projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix coding style in include/net/bluetooth
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
4d93483b
AG		 72static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
75
76 BT_DBG("%s status 0x%x", hdev->name, status);
ae854a70
AG		 77
78 if (status)
79 return;
80
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 82}
83
a9de9248
MH		 84static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 __u8 status = *((__u8 *) skb->data);
6bd57416 87
a9de9248 88 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 89
a9de9248
MH		 90 if (status)
91 return;
1da177e4 92
ae854a70
AG		 93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
94
a9de9248
MH		 95 hci_conn_check_pending(hdev);
96}
97
807deac2
GP		 98static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
99 struct sk_buff *skb)
a9de9248
MH		 100{
101 BT_DBG("%s", hdev->name);
102}
103
104static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
105{
106 struct hci_rp_role_discovery *rp = (void *) skb->data;
107 struct hci_conn *conn;
108
109 BT_DBG("%s status 0x%x", hdev->name, rp->status);
110
111 if (rp->status)
112 return;
113
114 hci_dev_lock(hdev);
115
116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
117 if (conn) {
118 if (rp->role)
119 conn->link_mode &= ~HCI_LM_MASTER;
120 else
121 conn->link_mode |= HCI_LM_MASTER;
1da177e4 122 }
a9de9248
MH		 123
124 hci_dev_unlock(hdev);
1da177e4
LT		 125}
126
e4e8e37c
MH		 127static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128{
129 struct hci_rp_read_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
131
132 BT_DBG("%s status 0x%x", hdev->name, rp->status);
133
134 if (rp->status)
135 return;
136
137 hci_dev_lock(hdev);
138
139 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
140 if (conn)
141 conn->link_policy = __le16_to_cpu(rp->policy);
142
143 hci_dev_unlock(hdev);
144}
145
a9de9248 146static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 147{
a9de9248 148 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 149 struct hci_conn *conn;
04837f64 150 void *sent;
1da177e4 151
a9de9248 152 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 153
a9de9248
MH		 154 if (rp->status)
155 return;
1da177e4 156
a9de9248
MH		 157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
158 if (!sent)
159 return;
1da177e4 160
a9de9248 161 hci_dev_lock(hdev);
1da177e4 162
a9de9248 163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 164 if (conn)
83985319 165 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 166
a9de9248
MH		 167 hci_dev_unlock(hdev);
168}
1da177e4 169
807deac2
GP		 170static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
174
175 BT_DBG("%s status 0x%x", hdev->name, rp->status);
176
177 if (rp->status)
178 return;
179
180 hdev->link_policy = __le16_to_cpu(rp->policy);
181}
182
807deac2
GP		 183static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
184 struct sk_buff *skb)
e4e8e37c
MH		 185{
186 __u8 status = *((__u8 *) skb->data);
187 void *sent;
188
189 BT_DBG("%s status 0x%x", hdev->name, status);
190
191 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
192 if (!sent)
193 return;
194
195 if (!status)
196 hdev->link_policy = get_unaligned_le16(sent);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 199}
200
a9de9248
MH		 201static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
04837f64 204
a9de9248 205 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 206
10572132
GP		 207 clear_bit(HCI_RESET, &hdev->flags);
208
23bb5763 209 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 210
a297e97c 211 /* Reset all non-persistent flags */
ae854a70
AG		 212 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
213 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 214
215 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 216}
04837f64 217
a9de9248
MH		 218static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
04837f64 222
a9de9248 223 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 224
a9de9248
MH		 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
226 if (!sent)
227 return;
04837f64 228
56e5cb86
JH		 229 hci_dev_lock(hdev);
230
f51d5b24
JH		 231 if (test_bit(HCI_MGMT, &hdev->dev_flags))
232 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 233 else if (!status)
234 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 235
56e5cb86 236 hci_dev_unlock(hdev);
3159d384
JH		 237
238 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 239}
240
241static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 struct hci_rp_read_local_name *rp = (void *) skb->data;
244
245 BT_DBG("%s status 0x%x", hdev->name, rp->status);
246
247 if (rp->status)
248 return;
249
db99b5fc
JH		 250 if (test_bit(HCI_SETUP, &hdev->dev_flags))
251 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 252}
253
254static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
255{
256 __u8 status = *((__u8 *) skb->data);
257 void *sent;
258
259 BT_DBG("%s status 0x%x", hdev->name, status);
260
261 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
262 if (!sent)
263 return;
264
265 if (!status) {
266 __u8 param = *((__u8 *) sent);
267
268 if (param == AUTH_ENABLED)
269 set_bit(HCI_AUTH, &hdev->flags);
270 else
271 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 272 }
a9de9248 273
33ef95ed
JH		 274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
275 mgmt_auth_enable_complete(hdev, status);
276
23bb5763 277 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 278}
279
a9de9248 280static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 281{
a9de9248 282 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 283 void *sent;
284
a9de9248 285 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 286
a9de9248
MH		 287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
288 if (!sent)
289 return;
1da177e4 290
a9de9248
MH		 291 if (!status) {
292 __u8 param = *((__u8 *) sent);
293
294 if (param)
295 set_bit(HCI_ENCRYPT, &hdev->flags);
296 else
297 clear_bit(HCI_ENCRYPT, &hdev->flags);
298 }
1da177e4 299
23bb5763 300 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 301}
1da177e4 302
a9de9248
MH		 303static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
304{
36f7fc7e
JH		 305 __u8 param, status = *((__u8 *) skb->data);
306 int old_pscan, old_iscan;
a9de9248 307 void *sent;
1da177e4 308
a9de9248 309 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 310
a9de9248
MH		 311 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
312 if (!sent)
313 return;
1da177e4 314
36f7fc7e
JH		 315 param = *((__u8 *) sent);
316
56e5cb86
JH		 317 hci_dev_lock(hdev);
318
2d7cee58 319 if (status != 0) {
744cf19e 320 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 321 hdev->discov_timeout = 0;
322 goto done;
323 }
324
36f7fc7e
JH		 325 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
326 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
327
328 if (param & SCAN_INQUIRY) {
329 set_bit(HCI_ISCAN, &hdev->flags);
330 if (!old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 332 if (hdev->discov_timeout > 0) {
333 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
334 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 335 to);
16ab91ab 336 }
36f7fc7e 337 } else if (old_iscan)
744cf19e 338 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 339
340 if (param & SCAN_PAGE) {
341 set_bit(HCI_PSCAN, &hdev->flags);
342 if (!old_pscan)
744cf19e 343 mgmt_connectable(hdev, 1);
36f7fc7e 344 } else if (old_pscan)
744cf19e 345 mgmt_connectable(hdev, 0);
1da177e4 346
36f7fc7e 347done:
56e5cb86 348 hci_dev_unlock(hdev);
23bb5763 349 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 350}
1da177e4 351
a9de9248
MH		 352static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
353{
354 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 355
a9de9248 356 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 357
a9de9248
MH		 358 if (rp->status)
359 return;
1da177e4 360
a9de9248 361 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 362
a9de9248 363 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 364 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 365}
1da177e4 366
a9de9248
MH		 367static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
370 void *sent;
1da177e4 371
a9de9248 372 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 373
a9de9248
MH		 374 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
375 if (!sent)
376 return;
1da177e4 377
7f9a903c
MH		 378 hci_dev_lock(hdev);
379
380 if (status == 0)
381 memcpy(hdev->dev_class, sent, 3);
382
383 if (test_bit(HCI_MGMT, &hdev->dev_flags))
384 mgmt_set_class_of_dev_complete(hdev, sent, status);
385
386 hci_dev_unlock(hdev);
a9de9248 387}
1da177e4 388
a9de9248
MH		 389static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
390{
391 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
392 __u16 setting;
393
394 BT_DBG("%s status 0x%x", hdev->name, rp->status);
395
396 if (rp->status)
397 return;
398
399 setting = __le16_to_cpu(rp->voice_setting);
400
f383f275 401 if (hdev->voice_setting == setting)
a9de9248
MH		 402 return;
403
404 hdev->voice_setting = setting;
405
406 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
407
3c54711c 408 if (hdev->notify)
a9de9248 409 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 410}
411
412static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
413{
414 __u8 status = *((__u8 *) skb->data);
f383f275 415 __u16 setting;
a9de9248
MH		 416 void *sent;
417
418 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 419
f383f275
MH		 420 if (status)
421 return;
422
a9de9248
MH		 423 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
424 if (!sent)
425 return;
1da177e4 426
f383f275 427 setting = get_unaligned_le16(sent);
1da177e4 428
f383f275
MH		 429 if (hdev->voice_setting == setting)
430 return;
431
432 hdev->voice_setting = setting;
1da177e4 433
f383f275 434 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 435
3c54711c 436 if (hdev->notify)
f383f275 437 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 438}
439
a9de9248 440static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 441{
a9de9248 442 __u8 status = *((__u8 *) skb->data);
1da177e4 443
a9de9248 444 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 445
23bb5763 446 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 447}
1143e5a6 448
333140b5
MH		 449static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
450{
451 __u8 status = *((__u8 *) skb->data);
452 void *sent;
453
454 BT_DBG("%s status 0x%x", hdev->name, status);
455
333140b5
MH		 456 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
457 if (!sent)
458 return;
459
ed2c4ee3 460 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 461 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
462 else if (!status) {
463 if (*((u8 *) sent))
464 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
465 else
466 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 }
333140b5
MH		 468}
469
d5859e22
JH		 470static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
471{
472 if (hdev->features[6] & LMP_EXT_INQ)
473 return 2;
474
475 if (hdev->features[3] & LMP_RSSI_INQ)
476 return 1;
477
478 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 479 hdev->lmp_subver == 0x0757)
d5859e22
JH		 480 return 1;
481
482 if (hdev->manufacturer == 15) {
483 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
484 return 1;
485 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
486 return 1;
487 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
488 return 1;
489 }
490
491 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 492 hdev->lmp_subver == 0x1805)
d5859e22
JH		 493 return 1;
494
495 return 0;
496}
497
498static void hci_setup_inquiry_mode(struct hci_dev *hdev)
499{
500 u8 mode;
501
502 mode = hci_get_inquiry_mode(hdev);
503
504 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
505}
506
507static void hci_setup_event_mask(struct hci_dev *hdev)
508{
509 /* The second byte is 0xff instead of 0x9f (two reserved bits
510 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
511 * command otherwise */
512 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
513
6de6c18d
VT		 514 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
515 * any event mask for pre 1.2 devices */
5a13b095 516 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 517 return;
518
519 events[4] |= 0x01; /* Flow Specification Complete */
520 events[4] |= 0x02; /* Inquiry Result with RSSI */
521 events[4] |= 0x04; /* Read Remote Extended Features Complete */
522 events[5] |= 0x08; /* Synchronous Connection Complete */
523 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 524
