projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add missing host features definitions
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
40#include <asm/system.h>
70f23020 41#include <linux/uaccess.h>
1da177e4
LT		 42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46
1da177e4
LT		 47/* Handle HCI Event packets */
48
a9de9248 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 50{
a9de9248 51 __u8 status = *((__u8 *) skb->data);
1da177e4 52
a9de9248 53 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 54
e6d465cb
AG		 55 if (status) {
56 hci_dev_lock(hdev);
57 mgmt_stop_discovery_failed(hdev, status);
58 hci_dev_unlock(hdev);
a9de9248 59 return;
e6d465cb 60 }
1da177e4 61
89352e7d
AG		 62 clear_bit(HCI_INQUIRY, &hdev->flags);
63
56e5cb86 64 hci_dev_lock(hdev);
ff9ef578 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 66 hci_dev_unlock(hdev);
6bd57416 67
23bb5763 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 69
70 hci_conn_check_pending(hdev);
71}
6bd57416 72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
a9de9248 77 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
a9de9248 138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
e4e8e37c
MH		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
23bb5763 182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
a9de9248 189 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
23bb5763 193 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 194
a297e97c
JH		 195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
69775ff6
AG		 197
198 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
f51d5b24
JH		 214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 216 else if (!status)
217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 218
56e5cb86 219 hci_dev_unlock(hdev);
3159d384
JH		 220
221 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 222}
223
224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225{
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
db99b5fc
JH		 233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
33ef95ed
JH		 257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
23bb5763 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
a9de9248 268 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
1da177e4 282
23bb5763 283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
a9de9248 292 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
2d7cee58 302 if (status != 0) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
23bb5763 332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 333}
1da177e4 334
a9de9248
MH		 335static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336{
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 338
a9de9248 339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 340
a9de9248
MH		 341 if (rp->status)
342 return;
1da177e4 343
a9de9248 344 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 345
a9de9248
MH		 346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348}
1da177e4 349
a9de9248
MH		 350static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351{
352 __u8 status = *((__u8 *) skb->data);
353 void *sent;
1da177e4 354
a9de9248 355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
a9de9248
MH		 357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358 if (!sent)
359 return;
1da177e4 360
7f9a903c
MH		 361 hci_dev_lock(hdev);
362
363 if (status == 0)
364 memcpy(hdev->dev_class, sent, 3);
365
366 if (test_bit(HCI_MGMT, &hdev->dev_flags))
367 mgmt_set_class_of_dev_complete(hdev, sent, status);
368
369 hci_dev_unlock(hdev);
a9de9248 370}
1da177e4 371
a9de9248
MH		 372static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373{
374 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
375 __u16 setting;
376
377 BT_DBG("%s status 0x%x", hdev->name, rp->status);
378
379 if (rp->status)
380 return;
381
382 setting = __le16_to_cpu(rp->voice_setting);
383
f383f275 384 if (hdev->voice_setting == setting)
a9de9248
MH		 385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
3c54711c 391 if (hdev->notify)
a9de9248 392 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 393}
394
395static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
401 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
f383f275 417 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
a9de9248 423static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 424{
a9de9248 425 __u8 status = *((__u8 *) skb->data);
1da177e4 426
a9de9248 427 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 428
23bb5763 429 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 430}
1143e5a6 431
333140b5
MH		 432static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433{
434 __u8 status = *((__u8 *) skb->data);
435 void *sent;
436
437 BT_DBG("%s status 0x%x", hdev->name, status);
438
333140b5
MH		 439 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
440 if (!sent)
441 return;
442
ed2c4ee3 443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 444 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445 else if (!status) {
446 if (*((u8 *) sent))
447 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 else
449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450 }
333140b5
MH		 451}
452
d5859e22
JH		 453static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
454{
455 if (hdev->features[6] & LMP_EXT_INQ)
456 return 2;
457
458 if (hdev->features[3] & LMP_RSSI_INQ)
459 return 1;
460
461 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
462 hdev->lmp_subver == 0x0757)
463 return 1;
464
465 if (hdev->manufacturer == 15) {
466 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
469 return 1;
470 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
471 return 1;
472 }
473
474 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
475 hdev->lmp_subver == 0x1805)
476 return 1;
477
478 return 0;
479}
480
481static void hci_setup_inquiry_mode(struct hci_dev *hdev)
482{
483 u8 mode;
484
485 mode = hci_get_inquiry_mode(hdev);
486
487 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488}
489
490static void hci_setup_event_mask(struct hci_dev *hdev)
491{
492 /* The second byte is 0xff instead of 0x9f (two reserved bits
493 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
494 * command otherwise */
495 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496
6de6c18d
VT		 497 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
498 * any event mask for pre 1.2 devices */
5a13b095 499 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 500 return;
501
502 events[4] |= 0x01; /* Flow Specification Complete */
503 events[4] |= 0x02; /* Inquiry Result with RSSI */
504 events[4] |= 0x04; /* Read Remote Extended Features Complete */
505 events[5] |= 0x08; /* Synchronous Connection Complete */
506 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 507
508 if (hdev->features[3] & LMP_RSSI_INQ)
509 events[4] |= 0x04; /* Inquiry Result with RSSI */
510
511 if (hdev->features[5] & LMP_SNIFF_SUBR)
512 events[5] |= 0x20; /* Sniff Subrating */
513
514 if (hdev->features[5] & LMP_PAUSE_ENC)
515 events[5] |= 0x80; /* Encryption Key Refresh Complete */
516
517 if (hdev->features[6] & LMP_EXT_INQ)
518 events[5] |= 0x40; /* Extended Inquiry Result */
519
520 if (hdev->features[6] & LMP_NO_FLUSH)
521 events[7] |= 0x01; /* Enhanced Flush Complete */
522
523 if (hdev->features[7] & LMP_LSTO)
524 events[6] |= 0x80; /* Link Supervision Timeout Changed */
525
526 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527 events[6] |= 0x01; /* IO Capability Request */
528 events[6] |= 0x02; /* IO Capability Response */
529 events[6] |= 0x04; /* User Confirmation Request */
530 events[6] |= 0x08; /* User Passkey Request */
531 events[6] |= 0x10; /* Remote OOB Data Request */
532 events[6] |= 0x20; /* Simple Pairing Complete */
533 events[7] |= 0x04; /* User Passkey Notification */
534 events[7] |= 0x08; /* Keypress Notification */
535 events[7] |= 0x10; /* Remote Host Supported
536 * Features Notification */
537 }
538
539 if (hdev->features[4] & LMP_LE)
540 events[7] |= 0x20; /* LE Meta-Event */
541
542 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543}
544
545static void hci_setup(struct hci_dev *hdev)
546{
e61ef499
AE		 547 if (hdev->dev_type != HCI_BREDR)
548 return;
549
d5859e22
JH		 550 hci_setup_event_mask(hdev);
551
d095c1eb 552 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 553 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
554
28cc7bde
JH		 555 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
556 test_bit(HCI_MGMT, &hdev->dev_flags)) {
557 struct hci_cp_write_local_name cp;
558
559 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
560 hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
561 }
562
54d04dbb
JH		 563 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
565 u8 mode = 0x01;
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
567 sizeof(mode), &mode);
568 } else {
569 struct hci_cp_write_eir cp;
570
571 memset(hdev->eir, 0, sizeof(hdev->eir));
572 memset(&cp, 0, sizeof(cp));
573
574 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 }
d5859e22
JH		 576 }
577
578 if (hdev->features[3] & LMP_RSSI_INQ)
579 hci_setup_inquiry_mode(hdev);
580
581 if (hdev->features[7] & LMP_INQ_TX_PWR)
582 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 583
584 if (hdev->features[7] & LMP_EXTFEATURES) {
585 struct hci_cp_read_local_ext_features cp;
586
587 cp.page = 0x01;
588 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
589 sizeof(cp), &cp);
590 }
e6100a25 591
47990ea0
JH		 592 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
593 u8 enable = 1;
594 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
595 sizeof(enable), &enable);
596 }
d5859e22
JH		 597}
598
a9de9248
MH		 599static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600{
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 602
a9de9248 603 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 604
a9de9248 605 if (rp->status)
28b8df77 606 goto done;
1143e5a6 607
a9de9248 608 hdev->hci_ver = rp->hci_ver;
e4e8e37c 609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 610 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 613
a9de9248
MH		 614 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
615 hdev->manufacturer,
616 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 617
618 if (test_bit(HCI_INIT, &hdev->flags))
619 hci_setup(hdev);
28b8df77
AE		 620
621done:
622 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 623}
624
625static void hci_setup_link_policy(struct hci_dev *hdev)
626{
627 u16 link_policy = 0;
628
629 if (hdev->features[0] & LMP_RSWITCH)
630 link_policy |= HCI_LP_RSWITCH;
631 if (hdev->features[0] & LMP_HOLD)
632 link_policy |= HCI_LP_HOLD;
633 if (hdev->features[0] & LMP_SNIFF)
634 link_policy |= HCI_LP_SNIFF;
635 if (hdev->features[1] & LMP_PARK)
636 link_policy |= HCI_LP_PARK;
637
638 link_policy = cpu_to_le16(link_policy);
639 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
640 sizeof(link_policy), &link_policy);
a9de9248 641}
1da177e4 642
a9de9248
MH		 643static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
644{
645 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 646
a9de9248 647 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 648
a9de9248 649 if (rp->status)
d5859e22 650 goto done;
1da177e4 651
a9de9248 652 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 653
654 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
655 hci_setup_link_policy(hdev);
656
657done:
658 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 659}
1da177e4 660
a9de9248
MH		 661static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
662{
663 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 664
a9de9248 665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 666
a9de9248
MH		 667 if (rp->status)
668 return;
5b7f9909 669
