projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Convert hdev->out to a bool type
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
7005ff17
JH		 198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF);
a9de9248 200}
04837f64 201
a9de9248
MH		 202static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203{
204 __u8 status = *((__u8 *) skb->data);
205 void *sent;
04837f64 206
a9de9248 207 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 208
a9de9248
MH		 209 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
210 if (!sent)
211 return;
04837f64 212
56e5cb86
JH		 213 hci_dev_lock(hdev);
214
a8b2d5c2 215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 216 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 217
56e5cb86
JH		 218 if (status == 0)
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 220
56e5cb86 221 hci_dev_unlock(hdev);
a9de9248
MH		 222}
223
224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225{
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
1f6c6378 233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 234}
235
236static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237{
238 __u8 status = *((__u8 *) skb->data);
239 void *sent;
240
241 BT_DBG("%s status 0x%x", hdev->name, status);
242
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
244 if (!sent)
245 return;
246
247 if (!status) {
248 __u8 param = *((__u8 *) sent);
249
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
252 else
253 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 254 }
a9de9248 255
23bb5763 256 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 257}
258
a9de9248 259static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 260{
a9de9248 261 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 262 void *sent;
263
a9de9248 264 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 265
a9de9248
MH		 266 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
267 if (!sent)
268 return;
1da177e4 269
a9de9248
MH		 270 if (!status) {
271 __u8 param = *((__u8 *) sent);
272
273 if (param)
274 set_bit(HCI_ENCRYPT, &hdev->flags);
275 else
276 clear_bit(HCI_ENCRYPT, &hdev->flags);
277 }
1da177e4 278
23bb5763 279 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 280}
1da177e4 281
a9de9248
MH		 282static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283{
36f7fc7e
JH		 284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
a9de9248 286 void *sent;
1da177e4 287
a9de9248 288 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 289
a9de9248
MH		 290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
291 if (!sent)
292 return;
1da177e4 293
36f7fc7e
JH		 294 param = *((__u8 *) sent);
295
56e5cb86
JH		 296 hci_dev_lock(hdev);
297
2d7cee58 298 if (status != 0) {
744cf19e 299 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 300 hdev->discov_timeout = 0;
301 goto done;
302 }
303
36f7fc7e
JH		 304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
309 if (!old_iscan)
744cf19e 310 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
314 to);
315 }
36f7fc7e 316 } else if (old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 318
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
321 if (!old_pscan)
744cf19e 322 mgmt_connectable(hdev, 1);
36f7fc7e 323 } else if (old_pscan)
744cf19e 324 mgmt_connectable(hdev, 0);
1da177e4 325
36f7fc7e 326done:
56e5cb86 327 hci_dev_unlock(hdev);
23bb5763 328 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 329}
1da177e4 330
a9de9248
MH		 331static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332{
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 334
a9de9248 335 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 336
a9de9248
MH		 337 if (rp->status)
338 return;
1da177e4 339
a9de9248 340 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 341
a9de9248
MH		 342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
344}
1da177e4 345
a9de9248
MH		 346static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347{
348 __u8 status = *((__u8 *) skb->data);
349 void *sent;
1da177e4 350
a9de9248 351 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 352
f383f275
MH		 353 if (status)
354 return;
355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
f383f275 360 memcpy(hdev->dev_class, sent, 3);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364{
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
366 __u16 setting;
367
368 BT_DBG("%s status 0x%x", hdev->name, rp->status);
369
370 if (rp->status)
371 return;
372
373 setting = __le16_to_cpu(rp->voice_setting);
374
f383f275 375 if (hdev->voice_setting == setting)
a9de9248
MH		 376 return;
377
378 hdev->voice_setting = setting;
379
380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
381
3c54711c 382 if (hdev->notify)
a9de9248 383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 384}
385
386static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 __u8 status = *((__u8 *) skb->data);
f383f275 389 __u16 setting;
a9de9248
MH		 390 void *sent;
391
392 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 393
f383f275
MH		 394 if (status)
395 return;
396
a9de9248
MH		 397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
398 if (!sent)
399 return;
1da177e4 400
f383f275 401 setting = get_unaligned_le16(sent);
1da177e4 402
f383f275
MH		 403 if (hdev->voice_setting == setting)
404 return;
405
406 hdev->voice_setting = setting;
1da177e4 407
f383f275 408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 409
3c54711c 410 if (hdev->notify)
f383f275 411 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 412}
413
a9de9248 414static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 415{
a9de9248 416 __u8 status = *((__u8 *) skb->data);
1da177e4 417
a9de9248 418 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 419
23bb5763 420 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 421}
1143e5a6 422
333140b5
MH		 423static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426
427 BT_DBG("%s status 0x%x", hdev->name, rp->status);
428
429 if (rp->status)
430 return;
431
432 hdev->ssp_mode = rp->mode;
433}
434
435static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436{
437 __u8 status = *((__u8 *) skb->data);
438 void *sent;
439
440 BT_DBG("%s status 0x%x", hdev->name, status);
441
442 if (status)
443 return;
444
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
449 hdev->ssp_mode = *((__u8 *) sent);
450}
451
d5859e22
JH		 452static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453{
454 if (hdev->features[6] & LMP_EXT_INQ)
455 return 2;
456
457 if (hdev->features[3] & LMP_RSSI_INQ)
458 return 1;
459
460 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
461 hdev->lmp_subver == 0x0757)
462 return 1;
463
464 if (hdev->manufacturer == 15) {
465 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 return 1;
467 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 return 1;
469 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
470 return 1;
471 }
472
473 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
474 hdev->lmp_subver == 0x1805)
475 return 1;
476
477 return 0;
478}
479
480static void hci_setup_inquiry_mode(struct hci_dev *hdev)
481{
482 u8 mode;
483
484 mode = hci_get_inquiry_mode(hdev);
485
486 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487}
488
489static void hci_setup_event_mask(struct hci_dev *hdev)
490{
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495
6de6c18d
VT		 496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
5a13b095 498 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 499 return;
500
501 events[4] |= 0x01; /* Flow Specification Complete */
502 events[4] |= 0x02; /* Inquiry Result with RSSI */
503 events[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events[5] |= 0x08; /* Synchronous Connection Complete */
505 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 506
507 if (hdev->features[3] & LMP_RSSI_INQ)
508 events[4] |= 0x04; /* Inquiry Result with RSSI */
509
510 if (hdev->features[5] & LMP_SNIFF_SUBR)
511 events[5] |= 0x20; /* Sniff Subrating */
512
513 if (hdev->features[5] & LMP_PAUSE_ENC)
514 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515
516 if (hdev->features[6] & LMP_EXT_INQ)
517 events[5] |= 0x40; /* Extended Inquiry Result */
518
519 if (hdev->features[6] & LMP_NO_FLUSH)
520 events[7] |= 0x01; /* Enhanced Flush Complete */
521
522 if (hdev->features[7] & LMP_LSTO)
523 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524
525 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
526 events[6] |= 0x01; /* IO Capability Request */
527 events[6] |= 0x02; /* IO Capability Response */
528 events[6] |= 0x04; /* User Confirmation Request */
529 events[6] |= 0x08; /* User Passkey Request */
530 events[6] |= 0x10; /* Remote OOB Data Request */
531 events[6] |= 0x20; /* Simple Pairing Complete */
532 events[7] |= 0x04; /* User Passkey Notification */
533 events[7] |= 0x08; /* Keypress Notification */
534 events[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
536 }
537
538 if (hdev->features[4] & LMP_LE)
539 events[7] |= 0x20; /* LE Meta-Event */
540
541 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
542}
543
e6100a25
AG		 544static void hci_set_le_support(struct hci_dev *hdev)
545{
546 struct hci_cp_write_le_host_supported cp;
547
548 memset(&cp, 0, sizeof(cp));
549
550 if (enable_le) {
551 cp.le = 1;
552 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
553 }
554
555 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
556}
557
d5859e22
JH		 558static void hci_setup(struct hci_dev *hdev)
559{
e61ef499
AE		 560 if (hdev->dev_type != HCI_BREDR)
561 return;
562
d5859e22
JH		 563 hci_setup_event_mask(hdev);
564
d095c1eb 565 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567
568 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 u8 mode = 0x01;
570 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
571 }
572
573 if (hdev->features[3] & LMP_RSSI_INQ)
574 hci_setup_inquiry_mode(hdev);
575
576 if (hdev->features[7] & LMP_INQ_TX_PWR)
577 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 578
579 if (hdev->features[7] & LMP_EXTFEATURES) {
580 struct hci_cp_read_local_ext_features cp;
581
582 cp.page = 0x01;
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
584 sizeof(cp), &cp);
585 }
e6100a25
AG		 586
587 if (hdev->features[4] & LMP_LE)
588 hci_set_le_support(hdev);
d5859e22
JH		 589}
590
a9de9248
MH		 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592{
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 594
a9de9248 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 596
a9de9248
MH		 597 if (rp->status)
598 return;
1143e5a6 599
a9de9248 600 hdev->hci_ver = rp->hci_ver;
e4e8e37c 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 602 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 605
a9de9248
MH		 606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->manufacturer,
608 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 609
610 if (test_bit(HCI_INIT, &hdev->flags))
611 hci_setup(hdev);
612}
613
614static void hci_setup_link_policy(struct hci_dev *hdev)
615{
616 u16 link_policy = 0;
617
618 if (hdev->features[0] & LMP_RSWITCH)
619 link_policy |= HCI_LP_RSWITCH;
620 if (hdev->features[0] & LMP_HOLD)
621 link_policy |= HCI_LP_HOLD;
622 if (hdev->features[0] & LMP_SNIFF)
623 link_policy |= HCI_LP_SNIFF;
624 if (hdev->features[1] & LMP_PARK)
625 link_policy |= HCI_LP_PARK;
626
627 link_policy = cpu_to_le16(link_policy);
628 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
629 sizeof(link_policy), &link_policy);
a9de9248 630}
1da177e4 631
a9de9248
