projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add BT_DEFER_SETUP option to sco socket
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
3159d384 231
3f0f524b
JH		 232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
3159d384 235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 236}
237
238static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239{
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
9f1db00c 242 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 243
244 if (rp->status)
245 return;
246
db99b5fc
JH		 247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 249}
250
251static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
9f1db00c 256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 269 }
a9de9248 270
33ef95ed
JH		 271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
23bb5763 274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 275}
276
a9de9248 277static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 278{
a9de9248 279 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 280 void *sent;
281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
1da177e4 287
a9de9248
MH		 288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301{
36f7fc7e
JH		 302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
a9de9248 304 void *sent;
1da177e4 305
9f1db00c 306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 307
a9de9248
MH		 308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
1da177e4 311
36f7fc7e
JH		 312 param = *((__u8 *) sent);
313
56e5cb86
JH		 314 hci_dev_lock(hdev);
315
fa1bd918 316 if (status) {
744cf19e 317 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
36f7fc7e
JH		 322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 332 to);
16ab91ab 333 }
36f7fc7e 334 } else if (old_iscan)
744cf19e 335 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
744cf19e 340 mgmt_connectable(hdev, 1);
36f7fc7e 341 } else if (old_pscan)
744cf19e 342 mgmt_connectable(hdev, 0);
1da177e4 343
36f7fc7e 344done:
56e5cb86 345 hci_dev_unlock(hdev);
23bb5763 346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 352
9f1db00c 353 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 354
a9de9248
MH		 355 if (rp->status)
356 return;
1da177e4 357
a9de9248 358 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 359
a9de9248 360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
1da177e4 374
7f9a903c
MH		 375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
a9de9248 384}
1da177e4 385
a9de9248
MH		 386static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
9f1db00c 391 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
f383f275 398 if (hdev->voice_setting == setting)
a9de9248
MH		 399 return;
400
401 hdev->voice_setting = setting;
402
9f1db00c 403 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 404
3c54711c 405 if (hdev->notify)
a9de9248 406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 407}
408
8fc9ced3
GP		 409static void hci_cc_write_voice_setting(struct hci_dev *hdev,
410 struct sk_buff *skb)
a9de9248
MH		 411{
412 __u8 status = *((__u8 *) skb->data);
f383f275 413 __u16 setting;
a9de9248
MH		 414 void *sent;
415
9f1db00c 416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 417
f383f275
MH		 418 if (status)
419 return;
420
a9de9248
MH		 421 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
422 if (!sent)
423 return;
1da177e4 424
f383f275 425 setting = get_unaligned_le16(sent);
1da177e4 426
f383f275
MH		 427 if (hdev->voice_setting == setting)
428 return;
429
430 hdev->voice_setting = setting;
1da177e4 431
9f1db00c 432 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 433
3c54711c 434 if (hdev->notify)
f383f275 435 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 436}
437
a9de9248 438static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 439{
a9de9248 440 __u8 status = *((__u8 *) skb->data);
1da177e4 441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 443
23bb5763 444 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 445}
1143e5a6 446
333140b5
MH		 447static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448{
449 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 450 struct hci_cp_write_ssp_mode *sent;
333140b5 451
9f1db00c 452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 453
333140b5
MH		 454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 if (!sent)
456 return;
457
5ed8eb2f
JH		 458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
ed2c4ee3 465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 467 else if (!status) {
5ed8eb2f 468 if (sent->mode)
c0ecddc2
JH		 469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 else
471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
472 }
333140b5
MH		 473}
474
d5859e22
JH		 475static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
476{
976eb20e 477 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 478 return 2;
479
976eb20e 480 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 481 return 1;
482
483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 484 hdev->lmp_subver == 0x0757)
d5859e22
JH		 485 return 1;
486
487 if (hdev->manufacturer == 15) {
488 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
489 return 1;
490 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
491 return 1;
492 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
493 return 1;
494 }
495
496 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 497 hdev->lmp_subver == 0x1805)
d5859e22
JH		 498 return 1;
499
500 return 0;
501}
502
503static void hci_setup_inquiry_mode(struct hci_dev *hdev)
504{
505 u8 mode;
506
507 mode = hci_get_inquiry_mode(hdev);
508
509 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
510}
511
512static void hci_setup_event_mask(struct hci_dev *hdev)
513{
514 /* The second byte is 0xff instead of 0x9f (two reserved bits
515 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
516 * command otherwise */
517 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
518
6de6c18d
VT		 519 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
520 * any event mask for pre 1.2 devices */
5a13b095 521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 522 return;
523
e1171e8d
JH		 524 if (lmp_bredr_capable(hdev)) {
525 events[4] |= 0x01; /* Flow Specification Complete */
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
d5859e22 531
976eb20e 532 if (lmp_inq_rssi_capable(hdev))
a24299e6 533 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 534
999dcd10 535 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 536 events[5] |= 0x20; /* Sniff Subrating */
537
976eb20e 538 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
540
976eb20e 541 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 542 events[5] |= 0x40; /* Extended Inquiry Result */
543
c58e810e 544 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 545 events[7] |= 0x01; /* Enhanced Flush Complete */
546
976eb20e 547 if (lmp_lsto_capable(hdev))
d5859e22
JH		 548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
549
9a1a1996 550 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 551 events[6] |= 0x01; /* IO Capability Request */
552 events[6] |= 0x02; /* IO Capability Response */
553 events[6] |= 0x04; /* User Confirmation Request */
554 events[6] |= 0x08; /* User Passkey Request */
555 events[6] |= 0x10; /* Remote OOB Data Request */
556 events[6] |= 0x20; /* Simple Pairing Complete */
557 events[7] |= 0x04; /* User Passkey Notification */
558 events[7] |= 0x08; /* Keypress Notification */
559 events[7] |= 0x10; /* Remote Host Supported
560 * Features Notification */
561 }
562
c383ddc4 563 if (lmp_le_capable(hdev))
d5859e22
JH		 564 events[7] |= 0x20; /* LE Meta-Event */
565
566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
d5859e22
JH		 574}
575
4611dfa8 576static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 577{
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605}
606
4611dfa8 607static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 608{
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 611
612 /* Read LE Advertising Channel TX Power */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 614}
615
d5859e22
JH		 616static void hci_setup(struct hci_dev *hdev)
617{
e61ef499
AE		 618 if (hdev->dev_type != HCI_BREDR)
619 return;
620
e1171e8d
JH		 621 /* Read BD Address */
622 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
623
624 if (lmp_bredr_capable(hdev))
4611dfa8 625 bredr_setup(hdev);
e1171e8d
JH		 626
627 if (lmp_le_capable(hdev))
4611dfa8 628 le_setup(hdev);
e1171e8d 629
d5859e22
JH		 630 hci_setup_event_mask(hdev);
631
d095c1eb 632 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 633 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
634
6d3c730f 635 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 636 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
637 u8 mode = 0x01;
638 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 639 sizeof(mode), &mode);
54d04dbb
JH		 640 } else {
641 struct hci_cp_write_eir cp;
642
643 memset(hdev->eir, 0, sizeof(hdev->eir));
644 memset(&cp, 0, sizeof(cp));
645
646 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
647 }
d5859e22
JH		 648 }
649
976eb20e 650 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 651 hci_setup_inquiry_mode(hdev);
652
976eb20e 653 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 654 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 655
976eb20e 656 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 657 struct hci_cp_read_local_ext_features cp;
658
659 cp.page = 0x01;
04124681
GP		 660 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
661 &cp);
971e3a4b 662 }
e6100a25 663
47990ea0
JH		 664 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
665 u8 enable = 1;
04124681
GP		 666 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
667 &enable);
47990ea0 668 }
d5859e22
JH		 669}
670
a9de9248
MH		 671static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
672{
673 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 674
9f1db00c 675 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 676
a9de9248 677 if (rp->status)
28b8df77 678 goto done;
1143e5a6 679
a9de9248 680 hdev->hci_ver = rp->hci_ver;
e4e8e37c 681 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 682 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 683 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 684 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 685
9f1db00c 686 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 687 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 688
689 if (test_bit(HCI_INIT, &hdev->flags))
690 hci_setup(hdev);
28b8df77
AE		 691
692done:
693 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 694}
695
696static void hci_setup_link_policy(struct hci_dev *hdev)
697{
035100c8 698 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 699 u16 link_policy = 0;
700
9f92ebf6 701 if (lmp_rswitch_capable(hdev))
d5859e22 702 link_policy |= HCI_LP_RSWITCH;
976eb20e 703 if (lmp_hold_capable(hdev))
d5859e22 704 link_policy |= HCI_LP_HOLD;
6eded100 705 if (lmp_sniff_capable(hdev))
d5859e22 706 link_policy |= HCI_LP_SNIFF;
976eb20e 707 if (lmp_park_capable(hdev))
d5859e22
JH		 708 link_policy |= HCI_LP_PARK;
709
035100c8
AE		 710 cp.policy = cpu_to_le16(link_policy);
711 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 712}
1da177e4 713
8fc9ced3
GP		 714static void hci_cc_read_local_commands(struct hci_dev *hdev,
715 struct sk_buff *skb)
a9de9248
MH		 716{
717 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 718
9f1db00c 719 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 720
a9de9248 721 if (rp->status)
d5859e22 722 goto done;
1da177e4 723
a9de9248 724 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 725
726 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
727 hci_setup_link_policy(hdev);
728
729done:
730 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 731}
1da177e4 732
8fc9ced3
GP		 733static void hci_cc_read_local_features(struct hci_dev *hdev,
734 struct sk_buff *skb)
a9de9248
MH		 735{
736 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 739
a9de9248
MH		 740 if (rp->status)
741 return;
5b7f9909 742
a9de9248 743 memcpy(hdev->features, rp->features, 8);
5b7f9909 744
a9de9248
MH		 745 /* Adjust default settings according to features
746 * supported by device. */
1da177e4 747
a9de9248
MH		 748 if (hdev->features[0] & LMP_3SLOT)
749 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 750
a9de9248
MH		 751 if (hdev->features[0] & LMP_5SLOT)
752 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 753
a9de9248
MH		 754 if (hdev->features[1] & LMP_HV2) {
755 hdev->pkt_type |= (HCI_HV2);
756 hdev->esco_type |= (ESCO_HV2);
757 }
1da177e4 758
a9de9248
MH		 759 if (hdev->features[1] & LMP_HV3) {
760 hdev->pkt_type |= (HCI_HV3);
761 hdev->esco_type |= (ESCO_HV3);
762 }
1da177e4 763
45db810f 764 if (lmp_esco_capable(hdev))
a9de9248 765 hdev->esco_type |= (ESCO_EV3);
da1f5198 766
a9de9248
MH		 767 if (hdev->features[4] & LMP_EV4)
768 hdev->esco_type |= (ESCO_EV4);
da1f5198 769
a9de9248
MH		 770 if (hdev->features[4] & LMP_EV5)
771 hdev->esco_type |= (ESCO_EV5);
1da177e4 772
efc7688b
MH		 773 if (hdev->features[5] & LMP_EDR_ESCO_2M)
774 hdev->esco_type |= (ESCO_2EV3);
775
776 if (hdev->features[5] & LMP_EDR_ESCO_3M)
777 hdev->esco_type |= (ESCO_3EV3);
778
779 if (hdev->features[5] & LMP_EDR_3S_ESCO)
780 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
781
a9de9248 782 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 783 hdev->features[0], hdev->features[1],
784 hdev->features[2], hdev->features[3],
785 hdev->features[4], hdev->features[5],
786 hdev->features[6], hdev->features[7]);
a9de9248 787}
1da177e4 788
8f984dfa
JH		 789static void hci_set_le_support(struct hci_dev *hdev)
790{
791 struct hci_cp_write_le_host_supported cp;
792
793 memset(&cp, 0, sizeof(cp));
794
9d42820f 795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 796 cp.le = 1;
976eb20e 797 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 798 }
799