a9de9248 670 memcpy(hdev->features, rp->features, 8);
5b7f9909 671
a9de9248
MH		 672 /* Adjust default settings according to features
673 * supported by device. */
1da177e4 674
a9de9248
MH		 675 if (hdev->features[0] & LMP_3SLOT)
676 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 677
a9de9248
MH		 678 if (hdev->features[0] & LMP_5SLOT)
679 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 680
a9de9248
MH		 681 if (hdev->features[1] & LMP_HV2) {
682 hdev->pkt_type |= (HCI_HV2);
683 hdev->esco_type |= (ESCO_HV2);
684 }
1da177e4 685
a9de9248
MH		 686 if (hdev->features[1] & LMP_HV3) {
687 hdev->pkt_type |= (HCI_HV3);
688 hdev->esco_type |= (ESCO_HV3);
689 }
1da177e4 690
a9de9248
MH		 691 if (hdev->features[3] & LMP_ESCO)
692 hdev->esco_type |= (ESCO_EV3);
da1f5198 693
a9de9248
MH		 694 if (hdev->features[4] & LMP_EV4)
695 hdev->esco_type |= (ESCO_EV4);
da1f5198 696
a9de9248
MH		 697 if (hdev->features[4] & LMP_EV5)
698 hdev->esco_type |= (ESCO_EV5);
1da177e4 699
efc7688b
MH		 700 if (hdev->features[5] & LMP_EDR_ESCO_2M)
701 hdev->esco_type |= (ESCO_2EV3);
702
703 if (hdev->features[5] & LMP_EDR_ESCO_3M)
704 hdev->esco_type |= (ESCO_3EV3);
705
706 if (hdev->features[5] & LMP_EDR_3S_ESCO)
707 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
708
a9de9248
MH		 709 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
710 hdev->features[0], hdev->features[1],
711 hdev->features[2], hdev->features[3],
712 hdev->features[4], hdev->features[5],
713 hdev->features[6], hdev->features[7]);
714}
1da177e4 715
8f984dfa
JH		 716static void hci_set_le_support(struct hci_dev *hdev)
717{
718 struct hci_cp_write_le_host_supported cp;
719
720 memset(&cp, 0, sizeof(cp));
721
722 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
723 cp.le = 1;
724 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
725 }
726
727 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
728 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
729 sizeof(cp), &cp);
730}
731
971e3a4b
AG		 732static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
733 struct sk_buff *skb)
734{
735 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
736
737 BT_DBG("%s status 0x%x", hdev->name, rp->status);
738
739 if (rp->status)
8f984dfa 740 goto done;
971e3a4b 741
b5b32b65
AG		 742 switch (rp->page) {
743 case 0:
744 memcpy(hdev->features, rp->features, 8);
745 break;
746 case 1:
747 memcpy(hdev->host_features, rp->features, 8);
748 break;
749 }
971e3a4b 750
8f984dfa
JH		 751 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
752 hci_set_le_support(hdev);
753
754done:
971e3a4b
AG		 755 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
756}
757
1e89cffb
AE		 758static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
759 struct sk_buff *skb)
760{
761 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
762
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764
765 if (rp->status)
766 return;
767
768 hdev->flow_ctl_mode = rp->mode;
769
770 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
771}
772
a9de9248
MH		 773static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
774{
775 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 776
a9de9248 777 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 778
a9de9248
MH		 779 if (rp->status)
780 return;
1da177e4 781
a9de9248
MH		 782 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
783 hdev->sco_mtu = rp->sco_mtu;
784 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
785 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
786
787 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
788 hdev->sco_mtu = 64;
789 hdev->sco_pkts = 8;
1da177e4 790 }
a9de9248
MH		 791
792 hdev->acl_cnt = hdev->acl_pkts;
793 hdev->sco_cnt = hdev->sco_pkts;
794
795 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
796 hdev->acl_mtu, hdev->acl_pkts,
797 hdev->sco_mtu, hdev->sco_pkts);
798}
799
800static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
801{
802 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
803
804 BT_DBG("%s status 0x%x", hdev->name, rp->status);
805
806 if (!rp->status)
807 bacpy(&hdev->bdaddr, &rp->bdaddr);
808
23bb5763
JH		 809 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
810}
811
350ee4cf
AE		 812static void hci_cc_read_data_block_size(struct hci_dev *hdev,
813 struct sk_buff *skb)
814{
815 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
816
817 BT_DBG("%s status 0x%x", hdev->name, rp->status);
818
819 if (rp->status)
820 return;
821
822 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
823 hdev->block_len = __le16_to_cpu(rp->block_len);
824 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
825
826 hdev->block_cnt = hdev->num_blocks;
827
828 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
829 hdev->block_cnt, hdev->block_len);
830
831 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
832}
833
23bb5763
JH		 834static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
835{
836 __u8 status = *((__u8 *) skb->data);
837
838 BT_DBG("%s status 0x%x", hdev->name, status);
839
840 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 841}
842
928abaa7
AE		 843static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
844 struct sk_buff *skb)
845{
846 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
847
848 BT_DBG("%s status 0x%x", hdev->name, rp->status);
849
850 if (rp->status)
851 return;
852
853 hdev->amp_status = rp->amp_status;
854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
855 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
856 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
857 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
858 hdev->amp_type = rp->amp_type;
859 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
860 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
861 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
863
864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
865}
866
b0916ea0
JH		 867static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
868 struct sk_buff *skb)
869{
870 __u8 status = *((__u8 *) skb->data);
871
872 BT_DBG("%s status 0x%x", hdev->name, status);
873
874 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
875}
876
d5859e22
JH		 877static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
878{
879 __u8 status = *((__u8 *) skb->data);
880
881 BT_DBG("%s status 0x%x", hdev->name, status);
882
883 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
884}
885
886static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
887 struct sk_buff *skb)
888{
889 __u8 status = *((__u8 *) skb->data);
890
891 BT_DBG("%s status 0x%x", hdev->name, status);
892
893 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
894}
895
896static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
897 struct sk_buff *skb)
898{
899 __u8 status = *((__u8 *) skb->data);
900
901 BT_DBG("%s status 0x%x", hdev->name, status);
902
903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
910 BT_DBG("%s status 0x%x", hdev->name, status);
911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
980e1a53
JH		 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
921 BT_DBG("%s status 0x%x", hdev->name, rp->status);
922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 927
928 if (rp->status != 0)
56e5cb86 929 goto unlock;
980e1a53
JH		 930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
56e5cb86 933 goto unlock;
980e1a53
JH		 934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
56e5cb86
JH		 938
939unlock:
940 hci_dev_unlock(hdev);
980e1a53
JH		 941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
947 BT_DBG("%s status 0x%x", hdev->name, rp->status);
948
56e5cb86
JH		 949 hci_dev_lock(hdev);
950
a8b2d5c2 951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 953 rp->status);
56e5cb86
JH		 954
955 hci_dev_unlock(hdev);
980e1a53 956}
56e5cb86 957
6ed58ec5
VT		 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
963 BT_DBG("%s status 0x%x", hdev->name, rp->status);
964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
980e1a53 977
a5c29683
JH		 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
982 BT_DBG("%s status 0x%x", hdev->name, rp->status);
983
56e5cb86
JH		 984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
988 0, rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
994 struct sk_buff *skb)
995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
998 BT_DBG("%s status 0x%x", hdev->name, rp->status);
999
56e5cb86
JH		 1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1004 ACL_LINK, 0,
a5c29683 1005 rp->status);
56e5cb86
JH		 1006
1007 hci_dev_unlock(hdev);
a5c29683
JH		 1008}
1009
1143d458
BG		 1010static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1011{
1012 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1015
1016 hci_dev_lock(hdev);
1017
a8b2d5c2 1018 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 1019 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1020 0, rp->status);
1143d458
BG		 1021
1022 hci_dev_unlock(hdev);
1023}
1024
1025static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1027{
1028 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1029
1030 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1031
1032 hci_dev_lock(hdev);
1033
a8b2d5c2 1034 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1035 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1036 ACL_LINK, 0,
1143d458
BG		 1037 rp->status);
1038
1039 hci_dev_unlock(hdev);
1040}
1041
c35938b2
SJ		 1042static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1043 struct sk_buff *skb)
1044{
1045 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1046
1047 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1048
56e5cb86 1049 hci_dev_lock(hdev);
744cf19e 1050 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1051 rp->randomizer, rp->status);
56e5cb86 1052 hci_dev_unlock(hdev);
c35938b2
SJ		 1053}
1054
07f7fa5d
AG		 1055static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1056{
1057 __u8 status = *((__u8 *) skb->data);
1058
1059 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1060
1061 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1062
1063 if (status) {
1064 hci_dev_lock(hdev);
1065 mgmt_start_discovery_failed(hdev, status);
1066 hci_dev_unlock(hdev);
1067 return;
1068 }
07f7fa5d
AG		 1069}
1070
eb9d91f5
AG		 1071static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1072 struct sk_buff *skb)
1073{
1074 struct hci_cp_le_set_scan_enable *cp;
1075 __u8 status = *((__u8 *) skb->data);
1076
1077 BT_DBG("%s status 0x%x", hdev->name, status);
1078
eb9d91f5
AG		 1079 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1080 if (!cp)
1081 return;
1082
68a8aea4
AE		 1083 switch (cp->enable) {
1084 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1085 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1086
3fd24153
AG		 1087 if (status) {
1088 hci_dev_lock(hdev);
1089 mgmt_start_discovery_failed(hdev, status);
1090 hci_dev_unlock(hdev);
7ba8b4be 1091 return;
3fd24153 1092 }
7ba8b4be 1093
d23264a8
AG		 1094 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1095
db323f2f 1096 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1097
1098 hci_dev_lock(hdev);
eb9d91f5 1099 hci_adv_entries_clear(hdev);
343f935b 1100 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1101 hci_dev_unlock(hdev);
68a8aea4
AE		 1102 break;
1103
1104 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1105 if (status)
1106 return;
1107
d23264a8
AG		 1108 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1109
d084329e 1110 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0
AG		 1111
1112 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1113 mgmt_interleaved_discovery(hdev);
1114 } else {
1115 hci_dev_lock(hdev);
1116 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1117 hci_dev_unlock(hdev);
1118 }
1119
68a8aea4
AE		 1120 break;
1121