MH		 632static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633{
634 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 635
a9de9248 636 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 637
a9de9248 638 if (rp->status)
d5859e22 639 goto done;
1da177e4 640
a9de9248 641 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 642
643 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
644 hci_setup_link_policy(hdev);
645
646done:
647 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 648}
1da177e4 649
a9de9248
MH		 650static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651{
652 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 653
a9de9248 654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 655
a9de9248
MH		 656 if (rp->status)
657 return;
5b7f9909 658
a9de9248 659 memcpy(hdev->features, rp->features, 8);
5b7f9909 660
a9de9248
MH		 661 /* Adjust default settings according to features
662 * supported by device. */
1da177e4 663
a9de9248
MH		 664 if (hdev->features[0] & LMP_3SLOT)
665 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 666
a9de9248
MH		 667 if (hdev->features[0] & LMP_5SLOT)
668 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 669
a9de9248
MH		 670 if (hdev->features[1] & LMP_HV2) {
671 hdev->pkt_type |= (HCI_HV2);
672 hdev->esco_type |= (ESCO_HV2);
673 }
1da177e4 674
a9de9248
MH		 675 if (hdev->features[1] & LMP_HV3) {
676 hdev->pkt_type |= (HCI_HV3);
677 hdev->esco_type |= (ESCO_HV3);
678 }
1da177e4 679
a9de9248
MH		 680 if (hdev->features[3] & LMP_ESCO)
681 hdev->esco_type |= (ESCO_EV3);
da1f5198 682
a9de9248
MH		 683 if (hdev->features[4] & LMP_EV4)
684 hdev->esco_type |= (ESCO_EV4);
da1f5198 685
a9de9248
MH		 686 if (hdev->features[4] & LMP_EV5)
687 hdev->esco_type |= (ESCO_EV5);
1da177e4 688
efc7688b
MH		 689 if (hdev->features[5] & LMP_EDR_ESCO_2M)
690 hdev->esco_type |= (ESCO_2EV3);
691
692 if (hdev->features[5] & LMP_EDR_ESCO_3M)
693 hdev->esco_type |= (ESCO_3EV3);
694
695 if (hdev->features[5] & LMP_EDR_3S_ESCO)
696 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697
a9de9248
MH		 698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
699 hdev->features[0], hdev->features[1],
700 hdev->features[2], hdev->features[3],
701 hdev->features[4], hdev->features[5],
702 hdev->features[6], hdev->features[7]);
703}
1da177e4 704
971e3a4b
AG		 705static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
706 struct sk_buff *skb)
707{
708 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711
712 if (rp->status)
713 return;
714
b5b32b65
AG		 715 switch (rp->page) {
716 case 0:
717 memcpy(hdev->features, rp->features, 8);
718 break;
719 case 1:
720 memcpy(hdev->host_features, rp->features, 8);
721 break;
722 }
971e3a4b
AG		 723
724 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
725}
726
1e89cffb
AE		 727static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
728 struct sk_buff *skb)
729{
730 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
731
732 BT_DBG("%s status 0x%x", hdev->name, rp->status);
733
734 if (rp->status)
735 return;
736
737 hdev->flow_ctl_mode = rp->mode;
738
739 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
740}
741
a9de9248
MH		 742static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
743{
744 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 745
a9de9248 746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 747
a9de9248
MH		 748 if (rp->status)
749 return;
1da177e4 750
a9de9248
MH		 751 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
752 hdev->sco_mtu = rp->sco_mtu;
753 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
754 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
755
756 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
757 hdev->sco_mtu = 64;
758 hdev->sco_pkts = 8;
1da177e4 759 }
a9de9248
MH		 760
761 hdev->acl_cnt = hdev->acl_pkts;
762 hdev->sco_cnt = hdev->sco_pkts;
763
764 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
765 hdev->acl_mtu, hdev->acl_pkts,
766 hdev->sco_mtu, hdev->sco_pkts);
767}
768
769static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
770{
771 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774
775 if (!rp->status)
776 bacpy(&hdev->bdaddr, &rp->bdaddr);
777
23bb5763
JH		 778 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
779}
780
350ee4cf
AE		 781static void hci_cc_read_data_block_size(struct hci_dev *hdev,
782 struct sk_buff *skb)
783{
784 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
785
786 BT_DBG("%s status 0x%x", hdev->name, rp->status);
787
788 if (rp->status)
789 return;
790
791 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
792 hdev->block_len = __le16_to_cpu(rp->block_len);
793 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
794
795 hdev->block_cnt = hdev->num_blocks;
796
797 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
798 hdev->block_cnt, hdev->block_len);
799
800 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
801}
802
23bb5763
JH		 803static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
804{
805 __u8 status = *((__u8 *) skb->data);
806
807 BT_DBG("%s status 0x%x", hdev->name, status);
808
809 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 810}
811
928abaa7
AE		 812static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
813 struct sk_buff *skb)
814{
815 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
816
817 BT_DBG("%s status 0x%x", hdev->name, rp->status);
818
819 if (rp->status)
820 return;
821
822 hdev->amp_status = rp->amp_status;
823 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
824 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
825 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
826 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
827 hdev->amp_type = rp->amp_type;
828 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
829 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
830 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
831 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
832
833 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
834}
835
b0916ea0
JH		 836static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
837 struct sk_buff *skb)
838{
839 __u8 status = *((__u8 *) skb->data);
840
841 BT_DBG("%s status 0x%x", hdev->name, status);
842
843 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
844}
845
d5859e22
JH		 846static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
853}
854
855static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
856 struct sk_buff *skb)
857{
858 __u8 status = *((__u8 *) skb->data);
859
860 BT_DBG("%s status 0x%x", hdev->name, status);
861
862 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
863}
864
865static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
866 struct sk_buff *skb)
867{
868 __u8 status = *((__u8 *) skb->data);
869
870 BT_DBG("%s status 0x%x", hdev->name, status);
871
872 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
873}
874
875static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 __u8 status = *((__u8 *) skb->data);
878
879 BT_DBG("%s status 0x%x", hdev->name, status);
880
881 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
882}
883
980e1a53
JH		 884static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
885{
886 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
887 struct hci_cp_pin_code_reply *cp;
888 struct hci_conn *conn;
889
890 BT_DBG("%s status 0x%x", hdev->name, rp->status);
891
56e5cb86
JH		 892 hci_dev_lock(hdev);
893
a8b2d5c2 894 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 895 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 896
897 if (rp->status != 0)
56e5cb86 898 goto unlock;
980e1a53
JH		 899
900 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
901 if (!cp)
56e5cb86 902 goto unlock;
980e1a53
JH		 903
904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
905 if (conn)
906 conn->pin_length = cp->pin_len;
56e5cb86
JH		 907
908unlock:
909 hci_dev_unlock(hdev);
980e1a53
JH		 910}
911
912static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
913{
914 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
915
916 BT_DBG("%s status 0x%x", hdev->name, rp->status);
917
56e5cb86
JH		 918 hci_dev_lock(hdev);
919
a8b2d5c2 920 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 921 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 922 rp->status);
56e5cb86
JH		 923
924 hci_dev_unlock(hdev);
980e1a53 925}
56e5cb86 926
6ed58ec5
VT		 927static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
928 struct sk_buff *skb)
929{
930 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
931
932 BT_DBG("%s status 0x%x", hdev->name, rp->status);
933
934 if (rp->status)
935 return;
936
937 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
938 hdev->le_pkts = rp->le_max_pkt;
939
940 hdev->le_cnt = hdev->le_pkts;
941
942 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
943
944 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
945}
980e1a53 946
a5c29683
JH		 947static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
948{
949 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950
951 BT_DBG("%s status 0x%x", hdev->name, rp->status);
952
56e5cb86
JH		 953 hci_dev_lock(hdev);
954
a8b2d5c2 955 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 956 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 957 rp->status);
56e5cb86
JH		 958
959 hci_dev_unlock(hdev);
a5c29683
JH		 960}
961
962static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
963 struct sk_buff *skb)
964{
965 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966
967 BT_DBG("%s status 0x%x", hdev->name, rp->status);
968
56e5cb86
JH		 969 hci_dev_lock(hdev);
970
a8b2d5c2 971 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 972 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 973 rp->status);
56e5cb86
JH		 974
975 hci_dev_unlock(hdev);
a5c29683
JH		 976}
977
1143d458
BG		 978static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
982 BT_DBG("%s status 0x%x", hdev->name, rp->status);
983
984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 987 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
988 rp->status);
989
990 hci_dev_unlock(hdev);
991}
992
993static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
994 struct sk_buff *skb)
995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
998 BT_DBG("%s status 0x%x", hdev->name, rp->status);
999
1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 1003 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1004 rp->status);
1005
1006 hci_dev_unlock(hdev);
1007}
1008
c35938b2
SJ		 1009static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1011{
1012 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1015
56e5cb86 1016 hci_dev_lock(hdev);
744cf19e 1017 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1018 rp->randomizer, rp->status);
56e5cb86 1019 hci_dev_unlock(hdev);
c35938b2
SJ		 1020}
1021
07f7fa5d
AG		 1022static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 __u8 status = *((__u8 *) skb->data);
1025
1026 BT_DBG("%s status 0x%x", hdev->name, status);
1027}
1028
eb9d91f5
AG		 1029static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1031{
1032 struct hci_cp_le_set_scan_enable *cp;
1033 __u8 status = *((__u8 *) skb->data);
1034
1035 BT_DBG("%s status 0x%x", hdev->name, status);
1036
1037 if (status)
1038 return;
1039
1040 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1041 if (!cp)
1042 return;
1043
68a8aea4
AE		 1044 switch (cp->enable) {
1045 case LE_SCANNING_ENABLED:
d23264a8
AG		 1046 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1047
