projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor hci_cs_le_create_conn
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
1da177e4
LT		 33/* Handle HCI Event packets */
34
a9de9248 35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 36{
a9de9248 37 __u8 status = *((__u8 *) skb->data);
1da177e4 38
9f1db00c 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 40
e6d465cb
AG		 41 if (status) {
42 hci_dev_lock(hdev);
43 mgmt_stop_discovery_failed(hdev, status);
44 hci_dev_unlock(hdev);
a9de9248 45 return;
e6d465cb 46 }
1da177e4 47
89352e7d
AG		 48 clear_bit(HCI_INQUIRY, &hdev->flags);
49
56e5cb86 50 hci_dev_lock(hdev);
ff9ef578 51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 52 hci_dev_unlock(hdev);
6bd57416 53
23bb5763 54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 55
56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
a297e97c 198 /* Reset all non-persistent flags */
ae854a70
AG		 199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 201
202 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
3159d384
JH		 224
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263
23bb5763 264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 265}
266
a9de9248 267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 268{
a9de9248 269 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 270 void *sent;
271
9f1db00c 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 273
a9de9248
MH		 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent)
276 return;
1da177e4 277
a9de9248
MH		 278 if (!status) {
279 __u8 param = *((__u8 *) sent);
280
281 if (param)
282 set_bit(HCI_ENCRYPT, &hdev->flags);
283 else
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
285 }
1da177e4 286
23bb5763 287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 288}
1da177e4 289
a9de9248
MH		 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
36f7fc7e
JH		 292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
a9de9248 294 void *sent;
1da177e4 295
9f1db00c 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 297
a9de9248
MH		 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
1da177e4 301
36f7fc7e
JH		 302 param = *((__u8 *) sent);
303
56e5cb86
JH		 304 hci_dev_lock(hdev);
305
2d7cee58 306 if (status != 0) {
744cf19e 307 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
36f7fc7e
JH		 312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
317 if (!old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 322 to);
16ab91ab 323 }
36f7fc7e 324 } else if (old_iscan)
744cf19e 325 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
744cf19e 330 mgmt_connectable(hdev, 1);
36f7fc7e 331 } else if (old_pscan)
744cf19e 332 mgmt_connectable(hdev, 0);
1da177e4 333
36f7fc7e 334done:
56e5cb86 335 hci_dev_unlock(hdev);
23bb5763 336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
a9de9248 428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 429{
a9de9248 430 __u8 status = *((__u8 *) skb->data);
1da177e4 431
9f1db00c 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 433
23bb5763 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 435}
1143e5a6 436
333140b5
MH		 437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438{
439 __u8 status = *((__u8 *) skb->data);
440 void *sent;
441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 443
333140b5
MH		 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
ed2c4ee3 448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
450 else if (!status) {
451 if (*((u8 *) sent))
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 else
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 }
333140b5
MH		 456}
457
d5859e22
JH		 458static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
459{
460 if (hdev->features[6] & LMP_EXT_INQ)
461 return 2;
462
463 if (hdev->features[3] & LMP_RSSI_INQ)
464 return 1;
465
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 467 hdev->lmp_subver == 0x0757)
d5859e22
JH		 468 return 1;
469
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
472 return 1;
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
476 return 1;
477 }
478
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 480 hdev->lmp_subver == 0x1805)
d5859e22
JH		 481 return 1;
482
483 return 0;
484}
485
486static void hci_setup_inquiry_mode(struct hci_dev *hdev)
487{
488 u8 mode;
489
490 mode = hci_get_inquiry_mode(hdev);
491
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
493}
494
495static void hci_setup_event_mask(struct hci_dev *hdev)
496{
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
501
6de6c18d
VT		 502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
5a13b095 504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 505 return;
506
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 512
513 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 514 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 515
999dcd10 516 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 517 events[5] |= 0x20; /* Sniff Subrating */
518
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
521
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
524
c58e810e 525 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 526 events[7] |= 0x01; /* Enhanced Flush Complete */
527
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
530
9a1a1996 531 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
542 }
543
c383ddc4 544 if (lmp_le_capable(hdev))
d5859e22
JH		 545 events[7] |= 0x20; /* LE Meta-Event */
546
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
548}
549
550static void hci_setup(struct hci_dev *hdev)
551{
e61ef499
AE		 552 if (hdev->dev_type != HCI_BREDR)
553 return;
554
d5859e22
JH		 555 hci_setup_event_mask(hdev);
556
d095c1eb 557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
559
6d3c730f 560 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
562 u8 mode = 0x01;
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 564 sizeof(mode), &mode);
54d04dbb
JH		 565 } else {
566 struct hci_cp_write_eir cp;
567
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
570
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
572 }
d5859e22
JH		 573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
586 &cp);
971e3a4b 587 }
e6100a25 588
47990ea0
JH		 589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
590 u8 enable = 1;
04124681
GP		 591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
592 &enable);
47990ea0 593 }
d5859e22
JH		 594}
595
a9de9248
MH		 596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 599
9f1db00c 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 601
a9de9248 602 if (rp->status)
28b8df77 603 goto done;
1143e5a6 604
a9de9248 605 hdev->hci_ver = rp->hci_ver;
e4e8e37c 606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 607 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 610
9f1db00c 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 613
614 if (test_bit(HCI_INIT, &hdev->flags))
615 hci_setup(hdev);
28b8df77
AE		 616
617done:
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
035100c8 623 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 624 u16 link_policy = 0;
625
9f92ebf6 626 if (lmp_rswitch_capable(hdev))
d5859e22
JH		 627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
6eded100 630 if (lmp_sniff_capable(hdev))
d5859e22
JH		 631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
634
035100c8
AE		 635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 637}
1da177e4 638
8fc9ced3
GP		 639static void hci_cc_read_local_commands(struct hci_dev *hdev,
640 struct sk_buff *skb)
a9de9248
MH		 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 643
9f1db00c 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 645
a9de9248 646 if (rp->status)
d5859e22 647 goto done;
1da177e4 648
a9de9248 649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 650
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
653
654done:
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 656}
1da177e4 657
8fc9ced3
GP		 658static void hci_cc_read_local_features(struct hci_dev *hdev,
659 struct sk_buff *skb)
a9de9248
MH		 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 662
9f1db00c 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
5b7f9909 667
a9de9248 668 memcpy(hdev->features, rp->features, 8);
5b7f9909 669
a9de9248
MH		 670 /* Adjust default settings according to features
671 * supported by device. */
1da177e4 672
a9de9248
MH		 673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
1da177e4 688
45db810f 689 if (lmp_esco_capable(hdev))
a9de9248 690 hdev->esco_type |= (ESCO_EV3);
da1f5198 691
a9de9248
MH		 692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
1da177e4 697
efc7688b
MH		 698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
a9de9248 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
a9de9248 712}
1da177e4 713
8f984dfa
JH		 714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
9d42820f 720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
8f984dfa
JH		 728}
729
971e3a4b 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 731 struct sk_buff *skb)
971e3a4b
AG		 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
9f1db00c 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 736
737 if (rp->status)
8f984dfa 738 goto done;
971e3a4b 739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b 748
c383ddc4 749 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 750 hci_set_le_support(hdev);
751
752done:
971e3a4b
AG		 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
1e89cffb 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 757 struct sk_buff *skb)
1e89cffb
AE		 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
9f1db00c 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
a9de9248
MH		 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 774
9f1db00c 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 776
a9de9248
MH		 777 if (rp->status)
778 return;
1da177e4 779
a9de9248
MH		 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
1da177e4 788 }
a9de9248
MH		 789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
807deac2
GP		 793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 795}
796
797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800
9f1db00c 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 802
803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
805
23bb5763
JH		 806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
807}
808
350ee4cf 809static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 810 struct sk_buff *skb)
350ee4cf
AE		 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813
9f1db00c 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 815
816 if (rp->status)
817 return;
818
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
822
823 hdev->block_cnt = hdev->num_blocks;
824
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 826 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 827
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
829}
830
23bb5763
JH		 831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