1122 default:
1123 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1124 break;
35815085 1125 }
eb9d91f5
AG		 1126}
1127
a7a595f6
VCG		 1128static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1129{
1130 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1131
1132 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1133
1134 if (rp->status)
1135 return;
1136
1137 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1138}
1139
1140static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1141{
1142 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1143
1144 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1145
1146 if (rp->status)
1147 return;
1148
1149 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1150}
1151
f9b49306
AG		 1152static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1153 struct sk_buff *skb)
1154{
06199cf8 1155 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1156 __u8 status = *((__u8 *) skb->data);
1157
1158 BT_DBG("%s status 0x%x", hdev->name, status);
1159
06199cf8 1160 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1161 if (!sent)
f9b49306
AG		 1162 return;
1163
8f984dfa
JH		 1164 if (!status) {
1165 if (sent->le)
1166 hdev->host_features[0] |= LMP_HOST_LE;
1167 else
1168 hdev->host_features[0] &= ~LMP_HOST_LE;
1169 }
1170
1171 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1172 !test_bit(HCI_INIT, &hdev->flags))
1173 mgmt_le_enable_complete(hdev, sent->le, status);
1174
1175 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1176}
1177
a9de9248
MH		 1178static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1179{
1180 BT_DBG("%s status 0x%x", hdev->name, status);
1181
1182 if (status) {
23bb5763 1183 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1184 hci_conn_check_pending(hdev);
56e5cb86 1185 hci_dev_lock(hdev);
a8b2d5c2 1186 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1187 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1188 hci_dev_unlock(hdev);
314b2381
JH		 1189 return;
1190 }
1191
89352e7d
AG		 1192 set_bit(HCI_INQUIRY, &hdev->flags);
1193
56e5cb86 1194 hci_dev_lock(hdev);
343f935b 1195 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1196 hci_dev_unlock(hdev);
1da177e4
LT		 1197}
1198
1da177e4
LT		 1199static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1200{
a9de9248 1201 struct hci_cp_create_conn *cp;
1da177e4 1202 struct hci_conn *conn;
1da177e4 1203
a9de9248
MH		 1204 BT_DBG("%s status 0x%x", hdev->name, status);
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1207 if (!cp)
1208 return;
1209
1210 hci_dev_lock(hdev);
1211
1212 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1213
a9de9248 1214 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1215
1216 if (status) {
1217 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1218 if (status != 0x0c || conn->attempt > 2) {
1219 conn->state = BT_CLOSED;
1220 hci_proto_connect_cfm(conn, status);
1221 hci_conn_del(conn);
1222 } else
1223 conn->state = BT_CONNECT2;
1da177e4
LT		 1224 }
1225 } else {
1226 if (!conn) {
1227 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1228 if (conn) {
a0c808b3 1229 conn->out = true;
1da177e4
LT		 1230 conn->link_mode |= HCI_LM_MASTER;
1231 } else
893ef971 1232 BT_ERR("No memory for new connection");
1da177e4
LT		 1233 }
1234 }
1235
1236 hci_dev_unlock(hdev);
1237}
1238
a9de9248 1239static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1240{
a9de9248
MH		 1241 struct hci_cp_add_sco *cp;
1242 struct hci_conn *acl, *sco;
1243 __u16 handle;
1da177e4 1244
b6a0dc82
MH		 1245 BT_DBG("%s status 0x%x", hdev->name, status);
1246
a9de9248
MH		 1247 if (!status)
1248 return;
1da177e4 1249
a9de9248
MH		 1250 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1251 if (!cp)
1252 return;
1da177e4 1253
a9de9248 1254 handle = __le16_to_cpu(cp->handle);
1da177e4 1255
a9de9248 1256 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1257
a9de9248 1258 hci_dev_lock(hdev);
1da177e4 1259
a9de9248 1260 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1261 if (acl) {
1262 sco = acl->link;
1263 if (sco) {
1264 sco->state = BT_CLOSED;
1da177e4 1265
5a08ecce
AE		 1266 hci_proto_connect_cfm(sco, status);
1267 hci_conn_del(sco);
1268 }
a9de9248 1269 }
1da177e4 1270
a9de9248
MH		 1271 hci_dev_unlock(hdev);
1272}
1da177e4 1273
f8558555
MH		 1274static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1275{
1276 struct hci_cp_auth_requested *cp;
1277 struct hci_conn *conn;
1278
1279 BT_DBG("%s status 0x%x", hdev->name, status);
1280
1281 if (!status)
1282 return;
1283
1284 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1285 if (!cp)
1286 return;
1287
1288 hci_dev_lock(hdev);
1289
1290 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1291 if (conn) {
1292 if (conn->state == BT_CONFIG) {
1293 hci_proto_connect_cfm(conn, status);
1294 hci_conn_put(conn);
1295 }
1296 }
1297
1298 hci_dev_unlock(hdev);
1299}
1300
1301static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1302{
1303 struct hci_cp_set_conn_encrypt *cp;
1304 struct hci_conn *conn;
1305
1306 BT_DBG("%s status 0x%x", hdev->name, status);
1307
1308 if (!status)
1309 return;
1310
1311 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1312 if (!cp)
1313 return;
1314
1315 hci_dev_lock(hdev);
1316
1317 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1318 if (conn) {
1319 if (conn->state == BT_CONFIG) {
1320 hci_proto_connect_cfm(conn, status);
1321 hci_conn_put(conn);
1322 }
1323 }
1324
1325 hci_dev_unlock(hdev);
1326}
1327
127178d2 1328static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1329 struct hci_conn *conn)
392599b9 1330{
392599b9
JH		 1331 if (conn->state != BT_CONFIG || !conn->out)
1332 return 0;
1333
765c2a96 1334 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1335 return 0;
1336
1337 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1338 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1339 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1340 conn->pending_sec_level != BT_SECURITY_HIGH &&
1341 !(conn->auth_type & 0x01))
392599b9
JH		 1342 return 0;
1343
392599b9
JH		 1344 return 1;
1345}
1346
30dc78e1
JH		 1347static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1348{
1349 struct hci_cp_remote_name_req cp;
1350
1351 memset(&cp, 0, sizeof(cp));
1352
1353 bacpy(&cp.bdaddr, &e->data.bdaddr);
1354 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1355 cp.pscan_mode = e->data.pscan_mode;
1356 cp.clock_offset = e->data.clock_offset;
1357
1358 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1359}
1360
b644ba33 1361static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1362{
1363 struct discovery_state *discov = &hdev->discovery;
1364 struct inquiry_entry *e;
1365
b644ba33
JH		 1366 if (list_empty(&discov->resolve))
1367 return false;
1368
1369 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1370 if (hci_resolve_name(hdev, e) == 0) {
1371 e->name_state = NAME_PENDING;
1372 return true;
1373 }
1374
1375 return false;
1376}
1377
1378static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1379 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1380{
1381 struct discovery_state *discov = &hdev->discovery;
1382 struct inquiry_entry *e;
1383
1384 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
08c79b61 1385 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0,
b644ba33
JH		 1386 name, name_len, conn->dev_class);
1387
1388 if (discov->state == DISCOVERY_STOPPED)
1389 return;
1390
30dc78e1
JH		 1391 if (discov->state == DISCOVERY_STOPPING)
1392 goto discov_complete;
1393
1394 if (discov->state != DISCOVERY_RESOLVING)
1395 return;
1396
1397 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1398 if (e) {
1399 e->name_state = NAME_KNOWN;
1400 list_del(&e->list);
b644ba33
JH		 1401 if (name)
1402 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1403 e->data.rssi, name, name_len);
30dc78e1
JH		 1404 }
1405
b644ba33 1406 if (hci_resolve_next_name(hdev))
30dc78e1 1407 return;
30dc78e1
JH		 1408
1409discov_complete:
1410 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1411}
1412
a9de9248
MH		 1413static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1414{
127178d2
JH		 1415 struct hci_cp_remote_name_req *cp;
1416 struct hci_conn *conn;
1417
a9de9248 1418 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1419
1420 /* If successful wait for the name req complete event before
1421 * checking for the need to do authentication */
1422 if (!status)
1423 return;
1424
1425 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1426 if (!cp)
1427 return;
1428
1429 hci_dev_lock(hdev);
1430
b644ba33
JH		 1431 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1432
a8b2d5c2 1433 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1434 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1435
79c6c70c
JH		 1436 if (!conn)
1437 goto unlock;
1438
1439 if (!hci_outgoing_auth_needed(hdev, conn))
1440 goto unlock;
1441
51a8efd7 1442 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1443 struct hci_cp_auth_requested cp;
1444 cp.handle = __cpu_to_le16(conn->handle);
1445 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1446 }
1447
79c6c70c 1448unlock:
127178d2 1449 hci_dev_unlock(hdev);
a9de9248 1450}
1da177e4 1451
769be974
MH		 1452static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1453{
1454 struct hci_cp_read_remote_features *cp;
1455 struct hci_conn *conn;
1456
1457 BT_DBG("%s status 0x%x", hdev->name, status);
1458
1459 if (!status)
1460 return;
1461
1462 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1463 if (!cp)
1464 return;
1465
1466 hci_dev_lock(hdev);
1467
1468 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1469 if (conn) {
1470 if (conn->state == BT_CONFIG) {
769be974
MH		 1471 hci_proto_connect_cfm(conn, status);
1472 hci_conn_put(conn);
1473 }
1474 }
1475
1476 hci_dev_unlock(hdev);
1477}
1478
1479static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1480{
1481 struct hci_cp_read_remote_ext_features *cp;
1482 struct hci_conn *conn;
1483
1484 BT_DBG("%s status 0x%x", hdev->name, status);
1485
1486 if (!status)
1487 return;
1488
1489 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1490 if (!cp)
1491 return;
1492
1493 hci_dev_lock(hdev);
1494
1495 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1496 if (conn) {
1497 if (conn->state == BT_CONFIG) {
769be974
MH		 1498 hci_proto_connect_cfm(conn, status);
1499 hci_conn_put(conn);
1500 }
1501 }
1502
1503 hci_dev_unlock(hdev);
1504}
1505
a9de9248
MH		 1506static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1507{
b6a0dc82
MH		 1508 struct hci_cp_setup_sync_conn *cp;
1509 struct hci_conn *acl, *sco;
1510 __u16 handle;
1511
a9de9248 1512 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1513
1514 if (!status)
1515 return;
1516
1517 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1518 if (!cp)
1519 return;
1520
1521 handle = __le16_to_cpu(cp->handle);
1522
1523 BT_DBG("%s handle %d", hdev->name, handle);
1524
1525 hci_dev_lock(hdev);
1526
1527 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1528 if (acl) {
1529 sco = acl->link;
1530 if (sco) {
1531 sco->state = BT_CLOSED;
b6a0dc82 1532
5a08ecce
AE		 1533 hci_proto_connect_cfm(sco, status);
1534 hci_conn_del(sco);
1535 }
b6a0dc82
MH		 1536 }
1537
1538 hci_dev_unlock(hdev);
1da177e4
LT		 1539}
1540
a9de9248 1541static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1542{
a9de9248
MH		 1543 struct hci_cp_sniff_mode *cp;
1544 struct hci_conn *conn;
1da177e4 1545
a9de9248 1546 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1547
a9de9248
MH		 1548 if (!status)
1549 return;
04837f64 1550
a9de9248
MH		 1551 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1552 if (!cp)
1553 return;
04837f64 1554
a9de9248 1555 hci_dev_lock(hdev);
04837f64 1556
a9de9248 1557 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1558 if (conn) {