525 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 526 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 527
528 if (hdev->features[5] & LMP_SNIFF_SUBR)
529 events[5] |= 0x20; /* Sniff Subrating */
530
531 if (hdev->features[5] & LMP_PAUSE_ENC)
532 events[5] |= 0x80; /* Encryption Key Refresh Complete */
533
534 if (hdev->features[6] & LMP_EXT_INQ)
535 events[5] |= 0x40; /* Extended Inquiry Result */
536
537 if (hdev->features[6] & LMP_NO_FLUSH)
538 events[7] |= 0x01; /* Enhanced Flush Complete */
539
540 if (hdev->features[7] & LMP_LSTO)
541 events[6] |= 0x80; /* Link Supervision Timeout Changed */
542
543 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
544 events[6] |= 0x01; /* IO Capability Request */
545 events[6] |= 0x02; /* IO Capability Response */
546 events[6] |= 0x04; /* User Confirmation Request */
547 events[6] |= 0x08; /* User Passkey Request */
548 events[6] |= 0x10; /* Remote OOB Data Request */
549 events[6] |= 0x20; /* Simple Pairing Complete */
550 events[7] |= 0x04; /* User Passkey Notification */
551 events[7] |= 0x08; /* Keypress Notification */
552 events[7] |= 0x10; /* Remote Host Supported
553 * Features Notification */
554 }
555
556 if (hdev->features[4] & LMP_LE)
557 events[7] |= 0x20; /* LE Meta-Event */
558
559 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
560}
561
562static void hci_setup(struct hci_dev *hdev)
563{
e61ef499
AE		 564 if (hdev->dev_type != HCI_BREDR)
565 return;
566
d5859e22
JH		 567 hci_setup_event_mask(hdev);
568
d095c1eb 569 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 570 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
571
54d04dbb
JH		 572 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
573 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
574 u8 mode = 0x01;
575 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 576 sizeof(mode), &mode);
54d04dbb
JH		 577 } else {
578 struct hci_cp_write_eir cp;
579
580 memset(hdev->eir, 0, sizeof(hdev->eir));
581 memset(&cp, 0, sizeof(cp));
582
583 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
584 }
d5859e22
JH		 585 }
586
587 if (hdev->features[3] & LMP_RSSI_INQ)
588 hci_setup_inquiry_mode(hdev);
589
590 if (hdev->features[7] & LMP_INQ_TX_PWR)
591 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 592
593 if (hdev->features[7] & LMP_EXTFEATURES) {
594 struct hci_cp_read_local_ext_features cp;
595
596 cp.page = 0x01;
04124681
GP		 597 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
598 &cp);
971e3a4b 599 }
e6100a25 600
47990ea0
JH		 601 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
602 u8 enable = 1;
04124681
GP		 603 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
604 &enable);
47990ea0 605 }
d5859e22
JH		 606}
607
a9de9248
MH		 608static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
609{
610 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 611
a9de9248 612 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 613
a9de9248 614 if (rp->status)
28b8df77 615 goto done;
1143e5a6 616
a9de9248 617 hdev->hci_ver = rp->hci_ver;
e4e8e37c 618 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 619 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 620 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 621 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 622
a9de9248 623 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
807deac2 624 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 625
626 if (test_bit(HCI_INIT, &hdev->flags))
627 hci_setup(hdev);
28b8df77
AE		 628
629done:
630 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 631}
632
633static void hci_setup_link_policy(struct hci_dev *hdev)
634{
035100c8 635 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 636 u16 link_policy = 0;
637
638 if (hdev->features[0] & LMP_RSWITCH)
639 link_policy |= HCI_LP_RSWITCH;
640 if (hdev->features[0] & LMP_HOLD)
641 link_policy |= HCI_LP_HOLD;
642 if (hdev->features[0] & LMP_SNIFF)
643 link_policy |= HCI_LP_SNIFF;
644 if (hdev->features[1] & LMP_PARK)
645 link_policy |= HCI_LP_PARK;
646
035100c8
AE		 647 cp.policy = cpu_to_le16(link_policy);
648 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 649}
1da177e4 650
a9de9248
MH		 651static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
652{
653 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 654
a9de9248 655 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 656
a9de9248 657 if (rp->status)
d5859e22 658 goto done;
1da177e4 659
a9de9248 660 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 661
662 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
663 hci_setup_link_policy(hdev);
664
665done:
666 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 667}
1da177e4 668
a9de9248
MH		 669static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
670{
671 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 672
a9de9248 673 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 674
a9de9248
MH		 675 if (rp->status)
676 return;
5b7f9909 677
a9de9248 678 memcpy(hdev->features, rp->features, 8);
5b7f9909 679
a9de9248
MH		 680 /* Adjust default settings according to features
681 * supported by device. */
1da177e4 682
a9de9248
MH		 683 if (hdev->features[0] & LMP_3SLOT)
684 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 685
a9de9248
MH		 686 if (hdev->features[0] & LMP_5SLOT)
687 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 688
a9de9248
MH		 689 if (hdev->features[1] & LMP_HV2) {
690 hdev->pkt_type |= (HCI_HV2);
691 hdev->esco_type |= (ESCO_HV2);
692 }
1da177e4 693
a9de9248
MH		 694 if (hdev->features[1] & LMP_HV3) {
695 hdev->pkt_type |= (HCI_HV3);
696 hdev->esco_type |= (ESCO_HV3);
697 }
1da177e4 698
a9de9248
MH		 699 if (hdev->features[3] & LMP_ESCO)
700 hdev->esco_type |= (ESCO_EV3);
da1f5198 701
a9de9248
MH		 702 if (hdev->features[4] & LMP_EV4)
703 hdev->esco_type |= (ESCO_EV4);
da1f5198 704
a9de9248
MH		 705 if (hdev->features[4] & LMP_EV5)
706 hdev->esco_type |= (ESCO_EV5);
1da177e4 707
efc7688b
MH		 708 if (hdev->features[5] & LMP_EDR_ESCO_2M)
709 hdev->esco_type |= (ESCO_2EV3);
710
711 if (hdev->features[5] & LMP_EDR_ESCO_3M)
712 hdev->esco_type |= (ESCO_3EV3);
713
714 if (hdev->features[5] & LMP_EDR_3S_ESCO)
715 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
716
a9de9248 717 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 718 hdev->features[0], hdev->features[1],
719 hdev->features[2], hdev->features[3],
720 hdev->features[4], hdev->features[5],
721 hdev->features[6], hdev->features[7]);
a9de9248 722}
1da177e4 723
8f984dfa
JH		 724static void hci_set_le_support(struct hci_dev *hdev)
725{
726 struct hci_cp_write_le_host_supported cp;
727
728 memset(&cp, 0, sizeof(cp));
729
9d42820f 730 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 731 cp.le = 1;
732 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
733 }
734
735 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 736 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
737 &cp);
8f984dfa
JH		 738}
739
971e3a4b 740static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 741 struct sk_buff *skb)
971e3a4b
AG		 742{
743 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
744
745 BT_DBG("%s status 0x%x", hdev->name, rp->status);
746
747 if (rp->status)
8f984dfa 748 goto done;
971e3a4b 749
b5b32b65
AG		 750 switch (rp->page) {
751 case 0:
752 memcpy(hdev->features, rp->features, 8);
753 break;
754 case 1:
755 memcpy(hdev->host_features, rp->features, 8);
756 break;
757 }
971e3a4b 758
8f984dfa
JH		 759 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
760 hci_set_le_support(hdev);
761
762done:
971e3a4b
AG		 763 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
764}
765
1e89cffb 766static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 767 struct sk_buff *skb)
1e89cffb
AE		 768{
769 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
770
771 BT_DBG("%s status 0x%x", hdev->name, rp->status);
772
773 if (rp->status)
774 return;
775
776 hdev->flow_ctl_mode = rp->mode;
777
778 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
779}
780
a9de9248
MH		 781static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
782{
783 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 784
a9de9248 785 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 786
a9de9248
MH		 787 if (rp->status)
788 return;
1da177e4 789
a9de9248
MH		 790 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
791 hdev->sco_mtu = rp->sco_mtu;
792 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
793 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
794
795 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
796 hdev->sco_mtu = 64;
797 hdev->sco_pkts = 8;
1da177e4 798 }
a9de9248
MH		 799
800 hdev->acl_cnt = hdev->acl_pkts;
801 hdev->sco_cnt = hdev->sco_pkts;
802
807deac2
GP		 803 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
804 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 805}
806
807static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
808{
809 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
810
811 BT_DBG("%s status 0x%x", hdev->name, rp->status);
812
813 if (!rp->status)
814 bacpy(&hdev->bdaddr, &rp->bdaddr);
815
23bb5763
JH		 816 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
817}
818
350ee4cf 819static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 820 struct sk_buff *skb)
350ee4cf
AE		 821{
822 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
823
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
825
826 if (rp->status)
827 return;
828
829 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
830 hdev->block_len = __le16_to_cpu(rp->block_len);
831 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
832
833 hdev->block_cnt = hdev->num_blocks;
834
835 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 836 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 837
838 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
839}
840
23bb5763
JH		 841static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
842{
843 __u8 status = *((__u8 *) skb->data);
844
845 BT_DBG("%s status 0x%x", hdev->name, status);
846
847 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 848}
849
928abaa7 850static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 851 struct sk_buff *skb)
928abaa7
AE		 852{
853 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
854
855 BT_DBG("%s status 0x%x", hdev->name, rp->status);
856
857 if (rp->status)
858 return;
859
860 hdev->amp_status = rp->amp_status;
861 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
862 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
863 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
864 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
865 hdev->amp_type = rp->amp_type;
866 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
867 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
868 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
869 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
870
871 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
872}
873
b0916ea0 874static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 875 struct sk_buff *skb)
b0916ea0
JH		 876{
877 __u8 status = *((__u8 *) skb->data);
878
879 BT_DBG("%s status 0x%x", hdev->name, status);
880
881 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
882}
883
d5859e22
JH		 884static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
885{
886 __u8 status = *((__u8 *) skb->data);
887
888 BT_DBG("%s status 0x%x", hdev->name, status);
889
890 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
891}
892
893static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 894 struct sk_buff *skb)
d5859e22
JH		 895{
896 __u8 status = *((__u8 *) skb->data);
897
898 BT_DBG("%s status 0x%x", hdev->name, status);
899
900 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
901}
902
903static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 904 struct sk_buff *skb)
d5859e22 905{
91c4e9b1 906 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 907
91c4e9b1
MH		 908 BT_DBG("%s status 0x%x", hdev->name, rp->status);
909
910 if (!rp->status)
911 hdev->inq_tx_power = rp->tx_power;
d5859e22 912
91c4e9b1 913 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 914}
915
916static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
917{
918 __u8 status = *((__u8 *) skb->data);
919
920 BT_DBG("%s status 0x%x", hdev->name, status);
921
922 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
923}
924
980e1a53
JH		 925static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
926{
927 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
928 struct hci_cp_pin_code_reply *cp;
929 struct hci_conn *conn;
930
