projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: EFS: add efs option in L2CAP conf req
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
a9de9248
MH		 58 if (status)
59 return;
1da177e4 60
2d20a26a
ON		 61 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
62 test_bit(HCI_MGMT, &hdev->flags))
314b2381 63 mgmt_discovering(hdev->id, 0);
6bd57416 64
23bb5763 65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 66
67 hci_conn_check_pending(hdev);
68}
6bd57416 69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
a9de9248 74 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
2d20a26a
ON		 79 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
80 test_bit(HCI_MGMT, &hdev->flags))
314b2381 81 mgmt_discovering(hdev->id, 0);
a9de9248
MH		 82
83 hci_conn_check_pending(hdev);
84}
85
86static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
96 BT_DBG("%s status 0x%x", hdev->name, rp->status);
97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
119 BT_DBG("%s status 0x%x", hdev->name, rp->status);
120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
a9de9248 139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
e4e8e37c
MH		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158{
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160
161 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162
163 if (rp->status)
164 return;
165
166 hdev->link_policy = __le16_to_cpu(rp->policy);
167}
168
169static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170{
171 __u8 status = *((__u8 *) skb->data);
172 void *sent;
173
174 BT_DBG("%s status 0x%x", hdev->name, status);
175
176 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 if (!sent)
178 return;
179
180 if (!status)
181 hdev->link_policy = get_unaligned_le16(sent);
182
23bb5763 183 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 184}
185
a9de9248
MH		 186static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187{
188 __u8 status = *((__u8 *) skb->data);
04837f64 189
a9de9248 190 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 191
10572132
GP		 192 clear_bit(HCI_RESET, &hdev->flags);
193
23bb5763 194 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 195}
04837f64 196
a9de9248
MH		 197static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
198{
199 __u8 status = *((__u8 *) skb->data);
200 void *sent;
04837f64 201
a9de9248 202 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 203
a9de9248
MH		 204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
205 if (!sent)
206 return;
04837f64 207
b312b161
JH		 208 if (test_bit(HCI_MGMT, &hdev->flags))
209 mgmt_set_local_name_complete(hdev->id, sent, status);
210
211 if (status)
212 return;
213
1f6c6378 214 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 215}
216
217static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
218{
219 struct hci_rp_read_local_name *rp = (void *) skb->data;
220
221 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222
223 if (rp->status)
224 return;
225
1f6c6378 226 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 227}
228
229static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
230{
231 __u8 status = *((__u8 *) skb->data);
232 void *sent;
233
234 BT_DBG("%s status 0x%x", hdev->name, status);
235
236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 if (!sent)
238 return;
239
240 if (!status) {
241 __u8 param = *((__u8 *) sent);
242
243 if (param == AUTH_ENABLED)
244 set_bit(HCI_AUTH, &hdev->flags);
245 else
246 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 247 }
a9de9248 248
23bb5763 249 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 250}
251
a9de9248 252static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 253{
a9de9248 254 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 255 void *sent;
256
a9de9248 257 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 258
a9de9248
MH		 259 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 if (!sent)
261 return;
1da177e4 262
a9de9248
MH		 263 if (!status) {
264 __u8 param = *((__u8 *) sent);
265
266 if (param)
267 set_bit(HCI_ENCRYPT, &hdev->flags);
268 else
269 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 }
1da177e4 271
23bb5763 272 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 273}
1da177e4 274
a9de9248
MH		 275static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
276{
277 __u8 status = *((__u8 *) skb->data);
278 void *sent;
1da177e4 279
a9de9248 280 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 281
a9de9248
MH		 282 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
283 if (!sent)
284 return;
1da177e4 285
a9de9248
MH		 286 if (!status) {
287 __u8 param = *((__u8 *) sent);
9fbcbb45 288 int old_pscan, old_iscan;
1da177e4 289
9fbcbb45
JH		 290 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
291 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
1da177e4 292
73f22f62 293 if (param & SCAN_INQUIRY) {
a9de9248 294 set_bit(HCI_ISCAN, &hdev->flags);
9fbcbb45
JH		 295 if (!old_iscan)
296 mgmt_discoverable(hdev->id, 1);
297 } else if (old_iscan)
73f22f62 298 mgmt_discoverable(hdev->id, 0);
1da177e4 299
9fbcbb45 300 if (param & SCAN_PAGE) {
a9de9248 301 set_bit(HCI_PSCAN, &hdev->flags);
9fbcbb45
JH		 302 if (!old_pscan)
303 mgmt_connectable(hdev->id, 1);
304 } else if (old_pscan)
305 mgmt_connectable(hdev->id, 0);
a9de9248 306 }
1da177e4 307
23bb5763 308 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 309}
1da177e4 310
a9de9248
MH		 311static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
312{
313 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 314
a9de9248 315 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 316
a9de9248
MH		 317 if (rp->status)
318 return;
1da177e4 319
a9de9248 320 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 321
a9de9248
MH		 322 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
323 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324}
1da177e4 325
a9de9248
MH		 326static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
327{
328 __u8 status = *((__u8 *) skb->data);
329 void *sent;
1da177e4 330
a9de9248 331 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 332
f383f275
MH		 333 if (status)
334 return;
335
a9de9248
MH		 336 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
337 if (!sent)
338 return;
1da177e4 339
f383f275 340 memcpy(hdev->dev_class, sent, 3);
a9de9248 341}
1da177e4 342
a9de9248
MH		 343static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
344{
345 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 __u16 setting;
347
348 BT_DBG("%s status 0x%x", hdev->name, rp->status);
349
350 if (rp->status)
351 return;
352
353 setting = __le16_to_cpu(rp->voice_setting);
354
f383f275 355 if (hdev->voice_setting == setting)
a9de9248
MH		 356 return;
357
358 hdev->voice_setting = setting;
359
360 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361
362 if (hdev->notify) {
363 tasklet_disable(&hdev->tx_task);
364 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
365 tasklet_enable(&hdev->tx_task);
366 }
367}
368
369static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370{
371 __u8 status = *((__u8 *) skb->data);
f383f275 372 __u16 setting;
a9de9248
MH		 373 void *sent;
374
375 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 376
f383f275
MH		 377 if (status)
378 return;
379
a9de9248
MH		 380 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
381 if (!sent)
382 return;
1da177e4 383
f383f275 384 setting = get_unaligned_le16(sent);
1da177e4 385
f383f275
MH		 386 if (hdev->voice_setting == setting)
387 return;
388
389 hdev->voice_setting = setting;
1da177e4 390
f383f275 391 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 392
f383f275
MH		 393 if (hdev->notify) {
394 tasklet_disable(&hdev->tx_task);
395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
396 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 397 }
398}
399
a9de9248 400static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 401{
a9de9248 402 __u8 status = *((__u8 *) skb->data);
1da177e4 403
a9de9248 404 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 405
23bb5763 406 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 407}
1143e5a6 408
333140b5
MH		 409static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
410{
411 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
412
413 BT_DBG("%s status 0x%x", hdev->name, rp->status);
414
415 if (rp->status)
416 return;
417
418 hdev->ssp_mode = rp->mode;
419}
420
421static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
422{
423 __u8 status = *((__u8 *) skb->data);
424 void *sent;
425
426 BT_DBG("%s status 0x%x", hdev->name, status);
427
428 if (status)
429 return;
430
431 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
432 if (!sent)
433 return;
434
435 hdev->ssp_mode = *((__u8 *) sent);
436}
437
d5859e22
JH		 438static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
439{
440 if (hdev->features[6] & LMP_EXT_INQ)
441 return 2;
442
443 if (hdev->features[3] & LMP_RSSI_INQ)
444 return 1;
445
446 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
447 hdev->lmp_subver == 0x0757)
448 return 1;
449
450 if (hdev->manufacturer == 15) {
451 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
452 return 1;
453 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
454 return 1;
455 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
456 return 1;
457 }
458
459 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
460 hdev->lmp_subver == 0x1805)
461 return 1;
462
463 return 0;
464}
465
466static void hci_setup_inquiry_mode(struct hci_dev *hdev)
467{
468 u8 mode;
469
470 mode = hci_get_inquiry_mode(hdev);
471
472 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473}
474
475static void hci_setup_event_mask(struct hci_dev *hdev)
476{
477 /* The second byte is 0xff instead of 0x9f (two reserved bits
478 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
479 * command otherwise */
480 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
481
6de6c18d
VT		 482 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
483 * any event mask for pre 1.2 devices */
484 if (hdev->lmp_ver <= 1)
485 return;
486
487 events[4] |= 0x01; /* Flow Specification Complete */
488 events[4] |= 0x02; /* Inquiry Result with RSSI */
489 events[4] |= 0x04; /* Read Remote Extended Features Complete */
490 events[5] |= 0x08; /* Synchronous Connection Complete */
491 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 492
493 if (hdev->features[3] & LMP_RSSI_INQ)
494 events[4] |= 0x04; /* Inquiry Result with RSSI */
495
496 if (hdev->features[5] & LMP_SNIFF_SUBR)
497 events[5] |= 0x20; /* Sniff Subrating */
498
499 if (hdev->features[5] & LMP_PAUSE_ENC)
500 events[5] |= 0x80; /* Encryption Key Refresh Complete */