976eb20e 800 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 801 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
802 &cp);
8f984dfa
JH		 803}
804
971e3a4b 805static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 806 struct sk_buff *skb)
971e3a4b
AG		 807{
808 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
809
9f1db00c 810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 811
812 if (rp->status)
8f984dfa 813 goto done;
971e3a4b 814
b5b32b65
AG		 815 switch (rp->page) {
816 case 0:
817 memcpy(hdev->features, rp->features, 8);
818 break;
819 case 1:
820 memcpy(hdev->host_features, rp->features, 8);
821 break;
822 }
971e3a4b 823
c383ddc4 824 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 825 hci_set_le_support(hdev);
826
827done:
971e3a4b
AG		 828 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
829}
830
1e89cffb 831static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 832 struct sk_buff *skb)
1e89cffb
AE		 833{
834 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
835
9f1db00c 836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 837
838 if (rp->status)
839 return;
840
841 hdev->flow_ctl_mode = rp->mode;
842
843 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
844}
845
a9de9248
MH		 846static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 849
9f1db00c 850 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 851
a9de9248
MH		 852 if (rp->status)
853 return;
1da177e4 854
a9de9248
MH		 855 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
856 hdev->sco_mtu = rp->sco_mtu;
857 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
858 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
859
860 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
861 hdev->sco_mtu = 64;
862 hdev->sco_pkts = 8;
1da177e4 863 }
a9de9248
MH		 864
865 hdev->acl_cnt = hdev->acl_pkts;
866 hdev->sco_cnt = hdev->sco_pkts;
867
807deac2
GP		 868 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
869 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 870}
871
872static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
873{
874 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
875
9f1db00c 876 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 877
878 if (!rp->status)
879 bacpy(&hdev->bdaddr, &rp->bdaddr);
880
23bb5763
JH		 881 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
882}
883
350ee4cf 884static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 885 struct sk_buff *skb)
350ee4cf
AE		 886{
887 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
888
9f1db00c 889 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 890
891 if (rp->status)
892 return;
893
894 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
895 hdev->block_len = __le16_to_cpu(rp->block_len);
896 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
897
898 hdev->block_cnt = hdev->num_blocks;
899
900 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 901 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 902
903 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
904}
905
23bb5763
JH		 906static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 911
912 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 913}
914
928abaa7 915static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 916 struct sk_buff *skb)
928abaa7
AE		 917{
918 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
919
9f1db00c 920 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 921
922 if (rp->status)
8e2a0d92 923 goto a2mp_rsp;
928abaa7
AE		 924
925 hdev->amp_status = rp->amp_status;
926 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
927 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
928 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
929 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
930 hdev->amp_type = rp->amp_type;
931 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
932 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
933 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
934 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
935
936 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 937
938a2mp_rsp:
939 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 940}
941
903e4541
AE		 942static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
943 struct sk_buff *skb)
944{
945 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
946 struct amp_assoc *assoc = &hdev->loc_assoc;
947 size_t rem_len, frag_len;
948
949 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950
951 if (rp->status)
952 goto a2mp_rsp;
953
954 frag_len = skb->len - sizeof(*rp);
955 rem_len = __le16_to_cpu(rp->rem_len);
956
957 if (rem_len > frag_len) {
2e430be3 958 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 959
960 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
961 assoc->offset += frag_len;
962
963 /* Read other fragments */
964 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
965
966 return;
967 }
968
969 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
970 assoc->len = assoc->offset + rem_len;
971 assoc->offset = 0;
972
973a2mp_rsp:
974 /* Send A2MP Rsp when all fragments are received */
975 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 976 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 977}
978
b0916ea0 979static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 980 struct sk_buff *skb)
b0916ea0
JH		 981{
982 __u8 status = *((__u8 *) skb->data);
983
9f1db00c 984 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 985
986 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
987}
988
d5859e22
JH		 989static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
990{
991 __u8 status = *((__u8 *) skb->data);
992
9f1db00c 993 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 994
995 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
996}
997
998static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 999 struct sk_buff *skb)
d5859e22
JH		 1000{
1001 __u8 status = *((__u8 *) skb->data);
1002
9f1db00c 1003 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1004
1005 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1006}
1007
1008static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1009 struct sk_buff *skb)
d5859e22 1010{
91c4e9b1 1011 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1014
1015 if (!rp->status)
1016 hdev->inq_tx_power = rp->tx_power;
d5859e22 1017
91c4e9b1 1018 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1019}
1020
1021static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 __u8 status = *((__u8 *) skb->data);
1024
9f1db00c 1025 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1026
1027 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1028}
1029
980e1a53
JH		 1030static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1031{
1032 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1033 struct hci_cp_pin_code_reply *cp;
1034 struct hci_conn *conn;
1035
9f1db00c 1036 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1037
56e5cb86
JH		 1038 hci_dev_lock(hdev);
1039
a8b2d5c2 1040 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1041 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1042
fa1bd918 1043 if (rp->status)
56e5cb86 1044 goto unlock;
980e1a53
JH		 1045
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1047 if (!cp)
56e5cb86 1048 goto unlock;
980e1a53
JH		 1049
1050 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1051 if (conn)
1052 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1053
1054unlock:
1055 hci_dev_unlock(hdev);
980e1a53
JH		 1056}
1057
1058static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1059{
1060 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1061
9f1db00c 1062 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1063
56e5cb86
JH		 1064 hci_dev_lock(hdev);
1065
a8b2d5c2 1066 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1067 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1068 rp->status);
56e5cb86
JH		 1069
1070 hci_dev_unlock(hdev);
980e1a53 1071}
56e5cb86 1072
6ed58ec5
VT		 1073static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1074 struct sk_buff *skb)
1075{
1076 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1077
9f1db00c 1078 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1079
1080 if (rp->status)
1081 return;
1082
1083 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1084 hdev->le_pkts = rp->le_max_pkt;
1085
1086 hdev->le_cnt = hdev->le_pkts;
1087
1088 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1089
1090 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1091}
980e1a53 1092
8fa19098
JH		 1093static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1094 struct sk_buff *skb)
1095{
1096 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1097
1098 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1099
3f0f524b 1100 if (!rp->status) {
8fa19098 1101 hdev->adv_tx_power = rp->tx_power;
3f0f524b
JH		 1102 if (!test_bit(HCI_INIT, &hdev->flags))
1103 hci_update_ad(hdev);
1104 }
8fa19098
JH		 1105
1106 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1107}
1108
e36b04c8
JH		 1109static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 __u8 status = *((__u8 *) skb->data);
1112
1113 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1114
1115 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1116}
1117
a5c29683
JH		 1118static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1121
9f1db00c 1122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1123
56e5cb86
JH		 1124 hci_dev_lock(hdev);
1125
a8b2d5c2 1126 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1127 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1128 rp->status);
56e5cb86
JH		 1129
1130 hci_dev_unlock(hdev);
a5c29683
JH		 1131}
1132
1133static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1134 struct sk_buff *skb)
a5c29683
JH		 1135{
1136 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1137
9f1db00c 1138 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1139
56e5cb86
JH		 1140 hci_dev_lock(hdev);
1141
a8b2d5c2 1142 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1143 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1144 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1145
1146 hci_dev_unlock(hdev);
a5c29683
JH		 1147}
1148
1143d458
BG		 1149static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1150{
1151 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1152
9f1db00c 1153 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1154
1155 hci_dev_lock(hdev);
1156
a8b2d5c2 1157 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1158 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1159 0, rp->status);
1143d458
BG		 1160
1161 hci_dev_unlock(hdev);
1162}
1163
1164static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1165 struct sk_buff *skb)
1143d458
BG		 1166{
1167 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1168
9f1db00c 1169 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1170
1171 hci_dev_lock(hdev);
1172
a8b2d5c2 1173 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1174 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1175 ACL_LINK, 0, rp->status);
1143d458
BG		 1176
1177 hci_dev_unlock(hdev);
1178}
1179
c35938b2 1180static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1181 struct sk_buff *skb)
c35938b2
SJ		 1182{
1183 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1184
9f1db00c 1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1186
56e5cb86 1187 hci_dev_lock(hdev);
744cf19e 1188 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1189 rp->randomizer, rp->status);
56e5cb86 1190 hci_dev_unlock(hdev);
c35938b2
SJ		 1191}
1192
c1d5dc4a
JH		 1193static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1194{
1195 __u8 *sent, status = *((__u8 *) skb->data);
1196
1197 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1198
1199 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1200 if (!sent)
1201 return;
1202
1203 hci_dev_lock(hdev);
1204
1205 if (!status) {
1206 if (*sent)
1207 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1208 else
1209 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1210 }
1211
1212 hci_dev_unlock(hdev);
1213
1214 if (!test_bit(HCI_INIT, &hdev->flags))
1215 hci_update_ad(hdev);
1216
1217 hci_req_complete(hdev, HCI_OP_LE_SET_ADV_ENABLE, status);
1218}
1219
07f7fa5d
AG		 1220static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1221{
1222 __u8 status = *((__u8 *) skb->data);
1223
9f1db00c 1224 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1225
1226 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1227
1228 if (status) {
1229 hci_dev_lock(hdev);
1230 mgmt_start_discovery_failed(hdev, status);
1231 hci_dev_unlock(hdev);
1232 return;
1233 }
07f7fa5d
AG		 1234}
1235
eb9d91f5 1236static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1237 struct sk_buff *skb)
eb9d91f5
AG		 1238{
1239 struct hci_cp_le_set_scan_enable *cp;
1240 __u8 status = *((__u8 *) skb->data);
1241
9f1db00c 1242 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1243
eb9d91f5
AG		 1244 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1245 if (!cp)
1246 return;
1247
68a8aea4
AE		 1248 switch (cp->enable) {
1249 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1250 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1251
3fd24153
AG		 1252 if (status) {
1253 hci_dev_lock(hdev);
1254 mgmt_start_discovery_failed(hdev, status);
1255 hci_dev_unlock(hdev);
7ba8b4be 1256 return;
3fd24153 1257 }
7ba8b4be 1258
d23264a8
AG		 1259 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1260
a8f13c8c 1261 hci_dev_lock(hdev);
343f935b 1262 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1263 hci_dev_unlock(hdev);
68a8aea4
AE		 1264 break;
1265
1266 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1267 if (status) {
1268 hci_dev_lock(hdev);
1269 mgmt_stop_discovery_failed(hdev, status);
1270 hci_dev_unlock(hdev);
7ba8b4be 1271 return;
c9ecc48e 1272 }
7ba8b4be 1273
d23264a8
AG		 1274 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1275
bc3dd33c
