projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix read_name updating when HCI_SETUP is not set
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
40#include <asm/system.h>
70f23020 41#include <linux/uaccess.h>
1da177e4
LT		 42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46
1da177e4
LT		 47/* Handle HCI Event packets */
48
a9de9248 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 50{
a9de9248 51 __u8 status = *((__u8 *) skb->data);
1da177e4 52
a9de9248 53 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 54
e6d465cb
AG		 55 if (status) {
56 hci_dev_lock(hdev);
57 mgmt_stop_discovery_failed(hdev, status);
58 hci_dev_unlock(hdev);
a9de9248 59 return;
e6d465cb 60 }
1da177e4 61
89352e7d
AG		 62 clear_bit(HCI_INQUIRY, &hdev->flags);
63
56e5cb86 64 hci_dev_lock(hdev);
ff9ef578 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 66 hci_dev_unlock(hdev);
6bd57416 67
23bb5763 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 69
70 hci_conn_check_pending(hdev);
71}
6bd57416 72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
a9de9248 77 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
a9de9248 138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
e4e8e37c
MH		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
23bb5763 182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
a9de9248 189 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
23bb5763 193 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 194
a297e97c
JH		 195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
a9de9248 197}
04837f64 198
a9de9248
MH		 199static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
200{
201 __u8 status = *((__u8 *) skb->data);
202 void *sent;
04837f64 203
a9de9248 204 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 205
a9de9248
MH		 206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
207 if (!sent)
208 return;
04837f64 209
56e5cb86
JH		 210 hci_dev_lock(hdev);
211
56e5cb86
JH		 212 if (status == 0)
213 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 214
f51d5b24
JH		 215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
216 mgmt_set_local_name_complete(hdev, sent, status);
217
56e5cb86 218 hci_dev_unlock(hdev);
a9de9248
MH		 219}
220
221static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222{
223 struct hci_rp_read_local_name *rp = (void *) skb->data;
224
225 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226
227 if (rp->status)
228 return;
229
db99b5fc
JH		 230 if (test_bit(HCI_SETUP, &hdev->dev_flags))
231 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 232}
233
234static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235{
236 __u8 status = *((__u8 *) skb->data);
237 void *sent;
238
239 BT_DBG("%s status 0x%x", hdev->name, status);
240
241 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
242 if (!sent)
243 return;
244
245 if (!status) {
246 __u8 param = *((__u8 *) sent);
247
248 if (param == AUTH_ENABLED)
249 set_bit(HCI_AUTH, &hdev->flags);
250 else
251 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 252 }
a9de9248 253
33ef95ed
JH		 254 if (test_bit(HCI_MGMT, &hdev->dev_flags))
255 mgmt_auth_enable_complete(hdev, status);
256
23bb5763 257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 258}
259
a9de9248 260static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 261{
a9de9248 262 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 263 void *sent;
264
a9de9248 265 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 266
a9de9248
MH		 267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
268 if (!sent)
269 return;
1da177e4 270
a9de9248
MH		 271 if (!status) {
272 __u8 param = *((__u8 *) sent);
273
274 if (param)
275 set_bit(HCI_ENCRYPT, &hdev->flags);
276 else
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 }
1da177e4 279
23bb5763 280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 281}
1da177e4 282
a9de9248
MH		 283static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284{
36f7fc7e
JH		 285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
a9de9248 287 void *sent;
1da177e4 288
a9de9248 289 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 290
a9de9248
MH		 291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
292 if (!sent)
293 return;
1da177e4 294
36f7fc7e
JH		 295 param = *((__u8 *) sent);
296
56e5cb86
JH		 297 hci_dev_lock(hdev);
298
2d7cee58 299 if (status != 0) {
744cf19e 300 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 301 hdev->discov_timeout = 0;
302 goto done;
303 }
304
36f7fc7e
JH		 305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
307
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
310 if (!old_iscan)
744cf19e 311 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 to);
316 }
36f7fc7e 317 } else if (old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 319
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
322 if (!old_pscan)
744cf19e 323 mgmt_connectable(hdev, 1);
36f7fc7e 324 } else if (old_pscan)
744cf19e 325 mgmt_connectable(hdev, 0);
1da177e4 326
36f7fc7e 327done:
56e5cb86 328 hci_dev_unlock(hdev);
23bb5763 329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 330}
1da177e4 331
a9de9248
MH		 332static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333{
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 335
a9de9248 336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 337
a9de9248
MH		 338 if (rp->status)
339 return;
1da177e4 340
a9de9248 341 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 342
a9de9248
MH		 343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345}
1da177e4 346
a9de9248
MH		 347static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348{
349 __u8 status = *((__u8 *) skb->data);
350 void *sent;
1da177e4 351
a9de9248 352 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 353
a9de9248
MH		 354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 if (!sent)
356 return;
1da177e4 357
7f9a903c
MH		 358 hci_dev_lock(hdev);
359
360 if (status == 0)
361 memcpy(hdev->dev_class, sent, 3);
362
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
365
366 hci_dev_unlock(hdev);
a9de9248 367}
1da177e4 368
a9de9248
MH		 369static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 __u16 setting;
373
374 BT_DBG("%s status 0x%x", hdev->name, rp->status);
375
376 if (rp->status)
377 return;
378
379 setting = __le16_to_cpu(rp->voice_setting);
380
f383f275 381 if (hdev->voice_setting == setting)
a9de9248
MH		 382 return;
383
384 hdev->voice_setting = setting;
385
386 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
387
3c54711c 388 if (hdev->notify)
a9de9248 389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 390}
391
392static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
393{
394 __u8 status = *((__u8 *) skb->data);
f383f275 395 __u16 setting;
a9de9248
MH		 396 void *sent;
397
398 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 399
f383f275
MH		 400 if (status)
401 return;
402
a9de9248
MH		 403 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
404 if (!sent)
405 return;
1da177e4 406
f383f275 407 setting = get_unaligned_le16(sent);
1da177e4 408
f383f275
MH		 409 if (hdev->voice_setting == setting)
410 return;
411
412 hdev->voice_setting = setting;
1da177e4 413
f383f275 414 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 415
3c54711c 416 if (hdev->notify)
f383f275 417 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 418}
419
a9de9248 420static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 421{
a9de9248 422 __u8 status = *((__u8 *) skb->data);
1da177e4 423
a9de9248 424 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 425
23bb5763 426 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 427}
1143e5a6 428
333140b5
MH		 429static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
430{
431 __u8 status = *((__u8 *) skb->data);
432 void *sent;
433
434 BT_DBG("%s status 0x%x", hdev->name, status);
435
333140b5
MH		 436 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
437 if (!sent)
438 return;
439
ed2c4ee3 440 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 441 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
442 else if (!status) {
443 if (*((u8 *) sent))
444 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
445 else
446 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
447 }
333140b5
MH		 448}
449
d5859e22
JH		 450static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
451{
452 if (hdev->features[6] & LMP_EXT_INQ)
453 return 2;
454
455 if (hdev->features[3] & LMP_RSSI_INQ)
456 return 1;
457
458 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
459 hdev->lmp_subver == 0x0757)
460 return 1;
461
462 if (hdev->manufacturer == 15) {
463 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
464 return 1;
465 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
466 return 1;
467 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
468 return 1;
469 }
470
471 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
472 hdev->lmp_subver == 0x1805)
473 return 1;
474
475 return 0;
476}
477
478static void hci_setup_inquiry_mode(struct hci_dev *hdev)
479{
480 u8 mode;
481
482 mode = hci_get_inquiry_mode(hdev);
483
484 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
485}
486
487static void hci_setup_event_mask(struct hci_dev *hdev)
488{
489 /* The second byte is 0xff instead of 0x9f (two reserved bits
490 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
491 * command otherwise */
492 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
493
6de6c18d
VT		 494 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
495 * any event mask for pre 1.2 devices */
5a13b095 496 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 497 return;
498
499 events[4] |= 0x01; /* Flow Specification Complete */
500 events[4] |= 0x02; /* Inquiry Result with RSSI */
501 events[4] |= 0x04; /* Read Remote Extended Features Complete */
502 events[5] |= 0x08; /* Synchronous Connection Complete */
503 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 504
505 if (hdev->features[3] & LMP_RSSI_INQ)
506 events[4] |= 0x04; /* Inquiry Result with RSSI */
507
508 if (hdev->features[5] & LMP_SNIFF_SUBR)
509 events[5] |= 0x20; /* Sniff Subrating */
510
511 if (hdev->features[5] & LMP_PAUSE_ENC)
512 events[5] |= 0x80; /* Encryption Key Refresh Complete */
513
514 if (hdev->features[6] & LMP_EXT_INQ)
515 events[5] |= 0x40; /* Extended Inquiry Result */
516
517 if (hdev->features[6] & LMP_NO_FLUSH)
518 events[7] |= 0x01; /* Enhanced Flush Complete */
519
520 if (hdev->features[7] & LMP_LSTO)
521 events[6] |= 0x80; /* Link Supervision Timeout Changed */
522
523 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
524 events[6] |= 0x01; /* IO Capability Request */
525 events[6] |= 0x02; /* IO Capability Response */
526 events[6] |= 0x04; /* User Confirmation Request */
527 events[6] |= 0x08; /* User Passkey Request */
528 events[6] |= 0x10; /* Remote OOB Data Request */
529 events[6] |= 0x20; /* Simple Pairing Complete */
530 events[7] |= 0x04; /* User Passkey Notification */
531 events[7] |= 0x08; /* Keypress Notification */
532 events[7] |= 0x10; /* Remote Host Supported
533 * Features Notification */
534 }
535
536 if (hdev->features[4] & LMP_LE)
537 events[7] |= 0x20; /* LE Meta-Event */
538
539 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
540}
541
e6100a25
AG		 542static void hci_set_le_support(struct hci_dev *hdev)
543{
544 struct hci_cp_write_le_host_supported cp;
545
546 memset(&cp, 0, sizeof(cp));
547
06199cf8 548 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
e6100a25
AG		 549 cp.le = 1;
550 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
551 }
552
553 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
554}
555
d5859e22
JH		 556static void hci_setup(struct hci_dev *hdev)
557{
e61ef499
AE		 558 if (hdev->dev_type != HCI_BREDR)
559 return;
560
d5859e22
JH		 561 hci_setup_event_mask(hdev);
562
d095c1eb 563 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 564 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
565
54d04dbb
JH		 566 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
567 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
568 u8 mode = 0x01;
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
570 sizeof(mode), &mode);
571 } else {
572 struct hci_cp_write_eir cp;