501
502 if (hdev->features[6] & LMP_EXT_INQ)
503 events[5] |= 0x40; /* Extended Inquiry Result */
504
505 if (hdev->features[6] & LMP_NO_FLUSH)
506 events[7] |= 0x01; /* Enhanced Flush Complete */
507
508 if (hdev->features[7] & LMP_LSTO)
509 events[6] |= 0x80; /* Link Supervision Timeout Changed */
510
511 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
512 events[6] |= 0x01; /* IO Capability Request */
513 events[6] |= 0x02; /* IO Capability Response */
514 events[6] |= 0x04; /* User Confirmation Request */
515 events[6] |= 0x08; /* User Passkey Request */
516 events[6] |= 0x10; /* Remote OOB Data Request */
517 events[6] |= 0x20; /* Simple Pairing Complete */
518 events[7] |= 0x04; /* User Passkey Notification */
519 events[7] |= 0x08; /* Keypress Notification */
520 events[7] |= 0x10; /* Remote Host Supported
521 * Features Notification */
522 }
523
524 if (hdev->features[4] & LMP_LE)
525 events[7] |= 0x20; /* LE Meta-Event */
526
527 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
528}
529
e6100a25
AG		 530static void hci_set_le_support(struct hci_dev *hdev)
531{
532 struct hci_cp_write_le_host_supported cp;
533
534 memset(&cp, 0, sizeof(cp));
535
536 if (enable_le) {
537 cp.le = 1;
538 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
539 }
540
541 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
542}
543
d5859e22
JH		 544static void hci_setup(struct hci_dev *hdev)
545{
546 hci_setup_event_mask(hdev);
547
548 if (hdev->lmp_ver > 1)
549 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
550
551 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
552 u8 mode = 0x01;
553 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
554 }
555
556 if (hdev->features[3] & LMP_RSSI_INQ)
557 hci_setup_inquiry_mode(hdev);
558
559 if (hdev->features[7] & LMP_INQ_TX_PWR)
560 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 561
562 if (hdev->features[7] & LMP_EXTFEATURES) {
563 struct hci_cp_read_local_ext_features cp;
564
565 cp.page = 0x01;
566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
567 sizeof(cp), &cp);
568 }
e6100a25
AG		 569
570 if (hdev->features[4] & LMP_LE)
571 hci_set_le_support(hdev);
d5859e22
JH		 572}
573
a9de9248
MH		 574static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
575{
576 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 577
a9de9248 578 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 579
a9de9248
MH		 580 if (rp->status)
581 return;
1143e5a6 582
a9de9248 583 hdev->hci_ver = rp->hci_ver;
e4e8e37c 584 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 585 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 586 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 587 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 588
a9de9248
MH		 589 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
590 hdev->manufacturer,
591 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 592
593 if (test_bit(HCI_INIT, &hdev->flags))
594 hci_setup(hdev);
595}
596
597static void hci_setup_link_policy(struct hci_dev *hdev)
598{
599 u16 link_policy = 0;
600
601 if (hdev->features[0] & LMP_RSWITCH)
602 link_policy |= HCI_LP_RSWITCH;
603 if (hdev->features[0] & LMP_HOLD)
604 link_policy |= HCI_LP_HOLD;
605 if (hdev->features[0] & LMP_SNIFF)
606 link_policy |= HCI_LP_SNIFF;
607 if (hdev->features[1] & LMP_PARK)
608 link_policy |= HCI_LP_PARK;
609
610 link_policy = cpu_to_le16(link_policy);
611 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
612 sizeof(link_policy), &link_policy);
a9de9248 613}
1da177e4 614
a9de9248
MH		 615static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
616{
617 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 618
a9de9248 619 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 620
a9de9248 621 if (rp->status)
d5859e22 622 goto done;
1da177e4 623
a9de9248 624 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 625
626 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
627 hci_setup_link_policy(hdev);
628
629done:
630 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 631}
1da177e4 632
a9de9248
MH		 633static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
634{
635 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 636
a9de9248 637 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 638
a9de9248
MH		 639 if (rp->status)
640 return;
5b7f9909 641
a9de9248 642 memcpy(hdev->features, rp->features, 8);
5b7f9909 643
a9de9248
MH		 644 /* Adjust default settings according to features
645 * supported by device. */
1da177e4 646
a9de9248
MH		 647 if (hdev->features[0] & LMP_3SLOT)
648 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 649
a9de9248
MH		 650 if (hdev->features[0] & LMP_5SLOT)
651 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 652
a9de9248
MH		 653 if (hdev->features[1] & LMP_HV2) {
654 hdev->pkt_type |= (HCI_HV2);
655 hdev->esco_type |= (ESCO_HV2);
656 }
1da177e4 657
a9de9248
MH		 658 if (hdev->features[1] & LMP_HV3) {
659 hdev->pkt_type |= (HCI_HV3);
660 hdev->esco_type |= (ESCO_HV3);
661 }
1da177e4 662
a9de9248
MH		 663 if (hdev->features[3] & LMP_ESCO)
664 hdev->esco_type |= (ESCO_EV3);
da1f5198 665
a9de9248
MH		 666 if (hdev->features[4] & LMP_EV4)
667 hdev->esco_type |= (ESCO_EV4);
da1f5198 668
a9de9248
MH		 669 if (hdev->features[4] & LMP_EV5)
670 hdev->esco_type |= (ESCO_EV5);
1da177e4 671
efc7688b
MH		 672 if (hdev->features[5] & LMP_EDR_ESCO_2M)
673 hdev->esco_type |= (ESCO_2EV3);
674
675 if (hdev->features[5] & LMP_EDR_ESCO_3M)
676 hdev->esco_type |= (ESCO_3EV3);
677
678 if (hdev->features[5] & LMP_EDR_3S_ESCO)
679 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
680
a9de9248
MH		 681 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
682 hdev->features[0], hdev->features[1],
683 hdev->features[2], hdev->features[3],
684 hdev->features[4], hdev->features[5],
685 hdev->features[6], hdev->features[7]);
686}
1da177e4 687
971e3a4b
AG		 688static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
689 struct sk_buff *skb)
690{
691 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
692
693 BT_DBG("%s status 0x%x", hdev->name, rp->status);
694
695 if (rp->status)
696 return;
697
698 memcpy(hdev->extfeatures, rp->features, 8);
699
700 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
701}
702
a9de9248
MH		 703static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
704{
705 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 706
a9de9248 707 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 708
a9de9248
MH		 709 if (rp->status)
710 return;
1da177e4 711
a9de9248
MH		 712 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
713 hdev->sco_mtu = rp->sco_mtu;
714 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
715 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
716
717 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
718 hdev->sco_mtu = 64;
719 hdev->sco_pkts = 8;
1da177e4 720 }
a9de9248
MH		 721
722 hdev->acl_cnt = hdev->acl_pkts;
723 hdev->sco_cnt = hdev->sco_pkts;
724
725 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
726 hdev->acl_mtu, hdev->acl_pkts,
727 hdev->sco_mtu, hdev->sco_pkts);
728}
729
730static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
731{
732 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
733
734 BT_DBG("%s status 0x%x", hdev->name, rp->status);
735
736 if (!rp->status)
737 bacpy(&hdev->bdaddr, &rp->bdaddr);
738
23bb5763
JH		 739 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
740}
741
742static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
743{
744 __u8 status = *((__u8 *) skb->data);
745
746 BT_DBG("%s status 0x%x", hdev->name, status);
747
748 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 749}
750
b0916ea0
JH		 751static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
752 struct sk_buff *skb)
753{
754 __u8 status = *((__u8 *) skb->data);
755
756 BT_DBG("%s status 0x%x", hdev->name, status);
757
758 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
759}
760
d5859e22
JH		 761static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
762{
763 __u8 status = *((__u8 *) skb->data);
764
765 BT_DBG("%s status 0x%x", hdev->name, status);
766
767 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
768}
769
770static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
771 struct sk_buff *skb)
772{
773 __u8 status = *((__u8 *) skb->data);
774
775 BT_DBG("%s status 0x%x", hdev->name, status);
776
777 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
778}
779
780static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
781 struct sk_buff *skb)
782{
783 __u8 status = *((__u8 *) skb->data);
784
785 BT_DBG("%s status 0x%x", hdev->name, status);
786
787 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
788}
789
790static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
791{
792 __u8 status = *((__u8 *) skb->data);
793
794 BT_DBG("%s status 0x%x", hdev->name, status);
795
796 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
797}
798
980e1a53
JH		 799static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
800{
801 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
802 struct hci_cp_pin_code_reply *cp;
803 struct hci_conn *conn;
804
805 BT_DBG("%s status 0x%x", hdev->name, rp->status);
806
807 if (test_bit(HCI_MGMT, &hdev->flags))
808 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
809
810 if (rp->status != 0)
811 return;
812
813 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
814 if (!cp)
815 return;
816
817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
818 if (conn)
819 conn->pin_length = cp->pin_len;
820}
821
822static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
823{
824 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
825
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
827
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
830 rp->status);
831}
6ed58ec5
VT		 832static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
833 struct sk_buff *skb)
834{
835 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
836
837 BT_DBG("%s status 0x%x", hdev->name, rp->status);
838
839 if (rp->status)
840 return;
841
842 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
843 hdev->le_pkts = rp->le_max_pkt;
844
845 hdev->le_cnt = hdev->le_pkts;
846
847 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
848
849 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
850}
980e1a53 851
a5c29683
JH		 852static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
853{
854 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
855
856 BT_DBG("%s status 0x%x", hdev->name, rp->status);
857
858 if (test_bit(HCI_MGMT, &hdev->flags))
859 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
860 rp->status);
861}
862