51a8efd7 1559 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1560
51a8efd7 1561 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1562 hci_sco_setup(conn, status);
1563 }
1564
a9de9248
MH		 1565 hci_dev_unlock(hdev);
1566}
04837f64 1567
a9de9248
MH		 1568static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1569{
1570 struct hci_cp_exit_sniff_mode *cp;
1571 struct hci_conn *conn;
04837f64 1572
a9de9248 1573 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1574
a9de9248
MH		 1575 if (!status)
1576 return;
04837f64 1577
a9de9248
MH		 1578 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1579 if (!cp)
1580 return;
04837f64 1581
a9de9248 1582 hci_dev_lock(hdev);
1da177e4 1583
a9de9248 1584 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1585 if (conn) {
51a8efd7 1586 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1587
51a8efd7 1588 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1589 hci_sco_setup(conn, status);
1590 }
1591
a9de9248 1592 hci_dev_unlock(hdev);
1da177e4
LT		 1593}
1594
88c3df13
JH		 1595static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1596{
1597 struct hci_cp_disconnect *cp;
1598 struct hci_conn *conn;
1599
1600 if (!status)
1601 return;
1602
1603 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1604 if (!cp)
1605 return;
1606
1607 hci_dev_lock(hdev);
1608
1609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1610 if (conn)
1611 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1612 conn->dst_type, status);
1613
1614 hci_dev_unlock(hdev);
1615}
1616
fcd89c09
VT		 1617static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1618{
1619 struct hci_cp_le_create_conn *cp;
1620 struct hci_conn *conn;
1621
1622 BT_DBG("%s status 0x%x", hdev->name, status);
1623
1624 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1625 if (!cp)
1626 return;
1627
1628 hci_dev_lock(hdev);
1629
1630 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1631
1632 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1633 conn);
1634
1635 if (status) {
1636 if (conn && conn->state == BT_CONNECT) {
1637 conn->state = BT_CLOSED;
1638 hci_proto_connect_cfm(conn, status);
1639 hci_conn_del(conn);
1640 }
1641 } else {
1642 if (!conn) {
1643 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1644 if (conn) {
1645 conn->dst_type = cp->peer_addr_type;
a0c808b3 1646 conn->out = true;
29b7988a 1647 } else {
fcd89c09 1648 BT_ERR("No memory for new connection");
29b7988a 1649 }
fcd89c09
VT		 1650 }
1651 }
1652
1653 hci_dev_unlock(hdev);
1654}
1655
a7a595f6
VCG		 1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657{
1658 BT_DBG("%s status 0x%x", hdev->name, status);
1659}
1660
1da177e4
LT		 1661static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1662{
1663 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1664 struct discovery_state *discov = &hdev->discovery;
1665 struct inquiry_entry *e;
1da177e4
LT		 1666
1667 BT_DBG("%s status %d", hdev->name, status);
1668
23bb5763 1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1670
a9de9248 1671 hci_conn_check_pending(hdev);
89352e7d
AG		 1672
1673 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1674 return;
1675
a8b2d5c2 1676 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1677 return;
1678
56e5cb86 1679 hci_dev_lock(hdev);
30dc78e1 1680
343f935b 1681 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1682 goto unlock;
1683
1684 if (list_empty(&discov->resolve)) {
1685 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 goto unlock;
1687 }
1688
1689 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1690 if (e && hci_resolve_name(hdev, e) == 0) {
1691 e->name_state = NAME_PENDING;
1692 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1693 } else {
1694 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1695 }
1696
1697unlock:
56e5cb86 1698 hci_dev_unlock(hdev);
1da177e4
LT		 1699}
1700
1da177e4
LT		 1701static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1702{
45bb4bf0 1703 struct inquiry_data data;
a9de9248 1704 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1705 int num_rsp = *((__u8 *) skb->data);
1706
1707 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1708
45bb4bf0
MH		 1709 if (!num_rsp)
1710 return;
1711
1da177e4 1712 hci_dev_lock(hdev);
45bb4bf0 1713
e17acd40 1714 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1715 bool name_known, ssp;
3175405b 1716
1da177e4
LT		 1717 bacpy(&data.bdaddr, &info->bdaddr);
1718 data.pscan_rep_mode = info->pscan_rep_mode;
1719 data.pscan_period_mode = info->pscan_period_mode;
1720 data.pscan_mode = info->pscan_mode;
1721 memcpy(data.dev_class, info->dev_class, 3);
1722 data.clock_offset = info->clock_offset;
1723 data.rssi = 0x00;
41a96212 1724 data.ssp_mode = 0x00;
3175405b 1725
388fc8fa 1726 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1727 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
388fc8fa 1728 info->dev_class, 0, !name_known, ssp,
7d262f86 1729 NULL, 0);
1da177e4 1730 }
45bb4bf0 1731
1da177e4
LT		 1732 hci_dev_unlock(hdev);
1733}
1734
1da177e4
LT		 1735static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1736{
a9de9248
MH		 1737 struct hci_ev_conn_complete *ev = (void *) skb->data;
1738 struct hci_conn *conn;
1da177e4
LT		 1739
1740 BT_DBG("%s", hdev->name);
1741
1742 hci_dev_lock(hdev);
1743
1744 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1745 if (!conn) {
1746 if (ev->link_type != SCO_LINK)
1747 goto unlock;
1748
1749 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1750 if (!conn)
1751 goto unlock;
1752
1753 conn->type = SCO_LINK;
1754 }
1da177e4
LT		 1755
1756 if (!ev->status) {
1757 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1758
1759 if (conn->type == ACL_LINK) {
1760 conn->state = BT_CONFIG;
1761 hci_conn_hold(conn);
052b30b0 1762 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1763 } else
1764 conn->state = BT_CONNECTED;
1da177e4 1765
9eba32b8 1766 hci_conn_hold_device(conn);
7d0db0a3
MH		 1767 hci_conn_add_sysfs(conn);
1768
1da177e4
LT		 1769 if (test_bit(HCI_AUTH, &hdev->flags))
1770 conn->link_mode |= HCI_LM_AUTH;
1771
1772 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1773 conn->link_mode |= HCI_LM_ENCRYPT;
1774
04837f64
MH		 1775 /* Get remote features */
1776 if (conn->type == ACL_LINK) {
1777 struct hci_cp_read_remote_features cp;
1778 cp.handle = ev->handle;
769be974
MH		 1779 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1780 sizeof(cp), &cp);
04837f64
MH		 1781 }
1782
1da177e4 1783 /* Set packet type for incoming connection */
d095c1eb 1784 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1785 struct hci_cp_change_conn_ptype cp;
1786 cp.handle = ev->handle;
a8746417
MH		 1787 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1788 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1789 sizeof(cp), &cp);
1da177e4 1790 }
17d5c04c 1791 } else {
1da177e4 1792 conn->state = BT_CLOSED;
17d5c04c 1793 if (conn->type == ACL_LINK)
744cf19e 1794 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1795 conn->dst_type, ev->status);
17d5c04c 1796 }
1da177e4 1797
e73439d8
MH		 1798 if (conn->type == ACL_LINK)
1799 hci_sco_setup(conn, ev->status);
1da177e4 1800
769be974
MH		 1801 if (ev->status) {
1802 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1803 hci_conn_del(conn);
c89b6e6b
MH		 1804 } else if (ev->link_type != ACL_LINK)
1805 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1806
a9de9248 1807unlock:
1da177e4 1808 hci_dev_unlock(hdev);
1da177e4 1809
a9de9248 1810 hci_conn_check_pending(hdev);
1da177e4
LT		 1811}
1812
a9de9248 1813static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1814{
a9de9248
MH		 1815 struct hci_ev_conn_request *ev = (void *) skb->data;
1816 int mask = hdev->link_mode;
1da177e4 1817
a9de9248
MH		 1818 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1819 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1820
a9de9248 1821 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1822
138d22ef
SJ		 1823 if ((mask & HCI_LM_ACCEPT) &&
1824 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1825 /* Connection accepted */
c7bdd502 1826 struct inquiry_entry *ie;
1da177e4 1827 struct hci_conn *conn;
1da177e4 1828
a9de9248 1829 hci_dev_lock(hdev);
b6a0dc82 1830
cc11b9c1
AE		 1831 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1832 if (ie)
c7bdd502
MH		 1833 memcpy(ie->data.dev_class, ev->dev_class, 3);
1834
a9de9248
MH		 1835 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1836 if (!conn) {
cc11b9c1
AE		 1837 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1838 if (!conn) {
893ef971 1839 BT_ERR("No memory for new connection");
a9de9248
MH		 1840 hci_dev_unlock(hdev);
1841 return;
1da177e4
LT		 1842 }
1843 }
b6a0dc82 1844
a9de9248
MH		 1845 memcpy(conn->dev_class, ev->dev_class, 3);
1846 conn->state = BT_CONNECT;
b6a0dc82 1847
a9de9248 1848 hci_dev_unlock(hdev);
1da177e4 1849
b6a0dc82
MH		 1850 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1851 struct hci_cp_accept_conn_req cp;
1da177e4 1852
b6a0dc82
MH		 1853 bacpy(&cp.bdaddr, &ev->bdaddr);
1854
1855 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1856 cp.role = 0x00; /* Become master */
1857 else
1858 cp.role = 0x01; /* Remain slave */
1859
1860 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1861 sizeof(cp), &cp);
1862 } else {
1863 struct hci_cp_accept_sync_conn_req cp;
1864
1865 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1866 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1867
1868 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1869 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1870 cp.max_latency = cpu_to_le16(0xffff);
1871 cp.content_format = cpu_to_le16(hdev->voice_setting);
1872 cp.retrans_effort = 0xff;
1da177e4 1873
b6a0dc82
MH		 1874 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1875 sizeof(cp), &cp);
1876 }
a9de9248
MH		 1877 } else {
1878 /* Connection rejected */
1879 struct hci_cp_reject_conn_req cp;
1da177e4 1880
a9de9248 1881 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1882 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1883 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1884 }
1da177e4
LT		 1885}
1886
a9de9248 1887static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1888{
a9de9248 1889 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1890 struct hci_conn *conn;
1891
1892 BT_DBG("%s status %d", hdev->name, ev->status);
1893
1894 hci_dev_lock(hdev);
1895
1896 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1897 if (!conn)
1898 goto unlock;
7d0db0a3 1899
37d9ef76
JH		 1900 if (ev->status == 0)
1901 conn->state = BT_CLOSED;
04837f64 1902
b644ba33
JH		 1903 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1904 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1905 if (ev->status != 0)
88c3df13
JH		 1906 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1907 conn->dst_type, ev->status);
37d9ef76 1908 else
afc747a6 1909 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1910 conn->dst_type);
37d9ef76 1911 }
f7520543 1912
37d9ef76
JH		 1913 if (ev->status == 0) {
1914 hci_proto_disconn_cfm(conn, ev->reason);
1915 hci_conn_del(conn);
1916 }
f7520543
JH		 1917
1918unlock:
04837f64
MH		 1919 hci_dev_unlock(hdev);
1920}
1921
1da177e4
LT		 1922static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1923{
a9de9248 1924 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1925 struct hci_conn *conn;
1da177e4
LT		 1926
1927 BT_DBG("%s status %d", hdev->name, ev->status);
1928
1929 hci_dev_lock(hdev);
1930
04837f64 1931 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1932 if (!conn)
1933 goto unlock;
1934
1935 if (!ev->status) {
aa64a8b5
JH		 1936 if (!hci_conn_ssp_enabled(conn) &&
1937 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1938 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1939 } else {
d7556e20
WR		 1940 conn->link_mode |= HCI_LM_AUTH;
