projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: AMP: Check for hs_hcon instead of ctrl_id
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
3159d384
JH		 226
227 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 228}
229
230static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
231{
232 struct hci_rp_read_local_name *rp = (void *) skb->data;
233
9f1db00c 234 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 235
236 if (rp->status)
237 return;
238
db99b5fc
JH		 239 if (test_bit(HCI_SETUP, &hdev->dev_flags))
240 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 241}
242
243static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
244{
245 __u8 status = *((__u8 *) skb->data);
246 void *sent;
247
9f1db00c 248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 249
250 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 if (!sent)
252 return;
253
254 if (!status) {
255 __u8 param = *((__u8 *) sent);
256
257 if (param == AUTH_ENABLED)
258 set_bit(HCI_AUTH, &hdev->flags);
259 else
260 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 261 }
a9de9248 262
33ef95ed
JH		 263 if (test_bit(HCI_MGMT, &hdev->dev_flags))
264 mgmt_auth_enable_complete(hdev, status);
265
23bb5763 266 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 267}
268
a9de9248 269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 270{
a9de9248 271 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 272 void *sent;
273
9f1db00c 274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 275
a9de9248
MH		 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
1da177e4 279
a9de9248
MH		 280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
1da177e4 288
23bb5763 289 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 290}
1da177e4 291
a9de9248
MH		 292static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293{
36f7fc7e
JH		 294 __u8 param, status = *((__u8 *) skb->data);
295 int old_pscan, old_iscan;
a9de9248 296 void *sent;
1da177e4 297
9f1db00c 298 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 299
a9de9248
MH		 300 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
301 if (!sent)
302 return;
1da177e4 303
36f7fc7e
JH		 304 param = *((__u8 *) sent);
305
56e5cb86
JH		 306 hci_dev_lock(hdev);
307
fa1bd918 308 if (status) {
744cf19e 309 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 310 hdev->discov_timeout = 0;
311 goto done;
312 }
313
36f7fc7e
JH		 314 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
315 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316
317 if (param & SCAN_INQUIRY) {
318 set_bit(HCI_ISCAN, &hdev->flags);
319 if (!old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 321 if (hdev->discov_timeout > 0) {
322 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
323 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 324 to);
16ab91ab 325 }
36f7fc7e 326 } else if (old_iscan)
744cf19e 327 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 328
329 if (param & SCAN_PAGE) {
330 set_bit(HCI_PSCAN, &hdev->flags);
331 if (!old_pscan)
744cf19e 332 mgmt_connectable(hdev, 1);
36f7fc7e 333 } else if (old_pscan)
744cf19e 334 mgmt_connectable(hdev, 0);
1da177e4 335
36f7fc7e 336done:
56e5cb86 337 hci_dev_unlock(hdev);
23bb5763 338 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 344
9f1db00c 345 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 346
a9de9248
MH		 347 if (rp->status)
348 return;
1da177e4 349
a9de9248 350 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 351
a9de9248 352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 353 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 354}
1da177e4 355
a9de9248
MH		 356static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
357{
358 __u8 status = *((__u8 *) skb->data);
359 void *sent;
1da177e4 360
9f1db00c 361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 362
a9de9248
MH		 363 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 if (!sent)
365 return;
1da177e4 366
7f9a903c
MH		 367 hci_dev_lock(hdev);
368
369 if (status == 0)
370 memcpy(hdev->dev_class, sent, 3);
371
372 if (test_bit(HCI_MGMT, &hdev->dev_flags))
373 mgmt_set_class_of_dev_complete(hdev, sent, status);
374
375 hci_dev_unlock(hdev);
a9de9248 376}
1da177e4 377
a9de9248
MH		 378static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
379{
380 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 __u16 setting;
382
9f1db00c 383 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 384
385 if (rp->status)
386 return;
387
388 setting = __le16_to_cpu(rp->voice_setting);
389
f383f275 390 if (hdev->voice_setting == setting)
a9de9248
MH		 391 return;
392
393 hdev->voice_setting = setting;
394
9f1db00c 395 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 396
3c54711c 397 if (hdev->notify)
a9de9248 398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 399}
400
8fc9ced3
GP		 401static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 struct sk_buff *skb)
a9de9248
MH		 403{
404 __u8 status = *((__u8 *) skb->data);
f383f275 405 __u16 setting;
a9de9248
MH		 406 void *sent;
407
9f1db00c 408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 409
f383f275
MH		 410 if (status)
411 return;
412
a9de9248
MH		 413 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 if (!sent)
415 return;
1da177e4 416
f383f275 417 setting = get_unaligned_le16(sent);
1da177e4 418
f383f275
MH		 419 if (hdev->voice_setting == setting)
420 return;
421
422 hdev->voice_setting = setting;
1da177e4 423
9f1db00c 424 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 425
3c54711c 426 if (hdev->notify)
f383f275 427 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 428}
429
a9de9248 430static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 431{
a9de9248 432 __u8 status = *((__u8 *) skb->data);
1da177e4 433
9f1db00c 434 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 435
23bb5763 436 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 437}
1143e5a6 438
333140b5
MH		 439static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440{
441 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 442 struct hci_cp_write_ssp_mode *sent;
333140b5 443
9f1db00c 444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 445
333140b5
MH		 446 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 if (!sent)
448 return;
449
5ed8eb2f
JH		 450 if (!status) {
451 if (sent->mode)
452 hdev->host_features[0] |= LMP_HOST_SSP;
453 else
454 hdev->host_features[0] &= ~LMP_HOST_SSP;
455 }
456
ed2c4ee3 457 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 458 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 459 else if (!status) {
5ed8eb2f 460 if (sent->mode)
c0ecddc2
JH		 461 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 else
463 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 }
333140b5
MH		 465}
466
d5859e22
JH		 467static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
468{
976eb20e 469 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 470 return 2;
471
976eb20e 472 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 473 return 1;
474
475 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 476 hdev->lmp_subver == 0x0757)
d5859e22
JH		 477 return 1;
478
479 if (hdev->manufacturer == 15) {
480 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
481 return 1;
482 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
483 return 1;
484 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
485 return 1;
486 }
487
488 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 489 hdev->lmp_subver == 0x1805)
d5859e22
JH		 490 return 1;
491
492 return 0;
493}
494
495static void hci_setup_inquiry_mode(struct hci_dev *hdev)
496{
497 u8 mode;
498
499 mode = hci_get_inquiry_mode(hdev);
500
501 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
502}
503
504static void hci_setup_event_mask(struct hci_dev *hdev)
505{
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
510
6de6c18d
VT		 511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
5a13b095 513 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 514 return;
515
e1171e8d
JH		 516 if (lmp_bredr_capable(hdev)) {
517 events[4] |= 0x01; /* Flow Specification Complete */
518 events[4] |= 0x02; /* Inquiry Result with RSSI */
519 events[4] |= 0x04; /* Read Remote Extended Features Complete */
520 events[5] |= 0x08; /* Synchronous Connection Complete */
521 events[5] |= 0x10; /* Synchronous Connection Changed */
522 }
d5859e22 523
976eb20e 524 if (lmp_inq_rssi_capable(hdev))
a24299e6 525 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 526
999dcd10 527 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 528 events[5] |= 0x20; /* Sniff Subrating */
529
976eb20e 530 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 531 events[5] |= 0x80; /* Encryption Key Refresh Complete */
532
976eb20e 533 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 534 events[5] |= 0x40; /* Extended Inquiry Result */
535
c58e810e 536 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 537 events[7] |= 0x01; /* Enhanced Flush Complete */
538
976eb20e 539 if (lmp_lsto_capable(hdev))
d5859e22
JH		 540 events[6] |= 0x80; /* Link Supervision Timeout Changed */
541
9a1a1996 542 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 543 events[6] |= 0x01; /* IO Capability Request */
544 events[6] |= 0x02; /* IO Capability Response */
545 events[6] |= 0x04; /* User Confirmation Request */
546 events[6] |= 0x08; /* User Passkey Request */
547 events[6] |= 0x10; /* Remote OOB Data Request */
548 events[6] |= 0x20; /* Simple Pairing Complete */
549 events[7] |= 0x04; /* User Passkey Notification */
550 events[7] |= 0x08; /* Keypress Notification */
551 events[7] |= 0x10; /* Remote Host Supported
552 * Features Notification */
553 }
554
c383ddc4 555 if (lmp_le_capable(hdev))
d5859e22
JH		 556 events[7] |= 0x20; /* LE Meta-Event */
557
558 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 559
560 if (lmp_le_capable(hdev)) {
561 memset(events, 0, sizeof(events));
562 events[0] = 0x1f;
563 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
564 sizeof(events), events);
565 }
d5859e22
JH		 566}
567
4611dfa8 568static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 569{
570 struct hci_cp_delete_stored_link_key cp;
571 __le16 param;
572 __u8 flt_type;
573
574 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
575 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
576
577 /* Read Class of Device */
578 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
579
580 /* Read Local Name */
581 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
582
583 /* Read Voice Setting */
584 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
585
586 /* Clear Event Filters */
587 flt_type = HCI_FLT_CLEAR_ALL;
588 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
589
590 /* Connection accept timeout ~20 secs */
591 param = __constant_cpu_to_le16(0x7d00);
592 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
593
594 bacpy(&cp.bdaddr, BDADDR_ANY);
595 cp.delete_all = 1;
596 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
597}
598
4611dfa8 599static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 600{
601 /* Read LE Buffer Size */
602 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 603
604 /* Read LE Advertising Channel TX Power */
605 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 606}
607
d5859e22
JH		 608static void hci_setup(struct hci_dev *hdev)
609{
e61ef499
AE		 610 if (hdev->dev_type != HCI_BREDR)
611 return;
612
e1171e8d
JH		 613 /* Read BD Address */
614 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
615
616 if (lmp_bredr_capable(hdev))
4611dfa8 617 bredr_setup(hdev);
e1171e8d
JH		 618
619 if (lmp_le_capable(hdev))
4611dfa8 620 le_setup(hdev);
e1171e8d 621
d5859e22
JH		 622 hci_setup_event_mask(hdev);
623
d095c1eb 624 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 625 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
626
6d3c730f 627 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 628 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
629 u8 mode = 0x01;
630 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 631 sizeof(mode), &mode);
54d04dbb
JH		 632 } else {
633 struct hci_cp_write_eir cp;
634
635 memset(hdev->eir, 0, sizeof(hdev->eir));
636 memset(&cp, 0, sizeof(cp));
637
638 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
639 }
d5859e22
JH		 640 }
641
976eb20e 642 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 643 hci_setup_inquiry_mode(hdev);
644
976eb20e 645 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 646 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 647
976eb20e 648 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 649 struct hci_cp_read_local_ext_features cp;
650
651 cp.page = 0x01;
04124681
GP		 652 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
653 &cp);
971e3a4b 654 }
e6100a25 655
47990ea0
JH		 656 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
657 u8 enable = 1;
04124681
GP		 658 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
659 &enable);
47990ea0 660 }
d5859e22
JH		 661}
662
a9de9248
MH		 663static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
664{
665 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 666
9f1db00c 667 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 668
a9de9248 669 if (rp->status)
28b8df77 670 goto done;
1143e5a6 671
a9de9248 672 hdev->hci_ver = rp->hci_ver;
e4e8e37c 673 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 674 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 675 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 676 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 677
9f1db00c 678 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 679 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 680
681 if (test_bit(HCI_INIT, &hdev->flags))
682 hci_setup(hdev);
28b8df77
AE		 683
684done:
685 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 686}
687
688static void hci_setup_link_policy(struct hci_dev *hdev)
689{
035100c8 690 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 691 u16 link_policy = 0;
692
9f92ebf6 693 if (lmp_rswitch_capable(hdev))
d5859e22 694 link_policy |= HCI_LP_RSWITCH;
976eb20e 695 if (lmp_hold_capable(hdev))
d5859e22 696 link_policy |= HCI_LP_HOLD;
6eded100 697 if (lmp_sniff_capable(hdev))
d5859e22 698 link_policy |= HCI_LP_SNIFF;
976eb20e 699 if (lmp_park_capable(hdev))