9f1db00c 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 838}
839
928abaa7 840static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
928abaa7
AE		 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 846
847 if (rp->status)
848 return;
849
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
860
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
862}
863
b0916ea0 864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 865 struct sk_buff *skb)
b0916ea0
JH		 866{
867 __u8 status = *((__u8 *) skb->data);
868
9f1db00c 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872}
873
d5859e22
JH		 874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
9f1db00c 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881}
882
883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 884 struct sk_buff *skb)
d5859e22
JH		 885{
886 __u8 status = *((__u8 *) skb->data);
887
9f1db00c 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891}
892
893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 894 struct sk_buff *skb)
d5859e22 895{
91c4e9b1 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 897
9f1db00c 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 899
900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power;
d5859e22 902
91c4e9b1 903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
980e1a53
JH		 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 927
928 if (rp->status != 0)
56e5cb86 929 goto unlock;
980e1a53
JH		 930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
56e5cb86 933 goto unlock;
980e1a53
JH		 934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
56e5cb86
JH		 938
939unlock:
940 hci_dev_unlock(hdev);
980e1a53
JH		 941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
9f1db00c 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 948
56e5cb86
JH		 949 hci_dev_lock(hdev);
950
a8b2d5c2 951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 953 rp->status);
56e5cb86
JH		 954
955 hci_dev_unlock(hdev);
980e1a53 956}
56e5cb86 957
6ed58ec5
VT		 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
9f1db00c 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
980e1a53 977
a5c29683
JH		 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 983
56e5cb86
JH		 984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 994 struct sk_buff *skb)
a5c29683
JH		 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
9f1db00c 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 999
56e5cb86
JH		 1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1004 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1005
1006 hci_dev_unlock(hdev);
a5c29683
JH		 1007}
1008
1143d458
BG		 1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1019 0, rp->status);
1143d458
BG		 1020
1021 hci_dev_unlock(hdev);
1022}
1023
1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1025 struct sk_buff *skb)
1143d458
BG		 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1030
1031 hci_dev_lock(hdev);
1032
a8b2d5c2 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1035 ACL_LINK, 0, rp->status);
1143d458
BG		 1036
1037 hci_dev_unlock(hdev);
1038}
1039
c35938b2 1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1041 struct sk_buff *skb)
c35938b2
SJ		 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044
9f1db00c 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1046
56e5cb86 1047 hci_dev_lock(hdev);
744cf19e 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1049 rp->randomizer, rp->status);
56e5cb86 1050 hci_dev_unlock(hdev);
c35938b2
SJ		 1051}
1052
07f7fa5d
AG		 1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 __u8 status = *((__u8 *) skb->data);
1056
9f1db00c 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1060
1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1065 return;
1066 }
07f7fa5d
AG		 1067}
1068
eb9d91f5 1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1070 struct sk_buff *skb)
eb9d91f5
AG		 1071{
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1076
eb9d91f5
AG		 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp)
1079 return;
1080
68a8aea4
AE		 1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1084
3fd24153
AG		 1085 if (status) {
1086 hci_dev_lock(hdev);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
7ba8b4be 1089 return;
3fd24153 1090 }
7ba8b4be 1091
d23264a8
AG		 1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093
a8f13c8c 1094 hci_dev_lock(hdev);
343f935b 1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1096 hci_dev_unlock(hdev);
68a8aea4
AE		 1097 break;
1098
1099 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1100 if (status) {
1101 hci_dev_lock(hdev);
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
7ba8b4be 1104 return;
c9ecc48e 1105 }
7ba8b4be 1106
d23264a8
AG		 1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1108
bc3dd33c
AG		 1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1111 mgmt_interleaved_discovery(hdev);
1112 } else {
1113 hci_dev_lock(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1116 }
1117
68a8aea4
AE		 1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
35815085 1123 }
eb9d91f5
AG		 1124}
1125
a7a595f6
VCG		 1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129
9f1db00c 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1131
1132 if (rp->status)
1133 return;
1134
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1136}
1137
1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1143
1144 if (rp->status)
1145 return;
1146
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1148}
1149
6039aa73
GP		 1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
f9b49306 1152{
06199cf8 1153 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1154 __u8 status = *((__u8 *) skb->data);
1155
9f1db00c 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1157
06199cf8 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1159 if (!sent)
f9b49306
AG		 1160 return;
1161
8f984dfa
JH		 1162 if (!status) {
1163 if (sent->le)
1164 hdev->host_features[0] |= LMP_HOST_LE;
1165 else
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1167 }
1168
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1170 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1171 mgmt_le_enable_complete(hdev, sent->le, status);
1172
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1174}
1175
6039aa73 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1177{
9f1db00c 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1179
1180 if (status) {
23bb5763 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1182 hci_conn_check_pending(hdev);
56e5cb86 1183 hci_dev_lock(hdev);
a8b2d5c2 1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1185 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1186 hci_dev_unlock(hdev);
314b2381
JH		 1187 return;
1188 }
1189
89352e7d
AG		 1190 set_bit(HCI_INQUIRY, &hdev->flags);
1191
56e5cb86 1192 hci_dev_lock(hdev);
343f935b 1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1194 hci_dev_unlock(hdev);
1da177e4
LT		 1195}
1196
6039aa73 1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1198{
a9de9248 1199 struct hci_cp_create_conn *cp;
1da177e4 1200 struct hci_conn *conn;
1da177e4 1201
9f1db00c 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211
9f1db00c 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1213
1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1219 hci_conn_del(conn);
1220 } else
1221 conn->state = BT_CONNECT2;
1da177e4
LT		 1222 }
1223 } else {
1224 if (!conn) {
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1226 if (conn) {
a0c808b3 1227 conn->out = true;
1da177e4
LT		 1228 conn->link_mode |= HCI_LM_MASTER;
1229 } else
893ef971 1230 BT_ERR("No memory for new connection");
1da177e4
LT		 1231 }
1232 }
1233
1234 hci_dev_unlock(hdev);
1235}
1236
a9de9248 1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1238{
a9de9248
MH		 1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1241 __u16 handle;
1da177e4 1242
9f1db00c 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1244
a9de9248
MH		 1245 if (!status)
1246 return;
1da177e4 1247
a9de9248
MH		 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1249 if (!cp)
1250 return;
1da177e4 1251
a9de9248 1252 handle = __le16_to_cpu(cp->handle);
1da177e4 1253
9f1db00c 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1255
a9de9248 1256 hci_dev_lock(hdev);
1da177e4 1257
a9de9248 1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1259 if (acl) {
1260 sco = acl->link;
1261 if (sco) {
1262 sco->state = BT_CLOSED;
1da177e4 1263
5a08ecce
AE		 1264 hci_proto_connect_cfm(sco, status);
1265 hci_conn_del(sco);
1266 }
a9de9248 1267 }
1da177e4 1268
a9de9248
MH		 1269 hci_dev_unlock(hdev);
1270}
1da177e4 1271
f8558555
MH		 1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1273{
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1276
9f1db00c 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1278
1279 if (!status)
1280 return;
1281
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1283 if (!cp)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn) {
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1292 hci_conn_put(conn);
1293 }
1294 }
1295
1296 hci_dev_unlock(hdev);
1297}
1298
1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1300{
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1303
9f1db00c 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1305
1306 if (!status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn) {
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1319 hci_conn_put(conn);
1320 }
1321 }
1322
1323 hci_dev_unlock(hdev);
1324}
1325
127178d2 1326static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1327 struct hci_conn *conn)
392599b9 1328{
392599b9
JH		 1329 if (conn->state != BT_CONFIG || !conn->out)
1330 return 0;
1331
765c2a96 1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1333 return 0;
1334
1335 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1336 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1339 return 0;
1340
392599b9
JH		 1341 return 1;
1342}
1343
6039aa73 1344static int hci_resolve_name(struct hci_dev *hdev,
04124681 1345 struct inquiry_entry *e)
30dc78e1
JH		 1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
b644ba33 1359static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
b644ba33
JH		 1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1368 if (hci_resolve_name(hdev, e) == 0) {
1369 e->name_state = NAME_PENDING;
1370 return true;
1371 }
1372
1373 return false;
1374}
1375
1376static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1377 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1378{
1379 struct discovery_state *discov = &hdev->discovery;
1380 struct inquiry_entry *e;
1381
1382 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1383 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1384 name_len, conn->dev_class);
b644ba33
JH		 1385
1386 if (discov->state == DISCOVERY_STOPPED)
1387 return;
1388
30dc78e1
JH		 1389 if (discov->state == DISCOVERY_STOPPING)
1390 goto discov_complete;
1391
1392 if (discov->state != DISCOVERY_RESOLVING)