573
574 memset(hdev->eir, 0, sizeof(hdev->eir));
575 memset(&cp, 0, sizeof(cp));
576
577 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
578 }
d5859e22
JH		 579 }
580
581 if (hdev->features[3] & LMP_RSSI_INQ)
582 hci_setup_inquiry_mode(hdev);
583
584 if (hdev->features[7] & LMP_INQ_TX_PWR)
585 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 586
587 if (hdev->features[7] & LMP_EXTFEATURES) {
588 struct hci_cp_read_local_ext_features cp;
589
590 cp.page = 0x01;
591 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
592 sizeof(cp), &cp);
593 }
e6100a25 594
47990ea0
JH		 595 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
596 u8 enable = 1;
597 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
598 sizeof(enable), &enable);
599 }
600
e6100a25
AG		 601 if (hdev->features[4] & LMP_LE)
602 hci_set_le_support(hdev);
d5859e22
JH		 603}
604
a9de9248
MH		 605static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
606{
607 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 608
a9de9248 609 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 610
a9de9248
MH		 611 if (rp->status)
612 return;
1143e5a6 613
a9de9248 614 hdev->hci_ver = rp->hci_ver;
e4e8e37c 615 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 616 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 617 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 618 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 619
a9de9248
MH		 620 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
621 hdev->manufacturer,
622 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 623
624 if (test_bit(HCI_INIT, &hdev->flags))
625 hci_setup(hdev);
626}
627
628static void hci_setup_link_policy(struct hci_dev *hdev)
629{
630 u16 link_policy = 0;
631
632 if (hdev->features[0] & LMP_RSWITCH)
633 link_policy |= HCI_LP_RSWITCH;
634 if (hdev->features[0] & LMP_HOLD)
635 link_policy |= HCI_LP_HOLD;
636 if (hdev->features[0] & LMP_SNIFF)
637 link_policy |= HCI_LP_SNIFF;
638 if (hdev->features[1] & LMP_PARK)
639 link_policy |= HCI_LP_PARK;
640
641 link_policy = cpu_to_le16(link_policy);
642 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
643 sizeof(link_policy), &link_policy);
a9de9248 644}
1da177e4 645
a9de9248
MH		 646static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
647{
648 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 649
a9de9248 650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 651
a9de9248 652 if (rp->status)
d5859e22 653 goto done;
1da177e4 654
a9de9248 655 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 656
657 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
658 hci_setup_link_policy(hdev);
659
660done:
661 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 662}
1da177e4 663
a9de9248
MH		 664static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
665{
666 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 667
a9de9248 668 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 669
a9de9248
MH		 670 if (rp->status)
671 return;
5b7f9909 672
a9de9248 673 memcpy(hdev->features, rp->features, 8);
5b7f9909 674
a9de9248
MH		 675 /* Adjust default settings according to features
676 * supported by device. */
1da177e4 677
a9de9248
MH		 678 if (hdev->features[0] & LMP_3SLOT)
679 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 680
a9de9248
MH		 681 if (hdev->features[0] & LMP_5SLOT)
682 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV2) {
685 hdev->pkt_type |= (HCI_HV2);
686 hdev->esco_type |= (ESCO_HV2);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[1] & LMP_HV3) {
690 hdev->pkt_type |= (HCI_HV3);
691 hdev->esco_type |= (ESCO_HV3);
692 }
1da177e4 693
a9de9248
MH		 694 if (hdev->features[3] & LMP_ESCO)
695 hdev->esco_type |= (ESCO_EV3);
da1f5198 696
a9de9248
MH		 697 if (hdev->features[4] & LMP_EV4)
698 hdev->esco_type |= (ESCO_EV4);
da1f5198 699
a9de9248
MH		 700 if (hdev->features[4] & LMP_EV5)
701 hdev->esco_type |= (ESCO_EV5);
1da177e4 702
efc7688b
MH		 703 if (hdev->features[5] & LMP_EDR_ESCO_2M)
704 hdev->esco_type |= (ESCO_2EV3);
705
706 if (hdev->features[5] & LMP_EDR_ESCO_3M)
707 hdev->esco_type |= (ESCO_3EV3);
708
709 if (hdev->features[5] & LMP_EDR_3S_ESCO)
710 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
711
a9de9248
MH		 712 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
713 hdev->features[0], hdev->features[1],
714 hdev->features[2], hdev->features[3],
715 hdev->features[4], hdev->features[5],
716 hdev->features[6], hdev->features[7]);
717}
1da177e4 718
971e3a4b
AG		 719static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
720 struct sk_buff *skb)
721{
722 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
723
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
725
726 if (rp->status)
727 return;
728
b5b32b65
AG		 729 switch (rp->page) {
730 case 0:
731 memcpy(hdev->features, rp->features, 8);
732 break;
733 case 1:
734 memcpy(hdev->host_features, rp->features, 8);
735 break;
736 }
971e3a4b
AG		 737
738 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
739}
740
1e89cffb
AE		 741static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
742 struct sk_buff *skb)
743{
744 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
745
746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
747
748 if (rp->status)
749 return;
750
751 hdev->flow_ctl_mode = rp->mode;
752
753 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
754}
755
a9de9248
MH		 756static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
757{
758 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 759
a9de9248 760 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 761
a9de9248
MH		 762 if (rp->status)
763 return;
1da177e4 764
a9de9248
MH		 765 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
766 hdev->sco_mtu = rp->sco_mtu;
767 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
768 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
769
770 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
771 hdev->sco_mtu = 64;
772 hdev->sco_pkts = 8;
1da177e4 773 }
a9de9248
MH		 774
775 hdev->acl_cnt = hdev->acl_pkts;
776 hdev->sco_cnt = hdev->sco_pkts;
777
778 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
779 hdev->acl_mtu, hdev->acl_pkts,
780 hdev->sco_mtu, hdev->sco_pkts);
781}
782
783static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
784{
785 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
786
787 BT_DBG("%s status 0x%x", hdev->name, rp->status);
788
789 if (!rp->status)
790 bacpy(&hdev->bdaddr, &rp->bdaddr);
791
23bb5763
JH		 792 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
793}
794
350ee4cf
AE		 795static void hci_cc_read_data_block_size(struct hci_dev *hdev,
796 struct sk_buff *skb)
797{
798 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
799
800 BT_DBG("%s status 0x%x", hdev->name, rp->status);
801
802 if (rp->status)
803 return;
804
805 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
806 hdev->block_len = __le16_to_cpu(rp->block_len);
807 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
808
809 hdev->block_cnt = hdev->num_blocks;
810
811 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
812 hdev->block_cnt, hdev->block_len);
813
814 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
815}
816
23bb5763
JH		 817static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status 0x%x", hdev->name, status);
822
823 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 824}
825
928abaa7
AE		 826static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
827 struct sk_buff *skb)
828{
829 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
830
831 BT_DBG("%s status 0x%x", hdev->name, rp->status);
832
833 if (rp->status)
834 return;
835
836 hdev->amp_status = rp->amp_status;
837 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
838 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
839 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
840 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
841 hdev->amp_type = rp->amp_type;
842 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
843 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
844 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
845 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
846
847 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
848}
849
b0916ea0
JH		 850static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
851 struct sk_buff *skb)
852{
853 __u8 status = *((__u8 *) skb->data);
854
855 BT_DBG("%s status 0x%x", hdev->name, status);
856
857 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
858}
859
d5859e22
JH		 860static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
861{
862 __u8 status = *((__u8 *) skb->data);
863
864 BT_DBG("%s status 0x%x", hdev->name, status);
865
866 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
867}
868
869static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
870 struct sk_buff *skb)
871{
872 __u8 status = *((__u8 *) skb->data);
873
874 BT_DBG("%s status 0x%x", hdev->name, status);
875
876 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
877}
878
879static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
880 struct sk_buff *skb)
881{
882 __u8 status = *((__u8 *) skb->data);
883
884 BT_DBG("%s status 0x%x", hdev->name, status);
885
886 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
887}
888
889static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
890{
891 __u8 status = *((__u8 *) skb->data);
892
893 BT_DBG("%s status 0x%x", hdev->name, status);
894
895 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
896}
897
980e1a53
JH		 898static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
901 struct hci_cp_pin_code_reply *cp;
902 struct hci_conn *conn;
903
904 BT_DBG("%s status 0x%x", hdev->name, rp->status);
905
56e5cb86
JH		 906 hci_dev_lock(hdev);
907
a8b2d5c2 908 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 909 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 910
911 if (rp->status != 0)
56e5cb86 912 goto unlock;
980e1a53
JH		 913
914 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
915 if (!cp)
56e5cb86 916 goto unlock;
980e1a53
JH		 917
918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
919 if (conn)
920 conn->pin_length = cp->pin_len;
56e5cb86
JH		 921
922unlock:
923 hci_dev_unlock(hdev);
980e1a53
JH		 924}
925
926static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
927{
928 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
929
930 BT_DBG("%s status 0x%x", hdev->name, rp->status);
931
56e5cb86
JH		 932 hci_dev_lock(hdev);
933
a8b2d5c2 934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 935 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 936 rp->status);
56e5cb86
JH		 937
938 hci_dev_unlock(hdev);
980e1a53 939}
56e5cb86 940
6ed58ec5
VT		 941static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
942 struct sk_buff *skb)
943{
944 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
945
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947
948 if (rp->status)
949 return;
950
951 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
952 hdev->le_pkts = rp->le_max_pkt;
953
954 hdev->le_cnt = hdev->le_pkts;
955
956 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
957
958 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
959}
980e1a53 960
a5c29683
JH		 961static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
962{
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
964
965 BT_DBG("%s status 0x%x", hdev->name, rp->status);
966
56e5cb86
JH		 967 hci_dev_lock(hdev);
968
a8b2d5c2 969 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 970 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
971 0, rp->status);
56e5cb86
JH		 972
973 hci_dev_unlock(hdev);
a5c29683
JH		 974}
975
976static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
977 struct sk_buff *skb)
978{
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
980
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
982
56e5cb86
JH		 983 hci_dev_lock(hdev);
984
a8b2d5c2 985 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 986 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 987 ACL_LINK, 0,
a5c29683 988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
1143d458
BG		 993static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