d5859e22
JH		 700 link_policy |= HCI_LP_PARK;
701
035100c8
AE		 702 cp.policy = cpu_to_le16(link_policy);
703 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 704}
1da177e4 705
8fc9ced3
GP		 706static void hci_cc_read_local_commands(struct hci_dev *hdev,
707 struct sk_buff *skb)
a9de9248
MH		 708{
709 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 710
9f1db00c 711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 712
a9de9248 713 if (rp->status)
d5859e22 714 goto done;
1da177e4 715
a9de9248 716 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 717
718 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
719 hci_setup_link_policy(hdev);
720
721done:
722 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 723}
1da177e4 724
8fc9ced3
GP		 725static void hci_cc_read_local_features(struct hci_dev *hdev,
726 struct sk_buff *skb)
a9de9248
MH		 727{
728 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 729
9f1db00c 730 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 731
a9de9248
MH		 732 if (rp->status)
733 return;
5b7f9909 734
a9de9248 735 memcpy(hdev->features, rp->features, 8);
5b7f9909 736
a9de9248
MH		 737 /* Adjust default settings according to features
738 * supported by device. */
1da177e4 739
a9de9248
MH		 740 if (hdev->features[0] & LMP_3SLOT)
741 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 742
a9de9248
MH		 743 if (hdev->features[0] & LMP_5SLOT)
744 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 745
a9de9248
MH		 746 if (hdev->features[1] & LMP_HV2) {
747 hdev->pkt_type |= (HCI_HV2);
748 hdev->esco_type |= (ESCO_HV2);
749 }
1da177e4 750
a9de9248
MH		 751 if (hdev->features[1] & LMP_HV3) {
752 hdev->pkt_type |= (HCI_HV3);
753 hdev->esco_type |= (ESCO_HV3);
754 }
1da177e4 755
45db810f 756 if (lmp_esco_capable(hdev))
a9de9248 757 hdev->esco_type |= (ESCO_EV3);
da1f5198 758
a9de9248
MH		 759 if (hdev->features[4] & LMP_EV4)
760 hdev->esco_type |= (ESCO_EV4);
da1f5198 761
a9de9248
MH		 762 if (hdev->features[4] & LMP_EV5)
763 hdev->esco_type |= (ESCO_EV5);
1da177e4 764
efc7688b
MH		 765 if (hdev->features[5] & LMP_EDR_ESCO_2M)
766 hdev->esco_type |= (ESCO_2EV3);
767
768 if (hdev->features[5] & LMP_EDR_ESCO_3M)
769 hdev->esco_type |= (ESCO_3EV3);
770
771 if (hdev->features[5] & LMP_EDR_3S_ESCO)
772 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
773
a9de9248 774 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 775 hdev->features[0], hdev->features[1],
776 hdev->features[2], hdev->features[3],
777 hdev->features[4], hdev->features[5],
778 hdev->features[6], hdev->features[7]);
a9de9248 779}
1da177e4 780
8f984dfa
JH		 781static void hci_set_le_support(struct hci_dev *hdev)
782{
783 struct hci_cp_write_le_host_supported cp;
784
785 memset(&cp, 0, sizeof(cp));
786
9d42820f 787 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 788 cp.le = 1;
976eb20e 789 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 790 }
791
976eb20e 792 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 793 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
794 &cp);
8f984dfa
JH		 795}
796
971e3a4b 797static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 798 struct sk_buff *skb)
971e3a4b
AG		 799{
800 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
801
9f1db00c 802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 803
804 if (rp->status)
8f984dfa 805 goto done;
971e3a4b 806
b5b32b65
AG		 807 switch (rp->page) {
808 case 0:
809 memcpy(hdev->features, rp->features, 8);
810 break;
811 case 1:
812 memcpy(hdev->host_features, rp->features, 8);
813 break;
814 }
971e3a4b 815
c383ddc4 816 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 817 hci_set_le_support(hdev);
818
819done:
971e3a4b
AG		 820 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
821}
822
1e89cffb 823static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 824 struct sk_buff *skb)
1e89cffb
AE		 825{
826 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
827
9f1db00c 828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 829
830 if (rp->status)
831 return;
832
833 hdev->flow_ctl_mode = rp->mode;
834
835 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
836}
837
a9de9248
MH		 838static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 841
9f1db00c 842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 843
a9de9248
MH		 844 if (rp->status)
845 return;
1da177e4 846
a9de9248
MH		 847 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
848 hdev->sco_mtu = rp->sco_mtu;
849 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
850 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
851
852 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
853 hdev->sco_mtu = 64;
854 hdev->sco_pkts = 8;
1da177e4 855 }
a9de9248
MH		 856
857 hdev->acl_cnt = hdev->acl_pkts;
858 hdev->sco_cnt = hdev->sco_pkts;
859
807deac2
GP		 860 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
861 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 862}
863
864static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
865{
866 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
867
9f1db00c 868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 869
870 if (!rp->status)
871 bacpy(&hdev->bdaddr, &rp->bdaddr);
872
23bb5763
JH		 873 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
874}
875
350ee4cf 876static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 877 struct sk_buff *skb)
350ee4cf
AE		 878{
879 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
880
9f1db00c 881 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 882
883 if (rp->status)
884 return;
885
886 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
887 hdev->block_len = __le16_to_cpu(rp->block_len);
888 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
889
890 hdev->block_cnt = hdev->num_blocks;
891
892 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 893 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 894
895 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
896}
897
23bb5763
JH		 898static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 __u8 status = *((__u8 *) skb->data);
901
9f1db00c 902 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 903
904 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 905}
906
928abaa7 907static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 908 struct sk_buff *skb)
928abaa7
AE		 909{
910 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
911
9f1db00c 912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 913
914 if (rp->status)
8e2a0d92 915 goto a2mp_rsp;
928abaa7
AE		 916
917 hdev->amp_status = rp->amp_status;
918 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
919 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
920 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
921 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
922 hdev->amp_type = rp->amp_type;
923 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
924 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
925 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
926 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
927
928 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 929
930a2mp_rsp:
931 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 932}
933
903e4541
AE		 934static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
935 struct sk_buff *skb)
936{
937 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
938 struct amp_assoc *assoc = &hdev->loc_assoc;
939 size_t rem_len, frag_len;
940
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
942
943 if (rp->status)
944 goto a2mp_rsp;
945
946 frag_len = skb->len - sizeof(*rp);
947 rem_len = __le16_to_cpu(rp->rem_len);
948
949 if (rem_len > frag_len) {
2e430be3 950 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 951
952 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
953 assoc->offset += frag_len;
954
955 /* Read other fragments */
956 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
957
958 return;
959 }
960
961 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
962 assoc->len = assoc->offset + rem_len;
963 assoc->offset = 0;
964
965a2mp_rsp:
966 /* Send A2MP Rsp when all fragments are received */
967 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 968 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 969}
970
b0916ea0 971static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 972 struct sk_buff *skb)
b0916ea0
JH		 973{
974 __u8 status = *((__u8 *) skb->data);
975
9f1db00c 976 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 977
978 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
979}
980
d5859e22
JH		 981static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
982{
983 __u8 status = *((__u8 *) skb->data);
984
9f1db00c 985 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 986
987 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
988}
989
990static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 991 struct sk_buff *skb)
d5859e22
JH		 992{
993 __u8 status = *((__u8 *) skb->data);
994
9f1db00c 995 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 996
997 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
998}
999
1000static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1001 struct sk_buff *skb)
d5859e22 1002{
91c4e9b1 1003 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1004
9f1db00c 1005 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1006
1007 if (!rp->status)
1008 hdev->inq_tx_power = rp->tx_power;
d5859e22 1009
91c4e9b1 1010 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1011}
1012
1013static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1014{
1015 __u8 status = *((__u8 *) skb->data);
1016
9f1db00c 1017 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1018
1019 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1020}
1021
980e1a53
JH		 1022static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1025 struct hci_cp_pin_code_reply *cp;
1026 struct hci_conn *conn;
1027
9f1db00c 1028 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1029
56e5cb86
JH		 1030 hci_dev_lock(hdev);
1031
a8b2d5c2 1032 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1033 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1034
fa1bd918 1035 if (rp->status)
56e5cb86 1036 goto unlock;
980e1a53
JH		 1037
1038 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1039 if (!cp)
56e5cb86 1040 goto unlock;
980e1a53
JH		 1041
1042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1043 if (conn)
1044 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1045
1046unlock:
1047 hci_dev_unlock(hdev);
980e1a53
JH		 1048}
1049
1050static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1051{
1052 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1053
9f1db00c 1054 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1055
56e5cb86
JH		 1056 hci_dev_lock(hdev);
1057
a8b2d5c2 1058 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1059 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1060 rp->status);
56e5cb86
JH		 1061
1062 hci_dev_unlock(hdev);
980e1a53 1063}
56e5cb86 1064
6ed58ec5
VT		 1065static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1067{
1068 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1069
9f1db00c 1070 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1071
1072 if (rp->status)
1073 return;
1074
1075 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1076 hdev->le_pkts = rp->le_max_pkt;
1077
1078 hdev->le_cnt = hdev->le_pkts;
1079
1080 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1081
1082 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1083}
980e1a53 1084
8fa19098
JH		 1085static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1087{
1088 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1089
1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091
1092 if (!rp->status)
1093 hdev->adv_tx_power = rp->tx_power;
1094
1095 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1096}
1097
e36b04c8
JH		 1098static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1099{
1100 __u8 status = *((__u8 *) skb->data);
1101
1102 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1103
1104 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1105}
1106
a5c29683
JH		 1107static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1108{
1109 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1110
9f1db00c 1111 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1112
56e5cb86
JH		 1113 hci_dev_lock(hdev);
1114
a8b2d5c2 1115 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1116 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1117 rp->status);
56e5cb86
JH		 1118
1119 hci_dev_unlock(hdev);
a5c29683
JH		 1120}
1121
1122static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1123 struct sk_buff *skb)
a5c29683
JH		 1124{
1125 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1126
9f1db00c 1127 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1128
56e5cb86
JH		 1129 hci_dev_lock(hdev);
1130
a8b2d5c2 1131 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1132 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1133 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1134
1135 hci_dev_unlock(hdev);
a5c29683
JH		 1136}
1137
1143d458
BG		 1138static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1143
1144 hci_dev_lock(hdev);
1145
a8b2d5c2 1146 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1147 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1148 0, rp->status);
1143d458
BG		 1149
1150 hci_dev_unlock(hdev);
1151}
1152
1153static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1154 struct sk_buff *skb)
1143d458
BG		 1155{
1156 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1157
9f1db00c 1158 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1159
1160 hci_dev_lock(hdev);
1161
a8b2d5c2 1162 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1163 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1164 ACL_LINK, 0, rp->status);
1143d458
BG		 1165
1166 hci_dev_unlock(hdev);
1167}
1168
c35938b2 1169static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1170 struct sk_buff *skb)
c35938b2
SJ		 1171{
1172 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1173
9f1db00c 1174 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1175
56e5cb86 1176 hci_dev_lock(hdev);
