projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor stop_discovery
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
a9de9248
MH		 72static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
6bd57416 75
a9de9248 76 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 77
a9de9248
MH		 78 if (status)
79 return;
1da177e4 80
a9de9248
MH		 81 hci_conn_check_pending(hdev);
82}
83
84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 BT_DBG("%s", hdev->name);
87}
88
89static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
90{
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
93
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
95
96 if (rp->status)
97 return;
98
99 hci_dev_lock(hdev);
100
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 if (conn) {
103 if (rp->role)
104 conn->link_mode &= ~HCI_LM_MASTER;
105 else
106 conn->link_mode |= HCI_LM_MASTER;
1da177e4 107 }
a9de9248
MH		 108
109 hci_dev_unlock(hdev);
1da177e4
LT		 110}
111
e4e8e37c
MH		 112static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
113{
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
116
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
118
119 if (rp->status)
120 return;
121
122 hci_dev_lock(hdev);
123
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
125 if (conn)
126 conn->link_policy = __le16_to_cpu(rp->policy);
127
128 hci_dev_unlock(hdev);
129}
130
a9de9248 131static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 132{
a9de9248 133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 134 struct hci_conn *conn;
04837f64 135 void *sent;
1da177e4 136
a9de9248 137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 138
a9de9248
MH		 139 if (rp->status)
140 return;
1da177e4 141
a9de9248
MH		 142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
143 if (!sent)
144 return;
1da177e4 145
a9de9248 146 hci_dev_lock(hdev);
1da177e4 147
a9de9248 148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 149 if (conn)
83985319 150 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 151
a9de9248
MH		 152 hci_dev_unlock(hdev);
153}
1da177e4 154
e4e8e37c
MH		 155static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
156{
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
158
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
160
161 if (rp->status)
162 return;
163
164 hdev->link_policy = __le16_to_cpu(rp->policy);
165}
166
167static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
168{
169 __u8 status = *((__u8 *) skb->data);
170 void *sent;
171
172 BT_DBG("%s status 0x%x", hdev->name, status);
173
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
175 if (!sent)
176 return;
177
178 if (!status)
179 hdev->link_policy = get_unaligned_le16(sent);
180
23bb5763 181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 182}
183
a9de9248
MH		 184static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
185{
186 __u8 status = *((__u8 *) skb->data);
04837f64 187
a9de9248 188 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 189
10572132
GP		 190 clear_bit(HCI_RESET, &hdev->flags);
191
23bb5763 192 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 193
a297e97c 194 /* Reset all non-persistent flags */
9f8ce967 195 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
69775ff6
AG		 196
197 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 198}
04837f64 199
a9de9248
MH		 200static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201{
202 __u8 status = *((__u8 *) skb->data);
203 void *sent;
04837f64 204
a9de9248 205 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 206
a9de9248
MH		 207 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
208 if (!sent)
209 return;
04837f64 210
56e5cb86
JH		 211 hci_dev_lock(hdev);
212
f51d5b24
JH		 213 if (test_bit(HCI_MGMT, &hdev->dev_flags))
214 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 215 else if (!status)
216 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 217
56e5cb86 218 hci_dev_unlock(hdev);
3159d384
JH		 219
220 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
db99b5fc
JH		 232 if (test_bit(HCI_SETUP, &hdev->dev_flags))
233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 234}
235
236static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237{
238 __u8 status = *((__u8 *) skb->data);
239 void *sent;
240
241 BT_DBG("%s status 0x%x", hdev->name, status);
242
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
244 if (!sent)
245 return;
246
247 if (!status) {
248 __u8 param = *((__u8 *) sent);
249
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
252 else
253 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 254 }
a9de9248 255
33ef95ed
JH		 256 if (test_bit(HCI_MGMT, &hdev->dev_flags))
257 mgmt_auth_enable_complete(hdev, status);
258
23bb5763 259 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 260}
261
a9de9248 262static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 263{
a9de9248 264 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 265 void *sent;
266
a9de9248 267 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 268
a9de9248
MH		 269 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 if (!sent)
271 return;
1da177e4 272
a9de9248
MH		 273 if (!status) {
274 __u8 param = *((__u8 *) sent);
275
276 if (param)
277 set_bit(HCI_ENCRYPT, &hdev->flags);
278 else
279 clear_bit(HCI_ENCRYPT, &hdev->flags);
280 }
1da177e4 281
23bb5763 282 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 283}
1da177e4 284
a9de9248
MH		 285static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286{
36f7fc7e
JH		 287 __u8 param, status = *((__u8 *) skb->data);
288 int old_pscan, old_iscan;
a9de9248 289 void *sent;
1da177e4 290
a9de9248 291 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 292
a9de9248
MH		 293 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
294 if (!sent)
295 return;
1da177e4 296
36f7fc7e
JH		 297 param = *((__u8 *) sent);
298
56e5cb86
JH		 299 hci_dev_lock(hdev);
300
2d7cee58 301 if (status != 0) {
744cf19e 302 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 303 hdev->discov_timeout = 0;
304 goto done;
305 }
306
36f7fc7e
JH		 307 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
308 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
309
310 if (param & SCAN_INQUIRY) {
311 set_bit(HCI_ISCAN, &hdev->flags);
312 if (!old_iscan)
744cf19e 313 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 314 if (hdev->discov_timeout > 0) {
315 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
316 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 to);
318 }
36f7fc7e 319 } else if (old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 321
322 if (param & SCAN_PAGE) {
323 set_bit(HCI_PSCAN, &hdev->flags);
324 if (!old_pscan)
744cf19e 325 mgmt_connectable(hdev, 1);
36f7fc7e 326 } else if (old_pscan)
744cf19e 327 mgmt_connectable(hdev, 0);
1da177e4 328
36f7fc7e 329done:
56e5cb86 330 hci_dev_unlock(hdev);
23bb5763 331 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
a9de9248 338 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248
MH		 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
a9de9248 354 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
376 BT_DBG("%s status 0x%x", hdev->name, rp->status);
377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
388 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
394static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
395{
396 __u8 status = *((__u8 *) skb->data);
f383f275 397 __u16 setting;
a9de9248
MH		 398 void *sent;
399
400 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 401
f383f275
MH		 402 if (status)
403 return;
404
a9de9248
MH		 405 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
406 if (!sent)
407 return;
1da177e4 408
f383f275 409 setting = get_unaligned_le16(sent);
1da177e4 410
f383f275
MH		 411 if (hdev->voice_setting == setting)
412 return;
413
414 hdev->voice_setting = setting;
1da177e4 415
f383f275 416 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 417
3c54711c 418 if (hdev->notify)
f383f275 419 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 420}
421
a9de9248 422static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 423{
a9de9248 424 __u8 status = *((__u8 *) skb->data);
1da177e4 425
a9de9248 426 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 427
23bb5763 428 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 429}
1143e5a6 430
333140b5
MH		 431static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
432{
433 __u8 status = *((__u8 *) skb->data);
434 void *sent;
435
436 BT_DBG("%s status 0x%x", hdev->name, status);
437
333140b5
MH		 438 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
439 if (!sent)
440 return;
441
ed2c4ee3 442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 443 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
444 else if (!status) {
445 if (*((u8 *) sent))
446 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
447 else
448 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449 }
333140b5
MH		 450}
451
d5859e22
JH		 452static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453{
454 if (hdev->features[6] & LMP_EXT_INQ)
455 return 2;
456
457 if (hdev->features[3] & LMP_RSSI_INQ)
458 return 1;
459
460 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
461 hdev->lmp_subver == 0x0757)
462 return 1;
463
464 if (hdev->manufacturer == 15) {
465 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 return 1;
467 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 return 1;
469 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
470 return 1;
471 }
472
473 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
474 hdev->lmp_subver == 0x1805)
475 return 1;
476
477 return 0;
478}
479
480static void hci_setup_inquiry_mode(struct hci_dev *hdev)
481{
482 u8 mode;
483
484 mode = hci_get_inquiry_mode(hdev);
485
486 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487}
488
489static void hci_setup_event_mask(struct hci_dev *hdev)
490{
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495
6de6c18d
VT		 496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
5a13b095 498 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 499 return;
500
501 events[4] |= 0x01; /* Flow Specification Complete */
502 events[4] |= 0x02; /* Inquiry Result with RSSI */
503 events[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events[5] |= 0x08; /* Synchronous Connection Complete */
505 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 506
507 if (hdev->features[3] & LMP_RSSI_INQ)
508 events[4] |= 0x04; /* Inquiry Result with RSSI */
509
510 if (hdev->features[5] & LMP_SNIFF_SUBR)
511 events[5] |= 0x20; /* Sniff Subrating */
512
513 if (hdev->features[5] & LMP_PAUSE_ENC)
514 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515
516 if (hdev->features[6] & LMP_EXT_INQ)
517 events[5] |= 0x40; /* Extended Inquiry Result */
518
519 if (hdev->features[6] & LMP_NO_FLUSH)
520 events[7] |= 0x01; /* Enhanced Flush Complete */
521
522 if (hdev->features[7] & LMP_LSTO)
523 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524
525 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
526 events[6] |= 0x01; /* IO Capability Request */
527 events[6] |= 0x02; /* IO Capability Response */
528 events[6] |= 0x04; /* User Confirmation Request */
529 events[6] |= 0x08; /* User Passkey Request */
530 events[6] |= 0x10; /* Remote OOB Data Request */
531 events[6] |= 0x20; /* Simple Pairing Complete */
532 events[7] |= 0x04; /* User Passkey Notification */
533 events[7] |= 0x08; /* Keypress Notification */
534 events[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
536 }
537
538 if (hdev->features[4] & LMP_LE)
539 events[7] |= 0x20; /* LE Meta-Event */
540
541 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
542}
543
544static void hci_setup(struct hci_dev *hdev)
545{
e61ef499
AE		 546 if (hdev->dev_type != HCI_BREDR)
547 return;
548
d5859e22
JH		 549 hci_setup_event_mask(hdev);
550
d095c1eb 551 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 552 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
553
54d04dbb
JH		 554 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
555 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
556 u8 mode = 0x01;
557 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 558 sizeof(mode), &mode);
54d04dbb
JH		 559 } else {
560 struct hci_cp_write_eir cp;
561
562 memset(hdev->eir, 0, sizeof(hdev->eir));
563 memset(&cp, 0, sizeof(cp));