AG		 1276 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1277 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1278 mgmt_interleaved_discovery(hdev);
1279 } else {
1280 hci_dev_lock(hdev);
1281 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1282 hci_dev_unlock(hdev);
1283 }
1284
68a8aea4
AE		 1285 break;
1286
1287 default:
1288 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1289 break;
35815085 1290 }
eb9d91f5
AG		 1291}
1292
a7a595f6
VCG		 1293static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1294{
1295 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1296
9f1db00c 1297 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1298
1299 if (rp->status)
1300 return;
1301
1302 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1303}
1304
1305static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1306{
1307 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1308
9f1db00c 1309 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1310
1311 if (rp->status)
1312 return;
1313
1314 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1315}
1316
6039aa73
GP		 1317static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1318 struct sk_buff *skb)
f9b49306 1319{
06199cf8 1320 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1321 __u8 status = *((__u8 *) skb->data);
1322
9f1db00c 1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1324
06199cf8 1325 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1326 if (!sent)
f9b49306
AG		 1327 return;
1328
8f984dfa
JH		 1329 if (!status) {
1330 if (sent->le)
1331 hdev->host_features[0] |= LMP_HOST_LE;
1332 else
1333 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1334
1335 if (sent->simul)
1336 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1337 else
1338 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1339 }
1340
1341 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1342 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1343 mgmt_le_enable_complete(hdev, sent->le, status);
1344
1345 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1346}
1347
93c284ee
AE		 1348static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1349 struct sk_buff *skb)
1350{
1351 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1352
1353 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1354 hdev->name, rp->status, rp->phy_handle);
1355
1356 if (rp->status)
1357 return;
1358
1359 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1360}
1361
6039aa73 1362static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1363{
9f1db00c 1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1365
1366 if (status) {
23bb5763 1367 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1368 hci_conn_check_pending(hdev);
56e5cb86 1369 hci_dev_lock(hdev);
a8b2d5c2 1370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1371 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1372 hci_dev_unlock(hdev);
314b2381
JH		 1373 return;
1374 }
1375
89352e7d
AG		 1376 set_bit(HCI_INQUIRY, &hdev->flags);
1377
56e5cb86 1378 hci_dev_lock(hdev);
343f935b 1379 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1380 hci_dev_unlock(hdev);
1da177e4
LT		 1381}
1382
6039aa73 1383static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1384{
a9de9248 1385 struct hci_cp_create_conn *cp;
1da177e4 1386 struct hci_conn *conn;
1da177e4 1387
9f1db00c 1388 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1389
1390 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1391 if (!cp)
1392 return;
1393
1394 hci_dev_lock(hdev);
1395
1396 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1397
6ed93dc6 1398 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1399
1400 if (status) {
1401 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1402 if (status != 0x0c || conn->attempt > 2) {
1403 conn->state = BT_CLOSED;
1404 hci_proto_connect_cfm(conn, status);
1405 hci_conn_del(conn);
1406 } else
1407 conn->state = BT_CONNECT2;
1da177e4
LT		 1408 }
1409 } else {
1410 if (!conn) {
1411 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1412 if (conn) {
a0c808b3 1413 conn->out = true;
1da177e4
LT		 1414 conn->link_mode |= HCI_LM_MASTER;
1415 } else
893ef971 1416 BT_ERR("No memory for new connection");
1da177e4
LT		 1417 }
1418 }
1419
1420 hci_dev_unlock(hdev);
1421}
1422
a9de9248 1423static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1424{
a9de9248
MH		 1425 struct hci_cp_add_sco *cp;
1426 struct hci_conn *acl, *sco;
1427 __u16 handle;
1da177e4 1428
9f1db00c 1429 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1430
a9de9248
MH		 1431 if (!status)
1432 return;
1da177e4 1433
a9de9248
MH		 1434 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1435 if (!cp)
1436 return;
1da177e4 1437
a9de9248 1438 handle = __le16_to_cpu(cp->handle);
1da177e4 1439
9f1db00c 1440 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1441
a9de9248 1442 hci_dev_lock(hdev);
1da177e4 1443
a9de9248 1444 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1445 if (acl) {
1446 sco = acl->link;
1447 if (sco) {
1448 sco->state = BT_CLOSED;
1da177e4 1449
5a08ecce
AE		 1450 hci_proto_connect_cfm(sco, status);
1451 hci_conn_del(sco);
1452 }
a9de9248 1453 }
1da177e4 1454
a9de9248
MH		 1455 hci_dev_unlock(hdev);
1456}
1da177e4 1457
f8558555
MH		 1458static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1459{
1460 struct hci_cp_auth_requested *cp;
1461 struct hci_conn *conn;
1462
9f1db00c 1463 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1464
1465 if (!status)
1466 return;
1467
1468 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1469 if (!cp)
1470 return;
1471
1472 hci_dev_lock(hdev);
1473
1474 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1475 if (conn) {
1476 if (conn->state == BT_CONFIG) {
1477 hci_proto_connect_cfm(conn, status);
1478 hci_conn_put(conn);
1479 }
1480 }
1481
1482 hci_dev_unlock(hdev);
1483}
1484
1485static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1486{
1487 struct hci_cp_set_conn_encrypt *cp;
1488 struct hci_conn *conn;
1489
9f1db00c 1490 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1491
1492 if (!status)
1493 return;
1494
1495 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1496 if (!cp)
1497 return;
1498
1499 hci_dev_lock(hdev);
1500
1501 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1502 if (conn) {
1503 if (conn->state == BT_CONFIG) {
1504 hci_proto_connect_cfm(conn, status);
1505 hci_conn_put(conn);
1506 }
1507 }
1508
1509 hci_dev_unlock(hdev);
1510}
1511
127178d2 1512static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1513 struct hci_conn *conn)
392599b9 1514{
392599b9
JH		 1515 if (conn->state != BT_CONFIG || !conn->out)
1516 return 0;
1517
765c2a96 1518 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1519 return 0;
1520
1521 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1522 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1523 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1524 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1525 return 0;
1526
392599b9
JH		 1527 return 1;
1528}
1529
6039aa73 1530static int hci_resolve_name(struct hci_dev *hdev,
04124681 1531 struct inquiry_entry *e)
30dc78e1
JH		 1532{
1533 struct hci_cp_remote_name_req cp;
1534
1535 memset(&cp, 0, sizeof(cp));
1536
1537 bacpy(&cp.bdaddr, &e->data.bdaddr);
1538 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1539 cp.pscan_mode = e->data.pscan_mode;
1540 cp.clock_offset = e->data.clock_offset;
1541
1542 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1543}
1544
b644ba33 1545static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1546{
1547 struct discovery_state *discov = &hdev->discovery;
1548 struct inquiry_entry *e;
1549
b644ba33
JH		 1550 if (list_empty(&discov->resolve))
1551 return false;
1552
1553 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1554 if (!e)
1555 return false;
1556
b644ba33
JH		 1557 if (hci_resolve_name(hdev, e) == 0) {
1558 e->name_state = NAME_PENDING;
1559 return true;
1560 }
1561
1562 return false;
1563}
1564
1565static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1566 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1567{
1568 struct discovery_state *discov = &hdev->discovery;
1569 struct inquiry_entry *e;
1570
1571 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1572 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1573 name_len, conn->dev_class);
b644ba33
JH		 1574
1575 if (discov->state == DISCOVERY_STOPPED)
1576 return;
1577
30dc78e1
JH		 1578 if (discov->state == DISCOVERY_STOPPING)
1579 goto discov_complete;
1580
1581 if (discov->state != DISCOVERY_RESOLVING)
1582 return;
1583
1584 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1585 /* If the device was not found in a list of found devices names of which
1586 * are pending. there is no need to continue resolving a next name as it
1587 * will be done upon receiving another Remote Name Request Complete
1588 * Event */
1589 if (!e)
1590 return;
1591
1592 list_del(&e->list);
1593 if (name) {
30dc78e1 1594 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1595 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1596 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1597 } else {
1598 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1599 }
1600
b644ba33 1601 if (hci_resolve_next_name(hdev))
30dc78e1 1602 return;
30dc78e1
JH		 1603
1604discov_complete:
1605 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1606}
1607
a9de9248
MH		 1608static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1609{
127178d2
JH		 1610 struct hci_cp_remote_name_req *cp;
1611 struct hci_conn *conn;
1612
9f1db00c 1613 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1614
1615 /* If successful wait for the name req complete event before
1616 * checking for the need to do authentication */
1617 if (!status)
1618 return;
1619
1620 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1621 if (!cp)
1622 return;
1623
1624 hci_dev_lock(hdev);
1625
b644ba33
JH		 1626 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1627
a8b2d5c2 1628 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1629 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1630
79c6c70c
JH		 1631 if (!conn)
1632 goto unlock;
1633
1634 if (!hci_outgoing_auth_needed(hdev, conn))
1635 goto unlock;
1636
51a8efd7 1637 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1638 struct hci_cp_auth_requested cp;
1639 cp.handle = __cpu_to_le16(conn->handle);
1640 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1641 }
1642
79c6c70c 1643unlock:
127178d2 1644 hci_dev_unlock(hdev);
a9de9248 1645}
1da177e4 1646
769be974
MH		 1647static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1648{
1649 struct hci_cp_read_remote_features *cp;
1650 struct hci_conn *conn;
1651
9f1db00c 1652 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1653
1654 if (!status)
1655 return;
1656
1657 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1658 if (!cp)
1659 return;
1660
1661 hci_dev_lock(hdev);
1662
1663 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1664 if (conn) {
1665 if (conn->state == BT_CONFIG) {
769be974
MH		 1666 hci_proto_connect_cfm(conn, status);
1667 hci_conn_put(conn);
1668 }
1669 }
1670
1671 hci_dev_unlock(hdev);
1672}
1673
1674static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1675{
1676 struct hci_cp_read_remote_ext_features *cp;
1677 struct hci_conn *conn;
1678
9f1db00c 1679 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1680
1681 if (!status)
1682 return;
1683
1684 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1685 if (!cp)
1686 return;
1687
1688 hci_dev_lock(hdev);
1689
1690 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1691 if (conn) {
1692 if (conn->state == BT_CONFIG) {
769be974
MH		 1693 hci_proto_connect_cfm(conn, status);
1694 hci_conn_put(conn);
1695 }
1696 }
1697
1698 hci_dev_unlock(hdev);
1699}
1700
a9de9248
MH		 1701static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1702{
b6a0dc82
MH		 1703 struct hci_cp_setup_sync_conn *cp;
1704 struct hci_conn *acl, *sco;
1705 __u16 handle;
1706
9f1db00c 1707 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1708
1709 if (!status)
1710 return;
1711
1712 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1713 if (!cp)
1714 return;
1715
1716 handle = __le16_to_cpu(cp->handle);
1717
9f1db00c 1718 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1719
1720 hci_dev_lock(hdev);
1721
1722 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1723 if (acl) {
1724 sco = acl->link;
1725 if (sco) {
1726 sco->state = BT_CLOSED;
b6a0dc82 1727
5a08ecce
AE		 1728 hci_proto_connect_cfm(sco, status);
1729 hci_conn_del(sco);
1730 }
b6a0dc82
MH		 1731 }
1732
1733 hci_dev_unlock(hdev);
1da177e4
LT		 1734}
1735
a9de9248 1736static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1737{
a9de9248
MH		 1738 struct hci_cp_sniff_mode *cp;
1739 struct hci_conn *conn;
1da177e4 1740
9f1db00c 1741 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1742
a9de9248
MH		 1743 if (!status)
1744 return;
04837f64 1745
a9de9248
MH		 1746 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1747 if (!cp)
1748 return;
04837f64 1749
a9de9248 1750 hci_dev_lock(hdev);
04837f64 1751
a9de9248 1752 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1753 if (conn) {
51a8efd7 1754 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1755
51a8efd7 1756 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1757 hci_sco_setup(conn, status);
1758 }
1759
a9de9248
MH		 1760 hci_dev_unlock(hdev);
1761}
04837f64 1762
a9de9248
MH		 1763static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1764{
1765 struct hci_cp_exit_sniff_mode *cp;
1766 struct hci_conn *conn;
04837f64 1767
9f1db00c 1768 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1769
a9de9248
MH		 1770 if (!status)
1771 return;
04837f64 1772
a9de9248
MH		 1773 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1774 if (!cp)
1775 return;
04837f64 1776
a9de9248 1777 hci_dev_lock(hdev);
1da177e4 1778
a9de9248 1779 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1780 if (conn) {
51a8efd7 1781 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1782
