projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: AMP: Use HCI cmd to Read AMP Info
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
8e2a0d92 33#include <net/bluetooth/a2mp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
3159d384
JH		 226
227 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 228}
229
230static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
231{
232 struct hci_rp_read_local_name *rp = (void *) skb->data;
233
9f1db00c 234 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 235
236 if (rp->status)
237 return;
238
db99b5fc
JH		 239 if (test_bit(HCI_SETUP, &hdev->dev_flags))
240 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 241}
242
243static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
244{
245 __u8 status = *((__u8 *) skb->data);
246 void *sent;
247
9f1db00c 248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 249
250 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 if (!sent)
252 return;
253
254 if (!status) {
255 __u8 param = *((__u8 *) sent);
256
257 if (param == AUTH_ENABLED)
258 set_bit(HCI_AUTH, &hdev->flags);
259 else
260 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 261 }
a9de9248 262
33ef95ed
JH		 263 if (test_bit(HCI_MGMT, &hdev->dev_flags))
264 mgmt_auth_enable_complete(hdev, status);
265
23bb5763 266 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 267}
268
a9de9248 269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 270{
a9de9248 271 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 272 void *sent;
273
9f1db00c 274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 275
a9de9248
MH		 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
1da177e4 279
a9de9248
MH		 280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
1da177e4 288
23bb5763 289 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 290}
1da177e4 291
a9de9248
MH		 292static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293{
36f7fc7e
JH		 294 __u8 param, status = *((__u8 *) skb->data);
295 int old_pscan, old_iscan;
a9de9248 296 void *sent;
1da177e4 297
9f1db00c 298 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 299
a9de9248
MH		 300 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
301 if (!sent)
302 return;
1da177e4 303
36f7fc7e
JH		 304 param = *((__u8 *) sent);
305
56e5cb86
JH		 306 hci_dev_lock(hdev);
307
fa1bd918 308 if (status) {
744cf19e 309 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 310 hdev->discov_timeout = 0;
311 goto done;
312 }
313
36f7fc7e
JH		 314 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
315 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316
317 if (param & SCAN_INQUIRY) {
318 set_bit(HCI_ISCAN, &hdev->flags);
319 if (!old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 321 if (hdev->discov_timeout > 0) {
322 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
323 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 324 to);
16ab91ab 325 }
36f7fc7e 326 } else if (old_iscan)
744cf19e 327 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 328
329 if (param & SCAN_PAGE) {
330 set_bit(HCI_PSCAN, &hdev->flags);
331 if (!old_pscan)
744cf19e 332 mgmt_connectable(hdev, 1);
36f7fc7e 333 } else if (old_pscan)
744cf19e 334 mgmt_connectable(hdev, 0);
1da177e4 335
36f7fc7e 336done:
56e5cb86 337 hci_dev_unlock(hdev);
23bb5763 338 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 344
9f1db00c 345 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 346
a9de9248
MH		 347 if (rp->status)
348 return;
1da177e4 349
a9de9248 350 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 351
a9de9248 352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 353 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 354}
1da177e4 355
a9de9248
MH		 356static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
357{
358 __u8 status = *((__u8 *) skb->data);
359 void *sent;
1da177e4 360
9f1db00c 361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 362
a9de9248
MH		 363 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 if (!sent)
365 return;
1da177e4 366
7f9a903c
MH		 367 hci_dev_lock(hdev);
368
369 if (status == 0)
370 memcpy(hdev->dev_class, sent, 3);
371
372 if (test_bit(HCI_MGMT, &hdev->dev_flags))
373 mgmt_set_class_of_dev_complete(hdev, sent, status);
374
375 hci_dev_unlock(hdev);
a9de9248 376}
1da177e4 377
a9de9248
MH		 378static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
379{
380 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 __u16 setting;
382
9f1db00c 383 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 384
385 if (rp->status)
386 return;
387
388 setting = __le16_to_cpu(rp->voice_setting);
389
f383f275 390 if (hdev->voice_setting == setting)
a9de9248
MH		 391 return;
392
393 hdev->voice_setting = setting;
394
9f1db00c 395 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 396
3c54711c 397 if (hdev->notify)
a9de9248 398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 399}
400
8fc9ced3
GP		 401static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 struct sk_buff *skb)
a9de9248
MH		 403{
404 __u8 status = *((__u8 *) skb->data);
f383f275 405 __u16 setting;
a9de9248
MH		 406 void *sent;
407
9f1db00c 408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 409
f383f275
MH		 410 if (status)
411 return;
412
a9de9248
MH		 413 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 if (!sent)
415 return;
1da177e4 416
f383f275 417 setting = get_unaligned_le16(sent);
1da177e4 418
f383f275
MH		 419 if (hdev->voice_setting == setting)
420 return;
421
422 hdev->voice_setting = setting;
1da177e4 423
9f1db00c 424 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 425
3c54711c 426 if (hdev->notify)
f383f275 427 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 428}
429
a9de9248 430static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 431{
a9de9248 432 __u8 status = *((__u8 *) skb->data);
1da177e4 433
9f1db00c 434 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 435
23bb5763 436 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 437}
1143e5a6 438
333140b5
MH		 439static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440{
441 __u8 status = *((__u8 *) skb->data);
442 void *sent;
443
9f1db00c 444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 445
333140b5
MH		 446 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 if (!sent)
448 return;
449
ed2c4ee3 450 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 451 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
452 else if (!status) {
453 if (*((u8 *) sent))
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 else
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 }
333140b5
MH		 458}
459
d5859e22
JH		 460static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
461{
462 if (hdev->features[6] & LMP_EXT_INQ)
463 return 2;
464
465 if (hdev->features[3] & LMP_RSSI_INQ)
466 return 1;
467
468 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 469 hdev->lmp_subver == 0x0757)
d5859e22
JH		 470 return 1;
471
472 if (hdev->manufacturer == 15) {
473 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
476 return 1;
477 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
478 return 1;
479 }
480
481 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 482 hdev->lmp_subver == 0x1805)
d5859e22
JH		 483 return 1;
484
485 return 0;
486}
487
488static void hci_setup_inquiry_mode(struct hci_dev *hdev)
489{
490 u8 mode;
491
492 mode = hci_get_inquiry_mode(hdev);
493
494 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
495}
496
497static void hci_setup_event_mask(struct hci_dev *hdev)
498{
499 /* The second byte is 0xff instead of 0x9f (two reserved bits
500 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
501 * command otherwise */
502 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
503
6de6c18d
VT		 504 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
505 * any event mask for pre 1.2 devices */
5a13b095 506 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 507 return;
508
509 events[4] |= 0x01; /* Flow Specification Complete */
510 events[4] |= 0x02; /* Inquiry Result with RSSI */
511 events[4] |= 0x04; /* Read Remote Extended Features Complete */
512 events[5] |= 0x08; /* Synchronous Connection Complete */
513 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 514
515 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 516 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 517
999dcd10 518 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 519 events[5] |= 0x20; /* Sniff Subrating */
520
521 if (hdev->features[5] & LMP_PAUSE_ENC)
522 events[5] |= 0x80; /* Encryption Key Refresh Complete */
523
524 if (hdev->features[6] & LMP_EXT_INQ)
525 events[5] |= 0x40; /* Extended Inquiry Result */
526
c58e810e 527 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 528 events[7] |= 0x01; /* Enhanced Flush Complete */
529
530 if (hdev->features[7] & LMP_LSTO)
531 events[6] |= 0x80; /* Link Supervision Timeout Changed */
532
9a1a1996 533 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 534 events[6] |= 0x01; /* IO Capability Request */
535 events[6] |= 0x02; /* IO Capability Response */
536 events[6] |= 0x04; /* User Confirmation Request */
537 events[6] |= 0x08; /* User Passkey Request */
538 events[6] |= 0x10; /* Remote OOB Data Request */
539 events[6] |= 0x20; /* Simple Pairing Complete */
540 events[7] |= 0x04; /* User Passkey Notification */
541 events[7] |= 0x08; /* Keypress Notification */
542 events[7] |= 0x10; /* Remote Host Supported
543 * Features Notification */
544 }
545
c383ddc4 546 if (lmp_le_capable(hdev))
d5859e22
JH		 547 events[7] |= 0x20; /* LE Meta-Event */
548
549 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
550}
551
552static void hci_setup(struct hci_dev *hdev)
553{
e61ef499
AE		 554 if (hdev->dev_type != HCI_BREDR)
555 return;
556
d5859e22
JH		 557 hci_setup_event_mask(hdev);
558
d095c1eb 559 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 560 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
561
6d3c730f 562 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 563 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
564 u8 mode = 0x01;
565 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 566 sizeof(mode), &mode);
54d04dbb
JH		 567 } else {
568 struct hci_cp_write_eir cp;
569
570 memset(hdev->eir, 0, sizeof(hdev->eir));
571 memset(&cp, 0, sizeof(cp));
572
573 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
574 }
d5859e22
JH		 575 }
576
577 if (hdev->features[3] & LMP_RSSI_INQ)
578 hci_setup_inquiry_mode(hdev);
579
580 if (hdev->features[7] & LMP_INQ_TX_PWR)
581 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 582
583 if (hdev->features[7] & LMP_EXTFEATURES) {
584 struct hci_cp_read_local_ext_features cp;
585
586 cp.page = 0x01;
04124681
GP		 587 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
588 &cp);
971e3a4b 589 }
e6100a25 590
47990ea0
JH		 591 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
592 u8 enable = 1;
04124681
GP		 593 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
594 &enable);
47990ea0 595 }
d5859e22
JH		 596}
597
a9de9248
MH		 598static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
599{
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 601
9f1db00c 602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 603
a9de9248 604 if (rp->status)
28b8df77 605 goto done;
1143e5a6 606
a9de9248 607 hdev->hci_ver = rp->hci_ver;
e4e8e37c 608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 609 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 612
9f1db00c 613 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 614 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 615
616 if (test_bit(HCI_INIT, &hdev->flags))
617 hci_setup(hdev);
28b8df77
AE		 618
619done:
620 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 621}
622
623static void hci_setup_link_policy(struct hci_dev *hdev)
624{
035100c8 625 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 626 u16 link_policy = 0;
627
9f92ebf6 628 if (lmp_rswitch_capable(hdev))
d5859e22
JH		 629 link_policy |= HCI_LP_RSWITCH;
630 if (hdev->features[0] & LMP_HOLD)
631 link_policy |= HCI_LP_HOLD;
6eded100 632 if (lmp_sniff_capable(hdev))
d5859e22
JH		 633 link_policy |= HCI_LP_SNIFF;
634 if (hdev->features[1] & LMP_PARK)
635 link_policy |= HCI_LP_PARK;
636
035100c8
AE		 637 cp.policy = cpu_to_le16(link_policy);
638 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 639}
1da177e4 640
8fc9ced3
GP		 641static void hci_cc_read_local_commands(struct hci_dev *hdev,
642 struct sk_buff *skb)
a9de9248
MH		 643{
644 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 645
9f1db00c 646 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 647
a9de9248 648 if (rp->status)
d5859e22 649 goto done;
1da177e4 650
a9de9248 651 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 652
653 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
654 hci_setup_link_policy(hdev);
655
656done:
657 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 658}
1da177e4 659
8fc9ced3
