projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move command task to workqueue
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
3c54711c 381 if (hdev->notify)
a9de9248 382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 383}
384
385static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
386{
387 __u8 status = *((__u8 *) skb->data);
f383f275 388 __u16 setting;
a9de9248
MH		 389 void *sent;
390
391 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 392
f383f275
MH		 393 if (status)
394 return;
395
a9de9248
MH		 396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
397 if (!sent)
398 return;
1da177e4 399
f383f275 400 setting = get_unaligned_le16(sent);
1da177e4 401
f383f275
MH		 402 if (hdev->voice_setting == setting)
403 return;
404
405 hdev->voice_setting = setting;
1da177e4 406
f383f275 407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 408
3c54711c 409 if (hdev->notify)
f383f275 410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 411}
412
a9de9248 413static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 414{
a9de9248 415 __u8 status = *((__u8 *) skb->data);
1da177e4 416
a9de9248 417 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 418
23bb5763 419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 420}
1143e5a6 421
333140b5
MH		 422static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423{
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->ssp_mode = rp->mode;
432}
433
434static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
435{
436 __u8 status = *((__u8 *) skb->data);
437 void *sent;
438
439 BT_DBG("%s status 0x%x", hdev->name, status);
440
441 if (status)
442 return;
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
448 hdev->ssp_mode = *((__u8 *) sent);
449}
450
d5859e22
JH		 451static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
452{
453 if (hdev->features[6] & LMP_EXT_INQ)
454 return 2;
455
456 if (hdev->features[3] & LMP_RSSI_INQ)
457 return 1;
458
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
461 return 1;
462
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
465 return 1;
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
469 return 1;
470 }
471
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
474 return 1;
475
476 return 0;
477}
478
479static void hci_setup_inquiry_mode(struct hci_dev *hdev)
480{
481 u8 mode;
482
483 mode = hci_get_inquiry_mode(hdev);
484
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
486}
487
488static void hci_setup_event_mask(struct hci_dev *hdev)
489{
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
494
6de6c18d
VT		 495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
5a13b095 497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 498 return;
499
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 505
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
508
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
511
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
514
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
517
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
520
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
535 }
536
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
539
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
541}
542
e6100a25
AG		 543static void hci_set_le_support(struct hci_dev *hdev)
544{
545 struct hci_cp_write_le_host_supported cp;
546
547 memset(&cp, 0, sizeof(cp));
548
549 if (enable_le) {
550 cp.le = 1;
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
552 }
553
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
555}
556
d5859e22
JH		 557static void hci_setup(struct hci_dev *hdev)
558{
559 hci_setup_event_mask(hdev);
560
d095c1eb 561 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 562 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
563
564 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
565 u8 mode = 0x01;
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
567 }
568
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
571
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 574
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
577
578 cp.page = 0x01;
579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
580 sizeof(cp), &cp);
581 }
e6100a25
AG		 582
583 if (hdev->features[4] & LMP_LE)
584 hci_set_le_support(hdev);
d5859e22
JH		 585}
586
a9de9248
MH		 587static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
588{
589 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 590
a9de9248 591 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 592
a9de9248
MH		 593 if (rp->status)
594 return;
1143e5a6 595
a9de9248 596 hdev->hci_ver = rp->hci_ver;
e4e8e37c 597 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 598 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 599 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 600 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 601
a9de9248
MH		 602 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
603 hdev->manufacturer,
604 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 605
606 if (test_bit(HCI_INIT, &hdev->flags))
607 hci_setup(hdev);
608}
609
610static void hci_setup_link_policy(struct hci_dev *hdev)
611{
612 u16 link_policy = 0;
613
614 if (hdev->features[0] & LMP_RSWITCH)
615 link_policy |= HCI_LP_RSWITCH;
616 if (hdev->features[0] & LMP_HOLD)
617 link_policy |= HCI_LP_HOLD;
618 if (hdev->features[0] & LMP_SNIFF)
619 link_policy |= HCI_LP_SNIFF;
620 if (hdev->features[1] & LMP_PARK)
621 link_policy |= HCI_LP_PARK;
622
623 link_policy = cpu_to_le16(link_policy);
624 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
625 sizeof(link_policy), &link_policy);
a9de9248 626}
1da177e4 627
a9de9248
MH		 628static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
629{
630 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 631
a9de9248 632 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 633
a9de9248 634 if (rp->status)
d5859e22 635 goto done;
1da177e4 636
a9de9248 637 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 638
639 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
640 hci_setup_link_policy(hdev);
641
642done:
643 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 644}
1da177e4 645
a9de9248
MH		 646static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
647{
648 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 649
a9de9248 650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 651
a9de9248
MH		 652 if (rp->status)
653 return;
5b7f9909 654
a9de9248 655 memcpy(hdev->features, rp->features, 8);
5b7f9909 656
a9de9248
MH		 657 /* Adjust default settings according to features
658 * supported by device. */
1da177e4 659
a9de9248
MH		 660 if (hdev->features[0] & LMP_3SLOT)
661 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 662
a9de9248
MH		 663 if (hdev->features[0] & LMP_5SLOT)
664 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 665
a9de9248
MH		 666 if (hdev->features[1] & LMP_HV2) {
667 hdev->pkt_type |= (HCI_HV2);
668 hdev->esco_type |= (ESCO_HV2);
669 }
1da177e4 670
a9de9248
MH		 671 if (hdev->features[1] & LMP_HV3) {
672 hdev->pkt_type |= (HCI_HV3);
673 hdev->esco_type |= (ESCO_HV3);
674 }
1da177e4 675
a9de9248
MH		 676 if (hdev->features[3] & LMP_ESCO)
677 hdev->esco_type |= (ESCO_EV3);
da1f5198 678
a9de9248
MH		 679 if (hdev->features[4] & LMP_EV4)
680 hdev->esco_type |= (ESCO_EV4);
da1f5198 681
a9de9248
MH		 682 if (hdev->features[4] & LMP_EV5)
683 hdev->esco_type |= (ESCO_EV5);
1da177e4 684
efc7688b
MH		 685 if (hdev->features[5] & LMP_EDR_ESCO_2M)
686 hdev->esco_type |= (ESCO_2EV3);
687
688 if (hdev->features[5] & LMP_EDR_ESCO_3M)
689 hdev->esco_type |= (ESCO_3EV3);
690
691 if (hdev->features[5] & LMP_EDR_3S_ESCO)
692 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
693
a9de9248
MH		 694 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
695 hdev->features[0], hdev->features[1],
696 hdev->features[2], hdev->features[3],
697 hdev->features[4], hdev->features[5],
698 hdev->features[6], hdev->features[7]);
699}
1da177e4 700
971e3a4b
AG		 701static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
702 struct sk_buff *skb)
703{
704 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
705
706 BT_DBG("%s status 0x%x", hdev->name, rp->status);
707
708 if (rp->status)
709 return;
710
711 memcpy(hdev->extfeatures, rp->features, 8);
712
713 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
714}
715
1e89cffb
AE		 716static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
717 struct sk_buff *skb)
718{
719 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
720
721 BT_DBG("%s status 0x%x", hdev->name, rp->status);
722
723 if (rp->status)
724 return;
725
726 hdev->flow_ctl_mode = rp->mode;
727
728 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
729}
730
a9de9248
MH		 731static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
732{
733 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 734
a9de9248 735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 736
a9de9248
MH		 737 if (rp->status)
738 return;
1da177e4 739
a9de9248
MH		 740 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
741 hdev->sco_mtu = rp->sco_mtu;
742 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
743 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
744
745 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
746 hdev->sco_mtu = 64;
747 hdev->sco_pkts = 8;
1da177e4 748 }
a9de9248
MH		 749
750 hdev->acl_cnt = hdev->acl_pkts;
751 hdev->sco_cnt = hdev->sco_pkts;
752
753 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
754 hdev->acl_mtu, hdev->acl_pkts,
755 hdev->sco_mtu, hdev->sco_pkts);
756}
757
758static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
759{
760 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
761
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
763
764 if (!rp->status)
765 bacpy(&hdev->bdaddr, &rp->bdaddr);
766
23bb5763
JH		 767 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
768}
769
770static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
771{
772 __u8 status = *((__u8 *) skb->data);
773
774 BT_DBG("%s status 0x%x", hdev->name, status);
775