863static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
864 struct sk_buff *skb)
865{
866 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
867
868 BT_DBG("%s status 0x%x", hdev->name, rp->status);
869
870 if (test_bit(HCI_MGMT, &hdev->flags))
871 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
872 rp->status);
873}
874
c35938b2
SJ		 875static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
876 struct sk_buff *skb)
877{
878 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
879
880 BT_DBG("%s status 0x%x", hdev->name, rp->status);
881
882 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
883 rp->randomizer, rp->status);
884}
885
eb9d91f5
AG		 886static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
887 struct sk_buff *skb)
888{
889 struct hci_cp_le_set_scan_enable *cp;
890 __u8 status = *((__u8 *) skb->data);
891
892 BT_DBG("%s status 0x%x", hdev->name, status);
893
894 if (status)
895 return;
896
897 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
898 if (!cp)
899 return;
900
35815085
AG		 901 if (cp->enable == 0x01) {
902 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 903
904 hci_dev_lock(hdev);
eb9d91f5 905 hci_adv_entries_clear(hdev);
a8f13c8c 906 hci_dev_unlock(hdev);
35815085
AG		 907 } else if (cp->enable == 0x00) {
908 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
909 }
eb9d91f5
AG		 910}
911
a7a595f6
VCG		 912static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
913{
914 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
915
916 BT_DBG("%s status 0x%x", hdev->name, rp->status);
917
918 if (rp->status)
919 return;
920
921 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
922}
923
924static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
925{
926 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
927
928 BT_DBG("%s status 0x%x", hdev->name, rp->status);
929
930 if (rp->status)
931 return;
932
933 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
934}
935
f9b49306
AG		 936static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
937 struct sk_buff *skb)
938{
939 struct hci_cp_read_local_ext_features cp;
940 __u8 status = *((__u8 *) skb->data);
941
942 BT_DBG("%s status 0x%x", hdev->name, status);
943
944 if (status)
945 return;
946
947 cp.page = 0x01;
948 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
949}
950
a9de9248
MH		 951static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
952{
953 BT_DBG("%s status 0x%x", hdev->name, status);
954
955 if (status) {
23bb5763 956 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 957 hci_conn_check_pending(hdev);
314b2381
JH		 958 return;
959 }
960
2d20a26a
ON		 961 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
962 test_bit(HCI_MGMT, &hdev->flags))
314b2381 963 mgmt_discovering(hdev->id, 1);
1da177e4
LT		 964}
965
1da177e4
LT		 966static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
967{
a9de9248 968 struct hci_cp_create_conn *cp;
1da177e4 969 struct hci_conn *conn;
1da177e4 970
a9de9248
MH		 971 BT_DBG("%s status 0x%x", hdev->name, status);
972
973 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 974 if (!cp)
975 return;
976
977 hci_dev_lock(hdev);
978
979 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
980
a9de9248 981 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 982
983 if (status) {
984 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 985 if (status != 0x0c || conn->attempt > 2) {
986 conn->state = BT_CLOSED;
987 hci_proto_connect_cfm(conn, status);
988 hci_conn_del(conn);
989 } else
990 conn->state = BT_CONNECT2;
1da177e4
LT		 991 }
992 } else {
993 if (!conn) {
994 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
995 if (conn) {
996 conn->out = 1;
997 conn->link_mode |= HCI_LM_MASTER;
998 } else
893ef971 999 BT_ERR("No memory for new connection");
1da177e4
LT		 1000 }
1001 }
1002
1003 hci_dev_unlock(hdev);
1004}
1005
a9de9248 1006static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1007{
a9de9248
MH		 1008 struct hci_cp_add_sco *cp;
1009 struct hci_conn *acl, *sco;
1010 __u16 handle;
1da177e4 1011
b6a0dc82
MH		 1012 BT_DBG("%s status 0x%x", hdev->name, status);
1013
a9de9248
MH		 1014 if (!status)
1015 return;
1da177e4 1016
a9de9248
MH		 1017 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1018 if (!cp)
1019 return;
1da177e4 1020
a9de9248 1021 handle = __le16_to_cpu(cp->handle);
1da177e4 1022
a9de9248 1023 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1024
a9de9248 1025 hci_dev_lock(hdev);
1da177e4 1026
a9de9248 1027 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1028 if (acl) {
1029 sco = acl->link;
1030 if (sco) {
1031 sco->state = BT_CLOSED;
1da177e4 1032
5a08ecce
AE		 1033 hci_proto_connect_cfm(sco, status);
1034 hci_conn_del(sco);
1035 }
a9de9248 1036 }
1da177e4 1037
a9de9248
MH		 1038 hci_dev_unlock(hdev);
1039}
1da177e4 1040
f8558555
MH		 1041static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1042{
1043 struct hci_cp_auth_requested *cp;
1044 struct hci_conn *conn;
1045
1046 BT_DBG("%s status 0x%x", hdev->name, status);
1047
1048 if (!status)
1049 return;
1050
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1052 if (!cp)
1053 return;
1054
1055 hci_dev_lock(hdev);
1056
1057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1058 if (conn) {
1059 if (conn->state == BT_CONFIG) {
1060 hci_proto_connect_cfm(conn, status);
1061 hci_conn_put(conn);
1062 }
1063 }
1064
1065 hci_dev_unlock(hdev);
1066}
1067
1068static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1069{
1070 struct hci_cp_set_conn_encrypt *cp;
1071 struct hci_conn *conn;
1072
1073 BT_DBG("%s status 0x%x", hdev->name, status);
1074
1075 if (!status)
1076 return;
1077
1078 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1079 if (!cp)
1080 return;
1081
1082 hci_dev_lock(hdev);
1083
1084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1085 if (conn) {
1086 if (conn->state == BT_CONFIG) {
1087 hci_proto_connect_cfm(conn, status);
1088 hci_conn_put(conn);
1089 }
1090 }
1091
1092 hci_dev_unlock(hdev);
1093}
1094
127178d2 1095static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1096 struct hci_conn *conn)
392599b9 1097{
392599b9
JH		 1098 if (conn->state != BT_CONFIG || !conn->out)
1099 return 0;
1100
765c2a96 1101 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1102 return 0;
1103
1104 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1105 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1106 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1107 conn->pending_sec_level != BT_SECURITY_HIGH &&
1108 !(conn->auth_type & 0x01))
392599b9
JH		 1109 return 0;
1110
392599b9
JH		 1111 return 1;
1112}
1113
a9de9248
MH		 1114static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1115{
127178d2
JH		 1116 struct hci_cp_remote_name_req *cp;
1117 struct hci_conn *conn;
1118
a9de9248 1119 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1120
1121 /* If successful wait for the name req complete event before
1122 * checking for the need to do authentication */
1123 if (!status)
1124 return;
1125
1126 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1127 if (!cp)
1128 return;
1129
1130 hci_dev_lock(hdev);
1131
1132 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1133 if (!conn)
1134 goto unlock;
1135
1136 if (!hci_outgoing_auth_needed(hdev, conn))
1137 goto unlock;
1138
1139 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1140 struct hci_cp_auth_requested cp;
1141 cp.handle = __cpu_to_le16(conn->handle);
1142 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1143 }
1144
79c6c70c 1145unlock:
127178d2 1146 hci_dev_unlock(hdev);
a9de9248 1147}
1da177e4 1148
769be974
MH		 1149static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1150{
1151 struct hci_cp_read_remote_features *cp;
1152 struct hci_conn *conn;
1153
1154 BT_DBG("%s status 0x%x", hdev->name, status);
1155
1156 if (!status)
1157 return;
1158
1159 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1160 if (!cp)
1161 return;
1162
1163 hci_dev_lock(hdev);
1164
1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1166 if (conn) {
1167 if (conn->state == BT_CONFIG) {
769be974
MH		 1168 hci_proto_connect_cfm(conn, status);
1169 hci_conn_put(conn);
1170 }
1171 }
1172
1173 hci_dev_unlock(hdev);
1174}
1175
1176static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1177{
1178 struct hci_cp_read_remote_ext_features *cp;
1179 struct hci_conn *conn;
1180
1181 BT_DBG("%s status 0x%x", hdev->name, status);
1182
1183 if (!status)
1184 return;
1185
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1187 if (!cp)
1188 return;
1189
1190 hci_dev_lock(hdev);
1191
1192 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1193 if (conn) {
1194 if (conn->state == BT_CONFIG) {
769be974
MH		 1195 hci_proto_connect_cfm(conn, status);
1196 hci_conn_put(conn);
1197 }
1198 }
1199
1200 hci_dev_unlock(hdev);
1201}
1202
a9de9248
MH		 1203static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1204{
b6a0dc82
MH		 1205 struct hci_cp_setup_sync_conn *cp;
1206 struct hci_conn *acl, *sco;
1207 __u16 handle;
1208
a9de9248 1209 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1210
1211 if (!status)
1212 return;
1213
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1215 if (!cp)
1216 return;
1217
1218 handle = __le16_to_cpu(cp->handle);
1219
1220 BT_DBG("%s handle %d", hdev->name, handle);
1221
1222 hci_dev_lock(hdev);
1223
1224 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1225 if (acl) {
1226 sco = acl->link;
1227 if (sco) {
1228 sco->state = BT_CLOSED;
b6a0dc82 1229
5a08ecce
AE		 1230 hci_proto_connect_cfm(sco, status);
1231 hci_conn_del(sco);
1232 }
b6a0dc82
MH		 1233 }
1234
1235 hci_dev_unlock(hdev);
1da177e4
LT		 1236}
1237
a9de9248 1238static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1239{
a9de9248
MH		 1240 struct hci_cp_sniff_mode *cp;
1241 struct hci_conn *conn;
1da177e4 1242
a9de9248 1243 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1244
a9de9248
MH		 1245 if (!status)
1246 return;
04837f64 1247
a9de9248
MH		 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1249 if (!cp)
1250 return;
04837f64 1251
a9de9248 1252 hci_dev_lock(hdev);
04837f64 1253
a9de9248 1254 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1255 if (conn) {
a9de9248 1256 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1257
e73439d8
MH		 1258 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1259 hci_sco_setup(conn, status);
1260 }
1261
a9de9248
MH		 1262 hci_dev_unlock(hdev);
1263}
04837f64 1264
a9de9248
MH		 1265static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1266{
1267 struct hci_cp_exit_sniff_mode *cp;
1268 struct hci_conn *conn;
04837f64 1269
a9de9248 1270 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1271
a9de9248
