projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xfrm_user: don't copy esn replay window twice for new states
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32
1da177e4
LT		 33/* Handle HCI Event packets */
34
a9de9248 35static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 36{
a9de9248 37 __u8 status = *((__u8 *) skb->data);
1da177e4 38
9f1db00c 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 40
e6d465cb
AG		 41 if (status) {
42 hci_dev_lock(hdev);
43 mgmt_stop_discovery_failed(hdev, status);
44 hci_dev_unlock(hdev);
a9de9248 45 return;
e6d465cb 46 }
1da177e4 47
89352e7d
AG		 48 clear_bit(HCI_INQUIRY, &hdev->flags);
49
56e5cb86 50 hci_dev_lock(hdev);
ff9ef578 51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 52 hci_dev_unlock(hdev);
6bd57416 53
23bb5763 54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 55
56 hci_conn_check_pending(hdev);
57}
6bd57416 58
4d93483b
AG		 59static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{
61 __u8 status = *((__u8 *) skb->data);
62
9f1db00c 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 64
65 if (status)
66 return;
67
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 69}
70
a9de9248
MH		 71static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{
73 __u8 status = *((__u8 *) skb->data);
6bd57416 74
9f1db00c 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 76
a9de9248
MH		 77 if (status)
78 return;
1da177e4 79
ae854a70
AG		 80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
807deac2
GP		 85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
86 struct sk_buff *skb)
a9de9248
MH		 87{
88 BT_DBG("%s", hdev->name);
89}
90
91static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
95
9f1db00c 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 97
98 if (rp->status)
99 return;
100
101 hci_dev_lock(hdev);
102
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 if (conn) {
105 if (rp->role)
106 conn->link_mode &= ~HCI_LM_MASTER;
107 else
108 conn->link_mode |= HCI_LM_MASTER;
1da177e4 109 }
a9de9248
MH		 110
111 hci_dev_unlock(hdev);
1da177e4
LT		 112}
113
e4e8e37c
MH		 114static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115{
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
118
9f1db00c 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 120
121 if (rp->status)
122 return;
123
124 hci_dev_lock(hdev);
125
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 if (conn)
128 conn->link_policy = __le16_to_cpu(rp->policy);
129
130 hci_dev_unlock(hdev);
131}
132
a9de9248 133static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 134{
a9de9248 135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 136 struct hci_conn *conn;
04837f64 137 void *sent;
1da177e4 138
9f1db00c 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 140
a9de9248
MH		 141 if (rp->status)
142 return;
1da177e4 143
a9de9248
MH		 144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 if (!sent)
146 return;
1da177e4 147
a9de9248 148 hci_dev_lock(hdev);
1da177e4 149
a9de9248 150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 151 if (conn)
83985319 152 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 153
a9de9248
MH		 154 hci_dev_unlock(hdev);
155}
1da177e4 156
807deac2
GP		 157static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
158 struct sk_buff *skb)
e4e8e37c
MH		 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161
9f1db00c 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 163
164 if (rp->status)
165 return;
166
167 hdev->link_policy = __le16_to_cpu(rp->policy);
168}
169
807deac2
GP		 170static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
9f1db00c 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 197
a297e97c 198 /* Reset all non-persistent flags */
ae854a70
AG		 199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 201
202 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 203}
04837f64 204
a9de9248
MH		 205static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
206{
207 __u8 status = *((__u8 *) skb->data);
208 void *sent;
04837f64 209
9f1db00c 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 211
a9de9248
MH		 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent)
214 return;
04837f64 215
56e5cb86
JH		 216 hci_dev_lock(hdev);
217
f51d5b24
JH		 218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 220 else if (!status)
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 222
56e5cb86 223 hci_dev_unlock(hdev);
3159d384
JH		 224
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
263
23bb5763 264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 265}
266
a9de9248 267static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 268{
a9de9248 269 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 270 void *sent;
271
9f1db00c 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 273
a9de9248
MH		 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent)
276 return;
1da177e4 277
a9de9248
MH		 278 if (!status) {
279 __u8 param = *((__u8 *) sent);
280
281 if (param)
282 set_bit(HCI_ENCRYPT, &hdev->flags);
283 else
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
285 }
1da177e4 286
23bb5763 287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 288}
1da177e4 289
a9de9248
MH		 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
36f7fc7e
JH		 292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
a9de9248 294 void *sent;
1da177e4 295
9f1db00c 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 297
a9de9248
MH		 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
1da177e4 301
36f7fc7e
JH		 302 param = *((__u8 *) sent);
303
56e5cb86
JH		 304 hci_dev_lock(hdev);
305
2d7cee58 306 if (status != 0) {
744cf19e 307 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
36f7fc7e
JH		 312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
317 if (!old_iscan)
744cf19e 318 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 322 to);
16ab91ab 323 }
36f7fc7e 324 } else if (old_iscan)
744cf19e 325 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
744cf19e 330 mgmt_connectable(hdev, 1);
36f7fc7e 331 } else if (old_pscan)
744cf19e 332 mgmt_connectable(hdev, 0);
1da177e4 333
36f7fc7e 334done:
56e5cb86 335 hci_dev_unlock(hdev);
23bb5763 336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 337}
1da177e4 338
a9de9248
MH		 339static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 342
9f1db00c 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 344
a9de9248
MH		 345 if (rp->status)
346 return;
1da177e4 347
a9de9248 348 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 349
a9de9248 350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 352}
1da177e4 353
a9de9248
MH		 354static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355{
356 __u8 status = *((__u8 *) skb->data);
357 void *sent;
1da177e4 358
9f1db00c 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 360
a9de9248
MH		 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent)
363 return;
1da177e4 364
7f9a903c
MH		 365 hci_dev_lock(hdev);
366
367 if (status == 0)
368 memcpy(hdev->dev_class, sent, 3);
369
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
372
373 hci_dev_unlock(hdev);
a9de9248 374}
1da177e4 375
a9de9248
MH		 376static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377{
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting;
380
9f1db00c 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 382
383 if (rp->status)
384 return;
385
386 setting = __le16_to_cpu(rp->voice_setting);
387
f383f275 388 if (hdev->voice_setting == setting)
a9de9248
MH		 389 return;
390
391 hdev->voice_setting = setting;
392
9f1db00c 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 394
3c54711c 395 if (hdev->notify)
a9de9248 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 397}
398
8fc9ced3
GP		 399static void hci_cc_write_voice_setting(struct hci_dev *hdev,
400 struct sk_buff *skb)
a9de9248
MH		 401{
402 __u8 status = *((__u8 *) skb->data);
f383f275 403 __u16 setting;
a9de9248
MH		 404 void *sent;
405
9f1db00c 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 407
f383f275
MH		 408 if (status)
409 return;
410
a9de9248
MH		 411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
412 if (!sent)
413 return;
1da177e4 414
f383f275 415 setting = get_unaligned_le16(sent);
1da177e4 416
f383f275
MH		 417 if (hdev->voice_setting == setting)
418 return;
419
420 hdev->voice_setting = setting;
1da177e4 421
9f1db00c 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 423
3c54711c 424 if (hdev->notify)
f383f275 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 426}
427
a9de9248 428static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 429{
a9de9248 430 __u8 status = *((__u8 *) skb->data);
1da177e4 431
9f1db00c 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 433
23bb5763 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 435}
1143e5a6 436
333140b5
MH		 437static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438{
439 __u8 status = *((__u8 *) skb->data);
440 void *sent;
441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 443
333140b5
MH		 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
ed2c4ee3 448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
450 else if (!status) {
451 if (*((u8 *) sent))
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 else
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 }
333140b5
MH		 456}
457
d5859e22
JH		 458static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
459{
460 if (hdev->features[6] & LMP_EXT_INQ)
461 return 2;
462
463 if (hdev->features[3] & LMP_RSSI_INQ)
464 return 1;
465
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 467 hdev->lmp_subver == 0x0757)
d5859e22
JH		 468 return 1;
469
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
472 return 1;
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
474 return 1;
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
476 return 1;
477 }
478
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 480 hdev->lmp_subver == 0x1805)
d5859e22
JH		 481 return 1;
482
483 return 0;
484}
485
486static void hci_setup_inquiry_mode(struct hci_dev *hdev)
487{
488 u8 mode;
489
490 mode = hci_get_inquiry_mode(hdev);
491