GP		 660static void hci_cc_read_local_features(struct hci_dev *hdev,
661 struct sk_buff *skb)
a9de9248
MH		 662{
663 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 664
9f1db00c 665 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 666
a9de9248
MH		 667 if (rp->status)
668 return;
5b7f9909 669
a9de9248 670 memcpy(hdev->features, rp->features, 8);
5b7f9909 671
a9de9248
MH		 672 /* Adjust default settings according to features
673 * supported by device. */
1da177e4 674
a9de9248
MH		 675 if (hdev->features[0] & LMP_3SLOT)
676 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 677
a9de9248
MH		 678 if (hdev->features[0] & LMP_5SLOT)
679 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 680
a9de9248
MH		 681 if (hdev->features[1] & LMP_HV2) {
682 hdev->pkt_type |= (HCI_HV2);
683 hdev->esco_type |= (ESCO_HV2);
684 }
1da177e4 685
a9de9248
MH		 686 if (hdev->features[1] & LMP_HV3) {
687 hdev->pkt_type |= (HCI_HV3);
688 hdev->esco_type |= (ESCO_HV3);
689 }
1da177e4 690
45db810f 691 if (lmp_esco_capable(hdev))
a9de9248 692 hdev->esco_type |= (ESCO_EV3);
da1f5198 693
a9de9248
MH		 694 if (hdev->features[4] & LMP_EV4)
695 hdev->esco_type |= (ESCO_EV4);
da1f5198 696
a9de9248
MH		 697 if (hdev->features[4] & LMP_EV5)
698 hdev->esco_type |= (ESCO_EV5);
1da177e4 699
efc7688b
MH		 700 if (hdev->features[5] & LMP_EDR_ESCO_2M)
701 hdev->esco_type |= (ESCO_2EV3);
702
703 if (hdev->features[5] & LMP_EDR_ESCO_3M)
704 hdev->esco_type |= (ESCO_3EV3);
705
706 if (hdev->features[5] & LMP_EDR_3S_ESCO)
707 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
708
a9de9248 709 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 710 hdev->features[0], hdev->features[1],
711 hdev->features[2], hdev->features[3],
712 hdev->features[4], hdev->features[5],
713 hdev->features[6], hdev->features[7]);
a9de9248 714}
1da177e4 715
8f984dfa
JH		 716static void hci_set_le_support(struct hci_dev *hdev)
717{
718 struct hci_cp_write_le_host_supported cp;
719
720 memset(&cp, 0, sizeof(cp));
721
9d42820f 722 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 723 cp.le = 1;
724 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
725 }
726
727 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 728 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
729 &cp);
8f984dfa
JH		 730}
731
971e3a4b 732static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 733 struct sk_buff *skb)
971e3a4b
AG		 734{
735 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
736
9f1db00c 737 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 738
739 if (rp->status)
8f984dfa 740 goto done;
971e3a4b 741
b5b32b65
AG		 742 switch (rp->page) {
743 case 0:
744 memcpy(hdev->features, rp->features, 8);
745 break;
746 case 1:
747 memcpy(hdev->host_features, rp->features, 8);
748 break;
749 }
971e3a4b 750
c383ddc4 751 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 752 hci_set_le_support(hdev);
753
754done:
971e3a4b
AG		 755 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
756}
757
1e89cffb 758static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 759 struct sk_buff *skb)
1e89cffb
AE		 760{
761 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
762
9f1db00c 763 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 764
765 if (rp->status)
766 return;
767
768 hdev->flow_ctl_mode = rp->mode;
769
770 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
771}
772
a9de9248
MH		 773static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
774{
775 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 776
9f1db00c 777 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 778
a9de9248
MH		 779 if (rp->status)
780 return;
1da177e4 781
a9de9248
MH		 782 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
783 hdev->sco_mtu = rp->sco_mtu;
784 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
785 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
786
787 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
788 hdev->sco_mtu = 64;
789 hdev->sco_pkts = 8;
1da177e4 790 }
a9de9248
MH		 791
792 hdev->acl_cnt = hdev->acl_pkts;
793 hdev->sco_cnt = hdev->sco_pkts;
794
807deac2
GP		 795 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
796 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 797}
798
799static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
800{
801 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
802
9f1db00c 803 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 804
805 if (!rp->status)
806 bacpy(&hdev->bdaddr, &rp->bdaddr);
807
23bb5763
JH		 808 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
809}
810
350ee4cf 811static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 812 struct sk_buff *skb)
350ee4cf
AE		 813{
814 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
815
9f1db00c 816 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 817
818 if (rp->status)
819 return;
820
821 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
822 hdev->block_len = __le16_to_cpu(rp->block_len);
823 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
824
825 hdev->block_cnt = hdev->num_blocks;
826
827 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 828 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 829
830 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
831}
832
23bb5763
JH		 833static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
834{
835 __u8 status = *((__u8 *) skb->data);
836
9f1db00c 837 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 838
839 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 840}
841
928abaa7 842static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 843 struct sk_buff *skb)
928abaa7
AE		 844{
845 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
846
9f1db00c 847 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 848
849 if (rp->status)
8e2a0d92 850 goto a2mp_rsp;
928abaa7
AE		 851
852 hdev->amp_status = rp->amp_status;
853 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
854 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
855 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
856 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
857 hdev->amp_type = rp->amp_type;
858 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
859 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
860 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
861 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
862
863 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 864
865a2mp_rsp:
866 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 867}
868
b0916ea0 869static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 870 struct sk_buff *skb)
b0916ea0
JH		 871{
872 __u8 status = *((__u8 *) skb->data);
873
9f1db00c 874 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 875
876 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
877}
878
d5859e22
JH		 879static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
880{
881 __u8 status = *((__u8 *) skb->data);
882
9f1db00c 883 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 884
885 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
886}
887
888static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 889 struct sk_buff *skb)
d5859e22
JH		 890{
891 __u8 status = *((__u8 *) skb->data);
892
9f1db00c 893 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 894
895 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
896}
897
898static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 899 struct sk_buff *skb)
d5859e22 900{
91c4e9b1 901 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 902
9f1db00c 903 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 904
905 if (!rp->status)
906 hdev->inq_tx_power = rp->tx_power;
d5859e22 907
91c4e9b1 908 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 909}
910
911static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
912{
913 __u8 status = *((__u8 *) skb->data);
914
9f1db00c 915 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 916
917 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
918}
919
980e1a53
JH		 920static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
921{
922 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
923 struct hci_cp_pin_code_reply *cp;
924 struct hci_conn *conn;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 927
56e5cb86
JH		 928 hci_dev_lock(hdev);
929
a8b2d5c2 930 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 931 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 932
fa1bd918 933 if (rp->status)
56e5cb86 934 goto unlock;
980e1a53
JH		 935
936 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
937 if (!cp)
56e5cb86 938 goto unlock;
980e1a53
JH		 939
940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
941 if (conn)
942 conn->pin_length = cp->pin_len;
56e5cb86
JH		 943
944unlock:
945 hci_dev_unlock(hdev);
980e1a53
JH		 946}
947
948static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
949{
950 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
951
9f1db00c 952 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 953
56e5cb86
JH		 954 hci_dev_lock(hdev);
955
a8b2d5c2 956 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 957 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 958 rp->status);
56e5cb86
JH		 959
960 hci_dev_unlock(hdev);
980e1a53 961}
56e5cb86 962
6ed58ec5
VT		 963static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
964 struct sk_buff *skb)
965{
966 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
967
9f1db00c 968 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 969
970 if (rp->status)
971 return;
972
973 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
974 hdev->le_pkts = rp->le_max_pkt;
975
976 hdev->le_cnt = hdev->le_pkts;
977
978 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
979
980 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
981}
980e1a53 982
a5c29683
JH		 983static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
984{
985 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
986
9f1db00c 987 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 988
56e5cb86
JH		 989 hci_dev_lock(hdev);
990
a8b2d5c2 991 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 992 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
993 rp->status);
56e5cb86
JH		 994
995 hci_dev_unlock(hdev);
a5c29683
JH		 996}
997
998static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 999 struct sk_buff *skb)
a5c29683
JH		 1000{
1001 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1002
9f1db00c 1003 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1004
56e5cb86
JH		 1005 hci_dev_lock(hdev);
1006
a8b2d5c2 1007 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1008 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1009 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1010
1011 hci_dev_unlock(hdev);
a5c29683
JH		 1012}
1013
1143d458
BG		 1014static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1015{
1016 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1017
9f1db00c 1018 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1019
1020 hci_dev_lock(hdev);
1021
a8b2d5c2 1022 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1023 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1024 0, rp->status);
1143d458
BG		 1025
1026 hci_dev_unlock(hdev);
1027}
1028
1029static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1030 struct sk_buff *skb)
1143d458
BG		 1031{
1032 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1033
9f1db00c 1034 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1035
1036 hci_dev_lock(hdev);
1037
a8b2d5c2 1038 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1039 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1040 ACL_LINK, 0, rp->status);
1143d458
BG		 1041
1042 hci_dev_unlock(hdev);
1043}
1044
c35938b2 1045static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1046 struct sk_buff *skb)
c35938b2
SJ		 1047{
1048 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1049
9f1db00c 1050 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1051
56e5cb86 1052 hci_dev_lock(hdev);
744cf19e 1053 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1054 rp->randomizer, rp->status);
56e5cb86 1055 hci_dev_unlock(hdev);
c35938b2
SJ		 1056}
1057
07f7fa5d
AG		 1058static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1059{
1060 __u8 status = *((__u8 *) skb->data);
1061
9f1db00c 1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1063
1064 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1065
1066 if (status) {
1067 hci_dev_lock(hdev);
1068 mgmt_start_discovery_failed(hdev, status);
1069 hci_dev_unlock(hdev);
1070 return;
1071 }
07f7fa5d
AG		 1072}
1073
eb9d91f5 1074static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1075 struct sk_buff *skb)
eb9d91f5
AG		 1076{
1077 struct hci_cp_le_set_scan_enable *cp;
1078 __u8 status = *((__u8 *) skb->data);
1079
9f1db00c 1080 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1081
eb9d91f5
AG		 1082 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1083 if (!cp)
