projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add eir_len parameter to mgmt_ev_device_found
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
eb939922 48static bool enable_le;
e6100a25 49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
ff9ef578 68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
7005ff17
JH		 198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF);
a9de9248 200}
04837f64 201
a9de9248
MH		 202static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203{
204 __u8 status = *((__u8 *) skb->data);
205 void *sent;
04837f64 206
a9de9248 207 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 208
a9de9248
MH		 209 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
210 if (!sent)
211 return;
04837f64 212
56e5cb86
JH		 213 hci_dev_lock(hdev);
214
a8b2d5c2 215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 216 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 217
56e5cb86
JH		 218 if (status == 0)
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 220
56e5cb86 221 hci_dev_unlock(hdev);
a9de9248
MH		 222}
223
224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225{
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
1f6c6378 233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 234}
235
236static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237{
238 __u8 status = *((__u8 *) skb->data);
239 void *sent;
240
241 BT_DBG("%s status 0x%x", hdev->name, status);
242
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
244 if (!sent)
245 return;
246
247 if (!status) {
248 __u8 param = *((__u8 *) sent);
249
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
252 else
253 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 254 }
a9de9248 255
23bb5763 256 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 257}
258
a9de9248 259static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 260{
a9de9248 261 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 262 void *sent;
263
a9de9248 264 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 265
a9de9248
MH		 266 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
267 if (!sent)
268 return;
1da177e4 269
a9de9248
MH		 270 if (!status) {
271 __u8 param = *((__u8 *) sent);
272
273 if (param)
274 set_bit(HCI_ENCRYPT, &hdev->flags);
275 else
276 clear_bit(HCI_ENCRYPT, &hdev->flags);
277 }
1da177e4 278
23bb5763 279 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 280}
1da177e4 281
a9de9248
MH		 282static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283{
36f7fc7e
JH		 284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
a9de9248 286 void *sent;
1da177e4 287
a9de9248 288 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 289
a9de9248
MH		 290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
291 if (!sent)
292 return;
1da177e4 293
36f7fc7e
JH		 294 param = *((__u8 *) sent);
295
56e5cb86
JH		 296 hci_dev_lock(hdev);
297
2d7cee58 298 if (status != 0) {
744cf19e 299 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 300 hdev->discov_timeout = 0;
301 goto done;
302 }
303
36f7fc7e
JH		 304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
309 if (!old_iscan)
744cf19e 310 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
314 to);
315 }
36f7fc7e 316 } else if (old_iscan)
744cf19e 317 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 318
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
321 if (!old_pscan)
744cf19e 322 mgmt_connectable(hdev, 1);
36f7fc7e 323 } else if (old_pscan)
744cf19e 324 mgmt_connectable(hdev, 0);
1da177e4 325
36f7fc7e 326done:
56e5cb86 327 hci_dev_unlock(hdev);
23bb5763 328 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 329}
1da177e4 330
a9de9248
MH		 331static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332{
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 334
a9de9248 335 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 336
a9de9248
MH		 337 if (rp->status)
338 return;
1da177e4 339
a9de9248 340 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 341
a9de9248
MH		 342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
344}
1da177e4 345
a9de9248
MH		 346static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347{
348 __u8 status = *((__u8 *) skb->data);
349 void *sent;
1da177e4 350
a9de9248 351 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 352
f383f275
MH		 353 if (status)
354 return;
355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
f383f275 360 memcpy(hdev->dev_class, sent, 3);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364{
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
366 __u16 setting;
367
368 BT_DBG("%s status 0x%x", hdev->name, rp->status);
369
370 if (rp->status)
371 return;
372
373 setting = __le16_to_cpu(rp->voice_setting);
374
f383f275 375 if (hdev->voice_setting == setting)
a9de9248
MH		 376 return;
377
378 hdev->voice_setting = setting;
379
380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
381
3c54711c 382 if (hdev->notify)
a9de9248 383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 384}
385
386static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 __u8 status = *((__u8 *) skb->data);
f383f275 389 __u16 setting;
a9de9248
MH		 390 void *sent;
391
392 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 393
f383f275
MH		 394 if (status)
395 return;
396
a9de9248
MH		 397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
398 if (!sent)
399 return;
1da177e4 400
f383f275 401 setting = get_unaligned_le16(sent);
1da177e4 402
f383f275
MH		 403 if (hdev->voice_setting == setting)
404 return;
405
406 hdev->voice_setting = setting;
1da177e4 407
f383f275 408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 409
3c54711c 410 if (hdev->notify)
f383f275 411 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 412}
413
a9de9248 414static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 415{
a9de9248 416 __u8 status = *((__u8 *) skb->data);
1da177e4 417
a9de9248 418 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 419
23bb5763 420 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 421}
1143e5a6 422
333140b5
MH		 423static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426
427 BT_DBG("%s status 0x%x", hdev->name, rp->status);
428
429 if (rp->status)
430 return;
431
432 hdev->ssp_mode = rp->mode;
433}
434
435static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436{
437 __u8 status = *((__u8 *) skb->data);
438 void *sent;
439
440 BT_DBG("%s status 0x%x", hdev->name, status);
441
442 if (status)
443 return;
444
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
449 hdev->ssp_mode = *((__u8 *) sent);
450}
451
d5859e22
JH		 452static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453{
454 if (hdev->features[6] & LMP_EXT_INQ)
455 return 2;
456
457 if (hdev->features[3] & LMP_RSSI_INQ)
458 return 1;
459
460 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
461 hdev->lmp_subver == 0x0757)
462 return 1;
463
464 if (hdev->manufacturer == 15) {
465 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 return 1;
467 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 return 1;
469 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
470 return 1;
471 }
472
473 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
474 hdev->lmp_subver == 0x1805)
475 return 1;
476
477 return 0;
478}
479
480static void hci_setup_inquiry_mode(struct hci_dev *hdev)
481{
482 u8 mode;
483
484 mode = hci_get_inquiry_mode(hdev);
485
486 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487}
488
489static void hci_setup_event_mask(struct hci_dev *hdev)
490{
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495
6de6c18d
VT		 496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
5a13b095 498 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 499 return;
500
501 events[4] |= 0x01; /* Flow Specification Complete */
502 events[4] |= 0x02; /* Inquiry Result with RSSI */
503 events[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events[5] |= 0x08; /* Synchronous Connection Complete */
505 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 506
507 if (hdev->features[3] & LMP_RSSI_INQ)
508 events[4] |= 0x04; /* Inquiry Result with RSSI */
509
510 if (hdev->features[5] & LMP_SNIFF_SUBR)
511 events[5] |= 0x20; /* Sniff Subrating */
512
513 if (hdev->features[5] & LMP_PAUSE_ENC)
514 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515
516 if (hdev->features[6] & LMP_EXT_INQ)
517 events[5] |= 0x40; /* Extended Inquiry Result */
518
519 if (hdev->features[6] & LMP_NO_FLUSH)
520 events[7] |= 0x01; /* Enhanced Flush Complete */
521
522 if (hdev->features[7] & LMP_LSTO)
523 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524
525 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
526 events[6] |= 0x01; /* IO Capability Request */
527 events[6] |= 0x02; /* IO Capability Response */
528 events[6] |= 0x04; /* User Confirmation Request */
529 events[6] |= 0x08; /* User Passkey Request */
530 events[6] |= 0x10; /* Remote OOB Data Request */
531 events[6] |= 0x20; /* Simple Pairing Complete */
532 events[7] |= 0x04; /* User Passkey Notification */
533 events[7] |= 0x08; /* Keypress Notification */
534 events[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
536 }
537
538 if (hdev->features[4] & LMP_LE)
539 events[7] |= 0x20; /* LE Meta-Event */
540
541 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
542}
543
e6100a25
AG		 544static void hci_set_le_support(struct hci_dev *hdev)
545{
546 struct hci_cp_write_le_host_supported cp;
547
548 memset(&cp, 0, sizeof(cp));
549
550 if (enable_le) {
551 cp.le = 1;
552 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
553 }
554
555 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
556}
557
d5859e22
JH		 558static void hci_setup(struct hci_dev *hdev)
559{
e61ef499
AE		 560 if (hdev->dev_type != HCI_BREDR)
561 return;
562
d5859e22
JH		 563 hci_setup_event_mask(hdev);
564
d095c1eb 565 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567
568 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 u8 mode = 0x01;
570 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
571 }
572
573 if (hdev->features[3] & LMP_RSSI_INQ)
574 hci_setup_inquiry_mode(hdev);
575
576 if (hdev->features[7] & LMP_INQ_TX_PWR)
577 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 578
579 if (hdev->features[7] & LMP_EXTFEATURES) {
580 struct hci_cp_read_local_ext_features cp;
581
582 cp.page = 0x01;
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
584 sizeof(cp), &cp);
585 }
e6100a25
AG		 586
587 if (hdev->features[4] & LMP_LE)
588 hci_set_le_support(hdev);
d5859e22
JH		 589}
590
a9de9248
MH		 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592{
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 594
a9de9248 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 596
a9de9248
MH		 597 if (rp->status)
598 return;
1143e5a6 599
a9de9248 600 hdev->hci_ver = rp->hci_ver;
e4e8e37c 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 602 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 605
a9de9248
MH		 606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->manufacturer,
608 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 609
610 if (test_bit(HCI_INIT, &hdev->flags))
611 hci_setup(hdev);
612}
613
614static void hci_setup_link_policy(struct hci_dev *hdev)
615{
616 u16 link_policy = 0;
617
618 if (hdev->features[0] & LMP_RSWITCH)
619 link_policy |= HCI_LP_RSWITCH;
620 if (hdev->features[0] & LMP_HOLD)
621 link_policy |= HCI_LP_HOLD;
622 if (hdev->features[0] & LMP_SNIFF)
623 link_policy |= HCI_LP_SNIFF;
624 if (hdev->features[1] & LMP_PARK)
625 link_policy |= HCI_LP_PARK;
626
627 link_policy = cpu_to_le16(link_policy);
