projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add LE connection support to L2CAP
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
1da177e4
LT		 48/* Handle HCI Event packets */
49
a9de9248 50static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 51{
a9de9248 52 __u8 status = *((__u8 *) skb->data);
1da177e4 53
a9de9248 54 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 55
a9de9248
MH		 56 if (status)
57 return;
1da177e4 58
a9de9248 59 clear_bit(HCI_INQUIRY, &hdev->flags);
6bd57416 60
23bb5763 61 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 62
63 hci_conn_check_pending(hdev);
64}
6bd57416 65
a9de9248
MH		 66static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67{
68 __u8 status = *((__u8 *) skb->data);
6bd57416 69
a9de9248 70 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 71
a9de9248
MH		 72 if (status)
73 return;
1da177e4 74
a9de9248
MH		 75 clear_bit(HCI_INQUIRY, &hdev->flags);
76
77 hci_conn_check_pending(hdev);
78}
79
80static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
81{
82 BT_DBG("%s", hdev->name);
83}
84
85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
90 BT_DBG("%s status 0x%x", hdev->name, rp->status);
91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
1da177e4 103 }
a9de9248
MH		 104
105 hci_dev_unlock(hdev);
1da177e4
LT		 106}
107
e4e8e37c
MH		 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109{
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125}
126
a9de9248 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 128{
a9de9248 129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 130 struct hci_conn *conn;
04837f64 131 void *sent;
1da177e4 132
a9de9248 133 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 134
a9de9248
MH		 135 if (rp->status)
136 return;
1da177e4 137
a9de9248
MH		 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
1da177e4 141
a9de9248 142 hci_dev_lock(hdev);
1da177e4 143
a9de9248 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 145 if (conn)
83985319 146 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 147
a9de9248
MH		 148 hci_dev_unlock(hdev);
149}
1da177e4 150
e4e8e37c
MH		 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
152{
153 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
154
155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156
157 if (rp->status)
158 return;
159
160 hdev->link_policy = __le16_to_cpu(rp->policy);
161}
162
163static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
164{
165 __u8 status = *((__u8 *) skb->data);
166 void *sent;
167
168 BT_DBG("%s status 0x%x", hdev->name, status);
169
170 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
171 if (!sent)
172 return;
173
174 if (!status)
175 hdev->link_policy = get_unaligned_le16(sent);
176
23bb5763 177 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 178}
179
a9de9248
MH		 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181{
182 __u8 status = *((__u8 *) skb->data);
04837f64 183
a9de9248 184 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 185
23bb5763 186 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 187}
04837f64 188
a9de9248
MH		 189static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
190{
191 __u8 status = *((__u8 *) skb->data);
192 void *sent;
04837f64 193
a9de9248 194 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 195
f383f275
MH		 196 if (status)
197 return;
198
a9de9248
MH		 199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
200 if (!sent)
201 return;
04837f64 202
f383f275 203 memcpy(hdev->dev_name, sent, 248);
a9de9248
MH		 204}
205
206static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207{
208 struct hci_rp_read_local_name *rp = (void *) skb->data;
209
210 BT_DBG("%s status 0x%x", hdev->name, rp->status);
211
212 if (rp->status)
213 return;
214
215 memcpy(hdev->dev_name, rp->name, 248);
216}
217
218static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
222
223 BT_DBG("%s status 0x%x", hdev->name, status);
224
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
226 if (!sent)
227 return;
228
229 if (!status) {
230 __u8 param = *((__u8 *) sent);
231
232 if (param == AUTH_ENABLED)
233 set_bit(HCI_AUTH, &hdev->flags);
234 else
235 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 236 }
a9de9248 237
23bb5763 238 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 239}
240
a9de9248 241static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 242{
a9de9248 243 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 244 void *sent;
245
a9de9248 246 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 247
a9de9248
MH		 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
249 if (!sent)
250 return;
1da177e4 251
a9de9248
MH		 252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param)
256 set_bit(HCI_ENCRYPT, &hdev->flags);
257 else
258 clear_bit(HCI_ENCRYPT, &hdev->flags);
259 }
1da177e4 260
23bb5763 261 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 262}
1da177e4 263
a9de9248
MH		 264static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
265{
266 __u8 status = *((__u8 *) skb->data);
267 void *sent;
1da177e4 268
a9de9248 269 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 270
a9de9248
MH		 271 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
272 if (!sent)
273 return;
1da177e4 274
a9de9248
MH		 275 if (!status) {
276 __u8 param = *((__u8 *) sent);
9fbcbb45 277 int old_pscan, old_iscan;
1da177e4 278
9fbcbb45
JH		 279 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
280 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 281
73f22f62 282 if (param & SCAN_INQUIRY) {
a9de9248 283 set_bit(HCI_ISCAN, &hdev->flags);
9fbcbb45
JH		 284 if (!old_iscan)
285 mgmt_discoverable(hdev->id, 1);
286 } else if (old_iscan)
73f22f62 287 mgmt_discoverable(hdev->id, 0);
1da177e4 288
9fbcbb45 289 if (param & SCAN_PAGE) {
a9de9248 290 set_bit(HCI_PSCAN, &hdev->flags);
9fbcbb45
JH		 291 if (!old_pscan)
292 mgmt_connectable(hdev->id, 1);
293 } else if (old_pscan)
294 mgmt_connectable(hdev->id, 0);
a9de9248 295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
301{
302 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 303
a9de9248 304 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 305
a9de9248
MH		 306 if (rp->status)
307 return;
1da177e4 308
a9de9248 309 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 310
a9de9248
MH		 311 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
312 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
313}
1da177e4 314
a9de9248
MH		 315static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
316{
317 __u8 status = *((__u8 *) skb->data);
318 void *sent;
1da177e4 319
a9de9248 320 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 321
f383f275
MH		 322 if (status)
323 return;
324
a9de9248
MH		 325 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
326 if (!sent)
327 return;
1da177e4 328
f383f275 329 memcpy(hdev->dev_class, sent, 3);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
335 __u16 setting;
336
337 BT_DBG("%s status 0x%x", hdev->name, rp->status);
338
339 if (rp->status)
340 return;
341
342 setting = __le16_to_cpu(rp->voice_setting);
343
f383f275 344 if (hdev->voice_setting == setting)
a9de9248
MH		 345 return;
346
347 hdev->voice_setting = setting;
348
349 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
350
351 if (hdev->notify) {
352 tasklet_disable(&hdev->tx_task);
353 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
354 tasklet_enable(&hdev->tx_task);
355 }
356}
357
358static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
359{
360 __u8 status = *((__u8 *) skb->data);
f383f275 361 __u16 setting;
a9de9248
MH		 362 void *sent;
363
364 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 365
f383f275
MH		 366 if (status)
367 return;
368
a9de9248
MH		 369 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
370 if (!sent)
371 return;
1da177e4 372
f383f275 373 setting = get_unaligned_le16(sent);
1da177e4 374
f383f275
MH		 375 if (hdev->voice_setting == setting)
376 return;
377
378 hdev->voice_setting = setting;
1da177e4 379
f383f275 380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 381
f383f275
MH		 382 if (hdev->notify) {
383 tasklet_disable(&hdev->tx_task);
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 386 }
387}
388
a9de9248 389static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 390{
a9de9248 391 __u8 status = *((__u8 *) skb->data);
1da177e4 392
a9de9248 393 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 394
23bb5763 395 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 396}
1143e5a6 397
333140b5
MH		 398static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
399{
400 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
401
402 BT_DBG("%s status 0x%x", hdev->name, rp->status);
403
404 if (rp->status)
405 return;
406
407 hdev->ssp_mode = rp->mode;
408}
409