776 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 777}
778
928abaa7
AE		 779static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
780 struct sk_buff *skb)
781{
782 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
783
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
785
786 if (rp->status)
787 return;
788
789 hdev->amp_status = rp->amp_status;
790 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
791 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
792 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
793 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
794 hdev->amp_type = rp->amp_type;
795 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
796 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
797 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
798 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
799
800 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
801}
802
b0916ea0
JH		 803static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 __u8 status = *((__u8 *) skb->data);
807
808 BT_DBG("%s status 0x%x", hdev->name, status);
809
810 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
811}
812
d5859e22
JH		 813static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
814{
815 __u8 status = *((__u8 *) skb->data);
816
817 BT_DBG("%s status 0x%x", hdev->name, status);
818
819 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
820}
821
822static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
823 struct sk_buff *skb)
824{
825 __u8 status = *((__u8 *) skb->data);
826
827 BT_DBG("%s status 0x%x", hdev->name, status);
828
829 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
830}
831
832static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
833 struct sk_buff *skb)
834{
835 __u8 status = *((__u8 *) skb->data);
836
837 BT_DBG("%s status 0x%x", hdev->name, status);
838
839 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
840}
841
842static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
843{
844 __u8 status = *((__u8 *) skb->data);
845
846 BT_DBG("%s status 0x%x", hdev->name, status);
847
848 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
849}
850
980e1a53
JH		 851static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
852{
853 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
854 struct hci_cp_pin_code_reply *cp;
855 struct hci_conn *conn;
856
857 BT_DBG("%s status 0x%x", hdev->name, rp->status);
858
56e5cb86
JH		 859 hci_dev_lock(hdev);
860
980e1a53 861 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 862 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 863
864 if (rp->status != 0)
56e5cb86 865 goto unlock;
980e1a53
JH		 866
867 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
868 if (!cp)
56e5cb86 869 goto unlock;
980e1a53
JH		 870
871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
872 if (conn)
873 conn->pin_length = cp->pin_len;
56e5cb86
JH		 874
875unlock:
876 hci_dev_unlock(hdev);
980e1a53
JH		 877}
878
879static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
880{
881 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
882
883 BT_DBG("%s status 0x%x", hdev->name, rp->status);
884
56e5cb86
JH		 885 hci_dev_lock(hdev);
886
980e1a53 887 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 888 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 889 rp->status);
56e5cb86
JH		 890
891 hci_dev_unlock(hdev);
980e1a53 892}
56e5cb86 893
6ed58ec5
VT		 894static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
895 struct sk_buff *skb)
896{
897 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
898
899 BT_DBG("%s status 0x%x", hdev->name, rp->status);
900
901 if (rp->status)
902 return;
903
904 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
905 hdev->le_pkts = rp->le_max_pkt;
906
907 hdev->le_cnt = hdev->le_pkts;
908
909 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
910
911 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
912}
980e1a53 913
a5c29683
JH		 914static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
915{
916 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
917
918 BT_DBG("%s status 0x%x", hdev->name, rp->status);
919
56e5cb86
JH		 920 hci_dev_lock(hdev);
921
a5c29683 922 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 923 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 924 rp->status);
56e5cb86
JH		 925
926 hci_dev_unlock(hdev);
a5c29683
JH		 927}
928
929static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
930 struct sk_buff *skb)
931{
932 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
933
934 BT_DBG("%s status 0x%x", hdev->name, rp->status);
935
56e5cb86
JH		 936 hci_dev_lock(hdev);
937
a5c29683 938 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 939 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 940 rp->status);
56e5cb86
JH		 941
942 hci_dev_unlock(hdev);
a5c29683
JH		 943}
944
1143d458
BG		 945static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
946{
947 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
948
949 BT_DBG("%s status 0x%x", hdev->name, rp->status);
950
951 hci_dev_lock(hdev);
952
953 if (test_bit(HCI_MGMT, &hdev->flags))
954 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
955 rp->status);
956
957 hci_dev_unlock(hdev);
958}
959
960static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
961 struct sk_buff *skb)
962{
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
964
965 BT_DBG("%s status 0x%x", hdev->name, rp->status);
966
967 hci_dev_lock(hdev);
968
969 if (test_bit(HCI_MGMT, &hdev->flags))
970 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
971 rp->status);
972
973 hci_dev_unlock(hdev);
974}
975
c35938b2
SJ		 976static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
977 struct sk_buff *skb)
978{
979 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
980
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
982
56e5cb86 983 hci_dev_lock(hdev);
744cf19e 984 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 985 rp->randomizer, rp->status);
56e5cb86 986 hci_dev_unlock(hdev);
c35938b2
SJ		 987}
988
07f7fa5d
AG		 989static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
990{
991 __u8 status = *((__u8 *) skb->data);
992
993 BT_DBG("%s status 0x%x", hdev->name, status);
994}
995
eb9d91f5
AG		 996static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
997 struct sk_buff *skb)
998{
999 struct hci_cp_le_set_scan_enable *cp;
1000 __u8 status = *((__u8 *) skb->data);
1001
1002 BT_DBG("%s status 0x%x", hdev->name, status);
1003
1004 if (status)
1005 return;
1006
1007 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1008 if (!cp)
1009 return;
1010
35815085 1011 if (cp->enable == 0x01) {
d23264a8
AG		 1012 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1013
db323f2f 1014 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1015
1016 hci_dev_lock(hdev);
eb9d91f5 1017 hci_adv_entries_clear(hdev);
a8f13c8c 1018 hci_dev_unlock(hdev);
35815085 1019 } else if (cp->enable == 0x00) {
d23264a8
AG		 1020 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1021
db323f2f
GP		 1022 cancel_delayed_work_sync(&hdev->adv_work);
1023 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1024 jiffies + ADV_CLEAR_TIMEOUT);
35815085 1025 }
eb9d91f5
AG		 1026}
1027
a7a595f6
VCG		 1028static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1029{
1030 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1031
1032 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1033
1034 if (rp->status)
1035 return;
1036
1037 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1038}
1039
1040static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1041{
1042 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1043
1044 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1045
1046 if (rp->status)
1047 return;
1048
1049 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1050}
1051
f9b49306
AG		 1052static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1053 struct sk_buff *skb)
1054{
1055 struct hci_cp_read_local_ext_features cp;
1056 __u8 status = *((__u8 *) skb->data);
1057
1058 BT_DBG("%s status 0x%x", hdev->name, status);
1059
1060 if (status)
1061 return;
1062
1063 cp.page = 0x01;
1064 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1065}
1066
a9de9248
MH		 1067static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1068{
1069 BT_DBG("%s status 0x%x", hdev->name, status);
1070
1071 if (status) {
23bb5763 1072 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1073 hci_conn_check_pending(hdev);
56e5cb86 1074 hci_dev_lock(hdev);
164a6e78 1075 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1076 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1077 hci_dev_unlock(hdev);
314b2381
JH		 1078 return;
1079 }
1080
89352e7d
AG		 1081 set_bit(HCI_INQUIRY, &hdev->flags);
1082
56e5cb86 1083 hci_dev_lock(hdev);
744cf19e 1084 mgmt_discovering(hdev, 1);
56e5cb86 1085 hci_dev_unlock(hdev);
1da177e4
LT		 1086}
1087
1da177e4
LT		 1088static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1089{
a9de9248 1090 struct hci_cp_create_conn *cp;
1da177e4 1091 struct hci_conn *conn;
1da177e4 1092
a9de9248
MH		 1093 BT_DBG("%s status 0x%x", hdev->name, status);
1094
1095 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1096 if (!cp)
1097 return;
1098
1099 hci_dev_lock(hdev);
1100
1101 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1102
a9de9248 1103 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1104
1105 if (status) {
1106 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1107 if (status != 0x0c || conn->attempt > 2) {
1108 conn->state = BT_CLOSED;
1109 hci_proto_connect_cfm(conn, status);
1110 hci_conn_del(conn);
1111 } else
1112 conn->state = BT_CONNECT2;
1da177e4
LT		 1113 }
1114 } else {
1115 if (!conn) {
1116 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1117 if (conn) {
1118 conn->out = 1;
1119 conn->link_mode |= HCI_LM_MASTER;
1120 } else
893ef971 1121 BT_ERR("No memory for new connection");
1da177e4
LT		 1122 }
1123 }
1124
1125 hci_dev_unlock(hdev);
1126}
1127
a9de9248 1128static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1129{
a9de9248
MH		 1130 struct hci_cp_add_sco *cp;
1131 struct hci_conn *acl, *sco;
1132 __u16 handle;