1941 conn->sec_level = conn->pending_sec_level;
2a611692 1942 }
d7556e20 1943 } else {
bab73cb6
JH		 1944 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1945 ev->status);
d7556e20 1946 }
1da177e4 1947
51a8efd7
JH		 1948 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1949 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1950
d7556e20 1951 if (conn->state == BT_CONFIG) {
aa64a8b5 1952 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1953 struct hci_cp_set_conn_encrypt cp;
1954 cp.handle = ev->handle;
1955 cp.encrypt = 0x01;
1956 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1957 &cp);
052b30b0 1958 } else {
d7556e20
WR		 1959 conn->state = BT_CONNECTED;
1960 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1961 hci_conn_put(conn);
1962 }
d7556e20
WR		 1963 } else {
1964 hci_auth_cfm(conn, ev->status);
052b30b0 1965
d7556e20
WR		 1966 hci_conn_hold(conn);
1967 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1968 hci_conn_put(conn);
1969 }
1970
51a8efd7 1971 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1972 if (!ev->status) {
1973 struct hci_cp_set_conn_encrypt cp;
1974 cp.handle = ev->handle;
1975 cp.encrypt = 0x01;
1976 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1977 &cp);
1978 } else {
51a8efd7 1979 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1980 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1981 }
1982 }
1983
d7556e20 1984unlock:
1da177e4
LT		 1985 hci_dev_unlock(hdev);
1986}
1987
a9de9248 1988static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1989{
127178d2
JH		 1990 struct hci_ev_remote_name *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1992
a9de9248 1993 BT_DBG("%s", hdev->name);
1da177e4 1994
a9de9248 1995 hci_conn_check_pending(hdev);
127178d2
JH		 1996
1997 hci_dev_lock(hdev);
1998
b644ba33 1999 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2000
b644ba33
JH		 2001 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2002 goto check_auth;
a88a9652 2003
b644ba33
JH		 2004 if (ev->status == 0)
2005 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2006 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2007 else
2008 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2009
2010check_auth:
79c6c70c
JH		 2011 if (!conn)
2012 goto unlock;
2013
2014 if (!hci_outgoing_auth_needed(hdev, conn))
2015 goto unlock;
2016
51a8efd7 2017 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2018 struct hci_cp_auth_requested cp;
2019 cp.handle = __cpu_to_le16(conn->handle);
2020 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2021 }
2022
79c6c70c 2023unlock:
127178d2 2024 hci_dev_unlock(hdev);
a9de9248
MH		 2025}
2026
2027static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2028{
2029 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2030 struct hci_conn *conn;
2031
2032 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2033
2034 hci_dev_lock(hdev);
2035
04837f64 2036 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2037 if (conn) {
2038 if (!ev->status) {
ae293196
MH		 2039 if (ev->encrypt) {
2040 /* Encryption implies authentication */
2041 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2042 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2043 conn->sec_level = conn->pending_sec_level;
ae293196 2044 } else
1da177e4
LT		 2045 conn->link_mode &= ~HCI_LM_ENCRYPT;
2046 }
2047
51a8efd7 2048 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2049
f8558555
MH		 2050 if (conn->state == BT_CONFIG) {
2051 if (!ev->status)
2052 conn->state = BT_CONNECTED;
2053
2054 hci_proto_connect_cfm(conn, ev->status);
2055 hci_conn_put(conn);
2056 } else
2057 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2058 }
2059
2060 hci_dev_unlock(hdev);
2061}
2062
a9de9248 2063static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2064{
a9de9248 2065 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2066 struct hci_conn *conn;
1da177e4
LT		 2067
2068 BT_DBG("%s status %d", hdev->name, ev->status);
2069
2070 hci_dev_lock(hdev);
2071
04837f64 2072 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2073 if (conn) {
2074 if (!ev->status)
2075 conn->link_mode |= HCI_LM_SECURE;
2076
51a8efd7 2077 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2078
2079 hci_key_change_cfm(conn, ev->status);
2080 }
2081
2082 hci_dev_unlock(hdev);
2083}
2084
a9de9248 2085static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2086{
a9de9248
MH		 2087 struct hci_ev_remote_features *ev = (void *) skb->data;
2088 struct hci_conn *conn;
2089
2090 BT_DBG("%s status %d", hdev->name, ev->status);
2091
a9de9248
MH		 2092 hci_dev_lock(hdev);
2093
2094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2095 if (!conn)
2096 goto unlock;
769be974 2097
ccd556fe
JH		 2098 if (!ev->status)
2099 memcpy(conn->features, ev->features, 8);
2100
2101 if (conn->state != BT_CONFIG)
2102 goto unlock;
2103
2104 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2105 struct hci_cp_read_remote_ext_features cp;
2106 cp.handle = ev->handle;
2107 cp.page = 0x01;
2108 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2109 sizeof(cp), &cp);
392599b9
JH		 2110 goto unlock;
2111 }
2112
127178d2
JH		 2113 if (!ev->status) {
2114 struct hci_cp_remote_name_req cp;
2115 memset(&cp, 0, sizeof(cp));
2116 bacpy(&cp.bdaddr, &conn->dst);
2117 cp.pscan_rep_mode = 0x02;
2118 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2119 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2120 mgmt_device_connected(hdev, &conn->dst, conn->type,
08c79b61 2121 conn->dst_type, 0, NULL, 0,
b644ba33 2122 conn->dev_class);
392599b9 2123
127178d2 2124 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2125 conn->state = BT_CONNECTED;
2126 hci_proto_connect_cfm(conn, ev->status);
2127 hci_conn_put(conn);
769be974 2128 }
a9de9248 2129
ccd556fe 2130unlock:
a9de9248 2131 hci_dev_unlock(hdev);
1da177e4
LT		 2132}
2133
a9de9248 2134static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2135{
a9de9248 2136 BT_DBG("%s", hdev->name);
1da177e4
LT		 2137}
2138
a9de9248 2139static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2140{
a9de9248 2141 BT_DBG("%s", hdev->name);
1da177e4
LT		 2142}
2143
a9de9248
MH		 2144static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2145{
2146 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2147 __u16 opcode;
2148
2149 skb_pull(skb, sizeof(*ev));
2150
2151 opcode = __le16_to_cpu(ev->opcode);
2152
2153 switch (opcode) {
2154 case HCI_OP_INQUIRY_CANCEL:
2155 hci_cc_inquiry_cancel(hdev, skb);
2156 break;
2157
2158 case HCI_OP_EXIT_PERIODIC_INQ:
2159 hci_cc_exit_periodic_inq(hdev, skb);
2160 break;
2161
2162 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2163 hci_cc_remote_name_req_cancel(hdev, skb);
2164 break;
2165
2166 case HCI_OP_ROLE_DISCOVERY:
2167 hci_cc_role_discovery(hdev, skb);
2168 break;
2169
e4e8e37c
MH		 2170 case HCI_OP_READ_LINK_POLICY:
2171 hci_cc_read_link_policy(hdev, skb);
2172 break;
2173
a9de9248
MH		 2174 case HCI_OP_WRITE_LINK_POLICY:
2175 hci_cc_write_link_policy(hdev, skb);
2176 break;
2177
e4e8e37c
MH		 2178 case HCI_OP_READ_DEF_LINK_POLICY:
2179 hci_cc_read_def_link_policy(hdev, skb);
2180 break;
2181
2182 case HCI_OP_WRITE_DEF_LINK_POLICY:
2183 hci_cc_write_def_link_policy(hdev, skb);
2184 break;
2185
a9de9248
MH		 2186 case HCI_OP_RESET:
2187 hci_cc_reset(hdev, skb);
2188 break;
2189
2190 case HCI_OP_WRITE_LOCAL_NAME:
2191 hci_cc_write_local_name(hdev, skb);
2192 break;
2193
2194 case HCI_OP_READ_LOCAL_NAME:
2195 hci_cc_read_local_name(hdev, skb);
2196 break;
2197
2198 case HCI_OP_WRITE_AUTH_ENABLE:
2199 hci_cc_write_auth_enable(hdev, skb);
2200 break;
2201
2202 case HCI_OP_WRITE_ENCRYPT_MODE:
2203 hci_cc_write_encrypt_mode(hdev, skb);
2204 break;
2205
2206 case HCI_OP_WRITE_SCAN_ENABLE:
2207 hci_cc_write_scan_enable(hdev, skb);
2208 break;
2209
2210 case HCI_OP_READ_CLASS_OF_DEV:
2211 hci_cc_read_class_of_dev(hdev, skb);
2212 break;
2213
2214 case HCI_OP_WRITE_CLASS_OF_DEV:
2215 hci_cc_write_class_of_dev(hdev, skb);
2216 break;
2217
2218 case HCI_OP_READ_VOICE_SETTING:
2219 hci_cc_read_voice_setting(hdev, skb);
2220 break;
2221
2222 case HCI_OP_WRITE_VOICE_SETTING:
2223 hci_cc_write_voice_setting(hdev, skb);
2224 break;
2225
2226 case HCI_OP_HOST_BUFFER_SIZE:
2227 hci_cc_host_buffer_size(hdev, skb);
2228 break;
2229
333140b5
MH		 2230 case HCI_OP_WRITE_SSP_MODE:
2231 hci_cc_write_ssp_mode(hdev, skb);
2232 break;
2233
a9de9248
MH		 2234 case HCI_OP_READ_LOCAL_VERSION:
2235 hci_cc_read_local_version(hdev, skb);
2236 break;
2237
2238 case HCI_OP_READ_LOCAL_COMMANDS:
2239 hci_cc_read_local_commands(hdev, skb);
2240 break;
2241
2242 case HCI_OP_READ_LOCAL_FEATURES:
2243 hci_cc_read_local_features(hdev, skb);
2244 break;
2245
971e3a4b
AG		 2246 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2247 hci_cc_read_local_ext_features(hdev, skb);
2248 break;
2249
a9de9248
MH		 2250 case HCI_OP_READ_BUFFER_SIZE:
2251 hci_cc_read_buffer_size(hdev, skb);
2252 break;
2253
2254 case HCI_OP_READ_BD_ADDR:
2255 hci_cc_read_bd_addr(hdev, skb);
2256 break;
2257
350ee4cf
AE		 2258 case HCI_OP_READ_DATA_BLOCK_SIZE:
2259 hci_cc_read_data_block_size(hdev, skb);
2260 break;
2261
23bb5763
JH		 2262 case HCI_OP_WRITE_CA_TIMEOUT:
2263 hci_cc_write_ca_timeout(hdev, skb);
2264 break;
2265
1e89cffb
AE		 2266 case HCI_OP_READ_FLOW_CONTROL_MODE:
2267 hci_cc_read_flow_control_mode(hdev, skb);
2268 break;
2269
928abaa7
AE		 2270 case HCI_OP_READ_LOCAL_AMP_INFO:
2271 hci_cc_read_local_amp_info(hdev, skb);
2272 break;
2273
b0916ea0
JH		 2274 case HCI_OP_DELETE_STORED_LINK_KEY:
2275 hci_cc_delete_stored_link_key(hdev, skb);
2276 break;
2277
d5859e22
JH		 2278 case HCI_OP_SET_EVENT_MASK:
2279 hci_cc_set_event_mask(hdev, skb);
2280 break;
2281
2282 case HCI_OP_WRITE_INQUIRY_MODE:
2283 hci_cc_write_inquiry_mode(hdev, skb);
2284 break;
2285
2286 case HCI_OP_READ_INQ_RSP_TX_POWER:
2287 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2288 break;
2289
2290 case HCI_OP_SET_EVENT_FLT:
2291 hci_cc_set_event_flt(hdev, skb);
2292 break;
2293
980e1a53
JH		 2294 case HCI_OP_PIN_CODE_REPLY:
2295 hci_cc_pin_code_reply(hdev, skb);
2296 break;
2297
2298 case HCI_OP_PIN_CODE_NEG_REPLY:
2299 hci_cc_pin_code_neg_reply(hdev, skb);
2300 break;
2301
c35938b2
SJ		 2302 case HCI_OP_READ_LOCAL_OOB_DATA:
2303 hci_cc_read_local_oob_data_reply(hdev, skb);
2304 break;
2305
6ed58ec5
VT		 2306 case HCI_OP_LE_READ_BUFFER_SIZE:
2307 hci_cc_le_read_buffer_size(hdev, skb);
2308 break;
2309
a5c29683
JH		 2310 case HCI_OP_USER_CONFIRM_REPLY:
2311 hci_cc_user_confirm_reply(hdev, skb);
2312 break;
2313
2314 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2315 hci_cc_user_confirm_neg_reply(hdev, skb);
2316 break;
2317
1143d458
BG		 2318 case HCI_OP_USER_PASSKEY_REPLY:
2319 hci_cc_user_passkey_reply(hdev, skb);
2320 break;
2321
2322 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2323 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2324
2325 case HCI_OP_LE_SET_SCAN_PARAM:
2326 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2327 break;
2328
eb9d91f5
AG		 2329 case HCI_OP_LE_SET_SCAN_ENABLE:
2330 hci_cc_le_set_scan_enable(hdev, skb);
2331 break;
2332
a7a595f6
VCG		 2333 case HCI_OP_LE_LTK_REPLY:
2334 hci_cc_le_ltk_reply(hdev, skb);
2335 break;
2336
2337 case HCI_OP_LE_LTK_NEG_REPLY:
2338 hci_cc_le_ltk_neg_reply(hdev, skb);
2339 break;
2340
f9b49306
AG		 2341 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2342 hci_cc_write_le_host_supported(hdev, skb);
2343 break;
2344
a9de9248
MH		 2345 default:
2346 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2347 break;
2348 }
2349
6bd32326
VT		 2350 if (ev->opcode != HCI_OP_NOP)
2351 del_timer(&hdev->cmd_timer);
2352
a9de9248
MH		 2353 if (ev->ncmd) {
2354 atomic_set(&hdev->cmd_cnt, 1);
2355 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2356 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2357 }
2358}
2359