994{
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
996
997 BT_DBG("%s status 0x%x", hdev->name, rp->status);
998
999 hci_dev_lock(hdev);
1000
a8b2d5c2 1001 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 1002 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1003 0, rp->status);
1143d458
BG		 1004
1005 hci_dev_unlock(hdev);
1006}
1007
1008static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1018 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1019 ACL_LINK, 0,
1143d458
BG		 1020 rp->status);
1021
1022 hci_dev_unlock(hdev);
1023}
1024
c35938b2
SJ		 1025static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1027{
1028 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1029
1030 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1031
56e5cb86 1032 hci_dev_lock(hdev);
744cf19e 1033 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1034 rp->randomizer, rp->status);
56e5cb86 1035 hci_dev_unlock(hdev);
c35938b2
SJ		 1036}
1037
07f7fa5d
AG		 1038static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1039{
1040 __u8 status = *((__u8 *) skb->data);
1041
1042 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1043
1044 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1045
1046 if (status) {
1047 hci_dev_lock(hdev);
1048 mgmt_start_discovery_failed(hdev, status);
1049 hci_dev_unlock(hdev);
1050 return;
1051 }
07f7fa5d
AG		 1052}
1053
eb9d91f5
AG		 1054static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1055 struct sk_buff *skb)
1056{
1057 struct hci_cp_le_set_scan_enable *cp;
1058 __u8 status = *((__u8 *) skb->data);
1059
1060 BT_DBG("%s status 0x%x", hdev->name, status);
1061
eb9d91f5
AG		 1062 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1063 if (!cp)
1064 return;
1065
68a8aea4
AE		 1066 switch (cp->enable) {
1067 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1068 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1069
3fd24153
AG		 1070 if (status) {
1071 hci_dev_lock(hdev);
1072 mgmt_start_discovery_failed(hdev, status);
1073 hci_dev_unlock(hdev);
7ba8b4be 1074 return;
3fd24153 1075 }
7ba8b4be 1076
d23264a8
AG		 1077 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1078
db323f2f 1079 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1080
1081 hci_dev_lock(hdev);
eb9d91f5 1082 hci_adv_entries_clear(hdev);
343f935b 1083 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1084 hci_dev_unlock(hdev);
68a8aea4
AE		 1085 break;
1086
1087 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1088 if (status)
1089 return;
1090
d23264a8
AG		 1091 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1092
d084329e 1093 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0
AG		 1094
1095 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1096 mgmt_interleaved_discovery(hdev);
1097 } else {
1098 hci_dev_lock(hdev);
1099 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1100 hci_dev_unlock(hdev);
1101 }
1102
68a8aea4
AE		 1103 break;
1104
1105 default:
1106 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1107 break;
35815085 1108 }
eb9d91f5
AG		 1109}
1110
a7a595f6
VCG		 1111static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1112{
1113 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1114
1115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1116
1117 if (rp->status)
1118 return;
1119
1120 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1121}
1122
1123static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1124{
1125 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1126
1127 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1128
1129 if (rp->status)
1130 return;
1131
1132 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1133}
1134
f9b49306
AG		 1135static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1136 struct sk_buff *skb)
1137{
1138 struct hci_cp_read_local_ext_features cp;
06199cf8 1139 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1140 __u8 status = *((__u8 *) skb->data);
1141
1142 BT_DBG("%s status 0x%x", hdev->name, status);
1143
06199cf8
JH		 1144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1145 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1146 mgmt_le_enable_complete(hdev, sent->le, status);
1147
f9b49306
AG		 1148 if (status)
1149 return;
1150
1151 cp.page = 0x01;
1152 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1153}
1154
a9de9248
MH		 1155static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1156{
1157 BT_DBG("%s status 0x%x", hdev->name, status);
1158
1159 if (status) {
23bb5763 1160 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1161 hci_conn_check_pending(hdev);
56e5cb86 1162 hci_dev_lock(hdev);
a8b2d5c2 1163 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1164 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1165 hci_dev_unlock(hdev);
314b2381
JH		 1166 return;
1167 }
1168
89352e7d
AG		 1169 set_bit(HCI_INQUIRY, &hdev->flags);
1170
56e5cb86 1171 hci_dev_lock(hdev);
343f935b 1172 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1173 hci_dev_unlock(hdev);
1da177e4
LT		 1174}
1175
1da177e4
LT		 1176static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1177{
a9de9248 1178 struct hci_cp_create_conn *cp;
1da177e4 1179 struct hci_conn *conn;
1da177e4 1180
a9de9248
MH		 1181 BT_DBG("%s status 0x%x", hdev->name, status);
1182
1183 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1184 if (!cp)
1185 return;
1186
1187 hci_dev_lock(hdev);
1188
1189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1190
a9de9248 1191 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1192
1193 if (status) {
1194 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1195 if (status != 0x0c || conn->attempt > 2) {
1196 conn->state = BT_CLOSED;
1197 hci_proto_connect_cfm(conn, status);
1198 hci_conn_del(conn);
1199 } else
1200 conn->state = BT_CONNECT2;
1da177e4
LT		 1201 }
1202 } else {
1203 if (!conn) {
1204 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1205 if (conn) {
a0c808b3 1206 conn->out = true;
1da177e4
LT		 1207 conn->link_mode |= HCI_LM_MASTER;
1208 } else
893ef971 1209 BT_ERR("No memory for new connection");
1da177e4
LT		 1210 }
1211 }
1212
1213 hci_dev_unlock(hdev);
1214}
1215
a9de9248 1216static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1217{
a9de9248
MH		 1218 struct hci_cp_add_sco *cp;
1219 struct hci_conn *acl, *sco;
1220 __u16 handle;
1da177e4 1221
b6a0dc82
MH		 1222 BT_DBG("%s status 0x%x", hdev->name, status);
1223
a9de9248
MH		 1224 if (!status)
1225 return;
1da177e4 1226
a9de9248
MH		 1227 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1228 if (!cp)
1229 return;
1da177e4 1230
a9de9248 1231 handle = __le16_to_cpu(cp->handle);
1da177e4 1232
a9de9248 1233 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1234
a9de9248 1235 hci_dev_lock(hdev);
1da177e4 1236
a9de9248 1237 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1238 if (acl) {
1239 sco = acl->link;
1240 if (sco) {
1241 sco->state = BT_CLOSED;
1da177e4 1242
5a08ecce
AE		 1243 hci_proto_connect_cfm(sco, status);
1244 hci_conn_del(sco);
1245 }
a9de9248 1246 }
1da177e4 1247
a9de9248
MH		 1248 hci_dev_unlock(hdev);
1249}
1da177e4 1250
f8558555
MH		 1251static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1252{
1253 struct hci_cp_auth_requested *cp;
1254 struct hci_conn *conn;
1255
1256 BT_DBG("%s status 0x%x", hdev->name, status);
1257
1258 if (!status)
1259 return;
1260
1261 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1262 if (!cp)
1263 return;
1264
1265 hci_dev_lock(hdev);
1266
1267 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1268 if (conn) {
1269 if (conn->state == BT_CONFIG) {
1270 hci_proto_connect_cfm(conn, status);
1271 hci_conn_put(conn);
1272 }
1273 }
1274
1275 hci_dev_unlock(hdev);
1276}
1277
1278static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1279{
1280 struct hci_cp_set_conn_encrypt *cp;
1281 struct hci_conn *conn;
1282
1283 BT_DBG("%s status 0x%x", hdev->name, status);
1284
1285 if (!status)
1286 return;
1287
1288 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1289 if (!cp)
1290 return;
1291
1292 hci_dev_lock(hdev);
1293
1294 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1295 if (conn) {
1296 if (conn->state == BT_CONFIG) {
1297 hci_proto_connect_cfm(conn, status);
1298 hci_conn_put(conn);
1299 }
1300 }
1301
1302 hci_dev_unlock(hdev);
1303}
1304
127178d2 1305static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1306 struct hci_conn *conn)
392599b9 1307{
392599b9
JH		 1308 if (conn->state != BT_CONFIG || !conn->out)
1309 return 0;
1310
765c2a96 1311 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1312 return 0;
1313
1314 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1315 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1316 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1317 conn->pending_sec_level != BT_SECURITY_HIGH &&
1318 !(conn->auth_type & 0x01))
392599b9
JH		 1319 return 0;
1320
392599b9
JH		 1321 return 1;
1322}
1323
30dc78e1
JH		 1324static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1325{
1326 struct hci_cp_remote_name_req cp;
1327
1328 memset(&cp, 0, sizeof(cp));
1329
1330 bacpy(&cp.bdaddr, &e->data.bdaddr);
1331 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1332 cp.pscan_mode = e->data.pscan_mode;
1333 cp.clock_offset = e->data.clock_offset;
1334
1335 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1336}
1337
b644ba33 1338static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1339{
1340 struct discovery_state *discov = &hdev->discovery;
1341 struct inquiry_entry *e;
1342
b644ba33
JH		 1343 if (list_empty(&discov->resolve))
1344 return false;
1345
1346 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1347 if (hci_resolve_name(hdev, e) == 0) {
1348 e->name_state = NAME_PENDING;
1349 return true;
1350 }
1351
1352 return false;
1353}
1354
1355static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1356 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1357{
1358 struct discovery_state *discov = &hdev->discovery;
1359 struct inquiry_entry *e;
1360
1361 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1362 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1363 name, name_len, conn->dev_class);
1364
1365 if (discov->state == DISCOVERY_STOPPED)
1366 return;
1367
30dc78e1
JH		 1368 if (discov->state == DISCOVERY_STOPPING)
1369 goto discov_complete;
1370
1371 if (discov->state != DISCOVERY_RESOLVING)
1372 return;
1373
1374 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1375 if (e) {
1376 e->name_state = NAME_KNOWN;
1377 list_del(&e->list);
b644ba33
JH		 1378 if (name)
1379 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1380 e->data.rssi, name, name_len);
30dc78e1
JH		 1381 }
1382
b644ba33 1383 if (hci_resolve_next_name(hdev))
30dc78e1 1384 return;
30dc78e1
JH		 1385
1386discov_complete:
1387 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1388}
1389
a9de9248
MH		 1390static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1391{
127178d2
JH		 1392 struct hci_cp_remote_name_req *cp;
1393 struct hci_conn *conn;
1394
a9de9248 1395 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1396
1397 /* If successful wait for the name req complete event before
1398 * checking for the need to do authentication */
1399 if (!status)
1400 return;
1401
1402 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1403 if (!cp)
1404 return;
1405
1406 hci_dev_lock(hdev);
1407
b644ba33
JH		 1408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1409
a8b2d5c2 1410 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1411 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1412
79c6c70c
JH		 1413 if (!conn)
1414 goto unlock;
1415
1416 if (!hci_outgoing_auth_needed(hdev, conn))
1417 goto unlock;
1418
51a8efd7 1419 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1420 struct hci_cp_auth_requested cp;
1421 cp.handle = __cpu_to_le16(conn->handle);
1422 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1423 }
1424
79c6c70c 1425unlock:
127178d2 1426 hci_dev_unlock(hdev);
a9de9248 1427}
1da177e4 1428
769be974
MH		 1429static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1430{
1431 struct hci_cp_read_remote_features *cp;
1432 struct hci_conn *conn;
1433
1434 BT_DBG("%s status 0x%x", hdev->name, status);
1435
1436 if (!status)
1437 return;
1438
