projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: AMP: Process Disc Physical Link Complete evt
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
3159d384
JH		 226
227 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 228}
229
230static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
231{
232 struct hci_rp_read_local_name *rp = (void *) skb->data;
233
9f1db00c 234 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 235
236 if (rp->status)
237 return;
238
db99b5fc
JH		 239 if (test_bit(HCI_SETUP, &hdev->dev_flags))
240 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 241}
242
243static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
244{
245 __u8 status = *((__u8 *) skb->data);
246 void *sent;
247
9f1db00c 248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 249
250 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 if (!sent)
252 return;
253
254 if (!status) {
255 __u8 param = *((__u8 *) sent);
256
257 if (param == AUTH_ENABLED)
258 set_bit(HCI_AUTH, &hdev->flags);
259 else
260 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 261 }
a9de9248 262
33ef95ed
JH		 263 if (test_bit(HCI_MGMT, &hdev->dev_flags))
264 mgmt_auth_enable_complete(hdev, status);
265
23bb5763 266 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 267}
268
a9de9248 269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 270{
a9de9248 271 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 272 void *sent;
273
9f1db00c 274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 275
a9de9248
MH		 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
1da177e4 279
a9de9248
MH		 280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
1da177e4 288
23bb5763 289 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 290}
1da177e4 291
a9de9248
MH		 292static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293{
36f7fc7e
JH		 294 __u8 param, status = *((__u8 *) skb->data);
295 int old_pscan, old_iscan;
a9de9248 296 void *sent;
1da177e4 297
9f1db00c 298 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 299
a9de9248
MH		 300 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
301 if (!sent)
302 return;
1da177e4 303
36f7fc7e
JH		 304 param = *((__u8 *) sent);
305
56e5cb86
JH		 306 hci_dev_lock(hdev);
307
fa1bd918 308 if (status) {
744cf19e 309 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 310 hdev->discov_timeout = 0;
311 goto done;
312 }
313
36f7fc7e
JH		 314 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
315 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316
317 if (param & SCAN_INQUIRY) {
318 set_bit(HCI_ISCAN, &hdev->flags);
319 if (!old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 321 if (hdev->discov_timeout > 0) {
322 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
323 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 324 to);
16ab91ab 325 }
36f7fc7e 326 } else if (old_iscan)
744cf19e 327 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 328
329 if (param & SCAN_PAGE) {
330 set_bit(HCI_PSCAN, &hdev->flags);
331 if (!old_pscan)
744cf19e 332 mgmt_connectable(hdev, 1);
36f7fc7e 333 } else if (old_pscan)
744cf19e 334 mgmt_connectable(hdev, 0);
1da177e4 335
36f7fc7e 336done:
56e5cb86 337 hci_dev_unlock(hdev);
23bb5763 338 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 344
9f1db00c 345 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 346
a9de9248
MH		 347 if (rp->status)
348 return;
1da177e4 349
a9de9248 350 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 351
a9de9248 352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 353 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 354}
1da177e4 355
a9de9248
MH		 356static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
357{
358 __u8 status = *((__u8 *) skb->data);
359 void *sent;
1da177e4 360
9f1db00c 361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 362
a9de9248
MH		 363 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 if (!sent)
365 return;
1da177e4 366
7f9a903c
MH		 367 hci_dev_lock(hdev);
368
369 if (status == 0)
370 memcpy(hdev->dev_class, sent, 3);
371
372 if (test_bit(HCI_MGMT, &hdev->dev_flags))
373 mgmt_set_class_of_dev_complete(hdev, sent, status);
374
375 hci_dev_unlock(hdev);
a9de9248 376}
1da177e4 377
a9de9248
MH		 378static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
379{
380 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 __u16 setting;
382
9f1db00c 383 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 384
385 if (rp->status)
386 return;
387
388 setting = __le16_to_cpu(rp->voice_setting);
389
f383f275 390 if (hdev->voice_setting == setting)
a9de9248
MH		 391 return;
392
393 hdev->voice_setting = setting;
394
9f1db00c 395 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 396
3c54711c 397 if (hdev->notify)
a9de9248 398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 399}
400
8fc9ced3
GP		 401static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 struct sk_buff *skb)
a9de9248
MH		 403{
404 __u8 status = *((__u8 *) skb->data);
f383f275 405 __u16 setting;
a9de9248
MH		 406 void *sent;
407
9f1db00c 408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 409
f383f275
MH		 410 if (status)
411 return;
412
a9de9248
MH		 413 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 if (!sent)
415 return;
1da177e4 416
f383f275 417 setting = get_unaligned_le16(sent);
1da177e4 418
f383f275
MH		 419 if (hdev->voice_setting == setting)
420 return;
421
422 hdev->voice_setting = setting;
1da177e4 423
9f1db00c 424 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 425
3c54711c 426 if (hdev->notify)
f383f275 427 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 428}
429
a9de9248 430static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 431{
a9de9248 432 __u8 status = *((__u8 *) skb->data);
1da177e4 433
9f1db00c 434 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 435
23bb5763 436 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 437}
1143e5a6 438
333140b5
MH		 439static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440{
441 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 442 struct hci_cp_write_ssp_mode *sent;
333140b5 443
9f1db00c 444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 445
333140b5
MH		 446 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 if (!sent)
448 return;
449
5ed8eb2f
JH		 450 if (!status) {
451 if (sent->mode)
452 hdev->host_features[0] |= LMP_HOST_SSP;
453 else
454 hdev->host_features[0] &= ~LMP_HOST_SSP;
455 }
456
ed2c4ee3 457 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 458 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 459 else if (!status) {
5ed8eb2f 460 if (sent->mode)
c0ecddc2
JH		 461 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 else
463 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 }
333140b5
MH		 465}
466
d5859e22
JH		 467static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
468{
976eb20e 469 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 470 return 2;
471
976eb20e 472 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 473 return 1;
474
475 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 476 hdev->lmp_subver == 0x0757)
d5859e22
JH		 477 return 1;
478
479 if (hdev->manufacturer == 15) {
480 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
481 return 1;
482 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
483 return 1;
484 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
485 return 1;
486 }
487
488 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 489 hdev->lmp_subver == 0x1805)
d5859e22
JH		 490 return 1;
491
492 return 0;
493}
494
495static void hci_setup_inquiry_mode(struct hci_dev *hdev)
496{
497 u8 mode;
498
499 mode = hci_get_inquiry_mode(hdev);
500
501 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
502}
503
504static void hci_setup_event_mask(struct hci_dev *hdev)
505{
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
510
6de6c18d
VT		 511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
5a13b095 513 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 514 return;
515
e1171e8d
JH		 516 if (lmp_bredr_capable(hdev)) {
517 events[4] |= 0x01; /* Flow Specification Complete */
518 events[4] |= 0x02; /* Inquiry Result with RSSI */
519 events[4] |= 0x04; /* Read Remote Extended Features Complete */
520 events[5] |= 0x08; /* Synchronous Connection Complete */
521 events[5] |= 0x10; /* Synchronous Connection Changed */
522 }
d5859e22 523
976eb20e 524 if (lmp_inq_rssi_capable(hdev))
a24299e6 525 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 526
999dcd10 527 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 528 events[5] |= 0x20; /* Sniff Subrating */
529
976eb20e 530 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 531 events[5] |= 0x80; /* Encryption Key Refresh Complete */
532
976eb20e 533 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 534 events[5] |= 0x40; /* Extended Inquiry Result */
535
c58e810e 536 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 537 events[7] |= 0x01; /* Enhanced Flush Complete */
538
976eb20e 539 if (lmp_lsto_capable(hdev))
d5859e22
JH		 540 events[6] |= 0x80; /* Link Supervision Timeout Changed */
541
9a1a1996 542 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 543 events[6] |= 0x01; /* IO Capability Request */
544 events[6] |= 0x02; /* IO Capability Response */
545 events[6] |= 0x04; /* User Confirmation Request */
546 events[6] |= 0x08; /* User Passkey Request */
547 events[6] |= 0x10; /* Remote OOB Data Request */
548 events[6] |= 0x20; /* Simple Pairing Complete */
549 events[7] |= 0x04; /* User Passkey Notification */
550 events[7] |= 0x08; /* Keypress Notification */
551 events[7] |= 0x10; /* Remote Host Supported
552 * Features Notification */
553 }
554
c383ddc4 555 if (lmp_le_capable(hdev))
d5859e22
JH		 556 events[7] |= 0x20; /* LE Meta-Event */
557
558 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 559
560 if (lmp_le_capable(hdev)) {
561 memset(events, 0, sizeof(events));
562 events[0] = 0x1f;
563 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
564 sizeof(events), events);
565 }
d5859e22
JH		 566}
567
4611dfa8 568static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 569{
570 struct hci_cp_delete_stored_link_key cp;
571 __le16 param;
572 __u8 flt_type;
573
574 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
575 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
576
577 /* Read Class of Device */
578 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
579
580 /* Read Local Name */
581 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
582
583 /* Read Voice Setting */
584 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
585
586 /* Clear Event Filters */
587 flt_type = HCI_FLT_CLEAR_ALL;
588 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
589
590 /* Connection accept timeout ~20 secs */
591 param = __constant_cpu_to_le16(0x7d00);
592 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
593
594 bacpy(&cp.bdaddr, BDADDR_ANY);
595 cp.delete_all = 1;
596 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
597}
598
4611dfa8 599static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 600{
601 /* Read LE Buffer Size */
602 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 603
604 /* Read LE Advertising Channel TX Power */
605 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 606}
607
d5859e22
JH		 608static void hci_setup(struct hci_dev *hdev)
609{
e61ef499
AE		 610 if (hdev->dev_type != HCI_BREDR)
611 return;
612
e1171e8d
JH		 613 /* Read BD Address */
614 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
615
616 if (lmp_bredr_capable(hdev))
4611dfa8 617 bredr_setup(hdev);
e1171e8d
JH		 618
619 if (lmp_le_capable(hdev))
4611dfa8 620 le_setup(hdev);
e1171e8d 621
d5859e22
JH		 622 hci_setup_event_mask(hdev);
623
d095c1eb 624 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 625 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
626
6d3c730f 627 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 628 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
629 u8 mode = 0x01;
630 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 631 sizeof(mode), &mode);
54d04dbb
JH		 632 } else {
633 struct hci_cp_write_eir cp;
634
635 memset(hdev->eir, 0, sizeof(hdev->eir));
636 memset(&cp, 0, sizeof(cp));
637
638 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
639 }
d5859e22
JH		 640 }
641
976eb20e 642 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 643 hci_setup_inquiry_mode(hdev);
644
976eb20e 645 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 646 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 647
976eb20e 648 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 649 struct hci_cp_read_local_ext_features cp;
650
651 cp.page = 0x01;
04124681
GP		 652 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
653 &cp);
971e3a4b 654 }
e6100a25 655
47990ea0
JH		 656 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
657 u8 enable = 1;
04124681
GP		 658 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
659 &enable);
47990ea0 660 }
d5859e22
JH		 661}
662
a9de9248
MH		 663static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
664{
665 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 666
9f1db00c 667 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 668
a9de9248 669 if (rp->status)
28b8df77 670 goto done;
1143e5a6 671
a9de9248 672 hdev->hci_ver = rp->hci_ver;
e4e8e37c 673 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 674 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 675 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 676 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 677
9f1db00c 678 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 679 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 680
681 if (test_bit(HCI_INIT, &hdev->flags))
682 hci_setup(hdev);
28b8df77
AE		 683
684done:
685 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 686}
687
688static void hci_setup_link_policy(struct hci_dev *hdev)
689{
035100c8 690 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 691 u16 link_policy = 0;
692
9f92ebf6 693 if (lmp_rswitch_capable(hdev))
d5859e22 694 link_policy |= HCI_LP_RSWITCH;
976eb20e 695 if (lmp_hold_capable(hdev))
d5859e22 696 link_policy |= HCI_LP_HOLD;
6eded100 697 if (lmp_sniff_capable(hdev))
d5859e22 698 link_policy |= HCI_LP_SNIFF;