564
565 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
566 }
d5859e22
JH		 567 }
568
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
571
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 574
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
577
578 cp.page = 0x01;
04124681
GP		 579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
580 &cp);
971e3a4b 581 }
e6100a25 582
47990ea0
JH		 583 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
584 u8 enable = 1;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
586 &enable);
47990ea0 587 }
d5859e22
JH		 588}
589
a9de9248
MH		 590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 593
a9de9248 594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 595
a9de9248 596 if (rp->status)
28b8df77 597 goto done;
1143e5a6 598
a9de9248 599 hdev->hci_ver = rp->hci_ver;
e4e8e37c 600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 601 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 604
a9de9248
MH		 605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
606 hdev->manufacturer,
607 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 608
609 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev);
28b8df77
AE		 611
612done:
613 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 614}
615
616static void hci_setup_link_policy(struct hci_dev *hdev)
617{
035100c8 618 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 619 u16 link_policy = 0;
620
621 if (hdev->features[0] & LMP_RSWITCH)
622 link_policy |= HCI_LP_RSWITCH;
623 if (hdev->features[0] & LMP_HOLD)
624 link_policy |= HCI_LP_HOLD;
625 if (hdev->features[0] & LMP_SNIFF)
626 link_policy |= HCI_LP_SNIFF;
627 if (hdev->features[1] & LMP_PARK)
628 link_policy |= HCI_LP_PARK;
629
035100c8
AE		 630 cp.policy = cpu_to_le16(link_policy);
631 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 632}
1da177e4 633
a9de9248
MH		 634static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
635{
636 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 637
a9de9248 638 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 639
a9de9248 640 if (rp->status)
d5859e22 641 goto done;
1da177e4 642
a9de9248 643 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 644
645 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
646 hci_setup_link_policy(hdev);
647
648done:
649 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 650}
1da177e4 651
a9de9248
MH		 652static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
653{
654 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 655
a9de9248 656 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 657
a9de9248
MH		 658 if (rp->status)
659 return;
5b7f9909 660
a9de9248 661 memcpy(hdev->features, rp->features, 8);
5b7f9909 662
a9de9248
MH		 663 /* Adjust default settings according to features
664 * supported by device. */
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_3SLOT)
667 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[0] & LMP_5SLOT)
670 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 671
a9de9248
MH		 672 if (hdev->features[1] & LMP_HV2) {
673 hdev->pkt_type |= (HCI_HV2);
674 hdev->esco_type |= (ESCO_HV2);
675 }
1da177e4 676
a9de9248
MH		 677 if (hdev->features[1] & LMP_HV3) {
678 hdev->pkt_type |= (HCI_HV3);
679 hdev->esco_type |= (ESCO_HV3);
680 }
1da177e4 681
a9de9248
MH		 682 if (hdev->features[3] & LMP_ESCO)
683 hdev->esco_type |= (ESCO_EV3);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV4)
686 hdev->esco_type |= (ESCO_EV4);
da1f5198 687
a9de9248
MH		 688 if (hdev->features[4] & LMP_EV5)
689 hdev->esco_type |= (ESCO_EV5);
1da177e4 690
efc7688b
MH		 691 if (hdev->features[5] & LMP_EDR_ESCO_2M)
692 hdev->esco_type |= (ESCO_2EV3);
693
694 if (hdev->features[5] & LMP_EDR_ESCO_3M)
695 hdev->esco_type |= (ESCO_3EV3);
696
697 if (hdev->features[5] & LMP_EDR_3S_ESCO)
698 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
699
a9de9248
MH		 700 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
701 hdev->features[0], hdev->features[1],
702 hdev->features[2], hdev->features[3],
703 hdev->features[4], hdev->features[5],
704 hdev->features[6], hdev->features[7]);
705}
1da177e4 706
8f984dfa
JH		 707static void hci_set_le_support(struct hci_dev *hdev)
708{
709 struct hci_cp_write_le_host_supported cp;
710
711 memset(&cp, 0, sizeof(cp));
712
713 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
714 cp.le = 1;
715 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
716 }
717
718 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 719 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
720 &cp);
8f984dfa
JH		 721}
722
971e3a4b
AG		 723static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
724 struct sk_buff *skb)
725{
726 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
727
728 BT_DBG("%s status 0x%x", hdev->name, rp->status);
729
730 if (rp->status)
8f984dfa 731 goto done;
971e3a4b 732
b5b32b65
AG		 733 switch (rp->page) {
734 case 0:
735 memcpy(hdev->features, rp->features, 8);
736 break;
737 case 1:
738 memcpy(hdev->host_features, rp->features, 8);
739 break;
740 }
971e3a4b 741
8f984dfa
JH		 742 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
743 hci_set_le_support(hdev);
744
745done:
971e3a4b
AG		 746 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
747}
748
1e89cffb
AE		 749static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
750 struct sk_buff *skb)
751{
752 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
753
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
755
756 if (rp->status)
757 return;
758
759 hdev->flow_ctl_mode = rp->mode;
760
761 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
762}
763
a9de9248
MH		 764static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
765{
766 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 767
a9de9248 768 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 769
a9de9248
MH		 770 if (rp->status)
771 return;
1da177e4 772
a9de9248
MH		 773 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
774 hdev->sco_mtu = rp->sco_mtu;
775 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
776 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
777
778 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
779 hdev->sco_mtu = 64;
780 hdev->sco_pkts = 8;
1da177e4 781 }
a9de9248
MH		 782
783 hdev->acl_cnt = hdev->acl_pkts;
784 hdev->sco_cnt = hdev->sco_pkts;
785
786 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
787 hdev->acl_mtu, hdev->acl_pkts,
788 hdev->sco_mtu, hdev->sco_pkts);
789}
790
791static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
792{
793 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
794
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
796
797 if (!rp->status)
798 bacpy(&hdev->bdaddr, &rp->bdaddr);
799
23bb5763
JH		 800 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
801}
802
350ee4cf
AE		 803static void hci_cc_read_data_block_size(struct hci_dev *hdev,
804 struct sk_buff *skb)
805{
806 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
807
808 BT_DBG("%s status 0x%x", hdev->name, rp->status);
809
810 if (rp->status)
811 return;
812
813 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
814 hdev->block_len = __le16_to_cpu(rp->block_len);
815 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
816
817 hdev->block_cnt = hdev->num_blocks;
818
819 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
820 hdev->block_cnt, hdev->block_len);
821
822 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
823}
824
23bb5763
JH		 825static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
826{
827 __u8 status = *((__u8 *) skb->data);
828
829 BT_DBG("%s status 0x%x", hdev->name, status);
830
831 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 832}
833
928abaa7
AE		 834static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
835 struct sk_buff *skb)
836{
837 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
838
839 BT_DBG("%s status 0x%x", hdev->name, rp->status);
840
841 if (rp->status)
842 return;
843
844 hdev->amp_status = rp->amp_status;
845 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
846 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
847 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
848 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
849 hdev->amp_type = rp->amp_type;
850 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
851 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
852 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
853 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
854
855 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
856}
857
b0916ea0
JH		 858static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
859 struct sk_buff *skb)
860{
861 __u8 status = *((__u8 *) skb->data);
862
863 BT_DBG("%s status 0x%x", hdev->name, status);
864
865 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
866}
867
d5859e22
JH		 868static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
869{
870 __u8 status = *((__u8 *) skb->data);
871
872 BT_DBG("%s status 0x%x", hdev->name, status);
873
874 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
875}
876
877static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
878 struct sk_buff *skb)
879{
880 __u8 status = *((__u8 *) skb->data);
881
882 BT_DBG("%s status 0x%x", hdev->name, status);
883
884 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
885}
886
887static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
888 struct sk_buff *skb)
889{
91c4e9b1 890 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 891
91c4e9b1
MH		 892 BT_DBG("%s status 0x%x", hdev->name, rp->status);
893
894 if (!rp->status)
895 hdev->inq_tx_power = rp->tx_power;
d5859e22 896
91c4e9b1 897 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 898}
899
900static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
901{
902 __u8 status = *((__u8 *) skb->data);
903
904 BT_DBG("%s status 0x%x", hdev->name, status);
905
906 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
907}
908
980e1a53
JH		 909static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
910{
911 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
912 struct hci_cp_pin_code_reply *cp;
913 struct hci_conn *conn;
914
915 BT_DBG("%s status 0x%x", hdev->name, rp->status);
916
56e5cb86
JH		 917 hci_dev_lock(hdev);
918
a8b2d5c2 919 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 920 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 921
922 if (rp->status != 0)
56e5cb86 923 goto unlock;
980e1a53
JH		 924
925 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
926 if (!cp)
56e5cb86 927 goto unlock;
980e1a53
JH		 928
929 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
930 if (conn)
931 conn->pin_length = cp->pin_len;
56e5cb86
JH		 932
933unlock:
934 hci_dev_unlock(hdev);
980e1a53
JH		 935}
936
937static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
938{
939 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
940
941 BT_DBG("%s status 0x%x", hdev->name, rp->status);
942
56e5cb86
JH		 943 hci_dev_lock(hdev);
944
a8b2d5c2 945 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 946 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 947 rp->status);
56e5cb86
JH		 948
949 hci_dev_unlock(hdev);
980e1a53 950}
56e5cb86 951
6ed58ec5
VT		 952static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
953 struct sk_buff *skb)
954{
955 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
956
957 BT_DBG("%s status 0x%x", hdev->name, rp->status);
958
959 if (rp->status)
960 return;
961
962 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
963 hdev->le_pkts = rp->le_max_pkt;
964
965 hdev->le_cnt = hdev->le_pkts;
966
967 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
968
969 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
970}
980e1a53 971
a5c29683
JH		 972static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
973{
974 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
975
976 BT_DBG("%s status 0x%x", hdev->name, rp->status);
977
56e5cb86
JH		 978 hci_dev_lock(hdev);
979
a8b2d5c2 980 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 981 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
982 rp->status);
56e5cb86
JH		 983
984 hci_dev_unlock(hdev);
a5c29683
JH		 985}
986
987static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
988 struct sk_buff *skb)
989{
990 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
