projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix legacy pairing with some devices
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
1da177e4
LT		 33/* Handle HCI Event packets */
34
a9de9248 35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 36{
a9de9248 37 __u8 status = *((__u8 *) skb->data);
1da177e4 38
9f1db00c 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 40
e6d465cb
AG		 41 if (status) {
42 hci_dev_lock(hdev);
43 mgmt_stop_discovery_failed(hdev, status);
44 hci_dev_unlock(hdev);
a9de9248 45 return;
e6d465cb 46 }
1da177e4 47
89352e7d
AG		 48 clear_bit(HCI_INQUIRY, &hdev->flags);
49
56e5cb86 50 hci_dev_lock(hdev);
ff9ef578 51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 52 hci_dev_unlock(hdev);
6bd57416 53
23bb5763 54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 55
56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
a297e97c 198 /* Reset all non-persistent flags */
ae854a70
AG		 199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 201
202 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
3159d384
JH		 224
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263
23bb5763 264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 265}
266
a9de9248 267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 268{
a9de9248 269 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 270 void *sent;
271
9f1db00c 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 273
a9de9248
MH		 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent)
276 return;
1da177e4 277
a9de9248
MH		 278 if (!status) {
279 __u8 param = *((__u8 *) sent);
280
281 if (param)
282 set_bit(HCI_ENCRYPT, &hdev->flags);
283 else
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
285 }
1da177e4 286
23bb5763 287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 288}
1da177e4 289
a9de9248
MH		 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
36f7fc7e
JH		 292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
a9de9248 294 void *sent;
1da177e4 295
9f1db00c 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 297
a9de9248
MH		 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
1da177e4 301
36f7fc7e
JH		 302 param = *((__u8 *) sent);
303
56e5cb86
JH		 304 hci_dev_lock(hdev);
305
2d7cee58 306 if (status != 0) {
744cf19e 307 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
36f7fc7e
JH		 312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
317 if (!old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 322 to);
16ab91ab 323 }
36f7fc7e 324 } else if (old_iscan)
744cf19e 325 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
744cf19e 330 mgmt_connectable(hdev, 1);
36f7fc7e 331 } else if (old_pscan)
744cf19e 332 mgmt_connectable(hdev, 0);
1da177e4 333
36f7fc7e 334done:
56e5cb86 335 hci_dev_unlock(hdev);
23bb5763 336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
a9de9248 428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 429{
a9de9248 430 __u8 status = *((__u8 *) skb->data);
1da177e4 431
9f1db00c 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 433
23bb5763 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 435}
1143e5a6 436
333140b5
MH		 437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438{
439 __u8 status = *((__u8 *) skb->data);
440 void *sent;
441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 443
333140b5
MH		 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
ed2c4ee3 448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
450 else if (!status) {
451 if (*((u8 *) sent))
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 else
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 }
333140b5
MH		 456}
457
d5859e22
JH		 458static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
459{
460 if (hdev->features[6] & LMP_EXT_INQ)
461 return 2;
462
463 if (hdev->features[3] & LMP_RSSI_INQ)
464 return 1;
465
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 467 hdev->lmp_subver == 0x0757)
d5859e22
JH		 468 return 1;
469
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
472 return 1;
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
476 return 1;
477 }
478
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 480 hdev->lmp_subver == 0x1805)
d5859e22
JH		 481 return 1;
482
483 return 0;
484}
485
486static void hci_setup_inquiry_mode(struct hci_dev *hdev)
487{
488 u8 mode;
489
490 mode = hci_get_inquiry_mode(hdev);
491
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
493}
494
495static void hci_setup_event_mask(struct hci_dev *hdev)
496{
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
501
6de6c18d
VT		 502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
5a13b095 504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 505 return;
506
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 512
513 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 514 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 515
516 if (hdev->features[5] & LMP_SNIFF_SUBR)
517 events[5] |= 0x20; /* Sniff Subrating */
518
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
521
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
524
525 if (hdev->features[6] & LMP_NO_FLUSH)
526 events[7] |= 0x01; /* Enhanced Flush Complete */
527
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
530
531 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
542 }
543
544 if (hdev->features[4] & LMP_LE)
545 events[7] |= 0x20; /* LE Meta-Event */
546
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
548}
549
550static void hci_setup(struct hci_dev *hdev)
551{
e61ef499
AE		 552 if (hdev->dev_type != HCI_BREDR)
553 return;
554
d5859e22
JH		 555 hci_setup_event_mask(hdev);
556
d095c1eb 557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
559
6d3c730f 560 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
562 u8 mode = 0x01;
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 564 sizeof(mode), &mode);
54d04dbb
JH		 565 } else {
566 struct hci_cp_write_eir cp;
567
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
570
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
572 }
d5859e22
JH		 573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
586 &cp);
971e3a4b 587 }
e6100a25 588
47990ea0
JH		 589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
590 u8 enable = 1;
04124681
GP		 591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
592 &enable);
47990ea0 593 }
d5859e22
JH		 594}
595
a9de9248
MH		 596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 599
9f1db00c 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 601
a9de9248 602 if (rp->status)
28b8df77 603 goto done;
1143e5a6 604
a9de9248 605 hdev->hci_ver = rp->hci_ver;
e4e8e37c 606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 607 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 610
9f1db00c 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 613
614 if (test_bit(HCI_INIT, &hdev->flags))
615 hci_setup(hdev);
28b8df77
AE		 616
617done:
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
035100c8 623 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 624 u16 link_policy = 0;
625
626 if (hdev->features[0] & LMP_RSWITCH)
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (hdev->features[0] & LMP_SNIFF)
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
634
035100c8
AE		 635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 637}
1da177e4 638
8fc9ced3
GP		 639static void hci_cc_read_local_commands(struct hci_dev *hdev,
640 struct sk_buff *skb)
a9de9248
MH		 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 643
9f1db00c 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 645
a9de9248 646 if (rp->status)
d5859e22 647 goto done;
1da177e4 648
a9de9248 649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 650
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
653
654done:
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 656}
1da177e4 657
8fc9ced3
GP		 658static void hci_cc_read_local_features(struct hci_dev *hdev,
659 struct sk_buff *skb)
a9de9248
MH		 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 662
9f1db00c 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
5b7f9909 667
a9de9248 668 memcpy(hdev->features, rp->features, 8);
5b7f9909 669
a9de9248
MH		 670 /* Adjust default settings according to features
671 * supported by device. */
1da177e4 672
a9de9248
MH		 673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[3] & LMP_ESCO)
690 hdev->esco_type |= (ESCO_EV3);
da1f5198 691
a9de9248
MH		 692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
1da177e4 697
efc7688b
MH		 698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
a9de9248 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
a9de9248 712}
1da177e4 713
8f984dfa
JH		 714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
9d42820f 720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
8f984dfa
JH		 728}
729
971e3a4b 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 731 struct sk_buff *skb)
971e3a4b
AG		 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
9f1db00c 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 736
737 if (rp->status)
8f984dfa 738 goto done;
971e3a4b 739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b 748
8f984dfa
JH		 749 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
750 hci_set_le_support(hdev);
751
752done:
971e3a4b
AG		 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
1e89cffb 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 757 struct sk_buff *skb)
1e89cffb
AE		 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
9f1db00c 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
a9de9248
MH		 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 774
9f1db00c 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 776
a9de9248
MH		 777 if (rp->status)
778 return;
1da177e4 779
a9de9248
MH		 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
1da177e4 788 }
a9de9248
MH		 789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
807deac2
GP		 793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 795}
796
797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800
9f1db00c 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 802
803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
805
23bb5763
JH		 806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
807}
808
350ee4cf 809static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 810 struct sk_buff *skb)
350ee4cf
AE		 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813
9f1db00c 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 815
816 if (rp->status)
817 return;
818
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
822
823 hdev->block_cnt = hdev->num_blocks;
824
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 826 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 827
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
829}
830
23bb5763
JH		 831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
9f1db00c 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 838}
839
928abaa7 840static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
928abaa7