410static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
411{
412 __u8 status = *((__u8 *) skb->data);
413 void *sent;
414
415 BT_DBG("%s status 0x%x", hdev->name, status);
416
417 if (status)
418 return;
419
420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
421 if (!sent)
422 return;
423
424 hdev->ssp_mode = *((__u8 *) sent);
425}
426
d5859e22
JH		 427static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
428{
429 if (hdev->features[6] & LMP_EXT_INQ)
430 return 2;
431
432 if (hdev->features[3] & LMP_RSSI_INQ)
433 return 1;
434
435 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
436 hdev->lmp_subver == 0x0757)
437 return 1;
438
439 if (hdev->manufacturer == 15) {
440 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
441 return 1;
442 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
443 return 1;
444 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
445 return 1;
446 }
447
448 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
449 hdev->lmp_subver == 0x1805)
450 return 1;
451
452 return 0;
453}
454
455static void hci_setup_inquiry_mode(struct hci_dev *hdev)
456{
457 u8 mode;
458
459 mode = hci_get_inquiry_mode(hdev);
460
461 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
462}
463
464static void hci_setup_event_mask(struct hci_dev *hdev)
465{
466 /* The second byte is 0xff instead of 0x9f (two reserved bits
467 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
468 * command otherwise */
469 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
470
471 /* Events for 1.2 and newer controllers */
472 if (hdev->lmp_ver > 1) {
473 events[4] |= 0x01; /* Flow Specification Complete */
474 events[4] |= 0x02; /* Inquiry Result with RSSI */
475 events[4] |= 0x04; /* Read Remote Extended Features Complete */
476 events[5] |= 0x08; /* Synchronous Connection Complete */
477 events[5] |= 0x10; /* Synchronous Connection Changed */
478 }
479
480 if (hdev->features[3] & LMP_RSSI_INQ)
481 events[4] |= 0x04; /* Inquiry Result with RSSI */
482
483 if (hdev->features[5] & LMP_SNIFF_SUBR)
484 events[5] |= 0x20; /* Sniff Subrating */
485
486 if (hdev->features[5] & LMP_PAUSE_ENC)
487 events[5] |= 0x80; /* Encryption Key Refresh Complete */
488
489 if (hdev->features[6] & LMP_EXT_INQ)
490 events[5] |= 0x40; /* Extended Inquiry Result */
491
492 if (hdev->features[6] & LMP_NO_FLUSH)
493 events[7] |= 0x01; /* Enhanced Flush Complete */
494
495 if (hdev->features[7] & LMP_LSTO)
496 events[6] |= 0x80; /* Link Supervision Timeout Changed */
497
498 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
499 events[6] |= 0x01; /* IO Capability Request */
500 events[6] |= 0x02; /* IO Capability Response */
501 events[6] |= 0x04; /* User Confirmation Request */
502 events[6] |= 0x08; /* User Passkey Request */
503 events[6] |= 0x10; /* Remote OOB Data Request */
504 events[6] |= 0x20; /* Simple Pairing Complete */
505 events[7] |= 0x04; /* User Passkey Notification */
506 events[7] |= 0x08; /* Keypress Notification */
507 events[7] |= 0x10; /* Remote Host Supported
508 * Features Notification */
509 }
510
511 if (hdev->features[4] & LMP_LE)
512 events[7] |= 0x20; /* LE Meta-Event */
513
514 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
515}
516
517static void hci_setup(struct hci_dev *hdev)
518{
519 hci_setup_event_mask(hdev);
520
521 if (hdev->lmp_ver > 1)
522 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 u8 mode = 0x01;
526 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
527 }
528
529 if (hdev->features[3] & LMP_RSSI_INQ)
530 hci_setup_inquiry_mode(hdev);
531
532 if (hdev->features[7] & LMP_INQ_TX_PWR)
533 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
534}
535
a9de9248
MH		 536static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
537{
538 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 539
a9de9248 540 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 541
a9de9248
MH		 542 if (rp->status)
543 return;
1143e5a6 544
a9de9248 545 hdev->hci_ver = rp->hci_ver;
e4e8e37c 546 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 547 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 548 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 549 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 550
a9de9248
MH		 551 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
552 hdev->manufacturer,
553 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 554
555 if (test_bit(HCI_INIT, &hdev->flags))
556 hci_setup(hdev);
557}
558
559static void hci_setup_link_policy(struct hci_dev *hdev)
560{
561 u16 link_policy = 0;
562
563 if (hdev->features[0] & LMP_RSWITCH)
564 link_policy |= HCI_LP_RSWITCH;
565 if (hdev->features[0] & LMP_HOLD)
566 link_policy |= HCI_LP_HOLD;
567 if (hdev->features[0] & LMP_SNIFF)
568 link_policy |= HCI_LP_SNIFF;
569 if (hdev->features[1] & LMP_PARK)
570 link_policy |= HCI_LP_PARK;
571
572 link_policy = cpu_to_le16(link_policy);
573 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
574 sizeof(link_policy), &link_policy);
a9de9248 575}
1da177e4 576
a9de9248
MH		 577static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
578{
579 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 580
a9de9248 581 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 582
a9de9248 583 if (rp->status)
d5859e22 584 goto done;
1da177e4 585
a9de9248 586 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 587
588 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
589 hci_setup_link_policy(hdev);
590
591done:
592 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 593}
1da177e4 594
a9de9248
MH		 595static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
596{
597 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 598
a9de9248 599 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 600
a9de9248
MH		 601 if (rp->status)
602 return;
5b7f9909 603
a9de9248 604 memcpy(hdev->features, rp->features, 8);
5b7f9909 605
a9de9248
MH		 606 /* Adjust default settings according to features
607 * supported by device. */
1da177e4 608
a9de9248
MH		 609 if (hdev->features[0] & LMP_3SLOT)
610 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 611
a9de9248
MH		 612 if (hdev->features[0] & LMP_5SLOT)
613 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 614
a9de9248
MH		 615 if (hdev->features[1] & LMP_HV2) {
616 hdev->pkt_type |= (HCI_HV2);
617 hdev->esco_type |= (ESCO_HV2);
618 }
1da177e4 619
a9de9248
MH		 620 if (hdev->features[1] & LMP_HV3) {
621 hdev->pkt_type |= (HCI_HV3);
622 hdev->esco_type |= (ESCO_HV3);
623 }
1da177e4 624
a9de9248
MH		 625 if (hdev->features[3] & LMP_ESCO)
626 hdev->esco_type |= (ESCO_EV3);
da1f5198 627
a9de9248
MH		 628 if (hdev->features[4] & LMP_EV4)
629 hdev->esco_type |= (ESCO_EV4);
da1f5198 630
a9de9248
MH		 631 if (hdev->features[4] & LMP_EV5)
632 hdev->esco_type |= (ESCO_EV5);
1da177e4 633
efc7688b
MH		 634 if (hdev->features[5] & LMP_EDR_ESCO_2M)
635 hdev->esco_type |= (ESCO_2EV3);
636
637 if (hdev->features[5] & LMP_EDR_ESCO_3M)
638 hdev->esco_type |= (ESCO_3EV3);
639
640 if (hdev->features[5] & LMP_EDR_3S_ESCO)
641 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
642
a9de9248
MH		 643 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
644 hdev->features[0], hdev->features[1],
645 hdev->features[2], hdev->features[3],
646 hdev->features[4], hdev->features[5],
647 hdev->features[6], hdev->features[7]);
648}
1da177e4 649
a9de9248
MH		 650static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
651{
652 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 653
a9de9248 654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 655
a9de9248
MH		 656 if (rp->status)
657 return;
1da177e4 658
a9de9248
MH		 659 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
660 hdev->sco_mtu = rp->sco_mtu;
661 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
662 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
663
664 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
665 hdev->sco_mtu = 64;
666 hdev->sco_pkts = 8;
1da177e4 667 }
a9de9248
MH		 668
669 hdev->acl_cnt = hdev->acl_pkts;
670 hdev->sco_cnt = hdev->sco_pkts;
671
672 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
673 hdev->acl_mtu, hdev->acl_pkts,
674 hdev->sco_mtu, hdev->sco_pkts);
675}
676
677static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
678{
679 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
680
681 BT_DBG("%s status 0x%x", hdev->name, rp->status);
682
683 if (!rp->status)
684 bacpy(&hdev->bdaddr, &rp->bdaddr);
685
23bb5763
JH		 686 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
687}
688
689static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
690{
691 __u8 status = *((__u8 *) skb->data);
692
693 BT_DBG("%s status 0x%x", hdev->name, status);
694
695 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 696}
697
b0916ea0
JH		 698static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
699 struct sk_buff *skb)
700{