1439 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1440 if (!cp)
1441 return;
1442
1443 hci_dev_lock(hdev);
1444
1445 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1446 if (conn) {
1447 if (conn->state == BT_CONFIG) {
769be974
MH		 1448 hci_proto_connect_cfm(conn, status);
1449 hci_conn_put(conn);
1450 }
1451 }
1452
1453 hci_dev_unlock(hdev);
1454}
1455
1456static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1457{
1458 struct hci_cp_read_remote_ext_features *cp;
1459 struct hci_conn *conn;
1460
1461 BT_DBG("%s status 0x%x", hdev->name, status);
1462
1463 if (!status)
1464 return;
1465
1466 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1467 if (!cp)
1468 return;
1469
1470 hci_dev_lock(hdev);
1471
1472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1473 if (conn) {
1474 if (conn->state == BT_CONFIG) {
769be974
MH		 1475 hci_proto_connect_cfm(conn, status);
1476 hci_conn_put(conn);
1477 }
1478 }
1479
1480 hci_dev_unlock(hdev);
1481}
1482
a9de9248
MH		 1483static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1484{
b6a0dc82
MH		 1485 struct hci_cp_setup_sync_conn *cp;
1486 struct hci_conn *acl, *sco;
1487 __u16 handle;
1488
a9de9248 1489 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1490
1491 if (!status)
1492 return;
1493
1494 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1495 if (!cp)
1496 return;
1497
1498 handle = __le16_to_cpu(cp->handle);
1499
1500 BT_DBG("%s handle %d", hdev->name, handle);
1501
1502 hci_dev_lock(hdev);
1503
1504 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1505 if (acl) {
1506 sco = acl->link;
1507 if (sco) {
1508 sco->state = BT_CLOSED;
b6a0dc82 1509
5a08ecce
AE		 1510 hci_proto_connect_cfm(sco, status);
1511 hci_conn_del(sco);
1512 }
b6a0dc82
MH		 1513 }
1514
1515 hci_dev_unlock(hdev);
1da177e4
LT		 1516}
1517
a9de9248 1518static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1519{
a9de9248
MH		 1520 struct hci_cp_sniff_mode *cp;
1521 struct hci_conn *conn;
1da177e4 1522
a9de9248 1523 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1524
a9de9248
MH		 1525 if (!status)
1526 return;
04837f64 1527
a9de9248
MH		 1528 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1529 if (!cp)
1530 return;
04837f64 1531
a9de9248 1532 hci_dev_lock(hdev);
04837f64 1533
a9de9248 1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1535 if (conn) {
51a8efd7 1536 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1537
51a8efd7 1538 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1539 hci_sco_setup(conn, status);
1540 }
1541
a9de9248
MH		 1542 hci_dev_unlock(hdev);
1543}
04837f64 1544
a9de9248
MH		 1545static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1546{
1547 struct hci_cp_exit_sniff_mode *cp;
1548 struct hci_conn *conn;
04837f64 1549
a9de9248 1550 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1551
a9de9248
MH		 1552 if (!status)
1553 return;
04837f64 1554
a9de9248
MH		 1555 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1556 if (!cp)
1557 return;
04837f64 1558
a9de9248 1559 hci_dev_lock(hdev);
1da177e4 1560
a9de9248 1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1562 if (conn) {
51a8efd7 1563 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1564
51a8efd7 1565 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1566 hci_sco_setup(conn, status);
1567 }
1568
a9de9248 1569 hci_dev_unlock(hdev);
1da177e4
LT		 1570}
1571
88c3df13
JH		 1572static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1573{
1574 struct hci_cp_disconnect *cp;
1575 struct hci_conn *conn;
1576
1577 if (!status)
1578 return;
1579
1580 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1581 if (!cp)
1582 return;
1583
1584 hci_dev_lock(hdev);
1585
1586 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1587 if (conn)
1588 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1589 conn->dst_type, status);
1590
1591 hci_dev_unlock(hdev);
1592}
1593
fcd89c09
VT		 1594static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1595{
1596 struct hci_cp_le_create_conn *cp;
1597 struct hci_conn *conn;
1598
1599 BT_DBG("%s status 0x%x", hdev->name, status);
1600
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1602 if (!cp)
1603 return;
1604
1605 hci_dev_lock(hdev);
1606
1607 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1608
1609 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1610 conn);
1611
1612 if (status) {
1613 if (conn && conn->state == BT_CONNECT) {
1614 conn->state = BT_CLOSED;
1615 hci_proto_connect_cfm(conn, status);
1616 hci_conn_del(conn);
1617 }
1618 } else {
1619 if (!conn) {
1620 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1621 if (conn) {
1622 conn->dst_type = cp->peer_addr_type;
a0c808b3 1623 conn->out = true;
29b7988a 1624 } else {
fcd89c09 1625 BT_ERR("No memory for new connection");
29b7988a 1626 }
fcd89c09
VT		 1627 }
1628 }
1629
1630 hci_dev_unlock(hdev);
1631}
1632
a7a595f6
VCG		 1633static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1634{
1635 BT_DBG("%s status 0x%x", hdev->name, status);
1636}
1637
1da177e4
LT		 1638static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1639{
1640 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1641 struct discovery_state *discov = &hdev->discovery;
1642 struct inquiry_entry *e;
1da177e4
LT		 1643
1644 BT_DBG("%s status %d", hdev->name, status);
1645
23bb5763 1646 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1647
a9de9248 1648 hci_conn_check_pending(hdev);
89352e7d
AG		 1649
1650 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1651 return;
1652
a8b2d5c2 1653 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1654 return;
1655
56e5cb86 1656 hci_dev_lock(hdev);
30dc78e1 1657
343f935b 1658 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1659 goto unlock;
1660
1661 if (list_empty(&discov->resolve)) {
1662 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1663 goto unlock;
1664 }
1665
1666 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1667 if (e && hci_resolve_name(hdev, e) == 0) {
1668 e->name_state = NAME_PENDING;
1669 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1670 } else {
1671 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1672 }
1673
1674unlock:
56e5cb86 1675 hci_dev_unlock(hdev);
1da177e4
LT		 1676}
1677
1da177e4
LT		 1678static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1679{
45bb4bf0 1680 struct inquiry_data data;
a9de9248 1681 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1682 int num_rsp = *((__u8 *) skb->data);
1683
1684 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1685
45bb4bf0
MH		 1686 if (!num_rsp)
1687 return;
1688
1da177e4 1689 hci_dev_lock(hdev);
45bb4bf0 1690
e17acd40 1691 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1692 bool name_known;
1693
1da177e4
LT		 1694 bacpy(&data.bdaddr, &info->bdaddr);
1695 data.pscan_rep_mode = info->pscan_rep_mode;
1696 data.pscan_period_mode = info->pscan_period_mode;
1697 data.pscan_mode = info->pscan_mode;
1698 memcpy(data.dev_class, info->dev_class, 3);
1699 data.clock_offset = info->clock_offset;
1700 data.rssi = 0x00;
41a96212 1701 data.ssp_mode = 0x00;
3175405b
JH		 1702
1703 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1704 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1705 info->dev_class, 0, !name_known,
1706 NULL, 0);
1da177e4 1707 }
45bb4bf0 1708
1da177e4
LT		 1709 hci_dev_unlock(hdev);
1710}
1711
1da177e4
LT		 1712static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1713{
a9de9248
MH		 1714 struct hci_ev_conn_complete *ev = (void *) skb->data;
1715 struct hci_conn *conn;
1da177e4
LT		 1716
1717 BT_DBG("%s", hdev->name);
1718
1719 hci_dev_lock(hdev);
1720
1721 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1722 if (!conn) {
1723 if (ev->link_type != SCO_LINK)
1724 goto unlock;
1725
1726 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1727 if (!conn)
1728 goto unlock;
1729
1730 conn->type = SCO_LINK;
1731 }
1da177e4
LT		 1732
1733 if (!ev->status) {
1734 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1735
1736 if (conn->type == ACL_LINK) {
1737 conn->state = BT_CONFIG;
1738 hci_conn_hold(conn);
052b30b0 1739 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1740 } else
1741 conn->state = BT_CONNECTED;
1da177e4 1742
9eba32b8 1743 hci_conn_hold_device(conn);
7d0db0a3
MH		 1744 hci_conn_add_sysfs(conn);
1745
1da177e4
LT		 1746 if (test_bit(HCI_AUTH, &hdev->flags))
1747 conn->link_mode |= HCI_LM_AUTH;
1748
1749 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1750 conn->link_mode |= HCI_LM_ENCRYPT;
1751
04837f64
MH		 1752 /* Get remote features */
1753 if (conn->type == ACL_LINK) {
1754 struct hci_cp_read_remote_features cp;
1755 cp.handle = ev->handle;
769be974
MH		 1756 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1757 sizeof(cp), &cp);
04837f64
MH		 1758 }
1759
1da177e4 1760 /* Set packet type for incoming connection */
d095c1eb 1761 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1762 struct hci_cp_change_conn_ptype cp;
1763 cp.handle = ev->handle;
a8746417
MH		 1764 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1765 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1766 sizeof(cp), &cp);
1da177e4 1767 }
17d5c04c 1768 } else {
1da177e4 1769 conn->state = BT_CLOSED;
17d5c04c 1770 if (conn->type == ACL_LINK)
744cf19e 1771 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1772 conn->dst_type, ev->status);
17d5c04c 1773 }
1da177e4 1774
e73439d8
MH		 1775 if (conn->type == ACL_LINK)
1776 hci_sco_setup(conn, ev->status);
1da177e4 1777
769be974
MH		 1778 if (ev->status) {
1779 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1780 hci_conn_del(conn);
c89b6e6b
MH		 1781 } else if (ev->link_type != ACL_LINK)
1782 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1783
a9de9248 1784unlock:
1da177e4 1785 hci_dev_unlock(hdev);
1da177e4 1786
a9de9248 1787 hci_conn_check_pending(hdev);
1da177e4
LT		 1788}
1789
a9de9248 1790static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1791{
a9de9248
MH		 1792 struct hci_ev_conn_request *ev = (void *) skb->data;
1793 int mask = hdev->link_mode;
1da177e4 1794
a9de9248
MH		 1795 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1796 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1797
a9de9248 1798 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1799
138d22ef
SJ		 1800 if ((mask & HCI_LM_ACCEPT) &&
1801 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1802 /* Connection accepted */
c7bdd502 1803 struct inquiry_entry *ie;
1da177e4 1804 struct hci_conn *conn;
1da177e4 1805
a9de9248 1806 hci_dev_lock(hdev);
b6a0dc82 1807
cc11b9c1
AE		 1808 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1809 if (ie)
c7bdd502
MH		 1810 memcpy(ie->data.dev_class, ev->dev_class, 3);
1811
a9de9248
MH		 1812 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1813 if (!conn) {
cc11b9c1
AE		 1814 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1815 if (!conn) {
893ef971 1816 BT_ERR("No memory for new connection");
a9de9248
MH		 1817 hci_dev_unlock(hdev);
1818 return;
1da177e4
LT		 1819 }
1820 }
b6a0dc82 1821
a9de9248
MH		 1822 memcpy(conn->dev_class, ev->dev_class, 3);
1823 conn->state = BT_CONNECT;
b6a0dc82 1824
a9de9248 1825 hci_dev_unlock(hdev);
1da177e4 1826
b6a0dc82
MH		 1827 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1828 struct hci_cp_accept_conn_req cp;
1da177e4 1829
b6a0dc82
MH		 1830 bacpy(&cp.bdaddr, &ev->bdaddr);
1831
1832 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1833 cp.role = 0x00; /* Become master */
1834 else
1835 cp.role = 0x01; /* Remain slave */
1836
1837 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1838 sizeof(cp), &cp);
1839 } else {
1840 struct hci_cp_accept_sync_conn_req cp;
1841
1842 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1843 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1844
1845 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1846 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1847 cp.max_latency = cpu_to_le16(0xffff);
1848 cp.content_format = cpu_to_le16(hdev->voice_setting);
1849 cp.retrans_effort = 0xff;
1da177e4 1850
b6a0dc82
MH		 1851 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1852 sizeof(cp), &cp);
1853 }
a9de9248
MH		 1854 } else {
1855 /* Connection rejected */
1856 struct hci_cp_reject_conn_req cp;
1da177e4 1857