AE		 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 846
847 if (rp->status)
848 return;
849
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
860
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
862}
863
b0916ea0 864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 865 struct sk_buff *skb)
b0916ea0
JH		 866{
867 __u8 status = *((__u8 *) skb->data);
868
9f1db00c 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872}
873
d5859e22
JH		 874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
9f1db00c 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881}
882
883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 884 struct sk_buff *skb)
d5859e22
JH		 885{
886 __u8 status = *((__u8 *) skb->data);
887
9f1db00c 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891}
892
893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 894 struct sk_buff *skb)
d5859e22 895{
91c4e9b1 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 897
9f1db00c 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 899
900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power;
d5859e22 902
91c4e9b1 903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
980e1a53
JH		 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 927
928 if (rp->status != 0)
56e5cb86 929 goto unlock;
980e1a53
JH		 930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
56e5cb86 933 goto unlock;
980e1a53
JH		 934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
56e5cb86
JH		 938
939unlock:
940 hci_dev_unlock(hdev);
980e1a53
JH		 941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
9f1db00c 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 948
56e5cb86
JH		 949 hci_dev_lock(hdev);
950
a8b2d5c2 951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 953 rp->status);
56e5cb86
JH		 954
955 hci_dev_unlock(hdev);
980e1a53 956}
56e5cb86 957
6ed58ec5
VT		 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
9f1db00c 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
980e1a53 977
a5c29683
JH		 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 983
56e5cb86
JH		 984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 994 struct sk_buff *skb)
a5c29683
JH		 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
9f1db00c 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 999
56e5cb86
JH		 1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1004 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1005
1006 hci_dev_unlock(hdev);
a5c29683
JH		 1007}
1008
1143d458
BG		 1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1019 0, rp->status);
1143d458
BG		 1020
1021 hci_dev_unlock(hdev);
1022}
1023
1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1025 struct sk_buff *skb)
1143d458
BG		 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1030
1031 hci_dev_lock(hdev);
1032
a8b2d5c2 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1035 ACL_LINK, 0, rp->status);
1143d458
BG		 1036
1037 hci_dev_unlock(hdev);
1038}
1039
c35938b2 1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1041 struct sk_buff *skb)
c35938b2
SJ		 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044
9f1db00c 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1046
56e5cb86 1047 hci_dev_lock(hdev);
744cf19e 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1049 rp->randomizer, rp->status);
56e5cb86 1050 hci_dev_unlock(hdev);
c35938b2
SJ		 1051}
1052
07f7fa5d
AG		 1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 __u8 status = *((__u8 *) skb->data);
1056
9f1db00c 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1060
1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1065 return;
1066 }
07f7fa5d
AG		 1067}
1068
eb9d91f5 1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1070 struct sk_buff *skb)
eb9d91f5
AG		 1071{
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1076
eb9d91f5
AG		 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp)
1079 return;
1080
68a8aea4
AE		 1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1084
3fd24153
AG		 1085 if (status) {
1086 hci_dev_lock(hdev);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
7ba8b4be 1089 return;
3fd24153 1090 }
7ba8b4be 1091
d23264a8
AG		 1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093
a8f13c8c 1094 hci_dev_lock(hdev);
343f935b 1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1096 hci_dev_unlock(hdev);
68a8aea4
AE		 1097 break;
1098
1099 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1100 if (status) {
1101 hci_dev_lock(hdev);
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
7ba8b4be 1104 return;
c9ecc48e 1105 }
7ba8b4be 1106
d23264a8
AG		 1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1108
bc3dd33c
AG		 1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1111 mgmt_interleaved_discovery(hdev);
1112 } else {
1113 hci_dev_lock(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1116 }
1117
68a8aea4
AE		 1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
35815085 1123 }
eb9d91f5
AG		 1124}
1125
a7a595f6
VCG		 1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129
9f1db00c 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1131
1132 if (rp->status)
1133 return;
1134
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1136}
1137
1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1143
1144 if (rp->status)
1145 return;
1146
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1148}
1149
6039aa73
GP		 1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
f9b49306 1152{
06199cf8 1153 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1154 __u8 status = *((__u8 *) skb->data);
1155
9f1db00c 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1157
06199cf8 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1159 if (!sent)
f9b49306
AG		 1160 return;
1161
8f984dfa
JH		 1162 if (!status) {
1163 if (sent->le)
1164 hdev->host_features[0] |= LMP_HOST_LE;
1165 else
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1167 }
1168
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1170 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1171 mgmt_le_enable_complete(hdev, sent->le, status);
1172
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1174}
1175
6039aa73 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1177{
9f1db00c 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1179
1180 if (status) {
23bb5763 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1182 hci_conn_check_pending(hdev);
56e5cb86 1183 hci_dev_lock(hdev);
a8b2d5c2 1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1185 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1186 hci_dev_unlock(hdev);
314b2381
JH		 1187 return;
1188 }
1189
89352e7d
AG		 1190 set_bit(HCI_INQUIRY, &hdev->flags);
1191
56e5cb86 1192 hci_dev_lock(hdev);
343f935b 1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1194 hci_dev_unlock(hdev);
1da177e4
LT		 1195}
1196
6039aa73 1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1198{
a9de9248 1199 struct hci_cp_create_conn *cp;
1da177e4 1200 struct hci_conn *conn;
1da177e4 1201
9f1db00c 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211
9f1db00c 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1213
1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1219 hci_conn_del(conn);
1220 } else
1221 conn->state = BT_CONNECT2;
1da177e4
LT		 1222 }
1223 } else {
1224 if (!conn) {
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1226 if (conn) {
a0c808b3 1227 conn->out = true;
1da177e4
LT		 1228 conn->link_mode |= HCI_LM_MASTER;
1229 } else
893ef971 1230 BT_ERR("No memory for new connection");
1da177e4
LT		 1231 }
1232 }
1233
1234 hci_dev_unlock(hdev);
1235}
1236
a9de9248 1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1238{
a9de9248
MH		 1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1241 __u16 handle;
1da177e4 1242
9f1db00c 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1244
a9de9248
MH		 1245 if (!status)
1246 return;
1da177e4 1247
a9de9248
MH		 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1249 if (!cp)
1250 return;
1da177e4 1251
a9de9248 1252 handle = __le16_to_cpu(cp->handle);
1da177e4 1253
9f1db00c 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1255
a9de9248 1256 hci_dev_lock(hdev);
1da177e4 1257
a9de9248 1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1259 if (acl) {
1260 sco = acl->link;
1261 if (sco) {
1262 sco->state = BT_CLOSED;
1da177e4 1263
5a08ecce
AE		 1264 hci_proto_connect_cfm(sco, status);
1265 hci_conn_del(sco);
1266 }
a9de9248 1267 }
1da177e4 1268
a9de9248
MH		 1269 hci_dev_unlock(hdev);
1270}
1da177e4 1271
f8558555
MH		 1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1273{
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1276
9f1db00c 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1278
1279 if (!status)
1280 return;
1281
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1283 if (!cp)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn) {
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1292 hci_conn_put(conn);
1293 }
1294 }
1295
1296 hci_dev_unlock(hdev);
1297}
1298
1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1300{
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1303
9f1db00c 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1305
1306 if (!status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn) {
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1319 hci_conn_put(conn);
1320 }
1321 }
1322
1323 hci_dev_unlock(hdev);
1324}
1325
127178d2 1326static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1327 struct hci_conn *conn)
392599b9 1328{
392599b9
JH		 1329 if (conn->state != BT_CONFIG || !conn->out)
1330 return 0;
1331
765c2a96 1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1333 return 0;
1334
1335 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1336 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1339 return 0;
1340
392599b9
JH		 1341 return 1;
1342}
1343
6039aa73 1344static int hci_resolve_name(struct hci_dev *hdev,
04124681 1345 struct inquiry_entry *e)
30dc78e1
JH		 1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
b644ba33 1359static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
b644ba33
JH		 1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1368 if (hci_resolve_name(hdev, e) == 0) {
1369 e->name_state = NAME_PENDING;
1370 return true;
1371 }
1372
1373 return false;
1374}
1375
1376static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1377 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1378{
1379 struct discovery_state *discov = &hdev->discovery;
1380 struct inquiry_entry *e;
1381
1382 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1383 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1384 name_len, conn->dev_class);
b644ba33
JH		 1385
1386 if (discov->state == DISCOVERY_STOPPED)
1387 return;
1388
30dc78e1
JH		 1389 if (discov->state == DISCOVERY_STOPPING)
1390 goto discov_complete;
1391
1392 if (discov->state != DISCOVERY_RESOLVING)
1393 return;
1394
1395 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1396 if (e) {
1397 e->name_state = NAME_KNOWN;
1398 list_del(&e->list);