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
493}
494
495static void hci_setup_event_mask(struct hci_dev *hdev)
496{
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
501
6de6c18d
VT		 502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
5a13b095 504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 505 return;
506
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 512
513 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 514 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 515
516 if (hdev->features[5] & LMP_SNIFF_SUBR)
517 events[5] |= 0x20; /* Sniff Subrating */
518
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
521
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
524
525 if (hdev->features[6] & LMP_NO_FLUSH)
526 events[7] |= 0x01; /* Enhanced Flush Complete */
527
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
530
531 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
542 }
543
544 if (hdev->features[4] & LMP_LE)
545 events[7] |= 0x20; /* LE Meta-Event */
546
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
548}
549
550static void hci_setup(struct hci_dev *hdev)
551{
e61ef499
AE		 552 if (hdev->dev_type != HCI_BREDR)
553 return;
554
d5859e22
JH		 555 hci_setup_event_mask(hdev);
556
d095c1eb 557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
559
6d3c730f 560 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
562 u8 mode = 0x01;
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 564 sizeof(mode), &mode);
54d04dbb
JH		 565 } else {
566 struct hci_cp_write_eir cp;
567
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
570
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
572 }
d5859e22
JH		 573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
04124681
GP		 585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
586 &cp);
971e3a4b 587 }
e6100a25 588
47990ea0
JH		 589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
590 u8 enable = 1;
04124681
GP		 591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
592 &enable);
47990ea0 593 }
d5859e22
JH		 594}
595
a9de9248
MH		 596static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 599
9f1db00c 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 601
a9de9248 602 if (rp->status)
28b8df77 603 goto done;
1143e5a6 604
a9de9248 605 hdev->hci_ver = rp->hci_ver;
e4e8e37c 606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 607 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 610
9f1db00c 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 613
614 if (test_bit(HCI_INIT, &hdev->flags))
615 hci_setup(hdev);
28b8df77
AE		 616
617done:
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 619}
620
621static void hci_setup_link_policy(struct hci_dev *hdev)
622{
035100c8 623 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 624 u16 link_policy = 0;
625
626 if (hdev->features[0] & LMP_RSWITCH)
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (hdev->features[0] & LMP_SNIFF)
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
634
035100c8
AE		 635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 637}
1da177e4 638
8fc9ced3
GP		 639static void hci_cc_read_local_commands(struct hci_dev *hdev,
640 struct sk_buff *skb)
a9de9248
MH		 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 643
9f1db00c 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 645
a9de9248 646 if (rp->status)
d5859e22 647 goto done;
1da177e4 648
a9de9248 649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 650
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
653
654done:
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 656}
1da177e4 657
8fc9ced3
GP		 658static void hci_cc_read_local_features(struct hci_dev *hdev,
659 struct sk_buff *skb)
a9de9248
MH		 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 662
9f1db00c 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
5b7f9909 667
a9de9248 668 memcpy(hdev->features, rp->features, 8);
5b7f9909 669
a9de9248
MH		 670 /* Adjust default settings according to features
671 * supported by device. */
1da177e4 672
a9de9248
MH		 673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[3] & LMP_ESCO)
690 hdev->esco_type |= (ESCO_EV3);
da1f5198 691
a9de9248
MH		 692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
1da177e4 697
efc7688b
MH		 698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
a9de9248 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
a9de9248 712}
1da177e4 713
8f984dfa
JH		 714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
9d42820f 720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
8f984dfa
JH		 728}
729
971e3a4b 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 731 struct sk_buff *skb)
971e3a4b
AG		 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
9f1db00c 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 736
737 if (rp->status)
8f984dfa 738 goto done;
971e3a4b 739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b 748
8f984dfa
JH		 749 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
750 hci_set_le_support(hdev);
751
752done:
971e3a4b
AG		 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
1e89cffb 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 757 struct sk_buff *skb)
1e89cffb
AE		 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
9f1db00c 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
a9de9248
MH		 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 774
9f1db00c 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 776
a9de9248
MH		 777 if (rp->status)
778 return;
1da177e4 779
a9de9248
MH		 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
1da177e4 788 }
a9de9248
MH		 789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
807deac2
GP		 793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 795}
796
797static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800
9f1db00c 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 802
803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
805
23bb5763
JH		 806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
807}
808
350ee4cf 809static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 810 struct sk_buff *skb)
350ee4cf
AE		 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813
9f1db00c 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 815
816 if (rp->status)
817 return;
818
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
822
823 hdev->block_cnt = hdev->num_blocks;
824
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 826 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 827
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
829}
830
23bb5763
JH		 831static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{
833 __u8 status = *((__u8 *) skb->data);
834
9f1db00c 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 838}
839
928abaa7 840static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 841 struct sk_buff *skb)
928abaa7
AE		 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844
9f1db00c 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 846
847 if (rp->status)
848 return;
849
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
860
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
862}
863
b0916ea0 864static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 865 struct sk_buff *skb)
b0916ea0
JH		 866{
867 __u8 status = *((__u8 *) skb->data);
868
9f1db00c 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872}
873
d5859e22
JH		 874static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{
876 __u8 status = *((__u8 *) skb->data);
877
9f1db00c 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881}
882
883static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 884 struct sk_buff *skb)
d5859e22
JH		 885{
886 __u8 status = *((__u8 *) skb->data);
887
9f1db00c 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891}
892
893static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 894 struct sk_buff *skb)
d5859e22 895{
91c4e9b1 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 897
9f1db00c 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 899
900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power;
d5859e22 902
91c4e9b1 903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 904}
905
906static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{
908 __u8 status = *((__u8 *) skb->data);
909
9f1db00c 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913}
914
980e1a53
JH		 915static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916{
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
920
9f1db00c 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 922
56e5cb86
JH		 923 hci_dev_lock(hdev);
924
a8b2d5c2 925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 927
928 if (rp->status != 0)
56e5cb86 929 goto unlock;
980e1a53
JH		 930
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
932 if (!cp)
56e5cb86 933 goto unlock;
980e1a53
JH		 934
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 if (conn)
937 conn->pin_length = cp->pin_len;
56e5cb86
JH		 938
939unlock:
940 hci_dev_unlock(hdev);
980e1a53
JH		 941}
942
943static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946
9f1db00c 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 948
56e5cb86
JH		 949 hci_dev_lock(hdev);
950
a8b2d5c2 951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 953 rp->status);
56e5cb86
JH		 954
955 hci_dev_unlock(hdev);
980e1a53 956}
56e5cb86 957
6ed58ec5
VT		 958static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
959 struct sk_buff *skb)
960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962
9f1db00c 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 964
965 if (rp->status)
966 return;
967
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
970
971 hdev->le_cnt = hdev->le_pkts;
972
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
974
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
976}
980e1a53 977
a5c29683
JH		 978static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 983
56e5cb86
JH		 984 hci_dev_lock(hdev);
985
a8b2d5c2 986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
988 rp->status);
56e5cb86
JH		 989
990 hci_dev_unlock(hdev);
a5c29683
JH		 991}
992