a9de9248 1858 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1859 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1860 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1861 }
1da177e4
LT		 1862}
1863
a9de9248 1864static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1865{
a9de9248 1866 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1867 struct hci_conn *conn;
1868
1869 BT_DBG("%s status %d", hdev->name, ev->status);
1870
1871 hci_dev_lock(hdev);
1872
1873 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1874 if (!conn)
1875 goto unlock;
7d0db0a3 1876
37d9ef76
JH		 1877 if (ev->status == 0)
1878 conn->state = BT_CLOSED;
04837f64 1879
b644ba33
JH		 1880 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1881 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1882 if (ev->status != 0)
88c3df13
JH		 1883 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1884 conn->dst_type, ev->status);
37d9ef76 1885 else
afc747a6 1886 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1887 conn->dst_type);
37d9ef76 1888 }
f7520543 1889
37d9ef76
JH		 1890 if (ev->status == 0) {
1891 hci_proto_disconn_cfm(conn, ev->reason);
1892 hci_conn_del(conn);
1893 }
f7520543
JH		 1894
1895unlock:
04837f64
MH		 1896 hci_dev_unlock(hdev);
1897}
1898
1da177e4
LT		 1899static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1900{
a9de9248 1901 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1902 struct hci_conn *conn;
1da177e4
LT		 1903
1904 BT_DBG("%s status %d", hdev->name, ev->status);
1905
1906 hci_dev_lock(hdev);
1907
04837f64 1908 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1909 if (!conn)
1910 goto unlock;
1911
1912 if (!ev->status) {
aa64a8b5
JH		 1913 if (!hci_conn_ssp_enabled(conn) &&
1914 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1915 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1916 } else {
d7556e20
WR		 1917 conn->link_mode |= HCI_LM_AUTH;
1918 conn->sec_level = conn->pending_sec_level;
2a611692 1919 }
d7556e20 1920 } else {
bab73cb6
JH		 1921 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1922 ev->status);
d7556e20 1923 }
1da177e4 1924
51a8efd7
JH		 1925 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1926 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1927
d7556e20 1928 if (conn->state == BT_CONFIG) {
aa64a8b5 1929 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1930 struct hci_cp_set_conn_encrypt cp;
1931 cp.handle = ev->handle;
1932 cp.encrypt = 0x01;
1933 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1934 &cp);
052b30b0 1935 } else {
d7556e20
WR		 1936 conn->state = BT_CONNECTED;
1937 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1938 hci_conn_put(conn);
1939 }
d7556e20
WR		 1940 } else {
1941 hci_auth_cfm(conn, ev->status);
052b30b0 1942
d7556e20
WR		 1943 hci_conn_hold(conn);
1944 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1945 hci_conn_put(conn);
1946 }
1947
51a8efd7 1948 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1949 if (!ev->status) {
1950 struct hci_cp_set_conn_encrypt cp;
1951 cp.handle = ev->handle;
1952 cp.encrypt = 0x01;
1953 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1954 &cp);
1955 } else {
51a8efd7 1956 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1957 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1958 }
1959 }
1960
d7556e20 1961unlock:
1da177e4
LT		 1962 hci_dev_unlock(hdev);
1963}
1964
a9de9248 1965static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1966{
127178d2
JH		 1967 struct hci_ev_remote_name *ev = (void *) skb->data;
1968 struct hci_conn *conn;
1969
a9de9248 1970 BT_DBG("%s", hdev->name);
1da177e4 1971
a9de9248 1972 hci_conn_check_pending(hdev);
127178d2
JH		 1973
1974 hci_dev_lock(hdev);
1975
b644ba33 1976 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1977
b644ba33
JH		 1978 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1979 goto check_auth;
a88a9652 1980
b644ba33
JH		 1981 if (ev->status == 0)
1982 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1983 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1984 else
1985 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1986
1987check_auth:
79c6c70c
JH		 1988 if (!conn)
1989 goto unlock;
1990
1991 if (!hci_outgoing_auth_needed(hdev, conn))
1992 goto unlock;
1993
51a8efd7 1994 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1995 struct hci_cp_auth_requested cp;
1996 cp.handle = __cpu_to_le16(conn->handle);
1997 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1998 }
1999
79c6c70c 2000unlock:
127178d2 2001 hci_dev_unlock(hdev);
a9de9248
MH		 2002}
2003
2004static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2005{
2006 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2007 struct hci_conn *conn;
2008
2009 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2010
2011 hci_dev_lock(hdev);
2012
04837f64 2013 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2014 if (conn) {
2015 if (!ev->status) {
ae293196
MH		 2016 if (ev->encrypt) {
2017 /* Encryption implies authentication */
2018 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2019 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2020 conn->sec_level = conn->pending_sec_level;
ae293196 2021 } else
1da177e4
LT		 2022 conn->link_mode &= ~HCI_LM_ENCRYPT;
2023 }
2024
51a8efd7 2025 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2026
f8558555
MH		 2027 if (conn->state == BT_CONFIG) {
2028 if (!ev->status)
2029 conn->state = BT_CONNECTED;
2030
2031 hci_proto_connect_cfm(conn, ev->status);
2032 hci_conn_put(conn);
2033 } else
2034 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2035 }
2036
2037 hci_dev_unlock(hdev);
2038}
2039
a9de9248 2040static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2041{
a9de9248 2042 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2043 struct hci_conn *conn;
1da177e4
LT		 2044
2045 BT_DBG("%s status %d", hdev->name, ev->status);
2046
2047 hci_dev_lock(hdev);
2048
04837f64 2049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2050 if (conn) {
2051 if (!ev->status)
2052 conn->link_mode |= HCI_LM_SECURE;
2053
51a8efd7 2054 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2055
2056 hci_key_change_cfm(conn, ev->status);
2057 }
2058
2059 hci_dev_unlock(hdev);
2060}
2061
a9de9248 2062static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2063{
a9de9248
MH		 2064 struct hci_ev_remote_features *ev = (void *) skb->data;
2065 struct hci_conn *conn;
2066
2067 BT_DBG("%s status %d", hdev->name, ev->status);
2068
a9de9248
MH		 2069 hci_dev_lock(hdev);
2070
2071 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2072 if (!conn)
2073 goto unlock;
769be974 2074
ccd556fe
JH		 2075 if (!ev->status)
2076 memcpy(conn->features, ev->features, 8);
2077
2078 if (conn->state != BT_CONFIG)
2079 goto unlock;
2080
2081 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2082 struct hci_cp_read_remote_ext_features cp;
2083 cp.handle = ev->handle;
2084 cp.page = 0x01;
2085 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2086 sizeof(cp), &cp);
392599b9
JH		 2087 goto unlock;
2088 }
2089
127178d2
JH		 2090 if (!ev->status) {
2091 struct hci_cp_remote_name_req cp;
2092 memset(&cp, 0, sizeof(cp));
2093 bacpy(&cp.bdaddr, &conn->dst);
2094 cp.pscan_rep_mode = 0x02;
2095 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2096 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2097 mgmt_device_connected(hdev, &conn->dst, conn->type,
2098 conn->dst_type, NULL, 0,
2099 conn->dev_class);
392599b9 2100
127178d2 2101 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2102 conn->state = BT_CONNECTED;
2103 hci_proto_connect_cfm(conn, ev->status);
2104 hci_conn_put(conn);
769be974 2105 }
a9de9248 2106
ccd556fe 2107unlock:
a9de9248 2108 hci_dev_unlock(hdev);
1da177e4
LT		 2109}
2110
a9de9248 2111static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2112{
a9de9248 2113 BT_DBG("%s", hdev->name);
1da177e4
LT		 2114}
2115
a9de9248 2116static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2117{
a9de9248 2118 BT_DBG("%s", hdev->name);
1da177e4
LT		 2119}
2120
a9de9248
MH		 2121static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2122{
2123 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2124 __u16 opcode;
2125
2126 skb_pull(skb, sizeof(*ev));
2127
2128 opcode = __le16_to_cpu(ev->opcode);
2129
2130 switch (opcode) {
2131 case HCI_OP_INQUIRY_CANCEL:
2132 hci_cc_inquiry_cancel(hdev, skb);
2133 break;
2134
2135 case HCI_OP_EXIT_PERIODIC_INQ:
2136 hci_cc_exit_periodic_inq(hdev, skb);
2137 break;
2138
2139 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2140 hci_cc_remote_name_req_cancel(hdev, skb);
2141 break;
2142
2143 case HCI_OP_ROLE_DISCOVERY:
2144 hci_cc_role_discovery(hdev, skb);
2145 break;
2146
e4e8e37c
MH		 2147 case HCI_OP_READ_LINK_POLICY:
2148 hci_cc_read_link_policy(hdev, skb);
2149 break;
2150
a9de9248
MH		 2151 case HCI_OP_WRITE_LINK_POLICY:
2152 hci_cc_write_link_policy(hdev, skb);
2153 break;
2154
e4e8e37c
MH		 2155 case HCI_OP_READ_DEF_LINK_POLICY:
2156 hci_cc_read_def_link_policy(hdev, skb);
2157 break;
2158
2159 case HCI_OP_WRITE_DEF_LINK_POLICY:
2160 hci_cc_write_def_link_policy(hdev, skb);
2161 break;
2162
a9de9248
MH		 2163 case HCI_OP_RESET:
2164 hci_cc_reset(hdev, skb);
2165 break;
2166
2167 case HCI_OP_WRITE_LOCAL_NAME:
2168 hci_cc_write_local_name(hdev, skb);
2169 break;
2170
2171 case HCI_OP_READ_LOCAL_NAME:
2172 hci_cc_read_local_name(hdev, skb);
2173 break;
2174
2175 case HCI_OP_WRITE_AUTH_ENABLE:
2176 hci_cc_write_auth_enable(hdev, skb);
2177 break;
2178
2179 case HCI_OP_WRITE_ENCRYPT_MODE:
2180 hci_cc_write_encrypt_mode(hdev, skb);
2181 break;
2182
2183 case HCI_OP_WRITE_SCAN_ENABLE:
2184 hci_cc_write_scan_enable(hdev, skb);
2185 break;
2186
2187 case HCI_OP_READ_CLASS_OF_DEV:
2188 hci_cc_read_class_of_dev(hdev, skb);
2189 break;
2190
2191 case HCI_OP_WRITE_CLASS_OF_DEV:
2192 hci_cc_write_class_of_dev(hdev, skb);
2193 break;
2194
2195 case HCI_OP_READ_VOICE_SETTING:
2196 hci_cc_read_voice_setting(hdev, skb);
2197 break;
2198
2199 case HCI_OP_WRITE_VOICE_SETTING:
2200 hci_cc_write_voice_setting(hdev, skb);
2201 break;
2202
2203 case HCI_OP_HOST_BUFFER_SIZE:
2204 hci_cc_host_buffer_size(hdev, skb);
2205 break;
2206
333140b5
MH		 2207 case HCI_OP_WRITE_SSP_MODE:
2208 hci_cc_write_ssp_mode(hdev, skb);
2209 break;
2210
a9de9248
MH		 2211 case HCI_OP_READ_LOCAL_VERSION:
2212 hci_cc_read_local_version(hdev, skb);
2213 break;
2214
2215 case HCI_OP_READ_LOCAL_COMMANDS:
2216 hci_cc_read_local_commands(hdev, skb);
2217 break;
2218
2219 case HCI_OP_READ_LOCAL_FEATURES:
2220 hci_cc_read_local_features(hdev, skb);
2221 break;
2222
971e3a4b
AG		 2223 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2224 hci_cc_read_local_ext_features(hdev, skb);
2225 break;
2226
a9de9248
MH		 2227 case HCI_OP_READ_BUFFER_SIZE:
2228 hci_cc_read_buffer_size(hdev, skb);
2229 break;
2230
2231 case HCI_OP_READ_BD_ADDR:
2232 hci_cc_read_bd_addr(hdev, skb);
2233 break;
2234
350ee4cf
AE		 2235 case HCI_OP_READ_DATA_BLOCK_SIZE:
2236 hci_cc_read_data_block_size(hdev, skb);
2237 break;
2238
23bb5763
JH		 2239 case HCI_OP_WRITE_CA_TIMEOUT:
2240 hci_cc_write_ca_timeout(hdev, skb);
2241 break;
2242
1e89cffb
AE		 2243 case HCI_OP_READ_FLOW_CONTROL_MODE:
2244 hci_cc_read_flow_control_mode(hdev, skb);
2245 break;
2246
928abaa7
AE		 2247 case HCI_OP_READ_LOCAL_AMP_INFO:
2248 hci_cc_read_local_amp_info(hdev, skb);
2249 break;
2250
b0916ea0
JH		 2251 case HCI_OP_DELETE_STORED_LINK_KEY:
2252 hci_cc_delete_stored_link_key(hdev, skb);
2253 break;
2254
d5859e22
JH		 2255 case HCI_OP_SET_EVENT_MASK:
2256 hci_cc_set_event_mask(hdev, skb);
2257 break;
2258
2259 case HCI_OP_WRITE_INQUIRY_MODE:
2260 hci_cc_write_inquiry_mode(hdev, skb);
2261 break;
2262
2263 case HCI_OP_READ_INQ_RSP_TX_POWER:
2264 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2265 break;
2266
2267 case HCI_OP_SET_EVENT_FLT:
2268 hci_cc_set_event_flt(hdev, skb);
2269 break;
2270
980e1a53
JH		 2271 case HCI_OP_PIN_CODE_REPLY:
2272 hci_cc_pin_code_reply(hdev, skb);
2273 break;
2274
2275 case HCI_OP_PIN_CODE_NEG_REPLY:
2276 hci_cc_pin_code_neg_reply(hdev, skb);
2277 break;
2278
c35938b2
SJ		 2279 case HCI_OP_READ_LOCAL_OOB_DATA:
2280 hci_cc_read_local_oob_data_reply(hdev, skb);
2281 break;
2282
6ed58ec5
VT		 2283 case HCI_OP_LE_READ_BUFFER_SIZE:
2284 hci_cc_le_read_buffer_size(hdev, skb);