991
992 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993
56e5cb86
JH		 994 hci_dev_lock(hdev);
995
a8b2d5c2 996 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 997 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 998 ACL_LINK, 0, rp->status);
56e5cb86
JH		 999
1000 hci_dev_unlock(hdev);
a5c29683
JH		 1001}
1002
1143d458
BG		 1003static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1004{
1005 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1006
1007 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1008
1009 hci_dev_lock(hdev);
1010
a8b2d5c2 1011 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1012 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1013 0, rp->status);
1143d458
BG		 1014
1015 hci_dev_unlock(hdev);
1016}
1017
1018static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1019 struct sk_buff *skb)
1020{
1021 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1022
1023 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024
1025 hci_dev_lock(hdev);
1026
a8b2d5c2 1027 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1028 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1029 ACL_LINK, 0, rp->status);
1143d458
BG		 1030
1031 hci_dev_unlock(hdev);
1032}
1033
c35938b2
SJ		 1034static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1035 struct sk_buff *skb)
1036{
1037 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1038
1039 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1040
56e5cb86 1041 hci_dev_lock(hdev);
744cf19e 1042 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1043 rp->randomizer, rp->status);
56e5cb86 1044 hci_dev_unlock(hdev);
c35938b2
SJ		 1045}
1046
07f7fa5d
AG		 1047static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1048{
1049 __u8 status = *((__u8 *) skb->data);
1050
1051 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1052
1053 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1054
1055 if (status) {
1056 hci_dev_lock(hdev);
1057 mgmt_start_discovery_failed(hdev, status);
1058 hci_dev_unlock(hdev);
1059 return;
1060 }
07f7fa5d
AG		 1061}
1062
eb9d91f5
AG		 1063static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1065{
1066 struct hci_cp_le_set_scan_enable *cp;
1067 __u8 status = *((__u8 *) skb->data);
1068
1069 BT_DBG("%s status 0x%x", hdev->name, status);
1070
eb9d91f5
AG		 1071 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1072 if (!cp)
1073 return;
1074
68a8aea4
AE		 1075 switch (cp->enable) {
1076 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1077 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1078
3fd24153
AG		 1079 if (status) {
1080 hci_dev_lock(hdev);
1081 mgmt_start_discovery_failed(hdev, status);
1082 hci_dev_unlock(hdev);
7ba8b4be 1083 return;
3fd24153 1084 }
7ba8b4be 1085
d23264a8
AG		 1086 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1087
db323f2f 1088 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1089
1090 hci_dev_lock(hdev);
eb9d91f5 1091 hci_adv_entries_clear(hdev);
343f935b 1092 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1093 hci_dev_unlock(hdev);
68a8aea4
AE		 1094 break;
1095
1096 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1097 if (status) {
1098 hci_dev_lock(hdev);
1099 mgmt_stop_discovery_failed(hdev, status);
1100 hci_dev_unlock(hdev);
7ba8b4be 1101 return;
c9ecc48e 1102 }
7ba8b4be 1103
d23264a8
AG		 1104 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1105
d084329e 1106 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0 1107
bc3dd33c
AG		 1108 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1109 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1110 mgmt_interleaved_discovery(hdev);
1111 } else {
1112 hci_dev_lock(hdev);
1113 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1114 hci_dev_unlock(hdev);
1115 }
1116
68a8aea4
AE		 1117 break;
1118
1119 default:
1120 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1121 break;
35815085 1122 }
eb9d91f5
AG		 1123}
1124
a7a595f6
VCG		 1125static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1126{
1127 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1128
1129 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1130
1131 if (rp->status)
1132 return;
1133
1134 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1135}
1136
1137static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1138{
1139 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1140
1141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1142
1143 if (rp->status)
1144 return;
1145
1146 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1147}
1148
f9b49306
AG		 1149static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1150 struct sk_buff *skb)
1151{
06199cf8 1152 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1153 __u8 status = *((__u8 *) skb->data);
1154
1155 BT_DBG("%s status 0x%x", hdev->name, status);
1156
06199cf8 1157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1158 if (!sent)
f9b49306
AG		 1159 return;
1160
8f984dfa
JH		 1161 if (!status) {
1162 if (sent->le)
1163 hdev->host_features[0] |= LMP_HOST_LE;
1164 else
1165 hdev->host_features[0] &= ~LMP_HOST_LE;
1166 }
1167
1168 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1169 !test_bit(HCI_INIT, &hdev->flags))
1170 mgmt_le_enable_complete(hdev, sent->le, status);
1171
1172 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1173}
1174
a9de9248
MH		 1175static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1176{
1177 BT_DBG("%s status 0x%x", hdev->name, status);
1178
1179 if (status) {
23bb5763 1180 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1181 hci_conn_check_pending(hdev);
56e5cb86 1182 hci_dev_lock(hdev);
a8b2d5c2 1183 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1184 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1185 hci_dev_unlock(hdev);
314b2381
JH		 1186 return;
1187 }
1188
89352e7d
AG		 1189 set_bit(HCI_INQUIRY, &hdev->flags);
1190
56e5cb86 1191 hci_dev_lock(hdev);
343f935b 1192 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1193 hci_dev_unlock(hdev);
1da177e4
LT		 1194}
1195
1da177e4
LT		 1196static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1197{
a9de9248 1198 struct hci_cp_create_conn *cp;
1da177e4 1199 struct hci_conn *conn;
1da177e4 1200
a9de9248
MH		 1201 BT_DBG("%s status 0x%x", hdev->name, status);
1202
1203 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1204 if (!cp)
1205 return;
1206
1207 hci_dev_lock(hdev);
1208
1209 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1210
a9de9248 1211 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1212
1213 if (status) {
1214 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1215 if (status != 0x0c || conn->attempt > 2) {
1216 conn->state = BT_CLOSED;
1217 hci_proto_connect_cfm(conn, status);
1218 hci_conn_del(conn);
1219 } else
1220 conn->state = BT_CONNECT2;
1da177e4
LT		 1221 }
1222 } else {
1223 if (!conn) {
1224 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1225 if (conn) {
a0c808b3 1226 conn->out = true;
1da177e4
LT		 1227 conn->link_mode |= HCI_LM_MASTER;
1228 } else
893ef971 1229 BT_ERR("No memory for new connection");
1da177e4
LT		 1230 }
1231 }
1232
1233 hci_dev_unlock(hdev);
1234}
1235
a9de9248 1236static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1237{
a9de9248
MH		 1238 struct hci_cp_add_sco *cp;
1239 struct hci_conn *acl, *sco;
1240 __u16 handle;
1da177e4 1241
b6a0dc82
MH		 1242 BT_DBG("%s status 0x%x", hdev->name, status);
1243
a9de9248
MH		 1244 if (!status)
1245 return;
1da177e4 1246
a9de9248
MH		 1247 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1248 if (!cp)
1249 return;
1da177e4 1250
a9de9248 1251 handle = __le16_to_cpu(cp->handle);
1da177e4 1252
a9de9248 1253 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1254
a9de9248 1255 hci_dev_lock(hdev);
1da177e4 1256
a9de9248 1257 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1258 if (acl) {
1259 sco = acl->link;
1260 if (sco) {
1261 sco->state = BT_CLOSED;
1da177e4 1262
5a08ecce
AE		 1263 hci_proto_connect_cfm(sco, status);
1264 hci_conn_del(sco);
1265 }
a9de9248 1266 }
1da177e4 1267
a9de9248
MH		 1268 hci_dev_unlock(hdev);
1269}
1da177e4 1270
f8558555
MH		 1271static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1272{
1273 struct hci_cp_auth_requested *cp;
1274 struct hci_conn *conn;
1275
1276 BT_DBG("%s status 0x%x", hdev->name, status);
1277
1278 if (!status)
1279 return;
1280
1281 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1282 if (!cp)
1283 return;
1284
1285 hci_dev_lock(hdev);
1286
1287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288 if (conn) {
1289 if (conn->state == BT_CONFIG) {
1290 hci_proto_connect_cfm(conn, status);
1291 hci_conn_put(conn);
1292 }
1293 }
1294
1295 hci_dev_unlock(hdev);
1296}
1297
1298static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1299{
1300 struct hci_cp_set_conn_encrypt *cp;
1301 struct hci_conn *conn;
1302
1303 BT_DBG("%s status 0x%x", hdev->name, status);
1304
1305 if (!status)
1306 return;
1307
1308 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1309 if (!cp)
1310 return;
1311
1312 hci_dev_lock(hdev);
1313
1314 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1315 if (conn) {
1316 if (conn->state == BT_CONFIG) {
1317 hci_proto_connect_cfm(conn, status);
1318 hci_conn_put(conn);
1319 }
1320 }
1321
1322 hci_dev_unlock(hdev);
1323}
1324
127178d2 1325static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1326 struct hci_conn *conn)
392599b9 1327{
392599b9
JH		 1328 if (conn->state != BT_CONFIG || !conn->out)
1329 return 0;
1330
765c2a96 1331 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1332 return 0;
1333
1334 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1335 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1336 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1337 conn->pending_sec_level != BT_SECURITY_HIGH &&
1338 !(conn->auth_type & 0x01))
392599b9
JH		 1339 return 0;
1340
392599b9
JH		 1341 return 1;
1342}
1343
00abfe44 1344static inline int hci_resolve_name(struct hci_dev *hdev,
04124681 1345 struct inquiry_entry *e)
30dc78e1
JH		 1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
b644ba33 1359static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
b644ba33
JH		 1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1368 if (hci_resolve_name(hdev, e) == 0) {
1369 e->name_state = NAME_PENDING;
1370 return true;
1371 }
1372
1373 return false;
1374}
1375
1376static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1377 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1378{
1379 struct discovery_state *discov = &hdev->discovery;
1380 struct inquiry_entry *e;
1381
1382 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1383 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1384 name_len, conn->dev_class);
b644ba33
JH		 1385
1386 if (discov->state == DISCOVERY_STOPPED)
1387 return;
1388
30dc78e1
JH		 1389 if (discov->state == DISCOVERY_STOPPING)
1390 goto discov_complete;
1391
1392 if (discov->state != DISCOVERY_RESOLVING)
1393 return;
1394
1395 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1396 if (e) {
1397 e->name_state = NAME_KNOWN;
1398 list_del(&e->list);
b644ba33
JH		 1399 if (name)
1400 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1401 e->data.rssi, name, name_len);
30dc78e1
JH		 1402 }
1403
b644ba33 1404 if (hci_resolve_next_name(hdev))
30dc78e1 1405 return;
30dc78e1
JH		 1406
1407discov_complete:
1408 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1409}
1410
a9de9248
MH		 1411static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1412{
127178d2
JH		 1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn;
1415
a9de9248 1416 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1417
1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1424 if (!cp)
1425 return;
1426
1427 hci_dev_lock(hdev);
1428
b644ba33
JH		 1429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1430
a8b2d5c2 1431 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1432 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1433
79c6c70c
JH		 1434 if (!conn)
1435 goto unlock;
1436
1437 if (!hci_outgoing_auth_needed(hdev, conn))
1438 goto unlock;
1439
51a8efd7 1440 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1441 struct hci_cp_auth_requested cp;
1442 cp.handle = __cpu_to_le16(conn->handle);
1443 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1444 }
1445
79c6c70c 1446unlock:
127178d2 1447 hci_dev_unlock(hdev);
a9de9248 1448}
1da177e4 1449
769be974
MH		 1450static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1451{
1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn;
1454
1455 BT_DBG("%s status 0x%x", hdev->name, status);
1456
1457 if (!status)
1458 return;
1459
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1461 if (!cp)
1462 return;
1463
1464 hci_dev_lock(hdev);
1465
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 if (conn) {
1468 if (conn->state == BT_CONFIG) {
769be974
MH		 1469 hci_proto_connect_cfm(conn, status);
1470 hci_conn_put(conn);
1471 }
1472 }
1473
1474 hci_dev_unlock(hdev);
1475}
1476
1477static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1478{
1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn;
1481
1482 BT_DBG("%s status 0x%x", hdev->name, status);
1483
1484 if (!status)
1485 return;
1486
1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1488 if (!cp)
1489 return;
1490
1491 hci_dev_lock(hdev);
1492
1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 if (conn) {
1495 if (conn->state == BT_CONFIG) {
769be974
MH		 1496 hci_proto_connect_cfm(conn, status);
1497 hci_conn_put(conn);
1498 }
1499 }
1500
1501 hci_dev_unlock(hdev);
1502}
1503
a9de9248
MH		 1504static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1505{
b6a0dc82
MH		 1506 struct hci_cp_setup_sync_conn *cp;
1507 struct hci_conn *acl, *sco;
1508 __u16 handle;
1509
a9de9248 1510 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1511
1512 if (!status)
1513 return;
1514
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1516 if (!cp)
1517 return;
1518
1519 handle = __le16_to_cpu(cp->handle);
1520
1521 BT_DBG("%s handle %d", hdev->name, handle);
1522
1523 hci_dev_lock(hdev);
1524
1525 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1526 if (acl) {
1527 sco = acl->link;
1528 if (sco) {
1529 sco->state = BT_CLOSED;
b6a0dc82 1530
5a08ecce
AE		 1531 hci_proto_connect_cfm(sco, status);
1532 hci_conn_del(sco);
1533 }
b6a0dc82
MH		 1534 }
1535
1536 hci_dev_unlock(hdev);
1da177e4
LT		 1537}
1538
a9de9248 1539static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1540{
a9de9248
MH		 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn;
1da177e4 1543
a9de9248 1544 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1545
a9de9248
MH		 1546 if (!status)
1547 return;
04837f64 1548
a9de9248
MH		 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1550 if (!cp)
1551 return;
04837f64 1552
a9de9248 1553 hci_dev_lock(hdev);
04837f64 1554
a9de9248 1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1556 if (conn) {
51a8efd7 1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1558
51a8efd7 1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1560 hci_sco_setup(conn, status);
1561 }
1562
a9de9248
MH		 1563 hci_dev_unlock(hdev);
1564}
04837f64 1565
a9de9248
MH		 1566static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1567{
1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn;
04837f64 1570
a9de9248 1571 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1572
a9de9248
MH		 1573 if (!status)
1574 return;
04837f64 1575
a9de9248
MH		 1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1577 if (!cp)
1578 return;
04837f64 1579
a9de9248 1580 hci_dev_lock(hdev);
1da177e4 1581
a9de9248 1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1583 if (conn) {
51a8efd7 1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1585
51a8efd7 1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1587 hci_sco_setup(conn, status);
1588 }
1589
a9de9248 1590 hci_dev_unlock(hdev);
1da177e4
LT		 1591}
1592
88c3df13
JH		 1593static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1594{
1595 struct hci_cp_disconnect *cp;
1596 struct hci_conn *conn;
1597
1598 if (!status)
1599 return;
1600
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1602 if (!cp)
1603 return;
1604
1605 hci_dev_lock(hdev);
1606
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1608 if (conn)
1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1610 conn->dst_type, status);
88c3df13
JH		 1611
1612 hci_dev_unlock(hdev);
1613}
1614
fcd89c09
VT		 1615static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1616{
1617 struct hci_cp_le_create_conn *cp;
1618 struct hci_conn *conn;
1619
1620 BT_DBG("%s status 0x%x", hdev->name, status);
1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1623 if (!cp)
1624 return;
1625
1626 hci_dev_lock(hdev);
1627
1628 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1629
1630 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1631 conn);
1632
1633 if (status) {
1634 if (conn && conn->state == BT_CONNECT) {
1635 conn->state = BT_CLOSED;
1636 hci_proto_connect_cfm(conn, status);
1637 hci_conn_del(conn);
1638 }
1639 } else {
1640 if (!conn) {
1641 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1642 if (conn) {
1643 conn->dst_type = cp->peer_addr_type;
a0c808b3 1644 conn->out = true;
29b7988a 1645 } else {
fcd89c09 1646 BT_ERR("No memory for new connection");
29b7988a 1647 }
fcd89c09
VT		 1648 }
1649 }
1650
1651 hci_dev_unlock(hdev);
1652}
1653
a7a595f6
VCG		 1654static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1655{
1656 BT_DBG("%s status 0x%x", hdev->name, status);
1657}
1658
1da177e4
LT		 1659static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1660{
1661 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1662 struct discovery_state *discov = &hdev->discovery;
1663 struct inquiry_entry *e;
1da177e4
LT		 1664
1665 BT_DBG("%s status %d", hdev->name, status);
1666
23bb5763 1667 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1668
a9de9248 1669 hci_conn_check_pending(hdev);
89352e7d
AG		 1670
1671 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1672 return;
1673
a8b2d5c2 1674 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1675 return;
1676
56e5cb86 1677 hci_dev_lock(hdev);
30dc78e1 1678
343f935b 1679 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1680 goto unlock;
1681
1682 if (list_empty(&discov->resolve)) {
1683 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1684 goto unlock;
1685 }
1686
1687 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1688 if (e && hci_resolve_name(hdev, e) == 0) {
1689 e->name_state = NAME_PENDING;
1690 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1691 } else {
1692 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1693 }
1694
1695unlock:
56e5cb86 1696 hci_dev_unlock(hdev);
1da177e4
LT		 1697}
1698
1da177e4
LT		 1699static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1700{
45bb4bf0 1701 struct inquiry_data data;
a9de9248 1702 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1703 int num_rsp = *((__u8 *) skb->data);
1704
1705 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1706
45bb4bf0
MH		 1707 if (!num_rsp)
1708 return;
1709
1da177e4 1710 hci_dev_lock(hdev);
45bb4bf0 1711
e17acd40 1712 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1713 bool name_known, ssp;
3175405b 1714
1da177e4
LT		 1715 bacpy(&data.bdaddr, &info->bdaddr);
1716 data.pscan_rep_mode = info->pscan_rep_mode;
1717 data.pscan_period_mode = info->pscan_period_mode;
1718 data.pscan_mode = info->pscan_mode;
1719 memcpy(data.dev_class, info->dev_class, 3);
1720 data.clock_offset = info->clock_offset;
1721 data.rssi = 0x00;
41a96212 1722 data.ssp_mode = 0x00;
3175405b 1723
388fc8fa 1724 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1725 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1726 info->dev_class, 0, !name_known, ssp, NULL,
1727 0);
1da177e4 1728 }
45bb4bf0 1729
1da177e4
LT		 1730 hci_dev_unlock(hdev);
1731}
1732
1da177e4
LT		 1733static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1734{
a9de9248
MH		 1735 struct hci_ev_conn_complete *ev = (void *) skb->data;
1736 struct hci_conn *conn;
1da177e4
LT		 1737
1738 BT_DBG("%s", hdev->name);
1739
1740 hci_dev_lock(hdev);
1741
1742 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1743 if (!conn) {
1744 if (ev->link_type != SCO_LINK)
1745 goto unlock;
1746
1747 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1748 if (!conn)
1749 goto unlock;
1750
1751 conn->type = SCO_LINK;
1752 }
1da177e4
LT		 1753
1754 if (!ev->status) {
1755 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1756
1757 if (conn->type == ACL_LINK) {
1758 conn->state = BT_CONFIG;
1759 hci_conn_hold(conn);
052b30b0 1760 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1761 } else
1762 conn->state = BT_CONNECTED;
1da177e4 1763
9eba32b8 1764 hci_conn_hold_device(conn);
7d0db0a3
MH		 1765 hci_conn_add_sysfs(conn);
1766
1da177e4
LT		 1767 if (test_bit(HCI_AUTH, &hdev->flags))
1768 conn->link_mode |= HCI_LM_AUTH;
1769
1770 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1771 conn->link_mode |= HCI_LM_ENCRYPT;
1772
04837f64
MH		 1773 /* Get remote features */
1774 if (conn->type == ACL_LINK) {
1775 struct hci_cp_read_remote_features cp;
1776 cp.handle = ev->handle;
769be974 1777 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1778 sizeof(cp), &cp);
04837f64
MH		 1779 }
1780
1da177e4 1781 /* Set packet type for incoming connection */
d095c1eb 1782 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1783 struct hci_cp_change_conn_ptype cp;
1784 cp.handle = ev->handle;
a8746417 1785 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1786 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1787 &cp);
1da177e4 1788 }
17d5c04c 1789 } else {
1da177e4 1790 conn->state = BT_CLOSED;
17d5c04c 1791 if (conn->type == ACL_LINK)
744cf19e 1792 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1793 conn->dst_type, ev->status);
17d5c04c 1794 }
1da177e4 1795
e73439d8
MH		 1796 if (conn->type == ACL_LINK)
1797 hci_sco_setup(conn, ev->status);
1da177e4 1798
769be974
MH		 1799 if (ev->status) {
1800 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1801 hci_conn_del(conn);
c89b6e6b
MH		 1802 } else if (ev->link_type != ACL_LINK)
1803 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1804
a9de9248 1805unlock:
1da177e4 1806 hci_dev_unlock(hdev);
1da177e4 1807
a9de9248 1808 hci_conn_check_pending(hdev);
1da177e4
LT		 1809}
1810
a9de9248 1811static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1812{
a9de9248
MH		 1813 struct hci_ev_conn_request *ev = (void *) skb->data;
1814 int mask = hdev->link_mode;
1da177e4 1815
a9de9248
MH		 1816 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1817 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1818
a9de9248 1819 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1820
138d22ef
SJ		 1821 if ((mask & HCI_LM_ACCEPT) &&
1822 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1823 /* Connection accepted */
c7bdd502 1824 struct inquiry_entry *ie;
1da177e4 1825 struct hci_conn *conn;
1da177e4 1826
a9de9248 1827 hci_dev_lock(hdev);
b6a0dc82 1828
cc11b9c1
AE		 1829 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1830 if (ie)
c7bdd502
MH		 1831 memcpy(ie->data.dev_class, ev->dev_class, 3);
1832
a9de9248
MH		 1833 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1834 if (!conn) {
cc11b9c1
AE		 1835 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1836 if (!conn) {
893ef971 1837 BT_ERR("No memory for new connection");
a9de9248
MH		 1838 hci_dev_unlock(hdev);
1839 return;
1da177e4
LT		 1840 }
1841 }
b6a0dc82 1842
a9de9248
MH		 1843 memcpy(conn->dev_class, ev->dev_class, 3);
1844 conn->state = BT_CONNECT;
b6a0dc82 1845
a9de9248 1846 hci_dev_unlock(hdev);
1da177e4 1847
b6a0dc82
MH		 1848 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1849 struct hci_cp_accept_conn_req cp;
1da177e4 1850
b6a0dc82
MH		 1851 bacpy(&cp.bdaddr, &ev->bdaddr);
1852
1853 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1854 cp.role = 0x00; /* Become master */
1855 else
1856 cp.role = 0x01; /* Remain slave */
1857
04124681
GP		 1858 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1859 &cp);
b6a0dc82
MH		 1860 } else {
1861 struct hci_cp_accept_sync_conn_req cp;
1862
1863 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1864 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1865
1866 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1867 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1868 cp.max_latency = cpu_to_le16(0xffff);
1869 cp.content_format = cpu_to_le16(hdev->voice_setting);
1870 cp.retrans_effort = 0xff;
1da177e4 1871
b6a0dc82 1872 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1873 sizeof(cp), &cp);
b6a0dc82 1874 }
a9de9248