1da177e4 1133
b6a0dc82
MH		 1134 BT_DBG("%s status 0x%x", hdev->name, status);
1135
a9de9248
MH		 1136 if (!status)
1137 return;
1da177e4 1138
a9de9248
MH		 1139 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1140 if (!cp)
1141 return;
1da177e4 1142
a9de9248 1143 handle = __le16_to_cpu(cp->handle);
1da177e4 1144
a9de9248 1145 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1146
a9de9248 1147 hci_dev_lock(hdev);
1da177e4 1148
a9de9248 1149 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1150 if (acl) {
1151 sco = acl->link;
1152 if (sco) {
1153 sco->state = BT_CLOSED;
1da177e4 1154
5a08ecce
AE		 1155 hci_proto_connect_cfm(sco, status);
1156 hci_conn_del(sco);
1157 }
a9de9248 1158 }
1da177e4 1159
a9de9248
MH		 1160 hci_dev_unlock(hdev);
1161}
1da177e4 1162
f8558555
MH		 1163static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1164{
1165 struct hci_cp_auth_requested *cp;
1166 struct hci_conn *conn;
1167
1168 BT_DBG("%s status 0x%x", hdev->name, status);
1169
1170 if (!status)
1171 return;
1172
1173 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1174 if (!cp)
1175 return;
1176
1177 hci_dev_lock(hdev);
1178
1179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1180 if (conn) {
1181 if (conn->state == BT_CONFIG) {
1182 hci_proto_connect_cfm(conn, status);
1183 hci_conn_put(conn);
1184 }
1185 }
1186
1187 hci_dev_unlock(hdev);
1188}
1189
1190static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1191{
1192 struct hci_cp_set_conn_encrypt *cp;
1193 struct hci_conn *conn;
1194
1195 BT_DBG("%s status 0x%x", hdev->name, status);
1196
1197 if (!status)
1198 return;
1199
1200 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1201 if (!cp)
1202 return;
1203
1204 hci_dev_lock(hdev);
1205
1206 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1207 if (conn) {
1208 if (conn->state == BT_CONFIG) {
1209 hci_proto_connect_cfm(conn, status);
1210 hci_conn_put(conn);
1211 }
1212 }
1213
1214 hci_dev_unlock(hdev);
1215}
1216
127178d2 1217static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1218 struct hci_conn *conn)
392599b9 1219{
392599b9
JH		 1220 if (conn->state != BT_CONFIG || !conn->out)
1221 return 0;
1222
765c2a96 1223 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1224 return 0;
1225
1226 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1227 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1228 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1229 conn->pending_sec_level != BT_SECURITY_HIGH &&
1230 !(conn->auth_type & 0x01))
392599b9
JH		 1231 return 0;
1232
392599b9
JH		 1233 return 1;
1234}
1235
a9de9248
MH		 1236static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1237{
127178d2
JH		 1238 struct hci_cp_remote_name_req *cp;
1239 struct hci_conn *conn;
1240
a9de9248 1241 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1242
1243 /* If successful wait for the name req complete event before
1244 * checking for the need to do authentication */
1245 if (!status)
1246 return;
1247
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1249 if (!cp)
1250 return;
1251
1252 hci_dev_lock(hdev);
1253
1254 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1255 if (!conn)
1256 goto unlock;
1257
1258 if (!hci_outgoing_auth_needed(hdev, conn))
1259 goto unlock;
1260
1261 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1262 struct hci_cp_auth_requested cp;
1263 cp.handle = __cpu_to_le16(conn->handle);
1264 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1265 }
1266
79c6c70c 1267unlock:
127178d2 1268 hci_dev_unlock(hdev);
a9de9248 1269}
1da177e4 1270
769be974
MH		 1271static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1272{
1273 struct hci_cp_read_remote_features *cp;
1274 struct hci_conn *conn;
1275
1276 BT_DBG("%s status 0x%x", hdev->name, status);
1277
1278 if (!status)
1279 return;
1280
1281 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1282 if (!cp)
1283 return;
1284
1285 hci_dev_lock(hdev);
1286
1287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288 if (conn) {
1289 if (conn->state == BT_CONFIG) {
769be974
MH		 1290 hci_proto_connect_cfm(conn, status);
1291 hci_conn_put(conn);
1292 }
1293 }
1294
1295 hci_dev_unlock(hdev);
1296}
1297
1298static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1299{
1300 struct hci_cp_read_remote_ext_features *cp;
1301 struct hci_conn *conn;
1302
1303 BT_DBG("%s status 0x%x", hdev->name, status);
1304
1305 if (!status)
1306 return;
1307
1308 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1309 if (!cp)
1310 return;
1311
1312 hci_dev_lock(hdev);
1313
1314 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1315 if (conn) {
1316 if (conn->state == BT_CONFIG) {
769be974
MH		 1317 hci_proto_connect_cfm(conn, status);
1318 hci_conn_put(conn);
1319 }
1320 }
1321
1322 hci_dev_unlock(hdev);
1323}
1324
a9de9248
MH		 1325static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1326{
b6a0dc82
MH		 1327 struct hci_cp_setup_sync_conn *cp;
1328 struct hci_conn *acl, *sco;
1329 __u16 handle;
1330
a9de9248 1331 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1332
1333 if (!status)
1334 return;
1335
1336 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1337 if (!cp)
1338 return;
1339
1340 handle = __le16_to_cpu(cp->handle);
1341
1342 BT_DBG("%s handle %d", hdev->name, handle);
1343
1344 hci_dev_lock(hdev);
1345
1346 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1347 if (acl) {
1348 sco = acl->link;
1349 if (sco) {
1350 sco->state = BT_CLOSED;
b6a0dc82 1351
5a08ecce
AE		 1352 hci_proto_connect_cfm(sco, status);
1353 hci_conn_del(sco);
1354 }
b6a0dc82
MH		 1355 }
1356
1357 hci_dev_unlock(hdev);
1da177e4
LT		 1358}
1359
a9de9248 1360static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1361{
a9de9248
MH		 1362 struct hci_cp_sniff_mode *cp;
1363 struct hci_conn *conn;
1da177e4 1364
a9de9248 1365 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1366
a9de9248
MH		 1367 if (!status)
1368 return;
04837f64 1369
a9de9248
MH		 1370 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1371 if (!cp)
1372 return;
04837f64 1373
a9de9248 1374 hci_dev_lock(hdev);
04837f64 1375
a9de9248 1376 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1377 if (conn) {
a9de9248 1378 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1379
e73439d8
MH		 1380 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1381 hci_sco_setup(conn, status);
1382 }
1383
a9de9248
MH		 1384 hci_dev_unlock(hdev);
1385}
04837f64 1386
a9de9248
MH		 1387static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1388{
1389 struct hci_cp_exit_sniff_mode *cp;
1390 struct hci_conn *conn;
04837f64 1391
a9de9248 1392 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1393
a9de9248
MH		 1394 if (!status)
1395 return;
04837f64 1396
a9de9248
MH		 1397 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1398 if (!cp)
1399 return;
04837f64 1400
a9de9248 1401 hci_dev_lock(hdev);
1da177e4 1402
a9de9248 1403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1404 if (conn) {
a9de9248 1405 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1406
e73439d8
MH		 1407 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1408 hci_sco_setup(conn, status);
1409 }
1410
a9de9248 1411 hci_dev_unlock(hdev);
1da177e4
LT		 1412}
1413
fcd89c09
VT		 1414static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1415{
1416 struct hci_cp_le_create_conn *cp;
1417 struct hci_conn *conn;
1418
1419 BT_DBG("%s status 0x%x", hdev->name, status);
1420
1421 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1422 if (!cp)
1423 return;
1424
1425 hci_dev_lock(hdev);
1426
1427 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1428
1429 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1430 conn);
1431
1432 if (status) {
1433 if (conn && conn->state == BT_CONNECT) {
1434 conn->state = BT_CLOSED;
1435 hci_proto_connect_cfm(conn, status);
1436 hci_conn_del(conn);
1437 }
1438 } else {
1439 if (!conn) {
1440 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1441 if (conn) {
1442 conn->dst_type = cp->peer_addr_type;
fcd89c09 1443 conn->out = 1;
29b7988a 1444 } else {
fcd89c09 1445 BT_ERR("No memory for new connection");
29b7988a 1446 }
fcd89c09
VT		 1447 }
1448 }
1449
1450 hci_dev_unlock(hdev);
1451}
1452
a7a595f6
VCG		 1453static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1454{
1455 BT_DBG("%s status 0x%x", hdev->name, status);
1456}
1457
1da177e4
LT		 1458static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1459{
1460 __u8 status = *((__u8 *) skb->data);
1461
1462 BT_DBG("%s status %d", hdev->name, status);
1463
23bb5763 1464 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1465
a9de9248 1466 hci_conn_check_pending(hdev);
89352e7d
AG		 1467
1468 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1469 return;
1470
56e5cb86 1471 hci_dev_lock(hdev);
744cf19e 1472 mgmt_discovering(hdev, 0);
56e5cb86 1473 hci_dev_unlock(hdev);
1da177e4
LT		 1474}
1475
1da177e4
LT		 1476static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1477{
45bb4bf0 1478 struct inquiry_data data;
a9de9248 1479 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1480 int num_rsp = *((__u8 *) skb->data);
1481
1482 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1483
45bb4bf0
MH		 1484 if (!num_rsp)
1485 return;
1486
1da177e4 1487 hci_dev_lock(hdev);
45bb4bf0 1488
e17acd40 1489 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1490 bacpy(&data.bdaddr, &info->bdaddr);
1491 data.pscan_rep_mode = info->pscan_rep_mode;
1492 data.pscan_period_mode = info->pscan_period_mode;
1493 data.pscan_mode = info->pscan_mode;
1494 memcpy(data.dev_class, info->dev_class, 3);
1495 data.clock_offset = info->clock_offset;
1496 data.rssi = 0x00;
41a96212 1497 data.ssp_mode = 0x00;
1da177e4 1498 hci_inquiry_cache_update(hdev, &data);
48264f06 1499 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1500 info->dev_class, 0, NULL);
1da177e4 1501 }
45bb4bf0 1502
1da177e4
LT		 1503 hci_dev_unlock(hdev);
1504}
1505
1da177e4
LT		 1506static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1507{
a9de9248
MH		 1508 struct hci_ev_conn_complete *ev = (void *) skb->data;
1509 struct hci_conn *conn;
1da177e4
LT		 1510
1511 BT_DBG("%s", hdev->name);