1393 return;
1394
1395 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1396 if (e) {
1397 e->name_state = NAME_KNOWN;
1398 list_del(&e->list);
b644ba33
JH		 1399 if (name)
1400 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1401 e->data.rssi, name, name_len);
30dc78e1
JH		 1402 }
1403
b644ba33 1404 if (hci_resolve_next_name(hdev))
30dc78e1 1405 return;
30dc78e1
JH		 1406
1407discov_complete:
1408 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1409}
1410
a9de9248
MH		 1411static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1412{
127178d2
JH		 1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn;
1415
9f1db00c 1416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1417
1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */
1420 if (!status)
1421 return;
1422
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1424 if (!cp)
1425 return;
1426
1427 hci_dev_lock(hdev);
1428
b644ba33
JH		 1429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1430
a8b2d5c2 1431 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1432 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1433
79c6c70c
JH		 1434 if (!conn)
1435 goto unlock;
1436
1437 if (!hci_outgoing_auth_needed(hdev, conn))
1438 goto unlock;
1439
51a8efd7 1440 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1441 struct hci_cp_auth_requested cp;
1442 cp.handle = __cpu_to_le16(conn->handle);
1443 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1444 }
1445
79c6c70c 1446unlock:
127178d2 1447 hci_dev_unlock(hdev);
a9de9248 1448}
1da177e4 1449
769be974
MH		 1450static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1451{
1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn;
1454
9f1db00c 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1456
1457 if (!status)
1458 return;
1459
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1461 if (!cp)
1462 return;
1463
1464 hci_dev_lock(hdev);
1465
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 if (conn) {
1468 if (conn->state == BT_CONFIG) {
769be974
MH		 1469 hci_proto_connect_cfm(conn, status);
1470 hci_conn_put(conn);
1471 }
1472 }
1473
1474 hci_dev_unlock(hdev);
1475}
1476
1477static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1478{
1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn;
1481
9f1db00c 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1483
1484 if (!status)
1485 return;
1486
1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1488 if (!cp)
1489 return;
1490
1491 hci_dev_lock(hdev);
1492
1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 if (conn) {
1495 if (conn->state == BT_CONFIG) {
769be974
MH		 1496 hci_proto_connect_cfm(conn, status);
1497 hci_conn_put(conn);
1498 }
1499 }
1500
1501 hci_dev_unlock(hdev);
1502}
1503
a9de9248
MH		 1504static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1505{
b6a0dc82
MH		 1506 struct hci_cp_setup_sync_conn *cp;
1507 struct hci_conn *acl, *sco;
1508 __u16 handle;
1509
9f1db00c 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1511
1512 if (!status)
1513 return;
1514
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1516 if (!cp)
1517 return;
1518
1519 handle = __le16_to_cpu(cp->handle);
1520
9f1db00c 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1522
1523 hci_dev_lock(hdev);
1524
1525 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1526 if (acl) {
1527 sco = acl->link;
1528 if (sco) {
1529 sco->state = BT_CLOSED;
b6a0dc82 1530
5a08ecce
AE		 1531 hci_proto_connect_cfm(sco, status);
1532 hci_conn_del(sco);
1533 }
b6a0dc82
MH		 1534 }
1535
1536 hci_dev_unlock(hdev);
1da177e4
LT		 1537}
1538
a9de9248 1539static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1540{
a9de9248
MH		 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn;
1da177e4 1543
9f1db00c 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1545
a9de9248
MH		 1546 if (!status)
1547 return;
04837f64 1548
a9de9248
MH		 1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1550 if (!cp)
1551 return;
04837f64 1552
a9de9248 1553 hci_dev_lock(hdev);
04837f64 1554
a9de9248 1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1556 if (conn) {
51a8efd7 1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1558
51a8efd7 1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1560 hci_sco_setup(conn, status);
1561 }
1562
a9de9248
MH		 1563 hci_dev_unlock(hdev);
1564}
04837f64 1565
a9de9248
MH		 1566static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1567{
1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn;
04837f64 1570
9f1db00c 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1572
a9de9248
MH		 1573 if (!status)
1574 return;
04837f64 1575
a9de9248
MH		 1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1577 if (!cp)
1578 return;
04837f64 1579
a9de9248 1580 hci_dev_lock(hdev);
1da177e4 1581
a9de9248 1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1583 if (conn) {
51a8efd7 1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1585
51a8efd7 1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1587 hci_sco_setup(conn, status);
1588 }
1589
a9de9248 1590 hci_dev_unlock(hdev);
1da177e4
LT		 1591}
1592
88c3df13
JH		 1593static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1594{
1595 struct hci_cp_disconnect *cp;
1596 struct hci_conn *conn;
1597
1598 if (!status)
1599 return;
1600
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1602 if (!cp)
1603 return;
1604
1605 hci_dev_lock(hdev);
1606
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1608 if (conn)
1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1610 conn->dst_type, status);
88c3df13
JH		 1611
1612 hci_dev_unlock(hdev);
1613}
1614
fcd89c09
VT		 1615static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1616{
1617 struct hci_cp_le_create_conn *cp;
1618 struct hci_conn *conn;
1619
9f1db00c 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09
VT		 1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1623 if (!cp)
1624 return;
1625
f00a06ac
AG		 1626 if (status) {
1627 hci_dev_lock(hdev);
fcd89c09 1628
f00a06ac
AG		 1629 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1630 if (!conn) {
1631 hci_dev_unlock(hdev);
1632 return;
1633 }
fcd89c09 1634
f00a06ac
AG		 1635 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1636 conn);
fcd89c09 1637
f00a06ac
AG		 1638 conn->state = BT_CLOSED;
1639 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1640 conn->dst_type, status);
1641 hci_proto_connect_cfm(conn, status);
1642 hci_conn_del(conn);
fcd89c09 1643
f00a06ac
AG		 1644 hci_dev_unlock(hdev);
1645 }
fcd89c09
VT		 1646}
1647
a7a595f6
VCG		 1648static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1649{
9f1db00c 1650 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1651}
1652
6039aa73 1653static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1654{
1655 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1656 struct discovery_state *discov = &hdev->discovery;
1657 struct inquiry_entry *e;
1da177e4 1658
9f1db00c 1659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1660
23bb5763 1661 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1662
a9de9248 1663 hci_conn_check_pending(hdev);
89352e7d
AG		 1664
1665 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1666 return;
1667
a8b2d5c2 1668 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1669 return;
1670
56e5cb86 1671 hci_dev_lock(hdev);
30dc78e1 1672
343f935b 1673 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1674 goto unlock;
1675
1676 if (list_empty(&discov->resolve)) {
1677 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1678 goto unlock;
1679 }
1680
1681 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1682 if (e && hci_resolve_name(hdev, e) == 0) {
1683 e->name_state = NAME_PENDING;
1684 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1685 } else {
1686 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1687 }
1688
1689unlock:
56e5cb86 1690 hci_dev_unlock(hdev);
1da177e4
LT		 1691}
1692
6039aa73 1693static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1694{
45bb4bf0 1695 struct inquiry_data data;
a9de9248 1696 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1697 int num_rsp = *((__u8 *) skb->data);
1698
1699 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1700
45bb4bf0
MH		 1701 if (!num_rsp)
1702 return;
1703
1519cc17
AG		 1704 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1705 return;
1706
1da177e4 1707 hci_dev_lock(hdev);
45bb4bf0 1708
e17acd40 1709 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1710 bool name_known, ssp;
3175405b 1711
1da177e4
LT		 1712 bacpy(&data.bdaddr, &info->bdaddr);
1713 data.pscan_rep_mode = info->pscan_rep_mode;
1714 data.pscan_period_mode = info->pscan_period_mode;
1715 data.pscan_mode = info->pscan_mode;
1716 memcpy(data.dev_class, info->dev_class, 3);
1717 data.clock_offset = info->clock_offset;
1718 data.rssi = 0x00;
41a96212 1719 data.ssp_mode = 0x00;
3175405b 1720
388fc8fa 1721 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1722 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1723 info->dev_class, 0, !name_known, ssp, NULL,
1724 0);
1da177e4 1725 }
45bb4bf0 1726
1da177e4
LT		 1727 hci_dev_unlock(hdev);
1728}
1729
6039aa73 1730static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1731{
a9de9248
MH		 1732 struct hci_ev_conn_complete *ev = (void *) skb->data;
1733 struct hci_conn *conn;
1da177e4
LT		 1734
1735 BT_DBG("%s", hdev->name);
1736
1737 hci_dev_lock(hdev);
1738
1739 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1740 if (!conn) {
1741 if (ev->link_type != SCO_LINK)
1742 goto unlock;
1743
1744 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1745 if (!conn)
1746 goto unlock;
1747
1748 conn->type = SCO_LINK;
1749 }
1da177e4
LT		 1750
1751 if (!ev->status) {
1752 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1753
1754 if (conn->type == ACL_LINK) {
1755 conn->state = BT_CONFIG;
1756 hci_conn_hold(conn);
052b30b0 1757 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1758 } else
1759 conn->state = BT_CONNECTED;
1da177e4 1760
9eba32b8 1761 hci_conn_hold_device(conn);
7d0db0a3
MH		 1762 hci_conn_add_sysfs(conn);
1763
1da177e4
LT		 1764 if (test_bit(HCI_AUTH, &hdev->flags))
1765 conn->link_mode |= HCI_LM_AUTH;
1766
1767 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1768 conn->link_mode |= HCI_LM_ENCRYPT;
1769
04837f64
MH		 1770 /* Get remote features */
1771 if (conn->type == ACL_LINK) {
1772 struct hci_cp_read_remote_features cp;
1773 cp.handle = ev->handle;
769be974 1774 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1775 sizeof(cp), &cp);
04837f64
MH		 1776 }
1777
1da177e4 1778 /* Set packet type for incoming connection */
d095c1eb 1779 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1780 struct hci_cp_change_conn_ptype cp;
1781 cp.handle = ev->handle;
a8746417 1782 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1783 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1784 &cp);
1da177e4 1785 }
17d5c04c 1786 } else {
1da177e4 1787 conn->state = BT_CLOSED;
17d5c04c 1788 if (conn->type == ACL_LINK)