2285 break;
2286
a5c29683
JH		 2287 case HCI_OP_USER_CONFIRM_REPLY:
2288 hci_cc_user_confirm_reply(hdev, skb);
2289 break;
2290
2291 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2292 hci_cc_user_confirm_neg_reply(hdev, skb);
2293 break;
2294
1143d458
BG		 2295 case HCI_OP_USER_PASSKEY_REPLY:
2296 hci_cc_user_passkey_reply(hdev, skb);
2297 break;
2298
2299 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2300 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2301
2302 case HCI_OP_LE_SET_SCAN_PARAM:
2303 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2304 break;
2305
eb9d91f5
AG		 2306 case HCI_OP_LE_SET_SCAN_ENABLE:
2307 hci_cc_le_set_scan_enable(hdev, skb);
2308 break;
2309
a7a595f6
VCG		 2310 case HCI_OP_LE_LTK_REPLY:
2311 hci_cc_le_ltk_reply(hdev, skb);
2312 break;
2313
2314 case HCI_OP_LE_LTK_NEG_REPLY:
2315 hci_cc_le_ltk_neg_reply(hdev, skb);
2316 break;
2317
f9b49306
AG		 2318 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2319 hci_cc_write_le_host_supported(hdev, skb);
2320 break;
2321
a9de9248
MH		 2322 default:
2323 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2324 break;
2325 }
2326
6bd32326
VT		 2327 if (ev->opcode != HCI_OP_NOP)
2328 del_timer(&hdev->cmd_timer);
2329
a9de9248
MH		 2330 if (ev->ncmd) {
2331 atomic_set(&hdev->cmd_cnt, 1);
2332 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2333 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2334 }
2335}
2336
2337static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2338{
2339 struct hci_ev_cmd_status *ev = (void *) skb->data;
2340 __u16 opcode;
2341
2342 skb_pull(skb, sizeof(*ev));
2343
2344 opcode = __le16_to_cpu(ev->opcode);
2345
2346 switch (opcode) {
2347 case HCI_OP_INQUIRY:
2348 hci_cs_inquiry(hdev, ev->status);
2349 break;
2350
2351 case HCI_OP_CREATE_CONN:
2352 hci_cs_create_conn(hdev, ev->status);
2353 break;
2354
2355 case HCI_OP_ADD_SCO:
2356 hci_cs_add_sco(hdev, ev->status);
2357 break;
2358
f8558555
MH		 2359 case HCI_OP_AUTH_REQUESTED:
2360 hci_cs_auth_requested(hdev, ev->status);
2361 break;
2362
2363 case HCI_OP_SET_CONN_ENCRYPT:
2364 hci_cs_set_conn_encrypt(hdev, ev->status);
2365 break;
2366
a9de9248
MH		 2367 case HCI_OP_REMOTE_NAME_REQ:
2368 hci_cs_remote_name_req(hdev, ev->status);
2369 break;
2370
769be974
MH		 2371 case HCI_OP_READ_REMOTE_FEATURES:
2372 hci_cs_read_remote_features(hdev, ev->status);
2373 break;
2374
2375 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2376 hci_cs_read_remote_ext_features(hdev, ev->status);
2377 break;
2378
a9de9248
MH		 2379 case HCI_OP_SETUP_SYNC_CONN:
2380 hci_cs_setup_sync_conn(hdev, ev->status);
2381 break;
2382
2383 case HCI_OP_SNIFF_MODE:
2384 hci_cs_sniff_mode(hdev, ev->status);
2385 break;
2386
2387 case HCI_OP_EXIT_SNIFF_MODE:
2388 hci_cs_exit_sniff_mode(hdev, ev->status);
2389 break;
2390
8962ee74 2391 case HCI_OP_DISCONNECT:
88c3df13 2392 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2393 break;
2394
fcd89c09
VT		 2395 case HCI_OP_LE_CREATE_CONN:
2396 hci_cs_le_create_conn(hdev, ev->status);
2397 break;
2398
a7a595f6
VCG		 2399 case HCI_OP_LE_START_ENC:
2400 hci_cs_le_start_enc(hdev, ev->status);
2401 break;
2402
a9de9248
MH		 2403 default:
2404 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2405 break;
2406 }
2407
6bd32326
VT		 2408 if (ev->opcode != HCI_OP_NOP)
2409 del_timer(&hdev->cmd_timer);
2410
10572132 2411 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2412 atomic_set(&hdev->cmd_cnt, 1);
2413 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2414 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2415 }
2416}
2417
2418static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2419{
2420 struct hci_ev_role_change *ev = (void *) skb->data;
2421 struct hci_conn *conn;
2422
2423 BT_DBG("%s status %d", hdev->name, ev->status);
2424
2425 hci_dev_lock(hdev);
2426
2427 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2428 if (conn) {
2429 if (!ev->status) {
2430 if (ev->role)
2431 conn->link_mode &= ~HCI_LM_MASTER;
2432 else
2433 conn->link_mode |= HCI_LM_MASTER;
2434 }
2435
51a8efd7 2436 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2437
2438 hci_role_switch_cfm(conn, ev->status, ev->role);
2439 }
2440
2441 hci_dev_unlock(hdev);
2442}
2443
2444static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445{
2446 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2447 int i;
2448
32ac5b9b
AE		 2449 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2450 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2451 return;
2452 }
2453
c5993de8
AE		 2454 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2455 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2456 BT_DBG("%s bad parameters", hdev->name);
2457 return;
2458 }
2459
c5993de8
AE		 2460 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2461
613a1c0c
AE		 2462 for (i = 0; i < ev->num_hndl; i++) {
2463 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2464 struct hci_conn *conn;
2465 __u16 handle, count;
2466
613a1c0c
AE		 2467 handle = __le16_to_cpu(info->handle);
2468 count = __le16_to_cpu(info->count);
a9de9248
MH		 2469
2470 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2471 if (!conn)
2472 continue;
2473
2474 conn->sent -= count;
2475
2476 switch (conn->type) {
2477 case ACL_LINK:
2478 hdev->acl_cnt += count;
2479 if (hdev->acl_cnt > hdev->acl_pkts)
2480 hdev->acl_cnt = hdev->acl_pkts;
2481 break;
2482
2483 case LE_LINK:
2484 if (hdev->le_pkts) {
2485 hdev->le_cnt += count;
2486 if (hdev->le_cnt > hdev->le_pkts)
2487 hdev->le_cnt = hdev->le_pkts;
2488 } else {
70f23020
AE		 2489 hdev->acl_cnt += count;
2490 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2491 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2492 }
f4280918
AE		 2493 break;
2494
2495 case SCO_LINK:
2496 hdev->sco_cnt += count;
2497 if (hdev->sco_cnt > hdev->sco_pkts)
2498 hdev->sco_cnt = hdev->sco_pkts;
2499 break;
2500
2501 default:
2502 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2503 break;
a9de9248
MH		 2504 }
2505 }
2506
3eff45ea 2507 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2508}
2509
25e89e99
AE		 2510static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2511 struct sk_buff *skb)
2512{
2513 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2514 int i;
2515
2516 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2517 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2518 return;
2519 }
2520
2521 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2522 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2523 BT_DBG("%s bad parameters", hdev->name);
2524 return;
2525 }
2526
2527 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2528 ev->num_hndl);
2529
2530 for (i = 0; i < ev->num_hndl; i++) {
2531 struct hci_comp_blocks_info *info = &ev->handles[i];
2532 struct hci_conn *conn;
2533 __u16 handle, block_count;
2534
2535 handle = __le16_to_cpu(info->handle);
2536 block_count = __le16_to_cpu(info->blocks);
2537
2538 conn = hci_conn_hash_lookup_handle(hdev, handle);
2539 if (!conn)
2540 continue;
2541
2542 conn->sent -= block_count;
2543
2544 switch (conn->type) {
2545 case ACL_LINK:
2546 hdev->block_cnt += block_count;
2547 if (hdev->block_cnt > hdev->num_blocks)
2548 hdev->block_cnt = hdev->num_blocks;
2549 break;
2550
2551 default:
2552 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2553 break;
2554 }
2555 }
2556
2557 queue_work(hdev->workqueue, &hdev->tx_work);
2558}
2559
a9de9248 2560static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2561{
a9de9248 2562 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2563 struct hci_conn *conn;
2564
2565 BT_DBG("%s status %d", hdev->name, ev->status);
2566
2567 hci_dev_lock(hdev);
2568
2569 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2570 if (conn) {
2571 conn->mode = ev->mode;
2572 conn->interval = __le16_to_cpu(ev->interval);
2573
51a8efd7 2574 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2575 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2576 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2577 else
58a681ef 2578 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2579 }
e73439d8 2580
51a8efd7 2581 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2582 hci_sco_setup(conn, ev->status);
04837f64
MH		 2583 }
2584
2585 hci_dev_unlock(hdev);
2586}
2587
a9de9248
MH		 2588static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2589{
052b30b0
MH		 2590 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2591 struct hci_conn *conn;
2592
a9de9248 2593 BT_DBG("%s", hdev->name);
052b30b0
MH		 2594
2595 hci_dev_lock(hdev);
2596
2597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2598 if (!conn)
2599 goto unlock;
2600
2601 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2602 hci_conn_hold(conn);
2603 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2604 hci_conn_put(conn);
2605 }
2606
a8b2d5c2 2607 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2608 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2609 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2610 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2611 u8 secure;
2612
2613 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2614 secure = 1;
2615 else
2616 secure = 0;
2617
744cf19e 2618 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2619 }
980e1a53 2620
b6f98044 2621unlock:
052b30b0 2622 hci_dev_unlock(hdev);
a9de9248
MH		 2623}
2624
2625static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2626{
55ed8ca1
JH		 2627 struct hci_ev_link_key_req *ev = (void *) skb->data;
2628 struct hci_cp_link_key_reply cp;
2629 struct hci_conn *conn;
2630 struct link_key *key;
2631
a9de9248 2632 BT_DBG("%s", hdev->name);
55ed8ca1 2633
a8b2d5c2 2634 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2635 return;
2636
2637 hci_dev_lock(hdev);
2638
2639 key = hci_find_link_key(hdev, &ev->bdaddr);
2640 if (!key) {
2641 BT_DBG("%s link key not found for %s", hdev->name,
2642 batostr(&ev->bdaddr));
2643 goto not_found;
2644 }
2645
2646 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2647 batostr(&ev->bdaddr));
2648
a8b2d5c2 2649 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2650 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2651 BT_DBG("%s ignoring debug key", hdev->name);
2652 goto not_found;
2653 }
2654
2655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2656 if (conn) {
2657 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2658 conn->auth_type != 0xff &&
2659 (conn->auth_type & 0x01)) {
2660 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2661 goto not_found;
2662 }
55ed8ca1 2663
60b83f57
WR		 2664 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2665 conn->pending_sec_level == BT_SECURITY_HIGH) {
2666 BT_DBG("%s ignoring key unauthenticated for high \
2667 security", hdev->name);
2668 goto not_found;
2669 }
2670
2671 conn->key_type = key->type;
2672 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2673 }
2674
2675 bacpy(&cp.bdaddr, &ev->bdaddr);
2676 memcpy(cp.link_key, key->val, 16);
2677
2678 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2679
2680 hci_dev_unlock(hdev);
2681
2682 return;
2683
2684not_found:
2685 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2686 hci_dev_unlock(hdev);
a9de9248
MH		 2687}
2688
2689static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2690{
052b30b0
MH		 2691 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2692 struct hci_conn *conn;
55ed8ca1 2693 u8 pin_len = 0;
052b30b0 2694
a9de9248 2695 BT_DBG("%s", hdev->name);
052b30b0
MH		 2696
2697 hci_dev_lock(hdev);
2698
2699 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2700 if (conn) {
2701 hci_conn_hold(conn);
2702 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2703 pin_len = conn->pin_length;
13d39315
WR		 2704
2705 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2706 conn->key_type = ev->key_type;
2707
052b30b0
MH		 2708 hci_conn_put(conn);
2709 }
2710
a8b2d5c2 2711 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2712 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2713 ev->key_type, pin_len);
2714
052b30b0 2715 hci_dev_unlock(hdev);
a9de9248
MH		 2716}
2717
1da177e4
LT		 2718static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2719{
a9de9248 2720 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2721 struct hci_conn *conn;