MH		 1875 } else {
1876 /* Connection rejected */
1877 struct hci_cp_reject_conn_req cp;
1da177e4 1878
a9de9248 1879 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1880 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1881 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1882 }
1da177e4
LT		 1883}
1884
a9de9248 1885static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1886{
a9de9248 1887 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1888 struct hci_conn *conn;
1889
1890 BT_DBG("%s status %d", hdev->name, ev->status);
1891
1892 hci_dev_lock(hdev);
1893
1894 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1895 if (!conn)
1896 goto unlock;
7d0db0a3 1897
37d9ef76
JH		 1898 if (ev->status == 0)
1899 conn->state = BT_CLOSED;
04837f64 1900
b644ba33
JH		 1901 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1902 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1903 if (ev->status != 0)
88c3df13
JH		 1904 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1905 conn->dst_type, ev->status);
37d9ef76 1906 else
afc747a6 1907 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1908 conn->dst_type);
37d9ef76 1909 }
f7520543 1910
37d9ef76 1911 if (ev->status == 0) {
6ec5bcad
VA		 1912 if (conn->type == ACL_LINK && conn->flush_key)
1913 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1914 hci_proto_disconn_cfm(conn, ev->reason);
1915 hci_conn_del(conn);
1916 }
f7520543
JH		 1917
1918unlock:
04837f64
MH		 1919 hci_dev_unlock(hdev);
1920}
1921
1da177e4
LT		 1922static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1923{
a9de9248 1924 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1925 struct hci_conn *conn;
1da177e4
LT		 1926
1927 BT_DBG("%s status %d", hdev->name, ev->status);
1928
1929 hci_dev_lock(hdev);
1930
04837f64 1931 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1932 if (!conn)
1933 goto unlock;
1934
1935 if (!ev->status) {
aa64a8b5
JH		 1936 if (!hci_conn_ssp_enabled(conn) &&
1937 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1938 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1939 } else {
d7556e20
WR		 1940 conn->link_mode |= HCI_LM_AUTH;
1941 conn->sec_level = conn->pending_sec_level;
2a611692 1942 }
d7556e20 1943 } else {
bab73cb6 1944 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1945 ev->status);
d7556e20 1946 }
1da177e4 1947
51a8efd7
JH		 1948 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1949 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1950
d7556e20 1951 if (conn->state == BT_CONFIG) {
aa64a8b5 1952 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1953 struct hci_cp_set_conn_encrypt cp;
1954 cp.handle = ev->handle;
1955 cp.encrypt = 0x01;
1956 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1957 &cp);
052b30b0 1958 } else {
d7556e20
WR		 1959 conn->state = BT_CONNECTED;
1960 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1961 hci_conn_put(conn);
1962 }
d7556e20
WR		 1963 } else {
1964 hci_auth_cfm(conn, ev->status);
052b30b0 1965
d7556e20
WR		 1966 hci_conn_hold(conn);
1967 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1968 hci_conn_put(conn);
1969 }
1970
51a8efd7 1971 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1972 if (!ev->status) {
1973 struct hci_cp_set_conn_encrypt cp;
1974 cp.handle = ev->handle;
1975 cp.encrypt = 0x01;
1976 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1977 &cp);
1978 } else {
51a8efd7 1979 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1980 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1981 }
1982 }
1983
d7556e20 1984unlock:
1da177e4
LT		 1985 hci_dev_unlock(hdev);
1986}
1987
a9de9248 1988static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1989{
127178d2
JH		 1990 struct hci_ev_remote_name *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1992
a9de9248 1993 BT_DBG("%s", hdev->name);
1da177e4 1994
a9de9248 1995 hci_conn_check_pending(hdev);
127178d2
JH		 1996
1997 hci_dev_lock(hdev);
1998
b644ba33 1999 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2000
b644ba33
JH		 2001 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2002 goto check_auth;
a88a9652 2003
b644ba33
JH		 2004 if (ev->status == 0)
2005 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2006 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2007 else
2008 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2009
2010check_auth:
79c6c70c
JH		 2011 if (!conn)
2012 goto unlock;
2013
2014 if (!hci_outgoing_auth_needed(hdev, conn))
2015 goto unlock;
2016
51a8efd7 2017 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2018 struct hci_cp_auth_requested cp;
2019 cp.handle = __cpu_to_le16(conn->handle);
2020 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2021 }
2022
79c6c70c 2023unlock:
127178d2 2024 hci_dev_unlock(hdev);
a9de9248
MH		 2025}
2026
2027static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2028{
2029 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2030 struct hci_conn *conn;
2031
2032 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2033
2034 hci_dev_lock(hdev);
2035
04837f64 2036 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2037 if (conn) {
2038 if (!ev->status) {
ae293196
MH		 2039 if (ev->encrypt) {
2040 /* Encryption implies authentication */
2041 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2042 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2043 conn->sec_level = conn->pending_sec_level;
ae293196 2044 } else
1da177e4
LT		 2045 conn->link_mode &= ~HCI_LM_ENCRYPT;
2046 }
2047
51a8efd7 2048 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2049
f8558555
MH		 2050 if (conn->state == BT_CONFIG) {
2051 if (!ev->status)
2052 conn->state = BT_CONNECTED;
2053
2054 hci_proto_connect_cfm(conn, ev->status);
2055 hci_conn_put(conn);
2056 } else
2057 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2058 }
2059
2060 hci_dev_unlock(hdev);
2061}
2062
a9de9248 2063static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2064{
a9de9248 2065 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2066 struct hci_conn *conn;
1da177e4
LT		 2067
2068 BT_DBG("%s status %d", hdev->name, ev->status);
2069
2070 hci_dev_lock(hdev);
2071
04837f64 2072 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2073 if (conn) {
2074 if (!ev->status)
2075 conn->link_mode |= HCI_LM_SECURE;
2076
51a8efd7 2077 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2078
2079 hci_key_change_cfm(conn, ev->status);
2080 }
2081
2082 hci_dev_unlock(hdev);
2083}
2084
a9de9248 2085static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2086{
a9de9248
MH		 2087 struct hci_ev_remote_features *ev = (void *) skb->data;
2088 struct hci_conn *conn;
2089
2090 BT_DBG("%s status %d", hdev->name, ev->status);
2091
a9de9248
MH		 2092 hci_dev_lock(hdev);
2093
2094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2095 if (!conn)
2096 goto unlock;
769be974 2097
ccd556fe
JH		 2098 if (!ev->status)
2099 memcpy(conn->features, ev->features, 8);
2100
2101 if (conn->state != BT_CONFIG)
2102 goto unlock;
2103
2104 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2105 struct hci_cp_read_remote_ext_features cp;
2106 cp.handle = ev->handle;
2107 cp.page = 0x01;
2108 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2109 sizeof(cp), &cp);
392599b9
JH		 2110 goto unlock;
2111 }
2112
127178d2
JH		 2113 if (!ev->status) {
2114 struct hci_cp_remote_name_req cp;
2115 memset(&cp, 0, sizeof(cp));
2116 bacpy(&cp.bdaddr, &conn->dst);
2117 cp.pscan_rep_mode = 0x02;
2118 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2119 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2120 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2121 conn->dst_type, 0, NULL, 0,
2122 conn->dev_class);
392599b9 2123
127178d2 2124 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2125 conn->state = BT_CONNECTED;
2126 hci_proto_connect_cfm(conn, ev->status);
2127 hci_conn_put(conn);
769be974 2128 }
a9de9248 2129
ccd556fe 2130unlock:
a9de9248 2131 hci_dev_unlock(hdev);
1da177e4
LT		 2132}
2133
a9de9248 2134static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2135{
a9de9248 2136 BT_DBG("%s", hdev->name);
1da177e4
LT		 2137}
2138
a9de9248 2139static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2140{
a9de9248 2141 BT_DBG("%s", hdev->name);
1da177e4
LT		 2142}
2143
a9de9248
MH		 2144static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2145{
2146 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2147 __u16 opcode;
2148
2149 skb_pull(skb, sizeof(*ev));
2150
2151 opcode = __le16_to_cpu(ev->opcode);
2152
2153 switch (opcode) {
2154 case HCI_OP_INQUIRY_CANCEL:
2155 hci_cc_inquiry_cancel(hdev, skb);
2156 break;
2157
2158 case HCI_OP_EXIT_PERIODIC_INQ:
2159 hci_cc_exit_periodic_inq(hdev, skb);
2160 break;
2161
2162 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2163 hci_cc_remote_name_req_cancel(hdev, skb);
2164 break;
2165
2166 case HCI_OP_ROLE_DISCOVERY:
2167 hci_cc_role_discovery(hdev, skb);
2168 break;
2169
e4e8e37c
MH		 2170 case HCI_OP_READ_LINK_POLICY:
2171 hci_cc_read_link_policy(hdev, skb);
2172 break;
2173
a9de9248
MH		 2174 case HCI_OP_WRITE_LINK_POLICY:
2175 hci_cc_write_link_policy(hdev, skb);
2176 break;
2177
e4e8e37c
MH		 2178 case HCI_OP_READ_DEF_LINK_POLICY:
2179 hci_cc_read_def_link_policy(hdev, skb);
2180 break;
2181
2182 case HCI_OP_WRITE_DEF_LINK_POLICY:
2183 hci_cc_write_def_link_policy(hdev, skb);
2184 break;
2185
a9de9248
MH		 2186 case HCI_OP_RESET:
2187 hci_cc_reset(hdev, skb);
2188 break;
2189
2190 case HCI_OP_WRITE_LOCAL_NAME:
2191 hci_cc_write_local_name(hdev, skb);
2192 break;
2193
2194 case HCI_OP_READ_LOCAL_NAME:
2195 hci_cc_read_local_name(hdev, skb);
2196 break;
2197
2198 case HCI_OP_WRITE_AUTH_ENABLE:
2199 hci_cc_write_auth_enable(hdev, skb);
2200 break;
2201
2202 case HCI_OP_WRITE_ENCRYPT_MODE:
2203 hci_cc_write_encrypt_mode(hdev, skb);
2204 break;
2205
2206 case HCI_OP_WRITE_SCAN_ENABLE:
2207 hci_cc_write_scan_enable(hdev, skb);
2208 break;
2209
2210 case HCI_OP_READ_CLASS_OF_DEV:
2211 hci_cc_read_class_of_dev(hdev, skb);
2212 break;
2213
2214 case HCI_OP_WRITE_CLASS_OF_DEV:
2215 hci_cc_write_class_of_dev(hdev, skb);
2216 break;
2217
2218 case HCI_OP_READ_VOICE_SETTING:
2219 hci_cc_read_voice_setting(hdev, skb);
2220 break;
2221
2222 case HCI_OP_WRITE_VOICE_SETTING:
2223 hci_cc_write_voice_setting(hdev, skb);
2224 break;
2225
2226 case HCI_OP_HOST_BUFFER_SIZE:
2227 hci_cc_host_buffer_size(hdev, skb);
2228 break;
2229
333140b5
MH		 2230 case HCI_OP_WRITE_SSP_MODE:
2231 hci_cc_write_ssp_mode(hdev, skb);
2232 break;
2233
a9de9248
MH		 2234 case HCI_OP_READ_LOCAL_VERSION:
2235 hci_cc_read_local_version(hdev, skb);
2236 break;
2237
2238 case HCI_OP_READ_LOCAL_COMMANDS:
2239 hci_cc_read_local_commands(hdev, skb);
2240 break;
2241
2242 case HCI_OP_READ_LOCAL_FEATURES:
2243 hci_cc_read_local_features(hdev, skb);
2244 break;
2245
971e3a4b
AG		 2246 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2247 hci_cc_read_local_ext_features(hdev, skb);
2248 break;
2249
a9de9248
MH		 2250 case HCI_OP_READ_BUFFER_SIZE:
2251 hci_cc_read_buffer_size(hdev, skb);
2252 break;
2253
2254 case HCI_OP_READ_BD_ADDR:
2255 hci_cc_read_bd_addr(hdev, skb);
2256 break;
2257
350ee4cf
AE		 2258 case HCI_OP_READ_DATA_BLOCK_SIZE:
2259 hci_cc_read_data_block_size(hdev, skb);
2260 break;
2261
23bb5763
JH		 2262 case HCI_OP_WRITE_CA_TIMEOUT:
2263 hci_cc_write_ca_timeout(hdev, skb);
2264 break;
2265
1e89cffb
AE		 2266 case HCI_OP_READ_FLOW_CONTROL_MODE:
2267 hci_cc_read_flow_control_mode(hdev, skb);
2268 break;
2269
928abaa7
AE		 2270 case HCI_OP_READ_LOCAL_AMP_INFO:
2271 hci_cc_read_local_amp_info(hdev, skb);
2272 break;
2273
b0916ea0
JH		 2274 case HCI_OP_DELETE_STORED_LINK_KEY:
2275 hci_cc_delete_stored_link_key(hdev, skb);
2276 break;
2277
d5859e22
JH		 2278 case HCI_OP_SET_EVENT_MASK:
2279 hci_cc_set_event_mask(hdev, skb);
2280 break;
2281
2282 case HCI_OP_WRITE_INQUIRY_MODE:
2283 hci_cc_write_inquiry_mode(hdev, skb);
2284 break;
2285
2286 case HCI_OP_READ_INQ_RSP_TX_POWER:
2287 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2288 break;
2289
2290 case HCI_OP_SET_EVENT_FLT:
2291 hci_cc_set_event_flt(hdev, skb);
2292 break;
2293
980e1a53
JH		 2294 case HCI_OP_PIN_CODE_REPLY:
2295 hci_cc_pin_code_reply(hdev, skb);
2296 break;
2297
2298 case HCI_OP_PIN_CODE_NEG_REPLY:
2299 hci_cc_pin_code_neg_reply(hdev, skb);
2300 break;
2301
c35938b2
SJ		 2302 case HCI_OP_READ_LOCAL_OOB_DATA:
2303 hci_cc_read_local_oob_data_reply(hdev, skb);
2304 break;
2305
6ed58ec5
VT		 2306 case HCI_OP_LE_READ_BUFFER_SIZE:
2307 hci_cc_le_read_buffer_size(hdev, skb);
2308 break;
2309
a5c29683
JH		 2310 case HCI_OP_USER_CONFIRM_REPLY:
2311 hci_cc_user_confirm_reply(hdev, skb);
2312 break;
2313
2314 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2315 hci_cc_user_confirm_neg_reply(hdev, skb);
2316 break;
2317
1143d458
BG		 2318 case HCI_OP_USER_PASSKEY_REPLY:
2319 hci_cc_user_passkey_reply(hdev, skb);
2320 break;
2321
2322 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2323 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2324 break;
07f7fa5d
AG		 2325
2326 case HCI_OP_LE_SET_SCAN_PARAM:
2327 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2328 break;
2329
eb9d91f5
AG		 2330 case HCI_OP_LE_SET_SCAN_ENABLE:
2331 hci_cc_le_set_scan_enable(hdev, skb);
2332 break;
2333
a7a595f6
VCG		 2334 case HCI_OP_LE_LTK_REPLY:
2335 hci_cc_le_ltk_reply(hdev, skb);
2336 break;
2337
2338 case HCI_OP_LE_LTK_NEG_REPLY:
2339 hci_cc_le_ltk_neg_reply(hdev, skb);
2340 break;
2341
f9b49306
AG		 2342 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2343 hci_cc_write_le_host_supported(hdev, skb);
2344 break;
2345
a9de9248
MH		 2346 default:
2347 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2348 break;
2349 }
2350
6bd32326
VT		 2351 if (ev->opcode != HCI_OP_NOP)
2352 del_timer(&hdev->cmd_timer);
2353
a9de9248
MH		 2354 if (ev->ncmd) {
2355 atomic_set(&hdev->cmd_cnt, 1);
2356 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2357 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2358 }
2359}
2360
2361static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2362{
2363 struct hci_ev_cmd_status *ev = (void *) skb->data;
2364 __u16 opcode;
2365
2366 skb_pull(skb, sizeof(*ev));
2367
2368 opcode = __le16_to_cpu(ev->opcode);
2369
2370 switch (opcode) {
2371 case HCI_OP_INQUIRY:
2372 hci_cs_inquiry(hdev, ev->status);
2373 break;
2374
2375 case HCI_OP_CREATE_CONN:
2376 hci_cs_create_conn(hdev, ev->status);
2377 break;
2378
2379 case HCI_OP_ADD_SCO:
2380 hci_cs_add_sco(hdev, ev->status);
2381 break;
2382
f8558555
MH		 2383 case HCI_OP_AUTH_REQUESTED:
2384 hci_cs_auth_requested(hdev, ev->status);
2385 break;
2386
2387 case HCI_OP_SET_CONN_ENCRYPT:
2388 hci_cs_set_conn_encrypt(hdev, ev->status);
2389 break;
2390
a9de9248
MH		 2391 case HCI_OP_REMOTE_NAME_REQ:
2392 hci_cs_remote_name_req(hdev, ev->status);
2393 break;
2394
769be974
MH		 2395 case HCI_OP_READ_REMOTE_FEATURES:
2396 hci_cs_read_remote_features(hdev, ev->status);
2397 break;
2398
2399 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2400 hci_cs_read_remote_ext_features(hdev, ev->status);
2401 break;
2402
a9de9248
MH		 2403 case HCI_OP_SETUP_SYNC_CONN:
2404 hci_cs_setup_sync_conn(hdev, ev->status);
2405 break;
2406
2407 case HCI_OP_SNIFF_MODE:
2408 hci_cs_sniff_mode(hdev, ev->status);
2409 break;
2410
2411 case HCI_OP_EXIT_SNIFF_MODE:
2412 hci_cs_exit_sniff_mode(hdev, ev->status);
2413 break;
2414
8962ee74 2415 case HCI_OP_DISCONNECT:
88c3df13 2416 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2417 break;
2418
fcd89c09
VT		 2419 case HCI_OP_LE_CREATE_CONN:
2420 hci_cs_le_create_conn(hdev, ev->status);
2421 break;
2422
a7a595f6
VCG		 2423 case HCI_OP_LE_START_ENC:
2424 hci_cs_le_start_enc(hdev, ev->status);
2425 break;
2426
a9de9248
MH		 2427 default:
2428 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2429 break;
2430 }
2431
6bd32326
VT		 2432 if (ev->opcode != HCI_OP_NOP)
2433 del_timer(&hdev->cmd_timer);
2434
10572132 2435 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2436 atomic_set(&hdev->cmd_cnt, 1);
2437 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2438 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2439 }
2440}
2441
2442static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2443{
2444 struct hci_ev_role_change *ev = (void *) skb->data;
2445 struct hci_conn *conn;
2446
2447 BT_DBG("%s status %d", hdev->name, ev->status);
2448
2449 hci_dev_lock(hdev);
2450
2451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2452 if (conn) {
2453 if (!ev->status) {
2454 if (ev->role)
2455 conn->link_mode &= ~HCI_LM_MASTER;
2456 else
2457 conn->link_mode |= HCI_LM_MASTER;
2458 }
2459
51a8efd7 2460 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2461
2462 hci_role_switch_cfm(conn, ev->status, ev->role);
2463 }
2464
2465 hci_dev_unlock(hdev);
2466}
2467
2468static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2469{
2470 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2471 int i;
2472
32ac5b9b
AE		 2473 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2474 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2475 return;
2476 }
2477
c5993de8
AE		 2478 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2479 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2480 BT_DBG("%s bad parameters", hdev->name);
2481 return;
2482 }
2483
c5993de8
AE		 2484 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2485
613a1c0c
AE		 2486 for (i = 0; i < ev->num_hndl; i++) {
2487 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2488 struct hci_conn *conn;
2489 __u16 handle, count;
2490
613a1c0c
AE		 2491 handle = __le16_to_cpu(info->handle);
2492 count = __le16_to_cpu(info->count);
a9de9248
MH		 2493
2494 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2495 if (!conn)
2496 continue;
2497
2498 conn->sent -= count;
2499
2500 switch (conn->type) {
2501 case ACL_LINK:
2502 hdev->acl_cnt += count;
2503 if (hdev->acl_cnt > hdev->acl_pkts)
2504 hdev->acl_cnt = hdev->acl_pkts;
2505 break;
2506
2507 case LE_LINK:
2508 if (hdev->le_pkts) {
2509 hdev->le_cnt += count;
2510 if (hdev->le_cnt > hdev->le_pkts)
2511 hdev->le_cnt = hdev->le_pkts;
2512 } else {
70f23020
AE		 2513 hdev->acl_cnt += count;
2514 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2515 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2516 }
f4280918
AE		 2517 break;
2518
2519 case SCO_LINK:
2520 hdev->sco_cnt += count;
2521 if (hdev->sco_cnt > hdev->sco_pkts)
2522 hdev->sco_cnt = hdev->sco_pkts;
2523 break;
2524
2525 default:
2526 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2527 break;
a9de9248
MH		 2528 }
2529 }
2530
3eff45ea 2531 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2532}
2533
25e89e99 2534static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
04124681 2535 struct sk_buff *skb)
25e89e99
AE		 2536{
2537 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2538 int i;
2539
2540 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2541 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2542 return;
2543 }
2544
2545 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2546 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2547 BT_DBG("%s bad parameters", hdev->name);
2548 return;
2549 }
2550
2551 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2552 ev->num_hndl);
2553
2554 for (i = 0; i < ev->num_hndl; i++) {
2555 struct hci_comp_blocks_info *info = &ev->handles[i];
2556 struct hci_conn *conn;
2557 __u16 handle, block_count;
2558
2559 handle = __le16_to_cpu(info->handle);
2560 block_count = __le16_to_cpu(info->blocks);
2561
2562 conn = hci_conn_hash_lookup_handle(hdev, handle);
2563 if (!conn)
2564 continue;
2565
2566 conn->sent -= block_count;
2567
2568 switch (conn->type) {
2569 case ACL_LINK:
2570 hdev->block_cnt += block_count;
2571 if (hdev->block_cnt > hdev->num_blocks)
2572 hdev->block_cnt = hdev->num_blocks;
2573 break;
2574
2575 default:
2576 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2577 break;
2578 }
2579 }
2580
2581 queue_work(hdev->workqueue, &hdev->tx_work);
2582}
2583
a9de9248 2584static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2585{
a9de9248 2586 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2587 struct hci_conn *conn;
2588
2589 BT_DBG("%s status %d", hdev->name, ev->status);
2590
2591 hci_dev_lock(hdev);
2592
2593 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2594 if (conn) {
2595 conn->mode = ev->mode;
2596 conn->interval = __le16_to_cpu(ev->interval);
2597
51a8efd7 2598 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2599 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2600 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2601 else
58a681ef 2602 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2603 }
e73439d8 2604
51a8efd7 2605 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2606 hci_sco_setup(conn, ev->status);
04837f64
MH		 2607 }
2608
2609 hci_dev_unlock(hdev);
2610}
2611
a9de9248
MH		 2612static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2613{
052b30b0
MH		 2614 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2615 struct hci_conn *conn;
2616
a9de9248 2617 BT_DBG("%s", hdev->name);
052b30b0
MH		 2618
2619 hci_dev_lock(hdev);
2620
2621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2622 if (!conn)
2623 goto unlock;
2624
2625 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2626 hci_conn_hold(conn);
2627 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2628 hci_conn_put(conn);
2629 }
2630
a8b2d5c2 2631 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2632 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2633 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2634 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2635 u8 secure;
2636
2637 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2638 secure = 1;
2639 else
2640 secure = 0;
2641
744cf19e 2642 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2643 }
980e1a53 2644
b6f98044 2645unlock:
052b30b0 2646 hci_dev_unlock(hdev);
a9de9248
MH		 2647}
2648
2649static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2650{
55ed8ca1
JH		 2651 struct hci_ev_link_key_req *ev = (void *) skb->data;
2652 struct hci_cp_link_key_reply cp;
2653 struct hci_conn *conn;
2654 struct link_key *key;
2655
a9de9248 2656 BT_DBG("%s", hdev->name);
55ed8ca1 2657
a8b2d5c2 2658 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2659 return;
2660
2661 hci_dev_lock(hdev);
2662
2663 key = hci_find_link_key(hdev, &ev->bdaddr);
2664 if (!key) {
2665 BT_DBG("%s link key not found for %s", hdev->name,
2666 batostr(&ev->bdaddr));
2667 goto not_found;
2668 }
2669
2670 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2671 batostr(&ev->bdaddr));
2672
a8b2d5c2 2673 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2674 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2675 BT_DBG("%s ignoring debug key", hdev->name);
2676 goto not_found;
2677 }
2678
2679 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2680 if (conn) {
2681 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2682 conn->auth_type != 0xff &&
2683 (conn->auth_type & 0x01)) {
2684 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2685 goto not_found;
2686 }
55ed8ca1 2687
60b83f57
WR		 2688 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2689 conn->pending_sec_level == BT_SECURITY_HIGH) {
2690 BT_DBG("%s ignoring key unauthenticated for high \
2691 security", hdev->name);
2692 goto not_found;
2693 }
2694
2695 conn->key_type = key->type;
2696 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2697 }
2698
2699 bacpy(&cp.bdaddr, &ev->bdaddr);
2700 memcpy(cp.link_key, key->val, 16);
2701
2702 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2703
2704 hci_dev_unlock(hdev);
2705
2706 return;
2707
2708not_found:
2709 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2710 hci_dev_unlock(hdev);
a9de9248
MH		 2711}
2712
2713static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2714{
052b30b0
MH		 2715 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2716 struct hci_conn *conn;
55ed8ca1 2717 u8 pin_len = 0;
052b30b0 2718
a9de9248 2719 BT_DBG("%s", hdev->name);
052b30b0
MH		 2720
2721 hci_dev_lock(hdev);
2722
2723 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2724 if (conn) {
2725 hci_conn_hold(conn);
2726 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2727 pin_len = conn->pin_length;
13d39315
WR		 2728
2729 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2730 conn->key_type = ev->key_type;
2731
052b30b0
MH		 2732 hci_conn_put(conn);
2733 }
2734
a8b2d5c2 2735 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2736 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2737 ev->key_type, pin_len);
2738
052b30b0 2739 hci_dev_unlock(hdev);
a9de9248
MH		 2740}
2741
1da177e4
LT		 2742static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2743{