744cf19e 1177 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1178 rp->randomizer, rp->status);
56e5cb86 1179 hci_dev_unlock(hdev);
c35938b2
SJ		 1180}
1181
07f7fa5d
AG		 1182static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1183{
1184 __u8 status = *((__u8 *) skb->data);
1185
9f1db00c 1186 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1187
1188 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1189
1190 if (status) {
1191 hci_dev_lock(hdev);
1192 mgmt_start_discovery_failed(hdev, status);
1193 hci_dev_unlock(hdev);
1194 return;
1195 }
07f7fa5d
AG		 1196}
1197
eb9d91f5 1198static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1199 struct sk_buff *skb)
eb9d91f5
AG		 1200{
1201 struct hci_cp_le_set_scan_enable *cp;
1202 __u8 status = *((__u8 *) skb->data);
1203
9f1db00c 1204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1205
eb9d91f5
AG		 1206 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1207 if (!cp)
1208 return;
1209
68a8aea4
AE		 1210 switch (cp->enable) {
1211 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1212 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1213
3fd24153
AG		 1214 if (status) {
1215 hci_dev_lock(hdev);
1216 mgmt_start_discovery_failed(hdev, status);
1217 hci_dev_unlock(hdev);
7ba8b4be 1218 return;
3fd24153 1219 }
7ba8b4be 1220
d23264a8
AG		 1221 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1222
a8f13c8c 1223 hci_dev_lock(hdev);
343f935b 1224 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1225 hci_dev_unlock(hdev);
68a8aea4
AE		 1226 break;
1227
1228 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1229 if (status) {
1230 hci_dev_lock(hdev);
1231 mgmt_stop_discovery_failed(hdev, status);
1232 hci_dev_unlock(hdev);
7ba8b4be 1233 return;
c9ecc48e 1234 }
7ba8b4be 1235
d23264a8
AG		 1236 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1237
bc3dd33c
AG		 1238 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1239 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1240 mgmt_interleaved_discovery(hdev);
1241 } else {
1242 hci_dev_lock(hdev);
1243 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1244 hci_dev_unlock(hdev);
1245 }
1246
68a8aea4
AE		 1247 break;
1248
1249 default:
1250 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1251 break;
35815085 1252 }
eb9d91f5
AG		 1253}
1254
a7a595f6
VCG		 1255static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1256{
1257 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1258
9f1db00c 1259 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1260
1261 if (rp->status)
1262 return;
1263
1264 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1265}
1266
1267static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1268{
1269 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1270
9f1db00c 1271 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1272
1273 if (rp->status)
1274 return;
1275
1276 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1277}
1278
6039aa73
GP		 1279static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1280 struct sk_buff *skb)
f9b49306 1281{
06199cf8 1282 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1283 __u8 status = *((__u8 *) skb->data);
1284
9f1db00c 1285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1286
06199cf8 1287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1288 if (!sent)
f9b49306
AG		 1289 return;
1290
8f984dfa
JH		 1291 if (!status) {
1292 if (sent->le)
1293 hdev->host_features[0] |= LMP_HOST_LE;
1294 else
1295 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1296
1297 if (sent->simul)
1298 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1299 else
1300 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1301 }
1302
1303 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1304 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1305 mgmt_le_enable_complete(hdev, sent->le, status);
1306
1307 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1308}
1309
93c284ee
AE		 1310static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1311 struct sk_buff *skb)
1312{
1313 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1314
1315 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1316 hdev->name, rp->status, rp->phy_handle);
1317
1318 if (rp->status)
1319 return;
1320
1321 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1322}
1323
6039aa73 1324static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1325{
9f1db00c 1326 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1327
1328 if (status) {
23bb5763 1329 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1330 hci_conn_check_pending(hdev);
56e5cb86 1331 hci_dev_lock(hdev);
a8b2d5c2 1332 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1333 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1334 hci_dev_unlock(hdev);
314b2381
JH		 1335 return;
1336 }
1337
89352e7d
AG		 1338 set_bit(HCI_INQUIRY, &hdev->flags);
1339
56e5cb86 1340 hci_dev_lock(hdev);
343f935b 1341 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1342 hci_dev_unlock(hdev);
1da177e4
LT		 1343}
1344
6039aa73 1345static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1346{
a9de9248 1347 struct hci_cp_create_conn *cp;
1da177e4 1348 struct hci_conn *conn;
1da177e4 1349
9f1db00c 1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1351
1352 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1353 if (!cp)
1354 return;
1355
1356 hci_dev_lock(hdev);
1357
1358 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1359
6ed93dc6 1360 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1361
1362 if (status) {
1363 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1364 if (status != 0x0c || conn->attempt > 2) {
1365 conn->state = BT_CLOSED;
1366 hci_proto_connect_cfm(conn, status);
1367 hci_conn_del(conn);
1368 } else
1369 conn->state = BT_CONNECT2;
1da177e4
LT		 1370 }
1371 } else {
1372 if (!conn) {
1373 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1374 if (conn) {
a0c808b3 1375 conn->out = true;
1da177e4
LT		 1376 conn->link_mode |= HCI_LM_MASTER;
1377 } else
893ef971 1378 BT_ERR("No memory for new connection");
1da177e4
LT		 1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383}
1384
a9de9248 1385static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1386{
a9de9248
MH		 1387 struct hci_cp_add_sco *cp;
1388 struct hci_conn *acl, *sco;
1389 __u16 handle;
1da177e4 1390
9f1db00c 1391 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1392
a9de9248
MH		 1393 if (!status)
1394 return;
1da177e4 1395
a9de9248
MH		 1396 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1397 if (!cp)
1398 return;
1da177e4 1399
a9de9248 1400 handle = __le16_to_cpu(cp->handle);
1da177e4 1401
9f1db00c 1402 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1403
a9de9248 1404 hci_dev_lock(hdev);
1da177e4 1405
a9de9248 1406 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1407 if (acl) {
1408 sco = acl->link;
1409 if (sco) {
1410 sco->state = BT_CLOSED;
1da177e4 1411
5a08ecce
AE		 1412 hci_proto_connect_cfm(sco, status);
1413 hci_conn_del(sco);
1414 }
a9de9248 1415 }
1da177e4 1416
a9de9248
MH		 1417 hci_dev_unlock(hdev);
1418}
1da177e4 1419
f8558555
MH		 1420static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_auth_requested *cp;
1423 struct hci_conn *conn;
1424
9f1db00c 1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1426
1427 if (!status)
1428 return;
1429
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1431 if (!cp)
1432 return;
1433
1434 hci_dev_lock(hdev);
1435
1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn) {
1438 if (conn->state == BT_CONFIG) {
1439 hci_proto_connect_cfm(conn, status);
1440 hci_conn_put(conn);
1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
1447static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1448{
1449 struct hci_cp_set_conn_encrypt *cp;
1450 struct hci_conn *conn;
1451
9f1db00c 1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1453
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 if (conn) {
1465 if (conn->state == BT_CONFIG) {
1466 hci_proto_connect_cfm(conn, status);
1467 hci_conn_put(conn);
1468 }
1469 }
1470
1471 hci_dev_unlock(hdev);
1472}
1473
127178d2 1474static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1475 struct hci_conn *conn)
392599b9 1476{
392599b9
JH		 1477 if (conn->state != BT_CONFIG || !conn->out)
1478 return 0;
1479
765c2a96 1480 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1481 return 0;
1482
1483 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1484 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1485 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1486 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1487 return 0;
1488
392599b9
JH		 1489 return 1;
1490}
1491
6039aa73 1492static int hci_resolve_name(struct hci_dev *hdev,
04124681 1493 struct inquiry_entry *e)
30dc78e1
JH		 1494{
1495 struct hci_cp_remote_name_req cp;
1496
1497 memset(&cp, 0, sizeof(cp));
1498
1499 bacpy(&cp.bdaddr, &e->data.bdaddr);
1500 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1501 cp.pscan_mode = e->data.pscan_mode;
1502 cp.clock_offset = e->data.clock_offset;
1503
1504 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1505}
1506
b644ba33 1507static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1508{
1509 struct discovery_state *discov = &hdev->discovery;
1510 struct inquiry_entry *e;
1511
b644ba33
JH		 1512 if (list_empty(&discov->resolve))
1513 return false;
1514
1515 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1516 if (!e)
1517 return false;
1518
b644ba33
JH		 1519 if (hci_resolve_name(hdev, e) == 0) {
1520 e->name_state = NAME_PENDING;
1521 return true;
1522 }
1523
1524 return false;
1525}
1526
1527static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1528 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1529{
1530 struct discovery_state *discov = &hdev->discovery;
1531 struct inquiry_entry *e;
1532
1533 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1534 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1535 name_len, conn->dev_class);
b644ba33
JH		 1536
1537 if (discov->state == DISCOVERY_STOPPED)
1538 return;
1539
30dc78e1
JH		 1540 if (discov->state == DISCOVERY_STOPPING)
1541 goto discov_complete;
1542
1543 if (discov->state != DISCOVERY_RESOLVING)
1544 return;
1545
1546 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1547 /* If the device was not found in a list of found devices names of which
1548 * are pending. there is no need to continue resolving a next name as it
1549 * will be done upon receiving another Remote Name Request Complete
1550 * Event */
1551 if (!e)
1552 return;
1553
1554 list_del(&e->list);
1555 if (name) {
30dc78e1 1556 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1557 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1558 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1559 } else {
1560 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1561 }
1562
b644ba33 1563 if (hci_resolve_next_name(hdev))
30dc78e1 1564 return;
30dc78e1
JH		 1565
1566discov_complete:
1567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1568}
1569
a9de9248
MH		 1570static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1571{
127178d2
JH		 1572 struct hci_cp_remote_name_req *cp;
1573 struct hci_conn *conn;
1574
9f1db00c 1575 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1576
1577 /* If successful wait for the name req complete event before
1578 * checking for the need to do authentication */
1579 if (!status)
1580 return;
1581
1582 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1583 if (!cp)
1584 return;
1585
1586 hci_dev_lock(hdev);
1587
b644ba33
JH		 1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1589
a8b2d5c2 1590 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1591 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1592
79c6c70c
JH		 1593 if (!conn)
1594 goto unlock;
1595
1596 if (!hci_outgoing_auth_needed(hdev, conn))
1597 goto unlock;
1598
51a8efd7 1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1600 struct hci_cp_auth_requested cp;
1601 cp.handle = __cpu_to_le16(conn->handle);
1602 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1603 }
1604
79c6c70c 1605unlock:
127178d2 1606 hci_dev_unlock(hdev);
a9de9248 1607}
1da177e4 1608
769be974
MH		 1609static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1610{
1611 struct hci_cp_read_remote_features *cp;
1612 struct hci_conn *conn;
1613
9f1db00c 1614 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1615
1616 if (!status)
1617 return;
1618
1619 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1620 if (!cp)
1621 return;
1622
1623 hci_dev_lock(hdev);
1624
1625 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1626 if (conn) {
1627 if (conn->state == BT_CONFIG) {
769be974
MH		 1628 hci_proto_connect_cfm(conn, status);
1629 hci_conn_put(conn);
1630 }
1631 }
1632
1633 hci_dev_unlock(hdev);
1634}
1635
1636static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1637{
1638 struct hci_cp_read_remote_ext_features *cp;
1639 struct hci_conn *conn;
1640
9f1db00c 1641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1642
1643 if (!status)
1644 return;
1645
1646 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1647 if (!cp)
1648 return;
1649
1650 hci_dev_lock(hdev);
1651
1652 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1653 if (conn) {
1654 if (conn->state == BT_CONFIG) {
769be974
MH		 1655 hci_proto_connect_cfm(conn, status);
1656 hci_conn_put(conn);
1657 }
1658 }
1659
1660 hci_dev_unlock(hdev);
1661}
1662
a9de9248
MH		 1663static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1664{
b6a0dc82
MH		 1665 struct hci_cp_setup_sync_conn *cp;
1666 struct hci_conn *acl, *sco;
1667 __u16 handle;
1668
9f1db00c 1669 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1670
1671 if (!status)
1672 return;
1673
1674 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1675 if (!cp)
1676 return;
1677
1678 handle = __le16_to_cpu(cp->handle);
1679
9f1db00c 1680 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1681
1682 hci_dev_lock(hdev);
1683
1684 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1685 if (acl) {
1686 sco = acl->link;
1687 if (sco) {
1688 sco->state = BT_CLOSED;
b6a0dc82 1689
5a08ecce
AE		 1690 hci_proto_connect_cfm(sco, status);
1691 hci_conn_del(sco);
1692 }
b6a0dc82
MH		 1693 }
1694
1695 hci_dev_unlock(hdev);
1da177e4
LT		 1696}
1697