701 __u8 status = *((__u8 *) skb->data);
702
703 BT_DBG("%s status 0x%x", hdev->name, status);
704
705 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
706}
707
d5859e22
JH		 708static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
709{
710 __u8 status = *((__u8 *) skb->data);
711
712 BT_DBG("%s status 0x%x", hdev->name, status);
713
714 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
715}
716
717static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
718 struct sk_buff *skb)
719{
720 __u8 status = *((__u8 *) skb->data);
721
722 BT_DBG("%s status 0x%x", hdev->name, status);
723
724 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
725}
726
727static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
728 struct sk_buff *skb)
729{
730 __u8 status = *((__u8 *) skb->data);
731
732 BT_DBG("%s status 0x%x", hdev->name, status);
733
734 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
735}
736
737static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
738{
739 __u8 status = *((__u8 *) skb->data);
740
741 BT_DBG("%s status 0x%x", hdev->name, status);
742
743 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
744}
745
980e1a53
JH		 746static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
747{
748 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
749 struct hci_cp_pin_code_reply *cp;
750 struct hci_conn *conn;
751
752 BT_DBG("%s status 0x%x", hdev->name, rp->status);
753
754 if (test_bit(HCI_MGMT, &hdev->flags))
755 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
756
757 if (rp->status != 0)
758 return;
759
760 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
761 if (!cp)
762 return;
763
764 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
765 if (conn)
766 conn->pin_length = cp->pin_len;
767}
768
769static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
770{
771 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774
775 if (test_bit(HCI_MGMT, &hdev->flags))
776 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
777 rp->status);
778}
6ed58ec5
VT		 779static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
780 struct sk_buff *skb)
781{
782 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (rp->status)
787 return;
788
789 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
790 hdev->le_pkts = rp->le_max_pkt;
791
792 hdev->le_cnt = hdev->le_pkts;
793
794 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
795
796 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
797}
980e1a53 798
a9de9248
MH		 799static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
800{
801 BT_DBG("%s status 0x%x", hdev->name, status);
802
803 if (status) {
23bb5763 804 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248
MH		 805
806 hci_conn_check_pending(hdev);
807 } else
808 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 809}
810
1da177e4
LT		 811static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
812{
a9de9248 813 struct hci_cp_create_conn *cp;
1da177e4 814 struct hci_conn *conn;
1da177e4 815
a9de9248
MH		 816 BT_DBG("%s status 0x%x", hdev->name, status);
817
818 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 819 if (!cp)
820 return;
821
822 hci_dev_lock(hdev);
823
824 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
825
a9de9248 826 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 827
828 if (status) {
829 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 830 if (status != 0x0c || conn->attempt > 2) {
831 conn->state = BT_CLOSED;
832 hci_proto_connect_cfm(conn, status);
833 hci_conn_del(conn);
834 } else
835 conn->state = BT_CONNECT2;
1da177e4
LT		 836 }
837 } else {
838 if (!conn) {
839 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
840 if (conn) {
841 conn->out = 1;
842 conn->link_mode |= HCI_LM_MASTER;
843 } else
893ef971 844 BT_ERR("No memory for new connection");
1da177e4
LT		 845 }
846 }
847
848 hci_dev_unlock(hdev);
849}
850
a9de9248 851static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 852{
a9de9248
MH		 853 struct hci_cp_add_sco *cp;
854 struct hci_conn *acl, *sco;
855 __u16 handle;
1da177e4 856
b6a0dc82
MH		 857 BT_DBG("%s status 0x%x", hdev->name, status);
858
a9de9248
MH		 859 if (!status)
860 return;
1da177e4 861
a9de9248
MH		 862 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
863 if (!cp)
864 return;
1da177e4 865
a9de9248 866 handle = __le16_to_cpu(cp->handle);
1da177e4 867
a9de9248 868 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 869
a9de9248 870 hci_dev_lock(hdev);
1da177e4 871
a9de9248 872 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 873 if (acl) {
874 sco = acl->link;
875 if (sco) {
876 sco->state = BT_CLOSED;
1da177e4 877
5a08ecce
AE		 878 hci_proto_connect_cfm(sco, status);
879 hci_conn_del(sco);
880 }
a9de9248 881 }
1da177e4 882
a9de9248
MH		 883 hci_dev_unlock(hdev);
884}
1da177e4 885
f8558555
MH		 886static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
887{
888 struct hci_cp_auth_requested *cp;
889 struct hci_conn *conn;
890
891 BT_DBG("%s status 0x%x", hdev->name, status);
892
893 if (!status)
894 return;
895
896 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
897 if (!cp)
898 return;
899
900 hci_dev_lock(hdev);
901
902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
903 if (conn) {
904 if (conn->state == BT_CONFIG) {
905 hci_proto_connect_cfm(conn, status);
906 hci_conn_put(conn);
907 }
908 }
909
910 hci_dev_unlock(hdev);
911}
912
913static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
914{
915 struct hci_cp_set_conn_encrypt *cp;
916 struct hci_conn *conn;
917
918 BT_DBG("%s status 0x%x", hdev->name, status);
919
920 if (!status)
921 return;
922
923 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
924 if (!cp)
925 return;
926
927 hci_dev_lock(hdev);
928
929 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
930 if (conn) {
931 if (conn->state == BT_CONFIG) {
932 hci_proto_connect_cfm(conn, status);
933 hci_conn_put(conn);
934 }
935 }
936
937 hci_dev_unlock(hdev);
938}
939
127178d2 940static int hci_outgoing_auth_needed(struct hci_dev *hdev,
392599b9
JH		 941 struct hci_conn *conn)
942{
392599b9
JH		 943 if (conn->state != BT_CONFIG || !conn->out)
944 return 0;
945
765c2a96 946 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 947 return 0;
948
949 /* Only request authentication for SSP connections or non-SSP
950 * devices with sec_level HIGH */
951 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
765c2a96 952 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 953 return 0;
954
392599b9
JH		 955 return 1;
956}
957
a9de9248
MH		 958static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
959{
127178d2
JH		 960 struct hci_cp_remote_name_req *cp;
961 struct hci_conn *conn;
962
a9de9248 963 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 964
965 /* If successful wait for the name req complete event before
966 * checking for the need to do authentication */
967 if (!status)
968 return;
969
970 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
971 if (!cp)
972 return;
973
974 hci_dev_lock(hdev);
975
976 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
977 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
978 struct hci_cp_auth_requested cp;
979 cp.handle = __cpu_to_le16(conn->handle);
980 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
981 }
982
983 hci_dev_unlock(hdev);
a9de9248 984}
1da177e4 985
769be974
MH		 986static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
987{
988 struct hci_cp_read_remote_features *cp;
989 struct hci_conn *conn;
990
991 BT_DBG("%s status 0x%x", hdev->name, status);
992
993 if (!status)
994 return;
995
996 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
997 if (!cp)
998 return;
999
1000 hci_dev_lock(hdev);
1001
1002 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1003 if (conn) {
1004 if (conn->state == BT_CONFIG) {
769be974
MH		 1005 hci_proto_connect_cfm(conn, status);
1006 hci_conn_put(conn);
1007 }
1008 }
1009
1010 hci_dev_unlock(hdev);
1011}
1012
1013static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1014{
1015 struct hci_cp_read_remote_ext_features *cp;
1016 struct hci_conn *conn;
1017
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1019
1020 if (!status)
1021 return;
1022
1023 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1024 if (!cp)
1025 return;
1026
1027 hci_dev_lock(hdev);
1028
1029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1030 if (conn) {
1031 if (conn->state == BT_CONFIG) {
769be974
MH		 1032 hci_proto_connect_cfm(conn, status);
1033 hci_conn_put(conn);
1034 }
1035 }
1036
1037 hci_dev_unlock(hdev);
1038}
1039
a9de9248
MH		 1040static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1041{
b6a0dc82
MH		 1042 struct hci_cp_setup_sync_conn *cp;
1043 struct hci_conn *acl, *sco;
1044 __u16 handle;
1045
a9de9248 1046 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1047
1048 if (!status)