993static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 994 struct sk_buff *skb)
a5c29683
JH		 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997
9f1db00c 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 999
56e5cb86
JH		 1000 hci_dev_lock(hdev);
1001
a8b2d5c2 1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1004 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1005
1006 hci_dev_unlock(hdev);
a5c29683
JH		 1007}
1008
1143d458
BG		 1009static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012
9f1db00c 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1014
1015 hci_dev_lock(hdev);
1016
a8b2d5c2 1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1019 0, rp->status);
1143d458
BG		 1020
1021 hci_dev_unlock(hdev);
1022}
1023
1024static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1025 struct sk_buff *skb)
1143d458
BG		 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1030
1031 hci_dev_lock(hdev);
1032
a8b2d5c2 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1035 ACL_LINK, 0, rp->status);
1143d458
BG		 1036
1037 hci_dev_unlock(hdev);
1038}
1039
c35938b2 1040static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1041 struct sk_buff *skb)
c35938b2
SJ		 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044
9f1db00c 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1046
56e5cb86 1047 hci_dev_lock(hdev);
744cf19e 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1049 rp->randomizer, rp->status);
56e5cb86 1050 hci_dev_unlock(hdev);
c35938b2
SJ		 1051}
1052
07f7fa5d
AG		 1053static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 __u8 status = *((__u8 *) skb->data);
1056
9f1db00c 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1060
1061 if (status) {
1062 hci_dev_lock(hdev);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1065 return;
1066 }
07f7fa5d
AG		 1067}
1068
eb9d91f5 1069static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1070 struct sk_buff *skb)
eb9d91f5
AG		 1071{
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1074
9f1db00c 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1076
eb9d91f5
AG		 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp)
1079 return;
1080
68a8aea4
AE		 1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1084
3fd24153
AG		 1085 if (status) {
1086 hci_dev_lock(hdev);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
7ba8b4be 1089 return;
3fd24153 1090 }
7ba8b4be 1091
d23264a8
AG		 1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093
a8f13c8c 1094 hci_dev_lock(hdev);
343f935b 1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1096 hci_dev_unlock(hdev);
68a8aea4
AE		 1097 break;
1098
1099 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1100 if (status) {
1101 hci_dev_lock(hdev);
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
7ba8b4be 1104 return;
c9ecc48e 1105 }
7ba8b4be 1106
d23264a8
AG		 1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1108
bc3dd33c
AG		 1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1111 mgmt_interleaved_discovery(hdev);
1112 } else {
1113 hci_dev_lock(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1116 }
1117
68a8aea4
AE		 1118 break;
1119
1120 default:
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 break;
35815085 1123 }
eb9d91f5
AG		 1124}
1125
a7a595f6
VCG		 1126static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129
9f1db00c 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1131
1132 if (rp->status)
1133 return;
1134
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1136}
1137
1138static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141
9f1db00c 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1143
1144 if (rp->status)
1145 return;
1146
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1148}
1149
6039aa73
GP		 1150static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
f9b49306 1152{
06199cf8 1153 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1154 __u8 status = *((__u8 *) skb->data);
1155
9f1db00c 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1157
06199cf8 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1159 if (!sent)
f9b49306
AG		 1160 return;
1161
8f984dfa
JH		 1162 if (!status) {
1163 if (sent->le)
1164 hdev->host_features[0] |= LMP_HOST_LE;
1165 else
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1167 }
1168
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1170 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1171 mgmt_le_enable_complete(hdev, sent->le, status);
1172
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1174}
1175
6039aa73 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1177{
9f1db00c 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1179
1180 if (status) {
23bb5763 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1182 hci_conn_check_pending(hdev);
56e5cb86 1183 hci_dev_lock(hdev);
a8b2d5c2 1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1185 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1186 hci_dev_unlock(hdev);
314b2381
JH		 1187 return;
1188 }
1189
89352e7d
AG		 1190 set_bit(HCI_INQUIRY, &hdev->flags);
1191
56e5cb86 1192 hci_dev_lock(hdev);
343f935b 1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1194 hci_dev_unlock(hdev);
1da177e4
LT		 1195}
1196
6039aa73 1197static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1198{
a9de9248 1199 struct hci_cp_create_conn *cp;
1da177e4 1200 struct hci_conn *conn;
1da177e4 1201
9f1db00c 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211
9f1db00c 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1213
1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1219 hci_conn_del(conn);
1220 } else
1221 conn->state = BT_CONNECT2;
1da177e4
LT		 1222 }
1223 } else {
1224 if (!conn) {
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1226 if (conn) {
a0c808b3 1227 conn->out = true;
1da177e4
LT		 1228 conn->link_mode |= HCI_LM_MASTER;
1229 } else
893ef971 1230 BT_ERR("No memory for new connection");
1da177e4
LT		 1231 }
1232 }
1233
1234 hci_dev_unlock(hdev);
1235}
1236
a9de9248 1237static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1238{
a9de9248
MH		 1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1241 __u16 handle;
1da177e4 1242
9f1db00c 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1244
a9de9248
MH		 1245 if (!status)
1246 return;
1da177e4 1247
a9de9248
MH		 1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1249 if (!cp)
1250 return;
1da177e4 1251
a9de9248 1252 handle = __le16_to_cpu(cp->handle);
1da177e4 1253
9f1db00c 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1255
a9de9248 1256 hci_dev_lock(hdev);
1da177e4 1257
a9de9248 1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1259 if (acl) {
1260 sco = acl->link;
1261 if (sco) {
1262 sco->state = BT_CLOSED;
1da177e4 1263
5a08ecce
AE		 1264 hci_proto_connect_cfm(sco, status);
1265 hci_conn_del(sco);
1266 }
a9de9248 1267 }
1da177e4 1268
a9de9248
MH		 1269 hci_dev_unlock(hdev);
1270}
1da177e4 1271
f8558555
MH		 1272static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1273{
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1276
9f1db00c 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1278
1279 if (!status)
1280 return;
1281
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1283 if (!cp)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn) {
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1292 hci_conn_put(conn);
1293 }
1294 }
1295
1296 hci_dev_unlock(hdev);
1297}
1298
1299static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1300{
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1303
9f1db00c 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1305
1306 if (!status)
1307 return;
1308
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1310 if (!cp)
1311 return;
1312
1313 hci_dev_lock(hdev);
1314
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn) {
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1319 hci_conn_put(conn);
1320 }
1321 }
1322
1323 hci_dev_unlock(hdev);
1324}
1325
127178d2 1326static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1327 struct hci_conn *conn)
392599b9 1328{
392599b9
JH		 1329 if (conn->state != BT_CONFIG || !conn->out)
1330 return 0;
1331
765c2a96 1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1333 return 0;
1334
1335 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1336 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1339 return 0;
1340
392599b9
JH		 1341 return 1;
1342}
1343
6039aa73 1344static int hci_resolve_name(struct hci_dev *hdev,
04124681 1345 struct inquiry_entry *e)
30dc78e1
JH		 1346{
1347 struct hci_cp_remote_name_req cp;
1348
1349 memset(&cp, 0, sizeof(cp));
1350
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1355
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1357}
1358
b644ba33 1359static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1360{
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1363
b644ba33
JH		 1364 if (list_empty(&discov->resolve))
1365 return false;
1366
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1368 if (!e)
1369 return false;
1370
b644ba33
JH		 1371 if (hci_resolve_name(hdev, e) == 0) {
1372 e->name_state = NAME_PENDING;
1373 return true;
1374 }
1375
1376 return false;
1377}
1378
1379static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1380 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1381{
1382 struct discovery_state *discov = &hdev->discovery;
1383 struct inquiry_entry *e;
1384
1385 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1386 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1387 name_len, conn->dev_class);
b644ba33
JH		 1388
1389 if (discov->state == DISCOVERY_STOPPED)
1390 return;
1391
30dc78e1
JH		 1392 if (discov->state == DISCOVERY_STOPPING)
1393 goto discov_complete;
1394
1395 if (discov->state != DISCOVERY_RESOLVING)
1396 return;
1397
1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1399 /* If the device was not found in a list of found devices names of which
1400 * are pending. there is no need to continue resolving a next name as it
1401 * will be done upon receiving another Remote Name Request Complete
1402 * Event */
1403 if (!e)
1404 return;
1405
1406 list_del(&e->list);
1407 if (name) {