a9de9248 1698static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1699{
a9de9248
MH		 1700 struct hci_cp_sniff_mode *cp;
1701 struct hci_conn *conn;
1da177e4 1702
9f1db00c 1703 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1704
a9de9248
MH		 1705 if (!status)
1706 return;
04837f64 1707
a9de9248
MH		 1708 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1709 if (!cp)
1710 return;
04837f64 1711
a9de9248 1712 hci_dev_lock(hdev);
04837f64 1713
a9de9248 1714 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1715 if (conn) {
51a8efd7 1716 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1717
51a8efd7 1718 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1719 hci_sco_setup(conn, status);
1720 }
1721
a9de9248
MH		 1722 hci_dev_unlock(hdev);
1723}
04837f64 1724
a9de9248
MH		 1725static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1726{
1727 struct hci_cp_exit_sniff_mode *cp;
1728 struct hci_conn *conn;
04837f64 1729
9f1db00c 1730 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1731
a9de9248
MH		 1732 if (!status)
1733 return;
04837f64 1734
a9de9248
MH		 1735 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1736 if (!cp)
1737 return;
04837f64 1738
a9de9248 1739 hci_dev_lock(hdev);
1da177e4 1740
a9de9248 1741 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1742 if (conn) {
51a8efd7 1743 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1744
51a8efd7 1745 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1746 hci_sco_setup(conn, status);
1747 }
1748
a9de9248 1749 hci_dev_unlock(hdev);
1da177e4
LT		 1750}
1751
88c3df13
JH		 1752static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1753{
1754 struct hci_cp_disconnect *cp;
1755 struct hci_conn *conn;
1756
1757 if (!status)
1758 return;
1759
1760 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1761 if (!cp)
1762 return;
1763
1764 hci_dev_lock(hdev);
1765
1766 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1767 if (conn)
1768 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1769 conn->dst_type, status);
88c3df13
JH		 1770
1771 hci_dev_unlock(hdev);
1772}
1773
fcd89c09
VT		 1774static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1775{
fcd89c09
VT		 1776 struct hci_conn *conn;
1777
9f1db00c 1778 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1779
f00a06ac
AG		 1780 if (status) {
1781 hci_dev_lock(hdev);
fcd89c09 1782
0c95ab78 1783 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1784 if (!conn) {
1785 hci_dev_unlock(hdev);
1786 return;
1787 }
fcd89c09 1788
6ed93dc6 1789 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1790
f00a06ac 1791 conn->state = BT_CLOSED;
0c95ab78 1792 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1793 conn->dst_type, status);
1794 hci_proto_connect_cfm(conn, status);
1795 hci_conn_del(conn);
fcd89c09 1796
f00a06ac
AG		 1797 hci_dev_unlock(hdev);
1798 }
fcd89c09
VT		 1799}
1800
a7a595f6
VCG		 1801static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1802{
9f1db00c 1803 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1804}
1805
a02226d6
AE		 1806static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1807{
93c284ee
AE		 1808 struct hci_cp_create_phy_link *cp;
1809
a02226d6 1810 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1811
93c284ee
AE		 1812 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1813 if (!cp)
1814 return;
1815
e58917b9
AE		 1816 hci_dev_lock(hdev);
1817
1818 if (status) {
1819 struct hci_conn *hcon;
1820
1821 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1822 if (hcon)
1823 hci_conn_del(hcon);
1824 } else {
1825 amp_write_remote_assoc(hdev, cp->phy_handle);
1826 }
1827
1828 hci_dev_unlock(hdev);
a02226d6
AE		 1829}
1830
0b26ab9d
AE		 1831static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1832{
1833 struct hci_cp_accept_phy_link *cp;
1834
1835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836
1837 if (status)
1838 return;
1839
1840 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1841 if (!cp)
1842 return;
1843
1844 amp_write_remote_assoc(hdev, cp->phy_handle);
1845}
1846
5ce66b59
AE		 1847static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1848{
1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1850}
1851
6039aa73 1852static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1853{
1854 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1855 struct discovery_state *discov = &hdev->discovery;
1856 struct inquiry_entry *e;
1da177e4 1857
9f1db00c 1858 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1859
23bb5763 1860 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1861
a9de9248 1862 hci_conn_check_pending(hdev);
89352e7d
AG		 1863
1864 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1865 return;
1866
a8b2d5c2 1867 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1868 return;
1869
56e5cb86 1870 hci_dev_lock(hdev);
30dc78e1 1871
343f935b 1872 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1873 goto unlock;
1874
1875 if (list_empty(&discov->resolve)) {
1876 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1877 goto unlock;
1878 }
1879
1880 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1881 if (e && hci_resolve_name(hdev, e) == 0) {
1882 e->name_state = NAME_PENDING;
1883 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1884 } else {
1885 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1886 }
1887
1888unlock:
56e5cb86 1889 hci_dev_unlock(hdev);
1da177e4
LT		 1890}
1891
6039aa73 1892static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1893{
45bb4bf0 1894 struct inquiry_data data;
a9de9248 1895 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1896 int num_rsp = *((__u8 *) skb->data);
1897
1898 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1899
45bb4bf0
MH		 1900 if (!num_rsp)
1901 return;
1902
1519cc17
AG		 1903 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1904 return;
1905
1da177e4 1906 hci_dev_lock(hdev);
45bb4bf0 1907
e17acd40 1908 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1909 bool name_known, ssp;
3175405b 1910
1da177e4
LT		 1911 bacpy(&data.bdaddr, &info->bdaddr);
1912 data.pscan_rep_mode = info->pscan_rep_mode;
1913 data.pscan_period_mode = info->pscan_period_mode;
1914 data.pscan_mode = info->pscan_mode;
1915 memcpy(data.dev_class, info->dev_class, 3);
1916 data.clock_offset = info->clock_offset;
1917 data.rssi = 0x00;
41a96212 1918 data.ssp_mode = 0x00;
3175405b 1919
388fc8fa 1920 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1921 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1922 info->dev_class, 0, !name_known, ssp, NULL,
1923 0);
1da177e4 1924 }
45bb4bf0 1925
1da177e4
LT		 1926 hci_dev_unlock(hdev);
1927}
1928
6039aa73 1929static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1930{
a9de9248
MH		 1931 struct hci_ev_conn_complete *ev = (void *) skb->data;
1932 struct hci_conn *conn;
1da177e4
LT		 1933
1934 BT_DBG("%s", hdev->name);
1935
1936 hci_dev_lock(hdev);
1937
1938 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1939 if (!conn) {
1940 if (ev->link_type != SCO_LINK)
1941 goto unlock;
1942
1943 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1944 if (!conn)
1945 goto unlock;
1946
1947 conn->type = SCO_LINK;
1948 }
1da177e4
LT		 1949
1950 if (!ev->status) {
1951 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1952
1953 if (conn->type == ACL_LINK) {
1954 conn->state = BT_CONFIG;
1955 hci_conn_hold(conn);
a9ea3ed9
SJ		 1956
1957 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1958 !hci_find_link_key(hdev, &ev->bdaddr))
1959 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1960 else
1961 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1962 } else
1963 conn->state = BT_CONNECTED;
1da177e4 1964
9eba32b8 1965 hci_conn_hold_device(conn);
7d0db0a3
MH		 1966 hci_conn_add_sysfs(conn);
1967
1da177e4
LT		 1968 if (test_bit(HCI_AUTH, &hdev->flags))
1969 conn->link_mode |= HCI_LM_AUTH;
1970
1971 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1972 conn->link_mode |= HCI_LM_ENCRYPT;
1973
04837f64
MH		 1974 /* Get remote features */
1975 if (conn->type == ACL_LINK) {
1976 struct hci_cp_read_remote_features cp;
1977 cp.handle = ev->handle;
769be974 1978 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1979 sizeof(cp), &cp);
04837f64
MH		 1980 }
1981
1da177e4 1982 /* Set packet type for incoming connection */
d095c1eb 1983 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1984 struct hci_cp_change_conn_ptype cp;
1985 cp.handle = ev->handle;
a8746417 1986 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1987 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1988 &cp);
1da177e4 1989 }
17d5c04c 1990 } else {
1da177e4 1991 conn->state = BT_CLOSED;
17d5c04c 1992 if (conn->type == ACL_LINK)
744cf19e 1993 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1994 conn->dst_type, ev->status);
17d5c04c 1995 }
1da177e4 1996
e73439d8
MH		 1997 if (conn->type == ACL_LINK)
1998 hci_sco_setup(conn, ev->status);
1da177e4 1999
769be974
MH		 2000 if (ev->status) {
2001 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2002 hci_conn_del(conn);
c89b6e6b
MH		 2003 } else if (ev->link_type != ACL_LINK)
2004 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2005
a9de9248 2006unlock:
1da177e4 2007 hci_dev_unlock(hdev);
1da177e4 2008
a9de9248 2009 hci_conn_check_pending(hdev);
1da177e4
LT		 2010}
2011
6039aa73 2012static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2013{
a9de9248
MH		 2014 struct hci_ev_conn_request *ev = (void *) skb->data;
2015 int mask = hdev->link_mode;
1da177e4 2016
6ed93dc6 2017 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2018 ev->link_type);
1da177e4 2019
a9de9248 2020 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2021
138d22ef 2022 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2023 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2024 /* Connection accepted */
c7bdd502 2025 struct inquiry_entry *ie;
1da177e4 2026 struct hci_conn *conn;
1da177e4 2027
a9de9248 2028 hci_dev_lock(hdev);
b6a0dc82 2029
cc11b9c1
AE		 2030 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2031 if (ie)
c7bdd502
MH		 2032 memcpy(ie->data.dev_class, ev->dev_class, 3);
2033
8fc9ced3
GP		 2034 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2035 &ev->bdaddr);
a9de9248 2036 if (!conn) {
cc11b9c1
AE		 2037 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2038 if (!conn) {
893ef971 2039 BT_ERR("No memory for new connection");
a9de9248
MH		 2040 hci_dev_unlock(hdev);
2041 return;
1da177e4
LT		 2042 }
2043 }
b6a0dc82 2044
a9de9248
MH		 2045 memcpy(conn->dev_class, ev->dev_class, 3);
2046 conn->state = BT_CONNECT;
b6a0dc82 2047
a9de9248 2048 hci_dev_unlock(hdev);
1da177e4 2049
b6a0dc82
MH		 2050 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2051 struct hci_cp_accept_conn_req cp;
1da177e4 2052
b6a0dc82
MH		 2053 bacpy(&cp.bdaddr, &ev->bdaddr);
2054
2055 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2056 cp.role = 0x00; /* Become master */
2057 else
2058 cp.role = 0x01; /* Remain slave */
2059
04124681
GP		 2060 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2061 &cp);
b6a0dc82
MH		 2062 } else {
2063 struct hci_cp_accept_sync_conn_req cp;
2064
2065 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2066 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2067
82781e63
AE		 2068 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2069 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2070 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2071 cp.content_format = cpu_to_le16(hdev->voice_setting);
2072 cp.retrans_effort = 0xff;
1da177e4 2073
b6a0dc82 2074 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2075 sizeof(cp), &cp);
b6a0dc82 2076 }
a9de9248
MH		 2077 } else {
2078 /* Connection rejected */
2079 struct hci_cp_reject_conn_req cp;
1da177e4 2080
a9de9248 2081 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2082 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2083 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2084 }
1da177e4
LT		 2085}
2086
f0d6a0ea
MA		 2087static u8 hci_to_mgmt_reason(u8 err)
2088{
2089 switch (err) {
2090 case HCI_ERROR_CONNECTION_TIMEOUT:
2091 return MGMT_DEV_DISCONN_TIMEOUT;
2092 case HCI_ERROR_REMOTE_USER_TERM:
2093 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2094 case HCI_ERROR_REMOTE_POWER_OFF:
2095 return MGMT_DEV_DISCONN_REMOTE;
2096 case HCI_ERROR_LOCAL_HOST_TERM:
2097 return MGMT_DEV_DISCONN_LOCAL_HOST;
2098 default:
2099 return MGMT_DEV_DISCONN_UNKNOWN;
2100 }
2101}
2102
6039aa73 2103static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2104{
a9de9248 2105 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2106 struct hci_conn *conn;
2107
9f1db00c 2108 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2109
2110 hci_dev_lock(hdev);
2111
2112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2113 if (!conn)
2114 goto unlock;
7d0db0a3 2115
37d9ef76
JH		 2116 if (ev->status == 0)
2117 conn->state = BT_CLOSED;
04837f64 2118
b644ba33 2119 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2120 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2121 if (ev->status) {
88c3df13 2122 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2123 conn->dst_type, ev->status);
f0d6a0ea
MA		 2124 } else {
2125 u8 reason = hci_to_mgmt_reason(ev->reason);
2126
afc747a6 2127 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2128 conn->dst_type, reason);
2129 }
37d9ef76 2130 }
f7520543 2131
37d9ef76 2132 if (ev->status == 0) {
6ec5bcad
VA		 2133 if (conn->type == ACL_LINK && conn->flush_key)
2134 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2135 hci_proto_disconn_cfm(conn, ev->reason);
2136 hci_conn_del(conn);
2137 }
f7520543
JH		 2138
2139unlock:
04837f64
MH		 2140 hci_dev_unlock(hdev);
2141}
2142
6039aa73 2143static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2144{
a9de9248 2145 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2146 struct hci_conn *conn;
1da177e4 2147
9f1db00c 2148 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2149
2150 hci_dev_lock(hdev);
2151
04837f64 2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2153 if (!conn)
2154 goto unlock;
2155
2156 if (!ev->status) {
aa64a8b5 2157 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2158 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2159 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2160 } else {
d7556e20
WR		 2161 conn->link_mode |= HCI_LM_AUTH;