1084 return;
1085
68a8aea4
AE		 1086 switch (cp->enable) {
1087 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1088 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1089
3fd24153
AG		 1090 if (status) {
1091 hci_dev_lock(hdev);
1092 mgmt_start_discovery_failed(hdev, status);
1093 hci_dev_unlock(hdev);
7ba8b4be 1094 return;
3fd24153 1095 }
7ba8b4be 1096
d23264a8
AG		 1097 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1098
a8f13c8c 1099 hci_dev_lock(hdev);
343f935b 1100 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1101 hci_dev_unlock(hdev);
68a8aea4
AE		 1102 break;
1103
1104 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1105 if (status) {
1106 hci_dev_lock(hdev);
1107 mgmt_stop_discovery_failed(hdev, status);
1108 hci_dev_unlock(hdev);
7ba8b4be 1109 return;
c9ecc48e 1110 }
7ba8b4be 1111
d23264a8
AG		 1112 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1113
bc3dd33c
AG		 1114 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1115 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1116 mgmt_interleaved_discovery(hdev);
1117 } else {
1118 hci_dev_lock(hdev);
1119 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1120 hci_dev_unlock(hdev);
1121 }
1122
68a8aea4
AE		 1123 break;
1124
1125 default:
1126 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1127 break;
35815085 1128 }
eb9d91f5
AG		 1129}
1130
a7a595f6
VCG		 1131static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1132{
1133 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1134
9f1db00c 1135 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1136
1137 if (rp->status)
1138 return;
1139
1140 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1141}
1142
1143static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1144{
1145 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1146
9f1db00c 1147 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1148
1149 if (rp->status)
1150 return;
1151
1152 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1153}
1154
6039aa73
GP		 1155static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1156 struct sk_buff *skb)
f9b49306 1157{
06199cf8 1158 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1159 __u8 status = *((__u8 *) skb->data);
1160
9f1db00c 1161 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1162
06199cf8 1163 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1164 if (!sent)
f9b49306
AG		 1165 return;
1166
8f984dfa
JH		 1167 if (!status) {
1168 if (sent->le)
1169 hdev->host_features[0] |= LMP_HOST_LE;
1170 else
1171 hdev->host_features[0] &= ~LMP_HOST_LE;
1172 }
1173
1174 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1175 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1176 mgmt_le_enable_complete(hdev, sent->le, status);
1177
1178 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1179}
1180
6039aa73 1181static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1182{
9f1db00c 1183 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1184
1185 if (status) {
23bb5763 1186 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1187 hci_conn_check_pending(hdev);
56e5cb86 1188 hci_dev_lock(hdev);
a8b2d5c2 1189 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1190 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1191 hci_dev_unlock(hdev);
314b2381
JH		 1192 return;
1193 }
1194
89352e7d
AG		 1195 set_bit(HCI_INQUIRY, &hdev->flags);
1196
56e5cb86 1197 hci_dev_lock(hdev);
343f935b 1198 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1199 hci_dev_unlock(hdev);
1da177e4
LT		 1200}
1201
6039aa73 1202static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1203{
a9de9248 1204 struct hci_cp_create_conn *cp;
1da177e4 1205 struct hci_conn *conn;
1da177e4 1206
9f1db00c 1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1208
1209 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1210 if (!cp)
1211 return;
1212
1213 hci_dev_lock(hdev);
1214
1215 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1216
9f1db00c 1217 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1218
1219 if (status) {
1220 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1221 if (status != 0x0c || conn->attempt > 2) {
1222 conn->state = BT_CLOSED;
1223 hci_proto_connect_cfm(conn, status);
1224 hci_conn_del(conn);
1225 } else
1226 conn->state = BT_CONNECT2;
1da177e4
LT		 1227 }
1228 } else {
1229 if (!conn) {
1230 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1231 if (conn) {
a0c808b3 1232 conn->out = true;
1da177e4
LT		 1233 conn->link_mode |= HCI_LM_MASTER;
1234 } else
893ef971 1235 BT_ERR("No memory for new connection");
1da177e4
LT		 1236 }
1237 }
1238
1239 hci_dev_unlock(hdev);
1240}
1241
a9de9248 1242static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1243{
a9de9248
MH		 1244 struct hci_cp_add_sco *cp;
1245 struct hci_conn *acl, *sco;
1246 __u16 handle;
1da177e4 1247
9f1db00c 1248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1249
a9de9248
MH		 1250 if (!status)
1251 return;
1da177e4 1252
a9de9248
MH		 1253 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1254 if (!cp)
1255 return;
1da177e4 1256
a9de9248 1257 handle = __le16_to_cpu(cp->handle);
1da177e4 1258
9f1db00c 1259 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1260
a9de9248 1261 hci_dev_lock(hdev);
1da177e4 1262
a9de9248 1263 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1264 if (acl) {
1265 sco = acl->link;
1266 if (sco) {
1267 sco->state = BT_CLOSED;
1da177e4 1268
5a08ecce
AE		 1269 hci_proto_connect_cfm(sco, status);
1270 hci_conn_del(sco);
1271 }
a9de9248 1272 }
1da177e4 1273
a9de9248
MH		 1274 hci_dev_unlock(hdev);
1275}
1da177e4 1276
f8558555
MH		 1277static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1278{
1279 struct hci_cp_auth_requested *cp;
1280 struct hci_conn *conn;
1281
9f1db00c 1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1283
1284 if (!status)
1285 return;
1286
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1288 if (!cp)
1289 return;
1290
1291 hci_dev_lock(hdev);
1292
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1294 if (conn) {
1295 if (conn->state == BT_CONFIG) {
1296 hci_proto_connect_cfm(conn, status);
1297 hci_conn_put(conn);
1298 }
1299 }
1300
1301 hci_dev_unlock(hdev);
1302}
1303
1304static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1305{
1306 struct hci_cp_set_conn_encrypt *cp;
1307 struct hci_conn *conn;
1308
9f1db00c 1309 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1310
1311 if (!status)
1312 return;
1313
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1315 if (!cp)
1316 return;
1317
1318 hci_dev_lock(hdev);
1319
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321 if (conn) {
1322 if (conn->state == BT_CONFIG) {
1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_put(conn);
1325 }
1326 }
1327
1328 hci_dev_unlock(hdev);
1329}
1330
127178d2 1331static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1332 struct hci_conn *conn)
392599b9 1333{
392599b9
JH		 1334 if (conn->state != BT_CONFIG || !conn->out)
1335 return 0;
1336
765c2a96 1337 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1338 return 0;
1339
1340 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1341 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1342 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1343 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1344 return 0;
1345
392599b9
JH		 1346 return 1;
1347}
1348
6039aa73 1349static int hci_resolve_name(struct hci_dev *hdev,
04124681 1350 struct inquiry_entry *e)
30dc78e1
JH		 1351{
1352 struct hci_cp_remote_name_req cp;
1353
1354 memset(&cp, 0, sizeof(cp));
1355
1356 bacpy(&cp.bdaddr, &e->data.bdaddr);
1357 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1358 cp.pscan_mode = e->data.pscan_mode;
1359 cp.clock_offset = e->data.clock_offset;
1360
1361 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1362}
1363
b644ba33 1364static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1365{
1366 struct discovery_state *discov = &hdev->discovery;
1367 struct inquiry_entry *e;
1368
b644ba33
JH		 1369 if (list_empty(&discov->resolve))
1370 return false;
1371
1372 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1373 if (!e)
1374 return false;
1375
b644ba33
JH		 1376 if (hci_resolve_name(hdev, e) == 0) {
1377 e->name_state = NAME_PENDING;
1378 return true;
1379 }
1380
1381 return false;
1382}
1383
1384static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1385 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1386{
1387 struct discovery_state *discov = &hdev->discovery;
1388 struct inquiry_entry *e;
1389
1390 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1391 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1392 name_len, conn->dev_class);
b644ba33
JH		 1393
1394 if (discov->state == DISCOVERY_STOPPED)
1395 return;
1396
30dc78e1
JH		 1397 if (discov->state == DISCOVERY_STOPPING)
1398 goto discov_complete;
1399
1400 if (discov->state != DISCOVERY_RESOLVING)
1401 return;
1402
1403 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1404 /* If the device was not found in a list of found devices names of which
1405 * are pending. there is no need to continue resolving a next name as it
1406 * will be done upon receiving another Remote Name Request Complete
1407 * Event */
1408 if (!e)
1409 return;
1410
1411 list_del(&e->list);
1412 if (name) {
30dc78e1 1413 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1414 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1415 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1416 } else {
1417 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1418 }
1419
b644ba33 1420 if (hci_resolve_next_name(hdev))
30dc78e1 1421 return;
30dc78e1
JH		 1422
1423discov_complete:
1424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1425}
1426
a9de9248
MH		 1427static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1428{
127178d2
JH		 1429 struct hci_cp_remote_name_req *cp;
1430 struct hci_conn *conn;
1431
9f1db00c 1432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1433
1434 /* If successful wait for the name req complete event before
1435 * checking for the need to do authentication */
1436 if (!status)
1437 return;
1438
1439 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1440 if (!cp)
1441 return;
1442
1443 hci_dev_lock(hdev);
1444
b644ba33
JH		 1445 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1446
a8b2d5c2 1447 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1448 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1449
79c6c70c
JH		 1450 if (!conn)
1451 goto unlock;
1452
1453 if (!hci_outgoing_auth_needed(hdev, conn))
1454 goto unlock;
1455
51a8efd7 1456 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1457 struct hci_cp_auth_requested cp;
1458 cp.handle = __cpu_to_le16(conn->handle);
1459 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1460 }
1461
79c6c70c 1462unlock:
127178d2 1463 hci_dev_unlock(hdev);
a9de9248 1464}
1da177e4 1465
769be974
MH		 1466static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1467{
1468 struct hci_cp_read_remote_features *cp;
1469 struct hci_conn *conn;
1470
9f1db00c 1471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1472
1473 if (!status)
1474 return;
1475
1476 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1477 if (!cp)
1478 return;
1479
1480 hci_dev_lock(hdev);
1481
1482 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1483 if (conn) {
1484 if (conn->state == BT_CONFIG) {
769be974
MH		 1485 hci_proto_connect_cfm(conn, status);
1486 hci_conn_put(conn);
1487 }
1488 }
1489
1490 hci_dev_unlock(hdev);
1491}
1492
1493static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1494{
1495 struct hci_cp_read_remote_ext_features *cp;
1496 struct hci_conn *conn;
1497
9f1db00c 1498 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1499
1500 if (!status)
1501 return;
1502
1503 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1504 if (!cp)
1505 return;
1506
1507 hci_dev_lock(hdev);
1508
1509 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1510 if (conn) {
1511 if (conn->state == BT_CONFIG) {
769be974
MH		 1512 hci_proto_connect_cfm(conn, status);
1513 hci_conn_put(conn);
1514 }
1515 }
1516
1517 hci_dev_unlock(hdev);
1518}
1519
a9de9248
MH		 1520static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1521{
b6a0dc82
MH		 1522 struct hci_cp_setup_sync_conn *cp;
1523 struct hci_conn *acl, *sco;
1524 __u16 handle;
1525
9f1db00c 1526 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1527
1528 if (!status)
1529 return;
1530
1531 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1532 if (!cp)
1533 return;
1534
1535 handle = __le16_to_cpu(cp->handle);
1536
9f1db00c 1537 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1538
1539 hci_dev_lock(hdev);
1540
1541 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1542 if (acl) {
1543 sco = acl->link;
1544 if (sco) {
1545 sco->state = BT_CLOSED;
b6a0dc82 1546
5a08ecce
AE		 1547 hci_proto_connect_cfm(sco, status);
1548 hci_conn_del(sco);
1549 }
b6a0dc82
MH		 1550 }
1551