1da177e4
LT		 2722
2723 BT_DBG("%s status %d", hdev->name, ev->status);
2724
2725 hci_dev_lock(hdev);
2726
04837f64 2727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2728 if (conn && !ev->status) {
2729 struct inquiry_entry *ie;
2730
cc11b9c1
AE		 2731 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2732 if (ie) {
1da177e4
LT		 2733 ie->data.clock_offset = ev->clock_offset;
2734 ie->timestamp = jiffies;
2735 }
2736 }
2737
2738 hci_dev_unlock(hdev);
2739}
2740
a8746417
MH		 2741static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2742{
2743 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2744 struct hci_conn *conn;
2745
2746 BT_DBG("%s status %d", hdev->name, ev->status);
2747
2748 hci_dev_lock(hdev);
2749
2750 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2751 if (conn && !ev->status)
2752 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2753
2754 hci_dev_unlock(hdev);
2755}
2756
85a1e930
MH		 2757static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2758{
a9de9248 2759 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2760 struct inquiry_entry *ie;
2761
2762 BT_DBG("%s", hdev->name);
2763
2764 hci_dev_lock(hdev);
2765
cc11b9c1
AE		 2766 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2767 if (ie) {
85a1e930
MH		 2768 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2769 ie->timestamp = jiffies;
2770 }
2771
2772 hci_dev_unlock(hdev);
2773}
2774
a9de9248
MH		 2775static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2776{
2777 struct inquiry_data data;
2778 int num_rsp = *((__u8 *) skb->data);
3175405b 2779 bool name_known;
a9de9248
MH		 2780
2781 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2782
2783 if (!num_rsp)
2784 return;
2785
2786 hci_dev_lock(hdev);
2787
2788 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2789 struct inquiry_info_with_rssi_and_pscan_mode *info;
2790 info = (void *) (skb->data + 1);
a9de9248 2791
e17acd40 2792 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2793 bacpy(&data.bdaddr, &info->bdaddr);
2794 data.pscan_rep_mode = info->pscan_rep_mode;
2795 data.pscan_period_mode = info->pscan_period_mode;
2796 data.pscan_mode = info->pscan_mode;
2797 memcpy(data.dev_class, info->dev_class, 3);
2798 data.clock_offset = info->clock_offset;
2799 data.rssi = info->rssi;
41a96212 2800 data.ssp_mode = 0x00;
3175405b
JH		 2801
2802 name_known = hci_inquiry_cache_update(hdev, &data,
2803 false);
48264f06 2804 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2805 info->dev_class, info->rssi,
7d262f86 2806 !name_known, NULL, 0);
a9de9248
MH		 2807 }
2808 } else {
2809 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2810
e17acd40 2811 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2812 bacpy(&data.bdaddr, &info->bdaddr);
2813 data.pscan_rep_mode = info->pscan_rep_mode;
2814 data.pscan_period_mode = info->pscan_period_mode;
2815 data.pscan_mode = 0x00;
2816 memcpy(data.dev_class, info->dev_class, 3);
2817 data.clock_offset = info->clock_offset;
2818 data.rssi = info->rssi;
41a96212 2819 data.ssp_mode = 0x00;
3175405b
JH		 2820 name_known = hci_inquiry_cache_update(hdev, &data,
2821 false);
48264f06 2822 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2823 info->dev_class, info->rssi,
7d262f86 2824 !name_known, NULL, 0);
a9de9248
MH		 2825 }
2826 }
2827
2828 hci_dev_unlock(hdev);
2829}
2830
2831static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2832{
41a96212
MH		 2833 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2834 struct hci_conn *conn;
2835
a9de9248 2836 BT_DBG("%s", hdev->name);
41a96212 2837
41a96212
MH		 2838 hci_dev_lock(hdev);
2839
2840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2841 if (!conn)
2842 goto unlock;
41a96212 2843
ccd556fe
JH		 2844 if (!ev->status && ev->page == 0x01) {
2845 struct inquiry_entry *ie;
41a96212 2846
cc11b9c1
AE		 2847 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2848 if (ie)
ccd556fe 2849 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2850
58a681ef
JH		 2851 if (ev->features[0] & 0x01)
2852 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2853 }
2854
2855 if (conn->state != BT_CONFIG)
2856 goto unlock;
2857
127178d2
JH		 2858 if (!ev->status) {
2859 struct hci_cp_remote_name_req cp;
2860 memset(&cp, 0, sizeof(cp));
2861 bacpy(&cp.bdaddr, &conn->dst);
2862 cp.pscan_rep_mode = 0x02;
2863 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2864 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2865 mgmt_device_connected(hdev, &conn->dst, conn->type,
2866 conn->dst_type, NULL, 0,
2867 conn->dev_class);
392599b9 2868
127178d2 2869 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2870 conn->state = BT_CONNECTED;
2871 hci_proto_connect_cfm(conn, ev->status);
2872 hci_conn_put(conn);
41a96212
MH		 2873 }
2874
ccd556fe 2875unlock:
41a96212 2876 hci_dev_unlock(hdev);
a9de9248
MH		 2877}
2878
2879static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2880{
b6a0dc82
MH		 2881 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2882 struct hci_conn *conn;
2883
2884 BT_DBG("%s status %d", hdev->name, ev->status);
2885
2886 hci_dev_lock(hdev);
2887
2888 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2889 if (!conn) {
2890 if (ev->link_type == ESCO_LINK)
2891 goto unlock;
2892
2893 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2894 if (!conn)
2895 goto unlock;
2896
2897 conn->type = SCO_LINK;
2898 }
b6a0dc82 2899
732547f9
MH		 2900 switch (ev->status) {
2901 case 0x00:
b6a0dc82
MH		 2902 conn->handle = __le16_to_cpu(ev->handle);
2903 conn->state = BT_CONNECTED;
7d0db0a3 2904
9eba32b8 2905 hci_conn_hold_device(conn);
7d0db0a3 2906 hci_conn_add_sysfs(conn);
732547f9
MH		 2907 break;
2908
705e5711 2909 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2910 case 0x1c: /* SCO interval rejected */
1038a00b 2911 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2912 case 0x1f: /* Unspecified error */
2913 if (conn->out && conn->attempt < 2) {
2914 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2915 (hdev->esco_type & EDR_ESCO_MASK);
2916 hci_setup_sync(conn, conn->link->handle);
2917 goto unlock;
2918 }
2919 /* fall through */
2920
2921 default:
b6a0dc82 2922 conn->state = BT_CLOSED;
732547f9
MH		 2923 break;
2924 }
b6a0dc82
MH		 2925
2926 hci_proto_connect_cfm(conn, ev->status);
2927 if (ev->status)
2928 hci_conn_del(conn);
2929
2930unlock:
2931 hci_dev_unlock(hdev);
a9de9248
MH		 2932}
2933
2934static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2935{
2936 BT_DBG("%s", hdev->name);
2937}
2938
04837f64
MH		 2939static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2940{
a9de9248 2941 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2942
2943 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2944}
2945
a9de9248 2946static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2947{
a9de9248
MH		 2948 struct inquiry_data data;
2949 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2950 int num_rsp = *((__u8 *) skb->data);
1da177e4 2951
a9de9248 2952 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2953
a9de9248
MH		 2954 if (!num_rsp)
2955 return;
1da177e4 2956
a9de9248
MH		 2957 hci_dev_lock(hdev);
2958
e17acd40 2959 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2960 bool name_known;
2961
a9de9248 2962 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2963 data.pscan_rep_mode = info->pscan_rep_mode;
2964 data.pscan_period_mode = info->pscan_period_mode;
2965 data.pscan_mode = 0x00;
a9de9248 2966 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2967 data.clock_offset = info->clock_offset;
2968 data.rssi = info->rssi;
41a96212 2969 data.ssp_mode = 0x01;
561aafbc 2970
a8b2d5c2 2971 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2972 name_known = eir_has_data_type(info->data,
2973 sizeof(info->data),
2974 EIR_NAME_COMPLETE);
561aafbc
JH		 2975 else
2976 name_known = true;
2977
3175405b 2978 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2979 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2980 info->dev_class, info->rssi,
7d262f86
AG		 2981 !name_known, info->data,
2982 sizeof(info->data));
a9de9248
MH		 2983 }
2984
2985 hci_dev_unlock(hdev);
2986}
1da177e4 2987
17fa4b9d
JH		 2988static inline u8 hci_get_auth_req(struct hci_conn *conn)
2989{
2990 /* If remote requests dedicated bonding follow that lead */
2991 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2992 /* If both remote and local IO capabilities allow MITM
2993 * protection then require it, otherwise don't */
2994 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2995 return 0x02;
2996 else
2997 return 0x03;
2998 }
2999
3000 /* If remote requests no-bonding follow that lead */
3001 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3002 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3003
3004 return conn->auth_type;
3005}
3006
0493684e
MH		 3007static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3008{
3009 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3010 struct hci_conn *conn;
3011
3012 BT_DBG("%s", hdev->name);
3013
3014 hci_dev_lock(hdev);
3015
3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3017 if (!conn)
3018 goto unlock;
3019
3020 hci_conn_hold(conn);
3021
a8b2d5c2 3022 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3023 goto unlock;
3024
a8b2d5c2 3025 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3026 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3027 struct hci_cp_io_capability_reply cp;
3028
3029 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3030 /* Change the IO capability from KeyboardDisplay
3031 * to DisplayYesNo as it is not supported by BT spec. */
3032 cp.capability = (conn->io_capability == 0x04) ?
3033 0x01 : conn->io_capability;
7cbc9bd9
JH		 3034 conn->auth_type = hci_get_auth_req(conn);
3035 cp.authentication = conn->auth_type;
17fa4b9d 3036
58a681ef 3037 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3038 hci_find_remote_oob_data(hdev, &conn->dst))
3039 cp.oob_data = 0x01;
3040 else
3041 cp.oob_data = 0x00;
3042
17fa4b9d
JH		 3043 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3044 sizeof(cp), &cp);
03b555e1
JH		 3045 } else {
3046 struct hci_cp_io_capability_neg_reply cp;
3047
3048 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3049 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3050
03b555e1
JH		 3051 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3052 sizeof(cp), &cp);
3053 }
3054
3055unlock:
3056 hci_dev_unlock(hdev);
3057}
3058
3059static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3060{
3061 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3062 struct hci_conn *conn;
3063
3064 BT_DBG("%s", hdev->name);
3065
3066 hci_dev_lock(hdev);
3067
3068 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3069 if (!conn)
3070 goto unlock;
3071
03b555e1 3072 conn->remote_cap = ev->capability;
03b555e1 3073 conn->remote_auth = ev->authentication;
58a681ef
JH		 3074 if (ev->oob_data)
3075 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3076
3077unlock:
0493684e
MH		 3078 hci_dev_unlock(hdev);
3079}
3080
a5c29683
JH		 3081static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3082 struct sk_buff *skb)
3083{
3084 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3085 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3086 struct hci_conn *conn;
a5c29683
JH		 3087
3088 BT_DBG("%s", hdev->name);
3089
3090 hci_dev_lock(hdev);
3091
a8b2d5c2 3092 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3093 goto unlock;
a5c29683 3094
7a828908
JH		 3095 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3096 if (!conn)
3097 goto unlock;
3098
3099 loc_mitm = (conn->auth_type & 0x01);
3100 rem_mitm = (conn->remote_auth & 0x01);
3101
3102 /* If we require MITM but the remote device can't provide that
3103 * (it has NoInputNoOutput) then reject the confirmation
3104 * request. The only exception is when we're dedicated bonding
3105 * initiators (connect_cfm_cb set) since then we always have the MITM
3106 * bit set. */
3107 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3108 BT_DBG("Rejecting request: remote device can't provide MITM");
3109 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3110 sizeof(ev->bdaddr), &ev->bdaddr);
3111 goto unlock;
3112 }
3113
3114 /* If no side requires MITM protection; auto-accept */