2360static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2361{
2362 struct hci_ev_cmd_status *ev = (void *) skb->data;
2363 __u16 opcode;
2364
2365 skb_pull(skb, sizeof(*ev));
2366
2367 opcode = __le16_to_cpu(ev->opcode);
2368
2369 switch (opcode) {
2370 case HCI_OP_INQUIRY:
2371 hci_cs_inquiry(hdev, ev->status);
2372 break;
2373
2374 case HCI_OP_CREATE_CONN:
2375 hci_cs_create_conn(hdev, ev->status);
2376 break;
2377
2378 case HCI_OP_ADD_SCO:
2379 hci_cs_add_sco(hdev, ev->status);
2380 break;
2381
f8558555
MH		 2382 case HCI_OP_AUTH_REQUESTED:
2383 hci_cs_auth_requested(hdev, ev->status);
2384 break;
2385
2386 case HCI_OP_SET_CONN_ENCRYPT:
2387 hci_cs_set_conn_encrypt(hdev, ev->status);
2388 break;
2389
a9de9248
MH		 2390 case HCI_OP_REMOTE_NAME_REQ:
2391 hci_cs_remote_name_req(hdev, ev->status);
2392 break;
2393
769be974
MH		 2394 case HCI_OP_READ_REMOTE_FEATURES:
2395 hci_cs_read_remote_features(hdev, ev->status);
2396 break;
2397
2398 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2399 hci_cs_read_remote_ext_features(hdev, ev->status);
2400 break;
2401
a9de9248
MH		 2402 case HCI_OP_SETUP_SYNC_CONN:
2403 hci_cs_setup_sync_conn(hdev, ev->status);
2404 break;
2405
2406 case HCI_OP_SNIFF_MODE:
2407 hci_cs_sniff_mode(hdev, ev->status);
2408 break;
2409
2410 case HCI_OP_EXIT_SNIFF_MODE:
2411 hci_cs_exit_sniff_mode(hdev, ev->status);
2412 break;
2413
8962ee74 2414 case HCI_OP_DISCONNECT:
88c3df13 2415 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2416 break;
2417
fcd89c09
VT		 2418 case HCI_OP_LE_CREATE_CONN:
2419 hci_cs_le_create_conn(hdev, ev->status);
2420 break;
2421
a7a595f6
VCG		 2422 case HCI_OP_LE_START_ENC:
2423 hci_cs_le_start_enc(hdev, ev->status);
2424 break;
2425
a9de9248
MH		 2426 default:
2427 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2428 break;
2429 }
2430
6bd32326
VT		 2431 if (ev->opcode != HCI_OP_NOP)
2432 del_timer(&hdev->cmd_timer);
2433
10572132 2434 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2435 atomic_set(&hdev->cmd_cnt, 1);
2436 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2437 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2438 }
2439}
2440
2441static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2442{
2443 struct hci_ev_role_change *ev = (void *) skb->data;
2444 struct hci_conn *conn;
2445
2446 BT_DBG("%s status %d", hdev->name, ev->status);
2447
2448 hci_dev_lock(hdev);
2449
2450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2451 if (conn) {
2452 if (!ev->status) {
2453 if (ev->role)
2454 conn->link_mode &= ~HCI_LM_MASTER;
2455 else
2456 conn->link_mode |= HCI_LM_MASTER;
2457 }
2458
51a8efd7 2459 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2460
2461 hci_role_switch_cfm(conn, ev->status, ev->role);
2462 }
2463
2464 hci_dev_unlock(hdev);
2465}
2466
2467static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2468{
2469 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2470 int i;
2471
32ac5b9b
AE		 2472 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2473 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2474 return;
2475 }
2476
c5993de8
AE		 2477 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2478 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2479 BT_DBG("%s bad parameters", hdev->name);
2480 return;
2481 }
2482
c5993de8
AE		 2483 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2484
613a1c0c
AE		 2485 for (i = 0; i < ev->num_hndl; i++) {
2486 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2487 struct hci_conn *conn;
2488 __u16 handle, count;
2489
613a1c0c
AE		 2490 handle = __le16_to_cpu(info->handle);
2491 count = __le16_to_cpu(info->count);
a9de9248
MH		 2492
2493 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2494 if (!conn)
2495 continue;
2496
2497 conn->sent -= count;
2498
2499 switch (conn->type) {
2500 case ACL_LINK:
2501 hdev->acl_cnt += count;
2502 if (hdev->acl_cnt > hdev->acl_pkts)
2503 hdev->acl_cnt = hdev->acl_pkts;
2504 break;
2505
2506 case LE_LINK:
2507 if (hdev->le_pkts) {
2508 hdev->le_cnt += count;
2509 if (hdev->le_cnt > hdev->le_pkts)
2510 hdev->le_cnt = hdev->le_pkts;
2511 } else {
70f23020
AE		 2512 hdev->acl_cnt += count;
2513 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2514 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2515 }
f4280918
AE		 2516 break;
2517
2518 case SCO_LINK:
2519 hdev->sco_cnt += count;
2520 if (hdev->sco_cnt > hdev->sco_pkts)
2521 hdev->sco_cnt = hdev->sco_pkts;
2522 break;
2523
2524 default:
2525 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2526 break;
a9de9248
MH		 2527 }
2528 }
2529
3eff45ea 2530 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2531}
2532
25e89e99
AE		 2533static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2534 struct sk_buff *skb)
2535{
2536 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2537 int i;
2538
2539 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2540 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2541 return;
2542 }
2543
2544 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2545 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2546 BT_DBG("%s bad parameters", hdev->name);
2547 return;
2548 }
2549
2550 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2551 ev->num_hndl);
2552
2553 for (i = 0; i < ev->num_hndl; i++) {
2554 struct hci_comp_blocks_info *info = &ev->handles[i];
2555 struct hci_conn *conn;
2556 __u16 handle, block_count;
2557
2558 handle = __le16_to_cpu(info->handle);
2559 block_count = __le16_to_cpu(info->blocks);
2560
2561 conn = hci_conn_hash_lookup_handle(hdev, handle);
2562 if (!conn)
2563 continue;
2564
2565 conn->sent -= block_count;
2566
2567 switch (conn->type) {
2568 case ACL_LINK:
2569 hdev->block_cnt += block_count;
2570 if (hdev->block_cnt > hdev->num_blocks)
2571 hdev->block_cnt = hdev->num_blocks;
2572 break;
2573
2574 default:
2575 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2576 break;
2577 }
2578 }
2579
2580 queue_work(hdev->workqueue, &hdev->tx_work);
2581}
2582
a9de9248 2583static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2584{
a9de9248 2585 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2586 struct hci_conn *conn;
2587
2588 BT_DBG("%s status %d", hdev->name, ev->status);
2589
2590 hci_dev_lock(hdev);
2591
2592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2593 if (conn) {
2594 conn->mode = ev->mode;
2595 conn->interval = __le16_to_cpu(ev->interval);
2596
51a8efd7 2597 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2598 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2599 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2600 else
58a681ef 2601 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2602 }
e73439d8 2603
51a8efd7 2604 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2605 hci_sco_setup(conn, ev->status);
04837f64
MH		 2606 }
2607
2608 hci_dev_unlock(hdev);
2609}
2610
a9de9248
MH		 2611static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2612{
052b30b0
MH		 2613 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2614 struct hci_conn *conn;
2615
a9de9248 2616 BT_DBG("%s", hdev->name);
052b30b0
MH		 2617
2618 hci_dev_lock(hdev);
2619
2620 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2621 if (!conn)
2622 goto unlock;
2623
2624 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2625 hci_conn_hold(conn);
2626 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2627 hci_conn_put(conn);
2628 }
2629
a8b2d5c2 2630 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2631 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2632 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2633 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2634 u8 secure;
2635
2636 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2637 secure = 1;
2638 else
2639 secure = 0;
2640
744cf19e 2641 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2642 }
980e1a53 2643
b6f98044 2644unlock:
052b30b0 2645 hci_dev_unlock(hdev);
a9de9248
MH		 2646}
2647
2648static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649{
55ed8ca1
JH		 2650 struct hci_ev_link_key_req *ev = (void *) skb->data;
2651 struct hci_cp_link_key_reply cp;
2652 struct hci_conn *conn;
2653 struct link_key *key;
2654
a9de9248 2655 BT_DBG("%s", hdev->name);
55ed8ca1 2656
a8b2d5c2 2657 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2658 return;
2659
2660 hci_dev_lock(hdev);
2661
2662 key = hci_find_link_key(hdev, &ev->bdaddr);
2663 if (!key) {
2664 BT_DBG("%s link key not found for %s", hdev->name,
2665 batostr(&ev->bdaddr));
2666 goto not_found;
2667 }
2668
2669 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2670 batostr(&ev->bdaddr));
2671
a8b2d5c2 2672 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2673 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2674 BT_DBG("%s ignoring debug key", hdev->name);
2675 goto not_found;
2676 }
2677
2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2679 if (conn) {
2680 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2681 conn->auth_type != 0xff &&
2682 (conn->auth_type & 0x01)) {
2683 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2684 goto not_found;
2685 }
55ed8ca1 2686
60b83f57
WR		 2687 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2688 conn->pending_sec_level == BT_SECURITY_HIGH) {
2689 BT_DBG("%s ignoring key unauthenticated for high \
2690 security", hdev->name);
2691 goto not_found;
2692 }
2693
2694 conn->key_type = key->type;
2695 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2696 }
2697
2698 bacpy(&cp.bdaddr, &ev->bdaddr);
2699 memcpy(cp.link_key, key->val, 16);
2700
2701 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2702
2703 hci_dev_unlock(hdev);
2704
2705 return;
2706
2707not_found:
2708 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2709 hci_dev_unlock(hdev);
a9de9248
MH		 2710}
2711
2712static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2713{
052b30b0
MH		 2714 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2715 struct hci_conn *conn;
55ed8ca1 2716 u8 pin_len = 0;
052b30b0 2717
a9de9248 2718 BT_DBG("%s", hdev->name);
052b30b0
MH		 2719
2720 hci_dev_lock(hdev);
2721
2722 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2723 if (conn) {
2724 hci_conn_hold(conn);
2725 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2726 pin_len = conn->pin_length;
13d39315
WR		 2727
2728 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2729 conn->key_type = ev->key_type;
2730
052b30b0
MH		 2731 hci_conn_put(conn);
2732 }
2733
a8b2d5c2 2734 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2735 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2736 ev->key_type, pin_len);
2737
052b30b0 2738 hci_dev_unlock(hdev);
a9de9248
MH		 2739}
2740
1da177e4
LT		 2741static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2742{
a9de9248 2743 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2744 struct hci_conn *conn;
1da177e4
LT		 2745
2746 BT_DBG("%s status %d", hdev->name, ev->status);
2747
2748 hci_dev_lock(hdev);
2749
04837f64 2750 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2751 if (conn && !ev->status) {
2752 struct inquiry_entry *ie;
2753
cc11b9c1
AE		 2754 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2755 if (ie) {
1da177e4
LT		 2756 ie->data.clock_offset = ev->clock_offset;
2757 ie->timestamp = jiffies;
2758 }
2759 }
2760
2761 hci_dev_unlock(hdev);
2762}
2763
a8746417
MH		 2764static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765{
2766 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2767 struct hci_conn *conn;
2768
2769 BT_DBG("%s status %d", hdev->name, ev->status);
2770
2771 hci_dev_lock(hdev);
2772
2773 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2774 if (conn && !ev->status)
2775 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2776
2777 hci_dev_unlock(hdev);
2778}
2779
85a1e930
MH		 2780static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2781{