1049 return;
1050
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1052 if (!cp)
1053 return;
1054
1055 handle = __le16_to_cpu(cp->handle);
1056
1057 BT_DBG("%s handle %d", hdev->name, handle);
1058
1059 hci_dev_lock(hdev);
1060
1061 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1062 if (acl) {
1063 sco = acl->link;
1064 if (sco) {
1065 sco->state = BT_CLOSED;
b6a0dc82 1066
5a08ecce
AE		 1067 hci_proto_connect_cfm(sco, status);
1068 hci_conn_del(sco);
1069 }
b6a0dc82
MH		 1070 }
1071
1072 hci_dev_unlock(hdev);
1da177e4
LT		 1073}
1074
a9de9248 1075static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1076{
a9de9248
MH		 1077 struct hci_cp_sniff_mode *cp;
1078 struct hci_conn *conn;
1da177e4 1079
a9de9248 1080 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1081
a9de9248
MH		 1082 if (!status)
1083 return;
04837f64 1084
a9de9248
MH		 1085 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1086 if (!cp)
1087 return;
04837f64 1088
a9de9248 1089 hci_dev_lock(hdev);
04837f64 1090
a9de9248 1091 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1092 if (conn) {
a9de9248 1093 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1094
e73439d8
MH		 1095 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1096 hci_sco_setup(conn, status);
1097 }
1098
a9de9248
MH		 1099 hci_dev_unlock(hdev);
1100}
04837f64 1101
a9de9248
MH		 1102static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1103{
1104 struct hci_cp_exit_sniff_mode *cp;
1105 struct hci_conn *conn;
04837f64 1106
a9de9248 1107 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1108
a9de9248
MH		 1109 if (!status)
1110 return;
04837f64 1111
a9de9248
MH		 1112 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1113 if (!cp)
1114 return;
04837f64 1115
a9de9248 1116 hci_dev_lock(hdev);
1da177e4 1117
a9de9248 1118 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1119 if (conn) {
a9de9248 1120 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1121
e73439d8
MH		 1122 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1123 hci_sco_setup(conn, status);
1124 }
1125
a9de9248 1126 hci_dev_unlock(hdev);
1da177e4
LT		 1127}
1128
fcd89c09
VT		 1129static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1130{
1131 struct hci_cp_le_create_conn *cp;
1132 struct hci_conn *conn;
1133
1134 BT_DBG("%s status 0x%x", hdev->name, status);
1135
1136 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1137 if (!cp)
1138 return;
1139
1140 hci_dev_lock(hdev);
1141
1142 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1143
1144 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1145 conn);
1146
1147 if (status) {
1148 if (conn && conn->state == BT_CONNECT) {
1149 conn->state = BT_CLOSED;
1150 hci_proto_connect_cfm(conn, status);
1151 hci_conn_del(conn);
1152 }
1153 } else {
1154 if (!conn) {
1155 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1156 if (conn)
1157 conn->out = 1;
1158 else
1159 BT_ERR("No memory for new connection");
1160 }
1161 }
1162
1163 hci_dev_unlock(hdev);
1164}
1165
1da177e4
LT		 1166static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1167{
1168 __u8 status = *((__u8 *) skb->data);
1169
1170 BT_DBG("%s status %d", hdev->name, status);
1171
1172 clear_bit(HCI_INQUIRY, &hdev->flags);
6bd57416 1173
23bb5763 1174 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1175
a9de9248 1176 hci_conn_check_pending(hdev);
1da177e4
LT		 1177}
1178
1da177e4
LT		 1179static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1180{
45bb4bf0 1181 struct inquiry_data data;
a9de9248 1182 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1183 int num_rsp = *((__u8 *) skb->data);
1184
1185 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1186
45bb4bf0
MH		 1187 if (!num_rsp)
1188 return;
1189
1da177e4 1190 hci_dev_lock(hdev);
45bb4bf0 1191
1da177e4 1192 for (; num_rsp; num_rsp--) {
1da177e4
LT		 1193 bacpy(&data.bdaddr, &info->bdaddr);
1194 data.pscan_rep_mode = info->pscan_rep_mode;
1195 data.pscan_period_mode = info->pscan_period_mode;
1196 data.pscan_mode = info->pscan_mode;
1197 memcpy(data.dev_class, info->dev_class, 3);
1198 data.clock_offset = info->clock_offset;
1199 data.rssi = 0x00;
41a96212 1200 data.ssp_mode = 0x00;
1da177e4
LT		 1201 info++;
1202 hci_inquiry_cache_update(hdev, &data);
1203 }
45bb4bf0 1204
1da177e4
LT		 1205 hci_dev_unlock(hdev);
1206}
1207
1da177e4
LT		 1208static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1209{
a9de9248
MH		 1210 struct hci_ev_conn_complete *ev = (void *) skb->data;
1211 struct hci_conn *conn;
1da177e4
LT		 1212
1213 BT_DBG("%s", hdev->name);
1214
1215 hci_dev_lock(hdev);
1216
1217 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1218 if (!conn) {
1219 if (ev->link_type != SCO_LINK)
1220 goto unlock;
1221
1222 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1223 if (!conn)
1224 goto unlock;
1225
1226 conn->type = SCO_LINK;
1227 }
1da177e4
LT		 1228
1229 if (!ev->status) {
1230 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1231
1232 if (conn->type == ACL_LINK) {
1233 conn->state = BT_CONFIG;
1234 hci_conn_hold(conn);
052b30b0 1235 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
f7520543 1236 mgmt_connected(hdev->id, &ev->bdaddr);
769be974
MH		 1237 } else
1238 conn->state = BT_CONNECTED;
1da177e4 1239
9eba32b8 1240 hci_conn_hold_device(conn);
7d0db0a3
MH		 1241 hci_conn_add_sysfs(conn);
1242
1da177e4
LT		 1243 if (test_bit(HCI_AUTH, &hdev->flags))
1244 conn->link_mode |= HCI_LM_AUTH;
1245
1246 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1247 conn->link_mode |= HCI_LM_ENCRYPT;
1248
04837f64
MH		 1249 /* Get remote features */
1250 if (conn->type == ACL_LINK) {
1251 struct hci_cp_read_remote_features cp;
1252 cp.handle = ev->handle;
769be974
MH		 1253 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1254 sizeof(cp), &cp);
04837f64
MH		 1255 }
1256
1da177e4 1257 /* Set packet type for incoming connection */
a8746417 1258 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1259 struct hci_cp_change_conn_ptype cp;
1260 cp.handle = ev->handle;
a8746417
MH		 1261 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1262 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1263 sizeof(cp), &cp);
1da177e4 1264 }
17d5c04c 1265 } else {
1da177e4 1266 conn->state = BT_CLOSED;
17d5c04c
JH		 1267 if (conn->type == ACL_LINK)
1268 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1269 }
1da177e4 1270
e73439d8
MH		 1271 if (conn->type == ACL_LINK)
1272 hci_sco_setup(conn, ev->status);
1da177e4 1273
769be974
MH		 1274 if (ev->status) {
1275 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1276 hci_conn_del(conn);
c89b6e6b
MH		 1277 } else if (ev->link_type != ACL_LINK)
1278 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1279
a9de9248 1280unlock:
1da177e4 1281 hci_dev_unlock(hdev);
1da177e4 1282
a9de9248 1283 hci_conn_check_pending(hdev);
1da177e4
LT		 1284}
1285
a9de9248 1286static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1287{
a9de9248
MH		 1288 struct hci_ev_conn_request *ev = (void *) skb->data;
1289 int mask = hdev->link_mode;
1da177e4 1290
a9de9248
MH		 1291 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1292 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1293
a9de9248 1294 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1295
f0358568 1296 if ((mask & HCI_LM_ACCEPT) && !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1297 /* Connection accepted */
c7bdd502 1298 struct inquiry_entry *ie;
1da177e4 1299 struct hci_conn *conn;
1da177e4 1300
a9de9248 1301 hci_dev_lock(hdev);
b6a0dc82 1302
cc11b9c1
AE		 1303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1304 if (ie)
c7bdd502
MH		 1305 memcpy(ie->data.dev_class, ev->dev_class, 3);
1306
a9de9248
MH		 1307 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1308 if (!conn) {
cc11b9c1
AE		 1309 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1310 if (!conn) {
893ef971 1311 BT_ERR("No memory for new connection");
a9de9248
MH		 1312 hci_dev_unlock(hdev);
1313 return;
1da177e4
LT		 1314 }
1315 }
b6a0dc82 1316
a9de9248
MH		 1317 memcpy(conn->dev_class, ev->dev_class, 3);
1318 conn->state = BT_CONNECT;
b6a0dc82 1319
a9de9248 1320 hci_dev_unlock(hdev);
1da177e4 1321
b6a0dc82
MH		 1322 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1323 struct hci_cp_accept_conn_req cp;
1da177e4 1324
b6a0dc82
MH		 1325 bacpy(&cp.bdaddr, &ev->bdaddr);
1326
1327 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1328 cp.role = 0x00; /* Become master */
1329 else
1330 cp.role = 0x01; /* Remain slave */
1331
1332 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1333 sizeof(cp), &cp);
1334 } else {
1335 struct hci_cp_accept_sync_conn_req cp;
1336
1337 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1338 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1339
1340 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1341 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1342 cp.max_latency = cpu_to_le16(0xffff);