744cf19e 1789 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1790 conn->dst_type, ev->status);
17d5c04c 1791 }
1da177e4 1792
e73439d8
MH		 1793 if (conn->type == ACL_LINK)
1794 hci_sco_setup(conn, ev->status);
1da177e4 1795
769be974
MH		 1796 if (ev->status) {
1797 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1798 hci_conn_del(conn);
c89b6e6b
MH		 1799 } else if (ev->link_type != ACL_LINK)
1800 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1801
a9de9248 1802unlock:
1da177e4 1803 hci_dev_unlock(hdev);
1da177e4 1804
a9de9248 1805 hci_conn_check_pending(hdev);
1da177e4
LT		 1806}
1807
6039aa73 1808static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1809{
a9de9248
MH		 1810 struct hci_ev_conn_request *ev = (void *) skb->data;
1811 int mask = hdev->link_mode;
1da177e4 1812
807deac2
GP		 1813 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1814 ev->link_type);
1da177e4 1815
a9de9248 1816 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1817
138d22ef 1818 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1819 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1820 /* Connection accepted */
c7bdd502 1821 struct inquiry_entry *ie;
1da177e4 1822 struct hci_conn *conn;
1da177e4 1823
a9de9248 1824 hci_dev_lock(hdev);
b6a0dc82 1825
cc11b9c1
AE		 1826 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1827 if (ie)
c7bdd502
MH		 1828 memcpy(ie->data.dev_class, ev->dev_class, 3);
1829
8fc9ced3
GP		 1830 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1831 &ev->bdaddr);
a9de9248 1832 if (!conn) {
cc11b9c1
AE		 1833 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1834 if (!conn) {
893ef971 1835 BT_ERR("No memory for new connection");
a9de9248
MH		 1836 hci_dev_unlock(hdev);
1837 return;
1da177e4
LT		 1838 }
1839 }
b6a0dc82 1840
a9de9248
MH		 1841 memcpy(conn->dev_class, ev->dev_class, 3);
1842 conn->state = BT_CONNECT;
b6a0dc82 1843
a9de9248 1844 hci_dev_unlock(hdev);
1da177e4 1845
b6a0dc82
MH		 1846 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1847 struct hci_cp_accept_conn_req cp;
1da177e4 1848
b6a0dc82
MH		 1849 bacpy(&cp.bdaddr, &ev->bdaddr);
1850
1851 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1852 cp.role = 0x00; /* Become master */
1853 else
1854 cp.role = 0x01; /* Remain slave */
1855
04124681
GP		 1856 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1857 &cp);
b6a0dc82
MH		 1858 } else {
1859 struct hci_cp_accept_sync_conn_req cp;
1860
1861 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1862 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1863
82781e63
AE		 1864 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1865 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1866 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1867 cp.content_format = cpu_to_le16(hdev->voice_setting);
1868 cp.retrans_effort = 0xff;
1da177e4 1869
b6a0dc82 1870 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1871 sizeof(cp), &cp);
b6a0dc82 1872 }
a9de9248
MH		 1873 } else {
1874 /* Connection rejected */
1875 struct hci_cp_reject_conn_req cp;
1da177e4 1876
a9de9248 1877 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1878 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1879 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1880 }
1da177e4
LT		 1881}
1882
6039aa73 1883static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1884{
a9de9248 1885 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1886 struct hci_conn *conn;
1887
9f1db00c 1888 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1889
1890 hci_dev_lock(hdev);
1891
1892 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1893 if (!conn)
1894 goto unlock;
7d0db0a3 1895
37d9ef76
JH		 1896 if (ev->status == 0)
1897 conn->state = BT_CLOSED;
04837f64 1898
b644ba33 1899 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1900 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1901 if (ev->status != 0)
88c3df13 1902 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1903 conn->dst_type, ev->status);
37d9ef76 1904 else
afc747a6 1905 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1906 conn->dst_type);
37d9ef76 1907 }
f7520543 1908
37d9ef76 1909 if (ev->status == 0) {
6ec5bcad
VA		 1910 if (conn->type == ACL_LINK && conn->flush_key)
1911 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1912 hci_proto_disconn_cfm(conn, ev->reason);
1913 hci_conn_del(conn);
1914 }
f7520543
JH		 1915
1916unlock:
04837f64
MH		 1917 hci_dev_unlock(hdev);
1918}
1919
6039aa73 1920static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1921{
a9de9248 1922 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1923 struct hci_conn *conn;
1da177e4 1924
9f1db00c 1925 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1926
1927 hci_dev_lock(hdev);
1928
04837f64 1929 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1930 if (!conn)
1931 goto unlock;
1932
1933 if (!ev->status) {
aa64a8b5 1934 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1935 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1936 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1937 } else {
d7556e20
WR		 1938 conn->link_mode |= HCI_LM_AUTH;
1939 conn->sec_level = conn->pending_sec_level;
2a611692 1940 }
d7556e20 1941 } else {
bab73cb6 1942 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1943 ev->status);
d7556e20 1944 }
1da177e4 1945
51a8efd7
JH		 1946 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1947 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1948
d7556e20 1949 if (conn->state == BT_CONFIG) {
aa64a8b5 1950 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1951 struct hci_cp_set_conn_encrypt cp;
1952 cp.handle = ev->handle;
1953 cp.encrypt = 0x01;
1954 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1955 &cp);
052b30b0 1956 } else {
d7556e20
WR		 1957 conn->state = BT_CONNECTED;
1958 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1959 hci_conn_put(conn);
1960 }
d7556e20
WR		 1961 } else {
1962 hci_auth_cfm(conn, ev->status);
052b30b0 1963
d7556e20
WR		 1964 hci_conn_hold(conn);
1965 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1966 hci_conn_put(conn);
1967 }
1968
51a8efd7 1969 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1970 if (!ev->status) {
1971 struct hci_cp_set_conn_encrypt cp;
1972 cp.handle = ev->handle;
1973 cp.encrypt = 0x01;
1974 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1975 &cp);
d7556e20 1976 } else {
51a8efd7 1977 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1978 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1979 }
1980 }
1981
d7556e20 1982unlock:
1da177e4
LT		 1983 hci_dev_unlock(hdev);
1984}
1985
6039aa73 1986static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1987{
127178d2
JH		 1988 struct hci_ev_remote_name *ev = (void *) skb->data;
1989 struct hci_conn *conn;
1990
a9de9248 1991 BT_DBG("%s", hdev->name);
1da177e4 1992
a9de9248 1993 hci_conn_check_pending(hdev);
127178d2
JH		 1994
1995 hci_dev_lock(hdev);
1996
b644ba33 1997 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1998
b644ba33
JH		 1999 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2000 goto check_auth;
a88a9652 2001
b644ba33
JH		 2002 if (ev->status == 0)
2003 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2004 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2005 else
2006 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2007
2008check_auth:
79c6c70c
JH		 2009 if (!conn)
2010 goto unlock;
2011
2012 if (!hci_outgoing_auth_needed(hdev, conn))
2013 goto unlock;
2014
51a8efd7 2015 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2016 struct hci_cp_auth_requested cp;
2017 cp.handle = __cpu_to_le16(conn->handle);
2018 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2019 }
2020
79c6c70c 2021unlock:
127178d2 2022 hci_dev_unlock(hdev);
a9de9248
MH		 2023}
2024
6039aa73 2025static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2026{
2027 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2028 struct hci_conn *conn;
2029
9f1db00c 2030 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2031
2032 hci_dev_lock(hdev);
2033
04837f64 2034 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2035 if (conn) {
2036 if (!ev->status) {
ae293196
MH		 2037 if (ev->encrypt) {
2038 /* Encryption implies authentication */
2039 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2040 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2041 conn->sec_level = conn->pending_sec_level;
ae293196 2042 } else
1da177e4
LT		 2043 conn->link_mode &= ~HCI_LM_ENCRYPT;
2044 }
2045
51a8efd7 2046 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2047
a7d7723a 2048 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2049 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2050 hci_conn_put(conn);
2051 goto unlock;
2052 }
2053
f8558555
MH		 2054 if (conn->state == BT_CONFIG) {
2055 if (!ev->status)
2056 conn->state = BT_CONNECTED;
2057
2058 hci_proto_connect_cfm(conn, ev->status);
2059 hci_conn_put(conn);
2060 } else
2061 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2062 }
2063
a7d7723a 2064unlock:
1da177e4
LT		 2065 hci_dev_unlock(hdev);
2066}
2067
6039aa73
GP		 2068static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2069 struct sk_buff *skb)
1da177e4 2070{
a9de9248 2071 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2072 struct hci_conn *conn;
1da177e4 2073
9f1db00c 2074 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2075
2076 hci_dev_lock(hdev);
2077
04837f64 2078 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2079 if (conn) {
2080 if (!ev->status)
2081 conn->link_mode |= HCI_LM_SECURE;
2082
51a8efd7 2083 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2084
2085 hci_key_change_cfm(conn, ev->status);
2086 }
2087
2088 hci_dev_unlock(hdev);
2089}
2090
6039aa73
GP		 2091static void hci_remote_features_evt(struct hci_dev *hdev,
2092 struct sk_buff *skb)
1da177e4 2093{
a9de9248
MH		 2094 struct hci_ev_remote_features *ev = (void *) skb->data;
2095 struct hci_conn *conn;
2096
9f1db00c 2097 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2098
a9de9248
MH		 2099 hci_dev_lock(hdev);
2100
2101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2102 if (!conn)
2103 goto unlock;
769be974 2104
ccd556fe
JH		 2105 if (!ev->status)
2106 memcpy(conn->features, ev->features, 8);
2107
2108 if (conn->state != BT_CONFIG)
2109 goto unlock;
2110
2111 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2112 struct hci_cp_read_remote_ext_features cp;
2113 cp.handle = ev->handle;
2114 cp.page = 0x01;
2115 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2116 sizeof(cp), &cp);
392599b9
JH		 2117 goto unlock;
2118 }
2119
671267bf 2120 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2121 struct hci_cp_remote_name_req cp;
2122 memset(&cp, 0, sizeof(cp));
2123 bacpy(&cp.bdaddr, &conn->dst);
2124 cp.pscan_rep_mode = 0x02;
2125 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2126 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2127 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2128 conn->dst_type, 0, NULL, 0,
2129 conn->dev_class);