2162 conn->sec_level = conn->pending_sec_level;
2a611692 2163 }
d7556e20 2164 } else {
bab73cb6 2165 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2166 ev->status);
d7556e20 2167 }
1da177e4 2168
51a8efd7
JH		 2169 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2170 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2171
d7556e20 2172 if (conn->state == BT_CONFIG) {
aa64a8b5 2173 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2174 struct hci_cp_set_conn_encrypt cp;
2175 cp.handle = ev->handle;
2176 cp.encrypt = 0x01;
2177 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2178 &cp);
052b30b0 2179 } else {
d7556e20
WR		 2180 conn->state = BT_CONNECTED;
2181 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2182 hci_conn_put(conn);
2183 }
d7556e20
WR		 2184 } else {
2185 hci_auth_cfm(conn, ev->status);
052b30b0 2186
d7556e20
WR		 2187 hci_conn_hold(conn);
2188 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2189 hci_conn_put(conn);
2190 }
2191
51a8efd7 2192 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2193 if (!ev->status) {
2194 struct hci_cp_set_conn_encrypt cp;
2195 cp.handle = ev->handle;
2196 cp.encrypt = 0x01;
2197 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2198 &cp);
d7556e20 2199 } else {
51a8efd7 2200 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2201 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2202 }
2203 }
2204
d7556e20 2205unlock:
1da177e4
LT		 2206 hci_dev_unlock(hdev);
2207}
2208
6039aa73 2209static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2210{
127178d2
JH		 2211 struct hci_ev_remote_name *ev = (void *) skb->data;
2212 struct hci_conn *conn;
2213
a9de9248 2214 BT_DBG("%s", hdev->name);
1da177e4 2215
a9de9248 2216 hci_conn_check_pending(hdev);
127178d2
JH		 2217
2218 hci_dev_lock(hdev);
2219
b644ba33 2220 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2221
b644ba33
JH		 2222 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2223 goto check_auth;
a88a9652 2224
b644ba33
JH		 2225 if (ev->status == 0)
2226 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2227 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2228 else
2229 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2230
2231check_auth:
79c6c70c
JH		 2232 if (!conn)
2233 goto unlock;
2234
2235 if (!hci_outgoing_auth_needed(hdev, conn))
2236 goto unlock;
2237
51a8efd7 2238 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2239 struct hci_cp_auth_requested cp;
2240 cp.handle = __cpu_to_le16(conn->handle);
2241 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2242 }
2243
79c6c70c 2244unlock:
127178d2 2245 hci_dev_unlock(hdev);
a9de9248
MH		 2246}
2247
6039aa73 2248static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2249{
2250 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2251 struct hci_conn *conn;
2252
9f1db00c 2253 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2254
2255 hci_dev_lock(hdev);
2256
04837f64 2257 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2258 if (conn) {
2259 if (!ev->status) {
ae293196
MH		 2260 if (ev->encrypt) {
2261 /* Encryption implies authentication */
2262 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2263 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2264 conn->sec_level = conn->pending_sec_level;
ae293196 2265 } else
1da177e4
LT		 2266 conn->link_mode &= ~HCI_LM_ENCRYPT;
2267 }
2268
51a8efd7 2269 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2270
a7d7723a 2271 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2272 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2273 hci_conn_put(conn);
2274 goto unlock;
2275 }
2276
f8558555
MH		 2277 if (conn->state == BT_CONFIG) {
2278 if (!ev->status)
2279 conn->state = BT_CONNECTED;
2280
2281 hci_proto_connect_cfm(conn, ev->status);
2282 hci_conn_put(conn);
2283 } else
2284 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2285 }
2286
a7d7723a 2287unlock:
1da177e4
LT		 2288 hci_dev_unlock(hdev);
2289}
2290
6039aa73
GP		 2291static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2292 struct sk_buff *skb)
1da177e4 2293{
a9de9248 2294 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2295 struct hci_conn *conn;
1da177e4 2296
9f1db00c 2297 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2298
2299 hci_dev_lock(hdev);
2300
04837f64 2301 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2302 if (conn) {
2303 if (!ev->status)
2304 conn->link_mode |= HCI_LM_SECURE;
2305
51a8efd7 2306 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2307
2308 hci_key_change_cfm(conn, ev->status);
2309 }
2310
2311 hci_dev_unlock(hdev);
2312}
2313
6039aa73
GP		 2314static void hci_remote_features_evt(struct hci_dev *hdev,
2315 struct sk_buff *skb)
1da177e4 2316{
a9de9248
MH		 2317 struct hci_ev_remote_features *ev = (void *) skb->data;
2318 struct hci_conn *conn;
2319
9f1db00c 2320 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2321
a9de9248
MH		 2322 hci_dev_lock(hdev);
2323
2324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2325 if (!conn)
2326 goto unlock;
769be974 2327
ccd556fe
JH		 2328 if (!ev->status)
2329 memcpy(conn->features, ev->features, 8);
2330
2331 if (conn->state != BT_CONFIG)
2332 goto unlock;
2333
2334 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2335 struct hci_cp_read_remote_ext_features cp;
2336 cp.handle = ev->handle;
2337 cp.page = 0x01;
2338 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2339 sizeof(cp), &cp);
392599b9
JH		 2340 goto unlock;
2341 }
2342
671267bf 2343 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2344 struct hci_cp_remote_name_req cp;
2345 memset(&cp, 0, sizeof(cp));
2346 bacpy(&cp.bdaddr, &conn->dst);
2347 cp.pscan_rep_mode = 0x02;
2348 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2349 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2350 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2351 conn->dst_type, 0, NULL, 0,
2352 conn->dev_class);
392599b9 2353
127178d2 2354 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2355 conn->state = BT_CONNECTED;
2356 hci_proto_connect_cfm(conn, ev->status);
2357 hci_conn_put(conn);
769be974 2358 }
a9de9248 2359
ccd556fe 2360unlock:
a9de9248 2361 hci_dev_unlock(hdev);
1da177e4
LT		 2362}
2363
6039aa73 2364static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2365{
a9de9248 2366 BT_DBG("%s", hdev->name);
1da177e4
LT		 2367}
2368
6039aa73
GP		 2369static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2370 struct sk_buff *skb)
1da177e4 2371{
a9de9248 2372 BT_DBG("%s", hdev->name);
1da177e4
LT		 2373}
2374
6039aa73 2375static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2376{
2377 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2378 __u16 opcode;
2379
2380 skb_pull(skb, sizeof(*ev));
2381
2382 opcode = __le16_to_cpu(ev->opcode);
2383
2384 switch (opcode) {
2385 case HCI_OP_INQUIRY_CANCEL:
2386 hci_cc_inquiry_cancel(hdev, skb);
2387 break;
2388
4d93483b
AG		 2389 case HCI_OP_PERIODIC_INQ:
2390 hci_cc_periodic_inq(hdev, skb);
2391 break;
2392
a9de9248
MH		 2393 case HCI_OP_EXIT_PERIODIC_INQ:
2394 hci_cc_exit_periodic_inq(hdev, skb);
2395 break;
2396
2397 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2398 hci_cc_remote_name_req_cancel(hdev, skb);
2399 break;
2400
2401 case HCI_OP_ROLE_DISCOVERY:
2402 hci_cc_role_discovery(hdev, skb);
2403 break;
2404
e4e8e37c
MH		 2405 case HCI_OP_READ_LINK_POLICY:
2406 hci_cc_read_link_policy(hdev, skb);
2407 break;
2408
a9de9248
MH		 2409 case HCI_OP_WRITE_LINK_POLICY:
2410 hci_cc_write_link_policy(hdev, skb);
2411 break;
2412
e4e8e37c
MH		 2413 case HCI_OP_READ_DEF_LINK_POLICY:
2414 hci_cc_read_def_link_policy(hdev, skb);
2415 break;
2416
2417 case HCI_OP_WRITE_DEF_LINK_POLICY:
2418 hci_cc_write_def_link_policy(hdev, skb);
2419 break;
2420
a9de9248
MH		 2421 case HCI_OP_RESET:
2422 hci_cc_reset(hdev, skb);
2423 break;
2424
2425 case HCI_OP_WRITE_LOCAL_NAME:
2426 hci_cc_write_local_name(hdev, skb);
2427 break;
2428
2429 case HCI_OP_READ_LOCAL_NAME:
2430 hci_cc_read_local_name(hdev, skb);
2431 break;
2432
2433 case HCI_OP_WRITE_AUTH_ENABLE:
2434 hci_cc_write_auth_enable(hdev, skb);
2435 break;
2436
2437 case HCI_OP_WRITE_ENCRYPT_MODE:
2438 hci_cc_write_encrypt_mode(hdev, skb);
2439 break;
2440
2441 case HCI_OP_WRITE_SCAN_ENABLE:
2442 hci_cc_write_scan_enable(hdev, skb);
2443 break;
2444
2445 case HCI_OP_READ_CLASS_OF_DEV:
2446 hci_cc_read_class_of_dev(hdev, skb);
2447 break;
2448
2449 case HCI_OP_WRITE_CLASS_OF_DEV:
2450 hci_cc_write_class_of_dev(hdev, skb);
2451 break;
2452
2453 case HCI_OP_READ_VOICE_SETTING:
2454 hci_cc_read_voice_setting(hdev, skb);
2455 break;
2456
2457 case HCI_OP_WRITE_VOICE_SETTING:
2458 hci_cc_write_voice_setting(hdev, skb);
2459 break;
2460
2461 case HCI_OP_HOST_BUFFER_SIZE:
2462 hci_cc_host_buffer_size(hdev, skb);
2463 break;
2464
333140b5
MH		 2465 case HCI_OP_WRITE_SSP_MODE:
2466 hci_cc_write_ssp_mode(hdev, skb);
2467 break;
2468
a9de9248
MH		 2469 case HCI_OP_READ_LOCAL_VERSION:
2470 hci_cc_read_local_version(hdev, skb);
2471 break;
2472
2473 case HCI_OP_READ_LOCAL_COMMANDS:
2474 hci_cc_read_local_commands(hdev, skb);
2475 break;
2476
2477 case HCI_OP_READ_LOCAL_FEATURES:
2478 hci_cc_read_local_features(hdev, skb);
2479 break;
2480
971e3a4b
AG		 2481 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2482 hci_cc_read_local_ext_features(hdev, skb);
2483 break;
2484
a9de9248
MH		 2485 case HCI_OP_READ_BUFFER_SIZE:
2486 hci_cc_read_buffer_size(hdev, skb);
2487 break;
2488
2489 case HCI_OP_READ_BD_ADDR:
2490 hci_cc_read_bd_addr(hdev, skb);
2491 break;
2492
350ee4cf
AE		 2493 case HCI_OP_READ_DATA_BLOCK_SIZE:
2494 hci_cc_read_data_block_size(hdev, skb);
2495 break;
2496
23bb5763
JH		 2497 case HCI_OP_WRITE_CA_TIMEOUT:
2498 hci_cc_write_ca_timeout(hdev, skb);
2499 break;
2500
1e89cffb
AE		 2501 case HCI_OP_READ_FLOW_CONTROL_MODE:
2502 hci_cc_read_flow_control_mode(hdev, skb);
2503 break;
2504
928abaa7
AE		 2505 case HCI_OP_READ_LOCAL_AMP_INFO:
2506 hci_cc_read_local_amp_info(hdev, skb);
2507 break;
2508
903e4541
AE		 2509 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2510 hci_cc_read_local_amp_assoc(hdev, skb);
2511 break;
2512
b0916ea0
JH		 2513 case HCI_OP_DELETE_STORED_LINK_KEY:
2514 hci_cc_delete_stored_link_key(hdev, skb);
2515 break;
2516
d5859e22
JH		 2517 case HCI_OP_SET_EVENT_MASK:
2518 hci_cc_set_event_mask(hdev, skb);
2519 break;
2520
2521 case HCI_OP_WRITE_INQUIRY_MODE:
2522 hci_cc_write_inquiry_mode(hdev, skb);
2523 break;
2524
2525 case HCI_OP_READ_INQ_RSP_TX_POWER:
2526 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2527 break;
2528
2529 case HCI_OP_SET_EVENT_FLT:
2530 hci_cc_set_event_flt(hdev, skb);
2531 break;
2532
980e1a53
JH		 2533 case HCI_OP_PIN_CODE_REPLY:
2534 hci_cc_pin_code_reply(hdev, skb);
2535 break;
2536
2537 case HCI_OP_PIN_CODE_NEG_REPLY:
2538 hci_cc_pin_code_neg_reply(hdev, skb);
2539 break;
2540
c35938b2
SJ		 2541 case HCI_OP_READ_LOCAL_OOB_DATA:
2542 hci_cc_read_local_oob_data_reply(hdev, skb);
2543 break;
2544
6ed58ec5
VT		 2545 case HCI_OP_LE_READ_BUFFER_SIZE:
2546 hci_cc_le_read_buffer_size(hdev, skb);
2547 break;
2548
8fa19098
JH		 2549 case HCI_OP_LE_READ_ADV_TX_POWER:
2550 hci_cc_le_read_adv_tx_power(hdev, skb);
2551 break;
2552
e36b04c8
JH		 2553 case HCI_OP_LE_SET_EVENT_MASK:
2554 hci_cc_le_set_event_mask(hdev, skb);
2555 break;
2556
a5c29683
JH		 2557 case HCI_OP_USER_CONFIRM_REPLY:
2558 hci_cc_user_confirm_reply(hdev, skb);
2559 break;
2560
2561 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2562 hci_cc_user_confirm_neg_reply(hdev, skb);
2563 break;
2564
1143d458
BG		 2565 case HCI_OP_USER_PASSKEY_REPLY:
2566 hci_cc_user_passkey_reply(hdev, skb);
2567 break;
2568
2569 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2570 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2571 break;
07f7fa5d
AG		 2572
2573 case HCI_OP_LE_SET_SCAN_PARAM:
2574 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2575 break;
2576
eb9d91f5
AG		 2577 case HCI_OP_LE_SET_SCAN_ENABLE:
2578 hci_cc_le_set_scan_enable(hdev, skb);
2579 break;
2580
a7a595f6
VCG		 2581 case HCI_OP_LE_LTK_REPLY:
2582 hci_cc_le_ltk_reply(hdev, skb);
2583 break;
2584
2585 case HCI_OP_LE_LTK_NEG_REPLY:
2586 hci_cc_le_ltk_neg_reply(hdev, skb);
2587 break;
2588
f9b49306
AG		 2589 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2590 hci_cc_write_le_host_supported(hdev, skb);
2591 break;
2592
93c284ee
AE		 2593 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2594 hci_cc_write_remote_amp_assoc(hdev, skb);
2595 break;
2596
a9de9248 2597 default:
9f1db00c 2598 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2599 break;
2600 }
2601
6bd32326
VT		 2602 if (ev->opcode != HCI_OP_NOP)
2603 del_timer(&hdev->cmd_timer);
2604
a9de9248
MH		 2605 if (ev->ncmd) {
2606 atomic_set(&hdev->cmd_cnt, 1);
2607 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2608 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2609 }
2610}
2611
6039aa73 2612static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2613{
2614 struct hci_ev_cmd_status *ev = (void *) skb->data;
2615 __u16 opcode;
2616
2617 skb_pull(skb, sizeof(*ev));
2618
2619 opcode = __le16_to_cpu(ev->opcode);
2620
2621 switch (opcode) {
2622 case HCI_OP_INQUIRY:
2623 hci_cs_inquiry(hdev, ev->status);
2624 break;
2625
2626 case HCI_OP_CREATE_CONN:
2627 hci_cs_create_conn(hdev, ev->status);
2628 break;
2629
2630 case HCI_OP_ADD_SCO:
2631 hci_cs_add_sco(hdev, ev->status);
2632 break;
2633
f8558555
MH		 2634 case HCI_OP_AUTH_REQUESTED:
2635 hci_cs_auth_requested(hdev, ev->status);
2636 break;
2637
2638 case HCI_OP_SET_CONN_ENCRYPT:
2639 hci_cs_set_conn_encrypt(hdev, ev->status);
2640 break;
2641
a9de9248
MH		 2642 case HCI_OP_REMOTE_NAME_REQ:
2643 hci_cs_remote_name_req(hdev, ev->status);
2644 break;
2645
769be974
MH		 2646 case HCI_OP_READ_REMOTE_FEATURES:
2647 hci_cs_read_remote_features(hdev, ev->status);
2648 break;
2649
2650 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2651 hci_cs_read_remote_ext_features(hdev, ev->status);
2652 break;
2653
a9de9248
MH		 2654 case HCI_OP_SETUP_SYNC_CONN:
2655 hci_cs_setup_sync_conn(hdev, ev->status);
2656 break;
2657
2658 case HCI_OP_SNIFF_MODE:
2659 hci_cs_sniff_mode(hdev, ev->status);
2660 break;
2661
2662 case HCI_OP_EXIT_SNIFF_MODE:
2663 hci_cs_exit_sniff_mode(hdev, ev->status);
2664 break;
2665
8962ee74 2666 case HCI_OP_DISCONNECT:
88c3df13 2667 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2668 break;
2669
fcd89c09
VT		 2670 case HCI_OP_LE_CREATE_CONN:
2671 hci_cs_le_create_conn(hdev, ev->status);
2672 break;
2673
a7a595f6
VCG		 2674 case HCI_OP_LE_START_ENC:
2675 hci_cs_le_start_enc(hdev, ev->status);
2676 break;
2677
a02226d6
AE		 2678 case HCI_OP_CREATE_PHY_LINK:
2679 hci_cs_create_phylink(hdev, ev->status);
2680 break;
2681
0b26ab9d
AE		 2682 case HCI_OP_ACCEPT_PHY_LINK:
2683 hci_cs_accept_phylink(hdev, ev->status);
2684 break;
2685
5ce66b59
AE		 2686 case HCI_OP_CREATE_LOGICAL_LINK:
2687 hci_cs_create_logical_link(hdev, ev->status);
2688 break;
2689
a9de9248 2690 default:
9f1db00c 2691 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2692 break;
2693 }
2694
6bd32326
VT		 2695 if (ev->opcode != HCI_OP_NOP)
2696 del_timer(&hdev->cmd_timer);
2697
10572132 2698 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2699 atomic_set(&hdev->cmd_cnt, 1);
2700 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2701 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2702 }
2703}
2704
6039aa73 2705static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2706{
2707 struct hci_ev_role_change *ev = (void *) skb->data;
2708 struct hci_conn *conn;
2709
9f1db00c 2710 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2711
2712 hci_dev_lock(hdev);
2713
2714 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2715 if (conn) {
2716 if (!ev->status) {
2717 if (ev->role)
2718 conn->link_mode &= ~HCI_LM_MASTER;
2719 else
2720 conn->link_mode |= HCI_LM_MASTER;
2721 }
2722
51a8efd7 2723 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2724
2725 hci_role_switch_cfm(conn, ev->status, ev->role);
2726 }
2727
2728 hci_dev_unlock(hdev);
2729}
2730
6039aa73 2731static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2732{
2733 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2734 int i;
2735
32ac5b9b
AE		 2736 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2737 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2738 return;
2739 }
2740
c5993de8 2741 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2742 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2743 BT_DBG("%s bad parameters", hdev->name);
2744 return;
2745 }
2746
c5993de8
AE		 2747 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2748
613a1c0c
AE		 2749 for (i = 0; i < ev->num_hndl; i++) {
2750 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2751 struct hci_conn *conn;
2752 __u16 handle, count;
2753
613a1c0c
AE		 2754 handle = __le16_to_cpu(info->handle);
2755 count = __le16_to_cpu(info->count);
a9de9248
MH		 2756
2757 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2758 if (!conn)
2759 continue;
2760
2761 conn->sent -= count;
2762
2763 switch (conn->type) {
2764 case ACL_LINK:
2765 hdev->acl_cnt += count;
2766 if (hdev->acl_cnt > hdev->acl_pkts)
2767 hdev->acl_cnt = hdev->acl_pkts;
2768 break;
2769
2770 case LE_LINK:
2771 if (hdev->le_pkts) {
2772 hdev->le_cnt += count;
2773 if (hdev->le_cnt > hdev->le_pkts)
2774 hdev->le_cnt = hdev->le_pkts;
2775 } else {
70f23020
AE		 2776 hdev->acl_cnt += count;
2777 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2778 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2779 }
f4280918
AE		 2780 break;
2781
2782 case SCO_LINK:
2783 hdev->sco_cnt += count;
2784 if (hdev->sco_cnt > hdev->sco_pkts)
2785 hdev->sco_cnt = hdev->sco_pkts;
2786 break;
2787
2788 default:
2789 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2790 break;
a9de9248
MH		 2791 }
2792 }
2793
3eff45ea 2794 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2795}
2796
76ef7cf7
AE		 2797static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2798 __u16 handle)
2799{
2800 struct hci_chan *chan;
2801
2802 switch (hdev->dev_type) {
2803 case HCI_BREDR:
2804 return hci_conn_hash_lookup_handle(hdev, handle);
2805 case HCI_AMP:
2806 chan = hci_chan_lookup_handle(hdev, handle);
2807 if (chan)
2808 return chan->conn;
2809 break;
2810 default:
2811 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2812 break;
2813 }
2814
2815 return NULL;
2816}
2817
6039aa73 2818static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2819{
2820 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2821 int i;
2822
2823 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2824 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2825 return;
2826 }
2827
2828 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2829 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2830 BT_DBG("%s bad parameters", hdev->name);
2831 return;
2832 }
2833
2834 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2835 ev->num_hndl);
25e89e99
AE		 2836
2837 for (i = 0; i < ev->num_hndl; i++) {
2838 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2839 struct hci_conn *conn = NULL;
25e89e99
AE		 2840 __u16 handle, block_count;
2841
2842 handle = __le16_to_cpu(info->handle);
2843 block_count = __le16_to_cpu(info->blocks);
2844
76ef7cf7 2845 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2846 if (!conn)
2847 continue;
2848
2849 conn->sent -= block_count;
2850
2851 switch (conn->type) {
2852 case ACL_LINK:
bd1eb66b 2853 case AMP_LINK:
25e89e99
AE		 2854 hdev->block_cnt += block_count;
2855 if (hdev->block_cnt > hdev->num_blocks)
2856 hdev->block_cnt = hdev->num_blocks;
2857 break;
2858
2859 default:
2860 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2861 break;
2862 }
2863 }
2864
2865 queue_work(hdev->workqueue, &hdev->tx_work);
2866}
2867
6039aa73 2868static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2869{
a9de9248 2870 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2871 struct hci_conn *conn;
2872
9f1db00c 2873 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2874
2875 hci_dev_lock(hdev);
2876
2877 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2878 if (conn) {
2879 conn->mode = ev->mode;
2880 conn->interval = __le16_to_cpu(ev->interval);
2881
8fc9ced3
GP		 2882 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2883 &conn->flags)) {
a9de9248 2884 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2885 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2886 else
58a681ef 2887 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2888 }
e73439d8 2889
51a8efd7 2890 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2891 hci_sco_setup(conn, ev->status);
04837f64
MH		 2892 }
2893
2894 hci_dev_unlock(hdev);
2895}
2896
6039aa73 2897static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2898{
052b30b0
MH		 2899 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2900 struct hci_conn *conn;
2901
a9de9248 2902 BT_DBG("%s", hdev->name);
052b30b0
MH		 2903
2904 hci_dev_lock(hdev);
2905
2906 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2907 if (!conn)
2908 goto unlock;
2909
2910 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2911 hci_conn_hold(conn);
2912 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2913 hci_conn_put(conn);
2914 }
2915
a8b2d5c2 2916 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2917 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2918 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2919 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2920 u8 secure;
2921
2922 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2923 secure = 1;
2924 else
2925 secure = 0;
2926
744cf19e 2927 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2928 }
980e1a53 2929
b6f98044 2930unlock:
052b30b0 2931 hci_dev_unlock(hdev);
a9de9248
MH		 2932}
2933
6039aa73 2934static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2935{
55ed8ca1
JH		 2936 struct hci_ev_link_key_req *ev = (void *) skb->data;
2937 struct hci_cp_link_key_reply cp;
2938 struct hci_conn *conn;
2939 struct link_key *key;
2940
a9de9248 2941 BT_DBG("%s", hdev->name);
55ed8ca1 2942
a8b2d5c2 2943 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2944 return;
2945
2946 hci_dev_lock(hdev);
2947
2948 key = hci_find_link_key(hdev, &ev->bdaddr);
2949 if (!key) {
6ed93dc6
AE		 2950 BT_DBG("%s link key not found for %pMR", hdev->name,
2951 &ev->bdaddr);
55ed8ca1
JH		 2952 goto not_found;
2953 }
2954
6ed93dc6
AE		 2955 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2956 &ev->bdaddr);
55ed8ca1 2957
a8b2d5c2 2958 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2959 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2960 BT_DBG("%s ignoring debug key", hdev->name);
2961 goto not_found;
2962 }
2963
2964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2965 if (conn) {
2966 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2967 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2968 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2969 goto not_found;
2970 }
55ed8ca1 2971
60b83f57 2972 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2973 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2974 BT_DBG("%s ignoring key unauthenticated for high security",
2975 hdev->name);
60b83f57
WR		 2976 goto not_found;
2977 }
2978
2979 conn->key_type = key->type;
2980 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2981 }
2982
2983 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2984 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2985
2986 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2987
2988 hci_dev_unlock(hdev);
2989
2990 return;
2991
2992not_found:
2993 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2994 hci_dev_unlock(hdev);
a9de9248
MH		 2995}
2996
6039aa73 2997static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2998{
052b30b0
MH		 2999 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3000 struct hci_conn *conn;
55ed8ca1 3001 u8 pin_len = 0;
052b30b0 3002
a9de9248 3003 BT_DBG("%s", hdev->name);
052b30b0
MH		 3004
3005 hci_dev_lock(hdev);
3006
3007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3008 if (conn) {
3009 hci_conn_hold(conn);
3010 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3011 pin_len = conn->pin_length;
13d39315
WR		 3012
3013 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3014 conn->key_type = ev->key_type;
3015
052b30b0
MH		 3016 hci_conn_put(conn);
3017 }
3018
a8b2d5c2 3019 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3020 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3021 ev->key_type, pin_len);
55ed8ca1 3022
052b30b0 3023 hci_dev_unlock(hdev);
a9de9248
MH		 3024}
3025
6039aa73 3026static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3027{
a9de9248 3028 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3029 struct hci_conn *conn;
1da177e4 3030
9f1db00c 3031 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3032
3033 hci_dev_lock(hdev);
3034
04837f64 3035 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3036 if (conn && !ev->status) {
3037 struct inquiry_entry *ie;
3038
cc11b9c1
AE		 3039 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3040 if (ie) {
1da177e4
LT		 3041 ie->data.clock_offset = ev->clock_offset;
3042 ie->timestamp = jiffies;
3043 }
3044 }
3045
3046 hci_dev_unlock(hdev);
3047}
3048
6039aa73 3049static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3050{
3051 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
9f1db00c 3054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3055
3056 hci_dev_lock(hdev);
3057
3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3059 if (conn && !ev->status)
3060 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3061
3062 hci_dev_unlock(hdev);
3063}
3064
6039aa73 3065static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3066{
a9de9248 3067 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3068 struct inquiry_entry *ie;
3069
3070 BT_DBG("%s", hdev->name);
3071
3072 hci_dev_lock(hdev);
3073
cc11b9c1
AE		 3074 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3075 if (ie) {
85a1e930
MH		 3076 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3077 ie->timestamp = jiffies;
3078 }
3079
3080 hci_dev_unlock(hdev);
3081}
3082
6039aa73
GP		 3083static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3084 struct sk_buff *skb)
a9de9248
MH		 3085{
3086 struct inquiry_data data;
3087 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3088 bool name_known, ssp;
a9de9248
MH		 3089
3090 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3091
3092 if (!num_rsp)
3093 return;
3094
1519cc17
AG		 3095 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3096 return;
3097
a9de9248
MH		 3098 hci_dev_lock(hdev);
3099
3100 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3101 struct inquiry_info_with_rssi_and_pscan_mode *info;
3102 info = (void *) (skb->data + 1);
a9de9248 3103
e17acd40 3104 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3105 bacpy(&data.bdaddr, &info->bdaddr);
3106 data.pscan_rep_mode = info->pscan_rep_mode;
3107 data.pscan_period_mode = info->pscan_period_mode;
3108 data.pscan_mode = info->pscan_mode;
3109 memcpy(data.dev_class, info->dev_class, 3);
3110 data.clock_offset = info->clock_offset;
3111 data.rssi = info->rssi;
41a96212 3112 data.ssp_mode = 0x00;
3175405b
JH		 3113
3114 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3115 false, &ssp);
48264f06 3116 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3117 info->dev_class, info->rssi,
3118 !name_known, ssp, NULL, 0);
a9de9248
MH		 3119 }
3120 } else {
3121 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3122
e17acd40 3123 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3124 bacpy(&data.bdaddr, &info->bdaddr);
3125 data.pscan_rep_mode = info->pscan_rep_mode;
3126 data.pscan_period_mode = info->pscan_period_mode;
3127 data.pscan_mode = 0x00;
3128 memcpy(data.dev_class, info->dev_class, 3);
3129 data.clock_offset = info->clock_offset;
3130 data.rssi = info->rssi;
41a96212 3131 data.ssp_mode = 0x00;
3175405b 3132 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3133 false, &ssp);
48264f06 3134 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3135 info->dev_class, info->rssi,
3136 !name_known, ssp, NULL, 0);
a9de9248
MH		 3137 }
3138 }
3139
3140 hci_dev_unlock(hdev);
3141}
3142
6039aa73
GP		 3143static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3144 struct sk_buff *skb)
a9de9248 3145{
41a96212
MH		 3146 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3147 struct hci_conn *conn;
3148
a9de9248 3149 BT_DBG("%s", hdev->name);
41a96212 3150
41a96212
MH		 3151 hci_dev_lock(hdev);
3152
3153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3154 if (!conn)