1343 cp.content_format = cpu_to_le16(hdev->voice_setting);
1344 cp.retrans_effort = 0xff;
1da177e4 1345
b6a0dc82
MH		 1346 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1347 sizeof(cp), &cp);
1348 }
a9de9248
MH		 1349 } else {
1350 /* Connection rejected */
1351 struct hci_cp_reject_conn_req cp;
1da177e4 1352
a9de9248
MH		 1353 bacpy(&cp.bdaddr, &ev->bdaddr);
1354 cp.reason = 0x0f;
1355 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1356 }
1da177e4
LT		 1357}
1358
a9de9248 1359static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1360{
a9de9248 1361 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1362 struct hci_conn *conn;
1363
1364 BT_DBG("%s status %d", hdev->name, ev->status);
1365
8962ee74
JH		 1366 if (ev->status) {
1367 mgmt_disconnect_failed(hdev->id);
a9de9248 1368 return;
8962ee74 1369 }
a9de9248 1370
04837f64
MH		 1371 hci_dev_lock(hdev);
1372
1373 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1374 if (!conn)
1375 goto unlock;
7d0db0a3 1376
f7520543 1377 conn->state = BT_CLOSED;
04837f64 1378
f7520543
JH		 1379 if (conn->type == ACL_LINK)
1380 mgmt_disconnected(hdev->id, &conn->dst);
1381
1382 hci_proto_disconn_cfm(conn, ev->reason);
1383 hci_conn_del(conn);
1384
1385unlock:
04837f64
MH		 1386 hci_dev_unlock(hdev);
1387}
1388
1da177e4
LT		 1389static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1390{
a9de9248 1391 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1392 struct hci_conn *conn;
1da177e4
LT		 1393
1394 BT_DBG("%s status %d", hdev->name, ev->status);
1395
1396 hci_dev_lock(hdev);
1397
04837f64 1398 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4 1399 if (conn) {
765c2a96 1400 if (!ev->status) {
1da177e4 1401 conn->link_mode |= HCI_LM_AUTH;
765c2a96
JH		 1402 conn->sec_level = conn->pending_sec_level;
1403 } else
da213f41 1404 conn->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 1405
1406 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1407
f8558555
MH		 1408 if (conn->state == BT_CONFIG) {
1409 if (!ev->status && hdev->ssp_mode > 0 &&
1410 conn->ssp_mode > 0) {
1411 struct hci_cp_set_conn_encrypt cp;
1412 cp.handle = ev->handle;
1413 cp.encrypt = 0x01;
1414 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1415 sizeof(cp), &cp);
1416 } else {
1417 conn->state = BT_CONNECTED;
1418 hci_proto_connect_cfm(conn, ev->status);
1419 hci_conn_put(conn);
1420 }
052b30b0 1421 } else {
f8558555 1422 hci_auth_cfm(conn, ev->status);
1da177e4 1423
052b30b0
MH		 1424 hci_conn_hold(conn);
1425 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1426 hci_conn_put(conn);
1427 }
1428
1da177e4
LT		 1429 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1430 if (!ev->status) {
1431 struct hci_cp_set_conn_encrypt cp;
f8558555
MH		 1432 cp.handle = ev->handle;
1433 cp.encrypt = 0x01;
1434 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1435 sizeof(cp), &cp);
1da177e4
LT		 1436 } else {
1437 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1438 hci_encrypt_cfm(conn, ev->status, 0x00);
1439 }
1440 }
1441 }
1442
1443 hci_dev_unlock(hdev);
1444}
1445
a9de9248 1446static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1447{
127178d2
JH		 1448 struct hci_ev_remote_name *ev = (void *) skb->data;
1449 struct hci_conn *conn;
1450
a9de9248 1451 BT_DBG("%s", hdev->name);
1da177e4 1452
a9de9248 1453 hci_conn_check_pending(hdev);
127178d2
JH		 1454
1455 hci_dev_lock(hdev);
1456
1457 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1458 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1459 struct hci_cp_auth_requested cp;
1460 cp.handle = __cpu_to_le16(conn->handle);
1461 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1462 }
1463
1464 hci_dev_unlock(hdev);
a9de9248
MH		 1465}
1466
1467static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1468{
1469 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1470 struct hci_conn *conn;
1471
1472 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1473
1474 hci_dev_lock(hdev);
1475
04837f64 1476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1477 if (conn) {
1478 if (!ev->status) {
ae293196
MH		 1479 if (ev->encrypt) {
1480 /* Encryption implies authentication */
1481 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1482 conn->link_mode |= HCI_LM_ENCRYPT;
ae293196 1483 } else
1da177e4
LT		 1484 conn->link_mode &= ~HCI_LM_ENCRYPT;
1485 }
1486
1487 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1488
f8558555
MH		 1489 if (conn->state == BT_CONFIG) {
1490 if (!ev->status)
1491 conn->state = BT_CONNECTED;
1492
1493 hci_proto_connect_cfm(conn, ev->status);
1494 hci_conn_put(conn);
1495 } else
1496 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1497 }
1498
1499 hci_dev_unlock(hdev);
1500}
1501
a9de9248 1502static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1503{
a9de9248 1504 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1505 struct hci_conn *conn;
1da177e4
LT		 1506
1507 BT_DBG("%s status %d", hdev->name, ev->status);
1508
1509 hci_dev_lock(hdev);
1510
04837f64 1511 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1512 if (conn) {
1513 if (!ev->status)
1514 conn->link_mode |= HCI_LM_SECURE;
1515
1516 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1517
1518 hci_key_change_cfm(conn, ev->status);
1519 }
1520
1521 hci_dev_unlock(hdev);
1522}
1523
a9de9248 1524static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1525{
a9de9248
MH		 1526 struct hci_ev_remote_features *ev = (void *) skb->data;
1527 struct hci_conn *conn;
1528
1529 BT_DBG("%s status %d", hdev->name, ev->status);
1530
a9de9248
MH		 1531 hci_dev_lock(hdev);
1532
1533 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1534 if (!conn)
1535 goto unlock;
769be974 1536
ccd556fe
JH		 1537 if (!ev->status)
1538 memcpy(conn->features, ev->features, 8);
1539
1540 if (conn->state != BT_CONFIG)
1541 goto unlock;
1542
1543 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1544 struct hci_cp_read_remote_ext_features cp;
1545 cp.handle = ev->handle;
1546 cp.page = 0x01;
1547 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1548 sizeof(cp), &cp);
392599b9
JH		 1549 goto unlock;
1550 }
1551
127178d2
JH		 1552 if (!ev->status) {
1553 struct hci_cp_remote_name_req cp;
1554 memset(&cp, 0, sizeof(cp));
1555 bacpy(&cp.bdaddr, &conn->dst);
1556 cp.pscan_rep_mode = 0x02;
1557 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1558 }
392599b9 1559
127178d2 1560 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1561 conn->state = BT_CONNECTED;
1562 hci_proto_connect_cfm(conn, ev->status);
1563 hci_conn_put(conn);
769be974 1564 }
a9de9248 1565
ccd556fe 1566unlock:
a9de9248 1567 hci_dev_unlock(hdev);
1da177e4
LT		 1568}
1569
a9de9248 1570static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1571{
a9de9248 1572 BT_DBG("%s", hdev->name);
1da177e4
LT		 1573}
1574
a9de9248 1575static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1576{
a9de9248 1577 BT_DBG("%s", hdev->name);
1da177e4
LT		 1578}
1579
a9de9248
MH		 1580static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1581{
1582 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1583 __u16 opcode;
1584
1585 skb_pull(skb, sizeof(*ev));
1586
1587 opcode = __le16_to_cpu(ev->opcode);
1588
1589 switch (opcode) {
1590 case HCI_OP_INQUIRY_CANCEL:
1591 hci_cc_inquiry_cancel(hdev, skb);
1592 break;
1593
1594 case HCI_OP_EXIT_PERIODIC_INQ:
1595 hci_cc_exit_periodic_inq(hdev, skb);
1596 break;
1597
1598 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1599 hci_cc_remote_name_req_cancel(hdev, skb);
1600 break;
1601
1602 case HCI_OP_ROLE_DISCOVERY:
1603 hci_cc_role_discovery(hdev, skb);
1604 break;
1605
e4e8e37c
MH		 1606 case HCI_OP_READ_LINK_POLICY:
1607 hci_cc_read_link_policy(hdev, skb);
1608 break;
1609
a9de9248
MH		 1610 case HCI_OP_WRITE_LINK_POLICY:
1611 hci_cc_write_link_policy(hdev, skb);
1612 break;
1613
e4e8e37c
MH		 1614 case HCI_OP_READ_DEF_LINK_POLICY:
1615 hci_cc_read_def_link_policy(hdev, skb);
1616 break;
1617
1618 case HCI_OP_WRITE_DEF_LINK_POLICY:
1619 hci_cc_write_def_link_policy(hdev, skb);
1620 break;
1621
a9de9248
MH		 1622 case HCI_OP_RESET:
1623 hci_cc_reset(hdev, skb);
1624 break;
1625
1626 case HCI_OP_WRITE_LOCAL_NAME:
1627 hci_cc_write_local_name(hdev, skb);
1628 break;
1629
1630 case HCI_OP_READ_LOCAL_NAME:
1631 hci_cc_read_local_name(hdev, skb);
1632 break;
1633
1634 case HCI_OP_WRITE_AUTH_ENABLE:
1635 hci_cc_write_auth_enable(hdev, skb);
1636 break;
1637
1638 case HCI_OP_WRITE_ENCRYPT_MODE:
1639 hci_cc_write_encrypt_mode(hdev, skb);
1640 break;
1641
1642 case HCI_OP_WRITE_SCAN_ENABLE:
1643 hci_cc_write_scan_enable(hdev, skb);
1644 break;
1645
1646 case HCI_OP_READ_CLASS_OF_DEV:
1647 hci_cc_read_class_of_dev(hdev, skb);
1648 break;
1649
1650 case HCI_OP_WRITE_CLASS_OF_DEV:
1651 hci_cc_write_class_of_dev(hdev, skb);
1652 break;
1653