392599b9 2130
127178d2 2131 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2132 conn->state = BT_CONNECTED;
2133 hci_proto_connect_cfm(conn, ev->status);
2134 hci_conn_put(conn);
769be974 2135 }
a9de9248 2136
ccd556fe 2137unlock:
a9de9248 2138 hci_dev_unlock(hdev);
1da177e4
LT		 2139}
2140
6039aa73 2141static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2142{
a9de9248 2143 BT_DBG("%s", hdev->name);
1da177e4
LT		 2144}
2145
6039aa73
GP		 2146static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2147 struct sk_buff *skb)
1da177e4 2148{
a9de9248 2149 BT_DBG("%s", hdev->name);
1da177e4
LT		 2150}
2151
6039aa73 2152static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2153{
2154 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2155 __u16 opcode;
2156
2157 skb_pull(skb, sizeof(*ev));
2158
2159 opcode = __le16_to_cpu(ev->opcode);
2160
2161 switch (opcode) {
2162 case HCI_OP_INQUIRY_CANCEL:
2163 hci_cc_inquiry_cancel(hdev, skb);
2164 break;
2165
4d93483b
AG		 2166 case HCI_OP_PERIODIC_INQ:
2167 hci_cc_periodic_inq(hdev, skb);
2168 break;
2169
a9de9248
MH		 2170 case HCI_OP_EXIT_PERIODIC_INQ:
2171 hci_cc_exit_periodic_inq(hdev, skb);
2172 break;
2173
2174 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2175 hci_cc_remote_name_req_cancel(hdev, skb);
2176 break;
2177
2178 case HCI_OP_ROLE_DISCOVERY:
2179 hci_cc_role_discovery(hdev, skb);
2180 break;
2181
e4e8e37c
MH		 2182 case HCI_OP_READ_LINK_POLICY:
2183 hci_cc_read_link_policy(hdev, skb);
2184 break;
2185
a9de9248
MH		 2186 case HCI_OP_WRITE_LINK_POLICY:
2187 hci_cc_write_link_policy(hdev, skb);
2188 break;
2189
e4e8e37c
MH		 2190 case HCI_OP_READ_DEF_LINK_POLICY:
2191 hci_cc_read_def_link_policy(hdev, skb);
2192 break;
2193
2194 case HCI_OP_WRITE_DEF_LINK_POLICY:
2195 hci_cc_write_def_link_policy(hdev, skb);
2196 break;
2197
a9de9248
MH		 2198 case HCI_OP_RESET:
2199 hci_cc_reset(hdev, skb);
2200 break;
2201
2202 case HCI_OP_WRITE_LOCAL_NAME:
2203 hci_cc_write_local_name(hdev, skb);
2204 break;
2205
2206 case HCI_OP_READ_LOCAL_NAME:
2207 hci_cc_read_local_name(hdev, skb);
2208 break;
2209
2210 case HCI_OP_WRITE_AUTH_ENABLE:
2211 hci_cc_write_auth_enable(hdev, skb);
2212 break;
2213
2214 case HCI_OP_WRITE_ENCRYPT_MODE:
2215 hci_cc_write_encrypt_mode(hdev, skb);
2216 break;
2217
2218 case HCI_OP_WRITE_SCAN_ENABLE:
2219 hci_cc_write_scan_enable(hdev, skb);
2220 break;
2221
2222 case HCI_OP_READ_CLASS_OF_DEV:
2223 hci_cc_read_class_of_dev(hdev, skb);
2224 break;
2225
2226 case HCI_OP_WRITE_CLASS_OF_DEV:
2227 hci_cc_write_class_of_dev(hdev, skb);
2228 break;
2229
2230 case HCI_OP_READ_VOICE_SETTING:
2231 hci_cc_read_voice_setting(hdev, skb);
2232 break;
2233
2234 case HCI_OP_WRITE_VOICE_SETTING:
2235 hci_cc_write_voice_setting(hdev, skb);
2236 break;
2237
2238 case HCI_OP_HOST_BUFFER_SIZE:
2239 hci_cc_host_buffer_size(hdev, skb);
2240 break;
2241
333140b5
MH		 2242 case HCI_OP_WRITE_SSP_MODE:
2243 hci_cc_write_ssp_mode(hdev, skb);
2244 break;
2245
a9de9248
MH		 2246 case HCI_OP_READ_LOCAL_VERSION:
2247 hci_cc_read_local_version(hdev, skb);
2248 break;
2249
2250 case HCI_OP_READ_LOCAL_COMMANDS:
2251 hci_cc_read_local_commands(hdev, skb);
2252 break;
2253
2254 case HCI_OP_READ_LOCAL_FEATURES:
2255 hci_cc_read_local_features(hdev, skb);
2256 break;
2257
971e3a4b
AG		 2258 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2259 hci_cc_read_local_ext_features(hdev, skb);
2260 break;
2261
a9de9248
MH		 2262 case HCI_OP_READ_BUFFER_SIZE:
2263 hci_cc_read_buffer_size(hdev, skb);
2264 break;
2265
2266 case HCI_OP_READ_BD_ADDR:
2267 hci_cc_read_bd_addr(hdev, skb);
2268 break;
2269
350ee4cf
AE		 2270 case HCI_OP_READ_DATA_BLOCK_SIZE:
2271 hci_cc_read_data_block_size(hdev, skb);
2272 break;
2273
23bb5763
JH		 2274 case HCI_OP_WRITE_CA_TIMEOUT:
2275 hci_cc_write_ca_timeout(hdev, skb);
2276 break;
2277
1e89cffb
AE		 2278 case HCI_OP_READ_FLOW_CONTROL_MODE:
2279 hci_cc_read_flow_control_mode(hdev, skb);
2280 break;
2281
928abaa7
AE		 2282 case HCI_OP_READ_LOCAL_AMP_INFO:
2283 hci_cc_read_local_amp_info(hdev, skb);
2284 break;
2285
b0916ea0
JH		 2286 case HCI_OP_DELETE_STORED_LINK_KEY:
2287 hci_cc_delete_stored_link_key(hdev, skb);
2288 break;
2289
d5859e22
JH		 2290 case HCI_OP_SET_EVENT_MASK:
2291 hci_cc_set_event_mask(hdev, skb);
2292 break;
2293
2294 case HCI_OP_WRITE_INQUIRY_MODE:
2295 hci_cc_write_inquiry_mode(hdev, skb);
2296 break;
2297
2298 case HCI_OP_READ_INQ_RSP_TX_POWER:
2299 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2300 break;
2301
2302 case HCI_OP_SET_EVENT_FLT:
2303 hci_cc_set_event_flt(hdev, skb);
2304 break;
2305
980e1a53
JH		 2306 case HCI_OP_PIN_CODE_REPLY:
2307 hci_cc_pin_code_reply(hdev, skb);
2308 break;
2309
2310 case HCI_OP_PIN_CODE_NEG_REPLY:
2311 hci_cc_pin_code_neg_reply(hdev, skb);
2312 break;
2313
c35938b2
SJ		 2314 case HCI_OP_READ_LOCAL_OOB_DATA:
2315 hci_cc_read_local_oob_data_reply(hdev, skb);
2316 break;
2317
6ed58ec5
VT		 2318 case HCI_OP_LE_READ_BUFFER_SIZE:
2319 hci_cc_le_read_buffer_size(hdev, skb);
2320 break;
2321
a5c29683
JH		 2322 case HCI_OP_USER_CONFIRM_REPLY:
2323 hci_cc_user_confirm_reply(hdev, skb);
2324 break;
2325
2326 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2327 hci_cc_user_confirm_neg_reply(hdev, skb);
2328 break;
2329
1143d458
BG		 2330 case HCI_OP_USER_PASSKEY_REPLY:
2331 hci_cc_user_passkey_reply(hdev, skb);
2332 break;
2333
2334 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2335 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2336 break;
07f7fa5d
AG		 2337
2338 case HCI_OP_LE_SET_SCAN_PARAM:
2339 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2340 break;
2341
eb9d91f5
AG		 2342 case HCI_OP_LE_SET_SCAN_ENABLE:
2343 hci_cc_le_set_scan_enable(hdev, skb);
2344 break;
2345
a7a595f6
VCG		 2346 case HCI_OP_LE_LTK_REPLY:
2347 hci_cc_le_ltk_reply(hdev, skb);
2348 break;
2349
2350 case HCI_OP_LE_LTK_NEG_REPLY:
2351 hci_cc_le_ltk_neg_reply(hdev, skb);
2352 break;
2353
f9b49306
AG		 2354 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2355 hci_cc_write_le_host_supported(hdev, skb);
2356 break;
2357
a9de9248 2358 default:
9f1db00c 2359 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2360 break;
2361 }
2362
6bd32326
VT		 2363 if (ev->opcode != HCI_OP_NOP)
2364 del_timer(&hdev->cmd_timer);
2365
a9de9248
MH		 2366 if (ev->ncmd) {
2367 atomic_set(&hdev->cmd_cnt, 1);
2368 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2369 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2370 }
2371}
2372
6039aa73 2373static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2374{
2375 struct hci_ev_cmd_status *ev = (void *) skb->data;
2376 __u16 opcode;
2377
2378 skb_pull(skb, sizeof(*ev));
2379
2380 opcode = __le16_to_cpu(ev->opcode);
2381
2382 switch (opcode) {
2383 case HCI_OP_INQUIRY:
2384 hci_cs_inquiry(hdev, ev->status);
2385 break;
2386
2387 case HCI_OP_CREATE_CONN:
2388 hci_cs_create_conn(hdev, ev->status);
2389 break;
2390
2391 case HCI_OP_ADD_SCO:
2392 hci_cs_add_sco(hdev, ev->status);
2393 break;
2394
f8558555
MH		 2395 case HCI_OP_AUTH_REQUESTED:
2396 hci_cs_auth_requested(hdev, ev->status);
2397 break;
2398
2399 case HCI_OP_SET_CONN_ENCRYPT:
2400 hci_cs_set_conn_encrypt(hdev, ev->status);
2401 break;
2402
a9de9248
MH		 2403 case HCI_OP_REMOTE_NAME_REQ:
2404 hci_cs_remote_name_req(hdev, ev->status);
2405 break;
2406
769be974
MH		 2407 case HCI_OP_READ_REMOTE_FEATURES:
2408 hci_cs_read_remote_features(hdev, ev->status);
2409 break;
2410
2411 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2412 hci_cs_read_remote_ext_features(hdev, ev->status);
2413 break;
2414
a9de9248
MH		 2415 case HCI_OP_SETUP_SYNC_CONN:
2416 hci_cs_setup_sync_conn(hdev, ev->status);
2417 break;
2418
2419 case HCI_OP_SNIFF_MODE:
2420 hci_cs_sniff_mode(hdev, ev->status);
2421 break;
2422
2423 case HCI_OP_EXIT_SNIFF_MODE:
2424 hci_cs_exit_sniff_mode(hdev, ev->status);
2425 break;
2426
8962ee74 2427 case HCI_OP_DISCONNECT:
88c3df13 2428 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2429 break;
2430
fcd89c09
VT		 2431 case HCI_OP_LE_CREATE_CONN:
2432 hci_cs_le_create_conn(hdev, ev->status);
2433 break;
2434
a7a595f6
VCG		 2435 case HCI_OP_LE_START_ENC:
2436 hci_cs_le_start_enc(hdev, ev->status);
2437 break;
2438
a9de9248 2439 default:
9f1db00c 2440 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2441 break;
2442 }
2443
6bd32326
VT		 2444 if (ev->opcode != HCI_OP_NOP)
2445 del_timer(&hdev->cmd_timer);
2446
10572132 2447 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2448 atomic_set(&hdev->cmd_cnt, 1);
2449 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2450 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2451 }
2452}
2453
6039aa73 2454static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2455{
2456 struct hci_ev_role_change *ev = (void *) skb->data;
2457 struct hci_conn *conn;
2458
9f1db00c 2459 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2460
2461 hci_dev_lock(hdev);
2462
2463 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2464 if (conn) {
2465 if (!ev->status) {
2466 if (ev->role)
2467 conn->link_mode &= ~HCI_LM_MASTER;
2468 else
2469 conn->link_mode |= HCI_LM_MASTER;
2470 }
2471
51a8efd7 2472 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2473
2474 hci_role_switch_cfm(conn, ev->status, ev->role);
2475 }
2476
2477 hci_dev_unlock(hdev);
2478}
2479
6039aa73 2480static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2481{
2482 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2483 int i;
2484
32ac5b9b
AE		 2485 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2486 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2487 return;
2488 }
2489
c5993de8 2490 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2491 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2492 BT_DBG("%s bad parameters", hdev->name);
2493 return;
2494 }
2495
c5993de8
AE		 2496 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2497
613a1c0c
AE		 2498 for (i = 0; i < ev->num_hndl; i++) {
2499 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2500 struct hci_conn *conn;
2501 __u16 handle, count;
2502
613a1c0c
AE		 2503 handle = __le16_to_cpu(info->handle);
2504 count = __le16_to_cpu(info->count);
a9de9248
MH		 2505
2506 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2507 if (!conn)
2508 continue;
2509
2510 conn->sent -= count;
2511
2512 switch (conn->type) {
2513 case ACL_LINK:
2514 hdev->acl_cnt += count;
2515 if (hdev->acl_cnt > hdev->acl_pkts)
2516 hdev->acl_cnt = hdev->acl_pkts;
2517 break;
2518
2519 case LE_LINK:
2520 if (hdev->le_pkts) {
2521 hdev->le_cnt += count;
2522 if (hdev->le_cnt > hdev->le_pkts)
2523 hdev->le_cnt = hdev->le_pkts;
2524 } else {
70f23020
AE		 2525 hdev->acl_cnt += count;
2526 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2527 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2528 }
f4280918
AE		 2529 break;
2530
2531 case SCO_LINK:
2532 hdev->sco_cnt += count;
2533 if (hdev->sco_cnt > hdev->sco_pkts)
2534 hdev->sco_cnt = hdev->sco_pkts;
2535 break;
2536
2537 default:
2538 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2539 break;