976eb20e 699 if (lmp_park_capable(hdev))
d5859e22
JH		 700 link_policy |= HCI_LP_PARK;
701
035100c8
AE		 702 cp.policy = cpu_to_le16(link_policy);
703 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 704}
1da177e4 705
8fc9ced3
GP		 706static void hci_cc_read_local_commands(struct hci_dev *hdev,
707 struct sk_buff *skb)
a9de9248
MH		 708{
709 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 710
9f1db00c 711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 712
a9de9248 713 if (rp->status)
d5859e22 714 goto done;
1da177e4 715
a9de9248 716 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 717
718 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
719 hci_setup_link_policy(hdev);
720
721done:
722 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 723}
1da177e4 724
8fc9ced3
GP		 725static void hci_cc_read_local_features(struct hci_dev *hdev,
726 struct sk_buff *skb)
a9de9248
MH		 727{
728 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 729
9f1db00c 730 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 731
a9de9248
MH		 732 if (rp->status)
733 return;
5b7f9909 734
a9de9248 735 memcpy(hdev->features, rp->features, 8);
5b7f9909 736
a9de9248
MH		 737 /* Adjust default settings according to features
738 * supported by device. */
1da177e4 739
a9de9248
MH		 740 if (hdev->features[0] & LMP_3SLOT)
741 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 742
a9de9248
MH		 743 if (hdev->features[0] & LMP_5SLOT)
744 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 745
a9de9248
MH		 746 if (hdev->features[1] & LMP_HV2) {
747 hdev->pkt_type |= (HCI_HV2);
748 hdev->esco_type |= (ESCO_HV2);
749 }
1da177e4 750
a9de9248
MH		 751 if (hdev->features[1] & LMP_HV3) {
752 hdev->pkt_type |= (HCI_HV3);
753 hdev->esco_type |= (ESCO_HV3);
754 }
1da177e4 755
45db810f 756 if (lmp_esco_capable(hdev))
a9de9248 757 hdev->esco_type |= (ESCO_EV3);
da1f5198 758
a9de9248
MH		 759 if (hdev->features[4] & LMP_EV4)
760 hdev->esco_type |= (ESCO_EV4);
da1f5198 761
a9de9248
MH		 762 if (hdev->features[4] & LMP_EV5)
763 hdev->esco_type |= (ESCO_EV5);
1da177e4 764
efc7688b
MH		 765 if (hdev->features[5] & LMP_EDR_ESCO_2M)
766 hdev->esco_type |= (ESCO_2EV3);
767
768 if (hdev->features[5] & LMP_EDR_ESCO_3M)
769 hdev->esco_type |= (ESCO_3EV3);
770
771 if (hdev->features[5] & LMP_EDR_3S_ESCO)
772 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
773
a9de9248 774 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 775 hdev->features[0], hdev->features[1],
776 hdev->features[2], hdev->features[3],
777 hdev->features[4], hdev->features[5],
778 hdev->features[6], hdev->features[7]);
a9de9248 779}
1da177e4 780
8f984dfa
JH		 781static void hci_set_le_support(struct hci_dev *hdev)
782{
783 struct hci_cp_write_le_host_supported cp;
784
785 memset(&cp, 0, sizeof(cp));
786
9d42820f 787 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 788 cp.le = 1;
976eb20e 789 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 790 }
791
976eb20e 792 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 793 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
794 &cp);
8f984dfa
JH		 795}
796
971e3a4b 797static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 798 struct sk_buff *skb)
971e3a4b
AG		 799{
800 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
801
9f1db00c 802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 803
804 if (rp->status)
8f984dfa 805 goto done;
971e3a4b 806
b5b32b65
AG		 807 switch (rp->page) {
808 case 0:
809 memcpy(hdev->features, rp->features, 8);
810 break;
811 case 1:
812 memcpy(hdev->host_features, rp->features, 8);
813 break;
814 }
971e3a4b 815
c383ddc4 816 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 817 hci_set_le_support(hdev);
818
819done:
971e3a4b
AG		 820 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
821}
822
1e89cffb 823static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 824 struct sk_buff *skb)
1e89cffb
AE		 825{
826 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
827
9f1db00c 828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 829
830 if (rp->status)
831 return;
832
833 hdev->flow_ctl_mode = rp->mode;
834
835 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
836}
837
a9de9248
MH		 838static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 841
9f1db00c 842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 843
a9de9248
MH		 844 if (rp->status)
845 return;
1da177e4 846
a9de9248
MH		 847 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
848 hdev->sco_mtu = rp->sco_mtu;
849 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
850 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
851
852 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
853 hdev->sco_mtu = 64;
854 hdev->sco_pkts = 8;
1da177e4 855 }
a9de9248
MH		 856
857 hdev->acl_cnt = hdev->acl_pkts;
858 hdev->sco_cnt = hdev->sco_pkts;
859
807deac2
GP		 860 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
861 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 862}
863
864static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
865{
866 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
867
9f1db00c 868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 869
870 if (!rp->status)
871 bacpy(&hdev->bdaddr, &rp->bdaddr);
872
23bb5763
JH		 873 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
874}
875
350ee4cf 876static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 877 struct sk_buff *skb)
350ee4cf
AE		 878{
879 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
880
9f1db00c 881 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 882
883 if (rp->status)
884 return;
885
886 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
887 hdev->block_len = __le16_to_cpu(rp->block_len);
888 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
889
890 hdev->block_cnt = hdev->num_blocks;
891
892 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 893 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 894
895 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
896}
897
23bb5763
JH		 898static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 __u8 status = *((__u8 *) skb->data);
901
9f1db00c 902 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 903
904 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 905}
906
928abaa7 907static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 908 struct sk_buff *skb)
928abaa7
AE		 909{
910 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
911
9f1db00c 912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 913
914 if (rp->status)
8e2a0d92 915 goto a2mp_rsp;
928abaa7
AE		 916
917 hdev->amp_status = rp->amp_status;
918 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
919 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
920 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
921 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
922 hdev->amp_type = rp->amp_type;
923 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
924 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
925 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
926 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
927
928 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 929
930a2mp_rsp:
931 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 932}
933
903e4541
AE		 934static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
935 struct sk_buff *skb)
936{
937 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
938 struct amp_assoc *assoc = &hdev->loc_assoc;
939 size_t rem_len, frag_len;
940
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
942
943 if (rp->status)
944 goto a2mp_rsp;
945
946 frag_len = skb->len - sizeof(*rp);
947 rem_len = __le16_to_cpu(rp->rem_len);
948
949 if (rem_len > frag_len) {
2e430be3 950 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 951
952 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
953 assoc->offset += frag_len;
954
955 /* Read other fragments */
956 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
957
958 return;
959 }
960
961 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
962 assoc->len = assoc->offset + rem_len;
963 assoc->offset = 0;
964
965a2mp_rsp:
966 /* Send A2MP Rsp when all fragments are received */
967 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 968 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 969}
970
b0916ea0 971static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 972 struct sk_buff *skb)
b0916ea0
JH		 973{
974 __u8 status = *((__u8 *) skb->data);
975
9f1db00c 976 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 977
978 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
979}
980
d5859e22
JH		 981static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
982{
983 __u8 status = *((__u8 *) skb->data);
984
9f1db00c 985 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 986
987 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
988}
989
990static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 991 struct sk_buff *skb)
d5859e22
JH		 992{
993 __u8 status = *((__u8 *) skb->data);
994
9f1db00c 995 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 996
997 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
998}
999
1000static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
d5859e22 1002{
91c4e9b1 1003 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1004
9f1db00c 1005 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1006
1007 if (!rp->status)
1008 hdev->inq_tx_power = rp->tx_power;
d5859e22 1009
91c4e9b1 1010 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1011}
1012
1013static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1014{
1015 __u8 status = *((__u8 *) skb->data);
1016
9f1db00c 1017 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1018
1019 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1020}
1021
980e1a53
JH		 1022static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1025 struct hci_cp_pin_code_reply *cp;
1026 struct hci_conn *conn;
1027
9f1db00c 1028 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1029
56e5cb86
JH		 1030 hci_dev_lock(hdev);
1031
a8b2d5c2 1032 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1033 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1034
fa1bd918 1035 if (rp->status)
56e5cb86 1036 goto unlock;
980e1a53
JH		 1037
1038 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1039 if (!cp)
56e5cb86 1040 goto unlock;
980e1a53
JH		 1041
1042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1043 if (conn)
1044 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1045
1046unlock:
1047 hci_dev_unlock(hdev);
980e1a53
JH		 1048}
1049
1050static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1051{
1052 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1053
9f1db00c 1054 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1055
56e5cb86
JH		 1056 hci_dev_lock(hdev);
1057
a8b2d5c2 1058 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1059 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1060 rp->status);
56e5cb86
JH		 1061
1062 hci_dev_unlock(hdev);
980e1a53 1063}
56e5cb86 1064
6ed58ec5
VT		 1065static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1067{
1068 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1069
9f1db00c 1070 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1071
1072 if (rp->status)
1073 return;
1074
1075 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1076 hdev->le_pkts = rp->le_max_pkt;
1077
1078 hdev->le_cnt = hdev->le_pkts;
1079
1080 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1081
1082 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1083}
980e1a53 1084
8fa19098
JH		 1085static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1087{
1088 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1089
1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091
1092 if (!rp->status)
1093 hdev->adv_tx_power = rp->tx_power;
1094
1095 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1096}
1097
e36b04c8
JH		 1098static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1099{
1100 __u8 status = *((__u8 *) skb->data);
1101
1102 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1103
1104 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1105}
1106
a5c29683
JH		 1107static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1108{
1109 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1110
9f1db00c 1111 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1112
56e5cb86
JH		 1113 hci_dev_lock(hdev);
1114
a8b2d5c2 1115 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1116 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1117 rp->status);
56e5cb86
JH		 1118
1119 hci_dev_unlock(hdev);
a5c29683
JH		 1120}
1121
1122static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1123 struct sk_buff *skb)
a5c29683
JH		 1124{
1125 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1126
9f1db00c 1127 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1128
56e5cb86
JH		 1129 hci_dev_lock(hdev);
1130
a8b2d5c2 1131 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1132 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1133 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1134
1135 hci_dev_unlock(hdev);
a5c29683
JH		 1136}
1137
1143d458
BG		 1138static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1143
1144 hci_dev_lock(hdev);
1145
a8b2d5c2 1146 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1147 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1148 0, rp->status);
1143d458
BG		 1149
1150 hci_dev_unlock(hdev);
1151}
1152
1153static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1154 struct sk_buff *skb)
1143d458
BG		 1155{
1156 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1157
9f1db00c 1158 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1159
1160 hci_dev_lock(hdev);
1161
a8b2d5c2 1162 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1163 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1164 ACL_LINK, 0, rp->status);
1143d458
BG		 1165
1166 hci_dev_unlock(hdev);
1167}
1168
c35938b2 1169static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1170 struct sk_buff *skb)
c35938b2
SJ		 1171{
1172 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1173
9f1db00c 1174 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1175
56e5cb86 1176 hci_dev_lock(hdev);