628 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
629 sizeof(link_policy), &link_policy);
a9de9248 630}
1da177e4 631
a9de9248
MH		 632static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633{
634 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 635
a9de9248 636 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 637
a9de9248 638 if (rp->status)
d5859e22 639 goto done;
1da177e4 640
a9de9248 641 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 642
643 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
644 hci_setup_link_policy(hdev);
645
646done:
647 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 648}
1da177e4 649
a9de9248
MH		 650static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651{
652 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 653
a9de9248 654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 655
a9de9248
MH		 656 if (rp->status)
657 return;
5b7f9909 658
a9de9248 659 memcpy(hdev->features, rp->features, 8);
5b7f9909 660
a9de9248
MH		 661 /* Adjust default settings according to features
662 * supported by device. */
1da177e4 663
a9de9248
MH		 664 if (hdev->features[0] & LMP_3SLOT)
665 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 666
a9de9248
MH		 667 if (hdev->features[0] & LMP_5SLOT)
668 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 669
a9de9248
MH		 670 if (hdev->features[1] & LMP_HV2) {
671 hdev->pkt_type |= (HCI_HV2);
672 hdev->esco_type |= (ESCO_HV2);
673 }
1da177e4 674
a9de9248
MH		 675 if (hdev->features[1] & LMP_HV3) {
676 hdev->pkt_type |= (HCI_HV3);
677 hdev->esco_type |= (ESCO_HV3);
678 }
1da177e4 679
a9de9248
MH		 680 if (hdev->features[3] & LMP_ESCO)
681 hdev->esco_type |= (ESCO_EV3);
da1f5198 682
a9de9248
MH		 683 if (hdev->features[4] & LMP_EV4)
684 hdev->esco_type |= (ESCO_EV4);
da1f5198 685
a9de9248
MH		 686 if (hdev->features[4] & LMP_EV5)
687 hdev->esco_type |= (ESCO_EV5);
1da177e4 688
efc7688b
MH		 689 if (hdev->features[5] & LMP_EDR_ESCO_2M)
690 hdev->esco_type |= (ESCO_2EV3);
691
692 if (hdev->features[5] & LMP_EDR_ESCO_3M)
693 hdev->esco_type |= (ESCO_3EV3);
694
695 if (hdev->features[5] & LMP_EDR_3S_ESCO)
696 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697
a9de9248
MH		 698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
699 hdev->features[0], hdev->features[1],
700 hdev->features[2], hdev->features[3],
701 hdev->features[4], hdev->features[5],
702 hdev->features[6], hdev->features[7]);
703}
1da177e4 704
971e3a4b
AG		 705static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
706 struct sk_buff *skb)
707{
708 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711
712 if (rp->status)
713 return;
714
b5b32b65
AG		 715 switch (rp->page) {
716 case 0:
717 memcpy(hdev->features, rp->features, 8);
718 break;
719 case 1:
720 memcpy(hdev->host_features, rp->features, 8);
721 break;
722 }
971e3a4b
AG		 723
724 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
725}
726
1e89cffb
AE		 727static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
728 struct sk_buff *skb)
729{
730 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
731
732 BT_DBG("%s status 0x%x", hdev->name, rp->status);
733
734 if (rp->status)
735 return;
736
737 hdev->flow_ctl_mode = rp->mode;
738
739 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
740}
741
a9de9248
MH		 742static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
743{
744 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 745
a9de9248 746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 747
a9de9248
MH		 748 if (rp->status)
749 return;
1da177e4 750
a9de9248
MH		 751 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
752 hdev->sco_mtu = rp->sco_mtu;
753 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
754 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
755
756 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
757 hdev->sco_mtu = 64;
758 hdev->sco_pkts = 8;
1da177e4 759 }
a9de9248
MH		 760
761 hdev->acl_cnt = hdev->acl_pkts;
762 hdev->sco_cnt = hdev->sco_pkts;
763
764 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
765 hdev->acl_mtu, hdev->acl_pkts,
766 hdev->sco_mtu, hdev->sco_pkts);
767}
768
769static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
770{
771 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
772
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774
775 if (!rp->status)
776 bacpy(&hdev->bdaddr, &rp->bdaddr);
777
23bb5763
JH		 778 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
779}
780
350ee4cf
AE		 781static void hci_cc_read_data_block_size(struct hci_dev *hdev,
782 struct sk_buff *skb)
783{
784 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
785
786 BT_DBG("%s status 0x%x", hdev->name, rp->status);
787
788 if (rp->status)
789 return;
790
791 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
792 hdev->block_len = __le16_to_cpu(rp->block_len);
793 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
794
795 hdev->block_cnt = hdev->num_blocks;
796
797 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
798 hdev->block_cnt, hdev->block_len);
799
800 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
801}
802
23bb5763
JH		 803static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
804{
805 __u8 status = *((__u8 *) skb->data);
806
807 BT_DBG("%s status 0x%x", hdev->name, status);
808
809 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 810}
811
928abaa7
AE		 812static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
813 struct sk_buff *skb)
814{
815 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
816
817 BT_DBG("%s status 0x%x", hdev->name, rp->status);
818
819 if (rp->status)
820 return;
821
822 hdev->amp_status = rp->amp_status;
823 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
824 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
825 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
826 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
827 hdev->amp_type = rp->amp_type;
828 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
829 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
830 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
831 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
832
833 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
834}
835
b0916ea0
JH		 836static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
837 struct sk_buff *skb)
838{
839 __u8 status = *((__u8 *) skb->data);
840
841 BT_DBG("%s status 0x%x", hdev->name, status);
842
843 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
844}
845
d5859e22
JH		 846static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
853}
854
855static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
856 struct sk_buff *skb)
857{
858 __u8 status = *((__u8 *) skb->data);
859
860 BT_DBG("%s status 0x%x", hdev->name, status);
861
862 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
863}
864
865static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
866 struct sk_buff *skb)
867{
868 __u8 status = *((__u8 *) skb->data);
869
870 BT_DBG("%s status 0x%x", hdev->name, status);
871
872 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
873}
874
875static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 __u8 status = *((__u8 *) skb->data);
878
879 BT_DBG("%s status 0x%x", hdev->name, status);
880
881 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
882}
883
980e1a53
JH		 884static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
885{
886 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
887 struct hci_cp_pin_code_reply *cp;
888 struct hci_conn *conn;
889
890 BT_DBG("%s status 0x%x", hdev->name, rp->status);
891
56e5cb86
JH		 892 hci_dev_lock(hdev);
893
a8b2d5c2 894 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 895 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 896
897 if (rp->status != 0)
56e5cb86 898 goto unlock;
980e1a53
JH		 899
900 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
901 if (!cp)
56e5cb86 902 goto unlock;
980e1a53
JH		 903
904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
905 if (conn)
906 conn->pin_length = cp->pin_len;
56e5cb86
JH		 907
908unlock:
909 hci_dev_unlock(hdev);
980e1a53
JH		 910}
911
912static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
913{
914 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
915
916 BT_DBG("%s status 0x%x", hdev->name, rp->status);
917
56e5cb86
JH		 918 hci_dev_lock(hdev);
919
a8b2d5c2 920 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 921 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 922 rp->status);
56e5cb86
JH		 923
924 hci_dev_unlock(hdev);
980e1a53 925}
56e5cb86 926
6ed58ec5
VT		 927static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
928 struct sk_buff *skb)
929{
930 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
931
932 BT_DBG("%s status 0x%x", hdev->name, rp->status);
933
934 if (rp->status)
935 return;
936
937 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
938 hdev->le_pkts = rp->le_max_pkt;
939
940 hdev->le_cnt = hdev->le_pkts;
941
942 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
943
944 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
945}
980e1a53 946
a5c29683
JH		 947static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
948{
949 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950
951 BT_DBG("%s status 0x%x", hdev->name, rp->status);
952
56e5cb86
JH		 953 hci_dev_lock(hdev);
954
a8b2d5c2 955 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 956 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 957 rp->status);
56e5cb86
JH		 958
959 hci_dev_unlock(hdev);
a5c29683
JH		 960}
961
962static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
963 struct sk_buff *skb)
964{
965 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966
967 BT_DBG("%s status 0x%x", hdev->name, rp->status);
968
56e5cb86
JH		 969 hci_dev_lock(hdev);
970
a8b2d5c2 971 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 972 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 973 rp->status);
56e5cb86
JH		 974
975 hci_dev_unlock(hdev);
a5c29683
JH		 976}
977
1143d458
BG		 978static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
982 BT_DBG("%s status 0x%x", hdev->name, rp->status);
983
984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 987 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
988 rp->status);
989
990 hci_dev_unlock(hdev);
991}
992
993static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
994 struct sk_buff *skb)
995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
998 BT_DBG("%s status 0x%x", hdev->name, rp->status);
999
1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 1003 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1004 rp->status);
1005
1006 hci_dev_unlock(hdev);
1007}
1008
c35938b2
SJ		 1009static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1011{
1012 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1015
56e5cb86 1016 hci_dev_lock(hdev);
744cf19e 1017 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1018 rp->randomizer, rp->status);
56e5cb86 1019 hci_dev_unlock(hdev);
c35938b2
SJ		 1020}
1021
07f7fa5d
AG		 1022static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 __u8 status = *((__u8 *) skb->data);
1025
1026 BT_DBG("%s status 0x%x", hdev->name, status);
1027}
1028
eb9d91f5
AG		 1029static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1031{
1032 struct hci_cp_le_set_scan_enable *cp;
1033 __u8 status = *((__u8 *) skb->data);
1034
1035 BT_DBG("%s status 0x%x", hdev->name, status);
1036
1037 if (status)
1038 return;
1039
1040 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1041 if (!cp)
1042 return;
1043
68a8aea4
AE		 1044 switch (cp->enable) {
1045 case LE_SCANNING_ENABLED:
d23264a8
AG		 1046 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1047
db323f2f 1048 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1049
1050 hci_dev_lock(hdev);
eb9d91f5 1051 hci_adv_entries_clear(hdev);
a8f13c8c 1052 hci_dev_unlock(hdev);
68a8aea4
AE		 1053 break;
1054
1055 case LE_SCANNING_DISABLED:
d23264a8
AG		 1056 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1057
d084329e 1058 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
68a8aea4
AE		 1059 break;
1060
1061 default:
1062 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1063 break;
35815085 1064 }
eb9d91f5
AG		 1065}
1066
a7a595f6
VCG		 1067static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1068{
1069 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1070
1071 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1072
1073 if (rp->status)
1074 return;
1075
1076 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1077}
1078
1079static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1080{
1081 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1082
1083 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1084
1085 if (rp->status)
1086 return;
1087
1088 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1089}
1090
f9b49306
AG		 1091static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1092 struct sk_buff *skb)
1093{
1094 struct hci_cp_read_local_ext_features cp;
1095 __u8 status = *((__u8 *) skb->data);
1096
1097 BT_DBG("%s status 0x%x", hdev->name, status);
1098
1099 if (status)
1100 return;
1101
1102 cp.page = 0x01;
1103 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1104}
1105
a9de9248
MH		 1106static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1107{
1108 BT_DBG("%s status 0x%x", hdev->name, status);
1109
1110 if (status) {
23bb5763 1111 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1112 hci_conn_check_pending(hdev);
56e5cb86 1113 hci_dev_lock(hdev);
a8b2d5c2 1114 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1115 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1116 hci_dev_unlock(hdev);
314b2381
JH		 1117 return;
1118 }
1119
89352e7d
AG		 1120 set_bit(HCI_INQUIRY, &hdev->flags);
1121
56e5cb86 1122 hci_dev_lock(hdev);
30dc78e1 1123 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
56e5cb86 1124 hci_dev_unlock(hdev);
1da177e4
LT		 1125}
1126
1da177e4
LT		 1127static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1128{
a9de9248 1129 struct hci_cp_create_conn *cp;
1da177e4 1130 struct hci_conn *conn;
1da177e4 1131
a9de9248
MH		 1132 BT_DBG("%s status 0x%x", hdev->name, status);
1133
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1135 if (!cp)
1136 return;
1137
1138 hci_dev_lock(hdev);
1139
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1141
a9de9248 1142 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1143
1144 if (status) {
1145 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1146 if (status != 0x0c || conn->attempt > 2) {
1147 conn->state = BT_CLOSED;
1148 hci_proto_connect_cfm(conn, status);
1149 hci_conn_del(conn);
1150 } else
1151 conn->state = BT_CONNECT2;
1da177e4
LT		 1152 }
1153 } else {
1154 if (!conn) {
1155 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1156 if (conn) {
1157 conn->out = 1;
1158 conn->link_mode |= HCI_LM_MASTER;
1159 } else
893ef971 1160 BT_ERR("No memory for new connection");
1da177e4
LT		 1161 }
1162 }
1163
1164 hci_dev_unlock(hdev);
1165}
1166
a9de9248 1167static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1168{
a9de9248
MH		 1169 struct hci_cp_add_sco *cp;
1170 struct hci_conn *acl, *sco;
1171 __u16 handle;
1da177e4 1172
b6a0dc82
MH		 1173 BT_DBG("%s status 0x%x", hdev->name, status);
1174
a9de9248
MH		 1175 if (!status)
1176 return;
1da177e4 1177
a9de9248
MH		 1178 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1179 if (!cp)
1180 return;
1da177e4 1181
a9de9248 1182 handle = __le16_to_cpu(cp->handle);
1da177e4 1183
a9de9248 1184 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1185
a9de9248 1186 hci_dev_lock(hdev);
1da177e4 1187
a9de9248 1188 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1189 if (acl) {
1190 sco = acl->link;
1191 if (sco) {
1192 sco->state = BT_CLOSED;
1da177e4 1193
5a08ecce
AE		 1194 hci_proto_connect_cfm(sco, status);
1195 hci_conn_del(sco);
1196 }
a9de9248 1197 }
1da177e4 1198
a9de9248
MH		 1199 hci_dev_unlock(hdev);
1200}
1da177e4 1201
f8558555
MH		 1202static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1203{
1204 struct hci_cp_auth_requested *cp;
1205 struct hci_conn *conn;
1206
1207 BT_DBG("%s status 0x%x", hdev->name, status);
1208
1209 if (!status)
1210 return;
1211
1212 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1213 if (!cp)
1214 return;
1215
1216 hci_dev_lock(hdev);
1217
1218 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1219 if (conn) {
1220 if (conn->state == BT_CONFIG) {
1221 hci_proto_connect_cfm(conn, status);
1222 hci_conn_put(conn);
1223 }
1224 }
1225
1226 hci_dev_unlock(hdev);
1227}
1228
1229static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1230{
1231 struct hci_cp_set_conn_encrypt *cp;
1232 struct hci_conn *conn;
1233
1234 BT_DBG("%s status 0x%x", hdev->name, status);
1235
1236 if (!status)
1237 return;
1238
1239 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1240 if (!cp)
1241 return;
1242
1243 hci_dev_lock(hdev);
1244
1245 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1246 if (conn) {
1247 if (conn->state == BT_CONFIG) {
1248 hci_proto_connect_cfm(conn, status);
1249 hci_conn_put(conn);
1250 }
1251 }
1252
1253 hci_dev_unlock(hdev);
1254}
1255
127178d2 1256static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1257 struct hci_conn *conn)
392599b9 1258{
392599b9
JH		 1259 if (conn->state != BT_CONFIG || !conn->out)
1260 return 0;
1261
765c2a96 1262 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1263 return 0;
1264
1265 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1266 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1267 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1268 conn->pending_sec_level != BT_SECURITY_HIGH &&
1269 !(conn->auth_type & 0x01))
392599b9
JH		 1270 return 0;
1271
392599b9
JH		 1272 return 1;
1273}
1274
30dc78e1
JH		 1275static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1276{
1277 struct hci_cp_remote_name_req cp;
1278
1279 memset(&cp, 0, sizeof(cp));
1280
1281 bacpy(&cp.bdaddr, &e->data.bdaddr);
1282 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1283 cp.pscan_mode = e->data.pscan_mode;
1284 cp.clock_offset = e->data.clock_offset;
1285
1286 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1287}
1288
1289static void hci_resolve_next_name(struct hci_dev *hdev, bdaddr_t *bdaddr)
1290{
1291 struct discovery_state *discov = &hdev->discovery;
1292 struct inquiry_entry *e;
1293
1294 if (discov->state == DISCOVERY_STOPPING)
1295 goto discov_complete;
1296
1297 if (discov->state != DISCOVERY_RESOLVING)
1298 return;
1299
1300 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1301 if (e) {
1302 e->name_state = NAME_KNOWN;
1303 list_del(&e->list);
1304 }
1305
1306 if (list_empty(&discov->resolve))
1307 goto discov_complete;
1308
1309 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1310 if (hci_resolve_name(hdev, e) == 0) {
1311 e->name_state = NAME_PENDING;
1312 return;
1313 }
1314
1315discov_complete:
1316 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1317}
1318
a9de9248
MH		 1319static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1320{
127178d2
JH		 1321 struct hci_cp_remote_name_req *cp;
1322 struct hci_conn *conn;
1323
a9de9248 1324 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1325
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1328 if (!status)
1329 return;
1330
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1332 if (!cp)
1333 return;
1334
1335 hci_dev_lock(hdev);
1336
a8b2d5c2 1337 if (test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1338 hci_resolve_next_name(hdev, &cp->bdaddr);
1339
127178d2 1340 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1341 if (!conn)
1342 goto unlock;
1343
1344 if (!hci_outgoing_auth_needed(hdev, conn))
1345 goto unlock;
1346
1347 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1348 struct hci_cp_auth_requested cp;
1349 cp.handle = __cpu_to_le16(conn->handle);
1350 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1351 }
1352
79c6c70c 1353unlock:
127178d2 1354 hci_dev_unlock(hdev);
a9de9248 1355}
1da177e4 1356
769be974
MH		 1357static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1358{
1359 struct hci_cp_read_remote_features *cp;
1360 struct hci_conn *conn;
1361
1362 BT_DBG("%s status 0x%x", hdev->name, status);
1363
1364 if (!status)
1365 return;
1366
1367 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1368 if (!cp)
1369 return;
1370
1371 hci_dev_lock(hdev);
1372
1373 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1374 if (conn) {
1375 if (conn->state == BT_CONFIG) {
769be974
MH		 1376 hci_proto_connect_cfm(conn, status);
1377 hci_conn_put(conn);
1378 }
1379 }
1380
1381 hci_dev_unlock(hdev);
1382}
1383
1384static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1385{
1386 struct hci_cp_read_remote_ext_features *cp;
1387 struct hci_conn *conn;
1388
1389 BT_DBG("%s status 0x%x", hdev->name, status);
1390
1391 if (!status)
1392 return;
1393
1394 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1395 if (!cp)
1396 return;
1397
1398 hci_dev_lock(hdev);
1399
1400 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1401 if (conn) {
1402 if (conn->state == BT_CONFIG) {
769be974
MH		 1403 hci_proto_connect_cfm(conn, status);
1404 hci_conn_put(conn);
1405 }
1406 }
1407
1408 hci_dev_unlock(hdev);
1409}
1410
a9de9248
MH		 1411static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1412{
b6a0dc82
MH		 1413 struct hci_cp_setup_sync_conn *cp;
1414 struct hci_conn *acl, *sco;
1415 __u16 handle;
1416
a9de9248 1417 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1418
1419 if (!status)
1420 return;
1421
1422 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1423 if (!cp)
1424 return;
1425
1426 handle = __le16_to_cpu(cp->handle);
1427
1428 BT_DBG("%s handle %d", hdev->name, handle);
1429
1430 hci_dev_lock(hdev);
1431
1432 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1433 if (acl) {
1434 sco = acl->link;
1435 if (sco) {
1436 sco->state = BT_CLOSED;
b6a0dc82 1437
5a08ecce
AE		 1438 hci_proto_connect_cfm(sco, status);
1439 hci_conn_del(sco);
1440 }
b6a0dc82
MH		 1441 }
1442
1443 hci_dev_unlock(hdev);
1da177e4
LT		 1444}
1445
a9de9248 1446static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1447{
a9de9248
MH		 1448 struct hci_cp_sniff_mode *cp;
1449 struct hci_conn *conn;
1da177e4 1450
a9de9248 1451 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1452
a9de9248
MH		 1453 if (!status)
1454 return;
04837f64 1455
a9de9248
MH		 1456 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1457 if (!cp)
1458 return;
04837f64 1459
a9de9248 1460 hci_dev_lock(hdev);
04837f64 1461
a9de9248 1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1463 if (conn) {
a9de9248 1464 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1465
e73439d8
MH		 1466 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1467 hci_sco_setup(conn, status);
1468 }
1469
a9de9248
MH		 1470 hci_dev_unlock(hdev);
1471}
04837f64 1472
a9de9248
MH		 1473static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1474{
1475 struct hci_cp_exit_sniff_mode *cp;
1476 struct hci_conn *conn;
04837f64 1477
a9de9248 1478 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1479
a9de9248
MH		 1480 if (!status)
1481 return;
04837f64 1482
a9de9248
MH		 1483 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1484 if (!cp)