a9de9248
MH		 2540 }
2541 }
2542
3eff45ea 2543 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2544}
2545
6039aa73 2546static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2547{
2548 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2549 int i;
2550
2551 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2552 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2553 return;
2554 }
2555
2556 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2557 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2558 BT_DBG("%s bad parameters", hdev->name);
2559 return;
2560 }
2561
2562 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2563 ev->num_hndl);
25e89e99
AE		 2564
2565 for (i = 0; i < ev->num_hndl; i++) {
2566 struct hci_comp_blocks_info *info = &ev->handles[i];
2567 struct hci_conn *conn;
2568 __u16 handle, block_count;
2569
2570 handle = __le16_to_cpu(info->handle);
2571 block_count = __le16_to_cpu(info->blocks);
2572
2573 conn = hci_conn_hash_lookup_handle(hdev, handle);
2574 if (!conn)
2575 continue;
2576
2577 conn->sent -= block_count;
2578
2579 switch (conn->type) {
2580 case ACL_LINK:
2581 hdev->block_cnt += block_count;
2582 if (hdev->block_cnt > hdev->num_blocks)
2583 hdev->block_cnt = hdev->num_blocks;
2584 break;
2585
2586 default:
2587 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2588 break;
2589 }
2590 }
2591
2592 queue_work(hdev->workqueue, &hdev->tx_work);
2593}
2594
6039aa73 2595static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2596{
a9de9248 2597 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2598 struct hci_conn *conn;
2599
9f1db00c 2600 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2601
2602 hci_dev_lock(hdev);
2603
2604 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2605 if (conn) {
2606 conn->mode = ev->mode;
2607 conn->interval = __le16_to_cpu(ev->interval);
2608
8fc9ced3
GP		 2609 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2610 &conn->flags)) {
a9de9248 2611 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2612 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2613 else
58a681ef 2614 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2615 }
e73439d8 2616
51a8efd7 2617 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2618 hci_sco_setup(conn, ev->status);
04837f64
MH		 2619 }
2620
2621 hci_dev_unlock(hdev);
2622}
2623
6039aa73 2624static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2625{
052b30b0
MH		 2626 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2627 struct hci_conn *conn;
2628
a9de9248 2629 BT_DBG("%s", hdev->name);
052b30b0
MH		 2630
2631 hci_dev_lock(hdev);
2632
2633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2634 if (!conn)
2635 goto unlock;
2636
2637 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2638 hci_conn_hold(conn);
2639 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2640 hci_conn_put(conn);
2641 }
2642
a8b2d5c2 2643 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2644 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2645 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2646 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2647 u8 secure;
2648
2649 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2650 secure = 1;
2651 else
2652 secure = 0;
2653
744cf19e 2654 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2655 }
980e1a53 2656
b6f98044 2657unlock:
052b30b0 2658 hci_dev_unlock(hdev);
a9de9248
MH		 2659}
2660
6039aa73 2661static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2662{
55ed8ca1
JH		 2663 struct hci_ev_link_key_req *ev = (void *) skb->data;
2664 struct hci_cp_link_key_reply cp;
2665 struct hci_conn *conn;
2666 struct link_key *key;
2667
a9de9248 2668 BT_DBG("%s", hdev->name);
55ed8ca1 2669
a8b2d5c2 2670 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2671 return;
2672
2673 hci_dev_lock(hdev);
2674
2675 key = hci_find_link_key(hdev, &ev->bdaddr);
2676 if (!key) {
2677 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2678 batostr(&ev->bdaddr));
55ed8ca1
JH		 2679 goto not_found;
2680 }
2681
2682 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2683 batostr(&ev->bdaddr));
55ed8ca1 2684
a8b2d5c2 2685 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2686 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2687 BT_DBG("%s ignoring debug key", hdev->name);
2688 goto not_found;
2689 }
2690
2691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2692 if (conn) {
2693 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2694 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2695 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2696 goto not_found;
2697 }
55ed8ca1 2698
60b83f57 2699 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2700 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2701 BT_DBG("%s ignoring key unauthenticated for high security",
2702 hdev->name);
60b83f57
WR		 2703 goto not_found;
2704 }
2705
2706 conn->key_type = key->type;
2707 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2708 }
2709
2710 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2711 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2712
2713 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2714
2715 hci_dev_unlock(hdev);
2716
2717 return;
2718
2719not_found:
2720 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2721 hci_dev_unlock(hdev);
a9de9248
MH		 2722}
2723
6039aa73 2724static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2725{
052b30b0
MH		 2726 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2727 struct hci_conn *conn;
55ed8ca1 2728 u8 pin_len = 0;
052b30b0 2729
a9de9248 2730 BT_DBG("%s", hdev->name);
052b30b0
MH		 2731
2732 hci_dev_lock(hdev);
2733
2734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2735 if (conn) {
2736 hci_conn_hold(conn);
2737 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2738 pin_len = conn->pin_length;
13d39315
WR		 2739
2740 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2741 conn->key_type = ev->key_type;
2742
052b30b0
MH		 2743 hci_conn_put(conn);
2744 }
2745
a8b2d5c2 2746 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2747 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2748 ev->key_type, pin_len);
55ed8ca1 2749
052b30b0 2750 hci_dev_unlock(hdev);
a9de9248
MH		 2751}
2752
6039aa73 2753static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2754{
a9de9248 2755 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2756 struct hci_conn *conn;
1da177e4 2757
9f1db00c 2758 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2759
2760 hci_dev_lock(hdev);
2761
04837f64 2762 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2763 if (conn && !ev->status) {
2764 struct inquiry_entry *ie;
2765
cc11b9c1
AE		 2766 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2767 if (ie) {
1da177e4
LT		 2768 ie->data.clock_offset = ev->clock_offset;
2769 ie->timestamp = jiffies;
2770 }
2771 }
2772
2773 hci_dev_unlock(hdev);
2774}
2775
6039aa73 2776static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2777{
2778 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2779 struct hci_conn *conn;
2780
9f1db00c 2781 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2782
2783 hci_dev_lock(hdev);
2784
2785 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2786 if (conn && !ev->status)
2787 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2788
2789 hci_dev_unlock(hdev);
2790}
2791
6039aa73 2792static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2793{
a9de9248 2794 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2795 struct inquiry_entry *ie;
2796
2797 BT_DBG("%s", hdev->name);
2798
2799 hci_dev_lock(hdev);
2800
cc11b9c1
AE		 2801 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2802 if (ie) {
85a1e930
MH		 2803 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2804 ie->timestamp = jiffies;
2805 }
2806
2807 hci_dev_unlock(hdev);
2808}
2809
6039aa73
GP		 2810static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2811 struct sk_buff *skb)
a9de9248
MH		 2812{
2813 struct inquiry_data data;
2814 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2815 bool name_known, ssp;
a9de9248
MH		 2816
2817 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2818
2819 if (!num_rsp)
2820 return;
2821
1519cc17
AG		 2822 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2823 return;
2824
a9de9248
MH		 2825 hci_dev_lock(hdev);
2826
2827 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2828 struct inquiry_info_with_rssi_and_pscan_mode *info;
2829 info = (void *) (skb->data + 1);
a9de9248 2830
e17acd40 2831 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2832 bacpy(&data.bdaddr, &info->bdaddr);
2833 data.pscan_rep_mode = info->pscan_rep_mode;
2834 data.pscan_period_mode = info->pscan_period_mode;
2835 data.pscan_mode = info->pscan_mode;
2836 memcpy(data.dev_class, info->dev_class, 3);
2837 data.clock_offset = info->clock_offset;
2838 data.rssi = info->rssi;
41a96212 2839 data.ssp_mode = 0x00;
3175405b
JH		 2840
2841 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2842 false, &ssp);
48264f06 2843 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2844 info->dev_class, info->rssi,
2845 !name_known, ssp, NULL, 0);
a9de9248
MH		 2846 }
2847 } else {
2848 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2849
e17acd40 2850 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2851 bacpy(&data.bdaddr, &info->bdaddr);
2852 data.pscan_rep_mode = info->pscan_rep_mode;
2853 data.pscan_period_mode = info->pscan_period_mode;
2854 data.pscan_mode = 0x00;
2855 memcpy(data.dev_class, info->dev_class, 3);
2856 data.clock_offset = info->clock_offset;
2857 data.rssi = info->rssi;
41a96212 2858 data.ssp_mode = 0x00;
3175405b 2859 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2860 false, &ssp);
48264f06 2861 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2862 info->dev_class, info->rssi,
2863 !name_known, ssp, NULL, 0);
a9de9248
MH		 2864 }
2865 }
2866
2867 hci_dev_unlock(hdev);
2868}
2869
6039aa73
GP		 2870static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2871 struct sk_buff *skb)
a9de9248 2872{
41a96212
MH		 2873 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2874 struct hci_conn *conn;
2875
a9de9248 2876 BT_DBG("%s", hdev->name);
41a96212 2877
41a96212
MH		 2878 hci_dev_lock(hdev);
2879
2880 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2881 if (!conn)
2882 goto unlock;
41a96212 2883
ccd556fe
JH		 2884 if (!ev->status && ev->page == 0x01) {
2885 struct inquiry_entry *ie;
41a96212 2886
cc11b9c1
AE		 2887 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2888 if (ie)
02b7cc62 2889 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2890
02b7cc62 2891 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2892 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2893 }
2894
2895 if (conn->state != BT_CONFIG)
2896 goto unlock;
2897
671267bf 2898 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2899 struct hci_cp_remote_name_req cp;
2900 memset(&cp, 0, sizeof(cp));
2901 bacpy(&cp.bdaddr, &conn->dst);