b644ba33
JH		 1399 if (name)
1400 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1401 e->data.rssi, name, name_len);
30dc78e1
JH		 1402 }
1403
b644ba33 1404 if (hci_resolve_next_name(hdev))
30dc78e1 1405 return;
30dc78e1
JH		 1406
1407discov_complete:
1408 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1409}
1410
a9de9248
MH		 1411static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1412{
127178d2
JH		 1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn;
1415
9f1db00c 1416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1417
1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1424 if (!cp)
1425 return;
1426
1427 hci_dev_lock(hdev);
1428
b644ba33
JH		 1429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1430
a8b2d5c2 1431 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1432 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1433
79c6c70c
JH		 1434 if (!conn)
1435 goto unlock;
1436
1437 if (!hci_outgoing_auth_needed(hdev, conn))
1438 goto unlock;
1439
51a8efd7 1440 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1441 struct hci_cp_auth_requested cp;
1442 cp.handle = __cpu_to_le16(conn->handle);
1443 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1444 }
1445
79c6c70c 1446unlock:
127178d2 1447 hci_dev_unlock(hdev);
a9de9248 1448}
1da177e4 1449
769be974
MH		 1450static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1451{
1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn;
1454
9f1db00c 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1456
1457 if (!status)
1458 return;
1459
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1461 if (!cp)
1462 return;
1463
1464 hci_dev_lock(hdev);
1465
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 if (conn) {
1468 if (conn->state == BT_CONFIG) {
769be974
MH		 1469 hci_proto_connect_cfm(conn, status);
1470 hci_conn_put(conn);
1471 }
1472 }
1473
1474 hci_dev_unlock(hdev);
1475}
1476
1477static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1478{
1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn;
1481
9f1db00c 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1483
1484 if (!status)
1485 return;
1486
1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1488 if (!cp)
1489 return;
1490
1491 hci_dev_lock(hdev);
1492
1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 if (conn) {
1495 if (conn->state == BT_CONFIG) {
769be974
MH		 1496 hci_proto_connect_cfm(conn, status);
1497 hci_conn_put(conn);
1498 }
1499 }
1500
1501 hci_dev_unlock(hdev);
1502}
1503
a9de9248
MH		 1504static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1505{
b6a0dc82
MH		 1506 struct hci_cp_setup_sync_conn *cp;
1507 struct hci_conn *acl, *sco;
1508 __u16 handle;
1509
9f1db00c 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1511
1512 if (!status)
1513 return;
1514
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1516 if (!cp)
1517 return;
1518
1519 handle = __le16_to_cpu(cp->handle);
1520
9f1db00c 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1522
1523 hci_dev_lock(hdev);
1524
1525 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1526 if (acl) {
1527 sco = acl->link;
1528 if (sco) {
1529 sco->state = BT_CLOSED;
b6a0dc82 1530
5a08ecce
AE		 1531 hci_proto_connect_cfm(sco, status);
1532 hci_conn_del(sco);
1533 }
b6a0dc82
MH		 1534 }
1535
1536 hci_dev_unlock(hdev);
1da177e4
LT		 1537}
1538
a9de9248 1539static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1540{
a9de9248
MH		 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn;
1da177e4 1543
9f1db00c 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1545
a9de9248
MH		 1546 if (!status)
1547 return;
04837f64 1548
a9de9248
MH		 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1550 if (!cp)
1551 return;
04837f64 1552
a9de9248 1553 hci_dev_lock(hdev);
04837f64 1554
a9de9248 1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1556 if (conn) {
51a8efd7 1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1558
51a8efd7 1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1560 hci_sco_setup(conn, status);
1561 }
1562
a9de9248
MH		 1563 hci_dev_unlock(hdev);
1564}
04837f64 1565
a9de9248
MH		 1566static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1567{
1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn;
04837f64 1570
9f1db00c 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1572
a9de9248
MH		 1573 if (!status)
1574 return;
04837f64 1575
a9de9248
MH		 1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1577 if (!cp)
1578 return;
04837f64 1579
a9de9248 1580 hci_dev_lock(hdev);
1da177e4 1581
a9de9248 1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1583 if (conn) {
51a8efd7 1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1585
51a8efd7 1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1587 hci_sco_setup(conn, status);
1588 }
1589
a9de9248 1590 hci_dev_unlock(hdev);
1da177e4
LT		 1591}
1592
88c3df13
JH		 1593static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1594{
1595 struct hci_cp_disconnect *cp;
1596 struct hci_conn *conn;
1597
1598 if (!status)
1599 return;
1600
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1602 if (!cp)
1603 return;
1604
1605 hci_dev_lock(hdev);
1606
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1608 if (conn)
1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1610 conn->dst_type, status);
88c3df13
JH		 1611
1612 hci_dev_unlock(hdev);
1613}
1614
fcd89c09
VT		 1615static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1616{
1617 struct hci_cp_le_create_conn *cp;
1618 struct hci_conn *conn;
1619
9f1db00c 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09
VT		 1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1623 if (!cp)
1624 return;
1625
1626 hci_dev_lock(hdev);
1627
1628 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1629
1630 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
807deac2 1631 conn);
fcd89c09
VT		 1632
1633 if (status) {
1634 if (conn && conn->state == BT_CONNECT) {
1635 conn->state = BT_CLOSED;
328c9248
HG		 1636 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1637 conn->dst_type, status);
fcd89c09
VT		 1638 hci_proto_connect_cfm(conn, status);
1639 hci_conn_del(conn);
1640 }
1641 } else {
1642 if (!conn) {
1643 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1644 if (conn) {
1645 conn->dst_type = cp->peer_addr_type;
a0c808b3 1646 conn->out = true;
29b7988a 1647 } else {
fcd89c09 1648 BT_ERR("No memory for new connection");
29b7988a 1649 }
fcd89c09
VT		 1650 }
1651 }
1652
1653 hci_dev_unlock(hdev);
1654}
1655
a7a595f6
VCG		 1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657{
9f1db00c 1658 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1659}
1660
6039aa73 1661static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1662{
1663 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1664 struct discovery_state *discov = &hdev->discovery;
1665 struct inquiry_entry *e;
1da177e4 1666
9f1db00c 1667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1668
23bb5763 1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1670
a9de9248 1671 hci_conn_check_pending(hdev);
89352e7d
AG		 1672
1673 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1674 return;
1675
a8b2d5c2 1676 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1677 return;
1678
56e5cb86 1679 hci_dev_lock(hdev);
30dc78e1 1680
343f935b 1681 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1682 goto unlock;
1683
1684 if (list_empty(&discov->resolve)) {
1685 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 goto unlock;
1687 }
1688
1689 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1690 if (e && hci_resolve_name(hdev, e) == 0) {
1691 e->name_state = NAME_PENDING;
1692 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1693 } else {
1694 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1695 }
1696
1697unlock:
56e5cb86 1698 hci_dev_unlock(hdev);
1da177e4
LT		 1699}
1700
6039aa73 1701static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1702{
45bb4bf0 1703 struct inquiry_data data;
a9de9248 1704 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1705 int num_rsp = *((__u8 *) skb->data);
1706
1707 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1708
45bb4bf0
MH		 1709 if (!num_rsp)
1710 return;
1711
1519cc17
AG		 1712 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1713 return;
1714
1da177e4 1715 hci_dev_lock(hdev);
45bb4bf0 1716
e17acd40 1717 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1718 bool name_known, ssp;
3175405b 1719
1da177e4
LT		 1720 bacpy(&data.bdaddr, &info->bdaddr);
1721 data.pscan_rep_mode = info->pscan_rep_mode;
1722 data.pscan_period_mode = info->pscan_period_mode;
1723 data.pscan_mode = info->pscan_mode;
1724 memcpy(data.dev_class, info->dev_class, 3);
1725 data.clock_offset = info->clock_offset;
1726 data.rssi = 0x00;
41a96212 1727 data.ssp_mode = 0x00;
3175405b 1728
388fc8fa 1729 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1730 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1731 info->dev_class, 0, !name_known, ssp, NULL,
1732 0);
1da177e4 1733 }
45bb4bf0 1734
1da177e4
LT		 1735 hci_dev_unlock(hdev);
1736}
1737
6039aa73 1738static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1739{
a9de9248
MH		 1740 struct hci_ev_conn_complete *ev = (void *) skb->data;
1741 struct hci_conn *conn;
1da177e4
LT		 1742
1743 BT_DBG("%s", hdev->name);
1744
1745 hci_dev_lock(hdev);
1746
1747 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1748 if (!conn) {
1749 if (ev->link_type != SCO_LINK)
1750 goto unlock;
1751
1752 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1753 if (!conn)
1754 goto unlock;
1755
1756 conn->type = SCO_LINK;
1757 }
1da177e4
LT		 1758
1759 if (!ev->status) {
1760 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1761
1762 if (conn->type == ACL_LINK) {
1763 conn->state = BT_CONFIG;
1764 hci_conn_hold(conn);
a9ea3ed9
SJ		 1765
1766 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1767 !hci_find_link_key(hdev, &ev->bdaddr))
1768 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1769 else
1770 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1771 } else
1772 conn->state = BT_CONNECTED;
1da177e4 1773
9eba32b8 1774 hci_conn_hold_device(conn);
7d0db0a3
MH		 1775 hci_conn_add_sysfs(conn);
1776
1da177e4
LT		 1777 if (test_bit(HCI_AUTH, &hdev->flags))
1778 conn->link_mode |= HCI_LM_AUTH;
1779
1780 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1781 conn->link_mode |= HCI_LM_ENCRYPT;
1782
04837f64
MH		 1783 /* Get remote features */
1784 if (conn->type == ACL_LINK) {
1785 struct hci_cp_read_remote_features cp;
1786 cp.handle = ev->handle;
769be974 1787 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1788 sizeof(cp), &cp);
04837f64
MH		 1789 }
1790
1da177e4 1791 /* Set packet type for incoming connection */
d095c1eb 1792 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1793 struct hci_cp_change_conn_ptype cp;
1794 cp.handle = ev->handle;
a8746417 1795 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1796 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1797 &cp);
1da177e4 1798 }
