUIRY_RESULT:
2942 hci_inquiry_result_evt(hdev, skb);
2943 break;
2944
a9de9248
MH		 2945 case HCI_EV_CONN_COMPLETE:
2946 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2947 break;
2948
1da177e4
LT		 2949 case HCI_EV_CONN_REQUEST:
2950 hci_conn_request_evt(hdev, skb);
2951 break;
2952
1da177e4
LT		 2953 case HCI_EV_DISCONN_COMPLETE:
2954 hci_disconn_complete_evt(hdev, skb);
2955 break;
2956
1da177e4
LT		 2957 case HCI_EV_AUTH_COMPLETE:
2958 hci_auth_complete_evt(hdev, skb);
2959 break;
2960
a9de9248
MH		 2961 case HCI_EV_REMOTE_NAME:
2962 hci_remote_name_evt(hdev, skb);
2963 break;
2964
1da177e4
LT		 2965 case HCI_EV_ENCRYPT_CHANGE:
2966 hci_encrypt_change_evt(hdev, skb);
2967 break;
2968
a9de9248
MH		 2969 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2970 hci_change_link_key_complete_evt(hdev, skb);
2971 break;
2972
2973 case HCI_EV_REMOTE_FEATURES:
2974 hci_remote_features_evt(hdev, skb);
2975 break;
2976
2977 case HCI_EV_REMOTE_VERSION:
2978 hci_remote_version_evt(hdev, skb);
2979 break;
2980
2981 case HCI_EV_QOS_SETUP_COMPLETE:
2982 hci_qos_setup_complete_evt(hdev, skb);
2983 break;
2984
2985 case HCI_EV_CMD_COMPLETE:
2986 hci_cmd_complete_evt(hdev, skb);
2987 break;
2988
2989 case HCI_EV_CMD_STATUS:
2990 hci_cmd_status_evt(hdev, skb);
2991 break;
2992
2993 case HCI_EV_ROLE_CHANGE:
2994 hci_role_change_evt(hdev, skb);
2995 break;
2996
2997 case HCI_EV_NUM_COMP_PKTS:
2998 hci_num_comp_pkts_evt(hdev, skb);
2999 break;
3000
3001 case HCI_EV_MODE_CHANGE:
3002 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3003 break;
3004
3005 case HCI_EV_PIN_CODE_REQ:
3006 hci_pin_code_request_evt(hdev, skb);
3007 break;
3008
3009 case HCI_EV_LINK_KEY_REQ:
3010 hci_link_key_request_evt(hdev, skb);
3011 break;
3012
3013 case HCI_EV_LINK_KEY_NOTIFY:
3014 hci_link_key_notify_evt(hdev, skb);
3015 break;
3016
3017 case HCI_EV_CLOCK_OFFSET:
3018 hci_clock_offset_evt(hdev, skb);
3019 break;
3020
a8746417
MH		 3021 case HCI_EV_PKT_TYPE_CHANGE:
3022 hci_pkt_type_change_evt(hdev, skb);
3023 break;
3024
85a1e930
MH		 3025 case HCI_EV_PSCAN_REP_MODE:
3026 hci_pscan_rep_mode_evt(hdev, skb);
3027 break;
3028
a9de9248
MH		 3029 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3030 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3031 break;
3032
a9de9248
MH		 3033 case HCI_EV_REMOTE_EXT_FEATURES:
3034 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3035 break;
3036
a9de9248
MH		 3037 case HCI_EV_SYNC_CONN_COMPLETE:
3038 hci_sync_conn_complete_evt(hdev, skb);
3039 break;
1da177e4 3040
a9de9248
MH		 3041 case HCI_EV_SYNC_CONN_CHANGED:
3042 hci_sync_conn_changed_evt(hdev, skb);
3043 break;
1da177e4 3044
a9de9248
MH		 3045 case HCI_EV_SNIFF_SUBRATE:
3046 hci_sniff_subrate_evt(hdev, skb);
3047 break;
1da177e4 3048
a9de9248
MH		 3049 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3050 hci_extended_inquiry_result_evt(hdev, skb);
3051 break;
1da177e4 3052
0493684e
MH		 3053 case HCI_EV_IO_CAPA_REQUEST:
3054 hci_io_capa_request_evt(hdev, skb);
3055 break;
3056
03b555e1
JH		 3057 case HCI_EV_IO_CAPA_REPLY:
3058 hci_io_capa_reply_evt(hdev, skb);
3059 break;
3060
a5c29683
JH		 3061 case HCI_EV_USER_CONFIRM_REQUEST:
3062 hci_user_confirm_request_evt(hdev, skb);
3063 break;
3064
0493684e
MH		 3065 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3066 hci_simple_pair_complete_evt(hdev, skb);
3067 break;
3068
41a96212
MH		 3069 case HCI_EV_REMOTE_HOST_FEATURES:
3070 hci_remote_host_features_evt(hdev, skb);
3071 break;
3072
fcd89c09
VT		 3073 case HCI_EV_LE_META:
3074 hci_le_meta_evt(hdev, skb);
3075 break;
3076
2763eda6
SJ		 3077 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3078 hci_remote_oob_data_request_evt(hdev, skb);
3079 break;
3080
a9de9248
MH		 3081 default:
3082 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3083 break;
3084 }
3085
3086 kfree_skb(skb);
3087 hdev->stat.evt_rx++;
3088}
3089
3090/* Generate internal stack event */
3091void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3092{
3093 struct hci_event_hdr *hdr;
3094 struct hci_ev_stack_internal *ev;
3095 struct sk_buff *skb;
3096
3097 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3098 if (!skb)
3099 return;
3100
3101 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3102 hdr->evt = HCI_EV_STACK_INTERNAL;
3103 hdr->plen = sizeof(*ev) + dlen;
3104
3105 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3106 ev->type = type;
3107 memcpy(ev->data, data, dlen);
3108
576c7d85 3109 bt_cb(skb)->incoming = 1;
a61bbcf2 3110 __net_timestamp(skb);
576c7d85 3111
0d48d939 3112 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3113 skb->dev = (void *) hdev;
eec8d2bc 3114 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3115 kfree_skb(skb);
3116}
e6100a25 3117
669bb396 3118module_param(enable_le, bool, 0644);
e6100a25 3119MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)