3155 goto unlock;
41a96212 3156
ccd556fe
JH		 3157 if (!ev->status && ev->page == 0x01) {
3158 struct inquiry_entry *ie;
41a96212 3159
cc11b9c1
AE		 3160 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3161 if (ie)
02b7cc62 3162 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3163
02b7cc62 3164 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3165 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3166 }
3167
3168 if (conn->state != BT_CONFIG)
3169 goto unlock;
3170
671267bf 3171 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3172 struct hci_cp_remote_name_req cp;
3173 memset(&cp, 0, sizeof(cp));
3174 bacpy(&cp.bdaddr, &conn->dst);
3175 cp.pscan_rep_mode = 0x02;
3176 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3177 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3178 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3179 conn->dst_type, 0, NULL, 0,
3180 conn->dev_class);
392599b9 3181
127178d2 3182 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3183 conn->state = BT_CONNECTED;
3184 hci_proto_connect_cfm(conn, ev->status);
3185 hci_conn_put(conn);
41a96212
MH		 3186 }
3187
ccd556fe 3188unlock:
41a96212 3189 hci_dev_unlock(hdev);
a9de9248
MH		 3190}
3191
6039aa73
GP		 3192static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3193 struct sk_buff *skb)
a9de9248 3194{
b6a0dc82
MH		 3195 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3196 struct hci_conn *conn;
3197
9f1db00c 3198 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3199
3200 hci_dev_lock(hdev);
3201
3202 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3203 if (!conn) {
3204 if (ev->link_type == ESCO_LINK)
3205 goto unlock;
3206
3207 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3208 if (!conn)
3209 goto unlock;
3210
3211 conn->type = SCO_LINK;
3212 }
b6a0dc82 3213
732547f9
MH		 3214 switch (ev->status) {
3215 case 0x00:
b6a0dc82
MH		 3216 conn->handle = __le16_to_cpu(ev->handle);
3217 conn->state = BT_CONNECTED;
7d0db0a3 3218
9eba32b8 3219 hci_conn_hold_device(conn);
7d0db0a3 3220 hci_conn_add_sysfs(conn);
732547f9
MH		 3221 break;
3222
705e5711 3223 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3224 case 0x1c: /* SCO interval rejected */
1038a00b 3225 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3226 case 0x1f: /* Unspecified error */
3227 if (conn->out && conn->attempt < 2) {
3228 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3229 (hdev->esco_type & EDR_ESCO_MASK);
3230 hci_setup_sync(conn, conn->link->handle);
3231 goto unlock;
3232 }
3233 /* fall through */
3234
3235 default:
b6a0dc82 3236 conn->state = BT_CLOSED;
732547f9
MH		 3237 break;
3238 }
b6a0dc82
MH		 3239
3240 hci_proto_connect_cfm(conn, ev->status);
3241 if (ev->status)
3242 hci_conn_del(conn);
3243
3244unlock:
3245 hci_dev_unlock(hdev);
a9de9248
MH		 3246}
3247
6039aa73 3248static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3249{
3250 BT_DBG("%s", hdev->name);
3251}
3252
6039aa73 3253static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3254{
a9de9248 3255 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3256
9f1db00c 3257 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3258}
3259
6039aa73
GP		 3260static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3261 struct sk_buff *skb)
1da177e4 3262{
a9de9248
MH		 3263 struct inquiry_data data;
3264 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3265 int num_rsp = *((__u8 *) skb->data);
9d939d94 3266 size_t eir_len;
1da177e4 3267
a9de9248 3268 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3269
a9de9248
MH		 3270 if (!num_rsp)
3271 return;
1da177e4 3272
1519cc17
AG		 3273 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3274 return;
3275
a9de9248
MH		 3276 hci_dev_lock(hdev);
3277
e17acd40 3278 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3279 bool name_known, ssp;
561aafbc 3280
a9de9248 3281 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3282 data.pscan_rep_mode = info->pscan_rep_mode;
3283 data.pscan_period_mode = info->pscan_period_mode;
3284 data.pscan_mode = 0x00;
a9de9248 3285 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3286 data.clock_offset = info->clock_offset;
3287 data.rssi = info->rssi;
41a96212 3288 data.ssp_mode = 0x01;
561aafbc 3289
a8b2d5c2 3290 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3291 name_known = eir_has_data_type(info->data,
04124681
GP		 3292 sizeof(info->data),
3293 EIR_NAME_COMPLETE);
561aafbc
JH		 3294 else
3295 name_known = true;
3296
388fc8fa 3297 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3298 &ssp);
9d939d94 3299 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3300 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3301 info->dev_class, info->rssi, !name_known,
9d939d94 3302 ssp, info->data, eir_len);
a9de9248
MH		 3303 }
3304
3305 hci_dev_unlock(hdev);
3306}
1da177e4 3307
1c2e0041
JH		 3308static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3310{
3311 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3312 struct hci_conn *conn;
3313
9f1db00c 3314 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3315 __le16_to_cpu(ev->handle));
3316
3317 hci_dev_lock(hdev);
3318
3319 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3320 if (!conn)
3321 goto unlock;
3322
3323 if (!ev->status)
3324 conn->sec_level = conn->pending_sec_level;
3325
3326 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3327
3328 if (ev->status && conn->state == BT_CONNECTED) {
3329 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3330 hci_conn_put(conn);
3331 goto unlock;
3332 }
3333
3334 if (conn->state == BT_CONFIG) {
3335 if (!ev->status)
3336 conn->state = BT_CONNECTED;
3337
3338 hci_proto_connect_cfm(conn, ev->status);
3339 hci_conn_put(conn);
3340 } else {
3341 hci_auth_cfm(conn, ev->status);
3342
3343 hci_conn_hold(conn);
3344 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3345 hci_conn_put(conn);
3346 }
3347
3348unlock:
3349 hci_dev_unlock(hdev);
3350}
3351
6039aa73 3352static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3353{
3354 /* If remote requests dedicated bonding follow that lead */
3355 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3356 /* If both remote and local IO capabilities allow MITM
3357 * protection then require it, otherwise don't */
3358 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3359 return 0x02;
3360 else
3361 return 0x03;
3362 }
3363
3364 /* If remote requests no-bonding follow that lead */
3365 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3366 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3367
3368 return conn->auth_type;
3369}
3370
6039aa73 3371static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3372{
3373 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3374 struct hci_conn *conn;
3375
3376 BT_DBG("%s", hdev->name);
3377
3378 hci_dev_lock(hdev);
3379
3380 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3381 if (!conn)
3382 goto unlock;
3383
3384 hci_conn_hold(conn);
3385
a8b2d5c2 3386 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3387 goto unlock;
3388
a8b2d5c2 3389 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3390 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3391 struct hci_cp_io_capability_reply cp;
3392
3393 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3394 /* Change the IO capability from KeyboardDisplay
3395 * to DisplayYesNo as it is not supported by BT spec. */
3396 cp.capability = (conn->io_capability == 0x04) ?
3397 0x01 : conn->io_capability;
7cbc9bd9
JH		 3398 conn->auth_type = hci_get_auth_req(conn);
3399 cp.authentication = conn->auth_type;
17fa4b9d 3400
8fc9ced3
GP		 3401 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3402 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3403 cp.oob_data = 0x01;
3404 else
3405 cp.oob_data = 0x00;
3406
17fa4b9d 3407 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3408 sizeof(cp), &cp);
03b555e1
JH		 3409 } else {
3410 struct hci_cp_io_capability_neg_reply cp;
3411
3412 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3413 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3414
03b555e1 3415 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3416 sizeof(cp), &cp);
03b555e1
JH		 3417 }
3418
3419unlock:
3420 hci_dev_unlock(hdev);
3421}
3422
6039aa73 3423static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3424{
3425 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3426 struct hci_conn *conn;
3427
3428 BT_DBG("%s", hdev->name);
3429
3430 hci_dev_lock(hdev);
3431
3432 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3433 if (!conn)
3434 goto unlock;
3435
03b555e1 3436 conn->remote_cap = ev->capability;
03b555e1 3437 conn->remote_auth = ev->authentication;
58a681ef
JH		 3438 if (ev->oob_data)
3439 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3440
3441unlock:
0493684e
MH		 3442 hci_dev_unlock(hdev);
3443}
3444
6039aa73
GP		 3445static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3446 struct sk_buff *skb)
a5c29683
JH		 3447{
3448 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3449 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3450 struct hci_conn *conn;
a5c29683
JH		 3451
3452 BT_DBG("%s", hdev->name);
3453
3454 hci_dev_lock(hdev);
3455
a8b2d5c2 3456 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3457 goto unlock;
a5c29683 3458
7a828908
JH		 3459 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3460 if (!conn)
3461 goto unlock;
3462
3463 loc_mitm = (conn->auth_type & 0x01);
3464 rem_mitm = (conn->remote_auth & 0x01);
3465
3466 /* If we require MITM but the remote device can't provide that
3467 * (it has NoInputNoOutput) then reject the confirmation
3468 * request. The only exception is when we're dedicated bonding
3469 * initiators (connect_cfm_cb set) since then we always have the MITM
3470 * bit set. */
3471 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3472 BT_DBG("Rejecting request: remote device can't provide MITM");
3473 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3474 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3475 goto unlock;
3476 }
3477
3478 /* If no side requires MITM protection; auto-accept */
3479 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3480 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3481
3482 /* If we're not the initiators request authorization to
3483 * proceed from user space (mgmt_user_confirm with
3484 * confirm_hint set to 1). */
51a8efd7 3485 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3486 BT_DBG("Confirming auto-accept as acceptor");
3487 confirm_hint = 1;
3488 goto confirm;
3489 }
3490
9f61656a 3491 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3492 hdev->auto_accept_delay);
9f61656a
JH		 3493
3494 if (hdev->auto_accept_delay > 0) {
3495 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3496 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3497 goto unlock;
3498 }
3499
7a828908 3500 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3501 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3502 goto unlock;
3503 }
3504
55bc1a37 3505confirm:
272d90df 3506 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3507 confirm_hint);
7a828908
JH		 3508
3509unlock:
a5c29683
JH		 3510 hci_dev_unlock(hdev);
3511}
3512
6039aa73
GP		 3513static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3514 struct sk_buff *skb)
1143d458
BG		 3515{
3516 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3517
3518 BT_DBG("%s", hdev->name);
3519
a8b2d5c2 3520 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3521 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3522}
3523
92a25256
JH		 3524static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3525 struct sk_buff *skb)
3526{
3527 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3528 struct hci_conn *conn;
3529
3530 BT_DBG("%s", hdev->name);
3531
3532 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3533 if (!conn)
3534 return;
3535
3536 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3537 conn->passkey_entered = 0;
3538
3539 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3540 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3541 conn->dst_type, conn->passkey_notify,
3542 conn->passkey_entered);
3543}
3544
3545static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3546{
3547 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3548 struct hci_conn *conn;
3549
3550 BT_DBG("%s", hdev->name);
3551
3552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3553 if (!conn)
3554 return;
3555
3556 switch (ev->type) {
3557 case HCI_KEYPRESS_STARTED:
3558 conn->passkey_entered = 0;
3559 return;
3560
3561 case HCI_KEYPRESS_ENTERED:
3562 conn->passkey_entered++;
3563 break;
3564
3565 case HCI_KEYPRESS_ERASED:
3566 conn->passkey_entered--;
3567 break;
3568
3569 case HCI_KEYPRESS_CLEARED:
3570 conn->passkey_entered = 0;
3571 break;
3572
3573 case HCI_KEYPRESS_COMPLETED:
3574 return;
3575 }
3576
3577 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3578 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3579 conn->dst_type, conn->passkey_notify,
3580 conn->passkey_entered);
3581}
3582
6039aa73
GP		 3583static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3584 struct sk_buff *skb)
0493684e
MH		 3585{
3586 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3587 struct hci_conn *conn;
3588
3589 BT_DBG("%s", hdev->name);
3590
3591 hci_dev_lock(hdev);
3592
3593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3594 if (!conn)
3595 goto unlock;
3596
3597 /* To avoid duplicate auth_failed events to user space we check
3598 * the HCI_CONN_AUTH_PEND flag which will be set if we
3599 * initiated the authentication. A traditional auth_complete
3600 * event gets always produced as initiator and is also mapped to
3601 * the mgmt_auth_failed event */
fa1bd918 3602 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3603 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3604 ev->status);
0493684e 3605
2a611692
JH		 3606 hci_conn_put(conn);
3607
3608unlock:
0493684e
MH		 3609 hci_dev_unlock(hdev);
3610}
3611
6039aa73
GP		 3612static void hci_remote_host_features_evt(struct hci_dev *hdev,
3613 struct sk_buff *skb)
41a96212
MH		 3614{
3615 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3616 struct inquiry_entry *ie;
3617
3618 BT_DBG("%s", hdev->name);
3619
3620 hci_dev_lock(hdev);
3621
cc11b9c1