1552 hci_dev_unlock(hdev);
1da177e4
LT		 1553}
1554
a9de9248 1555static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1556{
a9de9248
MH		 1557 struct hci_cp_sniff_mode *cp;
1558 struct hci_conn *conn;
1da177e4 1559
9f1db00c 1560 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1561
a9de9248
MH		 1562 if (!status)
1563 return;
04837f64 1564
a9de9248
MH		 1565 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1566 if (!cp)
1567 return;
04837f64 1568
a9de9248 1569 hci_dev_lock(hdev);
04837f64 1570
a9de9248 1571 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1572 if (conn) {
51a8efd7 1573 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1574
51a8efd7 1575 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1576 hci_sco_setup(conn, status);
1577 }
1578
a9de9248
MH		 1579 hci_dev_unlock(hdev);
1580}
04837f64 1581
a9de9248
MH		 1582static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1583{
1584 struct hci_cp_exit_sniff_mode *cp;
1585 struct hci_conn *conn;
04837f64 1586
9f1db00c 1587 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1588
a9de9248
MH		 1589 if (!status)
1590 return;
04837f64 1591
a9de9248
MH		 1592 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1593 if (!cp)
1594 return;
04837f64 1595
a9de9248 1596 hci_dev_lock(hdev);
1da177e4 1597
a9de9248 1598 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1599 if (conn) {
51a8efd7 1600 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1601
51a8efd7 1602 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1603 hci_sco_setup(conn, status);
1604 }
1605
a9de9248 1606 hci_dev_unlock(hdev);
1da177e4
LT		 1607}
1608
88c3df13
JH		 1609static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1610{
1611 struct hci_cp_disconnect *cp;
1612 struct hci_conn *conn;
1613
1614 if (!status)
1615 return;
1616
1617 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1618 if (!cp)
1619 return;
1620
1621 hci_dev_lock(hdev);
1622
1623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1624 if (conn)
1625 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1626 conn->dst_type, status);
88c3df13
JH		 1627
1628 hci_dev_unlock(hdev);
1629}
1630
fcd89c09
VT		 1631static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1632{
fcd89c09
VT		 1633 struct hci_conn *conn;
1634
9f1db00c 1635 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1636
f00a06ac
AG		 1637 if (status) {
1638 hci_dev_lock(hdev);
fcd89c09 1639
0c95ab78 1640 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1641 if (!conn) {
1642 hci_dev_unlock(hdev);
1643 return;
1644 }
fcd89c09 1645
0c95ab78 1646 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
f00a06ac 1647 conn);
fcd89c09 1648
f00a06ac 1649 conn->state = BT_CLOSED;
0c95ab78 1650 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1651 conn->dst_type, status);
1652 hci_proto_connect_cfm(conn, status);
1653 hci_conn_del(conn);
fcd89c09 1654
f00a06ac
AG		 1655 hci_dev_unlock(hdev);
1656 }
fcd89c09
VT		 1657}
1658
a7a595f6
VCG		 1659static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1660{
9f1db00c 1661 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1662}
1663
6039aa73 1664static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1665{
1666 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1667 struct discovery_state *discov = &hdev->discovery;
1668 struct inquiry_entry *e;
1da177e4 1669
9f1db00c 1670 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1671
23bb5763 1672 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1673
a9de9248 1674 hci_conn_check_pending(hdev);
89352e7d
AG		 1675
1676 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1677 return;
1678
a8b2d5c2 1679 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1680 return;
1681
56e5cb86 1682 hci_dev_lock(hdev);
30dc78e1 1683
343f935b 1684 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1685 goto unlock;
1686
1687 if (list_empty(&discov->resolve)) {
1688 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1689 goto unlock;
1690 }
1691
1692 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1693 if (e && hci_resolve_name(hdev, e) == 0) {
1694 e->name_state = NAME_PENDING;
1695 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1696 } else {
1697 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1698 }
1699
1700unlock:
56e5cb86 1701 hci_dev_unlock(hdev);
1da177e4
LT		 1702}
1703
6039aa73 1704static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1705{
45bb4bf0 1706 struct inquiry_data data;
a9de9248 1707 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1708 int num_rsp = *((__u8 *) skb->data);
1709
1710 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1711
45bb4bf0
MH		 1712 if (!num_rsp)
1713 return;
1714
1519cc17
AG		 1715 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1716 return;
1717
1da177e4 1718 hci_dev_lock(hdev);
45bb4bf0 1719
e17acd40 1720 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1721 bool name_known, ssp;
3175405b 1722
1da177e4
LT		 1723 bacpy(&data.bdaddr, &info->bdaddr);
1724 data.pscan_rep_mode = info->pscan_rep_mode;
1725 data.pscan_period_mode = info->pscan_period_mode;
1726 data.pscan_mode = info->pscan_mode;
1727 memcpy(data.dev_class, info->dev_class, 3);
1728 data.clock_offset = info->clock_offset;
1729 data.rssi = 0x00;
41a96212 1730 data.ssp_mode = 0x00;
3175405b 1731
388fc8fa 1732 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1733 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1734 info->dev_class, 0, !name_known, ssp, NULL,
1735 0);
1da177e4 1736 }
45bb4bf0 1737
1da177e4
LT		 1738 hci_dev_unlock(hdev);
1739}
1740
6039aa73 1741static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1742{
a9de9248
MH		 1743 struct hci_ev_conn_complete *ev = (void *) skb->data;
1744 struct hci_conn *conn;
1da177e4
LT		 1745
1746 BT_DBG("%s", hdev->name);
1747
1748 hci_dev_lock(hdev);
1749
1750 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1751 if (!conn) {
1752 if (ev->link_type != SCO_LINK)
1753 goto unlock;
1754
1755 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1756 if (!conn)
1757 goto unlock;
1758
1759 conn->type = SCO_LINK;
1760 }
1da177e4
LT		 1761
1762 if (!ev->status) {
1763 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1764
1765 if (conn->type == ACL_LINK) {
1766 conn->state = BT_CONFIG;
1767 hci_conn_hold(conn);
a9ea3ed9
SJ		 1768
1769 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1770 !hci_find_link_key(hdev, &ev->bdaddr))
1771 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1772 else
1773 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1774 } else
1775 conn->state = BT_CONNECTED;
1da177e4 1776
9eba32b8 1777 hci_conn_hold_device(conn);
7d0db0a3
MH		 1778 hci_conn_add_sysfs(conn);
1779
1da177e4
LT		 1780 if (test_bit(HCI_AUTH, &hdev->flags))
1781 conn->link_mode |= HCI_LM_AUTH;
1782
1783 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1784 conn->link_mode |= HCI_LM_ENCRYPT;
1785
04837f64
MH		 1786 /* Get remote features */
1787 if (conn->type == ACL_LINK) {
1788 struct hci_cp_read_remote_features cp;
1789 cp.handle = ev->handle;
769be974 1790 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1791 sizeof(cp), &cp);
04837f64
MH		 1792 }
1793
1da177e4 1794 /* Set packet type for incoming connection */
d095c1eb 1795 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1796 struct hci_cp_change_conn_ptype cp;
1797 cp.handle = ev->handle;
a8746417 1798 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1799 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1800 &cp);
1da177e4 1801 }
17d5c04c 1802 } else {
1da177e4 1803 conn->state = BT_CLOSED;
17d5c04c 1804 if (conn->type == ACL_LINK)
744cf19e 1805 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1806 conn->dst_type, ev->status);
17d5c04c 1807 }
1da177e4 1808
e73439d8
MH		 1809 if (conn->type == ACL_LINK)
1810 hci_sco_setup(conn, ev->status);
1da177e4 1811
769be974
MH		 1812 if (ev->status) {
1813 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1814 hci_conn_del(conn);
c89b6e6b
MH		 1815 } else if (ev->link_type != ACL_LINK)
1816 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1817
a9de9248 1818unlock:
1da177e4 1819 hci_dev_unlock(hdev);
1da177e4 1820
a9de9248 1821 hci_conn_check_pending(hdev);
1da177e4
LT		 1822}
1823
6039aa73 1824static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1825{
a9de9248
MH		 1826 struct hci_ev_conn_request *ev = (void *) skb->data;
1827 int mask = hdev->link_mode;
1da177e4 1828
807deac2
GP		 1829 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1830 ev->link_type);
1da177e4 1831
a9de9248 1832 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1833
138d22ef 1834 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1835 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1836 /* Connection accepted */
c7bdd502 1837 struct inquiry_entry *ie;
1da177e4 1838 struct hci_conn *conn;
1da177e4 1839
a9de9248 1840 hci_dev_lock(hdev);
b6a0dc82 1841
cc11b9c1
AE		 1842 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1843 if (ie)
c7bdd502
MH		 1844 memcpy(ie->data.dev_class, ev->dev_class, 3);
1845
8fc9ced3
GP		 1846 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1847 &ev->bdaddr);
a9de9248 1848 if (!conn) {
cc11b9c1
AE		 1849 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1850 if (!conn) {
893ef971 1851 BT_ERR("No memory for new connection");
a9de9248
MH		 1852 hci_dev_unlock(hdev);
1853 return;
1da177e4
LT		 1854 }
1855 }
b6a0dc82 1856
a9de9248
MH		 1857 memcpy(conn->dev_class, ev->dev_class, 3);
1858 conn->state = BT_CONNECT;
b6a0dc82 1859
a9de9248 1860 hci_dev_unlock(hdev);
1da177e4 1861
b6a0dc82
MH		 1862 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1863 struct hci_cp_accept_conn_req cp;
1da177e4 1864
b6a0dc82
MH		 1865 bacpy(&cp.bdaddr, &ev->bdaddr);
1866
1867 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1868 cp.role = 0x00; /* Become master */
1869 else
1870 cp.role = 0x01; /* Remain slave */
1871
04124681
GP		 1872 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1873 &cp);
b6a0dc82
MH		 1874 } else {
1875 struct hci_cp_accept_sync_conn_req cp;
1876
1877 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1878 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1879
82781e63
AE		 1880 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1881 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1882 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1883 cp.content_format = cpu_to_le16(hdev->voice_setting);
1884 cp.retrans_effort = 0xff;
1da177e4 1885
b6a0dc82 1886 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1887 sizeof(cp), &cp);
b6a0dc82 1888 }
a9de9248
MH		 1889 } else {
1890 /* Connection rejected */
1891 struct hci_cp_reject_conn_req cp;
1da177e4 1892
a9de9248 1893 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1894 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1895 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1896 }
1da177e4
LT		 1897}
1898
f0d6a0ea
MA		 1899static u8 hci_to_mgmt_reason(u8 err)
1900{
1901 switch (err) {
1902 case HCI_ERROR_CONNECTION_TIMEOUT:
1903 return MGMT_DEV_DISCONN_TIMEOUT;
1904 case HCI_ERROR_REMOTE_USER_TERM:
1905 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1906 case HCI_ERROR_REMOTE_POWER_OFF:
1907 return MGMT_DEV_DISCONN_REMOTE;
1908 case HCI_ERROR_LOCAL_HOST_TERM:
1909 return MGMT_DEV_DISCONN_LOCAL_HOST;
1910 default:
1911 return MGMT_DEV_DISCONN_UNKNOWN;
1912 }
1913}
1914
6039aa73 1915static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1916{
a9de9248 1917 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1918 struct hci_conn *conn;
1919
9f1db00c 1920 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1921
1922 hci_dev_lock(hdev);
1923
1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1925 if (!conn)
1926 goto unlock;
7d0db0a3 1927
37d9ef76
JH		 1928 if (ev->status == 0)
1929 conn->state = BT_CLOSED;
04837f64 1930
b644ba33 1931 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1932 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1933 if (ev->status) {
88c3df13 1934 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1935 conn->dst_type, ev->status);
f0d6a0ea
MA		 1936 } else {
1937 u8 reason = hci_to_mgmt_reason(ev->reason);
1938
afc747a6 1939 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1940 conn->dst_type, reason);
1941 }
37d9ef76 1942 }
f7520543 1943
37d9ef76 1944 if (ev->status == 0) {
6ec5bcad
VA		 1945 if (conn->type == ACL_LINK && conn->flush_key)
1946 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1947 hci_proto_disconn_cfm(conn, ev->reason);
1948 hci_conn_del(conn);
1949 }
f7520543
JH		 1950
1951unlock:
04837f64
MH		 1952 hci_dev_unlock(hdev);
1953}
1954
6039aa73 1955static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1956{
a9de9248 1957 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1958 struct hci_conn *conn;
1da177e4 1959
9f1db00c 1960 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1961
1962 hci_dev_lock(hdev);
1963
04837f64 1964 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1965 if (!conn)