931 BT_DBG("%s status 0x%x", hdev->name, rp->status);
932
56e5cb86
JH		 933 hci_dev_lock(hdev);
934
a8b2d5c2 935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 936 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 937
938 if (rp->status != 0)
56e5cb86 939 goto unlock;
980e1a53
JH		 940
941 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
942 if (!cp)
56e5cb86 943 goto unlock;
980e1a53
JH		 944
945 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
946 if (conn)
947 conn->pin_length = cp->pin_len;
56e5cb86
JH		 948
949unlock:
950 hci_dev_unlock(hdev);
980e1a53
JH		 951}
952
953static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
954{
955 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
956
957 BT_DBG("%s status 0x%x", hdev->name, rp->status);
958
56e5cb86
JH		 959 hci_dev_lock(hdev);
960
a8b2d5c2 961 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 962 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 963 rp->status);
56e5cb86
JH		 964
965 hci_dev_unlock(hdev);
980e1a53 966}
56e5cb86 967
6ed58ec5
VT		 968static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
969 struct sk_buff *skb)
970{
971 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
972
973 BT_DBG("%s status 0x%x", hdev->name, rp->status);
974
975 if (rp->status)
976 return;
977
978 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
979 hdev->le_pkts = rp->le_max_pkt;
980
981 hdev->le_cnt = hdev->le_pkts;
982
983 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
984
985 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
986}
980e1a53 987
a5c29683
JH		 988static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
989{
990 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
991
992 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993
56e5cb86
JH		 994 hci_dev_lock(hdev);
995
a8b2d5c2 996 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 997 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
998 rp->status);
56e5cb86
JH		 999
1000 hci_dev_unlock(hdev);
a5c29683
JH		 1001}
1002
1003static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1004 struct sk_buff *skb)
a5c29683
JH		 1005{
1006 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1007
1008 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009
56e5cb86
JH		 1010 hci_dev_lock(hdev);
1011
a8b2d5c2 1012 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1013 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1014 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1015
1016 hci_dev_unlock(hdev);
a5c29683
JH		 1017}
1018
1143d458
BG		 1019static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1020{
1021 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1022
1023 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024
1025 hci_dev_lock(hdev);
1026
a8b2d5c2 1027 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1028 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1029 0, rp->status);
1143d458
BG		 1030
1031 hci_dev_unlock(hdev);
1032}
1033
1034static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1035 struct sk_buff *skb)
1143d458
BG		 1036{
1037 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1038
1039 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1040
1041 hci_dev_lock(hdev);
1042
a8b2d5c2 1043 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1044 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1045 ACL_LINK, 0, rp->status);
1143d458
BG		 1046
1047 hci_dev_unlock(hdev);
1048}
1049
c35938b2 1050static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1051 struct sk_buff *skb)
c35938b2
SJ		 1052{
1053 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1054
1055 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1056
56e5cb86 1057 hci_dev_lock(hdev);
744cf19e 1058 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1059 rp->randomizer, rp->status);
56e5cb86 1060 hci_dev_unlock(hdev);
c35938b2
SJ		 1061}
1062
07f7fa5d
AG		 1063static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1064{
1065 __u8 status = *((__u8 *) skb->data);
1066
1067 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1068
1069 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1070
1071 if (status) {
1072 hci_dev_lock(hdev);
1073 mgmt_start_discovery_failed(hdev, status);
1074 hci_dev_unlock(hdev);
1075 return;
1076 }
07f7fa5d
AG		 1077}
1078
eb9d91f5 1079static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1080 struct sk_buff *skb)
eb9d91f5
AG		 1081{
1082 struct hci_cp_le_set_scan_enable *cp;
1083 __u8 status = *((__u8 *) skb->data);
1084
1085 BT_DBG("%s status 0x%x", hdev->name, status);
1086
eb9d91f5
AG		 1087 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1088 if (!cp)
1089 return;
1090
68a8aea4
AE		 1091 switch (cp->enable) {
1092 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1093 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1094
3fd24153
AG		 1095 if (status) {
1096 hci_dev_lock(hdev);
1097 mgmt_start_discovery_failed(hdev, status);
1098 hci_dev_unlock(hdev);
7ba8b4be 1099 return;
3fd24153 1100 }
7ba8b4be 1101
d23264a8
AG		 1102 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1103
a8f13c8c 1104 hci_dev_lock(hdev);
343f935b 1105 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1106 hci_dev_unlock(hdev);
68a8aea4
AE		 1107 break;
1108
1109 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1110 if (status) {
1111 hci_dev_lock(hdev);
1112 mgmt_stop_discovery_failed(hdev, status);
1113 hci_dev_unlock(hdev);
7ba8b4be 1114 return;
c9ecc48e 1115 }
7ba8b4be 1116
d23264a8
AG		 1117 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1118
bc3dd33c
AG		 1119 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1120 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1121 mgmt_interleaved_discovery(hdev);
1122 } else {
1123 hci_dev_lock(hdev);
1124 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1125 hci_dev_unlock(hdev);
1126 }
1127
68a8aea4
AE		 1128 break;
1129
1130 default:
1131 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1132 break;
35815085 1133 }
eb9d91f5
AG		 1134}
1135
a7a595f6
VCG		 1136static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1137{
1138 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1139
1140 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1141
1142 if (rp->status)
1143 return;
1144
1145 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1146}
1147
1148static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1149{
1150 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1151
1152 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1153
1154 if (rp->status)
1155 return;
1156
1157 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1158}
1159
6039aa73
GP		 1160static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1161 struct sk_buff *skb)
f9b49306 1162{
06199cf8 1163 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1164 __u8 status = *((__u8 *) skb->data);
1165
1166 BT_DBG("%s status 0x%x", hdev->name, status);
1167
06199cf8 1168 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1169 if (!sent)
f9b49306
AG		 1170 return;
1171
8f984dfa
JH		 1172 if (!status) {
1173 if (sent->le)
1174 hdev->host_features[0] |= LMP_HOST_LE;
1175 else
1176 hdev->host_features[0] &= ~LMP_HOST_LE;
1177 }
1178
1179 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1180 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1181 mgmt_le_enable_complete(hdev, sent->le, status);
1182
1183 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1184}
1185
6039aa73 1186static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248
MH		 1187{
1188 BT_DBG("%s status 0x%x", hdev->name, status);
1189
1190 if (status) {
23bb5763 1191 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1192 hci_conn_check_pending(hdev);
56e5cb86 1193 hci_dev_lock(hdev);
a8b2d5c2 1194 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1195 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1196 hci_dev_unlock(hdev);
314b2381
JH		 1197 return;
1198 }
1199
89352e7d
AG		 1200 set_bit(HCI_INQUIRY, &hdev->flags);
1201
56e5cb86 1202 hci_dev_lock(hdev);
343f935b 1203 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1204 hci_dev_unlock(hdev);
1da177e4
LT		 1205}
1206
6039aa73 1207static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1208{
a9de9248 1209 struct hci_cp_create_conn *cp;
1da177e4 1210 struct hci_conn *conn;
1da177e4 1211
a9de9248
MH		 1212 BT_DBG("%s status 0x%x", hdev->name, status);
1213
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1215 if (!cp)
1216 return;
1217
1218 hci_dev_lock(hdev);
1219
1220 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1221
a9de9248 1222 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1223
1224 if (status) {
1225 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1226 if (status != 0x0c || conn->attempt > 2) {
1227 conn->state = BT_CLOSED;
1228 hci_proto_connect_cfm(conn, status);
1229 hci_conn_del(conn);
1230 } else
1231 conn->state = BT_CONNECT2;
1da177e4
LT		 1232 }
1233 } else {
1234 if (!conn) {
1235 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1236 if (conn) {
a0c808b3 1237 conn->out = true;
1da177e4
LT		 1238 conn->link_mode |= HCI_LM_MASTER;
1239 } else
893ef971 1240 BT_ERR("No memory for new connection");
1da177e4
LT		 1241 }
1242 }
1243
1244 hci_dev_unlock(hdev);
1245}
1246
a9de9248 1247static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1248{
a9de9248
MH		 1249 struct hci_cp_add_sco *cp;
1250 struct hci_conn *acl, *sco;
1251 __u16 handle;
1da177e4 1252
b6a0dc82
MH		 1253 BT_DBG("%s status 0x%x", hdev->name, status);
1254
a9de9248
MH		 1255 if (!status)
1256 return;
1da177e4 1257
a9de9248
MH		 1258 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1259 if (!cp)
1260 return;
1da177e4 1261
a9de9248 1262 handle = __le16_to_cpu(cp->handle);
1da177e4 1263
a9de9248 1264 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1265
a9de9248 1266 hci_dev_lock(hdev);
1da177e4 1267
a9de9248 1268 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1269 if (acl) {
1270 sco = acl->link;
1271 if (sco) {
1272 sco->state = BT_CLOSED;
1da177e4 1273
5a08ecce
AE		 1274 hci_proto_connect_cfm(sco, status);
1275 hci_conn_del(sco);
1276 }
a9de9248 1277 }
1da177e4 1278
a9de9248
MH		 1279 hci_dev_unlock(hdev);
1280}
1da177e4 1281
f8558555
MH		 1282static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1283{
1284 struct hci_cp_auth_requested *cp;
1285 struct hci_conn *conn;
1286
1287 BT_DBG("%s status 0x%x", hdev->name, status);
1288
1289 if (!status)
1290 return;
1291
1292 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1293 if (!cp)
1294 return;
1295
1296 hci_dev_lock(hdev);
1297
1298 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1299 if (conn) {
1300 if (conn->state == BT_CONFIG) {
1301 hci_proto_connect_cfm(conn, status);
1302 hci_conn_put(conn);
1303 }
1304 }
1305
1306 hci_dev_unlock(hdev);
1307}
1308
1309static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1310{
1311 struct hci_cp_set_conn_encrypt *cp;
1312 struct hci_conn *conn;
1313
1314 BT_DBG("%s status 0x%x", hdev->name, status);
1315
1316 if (!status)
1317 return;
1318
1319 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1320 if (!cp)
1321 return;
1322
1323 hci_dev_lock(hdev);
1324
1325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1326 if (conn) {
1327 if (conn->state == BT_CONFIG) {
1328 hci_proto_connect_cfm(conn, status);
1329 hci_conn_put(conn);
1330 }
1331 }
1332
1333 hci_dev_unlock(hdev);
1334}
1335
127178d2 1336static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1337 struct hci_conn *conn)
392599b9 1338{
392599b9
JH		 1339 if (conn->state != BT_CONFIG || !conn->out)
1340 return 0;
1341
765c2a96 1342 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1343 return 0;
1344
1345 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1346 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1347 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1348 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1349 return 0;
1350
392599b9
JH		 1351 return 1;
1352}
1353
6039aa73 1354static int hci_resolve_name(struct hci_dev *hdev,
04124681 1355 struct inquiry_entry *e)
30dc78e1
JH		 1356{
1357 struct hci_cp_remote_name_req cp;
1358
1359 memset(&cp, 0, sizeof(cp));
1360
1361 bacpy(&cp.bdaddr, &e->data.bdaddr);
1362 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1363 cp.pscan_mode = e->data.pscan_mode;
1364 cp.clock_offset = e->data.clock_offset;
1365
1366 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1367}
1368
b644ba33 1369static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1370{
1371 struct discovery_state *discov = &hdev->discovery;
1372 struct inquiry_entry *e;
1373
b644ba33
JH		 1374 if (list_empty(&discov->resolve))