17d5c04c 1799 } else {
1da177e4 1800 conn->state = BT_CLOSED;
17d5c04c 1801 if (conn->type == ACL_LINK)
744cf19e 1802 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1803 conn->dst_type, ev->status);
17d5c04c 1804 }
1da177e4 1805
e73439d8
MH		 1806 if (conn->type == ACL_LINK)
1807 hci_sco_setup(conn, ev->status);
1da177e4 1808
769be974
MH		 1809 if (ev->status) {
1810 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1811 hci_conn_del(conn);
c89b6e6b
MH		 1812 } else if (ev->link_type != ACL_LINK)
1813 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1814
a9de9248 1815unlock:
1da177e4 1816 hci_dev_unlock(hdev);
1da177e4 1817
a9de9248 1818 hci_conn_check_pending(hdev);
1da177e4
LT		 1819}
1820
6039aa73 1821static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1822{
a9de9248
MH		 1823 struct hci_ev_conn_request *ev = (void *) skb->data;
1824 int mask = hdev->link_mode;
1da177e4 1825
807deac2
GP		 1826 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1827 ev->link_type);
1da177e4 1828
a9de9248 1829 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1830
138d22ef 1831 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1832 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1833 /* Connection accepted */
c7bdd502 1834 struct inquiry_entry *ie;
1da177e4 1835 struct hci_conn *conn;
1da177e4 1836
a9de9248 1837 hci_dev_lock(hdev);
b6a0dc82 1838
cc11b9c1
AE		 1839 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1840 if (ie)
c7bdd502
MH		 1841 memcpy(ie->data.dev_class, ev->dev_class, 3);
1842
8fc9ced3
GP		 1843 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1844 &ev->bdaddr);
a9de9248 1845 if (!conn) {
cc11b9c1
AE		 1846 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1847 if (!conn) {
893ef971 1848 BT_ERR("No memory for new connection");
a9de9248
MH		 1849 hci_dev_unlock(hdev);
1850 return;
1da177e4
LT		 1851 }
1852 }
b6a0dc82 1853
a9de9248
MH		 1854 memcpy(conn->dev_class, ev->dev_class, 3);
1855 conn->state = BT_CONNECT;
b6a0dc82 1856
a9de9248 1857 hci_dev_unlock(hdev);
1da177e4 1858
b6a0dc82
MH		 1859 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1860 struct hci_cp_accept_conn_req cp;
1da177e4 1861
b6a0dc82
MH		 1862 bacpy(&cp.bdaddr, &ev->bdaddr);
1863
1864 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1865 cp.role = 0x00; /* Become master */
1866 else
1867 cp.role = 0x01; /* Remain slave */
1868
04124681
GP		 1869 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1870 &cp);
b6a0dc82
MH		 1871 } else {
1872 struct hci_cp_accept_sync_conn_req cp;
1873
1874 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1875 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1876
82781e63
AE		 1877 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1878 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1879 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1880 cp.content_format = cpu_to_le16(hdev->voice_setting);
1881 cp.retrans_effort = 0xff;
1da177e4 1882
b6a0dc82 1883 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1884 sizeof(cp), &cp);
b6a0dc82 1885 }
a9de9248
MH		 1886 } else {
1887 /* Connection rejected */
1888 struct hci_cp_reject_conn_req cp;
1da177e4 1889
a9de9248 1890 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1891 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1892 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1893 }
1da177e4
LT		 1894}
1895
6039aa73 1896static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1897{
a9de9248 1898 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1899 struct hci_conn *conn;
1900
9f1db00c 1901 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1902
1903 hci_dev_lock(hdev);
1904
1905 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1906 if (!conn)
1907 goto unlock;
7d0db0a3 1908
37d9ef76
JH		 1909 if (ev->status == 0)
1910 conn->state = BT_CLOSED;
04837f64 1911
b644ba33 1912 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1913 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1914 if (ev->status != 0)
88c3df13 1915 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1916 conn->dst_type, ev->status);
37d9ef76 1917 else
afc747a6 1918 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1919 conn->dst_type);
37d9ef76 1920 }
f7520543 1921
37d9ef76 1922 if (ev->status == 0) {
6ec5bcad
VA		 1923 if (conn->type == ACL_LINK && conn->flush_key)
1924 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1925 hci_proto_disconn_cfm(conn, ev->reason);
1926 hci_conn_del(conn);
1927 }
f7520543
JH		 1928
1929unlock:
04837f64
MH		 1930 hci_dev_unlock(hdev);
1931}
1932
6039aa73 1933static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1934{
a9de9248 1935 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1936 struct hci_conn *conn;
1da177e4 1937
9f1db00c 1938 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1939
1940 hci_dev_lock(hdev);
1941
04837f64 1942 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1943 if (!conn)
1944 goto unlock;
1945
1946 if (!ev->status) {
aa64a8b5 1947 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1948 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1949 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1950 } else {
d7556e20
WR		 1951 conn->link_mode |= HCI_LM_AUTH;
1952 conn->sec_level = conn->pending_sec_level;
2a611692 1953 }
d7556e20 1954 } else {
bab73cb6 1955 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1956 ev->status);
d7556e20 1957 }
1da177e4 1958
51a8efd7
JH		 1959 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1960 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1961
d7556e20 1962 if (conn->state == BT_CONFIG) {
aa64a8b5 1963 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1964 struct hci_cp_set_conn_encrypt cp;
1965 cp.handle = ev->handle;
1966 cp.encrypt = 0x01;
1967 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1968 &cp);
052b30b0 1969 } else {
d7556e20
WR		 1970 conn->state = BT_CONNECTED;
1971 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1972 hci_conn_put(conn);
1973 }
d7556e20
WR		 1974 } else {
1975 hci_auth_cfm(conn, ev->status);
052b30b0 1976
d7556e20
WR		 1977 hci_conn_hold(conn);
1978 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1979 hci_conn_put(conn);
1980 }
1981
51a8efd7 1982 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1983 if (!ev->status) {
1984 struct hci_cp_set_conn_encrypt cp;
1985 cp.handle = ev->handle;
1986 cp.encrypt = 0x01;
1987 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1988 &cp);
d7556e20 1989 } else {
51a8efd7 1990 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1991 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1992 }
1993 }
1994
d7556e20 1995unlock:
1da177e4
LT		 1996 hci_dev_unlock(hdev);
1997}
1998
6039aa73 1999static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2000{
127178d2
JH		 2001 struct hci_ev_remote_name *ev = (void *) skb->data;
2002 struct hci_conn *conn;
2003
a9de9248 2004 BT_DBG("%s", hdev->name);
1da177e4 2005
a9de9248 2006 hci_conn_check_pending(hdev);
127178d2
JH		 2007
2008 hci_dev_lock(hdev);
2009
b644ba33 2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2011
b644ba33
JH		 2012 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2013 goto check_auth;
a88a9652 2014
b644ba33
JH		 2015 if (ev->status == 0)
2016 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2017 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2018 else
2019 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2020
2021check_auth:
79c6c70c
JH		 2022 if (!conn)
2023 goto unlock;
2024
2025 if (!hci_outgoing_auth_needed(hdev, conn))
2026 goto unlock;
2027
51a8efd7 2028 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2029 struct hci_cp_auth_requested cp;
2030 cp.handle = __cpu_to_le16(conn->handle);
2031 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2032 }
2033
79c6c70c 2034unlock:
127178d2 2035 hci_dev_unlock(hdev);
a9de9248
MH		 2036}
2037
6039aa73 2038static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2039{
2040 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2041 struct hci_conn *conn;
2042
9f1db00c 2043 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2044
2045 hci_dev_lock(hdev);
2046
04837f64 2047 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2048 if (conn) {
2049 if (!ev->status) {
ae293196
MH		 2050 if (ev->encrypt) {
2051 /* Encryption implies authentication */
2052 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2053 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2054 conn->sec_level = conn->pending_sec_level;
ae293196 2055 } else
1da177e4
LT		 2056 conn->link_mode &= ~HCI_LM_ENCRYPT;
2057 }
2058
51a8efd7 2059 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2060
a7d7723a 2061 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2062 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2063 hci_conn_put(conn);
2064 goto unlock;
2065 }
2066
f8558555
MH		 2067 if (conn->state == BT_CONFIG) {
2068 if (!ev->status)
2069 conn->state = BT_CONNECTED;
2070
2071 hci_proto_connect_cfm(conn, ev->status);
2072 hci_conn_put(conn);
2073 } else
2074 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2075 }
2076
a7d7723a 2077unlock:
1da177e4
LT		 2078 hci_dev_unlock(hdev);
2079}
2080
6039aa73
GP		 2081static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2082 struct sk_buff *skb)
1da177e4 2083{
a9de9248 2084 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2085 struct hci_conn *conn;
1da177e4 2086
9f1db00c 2087 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2088
2089 hci_dev_lock(hdev);
2090
04837f64 2091 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2092 if (conn) {
2093 if (!ev->status)
2094 conn->link_mode |= HCI_LM_SECURE;
2095
51a8efd7 2096 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2097
2098 hci_key_change_cfm(conn, ev->status);
2099 }
2100
2101 hci_dev_unlock(hdev);
2102}
2103
6039aa73
GP		 2104static void hci_remote_features_evt(struct hci_dev *hdev,
2105 struct sk_buff *skb)
1da177e4 2106{
a9de9248
MH		 2107 struct hci_ev_remote_features *ev = (void *) skb->data;
2108 struct hci_conn *conn;
2109
9f1db00c 2110 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2111
a9de9248
MH		 2112 hci_dev_lock(hdev);
2113
2114 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2115 if (!conn)
2116 goto unlock;
769be974 2117
ccd556fe
JH		 2118 if (!ev->status)
2119 memcpy(conn->features, ev->features, 8);
2120
2121 if (conn->state != BT_CONFIG)
2122 goto unlock;
2123
2124 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2125 struct hci_cp_read_remote_ext_features cp;
2126 cp.handle = ev->handle;
2127 cp.page = 0x01;
2128 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2129 sizeof(cp), &cp);
392599b9
JH		 2130 goto unlock;
2131 }
2132
671267bf 2133 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2134 struct hci_cp_remote_name_req cp;
2135 memset(&cp, 0, sizeof(cp));
2136 bacpy(&cp.bdaddr, &conn->dst);
2137 cp.pscan_rep_mode = 0x02;
2138 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2139 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2140 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2141 conn->dst_type, 0, NULL, 0,