db323f2f 1048 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1049
1050 hci_dev_lock(hdev);
eb9d91f5 1051 hci_adv_entries_clear(hdev);
a8f13c8c 1052 hci_dev_unlock(hdev);
68a8aea4
AE		 1053 break;
1054
1055 case LE_SCANNING_DISABLED:
d23264a8
AG		 1056 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1057
d084329e 1058 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1059 break;
1060
1061 default:
1062 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1063 break;
35815085 1064 }
eb9d91f5
AG		 1065}
1066
a7a595f6
VCG		 1067static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1068{
1069 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1070
1071 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1072
1073 if (rp->status)
1074 return;
1075
1076 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1077}
1078
1079static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1080{
1081 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1082
1083 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1084
1085 if (rp->status)
1086 return;
1087
1088 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1089}
1090
f9b49306
AG		 1091static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1092 struct sk_buff *skb)
1093{
1094 struct hci_cp_read_local_ext_features cp;
1095 __u8 status = *((__u8 *) skb->data);
1096
1097 BT_DBG("%s status 0x%x", hdev->name, status);
1098
1099 if (status)
1100 return;
1101
1102 cp.page = 0x01;
1103 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1104}
1105
a9de9248
MH		 1106static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1107{
1108 BT_DBG("%s status 0x%x", hdev->name, status);
1109
1110 if (status) {
23bb5763 1111 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1112 hci_conn_check_pending(hdev);
56e5cb86 1113 hci_dev_lock(hdev);
a8b2d5c2 1114 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1115 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1116 hci_dev_unlock(hdev);
314b2381
JH		 1117 return;
1118 }
1119
89352e7d
AG		 1120 set_bit(HCI_INQUIRY, &hdev->flags);
1121
56e5cb86 1122 hci_dev_lock(hdev);
30dc78e1 1123 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1124 hci_dev_unlock(hdev);
1da177e4
LT		 1125}
1126
1da177e4
LT		 1127static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1128{
a9de9248 1129 struct hci_cp_create_conn *cp;
1da177e4 1130 struct hci_conn *conn;
1da177e4 1131
a9de9248
MH		 1132 BT_DBG("%s status 0x%x", hdev->name, status);
1133
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1135 if (!cp)
1136 return;
1137
1138 hci_dev_lock(hdev);
1139
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1141
a9de9248 1142 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1143
1144 if (status) {
1145 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1146 if (status != 0x0c || conn->attempt > 2) {
1147 conn->state = BT_CLOSED;
1148 hci_proto_connect_cfm(conn, status);
1149 hci_conn_del(conn);
1150 } else
1151 conn->state = BT_CONNECT2;
1da177e4
LT		 1152 }
1153 } else {
1154 if (!conn) {
1155 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1156 if (conn) {
a0c808b3 1157 conn->out = true;
1da177e4
LT		 1158 conn->link_mode |= HCI_LM_MASTER;
1159 } else
893ef971 1160 BT_ERR("No memory for new connection");
1da177e4
LT		 1161 }
1162 }
1163
1164 hci_dev_unlock(hdev);
1165}
1166
a9de9248 1167static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1168{
a9de9248
MH		 1169 struct hci_cp_add_sco *cp;
1170 struct hci_conn *acl, *sco;
1171 __u16 handle;
1da177e4 1172
b6a0dc82
MH		 1173 BT_DBG("%s status 0x%x", hdev->name, status);
1174
a9de9248
MH		 1175 if (!status)
1176 return;
1da177e4 1177
a9de9248
MH		 1178 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1179 if (!cp)
1180 return;
1da177e4 1181
a9de9248 1182 handle = __le16_to_cpu(cp->handle);
1da177e4 1183
a9de9248 1184 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1185
a9de9248 1186 hci_dev_lock(hdev);
1da177e4 1187
a9de9248 1188 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1189 if (acl) {
1190 sco = acl->link;
1191 if (sco) {
1192 sco->state = BT_CLOSED;
1da177e4 1193
5a08ecce
AE		 1194 hci_proto_connect_cfm(sco, status);
1195 hci_conn_del(sco);
1196 }
a9de9248 1197 }
1da177e4 1198
a9de9248
MH		 1199 hci_dev_unlock(hdev);
1200}
1da177e4 1201
f8558555
MH		 1202static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1203{
1204 struct hci_cp_auth_requested *cp;
1205 struct hci_conn *conn;
1206
1207 BT_DBG("%s status 0x%x", hdev->name, status);
1208
1209 if (!status)
1210 return;
1211
1212 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1213 if (!cp)
1214 return;
1215
1216 hci_dev_lock(hdev);
1217
1218 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1219 if (conn) {
1220 if (conn->state == BT_CONFIG) {
1221 hci_proto_connect_cfm(conn, status);
1222 hci_conn_put(conn);
1223 }
1224 }
1225
1226 hci_dev_unlock(hdev);
1227}
1228
1229static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1230{
1231 struct hci_cp_set_conn_encrypt *cp;
1232 struct hci_conn *conn;
1233
1234 BT_DBG("%s status 0x%x", hdev->name, status);
1235
1236 if (!status)
1237 return;
1238
1239 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1240 if (!cp)
1241 return;
1242
1243 hci_dev_lock(hdev);
1244
1245 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1246 if (conn) {
1247 if (conn->state == BT_CONFIG) {
1248 hci_proto_connect_cfm(conn, status);
1249 hci_conn_put(conn);
1250 }
1251 }
1252
1253 hci_dev_unlock(hdev);
1254}
1255
127178d2 1256static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1257 struct hci_conn *conn)
392599b9 1258{
392599b9
JH		 1259 if (conn->state != BT_CONFIG || !conn->out)
1260 return 0;
1261
765c2a96 1262 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1263 return 0;
1264
1265 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1266 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1267 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1268 conn->pending_sec_level != BT_SECURITY_HIGH &&
1269 !(conn->auth_type & 0x01))
392599b9
JH		 1270 return 0;
1271
392599b9
JH		 1272 return 1;
1273}
1274
30dc78e1
JH		 1275static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1276{
1277 struct hci_cp_remote_name_req cp;
1278
1279 memset(&cp, 0, sizeof(cp));
1280
1281 bacpy(&cp.bdaddr, &e->data.bdaddr);
1282 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1283 cp.pscan_mode = e->data.pscan_mode;
1284 cp.clock_offset = e->data.clock_offset;
1285
1286 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1287}
1288
1289static void hci_resolve_next_name(struct hci_dev *hdev, bdaddr_t *bdaddr)
1290{
1291 struct discovery_state *discov = &hdev->discovery;
1292 struct inquiry_entry *e;
1293
1294 if (discov->state == DISCOVERY_STOPPING)
1295 goto discov_complete;
1296
1297 if (discov->state != DISCOVERY_RESOLVING)
1298 return;
1299
1300 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1301 if (e) {
1302 e->name_state = NAME_KNOWN;
1303 list_del(&e->list);
1304 }
1305
1306 if (list_empty(&discov->resolve))
1307 goto discov_complete;
1308
1309 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1310 if (hci_resolve_name(hdev, e) == 0) {
1311 e->name_state = NAME_PENDING;
1312 return;
1313 }
1314
1315discov_complete:
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317}
1318
a9de9248
MH		 1319static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320{
127178d2
JH		 1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1323
a9de9248 1324 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1325
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1328 if (!status)
1329 return;
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
a8b2d5c2 1337 if (test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1338 hci_resolve_next_name(hdev, &cp->bdaddr);
1339
127178d2 1340 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1341 if (!conn)
1342 goto unlock;
1343
1344 if (!hci_outgoing_auth_needed(hdev, conn))
1345 goto unlock;
1346
51a8efd7 1347 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1348 struct hci_cp_auth_requested cp;
1349 cp.handle = __cpu_to_le16(conn->handle);
1350 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1351 }
1352
79c6c70c 1353unlock:
127178d2 1354 hci_dev_unlock(hdev);
a9de9248 1355}
1da177e4 1356
769be974
MH		 1357static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1358{
1359 struct hci_cp_read_remote_features *cp;
1360 struct hci_conn *conn;
1361
1362 BT_DBG("%s status 0x%x", hdev->name, status);
1363
1364 if (!status)
1365 return;
1366
1367 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1368 if (!cp)
1369 return;
1370
1371 hci_dev_lock(hdev);
1372
1373 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1374 if (conn) {
1375 if (conn->state == BT_CONFIG) {
769be974
MH		 1376 hci_proto_connect_cfm(conn, status);
1377 hci_conn_put(conn);
1378 }
1379 }
1380
1381 hci_dev_unlock(hdev);
1382}
1383
1384static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1385{
1386 struct hci_cp_read_remote_ext_features *cp;
1387 struct hci_conn *conn;
1388
1389 BT_DBG("%s status 0x%x", hdev->name, status);
1390
1391 if (!status)
1392 return;
1393
1394 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1395 if (!cp)
1396 return;
1397
1398 hci_dev_lock(hdev);
1399
1400 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1401 if (conn) {
1402 if (conn->state == BT_CONFIG) {
769be974
MH		 1403 hci_proto_connect_cfm(conn, status);
1404 hci_conn_put(conn);
1405 }
1406 }
1407
1408 hci_dev_unlock(hdev);
1409}
1410
a9de9248
MH		 1411static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1412{
b6a0dc82
MH		 1413 struct hci_cp_setup_sync_conn *cp;
1414 struct hci_conn *acl, *sco;
1415 __u16 handle;
1416
a9de9248 1417 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1418
1419 if (!status)
1420 return;
1421
1422 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1423 if (!cp)
1424 return;
1425
1426 handle = __le16_to_cpu(cp->handle);
1427
1428 BT_DBG("%s handle %d", hdev->name, handle);
1429
1430 hci_dev_lock(hdev);
1431
1432 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1433 if (acl) {
1434 sco = acl->link;
1435 if (sco) {
1436 sco->state = BT_CLOSED;
b6a0dc82 1437
5a08ecce
AE		 1438 hci_proto_connect_cfm(sco, status);
1439 hci_conn_del(sco);
1440 }
b6a0dc82
MH		 1441 }
1442
1443 hci_dev_unlock(hdev);
1da177e4
LT		 1444}
1445
a9de9248 1446static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1447{
a9de9248
MH		 1448 struct hci_cp_sniff_mode *cp;
1449 struct hci_conn *conn;
1da177e4 1450
a9de9248 1451 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1452
a9de9248
MH		 1453 if (!status)
1454 return;
04837f64 1455
a9de9248
MH		 1456 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1457 if (!cp)
1458 return;
04837f64 1459
a9de9248 1460 hci_dev_lock(hdev);
04837f64 1461
a9de9248 1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1463 if (conn) {
51a8efd7 1464 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1465
51a8efd7 1466 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1467 hci_sco_setup(conn, status);
1468 }
1469
a9de9248
MH		 1470 hci_dev_unlock(hdev);
1471}
04837f64 1472
a9de9248
MH		 1473static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1474{
1475 struct hci_cp_exit_sniff_mode *cp;
1476 struct hci_conn *conn;
04837f64 1477
a9de9248 1478 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1479
a9de9248
MH		 1480 if (!status)
1481 return;
04837f64 1482
a9de9248
MH		 1483 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1484 if (!cp)
1485 return;
04837f64 1486