1485 return;
04837f64 1486
a9de9248 1487 hci_dev_lock(hdev);
1da177e4 1488
a9de9248 1489 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1490 if (conn) {
a9de9248 1491 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1492
e73439d8
MH		 1493 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1494 hci_sco_setup(conn, status);
1495 }
1496
a9de9248 1497 hci_dev_unlock(hdev);
1da177e4
LT		 1498}
1499
fcd89c09
VT		 1500static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1501{
1502 struct hci_cp_le_create_conn *cp;
1503 struct hci_conn *conn;
1504
1505 BT_DBG("%s status 0x%x", hdev->name, status);
1506
1507 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1508 if (!cp)
1509 return;
1510
1511 hci_dev_lock(hdev);
1512
1513 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1514
1515 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1516 conn);
1517
1518 if (status) {
1519 if (conn && conn->state == BT_CONNECT) {
1520 conn->state = BT_CLOSED;
1521 hci_proto_connect_cfm(conn, status);
1522 hci_conn_del(conn);
1523 }
1524 } else {
1525 if (!conn) {
1526 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1527 if (conn) {
1528 conn->dst_type = cp->peer_addr_type;
fcd89c09 1529 conn->out = 1;
29b7988a 1530 } else {
fcd89c09 1531 BT_ERR("No memory for new connection");
29b7988a 1532 }
fcd89c09
VT		 1533 }
1534 }
1535
1536 hci_dev_unlock(hdev);
1537}
1538
a7a595f6
VCG		 1539static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1540{
1541 BT_DBG("%s status 0x%x", hdev->name, status);
1542}
1543
1da177e4
LT		 1544static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1545{
1546 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1547 struct discovery_state *discov = &hdev->discovery;
1548 struct inquiry_entry *e;
1da177e4
LT		 1549
1550 BT_DBG("%s status %d", hdev->name, status);
1551
23bb5763 1552 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1553
a9de9248 1554 hci_conn_check_pending(hdev);
89352e7d
AG		 1555
1556 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1557 return;
1558
a8b2d5c2 1559 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1560 return;
1561
56e5cb86 1562 hci_dev_lock(hdev);
30dc78e1
JH		 1563
1564 if (discov->state != DISCOVERY_INQUIRY)
1565 goto unlock;
1566
1567 if (list_empty(&discov->resolve)) {
1568 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1569 goto unlock;
1570 }
1571
1572 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1573 if (e && hci_resolve_name(hdev, e) == 0) {
1574 e->name_state = NAME_PENDING;
1575 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1576 } else {
1577 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1578 }
1579
1580unlock:
56e5cb86 1581 hci_dev_unlock(hdev);
1da177e4
LT		 1582}
1583
1da177e4
LT		 1584static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1585{
45bb4bf0 1586 struct inquiry_data data;
a9de9248 1587 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1588 int num_rsp = *((__u8 *) skb->data);
1589
1590 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1591
45bb4bf0
MH		 1592 if (!num_rsp)
1593 return;
1594
1da177e4 1595 hci_dev_lock(hdev);
45bb4bf0 1596
e17acd40 1597 for (; num_rsp; num_rsp--, info++) {
3175405b
JH		 1598 bool name_known;
1599
1da177e4
LT		 1600 bacpy(&data.bdaddr, &info->bdaddr);
1601 data.pscan_rep_mode = info->pscan_rep_mode;
1602 data.pscan_period_mode = info->pscan_period_mode;
1603 data.pscan_mode = info->pscan_mode;
1604 memcpy(data.dev_class, info->dev_class, 3);
1605 data.clock_offset = info->clock_offset;
1606 data.rssi = 0x00;
41a96212 1607 data.ssp_mode = 0x00;
3175405b
JH		 1608
1609 name_known = hci_inquiry_cache_update(hdev, &data, false);
48264f06 1610 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
7d262f86
AG		 1611 info->dev_class, 0, !name_known,
1612 NULL, 0);
1da177e4 1613 }
45bb4bf0 1614
1da177e4
LT		 1615 hci_dev_unlock(hdev);
1616}
1617
1da177e4
LT		 1618static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1619{
a9de9248
MH		 1620 struct hci_ev_conn_complete *ev = (void *) skb->data;
1621 struct hci_conn *conn;
1da177e4
LT		 1622
1623 BT_DBG("%s", hdev->name);
1624
1625 hci_dev_lock(hdev);
1626
1627 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1628 if (!conn) {
1629 if (ev->link_type != SCO_LINK)
1630 goto unlock;
1631
1632 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1633 if (!conn)
1634 goto unlock;
1635
1636 conn->type = SCO_LINK;
1637 }
1da177e4
LT		 1638
1639 if (!ev->status) {
1640 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1641
1642 if (conn->type == ACL_LINK) {
1643 conn->state = BT_CONFIG;
1644 hci_conn_hold(conn);
052b30b0 1645 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
afc747a6 1646 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
48264f06 1647 conn->dst_type);
769be974
MH		 1648 } else
1649 conn->state = BT_CONNECTED;
1da177e4 1650
9eba32b8 1651 hci_conn_hold_device(conn);
7d0db0a3
MH		 1652 hci_conn_add_sysfs(conn);
1653
1da177e4
LT		 1654 if (test_bit(HCI_AUTH, &hdev->flags))
1655 conn->link_mode |= HCI_LM_AUTH;
1656
1657 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1658 conn->link_mode |= HCI_LM_ENCRYPT;
1659
04837f64
MH		 1660 /* Get remote features */
1661 if (conn->type == ACL_LINK) {
1662 struct hci_cp_read_remote_features cp;
1663 cp.handle = ev->handle;
769be974
MH		 1664 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1665 sizeof(cp), &cp);
04837f64
MH		 1666 }
1667
1da177e4 1668 /* Set packet type for incoming connection */
d095c1eb 1669 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1670 struct hci_cp_change_conn_ptype cp;
1671 cp.handle = ev->handle;
a8746417
MH		 1672 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1673 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1674 sizeof(cp), &cp);
1da177e4 1675 }
17d5c04c 1676 } else {
1da177e4 1677 conn->state = BT_CLOSED;
17d5c04c 1678 if (conn->type == ACL_LINK)
744cf19e 1679 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1680 conn->dst_type, ev->status);
17d5c04c 1681 }
1da177e4 1682
e73439d8
MH		 1683 if (conn->type == ACL_LINK)
1684 hci_sco_setup(conn, ev->status);
1da177e4 1685
769be974
MH		 1686 if (ev->status) {
1687 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1688 hci_conn_del(conn);
c89b6e6b
MH		 1689 } else if (ev->link_type != ACL_LINK)
1690 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1691
a9de9248 1692unlock:
1da177e4 1693 hci_dev_unlock(hdev);
1da177e4 1694
a9de9248 1695 hci_conn_check_pending(hdev);
1da177e4
LT		 1696}
1697
a9de9248 1698static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1699{
a9de9248
MH		 1700 struct hci_ev_conn_request *ev = (void *) skb->data;
1701 int mask = hdev->link_mode;
1da177e4 1702
a9de9248
MH		 1703 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1704 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1705
a9de9248 1706 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1707
138d22ef
SJ		 1708 if ((mask & HCI_LM_ACCEPT) &&
1709 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1710 /* Connection accepted */
c7bdd502 1711 struct inquiry_entry *ie;
1da177e4 1712 struct hci_conn *conn;
1da177e4 1713
a9de9248 1714 hci_dev_lock(hdev);
b6a0dc82 1715
cc11b9c1
AE		 1716 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1717 if (ie)
c7bdd502
MH		 1718 memcpy(ie->data.dev_class, ev->dev_class, 3);
1719
a9de9248
MH		 1720 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1721 if (!conn) {
cc11b9c1
AE		 1722 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1723 if (!conn) {
893ef971 1724 BT_ERR("No memory for new connection");
a9de9248
MH		 1725 hci_dev_unlock(hdev);
1726 return;
1da177e4
LT		 1727 }
1728 }
b6a0dc82 1729
a9de9248
MH		 1730 memcpy(conn->dev_class, ev->dev_class, 3);
1731 conn->state = BT_CONNECT;
b6a0dc82 1732
a9de9248 1733 hci_dev_unlock(hdev);
1da177e4 1734
b6a0dc82
MH		 1735 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1736 struct hci_cp_accept_conn_req cp;
1da177e4 1737
b6a0dc82
MH		 1738 bacpy(&cp.bdaddr, &ev->bdaddr);
1739
1740 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1741 cp.role = 0x00; /* Become master */
1742 else
1743 cp.role = 0x01; /* Remain slave */
1744
1745 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1746 sizeof(cp), &cp);
1747 } else {
1748 struct hci_cp_accept_sync_conn_req cp;
1749
1750 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1751 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1752
1753 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1754 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1755 cp.max_latency = cpu_to_le16(0xffff);
1756 cp.content_format = cpu_to_le16(hdev->voice_setting);
1757 cp.retrans_effort = 0xff;
1da177e4 1758
b6a0dc82
MH		 1759 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1760 sizeof(cp), &cp);
1761 }
a9de9248
MH		 1762 } else {
1763 /* Connection rejected */
1764 struct hci_cp_reject_conn_req cp;
1da177e4 1765
a9de9248 1766 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1767 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1768 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1769 }
1da177e4
LT		 1770}
1771
a9de9248 1772static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1773{
a9de9248 1774 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1775 struct hci_conn *conn;
1776
1777 BT_DBG("%s status %d", hdev->name, ev->status);
1778
1779 hci_dev_lock(hdev);
1780
1781 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1782 if (!conn)
1783 goto unlock;
7d0db0a3 1784
37d9ef76
JH		 1785 if (ev->status == 0)
1786 conn->state = BT_CLOSED;
04837f64 1787
37d9ef76
JH		 1788 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1789 if (ev->status != 0)
1790 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1791 else
afc747a6 1792 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1793 conn->dst_type);
37d9ef76 1794 }
f7520543 1795
37d9ef76
JH		 1796 if (ev->status == 0) {
1797 hci_proto_disconn_cfm(conn, ev->reason);
1798 hci_conn_del(conn);
1799 }
f7520543
JH		 1800
1801unlock:
04837f64
MH		 1802 hci_dev_unlock(hdev);
1803}
1804
1da177e4
LT		 1805static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1806{
a9de9248 1807 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1808 struct hci_conn *conn;
1da177e4
LT		 1809
1810 BT_DBG("%s status %d", hdev->name, ev->status);
1811
1812 hci_dev_lock(hdev);
1813
04837f64 1814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1815 if (!conn)
1816 goto unlock;
1817
1818 if (!ev->status) {
1819 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1820 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1821 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1822 } else {
d7556e20
WR		 1823 conn->link_mode |= HCI_LM_AUTH;
1824 conn->sec_level = conn->pending_sec_level;
2a611692 1825 }
d7556e20 1826 } else {
744cf19e 1827 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1828 }
1da177e4 1829
d7556e20
WR		 1830 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1831 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1832
d7556e20
WR		 1833 if (conn->state == BT_CONFIG) {
1834 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1835 struct hci_cp_set_conn_encrypt cp;
1836 cp.handle = ev->handle;
1837 cp.encrypt = 0x01;
1838 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1839 &cp);
052b30b0 1840 } else {
d7556e20
WR		 1841 conn->state = BT_CONNECTED;
1842 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1843 hci_conn_put(conn);
1844 }
d7556e20
WR		 1845 } else {
1846 hci_auth_cfm(conn, ev->status);
052b30b0 1847
d7556e20
WR		 1848 hci_conn_hold(conn);
1849 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1850 hci_conn_put(conn);