744cf19e 1177 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1178 rp->randomizer, rp->status);
56e5cb86 1179 hci_dev_unlock(hdev);
c35938b2
SJ		 1180}
1181
07f7fa5d
AG		 1182static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1183{
1184 __u8 status = *((__u8 *) skb->data);
1185
9f1db00c 1186 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1187
1188 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1189
1190 if (status) {
1191 hci_dev_lock(hdev);
1192 mgmt_start_discovery_failed(hdev, status);
1193 hci_dev_unlock(hdev);
1194 return;
1195 }
07f7fa5d
AG		 1196}
1197
eb9d91f5 1198static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1199 struct sk_buff *skb)
eb9d91f5
AG		 1200{
1201 struct hci_cp_le_set_scan_enable *cp;
1202 __u8 status = *((__u8 *) skb->data);
1203
9f1db00c 1204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1205
eb9d91f5
AG		 1206 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1207 if (!cp)
1208 return;
1209
68a8aea4
AE		 1210 switch (cp->enable) {
1211 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1212 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1213
3fd24153
AG		 1214 if (status) {
1215 hci_dev_lock(hdev);
1216 mgmt_start_discovery_failed(hdev, status);
1217 hci_dev_unlock(hdev);
7ba8b4be 1218 return;
3fd24153 1219 }
7ba8b4be 1220
d23264a8
AG		 1221 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1222
a8f13c8c 1223 hci_dev_lock(hdev);
343f935b 1224 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1225 hci_dev_unlock(hdev);
68a8aea4
AE		 1226 break;
1227
1228 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1229 if (status) {
1230 hci_dev_lock(hdev);
1231 mgmt_stop_discovery_failed(hdev, status);
1232 hci_dev_unlock(hdev);
7ba8b4be 1233 return;
c9ecc48e 1234 }
7ba8b4be 1235
d23264a8
AG		 1236 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1237
bc3dd33c
AG		 1238 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1239 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1240 mgmt_interleaved_discovery(hdev);
1241 } else {
1242 hci_dev_lock(hdev);
1243 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1244 hci_dev_unlock(hdev);
1245 }
1246
68a8aea4
AE		 1247 break;
1248
1249 default:
1250 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1251 break;
35815085 1252 }
eb9d91f5
AG		 1253}
1254
a7a595f6
VCG		 1255static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1256{
1257 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1258
9f1db00c 1259 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1260
1261 if (rp->status)
1262 return;
1263
1264 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1265}
1266
1267static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1268{
1269 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1270
9f1db00c 1271 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1272
1273 if (rp->status)
1274 return;
1275
1276 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1277}
1278
6039aa73
GP		 1279static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1280 struct sk_buff *skb)
f9b49306 1281{
06199cf8 1282 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1283 __u8 status = *((__u8 *) skb->data);
1284
9f1db00c 1285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1286
06199cf8 1287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1288 if (!sent)
f9b49306
AG		 1289 return;
1290
8f984dfa
JH		 1291 if (!status) {
1292 if (sent->le)
1293 hdev->host_features[0] |= LMP_HOST_LE;
1294 else
1295 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1296
1297 if (sent->simul)
1298 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1299 else
1300 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1301 }
1302
1303 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1304 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1305 mgmt_le_enable_complete(hdev, sent->le, status);
1306
1307 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1308}
1309
93c284ee
AE		 1310static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1311 struct sk_buff *skb)
1312{
1313 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1314
1315 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1316 hdev->name, rp->status, rp->phy_handle);
1317
1318 if (rp->status)
1319 return;
1320
1321 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1322}
1323
6039aa73 1324static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1325{
9f1db00c 1326 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1327
1328 if (status) {
23bb5763 1329 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1330 hci_conn_check_pending(hdev);
56e5cb86 1331 hci_dev_lock(hdev);
a8b2d5c2 1332 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1333 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1334 hci_dev_unlock(hdev);
314b2381
JH		 1335 return;
1336 }
1337
89352e7d
AG		 1338 set_bit(HCI_INQUIRY, &hdev->flags);
1339
56e5cb86 1340 hci_dev_lock(hdev);
343f935b 1341 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1342 hci_dev_unlock(hdev);
1da177e4
LT		 1343}
1344
6039aa73 1345static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1346{
a9de9248 1347 struct hci_cp_create_conn *cp;
1da177e4 1348 struct hci_conn *conn;
1da177e4 1349
9f1db00c 1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1351
1352 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1353 if (!cp)
1354 return;
1355
1356 hci_dev_lock(hdev);
1357
1358 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1359
6ed93dc6 1360 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1361
1362 if (status) {
1363 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1364 if (status != 0x0c || conn->attempt > 2) {
1365 conn->state = BT_CLOSED;
1366 hci_proto_connect_cfm(conn, status);
1367 hci_conn_del(conn);
1368 } else
1369 conn->state = BT_CONNECT2;
1da177e4
LT		 1370 }
1371 } else {
1372 if (!conn) {
1373 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1374 if (conn) {
a0c808b3 1375 conn->out = true;
1da177e4
LT		 1376 conn->link_mode |= HCI_LM_MASTER;
1377 } else
893ef971 1378 BT_ERR("No memory for new connection");
1da177e4
LT		 1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383}
1384
a9de9248 1385static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1386{
a9de9248
MH		 1387 struct hci_cp_add_sco *cp;
1388 struct hci_conn *acl, *sco;
1389 __u16 handle;
1da177e4 1390
9f1db00c 1391 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1392
a9de9248
MH		 1393 if (!status)
1394 return;
1da177e4 1395
a9de9248
MH		 1396 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1397 if (!cp)
1398 return;
1da177e4 1399
a9de9248 1400 handle = __le16_to_cpu(cp->handle);
1da177e4 1401
9f1db00c 1402 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1403
a9de9248 1404 hci_dev_lock(hdev);
1da177e4 1405
a9de9248 1406 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1407 if (acl) {
1408 sco = acl->link;
1409 if (sco) {
1410 sco->state = BT_CLOSED;
1da177e4 1411
5a08ecce
AE		 1412 hci_proto_connect_cfm(sco, status);
1413 hci_conn_del(sco);
1414 }
a9de9248 1415 }
1da177e4 1416
a9de9248
MH		 1417 hci_dev_unlock(hdev);
1418}
1da177e4 1419
f8558555
MH		 1420static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_auth_requested *cp;
1423 struct hci_conn *conn;
1424
9f1db00c 1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1426
1427 if (!status)
1428 return;
1429
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1431 if (!cp)
1432 return;
1433
1434 hci_dev_lock(hdev);
1435
1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn) {
1438 if (conn->state == BT_CONFIG) {
1439 hci_proto_connect_cfm(conn, status);
1440 hci_conn_put(conn);
1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
1447static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1448{
1449 struct hci_cp_set_conn_encrypt *cp;
1450 struct hci_conn *conn;
1451
9f1db00c 1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1453
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 if (conn) {
1465 if (conn->state == BT_CONFIG) {
1466 hci_proto_connect_cfm(conn, status);
1467 hci_conn_put(conn);
1468 }
1469 }
1470
1471 hci_dev_unlock(hdev);
1472}
1473
127178d2 1474static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1475 struct hci_conn *conn)
392599b9 1476{
392599b9
JH		 1477 if (conn->state != BT_CONFIG || !conn->out)
1478 return 0;
1479
765c2a96 1480 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1481 return 0;
1482
1483 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1484 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1485 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1486 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1487 return 0;
1488
392599b9
JH		 1489 return 1;
1490}
1491
6039aa73 1492static int hci_resolve_name(struct hci_dev *hdev,
04124681 1493 struct inquiry_entry *e)
30dc78e1
JH		 1494{
1495 struct hci_cp_remote_name_req cp;
1496
1497 memset(&cp, 0, sizeof(cp));
1498
1499 bacpy(&cp.bdaddr, &e->data.bdaddr);
1500 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1501 cp.pscan_mode = e->data.pscan_mode;
1502 cp.clock_offset = e->data.clock_offset;
1503
1504 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1505}
1506
b644ba33 1507static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1508{
1509 struct discovery_state *discov = &hdev->discovery;
1510 struct inquiry_entry *e;
1511
b644ba33
JH		 1512 if (list_empty(&discov->resolve))
1513 return false;
1514
1515 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1516 if (!e)
1517 return false;
1518
b644ba33
JH		 1519 if (hci_resolve_name(hdev, e) == 0) {
1520 e->name_state = NAME_PENDING;
1521 return true;
1522 }
1523
1524 return false;
1525}
1526
1527static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1528 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1529{
1530 struct discovery_state *discov = &hdev->discovery;
1531 struct inquiry_entry *e;
1532
1533 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1534 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1535 name_len, conn->dev_class);
b644ba33
JH		 1536
1537 if (discov->state == DISCOVERY_STOPPED)
1538 return;
1539
30dc78e1
JH		 1540 if (discov->state == DISCOVERY_STOPPING)
1541 goto discov_complete;
1542
1543 if (discov->state != DISCOVERY_RESOLVING)
1544 return;
1545
1546 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1547 /* If the device was not found in a list of found devices names of which
1548 * are pending. there is no need to continue resolving a next name as it
1549 * will be done upon receiving another Remote Name Request Complete
1550 * Event */
1551 if (!e)
1552 return;
1553
1554 list_del(&e->list);
1555 if (name) {
30dc78e1 1556 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1557 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1558 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1559 } else {
1560 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1561 }
1562
b644ba33 1563 if (hci_resolve_next_name(hdev))
30dc78e1 1564 return;
30dc78e1
JH		 1565
1566discov_complete:
1567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1568}
1569
a9de9248
MH		 1570static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1571{
127178d2
JH		 1572 struct hci_cp_remote_name_req *cp;
1573 struct hci_conn *conn;
1574
9f1db00c 1575 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1576
1577 /* If successful wait for the name req complete event before
1578 * checking for the need to do authentication */
1579 if (!status)
1580 return;
1581
1582 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1583 if (!cp)
1584 return;
1585
1586 hci_dev_lock(hdev);
1587
b644ba33
JH		 1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1589
a8b2d5c2 1590 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1591 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1592
79c6c70c
JH		 1593 if (!conn)
1594 goto unlock;
1595
1596 if (!hci_outgoing_auth_needed(hdev, conn))
1597 goto unlock;
1598
51a8efd7 1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1600 struct hci_cp_auth_requested cp;
1601 cp.handle = __cpu_to_le16(conn->handle);
1602 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1603 }
1604
79c6c70c 1605unlock:
127178d2 1606 hci_dev_unlock(hdev);
a9de9248 1607}
1da177e4 1608
769be974
MH		 1609static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1610{
1611 struct hci_cp_read_remote_features *cp;
1612 struct hci_conn *conn;
1613
9f1db00c 1614 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1615
1616 if (!status)
1617 return;
1618
1619 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1620 if (!cp)
1621 return;
1622
1623 hci_dev_lock(hdev);
1624
1625 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1626 if (conn) {
1627 if (conn->state == BT_CONFIG) {
769be974
MH		 1628 hci_proto_connect_cfm(conn, status);
1629 hci_conn_put(conn);
1630 }
1631 }
1632
1633 hci_dev_unlock(hdev);
1634}
1635
1636static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1637{
1638 struct hci_cp_read_remote_ext_features *cp;
1639 struct hci_conn *conn;
1640
9f1db00c 1641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1642
1643 if (!status)
1644 return;
1645
1646 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1647 if (!cp)
1648 return;
1649
1650 hci_dev_lock(hdev);
1651
1652 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1653 if (conn) {
1654 if (conn->state == BT_CONFIG) {
769be974
MH		 1655 hci_proto_connect_cfm(conn, status);
1656 hci_conn_put(conn);
1657 }
1658 }
1659
1660 hci_dev_unlock(hdev);
1661}
1662
a9de9248
MH		 1663static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1664{
b6a0dc82
MH		 1665 struct hci_cp_setup_sync_conn *cp;
1666 struct hci_conn *acl, *sco;
1667 __u16 handle;
1668
9f1db00c 1669 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1670
1671 if (!status)
1672 return;
1673
1674 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1675 if (!cp)
1676 return;
1677
1678 handle = __le16_to_cpu(cp->handle);
1679
9f1db00c 1680 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1681
1682 hci_dev_lock(hdev);
1683
1684 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1685 if (acl) {
1686 sco = acl->link;
1687 if (sco) {
1688 sco->state = BT_CLOSED;
b6a0dc82 1689
5a08ecce
AE		 1690 hci_proto_connect_cfm(sco, status);
1691 hci_conn_del(sco);
1692 }
b6a0dc82
MH		 1693 }
1694
1695 hci_dev_unlock(hdev);
1da177e4