1654 case HCI_OP_READ_VOICE_SETTING:
1655 hci_cc_read_voice_setting(hdev, skb);
1656 break;
1657
1658 case HCI_OP_WRITE_VOICE_SETTING:
1659 hci_cc_write_voice_setting(hdev, skb);
1660 break;
1661
1662 case HCI_OP_HOST_BUFFER_SIZE:
1663 hci_cc_host_buffer_size(hdev, skb);
1664 break;
1665
333140b5
MH		 1666 case HCI_OP_READ_SSP_MODE:
1667 hci_cc_read_ssp_mode(hdev, skb);
1668 break;
1669
1670 case HCI_OP_WRITE_SSP_MODE:
1671 hci_cc_write_ssp_mode(hdev, skb);
1672 break;
1673
a9de9248
MH		 1674 case HCI_OP_READ_LOCAL_VERSION:
1675 hci_cc_read_local_version(hdev, skb);
1676 break;
1677
1678 case HCI_OP_READ_LOCAL_COMMANDS:
1679 hci_cc_read_local_commands(hdev, skb);
1680 break;
1681
1682 case HCI_OP_READ_LOCAL_FEATURES:
1683 hci_cc_read_local_features(hdev, skb);
1684 break;
1685
1686 case HCI_OP_READ_BUFFER_SIZE:
1687 hci_cc_read_buffer_size(hdev, skb);
1688 break;
1689
1690 case HCI_OP_READ_BD_ADDR:
1691 hci_cc_read_bd_addr(hdev, skb);
1692 break;
1693
23bb5763
JH		 1694 case HCI_OP_WRITE_CA_TIMEOUT:
1695 hci_cc_write_ca_timeout(hdev, skb);
1696 break;
1697
b0916ea0
JH		 1698 case HCI_OP_DELETE_STORED_LINK_KEY:
1699 hci_cc_delete_stored_link_key(hdev, skb);
1700 break;
1701
d5859e22
JH		 1702 case HCI_OP_SET_EVENT_MASK:
1703 hci_cc_set_event_mask(hdev, skb);
1704 break;
1705
1706 case HCI_OP_WRITE_INQUIRY_MODE:
1707 hci_cc_write_inquiry_mode(hdev, skb);
1708 break;
1709
1710 case HCI_OP_READ_INQ_RSP_TX_POWER:
1711 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1712 break;
1713
1714 case HCI_OP_SET_EVENT_FLT:
1715 hci_cc_set_event_flt(hdev, skb);
1716 break;
1717
980e1a53
JH		 1718 case HCI_OP_PIN_CODE_REPLY:
1719 hci_cc_pin_code_reply(hdev, skb);
1720 break;
1721
1722 case HCI_OP_PIN_CODE_NEG_REPLY:
1723 hci_cc_pin_code_neg_reply(hdev, skb);
1724 break;
1725
6ed58ec5
VT		 1726 case HCI_OP_LE_READ_BUFFER_SIZE:
1727 hci_cc_le_read_buffer_size(hdev, skb);
1728 break;
1729
a9de9248
MH		 1730 default:
1731 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1732 break;
1733 }
1734
1735 if (ev->ncmd) {
1736 atomic_set(&hdev->cmd_cnt, 1);
1737 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1738 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1739 }
1740}
1741
1742static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1743{
1744 struct hci_ev_cmd_status *ev = (void *) skb->data;
1745 __u16 opcode;
1746
1747 skb_pull(skb, sizeof(*ev));
1748
1749 opcode = __le16_to_cpu(ev->opcode);
1750
1751 switch (opcode) {
1752 case HCI_OP_INQUIRY:
1753 hci_cs_inquiry(hdev, ev->status);
1754 break;
1755
1756 case HCI_OP_CREATE_CONN:
1757 hci_cs_create_conn(hdev, ev->status);
1758 break;
1759
1760 case HCI_OP_ADD_SCO:
1761 hci_cs_add_sco(hdev, ev->status);
1762 break;
1763
f8558555
MH		 1764 case HCI_OP_AUTH_REQUESTED:
1765 hci_cs_auth_requested(hdev, ev->status);
1766 break;
1767
1768 case HCI_OP_SET_CONN_ENCRYPT:
1769 hci_cs_set_conn_encrypt(hdev, ev->status);
1770 break;
1771
a9de9248
MH		 1772 case HCI_OP_REMOTE_NAME_REQ:
1773 hci_cs_remote_name_req(hdev, ev->status);
1774 break;
1775
769be974
MH		 1776 case HCI_OP_READ_REMOTE_FEATURES:
1777 hci_cs_read_remote_features(hdev, ev->status);
1778 break;
1779
1780 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1781 hci_cs_read_remote_ext_features(hdev, ev->status);
1782 break;
1783
a9de9248
MH		 1784 case HCI_OP_SETUP_SYNC_CONN:
1785 hci_cs_setup_sync_conn(hdev, ev->status);
1786 break;
1787
1788 case HCI_OP_SNIFF_MODE:
1789 hci_cs_sniff_mode(hdev, ev->status);
1790 break;
1791
1792 case HCI_OP_EXIT_SNIFF_MODE:
1793 hci_cs_exit_sniff_mode(hdev, ev->status);
1794 break;
1795
8962ee74
JH		 1796 case HCI_OP_DISCONNECT:
1797 if (ev->status != 0)
1798 mgmt_disconnect_failed(hdev->id);
1799 break;
1800
fcd89c09
VT		 1801 case HCI_OP_LE_CREATE_CONN:
1802 hci_cs_le_create_conn(hdev, ev->status);
1803 break;
1804
a9de9248
MH		 1805 default:
1806 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1807 break;
1808 }
1809
1810 if (ev->ncmd) {
1811 atomic_set(&hdev->cmd_cnt, 1);
1812 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1813 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1814 }
1815}
1816
1817static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1818{
1819 struct hci_ev_role_change *ev = (void *) skb->data;
1820 struct hci_conn *conn;
1821
1822 BT_DBG("%s status %d", hdev->name, ev->status);
1823
1824 hci_dev_lock(hdev);
1825
1826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1827 if (conn) {
1828 if (!ev->status) {
1829 if (ev->role)
1830 conn->link_mode &= ~HCI_LM_MASTER;
1831 else
1832 conn->link_mode |= HCI_LM_MASTER;
1833 }
1834
1835 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1836
1837 hci_role_switch_cfm(conn, ev->status, ev->role);
1838 }
1839
1840 hci_dev_unlock(hdev);
1841}
1842
1843static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1844{
1845 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1846 __le16 *ptr;
1847 int i;
1848
1849 skb_pull(skb, sizeof(*ev));
1850
1851 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1852
1853 if (skb->len < ev->num_hndl * 4) {
1854 BT_DBG("%s bad parameters", hdev->name);
1855 return;
1856 }
1857
1858 tasklet_disable(&hdev->tx_task);
1859
1860 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1861 struct hci_conn *conn;
1862 __u16 handle, count;
1863
83985319
HH		 1864 handle = get_unaligned_le16(ptr++);
1865 count = get_unaligned_le16(ptr++);
a9de9248
MH		 1866
1867 conn = hci_conn_hash_lookup_handle(hdev, handle);
1868 if (conn) {
1869 conn->sent -= count;
1870
1871 if (conn->type == ACL_LINK) {
70f23020
AE		 1872 hdev->acl_cnt += count;
1873 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 1874 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 1875 } else if (conn->type == LE_LINK) {
1876 if (hdev->le_pkts) {
1877 hdev->le_cnt += count;
1878 if (hdev->le_cnt > hdev->le_pkts)
1879 hdev->le_cnt = hdev->le_pkts;
1880 } else {
1881 hdev->acl_cnt += count;
1882 if (hdev->acl_cnt > hdev->acl_pkts)
1883 hdev->acl_cnt = hdev->acl_pkts;
1884 }
a9de9248 1885 } else {
70f23020
AE		 1886 hdev->sco_cnt += count;
1887 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 1888 hdev->sco_cnt = hdev->sco_pkts;
1889 }
1890 }
1891 }
1892
c78ae283 1893 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 1894
1895 tasklet_enable(&hdev->tx_task);
1896}
1897
1898static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1899{
a9de9248 1900 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 1901 struct hci_conn *conn;
1902
1903 BT_DBG("%s status %d", hdev->name, ev->status);
1904
1905 hci_dev_lock(hdev);
1906
1907 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 1908 if (conn) {
1909 conn->mode = ev->mode;
1910 conn->interval = __le16_to_cpu(ev->interval);
1911
1912 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1913 if (conn->mode == HCI_CM_ACTIVE)
1914 conn->power_save = 1;
1915 else
1916 conn->power_save = 0;
1917 }
e73439d8
MH		 1918
1919 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1920 hci_sco_setup(conn, ev->status);
04837f64
MH		 1921 }
1922
1923 hci_dev_unlock(hdev);
1924}
1925
a9de9248
MH		 1926static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1927{
052b30b0
MH		 1928 struct hci_ev_pin_code_req *ev = (void *) skb->data;
1929 struct hci_conn *conn;
1930
a9de9248 1931 BT_DBG("%s", hdev->name);
052b30b0
MH		 1932
1933 hci_dev_lock(hdev);
1934
1935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3d7a9d1c 1936 if (conn && conn->state == BT_CONNECTED) {
052b30b0
MH		 1937 hci_conn_hold(conn);
1938 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1939 hci_conn_put(conn);
1940 }
1941
03b555e1
JH		 1942 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
1943 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1944 sizeof(ev->bdaddr), &ev->bdaddr);
1945
980e1a53
JH		 1946 if (test_bit(HCI_MGMT, &hdev->flags))
1947 mgmt_pin_code_request(hdev->id, &ev->bdaddr);
1948
052b30b0 1949 hci_dev_unlock(hdev);
a9de9248
MH		 1950}
1951
1952static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1953{
55ed8ca1
JH		 1954 struct hci_ev_link_key_req *ev = (void *) skb->data;
1955 struct hci_cp_link_key_reply cp;
1956 struct hci_conn *conn;
1957 struct link_key *key;
1958
a9de9248 1959 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 1960
1961 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
1962 return;
1963
1964 hci_dev_lock(hdev);
1965
1966 key = hci_find_link_key(hdev, &ev->bdaddr);
1967 if (!key) {
1968 BT_DBG("%s link key not found for %s", hdev->name,
1969 batostr(&ev->bdaddr));
1970 goto not_found;
1971 }
1972
1973 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
1974 batostr(&ev->bdaddr));
1975
1976 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) {
1977 BT_DBG("%s ignoring debug key", hdev->name);
1978 goto not_found;
1979 }
1980
1981 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1982