1851 }
1852
1853 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1854 if (!ev->status) {
1855 struct hci_cp_set_conn_encrypt cp;
1856 cp.handle = ev->handle;
1857 cp.encrypt = 0x01;
1858 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1859 &cp);
1860 } else {
1861 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1862 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1863 }
1864 }
1865
d7556e20 1866unlock:
1da177e4
LT		 1867 hci_dev_unlock(hdev);
1868}
1869
a9de9248 1870static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1871{
127178d2
JH		 1872 struct hci_ev_remote_name *ev = (void *) skb->data;
1873 struct hci_conn *conn;
1874
a9de9248 1875 BT_DBG("%s", hdev->name);
1da177e4 1876
a9de9248 1877 hci_conn_check_pending(hdev);
127178d2
JH		 1878
1879 hci_dev_lock(hdev);
1880
a8b2d5c2 1881 if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
30dc78e1
JH		 1882 if (ev->status == 0)
1883 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1884
1885 hci_resolve_next_name(hdev, &ev->bdaddr);
1886 }
a88a9652 1887
127178d2 1888 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1889 if (!conn)
1890 goto unlock;
1891
1892 if (!hci_outgoing_auth_needed(hdev, conn))
1893 goto unlock;
1894
1895 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1896 struct hci_cp_auth_requested cp;
1897 cp.handle = __cpu_to_le16(conn->handle);
1898 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1899 }
1900
79c6c70c 1901unlock:
127178d2 1902 hci_dev_unlock(hdev);
a9de9248
MH		 1903}
1904
1905static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1906{
1907 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1908 struct hci_conn *conn;
1909
1910 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1911
1912 hci_dev_lock(hdev);
1913
04837f64 1914 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1915 if (conn) {
1916 if (!ev->status) {
ae293196
MH		 1917 if (ev->encrypt) {
1918 /* Encryption implies authentication */
1919 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1920 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1921 conn->sec_level = conn->pending_sec_level;
ae293196 1922 } else
1da177e4
LT		 1923 conn->link_mode &= ~HCI_LM_ENCRYPT;
1924 }
1925
1926 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1927
f8558555
MH		 1928 if (conn->state == BT_CONFIG) {
1929 if (!ev->status)
1930 conn->state = BT_CONNECTED;
1931
1932 hci_proto_connect_cfm(conn, ev->status);
1933 hci_conn_put(conn);
1934 } else
1935 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1936 }
1937
1938 hci_dev_unlock(hdev);
1939}
1940
a9de9248 1941static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1942{
a9de9248 1943 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1944 struct hci_conn *conn;
1da177e4
LT		 1945
1946 BT_DBG("%s status %d", hdev->name, ev->status);
1947
1948 hci_dev_lock(hdev);
1949
04837f64 1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1951 if (conn) {
1952 if (!ev->status)
1953 conn->link_mode |= HCI_LM_SECURE;
1954
1955 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1956
1957 hci_key_change_cfm(conn, ev->status);
1958 }
1959
1960 hci_dev_unlock(hdev);
1961}
1962
a9de9248 1963static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1964{
a9de9248
MH		 1965 struct hci_ev_remote_features *ev = (void *) skb->data;
1966 struct hci_conn *conn;
1967
1968 BT_DBG("%s status %d", hdev->name, ev->status);
1969
a9de9248
MH		 1970 hci_dev_lock(hdev);
1971
1972 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1973 if (!conn)
1974 goto unlock;
769be974 1975
ccd556fe
JH		 1976 if (!ev->status)
1977 memcpy(conn->features, ev->features, 8);
1978
1979 if (conn->state != BT_CONFIG)
1980 goto unlock;
1981
1982 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1983 struct hci_cp_read_remote_ext_features cp;
1984 cp.handle = ev->handle;
1985 cp.page = 0x01;
1986 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1987 sizeof(cp), &cp);
392599b9
JH		 1988 goto unlock;
1989 }
1990
127178d2
JH		 1991 if (!ev->status) {
1992 struct hci_cp_remote_name_req cp;
1993 memset(&cp, 0, sizeof(cp));
1994 bacpy(&cp.bdaddr, &conn->dst);
1995 cp.pscan_rep_mode = 0x02;
1996 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1997 }
392599b9 1998
127178d2 1999 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2000 conn->state = BT_CONNECTED;
2001 hci_proto_connect_cfm(conn, ev->status);
2002 hci_conn_put(conn);
769be974 2003 }
a9de9248 2004
ccd556fe 2005unlock:
a9de9248 2006 hci_dev_unlock(hdev);
1da177e4
LT		 2007}
2008
a9de9248 2009static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2010{
a9de9248 2011 BT_DBG("%s", hdev->name);
1da177e4
LT		 2012}
2013
a9de9248 2014static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2015{
a9de9248 2016 BT_DBG("%s", hdev->name);
1da177e4
LT		 2017}
2018
a9de9248
MH		 2019static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2020{
2021 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2022 __u16 opcode;
2023
2024 skb_pull(skb, sizeof(*ev));
2025
2026 opcode = __le16_to_cpu(ev->opcode);
2027
2028 switch (opcode) {
2029 case HCI_OP_INQUIRY_CANCEL:
2030 hci_cc_inquiry_cancel(hdev, skb);
2031 break;
2032
2033 case HCI_OP_EXIT_PERIODIC_INQ:
2034 hci_cc_exit_periodic_inq(hdev, skb);
2035 break;
2036
2037 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2038 hci_cc_remote_name_req_cancel(hdev, skb);
2039 break;
2040
2041 case HCI_OP_ROLE_DISCOVERY:
2042 hci_cc_role_discovery(hdev, skb);
2043 break;
2044
e4e8e37c
MH		 2045 case HCI_OP_READ_LINK_POLICY:
2046 hci_cc_read_link_policy(hdev, skb);
2047 break;
2048
a9de9248
MH		 2049 case HCI_OP_WRITE_LINK_POLICY:
2050 hci_cc_write_link_policy(hdev, skb);
2051 break;
2052
e4e8e37c
MH		 2053 case HCI_OP_READ_DEF_LINK_POLICY:
2054 hci_cc_read_def_link_policy(hdev, skb);
2055 break;
2056
2057 case HCI_OP_WRITE_DEF_LINK_POLICY:
2058 hci_cc_write_def_link_policy(hdev, skb);
2059 break;
2060
a9de9248
MH		 2061 case HCI_OP_RESET:
2062 hci_cc_reset(hdev, skb);
2063 break;
2064
2065 case HCI_OP_WRITE_LOCAL_NAME:
2066 hci_cc_write_local_name(hdev, skb);
2067 break;
2068
2069 case HCI_OP_READ_LOCAL_NAME:
2070 hci_cc_read_local_name(hdev, skb);
2071 break;
2072
2073 case HCI_OP_WRITE_AUTH_ENABLE:
2074 hci_cc_write_auth_enable(hdev, skb);
2075 break;
2076
2077 case HCI_OP_WRITE_ENCRYPT_MODE:
2078 hci_cc_write_encrypt_mode(hdev, skb);
2079 break;
2080
2081 case HCI_OP_WRITE_SCAN_ENABLE:
2082 hci_cc_write_scan_enable(hdev, skb);
2083 break;
2084
2085 case HCI_OP_READ_CLASS_OF_DEV:
2086 hci_cc_read_class_of_dev(hdev, skb);
2087 break;
2088
2089 case HCI_OP_WRITE_CLASS_OF_DEV:
2090 hci_cc_write_class_of_dev(hdev, skb);
2091 break;
2092
2093 case HCI_OP_READ_VOICE_SETTING:
2094 hci_cc_read_voice_setting(hdev, skb);
2095 break;
2096
2097 case HCI_OP_WRITE_VOICE_SETTING:
2098 hci_cc_write_voice_setting(hdev, skb);
2099 break;
2100
2101 case HCI_OP_HOST_BUFFER_SIZE:
2102 hci_cc_host_buffer_size(hdev, skb);
2103 break;
2104
333140b5
MH		 2105 case HCI_OP_READ_SSP_MODE:
2106 hci_cc_read_ssp_mode(hdev, skb);
2107 break;
2108
2109 case HCI_OP_WRITE_SSP_MODE:
2110 hci_cc_write_ssp_mode(hdev, skb);
2111 break;
2112
a9de9248
MH		 2113 case HCI_OP_READ_LOCAL_VERSION:
2114 hci_cc_read_local_version(hdev, skb);
2115 break;
2116
2117 case HCI_OP_READ_LOCAL_COMMANDS:
2118 hci_cc_read_local_commands(hdev, skb);
2119 break;
2120
2121 case HCI_OP_READ_LOCAL_FEATURES:
2122 hci_cc_read_local_features(hdev, skb);
2123 break;
2124
971e3a4b
AG		 2125 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2126 hci_cc_read_local_ext_features(hdev, skb);
2127 break;
2128
a9de9248
MH		 2129 case HCI_OP_READ_BUFFER_SIZE:
2130 hci_cc_read_buffer_size(hdev, skb);
2131 break;
2132
2133 case HCI_OP_READ_BD_ADDR:
2134 hci_cc_read_bd_addr(hdev, skb);
2135 break;
2136
350ee4cf
AE		 2137 case HCI_OP_READ_DATA_BLOCK_SIZE:
2138 hci_cc_read_data_block_size(hdev, skb);
2139 break;
2140
23bb5763
JH		 2141 case HCI_OP_WRITE_CA_TIMEOUT:
2142 hci_cc_write_ca_timeout(hdev, skb);
2143 break;
2144
1e89cffb
AE		 2145 case HCI_OP_READ_FLOW_CONTROL_MODE:
2146 hci_cc_read_flow_control_mode(hdev, skb);
2147 break;
2148
928abaa7
AE		 2149 case HCI_OP_READ_LOCAL_AMP_INFO:
2150 hci_cc_read_local_amp_info(hdev, skb);
2151 break;
2152
b0916ea0
JH		 2153 case HCI_OP_DELETE_STORED_LINK_KEY:
2154 hci_cc_delete_stored_link_key(hdev, skb);
2155 break;
2156
d5859e22
JH		 2157 case HCI_OP_SET_EVENT_MASK:
2158 hci_cc_set_event_mask(hdev, skb);
2159 break;
2160
2161 case HCI_OP_WRITE_INQUIRY_MODE:
2162 hci_cc_write_inquiry_mode(hdev, skb);
2163 break;
2164
2165 case HCI_OP_READ_INQ_RSP_TX_POWER:
2166 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2167 break;
2168
2169 case HCI_OP_SET_EVENT_FLT:
2170 hci_cc_set_event_flt(hdev, skb);
2171 break;
2172
980e1a53
JH		 2173 case HCI_OP_PIN_CODE_REPLY:
2174 hci_cc_pin_code_reply(hdev, skb);
2175 break;
2176
2177 case HCI_OP_PIN_CODE_NEG_REPLY:
2178 hci_cc_pin_code_neg_reply(hdev, skb);
2179 break;
2180
c35938b2
SJ		 2181 case HCI_OP_READ_LOCAL_OOB_DATA:
2182 hci_cc_read_local_oob_data_reply(hdev, skb);
2183 break;
2184
6ed58ec5
VT		 2185 case HCI_OP_LE_READ_BUFFER_SIZE:
2186 hci_cc_le_read_buffer_size(hdev, skb);
2187 break;
2188
a5c29683
JH		 2189 case HCI_OP_USER_CONFIRM_REPLY:
2190 hci_cc_user_confirm_reply(hdev, skb);
2191 break;
2192
2193 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2194 hci_cc_user_confirm_neg_reply(hdev, skb);
2195 break;
2196
1143d458
BG		 2197 case HCI_OP_USER_PASSKEY_REPLY:
2198 hci_cc_user_passkey_reply(hdev, skb);
2199 break;
2200
2201 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2202 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2203
2204 case HCI_OP_LE_SET_SCAN_PARAM:
2205 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2206 break;
2207
eb9d91f5
AG		 2208 case HCI_OP_LE_SET_SCAN_ENABLE:
2209 hci_cc_le_set_scan_enable(hdev, skb);
2210 break;
2211
a7a595f6
VCG		 2212 case HCI_OP_LE_LTK_REPLY:
2213 hci_cc_le_ltk_reply(hdev, skb);
2214 break;
2215
2216 case HCI_OP_LE_LTK_NEG_REPLY:
2217 hci_cc_le_ltk_neg_reply(hdev, skb);
2218 break;
2219
f9b49306
AG		 2220 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2221 hci_cc_write_le_host_supported(hdev, skb);
2222 break;
2223
a9de9248
MH		 2224 default:
2225 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2226 break;
2227 }
2228
6bd32326
VT		 2229 if (ev->opcode != HCI_OP_NOP)
2230 del_timer(&hdev->cmd_timer);
2231
a9de9248
MH		 2232 if (ev->ncmd) {
2233 atomic_set(&hdev->cmd_cnt, 1);
2234 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2235 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2236 }
2237}
2238
2239static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2240{
2241 struct hci_ev_cmd_status *ev = (void *) skb->data;
2242 __u16 opcode;
2243
2244 skb_pull(skb, sizeof(*ev));
2245
2246 opcode = __le16_to_cpu(ev->opcode);
2247
2248 switch (opcode) {
2249 case HCI_OP_INQUIRY:
2250 hci_cs_inquiry(hdev, ev->status);
2251 break;
2252
2253 case HCI_OP_CREATE_CONN:
2254 hci_cs_create_conn(hdev, ev->status);
2255 break;
2256
2257 case HCI_OP_ADD_SCO:
2258 hci_cs_add_sco(hdev, ev->status);
2259 break;
2260
f8558555
MH		 2261 case HCI_OP_AUTH_REQUESTED:
2262 hci_cs_auth_requested(hdev, ev->status);
2263 break;
2264
2265 case HCI_OP_SET_CONN_ENCRYPT:
2266 hci_cs_set_conn_encrypt(hdev, ev->status);
2267 break;
2268
a9de9248
MH		 2269 case HCI_OP_REMOTE_NAME_REQ:
2270 hci_cs_remote_name_req(hdev, ev->status);
2271 break;
2272
769be974
MH		 2273 case HCI_OP_READ_REMOTE_FEATURES:
2274 hci_cs_read_remote_features(hdev, ev->status);
2275 break;
2276
2277 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2278 hci_cs_read_remote_ext_features(hdev, ev->status);