1375 return false;
1376
1377 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1378 if (hci_resolve_name(hdev, e) == 0) {
1379 e->name_state = NAME_PENDING;
1380 return true;
1381 }
1382
1383 return false;
1384}
1385
1386static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1387 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1388{
1389 struct discovery_state *discov = &hdev->discovery;
1390 struct inquiry_entry *e;
1391
1392 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1393 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1394 name_len, conn->dev_class);
b644ba33
JH		 1395
1396 if (discov->state == DISCOVERY_STOPPED)
1397 return;
1398
30dc78e1
JH		 1399 if (discov->state == DISCOVERY_STOPPING)
1400 goto discov_complete;
1401
1402 if (discov->state != DISCOVERY_RESOLVING)
1403 return;
1404
1405 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1406 if (e) {
1407 e->name_state = NAME_KNOWN;
1408 list_del(&e->list);
b644ba33
JH		 1409 if (name)
1410 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1411 e->data.rssi, name, name_len);
30dc78e1
JH		 1412 }
1413
b644ba33 1414 if (hci_resolve_next_name(hdev))
30dc78e1 1415 return;
30dc78e1
JH		 1416
1417discov_complete:
1418 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1419}
1420
a9de9248
MH		 1421static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1422{
127178d2
JH		 1423 struct hci_cp_remote_name_req *cp;
1424 struct hci_conn *conn;
1425
a9de9248 1426 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1427
1428 /* If successful wait for the name req complete event before
1429 * checking for the need to do authentication */
1430 if (!status)
1431 return;
1432
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1434 if (!cp)
1435 return;
1436
1437 hci_dev_lock(hdev);
1438
b644ba33
JH		 1439 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1440
a8b2d5c2 1441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1442 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1443
79c6c70c
JH		 1444 if (!conn)
1445 goto unlock;
1446
1447 if (!hci_outgoing_auth_needed(hdev, conn))
1448 goto unlock;
1449
51a8efd7 1450 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1451 struct hci_cp_auth_requested cp;
1452 cp.handle = __cpu_to_le16(conn->handle);
1453 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1454 }
1455
79c6c70c 1456unlock:
127178d2 1457 hci_dev_unlock(hdev);
a9de9248 1458}
1da177e4 1459
769be974
MH		 1460static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1461{
1462 struct hci_cp_read_remote_features *cp;
1463 struct hci_conn *conn;
1464
1465 BT_DBG("%s status 0x%x", hdev->name, status);
1466
1467 if (!status)
1468 return;
1469
1470 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1471 if (!cp)
1472 return;
1473
1474 hci_dev_lock(hdev);
1475
1476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1477 if (conn) {
1478 if (conn->state == BT_CONFIG) {
769be974
MH		 1479 hci_proto_connect_cfm(conn, status);
1480 hci_conn_put(conn);
1481 }
1482 }
1483
1484 hci_dev_unlock(hdev);
1485}
1486
1487static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1488{
1489 struct hci_cp_read_remote_ext_features *cp;
1490 struct hci_conn *conn;
1491
1492 BT_DBG("%s status 0x%x", hdev->name, status);
1493
1494 if (!status)
1495 return;
1496
1497 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1498 if (!cp)
1499 return;
1500
1501 hci_dev_lock(hdev);
1502
1503 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1504 if (conn) {
1505 if (conn->state == BT_CONFIG) {
769be974
MH		 1506 hci_proto_connect_cfm(conn, status);
1507 hci_conn_put(conn);
1508 }
1509 }
1510
1511 hci_dev_unlock(hdev);
1512}
1513
a9de9248
MH		 1514static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1515{
b6a0dc82
MH		 1516 struct hci_cp_setup_sync_conn *cp;
1517 struct hci_conn *acl, *sco;
1518 __u16 handle;
1519
a9de9248 1520 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1521
1522 if (!status)
1523 return;
1524
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1526 if (!cp)
1527 return;
1528
1529 handle = __le16_to_cpu(cp->handle);
1530
1531 BT_DBG("%s handle %d", hdev->name, handle);
1532
1533 hci_dev_lock(hdev);
1534
1535 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1536 if (acl) {
1537 sco = acl->link;
1538 if (sco) {
1539 sco->state = BT_CLOSED;
b6a0dc82 1540
5a08ecce
AE		 1541 hci_proto_connect_cfm(sco, status);
1542 hci_conn_del(sco);
1543 }
b6a0dc82
MH		 1544 }
1545
1546 hci_dev_unlock(hdev);
1da177e4
LT		 1547}
1548
a9de9248 1549static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1550{
a9de9248
MH		 1551 struct hci_cp_sniff_mode *cp;
1552 struct hci_conn *conn;
1da177e4 1553
a9de9248 1554 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1555
a9de9248
MH		 1556 if (!status)
1557 return;
04837f64 1558
a9de9248
MH		 1559 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1560 if (!cp)
1561 return;
04837f64 1562
a9de9248 1563 hci_dev_lock(hdev);
04837f64 1564
a9de9248 1565 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1566 if (conn) {
51a8efd7 1567 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1568
51a8efd7 1569 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1570 hci_sco_setup(conn, status);
1571 }
1572
a9de9248
MH		 1573 hci_dev_unlock(hdev);
1574}
04837f64 1575
a9de9248
MH		 1576static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1577{
1578 struct hci_cp_exit_sniff_mode *cp;
1579 struct hci_conn *conn;
04837f64 1580
a9de9248 1581 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1582
a9de9248
MH		 1583 if (!status)
1584 return;
04837f64 1585
a9de9248
MH		 1586 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1587 if (!cp)
1588 return;
04837f64 1589
a9de9248 1590 hci_dev_lock(hdev);
1da177e4 1591
a9de9248 1592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1593 if (conn) {
51a8efd7 1594 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1595
51a8efd7 1596 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1597 hci_sco_setup(conn, status);
1598 }
1599
a9de9248 1600 hci_dev_unlock(hdev);
1da177e4
LT		 1601}
1602
88c3df13
JH		 1603static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1604{
1605 struct hci_cp_disconnect *cp;
1606 struct hci_conn *conn;
1607
1608 if (!status)
1609 return;
1610
1611 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1612 if (!cp)
1613 return;
1614
1615 hci_dev_lock(hdev);
1616
1617 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1618 if (conn)
1619 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1620 conn->dst_type, status);
88c3df13
JH		 1621
1622 hci_dev_unlock(hdev);
1623}
1624
fcd89c09
VT		 1625static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1626{
1627 struct hci_cp_le_create_conn *cp;
1628 struct hci_conn *conn;
1629
1630 BT_DBG("%s status 0x%x", hdev->name, status);
1631
1632 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1633 if (!cp)
1634 return;
1635
1636 hci_dev_lock(hdev);
1637
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1639
1640 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
807deac2 1641 conn);
fcd89c09
VT		 1642
1643 if (status) {
1644 if (conn && conn->state == BT_CONNECT) {
1645 conn->state = BT_CLOSED;
328c9248
HG		 1646 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1647 conn->dst_type, status);
fcd89c09
VT		 1648 hci_proto_connect_cfm(conn, status);
1649 hci_conn_del(conn);
1650 }
1651 } else {
1652 if (!conn) {
1653 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1654 if (conn) {
1655 conn->dst_type = cp->peer_addr_type;
a0c808b3 1656 conn->out = true;
29b7988a 1657 } else {
fcd89c09 1658 BT_ERR("No memory for new connection");
29b7988a 1659 }
fcd89c09
VT		 1660 }
1661 }
1662
1663 hci_dev_unlock(hdev);
1664}
1665
a7a595f6
VCG		 1666static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1667{
1668 BT_DBG("%s status 0x%x", hdev->name, status);
1669}
1670
6039aa73 1671static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1672{
1673 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1674 struct discovery_state *discov = &hdev->discovery;
1675 struct inquiry_entry *e;
1da177e4
LT		 1676
1677 BT_DBG("%s status %d", hdev->name, status);
1678
23bb5763 1679 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1680
a9de9248 1681 hci_conn_check_pending(hdev);
89352e7d
AG		 1682
1683 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1684 return;
1685
a8b2d5c2 1686 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1687 return;
1688
56e5cb86 1689 hci_dev_lock(hdev);
30dc78e1 1690
343f935b 1691 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1692 goto unlock;
1693
1694 if (list_empty(&discov->resolve)) {
1695 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1696 goto unlock;
1697 }
1698
1699 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1700 if (e && hci_resolve_name(hdev, e) == 0) {
1701 e->name_state = NAME_PENDING;
1702 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1703 } else {
1704 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1705 }
1706
1707unlock:
56e5cb86 1708 hci_dev_unlock(hdev);
1da177e4
LT		 1709}
1710
6039aa73 1711static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1712{
45bb4bf0 1713 struct inquiry_data data;
a9de9248 1714 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1715 int num_rsp = *((__u8 *) skb->data);
1716
1717 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1718
45bb4bf0
MH		 1719 if (!num_rsp)
1720 return;
1721
1519cc17
AG		 1722 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1723 return;
1724
1da177e4 1725 hci_dev_lock(hdev);
45bb4bf0 1726
e17acd40 1727 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1728 bool name_known, ssp;
3175405b 1729
1da177e4
LT		 1730 bacpy(&data.bdaddr, &info->bdaddr);
1731 data.pscan_rep_mode = info->pscan_rep_mode;
1732 data.pscan_period_mode = info->pscan_period_mode;
1733 data.pscan_mode = info->pscan_mode;
1734 memcpy(data.dev_class, info->dev_class, 3);
1735 data.clock_offset = info->clock_offset;
1736 data.rssi = 0x00;
41a96212 1737 data.ssp_mode = 0x00;
3175405b 1738
388fc8fa 1739 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1740 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1741 info->dev_class, 0, !name_known, ssp, NULL,
1742 0);
1da177e4 1743 }
45bb4bf0 1744
1da177e4
LT		 1745 hci_dev_unlock(hdev);
1746}
1747
6039aa73 1748static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1749{
a9de9248
MH		 1750 struct hci_ev_conn_complete *ev = (void *) skb->data;
1751 struct hci_conn *conn;
1da177e4
LT		 1752
1753 BT_DBG("%s", hdev->name);
1754
1755 hci_dev_lock(hdev);
1756
1757 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1758 if (!conn) {
1759 if (ev->link_type != SCO_LINK)
1760 goto unlock;
1761
1762 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1763 if (!conn)
1764 goto unlock;
1765
1766 conn->type = SCO_LINK;
1767 }
1da177e4
LT		 1768
1769 if (!ev->status) {
1770 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1771
1772 if (conn->type == ACL_LINK) {
1773 conn->state = BT_CONFIG;
1774 hci_conn_hold(conn);
052b30b0 1775 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1776 } else
1777 conn->state = BT_CONNECTED;
1da177e4 1778
9eba32b8 1779 hci_conn_hold_device(conn);
7d0db0a3
MH		 1780 hci_conn_add_sysfs(conn);
1781
1da177e4
LT		 1782 if (test_bit(HCI_AUTH, &hdev->flags))
1783 conn->link_mode |= HCI_LM_AUTH;
1784
1785 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1786 conn->link_mode |= HCI_LM_ENCRYPT;
1787
04837f64
MH		 1788 /* Get remote features */
1789 if (conn->type == ACL_LINK) {
1790 struct hci_cp_read_remote_features cp;
1791 cp.handle = ev->handle;
769be974 1792 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1793 sizeof(cp), &cp);
04837f64
MH		 1794 }
1795
1da177e4 1796 /* Set packet type for incoming connection */
d095c1eb 1797 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1798 struct hci_cp_change_conn_ptype cp;
1799 cp.handle = ev->handle;
a8746417 1800 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1801 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1802 &cp);
1da177e4 1803 }
17d5c04c 1804 } else {
1da177e4 1805 conn->state = BT_CLOSED;
17d5c04c 1806 if (conn->type == ACL_LINK)
744cf19e 1807 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1808 conn->dst_type, ev->status);
17d5c04c 1809 }
1da177e4 1810
e73439d8
MH		 1811 if (conn->type == ACL_LINK)
1812 hci_sco_setup(conn, ev->status);
1da177e4 1813
769be974
MH		 1814 if (ev->status) {
1815 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1816 hci_conn_del(conn);
c89b6e6b
MH		 1817 } else if (ev->link_type != ACL_LINK)
1818 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1819
a9de9248 1820unlock:
1da177e4 1821 hci_dev_unlock(hdev);