2142 conn->dev_class);
392599b9 2143
127178d2 2144 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2145 conn->state = BT_CONNECTED;
2146 hci_proto_connect_cfm(conn, ev->status);
2147 hci_conn_put(conn);
769be974 2148 }
a9de9248 2149
ccd556fe 2150unlock:
a9de9248 2151 hci_dev_unlock(hdev);
1da177e4
LT		 2152}
2153
6039aa73 2154static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2155{
a9de9248 2156 BT_DBG("%s", hdev->name);
1da177e4
LT		 2157}
2158
6039aa73
GP		 2159static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2160 struct sk_buff *skb)
1da177e4 2161{
a9de9248 2162 BT_DBG("%s", hdev->name);
1da177e4
LT		 2163}
2164
6039aa73 2165static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2166{
2167 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2168 __u16 opcode;
2169
2170 skb_pull(skb, sizeof(*ev));
2171
2172 opcode = __le16_to_cpu(ev->opcode);
2173
2174 switch (opcode) {
2175 case HCI_OP_INQUIRY_CANCEL:
2176 hci_cc_inquiry_cancel(hdev, skb);
2177 break;
2178
4d93483b
AG		 2179 case HCI_OP_PERIODIC_INQ:
2180 hci_cc_periodic_inq(hdev, skb);
2181 break;
2182
a9de9248
MH		 2183 case HCI_OP_EXIT_PERIODIC_INQ:
2184 hci_cc_exit_periodic_inq(hdev, skb);
2185 break;
2186
2187 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2188 hci_cc_remote_name_req_cancel(hdev, skb);
2189 break;
2190
2191 case HCI_OP_ROLE_DISCOVERY:
2192 hci_cc_role_discovery(hdev, skb);
2193 break;
2194
e4e8e37c
MH		 2195 case HCI_OP_READ_LINK_POLICY:
2196 hci_cc_read_link_policy(hdev, skb);
2197 break;
2198
a9de9248
MH		 2199 case HCI_OP_WRITE_LINK_POLICY:
2200 hci_cc_write_link_policy(hdev, skb);
2201 break;
2202
e4e8e37c
MH		 2203 case HCI_OP_READ_DEF_LINK_POLICY:
2204 hci_cc_read_def_link_policy(hdev, skb);
2205 break;
2206
2207 case HCI_OP_WRITE_DEF_LINK_POLICY:
2208 hci_cc_write_def_link_policy(hdev, skb);
2209 break;
2210
a9de9248
MH		 2211 case HCI_OP_RESET:
2212 hci_cc_reset(hdev, skb);
2213 break;
2214
2215 case HCI_OP_WRITE_LOCAL_NAME:
2216 hci_cc_write_local_name(hdev, skb);
2217 break;
2218
2219 case HCI_OP_READ_LOCAL_NAME:
2220 hci_cc_read_local_name(hdev, skb);
2221 break;
2222
2223 case HCI_OP_WRITE_AUTH_ENABLE:
2224 hci_cc_write_auth_enable(hdev, skb);
2225 break;
2226
2227 case HCI_OP_WRITE_ENCRYPT_MODE:
2228 hci_cc_write_encrypt_mode(hdev, skb);
2229 break;
2230
2231 case HCI_OP_WRITE_SCAN_ENABLE:
2232 hci_cc_write_scan_enable(hdev, skb);
2233 break;
2234
2235 case HCI_OP_READ_CLASS_OF_DEV:
2236 hci_cc_read_class_of_dev(hdev, skb);
2237 break;
2238
2239 case HCI_OP_WRITE_CLASS_OF_DEV:
2240 hci_cc_write_class_of_dev(hdev, skb);
2241 break;
2242
2243 case HCI_OP_READ_VOICE_SETTING:
2244 hci_cc_read_voice_setting(hdev, skb);
2245 break;
2246
2247 case HCI_OP_WRITE_VOICE_SETTING:
2248 hci_cc_write_voice_setting(hdev, skb);
2249 break;
2250
2251 case HCI_OP_HOST_BUFFER_SIZE:
2252 hci_cc_host_buffer_size(hdev, skb);
2253 break;
2254
333140b5
MH		 2255 case HCI_OP_WRITE_SSP_MODE:
2256 hci_cc_write_ssp_mode(hdev, skb);
2257 break;
2258
a9de9248
MH		 2259 case HCI_OP_READ_LOCAL_VERSION:
2260 hci_cc_read_local_version(hdev, skb);
2261 break;
2262
2263 case HCI_OP_READ_LOCAL_COMMANDS:
2264 hci_cc_read_local_commands(hdev, skb);
2265 break;
2266
2267 case HCI_OP_READ_LOCAL_FEATURES:
2268 hci_cc_read_local_features(hdev, skb);
2269 break;
2270
971e3a4b
AG		 2271 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2272 hci_cc_read_local_ext_features(hdev, skb);
2273 break;
2274
a9de9248
MH		 2275 case HCI_OP_READ_BUFFER_SIZE:
2276 hci_cc_read_buffer_size(hdev, skb);
2277 break;
2278
2279 case HCI_OP_READ_BD_ADDR:
2280 hci_cc_read_bd_addr(hdev, skb);
2281 break;
2282
350ee4cf
AE		 2283 case HCI_OP_READ_DATA_BLOCK_SIZE:
2284 hci_cc_read_data_block_size(hdev, skb);
2285 break;
2286
23bb5763
JH		 2287 case HCI_OP_WRITE_CA_TIMEOUT:
2288 hci_cc_write_ca_timeout(hdev, skb);
2289 break;
2290
1e89cffb
AE		 2291 case HCI_OP_READ_FLOW_CONTROL_MODE:
2292 hci_cc_read_flow_control_mode(hdev, skb);
2293 break;
2294
928abaa7
AE		 2295 case HCI_OP_READ_LOCAL_AMP_INFO:
2296 hci_cc_read_local_amp_info(hdev, skb);
2297 break;
2298
b0916ea0
JH		 2299 case HCI_OP_DELETE_STORED_LINK_KEY:
2300 hci_cc_delete_stored_link_key(hdev, skb);
2301 break;
2302
d5859e22
JH		 2303 case HCI_OP_SET_EVENT_MASK:
2304 hci_cc_set_event_mask(hdev, skb);
2305 break;
2306
2307 case HCI_OP_WRITE_INQUIRY_MODE:
2308 hci_cc_write_inquiry_mode(hdev, skb);
2309 break;
2310
2311 case HCI_OP_READ_INQ_RSP_TX_POWER:
2312 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2313 break;
2314
2315 case HCI_OP_SET_EVENT_FLT:
2316 hci_cc_set_event_flt(hdev, skb);
2317 break;
2318
980e1a53
JH		 2319 case HCI_OP_PIN_CODE_REPLY:
2320 hci_cc_pin_code_reply(hdev, skb);
2321 break;
2322
2323 case HCI_OP_PIN_CODE_NEG_REPLY:
2324 hci_cc_pin_code_neg_reply(hdev, skb);
2325 break;
2326
c35938b2
SJ		 2327 case HCI_OP_READ_LOCAL_OOB_DATA:
2328 hci_cc_read_local_oob_data_reply(hdev, skb);
2329 break;
2330
6ed58ec5
VT		 2331 case HCI_OP_LE_READ_BUFFER_SIZE:
2332 hci_cc_le_read_buffer_size(hdev, skb);
2333 break;
2334
a5c29683
JH		 2335 case HCI_OP_USER_CONFIRM_REPLY:
2336 hci_cc_user_confirm_reply(hdev, skb);
2337 break;
2338
2339 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2340 hci_cc_user_confirm_neg_reply(hdev, skb);
2341 break;
2342
1143d458
BG		 2343 case HCI_OP_USER_PASSKEY_REPLY:
2344 hci_cc_user_passkey_reply(hdev, skb);
2345 break;
2346
2347 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2348 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2349 break;
07f7fa5d
AG		 2350
2351 case HCI_OP_LE_SET_SCAN_PARAM:
2352 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2353 break;
2354
eb9d91f5
AG		 2355 case HCI_OP_LE_SET_SCAN_ENABLE:
2356 hci_cc_le_set_scan_enable(hdev, skb);
2357 break;
2358
a7a595f6
VCG		 2359 case HCI_OP_LE_LTK_REPLY:
2360 hci_cc_le_ltk_reply(hdev, skb);
2361 break;
2362
2363 case HCI_OP_LE_LTK_NEG_REPLY:
2364 hci_cc_le_ltk_neg_reply(hdev, skb);
2365 break;
2366
f9b49306
AG		 2367 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2368 hci_cc_write_le_host_supported(hdev, skb);
2369 break;
2370
a9de9248 2371 default:
9f1db00c 2372 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2373 break;
2374 }
2375
6bd32326
VT		 2376 if (ev->opcode != HCI_OP_NOP)
2377 del_timer(&hdev->cmd_timer);
2378
a9de9248
MH		 2379 if (ev->ncmd) {
2380 atomic_set(&hdev->cmd_cnt, 1);
2381 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2382 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2383 }
2384}
2385
6039aa73 2386static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2387{
2388 struct hci_ev_cmd_status *ev = (void *) skb->data;
2389 __u16 opcode;
2390
2391 skb_pull(skb, sizeof(*ev));
2392
2393 opcode = __le16_to_cpu(ev->opcode);
2394
2395 switch (opcode) {
2396 case HCI_OP_INQUIRY:
2397 hci_cs_inquiry(hdev, ev->status);
2398 break;
2399
2400 case HCI_OP_CREATE_CONN:
2401 hci_cs_create_conn(hdev, ev->status);
2402 break;
2403
2404 case HCI_OP_ADD_SCO:
2405 hci_cs_add_sco(hdev, ev->status);
2406 break;
2407
f8558555
MH		 2408 case HCI_OP_AUTH_REQUESTED:
2409 hci_cs_auth_requested(hdev, ev->status);
2410 break;
2411
2412 case HCI_OP_SET_CONN_ENCRYPT:
2413 hci_cs_set_conn_encrypt(hdev, ev->status);
2414 break;
2415
a9de9248
MH		 2416 case HCI_OP_REMOTE_NAME_REQ:
2417 hci_cs_remote_name_req(hdev, ev->status);
2418 break;
2419
769be974
MH		 2420 case HCI_OP_READ_REMOTE_FEATURES:
2421 hci_cs_read_remote_features(hdev, ev->status);
2422 break;
2423
2424 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2425 hci_cs_read_remote_ext_features(hdev, ev->status);
2426 break;
2427
a9de9248
MH		 2428 case HCI_OP_SETUP_SYNC_CONN:
2429 hci_cs_setup_sync_conn(hdev, ev->status);
2430 break;
2431
2432 case HCI_OP_SNIFF_MODE:
2433 hci_cs_sniff_mode(hdev, ev->status);
2434 break;
2435
2436 case HCI_OP_EXIT_SNIFF_MODE:
2437 hci_cs_exit_sniff_mode(hdev, ev->status);
2438 break;
2439
8962ee74 2440 case HCI_OP_DISCONNECT:
88c3df13 2441 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2442 break;
2443
fcd89c09
VT		 2444 case HCI_OP_LE_CREATE_CONN:
2445 hci_cs_le_create_conn(hdev, ev->status);
2446 break;
2447
a7a595f6
VCG		 2448 case HCI_OP_LE_START_ENC:
2449 hci_cs_le_start_enc(hdev, ev->status);
2450 break;
2451
a9de9248 2452 default:
9f1db00c 2453 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2454 break;
2455 }
2456
6bd32326
VT		 2457 if (ev->opcode != HCI_OP_NOP)
2458 del_timer(&hdev->cmd_timer);
2459
10572132 2460 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2461 atomic_set(&hdev->cmd_cnt, 1);
2462 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2463 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2464 }
2465}
2466
6039aa73 2467static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2468{
2469 struct hci_ev_role_change *ev = (void *) skb->data;
2470 struct hci_conn *conn;
2471
9f1db00c 2472 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2473
2474 hci_dev_lock(hdev);
2475
2476 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2477 if (conn) {
2478 if (!ev->status) {
2479 if (ev->role)
2480 conn->link_mode &= ~HCI_LM_MASTER;
2481 else
2482 conn->link_mode |= HCI_LM_MASTER;
2483 }
2484
51a8efd7 2485 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2486
2487 hci_role_switch_cfm(conn, ev->status, ev->role);
2488 }
2489
2490 hci_dev_unlock(hdev);
2491}
2492
6039aa73 2493static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2494{
2495 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2496 int i;
2497
32ac5b9b
AE		 2498 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2499 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2500 return;
2501 }
2502
c5993de8 2503 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2504 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2505 BT_DBG("%s bad parameters", hdev->name);
2506 return;
2507 }
2508
c5993de8
AE		 2509 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2510
613a1c0c
AE		 2511 for (i = 0; i < ev->num_hndl; i++) {
2512 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2513 struct hci_conn *conn;
2514 __u16 handle, count;
2515
613a1c0c
AE		 2516 handle = __le16_to_cpu(info->handle);
2517 count = __le16_to_cpu(info->count);
a9de9248
MH		 2518
2519 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2520 if (!conn)
2521 continue;
2522
2523 conn->sent -= count;
2524
2525 switch (conn->type) {
2526 case ACL_LINK:
2527 hdev->acl_cnt += count;
2528 if (hdev->acl_cnt > hdev->acl_pkts)
2529 hdev->acl_cnt = hdev->acl_pkts;
2530 break;
2531
2532 case LE_LINK:
2533 if (hdev->le_pkts) {
2534 hdev->le_cnt += count;
2535 if (hdev->le_cnt > hdev->le_pkts)
2536 hdev->le_cnt = hdev->le_pkts;
2537 } else {
70f23020
AE		 2538 hdev->acl_cnt += count;
2539 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2540 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2541 }
f4280918
AE		 2542 break;
2543
2544 case SCO_LINK:
2545 hdev->sco_cnt += count;
2546 if (hdev->sco_cnt > hdev->sco_pkts)
2547 hdev->sco_cnt = hdev->sco_pkts;