a9de9248 1487 hci_dev_lock(hdev);
1da177e4 1488
a9de9248 1489 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1490 if (conn) {
51a8efd7 1491 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1492
51a8efd7 1493 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1494 hci_sco_setup(conn, status);
1495 }
1496
a9de9248 1497 hci_dev_unlock(hdev);
1da177e4
LT		 1498}
1499
fcd89c09
VT		 1500static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1501{
1502 struct hci_cp_le_create_conn *cp;
1503 struct hci_conn *conn;
1504
1505 BT_DBG("%s status 0x%x", hdev->name, status);
1506
1507 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1508 if (!cp)
1509 return;
1510
1511 hci_dev_lock(hdev);
1512
1513 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1514
1515 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1516 conn);
1517
1518 if (status) {
1519 if (conn && conn->state == BT_CONNECT) {
1520 conn->state = BT_CLOSED;
1521 hci_proto_connect_cfm(conn, status);
1522 hci_conn_del(conn);
1523 }
1524 } else {
1525 if (!conn) {
1526 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1527 if (conn) {
1528 conn->dst_type = cp->peer_addr_type;
a0c808b3 1529 conn->out = true;
29b7988a 1530 } else {
fcd89c09 1531 BT_ERR("No memory for new connection");
29b7988a 1532 }
fcd89c09
VT		 1533 }
1534 }
1535
1536 hci_dev_unlock(hdev);
1537}
1538
a7a595f6
VCG		 1539static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1540{
1541 BT_DBG("%s status 0x%x", hdev->name, status);
1542}
1543
1da177e4
LT		 1544static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1545{
1546 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1547 struct discovery_state *discov = &hdev->discovery;
1548 struct inquiry_entry *e;
1da177e4
LT		 1549
1550 BT_DBG("%s status %d", hdev->name, status);
1551
23bb5763 1552 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1553
a9de9248 1554 hci_conn_check_pending(hdev);
89352e7d
AG		 1555
1556 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1557 return;
1558
a8b2d5c2 1559 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1560 return;
1561
56e5cb86 1562 hci_dev_lock(hdev);
30dc78e1
JH		 1563
1564 if (discov->state != DISCOVERY_INQUIRY)
1565 goto unlock;
1566
1567 if (list_empty(&discov->resolve)) {
1568 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1569 goto unlock;
1570 }
1571
1572 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1573 if (e && hci_resolve_name(hdev, e) == 0) {
1574 e->name_state = NAME_PENDING;
1575 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1576 } else {
1577 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1578 }
1579
1580unlock:
56e5cb86 1581 hci_dev_unlock(hdev);
1da177e4
LT		 1582}
1583
1da177e4
LT		 1584static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1585{
45bb4bf0 1586 struct inquiry_data data;
a9de9248 1587 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1588 int num_rsp = *((__u8 *) skb->data);
1589
1590 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1591
45bb4bf0
MH		 1592 if (!num_rsp)
1593 return;
1594
1da177e4 1595 hci_dev_lock(hdev);
45bb4bf0 1596
e17acd40 1597 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1598 bool name_known;
1599
1da177e4
LT		 1600 bacpy(&data.bdaddr, &info->bdaddr);
1601 data.pscan_rep_mode = info->pscan_rep_mode;
1602 data.pscan_period_mode = info->pscan_period_mode;
1603 data.pscan_mode = info->pscan_mode;
1604 memcpy(data.dev_class, info->dev_class, 3);
1605 data.clock_offset = info->clock_offset;
1606 data.rssi = 0x00;
41a96212 1607 data.ssp_mode = 0x00;
3175405b
JH		 1608
1609 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1610 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1611 info->dev_class, 0, !name_known,
1612 NULL, 0);
1da177e4 1613 }
45bb4bf0 1614
1da177e4
LT		 1615 hci_dev_unlock(hdev);
1616}
1617
1da177e4
LT		 1618static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1619{
a9de9248
MH		 1620 struct hci_ev_conn_complete *ev = (void *) skb->data;
1621 struct hci_conn *conn;
1da177e4
LT		 1622
1623 BT_DBG("%s", hdev->name);
1624
1625 hci_dev_lock(hdev);
1626
1627 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1628 if (!conn) {
1629 if (ev->link_type != SCO_LINK)
1630 goto unlock;
1631
1632 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1633 if (!conn)
1634 goto unlock;
1635
1636 conn->type = SCO_LINK;
1637 }
1da177e4
LT		 1638
1639 if (!ev->status) {
1640 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1641
1642 if (conn->type == ACL_LINK) {
1643 conn->state = BT_CONFIG;
1644 hci_conn_hold(conn);
052b30b0 1645 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
afc747a6 1646 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
48264f06 1647 conn->dst_type);
769be974
MH		 1648 } else
1649 conn->state = BT_CONNECTED;
1da177e4 1650
9eba32b8 1651 hci_conn_hold_device(conn);
7d0db0a3
MH		 1652 hci_conn_add_sysfs(conn);
1653
1da177e4
LT		 1654 if (test_bit(HCI_AUTH, &hdev->flags))
1655 conn->link_mode |= HCI_LM_AUTH;
1656
1657 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1658 conn->link_mode |= HCI_LM_ENCRYPT;
1659
04837f64
MH		 1660 /* Get remote features */
1661 if (conn->type == ACL_LINK) {
1662 struct hci_cp_read_remote_features cp;
1663 cp.handle = ev->handle;
769be974
MH		 1664 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1665 sizeof(cp), &cp);
04837f64
MH		 1666 }
1667
1da177e4 1668 /* Set packet type for incoming connection */
d095c1eb 1669 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1670 struct hci_cp_change_conn_ptype cp;
1671 cp.handle = ev->handle;
a8746417
MH		 1672 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1673 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1674 sizeof(cp), &cp);
1da177e4 1675 }
17d5c04c 1676 } else {
1da177e4 1677 conn->state = BT_CLOSED;
17d5c04c 1678 if (conn->type == ACL_LINK)
744cf19e 1679 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1680 conn->dst_type, ev->status);
17d5c04c 1681 }
1da177e4 1682
e73439d8
MH		 1683 if (conn->type == ACL_LINK)
1684 hci_sco_setup(conn, ev->status);
1da177e4 1685
769be974
MH		 1686 if (ev->status) {
1687 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1688 hci_conn_del(conn);
c89b6e6b
MH		 1689 } else if (ev->link_type != ACL_LINK)
1690 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1691
a9de9248 1692unlock:
1da177e4 1693 hci_dev_unlock(hdev);
1da177e4 1694
a9de9248 1695 hci_conn_check_pending(hdev);
1da177e4
LT		 1696}
1697
a9de9248 1698static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1699{
a9de9248
MH		 1700 struct hci_ev_conn_request *ev = (void *) skb->data;
1701 int mask = hdev->link_mode;
1da177e4 1702
a9de9248
MH		 1703 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1704 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1705
a9de9248 1706 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1707
138d22ef
SJ		 1708 if ((mask & HCI_LM_ACCEPT) &&
1709 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1710 /* Connection accepted */
c7bdd502 1711 struct inquiry_entry *ie;
1da177e4 1712 struct hci_conn *conn;
1da177e4 1713
a9de9248 1714 hci_dev_lock(hdev);
b6a0dc82 1715
cc11b9c1
AE		 1716 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1717 if (ie)
c7bdd502
MH		 1718 memcpy(ie->data.dev_class, ev->dev_class, 3);
1719
a9de9248
MH		 1720 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1721 if (!conn) {
cc11b9c1
AE		 1722 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1723 if (!conn) {
893ef971 1724 BT_ERR("No memory for new connection");
a9de9248
MH		 1725 hci_dev_unlock(hdev);
1726 return;
1da177e4
LT		 1727 }
1728 }
b6a0dc82 1729
a9de9248
MH		 1730 memcpy(conn->dev_class, ev->dev_class, 3);
1731 conn->state = BT_CONNECT;
b6a0dc82 1732
a9de9248 1733 hci_dev_unlock(hdev);
1da177e4 1734
b6a0dc82
MH		 1735 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1736 struct hci_cp_accept_conn_req cp;
1da177e4 1737
b6a0dc82
MH		 1738 bacpy(&cp.bdaddr, &ev->bdaddr);
1739
1740 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1741 cp.role = 0x00; /* Become master */
1742 else
1743 cp.role = 0x01; /* Remain slave */
1744
1745 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1746 sizeof(cp), &cp);
1747 } else {
1748 struct hci_cp_accept_sync_conn_req cp;
1749
1750 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1751 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1752
1753 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1754 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1755 cp.max_latency = cpu_to_le16(0xffff);
1756 cp.content_format = cpu_to_le16(hdev->voice_setting);
1757 cp.retrans_effort = 0xff;
1da177e4 1758
b6a0dc82
MH		 1759 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1760 sizeof(cp), &cp);
1761 }
a9de9248
MH		 1762 } else {
1763 /* Connection rejected */
1764 struct hci_cp_reject_conn_req cp;
1da177e4 1765
a9de9248 1766 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1767 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1768 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1769 }
1da177e4
LT		 1770}
1771
a9de9248 1772static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1773{
a9de9248 1774 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1775 struct hci_conn *conn;
1776
1777 BT_DBG("%s status %d", hdev->name, ev->status);
1778
1779 hci_dev_lock(hdev);
1780
1781 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1782 if (!conn)
1783 goto unlock;
7d0db0a3 1784
37d9ef76
JH		 1785 if (ev->status == 0)
1786 conn->state = BT_CLOSED;
04837f64 1787
37d9ef76
JH		 1788 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1789 if (ev->status != 0)
1790 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1791 else
afc747a6 1792 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1793 conn->dst_type);
37d9ef76 1794 }
f7520543 1795
37d9ef76
JH		 1796 if (ev->status == 0) {
1797 hci_proto_disconn_cfm(conn, ev->reason);
1798 hci_conn_del(conn);
1799 }
f7520543
JH		 1800
1801unlock:
04837f64
MH		 1802 hci_dev_unlock(hdev);
1803}
1804
1da177e4
LT		 1805static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1806{
a9de9248 1807 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1808 struct hci_conn *conn;
1da177e4
LT		 1809
1810 BT_DBG("%s status %d", hdev->name, ev->status);
1811
1812 hci_dev_lock(hdev);
1813
04837f64 1814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1815 if (!conn)
1816 goto unlock;
1817
1818 if (!ev->status) {
1819 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
51a8efd7 1820 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1821 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1822 } else {
d7556e20
WR		 1823 conn->link_mode |= HCI_LM_AUTH;
1824 conn->sec_level = conn->pending_sec_level;
2a611692 1825 }
d7556e20 1826 } else {
744cf19e 1827 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1828 }
1da177e4 1829
51a8efd7
JH		 1830 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1831 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1832
d7556e20
WR		 1833 if (conn->state == BT_CONFIG) {
1834 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1835 struct hci_cp_set_conn_encrypt cp;
1836 cp.handle = ev->handle;
1837 cp.encrypt = 0x01;
1838 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1839 &cp);
052b30b0 1840 } else {
d7556e20
WR		 1841 conn->state = BT_CONNECTED;
1842 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1843 hci_conn_put(conn);
1844 }
d7556e20
WR		 1845 } else {
1846 hci_auth_cfm(conn, ev->status);
052b30b0 1847
d7556e20
WR		 1848 hci_conn_hold(conn);
1849 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1850 hci_conn_put(conn);