MH		 1272 if (!status)
1273 return;
04837f64 1274
a9de9248
MH		 1275 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1276 if (!cp)
1277 return;
04837f64 1278
a9de9248 1279 hci_dev_lock(hdev);
1da177e4 1280
a9de9248 1281 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1282 if (conn) {
a9de9248 1283 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1284
e73439d8
MH		 1285 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1286 hci_sco_setup(conn, status);
1287 }
1288
a9de9248 1289 hci_dev_unlock(hdev);
1da177e4
LT		 1290}
1291
fcd89c09
VT		 1292static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1293{
1294 struct hci_cp_le_create_conn *cp;
1295 struct hci_conn *conn;
1296
1297 BT_DBG("%s status 0x%x", hdev->name, status);
1298
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1300 if (!cp)
1301 return;
1302
1303 hci_dev_lock(hdev);
1304
1305 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1306
1307 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1308 conn);
1309
1310 if (status) {
1311 if (conn && conn->state == BT_CONNECT) {
1312 conn->state = BT_CLOSED;
1313 hci_proto_connect_cfm(conn, status);
1314 hci_conn_del(conn);
1315 }
1316 } else {
1317 if (!conn) {
1318 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1319 if (conn) {
1320 conn->dst_type = cp->peer_addr_type;
fcd89c09 1321 conn->out = 1;
29b7988a 1322 } else {
fcd89c09 1323 BT_ERR("No memory for new connection");
29b7988a 1324 }
fcd89c09
VT		 1325 }
1326 }
1327
1328 hci_dev_unlock(hdev);
1329}
1330
a7a595f6
VCG		 1331static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1332{
1333 BT_DBG("%s status 0x%x", hdev->name, status);
1334}
1335
1da177e4
LT		 1336static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1337{
1338 __u8 status = *((__u8 *) skb->data);
1339
1340 BT_DBG("%s status %d", hdev->name, status);
1341
2d20a26a
ON		 1342 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1343 test_bit(HCI_MGMT, &hdev->flags))
314b2381 1344 mgmt_discovering(hdev->id, 0);
6bd57416 1345
23bb5763 1346 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1347
a9de9248 1348 hci_conn_check_pending(hdev);
1da177e4
LT		 1349}
1350
1da177e4
LT		 1351static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1352{
45bb4bf0 1353 struct inquiry_data data;
a9de9248 1354 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1355 int num_rsp = *((__u8 *) skb->data);
1356
1357 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1358
45bb4bf0
MH		 1359 if (!num_rsp)
1360 return;
1361
1da177e4 1362 hci_dev_lock(hdev);
45bb4bf0 1363
314b2381
JH		 1364 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1365
1366 if (test_bit(HCI_MGMT, &hdev->flags))
1367 mgmt_discovering(hdev->id, 1);
1368 }
1369
e17acd40 1370 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1371 bacpy(&data.bdaddr, &info->bdaddr);
1372 data.pscan_rep_mode = info->pscan_rep_mode;
1373 data.pscan_period_mode = info->pscan_period_mode;
1374 data.pscan_mode = info->pscan_mode;
1375 memcpy(data.dev_class, info->dev_class, 3);
1376 data.clock_offset = info->clock_offset;
1377 data.rssi = 0x00;
41a96212 1378 data.ssp_mode = 0x00;
1da177e4 1379 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 1380 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1381 NULL);
1da177e4 1382 }
45bb4bf0 1383
1da177e4
LT		 1384 hci_dev_unlock(hdev);
1385}
1386
1da177e4
LT		 1387static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1388{
a9de9248
MH		 1389 struct hci_ev_conn_complete *ev = (void *) skb->data;
1390 struct hci_conn *conn;
1da177e4
LT		 1391
1392 BT_DBG("%s", hdev->name);
1393
1394 hci_dev_lock(hdev);
1395
1396 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1397 if (!conn) {
1398 if (ev->link_type != SCO_LINK)
1399 goto unlock;
1400
1401 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1402 if (!conn)
1403 goto unlock;
1404
1405 conn->type = SCO_LINK;
1406 }
1da177e4
LT		 1407
1408 if (!ev->status) {
1409 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1410
1411 if (conn->type == ACL_LINK) {
1412 conn->state = BT_CONFIG;
1413 hci_conn_hold(conn);
052b30b0 1414 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
cfafccf7 1415 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
769be974
MH		 1416 } else
1417 conn->state = BT_CONNECTED;
1da177e4 1418
9eba32b8 1419 hci_conn_hold_device(conn);
7d0db0a3
MH		 1420 hci_conn_add_sysfs(conn);
1421
1da177e4
LT		 1422 if (test_bit(HCI_AUTH, &hdev->flags))
1423 conn->link_mode |= HCI_LM_AUTH;
1424
1425 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1426 conn->link_mode |= HCI_LM_ENCRYPT;
1427
04837f64
MH		 1428 /* Get remote features */
1429 if (conn->type == ACL_LINK) {
1430 struct hci_cp_read_remote_features cp;
1431 cp.handle = ev->handle;
769be974
MH		 1432 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1433 sizeof(cp), &cp);
04837f64
MH		 1434 }
1435
1da177e4 1436 /* Set packet type for incoming connection */
a8746417 1437 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1438 struct hci_cp_change_conn_ptype cp;
1439 cp.handle = ev->handle;
a8746417
MH		 1440 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1441 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1442 sizeof(cp), &cp);
1da177e4 1443 }
17d5c04c 1444 } else {
1da177e4 1445 conn->state = BT_CLOSED;
17d5c04c
JH		 1446 if (conn->type == ACL_LINK)
1447 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1448 }
1da177e4 1449
e73439d8
MH		 1450 if (conn->type == ACL_LINK)
1451 hci_sco_setup(conn, ev->status);
1da177e4 1452
769be974
MH		 1453 if (ev->status) {
1454 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1455 hci_conn_del(conn);
c89b6e6b
MH		 1456 } else if (ev->link_type != ACL_LINK)
1457 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1458
a9de9248 1459unlock:
1da177e4 1460 hci_dev_unlock(hdev);
1da177e4 1461
a9de9248 1462 hci_conn_check_pending(hdev);
1da177e4
LT		 1463}
1464
a9de9248 1465static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1466{
a9de9248
MH		 1467 struct hci_ev_conn_request *ev = (void *) skb->data;
1468 int mask = hdev->link_mode;
1da177e4 1469
a9de9248
MH		 1470 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1471 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1472
a9de9248 1473 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1474
138d22ef
SJ		 1475 if ((mask & HCI_LM_ACCEPT) &&
1476 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1477 /* Connection accepted */
c7bdd502 1478 struct inquiry_entry *ie;
1da177e4 1479 struct hci_conn *conn;
1da177e4 1480
a9de9248 1481 hci_dev_lock(hdev);
b6a0dc82 1482
cc11b9c1
AE		 1483 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1484 if (ie)
c7bdd502
MH		 1485 memcpy(ie->data.dev_class, ev->dev_class, 3);
1486
a9de9248
MH		 1487 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1488 if (!conn) {
cc11b9c1
AE		 1489 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1490 if (!conn) {
893ef971 1491 BT_ERR("No memory for new connection");
a9de9248
MH		 1492 hci_dev_unlock(hdev);
1493 return;
1da177e4
LT		 1494 }
1495 }
b6a0dc82 1496
a9de9248
MH		 1497 memcpy(conn->dev_class, ev->dev_class, 3);
1498 conn->state = BT_CONNECT;
b6a0dc82 1499
a9de9248 1500 hci_dev_unlock(hdev);
1da177e4 1501
b6a0dc82
MH		 1502 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1503 struct hci_cp_accept_conn_req cp;
1da177e4 1504
b6a0dc82
MH		 1505 bacpy(&cp.bdaddr, &ev->bdaddr);
1506
1507 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1508 cp.role = 0x00; /* Become master */
1509 else
1510 cp.role = 0x01; /* Remain slave */
1511
1512 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1513 sizeof(cp), &cp);
1514 } else {
1515 struct hci_cp_accept_sync_conn_req cp;
1516
1517 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1518 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1519
1520 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1521 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1522 cp.max_latency = cpu_to_le16(0xffff);
1523 cp.content_format = cpu_to_le16(hdev->voice_setting);
1524 cp.retrans_effort = 0xff;
1da177e4 1525
b6a0dc82
MH		 1526 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1527 sizeof(cp), &cp);
1528 }
a9de9248
MH		 1529 } else {
1530 /* Connection rejected */
1531 struct hci_cp_reject_conn_req cp;
1da177e4 1532
a9de9248
MH		 1533 bacpy(&cp.bdaddr, &ev->bdaddr);
1534 cp.reason = 0x0f;
1535 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1536 }
1da177e4
LT		 1537}
1538
a9de9248 1539static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1540{
a9de9248 1541 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1542 struct hci_conn *conn;
1543
1544 BT_DBG("%s status %d", hdev->name, ev->status);
1545
8962ee74
JH		 1546 if (ev->status) {
1547 mgmt_disconnect_failed(hdev->id);
a9de9248 1548 return;
8962ee74 1549 }
a9de9248 1550
04837f64
MH		 1551 hci_dev_lock(hdev);
1552
1553 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1554 if (!conn)
1555 goto unlock;
7d0db0a3 1556
f7520543 1557 conn->state = BT_CLOSED;
04837f64 1558
83bc71b4 1559 if (conn->type == ACL_LINK || conn->type == LE_LINK)
f7520543
JH		 1560 mgmt_disconnected(hdev->id, &conn->dst);
1561
1562 hci_proto_disconn_cfm(conn, ev->reason);
1563 hci_conn_del(conn);
1564
1565unlock:
04837f64
MH		 1566 hci_dev_unlock(hdev);
1567}
1568
1da177e4
LT		 1569static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1570{
a9de9248 1571 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1572 struct hci_conn *conn;
1da177e4
LT		 1573
1574 BT_DBG("%s status %d", hdev->name, ev->status);
1575
1576 hci_dev_lock(hdev);
1577
04837f64 1578 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1579 if (!conn)
1580 goto unlock;
1581
1582 if (!ev->status) {
1583 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1584 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1585 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1586 } else {
d7556e20
WR		 1587 conn->link_mode |= HCI_LM_AUTH;
1588 conn->sec_level = conn->pending_sec_level;
2a611692 1589 }
d7556e20
WR		 1590 } else {
1591 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1592 }
1da177e4 1593
d7556e20
WR		 1594 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1595 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1596
d7556e20
WR		 1597 if (conn->state == BT_CONFIG) {
1598 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1599 struct hci_cp_set_conn_encrypt cp;
1600 cp.handle = ev->handle;
1601 cp.encrypt = 0x01;
1602 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1603 &cp);
052b30b0 1604 } else {
d7556e20
WR		 1605 conn->state = BT_CONNECTED;
1606 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1607 hci_conn_put(conn);
1608 }
d7556e20