a9de9248 2744 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2745 struct hci_conn *conn;
1da177e4
LT		 2746
2747 BT_DBG("%s status %d", hdev->name, ev->status);
2748
2749 hci_dev_lock(hdev);
2750
04837f64 2751 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2752 if (conn && !ev->status) {
2753 struct inquiry_entry *ie;
2754
cc11b9c1
AE		 2755 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2756 if (ie) {
1da177e4
LT		 2757 ie->data.clock_offset = ev->clock_offset;
2758 ie->timestamp = jiffies;
2759 }
2760 }
2761
2762 hci_dev_unlock(hdev);
2763}
2764
a8746417
MH		 2765static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2766{
2767 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2768 struct hci_conn *conn;
2769
2770 BT_DBG("%s status %d", hdev->name, ev->status);
2771
2772 hci_dev_lock(hdev);
2773
2774 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2775 if (conn && !ev->status)
2776 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2777
2778 hci_dev_unlock(hdev);
2779}
2780
85a1e930
MH		 2781static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782{
a9de9248 2783 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2784 struct inquiry_entry *ie;
2785
2786 BT_DBG("%s", hdev->name);
2787
2788 hci_dev_lock(hdev);
2789
cc11b9c1
AE		 2790 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2791 if (ie) {
85a1e930
MH		 2792 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2793 ie->timestamp = jiffies;
2794 }
2795
2796 hci_dev_unlock(hdev);
2797}
2798
a9de9248
MH		 2799static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2800{
2801 struct inquiry_data data;
2802 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2803 bool name_known, ssp;
a9de9248
MH		 2804
2805 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2806
2807 if (!num_rsp)
2808 return;
2809
2810 hci_dev_lock(hdev);
2811
2812 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2813 struct inquiry_info_with_rssi_and_pscan_mode *info;
2814 info = (void *) (skb->data + 1);
a9de9248 2815
e17acd40 2816 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2817 bacpy(&data.bdaddr, &info->bdaddr);
2818 data.pscan_rep_mode = info->pscan_rep_mode;
2819 data.pscan_period_mode = info->pscan_period_mode;
2820 data.pscan_mode = info->pscan_mode;
2821 memcpy(data.dev_class, info->dev_class, 3);
2822 data.clock_offset = info->clock_offset;
2823 data.rssi = info->rssi;
41a96212 2824 data.ssp_mode = 0x00;
3175405b
JH		 2825
2826 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2827 false, &ssp);
48264f06 2828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2829 info->dev_class, info->rssi,
2830 !name_known, ssp, NULL, 0);
a9de9248
MH		 2831 }
2832 } else {
2833 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2834
e17acd40 2835 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2836 bacpy(&data.bdaddr, &info->bdaddr);
2837 data.pscan_rep_mode = info->pscan_rep_mode;
2838 data.pscan_period_mode = info->pscan_period_mode;
2839 data.pscan_mode = 0x00;
2840 memcpy(data.dev_class, info->dev_class, 3);
2841 data.clock_offset = info->clock_offset;
2842 data.rssi = info->rssi;
41a96212 2843 data.ssp_mode = 0x00;
3175405b 2844 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2845 false, &ssp);
48264f06 2846 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2847 info->dev_class, info->rssi,
2848 !name_known, ssp, NULL, 0);
a9de9248
MH		 2849 }
2850 }
2851
2852 hci_dev_unlock(hdev);
2853}
2854
2855static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2856{
41a96212
MH		 2857 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2858 struct hci_conn *conn;
2859
a9de9248 2860 BT_DBG("%s", hdev->name);
41a96212 2861
41a96212
MH		 2862 hci_dev_lock(hdev);
2863
2864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2865 if (!conn)
2866 goto unlock;
41a96212 2867
ccd556fe
JH		 2868 if (!ev->status && ev->page == 0x01) {
2869 struct inquiry_entry *ie;
41a96212 2870
cc11b9c1
AE		 2871 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2872 if (ie)
02b7cc62 2873 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2874
02b7cc62 2875 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2876 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2877 }
2878
2879 if (conn->state != BT_CONFIG)
2880 goto unlock;
2881
127178d2
JH		 2882 if (!ev->status) {
2883 struct hci_cp_remote_name_req cp;
2884 memset(&cp, 0, sizeof(cp));
2885 bacpy(&cp.bdaddr, &conn->dst);
2886 cp.pscan_rep_mode = 0x02;
2887 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2888 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2889 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2890 conn->dst_type, 0, NULL, 0,
2891 conn->dev_class);
392599b9 2892
127178d2 2893 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2894 conn->state = BT_CONNECTED;
2895 hci_proto_connect_cfm(conn, ev->status);
2896 hci_conn_put(conn);
41a96212
MH		 2897 }
2898
ccd556fe 2899unlock:
41a96212 2900 hci_dev_unlock(hdev);
a9de9248
MH		 2901}
2902
2903static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2904{
b6a0dc82
MH		 2905 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2906 struct hci_conn *conn;
2907
2908 BT_DBG("%s status %d", hdev->name, ev->status);
2909
2910 hci_dev_lock(hdev);
2911
2912 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2913 if (!conn) {
2914 if (ev->link_type == ESCO_LINK)
2915 goto unlock;
2916
2917 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2918 if (!conn)
2919 goto unlock;
2920
2921 conn->type = SCO_LINK;
2922 }
b6a0dc82 2923
732547f9
MH		 2924 switch (ev->status) {
2925 case 0x00:
b6a0dc82
MH		 2926 conn->handle = __le16_to_cpu(ev->handle);
2927 conn->state = BT_CONNECTED;
7d0db0a3 2928
9eba32b8 2929 hci_conn_hold_device(conn);
7d0db0a3 2930 hci_conn_add_sysfs(conn);
732547f9
MH		 2931 break;
2932
705e5711 2933 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2934 case 0x1c: /* SCO interval rejected */
1038a00b 2935 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2936 case 0x1f: /* Unspecified error */
2937 if (conn->out && conn->attempt < 2) {
2938 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2939 (hdev->esco_type & EDR_ESCO_MASK);
2940 hci_setup_sync(conn, conn->link->handle);
2941 goto unlock;
2942 }
2943 /* fall through */
2944
2945 default:
b6a0dc82 2946 conn->state = BT_CLOSED;
732547f9
MH		 2947 break;
2948 }
b6a0dc82
MH		 2949
2950 hci_proto_connect_cfm(conn, ev->status);
2951 if (ev->status)
2952 hci_conn_del(conn);
2953
2954unlock:
2955 hci_dev_unlock(hdev);
a9de9248
MH		 2956}
2957
2958static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2959{
2960 BT_DBG("%s", hdev->name);
2961}
2962
04837f64
MH		 2963static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2964{
a9de9248 2965 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2966
2967 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2968}
2969
a9de9248 2970static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2971{
a9de9248
MH		 2972 struct inquiry_data data;
2973 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2974 int num_rsp = *((__u8 *) skb->data);
1da177e4 2975
a9de9248 2976 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2977
a9de9248
MH		 2978 if (!num_rsp)
2979 return;
1da177e4 2980
a9de9248
MH		 2981 hci_dev_lock(hdev);
2982
e17acd40 2983 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2984 bool name_known, ssp;
561aafbc 2985
a9de9248 2986 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2987 data.pscan_rep_mode = info->pscan_rep_mode;
2988 data.pscan_period_mode = info->pscan_period_mode;
2989 data.pscan_mode = 0x00;
a9de9248 2990 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2991 data.clock_offset = info->clock_offset;
2992 data.rssi = info->rssi;
41a96212 2993 data.ssp_mode = 0x01;
561aafbc 2994
a8b2d5c2 2995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2996 name_known = eir_has_data_type(info->data,
04124681
GP		 2997 sizeof(info->data),
2998 EIR_NAME_COMPLETE);
561aafbc
JH		 2999 else
3000 name_known = true;
3001
388fc8fa 3002 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3003 &ssp);
48264f06 3004 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3005 info->dev_class, info->rssi, !name_known,
3006 ssp, info->data, sizeof(info->data));
a9de9248
MH		 3007 }
3008
3009 hci_dev_unlock(hdev);
3010}
1da177e4 3011
17fa4b9d
JH		 3012static inline u8 hci_get_auth_req(struct hci_conn *conn)
3013{
3014 /* If remote requests dedicated bonding follow that lead */
3015 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3016 /* If both remote and local IO capabilities allow MITM
3017 * protection then require it, otherwise don't */
3018 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3019 return 0x02;
3020 else
3021 return 0x03;
3022 }
3023
3024 /* If remote requests no-bonding follow that lead */
3025 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3026 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3027
3028 return conn->auth_type;
3029}
3030
0493684e
MH		 3031static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3032{
3033 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3034 struct hci_conn *conn;
3035
3036 BT_DBG("%s", hdev->name);
3037
3038 hci_dev_lock(hdev);
3039
3040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3041 if (!conn)
3042 goto unlock;
3043
3044 hci_conn_hold(conn);
3045
a8b2d5c2 3046 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3047 goto unlock;
3048
a8b2d5c2 3049 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3050 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3051 struct hci_cp_io_capability_reply cp;
3052
3053 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3054 /* Change the IO capability from KeyboardDisplay
3055 * to DisplayYesNo as it is not supported by BT spec. */
3056 cp.capability = (conn->io_capability == 0x04) ?
3057 0x01 : conn->io_capability;
7cbc9bd9
JH		 3058 conn->auth_type = hci_get_auth_req(conn);
3059 cp.authentication = conn->auth_type;
17fa4b9d 3060
58a681ef 3061 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3062 hci_find_remote_oob_data(hdev, &conn->dst))
3063 cp.oob_data = 0x01;
3064 else
3065 cp.oob_data = 0x00;
3066
17fa4b9d
JH		 3067 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3068 sizeof(cp), &cp);
03b555e1
JH		 3069 } else {
3070 struct hci_cp_io_capability_neg_reply cp;
3071
3072 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3073 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3074
03b555e1
JH		 3075 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3076 sizeof(cp), &cp);
3077 }
3078
3079unlock:
3080 hci_dev_unlock(hdev);
3081}
3082
3083static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3084{
3085 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3086 struct hci_conn *conn;
3087
3088 BT_DBG("%s", hdev->name);
3089
3090 hci_dev_lock(hdev);
3091
3092 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3093 if (!conn)
3094 goto unlock;
3095
03b555e1 3096 conn->remote_cap = ev->capability;
03b555e1 3097 conn->remote_auth = ev->authentication;
58a681ef
JH		 3098 if (ev->oob_data)
3099 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3100
3101unlock:
0493684e
MH		 3102 hci_dev_unlock(hdev);
3103}
3104
a5c29683
JH		 3105static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3106 struct sk_buff *skb)
3107{
3108 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3109 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3110 struct hci_conn *conn;
a5c29683
JH		 3111
3112 BT_DBG("%s", hdev->name);
3113
3114 hci_dev_lock(hdev);
3115
a8b2d5c2 3116 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3117 goto unlock;
a5c29683 3118
7a828908
JH		 3119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3120 if (!conn)
3121 goto unlock;
3122
3123 loc_mitm = (conn->auth_type & 0x01);
3124 rem_mitm = (conn->remote_auth & 0x01);
3125
3126 /* If we require MITM but the remote device can't provide that
3127 * (it has NoInputNoOutput) then reject the confirmation
3128 * request. The only exception is when we're dedicated bonding
3129 * initiators (connect_cfm_cb set) since then we always have the MITM
3130 * bit set. */
3131 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3132 BT_DBG("Rejecting request: remote device can't provide MITM");
3133 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3134 sizeof(ev->bdaddr), &ev->bdaddr);
3135 goto unlock;
3136 }