2902 cp.pscan_rep_mode = 0x02;
2903 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2904 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2905 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2906 conn->dst_type, 0, NULL, 0,
2907 conn->dev_class);
392599b9 2908
127178d2 2909 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2910 conn->state = BT_CONNECTED;
2911 hci_proto_connect_cfm(conn, ev->status);
2912 hci_conn_put(conn);
41a96212
MH		 2913 }
2914
ccd556fe 2915unlock:
41a96212 2916 hci_dev_unlock(hdev);
a9de9248
MH		 2917}
2918
6039aa73
GP		 2919static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2920 struct sk_buff *skb)
a9de9248 2921{
b6a0dc82
MH		 2922 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2923 struct hci_conn *conn;
2924
9f1db00c 2925 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2926
2927 hci_dev_lock(hdev);
2928
2929 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2930 if (!conn) {
2931 if (ev->link_type == ESCO_LINK)
2932 goto unlock;
2933
2934 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2935 if (!conn)
2936 goto unlock;
2937
2938 conn->type = SCO_LINK;
2939 }
b6a0dc82 2940
732547f9
MH		 2941 switch (ev->status) {
2942 case 0x00:
b6a0dc82
MH		 2943 conn->handle = __le16_to_cpu(ev->handle);
2944 conn->state = BT_CONNECTED;
7d0db0a3 2945
9eba32b8 2946 hci_conn_hold_device(conn);
7d0db0a3 2947 hci_conn_add_sysfs(conn);
732547f9
MH		 2948 break;
2949
705e5711 2950 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2951 case 0x1c: /* SCO interval rejected */
1038a00b 2952 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2953 case 0x1f: /* Unspecified error */
2954 if (conn->out && conn->attempt < 2) {
2955 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2956 (hdev->esco_type & EDR_ESCO_MASK);
2957 hci_setup_sync(conn, conn->link->handle);
2958 goto unlock;
2959 }
2960 /* fall through */
2961
2962 default:
b6a0dc82 2963 conn->state = BT_CLOSED;
732547f9
MH		 2964 break;
2965 }
b6a0dc82
MH		 2966
2967 hci_proto_connect_cfm(conn, ev->status);
2968 if (ev->status)
2969 hci_conn_del(conn);
2970
2971unlock:
2972 hci_dev_unlock(hdev);
a9de9248
MH		 2973}
2974
6039aa73 2975static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2976{
2977 BT_DBG("%s", hdev->name);
2978}
2979
6039aa73 2980static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2981{
a9de9248 2982 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 2983
9f1db00c 2984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2985}
2986
6039aa73
GP		 2987static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2988 struct sk_buff *skb)
1da177e4 2989{
a9de9248
MH		 2990 struct inquiry_data data;
2991 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2992 int num_rsp = *((__u8 *) skb->data);
9d939d94 2993 size_t eir_len;
1da177e4 2994
a9de9248 2995 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2996
a9de9248
MH		 2997 if (!num_rsp)
2998 return;
1da177e4 2999
1519cc17
AG		 3000 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3001 return;
3002
a9de9248
MH		 3003 hci_dev_lock(hdev);
3004
e17acd40 3005 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3006 bool name_known, ssp;
561aafbc 3007
a9de9248 3008 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3009 data.pscan_rep_mode = info->pscan_rep_mode;
3010 data.pscan_period_mode = info->pscan_period_mode;
3011 data.pscan_mode = 0x00;
a9de9248 3012 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3013 data.clock_offset = info->clock_offset;
3014 data.rssi = info->rssi;
41a96212 3015 data.ssp_mode = 0x01;
561aafbc 3016
a8b2d5c2 3017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3018 name_known = eir_has_data_type(info->data,
04124681
GP		 3019 sizeof(info->data),
3020 EIR_NAME_COMPLETE);
561aafbc
JH		 3021 else
3022 name_known = true;
3023
388fc8fa 3024 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3025 &ssp);
9d939d94 3026 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3027 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3028 info->dev_class, info->rssi, !name_known,
9d939d94 3029 ssp, info->data, eir_len);
a9de9248
MH		 3030 }
3031
3032 hci_dev_unlock(hdev);
3033}
1da177e4 3034
1c2e0041
JH		 3035static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3036 struct sk_buff *skb)
3037{
3038 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3039 struct hci_conn *conn;
3040
9f1db00c 3041 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3042 __le16_to_cpu(ev->handle));
3043
3044 hci_dev_lock(hdev);
3045
3046 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3047 if (!conn)
3048 goto unlock;
3049
3050 if (!ev->status)
3051 conn->sec_level = conn->pending_sec_level;
3052
3053 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3054
3055 if (ev->status && conn->state == BT_CONNECTED) {
3056 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3057 hci_conn_put(conn);
3058 goto unlock;
3059 }
3060
3061 if (conn->state == BT_CONFIG) {
3062 if (!ev->status)
3063 conn->state = BT_CONNECTED;
3064
3065 hci_proto_connect_cfm(conn, ev->status);
3066 hci_conn_put(conn);
3067 } else {
3068 hci_auth_cfm(conn, ev->status);
3069
3070 hci_conn_hold(conn);
3071 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3072 hci_conn_put(conn);
3073 }
3074
3075unlock:
3076 hci_dev_unlock(hdev);
3077}
3078
6039aa73 3079static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3080{
3081 /* If remote requests dedicated bonding follow that lead */
3082 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3083 /* If both remote and local IO capabilities allow MITM
3084 * protection then require it, otherwise don't */
3085 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3086 return 0x02;
3087 else
3088 return 0x03;
3089 }
3090
3091 /* If remote requests no-bonding follow that lead */
3092 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3093 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3094
3095 return conn->auth_type;
3096}
3097
6039aa73 3098static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3099{
3100 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3101 struct hci_conn *conn;
3102
3103 BT_DBG("%s", hdev->name);
3104
3105 hci_dev_lock(hdev);
3106
3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3108 if (!conn)
3109 goto unlock;
3110
3111 hci_conn_hold(conn);
3112
a8b2d5c2 3113 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3114 goto unlock;
3115
a8b2d5c2 3116 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3117 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3118 struct hci_cp_io_capability_reply cp;
3119
3120 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3121 /* Change the IO capability from KeyboardDisplay
3122 * to DisplayYesNo as it is not supported by BT spec. */
3123 cp.capability = (conn->io_capability == 0x04) ?
3124 0x01 : conn->io_capability;
7cbc9bd9
JH		 3125 conn->auth_type = hci_get_auth_req(conn);
3126 cp.authentication = conn->auth_type;
17fa4b9d 3127
8fc9ced3
GP		 3128 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3129 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3130 cp.oob_data = 0x01;
3131 else
3132 cp.oob_data = 0x00;
3133
17fa4b9d 3134 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3135 sizeof(cp), &cp);
03b555e1
JH		 3136 } else {
3137 struct hci_cp_io_capability_neg_reply cp;
3138
3139 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3140 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3141
03b555e1 3142 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3143 sizeof(cp), &cp);
03b555e1
JH		 3144 }
3145
3146unlock:
3147 hci_dev_unlock(hdev);
3148}
3149
6039aa73 3150static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3151{
3152 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3153 struct hci_conn *conn;
3154
3155 BT_DBG("%s", hdev->name);
3156
3157 hci_dev_lock(hdev);
3158
3159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3160 if (!conn)
3161 goto unlock;
3162
03b555e1 3163 conn->remote_cap = ev->capability;
03b555e1 3164 conn->remote_auth = ev->authentication;
58a681ef
JH		 3165 if (ev->oob_data)
3166 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3167
3168unlock:
0493684e
MH		 3169 hci_dev_unlock(hdev);
3170}
3171
6039aa73
GP		 3172static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3173 struct sk_buff *skb)
a5c29683
JH		 3174{
3175 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3176 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3177 struct hci_conn *conn;
a5c29683
JH		 3178
3179 BT_DBG("%s", hdev->name);
3180
3181 hci_dev_lock(hdev);
3182
a8b2d5c2 3183 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3184 goto unlock;
a5c29683 3185
7a828908
JH		 3186 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3187 if (!conn)
3188 goto unlock;
3189
3190 loc_mitm = (conn->auth_type & 0x01);
3191 rem_mitm = (conn->remote_auth & 0x01);
3192
3193 /* If we require MITM but the remote device can't provide that
3194 * (it has NoInputNoOutput) then reject the confirmation
3195 * request. The only exception is when we're dedicated bonding
3196 * initiators (connect_cfm_cb set) since then we always have the MITM
3197 * bit set. */
3198 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3199 BT_DBG("Rejecting request: remote device can't provide MITM");
3200 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3201 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3202 goto unlock;
3203 }
3204
3205 /* If no side requires MITM protection; auto-accept */
3206 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3207 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3208
3209 /* If we're not the initiators request authorization to
3210 * proceed from user space (mgmt_user_confirm with
3211 * confirm_hint set to 1). */
51a8efd7 3212 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3213 BT_DBG("Confirming auto-accept as acceptor");
3214 confirm_hint = 1;
3215 goto confirm;
3216 }
3217
9f61656a 3218 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3219 hdev->auto_accept_delay);
9f61656a
JH		 3220
3221 if (hdev->auto_accept_delay > 0) {
3222 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3223 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3224 goto unlock;
3225 }
3226
7a828908 3227 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3228 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3229 goto unlock;
3230 }
3231
55bc1a37 3232confirm:
272d90df 3233 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3234 confirm_hint);
7a828908
JH		 3235
3236unlock:
a5c29683
JH		 3237 hci_dev_unlock(hdev);
3238}
3239
6039aa73
GP		 3240static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3241 struct sk_buff *skb)
1143d458
BG		 3242{
3243 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3244
3245 BT_DBG("%s", hdev->name);
3246
a8b2d5c2 3247 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3248 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3249}
3250
6039aa73
GP		 3251static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
0493684e
MH		 3253{