WR		 1609 } else {
1610 hci_auth_cfm(conn, ev->status);
052b30b0 1611
d7556e20
WR		 1612 hci_conn_hold(conn);
1613 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1614 hci_conn_put(conn);
1615 }
1616
1617 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1618 if (!ev->status) {
1619 struct hci_cp_set_conn_encrypt cp;
1620 cp.handle = ev->handle;
1621 cp.encrypt = 0x01;
1622 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1623 &cp);
1624 } else {
1625 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1626 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1627 }
1628 }
1629
d7556e20 1630unlock:
1da177e4
LT		 1631 hci_dev_unlock(hdev);
1632}
1633
a9de9248 1634static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1635{
127178d2
JH		 1636 struct hci_ev_remote_name *ev = (void *) skb->data;
1637 struct hci_conn *conn;
1638
a9de9248 1639 BT_DBG("%s", hdev->name);
1da177e4 1640
a9de9248 1641 hci_conn_check_pending(hdev);
127178d2
JH		 1642
1643 hci_dev_lock(hdev);
1644
a88a9652
JH		 1645 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1646 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1647
127178d2 1648 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1649 if (!conn)
1650 goto unlock;
1651
1652 if (!hci_outgoing_auth_needed(hdev, conn))
1653 goto unlock;
1654
1655 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1656 struct hci_cp_auth_requested cp;
1657 cp.handle = __cpu_to_le16(conn->handle);
1658 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1659 }
1660
79c6c70c 1661unlock:
127178d2 1662 hci_dev_unlock(hdev);
a9de9248
MH		 1663}
1664
1665static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1666{
1667 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1668 struct hci_conn *conn;
1669
1670 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1671
1672 hci_dev_lock(hdev);
1673
04837f64 1674 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1675 if (conn) {
1676 if (!ev->status) {
ae293196
MH		 1677 if (ev->encrypt) {
1678 /* Encryption implies authentication */
1679 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1680 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1681 conn->sec_level = conn->pending_sec_level;
ae293196 1682 } else
1da177e4
LT		 1683 conn->link_mode &= ~HCI_LM_ENCRYPT;
1684 }
1685
1686 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1687
f8558555
MH		 1688 if (conn->state == BT_CONFIG) {
1689 if (!ev->status)
1690 conn->state = BT_CONNECTED;
1691
1692 hci_proto_connect_cfm(conn, ev->status);
1693 hci_conn_put(conn);
1694 } else
1695 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1696 }
1697
1698 hci_dev_unlock(hdev);
1699}
1700
a9de9248 1701static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1702{
a9de9248 1703 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1704 struct hci_conn *conn;
1da177e4
LT		 1705
1706 BT_DBG("%s status %d", hdev->name, ev->status);
1707
1708 hci_dev_lock(hdev);
1709
04837f64 1710 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1711 if (conn) {
1712 if (!ev->status)
1713 conn->link_mode |= HCI_LM_SECURE;
1714
1715 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1716
1717 hci_key_change_cfm(conn, ev->status);
1718 }
1719
1720 hci_dev_unlock(hdev);
1721}
1722
a9de9248 1723static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1724{
a9de9248
MH		 1725 struct hci_ev_remote_features *ev = (void *) skb->data;
1726 struct hci_conn *conn;
1727
1728 BT_DBG("%s status %d", hdev->name, ev->status);
1729
a9de9248
MH		 1730 hci_dev_lock(hdev);
1731
1732 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1733 if (!conn)
1734 goto unlock;
769be974 1735
ccd556fe
JH		 1736 if (!ev->status)
1737 memcpy(conn->features, ev->features, 8);
1738
1739 if (conn->state != BT_CONFIG)
1740 goto unlock;
1741
1742 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1743 struct hci_cp_read_remote_ext_features cp;
1744 cp.handle = ev->handle;
1745 cp.page = 0x01;
1746 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1747 sizeof(cp), &cp);
392599b9
JH		 1748 goto unlock;
1749 }
1750
127178d2
JH		 1751 if (!ev->status) {
1752 struct hci_cp_remote_name_req cp;
1753 memset(&cp, 0, sizeof(cp));
1754 bacpy(&cp.bdaddr, &conn->dst);
1755 cp.pscan_rep_mode = 0x02;
1756 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1757 }
392599b9 1758
127178d2 1759 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1760 conn->state = BT_CONNECTED;
1761 hci_proto_connect_cfm(conn, ev->status);
1762 hci_conn_put(conn);
769be974 1763 }
a9de9248 1764
ccd556fe 1765unlock:
a9de9248 1766 hci_dev_unlock(hdev);
1da177e4
LT		 1767}
1768
a9de9248 1769static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1770{
a9de9248 1771 BT_DBG("%s", hdev->name);
1da177e4
LT		 1772}
1773
a9de9248 1774static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1775{
a9de9248 1776 BT_DBG("%s", hdev->name);
1da177e4
LT		 1777}
1778
a9de9248
MH		 1779static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1780{
1781 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1782 __u16 opcode;
1783
1784 skb_pull(skb, sizeof(*ev));
1785
1786 opcode = __le16_to_cpu(ev->opcode);
1787
1788 switch (opcode) {
1789 case HCI_OP_INQUIRY_CANCEL:
1790 hci_cc_inquiry_cancel(hdev, skb);
1791 break;
1792
1793 case HCI_OP_EXIT_PERIODIC_INQ:
1794 hci_cc_exit_periodic_inq(hdev, skb);
1795 break;
1796
1797 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1798 hci_cc_remote_name_req_cancel(hdev, skb);
1799 break;
1800
1801 case HCI_OP_ROLE_DISCOVERY:
1802 hci_cc_role_discovery(hdev, skb);
1803 break;
1804
e4e8e37c
MH		 1805 case HCI_OP_READ_LINK_POLICY:
1806 hci_cc_read_link_policy(hdev, skb);
1807 break;
1808
a9de9248
MH		 1809 case HCI_OP_WRITE_LINK_POLICY:
1810 hci_cc_write_link_policy(hdev, skb);
1811 break;
1812
e4e8e37c
MH		 1813 case HCI_OP_READ_DEF_LINK_POLICY:
1814 hci_cc_read_def_link_policy(hdev, skb);
1815 break;
1816
1817 case HCI_OP_WRITE_DEF_LINK_POLICY:
1818 hci_cc_write_def_link_policy(hdev, skb);
1819 break;
1820
a9de9248
MH		 1821 case HCI_OP_RESET:
1822 hci_cc_reset(hdev, skb);
1823 break;
1824
1825 case HCI_OP_WRITE_LOCAL_NAME:
1826 hci_cc_write_local_name(hdev, skb);
1827 break;
1828
1829 case HCI_OP_READ_LOCAL_NAME:
1830 hci_cc_read_local_name(hdev, skb);
1831 break;
1832
1833 case HCI_OP_WRITE_AUTH_ENABLE:
1834 hci_cc_write_auth_enable(hdev, skb);
1835 break;
1836
1837 case HCI_OP_WRITE_ENCRYPT_MODE:
1838 hci_cc_write_encrypt_mode(hdev, skb);
1839 break;
1840
1841 case HCI_OP_WRITE_SCAN_ENABLE:
1842 hci_cc_write_scan_enable(hdev, skb);
1843 break;
1844
1845 case HCI_OP_READ_CLASS_OF_DEV:
1846 hci_cc_read_class_of_dev(hdev, skb);
1847 break;
1848
1849 case HCI_OP_WRITE_CLASS_OF_DEV:
1850 hci_cc_write_class_of_dev(hdev, skb);
1851 break;
1852
1853 case HCI_OP_READ_VOICE_SETTING:
1854 hci_cc_read_voice_setting(hdev, skb);
1855 break;
1856
1857 case HCI_OP_WRITE_VOICE_SETTING:
1858 hci_cc_write_voice_setting(hdev, skb);
1859 break;
1860
1861 case HCI_OP_HOST_BUFFER_SIZE:
1862 hci_cc_host_buffer_size(hdev, skb);
1863 break;
1864
333140b5
MH		 1865 case HCI_OP_READ_SSP_MODE:
1866 hci_cc_read_ssp_mode(hdev, skb);
1867 break;
1868
1869 case HCI_OP_WRITE_SSP_MODE:
1870 hci_cc_write_ssp_mode(hdev, skb);
1871 break;
1872
a9de9248
MH		 1873 case HCI_OP_READ_LOCAL_VERSION:
1874 hci_cc_read_local_version(hdev, skb);
1875 break;
1876
1877 case HCI_OP_READ_LOCAL_COMMANDS:
1878 hci_cc_read_local_commands(hdev, skb);
1879 break;
1880
1881 case HCI_OP_READ_LOCAL_FEATURES:
1882 hci_cc_read_local_features(hdev, skb);
1883 break;
1884
971e3a4b
AG		 1885 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1886 hci_cc_read_local_ext_features(hdev, skb);
1887 break;
1888
a9de9248
MH		 1889 case HCI_OP_READ_BUFFER_SIZE:
1890 hci_cc_read_buffer_size(hdev, skb);
1891 break;
1892
1893 case HCI_OP_READ_BD_ADDR:
1894 hci_cc_read_bd_addr(hdev, skb);
1895 break;
1896
23bb5763
JH		 1897 case HCI_OP_WRITE_CA_TIMEOUT:
1898 hci_cc_write_ca_timeout(hdev, skb);
1899 break;
1900
b0916ea0
JH		 1901 case HCI_OP_DELETE_STORED_LINK_KEY:
1902 hci_cc_delete_stored_link_key(hdev, skb);
1903 break;
1904
d5859e22
JH		 1905 case HCI_OP_SET_EVENT_MASK:
1906 hci_cc_set_event_mask(hdev, skb);
1907 break;
1908
1909 case HCI_OP_WRITE_INQUIRY_MODE:
1910 hci_cc_write_inquiry_mode(hdev, skb);
1911 break;
1912
1913 case HCI_OP_READ_INQ_RSP_TX_POWER:
1914 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1915 break;
1916
1917 case HCI_OP_SET_EVENT_FLT:
1918 hci_cc_set_event_flt(hdev, skb);
1919 break;
1920
980e1a53
JH		 1921 case HCI_OP_PIN_CODE_REPLY:
1922 hci_cc_pin_code_reply(hdev, skb);
1923 break;
1924
1925 case HCI_OP_PIN_CODE_NEG_REPLY:
1926 hci_cc_pin_code_neg_reply(hdev, skb);
1927 break;
1928
c35938b2
SJ		 1929 case HCI_OP_READ_LOCAL_OOB_DATA:
1930 hci_cc_read_local_oob_data_reply(hdev, skb);
1931 break;
1932
6ed58ec5
VT		 1933 case HCI_OP_LE_READ_BUFFER_SIZE:
1934 hci_cc_le_read_buffer_size(hdev, skb);
1935 break;
1936
a5c29683
JH		 1937 case HCI_OP_USER_CONFIRM_REPLY:
1938 hci_cc_user_confirm_reply(hdev, skb);
1939 break;
1940
1941 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1942 hci_cc_user_confirm_neg_reply(hdev, skb);
1943 break;
1944
eb9d91f5
AG		 1945 case HCI_OP_LE_SET_SCAN_ENABLE:
1946 hci_cc_le_set_scan_enable(hdev, skb);
1947 break;
1948
a7a595f6
VCG		 1949 case HCI_OP_LE_LTK_REPLY:
1950 hci_cc_le_ltk_reply(hdev, skb);
1951 break;
1952
1953 case HCI_OP_LE_LTK_NEG_REPLY:
1954 hci_cc_le_ltk_neg_reply(hdev, skb);
1955 break;
1956
f9b49306
AG		 1957 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1958 hci_cc_write_le_host_supported(hdev, skb);
1959 break;
1960
a9de9248
MH		 1961 default:
1962 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1963 break;
1964 }
1965
6bd32326
VT		 1966 if (ev->opcode != HCI_OP_NOP)
1967 del_timer(&hdev->cmd_timer);
1968
a9de9248
MH		 1969 if (ev->ncmd) {
1970 atomic_set(&hdev->cmd_cnt, 1);
1971 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 1972 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 1973 }
1974}
1975
1976static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1977{
1978 struct hci_ev_cmd_status *ev = (void *) skb->data;
1979 __u16 opcode;
1980
1981 skb_pull(skb, sizeof(*ev));
1982
1983 opcode = __le16_to_cpu(ev->opcode);
1984
1985 switch (opcode) {
1986 case HCI_OP_INQUIRY:
1987 hci_cs_inquiry(hdev, ev->status);
1988 break;
1989
1990 case HCI_OP_CREATE_CONN:
1991 hci_cs_create_conn(hdev, ev->status);
1992 break;
1993
1994 case HCI_OP_ADD_SCO:
1995 hci_cs_add_sco(hdev, ev->status);
1996 break;
1997
f8558555
MH		 1998 case HCI_OP_AUTH_REQUESTED:
1999 hci_cs_auth_requested(hdev, ev->status);
2000 break;
2001
2002 case HCI_OP_SET_CONN_ENCRYPT:
2003 hci_cs_set_conn_encrypt(hdev, ev->status);
2004 break;
2005