3137
3138 /* If no side requires MITM protection; auto-accept */
3139 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3140 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3141
3142 /* If we're not the initiators request authorization to
3143 * proceed from user space (mgmt_user_confirm with
3144 * confirm_hint set to 1). */
51a8efd7 3145 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3146 BT_DBG("Confirming auto-accept as acceptor");
3147 confirm_hint = 1;
3148 goto confirm;
3149 }
3150
9f61656a
JH		 3151 BT_DBG("Auto-accept of user confirmation with %ums delay",
3152 hdev->auto_accept_delay);
3153
3154 if (hdev->auto_accept_delay > 0) {
3155 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3156 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3157 goto unlock;
3158 }
3159
7a828908
JH		 3160 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3161 sizeof(ev->bdaddr), &ev->bdaddr);
3162 goto unlock;
3163 }
3164
55bc1a37 3165confirm:
272d90df 3166 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3167 confirm_hint);
7a828908
JH		 3168
3169unlock:
a5c29683
JH		 3170 hci_dev_unlock(hdev);
3171}
3172
1143d458
BG		 3173static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3174 struct sk_buff *skb)
3175{
3176 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3177
3178 BT_DBG("%s", hdev->name);
3179
3180 hci_dev_lock(hdev);
3181
a8b2d5c2 3182 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3183 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3184
3185 hci_dev_unlock(hdev);
3186}
3187
0493684e
MH		 3188static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3189{
3190 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3191 struct hci_conn *conn;
3192
3193 BT_DBG("%s", hdev->name);
3194
3195 hci_dev_lock(hdev);
3196
3197 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3198 if (!conn)
3199 goto unlock;
3200
3201 /* To avoid duplicate auth_failed events to user space we check
3202 * the HCI_CONN_AUTH_PEND flag which will be set if we
3203 * initiated the authentication. A traditional auth_complete
3204 * event gets always produced as initiator and is also mapped to
3205 * the mgmt_auth_failed event */
51a8efd7 3206 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3207 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3208 ev->status);
0493684e 3209
2a611692
JH		 3210 hci_conn_put(conn);
3211
3212unlock:
0493684e
MH		 3213 hci_dev_unlock(hdev);
3214}
3215
41a96212
MH		 3216static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3217{
3218 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3219 struct inquiry_entry *ie;
3220
3221 BT_DBG("%s", hdev->name);
3222
3223 hci_dev_lock(hdev);
3224
cc11b9c1
AE		 3225 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3226 if (ie)
02b7cc62 3227 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3228
3229 hci_dev_unlock(hdev);
3230}
3231
2763eda6 3232static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
04124681 3233 struct sk_buff *skb)
2763eda6
SJ		 3234{
3235 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3236 struct oob_data *data;
3237
3238 BT_DBG("%s", hdev->name);
3239
3240 hci_dev_lock(hdev);
3241
a8b2d5c2 3242 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3243 goto unlock;
3244
2763eda6
SJ		 3245 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3246 if (data) {
3247 struct hci_cp_remote_oob_data_reply cp;
3248
3249 bacpy(&cp.bdaddr, &ev->bdaddr);
3250 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3251 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3252
3253 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3254 &cp);
3255 } else {
3256 struct hci_cp_remote_oob_data_neg_reply cp;
3257
3258 bacpy(&cp.bdaddr, &ev->bdaddr);
3259 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3260 &cp);
3261 }
3262
e1ba1f15 3263unlock:
2763eda6
SJ		 3264 hci_dev_unlock(hdev);
3265}
3266
fcd89c09
VT		 3267static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3268{
3269 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3270 struct hci_conn *conn;
3271
3272 BT_DBG("%s status %d", hdev->name, ev->status);
3273
3274 hci_dev_lock(hdev);
3275
3276 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3277 if (!conn) {
3278 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3279 if (!conn) {
3280 BT_ERR("No memory for new connection");
3281 hci_dev_unlock(hdev);
3282 return;
3283 }
29b7988a
AG		 3284
3285 conn->dst_type = ev->bdaddr_type;
b62f328b 3286 }
fcd89c09
VT		 3287
3288 if (ev->status) {
48264f06
JH		 3289 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3290 conn->dst_type, ev->status);
fcd89c09
VT		 3291 hci_proto_connect_cfm(conn, ev->status);
3292 conn->state = BT_CLOSED;
3293 hci_conn_del(conn);
3294 goto unlock;
3295 }
3296
b644ba33
JH		 3297 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3298 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3299 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3300
7b5c0d52 3301 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3302 conn->handle = __le16_to_cpu(ev->handle);
3303 conn->state = BT_CONNECTED;
3304
3305 hci_conn_hold_device(conn);
3306 hci_conn_add_sysfs(conn);
3307
3308 hci_proto_connect_cfm(conn, ev->status);
3309
3310unlock:
3311 hci_dev_unlock(hdev);
3312}
3313
9aa04c91
AG		 3314static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3315 struct sk_buff *skb)
3316{
e95beb41
AG		 3317 u8 num_reports = skb->data[0];
3318 void *ptr = &skb->data[1];
3c9e9195 3319 s8 rssi;
9aa04c91
AG		 3320
3321 hci_dev_lock(hdev);
3322
e95beb41
AG		 3323 while (num_reports--) {
3324 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3325
9aa04c91 3326 hci_add_adv_entry(hdev, ev);
e95beb41 3327
3c9e9195
AG		 3328 rssi = ev->data[ev->length];
3329 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3330 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3331
e95beb41 3332 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3333 }
3334
3335 hci_dev_unlock(hdev);
3336}
3337
a7a595f6
VCG		 3338static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3339 struct sk_buff *skb)
3340{
3341 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3342 struct hci_cp_le_ltk_reply cp;
bea710fe 3343 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3344 struct hci_conn *conn;
c9839a11 3345 struct smp_ltk *ltk;
a7a595f6 3346
e4666881 3347 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3348
3349 hci_dev_lock(hdev);
3350
3351 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3352 if (conn == NULL)
3353 goto not_found;
a7a595f6 3354
bea710fe
VCG		 3355 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3356 if (ltk == NULL)
3357 goto not_found;
3358
3359 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3360 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3361
3362 if (ltk->authenticated)
3363 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3364
3365 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3366
c9839a11
VCG		 3367 if (ltk->type & HCI_SMP_STK) {
3368 list_del(&ltk->list);
3369 kfree(ltk);
3370 }
3371
a7a595f6 3372 hci_dev_unlock(hdev);
bea710fe
VCG		 3373
3374 return;
3375
3376not_found:
3377 neg.handle = ev->handle;
3378 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3379 hci_dev_unlock(hdev);
a7a595f6
VCG		 3380}
3381
fcd89c09
VT		 3382static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3383{
3384 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3385
3386 skb_pull(skb, sizeof(*le_ev));
3387
3388 switch (le_ev->subevent) {
3389 case HCI_EV_LE_CONN_COMPLETE:
3390 hci_le_conn_complete_evt(hdev, skb);
3391 break;
3392
9aa04c91
AG		 3393 case HCI_EV_LE_ADVERTISING_REPORT:
3394 hci_le_adv_report_evt(hdev, skb);
3395 break;
3396
a7a595f6
VCG		 3397 case HCI_EV_LE_LTK_REQ:
3398 hci_le_ltk_request_evt(hdev, skb);
3399 break;
3400
fcd89c09
VT		 3401 default:
3402 break;
3403 }
3404}
3405
a9de9248
MH		 3406void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3407{
3408 struct hci_event_hdr *hdr = (void *) skb->data;
3409 __u8 event = hdr->evt;
3410
3411 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3412
3413 switch (event) {
1da177e4
LT		 3414 case HCI_EV_INQUIRY_COMPLETE:
3415 hci_inquiry_complete_evt(hdev, skb);
3416 break;
3417
3418 case HCI_EV_INQUIRY_RESULT:
3419 hci_inquiry_result_evt(hdev, skb);
3420 break;
3421
a9de9248
MH		 3422 case HCI_EV_CONN_COMPLETE:
3423 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3424 break;
3425
1da177e4
LT		 3426 case HCI_EV_CONN_REQUEST:
3427 hci_conn_request_evt(hdev, skb);
3428 break;
3429
1da177e4
LT		 3430 case HCI_EV_DISCONN_COMPLETE:
3431 hci_disconn_complete_evt(hdev, skb);
3432 break;
3433
1da177e4
LT		 3434 case HCI_EV_AUTH_COMPLETE:
3435 hci_auth_complete_evt(hdev, skb);
3436 break;
3437
a9de9248
MH		 3438 case HCI_EV_REMOTE_NAME:
3439 hci_remote_name_evt(hdev, skb);
3440 break;
3441
1da177e4
LT		 3442 case HCI_EV_ENCRYPT_CHANGE:
3443 hci_encrypt_change_evt(hdev, skb);
3444 break;
3445
a9de9248
MH		 3446 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3447 hci_change_link_key_complete_evt(hdev, skb);
3448 break;
3449
3450 case HCI_EV_REMOTE_FEATURES:
3451 hci_remote_features_evt(hdev, skb);
3452 break;
3453
3454 case HCI_EV_REMOTE_VERSION:
3455 hci_remote_version_evt(hdev, skb);
3456 break;
3457
3458 case HCI_EV_QOS_SETUP_COMPLETE:
3459 hci_qos_setup_complete_evt(hdev, skb);
3460 break;
3461
3462 case HCI_EV_CMD_COMPLETE:
3463 hci_cmd_complete_evt(hdev, skb);
3464 break;
3465
3466 case HCI_EV_CMD_STATUS:
3467 hci_cmd_status_evt(hdev, skb);
3468 break;
3469
3470 case HCI_EV_ROLE_CHANGE:
3471 hci_role_change_evt(hdev, skb);
3472 break;
3473
3474 case HCI_EV_NUM_COMP_PKTS:
3475 hci_num_comp_pkts_evt(hdev, skb);
3476 break;
3477
3478 case HCI_EV_MODE_CHANGE:
3479 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3480 break;
3481
3482 case HCI_EV_PIN_CODE_REQ:
3483 hci_pin_code_request_evt(hdev, skb);
3484 break;
3485
3486 case HCI_EV_LINK_KEY_REQ:
3487 hci_link_key_request_evt(hdev, skb);
3488 break;
3489
3490 case HCI_EV_LINK_KEY_NOTIFY:
3491 hci_link_key_notify_evt(hdev, skb);
3492 break;
3493
3494 case HCI_EV_CLOCK_OFFSET:
3495 hci_clock_offset_evt(hdev, skb);
3496 break;
3497
a8746417
MH		 3498 case HCI_EV_PKT_TYPE_CHANGE:
3499 hci_pkt_type_change_evt(hdev, skb);
3500 break;
3501
85a1e930
MH		 3502 case HCI_EV_PSCAN_REP_MODE:
3503 hci_pscan_rep_mode_evt(hdev, skb);
3504 break;
3505
a9de9248
MH		 3506 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3507 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3508 break;
3509
a9de9248
MH		 3510 case HCI_EV_REMOTE_EXT_FEATURES:
3511 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3512 break;
3513
a9de9248
MH		 3514 case HCI_EV_SYNC_CONN_COMPLETE:
3515 hci_sync_conn_complete_evt(hdev, skb);
3516 break;
1da177e4 3517
a9de9248
MH		 3518 case HCI_EV_SYNC_CONN_CHANGED:
3519 hci_sync_conn_changed_evt(hdev, skb);
3520 break;
1da177e4 3521
a9de9248
MH		 3522 case HCI_EV_SNIFF_SUBRATE:
3523 hci_sniff_subrate_evt(hdev, skb);
3524 break;
1da177e4 3525
a9de9248
MH		 3526 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3527 hci_extended_inquiry_result_evt(hdev, skb);
3528 break;
1da177e4 3529
0493684e
MH		 3530 case HCI_EV_IO_CAPA_REQUEST:
3531 hci_io_capa_request_evt(hdev, skb);
3532 break;
3533
03b555e1
JH		 3534 case HCI_EV_IO_CAPA_REPLY:
3535 hci_io_capa_reply_evt(hdev, skb);
3536 break;
3537
a5c29683
JH		 3538 case HCI_EV_USER_CONFIRM_REQUEST:
3539 hci_user_confirm_request_evt(hdev, skb);
3540 break;
3541
1143d458
BG		 3542 case HCI_EV_USER_PASSKEY_REQUEST:
3543 hci_user_passkey_request_evt(hdev, skb);
3544 break;
3545
0493684e
MH		 3546 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3547 hci_simple_pair_complete_evt(hdev, skb);
3548 break;
3549
41a96212
MH		 3550 case HCI_EV_REMOTE_HOST_FEATURES:
3551 hci_remote_host_features_evt(hdev, skb);
3552 break;
3553
fcd89c09
VT		 3554 case HCI_EV_LE_META:
3555 hci_le_meta_evt(hdev, skb);
3556 break;
3557
2763eda6
SJ		 3558 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3559 hci_remote_oob_data_request_evt(hdev, skb);
3560 break;
3561
25e89e99
AE		 3562 case HCI_EV_NUM_COMP_BLOCKS:
3563 hci_num_comp_blocks_evt(hdev, skb);
3564 break;
3565
a9de9248
MH		 3566 default:
3567 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3568 break;
3569 }
3570
3571 kfree_skb(skb);
3572 hdev->stat.evt_rx++;
3573}
kernel source for telekom puls (alcatel/mediatek)