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1516 if (!conn) {
1517 if (ev->link_type != SCO_LINK)
1518 goto unlock;
1519
1520 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1521 if (!conn)
1522 goto unlock;
1523
1524 conn->type = SCO_LINK;
1525 }
1da177e4
LT		 1526
1527 if (!ev->status) {
1528 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1529
1530 if (conn->type == ACL_LINK) {
1531 conn->state = BT_CONFIG;
1532 hci_conn_hold(conn);
052b30b0 1533 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1534 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1535 conn->dst_type);
769be974
MH		 1536 } else
1537 conn->state = BT_CONNECTED;
1da177e4 1538
9eba32b8 1539 hci_conn_hold_device(conn);
7d0db0a3
MH		 1540 hci_conn_add_sysfs(conn);
1541
1da177e4
LT		 1542 if (test_bit(HCI_AUTH, &hdev->flags))
1543 conn->link_mode |= HCI_LM_AUTH;
1544
1545 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1546 conn->link_mode |= HCI_LM_ENCRYPT;
1547
04837f64
MH		 1548 /* Get remote features */
1549 if (conn->type == ACL_LINK) {
1550 struct hci_cp_read_remote_features cp;
1551 cp.handle = ev->handle;
769be974
MH		 1552 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1553 sizeof(cp), &cp);
04837f64
MH		 1554 }
1555
1da177e4 1556 /* Set packet type for incoming connection */
d095c1eb 1557 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1558 struct hci_cp_change_conn_ptype cp;
1559 cp.handle = ev->handle;
a8746417
MH		 1560 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1561 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1562 sizeof(cp), &cp);
1da177e4 1563 }
17d5c04c 1564 } else {
1da177e4 1565 conn->state = BT_CLOSED;
17d5c04c 1566 if (conn->type == ACL_LINK)
744cf19e 1567 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1568 conn->dst_type, ev->status);
17d5c04c 1569 }
1da177e4 1570
e73439d8
MH		 1571 if (conn->type == ACL_LINK)
1572 hci_sco_setup(conn, ev->status);
1da177e4 1573
769be974
MH		 1574 if (ev->status) {
1575 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1576 hci_conn_del(conn);
c89b6e6b
MH		 1577 } else if (ev->link_type != ACL_LINK)
1578 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1579
a9de9248 1580unlock:
1da177e4 1581 hci_dev_unlock(hdev);
1da177e4 1582
a9de9248 1583 hci_conn_check_pending(hdev);
1da177e4
LT		 1584}
1585
a9de9248 1586static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1587{
a9de9248
MH		 1588 struct hci_ev_conn_request *ev = (void *) skb->data;
1589 int mask = hdev->link_mode;
1da177e4 1590
a9de9248
MH		 1591 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1592 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1593
a9de9248 1594 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1595
138d22ef
SJ		 1596 if ((mask & HCI_LM_ACCEPT) &&
1597 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1598 /* Connection accepted */
c7bdd502 1599 struct inquiry_entry *ie;
1da177e4 1600 struct hci_conn *conn;
1da177e4 1601
a9de9248 1602 hci_dev_lock(hdev);
b6a0dc82 1603
cc11b9c1
AE		 1604 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1605 if (ie)
c7bdd502
MH		 1606 memcpy(ie->data.dev_class, ev->dev_class, 3);
1607
a9de9248
MH		 1608 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1609 if (!conn) {
cc11b9c1
AE		 1610 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1611 if (!conn) {
893ef971 1612 BT_ERR("No memory for new connection");
a9de9248
MH		 1613 hci_dev_unlock(hdev);
1614 return;
1da177e4
LT		 1615 }
1616 }
b6a0dc82 1617
a9de9248
MH		 1618 memcpy(conn->dev_class, ev->dev_class, 3);
1619 conn->state = BT_CONNECT;
b6a0dc82 1620
a9de9248 1621 hci_dev_unlock(hdev);
1da177e4 1622
b6a0dc82
MH		 1623 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1624 struct hci_cp_accept_conn_req cp;
1da177e4 1625
b6a0dc82
MH		 1626 bacpy(&cp.bdaddr, &ev->bdaddr);
1627
1628 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1629 cp.role = 0x00; /* Become master */
1630 else
1631 cp.role = 0x01; /* Remain slave */
1632
1633 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1634 sizeof(cp), &cp);
1635 } else {
1636 struct hci_cp_accept_sync_conn_req cp;
1637
1638 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1639 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1640
1641 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1642 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1643 cp.max_latency = cpu_to_le16(0xffff);
1644 cp.content_format = cpu_to_le16(hdev->voice_setting);
1645 cp.retrans_effort = 0xff;
1da177e4 1646
b6a0dc82
MH		 1647 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1648 sizeof(cp), &cp);
1649 }
a9de9248
MH		 1650 } else {
1651 /* Connection rejected */
1652 struct hci_cp_reject_conn_req cp;
1da177e4 1653
a9de9248 1654 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1655 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1656 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1657 }
1da177e4
LT		 1658}
1659
a9de9248 1660static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1661{
a9de9248 1662 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1663 struct hci_conn *conn;
1664
1665 BT_DBG("%s status %d", hdev->name, ev->status);
1666
1667 hci_dev_lock(hdev);
1668
1669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1670 if (!conn)
1671 goto unlock;
7d0db0a3 1672
37d9ef76
JH		 1673 if (ev->status == 0)
1674 conn->state = BT_CLOSED;
04837f64 1675
37d9ef76
JH		 1676 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1677 if (ev->status != 0)
1678 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1679 else
1680 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1681 conn->dst_type);
37d9ef76 1682 }
f7520543 1683
37d9ef76
JH		 1684 if (ev->status == 0) {
1685 hci_proto_disconn_cfm(conn, ev->reason);
1686 hci_conn_del(conn);
1687 }
f7520543
JH		 1688
1689unlock:
04837f64
MH		 1690 hci_dev_unlock(hdev);
1691}
1692
1da177e4
LT		 1693static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694{
a9de9248 1695 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1696 struct hci_conn *conn;
1da177e4
LT		 1697
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1699
1700 hci_dev_lock(hdev);
1701
04837f64 1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1703 if (!conn)
1704 goto unlock;
1705
1706 if (!ev->status) {
1707 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1708 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1709 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1710 } else {
d7556e20
WR		 1711 conn->link_mode |= HCI_LM_AUTH;
1712 conn->sec_level = conn->pending_sec_level;
2a611692 1713 }
d7556e20 1714 } else {
744cf19e 1715 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1716 }
1da177e4 1717
d7556e20
WR		 1718 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1719 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1720
d7556e20
WR		 1721 if (conn->state == BT_CONFIG) {
1722 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1723 struct hci_cp_set_conn_encrypt cp;
1724 cp.handle = ev->handle;
1725 cp.encrypt = 0x01;
1726 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1727 &cp);
052b30b0 1728 } else {
d7556e20
WR		 1729 conn->state = BT_CONNECTED;
1730 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1731 hci_conn_put(conn);
1732 }
d7556e20
WR		 1733 } else {
1734 hci_auth_cfm(conn, ev->status);
052b30b0 1735
d7556e20
WR		 1736 hci_conn_hold(conn);
1737 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1738 hci_conn_put(conn);
1739 }
1740
1741 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1742 if (!ev->status) {
1743 struct hci_cp_set_conn_encrypt cp;
1744 cp.handle = ev->handle;
1745 cp.encrypt = 0x01;
1746 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1747 &cp);
1748 } else {
1749 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1750 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1751 }
1752 }
1753
d7556e20 1754unlock:
1da177e4
LT		 1755 hci_dev_unlock(hdev);
1756}
1757
a9de9248 1758static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1759{
127178d2
JH		 1760 struct hci_ev_remote_name *ev = (void *) skb->data;
1761 struct hci_conn *conn;
1762
a9de9248 1763 BT_DBG("%s", hdev->name);
1da177e4 1764
a9de9248 1765 hci_conn_check_pending(hdev);
127178d2
JH		 1766
1767 hci_dev_lock(hdev);
1768
a88a9652 1769 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1770 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1771
127178d2 1772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1773 if (!conn)
1774 goto unlock;
1775
1776 if (!hci_outgoing_auth_needed(hdev, conn))
1777 goto unlock;
1778
1779 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1780 struct hci_cp_auth_requested cp;
1781 cp.handle = __cpu_to_le16(conn->handle);
1782 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1783 }
1784
79c6c70c 1785unlock:
127178d2 1786 hci_dev_unlock(hdev);
a9de9248
MH		 1787}
1788
1789static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1790{
1791 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1792 struct hci_conn *conn;
1793
1794 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1795
1796 hci_dev_lock(hdev);
1797
04837f64 1798 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1799 if (conn) {
1800 if (!ev->status) {
ae293196
MH		 1801 if (ev->encrypt) {
1802 /* Encryption implies authentication */
1803 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1804 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1805 conn->sec_level = conn->pending_sec_level;
ae293196 1806 } else
1da177e4
LT		 1807 conn->link_mode &= ~HCI_LM_ENCRYPT;
1808 }
1809
1810 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1811
f8558555
MH		 1812 if (conn->state == BT_CONFIG) {
1813 if (!ev->status)
1814 conn->state = BT_CONNECTED;
1815
1816 hci_proto_connect_cfm(conn, ev->status);
1817 hci_conn_put(conn);
1818 } else
1819 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1820 }
1821
1822 hci_dev_unlock(hdev);
1823}
1824
a9de9248 1825static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1826{
a9de9248 1827 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1828 struct hci_conn *conn;
1da177e4
LT		 1829
1830 BT_DBG("%s status %d", hdev->name, ev->status);
1831