1966 goto unlock;
1967
1968 if (!ev->status) {
aa64a8b5 1969 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1970 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1971 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1972 } else {
d7556e20
WR		 1973 conn->link_mode |= HCI_LM_AUTH;
1974 conn->sec_level = conn->pending_sec_level;
2a611692 1975 }
d7556e20 1976 } else {
bab73cb6 1977 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1978 ev->status);
d7556e20 1979 }
1da177e4 1980
51a8efd7
JH		 1981 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1982 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1983
d7556e20 1984 if (conn->state == BT_CONFIG) {
aa64a8b5 1985 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1986 struct hci_cp_set_conn_encrypt cp;
1987 cp.handle = ev->handle;
1988 cp.encrypt = 0x01;
1989 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1990 &cp);
052b30b0 1991 } else {
d7556e20
WR		 1992 conn->state = BT_CONNECTED;
1993 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1994 hci_conn_put(conn);
1995 }
d7556e20
WR		 1996 } else {
1997 hci_auth_cfm(conn, ev->status);
052b30b0 1998
d7556e20
WR		 1999 hci_conn_hold(conn);
2000 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2001 hci_conn_put(conn);
2002 }
2003
51a8efd7 2004 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2005 if (!ev->status) {
2006 struct hci_cp_set_conn_encrypt cp;
2007 cp.handle = ev->handle;
2008 cp.encrypt = 0x01;
2009 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2010 &cp);
d7556e20 2011 } else {
51a8efd7 2012 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2013 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2014 }
2015 }
2016
d7556e20 2017unlock:
1da177e4
LT		 2018 hci_dev_unlock(hdev);
2019}
2020
6039aa73 2021static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2022{
127178d2
JH		 2023 struct hci_ev_remote_name *ev = (void *) skb->data;
2024 struct hci_conn *conn;
2025
a9de9248 2026 BT_DBG("%s", hdev->name);
1da177e4 2027
a9de9248 2028 hci_conn_check_pending(hdev);
127178d2
JH		 2029
2030 hci_dev_lock(hdev);
2031
b644ba33 2032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2033
b644ba33
JH		 2034 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2035 goto check_auth;
a88a9652 2036
b644ba33
JH		 2037 if (ev->status == 0)
2038 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2039 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2040 else
2041 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2042
2043check_auth:
79c6c70c
JH		 2044 if (!conn)
2045 goto unlock;
2046
2047 if (!hci_outgoing_auth_needed(hdev, conn))
2048 goto unlock;
2049
51a8efd7 2050 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2051 struct hci_cp_auth_requested cp;
2052 cp.handle = __cpu_to_le16(conn->handle);
2053 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2054 }
2055
79c6c70c 2056unlock:
127178d2 2057 hci_dev_unlock(hdev);
a9de9248
MH		 2058}
2059
6039aa73 2060static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2061{
2062 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2063 struct hci_conn *conn;
2064
9f1db00c 2065 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2066
2067 hci_dev_lock(hdev);
2068
04837f64 2069 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2070 if (conn) {
2071 if (!ev->status) {
ae293196
MH		 2072 if (ev->encrypt) {
2073 /* Encryption implies authentication */
2074 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2075 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2076 conn->sec_level = conn->pending_sec_level;
ae293196 2077 } else
1da177e4
LT		 2078 conn->link_mode &= ~HCI_LM_ENCRYPT;
2079 }
2080
51a8efd7 2081 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2082
a7d7723a 2083 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2084 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2085 hci_conn_put(conn);
2086 goto unlock;
2087 }
2088
f8558555
MH		 2089 if (conn->state == BT_CONFIG) {
2090 if (!ev->status)
2091 conn->state = BT_CONNECTED;
2092
2093 hci_proto_connect_cfm(conn, ev->status);
2094 hci_conn_put(conn);
2095 } else
2096 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2097 }
2098
a7d7723a 2099unlock:
1da177e4
LT		 2100 hci_dev_unlock(hdev);
2101}
2102
6039aa73
GP		 2103static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2104 struct sk_buff *skb)
1da177e4 2105{
a9de9248 2106 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2107 struct hci_conn *conn;
1da177e4 2108
9f1db00c 2109 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2110
2111 hci_dev_lock(hdev);
2112
04837f64 2113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2114 if (conn) {
2115 if (!ev->status)
2116 conn->link_mode |= HCI_LM_SECURE;
2117
51a8efd7 2118 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2119
2120 hci_key_change_cfm(conn, ev->status);
2121 }
2122
2123 hci_dev_unlock(hdev);
2124}
2125
6039aa73
GP		 2126static void hci_remote_features_evt(struct hci_dev *hdev,
2127 struct sk_buff *skb)
1da177e4 2128{
a9de9248
MH		 2129 struct hci_ev_remote_features *ev = (void *) skb->data;
2130 struct hci_conn *conn;
2131
9f1db00c 2132 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2133
a9de9248
MH		 2134 hci_dev_lock(hdev);
2135
2136 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2137 if (!conn)
2138 goto unlock;
769be974 2139
ccd556fe
JH		 2140 if (!ev->status)
2141 memcpy(conn->features, ev->features, 8);
2142
2143 if (conn->state != BT_CONFIG)
2144 goto unlock;
2145
2146 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2147 struct hci_cp_read_remote_ext_features cp;
2148 cp.handle = ev->handle;
2149 cp.page = 0x01;
2150 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2151 sizeof(cp), &cp);
392599b9
JH		 2152 goto unlock;
2153 }
2154
671267bf 2155 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2156 struct hci_cp_remote_name_req cp;
2157 memset(&cp, 0, sizeof(cp));
2158 bacpy(&cp.bdaddr, &conn->dst);
2159 cp.pscan_rep_mode = 0x02;
2160 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2161 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2162 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2163 conn->dst_type, 0, NULL, 0,
2164 conn->dev_class);
392599b9 2165
127178d2 2166 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2167 conn->state = BT_CONNECTED;
2168 hci_proto_connect_cfm(conn, ev->status);
2169 hci_conn_put(conn);
769be974 2170 }
a9de9248 2171
ccd556fe 2172unlock:
a9de9248 2173 hci_dev_unlock(hdev);
1da177e4
LT		 2174}
2175
6039aa73 2176static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2177{
a9de9248 2178 BT_DBG("%s", hdev->name);
1da177e4
LT		 2179}
2180
6039aa73
GP		 2181static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2182 struct sk_buff *skb)
1da177e4 2183{
a9de9248 2184 BT_DBG("%s", hdev->name);
1da177e4
LT		 2185}
2186
6039aa73 2187static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2188{
2189 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2190 __u16 opcode;
2191
2192 skb_pull(skb, sizeof(*ev));
2193
2194 opcode = __le16_to_cpu(ev->opcode);
2195
2196 switch (opcode) {
2197 case HCI_OP_INQUIRY_CANCEL:
2198 hci_cc_inquiry_cancel(hdev, skb);
2199 break;
2200
4d93483b
AG		 2201 case HCI_OP_PERIODIC_INQ:
2202 hci_cc_periodic_inq(hdev, skb);
2203 break;
2204
a9de9248
MH		 2205 case HCI_OP_EXIT_PERIODIC_INQ:
2206 hci_cc_exit_periodic_inq(hdev, skb);
2207 break;
2208
2209 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2210 hci_cc_remote_name_req_cancel(hdev, skb);
2211 break;
2212
2213 case HCI_OP_ROLE_DISCOVERY:
2214 hci_cc_role_discovery(hdev, skb);
2215 break;
2216
e4e8e37c
MH		 2217 case HCI_OP_READ_LINK_POLICY:
2218 hci_cc_read_link_policy(hdev, skb);
2219 break;
2220
a9de9248
MH		 2221 case HCI_OP_WRITE_LINK_POLICY:
2222 hci_cc_write_link_policy(hdev, skb);
2223 break;
2224
e4e8e37c
MH		 2225 case HCI_OP_READ_DEF_LINK_POLICY:
2226 hci_cc_read_def_link_policy(hdev, skb);
2227 break;
2228
2229 case HCI_OP_WRITE_DEF_LINK_POLICY:
2230 hci_cc_write_def_link_policy(hdev, skb);
2231 break;
2232
a9de9248
MH		 2233 case HCI_OP_RESET:
2234 hci_cc_reset(hdev, skb);
2235 break;
2236
2237 case HCI_OP_WRITE_LOCAL_NAME:
2238 hci_cc_write_local_name(hdev, skb);
2239 break;
2240
2241 case HCI_OP_READ_LOCAL_NAME:
2242 hci_cc_read_local_name(hdev, skb);
2243 break;
2244
2245 case HCI_OP_WRITE_AUTH_ENABLE:
2246 hci_cc_write_auth_enable(hdev, skb);
2247 break;
2248
2249 case HCI_OP_WRITE_ENCRYPT_MODE:
2250 hci_cc_write_encrypt_mode(hdev, skb);
2251 break;
2252
2253 case HCI_OP_WRITE_SCAN_ENABLE:
2254 hci_cc_write_scan_enable(hdev, skb);
2255 break;
2256
2257 case HCI_OP_READ_CLASS_OF_DEV:
2258 hci_cc_read_class_of_dev(hdev, skb);
2259 break;
2260
2261 case HCI_OP_WRITE_CLASS_OF_DEV:
2262 hci_cc_write_class_of_dev(hdev, skb);
2263 break;
2264
2265 case HCI_OP_READ_VOICE_SETTING:
2266 hci_cc_read_voice_setting(hdev, skb);
2267 break;
2268
2269 case HCI_OP_WRITE_VOICE_SETTING:
2270 hci_cc_write_voice_setting(hdev, skb);
2271 break;
2272
2273 case HCI_OP_HOST_BUFFER_SIZE:
2274 hci_cc_host_buffer_size(hdev, skb);
2275 break;
2276
333140b5
MH		 2277 case HCI_OP_WRITE_SSP_MODE:
2278 hci_cc_write_ssp_mode(hdev, skb);
2279 break;
2280
a9de9248
MH		 2281 case HCI_OP_READ_LOCAL_VERSION:
2282 hci_cc_read_local_version(hdev, skb);
2283 break;
2284
2285 case HCI_OP_READ_LOCAL_COMMANDS:
2286 hci_cc_read_local_commands(hdev, skb);
2287 break;
2288
2289 case HCI_OP_READ_LOCAL_FEATURES:
2290 hci_cc_read_local_features(hdev, skb);
2291 break;
2292
971e3a4b
AG		 2293 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2294 hci_cc_read_local_ext_features(hdev, skb);
2295 break;
2296
a9de9248
MH		 2297 case HCI_OP_READ_BUFFER_SIZE:
2298 hci_cc_read_buffer_size(hdev, skb);
2299 break;
2300
2301 case HCI_OP_READ_BD_ADDR:
2302 hci_cc_read_bd_addr(hdev, skb);
2303 break;
2304
350ee4cf
AE		 2305 case HCI_OP_READ_DATA_BLOCK_SIZE:
2306 hci_cc_read_data_block_size(hdev, skb);
2307 break;
2308
23bb5763
JH		 2309 case HCI_OP_WRITE_CA_TIMEOUT:
2310 hci_cc_write_ca_timeout(hdev, skb);
2311 break;
2312
1e89cffb
AE		 2313 case HCI_OP_READ_FLOW_CONTROL_MODE:
2314 hci_cc_read_flow_control_mode(hdev, skb);
2315 break;
2316
928abaa7
AE		 2317 case HCI_OP_READ_LOCAL_AMP_INFO:
2318 hci_cc_read_local_amp_info(hdev, skb);
2319 break;
2320
b0916ea0
JH		 2321 case HCI_OP_DELETE_STORED_LINK_KEY:
2322 hci_cc_delete_stored_link_key(hdev, skb);
2323 break;
2324
d5859e22
JH		 2325 case HCI_OP_SET_EVENT_MASK:
2326 hci_cc_set_event_mask(hdev, skb);
2327 break;
2328
2329 case HCI_OP_WRITE_INQUIRY_MODE:
2330 hci_cc_write_inquiry_mode(hdev, skb);
2331 break;
2332
2333 case HCI_OP_READ_INQ_RSP_TX_POWER:
2334 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2335 break;
2336
2337 case HCI_OP_SET_EVENT_FLT:
2338 hci_cc_set_event_flt(hdev, skb);
2339 break;
2340
980e1a53
JH		 2341 case HCI_OP_PIN_CODE_REPLY:
2342 hci_cc_pin_code_reply(hdev, skb);
2343 break;
2344
2345 case HCI_OP_PIN_CODE_NEG_REPLY:
2346 hci_cc_pin_code_neg_reply(hdev, skb);
2347 break;
2348
c35938b2
SJ		 2349 case HCI_OP_READ_LOCAL_OOB_DATA:
2350 hci_cc_read_local_oob_data_reply(hdev, skb);
2351 break;
2352
6ed58ec5
VT		 2353 case HCI_OP_LE_READ_BUFFER_SIZE:
2354 hci_cc_le_read_buffer_size(hdev, skb);
2355 break;
2356
a5c29683
JH		 2357 case HCI_OP_USER_CONFIRM_REPLY:
2358 hci_cc_user_confirm_reply(hdev, skb);
2359 break;
2360
2361 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2362 hci_cc_user_confirm_neg_reply(hdev, skb);
2363 break;
2364
1143d458
BG		 2365 case HCI_OP_USER_PASSKEY_REPLY:
2366 hci_cc_user_passkey_reply(hdev, skb);
2367 break;
2368
2369 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2370 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2371 break;
07f7fa5d
AG		 2372
2373 case HCI_OP_LE_SET_SCAN_PARAM:
2374 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2375 break;
2376
eb9d91f5
AG		 2377 case HCI_OP_LE_SET_SCAN_ENABLE:
2378 hci_cc_le_set_scan_enable(hdev, skb);
2379 break;
2380
a7a595f6
VCG		 2381 case HCI_OP_LE_LTK_REPLY:
2382 hci_cc_le_ltk_reply(hdev, skb);
2383 break;
2384
2385 case HCI_OP_LE_LTK_NEG_REPLY:
2386 hci_cc_le_ltk_neg_reply(hdev, skb);
2387 break;
2388
f9b49306
AG		 2389 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2390 hci_cc_write_le_host_supported(hdev, skb);
2391 break;
2392
a9de9248 2393 default:
9f1db00c 2394 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2395 break;
2396 }
2397
6bd32326
VT		 2398 if (ev->opcode != HCI_OP_NOP)
2399 del_timer(&hdev->cmd_timer);
2400
a9de9248
MH		 2401 if (ev->ncmd) {
2402 atomic_set(&hdev->cmd_cnt, 1);
2403 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2404 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2405 }
2406}
2407
6039aa73 2408static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2409{
2410 struct hci_ev_cmd_status *ev = (void *) skb->data;
2411 __u16 opcode;
2412
2413 skb_pull(skb, sizeof(*ev));
2414
2415 opcode = __le16_to_cpu(ev->opcode);
2416
2417 switch (opcode) {
2418 case HCI_OP_INQUIRY:
2419 hci_cs_inquiry(hdev, ev->status);