1da177e4 1822
a9de9248 1823 hci_conn_check_pending(hdev);
1da177e4
LT		 1824}
1825
6039aa73 1826static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1827{
a9de9248
MH		 1828 struct hci_ev_conn_request *ev = (void *) skb->data;
1829 int mask = hdev->link_mode;
1da177e4 1830
807deac2
GP		 1831 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1832 ev->link_type);
1da177e4 1833
a9de9248 1834 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1835
138d22ef 1836 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1837 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1838 /* Connection accepted */
c7bdd502 1839 struct inquiry_entry *ie;
1da177e4 1840 struct hci_conn *conn;
1da177e4 1841
a9de9248 1842 hci_dev_lock(hdev);
b6a0dc82 1843
cc11b9c1
AE		 1844 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1845 if (ie)
c7bdd502
MH		 1846 memcpy(ie->data.dev_class, ev->dev_class, 3);
1847
a9de9248
MH		 1848 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1849 if (!conn) {
cc11b9c1
AE		 1850 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1851 if (!conn) {
893ef971 1852 BT_ERR("No memory for new connection");
a9de9248
MH		 1853 hci_dev_unlock(hdev);
1854 return;
1da177e4
LT		 1855 }
1856 }
b6a0dc82 1857
a9de9248
MH		 1858 memcpy(conn->dev_class, ev->dev_class, 3);
1859 conn->state = BT_CONNECT;
b6a0dc82 1860
a9de9248 1861 hci_dev_unlock(hdev);
1da177e4 1862
b6a0dc82
MH		 1863 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1864 struct hci_cp_accept_conn_req cp;
1da177e4 1865
b6a0dc82
MH		 1866 bacpy(&cp.bdaddr, &ev->bdaddr);
1867
1868 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1869 cp.role = 0x00; /* Become master */
1870 else
1871 cp.role = 0x01; /* Remain slave */
1872
04124681
GP		 1873 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1874 &cp);
b6a0dc82
MH		 1875 } else {
1876 struct hci_cp_accept_sync_conn_req cp;
1877
1878 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1879 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1880
1881 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1882 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1883 cp.max_latency = cpu_to_le16(0xffff);
1884 cp.content_format = cpu_to_le16(hdev->voice_setting);
1885 cp.retrans_effort = 0xff;
1da177e4 1886
b6a0dc82 1887 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1888 sizeof(cp), &cp);
b6a0dc82 1889 }
a9de9248
MH		 1890 } else {
1891 /* Connection rejected */
1892 struct hci_cp_reject_conn_req cp;
1da177e4 1893
a9de9248 1894 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1895 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1896 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1897 }
1da177e4
LT		 1898}
1899
6039aa73 1900static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1901{
a9de9248 1902 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1903 struct hci_conn *conn;
1904
1905 BT_DBG("%s status %d", hdev->name, ev->status);
1906
1907 hci_dev_lock(hdev);
1908
1909 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1910 if (!conn)
1911 goto unlock;
7d0db0a3 1912
37d9ef76
JH		 1913 if (ev->status == 0)
1914 conn->state = BT_CLOSED;
04837f64 1915
b644ba33 1916 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1917 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1918 if (ev->status != 0)
88c3df13 1919 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1920 conn->dst_type, ev->status);
37d9ef76 1921 else
afc747a6 1922 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1923 conn->dst_type);
37d9ef76 1924 }
f7520543 1925
37d9ef76 1926 if (ev->status == 0) {
6ec5bcad
VA		 1927 if (conn->type == ACL_LINK && conn->flush_key)
1928 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1929 hci_proto_disconn_cfm(conn, ev->reason);
1930 hci_conn_del(conn);
1931 }
f7520543
JH		 1932
1933unlock:
04837f64
MH		 1934 hci_dev_unlock(hdev);
1935}
1936
6039aa73 1937static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1938{
a9de9248 1939 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1940 struct hci_conn *conn;
1da177e4
LT		 1941
1942 BT_DBG("%s status %d", hdev->name, ev->status);
1943
1944 hci_dev_lock(hdev);
1945
04837f64 1946 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1947 if (!conn)
1948 goto unlock;
1949
1950 if (!ev->status) {
aa64a8b5 1951 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1952 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1953 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1954 } else {
d7556e20
WR		 1955 conn->link_mode |= HCI_LM_AUTH;
1956 conn->sec_level = conn->pending_sec_level;
2a611692 1957 }
d7556e20 1958 } else {
bab73cb6 1959 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1960 ev->status);
d7556e20 1961 }
1da177e4 1962
51a8efd7
JH		 1963 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1964 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1965
d7556e20 1966 if (conn->state == BT_CONFIG) {
aa64a8b5 1967 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1968 struct hci_cp_set_conn_encrypt cp;
1969 cp.handle = ev->handle;
1970 cp.encrypt = 0x01;
1971 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1972 &cp);
052b30b0 1973 } else {
d7556e20
WR		 1974 conn->state = BT_CONNECTED;
1975 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1976 hci_conn_put(conn);
1977 }
d7556e20
WR		 1978 } else {
1979 hci_auth_cfm(conn, ev->status);
052b30b0 1980
d7556e20
WR		 1981 hci_conn_hold(conn);
1982 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1983 hci_conn_put(conn);
1984 }
1985
51a8efd7 1986 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1987 if (!ev->status) {
1988 struct hci_cp_set_conn_encrypt cp;
1989 cp.handle = ev->handle;
1990 cp.encrypt = 0x01;
1991 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1992 &cp);
d7556e20 1993 } else {
51a8efd7 1994 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1995 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1996 }
1997 }
1998
d7556e20 1999unlock:
1da177e4
LT		 2000 hci_dev_unlock(hdev);
2001}
2002
6039aa73 2003static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2004{
127178d2
JH		 2005 struct hci_ev_remote_name *ev = (void *) skb->data;
2006 struct hci_conn *conn;
2007
a9de9248 2008 BT_DBG("%s", hdev->name);
1da177e4 2009
a9de9248 2010 hci_conn_check_pending(hdev);
127178d2
JH		 2011
2012 hci_dev_lock(hdev);
2013
b644ba33 2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2015
b644ba33
JH		 2016 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2017 goto check_auth;
a88a9652 2018
b644ba33
JH		 2019 if (ev->status == 0)
2020 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2021 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2022 else
2023 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2024
2025check_auth:
79c6c70c
JH		 2026 if (!conn)
2027 goto unlock;
2028
2029 if (!hci_outgoing_auth_needed(hdev, conn))
2030 goto unlock;
2031
51a8efd7 2032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2033 struct hci_cp_auth_requested cp;
2034 cp.handle = __cpu_to_le16(conn->handle);
2035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2036 }
2037
79c6c70c 2038unlock:
127178d2 2039 hci_dev_unlock(hdev);
a9de9248
MH		 2040}
2041
6039aa73 2042static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2043{
2044 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2045 struct hci_conn *conn;
2046
2047 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2048
2049 hci_dev_lock(hdev);
2050
04837f64 2051 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2052 if (conn) {
2053 if (!ev->status) {
ae293196
MH		 2054 if (ev->encrypt) {
2055 /* Encryption implies authentication */
2056 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2057 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2058 conn->sec_level = conn->pending_sec_level;
ae293196 2059 } else
1da177e4
LT		 2060 conn->link_mode &= ~HCI_LM_ENCRYPT;
2061 }
2062
51a8efd7 2063 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2064
a7d7723a 2065 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2066 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2067 hci_conn_put(conn);
2068 goto unlock;
2069 }
2070
f8558555
MH		 2071 if (conn->state == BT_CONFIG) {
2072 if (!ev->status)
2073 conn->state = BT_CONNECTED;
2074
2075 hci_proto_connect_cfm(conn, ev->status);
2076 hci_conn_put(conn);
2077 } else
2078 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2079 }
2080
a7d7723a 2081unlock:
1da177e4
LT		 2082 hci_dev_unlock(hdev);
2083}
2084
6039aa73
GP		 2085static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2086 struct sk_buff *skb)
1da177e4 2087{
a9de9248 2088 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2089 struct hci_conn *conn;
1da177e4
LT		 2090
2091 BT_DBG("%s status %d", hdev->name, ev->status);
2092
2093 hci_dev_lock(hdev);
2094
04837f64 2095 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2096 if (conn) {
2097 if (!ev->status)
2098 conn->link_mode |= HCI_LM_SECURE;
2099
51a8efd7 2100 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2101
2102 hci_key_change_cfm(conn, ev->status);
2103 }
2104
2105 hci_dev_unlock(hdev);
2106}
2107
6039aa73
GP		 2108static void hci_remote_features_evt(struct hci_dev *hdev,
2109 struct sk_buff *skb)
1da177e4 2110{
a9de9248
MH		 2111 struct hci_ev_remote_features *ev = (void *) skb->data;
2112 struct hci_conn *conn;
2113
2114 BT_DBG("%s status %d", hdev->name, ev->status);
2115
a9de9248
MH		 2116 hci_dev_lock(hdev);
2117
2118 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2119 if (!conn)
2120 goto unlock;
769be974 2121
ccd556fe
JH		 2122 if (!ev->status)
2123 memcpy(conn->features, ev->features, 8);
2124
2125 if (conn->state != BT_CONFIG)
2126 goto unlock;
2127
2128 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2129 struct hci_cp_read_remote_ext_features cp;
2130 cp.handle = ev->handle;
2131 cp.page = 0x01;
2132 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2133 sizeof(cp), &cp);
392599b9
JH		 2134 goto unlock;
2135 }
2136
671267bf 2137 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2138 struct hci_cp_remote_name_req cp;
2139 memset(&cp, 0, sizeof(cp));
2140 bacpy(&cp.bdaddr, &conn->dst);
2141 cp.pscan_rep_mode = 0x02;
2142 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2143 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2144 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2145 conn->dst_type, 0, NULL, 0,
2146 conn->dev_class);
392599b9 2147
127178d2 2148 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2149 conn->state = BT_CONNECTED;
2150 hci_proto_connect_cfm(conn, ev->status);
2151 hci_conn_put(conn);
769be974 2152 }
a9de9248 2153
ccd556fe 2154unlock:
a9de9248 2155 hci_dev_unlock(hdev);
1da177e4
LT		 2156}
2157
6039aa73 2158static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2159{
a9de9248 2160 BT_DBG("%s", hdev->name);
1da177e4
LT		 2161}
2162
6039aa73
GP		 2163static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2164 struct sk_buff *skb)
1da177e4 2165{
a9de9248 2166 BT_DBG("%s", hdev->name);
1da177e4
LT		 2167}
2168
6039aa73 2169static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2170{
2171 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2172 __u16 opcode;
2173
2174 skb_pull(skb, sizeof(*ev));
2175
2176 opcode = __le16_to_cpu(ev->opcode);
2177
2178 switch (opcode) {
2179 case HCI_OP_INQUIRY_CANCEL:
2180 hci_cc_inquiry_cancel(hdev, skb);
2181 break;
2182
4d93483b
AG		 2183 case HCI_OP_PERIODIC_INQ:
2184 hci_cc_periodic_inq(hdev, skb);
2185 break;
2186
a9de9248
MH		 2187 case HCI_OP_EXIT_PERIODIC_INQ:
2188 hci_cc_exit_periodic_inq(hdev, skb);
2189 break;
2190
2191 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2192 hci_cc_remote_name_req_cancel(hdev, skb);
2193 break;
2194
2195 case HCI_OP_ROLE_DISCOVERY:
2196 hci_cc_role_discovery(hdev, skb);
2197 break;
2198
e4e8e37c
MH		 2199 case HCI_OP_READ_LINK_POLICY:
2200 hci_cc_read_link_policy(hdev, skb);
2201 break;
2202
a9de9248
MH		 2203 case HCI_OP_WRITE_LINK_POLICY:
2204 hci_cc_write_link_policy(hdev, skb);
2205 break;
2206
e4e8e37c
MH		 2207 case HCI_OP_READ_DEF_LINK_POLICY:
2208 hci_cc_read_def_link_policy(hdev, skb);
2209 break;
2210
2211 case HCI_OP_WRITE_DEF_LINK_POLICY:
2212 hci_cc_write_def_link_policy(hdev, skb);
2213 break;
2214
a9de9248
MH		 2215 case HCI_OP_RESET:
2216 hci_cc_reset(hdev, skb);
2217 break;
2218
2219 case HCI_OP_WRITE_LOCAL_NAME:
2220 hci_cc_write_local_name(hdev, skb);
2221 break;
2222
2223 case HCI_OP_READ_LOCAL_NAME:
2224 hci_cc_read_local_name(hdev, skb);
2225 break;
2226
2227 case HCI_OP_WRITE_AUTH_ENABLE:
2228 hci_cc_write_auth_enable(hdev, skb);
2229 break;
2230
2231 case HCI_OP_WRITE_ENCRYPT_MODE:
2232 hci_cc_write_encrypt_mode(hdev, skb);