3115 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3116 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3117
3118 /* If we're not the initiators request authorization to
3119 * proceed from user space (mgmt_user_confirm with
3120 * confirm_hint set to 1). */
51a8efd7 3121 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3122 BT_DBG("Confirming auto-accept as acceptor");
3123 confirm_hint = 1;
3124 goto confirm;
3125 }
3126
9f61656a
JH		 3127 BT_DBG("Auto-accept of user confirmation with %ums delay",
3128 hdev->auto_accept_delay);
3129
3130 if (hdev->auto_accept_delay > 0) {
3131 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3132 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3133 goto unlock;
3134 }
3135
7a828908
JH		 3136 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3137 sizeof(ev->bdaddr), &ev->bdaddr);
3138 goto unlock;
3139 }
3140
55bc1a37 3141confirm:
272d90df 3142 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3143 confirm_hint);
7a828908
JH		 3144
3145unlock:
a5c29683
JH		 3146 hci_dev_unlock(hdev);
3147}
3148
1143d458
BG		 3149static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3150 struct sk_buff *skb)
3151{
3152 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3153
3154 BT_DBG("%s", hdev->name);
3155
3156 hci_dev_lock(hdev);
3157
a8b2d5c2 3158 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3159 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3160
3161 hci_dev_unlock(hdev);
3162}
3163
0493684e
MH		 3164static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3165{
3166 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3167 struct hci_conn *conn;
3168
3169 BT_DBG("%s", hdev->name);
3170
3171 hci_dev_lock(hdev);
3172
3173 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3174 if (!conn)
3175 goto unlock;
3176
3177 /* To avoid duplicate auth_failed events to user space we check
3178 * the HCI_CONN_AUTH_PEND flag which will be set if we
3179 * initiated the authentication. A traditional auth_complete
3180 * event gets always produced as initiator and is also mapped to
3181 * the mgmt_auth_failed event */
51a8efd7 3182 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3183 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3184 ev->status);
0493684e 3185
2a611692
JH		 3186 hci_conn_put(conn);
3187
3188unlock:
0493684e
MH		 3189 hci_dev_unlock(hdev);
3190}
3191
41a96212
MH		 3192static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3193{
3194 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3195 struct inquiry_entry *ie;
3196
3197 BT_DBG("%s", hdev->name);
3198
3199 hci_dev_lock(hdev);
3200
cc11b9c1
AE		 3201 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3202 if (ie)
41a96212
MH		 3203 ie->data.ssp_mode = (ev->features[0] & 0x01);
3204
3205 hci_dev_unlock(hdev);
3206}
3207
2763eda6
SJ		 3208static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3209 struct sk_buff *skb)
3210{
3211 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3212 struct oob_data *data;
3213
3214 BT_DBG("%s", hdev->name);
3215
3216 hci_dev_lock(hdev);
3217
a8b2d5c2 3218 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3219 goto unlock;
3220
2763eda6
SJ		 3221 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3222 if (data) {
3223 struct hci_cp_remote_oob_data_reply cp;
3224
3225 bacpy(&cp.bdaddr, &ev->bdaddr);
3226 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3227 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3228
3229 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3230 &cp);
3231 } else {
3232 struct hci_cp_remote_oob_data_neg_reply cp;
3233
3234 bacpy(&cp.bdaddr, &ev->bdaddr);
3235 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3236 &cp);
3237 }
3238
e1ba1f15 3239unlock:
2763eda6
SJ		 3240 hci_dev_unlock(hdev);
3241}
3242
fcd89c09
VT		 3243static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3244{
3245 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3246 struct hci_conn *conn;
3247
3248 BT_DBG("%s status %d", hdev->name, ev->status);
3249
3250 hci_dev_lock(hdev);
3251
3252 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3253 if (!conn) {
3254 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3255 if (!conn) {
3256 BT_ERR("No memory for new connection");
3257 hci_dev_unlock(hdev);
3258 return;
3259 }
29b7988a
AG		 3260
3261 conn->dst_type = ev->bdaddr_type;
b62f328b 3262 }
fcd89c09
VT		 3263
3264 if (ev->status) {
48264f06
JH		 3265 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3266 conn->dst_type, ev->status);
fcd89c09
VT		 3267 hci_proto_connect_cfm(conn, ev->status);
3268 conn->state = BT_CLOSED;
3269 hci_conn_del(conn);
3270 goto unlock;
3271 }
3272
b644ba33
JH		 3273 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3274 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3275 conn->dst_type, NULL, 0, 0);
83bc71b4 3276
7b5c0d52 3277 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3278 conn->handle = __le16_to_cpu(ev->handle);
3279 conn->state = BT_CONNECTED;
3280
3281 hci_conn_hold_device(conn);
3282 hci_conn_add_sysfs(conn);
3283
3284 hci_proto_connect_cfm(conn, ev->status);
3285
3286unlock:
3287 hci_dev_unlock(hdev);
3288}
3289
9aa04c91
AG		 3290static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3291 struct sk_buff *skb)
3292{
e95beb41
AG		 3293 u8 num_reports = skb->data[0];
3294 void *ptr = &skb->data[1];
3c9e9195 3295 s8 rssi;
9aa04c91
AG		 3296
3297 hci_dev_lock(hdev);
3298
e95beb41
AG		 3299 while (num_reports--) {
3300 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3301
9aa04c91 3302 hci_add_adv_entry(hdev, ev);
e95beb41 3303
3c9e9195
AG		 3304 rssi = ev->data[ev->length];
3305 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3306 NULL, rssi, 0, ev->data, ev->length);
3307
e95beb41 3308 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3309 }
3310
3311 hci_dev_unlock(hdev);
3312}
3313
a7a595f6
VCG		 3314static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3315 struct sk_buff *skb)
3316{
3317 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3318 struct hci_cp_le_ltk_reply cp;
bea710fe 3319 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3320 struct hci_conn *conn;
c9839a11 3321 struct smp_ltk *ltk;
a7a595f6
VCG		 3322
3323 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3324
3325 hci_dev_lock(hdev);
3326
3327 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3328 if (conn == NULL)
3329 goto not_found;
a7a595f6 3330
bea710fe
VCG		 3331 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3332 if (ltk == NULL)
3333 goto not_found;
3334
3335 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3336 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3337
3338 if (ltk->authenticated)
3339 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3340
3341 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3342
c9839a11
VCG		 3343 if (ltk->type & HCI_SMP_STK) {
3344 list_del(&ltk->list);
3345 kfree(ltk);
3346 }
3347
a7a595f6 3348 hci_dev_unlock(hdev);
bea710fe
VCG		 3349
3350 return;
3351
3352not_found:
3353 neg.handle = ev->handle;
3354 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3355 hci_dev_unlock(hdev);
a7a595f6
VCG		 3356}
3357
fcd89c09
VT		 3358static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3359{
3360 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3361
3362 skb_pull(skb, sizeof(*le_ev));
3363
3364 switch (le_ev->subevent) {
3365 case HCI_EV_LE_CONN_COMPLETE:
3366 hci_le_conn_complete_evt(hdev, skb);
3367 break;
3368
9aa04c91
AG		 3369 case HCI_EV_LE_ADVERTISING_REPORT:
3370 hci_le_adv_report_evt(hdev, skb);
3371 break;
3372
a7a595f6
VCG		 3373 case HCI_EV_LE_LTK_REQ:
3374 hci_le_ltk_request_evt(hdev, skb);
3375 break;
3376
fcd89c09
VT		 3377 default:
3378 break;
3379 }
3380}
3381
a9de9248
MH		 3382void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3383{
3384 struct hci_event_hdr *hdr = (void *) skb->data;
3385 __u8 event = hdr->evt;
3386
3387 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3388
3389 switch (event) {
1da177e4
LT		 3390 case HCI_EV_INQUIRY_COMPLETE:
3391 hci_inquiry_complete_evt(hdev, skb);
3392 break;
3393
3394 case HCI_EV_INQUIRY_RESULT:
3395 hci_inquiry_result_evt(hdev, skb);
3396 break;
3397
a9de9248
MH		 3398 case HCI_EV_CONN_COMPLETE:
3399 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3400 break;
3401
1da177e4
LT		 3402 case HCI_EV_CONN_REQUEST:
3403 hci_conn_request_evt(hdev, skb);
3404 break;
3405
1da177e4
LT		 3406 case HCI_EV_DISCONN_COMPLETE:
3407 hci_disconn_complete_evt(hdev, skb);
3408 break;
3409
1da177e4
LT		 3410 case HCI_EV_AUTH_COMPLETE:
3411 hci_auth_complete_evt(hdev, skb);
3412 break;
3413
a9de9248
MH		 3414 case HCI_EV_REMOTE_NAME:
3415 hci_remote_name_evt(hdev, skb);
3416 break;
3417
1da177e4
LT		 3418 case HCI_EV_ENCRYPT_CHANGE:
3419 hci_encrypt_change_evt(hdev, skb);
3420 break;
3421
a9de9248
MH		 3422 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3423 hci_change_link_key_complete_evt(hdev, skb);
3424 break;
3425
3426 case HCI_EV_REMOTE_FEATURES:
3427 hci_remote_features_evt(hdev, skb);
3428 break;
3429
3430 case HCI_EV_REMOTE_VERSION:
3431 hci_remote_version_evt(hdev, skb);
3432 break;
3433
3434 case HCI_EV_QOS_SETUP_COMPLETE:
3435 hci_qos_setup_complete_evt(hdev, skb);
3436 break;
3437
3438 case HCI_EV_CMD_COMPLETE:
3439 hci_cmd_complete_evt(hdev, skb);
3440 break;
3441
3442 case HCI_EV_CMD_STATUS:
3443 hci_cmd_status_evt(hdev, skb);
3444 break;
3445
3446 case HCI_EV_ROLE_CHANGE:
3447 hci_role_change_evt(hdev, skb);
3448 break;
3449
3450 case HCI_EV_NUM_COMP_PKTS:
3451 hci_num_comp_pkts_evt(hdev, skb);
3452 break;
3453
3454 case HCI_EV_MODE_CHANGE:
3455 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3456 break;
3457
3458 case HCI_EV_PIN_CODE_REQ:
3459 hci_pin_code_request_evt(hdev, skb);
3460 break;
3461
3462 case HCI_EV_LINK_KEY_REQ:
3463 hci_link_key_request_evt(hdev, skb);
3464 break;
3465
3466 case HCI_EV_LINK_KEY_NOTIFY:
3467 hci_link_key_notify_evt(hdev, skb);
3468 break;
3469
3470 case HCI_EV_CLOCK_OFFSET:
3471 hci_clock_offset_evt(hdev, skb);
3472 break;
3473
a8746417
MH		 3474 case HCI_EV_PKT_TYPE_CHANGE:
3475 hci_pkt_type_change_evt(hdev, skb);
3476 break;
3477
85a1e930
MH		 3478 case HCI_EV_PSCAN_REP_MODE:
3479 hci_pscan_rep_mode_evt(hdev, skb);
3480 break;
3481
a9de9248
MH		 3482 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3483 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3484 break;
3485
a9de9248
MH		 3486 case HCI_EV_REMOTE_EXT_FEATURES:
3487 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3488 break;
3489
a9de9248
MH		 3490 case HCI_EV_SYNC_CONN_COMPLETE:
3491 hci_sync_conn_complete_evt(hdev, skb);
3492 break;
1da177e4 3493
a9de9248
MH		 3494 case HCI_EV_SYNC_CONN_CHANGED:
3495 hci_sync_conn_changed_evt(hdev, skb);
3496 break;
1da177e4 3497
a9de9248
MH		 3498 case HCI_EV_SNIFF_SUBRATE:
3499 hci_sniff_subrate_evt(hdev, skb);
3500 break;
1da177e4 3501
a9de9248
MH		 3502 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3503 hci_extended_inquiry_result_evt(hdev, skb);
3504 break;
1da177e4 3505
0493684e
MH		 3506 case HCI_EV_IO_CAPA_REQUEST:
3507 hci_io_capa_request_evt(hdev, skb);
3508 break;
3509
03b555e1
JH		 3510 case HCI_EV_IO_CAPA_REPLY:
3511 hci_io_capa_reply_evt(hdev, skb);
3512 break;
3513
a5c29683
JH		 3514 case HCI_EV_USER_CONFIRM_REQUEST:
3515 hci_user_confirm_request_evt(hdev, skb);
3516 break;
3517
1143d458
BG		 3518 case HCI_EV_USER_PASSKEY_REQUEST:
3519 hci_user_passkey_request_evt(hdev, skb);
3520 break;
3521
0493684e
MH		 3522 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3523 hci_simple_pair_complete_evt(hdev, skb);
3524 break;
3525
41a96212
MH		 3526 case HCI_EV_REMOTE_HOST_FEATURES:
3527 hci_remote_host_features_evt(hdev, skb);
3528 break;
3529
fcd89c09
VT		 3530 case HCI_EV_LE_META:
3531 hci_le_meta_evt(hdev, skb);
3532 break;
3533
2763eda6
SJ		 3534 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3535 hci_remote_oob_data_request_evt(hdev, skb);
3536 break;
3537
25e89e99
AE		 3538 case HCI_EV_NUM_COMP_BLOCKS:
3539 hci_num_comp_blocks_evt(hdev, skb);
3540 break;
3541
a9de9248
MH		 3542 default:
3543 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3544 break;
3545 }
3546
3547 kfree_skb(skb);
3548 hdev->stat.evt_rx++;
3549}
kernel source for telekom puls (alcatel/mediatek)