2279 break;
2280
a9de9248
MH		 2281 case HCI_OP_SETUP_SYNC_CONN:
2282 hci_cs_setup_sync_conn(hdev, ev->status);
2283 break;
2284
2285 case HCI_OP_SNIFF_MODE:
2286 hci_cs_sniff_mode(hdev, ev->status);
2287 break;
2288
2289 case HCI_OP_EXIT_SNIFF_MODE:
2290 hci_cs_exit_sniff_mode(hdev, ev->status);
2291 break;
2292
8962ee74
JH		 2293 case HCI_OP_DISCONNECT:
2294 if (ev->status != 0)
37d9ef76 2295 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2296 break;
2297
fcd89c09
VT		 2298 case HCI_OP_LE_CREATE_CONN:
2299 hci_cs_le_create_conn(hdev, ev->status);
2300 break;
2301
a7a595f6
VCG		 2302 case HCI_OP_LE_START_ENC:
2303 hci_cs_le_start_enc(hdev, ev->status);
2304 break;
2305
a9de9248
MH		 2306 default:
2307 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2308 break;
2309 }
2310
6bd32326
VT		 2311 if (ev->opcode != HCI_OP_NOP)
2312 del_timer(&hdev->cmd_timer);
2313
10572132 2314 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2315 atomic_set(&hdev->cmd_cnt, 1);
2316 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2317 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2318 }
2319}
2320
2321static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2322{
2323 struct hci_ev_role_change *ev = (void *) skb->data;
2324 struct hci_conn *conn;
2325
2326 BT_DBG("%s status %d", hdev->name, ev->status);
2327
2328 hci_dev_lock(hdev);
2329
2330 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2331 if (conn) {
2332 if (!ev->status) {
2333 if (ev->role)
2334 conn->link_mode &= ~HCI_LM_MASTER;
2335 else
2336 conn->link_mode |= HCI_LM_MASTER;
2337 }
2338
2339 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2340
2341 hci_role_switch_cfm(conn, ev->status, ev->role);
2342 }
2343
2344 hci_dev_unlock(hdev);
2345}
2346
2347static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2348{
2349 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2350 int i;
2351
32ac5b9b
AE		 2352 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2353 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2354 return;
2355 }
2356
c5993de8
AE		 2357 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2358 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2359 BT_DBG("%s bad parameters", hdev->name);
2360 return;
2361 }
2362
c5993de8
AE		 2363 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2364
613a1c0c
AE		 2365 for (i = 0; i < ev->num_hndl; i++) {
2366 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2367 struct hci_conn *conn;
2368 __u16 handle, count;
2369
613a1c0c
AE		 2370 handle = __le16_to_cpu(info->handle);
2371 count = __le16_to_cpu(info->count);
a9de9248
MH		 2372
2373 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2374 if (!conn)
2375 continue;
2376
2377 conn->sent -= count;
2378
2379 switch (conn->type) {
2380 case ACL_LINK:
2381 hdev->acl_cnt += count;
2382 if (hdev->acl_cnt > hdev->acl_pkts)
2383 hdev->acl_cnt = hdev->acl_pkts;
2384 break;
2385
2386 case LE_LINK:
2387 if (hdev->le_pkts) {
2388 hdev->le_cnt += count;
2389 if (hdev->le_cnt > hdev->le_pkts)
2390 hdev->le_cnt = hdev->le_pkts;
2391 } else {
70f23020
AE		 2392 hdev->acl_cnt += count;
2393 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2394 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2395 }
f4280918
AE		 2396 break;
2397
2398 case SCO_LINK:
2399 hdev->sco_cnt += count;
2400 if (hdev->sco_cnt > hdev->sco_pkts)
2401 hdev->sco_cnt = hdev->sco_pkts;
2402 break;
2403
2404 default:
2405 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2406 break;
a9de9248
MH		 2407 }
2408 }
2409
3eff45ea 2410 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2411}
2412
25e89e99
AE		 2413static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2414 struct sk_buff *skb)
2415{
2416 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2417 int i;
2418
2419 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2420 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2421 return;
2422 }
2423
2424 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2425 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2426 BT_DBG("%s bad parameters", hdev->name);
2427 return;
2428 }
2429
2430 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2431 ev->num_hndl);
2432
2433 for (i = 0; i < ev->num_hndl; i++) {
2434 struct hci_comp_blocks_info *info = &ev->handles[i];
2435 struct hci_conn *conn;
2436 __u16 handle, block_count;
2437
2438 handle = __le16_to_cpu(info->handle);
2439 block_count = __le16_to_cpu(info->blocks);
2440
2441 conn = hci_conn_hash_lookup_handle(hdev, handle);
2442 if (!conn)
2443 continue;
2444
2445 conn->sent -= block_count;
2446
2447 switch (conn->type) {
2448 case ACL_LINK:
2449 hdev->block_cnt += block_count;
2450 if (hdev->block_cnt > hdev->num_blocks)
2451 hdev->block_cnt = hdev->num_blocks;
2452 break;
2453
2454 default:
2455 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2456 break;
2457 }
2458 }
2459
2460 queue_work(hdev->workqueue, &hdev->tx_work);
2461}
2462
a9de9248 2463static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2464{
a9de9248 2465 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2466 struct hci_conn *conn;
2467
2468 BT_DBG("%s status %d", hdev->name, ev->status);
2469
2470 hci_dev_lock(hdev);
2471
2472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2473 if (conn) {
2474 conn->mode = ev->mode;
2475 conn->interval = __le16_to_cpu(ev->interval);
2476
2477 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2478 if (conn->mode == HCI_CM_ACTIVE)
2479 conn->power_save = 1;
2480 else
2481 conn->power_save = 0;
2482 }
e73439d8
MH		 2483
2484 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2485 hci_sco_setup(conn, ev->status);
04837f64
MH		 2486 }
2487
2488 hci_dev_unlock(hdev);
2489}
2490
a9de9248
MH		 2491static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2492{
052b30b0
MH		 2493 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2494 struct hci_conn *conn;
2495
a9de9248 2496 BT_DBG("%s", hdev->name);
052b30b0
MH		 2497
2498 hci_dev_lock(hdev);
2499
2500 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2501 if (!conn)
2502 goto unlock;
2503
2504 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2505 hci_conn_hold(conn);
2506 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2507 hci_conn_put(conn);
2508 }
2509
a8b2d5c2 2510 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2511 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2512 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2513 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2514 u8 secure;
2515
2516 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2517 secure = 1;
2518 else
2519 secure = 0;
2520
744cf19e 2521 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2522 }
980e1a53 2523
b6f98044 2524unlock:
052b30b0 2525 hci_dev_unlock(hdev);
a9de9248
MH		 2526}
2527
2528static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2529{
55ed8ca1
JH		 2530 struct hci_ev_link_key_req *ev = (void *) skb->data;
2531 struct hci_cp_link_key_reply cp;
2532 struct hci_conn *conn;
2533 struct link_key *key;
2534
a9de9248 2535 BT_DBG("%s", hdev->name);
55ed8ca1 2536
a8b2d5c2 2537 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2538 return;
2539
2540 hci_dev_lock(hdev);
2541
2542 key = hci_find_link_key(hdev, &ev->bdaddr);
2543 if (!key) {
2544 BT_DBG("%s link key not found for %s", hdev->name,
2545 batostr(&ev->bdaddr));
2546 goto not_found;
2547 }
2548
2549 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2550 batostr(&ev->bdaddr));
2551
a8b2d5c2 2552 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2553 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2554 BT_DBG("%s ignoring debug key", hdev->name);
2555 goto not_found;
2556 }
2557
2558 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2559 if (conn) {
2560 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2561 conn->auth_type != 0xff &&
2562 (conn->auth_type & 0x01)) {
2563 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2564 goto not_found;
2565 }
55ed8ca1 2566
60b83f57
WR		 2567 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2568 conn->pending_sec_level == BT_SECURITY_HIGH) {
2569 BT_DBG("%s ignoring key unauthenticated for high \
2570 security", hdev->name);
2571 goto not_found;
2572 }
2573
2574 conn->key_type = key->type;
2575 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2576 }
2577
2578 bacpy(&cp.bdaddr, &ev->bdaddr);
2579 memcpy(cp.link_key, key->val, 16);
2580
2581 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2582
2583 hci_dev_unlock(hdev);
2584
2585 return;
2586
2587not_found:
2588 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2589 hci_dev_unlock(hdev);
a9de9248
MH		 2590}
2591
2592static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2593{
052b30b0
MH		 2594 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2595 struct hci_conn *conn;
55ed8ca1 2596 u8 pin_len = 0;
052b30b0 2597
a9de9248 2598 BT_DBG("%s", hdev->name);
052b30b0
MH		 2599
2600 hci_dev_lock(hdev);
2601
2602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2603 if (conn) {
2604 hci_conn_hold(conn);
2605 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2606 pin_len = conn->pin_length;
13d39315
WR		 2607
2608 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2609 conn->key_type = ev->key_type;
2610
052b30b0
MH		 2611 hci_conn_put(conn);
2612 }
2613
a8b2d5c2 2614 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2615 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2616 ev->key_type, pin_len);
2617
052b30b0 2618 hci_dev_unlock(hdev);
a9de9248
MH		 2619}
2620
1da177e4
LT		 2621static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2622{
a9de9248 2623 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2624 struct hci_conn *conn;
1da177e4
LT		 2625
2626 BT_DBG("%s status %d", hdev->name, ev->status);
2627
2628 hci_dev_lock(hdev);
2629
04837f64 2630 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2631 if (conn && !ev->status) {
2632 struct inquiry_entry *ie;
2633
cc11b9c1
AE		 2634 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2635 if (ie) {
1da177e4
LT		 2636 ie->data.clock_offset = ev->clock_offset;
2637 ie->timestamp = jiffies;
2638 }
2639 }
2640
2641 hci_dev_unlock(hdev);
2642}
2643
a8746417
MH		 2644static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645{
2646 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2647 struct hci_conn *conn;
2648
2649 BT_DBG("%s status %d", hdev->name, ev->status);
2650
2651 hci_dev_lock(hdev);
2652
2653 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2654 if (conn && !ev->status)
2655 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2656
2657 hci_dev_unlock(hdev);
2658}
2659
85a1e930
MH		 2660static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2661{
a9de9248 2662 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2663 struct inquiry_entry *ie;
2664
2665 BT_DBG("%s", hdev->name);
2666
2667 hci_dev_lock(hdev);
2668
cc11b9c1
AE		 2669 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2670 if (ie) {
85a1e930
MH		 2671 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2672 ie->timestamp = jiffies;
2673 }
2674
2675 hci_dev_unlock(hdev);
2676}
2677
a9de9248
MH		 2678static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2679{
2680 struct inquiry_data data;
2681 int num_rsp = *((__u8 *) skb->data);
3175405b 2682 bool name_known;
a9de9248
MH		 2683
2684 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2685
2686 if (!num_rsp)
2687 return;
2688
2689 hci_dev_lock(hdev);
2690
2691 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2692 struct inquiry_info_with_rssi_and_pscan_mode *info;
2693 info = (void *) (skb->data + 1);