LT		 1696}
1697
a9de9248 1698static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1699{
a9de9248
MH		 1700 struct hci_cp_sniff_mode *cp;
1701 struct hci_conn *conn;
1da177e4 1702
9f1db00c 1703 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1704
a9de9248
MH		 1705 if (!status)
1706 return;
04837f64 1707
a9de9248
MH		 1708 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1709 if (!cp)
1710 return;
04837f64 1711
a9de9248 1712 hci_dev_lock(hdev);
04837f64 1713
a9de9248 1714 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1715 if (conn) {
51a8efd7 1716 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1717
51a8efd7 1718 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1719 hci_sco_setup(conn, status);
1720 }
1721
a9de9248
MH		 1722 hci_dev_unlock(hdev);
1723}
04837f64 1724
a9de9248
MH		 1725static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1726{
1727 struct hci_cp_exit_sniff_mode *cp;
1728 struct hci_conn *conn;
04837f64 1729
9f1db00c 1730 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1731
a9de9248
MH		 1732 if (!status)
1733 return;
04837f64 1734
a9de9248
MH		 1735 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1736 if (!cp)
1737 return;
04837f64 1738
a9de9248 1739 hci_dev_lock(hdev);
1da177e4 1740
a9de9248 1741 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1742 if (conn) {
51a8efd7 1743 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1744
51a8efd7 1745 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1746 hci_sco_setup(conn, status);
1747 }
1748
a9de9248 1749 hci_dev_unlock(hdev);
1da177e4
LT		 1750}
1751
88c3df13
JH		 1752static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1753{
1754 struct hci_cp_disconnect *cp;
1755 struct hci_conn *conn;
1756
1757 if (!status)
1758 return;
1759
1760 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1761 if (!cp)
1762 return;
1763
1764 hci_dev_lock(hdev);
1765
1766 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1767 if (conn)
1768 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1769 conn->dst_type, status);
88c3df13
JH		 1770
1771 hci_dev_unlock(hdev);
1772}
1773
fcd89c09
VT		 1774static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1775{
fcd89c09
VT		 1776 struct hci_conn *conn;
1777
9f1db00c 1778 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1779
f00a06ac
AG		 1780 if (status) {
1781 hci_dev_lock(hdev);
fcd89c09 1782
0c95ab78 1783 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1784 if (!conn) {
1785 hci_dev_unlock(hdev);
1786 return;
1787 }
fcd89c09 1788
6ed93dc6 1789 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1790
f00a06ac 1791 conn->state = BT_CLOSED;
0c95ab78 1792 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1793 conn->dst_type, status);
1794 hci_proto_connect_cfm(conn, status);
1795 hci_conn_del(conn);
fcd89c09 1796
f00a06ac
AG		 1797 hci_dev_unlock(hdev);
1798 }
fcd89c09
VT		 1799}
1800
a7a595f6
VCG		 1801static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1802{
9f1db00c 1803 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1804}
1805
a02226d6
AE		 1806static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1807{
93c284ee
AE		 1808 struct hci_cp_create_phy_link *cp;
1809
a02226d6 1810 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee
AE		 1811
1812 if (status)
1813 return;
1814
1815 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1816 if (!cp)
1817 return;
1818
1819 amp_write_remote_assoc(hdev, cp->phy_handle);
a02226d6
AE		 1820}
1821
0b26ab9d
AE		 1822static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1823{
1824 struct hci_cp_accept_phy_link *cp;
1825
1826 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1827
1828 if (status)
1829 return;
1830
1831 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1832 if (!cp)
1833 return;
1834
1835 amp_write_remote_assoc(hdev, cp->phy_handle);
1836}
1837
5ce66b59
AE		 1838static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1839{
1840 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1841}
1842
6039aa73 1843static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1844{
1845 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1846 struct discovery_state *discov = &hdev->discovery;
1847 struct inquiry_entry *e;
1da177e4 1848
9f1db00c 1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1850
23bb5763 1851 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1852
a9de9248 1853 hci_conn_check_pending(hdev);
89352e7d
AG		 1854
1855 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1856 return;
1857
a8b2d5c2 1858 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1859 return;
1860
56e5cb86 1861 hci_dev_lock(hdev);
30dc78e1 1862
343f935b 1863 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1864 goto unlock;
1865
1866 if (list_empty(&discov->resolve)) {
1867 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1868 goto unlock;
1869 }
1870
1871 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1872 if (e && hci_resolve_name(hdev, e) == 0) {
1873 e->name_state = NAME_PENDING;
1874 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1875 } else {
1876 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1877 }
1878
1879unlock:
56e5cb86 1880 hci_dev_unlock(hdev);
1da177e4
LT		 1881}
1882
6039aa73 1883static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1884{
45bb4bf0 1885 struct inquiry_data data;
a9de9248 1886 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1887 int num_rsp = *((__u8 *) skb->data);
1888
1889 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1890
45bb4bf0
MH		 1891 if (!num_rsp)
1892 return;
1893
1519cc17
AG		 1894 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1895 return;
1896
1da177e4 1897 hci_dev_lock(hdev);
45bb4bf0 1898
e17acd40 1899 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1900 bool name_known, ssp;
3175405b 1901
1da177e4
LT		 1902 bacpy(&data.bdaddr, &info->bdaddr);
1903 data.pscan_rep_mode = info->pscan_rep_mode;
1904 data.pscan_period_mode = info->pscan_period_mode;
1905 data.pscan_mode = info->pscan_mode;
1906 memcpy(data.dev_class, info->dev_class, 3);
1907 data.clock_offset = info->clock_offset;
1908 data.rssi = 0x00;
41a96212 1909 data.ssp_mode = 0x00;
3175405b 1910
388fc8fa 1911 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1912 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1913 info->dev_class, 0, !name_known, ssp, NULL,
1914 0);
1da177e4 1915 }
45bb4bf0 1916
1da177e4
LT		 1917 hci_dev_unlock(hdev);
1918}
1919
6039aa73 1920static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1921{
a9de9248
MH		 1922 struct hci_ev_conn_complete *ev = (void *) skb->data;
1923 struct hci_conn *conn;
1da177e4
LT		 1924
1925 BT_DBG("%s", hdev->name);
1926
1927 hci_dev_lock(hdev);
1928
1929 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1930 if (!conn) {
1931 if (ev->link_type != SCO_LINK)
1932 goto unlock;
1933
1934 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1935 if (!conn)
1936 goto unlock;
1937
1938 conn->type = SCO_LINK;
1939 }
1da177e4
LT		 1940
1941 if (!ev->status) {
1942 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1943
1944 if (conn->type == ACL_LINK) {
1945 conn->state = BT_CONFIG;
1946 hci_conn_hold(conn);
a9ea3ed9
SJ		 1947
1948 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1949 !hci_find_link_key(hdev, &ev->bdaddr))
1950 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1951 else
1952 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1953 } else
1954 conn->state = BT_CONNECTED;
1da177e4 1955
9eba32b8 1956 hci_conn_hold_device(conn);
7d0db0a3
MH		 1957 hci_conn_add_sysfs(conn);
1958
1da177e4
LT		 1959 if (test_bit(HCI_AUTH, &hdev->flags))
1960 conn->link_mode |= HCI_LM_AUTH;
1961
1962 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1963 conn->link_mode |= HCI_LM_ENCRYPT;
1964
04837f64
MH		 1965 /* Get remote features */
1966 if (conn->type == ACL_LINK) {
1967 struct hci_cp_read_remote_features cp;
1968 cp.handle = ev->handle;
769be974 1969 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1970 sizeof(cp), &cp);
04837f64
MH		 1971 }
1972
1da177e4 1973 /* Set packet type for incoming connection */
d095c1eb 1974 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1975 struct hci_cp_change_conn_ptype cp;
1976 cp.handle = ev->handle;
a8746417 1977 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1978 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1979 &cp);
1da177e4 1980 }
17d5c04c 1981 } else {
1da177e4 1982 conn->state = BT_CLOSED;
17d5c04c 1983 if (conn->type == ACL_LINK)
744cf19e 1984 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1985 conn->dst_type, ev->status);
17d5c04c 1986 }
1da177e4 1987
e73439d8
MH		 1988 if (conn->type == ACL_LINK)
1989 hci_sco_setup(conn, ev->status);
1da177e4 1990
769be974
MH		 1991 if (ev->status) {
1992 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1993 hci_conn_del(conn);
c89b6e6b
MH		 1994 } else if (ev->link_type != ACL_LINK)
1995 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1996
a9de9248 1997unlock:
1da177e4 1998 hci_dev_unlock(hdev);
1da177e4 1999
a9de9248 2000 hci_conn_check_pending(hdev);
1da177e4
LT		 2001}
2002
6039aa73 2003static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2004{
a9de9248
MH		 2005 struct hci_ev_conn_request *ev = (void *) skb->data;
2006 int mask = hdev->link_mode;
1da177e4 2007
6ed93dc6 2008 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2009 ev->link_type);
1da177e4 2010
a9de9248 2011 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2012
138d22ef 2013 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2014 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2015 /* Connection accepted */
c7bdd502 2016 struct inquiry_entry *ie;
1da177e4 2017 struct hci_conn *conn;
1da177e4 2018
a9de9248 2019 hci_dev_lock(hdev);
b6a0dc82 2020
cc11b9c1
AE		 2021 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2022 if (ie)
c7bdd502
MH		 2023 memcpy(ie->data.dev_class, ev->dev_class, 3);
2024
8fc9ced3
GP		 2025 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2026 &ev->bdaddr);
a9de9248 2027 if (!conn) {
cc11b9c1
AE		 2028 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2029 if (!conn) {
893ef971 2030 BT_ERR("No memory for new connection");
a9de9248
MH		 2031 hci_dev_unlock(hdev);
2032 return;
1da177e4
LT		 2033 }
2034 }
b6a0dc82 2035
a9de9248
MH		 2036 memcpy(conn->dev_class, ev->dev_class, 3);
2037 conn->state = BT_CONNECT;
b6a0dc82 2038
a9de9248 2039 hci_dev_unlock(hdev);
1da177e4 2040
b6a0dc82
MH		 2041 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2042 struct hci_cp_accept_conn_req cp;
1da177e4 2043
b6a0dc82
MH		 2044 bacpy(&cp.bdaddr, &ev->bdaddr);
2045
2046 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2047 cp.role = 0x00; /* Become master */
2048 else
2049 cp.role = 0x01; /* Remain slave */
2050
04124681
GP		 2051 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2052 &cp);
b6a0dc82
MH		 2053 } else {
2054 struct hci_cp_accept_sync_conn_req cp;
2055
2056 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2057 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2058
82781e63
AE		 2059 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2060 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2061 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2062 cp.content_format = cpu_to_le16(hdev->voice_setting);
2063 cp.retrans_effort = 0xff;
1da177e4 2064
b6a0dc82 2065 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2066 sizeof(cp), &cp);
b6a0dc82 2067 }
a9de9248
MH		 2068 } else {
2069 /* Connection rejected */
2070 struct hci_cp_reject_conn_req cp;
1da177e4 2071
a9de9248 2072 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2073 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2074 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2075 }
1da177e4
LT		 2076}
2077
f0d6a0ea
MA		 2078static u8 hci_to_mgmt_reason(u8 err)
2079{
2080 switch (err) {
2081 case HCI_ERROR_CONNECTION_TIMEOUT:
2082 return MGMT_DEV_DISCONN_TIMEOUT;
2083 case HCI_ERROR_REMOTE_USER_TERM:
2084 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2085 case HCI_ERROR_REMOTE_POWER_OFF:
2086 return MGMT_DEV_DISCONN_REMOTE;
2087 case HCI_ERROR_LOCAL_HOST_TERM:
2088 return MGMT_DEV_DISCONN_LOCAL_HOST;
2089 default:
2090 return MGMT_DEV_DISCONN_UNKNOWN;
2091 }
2092}
2093
6039aa73 2094static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2095{
a9de9248 2096 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2097 struct hci_conn *conn;
2098
9f1db00c 2099 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2100
2101 hci_dev_lock(hdev);
2102
2103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2104 if (!conn)
2105 goto unlock;
7d0db0a3 2106
37d9ef76
JH		 2107 if (ev->status == 0)
2108 conn->state = BT_CLOSED;
04837f64 2109
b644ba33 2110 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2111 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2112 if (ev->status) {
88c3df13 2113 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2114 conn->dst_type, ev->status);
f0d6a0ea
MA		 2115 } else {
2116 u8 reason = hci_to_mgmt_reason(ev->reason);
2117
afc747a6 2118 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2119 conn->dst_type, reason);
2120 }
37d9ef76 2121 }
f7520543 2122
37d9ef76 2123 if (ev->status == 0) {
6ec5bcad
VA		 2124 if (conn->type == ACL_LINK && conn->flush_key)
2125 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2126 hci_proto_disconn_cfm(conn, ev->reason);
2127 hci_conn_del(conn);
2128 }
f7520543
JH		 2129
2130unlock:
04837f64
MH		 2131 hci_dev_unlock(hdev);
2132}
2133
6039aa73 2134static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2135{
a9de9248 2136 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2137 struct hci_conn *conn;
1da177e4 2138
9f1db00c 2139 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2140
2141 hci_dev_lock(hdev);
2142
04837f64 2143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2144 if (!conn)
2145 goto unlock;
2146
2147 if (!ev->status) {
aa64a8b5 2148 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2149 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2150 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2151 } else {
d7556e20
WR		 2152 conn->link_mode |= HCI_LM_AUTH;
2153 conn->sec_level = conn->pending_sec_level;
2a611692 2154 }
d7556e20 2155 } else {
bab73cb6 2156 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2157 ev->status);