1832 hci_dev_lock(hdev);
1833
04837f64 1834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1835 if (conn) {
1836 if (!ev->status)
1837 conn->link_mode |= HCI_LM_SECURE;
1838
1839 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1840
1841 hci_key_change_cfm(conn, ev->status);
1842 }
1843
1844 hci_dev_unlock(hdev);
1845}
1846
a9de9248 1847static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1848{
a9de9248
MH		 1849 struct hci_ev_remote_features *ev = (void *) skb->data;
1850 struct hci_conn *conn;
1851
1852 BT_DBG("%s status %d", hdev->name, ev->status);
1853
a9de9248
MH		 1854 hci_dev_lock(hdev);
1855
1856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1857 if (!conn)
1858 goto unlock;
769be974 1859
ccd556fe
JH		 1860 if (!ev->status)
1861 memcpy(conn->features, ev->features, 8);
1862
1863 if (conn->state != BT_CONFIG)
1864 goto unlock;
1865
1866 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1867 struct hci_cp_read_remote_ext_features cp;
1868 cp.handle = ev->handle;
1869 cp.page = 0x01;
1870 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1871 sizeof(cp), &cp);
392599b9
JH		 1872 goto unlock;
1873 }
1874
127178d2
JH		 1875 if (!ev->status) {
1876 struct hci_cp_remote_name_req cp;
1877 memset(&cp, 0, sizeof(cp));
1878 bacpy(&cp.bdaddr, &conn->dst);
1879 cp.pscan_rep_mode = 0x02;
1880 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1881 }
392599b9 1882
127178d2 1883 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1884 conn->state = BT_CONNECTED;
1885 hci_proto_connect_cfm(conn, ev->status);
1886 hci_conn_put(conn);
769be974 1887 }
a9de9248 1888
ccd556fe 1889unlock:
a9de9248 1890 hci_dev_unlock(hdev);
1da177e4
LT		 1891}
1892
a9de9248 1893static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1894{
a9de9248 1895 BT_DBG("%s", hdev->name);
1da177e4
LT		 1896}
1897
a9de9248 1898static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1899{
a9de9248 1900 BT_DBG("%s", hdev->name);
1da177e4
LT		 1901}
1902
a9de9248
MH		 1903static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1904{
1905 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1906 __u16 opcode;
1907
1908 skb_pull(skb, sizeof(*ev));
1909
1910 opcode = __le16_to_cpu(ev->opcode);
1911
1912 switch (opcode) {
1913 case HCI_OP_INQUIRY_CANCEL:
1914 hci_cc_inquiry_cancel(hdev, skb);
1915 break;
1916
1917 case HCI_OP_EXIT_PERIODIC_INQ:
1918 hci_cc_exit_periodic_inq(hdev, skb);
1919 break;
1920
1921 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1922 hci_cc_remote_name_req_cancel(hdev, skb);
1923 break;
1924
1925 case HCI_OP_ROLE_DISCOVERY:
1926 hci_cc_role_discovery(hdev, skb);
1927 break;
1928
e4e8e37c
MH		 1929 case HCI_OP_READ_LINK_POLICY:
1930 hci_cc_read_link_policy(hdev, skb);
1931 break;
1932
a9de9248
MH		 1933 case HCI_OP_WRITE_LINK_POLICY:
1934 hci_cc_write_link_policy(hdev, skb);
1935 break;
1936
e4e8e37c
MH		 1937 case HCI_OP_READ_DEF_LINK_POLICY:
1938 hci_cc_read_def_link_policy(hdev, skb);
1939 break;
1940
1941 case HCI_OP_WRITE_DEF_LINK_POLICY:
1942 hci_cc_write_def_link_policy(hdev, skb);
1943 break;
1944
a9de9248
MH		 1945 case HCI_OP_RESET:
1946 hci_cc_reset(hdev, skb);
1947 break;
1948
1949 case HCI_OP_WRITE_LOCAL_NAME:
1950 hci_cc_write_local_name(hdev, skb);
1951 break;
1952
1953 case HCI_OP_READ_LOCAL_NAME:
1954 hci_cc_read_local_name(hdev, skb);
1955 break;
1956
1957 case HCI_OP_WRITE_AUTH_ENABLE:
1958 hci_cc_write_auth_enable(hdev, skb);
1959 break;
1960
1961 case HCI_OP_WRITE_ENCRYPT_MODE:
1962 hci_cc_write_encrypt_mode(hdev, skb);
1963 break;
1964
1965 case HCI_OP_WRITE_SCAN_ENABLE:
1966 hci_cc_write_scan_enable(hdev, skb);
1967 break;
1968
1969 case HCI_OP_READ_CLASS_OF_DEV:
1970 hci_cc_read_class_of_dev(hdev, skb);
1971 break;
1972
1973 case HCI_OP_WRITE_CLASS_OF_DEV:
1974 hci_cc_write_class_of_dev(hdev, skb);
1975 break;
1976
1977 case HCI_OP_READ_VOICE_SETTING:
1978 hci_cc_read_voice_setting(hdev, skb);
1979 break;
1980
1981 case HCI_OP_WRITE_VOICE_SETTING:
1982 hci_cc_write_voice_setting(hdev, skb);
1983 break;
1984
1985 case HCI_OP_HOST_BUFFER_SIZE:
1986 hci_cc_host_buffer_size(hdev, skb);
1987 break;
1988
333140b5
MH		 1989 case HCI_OP_READ_SSP_MODE:
1990 hci_cc_read_ssp_mode(hdev, skb);
1991 break;
1992
1993 case HCI_OP_WRITE_SSP_MODE:
1994 hci_cc_write_ssp_mode(hdev, skb);
1995 break;
1996
a9de9248
MH		 1997 case HCI_OP_READ_LOCAL_VERSION:
1998 hci_cc_read_local_version(hdev, skb);
1999 break;
2000
2001 case HCI_OP_READ_LOCAL_COMMANDS:
2002 hci_cc_read_local_commands(hdev, skb);
2003 break;
2004
2005 case HCI_OP_READ_LOCAL_FEATURES:
2006 hci_cc_read_local_features(hdev, skb);
2007 break;
2008
971e3a4b
AG		 2009 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2010 hci_cc_read_local_ext_features(hdev, skb);
2011 break;
2012
a9de9248
MH		 2013 case HCI_OP_READ_BUFFER_SIZE:
2014 hci_cc_read_buffer_size(hdev, skb);
2015 break;
2016
2017 case HCI_OP_READ_BD_ADDR:
2018 hci_cc_read_bd_addr(hdev, skb);
2019 break;
2020
23bb5763
JH		 2021 case HCI_OP_WRITE_CA_TIMEOUT:
2022 hci_cc_write_ca_timeout(hdev, skb);
2023 break;
2024
1e89cffb
AE		 2025 case HCI_OP_READ_FLOW_CONTROL_MODE:
2026 hci_cc_read_flow_control_mode(hdev, skb);
2027 break;
2028
928abaa7
AE		 2029 case HCI_OP_READ_LOCAL_AMP_INFO:
2030 hci_cc_read_local_amp_info(hdev, skb);
2031 break;
2032
b0916ea0
JH		 2033 case HCI_OP_DELETE_STORED_LINK_KEY:
2034 hci_cc_delete_stored_link_key(hdev, skb);
2035 break;
2036
d5859e22
JH		 2037 case HCI_OP_SET_EVENT_MASK:
2038 hci_cc_set_event_mask(hdev, skb);
2039 break;
2040
2041 case HCI_OP_WRITE_INQUIRY_MODE:
2042 hci_cc_write_inquiry_mode(hdev, skb);
2043 break;
2044
2045 case HCI_OP_READ_INQ_RSP_TX_POWER:
2046 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2047 break;
2048
2049 case HCI_OP_SET_EVENT_FLT:
2050 hci_cc_set_event_flt(hdev, skb);
2051 break;
2052
980e1a53
JH		 2053 case HCI_OP_PIN_CODE_REPLY:
2054 hci_cc_pin_code_reply(hdev, skb);
2055 break;
2056
2057 case HCI_OP_PIN_CODE_NEG_REPLY:
2058 hci_cc_pin_code_neg_reply(hdev, skb);
2059 break;
2060
c35938b2
SJ		 2061 case HCI_OP_READ_LOCAL_OOB_DATA:
2062 hci_cc_read_local_oob_data_reply(hdev, skb);
2063 break;
2064
6ed58ec5
VT		 2065 case HCI_OP_LE_READ_BUFFER_SIZE:
2066 hci_cc_le_read_buffer_size(hdev, skb);
2067 break;
2068
a5c29683
JH		 2069 case HCI_OP_USER_CONFIRM_REPLY:
2070 hci_cc_user_confirm_reply(hdev, skb);
2071 break;
2072
2073 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2074 hci_cc_user_confirm_neg_reply(hdev, skb);
2075 break;
2076
1143d458
BG		 2077 case HCI_OP_USER_PASSKEY_REPLY:
2078 hci_cc_user_passkey_reply(hdev, skb);
2079 break;
2080
2081 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2082 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2083
2084 case HCI_OP_LE_SET_SCAN_PARAM:
2085 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2086 break;
2087
eb9d91f5
AG		 2088 case HCI_OP_LE_SET_SCAN_ENABLE:
2089 hci_cc_le_set_scan_enable(hdev, skb);
2090 break;
2091
a7a595f6
VCG		 2092 case HCI_OP_LE_LTK_REPLY:
2093 hci_cc_le_ltk_reply(hdev, skb);
2094 break;
2095
2096 case HCI_OP_LE_LTK_NEG_REPLY:
2097 hci_cc_le_ltk_neg_reply(hdev, skb);
2098 break;
2099
f9b49306
AG		 2100 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2101 hci_cc_write_le_host_supported(hdev, skb);
2102 break;
2103
a9de9248
MH		 2104 default:
2105 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2106 break;
2107 }
2108
6bd32326
VT		 2109 if (ev->opcode != HCI_OP_NOP)
2110 del_timer(&hdev->cmd_timer);
2111
a9de9248
MH		 2112 if (ev->ncmd) {
2113 atomic_set(&hdev->cmd_cnt, 1);
2114 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2115 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2116 }
2117}
2118
2119static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2120{
2121 struct hci_ev_cmd_status *ev = (void *) skb->data;
2122 __u16 opcode;
2123
2124 skb_pull(skb, sizeof(*ev));
2125
2126 opcode = __le16_to_cpu(ev->opcode);
2127
2128 switch (opcode) {
2129 case HCI_OP_INQUIRY:
2130 hci_cs_inquiry(hdev, ev->status);
2131 break;
2132
2133 case HCI_OP_CREATE_CONN:
2134 hci_cs_create_conn(hdev, ev->status);
2135 break;
2136
2137 case HCI_OP_ADD_SCO:
2138 hci_cs_add_sco(hdev, ev->status);
2139 break;
2140
f8558555
MH		 2141 case HCI_OP_AUTH_REQUESTED:
2142 hci_cs_auth_requested(hdev, ev->status);
2143 break;
2144
2145 case HCI_OP_SET_CONN_ENCRYPT:
2146 hci_cs_set_conn_encrypt(hdev, ev->status);
2147 break;
2148
a9de9248
MH		 2149 case HCI_OP_REMOTE_NAME_REQ:
2150 hci_cs_remote_name_req(hdev, ev->status);
2151 break;
2152
769be974
MH		 2153 case HCI_OP_READ_REMOTE_FEATURES:
2154 hci_cs_read_remote_features(hdev, ev->status);
2155 break;
2156
2157 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2158 hci_cs_read_remote_ext_features(hdev, ev->status);
2159 break;
2160
a9de9248
MH		 2161 case HCI_OP_SETUP_SYNC_CONN:
2162 hci_cs_setup_sync_conn(hdev, ev->status);
2163 break;
2164
2165 case HCI_OP_SNIFF_MODE:
2166 hci_cs_sniff_mode(hdev, ev->status);
2167 break;
2168
2169 case HCI_OP_EXIT_SNIFF_MODE:
2170 hci_cs_exit_sniff_mode(hdev, ev->status);
2171 break;
2172
8962ee74
JH		 2173 case HCI_OP_DISCONNECT:
2174 if (ev->status != 0)
37d9ef76 2175 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2176 break;
2177
fcd89c09
VT		 2178 case HCI_OP_LE_CREATE_CONN:
2179 hci_cs_le_create_conn(hdev, ev->status);
2180 break;
2181
a7a595f6
VCG		 2182 case HCI_OP_LE_START_ENC:
2183 hci_cs_le_start_enc(hdev, ev->status);
2184 break;
2185
a9de9248
MH		 2186 default:
2187 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2188 break;
2189 }
2190
6bd32326
VT		 2191 if (ev->opcode != HCI_OP_NOP)
2192 del_timer(&hdev->cmd_timer);
2193
10572132 2194 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2195 atomic_set(&hdev->cmd_cnt, 1);
2196 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2197 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2198 }
2199}
2200
2201static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2202{
2203 struct hci_ev_role_change *ev = (void *) skb->data;
2204 struct hci_conn *conn;
2205
2206 BT_DBG("%s status %d", hdev->name, ev->status);
2207
2208 hci_dev_lock(hdev);
2209
2210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2211 if (conn) {