51a8efd7 1783 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1784 hci_sco_setup(conn, status);
1785 }
1786
a9de9248 1787 hci_dev_unlock(hdev);
1da177e4
LT		 1788}
1789
88c3df13
JH		 1790static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1791{
1792 struct hci_cp_disconnect *cp;
1793 struct hci_conn *conn;
1794
1795 if (!status)
1796 return;
1797
1798 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1799 if (!cp)
1800 return;
1801
1802 hci_dev_lock(hdev);
1803
1804 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1805 if (conn)
1806 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1807 conn->dst_type, status);
88c3df13
JH		 1808
1809 hci_dev_unlock(hdev);
1810}
1811
fcd89c09
VT		 1812static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1813{
fcd89c09
VT		 1814 struct hci_conn *conn;
1815
9f1db00c 1816 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1817
f00a06ac
AG		 1818 if (status) {
1819 hci_dev_lock(hdev);
fcd89c09 1820
0c95ab78 1821 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1822 if (!conn) {
1823 hci_dev_unlock(hdev);
1824 return;
1825 }
fcd89c09 1826
6ed93dc6 1827 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1828
f00a06ac 1829 conn->state = BT_CLOSED;
0c95ab78 1830 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1831 conn->dst_type, status);
1832 hci_proto_connect_cfm(conn, status);
1833 hci_conn_del(conn);
fcd89c09 1834
f00a06ac
AG		 1835 hci_dev_unlock(hdev);
1836 }
fcd89c09
VT		 1837}
1838
a7a595f6
VCG		 1839static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1840{
9f1db00c 1841 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1842}
1843
a02226d6
AE		 1844static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1845{
93c284ee
AE		 1846 struct hci_cp_create_phy_link *cp;
1847
a02226d6 1848 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1849
93c284ee
AE		 1850 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1851 if (!cp)
1852 return;
1853
e58917b9
AE		 1854 hci_dev_lock(hdev);
1855
1856 if (status) {
1857 struct hci_conn *hcon;
1858
1859 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1860 if (hcon)
1861 hci_conn_del(hcon);
1862 } else {
1863 amp_write_remote_assoc(hdev, cp->phy_handle);
1864 }
1865
1866 hci_dev_unlock(hdev);
a02226d6
AE		 1867}
1868
0b26ab9d
AE		 1869static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1870{
1871 struct hci_cp_accept_phy_link *cp;
1872
1873 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1874
1875 if (status)
1876 return;
1877
1878 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1879 if (!cp)
1880 return;
1881
1882 amp_write_remote_assoc(hdev, cp->phy_handle);
1883}
1884
5ce66b59
AE		 1885static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1886{
1887 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1888}
1889
6039aa73 1890static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1891{
1892 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1893 struct discovery_state *discov = &hdev->discovery;
1894 struct inquiry_entry *e;
1da177e4 1895
9f1db00c 1896 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1897
23bb5763 1898 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1899
a9de9248 1900 hci_conn_check_pending(hdev);
89352e7d
AG		 1901
1902 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1903 return;
1904
a8b2d5c2 1905 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1906 return;
1907
56e5cb86 1908 hci_dev_lock(hdev);
30dc78e1 1909
343f935b 1910 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1911 goto unlock;
1912
1913 if (list_empty(&discov->resolve)) {
1914 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1915 goto unlock;
1916 }
1917
1918 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1919 if (e && hci_resolve_name(hdev, e) == 0) {
1920 e->name_state = NAME_PENDING;
1921 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1922 } else {
1923 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1924 }
1925
1926unlock:
56e5cb86 1927 hci_dev_unlock(hdev);
1da177e4
LT		 1928}
1929
6039aa73 1930static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1931{
45bb4bf0 1932 struct inquiry_data data;
a9de9248 1933 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1934 int num_rsp = *((__u8 *) skb->data);
1935
1936 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1937
45bb4bf0
MH		 1938 if (!num_rsp)
1939 return;
1940
1519cc17
AG		 1941 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1942 return;
1943
1da177e4 1944 hci_dev_lock(hdev);
45bb4bf0 1945
e17acd40 1946 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1947 bool name_known, ssp;
3175405b 1948
1da177e4
LT		 1949 bacpy(&data.bdaddr, &info->bdaddr);
1950 data.pscan_rep_mode = info->pscan_rep_mode;
1951 data.pscan_period_mode = info->pscan_period_mode;
1952 data.pscan_mode = info->pscan_mode;
1953 memcpy(data.dev_class, info->dev_class, 3);
1954 data.clock_offset = info->clock_offset;
1955 data.rssi = 0x00;
41a96212 1956 data.ssp_mode = 0x00;
3175405b 1957
388fc8fa 1958 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1959 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1960 info->dev_class, 0, !name_known, ssp, NULL,
1961 0);
1da177e4 1962 }
45bb4bf0 1963
1da177e4
LT		 1964 hci_dev_unlock(hdev);
1965}
1966
6039aa73 1967static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1968{
a9de9248
MH		 1969 struct hci_ev_conn_complete *ev = (void *) skb->data;
1970 struct hci_conn *conn;
1da177e4
LT		 1971
1972 BT_DBG("%s", hdev->name);
1973
1974 hci_dev_lock(hdev);
1975
1976 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1977 if (!conn) {
1978 if (ev->link_type != SCO_LINK)
1979 goto unlock;
1980
1981 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1982 if (!conn)
1983 goto unlock;
1984
1985 conn->type = SCO_LINK;
1986 }
1da177e4
LT		 1987
1988 if (!ev->status) {
1989 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1990
1991 if (conn->type == ACL_LINK) {
1992 conn->state = BT_CONFIG;
1993 hci_conn_hold(conn);
a9ea3ed9
SJ		 1994
1995 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1996 !hci_find_link_key(hdev, &ev->bdaddr))
1997 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1998 else
1999 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2000 } else
2001 conn->state = BT_CONNECTED;
1da177e4 2002
9eba32b8 2003 hci_conn_hold_device(conn);
7d0db0a3
MH		 2004 hci_conn_add_sysfs(conn);
2005
1da177e4
LT		 2006 if (test_bit(HCI_AUTH, &hdev->flags))
2007 conn->link_mode |= HCI_LM_AUTH;
2008
2009 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2010 conn->link_mode |= HCI_LM_ENCRYPT;
2011
04837f64
MH		 2012 /* Get remote features */
2013 if (conn->type == ACL_LINK) {
2014 struct hci_cp_read_remote_features cp;
2015 cp.handle = ev->handle;
769be974 2016 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2017 sizeof(cp), &cp);
04837f64
MH		 2018 }
2019
1da177e4 2020 /* Set packet type for incoming connection */
d095c1eb 2021 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2022 struct hci_cp_change_conn_ptype cp;
2023 cp.handle = ev->handle;
a8746417 2024 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2025 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2026 &cp);
1da177e4 2027 }
17d5c04c 2028 } else {
1da177e4 2029 conn->state = BT_CLOSED;
17d5c04c 2030 if (conn->type == ACL_LINK)
744cf19e 2031 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 2032 conn->dst_type, ev->status);
17d5c04c 2033 }
1da177e4 2034
e73439d8
MH		 2035 if (conn->type == ACL_LINK)
2036 hci_sco_setup(conn, ev->status);
1da177e4 2037
769be974
MH		 2038 if (ev->status) {
2039 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2040 hci_conn_del(conn);
c89b6e6b
MH		 2041 } else if (ev->link_type != ACL_LINK)
2042 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2043
a9de9248 2044unlock:
1da177e4 2045 hci_dev_unlock(hdev);
1da177e4 2046
a9de9248 2047 hci_conn_check_pending(hdev);
1da177e4
LT		 2048}
2049
6039aa73 2050static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2051{
a9de9248
MH		 2052 struct hci_ev_conn_request *ev = (void *) skb->data;
2053 int mask = hdev->link_mode;
1da177e4 2054
6ed93dc6 2055 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2056 ev->link_type);
1da177e4 2057
a9de9248 2058 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2059
138d22ef 2060 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2061 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2062 /* Connection accepted */
c7bdd502 2063 struct inquiry_entry *ie;
1da177e4 2064 struct hci_conn *conn;
1da177e4 2065
a9de9248 2066 hci_dev_lock(hdev);
b6a0dc82 2067
cc11b9c1
AE		 2068 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2069 if (ie)
c7bdd502
MH		 2070 memcpy(ie->data.dev_class, ev->dev_class, 3);
2071
8fc9ced3
GP		 2072 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2073 &ev->bdaddr);
a9de9248 2074 if (!conn) {
cc11b9c1
AE		 2075 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2076 if (!conn) {
893ef971 2077 BT_ERR("No memory for new connection");
a9de9248
MH		 2078 hci_dev_unlock(hdev);
2079 return;
1da177e4
LT		 2080 }
2081 }
b6a0dc82 2082
a9de9248
MH		 2083 memcpy(conn->dev_class, ev->dev_class, 3);
2084 conn->state = BT_CONNECT;
b6a0dc82 2085
a9de9248 2086 hci_dev_unlock(hdev);
1da177e4 2087
b6a0dc82
MH		 2088 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2089 struct hci_cp_accept_conn_req cp;
1da177e4 2090
b6a0dc82
MH		 2091 bacpy(&cp.bdaddr, &ev->bdaddr);
2092
2093 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2094 cp.role = 0x00; /* Become master */
2095 else
2096 cp.role = 0x01; /* Remain slave */
2097
04124681
GP		 2098 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2099 &cp);
b6a0dc82
MH		 2100 } else {
2101 struct hci_cp_accept_sync_conn_req cp;
2102
2103 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2104 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2105
82781e63
AE		 2106 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2107 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2108 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2109 cp.content_format = cpu_to_le16(hdev->voice_setting);
2110 cp.retrans_effort = 0xff;
1da177e4 2111
b6a0dc82 2112 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2113 sizeof(cp), &cp);
b6a0dc82 2114 }
a9de9248
MH		 2115 } else {
2116 /* Connection rejected */
2117 struct hci_cp_reject_conn_req cp;
1da177e4 2118
a9de9248 2119 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2120 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2121 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2122 }
1da177e4
LT		 2123}
2124
f0d6a0ea
MA		 2125static u8 hci_to_mgmt_reason(u8 err)
2126{
2127 switch (err) {
2128 case HCI_ERROR_CONNECTION_TIMEOUT:
2129 return MGMT_DEV_DISCONN_TIMEOUT;
2130 case HCI_ERROR_REMOTE_USER_TERM:
2131 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2132 case HCI_ERROR_REMOTE_POWER_OFF:
2133 return MGMT_DEV_DISCONN_REMOTE;
2134 case HCI_ERROR_LOCAL_HOST_TERM:
2135 return MGMT_DEV_DISCONN_LOCAL_HOST;
2136 default:
2137 return MGMT_DEV_DISCONN_UNKNOWN;
2138 }
2139}
2140
6039aa73 2141static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2142{
a9de9248 2143 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2144 struct hci_conn *conn;
2145
9f1db00c 2146 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2147
2148 hci_dev_lock(hdev);
2149
2150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2151 if (!conn)
2152 goto unlock;
7d0db0a3 2153
37d9ef76
JH		 2154 if (ev->status == 0)
2155 conn->state = BT_CLOSED;
04837f64 2156
b644ba33 2157 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2158 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2159 if (ev->status) {
88c3df13 2160 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2161 conn->dst_type, ev->status);
f0d6a0ea
MA		 2162 } else {
2163 u8 reason = hci_to_mgmt_reason(ev->reason);
2164
afc747a6 2165 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2166 conn->dst_type, reason);
2167 }
37d9ef76 2168 }
f7520543 2169
37d9ef76 2170 if (ev->status == 0) {
6ec5bcad
VA		 2171 if (conn->type == ACL_LINK && conn->flush_key)
2172 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2173 hci_proto_disconn_cfm(conn, ev->reason);
2174 hci_conn_del(conn);
2175 }
f7520543
JH		 2176
2177unlock:
04837f64
MH		 2178 hci_dev_unlock(hdev);
2179}
2180
6039aa73 2181static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2182{
a9de9248 2183 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2184 struct hci_conn *conn;
1da177e4 2185
9f1db00c 2186 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2187
2188 hci_dev_lock(hdev);
2189
04837f64 2190 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2191 if (!conn)
2192 goto unlock;
2193
2194 if (!ev->status) {
aa64a8b5 2195 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2196 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2197 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2198 } else {
d7556e20
WR		 2199 conn->link_mode |= HCI_LM_AUTH;
2200 conn->sec_level = conn->pending_sec_level;
2a611692 2201 }
d7556e20 2202 } else {
bab73cb6 2203 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2204 ev->status);
d7556e20 2205 }
1da177e4 2206
51a8efd7
JH		 2207 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2208 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2209
d7556e20 2210 if (conn->state == BT_CONFIG) {
aa64a8b5 2211 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2212 struct hci_cp_set_conn_encrypt cp;
2213 cp.handle = ev->handle;
2214 cp.encrypt = 0x01;
2215 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2216 &cp);
052b30b0 2217 } else {
d7556e20
WR		 2218 conn->state = BT_CONNECTED;
2219 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2220 hci_conn_put(conn);
2221 }
d7556e20
WR		 2222 } else {
2223 hci_auth_cfm(conn, ev->status);
052b30b0 2224
d7556e20
WR		 2225 hci_conn_hold(conn);
2226 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2227 hci_conn_put(conn);
2228 }
2229
51a8efd7 2230 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2231 if (!ev->status) {