d7556e20 2158 }
1da177e4 2159
51a8efd7
JH		 2160 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2161 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2162
d7556e20 2163 if (conn->state == BT_CONFIG) {
aa64a8b5 2164 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2165 struct hci_cp_set_conn_encrypt cp;
2166 cp.handle = ev->handle;
2167 cp.encrypt = 0x01;
2168 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2169 &cp);
052b30b0 2170 } else {
d7556e20
WR		 2171 conn->state = BT_CONNECTED;
2172 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2173 hci_conn_put(conn);
2174 }
d7556e20
WR		 2175 } else {
2176 hci_auth_cfm(conn, ev->status);
052b30b0 2177
d7556e20
WR		 2178 hci_conn_hold(conn);
2179 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2180 hci_conn_put(conn);
2181 }
2182
51a8efd7 2183 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2184 if (!ev->status) {
2185 struct hci_cp_set_conn_encrypt cp;
2186 cp.handle = ev->handle;
2187 cp.encrypt = 0x01;
2188 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2189 &cp);
d7556e20 2190 } else {
51a8efd7 2191 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2192 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2193 }
2194 }
2195
d7556e20 2196unlock:
1da177e4
LT		 2197 hci_dev_unlock(hdev);
2198}
2199
6039aa73 2200static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2201{
127178d2
JH		 2202 struct hci_ev_remote_name *ev = (void *) skb->data;
2203 struct hci_conn *conn;
2204
a9de9248 2205 BT_DBG("%s", hdev->name);
1da177e4 2206
a9de9248 2207 hci_conn_check_pending(hdev);
127178d2
JH		 2208
2209 hci_dev_lock(hdev);
2210
b644ba33 2211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2212
b644ba33
JH		 2213 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2214 goto check_auth;
a88a9652 2215
b644ba33
JH		 2216 if (ev->status == 0)
2217 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2218 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2219 else
2220 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2221
2222check_auth:
79c6c70c
JH		 2223 if (!conn)
2224 goto unlock;
2225
2226 if (!hci_outgoing_auth_needed(hdev, conn))
2227 goto unlock;
2228
51a8efd7 2229 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2230 struct hci_cp_auth_requested cp;
2231 cp.handle = __cpu_to_le16(conn->handle);
2232 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2233 }
2234
79c6c70c 2235unlock:
127178d2 2236 hci_dev_unlock(hdev);
a9de9248
MH		 2237}
2238
6039aa73 2239static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2240{
2241 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2242 struct hci_conn *conn;
2243
9f1db00c 2244 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2245
2246 hci_dev_lock(hdev);
2247
04837f64 2248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2249 if (conn) {
2250 if (!ev->status) {
ae293196
MH		 2251 if (ev->encrypt) {
2252 /* Encryption implies authentication */
2253 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2254 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2255 conn->sec_level = conn->pending_sec_level;
ae293196 2256 } else
1da177e4
LT		 2257 conn->link_mode &= ~HCI_LM_ENCRYPT;
2258 }
2259
51a8efd7 2260 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2261
a7d7723a 2262 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2263 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2264 hci_conn_put(conn);
2265 goto unlock;
2266 }
2267
f8558555
MH		 2268 if (conn->state == BT_CONFIG) {
2269 if (!ev->status)
2270 conn->state = BT_CONNECTED;
2271
2272 hci_proto_connect_cfm(conn, ev->status);
2273 hci_conn_put(conn);
2274 } else
2275 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2276 }
2277
a7d7723a 2278unlock:
1da177e4
LT		 2279 hci_dev_unlock(hdev);
2280}
2281
6039aa73
GP		 2282static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2283 struct sk_buff *skb)
1da177e4 2284{
a9de9248 2285 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2286 struct hci_conn *conn;
1da177e4 2287
9f1db00c 2288 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2289
2290 hci_dev_lock(hdev);
2291
04837f64 2292 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2293 if (conn) {
2294 if (!ev->status)
2295 conn->link_mode |= HCI_LM_SECURE;
2296
51a8efd7 2297 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2298
2299 hci_key_change_cfm(conn, ev->status);
2300 }
2301
2302 hci_dev_unlock(hdev);
2303}
2304
6039aa73
GP		 2305static void hci_remote_features_evt(struct hci_dev *hdev,
2306 struct sk_buff *skb)
1da177e4 2307{
a9de9248
MH		 2308 struct hci_ev_remote_features *ev = (void *) skb->data;
2309 struct hci_conn *conn;
2310
9f1db00c 2311 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2312
a9de9248
MH		 2313 hci_dev_lock(hdev);
2314
2315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2316 if (!conn)
2317 goto unlock;
769be974 2318
ccd556fe
JH		 2319 if (!ev->status)
2320 memcpy(conn->features, ev->features, 8);
2321
2322 if (conn->state != BT_CONFIG)
2323 goto unlock;
2324
2325 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2326 struct hci_cp_read_remote_ext_features cp;
2327 cp.handle = ev->handle;
2328 cp.page = 0x01;
2329 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2330 sizeof(cp), &cp);
392599b9
JH		 2331 goto unlock;
2332 }
2333
671267bf 2334 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2335 struct hci_cp_remote_name_req cp;
2336 memset(&cp, 0, sizeof(cp));
2337 bacpy(&cp.bdaddr, &conn->dst);
2338 cp.pscan_rep_mode = 0x02;
2339 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2340 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2341 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2342 conn->dst_type, 0, NULL, 0,
2343 conn->dev_class);
392599b9 2344
127178d2 2345 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2346 conn->state = BT_CONNECTED;
2347 hci_proto_connect_cfm(conn, ev->status);
2348 hci_conn_put(conn);
769be974 2349 }
a9de9248 2350
ccd556fe 2351unlock:
a9de9248 2352 hci_dev_unlock(hdev);
1da177e4
LT		 2353}
2354
6039aa73 2355static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2356{
a9de9248 2357 BT_DBG("%s", hdev->name);
1da177e4
LT		 2358}
2359
6039aa73
GP		 2360static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2361 struct sk_buff *skb)
1da177e4 2362{
a9de9248 2363 BT_DBG("%s", hdev->name);
1da177e4
LT		 2364}
2365
6039aa73 2366static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2367{
2368 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2369 __u16 opcode;
2370
2371 skb_pull(skb, sizeof(*ev));
2372
2373 opcode = __le16_to_cpu(ev->opcode);
2374
2375 switch (opcode) {
2376 case HCI_OP_INQUIRY_CANCEL:
2377 hci_cc_inquiry_cancel(hdev, skb);
2378 break;
2379
4d93483b
AG		 2380 case HCI_OP_PERIODIC_INQ:
2381 hci_cc_periodic_inq(hdev, skb);
2382 break;
2383
a9de9248
MH		 2384 case HCI_OP_EXIT_PERIODIC_INQ:
2385 hci_cc_exit_periodic_inq(hdev, skb);
2386 break;
2387
2388 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2389 hci_cc_remote_name_req_cancel(hdev, skb);
2390 break;
2391
2392 case HCI_OP_ROLE_DISCOVERY:
2393 hci_cc_role_discovery(hdev, skb);
2394 break;
2395
e4e8e37c
MH		 2396 case HCI_OP_READ_LINK_POLICY:
2397 hci_cc_read_link_policy(hdev, skb);
2398 break;
2399
a9de9248
MH		 2400 case HCI_OP_WRITE_LINK_POLICY:
2401 hci_cc_write_link_policy(hdev, skb);
2402 break;
2403
e4e8e37c
MH		 2404 case HCI_OP_READ_DEF_LINK_POLICY:
2405 hci_cc_read_def_link_policy(hdev, skb);
2406 break;
2407
2408 case HCI_OP_WRITE_DEF_LINK_POLICY:
2409 hci_cc_write_def_link_policy(hdev, skb);
2410 break;
2411
a9de9248
MH		 2412 case HCI_OP_RESET:
2413 hci_cc_reset(hdev, skb);
2414 break;
2415
2416 case HCI_OP_WRITE_LOCAL_NAME:
2417 hci_cc_write_local_name(hdev, skb);
2418 break;
2419
2420 case HCI_OP_READ_LOCAL_NAME:
2421 hci_cc_read_local_name(hdev, skb);
2422 break;
2423
2424 case HCI_OP_WRITE_AUTH_ENABLE:
2425 hci_cc_write_auth_enable(hdev, skb);
2426 break;
2427
2428 case HCI_OP_WRITE_ENCRYPT_MODE:
2429 hci_cc_write_encrypt_mode(hdev, skb);
2430 break;
2431
2432 case HCI_OP_WRITE_SCAN_ENABLE:
2433 hci_cc_write_scan_enable(hdev, skb);
2434 break;
2435
2436 case HCI_OP_READ_CLASS_OF_DEV:
2437 hci_cc_read_class_of_dev(hdev, skb);
2438 break;
2439
2440 case HCI_OP_WRITE_CLASS_OF_DEV:
2441 hci_cc_write_class_of_dev(hdev, skb);
2442 break;
2443
2444 case HCI_OP_READ_VOICE_SETTING:
2445 hci_cc_read_voice_setting(hdev, skb);
2446 break;
2447
2448 case HCI_OP_WRITE_VOICE_SETTING:
2449 hci_cc_write_voice_setting(hdev, skb);
2450 break;
2451
2452 case HCI_OP_HOST_BUFFER_SIZE:
2453 hci_cc_host_buffer_size(hdev, skb);
2454 break;
2455
333140b5
MH		 2456 case HCI_OP_WRITE_SSP_MODE:
2457 hci_cc_write_ssp_mode(hdev, skb);
2458 break;
2459
a9de9248
MH		 2460 case HCI_OP_READ_LOCAL_VERSION:
2461 hci_cc_read_local_version(hdev, skb);
2462 break;
2463
2464 case HCI_OP_READ_LOCAL_COMMANDS:
2465 hci_cc_read_local_commands(hdev, skb);
2466 break;
2467
2468 case HCI_OP_READ_LOCAL_FEATURES:
2469 hci_cc_read_local_features(hdev, skb);
2470 break;
2471
971e3a4b
AG		 2472 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2473 hci_cc_read_local_ext_features(hdev, skb);
2474 break;
2475
a9de9248
MH		 2476 case HCI_OP_READ_BUFFER_SIZE:
2477 hci_cc_read_buffer_size(hdev, skb);
2478 break;
2479
2480 case HCI_OP_READ_BD_ADDR:
2481 hci_cc_read_bd_addr(hdev, skb);
2482 break;
2483
350ee4cf
AE		 2484 case HCI_OP_READ_DATA_BLOCK_SIZE:
2485 hci_cc_read_data_block_size(hdev, skb);
2486 break;
2487
23bb5763
JH		 2488 case HCI_OP_WRITE_CA_TIMEOUT:
2489 hci_cc_write_ca_timeout(hdev, skb);
2490 break;
2491
1e89cffb
AE		 2492 case HCI_OP_READ_FLOW_CONTROL_MODE:
2493 hci_cc_read_flow_control_mode(hdev, skb);
2494 break;
2495
928abaa7
AE		 2496 case HCI_OP_READ_LOCAL_AMP_INFO:
2497 hci_cc_read_local_amp_info(hdev, skb);
2498 break;
2499
903e4541
AE		 2500 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2501 hci_cc_read_local_amp_assoc(hdev, skb);
2502 break;
2503
b0916ea0
JH		 2504 case HCI_OP_DELETE_STORED_LINK_KEY:
2505 hci_cc_delete_stored_link_key(hdev, skb);
2506 break;
2507
d5859e22
JH		 2508 case HCI_OP_SET_EVENT_MASK:
2509 hci_cc_set_event_mask(hdev, skb);
2510 break;
2511
2512 case HCI_OP_WRITE_INQUIRY_MODE:
2513 hci_cc_write_inquiry_mode(hdev, skb);
2514 break;
2515
2516 case HCI_OP_READ_INQ_RSP_TX_POWER:
2517 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2518 break;
2519
2520 case HCI_OP_SET_EVENT_FLT:
2521 hci_cc_set_event_flt(hdev, skb);
2522 break;
2523
980e1a53
JH		 2524 case HCI_OP_PIN_CODE_REPLY:
2525 hci_cc_pin_code_reply(hdev, skb);
2526 break;
2527
2528 case HCI_OP_PIN_CODE_NEG_REPLY:
2529 hci_cc_pin_code_neg_reply(hdev, skb);
2530 break;
2531
c35938b2
SJ		 2532 case HCI_OP_READ_LOCAL_OOB_DATA:
2533 hci_cc_read_local_oob_data_reply(hdev, skb);
2534 break;
2535
6ed58ec5
VT		 2536 case HCI_OP_LE_READ_BUFFER_SIZE:
2537 hci_cc_le_read_buffer_size(hdev, skb);
2538 break;
2539
8fa19098
JH		 2540 case HCI_OP_LE_READ_ADV_TX_POWER:
2541 hci_cc_le_read_adv_tx_power(hdev, skb);
2542 break;
2543
e36b04c8
JH		 2544 case HCI_OP_LE_SET_EVENT_MASK:
2545 hci_cc_le_set_event_mask(hdev, skb);
2546 break;
2547
a5c29683
JH		 2548 case HCI_OP_USER_CONFIRM_REPLY:
2549 hci_cc_user_confirm_reply(hdev, skb);
2550 break;
2551
2552 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2553 hci_cc_user_confirm_neg_reply(hdev, skb);
2554 break;
2555
1143d458
BG		 2556 case HCI_OP_USER_PASSKEY_REPLY:
2557 hci_cc_user_passkey_reply(hdev, skb);
2558 break;
2559
2560 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2561 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2562 break;
07f7fa5d
AG		 2563
2564 case HCI_OP_LE_SET_SCAN_PARAM:
2565 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2566 break;
2567
eb9d91f5
AG		 2568 case HCI_OP_LE_SET_SCAN_ENABLE:
2569 hci_cc_le_set_scan_enable(hdev, skb);
2570 break;
2571
a7a595f6
VCG		 2572 case HCI_OP_LE_LTK_REPLY:
2573 hci_cc_le_ltk_reply(hdev, skb);
2574 break;
2575
2576 case HCI_OP_LE_LTK_NEG_REPLY:
2577 hci_cc_le_ltk_neg_reply(hdev, skb);
2578 break;
2579
f9b49306
AG		 2580 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2581 hci_cc_write_le_host_supported(hdev, skb);
2582 break;
2583
93c284ee
AE		 2584 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2585 hci_cc_write_remote_amp_assoc(hdev, skb);
2586 break;
2587
a9de9248 2588 default:
9f1db00c 2589 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2590 break;
2591 }
2592
6bd32326
VT		 2593 if (ev->opcode != HCI_OP_NOP)
2594 del_timer(&hdev->cmd_timer);
2595
a9de9248
MH		 2596 if (ev->ncmd) {
2597 atomic_set(&hdev->cmd_cnt, 1);
2598 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2599 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2600 }
2601}
2602
6039aa73 2603static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2604{
2605 struct hci_ev_cmd_status *ev = (void *) skb->data;
2606 __u16 opcode;
2607
2608 skb_pull(skb, sizeof(*ev));
2609
2610 opcode = __le16_to_cpu(ev->opcode);
2611
2612 switch (opcode) {
2613 case HCI_OP_INQUIRY:
2614 hci_cs_inquiry(hdev, ev->status);
2615 break;
2616
2617 case HCI_OP_CREATE_CONN:
2618 hci_cs_create_conn(hdev, ev->status);
2619 break;
2620
2621 case HCI_OP_ADD_SCO:
2622 hci_cs_add_sco(hdev, ev->status);
2623 break;
2624
f8558555
MH		 2625 case HCI_OP_AUTH_REQUESTED:
2626 hci_cs_auth_requested(hdev, ev->status);
2627 break;
2628
2629 case HCI_OP_SET_CONN_ENCRYPT:
2630 hci_cs_set_conn_encrypt(hdev, ev->status);
2631 break;
2632
a9de9248
MH		 2633 case HCI_OP_REMOTE_NAME_REQ:
2634 hci_cs_remote_name_req(hdev, ev->status);
2635 break;
2636
769be974
MH		 2637 case HCI_OP_READ_REMOTE_FEATURES:
2638 hci_cs_read_remote_features(hdev, ev->status);
2639 break;
2640
2641 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2642 hci_cs_read_remote_ext_features(hdev, ev->status);
2643 break;
2644
a9de9248
MH		 2645 case HCI_OP_SETUP_SYNC_CONN:
2646 hci_cs_setup_sync_conn(hdev, ev->status);
2647 break;
2648
2649 case HCI_OP_SNIFF_MODE:
2650 hci_cs_sniff_mode(hdev, ev->status);
2651 break;
2652
2653 case HCI_OP_EXIT_SNIFF_MODE:
2654 hci_cs_exit_sniff_mode(hdev, ev->status);
2655 break;
2656
8962ee74 2657 case HCI_OP_DISCONNECT:
88c3df13 2658 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2659 break;
2660
fcd89c09
VT		 2661 case HCI_OP_LE_CREATE_CONN:
2662 hci_cs_le_create_conn(hdev, ev->status);