2548 break;
2549
2550 default:
2551 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2552 break;
a9de9248
MH		 2553 }
2554 }
2555
3eff45ea 2556 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2557}
2558
6039aa73 2559static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2560{
2561 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2562 int i;
2563
2564 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2565 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2566 return;
2567 }
2568
2569 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2570 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2571 BT_DBG("%s bad parameters", hdev->name);
2572 return;
2573 }
2574
2575 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2576 ev->num_hndl);
25e89e99
AE		 2577
2578 for (i = 0; i < ev->num_hndl; i++) {
2579 struct hci_comp_blocks_info *info = &ev->handles[i];
2580 struct hci_conn *conn;
2581 __u16 handle, block_count;
2582
2583 handle = __le16_to_cpu(info->handle);
2584 block_count = __le16_to_cpu(info->blocks);
2585
2586 conn = hci_conn_hash_lookup_handle(hdev, handle);
2587 if (!conn)
2588 continue;
2589
2590 conn->sent -= block_count;
2591
2592 switch (conn->type) {
2593 case ACL_LINK:
2594 hdev->block_cnt += block_count;
2595 if (hdev->block_cnt > hdev->num_blocks)
2596 hdev->block_cnt = hdev->num_blocks;
2597 break;
2598
2599 default:
2600 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2601 break;
2602 }
2603 }
2604
2605 queue_work(hdev->workqueue, &hdev->tx_work);
2606}
2607
6039aa73 2608static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2609{
a9de9248 2610 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2611 struct hci_conn *conn;
2612
9f1db00c 2613 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2614
2615 hci_dev_lock(hdev);
2616
2617 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2618 if (conn) {
2619 conn->mode = ev->mode;
2620 conn->interval = __le16_to_cpu(ev->interval);
2621
8fc9ced3
GP		 2622 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2623 &conn->flags)) {
a9de9248 2624 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2625 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2626 else
58a681ef 2627 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2628 }
e73439d8 2629
51a8efd7 2630 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2631 hci_sco_setup(conn, ev->status);
04837f64
MH		 2632 }
2633
2634 hci_dev_unlock(hdev);
2635}
2636
6039aa73 2637static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2638{
052b30b0
MH		 2639 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2640 struct hci_conn *conn;
2641
a9de9248 2642 BT_DBG("%s", hdev->name);
052b30b0
MH		 2643
2644 hci_dev_lock(hdev);
2645
2646 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2647 if (!conn)
2648 goto unlock;
2649
2650 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2651 hci_conn_hold(conn);
2652 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2653 hci_conn_put(conn);
2654 }
2655
a8b2d5c2 2656 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2657 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2658 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2659 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2660 u8 secure;
2661
2662 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2663 secure = 1;
2664 else
2665 secure = 0;
2666
744cf19e 2667 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2668 }
980e1a53 2669
b6f98044 2670unlock:
052b30b0 2671 hci_dev_unlock(hdev);
a9de9248
MH		 2672}
2673
6039aa73 2674static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2675{
55ed8ca1
JH		 2676 struct hci_ev_link_key_req *ev = (void *) skb->data;
2677 struct hci_cp_link_key_reply cp;
2678 struct hci_conn *conn;
2679 struct link_key *key;
2680
a9de9248 2681 BT_DBG("%s", hdev->name);
55ed8ca1 2682
a8b2d5c2 2683 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2684 return;
2685
2686 hci_dev_lock(hdev);
2687
2688 key = hci_find_link_key(hdev, &ev->bdaddr);
2689 if (!key) {
2690 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2691 batostr(&ev->bdaddr));
55ed8ca1
JH		 2692 goto not_found;
2693 }
2694
2695 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2696 batostr(&ev->bdaddr));
55ed8ca1 2697
a8b2d5c2 2698 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2699 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2700 BT_DBG("%s ignoring debug key", hdev->name);
2701 goto not_found;
2702 }
2703
2704 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2705 if (conn) {
2706 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2707 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2708 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2709 goto not_found;
2710 }
55ed8ca1 2711
60b83f57 2712 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2713 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2714 BT_DBG("%s ignoring key unauthenticated for high security",
2715 hdev->name);
60b83f57
WR		 2716 goto not_found;
2717 }
2718
2719 conn->key_type = key->type;
2720 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2721 }
2722
2723 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2724 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2725
2726 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2727
2728 hci_dev_unlock(hdev);
2729
2730 return;
2731
2732not_found:
2733 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2734 hci_dev_unlock(hdev);
a9de9248
MH		 2735}
2736
6039aa73 2737static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2738{
052b30b0
MH		 2739 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2740 struct hci_conn *conn;
55ed8ca1 2741 u8 pin_len = 0;
052b30b0 2742
a9de9248 2743 BT_DBG("%s", hdev->name);
052b30b0
MH		 2744
2745 hci_dev_lock(hdev);
2746
2747 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2748 if (conn) {
2749 hci_conn_hold(conn);
2750 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2751 pin_len = conn->pin_length;
13d39315
WR		 2752
2753 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2754 conn->key_type = ev->key_type;
2755
052b30b0
MH		 2756 hci_conn_put(conn);
2757 }
2758
a8b2d5c2 2759 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2760 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2761 ev->key_type, pin_len);
55ed8ca1 2762
052b30b0 2763 hci_dev_unlock(hdev);
a9de9248
MH		 2764}
2765
6039aa73 2766static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2767{
a9de9248 2768 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2769 struct hci_conn *conn;
1da177e4 2770
9f1db00c 2771 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2772
2773 hci_dev_lock(hdev);
2774
04837f64 2775 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2776 if (conn && !ev->status) {
2777 struct inquiry_entry *ie;
2778
cc11b9c1
AE		 2779 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2780 if (ie) {
1da177e4
LT		 2781 ie->data.clock_offset = ev->clock_offset;
2782 ie->timestamp = jiffies;
2783 }
2784 }
2785
2786 hci_dev_unlock(hdev);
2787}
2788
6039aa73 2789static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2790{
2791 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2792 struct hci_conn *conn;
2793
9f1db00c 2794 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2795
2796 hci_dev_lock(hdev);
2797
2798 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2799 if (conn && !ev->status)
2800 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2801
2802 hci_dev_unlock(hdev);
2803}
2804
6039aa73 2805static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2806{
a9de9248 2807 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2808 struct inquiry_entry *ie;
2809
2810 BT_DBG("%s", hdev->name);
2811
2812 hci_dev_lock(hdev);
2813
cc11b9c1
AE		 2814 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2815 if (ie) {
85a1e930
MH		 2816 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2817 ie->timestamp = jiffies;
2818 }
2819
2820 hci_dev_unlock(hdev);
2821}
2822
6039aa73
GP		 2823static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2824 struct sk_buff *skb)
a9de9248
MH		 2825{
2826 struct inquiry_data data;
2827 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2828 bool name_known, ssp;
a9de9248
MH		 2829
2830 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2831
2832 if (!num_rsp)
2833 return;
2834
1519cc17
AG		 2835 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2836 return;
2837
a9de9248
MH		 2838 hci_dev_lock(hdev);
2839
2840 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2841 struct inquiry_info_with_rssi_and_pscan_mode *info;
2842 info = (void *) (skb->data + 1);
a9de9248 2843
e17acd40 2844 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2845 bacpy(&data.bdaddr, &info->bdaddr);
2846 data.pscan_rep_mode = info->pscan_rep_mode;
2847 data.pscan_period_mode = info->pscan_period_mode;
2848 data.pscan_mode = info->pscan_mode;
2849 memcpy(data.dev_class, info->dev_class, 3);
2850 data.clock_offset = info->clock_offset;
2851 data.rssi = info->rssi;
41a96212 2852 data.ssp_mode = 0x00;
3175405b
JH		 2853
2854 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2855 false, &ssp);
48264f06 2856 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2857 info->dev_class, info->rssi,
2858 !name_known, ssp, NULL, 0);
a9de9248
MH		 2859 }
2860 } else {
2861 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2862
e17acd40 2863 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2864 bacpy(&data.bdaddr, &info->bdaddr);
2865 data.pscan_rep_mode = info->pscan_rep_mode;
2866 data.pscan_period_mode = info->pscan_period_mode;
2867 data.pscan_mode = 0x00;
2868 memcpy(data.dev_class, info->dev_class, 3);
2869 data.clock_offset = info->clock_offset;
2870 data.rssi = info->rssi;
41a96212 2871 data.ssp_mode = 0x00;
3175405b 2872 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2873 false, &ssp);
48264f06 2874 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2875 info->dev_class, info->rssi,
2876 !name_known, ssp, NULL, 0);
a9de9248
MH		 2877 }
2878 }
2879
2880 hci_dev_unlock(hdev);
2881}
2882
6039aa73
GP		 2883static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2884 struct sk_buff *skb)
a9de9248 2885{
41a96212
MH		 2886 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2887 struct hci_conn *conn;
2888
a9de9248 2889 BT_DBG("%s", hdev->name);
41a96212 2890
41a96212
MH		 2891 hci_dev_lock(hdev);
2892
2893 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2894 if (!conn)
2895 goto unlock;
41a96212 2896
ccd556fe
JH		 2897 if (!ev->status && ev->page == 0x01) {
2898 struct inquiry_entry *ie;
41a96212 2899
cc11b9c1
AE		 2900 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2901 if (ie)
02b7cc62 2902 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2903
02b7cc62 2904 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2905 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2906 }
2907
2908 if (conn->state != BT_CONFIG)
2909 goto unlock;
2910
671267bf 2911 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2912 struct hci_cp_remote_name_req cp;