30dc78e1 1408 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1409 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1410 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1411 } else {
1412 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1413 }
1414
b644ba33 1415 if (hci_resolve_next_name(hdev))
30dc78e1 1416 return;
30dc78e1
JH		 1417
1418discov_complete:
1419 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1420}
1421
a9de9248
MH		 1422static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1423{
127178d2
JH		 1424 struct hci_cp_remote_name_req *cp;
1425 struct hci_conn *conn;
1426
9f1db00c 1427 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1428
1429 /* If successful wait for the name req complete event before
1430 * checking for the need to do authentication */
1431 if (!status)
1432 return;
1433
1434 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1435 if (!cp)
1436 return;
1437
1438 hci_dev_lock(hdev);
1439
b644ba33
JH		 1440 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1441
a8b2d5c2 1442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1443 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1444
79c6c70c
JH		 1445 if (!conn)
1446 goto unlock;
1447
1448 if (!hci_outgoing_auth_needed(hdev, conn))
1449 goto unlock;
1450
51a8efd7 1451 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1452 struct hci_cp_auth_requested cp;
1453 cp.handle = __cpu_to_le16(conn->handle);
1454 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1455 }
1456
79c6c70c 1457unlock:
127178d2 1458 hci_dev_unlock(hdev);
a9de9248 1459}
1da177e4 1460
769be974
MH		 1461static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1462{
1463 struct hci_cp_read_remote_features *cp;
1464 struct hci_conn *conn;
1465
9f1db00c 1466 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1467
1468 if (!status)
1469 return;
1470
1471 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1472 if (!cp)
1473 return;
1474
1475 hci_dev_lock(hdev);
1476
1477 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1478 if (conn) {
1479 if (conn->state == BT_CONFIG) {
769be974
MH		 1480 hci_proto_connect_cfm(conn, status);
1481 hci_conn_put(conn);
1482 }
1483 }
1484
1485 hci_dev_unlock(hdev);
1486}
1487
1488static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1489{
1490 struct hci_cp_read_remote_ext_features *cp;
1491 struct hci_conn *conn;
1492
9f1db00c 1493 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1494
1495 if (!status)
1496 return;
1497
1498 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1499 if (!cp)
1500 return;
1501
1502 hci_dev_lock(hdev);
1503
1504 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1505 if (conn) {
1506 if (conn->state == BT_CONFIG) {
769be974
MH		 1507 hci_proto_connect_cfm(conn, status);
1508 hci_conn_put(conn);
1509 }
1510 }
1511
1512 hci_dev_unlock(hdev);
1513}
1514
a9de9248
MH		 1515static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1516{
b6a0dc82
MH		 1517 struct hci_cp_setup_sync_conn *cp;
1518 struct hci_conn *acl, *sco;
1519 __u16 handle;
1520
9f1db00c 1521 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1522
1523 if (!status)
1524 return;
1525
1526 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1527 if (!cp)
1528 return;
1529
1530 handle = __le16_to_cpu(cp->handle);
1531
9f1db00c 1532 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1533
1534 hci_dev_lock(hdev);
1535
1536 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1537 if (acl) {
1538 sco = acl->link;
1539 if (sco) {
1540 sco->state = BT_CLOSED;
b6a0dc82 1541
5a08ecce
AE		 1542 hci_proto_connect_cfm(sco, status);
1543 hci_conn_del(sco);
1544 }
b6a0dc82
MH		 1545 }
1546
1547 hci_dev_unlock(hdev);
1da177e4
LT		 1548}
1549
a9de9248 1550static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1551{
a9de9248
MH		 1552 struct hci_cp_sniff_mode *cp;
1553 struct hci_conn *conn;
1da177e4 1554
9f1db00c 1555 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1556
a9de9248
MH		 1557 if (!status)
1558 return;
04837f64 1559
a9de9248
MH		 1560 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1561 if (!cp)
1562 return;
04837f64 1563
a9de9248 1564 hci_dev_lock(hdev);
04837f64 1565
a9de9248 1566 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1567 if (conn) {
51a8efd7 1568 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1569
51a8efd7 1570 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1571 hci_sco_setup(conn, status);
1572 }
1573
a9de9248
MH		 1574 hci_dev_unlock(hdev);
1575}
04837f64 1576
a9de9248
MH		 1577static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1578{
1579 struct hci_cp_exit_sniff_mode *cp;
1580 struct hci_conn *conn;
04837f64 1581
9f1db00c 1582 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1583
a9de9248
MH		 1584 if (!status)
1585 return;
04837f64 1586
a9de9248
MH		 1587 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1588 if (!cp)
1589 return;
04837f64 1590
a9de9248 1591 hci_dev_lock(hdev);
1da177e4 1592
a9de9248 1593 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1594 if (conn) {
51a8efd7 1595 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1596
51a8efd7 1597 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1598 hci_sco_setup(conn, status);
1599 }
1600
a9de9248 1601 hci_dev_unlock(hdev);
1da177e4
LT		 1602}
1603
88c3df13
JH		 1604static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1605{
1606 struct hci_cp_disconnect *cp;
1607 struct hci_conn *conn;
1608
1609 if (!status)
1610 return;
1611
1612 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1613 if (!cp)
1614 return;
1615
1616 hci_dev_lock(hdev);
1617
1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1619 if (conn)
1620 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1621 conn->dst_type, status);
88c3df13
JH		 1622
1623 hci_dev_unlock(hdev);
1624}
1625
fcd89c09
VT		 1626static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1627{
1628 struct hci_cp_le_create_conn *cp;
1629 struct hci_conn *conn;
1630
9f1db00c 1631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09
VT		 1632
1633 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1634 if (!cp)
1635 return;
1636
1637 hci_dev_lock(hdev);
1638
1639 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1640
1641 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
807deac2 1642 conn);
fcd89c09
VT		 1643
1644 if (status) {
1645 if (conn && conn->state == BT_CONNECT) {
1646 conn->state = BT_CLOSED;
328c9248
HG		 1647 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1648 conn->dst_type, status);
fcd89c09
VT		 1649 hci_proto_connect_cfm(conn, status);
1650 hci_conn_del(conn);
1651 }
1652 } else {
1653 if (!conn) {
1654 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1655 if (conn) {
1656 conn->dst_type = cp->peer_addr_type;
a0c808b3 1657 conn->out = true;
29b7988a 1658 } else {
fcd89c09 1659 BT_ERR("No memory for new connection");
29b7988a 1660 }
fcd89c09
VT		 1661 }
1662 }
1663
1664 hci_dev_unlock(hdev);
1665}
1666
a7a595f6
VCG		 1667static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1668{
9f1db00c 1669 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1670}
1671
6039aa73 1672static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1673{
1674 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1675 struct discovery_state *discov = &hdev->discovery;
1676 struct inquiry_entry *e;
1da177e4 1677
9f1db00c 1678 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1679
23bb5763 1680 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1681
a9de9248 1682 hci_conn_check_pending(hdev);
89352e7d
AG		 1683
1684 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1685 return;
1686
a8b2d5c2 1687 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1688 return;
1689
56e5cb86 1690 hci_dev_lock(hdev);
30dc78e1 1691
343f935b 1692 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1693 goto unlock;
1694
1695 if (list_empty(&discov->resolve)) {
1696 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1697 goto unlock;
1698 }
1699
1700 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1701 if (e && hci_resolve_name(hdev, e) == 0) {
1702 e->name_state = NAME_PENDING;
1703 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1704 } else {
1705 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1706 }
1707
1708unlock:
56e5cb86 1709 hci_dev_unlock(hdev);
1da177e4
LT		 1710}
1711
6039aa73 1712static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1713{
45bb4bf0 1714 struct inquiry_data data;
a9de9248 1715 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1716 int num_rsp = *((__u8 *) skb->data);
1717
1718 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1719
45bb4bf0
MH		 1720 if (!num_rsp)
1721 return;
1722
1519cc17
AG		 1723 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1724 return;
1725
1da177e4 1726 hci_dev_lock(hdev);
45bb4bf0 1727
e17acd40 1728 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1729 bool name_known, ssp;
3175405b 1730
1da177e4
LT		 1731 bacpy(&data.bdaddr, &info->bdaddr);
1732 data.pscan_rep_mode = info->pscan_rep_mode;
1733 data.pscan_period_mode = info->pscan_period_mode;
1734 data.pscan_mode = info->pscan_mode;
1735 memcpy(data.dev_class, info->dev_class, 3);
1736 data.clock_offset = info->clock_offset;
1737 data.rssi = 0x00;
41a96212 1738 data.ssp_mode = 0x00;
3175405b 1739
388fc8fa 1740 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1741 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1742 info->dev_class, 0, !name_known, ssp, NULL,
1743 0);
1da177e4 1744 }
45bb4bf0 1745
1da177e4
LT		 1746 hci_dev_unlock(hdev);
1747}
1748
6039aa73 1749static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1750{
a9de9248
MH		 1751 struct hci_ev_conn_complete *ev = (void *) skb->data;
1752 struct hci_conn *conn;
1da177e4
LT		 1753
1754 BT_DBG("%s", hdev->name);
1755
1756 hci_dev_lock(hdev);
1757
1758 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1759 if (!conn) {
1760 if (ev->link_type != SCO_LINK)
1761 goto unlock;
1762
1763 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1764 if (!conn)
1765 goto unlock;
1766
1767 conn->type = SCO_LINK;
1768 }
1da177e4
LT		 1769
1770 if (!ev->status) {