2233 break;
2234
2235 case HCI_OP_WRITE_SCAN_ENABLE:
2236 hci_cc_write_scan_enable(hdev, skb);
2237 break;
2238
2239 case HCI_OP_READ_CLASS_OF_DEV:
2240 hci_cc_read_class_of_dev(hdev, skb);
2241 break;
2242
2243 case HCI_OP_WRITE_CLASS_OF_DEV:
2244 hci_cc_write_class_of_dev(hdev, skb);
2245 break;
2246
2247 case HCI_OP_READ_VOICE_SETTING:
2248 hci_cc_read_voice_setting(hdev, skb);
2249 break;
2250
2251 case HCI_OP_WRITE_VOICE_SETTING:
2252 hci_cc_write_voice_setting(hdev, skb);
2253 break;
2254
2255 case HCI_OP_HOST_BUFFER_SIZE:
2256 hci_cc_host_buffer_size(hdev, skb);
2257 break;
2258
333140b5
MH		 2259 case HCI_OP_WRITE_SSP_MODE:
2260 hci_cc_write_ssp_mode(hdev, skb);
2261 break;
2262
a9de9248
MH		 2263 case HCI_OP_READ_LOCAL_VERSION:
2264 hci_cc_read_local_version(hdev, skb);
2265 break;
2266
2267 case HCI_OP_READ_LOCAL_COMMANDS:
2268 hci_cc_read_local_commands(hdev, skb);
2269 break;
2270
2271 case HCI_OP_READ_LOCAL_FEATURES:
2272 hci_cc_read_local_features(hdev, skb);
2273 break;
2274
971e3a4b
AG		 2275 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2276 hci_cc_read_local_ext_features(hdev, skb);
2277 break;
2278
a9de9248
MH		 2279 case HCI_OP_READ_BUFFER_SIZE:
2280 hci_cc_read_buffer_size(hdev, skb);
2281 break;
2282
2283 case HCI_OP_READ_BD_ADDR:
2284 hci_cc_read_bd_addr(hdev, skb);
2285 break;
2286
350ee4cf
AE		 2287 case HCI_OP_READ_DATA_BLOCK_SIZE:
2288 hci_cc_read_data_block_size(hdev, skb);
2289 break;
2290
23bb5763
JH		 2291 case HCI_OP_WRITE_CA_TIMEOUT:
2292 hci_cc_write_ca_timeout(hdev, skb);
2293 break;
2294
1e89cffb
AE		 2295 case HCI_OP_READ_FLOW_CONTROL_MODE:
2296 hci_cc_read_flow_control_mode(hdev, skb);
2297 break;
2298
928abaa7
AE		 2299 case HCI_OP_READ_LOCAL_AMP_INFO:
2300 hci_cc_read_local_amp_info(hdev, skb);
2301 break;
2302
b0916ea0
JH		 2303 case HCI_OP_DELETE_STORED_LINK_KEY:
2304 hci_cc_delete_stored_link_key(hdev, skb);
2305 break;
2306
d5859e22
JH		 2307 case HCI_OP_SET_EVENT_MASK:
2308 hci_cc_set_event_mask(hdev, skb);
2309 break;
2310
2311 case HCI_OP_WRITE_INQUIRY_MODE:
2312 hci_cc_write_inquiry_mode(hdev, skb);
2313 break;
2314
2315 case HCI_OP_READ_INQ_RSP_TX_POWER:
2316 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2317 break;
2318
2319 case HCI_OP_SET_EVENT_FLT:
2320 hci_cc_set_event_flt(hdev, skb);
2321 break;
2322
980e1a53
JH		 2323 case HCI_OP_PIN_CODE_REPLY:
2324 hci_cc_pin_code_reply(hdev, skb);
2325 break;
2326
2327 case HCI_OP_PIN_CODE_NEG_REPLY:
2328 hci_cc_pin_code_neg_reply(hdev, skb);
2329 break;
2330
c35938b2
SJ		 2331 case HCI_OP_READ_LOCAL_OOB_DATA:
2332 hci_cc_read_local_oob_data_reply(hdev, skb);
2333 break;
2334
6ed58ec5
VT		 2335 case HCI_OP_LE_READ_BUFFER_SIZE:
2336 hci_cc_le_read_buffer_size(hdev, skb);
2337 break;
2338
a5c29683
JH		 2339 case HCI_OP_USER_CONFIRM_REPLY:
2340 hci_cc_user_confirm_reply(hdev, skb);
2341 break;
2342
2343 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2344 hci_cc_user_confirm_neg_reply(hdev, skb);
2345 break;
2346
1143d458
BG		 2347 case HCI_OP_USER_PASSKEY_REPLY:
2348 hci_cc_user_passkey_reply(hdev, skb);
2349 break;
2350
2351 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2352 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2353 break;
07f7fa5d
AG		 2354
2355 case HCI_OP_LE_SET_SCAN_PARAM:
2356 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2357 break;
2358
eb9d91f5
AG		 2359 case HCI_OP_LE_SET_SCAN_ENABLE:
2360 hci_cc_le_set_scan_enable(hdev, skb);
2361 break;
2362
a7a595f6
VCG		 2363 case HCI_OP_LE_LTK_REPLY:
2364 hci_cc_le_ltk_reply(hdev, skb);
2365 break;
2366
2367 case HCI_OP_LE_LTK_NEG_REPLY:
2368 hci_cc_le_ltk_neg_reply(hdev, skb);
2369 break;
2370
f9b49306
AG		 2371 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2372 hci_cc_write_le_host_supported(hdev, skb);
2373 break;
2374
a9de9248
MH		 2375 default:
2376 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2377 break;
2378 }
2379
6bd32326
VT		 2380 if (ev->opcode != HCI_OP_NOP)
2381 del_timer(&hdev->cmd_timer);
2382
a9de9248
MH		 2383 if (ev->ncmd) {
2384 atomic_set(&hdev->cmd_cnt, 1);
2385 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2386 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2387 }
2388}
2389
6039aa73 2390static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2391{
2392 struct hci_ev_cmd_status *ev = (void *) skb->data;
2393 __u16 opcode;
2394
2395 skb_pull(skb, sizeof(*ev));
2396
2397 opcode = __le16_to_cpu(ev->opcode);
2398
2399 switch (opcode) {
2400 case HCI_OP_INQUIRY:
2401 hci_cs_inquiry(hdev, ev->status);
2402 break;
2403
2404 case HCI_OP_CREATE_CONN:
2405 hci_cs_create_conn(hdev, ev->status);
2406 break;
2407
2408 case HCI_OP_ADD_SCO:
2409 hci_cs_add_sco(hdev, ev->status);
2410 break;
2411
f8558555
MH		 2412 case HCI_OP_AUTH_REQUESTED:
2413 hci_cs_auth_requested(hdev, ev->status);
2414 break;
2415
2416 case HCI_OP_SET_CONN_ENCRYPT:
2417 hci_cs_set_conn_encrypt(hdev, ev->status);
2418 break;
2419
a9de9248
MH		 2420 case HCI_OP_REMOTE_NAME_REQ:
2421 hci_cs_remote_name_req(hdev, ev->status);
2422 break;
2423
769be974
MH		 2424 case HCI_OP_READ_REMOTE_FEATURES:
2425 hci_cs_read_remote_features(hdev, ev->status);
2426 break;
2427
2428 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2429 hci_cs_read_remote_ext_features(hdev, ev->status);
2430 break;
2431
a9de9248
MH		 2432 case HCI_OP_SETUP_SYNC_CONN:
2433 hci_cs_setup_sync_conn(hdev, ev->status);
2434 break;
2435
2436 case HCI_OP_SNIFF_MODE:
2437 hci_cs_sniff_mode(hdev, ev->status);
2438 break;
2439
2440 case HCI_OP_EXIT_SNIFF_MODE:
2441 hci_cs_exit_sniff_mode(hdev, ev->status);
2442 break;
2443
8962ee74 2444 case HCI_OP_DISCONNECT:
88c3df13 2445 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2446 break;
2447
fcd89c09
VT		 2448 case HCI_OP_LE_CREATE_CONN:
2449 hci_cs_le_create_conn(hdev, ev->status);
2450 break;
2451
a7a595f6
VCG		 2452 case HCI_OP_LE_START_ENC:
2453 hci_cs_le_start_enc(hdev, ev->status);
2454 break;
2455
a9de9248
MH		 2456 default:
2457 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2458 break;
2459 }
2460
6bd32326
VT		 2461 if (ev->opcode != HCI_OP_NOP)
2462 del_timer(&hdev->cmd_timer);
2463
10572132 2464 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2465 atomic_set(&hdev->cmd_cnt, 1);
2466 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2467 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2468 }
2469}
2470
6039aa73 2471static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2472{
2473 struct hci_ev_role_change *ev = (void *) skb->data;
2474 struct hci_conn *conn;
2475
2476 BT_DBG("%s status %d", hdev->name, ev->status);
2477
2478 hci_dev_lock(hdev);
2479
2480 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2481 if (conn) {
2482 if (!ev->status) {
2483 if (ev->role)
2484 conn->link_mode &= ~HCI_LM_MASTER;
2485 else
2486 conn->link_mode |= HCI_LM_MASTER;
2487 }
2488
51a8efd7 2489 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2490
2491 hci_role_switch_cfm(conn, ev->status, ev->role);
2492 }
2493
2494 hci_dev_unlock(hdev);
2495}
2496
6039aa73 2497static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2498{
2499 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2500 int i;
2501
32ac5b9b
AE		 2502 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2503 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2504 return;
2505 }
2506
c5993de8 2507 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2508 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2509 BT_DBG("%s bad parameters", hdev->name);
2510 return;
2511 }
2512
c5993de8
AE		 2513 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2514
613a1c0c
AE		 2515 for (i = 0; i < ev->num_hndl; i++) {
2516 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2517 struct hci_conn *conn;
2518 __u16 handle, count;
2519
613a1c0c
AE		 2520 handle = __le16_to_cpu(info->handle);
2521 count = __le16_to_cpu(info->count);
a9de9248
MH		 2522
2523 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2524 if (!conn)
2525 continue;
2526
2527 conn->sent -= count;
2528
2529 switch (conn->type) {
2530 case ACL_LINK:
2531 hdev->acl_cnt += count;
2532 if (hdev->acl_cnt > hdev->acl_pkts)
2533 hdev->acl_cnt = hdev->acl_pkts;
2534 break;
2535
2536 case LE_LINK:
2537 if (hdev->le_pkts) {
2538 hdev->le_cnt += count;
2539 if (hdev->le_cnt > hdev->le_pkts)
2540 hdev->le_cnt = hdev->le_pkts;
2541 } else {
70f23020
AE		 2542 hdev->acl_cnt += count;
2543 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2544 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2545 }
f4280918
AE		 2546 break;
2547
2548 case SCO_LINK:
2549 hdev->sco_cnt += count;
2550 if (hdev->sco_cnt > hdev->sco_pkts)
2551 hdev->sco_cnt = hdev->sco_pkts;
2552 break;
2553
2554 default:
2555 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2556 break;
a9de9248
MH		 2557 }
2558 }
2559
3eff45ea 2560 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2561}
2562
6039aa73 2563static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2564{
2565 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2566 int i;
2567
2568 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2569 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2570 return;
2571 }
2572
2573 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2574 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2575 BT_DBG("%s bad parameters", hdev->name);
2576 return;
2577 }
2578
2579 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2580 ev->num_hndl);
25e89e99
AE		 2581
2582 for (i = 0; i < ev->num_hndl; i++) {
2583 struct hci_comp_blocks_info *info = &ev->handles[i];
2584 struct hci_conn *conn;
2585 __u16 handle, block_count;
2586
2587 handle = __le16_to_cpu(info->handle);
2588 block_count = __le16_to_cpu(info->blocks);
2589
2590 conn = hci_conn_hash_lookup_handle(hdev, handle);
2591 if (!conn)
2592 continue;
2593
2594 conn->sent -= block_count;
2595
2596 switch (conn->type) {
2597 case ACL_LINK:
2598 hdev->block_cnt += block_count;
2599 if (hdev->block_cnt > hdev->num_blocks)
2600 hdev->block_cnt = hdev->num_blocks;
2601 break;
2602
2603 default:
2604 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2605 break;
2606 }
2607 }
2608
2609 queue_work(hdev->workqueue, &hdev->tx_work);
2610}
2611
6039aa73 2612static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2613{
a9de9248 2614 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2615 struct hci_conn *conn;
2616
2617 BT_DBG("%s status %d", hdev->name, ev->status);
2618
2619 hci_dev_lock(hdev);
2620
2621 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2622 if (conn) {
2623 conn->mode = ev->mode;
2624 conn->interval = __le16_to_cpu(ev->interval);
2625
51a8efd7 2626 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2627 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2628 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2629 else
58a681ef 2630 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2631 }
e73439d8 2632
51a8efd7 2633 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2634 hci_sco_setup(conn, ev->status);
04837f64
MH		 2635 }
2636
2637 hci_dev_unlock(hdev);
2638}
2639
6039aa73 2640static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2641{
052b30b0
MH		 2642 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2643 struct hci_conn *conn;
2644
a9de9248 2645 BT_DBG("%s", hdev->name);
052b30b0
MH		 2646
2647 hci_dev_lock(hdev);
2648
2649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2650 if (!conn)
2651 goto unlock;
2652
2653 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2654 hci_conn_hold(conn);
2655 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2656 hci_conn_put(conn);
2657 }
2658
a8b2d5c2 2659 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2660 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2661 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2662 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2663 u8 secure;
2664
2665 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2666 secure = 1;
2667 else
2668 secure = 0;
2669
744cf19e 2670 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2671 }
980e1a53 2672
b6f98044 2673unlock:
052b30b0 2674 hci_dev_unlock(hdev);
a9de9248
MH		 2675}
2676
6039aa73 2677static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2678{
55ed8ca1
JH		 2679 struct hci_ev_link_key_req *ev = (void *) skb->data;
2680 struct hci_cp_link_key_reply cp;
2681 struct hci_conn *conn;
2682 struct link_key *key;
2683
a9de9248 2684 BT_DBG("%s", hdev->name);
55ed8ca1 2685
a8b2d5c2 2686 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2687 return;
2688
2689 hci_dev_lock(hdev);
2690
2691 key = hci_find_link_key(hdev, &ev->bdaddr);
2692 if (!key) {
2693 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2694 batostr(&ev->bdaddr));