2913 memset(&cp, 0, sizeof(cp));
2914 bacpy(&cp.bdaddr, &conn->dst);
2915 cp.pscan_rep_mode = 0x02;
2916 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2917 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2918 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2919 conn->dst_type, 0, NULL, 0,
2920 conn->dev_class);
392599b9 2921
127178d2 2922 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2923 conn->state = BT_CONNECTED;
2924 hci_proto_connect_cfm(conn, ev->status);
2925 hci_conn_put(conn);
41a96212
MH		 2926 }
2927
ccd556fe 2928unlock:
41a96212 2929 hci_dev_unlock(hdev);
a9de9248
MH		 2930}
2931
6039aa73
GP		 2932static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2933 struct sk_buff *skb)
a9de9248 2934{
b6a0dc82
MH		 2935 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2936 struct hci_conn *conn;
2937
9f1db00c 2938 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2939
2940 hci_dev_lock(hdev);
2941
2942 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2943 if (!conn) {
2944 if (ev->link_type == ESCO_LINK)
2945 goto unlock;
2946
2947 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2948 if (!conn)
2949 goto unlock;
2950
2951 conn->type = SCO_LINK;
2952 }
b6a0dc82 2953
732547f9
MH		 2954 switch (ev->status) {
2955 case 0x00:
b6a0dc82
MH		 2956 conn->handle = __le16_to_cpu(ev->handle);
2957 conn->state = BT_CONNECTED;
7d0db0a3 2958
9eba32b8 2959 hci_conn_hold_device(conn);
7d0db0a3 2960 hci_conn_add_sysfs(conn);
732547f9
MH		 2961 break;
2962
705e5711 2963 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2964 case 0x1c: /* SCO interval rejected */
1038a00b 2965 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2966 case 0x1f: /* Unspecified error */
2967 if (conn->out && conn->attempt < 2) {
2968 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2969 (hdev->esco_type & EDR_ESCO_MASK);
2970 hci_setup_sync(conn, conn->link->handle);
2971 goto unlock;
2972 }
2973 /* fall through */
2974
2975 default:
b6a0dc82 2976 conn->state = BT_CLOSED;
732547f9
MH		 2977 break;
2978 }
b6a0dc82
MH		 2979
2980 hci_proto_connect_cfm(conn, ev->status);
2981 if (ev->status)
2982 hci_conn_del(conn);
2983
2984unlock:
2985 hci_dev_unlock(hdev);
a9de9248
MH		 2986}
2987
6039aa73 2988static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2989{
2990 BT_DBG("%s", hdev->name);
2991}
2992
6039aa73 2993static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2994{
a9de9248 2995 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 2996
9f1db00c 2997 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2998}
2999
6039aa73
GP		 3000static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3001 struct sk_buff *skb)
1da177e4 3002{
a9de9248
MH		 3003 struct inquiry_data data;
3004 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3005 int num_rsp = *((__u8 *) skb->data);
9d939d94 3006 size_t eir_len;
1da177e4 3007
a9de9248 3008 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3009
a9de9248
MH		 3010 if (!num_rsp)
3011 return;
1da177e4 3012
1519cc17
AG		 3013 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3014 return;
3015
a9de9248
MH		 3016 hci_dev_lock(hdev);
3017
e17acd40 3018 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3019 bool name_known, ssp;
561aafbc 3020
a9de9248 3021 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3022 data.pscan_rep_mode = info->pscan_rep_mode;
3023 data.pscan_period_mode = info->pscan_period_mode;
3024 data.pscan_mode = 0x00;
a9de9248 3025 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3026 data.clock_offset = info->clock_offset;
3027 data.rssi = info->rssi;
41a96212 3028 data.ssp_mode = 0x01;
561aafbc 3029
a8b2d5c2 3030 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3031 name_known = eir_has_data_type(info->data,
04124681
GP		 3032 sizeof(info->data),
3033 EIR_NAME_COMPLETE);
561aafbc
JH		 3034 else
3035 name_known = true;
3036
388fc8fa 3037 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3038 &ssp);
9d939d94 3039 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3040 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3041 info->dev_class, info->rssi, !name_known,
9d939d94 3042 ssp, info->data, eir_len);
a9de9248
MH		 3043 }
3044
3045 hci_dev_unlock(hdev);
3046}
1da177e4 3047
1c2e0041
JH		 3048static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3049 struct sk_buff *skb)
3050{
3051 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
9f1db00c 3054 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3055 __le16_to_cpu(ev->handle));
3056
3057 hci_dev_lock(hdev);
3058
3059 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3060 if (!conn)
3061 goto unlock;
3062
3063 if (!ev->status)
3064 conn->sec_level = conn->pending_sec_level;
3065
3066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3067
3068 if (ev->status && conn->state == BT_CONNECTED) {
3069 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3070 hci_conn_put(conn);
3071 goto unlock;
3072 }
3073
3074 if (conn->state == BT_CONFIG) {
3075 if (!ev->status)
3076 conn->state = BT_CONNECTED;
3077
3078 hci_proto_connect_cfm(conn, ev->status);
3079 hci_conn_put(conn);
3080 } else {
3081 hci_auth_cfm(conn, ev->status);
3082
3083 hci_conn_hold(conn);
3084 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3085 hci_conn_put(conn);
3086 }
3087
3088unlock:
3089 hci_dev_unlock(hdev);
3090}
3091
6039aa73 3092static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3093{
3094 /* If remote requests dedicated bonding follow that lead */
3095 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3096 /* If both remote and local IO capabilities allow MITM
3097 * protection then require it, otherwise don't */
3098 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3099 return 0x02;
3100 else
3101 return 0x03;
3102 }
3103
3104 /* If remote requests no-bonding follow that lead */
3105 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3106 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3107
3108 return conn->auth_type;
3109}
3110
6039aa73 3111static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3112{
3113 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3114 struct hci_conn *conn;
3115
3116 BT_DBG("%s", hdev->name);
3117
3118 hci_dev_lock(hdev);
3119
3120 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3121 if (!conn)
3122 goto unlock;
3123
3124 hci_conn_hold(conn);
3125
a8b2d5c2 3126 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3127 goto unlock;
3128
a8b2d5c2 3129 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3130 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3131 struct hci_cp_io_capability_reply cp;
3132
3133 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3134 /* Change the IO capability from KeyboardDisplay
3135 * to DisplayYesNo as it is not supported by BT spec. */
3136 cp.capability = (conn->io_capability == 0x04) ?
3137 0x01 : conn->io_capability;
7cbc9bd9
JH		 3138 conn->auth_type = hci_get_auth_req(conn);
3139 cp.authentication = conn->auth_type;
17fa4b9d 3140
8fc9ced3
GP		 3141 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3142 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3143 cp.oob_data = 0x01;
3144 else
3145 cp.oob_data = 0x00;
3146
17fa4b9d 3147 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3148 sizeof(cp), &cp);
03b555e1
JH		 3149 } else {
3150 struct hci_cp_io_capability_neg_reply cp;
3151
3152 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3153 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3154
03b555e1 3155 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3156 sizeof(cp), &cp);
03b555e1
JH		 3157 }
3158
3159unlock:
3160 hci_dev_unlock(hdev);
3161}
3162
6039aa73 3163static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3164{
3165 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3166 struct hci_conn *conn;
3167
3168 BT_DBG("%s", hdev->name);
3169
3170 hci_dev_lock(hdev);
3171
3172 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3173 if (!conn)
3174 goto unlock;
3175
03b555e1 3176 conn->remote_cap = ev->capability;
03b555e1 3177 conn->remote_auth = ev->authentication;
58a681ef
JH		 3178 if (ev->oob_data)
3179 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3180
3181unlock:
0493684e
MH		 3182 hci_dev_unlock(hdev);
3183}
3184
6039aa73
GP		 3185static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3186 struct sk_buff *skb)
a5c29683
JH		 3187{
3188 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3189 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3190 struct hci_conn *conn;
a5c29683
JH		 3191
3192 BT_DBG("%s", hdev->name);
3193
3194 hci_dev_lock(hdev);
3195
a8b2d5c2 3196 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3197 goto unlock;
a5c29683 3198
7a828908
JH		 3199 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3200 if (!conn)
3201 goto unlock;
3202
3203 loc_mitm = (conn->auth_type & 0x01);
3204 rem_mitm = (conn->remote_auth & 0x01);
3205
3206 /* If we require MITM but the remote device can't provide that
3207 * (it has NoInputNoOutput) then reject the confirmation
3208 * request. The only exception is when we're dedicated bonding
3209 * initiators (connect_cfm_cb set) since then we always have the MITM
3210 * bit set. */
3211 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3212 BT_DBG("Rejecting request: remote device can't provide MITM");
3213 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3214 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3215 goto unlock;
3216 }
3217
3218 /* If no side requires MITM protection; auto-accept */
3219 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3220 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3221
3222 /* If we're not the initiators request authorization to
3223 * proceed from user space (mgmt_user_confirm with
3224 * confirm_hint set to 1). */
51a8efd7 3225 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3226 BT_DBG("Confirming auto-accept as acceptor");
3227 confirm_hint = 1;
3228 goto confirm;
3229 }
3230
9f61656a 3231 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3232 hdev->auto_accept_delay);
9f61656a
JH		 3233
3234 if (hdev->auto_accept_delay > 0) {
3235 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3236 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3237 goto unlock;
3238 }
3239
7a828908 3240 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3241 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3242 goto unlock;
3243 }
3244
55bc1a37 3245confirm:
272d90df 3246 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3247 confirm_hint);
7a828908
JH		 3248
3249unlock:
a5c29683
JH		 3250 hci_dev_unlock(hdev);
3251}
3252
6039aa73
GP		 3253static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3254 struct sk_buff *skb)
1143d458
BG		 3255{
3256 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3257
3258 BT_DBG("%s", hdev->name);
3259
3260 hci_dev_lock(hdev);
3261
a8b2d5c2 3262 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3263 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3264
3265 hci_dev_unlock(hdev);
3266}