2212 if (!ev->status) {
2213 if (ev->role)
2214 conn->link_mode &= ~HCI_LM_MASTER;
2215 else
2216 conn->link_mode |= HCI_LM_MASTER;
2217 }
2218
2219 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2220
2221 hci_role_switch_cfm(conn, ev->status, ev->role);
2222 }
2223
2224 hci_dev_unlock(hdev);
2225}
2226
2227static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2228{
2229 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2230 __le16 *ptr;
2231 int i;
2232
2233 skb_pull(skb, sizeof(*ev));
2234
2235 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2236
2237 if (skb->len < ev->num_hndl * 4) {
2238 BT_DBG("%s bad parameters", hdev->name);
2239 return;
2240 }
2241
2242 tasklet_disable(&hdev->tx_task);
2243
2244 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2245 struct hci_conn *conn;
2246 __u16 handle, count;
2247
83985319
HH		 2248 handle = get_unaligned_le16(ptr++);
2249 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2250
2251 conn = hci_conn_hash_lookup_handle(hdev, handle);
2252 if (conn) {
2253 conn->sent -= count;
2254
2255 if (conn->type == ACL_LINK) {
70f23020
AE		 2256 hdev->acl_cnt += count;
2257 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2258 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2259 } else if (conn->type == LE_LINK) {
2260 if (hdev->le_pkts) {
2261 hdev->le_cnt += count;
2262 if (hdev->le_cnt > hdev->le_pkts)
2263 hdev->le_cnt = hdev->le_pkts;
2264 } else {
2265 hdev->acl_cnt += count;
2266 if (hdev->acl_cnt > hdev->acl_pkts)
2267 hdev->acl_cnt = hdev->acl_pkts;
2268 }
a9de9248 2269 } else {
70f23020
AE		 2270 hdev->sco_cnt += count;
2271 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2272 hdev->sco_cnt = hdev->sco_pkts;
2273 }
2274 }
2275 }
2276
c78ae283 2277 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2278
2279 tasklet_enable(&hdev->tx_task);
2280}
2281
2282static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2283{
a9de9248 2284 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2285 struct hci_conn *conn;
2286
2287 BT_DBG("%s status %d", hdev->name, ev->status);
2288
2289 hci_dev_lock(hdev);
2290
2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2292 if (conn) {
2293 conn->mode = ev->mode;
2294 conn->interval = __le16_to_cpu(ev->interval);
2295
2296 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2297 if (conn->mode == HCI_CM_ACTIVE)
2298 conn->power_save = 1;
2299 else
2300 conn->power_save = 0;
2301 }
e73439d8
MH		 2302
2303 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2304 hci_sco_setup(conn, ev->status);
04837f64
MH		 2305 }
2306
2307 hci_dev_unlock(hdev);
2308}
2309
a9de9248
MH		 2310static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2311{
052b30b0
MH		 2312 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2313 struct hci_conn *conn;
2314
a9de9248 2315 BT_DBG("%s", hdev->name);
052b30b0
MH		 2316
2317 hci_dev_lock(hdev);
2318
2319 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2320 if (!conn)
2321 goto unlock;
2322
2323 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2324 hci_conn_hold(conn);
2325 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2326 hci_conn_put(conn);
2327 }
2328
03b555e1
JH		 2329 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2330 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2331 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2332 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2333 u8 secure;
2334
2335 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2336 secure = 1;
2337 else
2338 secure = 0;
2339
744cf19e 2340 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2341 }
980e1a53 2342
b6f98044 2343unlock:
052b30b0 2344 hci_dev_unlock(hdev);
a9de9248
MH		 2345}
2346
2347static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2348{
55ed8ca1
JH		 2349 struct hci_ev_link_key_req *ev = (void *) skb->data;
2350 struct hci_cp_link_key_reply cp;
2351 struct hci_conn *conn;
2352 struct link_key *key;
2353
a9de9248 2354 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2355
2356 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2357 return;
2358
2359 hci_dev_lock(hdev);
2360
2361 key = hci_find_link_key(hdev, &ev->bdaddr);
2362 if (!key) {
2363 BT_DBG("%s link key not found for %s", hdev->name,
2364 batostr(&ev->bdaddr));
2365 goto not_found;
2366 }
2367
2368 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2369 batostr(&ev->bdaddr));
2370
b6020ba0
WR		 2371 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2372 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2373 BT_DBG("%s ignoring debug key", hdev->name);
2374 goto not_found;
2375 }
2376
2377 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2378 if (conn) {
2379 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2380 conn->auth_type != 0xff &&
2381 (conn->auth_type & 0x01)) {
2382 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2383 goto not_found;
2384 }
55ed8ca1 2385
60b83f57
WR		 2386 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2387 conn->pending_sec_level == BT_SECURITY_HIGH) {
2388 BT_DBG("%s ignoring key unauthenticated for high \
2389 security", hdev->name);
2390 goto not_found;
2391 }
2392
2393 conn->key_type = key->type;
2394 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2395 }
2396
2397 bacpy(&cp.bdaddr, &ev->bdaddr);
2398 memcpy(cp.link_key, key->val, 16);
2399
2400 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2401
2402 hci_dev_unlock(hdev);
2403
2404 return;
2405
2406not_found:
2407 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2408 hci_dev_unlock(hdev);
a9de9248
MH		 2409}
2410
2411static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2412{
052b30b0
MH		 2413 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2414 struct hci_conn *conn;
55ed8ca1 2415 u8 pin_len = 0;
052b30b0 2416
a9de9248 2417 BT_DBG("%s", hdev->name);
052b30b0
MH		 2418
2419 hci_dev_lock(hdev);
2420
2421 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2422 if (conn) {
2423 hci_conn_hold(conn);
2424 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2425 pin_len = conn->pin_length;
13d39315
WR		 2426
2427 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2428 conn->key_type = ev->key_type;
2429
052b30b0
MH		 2430 hci_conn_put(conn);
2431 }
2432
55ed8ca1 2433 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2434 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2435 ev->key_type, pin_len);
2436
052b30b0 2437 hci_dev_unlock(hdev);
a9de9248
MH		 2438}
2439
1da177e4
LT		 2440static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2441{
a9de9248 2442 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2443 struct hci_conn *conn;
1da177e4
LT		 2444
2445 BT_DBG("%s status %d", hdev->name, ev->status);
2446
2447 hci_dev_lock(hdev);
2448
04837f64 2449 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2450 if (conn && !ev->status) {
2451 struct inquiry_entry *ie;
2452
cc11b9c1
AE		 2453 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2454 if (ie) {
1da177e4
LT		 2455 ie->data.clock_offset = ev->clock_offset;
2456 ie->timestamp = jiffies;
2457 }
2458 }
2459
2460 hci_dev_unlock(hdev);
2461}
2462
a8746417
MH		 2463static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2464{
2465 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2466 struct hci_conn *conn;
2467
2468 BT_DBG("%s status %d", hdev->name, ev->status);
2469
2470 hci_dev_lock(hdev);
2471
2472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2473 if (conn && !ev->status)
2474 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2475
2476 hci_dev_unlock(hdev);
2477}
2478
85a1e930
MH		 2479static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2480{
a9de9248 2481 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2482 struct inquiry_entry *ie;
2483
2484 BT_DBG("%s", hdev->name);
2485
2486 hci_dev_lock(hdev);
2487
cc11b9c1
AE		 2488 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2489 if (ie) {
85a1e930
MH		 2490 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2491 ie->timestamp = jiffies;
2492 }
2493
2494 hci_dev_unlock(hdev);
2495}
2496
a9de9248
MH		 2497static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2498{
2499 struct inquiry_data data;
2500 int num_rsp = *((__u8 *) skb->data);
2501
2502 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2503
2504 if (!num_rsp)
2505 return;
2506
2507 hci_dev_lock(hdev);
2508
2509 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2510 struct inquiry_info_with_rssi_and_pscan_mode *info;
2511 info = (void *) (skb->data + 1);
a9de9248 2512
e17acd40 2513 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2514 bacpy(&data.bdaddr, &info->bdaddr);
2515 data.pscan_rep_mode = info->pscan_rep_mode;
2516 data.pscan_period_mode = info->pscan_period_mode;
2517 data.pscan_mode = info->pscan_mode;
2518 memcpy(data.dev_class, info->dev_class, 3);
2519 data.clock_offset = info->clock_offset;
2520 data.rssi = info->rssi;
41a96212 2521 data.ssp_mode = 0x00;
a9de9248 2522 hci_inquiry_cache_update(hdev, &data);
48264f06 2523 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2524 info->dev_class, info->rssi,
2525 NULL);
a9de9248
MH		 2526 }
2527 } else {
2528 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2529
e17acd40 2530 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2531 bacpy(&data.bdaddr, &info->bdaddr);
2532 data.pscan_rep_mode = info->pscan_rep_mode;
2533 data.pscan_period_mode = info->pscan_period_mode;
2534 data.pscan_mode = 0x00;
2535 memcpy(data.dev_class, info->dev_class, 3);
2536 data.clock_offset = info->clock_offset;
2537 data.rssi = info->rssi;
41a96212 2538 data.ssp_mode = 0x00;
a9de9248 2539 hci_inquiry_cache_update(hdev, &data);
48264f06 2540 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2541 info->dev_class, info->rssi,
2542 NULL);
a9de9248
MH		 2543 }
2544 }
2545
2546 hci_dev_unlock(hdev);
2547}
2548
2549static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2550{
41a96212
MH		 2551 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2552 struct hci_conn *conn;
2553
a9de9248 2554 BT_DBG("%s", hdev->name);
41a96212 2555
41a96212
MH		 2556 hci_dev_lock(hdev);
2557
2558 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2559 if (!conn)