1983 if (key->type == 0x04 && conn && conn->auth_type != 0xff &&
1984 (conn->auth_type & 0x01)) {
1985 BT_DBG("%s ignoring unauthenticated key", hdev->name);
1986 goto not_found;
1987 }
1988
1989 bacpy(&cp.bdaddr, &ev->bdaddr);
1990 memcpy(cp.link_key, key->val, 16);
1991
1992 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
1993
1994 hci_dev_unlock(hdev);
1995
1996 return;
1997
1998not_found:
1999 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2000 hci_dev_unlock(hdev);
a9de9248
MH		 2001}
2002
2003static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2004{
052b30b0
MH		 2005 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2006 struct hci_conn *conn;
55ed8ca1 2007 u8 pin_len = 0;
052b30b0 2008
a9de9248 2009 BT_DBG("%s", hdev->name);
052b30b0
MH		 2010
2011 hci_dev_lock(hdev);
2012
2013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2014 if (conn) {
2015 hci_conn_hold(conn);
2016 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2017 pin_len = conn->pin_length;
052b30b0
MH		 2018 hci_conn_put(conn);
2019 }
2020
55ed8ca1
JH		 2021 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2022 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2023 ev->key_type, pin_len);
2024
052b30b0 2025 hci_dev_unlock(hdev);
a9de9248
MH		 2026}
2027
1da177e4
LT		 2028static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2029{
a9de9248 2030 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2031 struct hci_conn *conn;
1da177e4
LT		 2032
2033 BT_DBG("%s status %d", hdev->name, ev->status);
2034
2035 hci_dev_lock(hdev);
2036
04837f64 2037 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2038 if (conn && !ev->status) {
2039 struct inquiry_entry *ie;
2040
cc11b9c1
AE		 2041 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2042 if (ie) {
1da177e4
LT		 2043 ie->data.clock_offset = ev->clock_offset;
2044 ie->timestamp = jiffies;
2045 }
2046 }
2047
2048 hci_dev_unlock(hdev);
2049}
2050
a8746417
MH		 2051static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2052{
2053 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2054 struct hci_conn *conn;
2055
2056 BT_DBG("%s status %d", hdev->name, ev->status);
2057
2058 hci_dev_lock(hdev);
2059
2060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2061 if (conn && !ev->status)
2062 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2063
2064 hci_dev_unlock(hdev);
2065}
2066
85a1e930
MH		 2067static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2068{
a9de9248 2069 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2070 struct inquiry_entry *ie;
2071
2072 BT_DBG("%s", hdev->name);
2073
2074 hci_dev_lock(hdev);
2075
cc11b9c1
AE		 2076 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2077 if (ie) {
85a1e930
MH		 2078 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2079 ie->timestamp = jiffies;
2080 }
2081
2082 hci_dev_unlock(hdev);
2083}
2084
a9de9248
MH		 2085static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2086{
2087 struct inquiry_data data;
2088 int num_rsp = *((__u8 *) skb->data);
2089
2090 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2091
2092 if (!num_rsp)
2093 return;
2094
2095 hci_dev_lock(hdev);
2096
2097 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2098 struct inquiry_info_with_rssi_and_pscan_mode *info = (void *) (skb->data + 1);
2099
2100 for (; num_rsp; num_rsp--) {
2101 bacpy(&data.bdaddr, &info->bdaddr);
2102 data.pscan_rep_mode = info->pscan_rep_mode;
2103 data.pscan_period_mode = info->pscan_period_mode;
2104 data.pscan_mode = info->pscan_mode;
2105 memcpy(data.dev_class, info->dev_class, 3);
2106 data.clock_offset = info->clock_offset;
2107 data.rssi = info->rssi;
41a96212 2108 data.ssp_mode = 0x00;
a9de9248
MH		 2109 info++;
2110 hci_inquiry_cache_update(hdev, &data);
2111 }
2112 } else {
2113 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2114
2115 for (; num_rsp; num_rsp--) {
2116 bacpy(&data.bdaddr, &info->bdaddr);
2117 data.pscan_rep_mode = info->pscan_rep_mode;
2118 data.pscan_period_mode = info->pscan_period_mode;
2119 data.pscan_mode = 0x00;
2120 memcpy(data.dev_class, info->dev_class, 3);
2121 data.clock_offset = info->clock_offset;
2122 data.rssi = info->rssi;
41a96212 2123 data.ssp_mode = 0x00;
a9de9248
MH		 2124 info++;
2125 hci_inquiry_cache_update(hdev, &data);
2126 }
2127 }
2128
2129 hci_dev_unlock(hdev);
2130}
2131
2132static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2133{
41a96212
MH		 2134 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2135 struct hci_conn *conn;
2136
a9de9248 2137 BT_DBG("%s", hdev->name);
41a96212 2138
41a96212
MH		 2139 hci_dev_lock(hdev);
2140
2141 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2142 if (!conn)
2143 goto unlock;
41a96212 2144
ccd556fe
JH		 2145 if (!ev->status && ev->page == 0x01) {
2146 struct inquiry_entry *ie;
41a96212 2147
cc11b9c1
AE		 2148 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2149 if (ie)
ccd556fe 2150 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2151
ccd556fe
JH		 2152 conn->ssp_mode = (ev->features[0] & 0x01);
2153 }
2154
2155 if (conn->state != BT_CONFIG)
2156 goto unlock;
2157
127178d2
JH		 2158 if (!ev->status) {
2159 struct hci_cp_remote_name_req cp;
2160 memset(&cp, 0, sizeof(cp));
2161 bacpy(&cp.bdaddr, &conn->dst);
2162 cp.pscan_rep_mode = 0x02;
2163 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2164 }
392599b9 2165
127178d2 2166 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2167 conn->state = BT_CONNECTED;
2168 hci_proto_connect_cfm(conn, ev->status);
2169 hci_conn_put(conn);
41a96212
MH		 2170 }
2171
ccd556fe 2172unlock:
41a96212 2173 hci_dev_unlock(hdev);
a9de9248
MH		 2174}
2175
2176static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2177{
b6a0dc82
MH		 2178 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2179 struct hci_conn *conn;
2180
2181 BT_DBG("%s status %d", hdev->name, ev->status);
2182
2183 hci_dev_lock(hdev);
2184
2185 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2186 if (!conn) {
2187 if (ev->link_type == ESCO_LINK)
2188 goto unlock;
2189
2190 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2191 if (!conn)
2192 goto unlock;
2193
2194 conn->type = SCO_LINK;
2195 }
b6a0dc82 2196
732547f9
MH		 2197 switch (ev->status) {
2198 case 0x00:
b6a0dc82
MH		 2199 conn->handle = __le16_to_cpu(ev->handle);
2200 conn->state = BT_CONNECTED;
7d0db0a3 2201
9eba32b8 2202 hci_conn_hold_device(conn);
7d0db0a3 2203 hci_conn_add_sysfs(conn);
732547f9
MH		 2204 break;
2205
705e5711 2206 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2207 case 0x1c: /* SCO interval rejected */
1038a00b 2208 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2209 case 0x1f: /* Unspecified error */
2210 if (conn->out && conn->attempt < 2) {
2211 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2212 (hdev->esco_type & EDR_ESCO_MASK);
2213 hci_setup_sync(conn, conn->link->handle);
2214 goto unlock;
2215 }
2216 /* fall through */
2217
2218 default:
b6a0dc82 2219 conn->state = BT_CLOSED;
732547f9
MH		 2220 break;
2221 }
b6a0dc82
MH		 2222
2223 hci_proto_connect_cfm(conn, ev->status);
2224 if (ev->status)
2225 hci_conn_del(conn);
2226
2227unlock:
2228 hci_dev_unlock(hdev);
a9de9248
MH		 2229}
2230
2231static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2232{
2233 BT_DBG("%s", hdev->name);
2234}
2235
04837f64
MH		 2236static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2237{
a9de9248 2238 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2239 struct hci_conn *conn;
2240
2241 BT_DBG("%s status %d", hdev->name, ev->status);
2242
2243 hci_dev_lock(hdev);
2244
2245 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2246 if (conn) {
2247 }
2248
2249 hci_dev_unlock(hdev);
2250}
2251
a9de9248 2252static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2253{
a9de9248
MH		 2254 struct inquiry_data data;
2255 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2256 int num_rsp = *((__u8 *) skb->data);
1da177e4 2257
a9de9248 2258 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2259
a9de9248
MH		 2260 if (!num_rsp)
2261 return;
1da177e4 2262
a9de9248
MH		 2263 hci_dev_lock(hdev);
2264
2265 for (; num_rsp; num_rsp--) {
2266 bacpy(&data.bdaddr, &info->bdaddr);
2267 data.pscan_rep_mode = info->pscan_rep_mode;
2268 data.pscan_period_mode = info->pscan_period_mode;
2269 data.pscan_mode = 0x00;
2270 memcpy(data.dev_class, info->dev_class, 3);
2271 data.clock_offset = info->clock_offset;
2272 data.rssi = info->rssi;
41a96212 2273 data.ssp_mode = 0x01;
a9de9248
MH		 2274 info++;
2275 hci_inquiry_cache_update(hdev, &data);
2276 }
2277
2278 hci_dev_unlock(hdev);
2279}
1da177e4 2280
17fa4b9d
JH		 2281static inline u8 hci_get_auth_req(struct hci_conn *conn)
2282{
2283 /* If remote requests dedicated bonding follow that lead */
2284 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2285 /* If both remote and local IO capabilities allow MITM