1771 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1772
1773 if (conn->type == ACL_LINK) {
1774 conn->state = BT_CONFIG;
1775 hci_conn_hold(conn);
a9ea3ed9
SJ		 1776
1777 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1778 !hci_find_link_key(hdev, &ev->bdaddr))
1779 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1780 else
1781 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1782 } else
1783 conn->state = BT_CONNECTED;
1da177e4 1784
9eba32b8 1785 hci_conn_hold_device(conn);
7d0db0a3
MH		 1786 hci_conn_add_sysfs(conn);
1787
1da177e4
LT		 1788 if (test_bit(HCI_AUTH, &hdev->flags))
1789 conn->link_mode |= HCI_LM_AUTH;
1790
1791 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1792 conn->link_mode |= HCI_LM_ENCRYPT;
1793
04837f64
MH		 1794 /* Get remote features */
1795 if (conn->type == ACL_LINK) {
1796 struct hci_cp_read_remote_features cp;
1797 cp.handle = ev->handle;
769be974 1798 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1799 sizeof(cp), &cp);
04837f64
MH		 1800 }
1801
1da177e4 1802 /* Set packet type for incoming connection */
d095c1eb 1803 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1804 struct hci_cp_change_conn_ptype cp;
1805 cp.handle = ev->handle;
a8746417 1806 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1807 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1808 &cp);
1da177e4 1809 }
17d5c04c 1810 } else {
1da177e4 1811 conn->state = BT_CLOSED;
17d5c04c 1812 if (conn->type == ACL_LINK)
744cf19e 1813 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1814 conn->dst_type, ev->status);
17d5c04c 1815 }
1da177e4 1816
e73439d8
MH		 1817 if (conn->type == ACL_LINK)
1818 hci_sco_setup(conn, ev->status);
1da177e4 1819
769be974
MH		 1820 if (ev->status) {
1821 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1822 hci_conn_del(conn);
c89b6e6b
MH		 1823 } else if (ev->link_type != ACL_LINK)
1824 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1825
a9de9248 1826unlock:
1da177e4 1827 hci_dev_unlock(hdev);
1da177e4 1828
a9de9248 1829 hci_conn_check_pending(hdev);
1da177e4
LT		 1830}
1831
6039aa73 1832static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1833{
a9de9248
MH		 1834 struct hci_ev_conn_request *ev = (void *) skb->data;
1835 int mask = hdev->link_mode;
1da177e4 1836
807deac2
GP		 1837 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1838 ev->link_type);
1da177e4 1839
a9de9248 1840 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1841
138d22ef 1842 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1843 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1844 /* Connection accepted */
c7bdd502 1845 struct inquiry_entry *ie;
1da177e4 1846 struct hci_conn *conn;
1da177e4 1847
a9de9248 1848 hci_dev_lock(hdev);
b6a0dc82 1849
cc11b9c1
AE		 1850 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1851 if (ie)
c7bdd502
MH		 1852 memcpy(ie->data.dev_class, ev->dev_class, 3);
1853
8fc9ced3
GP		 1854 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1855 &ev->bdaddr);
a9de9248 1856 if (!conn) {
cc11b9c1
AE		 1857 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1858 if (!conn) {
893ef971 1859 BT_ERR("No memory for new connection");
a9de9248
MH		 1860 hci_dev_unlock(hdev);
1861 return;
1da177e4
LT		 1862 }
1863 }
b6a0dc82 1864
a9de9248
MH		 1865 memcpy(conn->dev_class, ev->dev_class, 3);
1866 conn->state = BT_CONNECT;
b6a0dc82 1867
a9de9248 1868 hci_dev_unlock(hdev);
1da177e4 1869
b6a0dc82
MH		 1870 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1871 struct hci_cp_accept_conn_req cp;
1da177e4 1872
b6a0dc82
MH		 1873 bacpy(&cp.bdaddr, &ev->bdaddr);
1874
1875 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1876 cp.role = 0x00; /* Become master */
1877 else
1878 cp.role = 0x01; /* Remain slave */
1879
04124681
GP		 1880 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1881 &cp);
b6a0dc82
MH		 1882 } else {
1883 struct hci_cp_accept_sync_conn_req cp;
1884
1885 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1886 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1887
82781e63
AE		 1888 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1889 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1890 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1891 cp.content_format = cpu_to_le16(hdev->voice_setting);
1892 cp.retrans_effort = 0xff;
1da177e4 1893
b6a0dc82 1894 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1895 sizeof(cp), &cp);
b6a0dc82 1896 }
a9de9248
MH		 1897 } else {
1898 /* Connection rejected */
1899 struct hci_cp_reject_conn_req cp;
1da177e4 1900
a9de9248 1901 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1902 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1903 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1904 }
1da177e4
LT		 1905}
1906
6039aa73 1907static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1908{
a9de9248 1909 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1910 struct hci_conn *conn;
1911
9f1db00c 1912 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1913
1914 hci_dev_lock(hdev);
1915
1916 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1917 if (!conn)
1918 goto unlock;
7d0db0a3 1919
37d9ef76
JH		 1920 if (ev->status == 0)
1921 conn->state = BT_CLOSED;
04837f64 1922
b644ba33 1923 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1924 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1925 if (ev->status != 0)
88c3df13 1926 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1927 conn->dst_type, ev->status);
37d9ef76 1928 else
afc747a6 1929 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1930 conn->dst_type);
37d9ef76 1931 }
f7520543 1932
37d9ef76 1933 if (ev->status == 0) {
6ec5bcad
VA		 1934 if (conn->type == ACL_LINK && conn->flush_key)
1935 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1936 hci_proto_disconn_cfm(conn, ev->reason);
1937 hci_conn_del(conn);
1938 }
f7520543
JH		 1939
1940unlock:
04837f64
MH		 1941 hci_dev_unlock(hdev);
1942}
1943
6039aa73 1944static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1945{
a9de9248 1946 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1947 struct hci_conn *conn;
1da177e4 1948
9f1db00c 1949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1950
1951 hci_dev_lock(hdev);
1952
04837f64 1953 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1954 if (!conn)
1955 goto unlock;
1956
1957 if (!ev->status) {
aa64a8b5 1958 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1959 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1960 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1961 } else {
d7556e20
WR		 1962 conn->link_mode |= HCI_LM_AUTH;
1963 conn->sec_level = conn->pending_sec_level;
2a611692 1964 }
d7556e20 1965 } else {
bab73cb6 1966 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1967 ev->status);
d7556e20 1968 }
1da177e4 1969
51a8efd7
JH		 1970 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1971 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1972
d7556e20 1973 if (conn->state == BT_CONFIG) {
aa64a8b5 1974 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1975 struct hci_cp_set_conn_encrypt cp;
1976 cp.handle = ev->handle;
1977 cp.encrypt = 0x01;
1978 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1979 &cp);
052b30b0 1980 } else {
d7556e20
WR		 1981 conn->state = BT_CONNECTED;
1982 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1983 hci_conn_put(conn);
1984 }
d7556e20
WR		 1985 } else {
1986 hci_auth_cfm(conn, ev->status);
052b30b0 1987
d7556e20
WR		 1988 hci_conn_hold(conn);
1989 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1990 hci_conn_put(conn);
1991 }
1992
51a8efd7 1993 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1994 if (!ev->status) {
1995 struct hci_cp_set_conn_encrypt cp;
1996 cp.handle = ev->handle;
1997 cp.encrypt = 0x01;
1998 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1999 &cp);
d7556e20 2000 } else {
51a8efd7 2001 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2002 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2003 }
2004 }
2005
d7556e20 2006unlock:
1da177e4
LT		 2007 hci_dev_unlock(hdev);
2008}
2009
6039aa73 2010static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2011{
127178d2
JH		 2012 struct hci_ev_remote_name *ev = (void *) skb->data;
2013 struct hci_conn *conn;
2014
a9de9248 2015 BT_DBG("%s", hdev->name);
1da177e4 2016
a9de9248 2017 hci_conn_check_pending(hdev);
127178d2
JH		 2018
2019 hci_dev_lock(hdev);
2020
b644ba33 2021 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2022
b644ba33
JH		 2023 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2024 goto check_auth;
a88a9652 2025
b644ba33
JH		 2026 if (ev->status == 0)
2027 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2028 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2029 else
2030 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2031
2032check_auth:
79c6c70c
JH		 2033 if (!conn)
2034 goto unlock;
2035
2036 if (!hci_outgoing_auth_needed(hdev, conn))
2037 goto unlock;
2038
51a8efd7 2039 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2040 struct hci_cp_auth_requested cp;
2041 cp.handle = __cpu_to_le16(conn->handle);
2042 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2043 }
2044
79c6c70c 2045unlock:
127178d2 2046 hci_dev_unlock(hdev);
a9de9248
MH		 2047}
2048
6039aa73 2049static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2050{
2051 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2052 struct hci_conn *conn;
2053
9f1db00c 2054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2055
2056 hci_dev_lock(hdev);
2057
04837f64 2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2059 if (conn) {
2060 if (!ev->status) {
ae293196
MH		 2061 if (ev->encrypt) {
2062 /* Encryption implies authentication */
2063 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2064 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2065 conn->sec_level = conn->pending_sec_level;
ae293196 2066 } else
1da177e4
LT		 2067 conn->link_mode &= ~HCI_LM_ENCRYPT;
2068 }
2069
51a8efd7 2070 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2071
a7d7723a 2072 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2073 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2074 hci_conn_put(conn);