a9de9248
MH		 2006 case HCI_OP_REMOTE_NAME_REQ:
2007 hci_cs_remote_name_req(hdev, ev->status);
2008 break;
2009
769be974
MH		 2010 case HCI_OP_READ_REMOTE_FEATURES:
2011 hci_cs_read_remote_features(hdev, ev->status);
2012 break;
2013
2014 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2015 hci_cs_read_remote_ext_features(hdev, ev->status);
2016 break;
2017
a9de9248
MH		 2018 case HCI_OP_SETUP_SYNC_CONN:
2019 hci_cs_setup_sync_conn(hdev, ev->status);
2020 break;
2021
2022 case HCI_OP_SNIFF_MODE:
2023 hci_cs_sniff_mode(hdev, ev->status);
2024 break;
2025
2026 case HCI_OP_EXIT_SNIFF_MODE:
2027 hci_cs_exit_sniff_mode(hdev, ev->status);
2028 break;
2029
8962ee74
JH		 2030 case HCI_OP_DISCONNECT:
2031 if (ev->status != 0)
2032 mgmt_disconnect_failed(hdev->id);
2033 break;
2034
fcd89c09
VT		 2035 case HCI_OP_LE_CREATE_CONN:
2036 hci_cs_le_create_conn(hdev, ev->status);
2037 break;
2038
a7a595f6
VCG		 2039 case HCI_OP_LE_START_ENC:
2040 hci_cs_le_start_enc(hdev, ev->status);
2041 break;
2042
a9de9248
MH		 2043 default:
2044 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2045 break;
2046 }
2047
6bd32326
VT		 2048 if (ev->opcode != HCI_OP_NOP)
2049 del_timer(&hdev->cmd_timer);
2050
10572132 2051 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2052 atomic_set(&hdev->cmd_cnt, 1);
2053 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2054 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2055 }
2056}
2057
2058static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2059{
2060 struct hci_ev_role_change *ev = (void *) skb->data;
2061 struct hci_conn *conn;
2062
2063 BT_DBG("%s status %d", hdev->name, ev->status);
2064
2065 hci_dev_lock(hdev);
2066
2067 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2068 if (conn) {
2069 if (!ev->status) {
2070 if (ev->role)
2071 conn->link_mode &= ~HCI_LM_MASTER;
2072 else
2073 conn->link_mode |= HCI_LM_MASTER;
2074 }
2075
2076 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2077
2078 hci_role_switch_cfm(conn, ev->status, ev->role);
2079 }
2080
2081 hci_dev_unlock(hdev);
2082}
2083
2084static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2085{
2086 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2087 __le16 *ptr;
2088 int i;
2089
2090 skb_pull(skb, sizeof(*ev));
2091
2092 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2093
2094 if (skb->len < ev->num_hndl * 4) {
2095 BT_DBG("%s bad parameters", hdev->name);
2096 return;
2097 }
2098
2099 tasklet_disable(&hdev->tx_task);
2100
2101 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2102 struct hci_conn *conn;
2103 __u16 handle, count;
2104
83985319
HH		 2105 handle = get_unaligned_le16(ptr++);
2106 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2107
2108 conn = hci_conn_hash_lookup_handle(hdev, handle);
2109 if (conn) {
2110 conn->sent -= count;
2111
2112 if (conn->type == ACL_LINK) {
70f23020
AE		 2113 hdev->acl_cnt += count;
2114 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2115 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2116 } else if (conn->type == LE_LINK) {
2117 if (hdev->le_pkts) {
2118 hdev->le_cnt += count;
2119 if (hdev->le_cnt > hdev->le_pkts)
2120 hdev->le_cnt = hdev->le_pkts;
2121 } else {
2122 hdev->acl_cnt += count;
2123 if (hdev->acl_cnt > hdev->acl_pkts)
2124 hdev->acl_cnt = hdev->acl_pkts;
2125 }
a9de9248 2126 } else {
70f23020
AE		 2127 hdev->sco_cnt += count;
2128 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2129 hdev->sco_cnt = hdev->sco_pkts;
2130 }
2131 }
2132 }
2133
c78ae283 2134 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2135
2136 tasklet_enable(&hdev->tx_task);
2137}
2138
2139static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2140{
a9de9248 2141 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2142 struct hci_conn *conn;
2143
2144 BT_DBG("%s status %d", hdev->name, ev->status);
2145
2146 hci_dev_lock(hdev);
2147
2148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2149 if (conn) {
2150 conn->mode = ev->mode;
2151 conn->interval = __le16_to_cpu(ev->interval);
2152
2153 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2154 if (conn->mode == HCI_CM_ACTIVE)
2155 conn->power_save = 1;
2156 else
2157 conn->power_save = 0;
2158 }
e73439d8
MH		 2159
2160 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2161 hci_sco_setup(conn, ev->status);
04837f64
MH		 2162 }
2163
2164 hci_dev_unlock(hdev);
2165}
2166
a9de9248
MH		 2167static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2168{
052b30b0
MH		 2169 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2170 struct hci_conn *conn;
2171
a9de9248 2172 BT_DBG("%s", hdev->name);
052b30b0
MH		 2173
2174 hci_dev_lock(hdev);
2175
2176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2177 if (!conn)
2178 goto unlock;
2179
2180 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2181 hci_conn_hold(conn);
2182 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2183 hci_conn_put(conn);
2184 }
2185
03b555e1
JH		 2186 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2187 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2188 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2189 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2190 u8 secure;
2191
2192 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2193 secure = 1;
2194 else
2195 secure = 0;
2196
2197 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2198 }
980e1a53 2199
b6f98044 2200unlock:
052b30b0 2201 hci_dev_unlock(hdev);
a9de9248
MH		 2202}
2203
2204static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2205{
55ed8ca1
JH		 2206 struct hci_ev_link_key_req *ev = (void *) skb->data;
2207 struct hci_cp_link_key_reply cp;
2208 struct hci_conn *conn;
2209 struct link_key *key;
2210
a9de9248 2211 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2212
2213 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2214 return;
2215
2216 hci_dev_lock(hdev);
2217
2218 key = hci_find_link_key(hdev, &ev->bdaddr);
2219 if (!key) {
2220 BT_DBG("%s link key not found for %s", hdev->name,
2221 batostr(&ev->bdaddr));
2222 goto not_found;
2223 }
2224
2225 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2226 batostr(&ev->bdaddr));
2227
b6020ba0
WR		 2228 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2229 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2230 BT_DBG("%s ignoring debug key", hdev->name);
2231 goto not_found;
2232 }
2233
2234 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2235 if (conn) {
2236 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2237 conn->auth_type != 0xff &&
2238 (conn->auth_type & 0x01)) {
2239 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2240 goto not_found;
2241 }
55ed8ca1 2242
60b83f57
WR		 2243 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2244 conn->pending_sec_level == BT_SECURITY_HIGH) {
2245 BT_DBG("%s ignoring key unauthenticated for high \
2246 security", hdev->name);
2247 goto not_found;
2248 }
2249
2250 conn->key_type = key->type;
2251 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2252 }
2253
2254 bacpy(&cp.bdaddr, &ev->bdaddr);
2255 memcpy(cp.link_key, key->val, 16);
2256
2257 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2258
2259 hci_dev_unlock(hdev);
2260
2261 return;
2262
2263not_found:
2264 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2265 hci_dev_unlock(hdev);
a9de9248
MH		 2266}
2267
2268static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2269{
052b30b0
MH		 2270 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2271 struct hci_conn *conn;
55ed8ca1 2272 u8 pin_len = 0;
052b30b0 2273
a9de9248 2274 BT_DBG("%s", hdev->name);
052b30b0
MH		 2275
2276 hci_dev_lock(hdev);
2277
2278 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2279 if (conn) {
2280 hci_conn_hold(conn);
2281 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2282 pin_len = conn->pin_length;
13d39315
WR		 2283
2284 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2285 conn->key_type = ev->key_type;
2286
052b30b0
MH		 2287 hci_conn_put(conn);
2288 }
2289
55ed8ca1 2290 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2291 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2292 ev->key_type, pin_len);
2293
052b30b0 2294 hci_dev_unlock(hdev);
a9de9248
MH		 2295}
2296
1da177e4
LT		 2297static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2298{
a9de9248 2299 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2300 struct hci_conn *conn;
1da177e4
LT		 2301
2302 BT_DBG("%s status %d", hdev->name, ev->status);
2303
2304 hci_dev_lock(hdev);
2305
04837f64 2306 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2307 if (conn && !ev->status) {
2308 struct inquiry_entry *ie;
2309
cc11b9c1
AE		 2310 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2311 if (ie) {
1da177e4
LT		 2312 ie->data.clock_offset = ev->clock_offset;
2313 ie->timestamp = jiffies;
2314 }
2315 }
2316
2317 hci_dev_unlock(hdev);
2318}
2319
a8746417
MH		 2320static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2321{
2322 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2323 struct hci_conn *conn;
2324
2325 BT_DBG("%s status %d", hdev->name, ev->status);
2326
2327 hci_dev_lock(hdev);
2328
2329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2330 if (conn && !ev->status)
2331 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2332
2333 hci_dev_unlock(hdev);
2334}
2335
85a1e930
MH		 2336static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2337{
a9de9248 2338 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2339 struct inquiry_entry *ie;
2340
2341 BT_DBG("%s", hdev->name);
2342
2343 hci_dev_lock(hdev);
2344
cc11b9c1
AE		 2345 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2346 if (ie) {
85a1e930
MH		 2347 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2348 ie->timestamp = jiffies;
2349 }
2350
2351 hci_dev_unlock(hdev);
2352}
2353
a9de9248
MH		 2354static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2355{
2356 struct inquiry_data data;
2357 int num_rsp = *((__u8 *) skb->data);
2358
2359 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2360
2361 if (!num_rsp)
2362 return;
2363
2364 hci_dev_lock(hdev);
2365
314b2381
JH		 2366 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2367
2368 if (test_bit(HCI_MGMT, &hdev->flags))
2369 mgmt_discovering(hdev->id, 1);
2370 }
2371
a9de9248 2372 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2373 struct inquiry_info_with_rssi_and_pscan_mode *info;
2374 info = (void *) (skb->data + 1);
a9de9248 2375
e17acd40 2376 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2377 bacpy(&data.bdaddr, &info->bdaddr);
2378 data.pscan_rep_mode = info->pscan_rep_mode;
2379 data.pscan_period_mode = info->pscan_period_mode;
2380 data.pscan_mode = info->pscan_mode;