2232 struct hci_cp_set_conn_encrypt cp;
2233 cp.handle = ev->handle;
2234 cp.encrypt = 0x01;
2235 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2236 &cp);
d7556e20 2237 } else {
51a8efd7 2238 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2239 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2240 }
2241 }
2242
d7556e20 2243unlock:
1da177e4
LT		 2244 hci_dev_unlock(hdev);
2245}
2246
6039aa73 2247static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2248{
127178d2
JH		 2249 struct hci_ev_remote_name *ev = (void *) skb->data;
2250 struct hci_conn *conn;
2251
a9de9248 2252 BT_DBG("%s", hdev->name);
1da177e4 2253
a9de9248 2254 hci_conn_check_pending(hdev);
127178d2
JH		 2255
2256 hci_dev_lock(hdev);
2257
b644ba33 2258 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2259
b644ba33
JH		 2260 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2261 goto check_auth;
a88a9652 2262
b644ba33
JH		 2263 if (ev->status == 0)
2264 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2265 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2266 else
2267 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2268
2269check_auth:
79c6c70c
JH		 2270 if (!conn)
2271 goto unlock;
2272
2273 if (!hci_outgoing_auth_needed(hdev, conn))
2274 goto unlock;
2275
51a8efd7 2276 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2277 struct hci_cp_auth_requested cp;
2278 cp.handle = __cpu_to_le16(conn->handle);
2279 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2280 }
2281
79c6c70c 2282unlock:
127178d2 2283 hci_dev_unlock(hdev);
a9de9248
MH		 2284}
2285
6039aa73 2286static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2287{
2288 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2289 struct hci_conn *conn;
2290
9f1db00c 2291 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2292
2293 hci_dev_lock(hdev);
2294
04837f64 2295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2296 if (conn) {
2297 if (!ev->status) {
ae293196
MH		 2298 if (ev->encrypt) {
2299 /* Encryption implies authentication */
2300 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2301 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2302 conn->sec_level = conn->pending_sec_level;
ae293196 2303 } else
1da177e4
LT		 2304 conn->link_mode &= ~HCI_LM_ENCRYPT;
2305 }
2306
51a8efd7 2307 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2308
a7d7723a 2309 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2310 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2311 hci_conn_put(conn);
2312 goto unlock;
2313 }
2314
f8558555
MH		 2315 if (conn->state == BT_CONFIG) {
2316 if (!ev->status)
2317 conn->state = BT_CONNECTED;
2318
2319 hci_proto_connect_cfm(conn, ev->status);
2320 hci_conn_put(conn);
2321 } else
2322 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2323 }
2324
a7d7723a 2325unlock:
1da177e4
LT		 2326 hci_dev_unlock(hdev);
2327}
2328
6039aa73
GP		 2329static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2330 struct sk_buff *skb)
1da177e4 2331{
a9de9248 2332 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2333 struct hci_conn *conn;
1da177e4 2334
9f1db00c 2335 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2336
2337 hci_dev_lock(hdev);
2338
04837f64 2339 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2340 if (conn) {
2341 if (!ev->status)
2342 conn->link_mode |= HCI_LM_SECURE;
2343
51a8efd7 2344 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2345
2346 hci_key_change_cfm(conn, ev->status);
2347 }
2348
2349 hci_dev_unlock(hdev);
2350}
2351
6039aa73
GP		 2352static void hci_remote_features_evt(struct hci_dev *hdev,
2353 struct sk_buff *skb)
1da177e4 2354{
a9de9248
MH		 2355 struct hci_ev_remote_features *ev = (void *) skb->data;
2356 struct hci_conn *conn;
2357
9f1db00c 2358 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2359
a9de9248
MH		 2360 hci_dev_lock(hdev);
2361
2362 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2363 if (!conn)
2364 goto unlock;
769be974 2365
ccd556fe
JH		 2366 if (!ev->status)
2367 memcpy(conn->features, ev->features, 8);
2368
2369 if (conn->state != BT_CONFIG)
2370 goto unlock;
2371
2372 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2373 struct hci_cp_read_remote_ext_features cp;
2374 cp.handle = ev->handle;
2375 cp.page = 0x01;
2376 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2377 sizeof(cp), &cp);
392599b9
JH		 2378 goto unlock;
2379 }
2380
671267bf 2381 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2382 struct hci_cp_remote_name_req cp;
2383 memset(&cp, 0, sizeof(cp));
2384 bacpy(&cp.bdaddr, &conn->dst);
2385 cp.pscan_rep_mode = 0x02;
2386 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2387 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2388 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2389 conn->dst_type, 0, NULL, 0,
2390 conn->dev_class);
392599b9 2391
127178d2 2392 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2393 conn->state = BT_CONNECTED;
2394 hci_proto_connect_cfm(conn, ev->status);
2395 hci_conn_put(conn);
769be974 2396 }
a9de9248 2397
ccd556fe 2398unlock:
a9de9248 2399 hci_dev_unlock(hdev);
1da177e4
LT		 2400}
2401
6039aa73 2402static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2403{
a9de9248 2404 BT_DBG("%s", hdev->name);
1da177e4
LT		 2405}
2406
6039aa73
GP		 2407static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2408 struct sk_buff *skb)
1da177e4 2409{
a9de9248 2410 BT_DBG("%s", hdev->name);
1da177e4
LT		 2411}
2412
6039aa73 2413static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2414{
2415 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2416 __u16 opcode;
2417
2418 skb_pull(skb, sizeof(*ev));
2419
2420 opcode = __le16_to_cpu(ev->opcode);
2421
2422 switch (opcode) {
2423 case HCI_OP_INQUIRY_CANCEL:
2424 hci_cc_inquiry_cancel(hdev, skb);
2425 break;
2426
4d93483b
AG		 2427 case HCI_OP_PERIODIC_INQ:
2428 hci_cc_periodic_inq(hdev, skb);
2429 break;
2430
a9de9248
MH		 2431 case HCI_OP_EXIT_PERIODIC_INQ:
2432 hci_cc_exit_periodic_inq(hdev, skb);
2433 break;
2434
2435 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2436 hci_cc_remote_name_req_cancel(hdev, skb);
2437 break;
2438
2439 case HCI_OP_ROLE_DISCOVERY:
2440 hci_cc_role_discovery(hdev, skb);
2441 break;
2442
e4e8e37c
MH		 2443 case HCI_OP_READ_LINK_POLICY:
2444 hci_cc_read_link_policy(hdev, skb);
2445 break;
2446
a9de9248
MH		 2447 case HCI_OP_WRITE_LINK_POLICY:
2448 hci_cc_write_link_policy(hdev, skb);
2449 break;
2450
e4e8e37c
MH		 2451 case HCI_OP_READ_DEF_LINK_POLICY:
2452 hci_cc_read_def_link_policy(hdev, skb);
2453 break;
2454
2455 case HCI_OP_WRITE_DEF_LINK_POLICY:
2456 hci_cc_write_def_link_policy(hdev, skb);
2457 break;
2458
a9de9248
MH		 2459 case HCI_OP_RESET:
2460 hci_cc_reset(hdev, skb);
2461 break;
2462
2463 case HCI_OP_WRITE_LOCAL_NAME:
2464 hci_cc_write_local_name(hdev, skb);
2465 break;
2466
2467 case HCI_OP_READ_LOCAL_NAME:
2468 hci_cc_read_local_name(hdev, skb);
2469 break;
2470
2471 case HCI_OP_WRITE_AUTH_ENABLE:
2472 hci_cc_write_auth_enable(hdev, skb);
2473 break;
2474
2475 case HCI_OP_WRITE_ENCRYPT_MODE:
2476 hci_cc_write_encrypt_mode(hdev, skb);
2477 break;
2478
2479 case HCI_OP_WRITE_SCAN_ENABLE:
2480 hci_cc_write_scan_enable(hdev, skb);
2481 break;
2482
2483 case HCI_OP_READ_CLASS_OF_DEV:
2484 hci_cc_read_class_of_dev(hdev, skb);
2485 break;
2486
2487 case HCI_OP_WRITE_CLASS_OF_DEV:
2488 hci_cc_write_class_of_dev(hdev, skb);
2489 break;
2490
2491 case HCI_OP_READ_VOICE_SETTING:
2492 hci_cc_read_voice_setting(hdev, skb);
2493 break;
2494
2495 case HCI_OP_WRITE_VOICE_SETTING:
2496 hci_cc_write_voice_setting(hdev, skb);
2497 break;
2498
2499 case HCI_OP_HOST_BUFFER_SIZE:
2500 hci_cc_host_buffer_size(hdev, skb);
2501 break;
2502
333140b5
MH		 2503 case HCI_OP_WRITE_SSP_MODE:
2504 hci_cc_write_ssp_mode(hdev, skb);
2505 break;
2506
a9de9248
MH		 2507 case HCI_OP_READ_LOCAL_VERSION:
2508 hci_cc_read_local_version(hdev, skb);
2509 break;
2510
2511 case HCI_OP_READ_LOCAL_COMMANDS:
2512 hci_cc_read_local_commands(hdev, skb);
2513 break;
2514
2515 case HCI_OP_READ_LOCAL_FEATURES:
2516 hci_cc_read_local_features(hdev, skb);
2517 break;
2518
971e3a4b
AG		 2519 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2520 hci_cc_read_local_ext_features(hdev, skb);
2521 break;
2522
a9de9248
MH		 2523 case HCI_OP_READ_BUFFER_SIZE:
2524 hci_cc_read_buffer_size(hdev, skb);
2525 break;
2526
2527 case HCI_OP_READ_BD_ADDR:
2528 hci_cc_read_bd_addr(hdev, skb);
2529 break;
2530
350ee4cf
AE		 2531 case HCI_OP_READ_DATA_BLOCK_SIZE:
2532 hci_cc_read_data_block_size(hdev, skb);
2533 break;
2534
23bb5763
JH		 2535 case HCI_OP_WRITE_CA_TIMEOUT:
2536 hci_cc_write_ca_timeout(hdev, skb);
2537 break;
2538
1e89cffb
AE		 2539 case HCI_OP_READ_FLOW_CONTROL_MODE:
2540 hci_cc_read_flow_control_mode(hdev, skb);
2541 break;
2542
928abaa7
AE		 2543 case HCI_OP_READ_LOCAL_AMP_INFO:
2544 hci_cc_read_local_amp_info(hdev, skb);
2545 break;
2546
903e4541
AE		 2547 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2548 hci_cc_read_local_amp_assoc(hdev, skb);
2549 break;
2550
b0916ea0
JH		 2551 case HCI_OP_DELETE_STORED_LINK_KEY:
2552 hci_cc_delete_stored_link_key(hdev, skb);
2553 break;
2554
d5859e22
JH		 2555 case HCI_OP_SET_EVENT_MASK:
2556 hci_cc_set_event_mask(hdev, skb);
2557 break;
2558
2559 case HCI_OP_WRITE_INQUIRY_MODE:
2560 hci_cc_write_inquiry_mode(hdev, skb);
2561 break;
2562
2563 case HCI_OP_READ_INQ_RSP_TX_POWER:
2564 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2565 break;
2566
2567 case HCI_OP_SET_EVENT_FLT:
2568 hci_cc_set_event_flt(hdev, skb);
2569 break;
2570
980e1a53
JH		 2571 case HCI_OP_PIN_CODE_REPLY:
2572 hci_cc_pin_code_reply(hdev, skb);
2573 break;
2574
2575 case HCI_OP_PIN_CODE_NEG_REPLY:
2576 hci_cc_pin_code_neg_reply(hdev, skb);
2577 break;
2578
c35938b2
SJ		 2579 case HCI_OP_READ_LOCAL_OOB_DATA:
2580 hci_cc_read_local_oob_data_reply(hdev, skb);
2581 break;
2582
6ed58ec5
VT		 2583 case HCI_OP_LE_READ_BUFFER_SIZE:
2584 hci_cc_le_read_buffer_size(hdev, skb);
2585 break;
2586
8fa19098
JH		 2587 case HCI_OP_LE_READ_ADV_TX_POWER:
2588 hci_cc_le_read_adv_tx_power(hdev, skb);
2589 break;
2590
e36b04c8
JH		 2591 case HCI_OP_LE_SET_EVENT_MASK:
2592 hci_cc_le_set_event_mask(hdev, skb);
2593 break;
2594
a5c29683
JH		 2595 case HCI_OP_USER_CONFIRM_REPLY:
2596 hci_cc_user_confirm_reply(hdev, skb);
2597 break;
2598
2599 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2600 hci_cc_user_confirm_neg_reply(hdev, skb);
2601 break;
2602
1143d458
BG		 2603 case HCI_OP_USER_PASSKEY_REPLY:
2604 hci_cc_user_passkey_reply(hdev, skb);
2605 break;
2606
2607 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2608 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2609 break;
07f7fa5d
AG		 2610
2611 case HCI_OP_LE_SET_SCAN_PARAM:
2612 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2613 break;
2614
c1d5dc4a
JH		 2615 case HCI_OP_LE_SET_ADV_ENABLE:
2616 hci_cc_le_set_adv_enable(hdev, skb);
2617 break;
2618
eb9d91f5
AG		 2619 case HCI_OP_LE_SET_SCAN_ENABLE:
2620 hci_cc_le_set_scan_enable(hdev, skb);
2621 break;
2622
a7a595f6
VCG		 2623 case HCI_OP_LE_LTK_REPLY:
2624 hci_cc_le_ltk_reply(hdev, skb);
2625 break;
2626
2627 case HCI_OP_LE_LTK_NEG_REPLY:
2628 hci_cc_le_ltk_neg_reply(hdev, skb);
2629 break;
2630
f9b49306
AG		 2631 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2632 hci_cc_write_le_host_supported(hdev, skb);
2633 break;
2634
93c284ee
AE		 2635 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2636 hci_cc_write_remote_amp_assoc(hdev, skb);
2637 break;
2638
a9de9248 2639 default:
9f1db00c 2640 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2641 break;
2642 }
2643
6bd32326
VT		 2644 if (ev->opcode != HCI_OP_NOP)
2645 del_timer(&hdev->cmd_timer);
2646
a9de9248
MH		 2647 if (ev->ncmd) {
2648 atomic_set(&hdev->cmd_cnt, 1);
2649 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2650 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2651 }
2652}
2653
6039aa73 2654static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2655{
2656 struct hci_ev_cmd_status *ev = (void *) skb->data;
2657 __u16 opcode;
2658
2659 skb_pull(skb, sizeof(*ev));
2660
2661 opcode = __le16_to_cpu(ev->opcode);
2662
2663 switch (opcode) {
2664 case HCI_OP_INQUIRY:
2665 hci_cs_inquiry(hdev, ev->status);
2666 break;
2667
2668 case HCI_OP_CREATE_CONN:
2669 hci_cs_create_conn(hdev, ev->status);
2670 break;
2671
2672 case HCI_OP_ADD_SCO:
2673 hci_cs_add_sco(hdev, ev->status);
2674 break;
2675
f8558555
MH		 2676 case HCI_OP_AUTH_REQUESTED:
2677 hci_cs_auth_requested(hdev, ev->status);
2678 break;
2679
2680 case HCI_OP_SET_CONN_ENCRYPT:
2681 hci_cs_set_conn_encrypt(hdev, ev->status);
2682 break;
2683
a9de9248
MH		 2684 case HCI_OP_REMOTE_NAME_REQ:
2685 hci_cs_remote_name_req(hdev, ev->status);
2686 break;
2687
769be974
MH		 2688 case HCI_OP_READ_REMOTE_FEATURES:
2689 hci_cs_read_remote_features(hdev, ev->status);
2690 break;
2691
2692 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2693 hci_cs_read_remote_ext_features(hdev, ev->status);
2694 break;
2695
a9de9248
MH		 2696 case HCI_OP_SETUP_SYNC_CONN:
2697 hci_cs_setup_sync_conn(hdev, ev->status);
2698 break;
2699
2700 case HCI_OP_SNIFF_MODE:
2701 hci_cs_sniff_mode(hdev, ev->status);
2702 break;
2703
2704 case HCI_OP_EXIT_SNIFF_MODE:
2705 hci_cs_exit_sniff_mode(hdev, ev->status);
2706 break;
2707
8962ee74 2708 case HCI_OP_DISCONNECT:
88c3df13 2709 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2710 break;
2711
fcd89c09
VT		 2712 case HCI_OP_LE_CREATE_CONN:
2713 hci_cs_le_create_conn(hdev, ev->status);
2714 break;
2715
a7a595f6
VCG		 2716 case HCI_OP_LE_START_ENC:
2717 hci_cs_le_start_enc(hdev, ev->status);
2718 break;
2719
a02226d6
AE		 2720 case HCI_OP_CREATE_PHY_LINK:
2721 hci_cs_create_phylink(hdev, ev->status);
2722 break;
2723
0b26ab9d
AE		 2724 case HCI_OP_ACCEPT_PHY_LINK:
2725 hci_cs_accept_phylink(hdev, ev->status);
2726 break;
2727
5ce66b59
AE		 2728 case HCI_OP_CREATE_LOGICAL_LINK:
2729 hci_cs_create_logical_link(hdev, ev->status);
2730 break;
2731
a9de9248 2732 default:
9f1db00c 2733 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2734 break;
2735 }