2075 goto unlock;
2076 }
2077
f8558555
MH		 2078 if (conn->state == BT_CONFIG) {
2079 if (!ev->status)
2080 conn->state = BT_CONNECTED;
2081
2082 hci_proto_connect_cfm(conn, ev->status);
2083 hci_conn_put(conn);
2084 } else
2085 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2086 }
2087
a7d7723a 2088unlock:
1da177e4
LT		 2089 hci_dev_unlock(hdev);
2090}
2091
6039aa73
GP		 2092static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2093 struct sk_buff *skb)
1da177e4 2094{
a9de9248 2095 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2096 struct hci_conn *conn;
1da177e4 2097
9f1db00c 2098 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2099
2100 hci_dev_lock(hdev);
2101
04837f64 2102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2103 if (conn) {
2104 if (!ev->status)
2105 conn->link_mode |= HCI_LM_SECURE;
2106
51a8efd7 2107 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2108
2109 hci_key_change_cfm(conn, ev->status);
2110 }
2111
2112 hci_dev_unlock(hdev);
2113}
2114
6039aa73
GP		 2115static void hci_remote_features_evt(struct hci_dev *hdev,
2116 struct sk_buff *skb)
1da177e4 2117{
a9de9248
MH		 2118 struct hci_ev_remote_features *ev = (void *) skb->data;
2119 struct hci_conn *conn;
2120
9f1db00c 2121 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2122
a9de9248
MH		 2123 hci_dev_lock(hdev);
2124
2125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2126 if (!conn)
2127 goto unlock;
769be974 2128
ccd556fe
JH		 2129 if (!ev->status)
2130 memcpy(conn->features, ev->features, 8);
2131
2132 if (conn->state != BT_CONFIG)
2133 goto unlock;
2134
2135 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2136 struct hci_cp_read_remote_ext_features cp;
2137 cp.handle = ev->handle;
2138 cp.page = 0x01;
2139 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2140 sizeof(cp), &cp);
392599b9
JH		 2141 goto unlock;
2142 }
2143
671267bf 2144 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2145 struct hci_cp_remote_name_req cp;
2146 memset(&cp, 0, sizeof(cp));
2147 bacpy(&cp.bdaddr, &conn->dst);
2148 cp.pscan_rep_mode = 0x02;
2149 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2150 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2151 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2152 conn->dst_type, 0, NULL, 0,
2153 conn->dev_class);
392599b9 2154
127178d2 2155 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2156 conn->state = BT_CONNECTED;
2157 hci_proto_connect_cfm(conn, ev->status);
2158 hci_conn_put(conn);
769be974 2159 }
a9de9248 2160
ccd556fe 2161unlock:
a9de9248 2162 hci_dev_unlock(hdev);
1da177e4
LT		 2163}
2164
6039aa73 2165static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2166{
a9de9248 2167 BT_DBG("%s", hdev->name);
1da177e4
LT		 2168}
2169
6039aa73
GP		 2170static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2171 struct sk_buff *skb)
1da177e4 2172{
a9de9248 2173 BT_DBG("%s", hdev->name);
1da177e4
LT		 2174}
2175
6039aa73 2176static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2177{
2178 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2179 __u16 opcode;
2180
2181 skb_pull(skb, sizeof(*ev));
2182
2183 opcode = __le16_to_cpu(ev->opcode);
2184
2185 switch (opcode) {
2186 case HCI_OP_INQUIRY_CANCEL:
2187 hci_cc_inquiry_cancel(hdev, skb);
2188 break;
2189
4d93483b
AG		 2190 case HCI_OP_PERIODIC_INQ:
2191 hci_cc_periodic_inq(hdev, skb);
2192 break;
2193
a9de9248
MH		 2194 case HCI_OP_EXIT_PERIODIC_INQ:
2195 hci_cc_exit_periodic_inq(hdev, skb);
2196 break;
2197
2198 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2199 hci_cc_remote_name_req_cancel(hdev, skb);
2200 break;
2201
2202 case HCI_OP_ROLE_DISCOVERY:
2203 hci_cc_role_discovery(hdev, skb);
2204 break;
2205
e4e8e37c
MH		 2206 case HCI_OP_READ_LINK_POLICY:
2207 hci_cc_read_link_policy(hdev, skb);
2208 break;
2209
a9de9248
MH		 2210 case HCI_OP_WRITE_LINK_POLICY:
2211 hci_cc_write_link_policy(hdev, skb);
2212 break;
2213
e4e8e37c
MH		 2214 case HCI_OP_READ_DEF_LINK_POLICY:
2215 hci_cc_read_def_link_policy(hdev, skb);
2216 break;
2217
2218 case HCI_OP_WRITE_DEF_LINK_POLICY:
2219 hci_cc_write_def_link_policy(hdev, skb);
2220 break;
2221
a9de9248
MH		 2222 case HCI_OP_RESET:
2223 hci_cc_reset(hdev, skb);
2224 break;
2225
2226 case HCI_OP_WRITE_LOCAL_NAME:
2227 hci_cc_write_local_name(hdev, skb);
2228 break;
2229
2230 case HCI_OP_READ_LOCAL_NAME:
2231 hci_cc_read_local_name(hdev, skb);
2232 break;
2233
2234 case HCI_OP_WRITE_AUTH_ENABLE:
2235 hci_cc_write_auth_enable(hdev, skb);
2236 break;
2237
2238 case HCI_OP_WRITE_ENCRYPT_MODE:
2239 hci_cc_write_encrypt_mode(hdev, skb);
2240 break;
2241
2242 case HCI_OP_WRITE_SCAN_ENABLE:
2243 hci_cc_write_scan_enable(hdev, skb);
2244 break;
2245
2246 case HCI_OP_READ_CLASS_OF_DEV:
2247 hci_cc_read_class_of_dev(hdev, skb);
2248 break;
2249
2250 case HCI_OP_WRITE_CLASS_OF_DEV:
2251 hci_cc_write_class_of_dev(hdev, skb);
2252 break;
2253
2254 case HCI_OP_READ_VOICE_SETTING:
2255 hci_cc_read_voice_setting(hdev, skb);
2256 break;
2257
2258 case HCI_OP_WRITE_VOICE_SETTING:
2259 hci_cc_write_voice_setting(hdev, skb);
2260 break;
2261
2262 case HCI_OP_HOST_BUFFER_SIZE:
2263 hci_cc_host_buffer_size(hdev, skb);
2264 break;
2265
333140b5
MH		 2266 case HCI_OP_WRITE_SSP_MODE:
2267 hci_cc_write_ssp_mode(hdev, skb);
2268 break;
2269
a9de9248
MH		 2270 case HCI_OP_READ_LOCAL_VERSION:
2271 hci_cc_read_local_version(hdev, skb);
2272 break;
2273
2274 case HCI_OP_READ_LOCAL_COMMANDS:
2275 hci_cc_read_local_commands(hdev, skb);
2276 break;
2277
2278 case HCI_OP_READ_LOCAL_FEATURES:
2279 hci_cc_read_local_features(hdev, skb);
2280 break;
2281
971e3a4b
AG		 2282 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2283 hci_cc_read_local_ext_features(hdev, skb);
2284 break;
2285
a9de9248
MH		 2286 case HCI_OP_READ_BUFFER_SIZE:
2287 hci_cc_read_buffer_size(hdev, skb);
2288 break;
2289
2290 case HCI_OP_READ_BD_ADDR:
2291 hci_cc_read_bd_addr(hdev, skb);
2292 break;
2293
350ee4cf
AE		 2294 case HCI_OP_READ_DATA_BLOCK_SIZE:
2295 hci_cc_read_data_block_size(hdev, skb);
2296 break;
2297
23bb5763
JH		 2298 case HCI_OP_WRITE_CA_TIMEOUT:
2299 hci_cc_write_ca_timeout(hdev, skb);
2300 break;
2301
1e89cffb
AE		 2302 case HCI_OP_READ_FLOW_CONTROL_MODE:
2303 hci_cc_read_flow_control_mode(hdev, skb);
2304 break;
2305
928abaa7
AE		 2306 case HCI_OP_READ_LOCAL_AMP_INFO:
2307 hci_cc_read_local_amp_info(hdev, skb);
2308 break;
2309
b0916ea0
JH		 2310 case HCI_OP_DELETE_STORED_LINK_KEY:
2311 hci_cc_delete_stored_link_key(hdev, skb);
2312 break;
2313
d5859e22
JH		 2314 case HCI_OP_SET_EVENT_MASK:
2315 hci_cc_set_event_mask(hdev, skb);
2316 break;
2317
2318 case HCI_OP_WRITE_INQUIRY_MODE:
2319 hci_cc_write_inquiry_mode(hdev, skb);
2320 break;
2321
2322 case HCI_OP_READ_INQ_RSP_TX_POWER:
2323 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2324 break;
2325
2326 case HCI_OP_SET_EVENT_FLT:
2327 hci_cc_set_event_flt(hdev, skb);
2328 break;
2329
980e1a53
JH		 2330 case HCI_OP_PIN_CODE_REPLY:
2331 hci_cc_pin_code_reply(hdev, skb);
2332 break;
2333
2334 case HCI_OP_PIN_CODE_NEG_REPLY:
2335 hci_cc_pin_code_neg_reply(hdev, skb);
2336 break;
2337
c35938b2
SJ		 2338 case HCI_OP_READ_LOCAL_OOB_DATA:
2339 hci_cc_read_local_oob_data_reply(hdev, skb);
2340 break;
2341
6ed58ec5
VT		 2342 case HCI_OP_LE_READ_BUFFER_SIZE:
2343 hci_cc_le_read_buffer_size(hdev, skb);
2344 break;
2345
a5c29683
JH		 2346 case HCI_OP_USER_CONFIRM_REPLY:
2347 hci_cc_user_confirm_reply(hdev, skb);
2348 break;
2349
2350 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2351 hci_cc_user_confirm_neg_reply(hdev, skb);
2352 break;
2353
1143d458
BG		 2354 case HCI_OP_USER_PASSKEY_REPLY:
2355 hci_cc_user_passkey_reply(hdev, skb);
2356 break;
2357
2358 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2359 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2360 break;
07f7fa5d
AG		 2361
2362 case HCI_OP_LE_SET_SCAN_PARAM:
2363 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2364 break;
2365
eb9d91f5
AG		 2366 case HCI_OP_LE_SET_SCAN_ENABLE:
2367 hci_cc_le_set_scan_enable(hdev, skb);
2368 break;
2369
a7a595f6
VCG		 2370 case HCI_OP_LE_LTK_REPLY:
2371 hci_cc_le_ltk_reply(hdev, skb);
2372 break;
2373
2374 case HCI_OP_LE_LTK_NEG_REPLY:
2375 hci_cc_le_ltk_neg_reply(hdev, skb);
2376 break;
2377
f9b49306
AG		 2378 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2379 hci_cc_write_le_host_supported(hdev, skb);
2380 break;
2381
a9de9248 2382 default:
9f1db00c 2383 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2384 break;
2385 }
2386
6bd32326
VT		 2387 if (ev->opcode != HCI_OP_NOP)
2388 del_timer(&hdev->cmd_timer);
2389
a9de9248
MH		 2390 if (ev->ncmd) {
2391 atomic_set(&hdev->cmd_cnt, 1);
2392 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2393 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2394 }
2395}
2396
6039aa73 2397static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2398{
2399 struct hci_ev_cmd_status *ev = (void *) skb->data;
2400 __u16 opcode;
2401
2402 skb_pull(skb, sizeof(*ev));
2403
2404 opcode = __le16_to_cpu(ev->opcode);
2405
2406 switch (opcode) {
2407 case HCI_OP_INQUIRY:
2408 hci_cs_inquiry(hdev, ev->status);
2409 break;
2410
2411 case HCI_OP_CREATE_CONN:
2412 hci_cs_create_conn(hdev, ev->status);
2413 break;
2414
2415 case HCI_OP_ADD_SCO:
2416 hci_cs_add_sco(hdev, ev->status);
2417 break;
2418
f8558555
MH		 2419 case HCI_OP_AUTH_REQUESTED:
2420 hci_cs_auth_requested(hdev, ev->status);
2421 break;
2422
2423 case HCI_OP_SET_CONN_ENCRYPT:
2424 hci_cs_set_conn_encrypt(hdev, ev->status);
2425 break;
2426
a9de9248
MH		 2427 case HCI_OP_REMOTE_NAME_REQ:
2428 hci_cs_remote_name_req(hdev, ev->status);
2429 break;
2430
769be974
MH		 2431 case HCI_OP_READ_REMOTE_FEATURES:
2432 hci_cs_read_remote_features(hdev, ev->status);
2433 break;
2434
2435 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2436 hci_cs_read_remote_ext_features(hdev, ev->status);
2437 break;
2438
a9de9248
MH		 2439 case HCI_OP_SETUP_SYNC_CONN:
2440 hci_cs_setup_sync_conn(hdev, ev->status);
2441 break;
2442
2443 case HCI_OP_SNIFF_MODE:
2444 hci_cs_sniff_mode(hdev, ev->status);
2445 break;
2446
2447 case HCI_OP_EXIT_SNIFF_MODE:
2448 hci_cs_exit_sniff_mode(hdev, ev->status);