2663 break;
2664
a7a595f6
VCG		 2665 case HCI_OP_LE_START_ENC:
2666 hci_cs_le_start_enc(hdev, ev->status);
2667 break;
2668
a02226d6
AE		 2669 case HCI_OP_CREATE_PHY_LINK:
2670 hci_cs_create_phylink(hdev, ev->status);
2671 break;
2672
0b26ab9d
AE		 2673 case HCI_OP_ACCEPT_PHY_LINK:
2674 hci_cs_accept_phylink(hdev, ev->status);
2675 break;
2676
5ce66b59
AE		 2677 case HCI_OP_CREATE_LOGICAL_LINK:
2678 hci_cs_create_logical_link(hdev, ev->status);
2679 break;
2680
a9de9248 2681 default:
9f1db00c 2682 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2683 break;
2684 }
2685
6bd32326
VT		 2686 if (ev->opcode != HCI_OP_NOP)
2687 del_timer(&hdev->cmd_timer);
2688
10572132 2689 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2690 atomic_set(&hdev->cmd_cnt, 1);
2691 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2692 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2693 }
2694}
2695
6039aa73 2696static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2697{
2698 struct hci_ev_role_change *ev = (void *) skb->data;
2699 struct hci_conn *conn;
2700
9f1db00c 2701 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2702
2703 hci_dev_lock(hdev);
2704
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2706 if (conn) {
2707 if (!ev->status) {
2708 if (ev->role)
2709 conn->link_mode &= ~HCI_LM_MASTER;
2710 else
2711 conn->link_mode |= HCI_LM_MASTER;
2712 }
2713
51a8efd7 2714 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2715
2716 hci_role_switch_cfm(conn, ev->status, ev->role);
2717 }
2718
2719 hci_dev_unlock(hdev);
2720}
2721
6039aa73 2722static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2723{
2724 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2725 int i;
2726
32ac5b9b
AE		 2727 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2728 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2729 return;
2730 }
2731
c5993de8 2732 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2733 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2734 BT_DBG("%s bad parameters", hdev->name);
2735 return;
2736 }
2737
c5993de8
AE		 2738 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2739
613a1c0c
AE		 2740 for (i = 0; i < ev->num_hndl; i++) {
2741 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2742 struct hci_conn *conn;
2743 __u16 handle, count;
2744
613a1c0c
AE		 2745 handle = __le16_to_cpu(info->handle);
2746 count = __le16_to_cpu(info->count);
a9de9248
MH		 2747
2748 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2749 if (!conn)
2750 continue;
2751
2752 conn->sent -= count;
2753
2754 switch (conn->type) {
2755 case ACL_LINK:
2756 hdev->acl_cnt += count;
2757 if (hdev->acl_cnt > hdev->acl_pkts)
2758 hdev->acl_cnt = hdev->acl_pkts;
2759 break;
2760
2761 case LE_LINK:
2762 if (hdev->le_pkts) {
2763 hdev->le_cnt += count;
2764 if (hdev->le_cnt > hdev->le_pkts)
2765 hdev->le_cnt = hdev->le_pkts;
2766 } else {
70f23020
AE		 2767 hdev->acl_cnt += count;
2768 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2769 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2770 }
f4280918
AE		 2771 break;
2772
2773 case SCO_LINK:
2774 hdev->sco_cnt += count;
2775 if (hdev->sco_cnt > hdev->sco_pkts)
2776 hdev->sco_cnt = hdev->sco_pkts;
2777 break;
2778
2779 default:
2780 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2781 break;
a9de9248
MH		 2782 }
2783 }
2784
3eff45ea 2785 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2786}
2787
76ef7cf7
AE		 2788static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2789 __u16 handle)
2790{
2791 struct hci_chan *chan;
2792
2793 switch (hdev->dev_type) {
2794 case HCI_BREDR:
2795 return hci_conn_hash_lookup_handle(hdev, handle);
2796 case HCI_AMP:
2797 chan = hci_chan_lookup_handle(hdev, handle);
2798 if (chan)
2799 return chan->conn;
2800 break;
2801 default:
2802 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2803 break;
2804 }
2805
2806 return NULL;
2807}
2808
6039aa73 2809static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2810{
2811 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2812 int i;
2813
2814 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2815 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2816 return;
2817 }
2818
2819 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2820 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2821 BT_DBG("%s bad parameters", hdev->name);
2822 return;
2823 }
2824
2825 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2826 ev->num_hndl);
25e89e99
AE		 2827
2828 for (i = 0; i < ev->num_hndl; i++) {
2829 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2830 struct hci_conn *conn = NULL;
25e89e99
AE		 2831 __u16 handle, block_count;
2832
2833 handle = __le16_to_cpu(info->handle);
2834 block_count = __le16_to_cpu(info->blocks);
2835
76ef7cf7 2836 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2837 if (!conn)
2838 continue;
2839
2840 conn->sent -= block_count;
2841
2842 switch (conn->type) {
2843 case ACL_LINK:
bd1eb66b 2844 case AMP_LINK:
25e89e99
AE		 2845 hdev->block_cnt += block_count;
2846 if (hdev->block_cnt > hdev->num_blocks)
2847 hdev->block_cnt = hdev->num_blocks;
2848 break;
2849
2850 default:
2851 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2852 break;
2853 }
2854 }
2855
2856 queue_work(hdev->workqueue, &hdev->tx_work);
2857}
2858
6039aa73 2859static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2860{
a9de9248 2861 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2862 struct hci_conn *conn;
2863
9f1db00c 2864 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2865
2866 hci_dev_lock(hdev);
2867
2868 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2869 if (conn) {
2870 conn->mode = ev->mode;
2871 conn->interval = __le16_to_cpu(ev->interval);
2872
8fc9ced3
GP		 2873 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2874 &conn->flags)) {
a9de9248 2875 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2876 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2877 else
58a681ef 2878 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2879 }
e73439d8 2880
51a8efd7 2881 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2882 hci_sco_setup(conn, ev->status);
04837f64
MH		 2883 }
2884
2885 hci_dev_unlock(hdev);
2886}
2887
6039aa73 2888static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2889{
052b30b0
MH		 2890 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2891 struct hci_conn *conn;
2892
a9de9248 2893 BT_DBG("%s", hdev->name);
052b30b0
MH		 2894
2895 hci_dev_lock(hdev);
2896
2897 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2898 if (!conn)
2899 goto unlock;
2900
2901 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2902 hci_conn_hold(conn);
2903 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2904 hci_conn_put(conn);
2905 }
2906
a8b2d5c2 2907 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2908 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2909 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2910 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2911 u8 secure;
2912
2913 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2914 secure = 1;
2915 else
2916 secure = 0;
2917
744cf19e 2918 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2919 }
980e1a53 2920
b6f98044 2921unlock:
052b30b0 2922 hci_dev_unlock(hdev);
a9de9248
MH		 2923}
2924
6039aa73 2925static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2926{
55ed8ca1
JH		 2927 struct hci_ev_link_key_req *ev = (void *) skb->data;
2928 struct hci_cp_link_key_reply cp;
2929 struct hci_conn *conn;
2930 struct link_key *key;
2931
a9de9248 2932 BT_DBG("%s", hdev->name);
55ed8ca1 2933
a8b2d5c2 2934 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2935 return;
2936
2937 hci_dev_lock(hdev);
2938
2939 key = hci_find_link_key(hdev, &ev->bdaddr);
2940 if (!key) {
6ed93dc6
AE		 2941 BT_DBG("%s link key not found for %pMR", hdev->name,
2942 &ev->bdaddr);
55ed8ca1
JH		 2943 goto not_found;
2944 }
2945
6ed93dc6
AE		 2946 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2947 &ev->bdaddr);
55ed8ca1 2948
a8b2d5c2 2949 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2950 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2951 BT_DBG("%s ignoring debug key", hdev->name);
2952 goto not_found;
2953 }
2954
2955 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2956 if (conn) {
2957 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2958 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2959 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2960 goto not_found;
2961 }
55ed8ca1 2962
60b83f57 2963 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2964 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2965 BT_DBG("%s ignoring key unauthenticated for high security",
2966 hdev->name);
60b83f57
WR		 2967 goto not_found;
2968 }
2969
2970 conn->key_type = key->type;
2971 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2972 }
2973
2974 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2975 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2976
2977 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2978
2979 hci_dev_unlock(hdev);
2980
2981 return;
2982
2983not_found:
2984 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2985 hci_dev_unlock(hdev);
a9de9248
MH		 2986}
2987
6039aa73 2988static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2989{
052b30b0
MH		 2990 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2991 struct hci_conn *conn;
55ed8ca1 2992 u8 pin_len = 0;
052b30b0 2993
a9de9248 2994 BT_DBG("%s", hdev->name);
052b30b0
MH		 2995
2996 hci_dev_lock(hdev);
2997
2998 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2999 if (conn) {
3000 hci_conn_hold(conn);
3001 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3002 pin_len = conn->pin_length;
13d39315
WR		 3003
3004 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3005 conn->key_type = ev->key_type;
3006
052b30b0
MH		 3007 hci_conn_put(conn);
3008 }
3009
a8b2d5c2 3010 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3011 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3012 ev->key_type, pin_len);
55ed8ca1 3013
052b30b0 3014 hci_dev_unlock(hdev);
a9de9248
MH		 3015}
3016
6039aa73 3017static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3018{
a9de9248 3019 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3020 struct hci_conn *conn;
1da177e4 3021
9f1db00c 3022 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3023
3024 hci_dev_lock(hdev);
3025
04837f64 3026 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3027 if (conn && !ev->status) {
3028 struct inquiry_entry *ie;
3029
cc11b9c1
AE		 3030 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3031 if (ie) {
1da177e4
LT		 3032 ie->data.clock_offset = ev->clock_offset;
3033 ie->timestamp = jiffies;
3034 }
3035 }
3036
3037 hci_dev_unlock(hdev);
3038}
3039
6039aa73 3040static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3041{
3042 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3043 struct hci_conn *conn;
3044
9f1db00c 3045 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3046
3047 hci_dev_lock(hdev);
3048
3049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3050 if (conn && !ev->status)
3051 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3052
3053 hci_dev_unlock(hdev);
3054}
3055
6039aa73 3056static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3057{
a9de9248 3058 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3059 struct inquiry_entry *ie;
3060
3061 BT_DBG("%s", hdev->name);
3062
3063 hci_dev_lock(hdev);
3064
cc11b9c1
AE		 3065 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3066 if (ie) {
85a1e930
MH		 3067 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3068 ie->timestamp = jiffies;
3069 }
3070
3071 hci_dev_unlock(hdev);
3072}
3073
6039aa73
GP		 3074static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3075 struct sk_buff *skb)
a9de9248
MH		 3076{
3077 struct inquiry_data data;
3078 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3079 bool name_known, ssp;
a9de9248
MH		 3080
3081 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3082
3083 if (!num_rsp)
3084 return;
3085
1519cc17
AG		 3086 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3087 return;
3088
a9de9248
MH		 3089 hci_dev_lock(hdev);
3090
3091 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3092 struct inquiry_info_with_rssi_and_pscan_mode *info;
3093 info = (void *) (skb->data + 1);
a9de9248 3094
e17acd40 3095 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3096 bacpy(&data.bdaddr, &info->bdaddr);
3097 data.pscan_rep_mode = info->pscan_rep_mode;
3098 data.pscan_period_mode = info->pscan_period_mode;
3099 data.pscan_mode = info->pscan_mode;
3100 memcpy(data.dev_class, info->dev_class, 3);
3101 data.clock_offset = info->clock_offset;
3102 data.rssi = info->rssi;
41a96212 3103 data.ssp_mode = 0x00;
3175405b
JH		 3104
3105 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3106 false, &ssp);
48264f06 3107 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3108 info->dev_class, info->rssi,
3109 !name_known, ssp, NULL, 0);
a9de9248
MH		 3110 }
3111 } else {
3112 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3113
e17acd40 3114 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3115 bacpy(&data.bdaddr, &info->bdaddr);
3116 data.pscan_rep_mode = info->pscan_rep_mode;
3117 data.pscan_period_mode = info->pscan_period_mode;
3118 data.pscan_mode = 0x00;
3119 memcpy(data.dev_class, info->dev_class, 3);
3120 data.clock_offset = info->clock_offset;
3121 data.rssi = info->rssi;
41a96212 3122 data.ssp_mode = 0x00;
3175405b 3123 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3124 false, &ssp);
48264f06 3125 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3126 info->dev_class, info->rssi,
3127 !name_known, ssp, NULL, 0);
a9de9248
MH		 3128 }
3129 }
3130
3131 hci_dev_unlock(hdev);
3132}
3133
6039aa73
GP		 3134static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3135 struct sk_buff *skb)
a9de9248 3136{
41a96212
MH		 3137 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3138 struct hci_conn *conn;
3139
a9de9248 3140 BT_DBG("%s", hdev->name);
41a96212 3141
41a96212
MH		 3142 hci_dev_lock(hdev);
3143
3144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3145 if (!conn)
3146 goto unlock;
41a96212 3147
ccd556fe
JH		 3148 if (!ev->status && ev->page == 0x01) {