2736
6bd32326
VT		 2737 if (ev->opcode != HCI_OP_NOP)
2738 del_timer(&hdev->cmd_timer);
2739
10572132 2740 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2741 atomic_set(&hdev->cmd_cnt, 1);
2742 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2743 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2744 }
2745}
2746
6039aa73 2747static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2748{
2749 struct hci_ev_role_change *ev = (void *) skb->data;
2750 struct hci_conn *conn;
2751
9f1db00c 2752 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2753
2754 hci_dev_lock(hdev);
2755
2756 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2757 if (conn) {
2758 if (!ev->status) {
2759 if (ev->role)
2760 conn->link_mode &= ~HCI_LM_MASTER;
2761 else
2762 conn->link_mode |= HCI_LM_MASTER;
2763 }
2764
51a8efd7 2765 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2766
2767 hci_role_switch_cfm(conn, ev->status, ev->role);
2768 }
2769
2770 hci_dev_unlock(hdev);
2771}
2772
6039aa73 2773static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2774{
2775 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2776 int i;
2777
32ac5b9b
AE		 2778 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2779 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2780 return;
2781 }
2782
c5993de8 2783 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2784 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2785 BT_DBG("%s bad parameters", hdev->name);
2786 return;
2787 }
2788
c5993de8
AE		 2789 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2790
613a1c0c
AE		 2791 for (i = 0; i < ev->num_hndl; i++) {
2792 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2793 struct hci_conn *conn;
2794 __u16 handle, count;
2795
613a1c0c
AE		 2796 handle = __le16_to_cpu(info->handle);
2797 count = __le16_to_cpu(info->count);
a9de9248
MH		 2798
2799 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2800 if (!conn)
2801 continue;
2802
2803 conn->sent -= count;
2804
2805 switch (conn->type) {
2806 case ACL_LINK:
2807 hdev->acl_cnt += count;
2808 if (hdev->acl_cnt > hdev->acl_pkts)
2809 hdev->acl_cnt = hdev->acl_pkts;
2810 break;
2811
2812 case LE_LINK:
2813 if (hdev->le_pkts) {
2814 hdev->le_cnt += count;
2815 if (hdev->le_cnt > hdev->le_pkts)
2816 hdev->le_cnt = hdev->le_pkts;
2817 } else {
70f23020
AE		 2818 hdev->acl_cnt += count;
2819 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2820 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2821 }
f4280918
AE		 2822 break;
2823
2824 case SCO_LINK:
2825 hdev->sco_cnt += count;
2826 if (hdev->sco_cnt > hdev->sco_pkts)
2827 hdev->sco_cnt = hdev->sco_pkts;
2828 break;
2829
2830 default:
2831 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2832 break;
a9de9248
MH		 2833 }
2834 }
2835
3eff45ea 2836 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2837}
2838
76ef7cf7
AE		 2839static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2840 __u16 handle)
2841{
2842 struct hci_chan *chan;
2843
2844 switch (hdev->dev_type) {
2845 case HCI_BREDR:
2846 return hci_conn_hash_lookup_handle(hdev, handle);
2847 case HCI_AMP:
2848 chan = hci_chan_lookup_handle(hdev, handle);
2849 if (chan)
2850 return chan->conn;
2851 break;
2852 default:
2853 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2854 break;
2855 }
2856
2857 return NULL;
2858}
2859
6039aa73 2860static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2861{
2862 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2863 int i;
2864
2865 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2866 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2867 return;
2868 }
2869
2870 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2871 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2872 BT_DBG("%s bad parameters", hdev->name);
2873 return;
2874 }
2875
2876 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2877 ev->num_hndl);
25e89e99
AE		 2878
2879 for (i = 0; i < ev->num_hndl; i++) {
2880 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2881 struct hci_conn *conn = NULL;
25e89e99
AE		 2882 __u16 handle, block_count;
2883
2884 handle = __le16_to_cpu(info->handle);
2885 block_count = __le16_to_cpu(info->blocks);
2886
76ef7cf7 2887 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2888 if (!conn)
2889 continue;
2890
2891 conn->sent -= block_count;
2892
2893 switch (conn->type) {
2894 case ACL_LINK:
bd1eb66b 2895 case AMP_LINK:
25e89e99
AE		 2896 hdev->block_cnt += block_count;
2897 if (hdev->block_cnt > hdev->num_blocks)
2898 hdev->block_cnt = hdev->num_blocks;
2899 break;
2900
2901 default:
2902 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2903 break;
2904 }
2905 }
2906
2907 queue_work(hdev->workqueue, &hdev->tx_work);
2908}
2909
6039aa73 2910static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2911{
a9de9248 2912 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2913 struct hci_conn *conn;
2914
9f1db00c 2915 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2916
2917 hci_dev_lock(hdev);
2918
2919 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2920 if (conn) {
2921 conn->mode = ev->mode;
2922 conn->interval = __le16_to_cpu(ev->interval);
2923
8fc9ced3
GP		 2924 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2925 &conn->flags)) {
a9de9248 2926 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2927 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2928 else
58a681ef 2929 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2930 }
e73439d8 2931
51a8efd7 2932 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2933 hci_sco_setup(conn, ev->status);
04837f64
MH		 2934 }
2935
2936 hci_dev_unlock(hdev);
2937}
2938
6039aa73 2939static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2940{
052b30b0
MH		 2941 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2942 struct hci_conn *conn;
2943
a9de9248 2944 BT_DBG("%s", hdev->name);
052b30b0
MH		 2945
2946 hci_dev_lock(hdev);
2947
2948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2949 if (!conn)
2950 goto unlock;
2951
2952 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2953 hci_conn_hold(conn);
2954 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2955 hci_conn_put(conn);
2956 }
2957
a8b2d5c2 2958 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2959 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2960 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2961 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2962 u8 secure;
2963
2964 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2965 secure = 1;
2966 else
2967 secure = 0;
2968
744cf19e 2969 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2970 }
980e1a53 2971
b6f98044 2972unlock:
052b30b0 2973 hci_dev_unlock(hdev);
a9de9248
MH		 2974}
2975
6039aa73 2976static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2977{
55ed8ca1
JH		 2978 struct hci_ev_link_key_req *ev = (void *) skb->data;
2979 struct hci_cp_link_key_reply cp;
2980 struct hci_conn *conn;
2981 struct link_key *key;
2982
a9de9248 2983 BT_DBG("%s", hdev->name);
55ed8ca1 2984
a8b2d5c2 2985 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2986 return;
2987
2988 hci_dev_lock(hdev);
2989
2990 key = hci_find_link_key(hdev, &ev->bdaddr);
2991 if (!key) {
6ed93dc6
AE		 2992 BT_DBG("%s link key not found for %pMR", hdev->name,
2993 &ev->bdaddr);
55ed8ca1
JH		 2994 goto not_found;
2995 }
2996
6ed93dc6
AE		 2997 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2998 &ev->bdaddr);
55ed8ca1 2999
a8b2d5c2 3000 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3001 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3002 BT_DBG("%s ignoring debug key", hdev->name);
3003 goto not_found;
3004 }
3005
3006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 3007 if (conn) {
3008 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 3009 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3010 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3011 goto not_found;
3012 }
55ed8ca1 3013
60b83f57 3014 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 3015 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 3016 BT_DBG("%s ignoring key unauthenticated for high security",
3017 hdev->name);
60b83f57
WR		 3018 goto not_found;
3019 }
3020
3021 conn->key_type = key->type;
3022 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3023 }
3024
3025 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3026 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3027
3028 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3029
3030 hci_dev_unlock(hdev);
3031
3032 return;
3033
3034not_found:
3035 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3036 hci_dev_unlock(hdev);
a9de9248
MH		 3037}
3038
6039aa73 3039static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3040{
052b30b0
MH		 3041 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3042 struct hci_conn *conn;
55ed8ca1 3043 u8 pin_len = 0;
052b30b0 3044
a9de9248 3045 BT_DBG("%s", hdev->name);
052b30b0
MH		 3046
3047 hci_dev_lock(hdev);
3048
3049 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3050 if (conn) {
3051 hci_conn_hold(conn);
3052 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3053 pin_len = conn->pin_length;
13d39315
WR		 3054
3055 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3056 conn->key_type = ev->key_type;
3057
052b30b0
MH		 3058 hci_conn_put(conn);
3059 }
3060
a8b2d5c2 3061 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3062 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3063 ev->key_type, pin_len);
55ed8ca1 3064
052b30b0 3065 hci_dev_unlock(hdev);
a9de9248
MH		 3066}
3067
6039aa73 3068static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3069{
a9de9248 3070 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3071 struct hci_conn *conn;
1da177e4 3072
9f1db00c 3073 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3074
3075 hci_dev_lock(hdev);
3076
04837f64 3077 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3078 if (conn && !ev->status) {
3079 struct inquiry_entry *ie;
3080
cc11b9c1
AE		 3081 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3082 if (ie) {
1da177e4
LT		 3083 ie->data.clock_offset = ev->clock_offset;
3084 ie->timestamp = jiffies;
3085 }
3086 }
3087
3088 hci_dev_unlock(hdev);
3089}
3090
6039aa73 3091static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3092{
3093 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3094 struct hci_conn *conn;
3095
9f1db00c 3096 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3097
3098 hci_dev_lock(hdev);
3099
3100 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3101 if (conn && !ev->status)
3102 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3103
3104 hci_dev_unlock(hdev);
3105}
3106
6039aa73 3107static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3108{
a9de9248 3109 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3110 struct inquiry_entry *ie;
3111
3112 BT_DBG("%s", hdev->name);
3113
3114 hci_dev_lock(hdev);
3115
cc11b9c1
AE		 3116 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3117 if (ie) {
85a1e930
MH		 3118 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3119 ie->timestamp = jiffies;
3120 }
3121
3122 hci_dev_unlock(hdev);
3123}
3124
6039aa73
GP		 3125static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3126 struct sk_buff *skb)
a9de9248
MH		 3127{
3128 struct inquiry_data data;
3129 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3130 bool name_known, ssp;
a9de9248
MH		 3131
3132 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3133
3134 if (!num_rsp)
3135 return;
3136
1519cc17
AG		 3137 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3138 return;
3139
a9de9248
MH		 3140 hci_dev_lock(hdev);
3141
3142 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3143 struct inquiry_info_with_rssi_and_pscan_mode *info;
3144 info = (void *) (skb->data + 1);
a9de9248 3145
e17acd40 3146 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3147 bacpy(&data.bdaddr, &info->bdaddr);
3148 data.pscan_rep_mode = info->pscan_rep_mode;
3149 data.pscan_period_mode = info->pscan_period_mode;
3150 data.pscan_mode = info->pscan_mode;
3151 memcpy(data.dev_class, info->dev_class, 3);
3152 data.clock_offset = info->clock_offset;
3153 data.rssi = info->rssi;
41a96212 3154 data.ssp_mode = 0x00;
3175405b
JH		 3155
3156 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3157 false, &ssp);
48264f06 3158 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3159 info->dev_class, info->rssi,
3160 !name_known, ssp, NULL, 0);
a9de9248
MH		 3161 }
3162 } else {
3163 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3164
e17acd40 3165 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3166 bacpy(&data.bdaddr, &info->bdaddr);
3167 data.pscan_rep_mode = info->pscan_rep_mode;
3168 data.pscan_period_mode = info->pscan_period_mode;
3169 data.pscan_mode = 0x00;
3170 memcpy(data.dev_class, info->dev_class, 3);
3171 data.clock_offset = info->clock_offset;
3172 data.rssi = info->rssi;
41a96212 3173 data.ssp_mode = 0x00;
3175405b 3174 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3175 false, &ssp);
48264f06 3176 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3177 info->dev_class, info->rssi,
3178 !name_known, ssp, NULL, 0);
a9de9248
MH		 3179 }
3180 }
3181
3182 hci_dev_unlock(hdev);
3183}
3184
6039aa73
GP		 3185static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3186 struct sk_buff *skb)
a9de9248 3187{
41a96212
MH		 3188 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3189 struct hci_conn *conn;
3190
a9de9248 3191 BT_DBG("%s", hdev->name);
41a96212 3192
41a96212
MH		 3193 hci_dev_lock(hdev);
3194
3195 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3196 if (!conn)
3197 goto unlock;
41a96212 3198
ccd556fe
JH		 3199 if (!ev->status && ev->page == 0x01) {
3200 struct inquiry_entry *ie;
41a96212 3201
cc11b9c1
AE		 3202 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3203 if (ie)
02b7cc62 3204 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3205
02b7cc62 3206 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3207 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3208 }