3267
6039aa73
GP		 3268static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3269 struct sk_buff *skb)
0493684e
MH		 3270{
3271 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3272 struct hci_conn *conn;
3273
3274 BT_DBG("%s", hdev->name);
3275
3276 hci_dev_lock(hdev);
3277
3278 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3279 if (!conn)
3280 goto unlock;
3281
3282 /* To avoid duplicate auth_failed events to user space we check
3283 * the HCI_CONN_AUTH_PEND flag which will be set if we
3284 * initiated the authentication. A traditional auth_complete
3285 * event gets always produced as initiator and is also mapped to
3286 * the mgmt_auth_failed event */
51a8efd7 3287 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3288 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3289 ev->status);
0493684e 3290
2a611692
JH		 3291 hci_conn_put(conn);
3292
3293unlock:
0493684e
MH		 3294 hci_dev_unlock(hdev);
3295}
3296
6039aa73
GP		 3297static void hci_remote_host_features_evt(struct hci_dev *hdev,
3298 struct sk_buff *skb)
41a96212
MH		 3299{
3300 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3301 struct inquiry_entry *ie;
3302
3303 BT_DBG("%s", hdev->name);
3304
3305 hci_dev_lock(hdev);
3306
cc11b9c1
AE		 3307 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3308 if (ie)
02b7cc62 3309 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3310
3311 hci_dev_unlock(hdev);
3312}
3313
6039aa73
GP		 3314static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3315 struct sk_buff *skb)
2763eda6
SJ		 3316{
3317 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3318 struct oob_data *data;
3319
3320 BT_DBG("%s", hdev->name);
3321
3322 hci_dev_lock(hdev);
3323
a8b2d5c2 3324 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3325 goto unlock;
3326
2763eda6
SJ		 3327 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3328 if (data) {
3329 struct hci_cp_remote_oob_data_reply cp;
3330
3331 bacpy(&cp.bdaddr, &ev->bdaddr);
3332 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3333 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3334
3335 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3336 &cp);
2763eda6
SJ		 3337 } else {
3338 struct hci_cp_remote_oob_data_neg_reply cp;
3339
3340 bacpy(&cp.bdaddr, &ev->bdaddr);
3341 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3342 &cp);
2763eda6
SJ		 3343 }
3344
e1ba1f15 3345unlock:
2763eda6
SJ		 3346 hci_dev_unlock(hdev);
3347}
3348
6039aa73 3349static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3350{
3351 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3352 struct hci_conn *conn;
3353
9f1db00c 3354 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3355
3356 hci_dev_lock(hdev);
3357
4f72b329
AK		 3358 if (ev->status) {
3359 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3360 if (!conn)
3361 goto unlock;
3362
3363 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3364 conn->dst_type, ev->status);
3365 hci_proto_connect_cfm(conn, ev->status);
3366 conn->state = BT_CLOSED;
3367 hci_conn_del(conn);
3368 goto unlock;
3369 }
3370
fcd89c09 3371 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3372 if (!conn) {
3373 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3374 if (!conn) {
3375 BT_ERR("No memory for new connection");
3376 hci_dev_unlock(hdev);
3377 return;
3378 }
29b7988a
AG		 3379
3380 conn->dst_type = ev->bdaddr_type;
b62f328b 3381 }
fcd89c09 3382
b644ba33
JH		 3383 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3384 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3385 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3386
7b5c0d52 3387 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3388 conn->handle = __le16_to_cpu(ev->handle);
3389 conn->state = BT_CONNECTED;
3390
3391 hci_conn_hold_device(conn);
3392 hci_conn_add_sysfs(conn);
3393
3394 hci_proto_connect_cfm(conn, ev->status);
3395
3396unlock:
3397 hci_dev_unlock(hdev);
3398}
3399
6039aa73 3400static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3401{
e95beb41
AG		 3402 u8 num_reports = skb->data[0];
3403 void *ptr = &skb->data[1];
3c9e9195 3404 s8 rssi;
9aa04c91
AG		 3405
3406 hci_dev_lock(hdev);
3407
e95beb41
AG		 3408 while (num_reports--) {
3409 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3410
3c9e9195
AG		 3411 rssi = ev->data[ev->length];
3412 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3413 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3414
e95beb41 3415 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3416 }
3417
3418 hci_dev_unlock(hdev);
3419}
3420
6039aa73 3421static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3422{
3423 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3424 struct hci_cp_le_ltk_reply cp;
bea710fe 3425 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3426 struct hci_conn *conn;
c9839a11 3427 struct smp_ltk *ltk;
a7a595f6 3428
9f1db00c 3429 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3430
3431 hci_dev_lock(hdev);
3432
3433 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3434 if (conn == NULL)
3435 goto not_found;
a7a595f6 3436
bea710fe
VCG		 3437 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3438 if (ltk == NULL)
3439 goto not_found;
3440
3441 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3442 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3443
3444 if (ltk->authenticated)
3445 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3446
3447 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3448
c9839a11
VCG		 3449 if (ltk->type & HCI_SMP_STK) {
3450 list_del(&ltk->list);
3451 kfree(ltk);
3452 }
3453
a7a595f6 3454 hci_dev_unlock(hdev);
bea710fe
VCG		 3455
3456 return;
3457
3458not_found:
3459 neg.handle = ev->handle;
3460 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3461 hci_dev_unlock(hdev);
a7a595f6
VCG		 3462}
3463
6039aa73 3464static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3465{
3466 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3467
3468 skb_pull(skb, sizeof(*le_ev));
3469
3470 switch (le_ev->subevent) {
3471 case HCI_EV_LE_CONN_COMPLETE:
3472 hci_le_conn_complete_evt(hdev, skb);
3473 break;
3474
9aa04c91
AG		 3475 case HCI_EV_LE_ADVERTISING_REPORT:
3476 hci_le_adv_report_evt(hdev, skb);
3477 break;
3478
a7a595f6
VCG		 3479 case HCI_EV_LE_LTK_REQ:
3480 hci_le_ltk_request_evt(hdev, skb);
3481 break;
3482
fcd89c09
VT		 3483 default:
3484 break;
3485 }
3486}
3487
a9de9248
MH		 3488void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3489{
3490 struct hci_event_hdr *hdr = (void *) skb->data;
3491 __u8 event = hdr->evt;
3492
3493 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3494
3495 switch (event) {
1da177e4
LT		 3496 case HCI_EV_INQUIRY_COMPLETE:
3497 hci_inquiry_complete_evt(hdev, skb);
3498 break;
3499
3500 case HCI_EV_INQUIRY_RESULT:
3501 hci_inquiry_result_evt(hdev, skb);
3502 break;
3503
a9de9248
MH		 3504 case HCI_EV_CONN_COMPLETE:
3505 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3506 break;
3507
1da177e4
LT		 3508 case HCI_EV_CONN_REQUEST:
3509 hci_conn_request_evt(hdev, skb);
3510 break;
3511
1da177e4
LT		 3512 case HCI_EV_DISCONN_COMPLETE:
3513 hci_disconn_complete_evt(hdev, skb);
3514 break;
3515
1da177e4
LT		 3516 case HCI_EV_AUTH_COMPLETE:
3517 hci_auth_complete_evt(hdev, skb);
3518 break;
3519
a9de9248
MH		 3520 case HCI_EV_REMOTE_NAME:
3521 hci_remote_name_evt(hdev, skb);
3522 break;
3523
1da177e4
LT		 3524 case HCI_EV_ENCRYPT_CHANGE:
3525 hci_encrypt_change_evt(hdev, skb);
3526 break;
3527
a9de9248
MH		 3528 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3529 hci_change_link_key_complete_evt(hdev, skb);
3530 break;
3531
3532 case HCI_EV_REMOTE_FEATURES:
3533 hci_remote_features_evt(hdev, skb);
3534 break;
3535
3536 case HCI_EV_REMOTE_VERSION:
3537 hci_remote_version_evt(hdev, skb);
3538 break;
3539
3540 case HCI_EV_QOS_SETUP_COMPLETE:
3541 hci_qos_setup_complete_evt(hdev, skb);
3542 break;
3543
3544 case HCI_EV_CMD_COMPLETE:
3545 hci_cmd_complete_evt(hdev, skb);
3546 break;
3547
3548 case HCI_EV_CMD_STATUS:
3549 hci_cmd_status_evt(hdev, skb);
3550 break;
3551
3552 case HCI_EV_ROLE_CHANGE:
3553 hci_role_change_evt(hdev, skb);
3554 break;
3555
3556 case HCI_EV_NUM_COMP_PKTS:
3557 hci_num_comp_pkts_evt(hdev, skb);
3558 break;
3559
3560 case HCI_EV_MODE_CHANGE:
3561 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3562 break;
3563
3564 case HCI_EV_PIN_CODE_REQ:
3565 hci_pin_code_request_evt(hdev, skb);
3566 break;
3567
3568 case HCI_EV_LINK_KEY_REQ:
3569 hci_link_key_request_evt(hdev, skb);
3570 break;
3571
3572 case HCI_EV_LINK_KEY_NOTIFY:
3573 hci_link_key_notify_evt(hdev, skb);
3574 break;
3575
3576 case HCI_EV_CLOCK_OFFSET:
3577 hci_clock_offset_evt(hdev, skb);
3578 break;
3579
a8746417
MH		 3580 case HCI_EV_PKT_TYPE_CHANGE:
3581 hci_pkt_type_change_evt(hdev, skb);
3582 break;
3583
85a1e930
MH		 3584 case HCI_EV_PSCAN_REP_MODE:
3585 hci_pscan_rep_mode_evt(hdev, skb);
3586 break;
3587
a9de9248
MH		 3588 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3589 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3590 break;
3591
a9de9248
MH		 3592 case HCI_EV_REMOTE_EXT_FEATURES:
3593 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3594 break;
3595
a9de9248
MH		 3596 case HCI_EV_SYNC_CONN_COMPLETE:
3597 hci_sync_conn_complete_evt(hdev, skb);
3598 break;
1da177e4 3599
a9de9248
MH		 3600 case HCI_EV_SYNC_CONN_CHANGED:
3601 hci_sync_conn_changed_evt(hdev, skb);
3602 break;
1da177e4 3603
a9de9248
MH		 3604 case HCI_EV_SNIFF_SUBRATE:
3605 hci_sniff_subrate_evt(hdev, skb);
3606 break;
1da177e4 3607
a9de9248
MH		 3608 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3609 hci_extended_inquiry_result_evt(hdev, skb);
3610 break;
1da177e4 3611
1c2e0041
JH		 3612 case HCI_EV_KEY_REFRESH_COMPLETE:
3613 hci_key_refresh_complete_evt(hdev, skb);
3614 break;
3615
0493684e
MH		 3616 case HCI_EV_IO_CAPA_REQUEST:
3617 hci_io_capa_request_evt(hdev, skb);
3618 break;
3619
03b555e1
JH		 3620 case HCI_EV_IO_CAPA_REPLY:
3621 hci_io_capa_reply_evt(hdev, skb);
3622 break;
3623
a5c29683
JH		 3624 case HCI_EV_USER_CONFIRM_REQUEST:
3625 hci_user_confirm_request_evt(hdev, skb);
3626 break;
3627
1143d458
BG		 3628 case HCI_EV_USER_PASSKEY_REQUEST:
3629 hci_user_passkey_request_evt(hdev, skb);
3630 break;
3631
0493684e
MH		 3632 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3633 hci_simple_pair_complete_evt(hdev, skb);
3634 break;
3635
41a96212
MH		 3636 case HCI_EV_REMOTE_HOST_FEATURES:
3637 hci_remote_host_features_evt(hdev, skb);
3638 break;
3639
fcd89c09
VT		 3640 case HCI_EV_LE_META:
3641 hci_le_meta_evt(hdev, skb);
3642 break;
3643
2763eda6
SJ		 3644 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3645 hci_remote_oob_data_request_evt(hdev, skb);
3646 break;
3647
25e89e99
AE		 3648 case HCI_EV_NUM_COMP_BLOCKS:
3649 hci_num_comp_blocks_evt(hdev, skb);
3650 break;
3651
a9de9248 3652 default:
9f1db00c 3653 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3654 break;
3655 }
3656
3657 kfree_skb(skb);
3658 hdev->stat.evt_rx++;
3659}
kernel source for telekom puls (alcatel/mediatek)