3149 struct inquiry_entry *ie;
41a96212 3150
cc11b9c1
AE		 3151 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3152 if (ie)
02b7cc62 3153 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3154
02b7cc62 3155 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3156 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3157 }
3158
3159 if (conn->state != BT_CONFIG)
3160 goto unlock;
3161
671267bf 3162 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3163 struct hci_cp_remote_name_req cp;
3164 memset(&cp, 0, sizeof(cp));
3165 bacpy(&cp.bdaddr, &conn->dst);
3166 cp.pscan_rep_mode = 0x02;
3167 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3168 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3169 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3170 conn->dst_type, 0, NULL, 0,
3171 conn->dev_class);
392599b9 3172
127178d2 3173 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3174 conn->state = BT_CONNECTED;
3175 hci_proto_connect_cfm(conn, ev->status);
3176 hci_conn_put(conn);
41a96212
MH		 3177 }
3178
ccd556fe 3179unlock:
41a96212 3180 hci_dev_unlock(hdev);
a9de9248
MH		 3181}
3182
6039aa73
GP		 3183static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3184 struct sk_buff *skb)
a9de9248 3185{
b6a0dc82
MH		 3186 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3187 struct hci_conn *conn;
3188
9f1db00c 3189 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3190
3191 hci_dev_lock(hdev);
3192
3193 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3194 if (!conn) {
3195 if (ev->link_type == ESCO_LINK)
3196 goto unlock;
3197
3198 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3199 if (!conn)
3200 goto unlock;
3201
3202 conn->type = SCO_LINK;
3203 }
b6a0dc82 3204
732547f9
MH		 3205 switch (ev->status) {
3206 case 0x00:
b6a0dc82
MH		 3207 conn->handle = __le16_to_cpu(ev->handle);
3208 conn->state = BT_CONNECTED;
7d0db0a3 3209
9eba32b8 3210 hci_conn_hold_device(conn);
7d0db0a3 3211 hci_conn_add_sysfs(conn);
732547f9
MH		 3212 break;
3213
705e5711 3214 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3215 case 0x1c: /* SCO interval rejected */
1038a00b 3216 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3217 case 0x1f: /* Unspecified error */
3218 if (conn->out && conn->attempt < 2) {
3219 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3220 (hdev->esco_type & EDR_ESCO_MASK);
3221 hci_setup_sync(conn, conn->link->handle);
3222 goto unlock;
3223 }
3224 /* fall through */
3225
3226 default:
b6a0dc82 3227 conn->state = BT_CLOSED;
732547f9
MH		 3228 break;
3229 }
b6a0dc82
MH		 3230
3231 hci_proto_connect_cfm(conn, ev->status);
3232 if (ev->status)
3233 hci_conn_del(conn);
3234
3235unlock:
3236 hci_dev_unlock(hdev);
a9de9248
MH		 3237}
3238
6039aa73 3239static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3240{
3241 BT_DBG("%s", hdev->name);
3242}
3243
6039aa73 3244static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3245{
a9de9248 3246 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3247
9f1db00c 3248 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3249}
3250
6039aa73
GP		 3251static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
1da177e4 3253{
a9de9248
MH		 3254 struct inquiry_data data;
3255 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3256 int num_rsp = *((__u8 *) skb->data);
9d939d94 3257 size_t eir_len;
1da177e4 3258
a9de9248 3259 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3260
a9de9248
MH		 3261 if (!num_rsp)
3262 return;
1da177e4 3263
1519cc17
AG		 3264 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3265 return;
3266
a9de9248
MH		 3267 hci_dev_lock(hdev);
3268
e17acd40 3269 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3270 bool name_known, ssp;
561aafbc 3271
a9de9248 3272 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3273 data.pscan_rep_mode = info->pscan_rep_mode;
3274 data.pscan_period_mode = info->pscan_period_mode;
3275 data.pscan_mode = 0x00;
a9de9248 3276 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3277 data.clock_offset = info->clock_offset;
3278 data.rssi = info->rssi;
41a96212 3279 data.ssp_mode = 0x01;
561aafbc 3280
a8b2d5c2 3281 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3282 name_known = eir_has_data_type(info->data,
04124681
GP		 3283 sizeof(info->data),
3284 EIR_NAME_COMPLETE);
561aafbc
JH		 3285 else
3286 name_known = true;
3287
388fc8fa 3288 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3289 &ssp);
9d939d94 3290 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3291 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3292 info->dev_class, info->rssi, !name_known,
9d939d94 3293 ssp, info->data, eir_len);
a9de9248
MH		 3294 }
3295
3296 hci_dev_unlock(hdev);
3297}
1da177e4 3298
1c2e0041
JH		 3299static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3300 struct sk_buff *skb)
3301{
3302 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3303 struct hci_conn *conn;
3304
9f1db00c 3305 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3306 __le16_to_cpu(ev->handle));
3307
3308 hci_dev_lock(hdev);
3309
3310 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3311 if (!conn)
3312 goto unlock;
3313
3314 if (!ev->status)
3315 conn->sec_level = conn->pending_sec_level;
3316
3317 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3318
3319 if (ev->status && conn->state == BT_CONNECTED) {
3320 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3321 hci_conn_put(conn);
3322 goto unlock;
3323 }
3324
3325 if (conn->state == BT_CONFIG) {
3326 if (!ev->status)
3327 conn->state = BT_CONNECTED;
3328
3329 hci_proto_connect_cfm(conn, ev->status);
3330 hci_conn_put(conn);
3331 } else {
3332 hci_auth_cfm(conn, ev->status);
3333
3334 hci_conn_hold(conn);
3335 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3336 hci_conn_put(conn);
3337 }
3338
3339unlock:
3340 hci_dev_unlock(hdev);
3341}
3342
6039aa73 3343static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3344{
3345 /* If remote requests dedicated bonding follow that lead */
3346 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3347 /* If both remote and local IO capabilities allow MITM
3348 * protection then require it, otherwise don't */
3349 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3350 return 0x02;
3351 else
3352 return 0x03;
3353 }
3354
3355 /* If remote requests no-bonding follow that lead */
3356 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3357 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3358
3359 return conn->auth_type;
3360}
3361
6039aa73 3362static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3363{
3364 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3365 struct hci_conn *conn;
3366
3367 BT_DBG("%s", hdev->name);
3368
3369 hci_dev_lock(hdev);
3370
3371 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3372 if (!conn)
3373 goto unlock;
3374
3375 hci_conn_hold(conn);
3376
a8b2d5c2 3377 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3378 goto unlock;
3379
a8b2d5c2 3380 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3381 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3382 struct hci_cp_io_capability_reply cp;
3383
3384 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3385 /* Change the IO capability from KeyboardDisplay
3386 * to DisplayYesNo as it is not supported by BT spec. */
3387 cp.capability = (conn->io_capability == 0x04) ?
3388 0x01 : conn->io_capability;
7cbc9bd9
JH		 3389 conn->auth_type = hci_get_auth_req(conn);
3390 cp.authentication = conn->auth_type;
17fa4b9d 3391
8fc9ced3
GP		 3392 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3393 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3394 cp.oob_data = 0x01;
3395 else
3396 cp.oob_data = 0x00;
3397
17fa4b9d 3398 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3399 sizeof(cp), &cp);
03b555e1
JH		 3400 } else {
3401 struct hci_cp_io_capability_neg_reply cp;
3402
3403 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3404 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3405
03b555e1 3406 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3407 sizeof(cp), &cp);
03b555e1
JH		 3408 }
3409
3410unlock:
3411 hci_dev_unlock(hdev);
3412}
3413
6039aa73 3414static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3415{
3416 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3417 struct hci_conn *conn;
3418
3419 BT_DBG("%s", hdev->name);
3420
3421 hci_dev_lock(hdev);
3422
3423 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3424 if (!conn)
3425 goto unlock;
3426
03b555e1 3427 conn->remote_cap = ev->capability;
03b555e1 3428 conn->remote_auth = ev->authentication;
58a681ef
JH		 3429 if (ev->oob_data)
3430 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3431
3432unlock:
0493684e
MH		 3433 hci_dev_unlock(hdev);
3434}
3435
6039aa73
GP		 3436static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3437 struct sk_buff *skb)
a5c29683
JH		 3438{
3439 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3440 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3441 struct hci_conn *conn;
a5c29683
JH		 3442
3443 BT_DBG("%s", hdev->name);
3444
3445 hci_dev_lock(hdev);
3446
a8b2d5c2 3447 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3448 goto unlock;
a5c29683 3449
7a828908
JH		 3450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3451 if (!conn)
3452 goto unlock;
3453
3454 loc_mitm = (conn->auth_type & 0x01);
3455 rem_mitm = (conn->remote_auth & 0x01);
3456
3457 /* If we require MITM but the remote device can't provide that
3458 * (it has NoInputNoOutput) then reject the confirmation
3459 * request. The only exception is when we're dedicated bonding
3460 * initiators (connect_cfm_cb set) since then we always have the MITM
3461 * bit set. */
3462 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3463 BT_DBG("Rejecting request: remote device can't provide MITM");
3464 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3465 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3466 goto unlock;
3467 }
3468
3469 /* If no side requires MITM protection; auto-accept */
3470 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3471 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3472
3473 /* If we're not the initiators request authorization to
3474 * proceed from user space (mgmt_user_confirm with
3475 * confirm_hint set to 1). */
51a8efd7 3476 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3477 BT_DBG("Confirming auto-accept as acceptor");
3478 confirm_hint = 1;
3479 goto confirm;
3480 }
3481
9f61656a 3482 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3483 hdev->auto_accept_delay);
9f61656a
JH		 3484
3485 if (hdev->auto_accept_delay > 0) {
3486 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3487 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3488 goto unlock;
3489 }
3490
7a828908 3491 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3492 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3493 goto unlock;
3494 }
3495
55bc1a37 3496confirm:
272d90df 3497 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3498 confirm_hint);
7a828908
JH		 3499
3500unlock:
a5c29683
JH		 3501 hci_dev_unlock(hdev);
3502}
3503
6039aa73
GP		 3504static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3505 struct sk_buff *skb)
1143d458
BG		 3506{
3507 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3508
3509 BT_DBG("%s", hdev->name);
3510
a8b2d5c2 3511 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3512 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3513}
3514
92a25256
JH		 3515static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3516 struct sk_buff *skb)
3517{
3518 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3519 struct hci_conn *conn;
3520
3521 BT_DBG("%s", hdev->name);
3522
3523 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3524 if (!conn)
3525 return;
3526
3527 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3528 conn->passkey_entered = 0;
3529
3530 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3531 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3532 conn->dst_type, conn->passkey_notify,
3533 conn->passkey_entered);
3534}
3535
3536static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3537{
3538 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3539 struct hci_conn *conn;
3540
3541 BT_DBG("%s", hdev->name);
3542
3543 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3544 if (!conn)
3545 return;
3546
3547 switch (ev->type) {
3548 case HCI_KEYPRESS_STARTED:
3549 conn->passkey_entered = 0;
3550 return;
3551
3552 case HCI_KEYPRESS_ENTERED:
3553 conn->passkey_entered++;
3554 break;
3555
3556 case HCI_KEYPRESS_ERASED:
3557 conn->passkey_entered--;
3558 break;
3559
3560 case HCI_KEYPRESS_CLEARED:
3561 conn->passkey_entered = 0;
3562 break;
3563
3564 case HCI_KEYPRESS_COMPLETED:
3565 return;
3566 }
3567
3568 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3569 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3570 conn->dst_type, conn->passkey_notify,
3571 conn->passkey_entered);
3572}
3573
6039aa73
GP		 3574static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3575 struct sk_buff *skb)
0493684e
MH		 3576{
3577 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3578 struct hci_conn *conn;
3579
3580 BT_DBG("%s", hdev->name);
3581
3582 hci_dev_lock(hdev);
3583
3584 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3585 if (!conn)
3586 goto unlock;
3587
3588 /* To avoid duplicate auth_failed events to user space we check
3589 * the HCI_CONN_AUTH_PEND flag which will be set if we
3590 * initiated the authentication. A traditional auth_complete
3591 * event gets always produced as initiator and is also mapped to
3592 * the mgmt_auth_failed event */
fa1bd918 3593 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3594 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3595 ev->status);
0493684e 3596
2a611692
JH		 3597 hci_conn_put(conn);
3598
3599unlock:
0493684e
MH		 3600 hci_dev_unlock(hdev);
3601}
3602
6039aa73
GP		 3603static void hci_remote_host_features_evt(struct hci_dev *hdev,
3604 struct sk_buff *skb)
41a96212
MH		 3605{
3606 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3607 struct inquiry_entry *ie;
3608
3609 BT_DBG("%s", hdev->name);
3610
3611 hci_dev_lock(hdev);
3612
cc11b9c1
AE		 3613 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3614 if (ie)