3209
3210 if (conn->state != BT_CONFIG)
3211 goto unlock;
3212
671267bf 3213 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3214 struct hci_cp_remote_name_req cp;
3215 memset(&cp, 0, sizeof(cp));
3216 bacpy(&cp.bdaddr, &conn->dst);
3217 cp.pscan_rep_mode = 0x02;
3218 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3219 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3220 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3221 conn->dst_type, 0, NULL, 0,
3222 conn->dev_class);
392599b9 3223
127178d2 3224 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3225 conn->state = BT_CONNECTED;
3226 hci_proto_connect_cfm(conn, ev->status);
3227 hci_conn_put(conn);
41a96212
MH		 3228 }
3229
ccd556fe 3230unlock:
41a96212 3231 hci_dev_unlock(hdev);
a9de9248
MH		 3232}
3233
6039aa73
GP		 3234static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3235 struct sk_buff *skb)
a9de9248 3236{
b6a0dc82
MH		 3237 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3238 struct hci_conn *conn;
3239
9f1db00c 3240 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3241
3242 hci_dev_lock(hdev);
3243
3244 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3245 if (!conn) {
3246 if (ev->link_type == ESCO_LINK)
3247 goto unlock;
3248
3249 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3250 if (!conn)
3251 goto unlock;
3252
3253 conn->type = SCO_LINK;
3254 }
b6a0dc82 3255
732547f9
MH		 3256 switch (ev->status) {
3257 case 0x00:
b6a0dc82
MH		 3258 conn->handle = __le16_to_cpu(ev->handle);
3259 conn->state = BT_CONNECTED;
7d0db0a3 3260
9eba32b8 3261 hci_conn_hold_device(conn);
7d0db0a3 3262 hci_conn_add_sysfs(conn);
732547f9
MH		 3263 break;
3264
705e5711 3265 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3266 case 0x1c: /* SCO interval rejected */
1038a00b 3267 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3268 case 0x1f: /* Unspecified error */
3269 if (conn->out && conn->attempt < 2) {
3270 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3271 (hdev->esco_type & EDR_ESCO_MASK);
3272 hci_setup_sync(conn, conn->link->handle);
3273 goto unlock;
3274 }
3275 /* fall through */
3276
3277 default:
b6a0dc82 3278 conn->state = BT_CLOSED;
732547f9
MH		 3279 break;
3280 }
b6a0dc82
MH		 3281
3282 hci_proto_connect_cfm(conn, ev->status);
3283 if (ev->status)
3284 hci_conn_del(conn);
3285
3286unlock:
3287 hci_dev_unlock(hdev);
a9de9248
MH		 3288}
3289
6039aa73 3290static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3291{
3292 BT_DBG("%s", hdev->name);
3293}
3294
6039aa73 3295static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3296{
a9de9248 3297 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3298
9f1db00c 3299 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3300}
3301
6039aa73
GP		 3302static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3303 struct sk_buff *skb)
1da177e4 3304{
a9de9248
MH		 3305 struct inquiry_data data;
3306 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3307 int num_rsp = *((__u8 *) skb->data);
9d939d94 3308 size_t eir_len;
1da177e4 3309
a9de9248 3310 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3311
a9de9248
MH		 3312 if (!num_rsp)
3313 return;
1da177e4 3314
1519cc17
AG		 3315 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3316 return;
3317
a9de9248
MH		 3318 hci_dev_lock(hdev);
3319
e17acd40 3320 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3321 bool name_known, ssp;
561aafbc 3322
a9de9248 3323 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3324 data.pscan_rep_mode = info->pscan_rep_mode;
3325 data.pscan_period_mode = info->pscan_period_mode;
3326 data.pscan_mode = 0x00;
a9de9248 3327 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3328 data.clock_offset = info->clock_offset;
3329 data.rssi = info->rssi;
41a96212 3330 data.ssp_mode = 0x01;
561aafbc 3331
a8b2d5c2 3332 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3333 name_known = eir_has_data_type(info->data,
04124681
GP		 3334 sizeof(info->data),
3335 EIR_NAME_COMPLETE);
561aafbc
JH		 3336 else
3337 name_known = true;
3338
388fc8fa 3339 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3340 &ssp);
9d939d94 3341 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3342 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3343 info->dev_class, info->rssi, !name_known,
9d939d94 3344 ssp, info->data, eir_len);
a9de9248
MH		 3345 }
3346
3347 hci_dev_unlock(hdev);
3348}
1da177e4 3349
1c2e0041
JH		 3350static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3351 struct sk_buff *skb)
3352{
3353 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3354 struct hci_conn *conn;
3355
9f1db00c 3356 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3357 __le16_to_cpu(ev->handle));
3358
3359 hci_dev_lock(hdev);
3360
3361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3362 if (!conn)
3363 goto unlock;
3364
3365 if (!ev->status)
3366 conn->sec_level = conn->pending_sec_level;
3367
3368 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3369
3370 if (ev->status && conn->state == BT_CONNECTED) {
3371 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3372 hci_conn_put(conn);
3373 goto unlock;
3374 }
3375
3376 if (conn->state == BT_CONFIG) {
3377 if (!ev->status)
3378 conn->state = BT_CONNECTED;
3379
3380 hci_proto_connect_cfm(conn, ev->status);
3381 hci_conn_put(conn);
3382 } else {
3383 hci_auth_cfm(conn, ev->status);
3384
3385 hci_conn_hold(conn);
3386 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3387 hci_conn_put(conn);
3388 }
3389
3390unlock:
3391 hci_dev_unlock(hdev);
3392}
3393
6039aa73 3394static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3395{
3396 /* If remote requests dedicated bonding follow that lead */
3397 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3398 /* If both remote and local IO capabilities allow MITM
3399 * protection then require it, otherwise don't */
3400 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3401 return 0x02;
3402 else
3403 return 0x03;
3404 }
3405
3406 /* If remote requests no-bonding follow that lead */
3407 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3408 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3409
3410 return conn->auth_type;
3411}
3412
6039aa73 3413static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3414{
3415 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3416 struct hci_conn *conn;
3417
3418 BT_DBG("%s", hdev->name);
3419
3420 hci_dev_lock(hdev);
3421
3422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3423 if (!conn)
3424 goto unlock;
3425
3426 hci_conn_hold(conn);
3427
a8b2d5c2 3428 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3429 goto unlock;
3430
a8b2d5c2 3431 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3432 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3433 struct hci_cp_io_capability_reply cp;
3434
3435 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3436 /* Change the IO capability from KeyboardDisplay
3437 * to DisplayYesNo as it is not supported by BT spec. */
3438 cp.capability = (conn->io_capability == 0x04) ?
3439 0x01 : conn->io_capability;
7cbc9bd9
JH		 3440 conn->auth_type = hci_get_auth_req(conn);
3441 cp.authentication = conn->auth_type;
17fa4b9d 3442
8fc9ced3
GP		 3443 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3444 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3445 cp.oob_data = 0x01;
3446 else
3447 cp.oob_data = 0x00;
3448
17fa4b9d 3449 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3450 sizeof(cp), &cp);
03b555e1
JH		 3451 } else {
3452 struct hci_cp_io_capability_neg_reply cp;
3453
3454 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3455 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3456
03b555e1 3457 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3458 sizeof(cp), &cp);
03b555e1
JH		 3459 }
3460
3461unlock:
3462 hci_dev_unlock(hdev);
3463}
3464
6039aa73 3465static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3466{
3467 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3468 struct hci_conn *conn;
3469
3470 BT_DBG("%s", hdev->name);
3471
3472 hci_dev_lock(hdev);
3473
3474 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3475 if (!conn)
3476 goto unlock;
3477
03b555e1 3478 conn->remote_cap = ev->capability;
03b555e1 3479 conn->remote_auth = ev->authentication;
58a681ef
JH		 3480 if (ev->oob_data)
3481 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3482
3483unlock:
0493684e
MH		 3484 hci_dev_unlock(hdev);
3485}
3486
6039aa73
GP		 3487static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3488 struct sk_buff *skb)
a5c29683
JH		 3489{
3490 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3491 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3492 struct hci_conn *conn;
a5c29683
JH		 3493
3494 BT_DBG("%s", hdev->name);
3495
3496 hci_dev_lock(hdev);
3497
a8b2d5c2 3498 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3499 goto unlock;
a5c29683 3500
7a828908
JH		 3501 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3502 if (!conn)
3503 goto unlock;
3504
3505 loc_mitm = (conn->auth_type & 0x01);
3506 rem_mitm = (conn->remote_auth & 0x01);
3507
3508 /* If we require MITM but the remote device can't provide that
3509 * (it has NoInputNoOutput) then reject the confirmation
3510 * request. The only exception is when we're dedicated bonding
3511 * initiators (connect_cfm_cb set) since then we always have the MITM
3512 * bit set. */
3513 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3514 BT_DBG("Rejecting request: remote device can't provide MITM");
3515 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3516 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3517 goto unlock;
3518 }
3519
3520 /* If no side requires MITM protection; auto-accept */
3521 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3522 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3523
3524 /* If we're not the initiators request authorization to
3525 * proceed from user space (mgmt_user_confirm with
3526 * confirm_hint set to 1). */
51a8efd7 3527 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3528 BT_DBG("Confirming auto-accept as acceptor");
3529 confirm_hint = 1;
3530 goto confirm;
3531 }
3532
9f61656a 3533 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3534 hdev->auto_accept_delay);
9f61656a
JH		 3535
3536 if (hdev->auto_accept_delay > 0) {
3537 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3538 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3539 goto unlock;
3540 }
3541
7a828908 3542 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3543 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3544 goto unlock;
3545 }
3546
55bc1a37 3547confirm:
272d90df 3548 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3549 confirm_hint);
7a828908
JH		 3550
3551unlock:
a5c29683
JH		 3552 hci_dev_unlock(hdev);
3553}
3554
6039aa73
GP		 3555static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3556 struct sk_buff *skb)
1143d458
BG		 3557{
3558 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3559
3560 BT_DBG("%s", hdev->name);
3561
a8b2d5c2 3562 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3563 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3564}
3565
92a25256
JH		 3566static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3567 struct sk_buff *skb)
3568{
3569 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3570 struct hci_conn *conn;
3571
3572 BT_DBG("%s", hdev->name);
3573
3574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3575 if (!conn)
3576 return;
3577
3578 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3579 conn->passkey_entered = 0;
3580
3581 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3582 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3583 conn->dst_type, conn->passkey_notify,
3584 conn->passkey_entered);
3585}
3586
3587static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3588{
3589 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3590 struct hci_conn *conn;
3591
3592 BT_DBG("%s", hdev->name);
3593
3594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3595 if (!conn)
3596 return;
3597
3598 switch (ev->type) {
3599 case HCI_KEYPRESS_STARTED:
3600 conn->passkey_entered = 0;
3601 return;
3602
3603 case HCI_KEYPRESS_ENTERED:
3604 conn->passkey_entered++;
3605 break;
3606
3607 case HCI_KEYPRESS_ERASED:
3608 conn->passkey_entered--;
3609 break;
3610
3611 case HCI_KEYPRESS_CLEARED:
3612 conn->passkey_entered = 0;
3613 break;
3614
3615 case HCI_KEYPRESS_COMPLETED:
3616 return;
3617 }
3618
3619 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3620 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3621 conn->dst_type, conn->passkey_notify,
3622 conn->passkey_entered);
3623}
3624
6039aa73
GP		 3625static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3626 struct sk_buff *skb)
0493684e
MH		 3627{
3628 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3629 struct hci_conn *conn;
3630
3631 BT_DBG("%s", hdev->name);
3632
3633 hci_dev_lock(hdev);
3634
3635 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3636 if (!conn)
3637 goto unlock;
3638
3639 /* To avoid duplicate auth_failed events to user space we check
3640 * the HCI_CONN_AUTH_PEND flag which will be set if we
3641 * initiated the authentication. A traditional auth_complete
3642 * event gets always produced as initiator and is also mapped to
3643 * the mgmt_auth_failed event */
fa1bd918 3644 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3645 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3646 ev->status);
0493684e 3647
2a611692
JH		 3648 hci_conn_put(conn);
3649
3650unlock:
0493684e
MH		 3651 hci_dev_unlock(hdev);
3652}
3653
6039aa73
GP		 3654static void hci_remote_host_features_evt(struct hci_dev *hdev,
3655 struct sk_buff *skb)
41a96212
MH		 3656{
3657 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3658 struct inquiry_entry *ie;
3659
3660 BT_DBG("%s", hdev->name);
3661
3662 hci_dev_lock(hdev);
3663
cc11b9c1
AE		 3664 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3665 if (ie)
02b7cc62 3666 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3667