2420 break;
2421
2422 case HCI_OP_CREATE_CONN:
2423 hci_cs_create_conn(hdev, ev->status);
2424 break;
2425
2426 case HCI_OP_ADD_SCO:
2427 hci_cs_add_sco(hdev, ev->status);
2428 break;
2429
f8558555
MH		 2430 case HCI_OP_AUTH_REQUESTED:
2431 hci_cs_auth_requested(hdev, ev->status);
2432 break;
2433
2434 case HCI_OP_SET_CONN_ENCRYPT:
2435 hci_cs_set_conn_encrypt(hdev, ev->status);
2436 break;
2437
a9de9248
MH		 2438 case HCI_OP_REMOTE_NAME_REQ:
2439 hci_cs_remote_name_req(hdev, ev->status);
2440 break;
2441
769be974
MH		 2442 case HCI_OP_READ_REMOTE_FEATURES:
2443 hci_cs_read_remote_features(hdev, ev->status);
2444 break;
2445
2446 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2447 hci_cs_read_remote_ext_features(hdev, ev->status);
2448 break;
2449
a9de9248
MH		 2450 case HCI_OP_SETUP_SYNC_CONN:
2451 hci_cs_setup_sync_conn(hdev, ev->status);
2452 break;
2453
2454 case HCI_OP_SNIFF_MODE:
2455 hci_cs_sniff_mode(hdev, ev->status);
2456 break;
2457
2458 case HCI_OP_EXIT_SNIFF_MODE:
2459 hci_cs_exit_sniff_mode(hdev, ev->status);
2460 break;
2461
8962ee74 2462 case HCI_OP_DISCONNECT:
88c3df13 2463 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2464 break;
2465
fcd89c09
VT		 2466 case HCI_OP_LE_CREATE_CONN:
2467 hci_cs_le_create_conn(hdev, ev->status);
2468 break;
2469
a7a595f6
VCG		 2470 case HCI_OP_LE_START_ENC:
2471 hci_cs_le_start_enc(hdev, ev->status);
2472 break;
2473
a9de9248 2474 default:
9f1db00c 2475 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2476 break;
2477 }
2478
6bd32326
VT		 2479 if (ev->opcode != HCI_OP_NOP)
2480 del_timer(&hdev->cmd_timer);
2481
10572132 2482 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2483 atomic_set(&hdev->cmd_cnt, 1);
2484 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2485 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2486 }
2487}
2488
6039aa73 2489static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2490{
2491 struct hci_ev_role_change *ev = (void *) skb->data;
2492 struct hci_conn *conn;
2493
9f1db00c 2494 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2495
2496 hci_dev_lock(hdev);
2497
2498 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2499 if (conn) {
2500 if (!ev->status) {
2501 if (ev->role)
2502 conn->link_mode &= ~HCI_LM_MASTER;
2503 else
2504 conn->link_mode |= HCI_LM_MASTER;
2505 }
2506
51a8efd7 2507 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2508
2509 hci_role_switch_cfm(conn, ev->status, ev->role);
2510 }
2511
2512 hci_dev_unlock(hdev);
2513}
2514
6039aa73 2515static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2516{
2517 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2518 int i;
2519
32ac5b9b
AE		 2520 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2521 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2522 return;
2523 }
2524
c5993de8 2525 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2526 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2527 BT_DBG("%s bad parameters", hdev->name);
2528 return;
2529 }
2530
c5993de8
AE		 2531 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2532
613a1c0c
AE		 2533 for (i = 0; i < ev->num_hndl; i++) {
2534 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2535 struct hci_conn *conn;
2536 __u16 handle, count;
2537
613a1c0c
AE		 2538 handle = __le16_to_cpu(info->handle);
2539 count = __le16_to_cpu(info->count);
a9de9248
MH		 2540
2541 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2542 if (!conn)
2543 continue;
2544
2545 conn->sent -= count;
2546
2547 switch (conn->type) {
2548 case ACL_LINK:
2549 hdev->acl_cnt += count;
2550 if (hdev->acl_cnt > hdev->acl_pkts)
2551 hdev->acl_cnt = hdev->acl_pkts;
2552 break;
2553
2554 case LE_LINK:
2555 if (hdev->le_pkts) {
2556 hdev->le_cnt += count;
2557 if (hdev->le_cnt > hdev->le_pkts)
2558 hdev->le_cnt = hdev->le_pkts;
2559 } else {
70f23020
AE		 2560 hdev->acl_cnt += count;
2561 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2562 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2563 }
f4280918
AE		 2564 break;
2565
2566 case SCO_LINK:
2567 hdev->sco_cnt += count;
2568 if (hdev->sco_cnt > hdev->sco_pkts)
2569 hdev->sco_cnt = hdev->sco_pkts;
2570 break;
2571
2572 default:
2573 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2574 break;
a9de9248
MH		 2575 }
2576 }
2577
3eff45ea 2578 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2579}
2580
6039aa73 2581static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2582{
2583 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2584 int i;
2585
2586 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2587 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2588 return;
2589 }
2590
2591 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2592 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2593 BT_DBG("%s bad parameters", hdev->name);
2594 return;
2595 }
2596
2597 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2598 ev->num_hndl);
25e89e99
AE		 2599
2600 for (i = 0; i < ev->num_hndl; i++) {
2601 struct hci_comp_blocks_info *info = &ev->handles[i];
2602 struct hci_conn *conn;
2603 __u16 handle, block_count;
2604
2605 handle = __le16_to_cpu(info->handle);
2606 block_count = __le16_to_cpu(info->blocks);
2607
2608 conn = hci_conn_hash_lookup_handle(hdev, handle);
2609 if (!conn)
2610 continue;
2611
2612 conn->sent -= block_count;
2613
2614 switch (conn->type) {
2615 case ACL_LINK:
2616 hdev->block_cnt += block_count;
2617 if (hdev->block_cnt > hdev->num_blocks)
2618 hdev->block_cnt = hdev->num_blocks;
2619 break;
2620
2621 default:
2622 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2623 break;
2624 }
2625 }
2626
2627 queue_work(hdev->workqueue, &hdev->tx_work);
2628}
2629
6039aa73 2630static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2631{
a9de9248 2632 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2633 struct hci_conn *conn;
2634
9f1db00c 2635 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2636
2637 hci_dev_lock(hdev);
2638
2639 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2640 if (conn) {
2641 conn->mode = ev->mode;
2642 conn->interval = __le16_to_cpu(ev->interval);
2643
8fc9ced3
GP		 2644 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2645 &conn->flags)) {
a9de9248 2646 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2647 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2648 else
58a681ef 2649 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2650 }
e73439d8 2651
51a8efd7 2652 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2653 hci_sco_setup(conn, ev->status);
04837f64
MH		 2654 }
2655
2656 hci_dev_unlock(hdev);
2657}
2658
6039aa73 2659static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2660{
052b30b0
MH		 2661 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2662 struct hci_conn *conn;
2663
a9de9248 2664 BT_DBG("%s", hdev->name);
052b30b0
MH		 2665
2666 hci_dev_lock(hdev);
2667
2668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2669 if (!conn)
2670 goto unlock;
2671
2672 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2673 hci_conn_hold(conn);
2674 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2675 hci_conn_put(conn);
2676 }
2677
a8b2d5c2 2678 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2679 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2680 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2681 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2682 u8 secure;
2683
2684 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2685 secure = 1;
2686 else
2687 secure = 0;
2688
744cf19e 2689 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2690 }
980e1a53 2691
b6f98044 2692unlock:
052b30b0 2693 hci_dev_unlock(hdev);
a9de9248
MH		 2694}
2695
6039aa73 2696static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2697{
55ed8ca1
JH		 2698 struct hci_ev_link_key_req *ev = (void *) skb->data;
2699 struct hci_cp_link_key_reply cp;
2700 struct hci_conn *conn;
2701 struct link_key *key;
2702
a9de9248 2703 BT_DBG("%s", hdev->name);
55ed8ca1 2704
a8b2d5c2 2705 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2706 return;
2707
2708 hci_dev_lock(hdev);
2709
2710 key = hci_find_link_key(hdev, &ev->bdaddr);
2711 if (!key) {
2712 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2713 batostr(&ev->bdaddr));
55ed8ca1
JH		 2714 goto not_found;
2715 }
2716
2717 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2718 batostr(&ev->bdaddr));
55ed8ca1 2719
a8b2d5c2 2720 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2721 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2722 BT_DBG("%s ignoring debug key", hdev->name);
2723 goto not_found;
2724 }
2725
2726 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2727 if (conn) {
2728 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2729 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2730 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2731 goto not_found;
2732 }
55ed8ca1 2733
60b83f57 2734 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2735 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2736 BT_DBG("%s ignoring key unauthenticated for high security",
2737 hdev->name);
60b83f57
WR		 2738 goto not_found;
2739 }
2740
2741 conn->key_type = key->type;
2742 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2743 }
2744
2745 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2746 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2747
2748 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2749
2750 hci_dev_unlock(hdev);
2751
2752 return;
2753
2754not_found:
2755 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2756 hci_dev_unlock(hdev);
a9de9248
MH		 2757}
2758
6039aa73 2759static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2760{
052b30b0
MH		 2761 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2762 struct hci_conn *conn;
55ed8ca1 2763 u8 pin_len = 0;
052b30b0 2764
a9de9248 2765 BT_DBG("%s", hdev->name);
052b30b0
MH		 2766
2767 hci_dev_lock(hdev);
2768
2769 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2770 if (conn) {
2771 hci_conn_hold(conn);
2772 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2773 pin_len = conn->pin_length;
13d39315
WR		 2774
2775 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2776 conn->key_type = ev->key_type;
2777
052b30b0
MH		 2778 hci_conn_put(conn);
2779 }
2780
a8b2d5c2 2781 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2782 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2783 ev->key_type, pin_len);
55ed8ca1 2784
052b30b0 2785 hci_dev_unlock(hdev);
a9de9248
MH		 2786}
2787
6039aa73 2788static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2789{
a9de9248 2790 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2791 struct hci_conn *conn;
1da177e4 2792
9f1db00c 2793 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2794
2795 hci_dev_lock(hdev);
2796
04837f64 2797 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2798 if (conn && !ev->status) {
2799 struct inquiry_entry *ie;
2800
cc11b9c1
AE		 2801 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2802 if (ie) {
1da177e4
LT		 2803 ie->data.clock_offset = ev->clock_offset;
2804 ie->timestamp = jiffies;
2805 }
2806 }
2807
2808 hci_dev_unlock(hdev);
2809}
2810
6039aa73 2811static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2812{
2813 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2814 struct hci_conn *conn;
2815
9f1db00c 2816 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2817
2818 hci_dev_lock(hdev);
2819
2820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2821 if (conn && !ev->status)
2822 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2823
2824 hci_dev_unlock(hdev);
2825}
2826
6039aa73 2827static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2828{
a9de9248 2829 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2830 struct inquiry_entry *ie;
2831
2832 BT_DBG("%s", hdev->name);
2833
2834 hci_dev_lock(hdev);
2835
cc11b9c1
AE		 2836 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2837 if (ie) {
85a1e930
MH		 2838 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2839 ie->timestamp = jiffies;
2840 }
2841
2842 hci_dev_unlock(hdev);
2843}
2844
6039aa73
GP		 2845static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2846 struct sk_buff *skb)
a9de9248
MH		 2847{
2848 struct inquiry_data data;
2849 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2850 bool name_known, ssp;
a9de9248
MH		 2851
2852 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2853
2854 if (!num_rsp)
2855 return;
2856
1519cc17
AG		 2857 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2858 return;
2859
a9de9248
MH		 2860 hci_dev_lock(hdev);
2861
2862 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2863 struct inquiry_info_with_rssi_and_pscan_mode *info;
2864 info = (void *) (skb->data + 1);
a9de9248 2865
e17acd40 2866 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2867 bacpy(&data.bdaddr, &info->bdaddr);
2868 data.pscan_rep_mode = info->pscan_rep_mode;
2869 data.pscan_period_mode = info->pscan_period_mode;