02b7cc62 3615 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3616
3617 hci_dev_unlock(hdev);
3618}
3619
6039aa73
GP		 3620static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3621 struct sk_buff *skb)
2763eda6
SJ		 3622{
3623 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3624 struct oob_data *data;
3625
3626 BT_DBG("%s", hdev->name);
3627
3628 hci_dev_lock(hdev);
3629
a8b2d5c2 3630 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3631 goto unlock;
3632
2763eda6
SJ		 3633 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3634 if (data) {
3635 struct hci_cp_remote_oob_data_reply cp;
3636
3637 bacpy(&cp.bdaddr, &ev->bdaddr);
3638 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3639 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3640
3641 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3642 &cp);
2763eda6
SJ		 3643 } else {
3644 struct hci_cp_remote_oob_data_neg_reply cp;
3645
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
3647 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3648 &cp);
2763eda6
SJ		 3649 }
3650
e1ba1f15 3651unlock:
2763eda6
SJ		 3652 hci_dev_unlock(hdev);
3653}
3654
d5e91192
AE		 3655static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3656 struct sk_buff *skb)
3657{
3658 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3659 struct hci_conn *hcon, *bredr_hcon;
3660
3661 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3662 ev->status);
3663
3664 hci_dev_lock(hdev);
3665
3666 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3667 if (!hcon) {
3668 hci_dev_unlock(hdev);
3669 return;
3670 }
3671
3672 if (ev->status) {
3673 hci_conn_del(hcon);
3674 hci_dev_unlock(hdev);
3675 return;
3676 }
3677
3678 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3679
3680 hcon->state = BT_CONNECTED;
3681 bacpy(&hcon->dst, &bredr_hcon->dst);
3682
3683 hci_conn_hold(hcon);
3684 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3685 hci_conn_put(hcon);
3686
3687 hci_conn_hold_device(hcon);
3688 hci_conn_add_sysfs(hcon);
3689
3690 hci_dev_unlock(hdev);
3691
3692 if (hcon->out) {
3693 struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev);
3694
3695 if (!bredr_hdev)
3696 return;
3697
3698 /* Placeholder - create chan req
3699 l2cap_chan_create_cfm(bredr_hcon, hcon->remote_id);
3700 */
3701
3702 hci_dev_put(bredr_hdev);
3703 }
3704}
3705
27695fb4
AE		 3706static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3707{
3708 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3709 struct hci_conn *hcon;
3710 struct hci_chan *hchan;
3711 struct amp_mgr *mgr;
3712
3713 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3714 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3715 ev->status);
3716
3717 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3718 if (!hcon)
3719 return;
3720
3721 /* Create AMP hchan */
3722 hchan = hci_chan_create(hcon);
3723 if (!hchan)
3724 return;
3725
3726 hchan->handle = le16_to_cpu(ev->handle);
3727
3728 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3729
3730 mgr = hcon->amp_mgr;
3731 if (mgr && mgr->bredr_chan) {
3732 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3733
3734 l2cap_chan_lock(bredr_chan);
3735
3736 bredr_chan->conn->mtu = hdev->block_mtu;
3737 l2cap_logical_cfm(bredr_chan, hchan, 0);
3738 hci_conn_hold(hcon);
3739
3740 l2cap_chan_unlock(bredr_chan);
3741 }
3742}
3743
606e2a10
AE		 3744static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3745 struct sk_buff *skb)
3746{
3747 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3748 struct hci_chan *hchan;
3749
3750 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3751 le16_to_cpu(ev->handle), ev->status);
3752
3753 if (ev->status)
3754 return;
3755
3756 hci_dev_lock(hdev);
3757
3758 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3759 if (!hchan)
3760 goto unlock;
3761
3762 amp_destroy_logical_link(hchan, ev->reason);
3763
3764unlock:
3765 hci_dev_unlock(hdev);
3766}
3767
9eef6b3a
AE		 3768static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3769 struct sk_buff *skb)
3770{
3771 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3772 struct hci_conn *hcon;
3773
3774 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3775
3776 if (ev->status)
3777 return;
3778
3779 hci_dev_lock(hdev);
3780
3781 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3782 if (hcon) {
3783 hcon->state = BT_CLOSED;
3784 hci_conn_del(hcon);
3785 }
3786
3787 hci_dev_unlock(hdev);
3788}
3789
6039aa73 3790static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3791{
3792 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3793 struct hci_conn *conn;
3794
9f1db00c 3795 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3796
3797 hci_dev_lock(hdev);
3798
b47a09b3 3799 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3800 if (!conn) {
3801 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3802 if (!conn) {
3803 BT_ERR("No memory for new connection");
230fd16a 3804 goto unlock;
b62f328b 3805 }
29b7988a
AG		 3806
3807 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3808
3809 if (ev->role == LE_CONN_ROLE_MASTER) {
3810 conn->out = true;
3811 conn->link_mode |= HCI_LM_MASTER;
3812 }
b62f328b 3813 }
fcd89c09 3814
cd17decb
AG		 3815 if (ev->status) {
3816 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3817 conn->dst_type, ev->status);
3818 hci_proto_connect_cfm(conn, ev->status);
3819 conn->state = BT_CLOSED;
3820 hci_conn_del(conn);
3821 goto unlock;
3822 }
3823
b644ba33
JH		 3824 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3825 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3826 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3827
7b5c0d52 3828 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3829 conn->handle = __le16_to_cpu(ev->handle);
3830 conn->state = BT_CONNECTED;
3831
3832 hci_conn_hold_device(conn);
3833 hci_conn_add_sysfs(conn);
3834
3835 hci_proto_connect_cfm(conn, ev->status);
3836
3837unlock:
3838 hci_dev_unlock(hdev);
3839}
3840
6039aa73 3841static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3842{
e95beb41
AG		 3843 u8 num_reports = skb->data[0];
3844 void *ptr = &skb->data[1];
3c9e9195 3845 s8 rssi;
9aa04c91
AG		 3846
3847 hci_dev_lock(hdev);
3848
e95beb41
AG		 3849 while (num_reports--) {
3850 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3851
3c9e9195
AG		 3852 rssi = ev->data[ev->length];
3853 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3854 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3855
e95beb41 3856 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3857 }
3858
3859 hci_dev_unlock(hdev);
3860}
3861
6039aa73 3862static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3863{
3864 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3865 struct hci_cp_le_ltk_reply cp;
bea710fe 3866 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3867 struct hci_conn *conn;
c9839a11 3868 struct smp_ltk *ltk;
a7a595f6 3869
9f1db00c 3870 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3871
3872 hci_dev_lock(hdev);
3873
3874 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3875 if (conn == NULL)
3876 goto not_found;
a7a595f6 3877
bea710fe
VCG		 3878 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3879 if (ltk == NULL)
3880 goto not_found;
3881
3882 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3883 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3884
3885 if (ltk->authenticated)
3886 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3887
3888 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3889
c9839a11
VCG		 3890 if (ltk->type & HCI_SMP_STK) {
3891 list_del(&ltk->list);
3892 kfree(ltk);
3893 }
3894
a7a595f6 3895 hci_dev_unlock(hdev);
bea710fe
VCG		 3896
3897 return;
3898
3899not_found:
3900 neg.handle = ev->handle;
3901 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3902 hci_dev_unlock(hdev);
a7a595f6
VCG		 3903}
3904
6039aa73 3905static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3906{
3907 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3908
3909 skb_pull(skb, sizeof(*le_ev));
3910
3911 switch (le_ev->subevent) {
3912 case HCI_EV_LE_CONN_COMPLETE:
3913 hci_le_conn_complete_evt(hdev, skb);
3914 break;
3915
9aa04c91
AG		 3916 case HCI_EV_LE_ADVERTISING_REPORT:
3917 hci_le_adv_report_evt(hdev, skb);
3918 break;
3919
a7a595f6
VCG		 3920 case HCI_EV_LE_LTK_REQ:
3921 hci_le_ltk_request_evt(hdev, skb);
3922 break;
3923
fcd89c09
VT		 3924 default:
3925 break;
3926 }
3927}
3928
9495b2ee
AE		 3929static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3930{
3931 struct hci_ev_channel_selected *ev = (void *) skb->data;
3932 struct hci_conn *hcon;
3933
3934 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3935
3936 skb_pull(skb, sizeof(*ev));
3937
3938 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3939 if (!hcon)
3940 return;
3941
3942 amp_read_loc_assoc_final_data(hdev, hcon);
3943}
3944
a9de9248
MH		 3945void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3946{
3947 struct hci_event_hdr *hdr = (void *) skb->data;
3948 __u8 event = hdr->evt;
3949
3950 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3951
3952 switch (event) {
1da177e4
LT		 3953 case HCI_EV_INQUIRY_COMPLETE:
3954 hci_inquiry_complete_evt(hdev, skb);
3955 break;
3956
3957 case HCI_EV_INQUIRY_RESULT:
3958 hci_inquiry_result_evt(hdev, skb);
3959 break;
3960
a9de9248
MH		 3961 case HCI_EV_CONN_COMPLETE:
3962 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3963 break;
3964
1da177e4
LT		 3965 case HCI_EV_CONN_REQUEST:
3966 hci_conn_request_evt(hdev, skb);
3967 break;
3968
1da177e4
LT		 3969 case HCI_EV_DISCONN_COMPLETE:
3970 hci_disconn_complete_evt(hdev, skb);
3971 break;
3972
1da177e4
LT		 3973 case HCI_EV_AUTH_COMPLETE:
3974 hci_auth_complete_evt(hdev, skb);
3975 break;
3976
a9de9248
MH		 3977 case HCI_EV_REMOTE_NAME:
3978 hci_remote_name_evt(hdev, skb);
3979 break;
3980
1da177e4
LT		 3981 case HCI_EV_ENCRYPT_CHANGE:
3982 hci_encrypt_change_evt(hdev, skb);
3983 break;
3984
a9de9248
MH		 3985 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3986 hci_change_link_key_complete_evt(hdev, skb);
3987 break;
3988
3989 case HCI_EV_REMOTE_FEATURES:
3990 hci_remote_features_evt(hdev, skb);
3991 break;
3992
3993 case HCI_EV_REMOTE_VERSION:
3994 hci_remote_version_evt(hdev, skb);
3995 break;
3996
3997 case HCI_EV_QOS_SETUP_COMPLETE:
3998 hci_qos_setup_complete_evt(hdev, skb);
3999 break;
4000
4001 case HCI_EV_CMD_COMPLETE:
4002 hci_cmd_complete_evt(hdev, skb);
4003 break;
4004
4005 case HCI_EV_CMD_STATUS:
4006 hci_cmd_status_evt(hdev, skb);
4007 break;
4008
4009 case HCI_EV_ROLE_CHANGE:
4010 hci_role_change_evt(hdev, skb);
4011 break;
4012
4013 case HCI_EV_NUM_COMP_PKTS:
4014 hci_num_comp_pkts_evt(hdev, skb);
4015 break;
4016
4017 case HCI_EV_MODE_CHANGE:
4018 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4019 break;
4020
4021 case HCI_EV_PIN_CODE_REQ:
4022 hci_pin_code_request_evt(hdev, skb);
4023 break;
4024
4025 case HCI_EV_LINK_KEY_REQ:
4026 hci_link_key_request_evt(hdev, skb);
4027 break;
4028
4029 case HCI_EV_LINK_KEY_NOTIFY:
4030 hci_link_key_notify_evt(hdev, skb);
4031 break;
4032
4033 case HCI_EV_CLOCK_OFFSET:
4034 hci_clock_offset_evt(hdev, skb);
4035 break;
4036
a8746417
MH		 4037 case HCI_EV_PKT_TYPE_CHANGE:
4038 hci_pkt_type_change_evt(hdev, skb);
4039 break;
4040
85a1e930
MH		 4041 case HCI_EV_PSCAN_REP_MODE:
4042 hci_pscan_rep_mode_evt(hdev, skb);
4043 break;
4044
a9de9248
MH		 4045 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4046 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4047 break;
4048
a9de9248
MH		 4049 case HCI_EV_REMOTE_EXT_FEATURES:
4050 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4051 break;
4052
a9de9248
MH		 4053 case HCI_EV_SYNC_CONN_COMPLETE:
4054 hci_sync_conn_complete_evt(hdev, skb);
4055 break;
1da177e4 4056
a9de9248
MH		 4057 case HCI_EV_SYNC_CONN_CHANGED:
4058 hci_sync_conn_changed_evt(hdev, skb);
4059 break;
1da177e4 4060
a9de9248
MH		 4061 case HCI_EV_SNIFF_SUBRATE:
4062 hci_sniff_subrate_evt(hdev, skb);
4063 break;
1da177e4 4064
a9de9248
MH		 4065 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4066 hci_extended_inquiry_result_evt(hdev, skb);
4067 break;
1da177e4 4068
1c2e0041
JH		 4069 case HCI_EV_KEY_REFRESH_COMPLETE:
4070 hci_key_refresh_complete_evt(hdev, skb);
4071 break;
4072
0493684e
MH		 4073 case HCI_EV_IO_CAPA_REQUEST:
4074 hci_io_capa_request_evt(hdev, skb);
4075 break;
4076
03b555e1
JH		 4077 case HCI_EV_IO_CAPA_REPLY:
4078 hci_io_capa_reply_evt(hdev, skb);
4079 break;
4080
a5c29683
JH		 4081 case HCI_EV_USER_CONFIRM_REQUEST:
4082 hci_user_confirm_request_evt(hdev, skb);
4083 break;
4084
1143d458
BG		 4085 case HCI_EV_USER_PASSKEY_REQUEST:
4086 hci_user_passkey_request_evt(hdev, skb);
4087 break;
4088
92a25256
JH		 4089 case HCI_EV_USER_PASSKEY_NOTIFY:
4090 hci_user_passkey_notify_evt(hdev, skb);
4091 break;
4092
4093 case HCI_EV_KEYPRESS_NOTIFY:
4094 hci_keypress_notify_evt(hdev, skb);
4095 break;
4096
0493684e
MH		 4097 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4098 hci_simple_pair_complete_evt(hdev, skb);
4099 break;
4100
41a96212
MH		 4101 case HCI_EV_REMOTE_HOST_FEATURES:
4102 hci_remote_host_features_evt(hdev, skb);
4103 break;
4104
fcd89c09
VT		 4105 case HCI_EV_LE_META:
4106 hci_le_meta_evt(hdev, skb);
4107 break;
4108
9495b2ee
AE		 4109 case HCI_EV_CHANNEL_SELECTED:
4110 hci_chan_selected_evt(hdev, skb);
4111 break;
4112
2763eda6
SJ		 4113 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4114 hci_remote_oob_data_request_evt(hdev, skb);
4115 break;
4116
d5e91192
AE		 4117 case HCI_EV_PHY_LINK_COMPLETE:
4118 hci_phy_link_complete_evt(hdev, skb);
4119 break;
4120
27695fb4
AE		 4121 case HCI_EV_LOGICAL_LINK_COMPLETE:
4122 hci_loglink_complete_evt(hdev, skb);
4123 break;
4124
606e2a10
AE		 4125 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4126 hci_disconn_loglink_complete_evt(hdev, skb);
4127 break;
4128
9eef6b3a
AE		 4129 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4130 hci_disconn_phylink_complete_evt(hdev, skb);
4131 break;
4132
25e89e99
AE		 4133 case HCI_EV_NUM_COMP_BLOCKS:
4134 hci_num_comp_blocks_evt(hdev, skb);
4135 break;
4136
a9de9248 4137 default:
9f1db00c 4138 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4139 break;
4140 }
4141
4142 kfree_skb(skb);
4143 hdev->stat.evt_rx++;
4144}
kernel source for telekom puls (alcatel/mediatek)