2449 break;
2450
8962ee74 2451 case HCI_OP_DISCONNECT:
88c3df13 2452 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2453 break;
2454
fcd89c09
VT		 2455 case HCI_OP_LE_CREATE_CONN:
2456 hci_cs_le_create_conn(hdev, ev->status);
2457 break;
2458
a7a595f6
VCG		 2459 case HCI_OP_LE_START_ENC:
2460 hci_cs_le_start_enc(hdev, ev->status);
2461 break;
2462
a9de9248 2463 default:
9f1db00c 2464 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2465 break;
2466 }
2467
6bd32326
VT		 2468 if (ev->opcode != HCI_OP_NOP)
2469 del_timer(&hdev->cmd_timer);
2470
10572132 2471 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2472 atomic_set(&hdev->cmd_cnt, 1);
2473 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2474 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2475 }
2476}
2477
6039aa73 2478static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2479{
2480 struct hci_ev_role_change *ev = (void *) skb->data;
2481 struct hci_conn *conn;
2482
9f1db00c 2483 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2484
2485 hci_dev_lock(hdev);
2486
2487 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2488 if (conn) {
2489 if (!ev->status) {
2490 if (ev->role)
2491 conn->link_mode &= ~HCI_LM_MASTER;
2492 else
2493 conn->link_mode |= HCI_LM_MASTER;
2494 }
2495
51a8efd7 2496 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2497
2498 hci_role_switch_cfm(conn, ev->status, ev->role);
2499 }
2500
2501 hci_dev_unlock(hdev);
2502}
2503
6039aa73 2504static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2505{
2506 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2507 int i;
2508
32ac5b9b
AE		 2509 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2510 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2511 return;
2512 }
2513
c5993de8 2514 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2515 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2516 BT_DBG("%s bad parameters", hdev->name);
2517 return;
2518 }
2519
c5993de8
AE		 2520 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2521
613a1c0c
AE		 2522 for (i = 0; i < ev->num_hndl; i++) {
2523 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2524 struct hci_conn *conn;
2525 __u16 handle, count;
2526
613a1c0c
AE		 2527 handle = __le16_to_cpu(info->handle);
2528 count = __le16_to_cpu(info->count);
a9de9248
MH		 2529
2530 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2531 if (!conn)
2532 continue;
2533
2534 conn->sent -= count;
2535
2536 switch (conn->type) {
2537 case ACL_LINK:
2538 hdev->acl_cnt += count;
2539 if (hdev->acl_cnt > hdev->acl_pkts)
2540 hdev->acl_cnt = hdev->acl_pkts;
2541 break;
2542
2543 case LE_LINK:
2544 if (hdev->le_pkts) {
2545 hdev->le_cnt += count;
2546 if (hdev->le_cnt > hdev->le_pkts)
2547 hdev->le_cnt = hdev->le_pkts;
2548 } else {
70f23020
AE		 2549 hdev->acl_cnt += count;
2550 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2551 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2552 }
f4280918
AE		 2553 break;
2554
2555 case SCO_LINK:
2556 hdev->sco_cnt += count;
2557 if (hdev->sco_cnt > hdev->sco_pkts)
2558 hdev->sco_cnt = hdev->sco_pkts;
2559 break;
2560
2561 default:
2562 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2563 break;
a9de9248
MH		 2564 }
2565 }
2566
3eff45ea 2567 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2568}
2569
6039aa73 2570static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2571{
2572 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2573 int i;
2574
2575 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2576 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2577 return;
2578 }
2579
2580 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2581 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2582 BT_DBG("%s bad parameters", hdev->name);
2583 return;
2584 }
2585
2586 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2587 ev->num_hndl);
25e89e99
AE		 2588
2589 for (i = 0; i < ev->num_hndl; i++) {
2590 struct hci_comp_blocks_info *info = &ev->handles[i];
2591 struct hci_conn *conn;
2592 __u16 handle, block_count;
2593
2594 handle = __le16_to_cpu(info->handle);
2595 block_count = __le16_to_cpu(info->blocks);
2596
2597 conn = hci_conn_hash_lookup_handle(hdev, handle);
2598 if (!conn)
2599 continue;
2600
2601 conn->sent -= block_count;
2602
2603 switch (conn->type) {
2604 case ACL_LINK:
2605 hdev->block_cnt += block_count;
2606 if (hdev->block_cnt > hdev->num_blocks)
2607 hdev->block_cnt = hdev->num_blocks;
2608 break;
2609
2610 default:
2611 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2612 break;
2613 }
2614 }
2615
2616 queue_work(hdev->workqueue, &hdev->tx_work);
2617}
2618
6039aa73 2619static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2620{
a9de9248 2621 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2622 struct hci_conn *conn;
2623
9f1db00c 2624 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2625
2626 hci_dev_lock(hdev);
2627
2628 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2629 if (conn) {
2630 conn->mode = ev->mode;
2631 conn->interval = __le16_to_cpu(ev->interval);
2632
8fc9ced3
GP		 2633 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2634 &conn->flags)) {
a9de9248 2635 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2636 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2637 else
58a681ef 2638 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2639 }
e73439d8 2640
51a8efd7 2641 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2642 hci_sco_setup(conn, ev->status);
04837f64
MH		 2643 }
2644
2645 hci_dev_unlock(hdev);
2646}
2647
6039aa73 2648static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2649{
052b30b0
MH		 2650 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2651 struct hci_conn *conn;
2652
a9de9248 2653 BT_DBG("%s", hdev->name);
052b30b0
MH		 2654
2655 hci_dev_lock(hdev);
2656
2657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2658 if (!conn)
2659 goto unlock;
2660
2661 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2662 hci_conn_hold(conn);
2663 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2664 hci_conn_put(conn);
2665 }
2666
a8b2d5c2 2667 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2668 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2669 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2670 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2671 u8 secure;
2672
2673 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2674 secure = 1;
2675 else
2676 secure = 0;
2677
744cf19e 2678 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2679 }
980e1a53 2680
b6f98044 2681unlock:
052b30b0 2682 hci_dev_unlock(hdev);
a9de9248
MH		 2683}
2684
6039aa73 2685static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2686{
55ed8ca1
JH		 2687 struct hci_ev_link_key_req *ev = (void *) skb->data;
2688 struct hci_cp_link_key_reply cp;
2689 struct hci_conn *conn;
2690 struct link_key *key;
2691
a9de9248 2692 BT_DBG("%s", hdev->name);
55ed8ca1 2693
a8b2d5c2 2694 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2695 return;
2696
2697 hci_dev_lock(hdev);
2698
2699 key = hci_find_link_key(hdev, &ev->bdaddr);
2700 if (!key) {
2701 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2702 batostr(&ev->bdaddr));
55ed8ca1
JH		 2703 goto not_found;
2704 }
2705
2706 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2707 batostr(&ev->bdaddr));
55ed8ca1 2708
a8b2d5c2 2709 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2710 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2711 BT_DBG("%s ignoring debug key", hdev->name);
2712 goto not_found;
2713 }
2714
2715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2716 if (conn) {
2717 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2718 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2719 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2720 goto not_found;
2721 }
55ed8ca1 2722
60b83f57 2723 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2724 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2725 BT_DBG("%s ignoring key unauthenticated for high security",
2726 hdev->name);
60b83f57
WR		 2727 goto not_found;
2728 }
2729
2730 conn->key_type = key->type;
2731 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2732 }
2733
2734 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2735 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2736
2737 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2738
2739 hci_dev_unlock(hdev);
2740
2741 return;
2742
2743not_found:
2744 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2745 hci_dev_unlock(hdev);
a9de9248
MH		 2746}
2747
6039aa73 2748static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2749{
052b30b0
MH		 2750 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2751 struct hci_conn *conn;
55ed8ca1 2752 u8 pin_len = 0;
052b30b0 2753
a9de9248 2754 BT_DBG("%s", hdev->name);
052b30b0
MH		 2755
2756 hci_dev_lock(hdev);
2757
2758 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2759 if (conn) {
2760 hci_conn_hold(conn);
2761 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2762 pin_len = conn->pin_length;
13d39315
WR		 2763
2764 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2765 conn->key_type = ev->key_type;
2766
052b30b0
MH		 2767 hci_conn_put(conn);
2768 }
2769
a8b2d5c2 2770 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2771 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2772 ev->key_type, pin_len);
55ed8ca1 2773
052b30b0 2774 hci_dev_unlock(hdev);
a9de9248
MH		 2775}
2776
6039aa73 2777static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2778{
a9de9248 2779 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2780 struct hci_conn *conn;
1da177e4 2781
9f1db00c 2782 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2783
2784 hci_dev_lock(hdev);
2785
04837f64 2786 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2787 if (conn && !ev->status) {
2788 struct inquiry_entry *ie;
2789
cc11b9c1
AE		 2790 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2791 if (ie) {
1da177e4
LT		 2792 ie->data.clock_offset = ev->clock_offset;
2793 ie->timestamp = jiffies;
2794 }
2795 }
2796
2797 hci_dev_unlock(hdev);
2798}
2799