a9de9248 2694
e17acd40 2695 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2696 bacpy(&data.bdaddr, &info->bdaddr);
2697 data.pscan_rep_mode = info->pscan_rep_mode;
2698 data.pscan_period_mode = info->pscan_period_mode;
2699 data.pscan_mode = info->pscan_mode;
2700 memcpy(data.dev_class, info->dev_class, 3);
2701 data.clock_offset = info->clock_offset;
2702 data.rssi = info->rssi;
41a96212 2703 data.ssp_mode = 0x00;
3175405b
JH		 2704
2705 name_known = hci_inquiry_cache_update(hdev, &data,
2706 false);
48264f06 2707 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2708 info->dev_class, info->rssi,
7d262f86 2709 !name_known, NULL, 0);
a9de9248
MH		 2710 }
2711 } else {
2712 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2713
e17acd40 2714 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2715 bacpy(&data.bdaddr, &info->bdaddr);
2716 data.pscan_rep_mode = info->pscan_rep_mode;
2717 data.pscan_period_mode = info->pscan_period_mode;
2718 data.pscan_mode = 0x00;
2719 memcpy(data.dev_class, info->dev_class, 3);
2720 data.clock_offset = info->clock_offset;
2721 data.rssi = info->rssi;
41a96212 2722 data.ssp_mode = 0x00;
3175405b
JH		 2723 name_known = hci_inquiry_cache_update(hdev, &data,
2724 false);
48264f06 2725 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2726 info->dev_class, info->rssi,
7d262f86 2727 !name_known, NULL, 0);
a9de9248
MH		 2728 }
2729 }
2730
2731 hci_dev_unlock(hdev);
2732}
2733
2734static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2735{
41a96212
MH		 2736 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2737 struct hci_conn *conn;
2738
a9de9248 2739 BT_DBG("%s", hdev->name);
41a96212 2740
41a96212
MH		 2741 hci_dev_lock(hdev);
2742
2743 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2744 if (!conn)
2745 goto unlock;
41a96212 2746
ccd556fe
JH		 2747 if (!ev->status && ev->page == 0x01) {
2748 struct inquiry_entry *ie;
41a96212 2749
cc11b9c1
AE		 2750 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2751 if (ie)
ccd556fe 2752 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2753
ccd556fe
JH		 2754 conn->ssp_mode = (ev->features[0] & 0x01);
2755 }
2756
2757 if (conn->state != BT_CONFIG)
2758 goto unlock;
2759
127178d2
JH		 2760 if (!ev->status) {
2761 struct hci_cp_remote_name_req cp;
2762 memset(&cp, 0, sizeof(cp));
2763 bacpy(&cp.bdaddr, &conn->dst);
2764 cp.pscan_rep_mode = 0x02;
2765 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2766 }
392599b9 2767
127178d2 2768 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2769 conn->state = BT_CONNECTED;
2770 hci_proto_connect_cfm(conn, ev->status);
2771 hci_conn_put(conn);
41a96212
MH		 2772 }
2773
ccd556fe 2774unlock:
41a96212 2775 hci_dev_unlock(hdev);
a9de9248
MH		 2776}
2777
2778static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2779{
b6a0dc82
MH		 2780 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2781 struct hci_conn *conn;
2782
2783 BT_DBG("%s status %d", hdev->name, ev->status);
2784
2785 hci_dev_lock(hdev);
2786
2787 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2788 if (!conn) {
2789 if (ev->link_type == ESCO_LINK)
2790 goto unlock;
2791
2792 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2793 if (!conn)
2794 goto unlock;
2795
2796 conn->type = SCO_LINK;
2797 }
b6a0dc82 2798
732547f9
MH		 2799 switch (ev->status) {
2800 case 0x00:
b6a0dc82
MH		 2801 conn->handle = __le16_to_cpu(ev->handle);
2802 conn->state = BT_CONNECTED;
7d0db0a3 2803
9eba32b8 2804 hci_conn_hold_device(conn);
7d0db0a3 2805 hci_conn_add_sysfs(conn);
732547f9
MH		 2806 break;
2807
705e5711 2808 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2809 case 0x1c: /* SCO interval rejected */
1038a00b 2810 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2811 case 0x1f: /* Unspecified error */
2812 if (conn->out && conn->attempt < 2) {
2813 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2814 (hdev->esco_type & EDR_ESCO_MASK);
2815 hci_setup_sync(conn, conn->link->handle);
2816 goto unlock;
2817 }
2818 /* fall through */
2819
2820 default:
b6a0dc82 2821 conn->state = BT_CLOSED;
732547f9
MH		 2822 break;
2823 }
b6a0dc82
MH		 2824
2825 hci_proto_connect_cfm(conn, ev->status);
2826 if (ev->status)
2827 hci_conn_del(conn);
2828
2829unlock:
2830 hci_dev_unlock(hdev);
a9de9248
MH		 2831}
2832
2833static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2834{
2835 BT_DBG("%s", hdev->name);
2836}
2837
04837f64
MH		 2838static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2839{
a9de9248 2840 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2841
2842 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2843}
2844
561aafbc
JH		 2845static inline bool eir_has_complete_name(u8 *data, size_t data_len)
2846{
2847 u8 field_len;
2848 size_t parsed;
2849
2850 for (parsed = 0; parsed < data_len - 1; parsed += field_len) {
2851 field_len = data[0];
2852
2853 if (field_len == 0)
2854 break;
2855
2856 parsed += field_len + 1;
2857
2858 if (parsed > data_len)
2859 break;
2860
2861 if (data[1] == EIR_NAME_COMPLETE)
2862 return true;
2863
2864 data += field_len + 1;
2865 }
2866
2867 return false;
2868}
2869
a9de9248 2870static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2871{
a9de9248
MH		 2872 struct inquiry_data data;
2873 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2874 int num_rsp = *((__u8 *) skb->data);
1da177e4 2875
a9de9248 2876 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2877
a9de9248
MH		 2878 if (!num_rsp)
2879 return;
1da177e4 2880
a9de9248
MH		 2881 hci_dev_lock(hdev);
2882
e17acd40 2883 for (; num_rsp; num_rsp--, info++) {
561aafbc
JH		 2884 bool name_known;
2885
a9de9248 2886 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2887 data.pscan_rep_mode = info->pscan_rep_mode;
2888 data.pscan_period_mode = info->pscan_period_mode;
2889 data.pscan_mode = 0x00;
a9de9248 2890 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2891 data.clock_offset = info->clock_offset;
2892 data.rssi = info->rssi;
41a96212 2893 data.ssp_mode = 0x01;
561aafbc 2894
a8b2d5c2 2895 if (test_bit(HCI_MGMT, &hdev->dev_flags))
561aafbc
JH		 2896 name_known = eir_has_complete_name(info->data,
2897 sizeof(info->data));
2898 else
2899 name_known = true;
2900
3175405b 2901 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
48264f06 2902 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2903 info->dev_class, info->rssi,
7d262f86
AG		 2904 !name_known, info->data,
2905 sizeof(info->data));
a9de9248
MH		 2906 }
2907
2908 hci_dev_unlock(hdev);
2909}
1da177e4 2910
17fa4b9d
JH		 2911static inline u8 hci_get_auth_req(struct hci_conn *conn)
2912{
2913 /* If remote requests dedicated bonding follow that lead */
2914 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2915 /* If both remote and local IO capabilities allow MITM
2916 * protection then require it, otherwise don't */
2917 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2918 return 0x02;
2919 else
2920 return 0x03;
2921 }
2922
2923 /* If remote requests no-bonding follow that lead */
2924 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2925 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2926
2927 return conn->auth_type;
2928}
2929
0493684e
MH		 2930static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2931{
2932 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2933 struct hci_conn *conn;
2934
2935 BT_DBG("%s", hdev->name);
2936
2937 hci_dev_lock(hdev);
2938
2939 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2940 if (!conn)
2941 goto unlock;
2942
2943 hci_conn_hold(conn);
2944
a8b2d5c2 2945 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 2946 goto unlock;
2947
a8b2d5c2 2948 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 2949 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2950 struct hci_cp_io_capability_reply cp;
2951
2952 bacpy(&cp.bdaddr, &ev->bdaddr);
2953 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2954 conn->auth_type = hci_get_auth_req(conn);
2955 cp.authentication = conn->auth_type;
17fa4b9d 2956
ce85ee13
SJ		 2957 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2958 hci_find_remote_oob_data(hdev, &conn->dst))
2959 cp.oob_data = 0x01;
2960 else
2961 cp.oob_data = 0x00;
2962
17fa4b9d
JH		 2963 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2964 sizeof(cp), &cp);
03b555e1
JH		 2965 } else {
2966 struct hci_cp_io_capability_neg_reply cp;
2967
2968 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2969 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2970
03b555e1
JH		 2971 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2972 sizeof(cp), &cp);
2973 }
2974
2975unlock:
2976 hci_dev_unlock(hdev);
2977}
2978
2979static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2980{
2981 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2982 struct hci_conn *conn;
2983
2984 BT_DBG("%s", hdev->name);
2985
2986 hci_dev_lock(hdev);
2987
2988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2989 if (!conn)
2990 goto unlock;
2991
03b555e1
JH		 2992 conn->remote_cap = ev->capability;
2993 conn->remote_oob = ev->oob_data;
2994 conn->remote_auth = ev->authentication;
2995
2996unlock:
0493684e
MH		 2997 hci_dev_unlock(hdev);
2998}
2999
a5c29683
JH		 3000static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3001 struct sk_buff *skb)
3002{
3003 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3004 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3005 struct hci_conn *conn;
a5c29683
JH		 3006
3007 BT_DBG("%s", hdev->name);
3008
3009 hci_dev_lock(hdev);
3010
a8b2d5c2 3011 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3012 goto unlock;
a5c29683 3013
7a828908
JH		 3014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3015 if (!conn)
3016 goto unlock;
3017
3018 loc_mitm = (conn->auth_type & 0x01);
3019 rem_mitm = (conn->remote_auth & 0x01);
3020
3021 /* If we require MITM but the remote device can't provide that
3022 * (it has NoInputNoOutput) then reject the confirmation
3023 * request. The only exception is when we're dedicated bonding
3024 * initiators (connect_cfm_cb set) since then we always have the MITM
3025 * bit set. */
3026 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3027 BT_DBG("Rejecting request: remote device can't provide MITM");
3028 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3029 sizeof(ev->bdaddr), &ev->bdaddr);
3030 goto unlock;
3031 }
3032
3033 /* If no side requires MITM protection; auto-accept */
3034 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3035 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3036
3037 /* If we're not the initiators request authorization to
3038 * proceed from user space (mgmt_user_confirm with
3039 * confirm_hint set to 1). */
3040 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
3041 BT_DBG("Confirming auto-accept as acceptor");
3042 confirm_hint = 1;
3043 goto confirm;
3044 }
3045
9f61656a
JH		 3046 BT_DBG("Auto-accept of user confirmation with %ums delay",
3047 hdev->auto_accept_delay);
3048
3049 if (hdev->auto_accept_delay > 0) {
3050 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3051 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3052 goto unlock;
3053 }
3054
7a828908
JH		 3055 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3056 sizeof(ev->bdaddr), &ev->bdaddr);
3057 goto unlock;
3058 }
3059
55bc1a37 3060confirm:
744cf19e 3061 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 3062 confirm_hint);
7a828908
JH		 3063
3064unlock:
a5c29683
JH		 3065 hci_dev_unlock(hdev);
3066}
3067
1143d458
BG		 3068static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3069 struct sk_buff *skb)
3070{
3071 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3072
3073 BT_DBG("%s", hdev->name);