3668 hci_dev_unlock(hdev);
3669}
3670
6039aa73
GP		 3671static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3672 struct sk_buff *skb)
2763eda6
SJ		 3673{
3674 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3675 struct oob_data *data;
3676
3677 BT_DBG("%s", hdev->name);
3678
3679 hci_dev_lock(hdev);
3680
a8b2d5c2 3681 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3682 goto unlock;
3683
2763eda6
SJ		 3684 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3685 if (data) {
3686 struct hci_cp_remote_oob_data_reply cp;
3687
3688 bacpy(&cp.bdaddr, &ev->bdaddr);
3689 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3690 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3691
3692 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3693 &cp);
2763eda6
SJ		 3694 } else {
3695 struct hci_cp_remote_oob_data_neg_reply cp;
3696
3697 bacpy(&cp.bdaddr, &ev->bdaddr);
3698 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3699 &cp);
2763eda6
SJ		 3700 }
3701
e1ba1f15 3702unlock:
2763eda6
SJ		 3703 hci_dev_unlock(hdev);
3704}
3705
d5e91192
AE		 3706static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3707 struct sk_buff *skb)
3708{
3709 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3710 struct hci_conn *hcon, *bredr_hcon;
3711
3712 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3713 ev->status);
3714
3715 hci_dev_lock(hdev);
3716
3717 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3718 if (!hcon) {
3719 hci_dev_unlock(hdev);
3720 return;
3721 }
3722
3723 if (ev->status) {
3724 hci_conn_del(hcon);
3725 hci_dev_unlock(hdev);
3726 return;
3727 }
3728
3729 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3730
3731 hcon->state = BT_CONNECTED;
3732 bacpy(&hcon->dst, &bredr_hcon->dst);
3733
3734 hci_conn_hold(hcon);
3735 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3736 hci_conn_put(hcon);
3737
3738 hci_conn_hold_device(hcon);
3739 hci_conn_add_sysfs(hcon);
3740
cf70ff22 3741 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3742
cf70ff22 3743 hci_dev_unlock(hdev);
d5e91192
AE		 3744}
3745
27695fb4
AE		 3746static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3747{
3748 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3749 struct hci_conn *hcon;
3750 struct hci_chan *hchan;
3751 struct amp_mgr *mgr;
3752
3753 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3754 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3755 ev->status);
3756
3757 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3758 if (!hcon)
3759 return;
3760
3761 /* Create AMP hchan */
3762 hchan = hci_chan_create(hcon);
3763 if (!hchan)
3764 return;
3765
3766 hchan->handle = le16_to_cpu(ev->handle);
3767
3768 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3769
3770 mgr = hcon->amp_mgr;
3771 if (mgr && mgr->bredr_chan) {
3772 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3773
3774 l2cap_chan_lock(bredr_chan);
3775
3776 bredr_chan->conn->mtu = hdev->block_mtu;
3777 l2cap_logical_cfm(bredr_chan, hchan, 0);
3778 hci_conn_hold(hcon);
3779
3780 l2cap_chan_unlock(bredr_chan);
3781 }
3782}
3783
606e2a10
AE		 3784static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3785 struct sk_buff *skb)
3786{
3787 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3788 struct hci_chan *hchan;
3789
3790 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3791 le16_to_cpu(ev->handle), ev->status);
3792
3793 if (ev->status)
3794 return;
3795
3796 hci_dev_lock(hdev);
3797
3798 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3799 if (!hchan)
3800 goto unlock;
3801
3802 amp_destroy_logical_link(hchan, ev->reason);
3803
3804unlock:
3805 hci_dev_unlock(hdev);
3806}
3807
9eef6b3a
AE		 3808static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3809 struct sk_buff *skb)
3810{
3811 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3812 struct hci_conn *hcon;
3813
3814 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3815
3816 if (ev->status)
3817 return;
3818
3819 hci_dev_lock(hdev);
3820
3821 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3822 if (hcon) {
3823 hcon->state = BT_CLOSED;
3824 hci_conn_del(hcon);
3825 }
3826
3827 hci_dev_unlock(hdev);
3828}
3829
6039aa73 3830static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3831{
3832 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3833 struct hci_conn *conn;
3834
9f1db00c 3835 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3836
3837 hci_dev_lock(hdev);
3838
b47a09b3 3839 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3840 if (!conn) {
3841 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3842 if (!conn) {
3843 BT_ERR("No memory for new connection");
230fd16a 3844 goto unlock;
b62f328b 3845 }
29b7988a
AG		 3846
3847 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3848
3849 if (ev->role == LE_CONN_ROLE_MASTER) {
3850 conn->out = true;
3851 conn->link_mode |= HCI_LM_MASTER;
3852 }
b62f328b 3853 }
fcd89c09 3854
cd17decb
AG		 3855 if (ev->status) {
3856 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3857 conn->dst_type, ev->status);
3858 hci_proto_connect_cfm(conn, ev->status);
3859 conn->state = BT_CLOSED;
3860 hci_conn_del(conn);
3861 goto unlock;
3862 }
3863
b644ba33
JH		 3864 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3865 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3866 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3867
7b5c0d52 3868 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3869 conn->handle = __le16_to_cpu(ev->handle);
3870 conn->state = BT_CONNECTED;
3871
3872 hci_conn_hold_device(conn);
3873 hci_conn_add_sysfs(conn);
3874
3875 hci_proto_connect_cfm(conn, ev->status);
3876
3877unlock:
3878 hci_dev_unlock(hdev);
3879}
3880
6039aa73 3881static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3882{
e95beb41
AG		 3883 u8 num_reports = skb->data[0];
3884 void *ptr = &skb->data[1];
3c9e9195 3885 s8 rssi;
9aa04c91
AG		 3886
3887 hci_dev_lock(hdev);
3888
e95beb41
AG		 3889 while (num_reports--) {
3890 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3891
3c9e9195
AG		 3892 rssi = ev->data[ev->length];
3893 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3894 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3895
e95beb41 3896 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3897 }
3898
3899 hci_dev_unlock(hdev);
3900}
3901
6039aa73 3902static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3903{
3904 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3905 struct hci_cp_le_ltk_reply cp;
bea710fe 3906 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3907 struct hci_conn *conn;
c9839a11 3908 struct smp_ltk *ltk;
a7a595f6 3909
9f1db00c 3910 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3911
3912 hci_dev_lock(hdev);
3913
3914 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3915 if (conn == NULL)
3916 goto not_found;
a7a595f6 3917
bea710fe
VCG		 3918 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3919 if (ltk == NULL)
3920 goto not_found;
3921
3922 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3923 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3924
3925 if (ltk->authenticated)
3926 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3927
3928 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3929
c9839a11
VCG		 3930 if (ltk->type & HCI_SMP_STK) {
3931 list_del(&ltk->list);
3932 kfree(ltk);
3933 }
3934
a7a595f6 3935 hci_dev_unlock(hdev);
bea710fe
VCG		 3936
3937 return;
3938
3939not_found:
3940 neg.handle = ev->handle;
3941 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3942 hci_dev_unlock(hdev);
a7a595f6
VCG		 3943}
3944
6039aa73 3945static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3946{
3947 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3948
3949 skb_pull(skb, sizeof(*le_ev));
3950
3951 switch (le_ev->subevent) {
3952 case HCI_EV_LE_CONN_COMPLETE:
3953 hci_le_conn_complete_evt(hdev, skb);
3954 break;
3955
9aa04c91
AG		 3956 case HCI_EV_LE_ADVERTISING_REPORT:
3957 hci_le_adv_report_evt(hdev, skb);
3958 break;
3959
a7a595f6
VCG		 3960 case HCI_EV_LE_LTK_REQ:
3961 hci_le_ltk_request_evt(hdev, skb);
3962 break;
3963
fcd89c09
VT		 3964 default:
3965 break;
3966 }
3967}
3968
9495b2ee
AE		 3969static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3970{
3971 struct hci_ev_channel_selected *ev = (void *) skb->data;
3972 struct hci_conn *hcon;
3973
3974 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3975
3976 skb_pull(skb, sizeof(*ev));
3977
3978 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3979 if (!hcon)
3980 return;
3981
3982 amp_read_loc_assoc_final_data(hdev, hcon);
3983}
3984
a9de9248
MH		 3985void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3986{
3987 struct hci_event_hdr *hdr = (void *) skb->data;
3988 __u8 event = hdr->evt;
3989
3990 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3991
3992 switch (event) {
1da177e4
LT		 3993 case HCI_EV_INQUIRY_COMPLETE:
3994 hci_inquiry_complete_evt(hdev, skb);
3995 break;
3996
3997 case HCI_EV_INQUIRY_RESULT:
3998 hci_inquiry_result_evt(hdev, skb);
3999 break;
4000
a9de9248
MH		 4001 case HCI_EV_CONN_COMPLETE:
4002 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4003 break;
4004
1da177e4
LT		 4005 case HCI_EV_CONN_REQUEST:
4006 hci_conn_request_evt(hdev, skb);
4007 break;
4008
1da177e4
LT		 4009 case HCI_EV_DISCONN_COMPLETE:
4010 hci_disconn_complete_evt(hdev, skb);
4011 break;
4012
1da177e4
LT		 4013 case HCI_EV_AUTH_COMPLETE:
4014 hci_auth_complete_evt(hdev, skb);
4015 break;
4016
a9de9248
MH		 4017 case HCI_EV_REMOTE_NAME:
4018 hci_remote_name_evt(hdev, skb);
4019 break;
4020
1da177e4
LT		 4021 case HCI_EV_ENCRYPT_CHANGE:
4022 hci_encrypt_change_evt(hdev, skb);
4023 break;
4024
a9de9248
MH		 4025 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4026 hci_change_link_key_complete_evt(hdev, skb);
4027 break;
4028
4029 case HCI_EV_REMOTE_FEATURES:
4030 hci_remote_features_evt(hdev, skb);
4031 break;
4032
4033 case HCI_EV_REMOTE_VERSION:
4034 hci_remote_version_evt(hdev, skb);
4035 break;
4036
4037 case HCI_EV_QOS_SETUP_COMPLETE:
4038 hci_qos_setup_complete_evt(hdev, skb);
4039 break;
4040
4041 case HCI_EV_CMD_COMPLETE:
4042 hci_cmd_complete_evt(hdev, skb);
4043 break;
4044
4045 case HCI_EV_CMD_STATUS:
4046 hci_cmd_status_evt(hdev, skb);
4047 break;
4048
4049 case HCI_EV_ROLE_CHANGE:
4050 hci_role_change_evt(hdev, skb);
4051 break;
4052
4053 case HCI_EV_NUM_COMP_PKTS:
4054 hci_num_comp_pkts_evt(hdev, skb);
4055 break;
4056
4057 case HCI_EV_MODE_CHANGE:
4058 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4059 break;
4060
4061 case HCI_EV_PIN_CODE_REQ:
4062 hci_pin_code_request_evt(hdev, skb);
4063 break;
4064
4065 case HCI_EV_LINK_KEY_REQ:
4066 hci_link_key_request_evt(hdev, skb);
4067 break;
4068
4069 case HCI_EV_LINK_KEY_NOTIFY:
4070 hci_link_key_notify_evt(hdev, skb);
4071 break;
4072
4073 case HCI_EV_CLOCK_OFFSET:
4074 hci_clock_offset_evt(hdev, skb);
4075 break;
4076
a8746417
MH		 4077 case HCI_EV_PKT_TYPE_CHANGE:
4078 hci_pkt_type_change_evt(hdev, skb);
4079 break;
4080
85a1e930
MH		 4081 case HCI_EV_PSCAN_REP_MODE:
4082 hci_pscan_rep_mode_evt(hdev, skb);
4083 break;
4084
a9de9248
MH		 4085 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4086 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4087 break;
4088
a9de9248
MH		 4089 case HCI_EV_REMOTE_EXT_FEATURES:
4090 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4091 break;
4092
a9de9248
MH		 4093 case HCI_EV_SYNC_CONN_COMPLETE:
4094 hci_sync_conn_complete_evt(hdev, skb);
4095 break;
1da177e4 4096
a9de9248
MH		 4097 case HCI_EV_SYNC_CONN_CHANGED:
4098 hci_sync_conn_changed_evt(hdev, skb);
4099 break;
1da177e4 4100
a9de9248
MH		 4101 case HCI_EV_SNIFF_SUBRATE:
4102 hci_sniff_subrate_evt(hdev, skb);
4103 break;
1da177e4 4104
a9de9248
MH		 4105 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4106 hci_extended_inquiry_result_evt(hdev, skb);
4107 break;
1da177e4 4108
1c2e0041
JH		 4109 case HCI_EV_KEY_REFRESH_COMPLETE:
4110 hci_key_refresh_complete_evt(hdev, skb);
4111 break;
4112
0493684e
MH		 4113 case HCI_EV_IO_CAPA_REQUEST:
4114 hci_io_capa_request_evt(hdev, skb);
4115 break;
4116
03b555e1
JH		 4117 case HCI_EV_IO_CAPA_REPLY:
4118 hci_io_capa_reply_evt(hdev, skb);
4119 break;
4120
a5c29683
JH		 4121 case HCI_EV_USER_CONFIRM_REQUEST:
4122 hci_user_confirm_request_evt(hdev, skb);
4123 break;
4124
1143d458
BG		 4125 case HCI_EV_USER_PASSKEY_REQUEST:
4126 hci_user_passkey_request_evt(hdev, skb);
4127 break;
4128
92a25256
JH		 4129 case HCI_EV_USER_PASSKEY_NOTIFY:
4130 hci_user_passkey_notify_evt(hdev, skb);
4131 break;
4132
4133 case HCI_EV_KEYPRESS_NOTIFY:
4134 hci_keypress_notify_evt(hdev, skb);
4135 break;
4136
0493684e
MH		 4137 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4138 hci_simple_pair_complete_evt(hdev, skb);
4139 break;
4140
41a96212
MH		 4141 case HCI_EV_REMOTE_HOST_FEATURES:
4142 hci_remote_host_features_evt(hdev, skb);
4143 break;
4144
fcd89c09
VT		 4145 case HCI_EV_LE_META:
4146 hci_le_meta_evt(hdev, skb);
4147 break;
4148
9495b2ee
AE		 4149 case HCI_EV_CHANNEL_SELECTED:
4150 hci_chan_selected_evt(hdev, skb);
4151 break;
4152
2763eda6
SJ		 4153 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4154 hci_remote_oob_data_request_evt(hdev, skb);
4155 break;
4156
d5e91192
AE		 4157 case HCI_EV_PHY_LINK_COMPLETE:
4158 hci_phy_link_complete_evt(hdev, skb);
4159 break;
4160
27695fb4
AE		 4161 case HCI_EV_LOGICAL_LINK_COMPLETE:
4162 hci_loglink_complete_evt(hdev, skb);
4163 break;
4164
606e2a10
AE		 4165 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4166 hci_disconn_loglink_complete_evt(hdev, skb);
4167 break;
4168
9eef6b3a
AE		 4169 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4170 hci_disconn_phylink_complete_evt(hdev, skb);
4171 break;
4172
25e89e99
AE		 4173 case HCI_EV_NUM_COMP_BLOCKS:
4174 hci_num_comp_blocks_evt(hdev, skb);
4175 break;
4176
a9de9248 4177 default:
9f1db00c 4178 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4179 break;
4180 }
4181
4182 kfree_skb(skb);
4183 hdev->stat.evt_rx++;
4184}
kernel source for telekom puls (alcatel/mediatek)