1851 }
1852
51a8efd7 1853 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1854 if (!ev->status) {
1855 struct hci_cp_set_conn_encrypt cp;
1856 cp.handle = ev->handle;
1857 cp.encrypt = 0x01;
1858 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1859 &cp);
1860 } else {
51a8efd7 1861 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1862 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1863 }
1864 }
1865
d7556e20 1866unlock:
1da177e4
LT		 1867 hci_dev_unlock(hdev);
1868}
1869
a9de9248 1870static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1871{
127178d2
JH		 1872 struct hci_ev_remote_name *ev = (void *) skb->data;
1873 struct hci_conn *conn;
1874
a9de9248 1875 BT_DBG("%s", hdev->name);
1da177e4 1876
a9de9248 1877 hci_conn_check_pending(hdev);
127178d2
JH		 1878
1879 hci_dev_lock(hdev);
1880
a8b2d5c2 1881 if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
30dc78e1
JH		 1882 if (ev->status == 0)
1883 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1884
1885 hci_resolve_next_name(hdev, &ev->bdaddr);
1886 }
a88a9652 1887
127178d2 1888 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1889 if (!conn)
1890 goto unlock;
1891
1892 if (!hci_outgoing_auth_needed(hdev, conn))
1893 goto unlock;
1894
51a8efd7 1895 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1896 struct hci_cp_auth_requested cp;
1897 cp.handle = __cpu_to_le16(conn->handle);
1898 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1899 }
1900
79c6c70c 1901unlock:
127178d2 1902 hci_dev_unlock(hdev);
a9de9248
MH		 1903}
1904
1905static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1906{
1907 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1908 struct hci_conn *conn;
1909
1910 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1911
1912 hci_dev_lock(hdev);
1913
04837f64 1914 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1915 if (conn) {
1916 if (!ev->status) {
ae293196
MH		 1917 if (ev->encrypt) {
1918 /* Encryption implies authentication */
1919 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1920 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1921 conn->sec_level = conn->pending_sec_level;
ae293196 1922 } else
1da177e4
LT		 1923 conn->link_mode &= ~HCI_LM_ENCRYPT;
1924 }
1925
51a8efd7 1926 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1927
f8558555
MH		 1928 if (conn->state == BT_CONFIG) {
1929 if (!ev->status)
1930 conn->state = BT_CONNECTED;
1931
1932 hci_proto_connect_cfm(conn, ev->status);
1933 hci_conn_put(conn);
1934 } else
1935 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1936 }
1937
1938 hci_dev_unlock(hdev);
1939}
1940
a9de9248 1941static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1942{
a9de9248 1943 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1944 struct hci_conn *conn;
1da177e4
LT		 1945
1946 BT_DBG("%s status %d", hdev->name, ev->status);
1947
1948 hci_dev_lock(hdev);
1949
04837f64 1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1951 if (conn) {
1952 if (!ev->status)
1953 conn->link_mode |= HCI_LM_SECURE;
1954
51a8efd7 1955 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 1956
1957 hci_key_change_cfm(conn, ev->status);
1958 }
1959
1960 hci_dev_unlock(hdev);
1961}
1962
a9de9248 1963static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1964{
a9de9248
MH		 1965 struct hci_ev_remote_features *ev = (void *) skb->data;
1966 struct hci_conn *conn;
1967
1968 BT_DBG("%s status %d", hdev->name, ev->status);
1969
a9de9248
MH		 1970 hci_dev_lock(hdev);
1971
1972 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1973 if (!conn)
1974 goto unlock;
769be974 1975
ccd556fe
JH		 1976 if (!ev->status)
1977 memcpy(conn->features, ev->features, 8);
1978
1979 if (conn->state != BT_CONFIG)
1980 goto unlock;
1981
1982 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1983 struct hci_cp_read_remote_ext_features cp;
1984 cp.handle = ev->handle;
1985 cp.page = 0x01;
1986 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1987 sizeof(cp), &cp);
392599b9
JH		 1988 goto unlock;
1989 }
1990
127178d2
JH		 1991 if (!ev->status) {
1992 struct hci_cp_remote_name_req cp;
1993 memset(&cp, 0, sizeof(cp));
1994 bacpy(&cp.bdaddr, &conn->dst);
1995 cp.pscan_rep_mode = 0x02;
1996 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1997 }
392599b9 1998
127178d2 1999 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2000 conn->state = BT_CONNECTED;
2001 hci_proto_connect_cfm(conn, ev->status);
2002 hci_conn_put(conn);
769be974 2003 }
a9de9248 2004
ccd556fe 2005unlock:
a9de9248 2006 hci_dev_unlock(hdev);
1da177e4
LT		 2007}
2008
a9de9248 2009static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2010{
a9de9248 2011 BT_DBG("%s", hdev->name);
1da177e4
LT		 2012}
2013
a9de9248 2014static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2015{
a9de9248 2016 BT_DBG("%s", hdev->name);
1da177e4
LT		 2017}
2018
a9de9248
MH		 2019static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2020{
2021 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2022 __u16 opcode;
2023
2024 skb_pull(skb, sizeof(*ev));
2025
2026 opcode = __le16_to_cpu(ev->opcode);
2027
2028 switch (opcode) {
2029 case HCI_OP_INQUIRY_CANCEL:
2030 hci_cc_inquiry_cancel(hdev, skb);
2031 break;
2032
2033 case HCI_OP_EXIT_PERIODIC_INQ:
2034 hci_cc_exit_periodic_inq(hdev, skb);
2035 break;
2036
2037 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2038 hci_cc_remote_name_req_cancel(hdev, skb);
2039 break;
2040
2041 case HCI_OP_ROLE_DISCOVERY:
2042 hci_cc_role_discovery(hdev, skb);
2043 break;
2044
e4e8e37c
MH		 2045 case HCI_OP_READ_LINK_POLICY:
2046 hci_cc_read_link_policy(hdev, skb);
2047 break;
2048
a9de9248
MH		 2049 case HCI_OP_WRITE_LINK_POLICY:
2050 hci_cc_write_link_policy(hdev, skb);
2051 break;
2052
e4e8e37c
MH		 2053 case HCI_OP_READ_DEF_LINK_POLICY:
2054 hci_cc_read_def_link_policy(hdev, skb);
2055 break;
2056
2057 case HCI_OP_WRITE_DEF_LINK_POLICY:
2058 hci_cc_write_def_link_policy(hdev, skb);
2059 break;
2060
a9de9248
MH		 2061 case HCI_OP_RESET:
2062 hci_cc_reset(hdev, skb);
2063 break;
2064
2065 case HCI_OP_WRITE_LOCAL_NAME:
2066 hci_cc_write_local_name(hdev, skb);
2067 break;
2068
2069 case HCI_OP_READ_LOCAL_NAME:
2070 hci_cc_read_local_name(hdev, skb);
2071 break;
2072
2073 case HCI_OP_WRITE_AUTH_ENABLE:
2074 hci_cc_write_auth_enable(hdev, skb);
2075 break;
2076
2077 case HCI_OP_WRITE_ENCRYPT_MODE:
2078 hci_cc_write_encrypt_mode(hdev, skb);
2079 break;
2080
2081 case HCI_OP_WRITE_SCAN_ENABLE:
2082 hci_cc_write_scan_enable(hdev, skb);
2083 break;
2084
2085 case HCI_OP_READ_CLASS_OF_DEV:
2086 hci_cc_read_class_of_dev(hdev, skb);
2087 break;
2088
2089 case HCI_OP_WRITE_CLASS_OF_DEV:
2090 hci_cc_write_class_of_dev(hdev, skb);
2091 break;
2092
2093 case HCI_OP_READ_VOICE_SETTING:
2094 hci_cc_read_voice_setting(hdev, skb);
2095 break;
2096
2097 case HCI_OP_WRITE_VOICE_SETTING:
2098 hci_cc_write_voice_setting(hdev, skb);
2099 break;
2100
2101 case HCI_OP_HOST_BUFFER_SIZE:
2102 hci_cc_host_buffer_size(hdev, skb);
2103 break;
2104
333140b5
MH		 2105 case HCI_OP_READ_SSP_MODE:
2106 hci_cc_read_ssp_mode(hdev, skb);
2107 break;
2108
2109 case HCI_OP_WRITE_SSP_MODE:
2110 hci_cc_write_ssp_mode(hdev, skb);
2111 break;
2112
a9de9248
MH		 2113 case HCI_OP_READ_LOCAL_VERSION:
2114 hci_cc_read_local_version(hdev, skb);
2115 break;
2116
2117 case HCI_OP_READ_LOCAL_COMMANDS:
2118 hci_cc_read_local_commands(hdev, skb);
2119 break;
2120
2121 case HCI_OP_READ_LOCAL_FEATURES:
2122 hci_cc_read_local_features(hdev, skb);
2123 break;
2124
971e3a4b
AG		 2125 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2126 hci_cc_read_local_ext_features(hdev, skb);
2127 break;
2128
a9de9248
MH		 2129 case HCI_OP_READ_BUFFER_SIZE:
2130 hci_cc_read_buffer_size(hdev, skb);
2131 break;
2132
2133 case HCI_OP_READ_BD_ADDR:
2134 hci_cc_read_bd_addr(hdev, skb);
2135 break;
2136
350ee4cf
AE		 2137 case HCI_OP_READ_DATA_BLOCK_SIZE:
2138 hci_cc_read_data_block_size(hdev, skb);
2139 break;
2140
23bb5763
JH		 2141 case HCI_OP_WRITE_CA_TIMEOUT:
2142 hci_cc_write_ca_timeout(hdev, skb);
2143 break;
2144
1e89cffb
AE		 2145 case HCI_OP_READ_FLOW_CONTROL_MODE:
2146 hci_cc_read_flow_control_mode(hdev, skb);
2147 break;
2148
928abaa7
AE		 2149 case HCI_OP_READ_LOCAL_AMP_INFO:
2150 hci_cc_read_local_amp_info(hdev, skb);
2151 break;
2152
b0916ea0
JH		 2153 case HCI_OP_DELETE_STORED_LINK_KEY:
2154 hci_cc_delete_stored_link_key(hdev, skb);
2155 break;
2156
d5859e22
JH		 2157 case HCI_OP_SET_EVENT_MASK:
2158 hci_cc_set_event_mask(hdev, skb);
2159 break;
2160
2161 case HCI_OP_WRITE_INQUIRY_MODE:
2162 hci_cc_write_inquiry_mode(hdev, skb);
2163 break;
2164
2165 case HCI_OP_READ_INQ_RSP_TX_POWER:
2166 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2167 break;
2168
2169 case HCI_OP_SET_EVENT_FLT:
2170 hci_cc_set_event_flt(hdev, skb);
2171 break;
2172
980e1a53
JH		 2173 case HCI_OP_PIN_CODE_REPLY:
2174 hci_cc_pin_code_reply(hdev, skb);
2175 break;
2176
2177 case HCI_OP_PIN_CODE_NEG_REPLY:
2178 hci_cc_pin_code_neg_reply(hdev, skb);
2179 break;
2180
c35938b2
SJ		 2181 case HCI_OP_READ_LOCAL_OOB_DATA:
2182 hci_cc_read_local_oob_data_reply(hdev, skb);
2183 break;
2184
6ed58ec5
VT		 2185 case HCI_OP_LE_READ_BUFFER_SIZE:
2186 hci_cc_le_read_buffer_size(hdev, skb);
2187 break;
2188
a5c29683
JH		 2189 case HCI_OP_USER_CONFIRM_REPLY:
2190 hci_cc_user_confirm_reply(hdev, skb);
2191 break;
2192
2193 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2194 hci_cc_user_confirm_neg_reply(hdev, skb);
2195 break;
2196
1143d458
BG		 2197 case HCI_OP_USER_PASSKEY_REPLY:
2198 hci_cc_user_passkey_reply(hdev, skb);
2199 break;
2200
2201 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2202 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2203
2204 case HCI_OP_LE_SET_SCAN_PARAM:
2205 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2206 break;
2207
eb9d91f5
AG		 2208 case HCI_OP_LE_SET_SCAN_ENABLE:
2209 hci_cc_le_set_scan_enable(hdev, skb);
2210 break;
2211
a7a595f6
VCG		 2212 case HCI_OP_LE_LTK_REPLY:
2213 hci_cc_le_ltk_reply(hdev, skb);
2214 break;
2215
2216 case HCI_OP_LE_LTK_NEG_REPLY:
2217 hci_cc_le_ltk_neg_reply(hdev, skb);
2218 break;
2219
f9b49306
AG		 2220 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2221 hci_cc_write_le_host_supported(hdev, skb);
2222 break;
2223
a9de9248
MH		 2224 default:
2225 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2226 break;
2227 }
2228
6bd32326
VT		 2229 if (ev->opcode != HCI_OP_NOP)
2230 del_timer(&hdev->cmd_timer);
2231
a9de9248
MH		 2232 if (ev->ncmd) {
2233 atomic_set(&hdev->cmd_cnt, 1);
2234 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2235 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2236 }
2237}
2238
2239static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2240{
2241 struct hci_ev_cmd_status *ev = (void *) skb->data;
2242 __u16 opcode;
2243
2244 skb_pull(skb, sizeof(*ev));
2245
2246 opcode = __le16_to_cpu(ev->opcode);
2247
2248 switch (opcode) {
2249 case HCI_OP_INQUIRY:
2250 hci_cs_inquiry(hdev, ev->status);
2251 break;
2252
2253 case HCI_OP_CREATE_CONN:
2254 hci_cs_create_conn(hdev, ev->status);
2255 break;
2256
2257 case HCI_OP_ADD_SCO:
2258 hci_cs_add_sco(hdev, ev->status);
2259 break;
2260
f8558555
MH		 2261 case HCI_OP_AUTH_REQUESTED:
2262 hci_cs_auth_requested(hdev, ev->status);
2263 break;
2264
2265 case HCI_OP_SET_CONN_ENCRYPT:
2266 hci_cs_set_conn_encrypt(hdev, ev->status);
2267 break;
2268
a9de9248
MH		 2269 case HCI_OP_REMOTE_NAME_REQ:
2270 hci_cs_remote_name_req(hdev, ev->status);
2271 break;
2272
769be974
MH		 2273 case HCI_OP_READ_REMOTE_FEATURES:
2274 hci_cs_read_remote_features(hdev, ev->status);
2275 break;
2276
2277 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2278 hci_cs_read_remote_ext_features(hdev, ev->status);
2279 break;
2280
a9de9248
MH		 2281 case HCI_OP_SETUP_SYNC_CONN:
2282 hci_cs_setup_sync_conn(hdev, ev->status);
2283 break;
2284
2285 case HCI_OP_SNIFF_MODE:
2286 hci_cs_sniff_mode(hdev, ev->status);
2287 break;
2288
2289 case HCI_OP_EXIT_SNIFF_MODE:
2290 hci_cs_exit_sniff_mode(hdev, ev->status);
2291 break;
2292
8962ee74
JH		 2293 case HCI_OP_DISCONNECT:
2294 if (ev->status != 0)
37d9ef76 2295 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2296 break;
2297
fcd89c09
VT		 2298 case HCI_OP_LE_CREATE_CONN:
2299 hci_cs_le_create_conn(hdev, ev->status);
2300 break;
2301
a7a595f6
VCG		 2302 case HCI_OP_LE_START_ENC:
2303 hci_cs_le_start_enc(hdev, ev->status);
2304 break;
2305
a9de9248
MH		 2306 default:
2307 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2308 break;
2309 }
2310
6bd32326
VT		 2311 if (ev->opcode != HCI_OP_NOP)
2312 del_timer(&hdev->cmd_timer);
2313
10572132 2314 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2315 atomic_set(&hdev->cmd_cnt, 1);
2316 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2317 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2318 }
2319}
2320
2321static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2322{
2323 struct hci_ev_role_change *ev = (void *) skb->data;
2324 struct hci_conn *conn;
2325
2326 BT_DBG("%s status %d", hdev->name, ev->status);
2327
2328 hci_dev_lock(hdev);
2329
2330 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2331 if (conn) {
2332 if (!ev->status) {
2333 if (ev->role)
2334 conn->link_mode &= ~HCI_LM_MASTER;
2335 else
2336 conn->link_mode |= HCI_LM_MASTER;
2337 }
2338
51a8efd7 2339 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2340
2341 hci_role_switch_cfm(conn, ev->status, ev->role);
2342 }
2343
2344 hci_dev_unlock(hdev);
2345}
2346
2347static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2348{
2349 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2350 int i;
2351
32ac5b9b
AE		 2352 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2353 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2354 return;
2355 }
2356
c5993de8
AE		 2357 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2358 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2359 BT_DBG("%s bad parameters", hdev->name);
2360 return;
2361 }
2362
c5993de8
AE		 2363 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2364
613a1c0c
AE		 2365 for (i = 0; i < ev->num_hndl; i++) {
2366 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2367 struct hci_conn *conn;
2368 __u16 handle, count;
2369
613a1c0c
AE		 2370 handle = __le16_to_cpu(info->handle);
2371 count = __le16_to_cpu(info->count);
a9de9248
MH		 2372
2373 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2374 if (!conn)
2375 continue;
2376
2377 conn->sent -= count;
2378
2379 switch (conn->type) {
2380 case ACL_LINK:
2381 hdev->acl_cnt += count;
2382 if (hdev->acl_cnt > hdev->acl_pkts)
2383 hdev->acl_cnt = hdev->acl_pkts;
2384 break;
2385
2386 case LE_LINK:
2387 if (hdev->le_pkts) {
2388 hdev->le_cnt += count;
2389 if (hdev->le_cnt > hdev->le_pkts)
2390 hdev->le_cnt = hdev->le_pkts;
2391 } else {
70f23020
AE		 2392 hdev->acl_cnt += count;
2393 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2394 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2395 }
f4280918
AE		 2396 break;
2397
2398 case SCO_LINK:
2399 hdev->sco_cnt += count;
2400 if (hdev->sco_cnt > hdev->sco_pkts)
2401 hdev->sco_cnt = hdev->sco_pkts;
2402 break;
2403
2404 default:
2405 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2406 break;
a9de9248
MH		 2407 }
2408 }
2409
3eff45ea 2410 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2411}
2412
25e89e99
AE		 2413static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2414 struct sk_buff *skb)
2415{
2416 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2417 int i;
2418
2419 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2420 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2421 return;
2422 }
2423
2424 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2425 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2426 BT_DBG("%s bad parameters", hdev->name);
2427 return;
2428 }
2429
2430 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2431 ev->num_hndl);
2432
2433 for (i = 0; i < ev->num_hndl; i++) {
2434 struct hci_comp_blocks_info *info = &ev->handles[i];
2435 struct hci_conn *conn;
2436 __u16 handle, block_count;
2437
2438 handle = __le16_to_cpu(info->handle);
2439 block_count = __le16_to_cpu(info->blocks);
2440
2441 conn = hci_conn_hash_lookup_handle(hdev, handle);
2442 if (!conn)
2443 continue;
2444
2445 conn->sent -= block_count;
2446
2447 switch (conn->type) {
2448 case ACL_LINK:
2449 hdev->block_cnt += block_count;
2450 if (hdev->block_cnt > hdev->num_blocks)
2451 hdev->block_cnt = hdev->num_blocks;
2452 break;
2453
2454 default:
2455 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2456 break;
2457 }
2458 }
2459
2460 queue_work(hdev->workqueue, &hdev->tx_work);
2461}
2462
a9de9248 2463static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2464{
a9de9248 2465 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2466 struct hci_conn *conn;
2467
2468 BT_DBG("%s status %d", hdev->name, ev->status);
2469
2470 hci_dev_lock(hdev);
2471
2472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2473 if (conn) {
2474 conn->mode = ev->mode;
2475 conn->interval = __le16_to_cpu(ev->interval);
2476
51a8efd7 2477 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248
MH		 2478 if (conn->mode == HCI_CM_ACTIVE)
2479 conn->power_save = 1;
2480 else
2481 conn->power_save = 0;
2482 }
e73439d8 2483
51a8efd7 2484 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2485 hci_sco_setup(conn, ev->status);
04837f64
MH		 2486 }
2487
2488 hci_dev_unlock(hdev);
2489}
2490
a9de9248
MH		 2491static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2492{
052b30b0
MH		 2493 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2494 struct hci_conn *conn;
2495
a9de9248 2496 BT_DBG("%s", hdev->name);
052b30b0
MH		 2497
2498 hci_dev_lock(hdev);
2499
2500 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2501 if (!conn)
2502 goto unlock;
2503
2504 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2505 hci_conn_hold(conn);
2506 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2507 hci_conn_put(conn);
2508 }
2509
a8b2d5c2 2510 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2511 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2512 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2513 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2514 u8 secure;
2515
2516 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2517 secure = 1;
2518 else
2519 secure = 0;
2520
744cf19e 2521 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2522 }
980e1a53 2523
b6f98044 2524unlock:
052b30b0 2525 hci_dev_unlock(hdev);
a9de9248
MH		 2526}
2527
2528static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2529{
55ed8ca1
JH		 2530 struct hci_ev_link_key_req *ev = (void *) skb->data;
2531 struct hci_cp_link_key_reply cp;
2532 struct hci_conn *conn;
2533 struct link_key *key;
2534
a9de9248 2535 BT_DBG("%s", hdev->name);
55ed8ca1 2536
a8b2d5c2 2537 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2538 return;
2539
2540 hci_dev_lock(hdev);
2541
2542 key = hci_find_link_key(hdev, &ev->bdaddr);
2543 if (!key) {
2544 BT_DBG("%s link key not found for %s", hdev->name,
2545 batostr(&ev->bdaddr));
2546 goto not_found;
2547 }
2548
2549 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2550 batostr(&ev->bdaddr));
2551
a8b2d5c2 2552 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2553 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2554 BT_DBG("%s ignoring debug key", hdev->name);
2555 goto not_found;
2556 }
2557
2558 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2559 if (conn) {
2560 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2561 conn->auth_type != 0xff &&
2562 (conn->auth_type & 0x01)) {
2563 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2564 goto not_found;
2565 }
55ed8ca1 2566
60b83f57
WR		 2567 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2568 conn->pending_sec_level == BT_SECURITY_HIGH) {
2569 BT_DBG("%s ignoring key unauthenticated for high \
2570 security", hdev->name);
2571 goto not_found;
2572 }
2573
2574 conn->key_type = key->type;
2575 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2576 }
2577
2578 bacpy(&cp.bdaddr, &ev->bdaddr);
2579 memcpy(cp.link_key, key->val, 16);
2580
2581 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2582
2583 hci_dev_unlock(hdev);
2584
2585 return;
2586
2587not_found:
2588 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2589 hci_dev_unlock(hdev);
a9de9248
MH		 2590}
2591
2592static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2593{
052b30b0
MH		 2594 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2595 struct hci_conn *conn;
55ed8ca1 2596 u8 pin_len = 0;
052b30b0 2597
a9de9248 2598 BT_DBG("%s", hdev->name);
052b30b0
MH		 2599
2600 hci_dev_lock(hdev);
2601
2602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2603 if (conn) {
2604 hci_conn_hold(conn);
2605 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2606 pin_len = conn->pin_length;
13d39315
WR		 2607
2608 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2609 conn->key_type = ev->key_type;
2610
052b30b0
MH		 2611 hci_conn_put(conn);
2612 }
2613
a8b2d5c2 2614 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2615 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2616 ev->key_type, pin_len);
2617
052b30b0 2618 hci_dev_unlock(hdev);
a9de9248
MH		 2619}
2620
1da177e4
LT		 2621static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2622{
a9de9248 2623 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2624 struct hci_conn *conn;
1da177e4
LT		 2625
2626 BT_DBG("%s status %d", hdev->name, ev->status);
2627
2628 hci_dev_lock(hdev);
2629
04837f64 2630 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2631 if (conn && !ev->status) {
2632 struct inquiry_entry *ie;
2633
cc11b9c1
AE		 2634 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2635 if (ie) {
1da177e4
LT		 2636 ie->data.clock_offset = ev->clock_offset;
2637 ie->timestamp = jiffies;
2638 }
2639 }
2640
2641 hci_dev_unlock(hdev);
2642}
2643
a8746417
MH		 2644static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645{
2646 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2647 struct hci_conn *conn;
2648
2649 BT_DBG("%s status %d", hdev->name, ev->status);
2650
2651 hci_dev_lock(hdev);
2652
2653 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2654 if (conn && !ev->status)
2655 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2656
2657 hci_dev_unlock(hdev);
2658}
2659
85a1e930
MH		 2660static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2661{
a9de9248 2662 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2663 struct inquiry_entry *ie;
2664
2665 BT_DBG("%s", hdev->name);
2666
2667 hci_dev_lock(hdev);
2668
cc11b9c1
AE		 2669 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2670 if (ie) {
85a1e930
MH		 2671 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2672 ie->timestamp = jiffies;
2673 }
2674
2675 hci_dev_unlock(hdev);
2676}
2677
a9de9248
MH		 2678static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2679{
2680 struct inquiry_data data;
2681 int num_rsp = *((__u8 *) skb->data);
3175405b 2682 bool name_known;
a9de9248
MH		 2683