2381 memcpy(data.dev_class, info->dev_class, 3);
2382 data.clock_offset = info->clock_offset;
2383 data.rssi = info->rssi;
41a96212 2384 data.ssp_mode = 0x00;
a9de9248 2385 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2386 mgmt_device_found(hdev->id, &info->bdaddr,
2387 info->dev_class, info->rssi,
2388 NULL);
a9de9248
MH		 2389 }
2390 } else {
2391 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2392
e17acd40 2393 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2394 bacpy(&data.bdaddr, &info->bdaddr);
2395 data.pscan_rep_mode = info->pscan_rep_mode;
2396 data.pscan_period_mode = info->pscan_period_mode;
2397 data.pscan_mode = 0x00;
2398 memcpy(data.dev_class, info->dev_class, 3);
2399 data.clock_offset = info->clock_offset;
2400 data.rssi = info->rssi;
41a96212 2401 data.ssp_mode = 0x00;
a9de9248 2402 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2403 mgmt_device_found(hdev->id, &info->bdaddr,
2404 info->dev_class, info->rssi,
2405 NULL);
a9de9248
MH		 2406 }
2407 }
2408
2409 hci_dev_unlock(hdev);
2410}
2411
2412static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2413{
41a96212
MH		 2414 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2415 struct hci_conn *conn;
2416
a9de9248 2417 BT_DBG("%s", hdev->name);
41a96212 2418
41a96212
MH		 2419 hci_dev_lock(hdev);
2420
2421 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2422 if (!conn)
2423 goto unlock;
41a96212 2424
ccd556fe
JH		 2425 if (!ev->status && ev->page == 0x01) {
2426 struct inquiry_entry *ie;
41a96212 2427
cc11b9c1
AE		 2428 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2429 if (ie)
ccd556fe 2430 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2431
ccd556fe
JH		 2432 conn->ssp_mode = (ev->features[0] & 0x01);
2433 }
2434
2435 if (conn->state != BT_CONFIG)
2436 goto unlock;
2437
127178d2
JH		 2438 if (!ev->status) {
2439 struct hci_cp_remote_name_req cp;
2440 memset(&cp, 0, sizeof(cp));
2441 bacpy(&cp.bdaddr, &conn->dst);
2442 cp.pscan_rep_mode = 0x02;
2443 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2444 }
392599b9 2445
127178d2 2446 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2447 conn->state = BT_CONNECTED;
2448 hci_proto_connect_cfm(conn, ev->status);
2449 hci_conn_put(conn);
41a96212
MH		 2450 }
2451
ccd556fe 2452unlock:
41a96212 2453 hci_dev_unlock(hdev);
a9de9248
MH		 2454}
2455
2456static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2457{
b6a0dc82
MH		 2458 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2459 struct hci_conn *conn;
2460
2461 BT_DBG("%s status %d", hdev->name, ev->status);
2462
2463 hci_dev_lock(hdev);
2464
2465 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2466 if (!conn) {
2467 if (ev->link_type == ESCO_LINK)
2468 goto unlock;
2469
2470 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2471 if (!conn)
2472 goto unlock;
2473
2474 conn->type = SCO_LINK;
2475 }
b6a0dc82 2476
732547f9
MH		 2477 switch (ev->status) {
2478 case 0x00:
b6a0dc82
MH		 2479 conn->handle = __le16_to_cpu(ev->handle);
2480 conn->state = BT_CONNECTED;
7d0db0a3 2481
9eba32b8 2482 hci_conn_hold_device(conn);
7d0db0a3 2483 hci_conn_add_sysfs(conn);
732547f9
MH		 2484 break;
2485
705e5711 2486 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2487 case 0x1c: /* SCO interval rejected */
1038a00b 2488 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2489 case 0x1f: /* Unspecified error */
2490 if (conn->out && conn->attempt < 2) {
2491 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2492 (hdev->esco_type & EDR_ESCO_MASK);
2493 hci_setup_sync(conn, conn->link->handle);
2494 goto unlock;
2495 }
2496 /* fall through */
2497
2498 default:
b6a0dc82 2499 conn->state = BT_CLOSED;
732547f9
MH		 2500 break;
2501 }
b6a0dc82
MH		 2502
2503 hci_proto_connect_cfm(conn, ev->status);
2504 if (ev->status)
2505 hci_conn_del(conn);
2506
2507unlock:
2508 hci_dev_unlock(hdev);
a9de9248
MH		 2509}
2510
2511static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2512{
2513 BT_DBG("%s", hdev->name);
2514}
2515
04837f64
MH		 2516static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2517{
a9de9248 2518 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2519
2520 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2521}
2522
a9de9248 2523static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2524{
a9de9248
MH		 2525 struct inquiry_data data;
2526 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2527 int num_rsp = *((__u8 *) skb->data);
1da177e4 2528
a9de9248 2529 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2530
a9de9248
MH		 2531 if (!num_rsp)
2532 return;
1da177e4 2533
314b2381
JH		 2534 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2535
2536 if (test_bit(HCI_MGMT, &hdev->flags))
2537 mgmt_discovering(hdev->id, 1);
2538 }
2539
a9de9248
MH		 2540 hci_dev_lock(hdev);
2541
e17acd40 2542 for (; num_rsp; num_rsp--, info++) {
a9de9248 2543 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2544 data.pscan_rep_mode = info->pscan_rep_mode;
2545 data.pscan_period_mode = info->pscan_period_mode;
2546 data.pscan_mode = 0x00;
a9de9248 2547 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2548 data.clock_offset = info->clock_offset;
2549 data.rssi = info->rssi;
41a96212 2550 data.ssp_mode = 0x01;
a9de9248 2551 hci_inquiry_cache_update(hdev, &data);
e17acd40
JH		 2552 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2553 info->rssi, info->data);
a9de9248
MH		 2554 }
2555
2556 hci_dev_unlock(hdev);
2557}
1da177e4 2558
17fa4b9d
JH		 2559static inline u8 hci_get_auth_req(struct hci_conn *conn)
2560{
2561 /* If remote requests dedicated bonding follow that lead */
2562 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2563 /* If both remote and local IO capabilities allow MITM
2564 * protection then require it, otherwise don't */
2565 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2566 return 0x02;
2567 else
2568 return 0x03;
2569 }
2570
2571 /* If remote requests no-bonding follow that lead */
2572 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2573 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2574
2575 return conn->auth_type;
2576}
2577
0493684e
MH		 2578static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2579{
2580 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2581 struct hci_conn *conn;
2582
2583 BT_DBG("%s", hdev->name);
2584
2585 hci_dev_lock(hdev);
2586
2587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2588 if (!conn)
2589 goto unlock;
2590
2591 hci_conn_hold(conn);
2592
2593 if (!test_bit(HCI_MGMT, &hdev->flags))
2594 goto unlock;
2595
2596 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2597 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2598 struct hci_cp_io_capability_reply cp;
2599
2600 bacpy(&cp.bdaddr, &ev->bdaddr);
2601 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2602 conn->auth_type = hci_get_auth_req(conn);
2603 cp.authentication = conn->auth_type;
17fa4b9d 2604
ce85ee13
SJ		 2605 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2606 hci_find_remote_oob_data(hdev, &conn->dst))
2607 cp.oob_data = 0x01;
2608 else
2609 cp.oob_data = 0x00;
2610
17fa4b9d
JH		 2611 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2612 sizeof(cp), &cp);
03b555e1
JH		 2613 } else {
2614 struct hci_cp_io_capability_neg_reply cp;
2615
2616 bacpy(&cp.bdaddr, &ev->bdaddr);
be77159c 2617 cp.reason = 0x18; /* Pairing not allowed */
0493684e 2618
03b555e1
JH		 2619 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2620 sizeof(cp), &cp);
2621 }
2622
2623unlock:
2624 hci_dev_unlock(hdev);
2625}
2626
2627static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2628{
2629 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2630 struct hci_conn *conn;
2631
2632 BT_DBG("%s", hdev->name);
2633
2634 hci_dev_lock(hdev);
2635
2636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2637 if (!conn)
2638 goto unlock;
2639
03b555e1
JH		 2640 conn->remote_cap = ev->capability;
2641 conn->remote_oob = ev->oob_data;
2642 conn->remote_auth = ev->authentication;
2643
2644unlock:
0493684e
MH		 2645 hci_dev_unlock(hdev);
2646}
2647
a5c29683
JH		 2648static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2649 struct sk_buff *skb)
2650{
2651 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2652 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2653 struct hci_conn *conn;
a5c29683
JH		 2654
2655 BT_DBG("%s", hdev->name);
2656
2657 hci_dev_lock(hdev);
2658
7a828908
JH		 2659 if (!test_bit(HCI_MGMT, &hdev->flags))
2660 goto unlock;
a5c29683 2661
7a828908
JH		 2662 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2663 if (!conn)
2664 goto unlock;
2665
2666 loc_mitm = (conn->auth_type & 0x01);
2667 rem_mitm = (conn->remote_auth & 0x01);
2668
2669 /* If we require MITM but the remote device can't provide that
2670 * (it has NoInputNoOutput) then reject the confirmation
2671 * request. The only exception is when we're dedicated bonding
2672 * initiators (connect_cfm_cb set) since then we always have the MITM
2673 * bit set. */
2674 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2675 BT_DBG("Rejecting request: remote device can't provide MITM");
2676 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2677 sizeof(ev->bdaddr), &ev->bdaddr);
2678 goto unlock;
2679 }
2680
2681 /* If no side requires MITM protection; auto-accept */
2682 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2683 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2684
2685 /* If we're not the initiators request authorization to
2686 * proceed from user space (mgmt_user_confirm with
2687 * confirm_hint set to 1). */
2688 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2689 BT_DBG("Confirming auto-accept as acceptor");
2690 confirm_hint = 1;
2691 goto confirm;
2692 }
2693
9f61656a
JH		 2694 BT_DBG("Auto-accept of user confirmation with %ums delay",
2695 hdev->auto_accept_delay);
2696
2697 if (hdev->auto_accept_delay > 0) {
2698 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2699 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2700 goto unlock;
2701 }
2702
7a828908
JH		 2703 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2704 sizeof(ev->bdaddr), &ev->bdaddr);
2705 goto unlock;
2706 }
2707
55bc1a37
JH		 2708confirm:
2709 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2710 confirm_hint);
7a828908
JH		 2711
2712unlock:
a5c29683
JH		 2713 hci_dev_unlock(hdev);
2714}
2715
0493684e
MH		 2716static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2717{
2718 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2719 struct hci_conn *conn;
2720
2721 BT_DBG("%s", hdev->name);
2722
2723 hci_dev_lock(hdev);
2724
2725 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2726 if (!conn)
2727 goto unlock;
2728