2560 goto unlock;
41a96212 2561
ccd556fe
JH		 2562 if (!ev->status && ev->page == 0x01) {
2563 struct inquiry_entry *ie;
41a96212 2564
cc11b9c1
AE		 2565 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2566 if (ie)
ccd556fe 2567 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2568
ccd556fe
JH		 2569 conn->ssp_mode = (ev->features[0] & 0x01);
2570 }
2571
2572 if (conn->state != BT_CONFIG)
2573 goto unlock;
2574
127178d2
JH		 2575 if (!ev->status) {
2576 struct hci_cp_remote_name_req cp;
2577 memset(&cp, 0, sizeof(cp));
2578 bacpy(&cp.bdaddr, &conn->dst);
2579 cp.pscan_rep_mode = 0x02;
2580 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2581 }
392599b9 2582
127178d2 2583 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2584 conn->state = BT_CONNECTED;
2585 hci_proto_connect_cfm(conn, ev->status);
2586 hci_conn_put(conn);
41a96212
MH		 2587 }
2588
ccd556fe 2589unlock:
41a96212 2590 hci_dev_unlock(hdev);
a9de9248
MH		 2591}
2592
2593static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2594{
b6a0dc82
MH		 2595 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2596 struct hci_conn *conn;
2597
2598 BT_DBG("%s status %d", hdev->name, ev->status);
2599
2600 hci_dev_lock(hdev);
2601
2602 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2603 if (!conn) {
2604 if (ev->link_type == ESCO_LINK)
2605 goto unlock;
2606
2607 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2608 if (!conn)
2609 goto unlock;
2610
2611 conn->type = SCO_LINK;
2612 }
b6a0dc82 2613
732547f9
MH		 2614 switch (ev->status) {
2615 case 0x00:
b6a0dc82
MH		 2616 conn->handle = __le16_to_cpu(ev->handle);
2617 conn->state = BT_CONNECTED;
7d0db0a3 2618
9eba32b8 2619 hci_conn_hold_device(conn);
7d0db0a3 2620 hci_conn_add_sysfs(conn);
732547f9
MH		 2621 break;
2622
705e5711 2623 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2624 case 0x1c: /* SCO interval rejected */
1038a00b 2625 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2626 case 0x1f: /* Unspecified error */
2627 if (conn->out && conn->attempt < 2) {
2628 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2629 (hdev->esco_type & EDR_ESCO_MASK);
2630 hci_setup_sync(conn, conn->link->handle);
2631 goto unlock;
2632 }
2633 /* fall through */
2634
2635 default:
b6a0dc82 2636 conn->state = BT_CLOSED;
732547f9
MH		 2637 break;
2638 }
b6a0dc82
MH		 2639
2640 hci_proto_connect_cfm(conn, ev->status);
2641 if (ev->status)
2642 hci_conn_del(conn);
2643
2644unlock:
2645 hci_dev_unlock(hdev);
a9de9248
MH		 2646}
2647
2648static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649{
2650 BT_DBG("%s", hdev->name);
2651}
2652
04837f64
MH		 2653static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2654{
a9de9248 2655 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2656
2657 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2658}
2659
a9de9248 2660static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2661{
a9de9248
MH		 2662 struct inquiry_data data;
2663 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2664 int num_rsp = *((__u8 *) skb->data);
1da177e4 2665
a9de9248 2666 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2667
a9de9248
MH		 2668 if (!num_rsp)
2669 return;
1da177e4 2670
a9de9248
MH		 2671 hci_dev_lock(hdev);
2672
e17acd40 2673 for (; num_rsp; num_rsp--, info++) {
a9de9248 2674 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2675 data.pscan_rep_mode = info->pscan_rep_mode;
2676 data.pscan_period_mode = info->pscan_period_mode;
2677 data.pscan_mode = 0x00;
a9de9248 2678 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2679 data.clock_offset = info->clock_offset;
2680 data.rssi = info->rssi;
41a96212 2681 data.ssp_mode = 0x01;
a9de9248 2682 hci_inquiry_cache_update(hdev, &data);
48264f06 2683 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2684 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2685 }
2686
2687 hci_dev_unlock(hdev);
2688}
1da177e4 2689
17fa4b9d
JH		 2690static inline u8 hci_get_auth_req(struct hci_conn *conn)
2691{
2692 /* If remote requests dedicated bonding follow that lead */
2693 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2694 /* If both remote and local IO capabilities allow MITM
2695 * protection then require it, otherwise don't */
2696 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2697 return 0x02;
2698 else
2699 return 0x03;
2700 }
2701
2702 /* If remote requests no-bonding follow that lead */
2703 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2704 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2705
2706 return conn->auth_type;
2707}
2708
0493684e
MH		 2709static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2710{
2711 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2712 struct hci_conn *conn;
2713
2714 BT_DBG("%s", hdev->name);
2715
2716 hci_dev_lock(hdev);
2717
2718 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2719 if (!conn)
2720 goto unlock;
2721
2722 hci_conn_hold(conn);
2723
2724 if (!test_bit(HCI_MGMT, &hdev->flags))
2725 goto unlock;
2726
2727 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2728 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2729 struct hci_cp_io_capability_reply cp;
2730
2731 bacpy(&cp.bdaddr, &ev->bdaddr);
2732 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2733 conn->auth_type = hci_get_auth_req(conn);
2734 cp.authentication = conn->auth_type;
17fa4b9d 2735
ce85ee13
SJ		 2736 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2737 hci_find_remote_oob_data(hdev, &conn->dst))
2738 cp.oob_data = 0x01;
2739 else
2740 cp.oob_data = 0x00;
2741
17fa4b9d
JH		 2742 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2743 sizeof(cp), &cp);
03b555e1
JH		 2744 } else {
2745 struct hci_cp_io_capability_neg_reply cp;
2746
2747 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2748 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2749
03b555e1
JH		 2750 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2751 sizeof(cp), &cp);
2752 }
2753
2754unlock:
2755 hci_dev_unlock(hdev);
2756}
2757
2758static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2759{
2760 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2761 struct hci_conn *conn;
2762
2763 BT_DBG("%s", hdev->name);
2764
2765 hci_dev_lock(hdev);
2766
2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2768 if (!conn)
2769 goto unlock;
2770
03b555e1
JH		 2771 conn->remote_cap = ev->capability;
2772 conn->remote_oob = ev->oob_data;
2773 conn->remote_auth = ev->authentication;
2774
2775unlock:
0493684e
MH		 2776 hci_dev_unlock(hdev);
2777}
2778
a5c29683
JH		 2779static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2780 struct sk_buff *skb)
2781{
2782 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2783 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2784 struct hci_conn *conn;
a5c29683
JH		 2785
2786 BT_DBG("%s", hdev->name);
2787
2788 hci_dev_lock(hdev);
2789
7a828908
JH		 2790 if (!test_bit(HCI_MGMT, &hdev->flags))
2791 goto unlock;
a5c29683 2792
7a828908
JH		 2793 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2794 if (!conn)
2795 goto unlock;
2796
2797 loc_mitm = (conn->auth_type & 0x01);
2798 rem_mitm = (conn->remote_auth & 0x01);
2799
2800 /* If we require MITM but the remote device can't provide that
2801 * (it has NoInputNoOutput) then reject the confirmation
2802 * request. The only exception is when we're dedicated bonding
2803 * initiators (connect_cfm_cb set) since then we always have the MITM
2804 * bit set. */
2805 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2806 BT_DBG("Rejecting request: remote device can't provide MITM");
2807 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2808 sizeof(ev->bdaddr), &ev->bdaddr);
2809 goto unlock;
2810 }
2811
2812 /* If no side requires MITM protection; auto-accept */
2813 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2814 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2815
2816 /* If we're not the initiators request authorization to
2817 * proceed from user space (mgmt_user_confirm with
2818 * confirm_hint set to 1). */
2819 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2820 BT_DBG("Confirming auto-accept as acceptor");
2821 confirm_hint = 1;
2822 goto confirm;
2823 }
2824
9f61656a
JH		 2825 BT_DBG("Auto-accept of user confirmation with %ums delay",
2826 hdev->auto_accept_delay);
2827
2828 if (hdev->auto_accept_delay > 0) {
2829 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2830 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2831 goto unlock;
2832 }
2833
7a828908
JH		 2834 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2835 sizeof(ev->bdaddr), &ev->bdaddr);
2836 goto unlock;
2837 }
2838
55bc1a37 2839confirm:
744cf19e 2840 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2841 confirm_hint);
7a828908
JH		 2842
2843unlock:
a5c29683
JH		 2844 hci_dev_unlock(hdev);
2845}
2846
1143d458
BG		 2847static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2848 struct sk_buff *skb)
2849{
2850 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2851
2852 BT_DBG("%s", hdev->name);
2853
2854 hci_dev_lock(hdev);
2855
2856 if (test_bit(HCI_MGMT, &hdev->flags))
2857 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2858
2859 hci_dev_unlock(hdev);
2860}
2861
0493684e
MH		 2862static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2863{
2864 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2865 struct hci_conn *conn;
2866
2867 BT_DBG("%s", hdev->name);
2868
2869 hci_dev_lock(hdev);
2870
2871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2872 if (!conn)
2873 goto unlock;
2874
2875 /* To avoid duplicate auth_failed events to user space we check
2876 * the HCI_CONN_AUTH_PEND flag which will be set if we
2877 * initiated the authentication. A traditional auth_complete
2878 * event gets always produced as initiator and is also mapped to
2879 * the mgmt_auth_failed event */
2880 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2881 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2882
2a611692
JH		 2883 hci_conn_put(conn);
2884
2885unlock:
0493684e
MH		 2886 hci_dev_unlock(hdev);
2887}
2888
41a96212
MH		 2889static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2890{