3254 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3255 struct hci_conn *conn;
3256
3257 BT_DBG("%s", hdev->name);
3258
3259 hci_dev_lock(hdev);
3260
3261 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3262 if (!conn)
3263 goto unlock;
3264
3265 /* To avoid duplicate auth_failed events to user space we check
3266 * the HCI_CONN_AUTH_PEND flag which will be set if we
3267 * initiated the authentication. A traditional auth_complete
3268 * event gets always produced as initiator and is also mapped to
3269 * the mgmt_auth_failed event */
51a8efd7 3270 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3271 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3272 ev->status);
0493684e 3273
2a611692
JH		 3274 hci_conn_put(conn);
3275
3276unlock:
0493684e
MH		 3277 hci_dev_unlock(hdev);
3278}
3279
6039aa73
GP		 3280static void hci_remote_host_features_evt(struct hci_dev *hdev,
3281 struct sk_buff *skb)
41a96212
MH		 3282{
3283 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3284 struct inquiry_entry *ie;
3285
3286 BT_DBG("%s", hdev->name);
3287
3288 hci_dev_lock(hdev);
3289
cc11b9c1
AE		 3290 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3291 if (ie)
02b7cc62 3292 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3293
3294 hci_dev_unlock(hdev);
3295}
3296
6039aa73
GP		 3297static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3298 struct sk_buff *skb)
2763eda6
SJ		 3299{
3300 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3301 struct oob_data *data;
3302
3303 BT_DBG("%s", hdev->name);
3304
3305 hci_dev_lock(hdev);
3306
a8b2d5c2 3307 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3308 goto unlock;
3309
2763eda6
SJ		 3310 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3311 if (data) {
3312 struct hci_cp_remote_oob_data_reply cp;
3313
3314 bacpy(&cp.bdaddr, &ev->bdaddr);
3315 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3316 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3317
3318 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3319 &cp);
2763eda6
SJ		 3320 } else {
3321 struct hci_cp_remote_oob_data_neg_reply cp;
3322
3323 bacpy(&cp.bdaddr, &ev->bdaddr);
3324 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3325 &cp);
2763eda6
SJ		 3326 }
3327
e1ba1f15 3328unlock:
2763eda6
SJ		 3329 hci_dev_unlock(hdev);
3330}
3331
6039aa73 3332static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3333{
3334 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3335 struct hci_conn *conn;
3336
9f1db00c 3337 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3338
3339 hci_dev_lock(hdev);
3340
4f72b329
AK		 3341 if (ev->status) {
3342 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3343 if (!conn)
3344 goto unlock;
3345
3346 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3347 conn->dst_type, ev->status);
3348 hci_proto_connect_cfm(conn, ev->status);
3349 conn->state = BT_CLOSED;
3350 hci_conn_del(conn);
3351 goto unlock;
3352 }
3353
fcd89c09 3354 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3355 if (!conn) {
3356 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3357 if (!conn) {
3358 BT_ERR("No memory for new connection");
230fd16a 3359 goto unlock;
b62f328b 3360 }
29b7988a
AG		 3361
3362 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3363
3364 if (ev->role == LE_CONN_ROLE_MASTER) {
3365 conn->out = true;
3366 conn->link_mode |= HCI_LM_MASTER;
3367 }
b62f328b 3368 }
fcd89c09 3369
b644ba33
JH		 3370 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3371 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3372 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3373
7b5c0d52 3374 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3375 conn->handle = __le16_to_cpu(ev->handle);
3376 conn->state = BT_CONNECTED;
3377
3378 hci_conn_hold_device(conn);
3379 hci_conn_add_sysfs(conn);
3380
3381 hci_proto_connect_cfm(conn, ev->status);
3382
3383unlock:
3384 hci_dev_unlock(hdev);
3385}
3386
6039aa73 3387static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3388{
e95beb41
AG		 3389 u8 num_reports = skb->data[0];
3390 void *ptr = &skb->data[1];
3c9e9195 3391 s8 rssi;
9aa04c91
AG		 3392
3393 hci_dev_lock(hdev);
3394
e95beb41
AG		 3395 while (num_reports--) {
3396 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3397
3c9e9195
AG		 3398 rssi = ev->data[ev->length];
3399 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3400 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3401
e95beb41 3402 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3403 }
3404
3405 hci_dev_unlock(hdev);
3406}
3407
6039aa73 3408static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3409{
3410 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3411 struct hci_cp_le_ltk_reply cp;
bea710fe 3412 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3413 struct hci_conn *conn;
c9839a11 3414 struct smp_ltk *ltk;
a7a595f6 3415
9f1db00c 3416 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3417
3418 hci_dev_lock(hdev);
3419
3420 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3421 if (conn == NULL)
3422 goto not_found;
a7a595f6 3423
bea710fe
VCG		 3424 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3425 if (ltk == NULL)
3426 goto not_found;
3427
3428 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3429 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3430
3431 if (ltk->authenticated)
3432 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3433
3434 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3435
c9839a11
VCG		 3436 if (ltk->type & HCI_SMP_STK) {
3437 list_del(&ltk->list);
3438 kfree(ltk);
3439 }
3440
a7a595f6 3441 hci_dev_unlock(hdev);
bea710fe
VCG		 3442
3443 return;
3444
3445not_found:
3446 neg.handle = ev->handle;
3447 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3448 hci_dev_unlock(hdev);
a7a595f6
VCG		 3449}
3450
6039aa73 3451static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3452{
3453 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3454
3455 skb_pull(skb, sizeof(*le_ev));
3456
3457 switch (le_ev->subevent) {
3458 case HCI_EV_LE_CONN_COMPLETE:
3459 hci_le_conn_complete_evt(hdev, skb);
3460 break;
3461
9aa04c91
AG		 3462 case HCI_EV_LE_ADVERTISING_REPORT:
3463 hci_le_adv_report_evt(hdev, skb);
3464 break;
3465
a7a595f6
VCG		 3466 case HCI_EV_LE_LTK_REQ:
3467 hci_le_ltk_request_evt(hdev, skb);
3468 break;
3469
fcd89c09
VT		 3470 default:
3471 break;
3472 }
3473}
3474
a9de9248
MH		 3475void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3476{
3477 struct hci_event_hdr *hdr = (void *) skb->data;
3478 __u8 event = hdr->evt;
3479
3480 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3481
3482 switch (event) {
1da177e4
LT		 3483 case HCI_EV_INQUIRY_COMPLETE:
3484 hci_inquiry_complete_evt(hdev, skb);
3485 break;
3486
3487 case HCI_EV_INQUIRY_RESULT:
3488 hci_inquiry_result_evt(hdev, skb);
3489 break;
3490
a9de9248
MH		 3491 case HCI_EV_CONN_COMPLETE:
3492 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3493 break;
3494
1da177e4
LT		 3495 case HCI_EV_CONN_REQUEST:
3496 hci_conn_request_evt(hdev, skb);
3497 break;
3498
1da177e4
LT		 3499 case HCI_EV_DISCONN_COMPLETE:
3500 hci_disconn_complete_evt(hdev, skb);
3501 break;
3502
1da177e4
LT		 3503 case HCI_EV_AUTH_COMPLETE:
3504 hci_auth_complete_evt(hdev, skb);
3505 break;
3506
a9de9248
MH		 3507 case HCI_EV_REMOTE_NAME:
3508 hci_remote_name_evt(hdev, skb);
3509 break;
3510
1da177e4
LT		 3511 case HCI_EV_ENCRYPT_CHANGE:
3512 hci_encrypt_change_evt(hdev, skb);
3513 break;
3514
a9de9248
MH		 3515 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3516 hci_change_link_key_complete_evt(hdev, skb);
3517 break;
3518
3519 case HCI_EV_REMOTE_FEATURES:
3520 hci_remote_features_evt(hdev, skb);
3521 break;
3522
3523 case HCI_EV_REMOTE_VERSION:
3524 hci_remote_version_evt(hdev, skb);
3525 break;
3526
3527 case HCI_EV_QOS_SETUP_COMPLETE:
3528 hci_qos_setup_complete_evt(hdev, skb);
3529 break;
3530
3531 case HCI_EV_CMD_COMPLETE:
3532 hci_cmd_complete_evt(hdev, skb);
3533 break;
3534
3535 case HCI_EV_CMD_STATUS:
3536 hci_cmd_status_evt(hdev, skb);
3537 break;
3538
3539 case HCI_EV_ROLE_CHANGE:
3540 hci_role_change_evt(hdev, skb);
3541 break;
3542
3543 case HCI_EV_NUM_COMP_PKTS:
3544 hci_num_comp_pkts_evt(hdev, skb);
3545 break;
3546
3547 case HCI_EV_MODE_CHANGE:
3548 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3549 break;
3550
3551 case HCI_EV_PIN_CODE_REQ:
3552 hci_pin_code_request_evt(hdev, skb);
3553 break;
3554
3555 case HCI_EV_LINK_KEY_REQ:
3556 hci_link_key_request_evt(hdev, skb);
3557 break;
3558
3559 case HCI_EV_LINK_KEY_NOTIFY:
3560 hci_link_key_notify_evt(hdev, skb);
3561 break;
3562
3563 case HCI_EV_CLOCK_OFFSET:
3564 hci_clock_offset_evt(hdev, skb);
3565 break;
3566
a8746417
MH		 3567 case HCI_EV_PKT_TYPE_CHANGE:
3568 hci_pkt_type_change_evt(hdev, skb);
3569 break;
3570
85a1e930
MH		 3571 case HCI_EV_PSCAN_REP_MODE:
3572 hci_pscan_rep_mode_evt(hdev, skb);
3573 break;
3574
a9de9248
MH		 3575 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3576 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3577 break;
3578
a9de9248
MH		 3579 case HCI_EV_REMOTE_EXT_FEATURES:
3580 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3581 break;
3582
a9de9248
MH		 3583 case HCI_EV_SYNC_CONN_COMPLETE:
3584 hci_sync_conn_complete_evt(hdev, skb);
3585 break;
1da177e4 3586
a9de9248
MH		 3587 case HCI_EV_SYNC_CONN_CHANGED:
3588 hci_sync_conn_changed_evt(hdev, skb);
3589 break;
1da177e4 3590
a9de9248
MH		 3591 case HCI_EV_SNIFF_SUBRATE:
3592 hci_sniff_subrate_evt(hdev, skb);
3593 break;
1da177e4 3594
a9de9248
MH		 3595 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3596 hci_extended_inquiry_result_evt(hdev, skb);
3597 break;
1da177e4 3598
1c2e0041
JH		 3599 case HCI_EV_KEY_REFRESH_COMPLETE:
3600 hci_key_refresh_complete_evt(hdev, skb);
3601 break;
3602
0493684e
MH		 3603 case HCI_EV_IO_CAPA_REQUEST:
3604 hci_io_capa_request_evt(hdev, skb);
3605 break;
3606
03b555e1
JH		 3607 case HCI_EV_IO_CAPA_REPLY:
3608 hci_io_capa_reply_evt(hdev, skb);
3609 break;
3610
a5c29683
JH		 3611 case HCI_EV_USER_CONFIRM_REQUEST:
3612 hci_user_confirm_request_evt(hdev, skb);
3613 break;
3614
1143d458
BG		 3615 case HCI_EV_USER_PASSKEY_REQUEST:
3616 hci_user_passkey_request_evt(hdev, skb);
3617 break;
3618
0493684e
MH		 3619 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3620 hci_simple_pair_complete_evt(hdev, skb);
3621 break;
3622
41a96212
MH		 3623 case HCI_EV_REMOTE_HOST_FEATURES:
3624 hci_remote_host_features_evt(hdev, skb);
3625 break;
3626
fcd89c09
VT		 3627 case HCI_EV_LE_META:
3628 hci_le_meta_evt(hdev, skb);
3629 break;
3630
2763eda6
SJ		 3631 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3632 hci_remote_oob_data_request_evt(hdev, skb);
3633 break;
3634
25e89e99
AE		 3635 case HCI_EV_NUM_COMP_BLOCKS:
3636 hci_num_comp_blocks_evt(hdev, skb);
3637 break;
3638
a9de9248 3639 default:
9f1db00c 3640 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3641 break;
3642 }
3643
3644 kfree_skb(skb);
3645 hdev->stat.evt_rx++;
3646}
kernel source for telekom puls (alcatel/mediatek)