2870 data.pscan_mode = info->pscan_mode;
2871 memcpy(data.dev_class, info->dev_class, 3);
2872 data.clock_offset = info->clock_offset;
2873 data.rssi = info->rssi;
41a96212 2874 data.ssp_mode = 0x00;
3175405b
JH		 2875
2876 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2877 false, &ssp);
48264f06 2878 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2879 info->dev_class, info->rssi,
2880 !name_known, ssp, NULL, 0);
a9de9248
MH		 2881 }
2882 } else {
2883 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2884
e17acd40 2885 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2886 bacpy(&data.bdaddr, &info->bdaddr);
2887 data.pscan_rep_mode = info->pscan_rep_mode;
2888 data.pscan_period_mode = info->pscan_period_mode;
2889 data.pscan_mode = 0x00;
2890 memcpy(data.dev_class, info->dev_class, 3);
2891 data.clock_offset = info->clock_offset;
2892 data.rssi = info->rssi;
41a96212 2893 data.ssp_mode = 0x00;
3175405b 2894 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2895 false, &ssp);
48264f06 2896 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2897 info->dev_class, info->rssi,
2898 !name_known, ssp, NULL, 0);
a9de9248
MH		 2899 }
2900 }
2901
2902 hci_dev_unlock(hdev);
2903}
2904
6039aa73
GP		 2905static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2906 struct sk_buff *skb)
a9de9248 2907{
41a96212
MH		 2908 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2909 struct hci_conn *conn;
2910
a9de9248 2911 BT_DBG("%s", hdev->name);
41a96212 2912
41a96212
MH		 2913 hci_dev_lock(hdev);
2914
2915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2916 if (!conn)
2917 goto unlock;
41a96212 2918
ccd556fe
JH		 2919 if (!ev->status && ev->page == 0x01) {
2920 struct inquiry_entry *ie;
41a96212 2921
cc11b9c1
AE		 2922 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2923 if (ie)
02b7cc62 2924 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2925
02b7cc62 2926 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2927 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2928 }
2929
2930 if (conn->state != BT_CONFIG)
2931 goto unlock;
2932
671267bf 2933 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2934 struct hci_cp_remote_name_req cp;
2935 memset(&cp, 0, sizeof(cp));
2936 bacpy(&cp.bdaddr, &conn->dst);
2937 cp.pscan_rep_mode = 0x02;
2938 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2939 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2940 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2941 conn->dst_type, 0, NULL, 0,
2942 conn->dev_class);
392599b9 2943
127178d2 2944 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2945 conn->state = BT_CONNECTED;
2946 hci_proto_connect_cfm(conn, ev->status);
2947 hci_conn_put(conn);
41a96212
MH		 2948 }
2949
ccd556fe 2950unlock:
41a96212 2951 hci_dev_unlock(hdev);
a9de9248
MH		 2952}
2953
6039aa73
GP		 2954static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2955 struct sk_buff *skb)
a9de9248 2956{
b6a0dc82
MH		 2957 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2958 struct hci_conn *conn;
2959
9f1db00c 2960 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2961
2962 hci_dev_lock(hdev);
2963
2964 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2965 if (!conn) {
2966 if (ev->link_type == ESCO_LINK)
2967 goto unlock;
2968
2969 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2970 if (!conn)
2971 goto unlock;
2972
2973 conn->type = SCO_LINK;
2974 }
b6a0dc82 2975
732547f9
MH		 2976 switch (ev->status) {
2977 case 0x00:
b6a0dc82
MH		 2978 conn->handle = __le16_to_cpu(ev->handle);
2979 conn->state = BT_CONNECTED;
7d0db0a3 2980
9eba32b8 2981 hci_conn_hold_device(conn);
7d0db0a3 2982 hci_conn_add_sysfs(conn);
732547f9
MH		 2983 break;
2984
705e5711 2985 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2986 case 0x1c: /* SCO interval rejected */
1038a00b 2987 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2988 case 0x1f: /* Unspecified error */
2989 if (conn->out && conn->attempt < 2) {
2990 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2991 (hdev->esco_type & EDR_ESCO_MASK);
2992 hci_setup_sync(conn, conn->link->handle);
2993 goto unlock;
2994 }
2995 /* fall through */
2996
2997 default:
b6a0dc82 2998 conn->state = BT_CLOSED;
732547f9
MH		 2999 break;
3000 }
b6a0dc82
MH		 3001
3002 hci_proto_connect_cfm(conn, ev->status);
3003 if (ev->status)
3004 hci_conn_del(conn);
3005
3006unlock:
3007 hci_dev_unlock(hdev);
a9de9248
MH		 3008}
3009
6039aa73 3010static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3011{
3012 BT_DBG("%s", hdev->name);
3013}
3014
6039aa73 3015static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3016{
a9de9248 3017 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3018
9f1db00c 3019 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3020}
3021
6039aa73
GP		 3022static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3023 struct sk_buff *skb)
1da177e4 3024{
a9de9248
MH		 3025 struct inquiry_data data;
3026 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3027 int num_rsp = *((__u8 *) skb->data);
9d939d94 3028 size_t eir_len;
1da177e4 3029
a9de9248 3030 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3031
a9de9248
MH		 3032 if (!num_rsp)
3033 return;
1da177e4 3034
1519cc17
AG		 3035 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3036 return;
3037
a9de9248
MH		 3038 hci_dev_lock(hdev);
3039
e17acd40 3040 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3041 bool name_known, ssp;
561aafbc 3042
a9de9248 3043 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3044 data.pscan_rep_mode = info->pscan_rep_mode;
3045 data.pscan_period_mode = info->pscan_period_mode;
3046 data.pscan_mode = 0x00;
a9de9248 3047 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3048 data.clock_offset = info->clock_offset;
3049 data.rssi = info->rssi;
41a96212 3050 data.ssp_mode = 0x01;
561aafbc 3051
a8b2d5c2 3052 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3053 name_known = eir_has_data_type(info->data,
04124681
GP		 3054 sizeof(info->data),
3055 EIR_NAME_COMPLETE);
561aafbc
JH		 3056 else
3057 name_known = true;
3058
388fc8fa 3059 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3060 &ssp);
9d939d94 3061 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3062 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3063 info->dev_class, info->rssi, !name_known,
9d939d94 3064 ssp, info->data, eir_len);
a9de9248
MH		 3065 }
3066
3067 hci_dev_unlock(hdev);
3068}
1da177e4 3069
1c2e0041
JH		 3070static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3071 struct sk_buff *skb)
3072{
3073 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3074 struct hci_conn *conn;
3075
9f1db00c 3076 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3077 __le16_to_cpu(ev->handle));
3078
3079 hci_dev_lock(hdev);
3080
3081 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3082 if (!conn)
3083 goto unlock;
3084
3085 if (!ev->status)
3086 conn->sec_level = conn->pending_sec_level;
3087
3088 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3089
3090 if (ev->status && conn->state == BT_CONNECTED) {
3091 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3092 hci_conn_put(conn);
3093 goto unlock;
3094 }
3095
3096 if (conn->state == BT_CONFIG) {
3097 if (!ev->status)
3098 conn->state = BT_CONNECTED;
3099
3100 hci_proto_connect_cfm(conn, ev->status);
3101 hci_conn_put(conn);
3102 } else {
3103 hci_auth_cfm(conn, ev->status);
3104
3105 hci_conn_hold(conn);
3106 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3107 hci_conn_put(conn);
3108 }
3109
3110unlock:
3111 hci_dev_unlock(hdev);
3112}
3113
6039aa73 3114static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3115{
3116 /* If remote requests dedicated bonding follow that lead */
3117 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3118 /* If both remote and local IO capabilities allow MITM
3119 * protection then require it, otherwise don't */
3120 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3121 return 0x02;
3122 else
3123 return 0x03;
3124 }
3125
3126 /* If remote requests no-bonding follow that lead */
3127 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3128 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3129
3130 return conn->auth_type;
3131}
3132
6039aa73 3133static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3134{
3135 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3136 struct hci_conn *conn;
3137
3138 BT_DBG("%s", hdev->name);
3139
3140 hci_dev_lock(hdev);
3141
3142 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3143 if (!conn)
3144 goto unlock;
3145
3146 hci_conn_hold(conn);
3147
a8b2d5c2 3148 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3149 goto unlock;
3150
a8b2d5c2 3151 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3152 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3153 struct hci_cp_io_capability_reply cp;
3154
3155 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3156 /* Change the IO capability from KeyboardDisplay
3157 * to DisplayYesNo as it is not supported by BT spec. */
3158 cp.capability = (conn->io_capability == 0x04) ?
3159 0x01 : conn->io_capability;
7cbc9bd9
JH		 3160 conn->auth_type = hci_get_auth_req(conn);
3161 cp.authentication = conn->auth_type;
17fa4b9d 3162
8fc9ced3
GP		 3163 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3164 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3165 cp.oob_data = 0x01;
3166 else
3167 cp.oob_data = 0x00;
3168
17fa4b9d 3169 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3170 sizeof(cp), &cp);
03b555e1
JH		 3171 } else {
3172 struct hci_cp_io_capability_neg_reply cp;
3173
3174 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3175 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3176
03b555e1 3177 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3178 sizeof(cp), &cp);
03b555e1
JH		 3179 }
3180
3181unlock:
3182 hci_dev_unlock(hdev);
3183}
3184
6039aa73 3185static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3186{
3187 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3188 struct hci_conn *conn;
3189
3190 BT_DBG("%s", hdev->name);
3191
3192 hci_dev_lock(hdev);
3193
3194 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3195 if (!conn)
3196 goto unlock;
3197
03b555e1 3198 conn->remote_cap = ev->capability;
03b555e1 3199 conn->remote_auth = ev->authentication;
58a681ef
JH		 3200 if (ev->oob_data)
3201 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3202
3203unlock:
0493684e
MH		 3204 hci_dev_unlock(hdev);
3205}
3206
6039aa73
GP		 3207static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3208 struct sk_buff *skb)
a5c29683
JH		 3209{
3210 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3211 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3212 struct hci_conn *conn;
a5c29683
JH		 3213
3214 BT_DBG("%s", hdev->name);
3215
3216 hci_dev_lock(hdev);
3217
a8b2d5c2 3218 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3219 goto unlock;
a5c29683 3220
7a828908
JH		 3221 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3222 if (!conn)
3223 goto unlock;
3224
3225 loc_mitm = (conn->auth_type & 0x01);
3226 rem_mitm = (conn->remote_auth & 0x01);
3227
3228 /* If we require MITM but the remote device can't provide that
3229 * (it has NoInputNoOutput) then reject the confirmation
3230 * request. The only exception is when we're dedicated bonding
3231 * initiators (connect_cfm_cb set) since then we always have the MITM
3232 * bit set. */
3233 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3234 BT_DBG("Rejecting request: remote device can't provide MITM");
3235 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3236 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3237 goto unlock;
3238 }
3239
3240 /* If no side requires MITM protection; auto-accept */
3241 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3242 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3243
3244 /* If we're not the initiators request authorization to
3245 * proceed from user space (mgmt_user_confirm with
3246 * confirm_hint set to 1). */
51a8efd7 3247 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3248 BT_DBG("Confirming auto-accept as acceptor");
3249 confirm_hint = 1;
3250 goto confirm;
3251 }
3252
9f61656a 3253 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3254 hdev->auto_accept_delay);
9f61656a
JH		 3255
3256 if (hdev->auto_accept_delay > 0) {
3257 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3258 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3259 goto unlock;
3260 }
3261
7a828908 3262 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3263 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3264 goto unlock;
3265 }
3266
55bc1a37 3267confirm:
272d90df 3268 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3269 confirm_hint);
7a828908
JH		 3270
3271unlock:
a5c29683
JH		 3272 hci_dev_unlock(hdev);
3273}
3274
6039aa73
GP		 3275static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3276 struct sk_buff *skb)
1143d458
BG		 3277{