AE		 3622 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3623 if (ie)
02b7cc62 3624 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3625
3626 hci_dev_unlock(hdev);
3627}
3628
6039aa73
GP		 3629static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3630 struct sk_buff *skb)
2763eda6
SJ		 3631{
3632 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3633 struct oob_data *data;
3634
3635 BT_DBG("%s", hdev->name);
3636
3637 hci_dev_lock(hdev);
3638
a8b2d5c2 3639 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3640 goto unlock;
3641
2763eda6
SJ		 3642 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3643 if (data) {
3644 struct hci_cp_remote_oob_data_reply cp;
3645
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
3647 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3648 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3649
3650 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3651 &cp);
2763eda6
SJ		 3652 } else {
3653 struct hci_cp_remote_oob_data_neg_reply cp;
3654
3655 bacpy(&cp.bdaddr, &ev->bdaddr);
3656 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3657 &cp);
2763eda6
SJ		 3658 }
3659
e1ba1f15 3660unlock:
2763eda6
SJ		 3661 hci_dev_unlock(hdev);
3662}
3663
d5e91192
AE		 3664static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3665 struct sk_buff *skb)
3666{
3667 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3668 struct hci_conn *hcon, *bredr_hcon;
3669
3670 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3671 ev->status);
3672
3673 hci_dev_lock(hdev);
3674
3675 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3676 if (!hcon) {
3677 hci_dev_unlock(hdev);
3678 return;
3679 }
3680
3681 if (ev->status) {
3682 hci_conn_del(hcon);
3683 hci_dev_unlock(hdev);
3684 return;
3685 }
3686
3687 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3688
3689 hcon->state = BT_CONNECTED;
3690 bacpy(&hcon->dst, &bredr_hcon->dst);
3691
3692 hci_conn_hold(hcon);
3693 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3694 hci_conn_put(hcon);
3695
3696 hci_conn_hold_device(hcon);
3697 hci_conn_add_sysfs(hcon);
3698
3699 hci_dev_unlock(hdev);
3700
3701 if (hcon->out) {
3702 struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev);
3703
3704 if (!bredr_hdev)
3705 return;
3706
3707 /* Placeholder - create chan req
3708 l2cap_chan_create_cfm(bredr_hcon, hcon->remote_id);
3709 */
3710
3711 hci_dev_put(bredr_hdev);
3712 }
3713}
3714
27695fb4
AE		 3715static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3716{
3717 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3718 struct hci_conn *hcon;
3719 struct hci_chan *hchan;
3720 struct amp_mgr *mgr;
3721
3722 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3723 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3724 ev->status);
3725
3726 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3727 if (!hcon)
3728 return;
3729
3730 /* Create AMP hchan */
3731 hchan = hci_chan_create(hcon);
3732 if (!hchan)
3733 return;
3734
3735 hchan->handle = le16_to_cpu(ev->handle);
3736
3737 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3738
3739 mgr = hcon->amp_mgr;
3740 if (mgr && mgr->bredr_chan) {
3741 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3742
3743 l2cap_chan_lock(bredr_chan);
3744
3745 bredr_chan->conn->mtu = hdev->block_mtu;
3746 l2cap_logical_cfm(bredr_chan, hchan, 0);
3747 hci_conn_hold(hcon);
3748
3749 l2cap_chan_unlock(bredr_chan);
3750 }
3751}
3752
606e2a10
AE		 3753static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3754 struct sk_buff *skb)
3755{
3756 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3757 struct hci_chan *hchan;
3758
3759 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3760 le16_to_cpu(ev->handle), ev->status);
3761
3762 if (ev->status)
3763 return;
3764
3765 hci_dev_lock(hdev);
3766
3767 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3768 if (!hchan)
3769 goto unlock;
3770
3771 amp_destroy_logical_link(hchan, ev->reason);
3772
3773unlock:
3774 hci_dev_unlock(hdev);
3775}
3776
9eef6b3a
AE		 3777static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3779{
3780 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3781 struct hci_conn *hcon;
3782
3783 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3784
3785 if (ev->status)
3786 return;
3787
3788 hci_dev_lock(hdev);
3789
3790 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3791 if (hcon) {
3792 hcon->state = BT_CLOSED;
3793 hci_conn_del(hcon);
3794 }
3795
3796 hci_dev_unlock(hdev);
3797}
3798
6039aa73 3799static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3800{
3801 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3802 struct hci_conn *conn;
3803
9f1db00c 3804 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3805
3806 hci_dev_lock(hdev);
3807
b47a09b3 3808 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3809 if (!conn) {
3810 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3811 if (!conn) {
3812 BT_ERR("No memory for new connection");
230fd16a 3813 goto unlock;
b62f328b 3814 }
29b7988a
AG		 3815
3816 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3817
3818 if (ev->role == LE_CONN_ROLE_MASTER) {
3819 conn->out = true;
3820 conn->link_mode |= HCI_LM_MASTER;
3821 }
b62f328b 3822 }
fcd89c09 3823
cd17decb
AG		 3824 if (ev->status) {
3825 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3826 conn->dst_type, ev->status);
3827 hci_proto_connect_cfm(conn, ev->status);
3828 conn->state = BT_CLOSED;
3829 hci_conn_del(conn);
3830 goto unlock;
3831 }
3832
b644ba33
JH		 3833 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3834 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3835 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3836
7b5c0d52 3837 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3838 conn->handle = __le16_to_cpu(ev->handle);
3839 conn->state = BT_CONNECTED;
3840
3841 hci_conn_hold_device(conn);
3842 hci_conn_add_sysfs(conn);
3843
3844 hci_proto_connect_cfm(conn, ev->status);
3845
3846unlock:
3847 hci_dev_unlock(hdev);
3848}
3849
6039aa73 3850static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3851{
e95beb41
AG		 3852 u8 num_reports = skb->data[0];
3853 void *ptr = &skb->data[1];
3c9e9195 3854 s8 rssi;
9aa04c91
AG		 3855
3856 hci_dev_lock(hdev);
3857
e95beb41
AG		 3858 while (num_reports--) {
3859 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3860
3c9e9195
AG		 3861 rssi = ev->data[ev->length];
3862 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3863 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3864
e95beb41 3865 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3866 }
3867
3868 hci_dev_unlock(hdev);
3869}
3870
6039aa73 3871static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3872{
3873 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3874 struct hci_cp_le_ltk_reply cp;
bea710fe 3875 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3876 struct hci_conn *conn;
c9839a11 3877 struct smp_ltk *ltk;
a7a595f6 3878
9f1db00c 3879 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3880
3881 hci_dev_lock(hdev);
3882
3883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3884 if (conn == NULL)
3885 goto not_found;
a7a595f6 3886
bea710fe
VCG		 3887 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3888 if (ltk == NULL)
3889 goto not_found;
3890
3891 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3892 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3893
3894 if (ltk->authenticated)
3895 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3896
3897 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3898
c9839a11
VCG		 3899 if (ltk->type & HCI_SMP_STK) {
3900 list_del(&ltk->list);
3901 kfree(ltk);
3902 }
3903
a7a595f6 3904 hci_dev_unlock(hdev);
bea710fe
VCG		 3905
3906 return;
3907
3908not_found:
3909 neg.handle = ev->handle;
3910 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3911 hci_dev_unlock(hdev);
a7a595f6
VCG		 3912}
3913
6039aa73 3914static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3915{
3916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3917
3918 skb_pull(skb, sizeof(*le_ev));
3919
3920 switch (le_ev->subevent) {
3921 case HCI_EV_LE_CONN_COMPLETE:
3922 hci_le_conn_complete_evt(hdev, skb);
3923 break;
3924
9aa04c91
AG		 3925 case HCI_EV_LE_ADVERTISING_REPORT:
3926 hci_le_adv_report_evt(hdev, skb);
3927 break;
3928
a7a595f6
VCG		 3929 case HCI_EV_LE_LTK_REQ:
3930 hci_le_ltk_request_evt(hdev, skb);
3931 break;
3932
fcd89c09
VT		 3933 default:
3934 break;
3935 }
3936}
3937
9495b2ee
AE		 3938static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3939{
3940 struct hci_ev_channel_selected *ev = (void *) skb->data;
3941 struct hci_conn *hcon;
3942
3943 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3944
3945 skb_pull(skb, sizeof(*ev));
3946
3947 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3948 if (!hcon)
3949 return;
3950
3951 amp_read_loc_assoc_final_data(hdev, hcon);
3952}
3953
a9de9248
MH		 3954void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3955{
3956 struct hci_event_hdr *hdr = (void *) skb->data;
3957 __u8 event = hdr->evt;
3958
3959 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3960
3961 switch (event) {
1da177e4
LT		 3962 case HCI_EV_INQUIRY_COMPLETE:
3963 hci_inquiry_complete_evt(hdev, skb);
3964 break;
3965
3966 case HCI_EV_INQUIRY_RESULT:
3967 hci_inquiry_result_evt(hdev, skb);
3968 break;
3969
a9de9248
MH		 3970 case HCI_EV_CONN_COMPLETE:
3971 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3972 break;
3973
1da177e4
LT		 3974 case HCI_EV_CONN_REQUEST:
3975 hci_conn_request_evt(hdev, skb);
3976 break;
3977
1da177e4
LT		 3978 case HCI_EV_DISCONN_COMPLETE:
3979 hci_disconn_complete_evt(hdev, skb);
3980 break;
3981
1da177e4
LT		 3982 case HCI_EV_AUTH_COMPLETE:
3983 hci_auth_complete_evt(hdev, skb);
3984 break;
3985
a9de9248
MH		 3986 case HCI_EV_REMOTE_NAME:
3987 hci_remote_name_evt(hdev, skb);
3988 break;
3989
1da177e4
LT		 3990 case HCI_EV_ENCRYPT_CHANGE:
3991 hci_encrypt_change_evt(hdev, skb);
3992 break;
3993
a9de9248
MH		 3994 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3995 hci_change_link_key_complete_evt(hdev, skb);
3996 break;
3997
3998 case HCI_EV_REMOTE_FEATURES:
3999 hci_remote_features_evt(hdev, skb);
4000 break;
4001
4002 case HCI_EV_REMOTE_VERSION:
4003 hci_remote_version_evt(hdev, skb);
4004 break;
4005
4006 case HCI_EV_QOS_SETUP_COMPLETE:
4007 hci_qos_setup_complete_evt(hdev, skb);
4008 break;
4009
4010 case HCI_EV_CMD_COMPLETE:
4011 hci_cmd_complete_evt(hdev, skb);
4012 break;
4013
4014 case HCI_EV_CMD_STATUS:
4015 hci_cmd_status_evt(hdev, skb);
4016 break;
4017
4018 case HCI_EV_ROLE_CHANGE:
4019 hci_role_change_evt(hdev, skb);
4020 break;
4021
4022 case HCI_EV_NUM_COMP_PKTS:
4023 hci_num_comp_pkts_evt(hdev, skb);
4024 break;
4025
4026 case HCI_EV_MODE_CHANGE:
4027 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4028 break;
4029
4030 case HCI_EV_PIN_CODE_REQ:
4031 hci_pin_code_request_evt(hdev, skb);
4032 break;
4033
4034 case HCI_EV_LINK_KEY_REQ:
4035 hci_link_key_request_evt(hdev, skb);
4036 break;
4037
4038 case HCI_EV_LINK_KEY_NOTIFY:
4039 hci_link_key_notify_evt(hdev, skb);
4040 break;
4041
4042 case HCI_EV_CLOCK_OFFSET:
4043 hci_clock_offset_evt(hdev, skb);
4044 break;
4045
a8746417
MH		 4046 case HCI_EV_PKT_TYPE_CHANGE:
4047 hci_pkt_type_change_evt(hdev, skb);
4048 break;
4049
85a1e930
MH		 4050 case HCI_EV_PSCAN_REP_MODE:
4051 hci_pscan_rep_mode_evt(hdev, skb);
4052 break;
4053
a9de9248
MH		 4054 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4055 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4056 break;
4057
a9de9248
MH		 4058 case HCI_EV_REMOTE_EXT_FEATURES:
4059 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4060 break;
4061
a9de9248
MH		 4062 case HCI_EV_SYNC_CONN_COMPLETE:
4063 hci_sync_conn_complete_evt(hdev, skb);
4064 break;
1da177e4 4065
a9de9248
MH		 4066 case HCI_EV_SYNC_CONN_CHANGED:
4067 hci_sync_conn_changed_evt(hdev, skb);
4068 break;
1da177e4 4069
a9de9248
MH		 4070 case HCI_EV_SNIFF_SUBRATE:
4071 hci_sniff_subrate_evt(hdev, skb);
4072 break;
1da177e4 4073
a9de9248
MH		 4074 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4075 hci_extended_inquiry_result_evt(hdev, skb);
4076 break;
1da177e4 4077
1c2e0041
JH		 4078 case HCI_EV_KEY_REFRESH_COMPLETE:
4079 hci_key_refresh_complete_evt(hdev, skb);
4080 break;
4081
0493684e
MH		 4082 case HCI_EV_IO_CAPA_REQUEST:
4083 hci_io_capa_request_evt(hdev, skb);
4084 break;
4085
03b555e1
JH		 4086 case HCI_EV_IO_CAPA_REPLY:
4087 hci_io_capa_reply_evt(hdev, skb);
4088 break;
4089
a5c29683
JH		 4090 case HCI_EV_USER_CONFIRM_REQUEST:
4091 hci_user_confirm_request_evt(hdev, skb);
4092 break;
4093
1143d458
BG		 4094 case HCI_EV_USER_PASSKEY_REQUEST:
4095 hci_user_passkey_request_evt(hdev, skb);
4096 break;
4097
92a25256
JH		 4098 case HCI_EV_USER_PASSKEY_NOTIFY:
4099 hci_user_passkey_notify_evt(hdev, skb);
4100 break;
4101
4102 case HCI_EV_KEYPRESS_NOTIFY:
4103 hci_keypress_notify_evt(hdev, skb);
4104 break;
4105
0493684e
MH		 4106 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4107 hci_simple_pair_complete_evt(hdev, skb);
4108 break;
4109
41a96212
MH		 4110 case HCI_EV_REMOTE_HOST_FEATURES:
4111 hci_remote_host_features_evt(hdev, skb);
4112 break;
4113
fcd89c09
VT		 4114 case HCI_EV_LE_META:
4115 hci_le_meta_evt(hdev, skb);
4116 break;
4117
9495b2ee
AE		 4118 case HCI_EV_CHANNEL_SELECTED:
4119 hci_chan_selected_evt(hdev, skb);
4120 break;
4121
2763eda6
SJ		 4122 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4123 hci_remote_oob_data_request_evt(hdev, skb);
4124 break;
4125
d5e91192
AE		 4126 case HCI_EV_PHY_LINK_COMPLETE:
4127 hci_phy_link_complete_evt(hdev, skb);
4128 break;
4129
27695fb4
AE		 4130 case HCI_EV_LOGICAL_LINK_COMPLETE:
4131 hci_loglink_complete_evt(hdev, skb);
4132 break;
4133
606e2a10
AE		 4134 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4135 hci_disconn_loglink_complete_evt(hdev, skb);
4136 break;
4137
9eef6b3a
AE		 4138 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4139 hci_disconn_phylink_complete_evt(hdev, skb);
4140 break;
4141
25e89e99
AE		 4142 case HCI_EV_NUM_COMP_BLOCKS:
4143 hci_num_comp_blocks_evt(hdev, skb);
4144 break;
4145
a9de9248 4146 default:
9f1db00c 4147 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4148 break;
4149 }
4150
4151 kfree_skb(skb);
4152 hdev->stat.evt_rx++;
4153}
kernel source for telekom puls (alcatel/mediatek)