55ed8ca1
JH		 2695 goto not_found;
2696 }
2697
2698 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2699 batostr(&ev->bdaddr));
55ed8ca1 2700
a8b2d5c2 2701 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2702 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2703 BT_DBG("%s ignoring debug key", hdev->name);
2704 goto not_found;
2705 }
2706
2707 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2708 if (conn) {
2709 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2710 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2711 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2712 goto not_found;
2713 }
55ed8ca1 2714
60b83f57 2715 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2716 conn->pending_sec_level == BT_SECURITY_HIGH) {
60b83f57 2717 BT_DBG("%s ignoring key unauthenticated for high \
807deac2 2718 security", hdev->name);
60b83f57
WR		 2719 goto not_found;
2720 }
2721
2722 conn->key_type = key->type;
2723 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2724 }
2725
2726 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2727 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2728
2729 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2730
2731 hci_dev_unlock(hdev);
2732
2733 return;
2734
2735not_found:
2736 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2737 hci_dev_unlock(hdev);
a9de9248
MH		 2738}
2739
6039aa73 2740static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2741{
052b30b0
MH		 2742 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2743 struct hci_conn *conn;
55ed8ca1 2744 u8 pin_len = 0;
052b30b0 2745
a9de9248 2746 BT_DBG("%s", hdev->name);
052b30b0
MH		 2747
2748 hci_dev_lock(hdev);
2749
2750 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2751 if (conn) {
2752 hci_conn_hold(conn);
2753 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2754 pin_len = conn->pin_length;
13d39315
WR		 2755
2756 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2757 conn->key_type = ev->key_type;
2758
052b30b0
MH		 2759 hci_conn_put(conn);
2760 }
2761
a8b2d5c2 2762 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2763 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2764 ev->key_type, pin_len);
55ed8ca1 2765
052b30b0 2766 hci_dev_unlock(hdev);
a9de9248
MH		 2767}
2768
6039aa73 2769static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2770{
a9de9248 2771 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2772 struct hci_conn *conn;
1da177e4
LT		 2773
2774 BT_DBG("%s status %d", hdev->name, ev->status);
2775
2776 hci_dev_lock(hdev);
2777
04837f64 2778 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2779 if (conn && !ev->status) {
2780 struct inquiry_entry *ie;
2781
cc11b9c1
AE		 2782 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2783 if (ie) {
1da177e4
LT		 2784 ie->data.clock_offset = ev->clock_offset;
2785 ie->timestamp = jiffies;
2786 }
2787 }
2788
2789 hci_dev_unlock(hdev);
2790}
2791
6039aa73 2792static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2793{
2794 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2795 struct hci_conn *conn;
2796
2797 BT_DBG("%s status %d", hdev->name, ev->status);
2798
2799 hci_dev_lock(hdev);
2800
2801 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2802 if (conn && !ev->status)
2803 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2804
2805 hci_dev_unlock(hdev);
2806}
2807
6039aa73 2808static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2809{
a9de9248 2810 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2811 struct inquiry_entry *ie;
2812
2813 BT_DBG("%s", hdev->name);
2814
2815 hci_dev_lock(hdev);
2816
cc11b9c1
AE		 2817 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2818 if (ie) {
85a1e930
MH		 2819 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2820 ie->timestamp = jiffies;
2821 }
2822
2823 hci_dev_unlock(hdev);
2824}
2825
6039aa73
GP		 2826static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2827 struct sk_buff *skb)
a9de9248
MH		 2828{
2829 struct inquiry_data data;
2830 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2831 bool name_known, ssp;
a9de9248
MH		 2832
2833 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2834
2835 if (!num_rsp)
2836 return;
2837
1519cc17
AG		 2838 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2839 return;
2840
a9de9248
MH		 2841 hci_dev_lock(hdev);
2842
2843 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2844 struct inquiry_info_with_rssi_and_pscan_mode *info;
2845 info = (void *) (skb->data + 1);
a9de9248 2846
e17acd40 2847 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2848 bacpy(&data.bdaddr, &info->bdaddr);
2849 data.pscan_rep_mode = info->pscan_rep_mode;
2850 data.pscan_period_mode = info->pscan_period_mode;
2851 data.pscan_mode = info->pscan_mode;
2852 memcpy(data.dev_class, info->dev_class, 3);
2853 data.clock_offset = info->clock_offset;
2854 data.rssi = info->rssi;
41a96212 2855 data.ssp_mode = 0x00;
3175405b
JH		 2856
2857 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2858 false, &ssp);
48264f06 2859 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2860 info->dev_class, info->rssi,
2861 !name_known, ssp, NULL, 0);
a9de9248
MH		 2862 }
2863 } else {
2864 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2865
e17acd40 2866 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2867 bacpy(&data.bdaddr, &info->bdaddr);
2868 data.pscan_rep_mode = info->pscan_rep_mode;
2869 data.pscan_period_mode = info->pscan_period_mode;
2870 data.pscan_mode = 0x00;
2871 memcpy(data.dev_class, info->dev_class, 3);
2872 data.clock_offset = info->clock_offset;
2873 data.rssi = info->rssi;
41a96212 2874 data.ssp_mode = 0x00;
3175405b 2875 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2876 false, &ssp);
48264f06 2877 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2878 info->dev_class, info->rssi,
2879 !name_known, ssp, NULL, 0);
a9de9248
MH		 2880 }
2881 }
2882
2883 hci_dev_unlock(hdev);
2884}
2885
6039aa73
GP		 2886static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2887 struct sk_buff *skb)
a9de9248 2888{
41a96212
MH		 2889 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2890 struct hci_conn *conn;
2891
a9de9248 2892 BT_DBG("%s", hdev->name);
41a96212 2893
41a96212
MH		 2894 hci_dev_lock(hdev);
2895
2896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2897 if (!conn)
2898 goto unlock;
41a96212 2899
ccd556fe
JH		 2900 if (!ev->status && ev->page == 0x01) {
2901 struct inquiry_entry *ie;
41a96212 2902
cc11b9c1
AE		 2903 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2904 if (ie)
02b7cc62 2905 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2906
02b7cc62 2907 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2908 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2909 }
2910
2911 if (conn->state != BT_CONFIG)
2912 goto unlock;
2913
671267bf 2914 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2915 struct hci_cp_remote_name_req cp;
2916 memset(&cp, 0, sizeof(cp));
2917 bacpy(&cp.bdaddr, &conn->dst);
2918 cp.pscan_rep_mode = 0x02;
2919 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2920 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2921 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2922 conn->dst_type, 0, NULL, 0,
2923 conn->dev_class);
392599b9 2924
127178d2 2925 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2926 conn->state = BT_CONNECTED;
2927 hci_proto_connect_cfm(conn, ev->status);
2928 hci_conn_put(conn);
41a96212
MH		 2929 }
2930
ccd556fe 2931unlock:
41a96212 2932 hci_dev_unlock(hdev);
a9de9248
MH		 2933}
2934
6039aa73
GP		 2935static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2936 struct sk_buff *skb)
a9de9248 2937{
b6a0dc82
MH		 2938 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2939 struct hci_conn *conn;
2940
2941 BT_DBG("%s status %d", hdev->name, ev->status);
2942
2943 hci_dev_lock(hdev);
2944
2945 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2946 if (!conn) {
2947 if (ev->link_type == ESCO_LINK)
2948 goto unlock;
2949
2950 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2951 if (!conn)
2952 goto unlock;
2953
2954 conn->type = SCO_LINK;
2955 }
b6a0dc82 2956
732547f9
MH		 2957 switch (ev->status) {
2958 case 0x00:
b6a0dc82
MH		 2959 conn->handle = __le16_to_cpu(ev->handle);
2960 conn->state = BT_CONNECTED;
7d0db0a3 2961
9eba32b8 2962 hci_conn_hold_device(conn);
7d0db0a3 2963 hci_conn_add_sysfs(conn);
732547f9
MH		 2964 break;
2965
705e5711 2966 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2967 case 0x1c: /* SCO interval rejected */
1038a00b 2968 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2969 case 0x1f: /* Unspecified error */
2970 if (conn->out && conn->attempt < 2) {
2971 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2972 (hdev->esco_type & EDR_ESCO_MASK);
2973 hci_setup_sync(conn, conn->link->handle);
2974 goto unlock;
2975 }
2976 /* fall through */
2977
2978 default:
b6a0dc82 2979 conn->state = BT_CLOSED;
732547f9
MH		 2980 break;
2981 }
b6a0dc82
MH		 2982
2983 hci_proto_connect_cfm(conn, ev->status);
2984 if (ev->status)
2985 hci_conn_del(conn);
2986
2987unlock:
2988 hci_dev_unlock(hdev);
a9de9248
MH		 2989}
2990
6039aa73 2991static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2992{
2993 BT_DBG("%s", hdev->name);
2994}
2995
6039aa73 2996static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2997{
a9de9248 2998 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2999
3000 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 3001}
3002
6039aa73
GP		 3003static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3004 struct sk_buff *skb)
1da177e4 3005{
a9de9248
MH		 3006 struct inquiry_data data;
3007 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3008 int num_rsp = *((__u8 *) skb->data);
9d939d94 3009 size_t eir_len;
1da177e4 3010
a9de9248 3011 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3012
a9de9248
MH		 3013 if (!num_rsp)
3014 return;
1da177e4 3015
1519cc17
AG		 3016 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3017 return;
3018
a9de9248
MH		 3019 hci_dev_lock(hdev);
3020
e17acd40 3021 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3022 bool name_known, ssp;
561aafbc 3023
a9de9248 3024 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3025 data.pscan_rep_mode = info->pscan_rep_mode;
3026 data.pscan_period_mode = info->pscan_period_mode;
3027 data.pscan_mode = 0x00;
a9de9248 3028 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3029 data.clock_offset = info->clock_offset;
3030 data.rssi = info->rssi;
41a96212 3031 data.ssp_mode = 0x01;
561aafbc 3032
a8b2d5c2 3033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3034 name_known = eir_has_data_type(info->data,
04124681
GP		 3035 sizeof(info->data),
3036 EIR_NAME_COMPLETE);
561aafbc
JH		 3037 else
3038 name_known = true;
3039
388fc8fa 3040 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3041 &ssp);
9d939d94 3042 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3043 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3044 info->dev_class, info->rssi, !name_known,
9d939d94 3045 ssp, info->data, eir_len);
a9de9248
MH		 3046 }
3047
3048 hci_dev_unlock(hdev);
3049}
1da177e4 3050
6039aa73 3051static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3052{
3053 /* If remote requests dedicated bonding follow that lead */
3054 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3055 /* If both remote and local IO capabilities allow MITM
3056 * protection then require it, otherwise don't */
3057 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3058 return 0x02;
3059 else
3060 return 0x03;
3061 }
3062
3063 /* If remote requests no-bonding follow that lead */
3064 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3065 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3066
3067 return conn->auth_type;
3068}
3069
6039aa73 3070static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3071{
3072 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3073 struct hci_conn *conn;
3074
3075 BT_DBG("%s", hdev->name);
3076
3077 hci_dev_lock(hdev);
3078
3079 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3080 if (!conn)
3081 goto unlock;
3082
3083 hci_conn_hold(conn);
3084
a8b2d5c2 3085 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3086 goto unlock;
3087
a8b2d5c2 3088 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3089 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3090 struct hci_cp_io_capability_reply cp;
3091
3092 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3093 /* Change the IO capability from KeyboardDisplay
3094 * to DisplayYesNo as it is not supported by BT spec. */
3095 cp.capability = (conn->io_capability == 0x04) ?