2684 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2685
2686 if (!num_rsp)
2687 return;
2688
2689 hci_dev_lock(hdev);
2690
2691 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2692 struct inquiry_info_with_rssi_and_pscan_mode *info;
2693 info = (void *) (skb->data + 1);
a9de9248 2694
e17acd40 2695 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2696 bacpy(&data.bdaddr, &info->bdaddr);
2697 data.pscan_rep_mode = info->pscan_rep_mode;
2698 data.pscan_period_mode = info->pscan_period_mode;
2699 data.pscan_mode = info->pscan_mode;
2700 memcpy(data.dev_class, info->dev_class, 3);
2701 data.clock_offset = info->clock_offset;
2702 data.rssi = info->rssi;
41a96212 2703 data.ssp_mode = 0x00;
3175405b
JH		 2704
2705 name_known = hci_inquiry_cache_update(hdev, &data,
2706 false);
48264f06 2707 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2708 info->dev_class, info->rssi,
7d262f86 2709 !name_known, NULL, 0);
a9de9248
MH		 2710 }
2711 } else {
2712 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2713
e17acd40 2714 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2715 bacpy(&data.bdaddr, &info->bdaddr);
2716 data.pscan_rep_mode = info->pscan_rep_mode;
2717 data.pscan_period_mode = info->pscan_period_mode;
2718 data.pscan_mode = 0x00;
2719 memcpy(data.dev_class, info->dev_class, 3);
2720 data.clock_offset = info->clock_offset;
2721 data.rssi = info->rssi;
41a96212 2722 data.ssp_mode = 0x00;
3175405b
JH		 2723 name_known = hci_inquiry_cache_update(hdev, &data,
2724 false);
48264f06 2725 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2726 info->dev_class, info->rssi,
7d262f86 2727 !name_known, NULL, 0);
a9de9248
MH		 2728 }
2729 }
2730
2731 hci_dev_unlock(hdev);
2732}
2733
2734static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2735{
41a96212
MH		 2736 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2737 struct hci_conn *conn;
2738
a9de9248 2739 BT_DBG("%s", hdev->name);
41a96212 2740
41a96212
MH		 2741 hci_dev_lock(hdev);
2742
2743 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2744 if (!conn)
2745 goto unlock;
41a96212 2746
ccd556fe
JH		 2747 if (!ev->status && ev->page == 0x01) {
2748 struct inquiry_entry *ie;
41a96212 2749
cc11b9c1
AE		 2750 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2751 if (ie)
ccd556fe 2752 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2753
ccd556fe
JH		 2754 conn->ssp_mode = (ev->features[0] & 0x01);
2755 }
2756
2757 if (conn->state != BT_CONFIG)
2758 goto unlock;
2759
127178d2
JH		 2760 if (!ev->status) {
2761 struct hci_cp_remote_name_req cp;
2762 memset(&cp, 0, sizeof(cp));
2763 bacpy(&cp.bdaddr, &conn->dst);
2764 cp.pscan_rep_mode = 0x02;
2765 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2766 }
392599b9 2767
127178d2 2768 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2769 conn->state = BT_CONNECTED;
2770 hci_proto_connect_cfm(conn, ev->status);
2771 hci_conn_put(conn);
41a96212
MH		 2772 }
2773
ccd556fe 2774unlock:
41a96212 2775 hci_dev_unlock(hdev);
a9de9248
MH		 2776}
2777
2778static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2779{
b6a0dc82
MH		 2780 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2781 struct hci_conn *conn;
2782
2783 BT_DBG("%s status %d", hdev->name, ev->status);
2784
2785 hci_dev_lock(hdev);
2786
2787 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2788 if (!conn) {
2789 if (ev->link_type == ESCO_LINK)
2790 goto unlock;
2791
2792 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2793 if (!conn)
2794 goto unlock;
2795
2796 conn->type = SCO_LINK;
2797 }
b6a0dc82 2798
732547f9
MH		 2799 switch (ev->status) {
2800 case 0x00:
b6a0dc82
MH		 2801 conn->handle = __le16_to_cpu(ev->handle);
2802 conn->state = BT_CONNECTED;
7d0db0a3 2803
9eba32b8 2804 hci_conn_hold_device(conn);
7d0db0a3 2805 hci_conn_add_sysfs(conn);
732547f9
MH		 2806 break;
2807
705e5711 2808 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2809 case 0x1c: /* SCO interval rejected */
1038a00b 2810 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2811 case 0x1f: /* Unspecified error */
2812 if (conn->out && conn->attempt < 2) {
2813 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2814 (hdev->esco_type & EDR_ESCO_MASK);
2815 hci_setup_sync(conn, conn->link->handle);
2816 goto unlock;
2817 }
2818 /* fall through */
2819
2820 default:
b6a0dc82 2821 conn->state = BT_CLOSED;
732547f9
MH		 2822 break;
2823 }
b6a0dc82
MH		 2824
2825 hci_proto_connect_cfm(conn, ev->status);
2826 if (ev->status)
2827 hci_conn_del(conn);
2828
2829unlock:
2830 hci_dev_unlock(hdev);
a9de9248
MH		 2831}
2832
2833static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2834{
2835 BT_DBG("%s", hdev->name);
2836}
2837
04837f64
MH		 2838static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2839{
a9de9248 2840 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2841
2842 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2843}
2844
a9de9248 2845static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2846{
a9de9248
MH		 2847 struct inquiry_data data;
2848 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2849 int num_rsp = *((__u8 *) skb->data);
1da177e4 2850
a9de9248 2851 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2852
a9de9248
MH		 2853 if (!num_rsp)
2854 return;
1da177e4 2855
a9de9248
MH		 2856 hci_dev_lock(hdev);
2857
e17acd40 2858 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2859 bool name_known;
2860
a9de9248 2861 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2862 data.pscan_rep_mode = info->pscan_rep_mode;
2863 data.pscan_period_mode = info->pscan_period_mode;
2864 data.pscan_mode = 0x00;
a9de9248 2865 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2866 data.clock_offset = info->clock_offset;
2867 data.rssi = info->rssi;
41a96212 2868 data.ssp_mode = 0x01;
561aafbc 2869
a8b2d5c2 2870 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2871 name_known = eir_has_data_type(info->data,
2872 sizeof(info->data),
2873 EIR_NAME_COMPLETE);
561aafbc
JH		 2874 else
2875 name_known = true;
2876
3175405b 2877 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2878 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2879 info->dev_class, info->rssi,
7d262f86
AG		 2880 !name_known, info->data,
2881 sizeof(info->data));
a9de9248
MH		 2882 }
2883
2884 hci_dev_unlock(hdev);
2885}
1da177e4 2886
17fa4b9d
JH		 2887static inline u8 hci_get_auth_req(struct hci_conn *conn)
2888{
2889 /* If remote requests dedicated bonding follow that lead */
2890 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2891 /* If both remote and local IO capabilities allow MITM
2892 * protection then require it, otherwise don't */
2893 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2894 return 0x02;
2895 else
2896 return 0x03;
2897 }
2898
2899 /* If remote requests no-bonding follow that lead */
2900 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2901 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2902
2903 return conn->auth_type;
2904}
2905
0493684e
MH		 2906static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2907{
2908 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2909 struct hci_conn *conn;
2910
2911 BT_DBG("%s", hdev->name);
2912
2913 hci_dev_lock(hdev);
2914
2915 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2916 if (!conn)
2917 goto unlock;
2918
2919 hci_conn_hold(conn);
2920
a8b2d5c2 2921 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 2922 goto unlock;
2923
a8b2d5c2 2924 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 2925 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2926 struct hci_cp_io_capability_reply cp;
2927
2928 bacpy(&cp.bdaddr, &ev->bdaddr);
2929 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2930 conn->auth_type = hci_get_auth_req(conn);
2931 cp.authentication = conn->auth_type;
17fa4b9d 2932
ce85ee13
SJ		 2933 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2934 hci_find_remote_oob_data(hdev, &conn->dst))
2935 cp.oob_data = 0x01;
2936 else
2937 cp.oob_data = 0x00;
2938
17fa4b9d
JH		 2939 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2940 sizeof(cp), &cp);
03b555e1
JH		 2941 } else {
2942 struct hci_cp_io_capability_neg_reply cp;
2943
2944 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2945 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2946
03b555e1
JH		 2947 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2948 sizeof(cp), &cp);
2949 }
2950
2951unlock:
2952 hci_dev_unlock(hdev);
2953}
2954
2955static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2956{
2957 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2958 struct hci_conn *conn;
2959
2960 BT_DBG("%s", hdev->name);
2961
2962 hci_dev_lock(hdev);
2963
2964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2965 if (!conn)
2966 goto unlock;
2967
03b555e1
JH		 2968 conn->remote_cap = ev->capability;
2969 conn->remote_oob = ev->oob_data;
2970 conn->remote_auth = ev->authentication;
2971
2972unlock:
0493684e
MH		 2973 hci_dev_unlock(hdev);
2974}
2975
a5c29683
JH		 2976static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2977 struct sk_buff *skb)
2978{
2979 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2980 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2981 struct hci_conn *conn;
a5c29683
JH		 2982
2983 BT_DBG("%s", hdev->name);
2984
2985 hci_dev_lock(hdev);
2986
a8b2d5c2 2987 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 2988 goto unlock;
a5c29683 2989
7a828908
JH		 2990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2991 if (!conn)
2992 goto unlock;
2993
2994 loc_mitm = (conn->auth_type & 0x01);
2995 rem_mitm = (conn->remote_auth & 0x01);
2996
2997 /* If we require MITM but the remote device can't provide that
2998 * (it has NoInputNoOutput) then reject the confirmation
2999 * request. The only exception is when we're dedicated bonding
3000 * initiators (connect_cfm_cb set) since then we always have the MITM
3001 * bit set. */
3002 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3003 BT_DBG("Rejecting request: remote device can't provide MITM");
3004 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3005 sizeof(ev->bdaddr), &ev->bdaddr);
3006 goto unlock;
3007 }
3008
3009 /* If no side requires MITM protection; auto-accept */
3010 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3011 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3012
3013 /* If we're not the initiators request authorization to
3014 * proceed from user space (mgmt_user_confirm with
3015 * confirm_hint set to 1). */
51a8efd7 3016 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3017 BT_DBG("Confirming auto-accept as acceptor");
3018 confirm_hint = 1;
3019 goto confirm;
3020 }
3021
9f61656a
JH		 3022 BT_DBG("Auto-accept of user confirmation with %ums delay",
3023 hdev->auto_accept_delay);
3024
3025 if (hdev->auto_accept_delay > 0) {
3026 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3027 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3028 goto unlock;
3029 }
3030
7a828908
JH		 3031 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3032 sizeof(ev->bdaddr), &ev->bdaddr);
3033 goto unlock;
3034 }
3035
55bc1a37 3036confirm:
744cf19e 3037 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 3038 confirm_hint);
7a828908
JH		 3039
3040unlock:
a5c29683
JH		 3041 hci_dev_unlock(hdev);
3042}
3043
1143d458
BG		 3044static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3045 struct sk_buff *skb)
3046{
3047 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3048
3049 BT_DBG("%s", hdev->name);
3050
3051 hci_dev_lock(hdev);
3052