3278 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3279
3280 BT_DBG("%s", hdev->name);
3281
a8b2d5c2 3282 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3283 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3284}
3285
92a25256
JH		 3286static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3287 struct sk_buff *skb)
3288{
3289 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3290 struct hci_conn *conn;
3291
3292 BT_DBG("%s", hdev->name);
3293
3294 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3295 if (!conn)
3296 return;
3297
3298 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3299 conn->passkey_entered = 0;
3300
3301 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3302 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3303 conn->dst_type, conn->passkey_notify,
3304 conn->passkey_entered);
3305}
3306
3307static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3308{
3309 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3310 struct hci_conn *conn;
3311
3312 BT_DBG("%s", hdev->name);
3313
3314 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3315 if (!conn)
3316 return;
3317
3318 switch (ev->type) {
3319 case HCI_KEYPRESS_STARTED:
3320 conn->passkey_entered = 0;
3321 return;
3322
3323 case HCI_KEYPRESS_ENTERED:
3324 conn->passkey_entered++;
3325 break;
3326
3327 case HCI_KEYPRESS_ERASED:
3328 conn->passkey_entered--;
3329 break;
3330
3331 case HCI_KEYPRESS_CLEARED:
3332 conn->passkey_entered = 0;
3333 break;
3334
3335 case HCI_KEYPRESS_COMPLETED:
3336 return;
3337 }
3338
3339 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3340 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3341 conn->dst_type, conn->passkey_notify,
3342 conn->passkey_entered);
3343}
3344
6039aa73
GP		 3345static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3346 struct sk_buff *skb)
0493684e
MH		 3347{
3348 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3349 struct hci_conn *conn;
3350
3351 BT_DBG("%s", hdev->name);
3352
3353 hci_dev_lock(hdev);
3354
3355 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3356 if (!conn)
3357 goto unlock;
3358
3359 /* To avoid duplicate auth_failed events to user space we check
3360 * the HCI_CONN_AUTH_PEND flag which will be set if we
3361 * initiated the authentication. A traditional auth_complete
3362 * event gets always produced as initiator and is also mapped to
3363 * the mgmt_auth_failed event */
fa1bd918 3364 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3365 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3366 ev->status);
0493684e 3367
2a611692
JH		 3368 hci_conn_put(conn);
3369
3370unlock:
0493684e
MH		 3371 hci_dev_unlock(hdev);
3372}
3373
6039aa73
GP		 3374static void hci_remote_host_features_evt(struct hci_dev *hdev,
3375 struct sk_buff *skb)
41a96212
MH		 3376{
3377 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3378 struct inquiry_entry *ie;
3379
3380 BT_DBG("%s", hdev->name);
3381
3382 hci_dev_lock(hdev);
3383
cc11b9c1
AE		 3384 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3385 if (ie)
02b7cc62 3386 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3387
3388 hci_dev_unlock(hdev);
3389}
3390
6039aa73
GP		 3391static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3392 struct sk_buff *skb)
2763eda6
SJ		 3393{
3394 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3395 struct oob_data *data;
3396
3397 BT_DBG("%s", hdev->name);
3398
3399 hci_dev_lock(hdev);
3400
a8b2d5c2 3401 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3402 goto unlock;
3403
2763eda6
SJ		 3404 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3405 if (data) {
3406 struct hci_cp_remote_oob_data_reply cp;
3407
3408 bacpy(&cp.bdaddr, &ev->bdaddr);
3409 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3410 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3411
3412 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3413 &cp);
2763eda6
SJ		 3414 } else {
3415 struct hci_cp_remote_oob_data_neg_reply cp;
3416
3417 bacpy(&cp.bdaddr, &ev->bdaddr);
3418 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3419 &cp);
2763eda6
SJ		 3420 }
3421
e1ba1f15 3422unlock:
2763eda6
SJ		 3423 hci_dev_unlock(hdev);
3424}
3425
6039aa73 3426static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3427{
3428 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3429 struct hci_conn *conn;
3430
9f1db00c 3431 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3432
3433 hci_dev_lock(hdev);
3434
b47a09b3 3435 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3436 if (!conn) {
3437 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3438 if (!conn) {
3439 BT_ERR("No memory for new connection");
230fd16a 3440 goto unlock;
b62f328b 3441 }
29b7988a
AG		 3442
3443 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3444
3445 if (ev->role == LE_CONN_ROLE_MASTER) {
3446 conn->out = true;
3447 conn->link_mode |= HCI_LM_MASTER;
3448 }
b62f328b 3449 }
fcd89c09 3450
cd17decb
AG		 3451 if (ev->status) {
3452 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3453 conn->dst_type, ev->status);
3454 hci_proto_connect_cfm(conn, ev->status);
3455 conn->state = BT_CLOSED;
3456 hci_conn_del(conn);
3457 goto unlock;
3458 }
3459
b644ba33
JH		 3460 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3461 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3462 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3463
7b5c0d52 3464 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3465 conn->handle = __le16_to_cpu(ev->handle);
3466 conn->state = BT_CONNECTED;
3467
3468 hci_conn_hold_device(conn);
3469 hci_conn_add_sysfs(conn);
3470
3471 hci_proto_connect_cfm(conn, ev->status);
3472
3473unlock:
3474 hci_dev_unlock(hdev);
3475}
3476
6039aa73 3477static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3478{
e95beb41
AG		 3479 u8 num_reports = skb->data[0];
3480 void *ptr = &skb->data[1];
3c9e9195 3481 s8 rssi;
9aa04c91
AG		 3482
3483 hci_dev_lock(hdev);
3484
e95beb41
AG		 3485 while (num_reports--) {
3486 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3487
3c9e9195
AG		 3488 rssi = ev->data[ev->length];
3489 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3490 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3491
e95beb41 3492 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3493 }
3494
3495 hci_dev_unlock(hdev);
3496}
3497
6039aa73 3498static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3499{
3500 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3501 struct hci_cp_le_ltk_reply cp;
bea710fe 3502 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3503 struct hci_conn *conn;
c9839a11 3504 struct smp_ltk *ltk;
a7a595f6 3505
9f1db00c 3506 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3507
3508 hci_dev_lock(hdev);
3509
3510 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3511 if (conn == NULL)
3512 goto not_found;
a7a595f6 3513
bea710fe
VCG		 3514 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3515 if (ltk == NULL)
3516 goto not_found;
3517
3518 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3519 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3520
3521 if (ltk->authenticated)
3522 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3523
3524 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3525
c9839a11
VCG		 3526 if (ltk->type & HCI_SMP_STK) {
3527 list_del(&ltk->list);
3528 kfree(ltk);
3529 }
3530
a7a595f6 3531 hci_dev_unlock(hdev);
bea710fe
VCG		 3532
3533 return;
3534
3535not_found:
3536 neg.handle = ev->handle;
3537 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3538 hci_dev_unlock(hdev);
a7a595f6
VCG		 3539}
3540
6039aa73 3541static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3542{
3543 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3544
3545 skb_pull(skb, sizeof(*le_ev));
3546
3547 switch (le_ev->subevent) {
3548 case HCI_EV_LE_CONN_COMPLETE:
3549 hci_le_conn_complete_evt(hdev, skb);
3550 break;
3551
9aa04c91
AG		 3552 case HCI_EV_LE_ADVERTISING_REPORT:
3553 hci_le_adv_report_evt(hdev, skb);
3554 break;
3555
a7a595f6
VCG		 3556 case HCI_EV_LE_LTK_REQ:
3557 hci_le_ltk_request_evt(hdev, skb);
3558 break;
3559
fcd89c09
VT		 3560 default:
3561 break;
3562 }
3563}
3564
a9de9248
MH		 3565void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3566{
3567 struct hci_event_hdr *hdr = (void *) skb->data;
3568 __u8 event = hdr->evt;
3569
3570 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3571
3572 switch (event) {
1da177e4
LT		 3573 case HCI_EV_INQUIRY_COMPLETE:
3574 hci_inquiry_complete_evt(hdev, skb);
3575 break;
3576
3577 case HCI_EV_INQUIRY_RESULT:
3578 hci_inquiry_result_evt(hdev, skb);
3579 break;
3580
a9de9248
MH		 3581 case HCI_EV_CONN_COMPLETE:
3582 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3583 break;
3584
1da177e4
LT		 3585 case HCI_EV_CONN_REQUEST:
3586 hci_conn_request_evt(hdev, skb);
3587 break;
3588
1da177e4
LT		 3589 case HCI_EV_DISCONN_COMPLETE:
3590 hci_disconn_complete_evt(hdev, skb);
3591 break;
3592
1da177e4
LT		 3593 case HCI_EV_AUTH_COMPLETE:
3594 hci_auth_complete_evt(hdev, skb);
3595 break;
3596
a9de9248
MH		 3597 case HCI_EV_REMOTE_NAME:
3598 hci_remote_name_evt(hdev, skb);
3599 break;
3600
1da177e4
LT		 3601 case HCI_EV_ENCRYPT_CHANGE:
3602 hci_encrypt_change_evt(hdev, skb);
3603 break;
3604
a9de9248
MH		 3605 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3606 hci_change_link_key_complete_evt(hdev, skb);
3607 break;
3608
3609 case HCI_EV_REMOTE_FEATURES:
3610 hci_remote_features_evt(hdev, skb);
3611 break;
3612
3613 case HCI_EV_REMOTE_VERSION:
3614 hci_remote_version_evt(hdev, skb);
3615 break;
3616
3617 case HCI_EV_QOS_SETUP_COMPLETE:
3618 hci_qos_setup_complete_evt(hdev, skb);
3619 break;
3620
3621 case HCI_EV_CMD_COMPLETE:
3622 hci_cmd_complete_evt(hdev, skb);
3623 break;
3624
3625 case HCI_EV_CMD_STATUS:
3626 hci_cmd_status_evt(hdev, skb);
3627 break;
3628
3629 case HCI_EV_ROLE_CHANGE:
3630 hci_role_change_evt(hdev, skb);
3631 break;
3632
3633 case HCI_EV_NUM_COMP_PKTS:
3634 hci_num_comp_pkts_evt(hdev, skb);
3635 break;
3636
3637 case HCI_EV_MODE_CHANGE:
3638 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3639 break;
3640
3641 case HCI_EV_PIN_CODE_REQ:
3642 hci_pin_code_request_evt(hdev, skb);
3643 break;
3644
3645 case HCI_EV_LINK_KEY_REQ:
3646 hci_link_key_request_evt(hdev, skb);
3647 break;
3648
3649 case HCI_EV_LINK_KEY_NOTIFY:
3650 hci_link_key_notify_evt(hdev, skb);
3651 break;
3652
3653 case HCI_EV_CLOCK_OFFSET:
3654 hci_clock_offset_evt(hdev, skb);
3655 break;
3656
a8746417
MH		 3657 case HCI_EV_PKT_TYPE_CHANGE:
3658 hci_pkt_type_change_evt(hdev, skb);
3659 break;
3660
85a1e930
MH		 3661 case HCI_EV_PSCAN_REP_MODE:
3662 hci_pscan_rep_mode_evt(hdev, skb);
3663 break;
3664
a9de9248
MH		 3665 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3666 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3667 break;
3668
a9de9248
MH		 3669 case HCI_EV_REMOTE_EXT_FEATURES:
3670 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3671 break;
3672
a9de9248
MH		 3673 case HCI_EV_SYNC_CONN_COMPLETE:
3674 hci_sync_conn_complete_evt(hdev, skb);
3675 break;
1da177e4 3676
a9de9248
MH		 3677 case HCI_EV_SYNC_CONN_CHANGED:
3678 hci_sync_conn_changed_evt(hdev, skb);
3679 break;
1da177e4 3680
a9de9248
MH		 3681 case HCI_EV_SNIFF_SUBRATE:
3682 hci_sniff_subrate_evt(hdev, skb);
3683 break;
1da177e4 3684
a9de9248
MH		 3685 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3686 hci_extended_inquiry_result_evt(hdev, skb);
3687 break;
1da177e4 3688
1c2e0041
JH		 3689 case HCI_EV_KEY_REFRESH_COMPLETE:
3690 hci_key_refresh_complete_evt(hdev, skb);
3691 break;
3692
0493684e
MH		 3693 case HCI_EV_IO_CAPA_REQUEST:
3694 hci_io_capa_request_evt(hdev, skb);
3695 break;
3696
03b555e1
JH		 3697 case HCI_EV_IO_CAPA_REPLY:
3698 hci_io_capa_reply_evt(hdev, skb);
3699 break;
3700
a5c29683
JH		 3701 case HCI_EV_USER_CONFIRM_REQUEST:
3702 hci_user_confirm_request_evt(hdev, skb);
3703 break;
3704
1143d458
BG		 3705 case HCI_EV_USER_PASSKEY_REQUEST:
3706 hci_user_passkey_request_evt(hdev, skb);
3707 break;
3708
92a25256
JH		 3709 case HCI_EV_USER_PASSKEY_NOTIFY:
3710 hci_user_passkey_notify_evt(hdev, skb);
3711 break;
3712
3713 case HCI_EV_KEYPRESS_NOTIFY:
3714 hci_keypress_notify_evt(hdev, skb);
3715 break;
3716
0493684e
MH		 3717 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3718 hci_simple_pair_complete_evt(hdev, skb);
3719 break;
3720
41a96212
MH		 3721 case HCI_EV_REMOTE_HOST_FEATURES:
3722 hci_remote_host_features_evt(hdev, skb);
3723 break;
3724
fcd89c09
VT		 3725 case HCI_EV_LE_META:
3726 hci_le_meta_evt(hdev, skb);
3727 break;
3728
2763eda6
SJ		 3729 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3730 hci_remote_oob_data_request_evt(hdev, skb);
3731 break;
3732
25e89e99
AE		 3733 case HCI_EV_NUM_COMP_BLOCKS:
3734 hci_num_comp_blocks_evt(hdev, skb);
3735 break;
3736
a9de9248 3737 default:
9f1db00c 3738 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3739 break;
3740 }
3741
3742 kfree_skb(skb);
3743 hdev->stat.evt_rx++;
3744}
kernel source for telekom puls (alcatel/mediatek)