a9de9248 2782 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2783 struct inquiry_entry *ie;
2784
2785 BT_DBG("%s", hdev->name);
2786
2787 hci_dev_lock(hdev);
2788
cc11b9c1
AE		 2789 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2790 if (ie) {
85a1e930
MH		 2791 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2792 ie->timestamp = jiffies;
2793 }
2794
2795 hci_dev_unlock(hdev);
2796}
2797
a9de9248
MH		 2798static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2799{
2800 struct inquiry_data data;
2801 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2802 bool name_known, ssp;
a9de9248
MH		 2803
2804 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2805
2806 if (!num_rsp)
2807 return;
2808
2809 hci_dev_lock(hdev);
2810
2811 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2812 struct inquiry_info_with_rssi_and_pscan_mode *info;
2813 info = (void *) (skb->data + 1);
a9de9248 2814
e17acd40 2815 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2816 bacpy(&data.bdaddr, &info->bdaddr);
2817 data.pscan_rep_mode = info->pscan_rep_mode;
2818 data.pscan_period_mode = info->pscan_period_mode;
2819 data.pscan_mode = info->pscan_mode;
2820 memcpy(data.dev_class, info->dev_class, 3);
2821 data.clock_offset = info->clock_offset;
2822 data.rssi = info->rssi;
41a96212 2823 data.ssp_mode = 0x00;
3175405b
JH		 2824
2825 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2826 false, &ssp);
48264f06 2827 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2828 info->dev_class, info->rssi,
388fc8fa 2829 !name_known, ssp, NULL, 0);
a9de9248
MH		 2830 }
2831 } else {
2832 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2833
e17acd40 2834 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2835 bacpy(&data.bdaddr, &info->bdaddr);
2836 data.pscan_rep_mode = info->pscan_rep_mode;
2837 data.pscan_period_mode = info->pscan_period_mode;
2838 data.pscan_mode = 0x00;
2839 memcpy(data.dev_class, info->dev_class, 3);
2840 data.clock_offset = info->clock_offset;
2841 data.rssi = info->rssi;
41a96212 2842 data.ssp_mode = 0x00;
3175405b 2843 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2844 false, &ssp);
48264f06 2845 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2846 info->dev_class, info->rssi,
388fc8fa 2847 !name_known, ssp, NULL, 0);
a9de9248
MH		 2848 }
2849 }
2850
2851 hci_dev_unlock(hdev);
2852}
2853
2854static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2855{
41a96212
MH		 2856 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2857 struct hci_conn *conn;
2858
a9de9248 2859 BT_DBG("%s", hdev->name);
41a96212 2860
41a96212
MH		 2861 hci_dev_lock(hdev);
2862
2863 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2864 if (!conn)
2865 goto unlock;
41a96212 2866
ccd556fe
JH		 2867 if (!ev->status && ev->page == 0x01) {
2868 struct inquiry_entry *ie;
41a96212 2869
cc11b9c1
AE		 2870 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2871 if (ie)
ccd556fe 2872 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2873
58a681ef
JH		 2874 if (ev->features[0] & 0x01)
2875 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2876 }
2877
2878 if (conn->state != BT_CONFIG)
2879 goto unlock;
2880
127178d2
JH		 2881 if (!ev->status) {
2882 struct hci_cp_remote_name_req cp;
2883 memset(&cp, 0, sizeof(cp));
2884 bacpy(&cp.bdaddr, &conn->dst);
2885 cp.pscan_rep_mode = 0x02;
2886 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2887 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2888 mgmt_device_connected(hdev, &conn->dst, conn->type,
08c79b61 2889 conn->dst_type, 0, NULL, 0,
b644ba33 2890 conn->dev_class);
392599b9 2891
127178d2 2892 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2893 conn->state = BT_CONNECTED;
2894 hci_proto_connect_cfm(conn, ev->status);
2895 hci_conn_put(conn);
41a96212
MH		 2896 }
2897
ccd556fe 2898unlock:
41a96212 2899 hci_dev_unlock(hdev);
a9de9248
MH		 2900}
2901
2902static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2903{
b6a0dc82
MH		 2904 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2905 struct hci_conn *conn;
2906
2907 BT_DBG("%s status %d", hdev->name, ev->status);
2908
2909 hci_dev_lock(hdev);
2910
2911 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2912 if (!conn) {
2913 if (ev->link_type == ESCO_LINK)
2914 goto unlock;
2915
2916 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2917 if (!conn)
2918 goto unlock;
2919
2920 conn->type = SCO_LINK;
2921 }
b6a0dc82 2922
732547f9
MH		 2923 switch (ev->status) {
2924 case 0x00:
b6a0dc82
MH		 2925 conn->handle = __le16_to_cpu(ev->handle);
2926 conn->state = BT_CONNECTED;
7d0db0a3 2927
9eba32b8 2928 hci_conn_hold_device(conn);
7d0db0a3 2929 hci_conn_add_sysfs(conn);
732547f9
MH		 2930 break;
2931
705e5711 2932 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2933 case 0x1c: /* SCO interval rejected */
1038a00b 2934 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2935 case 0x1f: /* Unspecified error */
2936 if (conn->out && conn->attempt < 2) {
2937 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2938 (hdev->esco_type & EDR_ESCO_MASK);
2939 hci_setup_sync(conn, conn->link->handle);
2940 goto unlock;
2941 }
2942 /* fall through */
2943
2944 default:
b6a0dc82 2945 conn->state = BT_CLOSED;
732547f9
MH		 2946 break;
2947 }
b6a0dc82
MH		 2948
2949 hci_proto_connect_cfm(conn, ev->status);
2950 if (ev->status)
2951 hci_conn_del(conn);
2952
2953unlock:
2954 hci_dev_unlock(hdev);
a9de9248
MH		 2955}
2956
2957static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2958{
2959 BT_DBG("%s", hdev->name);
2960}
2961
04837f64
MH		 2962static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2963{
a9de9248 2964 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2965
2966 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2967}
2968
a9de9248 2969static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2970{
a9de9248
MH		 2971 struct inquiry_data data;
2972 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2973 int num_rsp = *((__u8 *) skb->data);
1da177e4 2974
a9de9248 2975 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2976
a9de9248
MH		 2977 if (!num_rsp)
2978 return;
1da177e4 2979
a9de9248
MH		 2980 hci_dev_lock(hdev);
2981
e17acd40 2982 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2983 bool name_known, ssp;
561aafbc 2984
a9de9248 2985 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2986 data.pscan_rep_mode = info->pscan_rep_mode;
2987 data.pscan_period_mode = info->pscan_period_mode;
2988 data.pscan_mode = 0x00;
a9de9248 2989 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2990 data.clock_offset = info->clock_offset;
2991 data.rssi = info->rssi;
41a96212 2992 data.ssp_mode = 0x01;
561aafbc 2993
a8b2d5c2 2994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2995 name_known = eir_has_data_type(info->data,
2996 sizeof(info->data),
2997 EIR_NAME_COMPLETE);
561aafbc
JH		 2998 else
2999 name_known = true;
3000
388fc8fa
JH		 3001 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3002 &ssp);
48264f06 3003 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 3004 info->dev_class, info->rssi,
388fc8fa 3005 !name_known, ssp, info->data,
7d262f86 3006 sizeof(info->data));
a9de9248
MH		 3007 }
3008
3009 hci_dev_unlock(hdev);
3010}
1da177e4 3011
17fa4b9d
JH		 3012static inline u8 hci_get_auth_req(struct hci_conn *conn)
3013{
3014 /* If remote requests dedicated bonding follow that lead */
3015 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3016 /* If both remote and local IO capabilities allow MITM
3017 * protection then require it, otherwise don't */
3018 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3019 return 0x02;
3020 else
3021 return 0x03;
3022 }
3023
3024 /* If remote requests no-bonding follow that lead */
3025 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3026 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3027
3028 return conn->auth_type;
3029}
3030
0493684e
MH		 3031static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3032{
3033 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3034 struct hci_conn *conn;
3035
3036 BT_DBG("%s", hdev->name);
3037
3038 hci_dev_lock(hdev);
3039
3040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3041 if (!conn)
3042 goto unlock;
3043
3044 hci_conn_hold(conn);
3045
a8b2d5c2 3046 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3047 goto unlock;
3048
a8b2d5c2 3049 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3050 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3051 struct hci_cp_io_capability_reply cp;
3052
3053 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3054 /* Change the IO capability from KeyboardDisplay
3055 * to DisplayYesNo as it is not supported by BT spec. */
3056 cp.capability = (conn->io_capability == 0x04) ?
3057 0x01 : conn->io_capability;
7cbc9bd9
JH		 3058 conn->auth_type = hci_get_auth_req(conn);
3059 cp.authentication = conn->auth_type;
17fa4b9d 3060
58a681ef 3061 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3062 hci_find_remote_oob_data(hdev, &conn->dst))
3063 cp.oob_data = 0x01;
3064 else
3065 cp.oob_data = 0x00;
3066
17fa4b9d
JH		 3067 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3068 sizeof(cp), &cp);
03b555e1
JH		 3069 } else {
3070 struct hci_cp_io_capability_neg_reply cp;
3071
3072 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3073 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3074
03b555e1
JH		 3075 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3076 sizeof(cp), &cp);
3077 }
3078
3079unlock:
3080 hci_dev_unlock(hdev);
3081}
3082
3083static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3084{
3085 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3086 struct hci_conn *conn;
3087
3088 BT_DBG("%s", hdev->name);
3089
3090 hci_dev_lock(hdev);
3091
3092 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3093 if (!conn)
3094 goto unlock;
3095
03b555e1 3096 conn->remote_cap = ev->capability;
03b555e1 3097 conn->remote_auth = ev->authentication;
58a681ef
JH		 3098 if (ev->oob_data)
3099 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3100
3101unlock:
0493684e
MH		 3102 hci_dev_unlock(hdev);
3103}
3104
a5c29683
JH		 3105static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3106 struct sk_buff *skb)
3107{
3108 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3109 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3110 struct hci_conn *conn;
a5c29683
JH		 3111
3112 BT_DBG("%s", hdev->name);
3113
3114 hci_dev_lock(hdev);
3115
a8b2d5c2 3116 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3117 goto unlock;
a5c29683 3118
7a828908
JH		 3119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3120 if (!conn)
3121 goto unlock;
3122
3123 loc_mitm = (conn->auth_type & 0x01);
3124 rem_mitm = (conn->remote_auth & 0x01);
3125
3126 /* If we require MITM but the remote device can't provide that
3127 * (it has NoInputNoOutput) then reject the confirmation
3128 * request. The only exception is when we're dedicated bonding
3129 * initiators (connect_cfm_cb set) since then we always have the MITM
3130 * bit set. */
3131 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3132 BT_DBG("Rejecting request: remote device can't provide MITM");
3133 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3134 sizeof(ev->bdaddr), &ev->bdaddr);
3135 goto unlock;
3136 }
3137
3138 /* If no side requires MITM protection; auto-accept */
3139 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3140 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3141
3142 /* If we're not the initiators request authorization to
3143 * proceed from user space (mgmt_user_confirm with
3144 * confirm_hint set to 1). */
51a8efd7 3145 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3146 BT_DBG("Confirming auto-accept as acceptor");
3147 confirm_hint = 1;
3148 goto confirm;
3149 }
3150
9f61656a