3074
3075 hci_dev_lock(hdev);
3076
a8b2d5c2 3077 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458
BG		 3078 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3079
3080 hci_dev_unlock(hdev);
3081}
3082
0493684e
MH		 3083static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3084{
3085 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3086 struct hci_conn *conn;
3087
3088 BT_DBG("%s", hdev->name);
3089
3090 hci_dev_lock(hdev);
3091
3092 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3093 if (!conn)
3094 goto unlock;
3095
3096 /* To avoid duplicate auth_failed events to user space we check
3097 * the HCI_CONN_AUTH_PEND flag which will be set if we
3098 * initiated the authentication. A traditional auth_complete
3099 * event gets always produced as initiator and is also mapped to
3100 * the mgmt_auth_failed event */
3101 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 3102 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 3103
2a611692
JH		 3104 hci_conn_put(conn);
3105
3106unlock:
0493684e
MH		 3107 hci_dev_unlock(hdev);
3108}
3109
41a96212
MH		 3110static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3111{
3112 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3113 struct inquiry_entry *ie;
3114
3115 BT_DBG("%s", hdev->name);
3116
3117 hci_dev_lock(hdev);
3118
cc11b9c1
AE		 3119 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3120 if (ie)
41a96212
MH		 3121 ie->data.ssp_mode = (ev->features[0] & 0x01);
3122
3123 hci_dev_unlock(hdev);
3124}
3125
2763eda6
SJ		 3126static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3127 struct sk_buff *skb)
3128{
3129 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3130 struct oob_data *data;
3131
3132 BT_DBG("%s", hdev->name);
3133
3134 hci_dev_lock(hdev);
3135
a8b2d5c2 3136 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3137 goto unlock;
3138
2763eda6
SJ		 3139 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3140 if (data) {
3141 struct hci_cp_remote_oob_data_reply cp;
3142
3143 bacpy(&cp.bdaddr, &ev->bdaddr);
3144 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3145 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3146
3147 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3148 &cp);
3149 } else {
3150 struct hci_cp_remote_oob_data_neg_reply cp;
3151
3152 bacpy(&cp.bdaddr, &ev->bdaddr);
3153 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3154 &cp);
3155 }
3156
e1ba1f15 3157unlock:
2763eda6
SJ		 3158 hci_dev_unlock(hdev);
3159}
3160
fcd89c09
VT		 3161static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3162{
3163 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3164 struct hci_conn *conn;
3165
3166 BT_DBG("%s status %d", hdev->name, ev->status);
3167
3168 hci_dev_lock(hdev);
3169
3170 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3171 if (!conn) {
3172 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3173 if (!conn) {
3174 BT_ERR("No memory for new connection");
3175 hci_dev_unlock(hdev);
3176 return;
3177 }
29b7988a
AG		 3178
3179 conn->dst_type = ev->bdaddr_type;
b62f328b 3180 }
fcd89c09
VT		 3181
3182 if (ev->status) {
48264f06
JH		 3183 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3184 conn->dst_type, ev->status);
fcd89c09
VT		 3185 hci_proto_connect_cfm(conn, ev->status);
3186 conn->state = BT_CLOSED;
3187 hci_conn_del(conn);
3188 goto unlock;
3189 }
3190
afc747a6 3191 mgmt_device_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 3192
7b5c0d52 3193 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3194 conn->handle = __le16_to_cpu(ev->handle);
3195 conn->state = BT_CONNECTED;
3196
3197 hci_conn_hold_device(conn);
3198 hci_conn_add_sysfs(conn);
3199
3200 hci_proto_connect_cfm(conn, ev->status);
3201
3202unlock:
3203 hci_dev_unlock(hdev);
3204}
3205
9aa04c91
AG		 3206static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3207 struct sk_buff *skb)
3208{
e95beb41
AG		 3209 u8 num_reports = skb->data[0];
3210 void *ptr = &skb->data[1];
3c9e9195 3211 s8 rssi;
9aa04c91
AG		 3212
3213 hci_dev_lock(hdev);
3214
e95beb41
AG		 3215 while (num_reports--) {
3216 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3217
9aa04c91 3218 hci_add_adv_entry(hdev, ev);
e95beb41 3219
3c9e9195
AG		 3220 rssi = ev->data[ev->length];
3221 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3222 NULL, rssi, 0, ev->data, ev->length);
3223
e95beb41 3224 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3225 }
3226
3227 hci_dev_unlock(hdev);
3228}
3229
a7a595f6
VCG		 3230static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3231 struct sk_buff *skb)
3232{
3233 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3234 struct hci_cp_le_ltk_reply cp;
bea710fe 3235 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3236 struct hci_conn *conn;
bea710fe 3237 struct link_key *ltk;
a7a595f6
VCG		 3238
3239 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3240
3241 hci_dev_lock(hdev);
3242
3243 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3244 if (conn == NULL)
3245 goto not_found;
a7a595f6 3246
bea710fe
VCG		 3247 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3248 if (ltk == NULL)
3249 goto not_found;
3250
3251 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3252 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3253 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3254
3255 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3256
3257 hci_dev_unlock(hdev);
bea710fe
VCG		 3258
3259 return;
3260
3261not_found:
3262 neg.handle = ev->handle;
3263 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3264 hci_dev_unlock(hdev);
a7a595f6
VCG		 3265}
3266
fcd89c09
VT		 3267static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3268{
3269 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3270
3271 skb_pull(skb, sizeof(*le_ev));
3272
3273 switch (le_ev->subevent) {
3274 case HCI_EV_LE_CONN_COMPLETE:
3275 hci_le_conn_complete_evt(hdev, skb);
3276 break;
3277
9aa04c91
AG		 3278 case HCI_EV_LE_ADVERTISING_REPORT:
3279 hci_le_adv_report_evt(hdev, skb);
3280 break;
3281
a7a595f6
VCG		 3282 case HCI_EV_LE_LTK_REQ:
3283 hci_le_ltk_request_evt(hdev, skb);
3284 break;
3285
fcd89c09
VT		 3286 default:
3287 break;
3288 }
3289}
3290
a9de9248
MH		 3291void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3292{
3293 struct hci_event_hdr *hdr = (void *) skb->data;
3294 __u8 event = hdr->evt;
3295
3296 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3297
3298 switch (event) {
1da177e4
LT		 3299 case HCI_EV_INQUIRY_COMPLETE:
3300 hci_inquiry_complete_evt(hdev, skb);
3301 break;
3302
3303 case HCI_EV_INQUIRY_RESULT:
3304 hci_inquiry_result_evt(hdev, skb);
3305 break;
3306
a9de9248
MH		 3307 case HCI_EV_CONN_COMPLETE:
3308 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3309 break;
3310
1da177e4
LT		 3311 case HCI_EV_CONN_REQUEST:
3312 hci_conn_request_evt(hdev, skb);
3313 break;
3314
1da177e4
LT		 3315 case HCI_EV_DISCONN_COMPLETE:
3316 hci_disconn_complete_evt(hdev, skb);
3317 break;
3318
1da177e4
LT		 3319 case HCI_EV_AUTH_COMPLETE:
3320 hci_auth_complete_evt(hdev, skb);
3321 break;
3322
a9de9248
MH		 3323 case HCI_EV_REMOTE_NAME:
3324 hci_remote_name_evt(hdev, skb);
3325 break;
3326
1da177e4
LT		 3327 case HCI_EV_ENCRYPT_CHANGE:
3328 hci_encrypt_change_evt(hdev, skb);
3329 break;
3330
a9de9248
MH		 3331 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3332 hci_change_link_key_complete_evt(hdev, skb);
3333 break;
3334
3335 case HCI_EV_REMOTE_FEATURES:
3336 hci_remote_features_evt(hdev, skb);
3337 break;
3338
3339 case HCI_EV_REMOTE_VERSION:
3340 hci_remote_version_evt(hdev, skb);
3341 break;
3342
3343 case HCI_EV_QOS_SETUP_COMPLETE:
3344 hci_qos_setup_complete_evt(hdev, skb);
3345 break;
3346
3347 case HCI_EV_CMD_COMPLETE:
3348 hci_cmd_complete_evt(hdev, skb);
3349 break;
3350
3351 case HCI_EV_CMD_STATUS:
3352 hci_cmd_status_evt(hdev, skb);
3353 break;
3354
3355 case HCI_EV_ROLE_CHANGE:
3356 hci_role_change_evt(hdev, skb);
3357 break;
3358
3359 case HCI_EV_NUM_COMP_PKTS:
3360 hci_num_comp_pkts_evt(hdev, skb);
3361 break;
3362
3363 case HCI_EV_MODE_CHANGE:
3364 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3365 break;
3366
3367 case HCI_EV_PIN_CODE_REQ:
3368 hci_pin_code_request_evt(hdev, skb);
3369 break;
3370
3371 case HCI_EV_LINK_KEY_REQ:
3372 hci_link_key_request_evt(hdev, skb);
3373 break;
3374
3375 case HCI_EV_LINK_KEY_NOTIFY:
3376 hci_link_key_notify_evt(hdev, skb);
3377 break;
3378
3379 case HCI_EV_CLOCK_OFFSET:
3380 hci_clock_offset_evt(hdev, skb);
3381 break;
3382
a8746417
MH		 3383 case HCI_EV_PKT_TYPE_CHANGE:
3384 hci_pkt_type_change_evt(hdev, skb);
3385 break;
3386
85a1e930
MH		 3387 case HCI_EV_PSCAN_REP_MODE:
3388 hci_pscan_rep_mode_evt(hdev, skb);
3389 break;
3390
a9de9248
MH		 3391 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3392 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3393 break;
3394
a9de9248
MH		 3395 case HCI_EV_REMOTE_EXT_FEATURES:
3396 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3397 break;
3398
a9de9248
MH		 3399 case HCI_EV_SYNC_CONN_COMPLETE:
3400 hci_sync_conn_complete_evt(hdev, skb);
3401 break;
1da177e4 3402
a9de9248
MH		 3403 case HCI_EV_SYNC_CONN_CHANGED:
3404 hci_sync_conn_changed_evt(hdev, skb);
3405 break;
1da177e4 3406
a9de9248
MH		 3407 case HCI_EV_SNIFF_SUBRATE:
3408 hci_sniff_subrate_evt(hdev, skb);
3409 break;
1da177e4 3410
a9de9248
MH		 3411 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3412 hci_extended_inquiry_result_evt(hdev, skb);
3413 break;
1da177e4 3414
0493684e
MH		 3415 case HCI_EV_IO_CAPA_REQUEST:
3416 hci_io_capa_request_evt(hdev, skb);
3417 break;
3418
03b555e1
JH		 3419 case HCI_EV_IO_CAPA_REPLY:
3420 hci_io_capa_reply_evt(hdev, skb);
3421 break;
3422
a5c29683
JH		 3423 case HCI_EV_USER_CONFIRM_REQUEST:
3424 hci_user_confirm_request_evt(hdev, skb);
3425 break;
3426
1143d458
BG		 3427 case HCI_EV_USER_PASSKEY_REQUEST:
3428 hci_user_passkey_request_evt(hdev, skb);
3429 break;
3430
0493684e
MH		 3431 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3432 hci_simple_pair_complete_evt(hdev, skb);
3433 break;
3434
41a96212
MH		 3435 case HCI_EV_REMOTE_HOST_FEATURES:
3436 hci_remote_host_features_evt(hdev, skb);
3437 break;
3438
fcd89c09
VT		 3439 case HCI_EV_LE_META:
3440 hci_le_meta_evt(hdev, skb);
3441 break;
3442
2763eda6
SJ		 3443 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3444 hci_remote_oob_data_request_evt(hdev, skb);
3445 break;
3446
25e89e99
AE		 3447 case HCI_EV_NUM_COMP_BLOCKS:
3448 hci_num_comp_blocks_evt(hdev, skb);
3449 break;
3450
a9de9248
MH		 3451 default:
3452 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3453 break;
3454 }
3455
3456 kfree_skb(skb);
3457 hdev->stat.evt_rx++;
3458}
3459
3460/* Generate internal stack event */
3461void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3462{
3463 struct hci_event_hdr *hdr;
3464 struct hci_ev_stack_internal *ev;
3465 struct sk_buff *skb;
3466
3467 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3468 if (!skb)
3469 return;
3470
3471 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3472 hdr->evt = HCI_EV_STACK_INTERNAL;
3473 hdr->plen = sizeof(*ev) + dlen;
3474
3475 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3476 ev->type = type;
3477 memcpy(ev->data, data, dlen);
3478
576c7d85 3479 bt_cb(skb)->incoming = 1;
a61bbcf2 3480 __net_timestamp(skb);
576c7d85 3481
0d48d939 3482 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3483 skb->dev = (void *) hdev;
eec8d2bc 3484 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3485 kfree_skb(skb);
3486}
e6100a25 3487
669bb396 3488module_param(enable_le, bool, 0644);
e6100a25 3489MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)