2891 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2892 struct inquiry_entry *ie;
2893
2894 BT_DBG("%s", hdev->name);
2895
2896 hci_dev_lock(hdev);
2897
cc11b9c1
AE		 2898 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2899 if (ie)
41a96212
MH		 2900 ie->data.ssp_mode = (ev->features[0] & 0x01);
2901
2902 hci_dev_unlock(hdev);
2903}
2904
2763eda6
SJ		 2905static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2906 struct sk_buff *skb)
2907{
2908 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2909 struct oob_data *data;
2910
2911 BT_DBG("%s", hdev->name);
2912
2913 hci_dev_lock(hdev);
2914
e1ba1f15
SJ		 2915 if (!test_bit(HCI_MGMT, &hdev->flags))
2916 goto unlock;
2917
2763eda6
SJ		 2918 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2919 if (data) {
2920 struct hci_cp_remote_oob_data_reply cp;
2921
2922 bacpy(&cp.bdaddr, &ev->bdaddr);
2923 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2924 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2925
2926 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2927 &cp);
2928 } else {
2929 struct hci_cp_remote_oob_data_neg_reply cp;
2930
2931 bacpy(&cp.bdaddr, &ev->bdaddr);
2932 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2933 &cp);
2934 }
2935
e1ba1f15 2936unlock:
2763eda6
SJ		 2937 hci_dev_unlock(hdev);
2938}
2939
fcd89c09
VT		 2940static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2941{
2942 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2943 struct hci_conn *conn;
2944
2945 BT_DBG("%s status %d", hdev->name, ev->status);
2946
2947 hci_dev_lock(hdev);
2948
2949 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2950 if (!conn) {
2951 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2952 if (!conn) {
2953 BT_ERR("No memory for new connection");
2954 hci_dev_unlock(hdev);
2955 return;
2956 }
29b7988a
AG		 2957
2958 conn->dst_type = ev->bdaddr_type;
b62f328b 2959 }
fcd89c09
VT		 2960
2961 if (ev->status) {
48264f06
JH		 2962 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2963 conn->dst_type, ev->status);
fcd89c09
VT		 2964 hci_proto_connect_cfm(conn, ev->status);
2965 conn->state = BT_CLOSED;
2966 hci_conn_del(conn);
2967 goto unlock;
2968 }
2969
48264f06 2970 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 2971
7b5c0d52 2972 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2973 conn->handle = __le16_to_cpu(ev->handle);
2974 conn->state = BT_CONNECTED;
2975
2976 hci_conn_hold_device(conn);
2977 hci_conn_add_sysfs(conn);
2978
2979 hci_proto_connect_cfm(conn, ev->status);
2980
2981unlock:
2982 hci_dev_unlock(hdev);
2983}
2984
9aa04c91
AG		 2985static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2986 struct sk_buff *skb)
2987{
e95beb41
AG		 2988 u8 num_reports = skb->data[0];
2989 void *ptr = &skb->data[1];
9aa04c91
AG		 2990
2991 hci_dev_lock(hdev);
2992
e95beb41
AG		 2993 while (num_reports--) {
2994 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2995
9aa04c91 2996 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2997
2998 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2999 }
3000
3001 hci_dev_unlock(hdev);
3002}
3003
a7a595f6
VCG		 3004static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3005 struct sk_buff *skb)
3006{
3007 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3008 struct hci_cp_le_ltk_reply cp;
bea710fe 3009 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3010 struct hci_conn *conn;
bea710fe 3011 struct link_key *ltk;
a7a595f6
VCG		 3012
3013 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3014
3015 hci_dev_lock(hdev);
3016
3017 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3018 if (conn == NULL)
3019 goto not_found;
a7a595f6 3020
bea710fe
VCG		 3021 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3022 if (ltk == NULL)
3023 goto not_found;
3024
3025 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3026 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3027 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3028
3029 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3030
3031 hci_dev_unlock(hdev);
bea710fe
VCG		 3032
3033 return;
3034
3035not_found:
3036 neg.handle = ev->handle;
3037 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3038 hci_dev_unlock(hdev);
a7a595f6
VCG		 3039}
3040
fcd89c09
VT		 3041static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3042{
3043 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3044
3045 skb_pull(skb, sizeof(*le_ev));
3046
3047 switch (le_ev->subevent) {
3048 case HCI_EV_LE_CONN_COMPLETE:
3049 hci_le_conn_complete_evt(hdev, skb);
3050 break;
3051
9aa04c91
AG		 3052 case HCI_EV_LE_ADVERTISING_REPORT:
3053 hci_le_adv_report_evt(hdev, skb);
3054 break;
3055
a7a595f6
VCG		 3056 case HCI_EV_LE_LTK_REQ:
3057 hci_le_ltk_request_evt(hdev, skb);
3058 break;
3059
fcd89c09
VT		 3060 default:
3061 break;
3062 }
3063}
3064
a9de9248
MH		 3065void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3066{
3067 struct hci_event_hdr *hdr = (void *) skb->data;
3068 __u8 event = hdr->evt;
3069
3070 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3071
3072 switch (event) {
1da177e4
LT		 3073 case HCI_EV_INQUIRY_COMPLETE:
3074 hci_inquiry_complete_evt(hdev, skb);
3075 break;
3076
3077 case HCI_EV_INQUIRY_RESULT:
3078 hci_inquiry_result_evt(hdev, skb);
3079 break;
3080
a9de9248
MH		 3081 case HCI_EV_CONN_COMPLETE:
3082 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3083 break;
3084
1da177e4
LT		 3085 case HCI_EV_CONN_REQUEST:
3086 hci_conn_request_evt(hdev, skb);
3087 break;
3088
1da177e4
LT		 3089 case HCI_EV_DISCONN_COMPLETE:
3090 hci_disconn_complete_evt(hdev, skb);
3091 break;
3092
1da177e4
LT		 3093 case HCI_EV_AUTH_COMPLETE:
3094 hci_auth_complete_evt(hdev, skb);
3095 break;
3096
a9de9248
MH		 3097 case HCI_EV_REMOTE_NAME:
3098 hci_remote_name_evt(hdev, skb);
3099 break;
3100
1da177e4
LT		 3101 case HCI_EV_ENCRYPT_CHANGE:
3102 hci_encrypt_change_evt(hdev, skb);
3103 break;
3104
a9de9248
MH		 3105 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3106 hci_change_link_key_complete_evt(hdev, skb);
3107 break;
3108
3109 case HCI_EV_REMOTE_FEATURES:
3110 hci_remote_features_evt(hdev, skb);
3111 break;
3112
3113 case HCI_EV_REMOTE_VERSION:
3114 hci_remote_version_evt(hdev, skb);
3115 break;
3116
3117 case HCI_EV_QOS_SETUP_COMPLETE:
3118 hci_qos_setup_complete_evt(hdev, skb);
3119 break;
3120
3121 case HCI_EV_CMD_COMPLETE:
3122 hci_cmd_complete_evt(hdev, skb);
3123 break;
3124
3125 case HCI_EV_CMD_STATUS:
3126 hci_cmd_status_evt(hdev, skb);
3127 break;
3128
3129 case HCI_EV_ROLE_CHANGE:
3130 hci_role_change_evt(hdev, skb);
3131 break;
3132
3133 case HCI_EV_NUM_COMP_PKTS:
3134 hci_num_comp_pkts_evt(hdev, skb);
3135 break;
3136
3137 case HCI_EV_MODE_CHANGE:
3138 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3139 break;
3140
3141 case HCI_EV_PIN_CODE_REQ:
3142 hci_pin_code_request_evt(hdev, skb);
3143 break;
3144
3145 case HCI_EV_LINK_KEY_REQ:
3146 hci_link_key_request_evt(hdev, skb);
3147 break;
3148
3149 case HCI_EV_LINK_KEY_NOTIFY:
3150 hci_link_key_notify_evt(hdev, skb);
3151 break;
3152
3153 case HCI_EV_CLOCK_OFFSET:
3154 hci_clock_offset_evt(hdev, skb);
3155 break;
3156
a8746417
MH		 3157 case HCI_EV_PKT_TYPE_CHANGE:
3158 hci_pkt_type_change_evt(hdev, skb);
3159 break;
3160
85a1e930
MH		 3161 case HCI_EV_PSCAN_REP_MODE:
3162 hci_pscan_rep_mode_evt(hdev, skb);
3163 break;
3164
a9de9248
MH		 3165 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3166 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3167 break;
3168
a9de9248
MH		 3169 case HCI_EV_REMOTE_EXT_FEATURES:
3170 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3171 break;
3172
a9de9248
MH		 3173 case HCI_EV_SYNC_CONN_COMPLETE:
3174 hci_sync_conn_complete_evt(hdev, skb);
3175 break;
1da177e4 3176
a9de9248
MH		 3177 case HCI_EV_SYNC_CONN_CHANGED:
3178 hci_sync_conn_changed_evt(hdev, skb);
3179 break;
1da177e4 3180
a9de9248
MH		 3181 case HCI_EV_SNIFF_SUBRATE:
3182 hci_sniff_subrate_evt(hdev, skb);
3183 break;
1da177e4 3184
a9de9248
MH		 3185 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3186 hci_extended_inquiry_result_evt(hdev, skb);
3187 break;
1da177e4 3188
0493684e
MH		 3189 case HCI_EV_IO_CAPA_REQUEST:
3190 hci_io_capa_request_evt(hdev, skb);
3191 break;
3192
03b555e1
JH		 3193 case HCI_EV_IO_CAPA_REPLY:
3194 hci_io_capa_reply_evt(hdev, skb);
3195 break;
3196
a5c29683
JH		 3197 case HCI_EV_USER_CONFIRM_REQUEST:
3198 hci_user_confirm_request_evt(hdev, skb);
3199 break;
3200
1143d458
BG		 3201 case HCI_EV_USER_PASSKEY_REQUEST:
3202 hci_user_passkey_request_evt(hdev, skb);
3203 break;
3204
0493684e
MH		 3205 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3206 hci_simple_pair_complete_evt(hdev, skb);
3207 break;
3208
41a96212
MH		 3209 case HCI_EV_REMOTE_HOST_FEATURES:
3210 hci_remote_host_features_evt(hdev, skb);
3211 break;
3212
fcd89c09
VT		 3213 case HCI_EV_LE_META:
3214 hci_le_meta_evt(hdev, skb);
3215 break;
3216
2763eda6
SJ		 3217 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3218 hci_remote_oob_data_request_evt(hdev, skb);
3219 break;
3220
a9de9248
MH		 3221 default:
3222 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3223 break;
3224 }
3225
3226 kfree_skb(skb);
3227 hdev->stat.evt_rx++;
3228}
3229
3230/* Generate internal stack event */
3231void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3232{
3233 struct hci_event_hdr *hdr;
3234 struct hci_ev_stack_internal *ev;
3235 struct sk_buff *skb;
3236
3237 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3238 if (!skb)
3239 return;
3240
3241 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3242 hdr->evt = HCI_EV_STACK_INTERNAL;
3243 hdr->plen = sizeof(*ev) + dlen;
3244
3245 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3246 ev->type = type;
3247 memcpy(ev->data, data, dlen);
3248
576c7d85 3249 bt_cb(skb)->incoming = 1;
a61bbcf2 3250 __net_timestamp(skb);
576c7d85 3251
0d48d939 3252 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3253 skb->dev = (void *) hdev;
eec8d2bc 3254 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3255 kfree_skb(skb);
3256}
e6100a25 3257
669bb396 3258module_param(enable_le, bool, 0644);
e6100a25 3259MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)