3096 0x01 : conn->io_capability;
7cbc9bd9
JH		 3097 conn->auth_type = hci_get_auth_req(conn);
3098 cp.authentication = conn->auth_type;
17fa4b9d 3099
58a681ef 3100 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
807deac2 3101 hci_find_remote_oob_data(hdev, &conn->dst))
ce85ee13
SJ		 3102 cp.oob_data = 0x01;
3103 else
3104 cp.oob_data = 0x00;
3105
17fa4b9d 3106 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3107 sizeof(cp), &cp);
03b555e1
JH		 3108 } else {
3109 struct hci_cp_io_capability_neg_reply cp;
3110
3111 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3112 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3113
03b555e1 3114 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3115 sizeof(cp), &cp);
03b555e1
JH		 3116 }
3117
3118unlock:
3119 hci_dev_unlock(hdev);
3120}
3121
6039aa73 3122static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3123{
3124 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3125 struct hci_conn *conn;
3126
3127 BT_DBG("%s", hdev->name);
3128
3129 hci_dev_lock(hdev);
3130
3131 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3132 if (!conn)
3133 goto unlock;
3134
03b555e1 3135 conn->remote_cap = ev->capability;
03b555e1 3136 conn->remote_auth = ev->authentication;
58a681ef
JH		 3137 if (ev->oob_data)
3138 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3139
3140unlock:
0493684e
MH		 3141 hci_dev_unlock(hdev);
3142}
3143
6039aa73
GP		 3144static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3145 struct sk_buff *skb)
a5c29683
JH		 3146{
3147 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3148 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3149 struct hci_conn *conn;
a5c29683
JH		 3150
3151 BT_DBG("%s", hdev->name);
3152
3153 hci_dev_lock(hdev);
3154
a8b2d5c2 3155 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3156 goto unlock;
a5c29683 3157
7a828908
JH		 3158 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3159 if (!conn)
3160 goto unlock;
3161
3162 loc_mitm = (conn->auth_type & 0x01);
3163 rem_mitm = (conn->remote_auth & 0x01);
3164
3165 /* If we require MITM but the remote device can't provide that
3166 * (it has NoInputNoOutput) then reject the confirmation
3167 * request. The only exception is when we're dedicated bonding
3168 * initiators (connect_cfm_cb set) since then we always have the MITM
3169 * bit set. */
3170 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3171 BT_DBG("Rejecting request: remote device can't provide MITM");
3172 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3173 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3174 goto unlock;
3175 }
3176
3177 /* If no side requires MITM protection; auto-accept */
3178 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3179 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3180
3181 /* If we're not the initiators request authorization to
3182 * proceed from user space (mgmt_user_confirm with
3183 * confirm_hint set to 1). */
51a8efd7 3184 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3185 BT_DBG("Confirming auto-accept as acceptor");
3186 confirm_hint = 1;
3187 goto confirm;
3188 }
3189
9f61656a 3190 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3191 hdev->auto_accept_delay);
9f61656a
JH		 3192
3193 if (hdev->auto_accept_delay > 0) {
3194 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3195 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3196 goto unlock;
3197 }
3198
7a828908 3199 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3200 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3201 goto unlock;
3202 }
3203
55bc1a37 3204confirm:
272d90df 3205 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3206 confirm_hint);
7a828908
JH		 3207
3208unlock:
a5c29683
JH		 3209 hci_dev_unlock(hdev);
3210}
3211
6039aa73
GP		 3212static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3213 struct sk_buff *skb)
1143d458
BG		 3214{
3215 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3216
3217 BT_DBG("%s", hdev->name);
3218
3219 hci_dev_lock(hdev);
3220
a8b2d5c2 3221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3222 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3223
3224 hci_dev_unlock(hdev);
3225}
3226
6039aa73
GP		 3227static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3228 struct sk_buff *skb)
0493684e
MH		 3229{
3230 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3231 struct hci_conn *conn;
3232
3233 BT_DBG("%s", hdev->name);
3234
3235 hci_dev_lock(hdev);
3236
3237 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3238 if (!conn)
3239 goto unlock;
3240
3241 /* To avoid duplicate auth_failed events to user space we check
3242 * the HCI_CONN_AUTH_PEND flag which will be set if we
3243 * initiated the authentication. A traditional auth_complete
3244 * event gets always produced as initiator and is also mapped to
3245 * the mgmt_auth_failed event */
51a8efd7 3246 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3247 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3248 ev->status);
0493684e 3249
2a611692
JH		 3250 hci_conn_put(conn);
3251
3252unlock:
0493684e
MH		 3253 hci_dev_unlock(hdev);
3254}
3255
6039aa73
GP		 3256static void hci_remote_host_features_evt(struct hci_dev *hdev,
3257 struct sk_buff *skb)
41a96212
MH		 3258{
3259 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3260 struct inquiry_entry *ie;
3261
3262 BT_DBG("%s", hdev->name);
3263
3264 hci_dev_lock(hdev);
3265
cc11b9c1
AE		 3266 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3267 if (ie)
02b7cc62 3268 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3269
3270 hci_dev_unlock(hdev);
3271}
3272
6039aa73
GP		 3273static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3274 struct sk_buff *skb)
2763eda6
SJ		 3275{
3276 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3277 struct oob_data *data;
3278
3279 BT_DBG("%s", hdev->name);
3280
3281 hci_dev_lock(hdev);
3282
a8b2d5c2 3283 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3284 goto unlock;
3285
2763eda6
SJ		 3286 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3287 if (data) {
3288 struct hci_cp_remote_oob_data_reply cp;
3289
3290 bacpy(&cp.bdaddr, &ev->bdaddr);
3291 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3292 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3293
3294 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3295 &cp);
2763eda6
SJ		 3296 } else {
3297 struct hci_cp_remote_oob_data_neg_reply cp;
3298
3299 bacpy(&cp.bdaddr, &ev->bdaddr);
3300 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3301 &cp);
2763eda6
SJ		 3302 }
3303
e1ba1f15 3304unlock:
2763eda6
SJ		 3305 hci_dev_unlock(hdev);
3306}
3307
6039aa73 3308static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3309{
3310 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3311 struct hci_conn *conn;
3312
3313 BT_DBG("%s status %d", hdev->name, ev->status);
3314
3315 hci_dev_lock(hdev);
3316
3317 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3318 if (!conn) {
3319 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3320 if (!conn) {
3321 BT_ERR("No memory for new connection");
3322 hci_dev_unlock(hdev);
3323 return;
3324 }
29b7988a
AG		 3325
3326 conn->dst_type = ev->bdaddr_type;
b62f328b 3327 }
fcd89c09
VT		 3328
3329 if (ev->status) {
48264f06 3330 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
807deac2 3331 conn->dst_type, ev->status);
fcd89c09
VT		 3332 hci_proto_connect_cfm(conn, ev->status);
3333 conn->state = BT_CLOSED;
3334 hci_conn_del(conn);
3335 goto unlock;
3336 }
3337
b644ba33
JH		 3338 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3339 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3340 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3341
7b5c0d52 3342 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3343 conn->handle = __le16_to_cpu(ev->handle);
3344 conn->state = BT_CONNECTED;
3345
3346 hci_conn_hold_device(conn);
3347 hci_conn_add_sysfs(conn);
3348
3349 hci_proto_connect_cfm(conn, ev->status);
3350
3351unlock:
3352 hci_dev_unlock(hdev);
3353}
3354
6039aa73 3355static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3356{
e95beb41
AG		 3357 u8 num_reports = skb->data[0];
3358 void *ptr = &skb->data[1];
3c9e9195 3359 s8 rssi;
9aa04c91
AG		 3360
3361 hci_dev_lock(hdev);
3362
e95beb41
AG		 3363 while (num_reports--) {
3364 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3365
3c9e9195
AG		 3366 rssi = ev->data[ev->length];
3367 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3368 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3369
e95beb41 3370 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3371 }
3372
3373 hci_dev_unlock(hdev);
3374}
3375
6039aa73 3376static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3377{
3378 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3379 struct hci_cp_le_ltk_reply cp;
bea710fe 3380 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3381 struct hci_conn *conn;
c9839a11 3382 struct smp_ltk *ltk;
a7a595f6 3383
e4666881 3384 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3385
3386 hci_dev_lock(hdev);
3387
3388 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3389 if (conn == NULL)
3390 goto not_found;
a7a595f6 3391
bea710fe
VCG		 3392 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3393 if (ltk == NULL)
3394 goto not_found;
3395
3396 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3397 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3398
3399 if (ltk->authenticated)
3400 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3401
3402 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3403
c9839a11
VCG		 3404 if (ltk->type & HCI_SMP_STK) {
3405 list_del(&ltk->list);
3406 kfree(ltk);
3407 }
3408
a7a595f6 3409 hci_dev_unlock(hdev);
bea710fe
VCG		 3410
3411 return;
3412
3413not_found:
3414 neg.handle = ev->handle;
3415 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3416 hci_dev_unlock(hdev);
a7a595f6
VCG		 3417}
3418
6039aa73 3419static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3420{
3421 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3422
3423 skb_pull(skb, sizeof(*le_ev));
3424
3425 switch (le_ev->subevent) {
3426 case HCI_EV_LE_CONN_COMPLETE:
3427 hci_le_conn_complete_evt(hdev, skb);
3428 break;
3429
9aa04c91
AG		 3430 case HCI_EV_LE_ADVERTISING_REPORT:
3431 hci_le_adv_report_evt(hdev, skb);
3432 break;
3433
a7a595f6
VCG		 3434 case HCI_EV_LE_LTK_REQ:
3435 hci_le_ltk_request_evt(hdev, skb);
3436 break;
3437
fcd89c09
VT		 3438 default:
3439 break;
3440 }
3441}
3442
a9de9248
MH		 3443void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3444{
3445 struct hci_event_hdr *hdr = (void *) skb->data;
3446 __u8 event = hdr->evt;
3447
3448 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3449
3450 switch (event) {
1da177e4
LT		 3451 case HCI_EV_INQUIRY_COMPLETE:
3452 hci_inquiry_complete_evt(hdev, skb);
3453 break;
3454
3455 case HCI_EV_INQUIRY_RESULT:
3456 hci_inquiry_result_evt(hdev, skb);
3457 break;
3458
a9de9248
MH		 3459 case HCI_EV_CONN_COMPLETE:
3460 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3461 break;
3462
1da177e4
LT		 3463 case HCI_EV_CONN_REQUEST:
3464 hci_conn_request_evt(hdev, skb);
3465 break;
3466
1da177e4
LT		 3467 case HCI_EV_DISCONN_COMPLETE:
3468 hci_disconn_complete_evt(hdev, skb);
3469 break;
3470
1da177e4
LT		 3471 case HCI_EV_AUTH_COMPLETE:
3472 hci_auth_complete_evt(hdev, skb);
3473 break;
3474
a9de9248
MH		 3475 case HCI_EV_REMOTE_NAME:
3476 hci_remote_name_evt(hdev, skb);
3477 break;
3478
1da177e4
LT		 3479 case HCI_EV_ENCRYPT_CHANGE:
3480 hci_encrypt_change_evt(hdev, skb);
3481 break;
3482
a9de9248
MH		 3483 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3484 hci_change_link_key_complete_evt(hdev, skb);
3485 break;
3486
3487 case HCI_EV_REMOTE_FEATURES:
3488 hci_remote_features_evt(hdev, skb);
3489 break;
3490
3491 case HCI_EV_REMOTE_VERSION:
3492 hci_remote_version_evt(hdev, skb);
3493 break;
3494
3495 case HCI_EV_QOS_SETUP_COMPLETE:
3496 hci_qos_setup_complete_evt(hdev, skb);
3497 break;
3498
3499 case HCI_EV_CMD_COMPLETE:
3500 hci_cmd_complete_evt(hdev, skb);
3501 break;
3502
3503 case HCI_EV_CMD_STATUS:
3504 hci_cmd_status_evt(hdev, skb);
3505 break;
3506
3507 case HCI_EV_ROLE_CHANGE:
3508 hci_role_change_evt(hdev, skb);
3509 break;
3510
3511 case HCI_EV_NUM_COMP_PKTS:
3512 hci_num_comp_pkts_evt(hdev, skb);
3513 break;
3514
3515 case HCI_EV_MODE_CHANGE:
3516 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3517 break;
3518
3519 case HCI_EV_PIN_CODE_REQ:
3520 hci_pin_code_request_evt(hdev, skb);
3521 break;
3522
3523 case HCI_EV_LINK_KEY_REQ:
3524 hci_link_key_request_evt(hdev, skb);
3525 break;
3526
3527 case HCI_EV_LINK_KEY_NOTIFY:
3528 hci_link_key_notify_evt(hdev, skb);
3529 break;
3530
3531 case HCI_EV_CLOCK_OFFSET:
3532 hci_clock_offset_evt(hdev, skb);
3533 break;
3534
a8746417
MH		 3535 case HCI_EV_PKT_TYPE_CHANGE:
3536 hci_pkt_type_change_evt(hdev, skb);
3537 break;
3538
85a1e930
MH		 3539 case HCI_EV_PSCAN_REP_MODE:
3540 hci_pscan_rep_mode_evt(hdev, skb);
3541 break;
3542
a9de9248
MH		 3543 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3544 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3545 break;
3546
a9de9248
MH		 3547 case HCI_EV_REMOTE_EXT_FEATURES:
3548 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3549 break;
3550
a9de9248
MH		 3551 case HCI_EV_SYNC_CONN_COMPLETE:
3552 hci_sync_conn_complete_evt(hdev, skb);
3553 break;
1da177e4 3554
a9de9248
MH		 3555 case HCI_EV_SYNC_CONN_CHANGED:
3556 hci_sync_conn_changed_evt(hdev, skb);
3557 break;
1da177e4 3558
a9de9248
MH		 3559 case HCI_EV_SNIFF_SUBRATE:
3560 hci_sniff_subrate_evt(hdev, skb);
3561 break;
1da177e4 3562
a9de9248
MH		 3563 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3564 hci_extended_inquiry_result_evt(hdev, skb);
3565 break;
1da177e4 3566
0493684e
MH		 3567 case HCI_EV_IO_CAPA_REQUEST:
3568 hci_io_capa_request_evt(hdev, skb);
3569 break;
3570
03b555e1
JH		 3571 case HCI_EV_IO_CAPA_REPLY:
3572 hci_io_capa_reply_evt(hdev, skb);
3573 break;
3574
a5c29683
JH		 3575 case HCI_EV_USER_CONFIRM_REQUEST:
3576 hci_user_confirm_request_evt(hdev, skb);
3577 break;
3578
1143d458
BG		 3579 case HCI_EV_USER_PASSKEY_REQUEST:
3580 hci_user_passkey_request_evt(hdev, skb);
3581 break;
3582
0493684e
MH		 3583 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3584 hci_simple_pair_complete_evt(hdev, skb);
3585 break;
3586
41a96212
MH		 3587 case HCI_EV_REMOTE_HOST_FEATURES:
3588 hci_remote_host_features_evt(hdev, skb);
3589 break;
3590
fcd89c09
VT		 3591 case HCI_EV_LE_META:
3592 hci_le_meta_evt(hdev, skb);
3593 break;
3594
2763eda6
SJ		 3595 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3596 hci_remote_oob_data_request_evt(hdev, skb);
3597 break;
3598
25e89e99
AE		 3599 case HCI_EV_NUM_COMP_BLOCKS:
3600 hci_num_comp_blocks_evt(hdev, skb);
3601 break;
3602
a9de9248
MH		 3603 default:
3604 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3605 break;
3606 }
3607
3608 kfree_skb(skb);
3609 hdev->stat.evt_rx++;
3610}
kernel source for telekom puls (alcatel/mediatek)