JH		 3151 BT_DBG("Auto-accept of user confirmation with %ums delay",
3152 hdev->auto_accept_delay);
3153
3154 if (hdev->auto_accept_delay > 0) {
3155 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3156 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3157 goto unlock;
3158 }
3159
7a828908
JH		 3160 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3161 sizeof(ev->bdaddr), &ev->bdaddr);
3162 goto unlock;
3163 }
3164
55bc1a37 3165confirm:
272d90df 3166 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3167 confirm_hint);
7a828908
JH		 3168
3169unlock:
a5c29683
JH		 3170 hci_dev_unlock(hdev);
3171}
3172
1143d458
BG		 3173static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3174 struct sk_buff *skb)
3175{
3176 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3177
3178 BT_DBG("%s", hdev->name);
3179
3180 hci_dev_lock(hdev);
3181
a8b2d5c2 3182 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3183 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3184
3185 hci_dev_unlock(hdev);
3186}
3187
0493684e
MH		 3188static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3189{
3190 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3191 struct hci_conn *conn;
3192
3193 BT_DBG("%s", hdev->name);
3194
3195 hci_dev_lock(hdev);
3196
3197 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3198 if (!conn)
3199 goto unlock;
3200
3201 /* To avoid duplicate auth_failed events to user space we check
3202 * the HCI_CONN_AUTH_PEND flag which will be set if we
3203 * initiated the authentication. A traditional auth_complete
3204 * event gets always produced as initiator and is also mapped to
3205 * the mgmt_auth_failed event */
51a8efd7 3206 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3207 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3208 ev->status);
0493684e 3209
2a611692
JH		 3210 hci_conn_put(conn);
3211
3212unlock:
0493684e
MH		 3213 hci_dev_unlock(hdev);
3214}
3215
41a96212
MH		 3216static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3217{
3218 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3219 struct inquiry_entry *ie;
3220
3221 BT_DBG("%s", hdev->name);
3222
3223 hci_dev_lock(hdev);
3224
cc11b9c1
AE		 3225 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3226 if (ie)
41a96212
MH		 3227 ie->data.ssp_mode = (ev->features[0] & 0x01);
3228
3229 hci_dev_unlock(hdev);
3230}
3231
2763eda6
SJ		 3232static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3233 struct sk_buff *skb)
3234{
3235 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3236 struct oob_data *data;
3237
3238 BT_DBG("%s", hdev->name);
3239
3240 hci_dev_lock(hdev);
3241
a8b2d5c2 3242 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3243 goto unlock;
3244
2763eda6
SJ		 3245 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3246 if (data) {
3247 struct hci_cp_remote_oob_data_reply cp;
3248
3249 bacpy(&cp.bdaddr, &ev->bdaddr);
3250 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3251 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3252
3253 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3254 &cp);
3255 } else {
3256 struct hci_cp_remote_oob_data_neg_reply cp;
3257
3258 bacpy(&cp.bdaddr, &ev->bdaddr);
3259 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3260 &cp);
3261 }
3262
e1ba1f15 3263unlock:
2763eda6
SJ		 3264 hci_dev_unlock(hdev);
3265}
3266
fcd89c09
VT		 3267static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3268{
3269 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3270 struct hci_conn *conn;
3271
3272 BT_DBG("%s status %d", hdev->name, ev->status);
3273
3274 hci_dev_lock(hdev);
3275
3276 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3277 if (!conn) {
3278 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3279 if (!conn) {
3280 BT_ERR("No memory for new connection");
3281 hci_dev_unlock(hdev);
3282 return;
3283 }
29b7988a
AG		 3284
3285 conn->dst_type = ev->bdaddr_type;
b62f328b 3286 }
fcd89c09
VT		 3287
3288 if (ev->status) {
48264f06
JH		 3289 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3290 conn->dst_type, ev->status);
fcd89c09
VT		 3291 hci_proto_connect_cfm(conn, ev->status);
3292 conn->state = BT_CLOSED;
3293 hci_conn_del(conn);
3294 goto unlock;
3295 }
3296
b644ba33
JH		 3297 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3298 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
08c79b61 3299 conn->dst_type, 0, NULL, 0, 0);
83bc71b4 3300
7b5c0d52 3301 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3302 conn->handle = __le16_to_cpu(ev->handle);
3303 conn->state = BT_CONNECTED;
3304
3305 hci_conn_hold_device(conn);
3306 hci_conn_add_sysfs(conn);
3307
3308 hci_proto_connect_cfm(conn, ev->status);
3309
3310unlock:
3311 hci_dev_unlock(hdev);
3312}
3313
9aa04c91
AG		 3314static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3315 struct sk_buff *skb)
3316{
e95beb41
AG		 3317 u8 num_reports = skb->data[0];
3318 void *ptr = &skb->data[1];
3c9e9195 3319 s8 rssi;
9aa04c91
AG		 3320
3321 hci_dev_lock(hdev);
3322
e95beb41
AG		 3323 while (num_reports--) {
3324 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3325
9aa04c91 3326 hci_add_adv_entry(hdev, ev);
e95beb41 3327
3c9e9195
AG		 3328 rssi = ev->data[ev->length];
3329 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
388fc8fa
JH		 3330 NULL, rssi, 0, 1, ev->data,
3331 ev->length);
3c9e9195 3332
e95beb41 3333 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3334 }
3335
3336 hci_dev_unlock(hdev);
3337}
3338
a7a595f6
VCG		 3339static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3340 struct sk_buff *skb)
3341{
3342 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3343 struct hci_cp_le_ltk_reply cp;
bea710fe 3344 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3345 struct hci_conn *conn;
c9839a11 3346 struct smp_ltk *ltk;
a7a595f6
VCG		 3347
3348 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3349
3350 hci_dev_lock(hdev);
3351
3352 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3353 if (conn == NULL)
3354 goto not_found;
a7a595f6 3355
bea710fe
VCG		 3356 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3357 if (ltk == NULL)
3358 goto not_found;
3359
3360 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3361 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3362
3363 if (ltk->authenticated)
3364 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3365
3366 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3367
c9839a11
VCG		 3368 if (ltk->type & HCI_SMP_STK) {
3369 list_del(&ltk->list);
3370 kfree(ltk);
3371 }
3372
a7a595f6 3373 hci_dev_unlock(hdev);
bea710fe
VCG		 3374
3375 return;
3376
3377not_found:
3378 neg.handle = ev->handle;
3379 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3380 hci_dev_unlock(hdev);
a7a595f6
VCG		 3381}
3382
fcd89c09
VT		 3383static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3384{
3385 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3386
3387 skb_pull(skb, sizeof(*le_ev));
3388
3389 switch (le_ev->subevent) {
3390 case HCI_EV_LE_CONN_COMPLETE:
3391 hci_le_conn_complete_evt(hdev, skb);
3392 break;
3393
9aa04c91
AG		 3394 case HCI_EV_LE_ADVERTISING_REPORT:
3395 hci_le_adv_report_evt(hdev, skb);
3396 break;
3397
a7a595f6
VCG		 3398 case HCI_EV_LE_LTK_REQ:
3399 hci_le_ltk_request_evt(hdev, skb);
3400 break;
3401
fcd89c09
VT		 3402 default:
3403 break;
3404 }
3405}
3406
a9de9248
MH		 3407void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3408{
3409 struct hci_event_hdr *hdr = (void *) skb->data;
3410 __u8 event = hdr->evt;
3411
3412 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3413
3414 switch (event) {
1da177e4
LT		 3415 case HCI_EV_INQUIRY_COMPLETE:
3416 hci_inquiry_complete_evt(hdev, skb);
3417 break;
3418
3419 case HCI_EV_INQUIRY_RESULT:
3420 hci_inquiry_result_evt(hdev, skb);
3421 break;
3422
a9de9248
MH		 3423 case HCI_EV_CONN_COMPLETE:
3424 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3425 break;
3426
1da177e4
LT		 3427 case HCI_EV_CONN_REQUEST:
3428 hci_conn_request_evt(hdev, skb);
3429 break;
3430
1da177e4
LT		 3431 case HCI_EV_DISCONN_COMPLETE:
3432 hci_disconn_complete_evt(hdev, skb);
3433 break;
3434
1da177e4
LT		 3435 case HCI_EV_AUTH_COMPLETE:
3436 hci_auth_complete_evt(hdev, skb);
3437 break;
3438
a9de9248
MH		 3439 case HCI_EV_REMOTE_NAME:
3440 hci_remote_name_evt(hdev, skb);
3441 break;
3442
1da177e4
LT		 3443 case HCI_EV_ENCRYPT_CHANGE:
3444 hci_encrypt_change_evt(hdev, skb);
3445 break;
3446
a9de9248
MH		 3447 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3448 hci_change_link_key_complete_evt(hdev, skb);
3449 break;
3450
3451 case HCI_EV_REMOTE_FEATURES:
3452 hci_remote_features_evt(hdev, skb);
3453 break;
3454
3455 case HCI_EV_REMOTE_VERSION:
3456 hci_remote_version_evt(hdev, skb);
3457 break;
3458
3459 case HCI_EV_QOS_SETUP_COMPLETE:
3460 hci_qos_setup_complete_evt(hdev, skb);
3461 break;
3462
3463 case HCI_EV_CMD_COMPLETE:
3464 hci_cmd_complete_evt(hdev, skb);
3465 break;
3466
3467 case HCI_EV_CMD_STATUS:
3468 hci_cmd_status_evt(hdev, skb);
3469 break;
3470
3471 case HCI_EV_ROLE_CHANGE:
3472 hci_role_change_evt(hdev, skb);
3473 break;
3474
3475 case HCI_EV_NUM_COMP_PKTS:
3476 hci_num_comp_pkts_evt(hdev, skb);
3477 break;
3478
3479 case HCI_EV_MODE_CHANGE:
3480 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3481 break;
3482
3483 case HCI_EV_PIN_CODE_REQ:
3484 hci_pin_code_request_evt(hdev, skb);
3485 break;
3486
3487 case HCI_EV_LINK_KEY_REQ:
3488 hci_link_key_request_evt(hdev, skb);
3489 break;
3490
3491 case HCI_EV_LINK_KEY_NOTIFY:
3492 hci_link_key_notify_evt(hdev, skb);
3493 break;
3494
3495 case HCI_EV_CLOCK_OFFSET:
3496 hci_clock_offset_evt(hdev, skb);
3497 break;
3498
a8746417
MH		 3499 case HCI_EV_PKT_TYPE_CHANGE:
3500 hci_pkt_type_change_evt(hdev, skb);
3501 break;
3502
85a1e930
MH		 3503 case HCI_EV_PSCAN_REP_MODE:
3504 hci_pscan_rep_mode_evt(hdev, skb);
3505 break;
3506
a9de9248
MH		 3507 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3508 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3509 break;
3510
a9de9248
MH		 3511 case HCI_EV_REMOTE_EXT_FEATURES:
3512 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3513 break;
3514
a9de9248
MH		 3515 case HCI_EV_SYNC_CONN_COMPLETE:
3516 hci_sync_conn_complete_evt(hdev, skb);
3517 break;
1da177e4 3518
a9de9248
MH		 3519 case HCI_EV_SYNC_CONN_CHANGED:
3520 hci_sync_conn_changed_evt(hdev, skb);
3521 break;
1da177e4 3522
a9de9248
MH		 3523 case HCI_EV_SNIFF_SUBRATE:
3524 hci_sniff_subrate_evt(hdev, skb);
3525 break;
1da177e4 3526
a9de9248
MH		 3527 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3528 hci_extended_inquiry_result_evt(hdev, skb);
3529 break;
1da177e4 3530
0493684e
MH		 3531 case HCI_EV_IO_CAPA_REQUEST:
3532 hci_io_capa_request_evt(hdev, skb);
3533 break;
3534
03b555e1
JH		 3535 case HCI_EV_IO_CAPA_REPLY:
3536 hci_io_capa_reply_evt(hdev, skb);
3537 break;
3538
a5c29683
JH		 3539 case HCI_EV_USER_CONFIRM_REQUEST:
3540 hci_user_confirm_request_evt(hdev, skb);
3541 break;
3542
1143d458
BG		 3543 case HCI_EV_USER_PASSKEY_REQUEST:
3544 hci_user_passkey_request_evt(hdev, skb);
3545 break;
3546
0493684e
MH		 3547 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3548 hci_simple_pair_complete_evt(hdev, skb);
3549 break;
3550
41a96212
MH		 3551 case HCI_EV_REMOTE_HOST_FEATURES:
3552 hci_remote_host_features_evt(hdev, skb);
3553 break;
3554
fcd89c09
VT		 3555 case HCI_EV_LE_META:
3556 hci_le_meta_evt(hdev, skb);
3557 break;
3558
2763eda6
SJ		 3559 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3560 hci_remote_oob_data_request_evt(hdev, skb);
3561 break;
3562
25e89e99
AE		 3563 case HCI_EV_NUM_COMP_BLOCKS:
3564 hci_num_comp_blocks_evt(hdev, skb);
3565 break;
3566
a9de9248
MH		 3567 default:
3568 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3569 break;
3570 }
3571
3572 kfree_skb(skb);
3573 hdev->stat.evt_rx++;
3574}
kernel source for telekom puls (alcatel/mediatek)