a8b2d5c2 3053 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 3054 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3055
3056 hci_dev_unlock(hdev);
3057}
3058
0493684e
MH		 3059static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3060{
3061 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3062 struct hci_conn *conn;
3063
3064 BT_DBG("%s", hdev->name);
3065
3066 hci_dev_lock(hdev);
3067
3068 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3069 if (!conn)
3070 goto unlock;
3071
3072 /* To avoid duplicate auth_failed events to user space we check
3073 * the HCI_CONN_AUTH_PEND flag which will be set if we
3074 * initiated the authentication. A traditional auth_complete
3075 * event gets always produced as initiator and is also mapped to
3076 * the mgmt_auth_failed event */
51a8efd7 3077 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
744cf19e 3078 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 3079
2a611692
JH		 3080 hci_conn_put(conn);
3081
3082unlock:
0493684e
MH		 3083 hci_dev_unlock(hdev);
3084}
3085
41a96212
MH		 3086static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3087{
3088 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3089 struct inquiry_entry *ie;
3090
3091 BT_DBG("%s", hdev->name);
3092
3093 hci_dev_lock(hdev);
3094
cc11b9c1
AE		 3095 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3096 if (ie)
41a96212
MH		 3097 ie->data.ssp_mode = (ev->features[0] & 0x01);
3098
3099 hci_dev_unlock(hdev);
3100}
3101
2763eda6
SJ		 3102static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3103 struct sk_buff *skb)
3104{
3105 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3106 struct oob_data *data;
3107
3108 BT_DBG("%s", hdev->name);
3109
3110 hci_dev_lock(hdev);
3111
a8b2d5c2 3112 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3113 goto unlock;
3114
2763eda6
SJ		 3115 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3116 if (data) {
3117 struct hci_cp_remote_oob_data_reply cp;
3118
3119 bacpy(&cp.bdaddr, &ev->bdaddr);
3120 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3121 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3122
3123 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3124 &cp);
3125 } else {
3126 struct hci_cp_remote_oob_data_neg_reply cp;
3127
3128 bacpy(&cp.bdaddr, &ev->bdaddr);
3129 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3130 &cp);
3131 }
3132
e1ba1f15 3133unlock:
2763eda6
SJ		 3134 hci_dev_unlock(hdev);
3135}
3136
fcd89c09
VT		 3137static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3138{
3139 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3140 struct hci_conn *conn;
3141
3142 BT_DBG("%s status %d", hdev->name, ev->status);
3143
3144 hci_dev_lock(hdev);
3145
3146 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3147 if (!conn) {
3148 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3149 if (!conn) {
3150 BT_ERR("No memory for new connection");
3151 hci_dev_unlock(hdev);
3152 return;
3153 }
29b7988a
AG		 3154
3155 conn->dst_type = ev->bdaddr_type;
b62f328b 3156 }
fcd89c09
VT		 3157
3158 if (ev->status) {
48264f06
JH		 3159 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3160 conn->dst_type, ev->status);
fcd89c09
VT		 3161 hci_proto_connect_cfm(conn, ev->status);
3162 conn->state = BT_CLOSED;
3163 hci_conn_del(conn);
3164 goto unlock;
3165 }
3166
afc747a6 3167 mgmt_device_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 3168
7b5c0d52 3169 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3170 conn->handle = __le16_to_cpu(ev->handle);
3171 conn->state = BT_CONNECTED;
3172
3173 hci_conn_hold_device(conn);
3174 hci_conn_add_sysfs(conn);
3175
3176 hci_proto_connect_cfm(conn, ev->status);
3177
3178unlock:
3179 hci_dev_unlock(hdev);
3180}
3181
9aa04c91
AG		 3182static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3183 struct sk_buff *skb)
3184{
e95beb41
AG		 3185 u8 num_reports = skb->data[0];
3186 void *ptr = &skb->data[1];
3c9e9195 3187 s8 rssi;
9aa04c91
AG		 3188
3189 hci_dev_lock(hdev);
3190
e95beb41
AG		 3191 while (num_reports--) {
3192 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3193
9aa04c91 3194 hci_add_adv_entry(hdev, ev);
e95beb41 3195
3c9e9195
AG		 3196 rssi = ev->data[ev->length];
3197 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3198 NULL, rssi, 0, ev->data, ev->length);
3199
e95beb41 3200 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3201 }
3202
3203 hci_dev_unlock(hdev);
3204}
3205
a7a595f6
VCG		 3206static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3207 struct sk_buff *skb)
3208{
3209 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3210 struct hci_cp_le_ltk_reply cp;
bea710fe 3211 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3212 struct hci_conn *conn;
bea710fe 3213 struct link_key *ltk;
a7a595f6
VCG		 3214
3215 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3216
3217 hci_dev_lock(hdev);
3218
3219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3220 if (conn == NULL)
3221 goto not_found;
a7a595f6 3222
bea710fe
VCG		 3223 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3224 if (ltk == NULL)
3225 goto not_found;
3226
3227 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3228 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3229 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3230
3231 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3232
3233 hci_dev_unlock(hdev);
bea710fe
VCG		 3234
3235 return;
3236
3237not_found:
3238 neg.handle = ev->handle;
3239 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3240 hci_dev_unlock(hdev);
a7a595f6
VCG		 3241}
3242
fcd89c09
VT		 3243static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3244{
3245 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3246
3247 skb_pull(skb, sizeof(*le_ev));
3248
3249 switch (le_ev->subevent) {
3250 case HCI_EV_LE_CONN_COMPLETE:
3251 hci_le_conn_complete_evt(hdev, skb);
3252 break;
3253
9aa04c91
AG		 3254 case HCI_EV_LE_ADVERTISING_REPORT:
3255 hci_le_adv_report_evt(hdev, skb);
3256 break;
3257
a7a595f6
VCG		 3258 case HCI_EV_LE_LTK_REQ:
3259 hci_le_ltk_request_evt(hdev, skb);
3260 break;
3261
fcd89c09
VT		 3262 default:
3263 break;
3264 }
3265}
3266
a9de9248
MH		 3267void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3268{
3269 struct hci_event_hdr *hdr = (void *) skb->data;
3270 __u8 event = hdr->evt;
3271
3272 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3273
3274 switch (event) {
1da177e4
LT		 3275 case HCI_EV_INQUIRY_COMPLETE:
3276 hci_inquiry_complete_evt(hdev, skb);
3277 break;
3278
3279 case HCI_EV_INQUIRY_RESULT:
3280 hci_inquiry_result_evt(hdev, skb);
3281 break;
3282
a9de9248
MH		 3283 case HCI_EV_CONN_COMPLETE:
3284 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3285 break;
3286
1da177e4
LT		 3287 case HCI_EV_CONN_REQUEST:
3288 hci_conn_request_evt(hdev, skb);
3289 break;
3290
1da177e4
LT		 3291 case HCI_EV_DISCONN_COMPLETE:
3292 hci_disconn_complete_evt(hdev, skb);
3293 break;
3294
1da177e4
LT		 3295 case HCI_EV_AUTH_COMPLETE:
3296 hci_auth_complete_evt(hdev, skb);
3297 break;
3298
a9de9248
MH		 3299 case HCI_EV_REMOTE_NAME:
3300 hci_remote_name_evt(hdev, skb);
3301 break;
3302
1da177e4
LT		 3303 case HCI_EV_ENCRYPT_CHANGE:
3304 hci_encrypt_change_evt(hdev, skb);
3305 break;
3306
a9de9248
MH		 3307 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3308 hci_change_link_key_complete_evt(hdev, skb);
3309 break;
3310
3311 case HCI_EV_REMOTE_FEATURES:
3312 hci_remote_features_evt(hdev, skb);
3313 break;
3314
3315 case HCI_EV_REMOTE_VERSION:
3316 hci_remote_version_evt(hdev, skb);
3317 break;
3318
3319 case HCI_EV_QOS_SETUP_COMPLETE:
3320 hci_qos_setup_complete_evt(hdev, skb);
3321 break;
3322
3323 case HCI_EV_CMD_COMPLETE:
3324 hci_cmd_complete_evt(hdev, skb);
3325 break;
3326
3327 case HCI_EV_CMD_STATUS:
3328 hci_cmd_status_evt(hdev, skb);
3329 break;
3330
3331 case HCI_EV_ROLE_CHANGE:
3332 hci_role_change_evt(hdev, skb);
3333 break;
3334
3335 case HCI_EV_NUM_COMP_PKTS:
3336 hci_num_comp_pkts_evt(hdev, skb);
3337 break;
3338
3339 case HCI_EV_MODE_CHANGE:
3340 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3341 break;
3342
3343 case HCI_EV_PIN_CODE_REQ:
3344 hci_pin_code_request_evt(hdev, skb);
3345 break;
3346
3347 case HCI_EV_LINK_KEY_REQ:
3348 hci_link_key_request_evt(hdev, skb);
3349 break;
3350
3351 case HCI_EV_LINK_KEY_NOTIFY:
3352 hci_link_key_notify_evt(hdev, skb);
3353 break;
3354
3355 case HCI_EV_CLOCK_OFFSET:
3356 hci_clock_offset_evt(hdev, skb);
3357 break;
3358
a8746417
MH		 3359 case HCI_EV_PKT_TYPE_CHANGE:
3360 hci_pkt_type_change_evt(hdev, skb);
3361 break;
3362
85a1e930
MH		 3363 case HCI_EV_PSCAN_REP_MODE:
3364 hci_pscan_rep_mode_evt(hdev, skb);
3365 break;
3366
a9de9248
MH		 3367 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3368 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3369 break;
3370
a9de9248
MH		 3371 case HCI_EV_REMOTE_EXT_FEATURES:
3372 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3373 break;
3374
a9de9248
MH		 3375 case HCI_EV_SYNC_CONN_COMPLETE:
3376 hci_sync_conn_complete_evt(hdev, skb);
3377 break;
1da177e4 3378
a9de9248
MH		 3379 case HCI_EV_SYNC_CONN_CHANGED:
3380 hci_sync_conn_changed_evt(hdev, skb);
3381 break;
1da177e4 3382
a9de9248
MH		 3383 case HCI_EV_SNIFF_SUBRATE:
3384 hci_sniff_subrate_evt(hdev, skb);
3385 break;
1da177e4 3386
a9de9248
MH		 3387 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3388 hci_extended_inquiry_result_evt(hdev, skb);
3389 break;
1da177e4 3390
0493684e
MH		 3391 case HCI_EV_IO_CAPA_REQUEST:
3392 hci_io_capa_request_evt(hdev, skb);
3393 break;
3394
03b555e1
JH		 3395 case HCI_EV_IO_CAPA_REPLY:
3396 hci_io_capa_reply_evt(hdev, skb);
3397 break;
3398
a5c29683
JH		 3399 case HCI_EV_USER_CONFIRM_REQUEST:
3400 hci_user_confirm_request_evt(hdev, skb);
3401 break;
3402
1143d458
BG		 3403 case HCI_EV_USER_PASSKEY_REQUEST:
3404 hci_user_passkey_request_evt(hdev, skb);
3405 break;
3406
0493684e
MH		 3407 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3408 hci_simple_pair_complete_evt(hdev, skb);
3409 break;
3410
41a96212
MH		 3411 case HCI_EV_REMOTE_HOST_FEATURES:
3412 hci_remote_host_features_evt(hdev, skb);
3413 break;
3414
fcd89c09
VT		 3415 case HCI_EV_LE_META:
3416 hci_le_meta_evt(hdev, skb);
3417 break;
3418
2763eda6
SJ		 3419 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3420 hci_remote_oob_data_request_evt(hdev, skb);
3421 break;
3422
25e89e99
AE		 3423 case HCI_EV_NUM_COMP_BLOCKS:
3424 hci_num_comp_blocks_evt(hdev, skb);
3425 break;
3426
a9de9248
MH		 3427 default:
3428 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3429 break;
3430 }
3431
3432 kfree_skb(skb);
3433 hdev->stat.evt_rx++;
3434}
3435
3436/* Generate internal stack event */
3437void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3438{
3439 struct hci_event_hdr *hdr;
3440 struct hci_ev_stack_internal *ev;
3441 struct sk_buff *skb;
3442
3443 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3444 if (!skb)
3445 return;
3446
3447 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3448 hdr->evt = HCI_EV_STACK_INTERNAL;
3449 hdr->plen = sizeof(*ev) + dlen;
3450
3451 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3452 ev->type = type;
3453 memcpy(ev->data, data, dlen);
3454
576c7d85 3455 bt_cb(skb)->incoming = 1;
a61bbcf2 3456 __net_timestamp(skb);
576c7d85 3457
0d48d939 3458 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3459 skb->dev = (void *) hdev;
eec8d2bc 3460 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3461 kfree_skb(skb);
3462}
e6100a25 3463
669bb396 3464module_param(enable_le, bool, 0644);
e6100a25 3465MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)