2286 * protection then require it, otherwise don't */
2287 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2288 return 0x02;
2289 else
2290 return 0x03;
2291 }
2292
2293 /* If remote requests no-bonding follow that lead */
2294 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2295 return 0x00;
2296
2297 return conn->auth_type;
2298}
2299
0493684e
MH		 2300static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2301{
2302 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2303 struct hci_conn *conn;
2304
2305 BT_DBG("%s", hdev->name);
2306
2307 hci_dev_lock(hdev);
2308
2309 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2310 if (!conn)
2311 goto unlock;
2312
2313 hci_conn_hold(conn);
2314
2315 if (!test_bit(HCI_MGMT, &hdev->flags))
2316 goto unlock;
2317
2318 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2319 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2320 struct hci_cp_io_capability_reply cp;
2321
2322 bacpy(&cp.bdaddr, &ev->bdaddr);
2323 cp.capability = conn->io_capability;
2324 cp.oob_data = 0;
2325 cp.authentication = hci_get_auth_req(conn);
2326
2327 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2328 sizeof(cp), &cp);
03b555e1
JH		 2329 } else {
2330 struct hci_cp_io_capability_neg_reply cp;
2331
2332 bacpy(&cp.bdaddr, &ev->bdaddr);
2333 cp.reason = 0x16; /* Pairing not allowed */
0493684e 2334
03b555e1
JH		 2335 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2336 sizeof(cp), &cp);
2337 }
2338
2339unlock:
2340 hci_dev_unlock(hdev);
2341}
2342
2343static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2344{
2345 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2346 struct hci_conn *conn;
2347
2348 BT_DBG("%s", hdev->name);
2349
2350 hci_dev_lock(hdev);
2351
2352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2353 if (!conn)
2354 goto unlock;
2355
2356 hci_conn_hold(conn);
2357
2358 conn->remote_cap = ev->capability;
2359 conn->remote_oob = ev->oob_data;
2360 conn->remote_auth = ev->authentication;
2361
2362unlock:
0493684e
MH		 2363 hci_dev_unlock(hdev);
2364}
2365
2366static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2367{
2368 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2369 struct hci_conn *conn;
2370
2371 BT_DBG("%s", hdev->name);
2372
2373 hci_dev_lock(hdev);
2374
2375 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2376 if (conn)
2377 hci_conn_put(conn);
2378
2379 hci_dev_unlock(hdev);
2380}
2381
41a96212
MH		 2382static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2383{
2384 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2385 struct inquiry_entry *ie;
2386
2387 BT_DBG("%s", hdev->name);
2388
2389 hci_dev_lock(hdev);
2390
cc11b9c1
AE		 2391 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2392 if (ie)
41a96212
MH		 2393 ie->data.ssp_mode = (ev->features[0] & 0x01);
2394
2395 hci_dev_unlock(hdev);
2396}
2397
fcd89c09
VT		 2398static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2399{
2400 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2401 struct hci_conn *conn;
2402
2403 BT_DBG("%s status %d", hdev->name, ev->status);
2404
2405 hci_dev_lock(hdev);
2406
2407 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2408 if (!conn)
2409 goto unlock;
2410
2411 if (ev->status) {
2412 hci_proto_connect_cfm(conn, ev->status);
2413 conn->state = BT_CLOSED;
2414 hci_conn_del(conn);
2415 goto unlock;
2416 }
2417
2418 conn->handle = __le16_to_cpu(ev->handle);
2419 conn->state = BT_CONNECTED;
2420
2421 hci_conn_hold_device(conn);
2422 hci_conn_add_sysfs(conn);
2423
2424 hci_proto_connect_cfm(conn, ev->status);
2425
2426unlock:
2427 hci_dev_unlock(hdev);
2428}
2429
2430static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2431{
2432 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2433
2434 skb_pull(skb, sizeof(*le_ev));
2435
2436 switch (le_ev->subevent) {
2437 case HCI_EV_LE_CONN_COMPLETE:
2438 hci_le_conn_complete_evt(hdev, skb);
2439 break;
2440
2441 default:
2442 break;
2443 }
2444}
2445
a9de9248
MH		 2446void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2447{
2448 struct hci_event_hdr *hdr = (void *) skb->data;
2449 __u8 event = hdr->evt;
2450
2451 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2452
2453 switch (event) {
1da177e4
LT		 2454 case HCI_EV_INQUIRY_COMPLETE:
2455 hci_inquiry_complete_evt(hdev, skb);
2456 break;
2457
2458 case HCI_EV_INQUIRY_RESULT:
2459 hci_inquiry_result_evt(hdev, skb);
2460 break;
2461
a9de9248
MH		 2462 case HCI_EV_CONN_COMPLETE:
2463 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2464 break;
2465
1da177e4
LT		 2466 case HCI_EV_CONN_REQUEST:
2467 hci_conn_request_evt(hdev, skb);
2468 break;
2469
1da177e4
LT		 2470 case HCI_EV_DISCONN_COMPLETE:
2471 hci_disconn_complete_evt(hdev, skb);
2472 break;
2473
1da177e4
LT		 2474 case HCI_EV_AUTH_COMPLETE:
2475 hci_auth_complete_evt(hdev, skb);
2476 break;
2477
a9de9248
MH		 2478 case HCI_EV_REMOTE_NAME:
2479 hci_remote_name_evt(hdev, skb);
2480 break;
2481
1da177e4
LT		 2482 case HCI_EV_ENCRYPT_CHANGE:
2483 hci_encrypt_change_evt(hdev, skb);
2484 break;
2485
a9de9248
MH		 2486 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2487 hci_change_link_key_complete_evt(hdev, skb);
2488 break;
2489
2490 case HCI_EV_REMOTE_FEATURES:
2491 hci_remote_features_evt(hdev, skb);
2492 break;
2493
2494 case HCI_EV_REMOTE_VERSION:
2495 hci_remote_version_evt(hdev, skb);
2496 break;
2497
2498 case HCI_EV_QOS_SETUP_COMPLETE:
2499 hci_qos_setup_complete_evt(hdev, skb);
2500 break;
2501
2502 case HCI_EV_CMD_COMPLETE:
2503 hci_cmd_complete_evt(hdev, skb);
2504 break;
2505
2506 case HCI_EV_CMD_STATUS:
2507 hci_cmd_status_evt(hdev, skb);
2508 break;
2509
2510 case HCI_EV_ROLE_CHANGE:
2511 hci_role_change_evt(hdev, skb);
2512 break;
2513
2514 case HCI_EV_NUM_COMP_PKTS:
2515 hci_num_comp_pkts_evt(hdev, skb);
2516 break;
2517
2518 case HCI_EV_MODE_CHANGE:
2519 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 2520 break;
2521
2522 case HCI_EV_PIN_CODE_REQ:
2523 hci_pin_code_request_evt(hdev, skb);
2524 break;
2525
2526 case HCI_EV_LINK_KEY_REQ:
2527 hci_link_key_request_evt(hdev, skb);
2528 break;
2529
2530 case HCI_EV_LINK_KEY_NOTIFY:
2531 hci_link_key_notify_evt(hdev, skb);
2532 break;
2533
2534 case HCI_EV_CLOCK_OFFSET:
2535 hci_clock_offset_evt(hdev, skb);
2536 break;
2537
a8746417
MH		 2538 case HCI_EV_PKT_TYPE_CHANGE:
2539 hci_pkt_type_change_evt(hdev, skb);
2540 break;
2541
85a1e930
MH		 2542 case HCI_EV_PSCAN_REP_MODE:
2543 hci_pscan_rep_mode_evt(hdev, skb);
2544 break;
2545
a9de9248
MH		 2546 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2547 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 2548 break;
2549
a9de9248
MH		 2550 case HCI_EV_REMOTE_EXT_FEATURES:
2551 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 2552 break;
2553
a9de9248
MH		 2554 case HCI_EV_SYNC_CONN_COMPLETE:
2555 hci_sync_conn_complete_evt(hdev, skb);
2556 break;
1da177e4 2557
a9de9248
MH		 2558 case HCI_EV_SYNC_CONN_CHANGED:
2559 hci_sync_conn_changed_evt(hdev, skb);
2560 break;
1da177e4 2561
a9de9248
MH		 2562 case HCI_EV_SNIFF_SUBRATE:
2563 hci_sniff_subrate_evt(hdev, skb);
2564 break;
1da177e4 2565
a9de9248
MH		 2566 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2567 hci_extended_inquiry_result_evt(hdev, skb);
2568 break;
1da177e4 2569
0493684e
MH		 2570 case HCI_EV_IO_CAPA_REQUEST:
2571 hci_io_capa_request_evt(hdev, skb);
2572 break;
2573
03b555e1
JH		 2574 case HCI_EV_IO_CAPA_REPLY:
2575 hci_io_capa_reply_evt(hdev, skb);
2576 break;
2577
0493684e
MH		 2578 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2579 hci_simple_pair_complete_evt(hdev, skb);
2580 break;
2581
41a96212
MH		 2582 case HCI_EV_REMOTE_HOST_FEATURES:
2583 hci_remote_host_features_evt(hdev, skb);
2584 break;
2585
fcd89c09
VT		 2586 case HCI_EV_LE_META:
2587 hci_le_meta_evt(hdev, skb);
2588 break;
2589
a9de9248
MH		 2590 default:
2591 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 2592 break;
2593 }
2594
2595 kfree_skb(skb);
2596 hdev->stat.evt_rx++;
2597}
2598
2599/* Generate internal stack event */
2600void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2601{
2602 struct hci_event_hdr *hdr;
2603 struct hci_ev_stack_internal *ev;
2604 struct sk_buff *skb;
2605
2606 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2607 if (!skb)
2608 return;
2609
2610 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2611 hdr->evt = HCI_EV_STACK_INTERNAL;
2612 hdr->plen = sizeof(*ev) + dlen;
2613
2614 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2615 ev->type = type;
2616 memcpy(ev->data, data, dlen);
2617
576c7d85 2618 bt_cb(skb)->incoming = 1;
a61bbcf2 2619 __net_timestamp(skb);
576c7d85 2620
0d48d939 2621 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 2622 skb->dev = (void *) hdev;
eec8d2bc 2623 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2624 kfree_skb(skb);
2625}
kernel source for telekom puls (alcatel/mediatek)