2729 /* To avoid duplicate auth_failed events to user space we check
2730 * the HCI_CONN_AUTH_PEND flag which will be set if we
2731 * initiated the authentication. A traditional auth_complete
2732 * event gets always produced as initiator and is also mapped to
2733 * the mgmt_auth_failed event */
2734 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2735 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
0493684e 2736
2a611692
JH		 2737 hci_conn_put(conn);
2738
2739unlock:
0493684e
MH		 2740 hci_dev_unlock(hdev);
2741}
2742
41a96212
MH		 2743static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2744{
2745 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2746 struct inquiry_entry *ie;
2747
2748 BT_DBG("%s", hdev->name);
2749
2750 hci_dev_lock(hdev);
2751
cc11b9c1
AE		 2752 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2753 if (ie)
41a96212
MH		 2754 ie->data.ssp_mode = (ev->features[0] & 0x01);
2755
2756 hci_dev_unlock(hdev);
2757}
2758
2763eda6
SJ		 2759static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2760 struct sk_buff *skb)
2761{
2762 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2763 struct oob_data *data;
2764
2765 BT_DBG("%s", hdev->name);
2766
2767 hci_dev_lock(hdev);
2768
e1ba1f15
SJ		 2769 if (!test_bit(HCI_MGMT, &hdev->flags))
2770 goto unlock;
2771
2763eda6
SJ		 2772 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2773 if (data) {
2774 struct hci_cp_remote_oob_data_reply cp;
2775
2776 bacpy(&cp.bdaddr, &ev->bdaddr);
2777 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2778 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2779
2780 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2781 &cp);
2782 } else {
2783 struct hci_cp_remote_oob_data_neg_reply cp;
2784
2785 bacpy(&cp.bdaddr, &ev->bdaddr);
2786 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2787 &cp);
2788 }
2789
e1ba1f15 2790unlock:
2763eda6
SJ		 2791 hci_dev_unlock(hdev);
2792}
2793
fcd89c09
VT		 2794static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2795{
2796 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2797 struct hci_conn *conn;
2798
2799 BT_DBG("%s status %d", hdev->name, ev->status);
2800
2801 hci_dev_lock(hdev);
2802
2803 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2804 if (!conn) {
2805 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2806 if (!conn) {
2807 BT_ERR("No memory for new connection");
2808 hci_dev_unlock(hdev);
2809 return;
2810 }
29b7988a
AG		 2811
2812 conn->dst_type = ev->bdaddr_type;
b62f328b 2813 }
fcd89c09
VT		 2814
2815 if (ev->status) {
83bc71b4 2816 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
fcd89c09
VT		 2817 hci_proto_connect_cfm(conn, ev->status);
2818 conn->state = BT_CLOSED;
2819 hci_conn_del(conn);
2820 goto unlock;
2821 }
2822
cfafccf7 2823 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
83bc71b4 2824
7b5c0d52 2825 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2826 conn->handle = __le16_to_cpu(ev->handle);
2827 conn->state = BT_CONNECTED;
2828
2829 hci_conn_hold_device(conn);
2830 hci_conn_add_sysfs(conn);
2831
2832 hci_proto_connect_cfm(conn, ev->status);
2833
2834unlock:
2835 hci_dev_unlock(hdev);
2836}
2837
9aa04c91
AG		 2838static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2839 struct sk_buff *skb)
2840{
e95beb41
AG		 2841 u8 num_reports = skb->data[0];
2842 void *ptr = &skb->data[1];
9aa04c91
AG		 2843
2844 hci_dev_lock(hdev);
2845
e95beb41
AG		 2846 while (num_reports--) {
2847 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2848
9aa04c91 2849 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2850
2851 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2852 }
2853
2854 hci_dev_unlock(hdev);
2855}
2856
a7a595f6
VCG		 2857static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2858 struct sk_buff *skb)
2859{
2860 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2861 struct hci_cp_le_ltk_reply cp;
bea710fe 2862 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2863 struct hci_conn *conn;
bea710fe 2864 struct link_key *ltk;
a7a595f6
VCG		 2865
2866 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2867
2868 hci_dev_lock(hdev);
2869
2870 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 2871 if (conn == NULL)
2872 goto not_found;
a7a595f6 2873
bea710fe
VCG		 2874 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2875 if (ltk == NULL)
2876 goto not_found;
2877
2878 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 2879 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 2880 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 2881
2882 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2883
2884 hci_dev_unlock(hdev);
bea710fe
VCG		 2885
2886 return;
2887
2888not_found:
2889 neg.handle = ev->handle;
2890 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2891 hci_dev_unlock(hdev);
a7a595f6
VCG		 2892}
2893
fcd89c09
VT		 2894static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2895{
2896 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2897
2898 skb_pull(skb, sizeof(*le_ev));
2899
2900 switch (le_ev->subevent) {
2901 case HCI_EV_LE_CONN_COMPLETE:
2902 hci_le_conn_complete_evt(hdev, skb);
2903 break;
2904
9aa04c91
AG		 2905 case HCI_EV_LE_ADVERTISING_REPORT:
2906 hci_le_adv_report_evt(hdev, skb);
2907 break;
2908
a7a595f6
VCG		 2909 case HCI_EV_LE_LTK_REQ:
2910 hci_le_ltk_request_evt(hdev, skb);
2911 break;
2912
fcd89c09
VT		 2913 default:
2914 break;
2915 }
2916}
2917
a9de9248
MH		 2918void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2919{
2920 struct hci_event_hdr *hdr = (void *) skb->data;
2921 __u8 event = hdr->evt;
2922
2923 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2924
2925 switch (event) {
1da177e4
LT		 2926 case HCI_EV_INQUIRY_COMPLETE:
2927 hci_inquiry_complete_evt(hdev, skb);
2928 break;
2929
2930 case HCI_EV_INQUIRY_RESULT:
2931 hci_inquiry_result_evt(hdev, skb);
2932 break;
2933
a9de9248
MH		 2934 case HCI_EV_CONN_COMPLETE:
2935 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 2936 break;
2937
1da177e4
LT		 2938 case HCI_EV_CONN_REQUEST:
2939 hci_conn_request_evt(hdev, skb);
2940 break;
2941
1da177e4
LT		 2942 case HCI_EV_DISCONN_COMPLETE:
2943 hci_disconn_complete_evt(hdev, skb);
2944 break;
2945
1da177e4
LT		 2946 case HCI_EV_AUTH_COMPLETE:
2947 hci_auth_complete_evt(hdev, skb);
2948 break;
2949
a9de9248
MH		 2950 case HCI_EV_REMOTE_NAME:
2951 hci_remote_name_evt(hdev, skb);
2952 break;
2953
1da177e4
LT		 2954 case HCI_EV_ENCRYPT_CHANGE:
2955 hci_encrypt_change_evt(hdev, skb);
2956 break;
2957
a9de9248
MH		 2958 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2959 hci_change_link_key_complete_evt(hdev, skb);
2960 break;
2961
2962 case HCI_EV_REMOTE_FEATURES:
2963 hci_remote_features_evt(hdev, skb);
2964 break;
2965
2966 case HCI_EV_REMOTE_VERSION:
2967 hci_remote_version_evt(hdev, skb);
2968 break;
2969
2970 case HCI_EV_QOS_SETUP_COMPLETE:
2971 hci_qos_setup_complete_evt(hdev, skb);
2972 break;
2973
2974 case HCI_EV_CMD_COMPLETE:
2975 hci_cmd_complete_evt(hdev, skb);
2976 break;
2977
2978 case HCI_EV_CMD_STATUS:
2979 hci_cmd_status_evt(hdev, skb);
2980 break;
2981
2982 case HCI_EV_ROLE_CHANGE:
2983 hci_role_change_evt(hdev, skb);
2984 break;
2985
2986 case HCI_EV_NUM_COMP_PKTS:
2987 hci_num_comp_pkts_evt(hdev, skb);
2988 break;
2989
2990 case HCI_EV_MODE_CHANGE:
2991 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 2992 break;
2993
2994 case HCI_EV_PIN_CODE_REQ:
2995 hci_pin_code_request_evt(hdev, skb);
2996 break;
2997
2998 case HCI_EV_LINK_KEY_REQ:
2999 hci_link_key_request_evt(hdev, skb);
3000 break;
3001
3002 case HCI_EV_LINK_KEY_NOTIFY:
3003 hci_link_key_notify_evt(hdev, skb);
3004 break;
3005
3006 case HCI_EV_CLOCK_OFFSET:
3007 hci_clock_offset_evt(hdev, skb);
3008 break;
3009
a8746417
MH		 3010 case HCI_EV_PKT_TYPE_CHANGE:
3011 hci_pkt_type_change_evt(hdev, skb);
3012 break;
3013
85a1e930
MH		 3014 case HCI_EV_PSCAN_REP_MODE:
3015 hci_pscan_rep_mode_evt(hdev, skb);
3016 break;
3017
a9de9248
MH		 3018 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3019 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3020 break;
3021
a9de9248
MH		 3022 case HCI_EV_REMOTE_EXT_FEATURES:
3023 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3024 break;
3025
a9de9248
MH		 3026 case HCI_EV_SYNC_CONN_COMPLETE:
3027 hci_sync_conn_complete_evt(hdev, skb);
3028 break;
1da177e4 3029
a9de9248
MH		 3030 case HCI_EV_SYNC_CONN_CHANGED:
3031 hci_sync_conn_changed_evt(hdev, skb);
3032 break;
1da177e4 3033
a9de9248
MH		 3034 case HCI_EV_SNIFF_SUBRATE:
3035 hci_sniff_subrate_evt(hdev, skb);
3036 break;
1da177e4 3037
a9de9248
MH		 3038 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3039 hci_extended_inquiry_result_evt(hdev, skb);
3040 break;
1da177e4 3041
0493684e
MH		 3042 case HCI_EV_IO_CAPA_REQUEST:
3043 hci_io_capa_request_evt(hdev, skb);
3044 break;
3045
03b555e1
JH		 3046 case HCI_EV_IO_CAPA_REPLY:
3047 hci_io_capa_reply_evt(hdev, skb);
3048 break;
3049
a5c29683
JH		 3050 case HCI_EV_USER_CONFIRM_REQUEST:
3051 hci_user_confirm_request_evt(hdev, skb);
3052 break;
3053
0493684e
MH		 3054 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3055 hci_simple_pair_complete_evt(hdev, skb);
3056 break;
3057
41a96212
MH		 3058 case HCI_EV_REMOTE_HOST_FEATURES:
3059 hci_remote_host_features_evt(hdev, skb);
3060 break;
3061
fcd89c09
VT		 3062 case HCI_EV_LE_META:
3063 hci_le_meta_evt(hdev, skb);
3064 break;
3065
2763eda6
SJ		 3066 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3067 hci_remote_oob_data_request_evt(hdev, skb);
3068 break;
3069
a9de9248
MH		 3070 default:
3071 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3072 break;
3073 }
3074
3075 kfree_skb(skb);
3076 hdev->stat.evt_rx++;
3077}
3078
3079/* Generate internal stack event */
3080void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3081{
3082 struct hci_event_hdr *hdr;
3083 struct hci_ev_stack_internal *ev;
3084 struct sk_buff *skb;
3085
3086 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3087 if (!skb)
3088 return;
3089
3090 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3091 hdr->evt = HCI_EV_STACK_INTERNAL;
3092 hdr->plen = sizeof(*ev) + dlen;
3093
3094 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3095 ev->type = type;
3096 memcpy(ev->data, data, dlen);
3097
576c7d85 3098 bt_cb(skb)->incoming = 1;
a61bbcf2 3099 __net_timestamp(skb);
576c7d85 3100
0d48d939 3101 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3102 skb->dev = (void *) hdev;
eec8d2bc 3103 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3104 kfree_skb(skb);
3105}
e6100a25 3106
669bb396 3107module_param(enable_le, bool, 0644);
e6100a25 3108MODULE_PARM_DESC(enable_le, "Enable LE support");
kernel source for telekom puls (alcatel/mediatek)