6039aa73 2800static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2801{
2802 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2803 struct hci_conn *conn;
2804
9f1db00c 2805 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2806
2807 hci_dev_lock(hdev);
2808
2809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2810 if (conn && !ev->status)
2811 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2812
2813 hci_dev_unlock(hdev);
2814}
2815
6039aa73 2816static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2817{
a9de9248 2818 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2819 struct inquiry_entry *ie;
2820
2821 BT_DBG("%s", hdev->name);
2822
2823 hci_dev_lock(hdev);
2824
cc11b9c1
AE		 2825 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2826 if (ie) {
85a1e930
MH		 2827 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2828 ie->timestamp = jiffies;
2829 }
2830
2831 hci_dev_unlock(hdev);
2832}
2833
6039aa73
GP		 2834static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2835 struct sk_buff *skb)
a9de9248
MH		 2836{
2837 struct inquiry_data data;
2838 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2839 bool name_known, ssp;
a9de9248
MH		 2840
2841 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2842
2843 if (!num_rsp)
2844 return;
2845
1519cc17
AG		 2846 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2847 return;
2848
a9de9248
MH		 2849 hci_dev_lock(hdev);
2850
2851 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2852 struct inquiry_info_with_rssi_and_pscan_mode *info;
2853 info = (void *) (skb->data + 1);
a9de9248 2854
e17acd40 2855 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2856 bacpy(&data.bdaddr, &info->bdaddr);
2857 data.pscan_rep_mode = info->pscan_rep_mode;
2858 data.pscan_period_mode = info->pscan_period_mode;
2859 data.pscan_mode = info->pscan_mode;
2860 memcpy(data.dev_class, info->dev_class, 3);
2861 data.clock_offset = info->clock_offset;
2862 data.rssi = info->rssi;
41a96212 2863 data.ssp_mode = 0x00;
3175405b
JH		 2864
2865 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2866 false, &ssp);
48264f06 2867 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2868 info->dev_class, info->rssi,
2869 !name_known, ssp, NULL, 0);
a9de9248
MH		 2870 }
2871 } else {
2872 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2873
e17acd40 2874 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2875 bacpy(&data.bdaddr, &info->bdaddr);
2876 data.pscan_rep_mode = info->pscan_rep_mode;
2877 data.pscan_period_mode = info->pscan_period_mode;
2878 data.pscan_mode = 0x00;
2879 memcpy(data.dev_class, info->dev_class, 3);
2880 data.clock_offset = info->clock_offset;
2881 data.rssi = info->rssi;
41a96212 2882 data.ssp_mode = 0x00;
3175405b 2883 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2884 false, &ssp);
48264f06 2885 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2886 info->dev_class, info->rssi,
2887 !name_known, ssp, NULL, 0);
a9de9248
MH		 2888 }
2889 }
2890
2891 hci_dev_unlock(hdev);
2892}
2893
6039aa73
GP		 2894static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2895 struct sk_buff *skb)
a9de9248 2896{
41a96212
MH		 2897 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2898 struct hci_conn *conn;
2899
a9de9248 2900 BT_DBG("%s", hdev->name);
41a96212 2901
41a96212
MH		 2902 hci_dev_lock(hdev);
2903
2904 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2905 if (!conn)
2906 goto unlock;
41a96212 2907
ccd556fe
JH		 2908 if (!ev->status && ev->page == 0x01) {
2909 struct inquiry_entry *ie;
41a96212 2910
cc11b9c1
AE		 2911 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2912 if (ie)
02b7cc62 2913 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2914
02b7cc62 2915 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2916 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2917 }
2918
2919 if (conn->state != BT_CONFIG)
2920 goto unlock;
2921
671267bf 2922 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2923 struct hci_cp_remote_name_req cp;
2924 memset(&cp, 0, sizeof(cp));
2925 bacpy(&cp.bdaddr, &conn->dst);
2926 cp.pscan_rep_mode = 0x02;
2927 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2928 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2929 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2930 conn->dst_type, 0, NULL, 0,
2931 conn->dev_class);
392599b9 2932
127178d2 2933 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2934 conn->state = BT_CONNECTED;
2935 hci_proto_connect_cfm(conn, ev->status);
2936 hci_conn_put(conn);
41a96212
MH		 2937 }
2938
ccd556fe 2939unlock:
41a96212 2940 hci_dev_unlock(hdev);
a9de9248
MH		 2941}
2942
6039aa73
GP		 2943static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2944 struct sk_buff *skb)
a9de9248 2945{
b6a0dc82
MH		 2946 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2947 struct hci_conn *conn;
2948
9f1db00c 2949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2950
2951 hci_dev_lock(hdev);
2952
2953 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2954 if (!conn) {
2955 if (ev->link_type == ESCO_LINK)
2956 goto unlock;
2957
2958 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2959 if (!conn)
2960 goto unlock;
2961
2962 conn->type = SCO_LINK;
2963 }
b6a0dc82 2964
732547f9
MH		 2965 switch (ev->status) {
2966 case 0x00:
b6a0dc82
MH		 2967 conn->handle = __le16_to_cpu(ev->handle);
2968 conn->state = BT_CONNECTED;
7d0db0a3 2969
9eba32b8 2970 hci_conn_hold_device(conn);
7d0db0a3 2971 hci_conn_add_sysfs(conn);
732547f9
MH		 2972 break;
2973
705e5711 2974 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2975 case 0x1c: /* SCO interval rejected */
1038a00b 2976 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2977 case 0x1f: /* Unspecified error */
2978 if (conn->out && conn->attempt < 2) {
2979 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2980 (hdev->esco_type & EDR_ESCO_MASK);
2981 hci_setup_sync(conn, conn->link->handle);
2982 goto unlock;
2983 }
2984 /* fall through */
2985
2986 default:
b6a0dc82 2987 conn->state = BT_CLOSED;
732547f9
MH		 2988 break;
2989 }
b6a0dc82
MH		 2990
2991 hci_proto_connect_cfm(conn, ev->status);
2992 if (ev->status)
2993 hci_conn_del(conn);
2994
2995unlock:
2996 hci_dev_unlock(hdev);
a9de9248
MH		 2997}
2998
6039aa73 2999static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3000{
3001 BT_DBG("%s", hdev->name);
3002}
3003
6039aa73 3004static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3005{
a9de9248 3006 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3007
9f1db00c 3008 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3009}
3010
6039aa73
GP		 3011static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3012 struct sk_buff *skb)
1da177e4 3013{
a9de9248
MH		 3014 struct inquiry_data data;
3015 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3016 int num_rsp = *((__u8 *) skb->data);
9d939d94 3017 size_t eir_len;
1da177e4 3018
a9de9248 3019 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3020
a9de9248
MH		 3021 if (!num_rsp)
3022 return;
1da177e4 3023
1519cc17
AG		 3024 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3025 return;
3026
a9de9248
MH		 3027 hci_dev_lock(hdev);
3028
e17acd40 3029 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3030 bool name_known, ssp;
561aafbc 3031
a9de9248 3032 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3033 data.pscan_rep_mode = info->pscan_rep_mode;
3034 data.pscan_period_mode = info->pscan_period_mode;
3035 data.pscan_mode = 0x00;
a9de9248 3036 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3037 data.clock_offset = info->clock_offset;
3038 data.rssi = info->rssi;
41a96212 3039 data.ssp_mode = 0x01;
561aafbc 3040
a8b2d5c2 3041 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3042 name_known = eir_has_data_type(info->data,
04124681
GP		 3043 sizeof(info->data),
3044 EIR_NAME_COMPLETE);
561aafbc
JH		 3045 else
3046 name_known = true;
3047
388fc8fa 3048 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3049 &ssp);
9d939d94 3050 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3051 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3052 info->dev_class, info->rssi, !name_known,
9d939d94 3053 ssp, info->data, eir_len);
a9de9248
MH		 3054 }
3055
3056 hci_dev_unlock(hdev);
3057}
1da177e4 3058
1c2e0041
JH		 3059static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3060 struct sk_buff *skb)
3061{
3062 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3064
9f1db00c 3065 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3066 __le16_to_cpu(ev->handle));
3067
3068 hci_dev_lock(hdev);
3069
3070 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3071 if (!conn)
3072 goto unlock;
3073
3074 if (!ev->status)
3075 conn->sec_level = conn->pending_sec_level;
3076
3077 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3078
3079 if (ev->status && conn->state == BT_CONNECTED) {
3080 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3081 hci_conn_put(conn);
3082 goto unlock;
3083 }
3084
3085 if (conn->state == BT_CONFIG) {
3086 if (!ev->status)
3087 conn->state = BT_CONNECTED;
3088
3089 hci_proto_connect_cfm(conn, ev->status);
3090 hci_conn_put(conn);
3091 } else {
3092 hci_auth_cfm(conn, ev->status);
3093
3094 hci_conn_hold(conn);
3095 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3096 hci_conn_put(conn);
3097 }
3098
3099unlock:
3100 hci_dev_unlock(hdev);
3101}
3102
6039aa73 3103static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3104{
3105 /* If remote requests dedicated bonding follow that lead */
3106 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3107 /* If both remote and local IO capabilities allow MITM
3108 * protection then require it, otherwise don't */
3109 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3110 return 0x02;
3111 else
3112 return 0x03;
3113 }
3114
3115 /* If remote requests no-bonding follow that lead */
3116 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3117 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3118
3119 return conn->auth_type;
3120}
3121
6039aa73 3122static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3123{
3124 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3125 struct hci_conn *conn;
3126
3127 BT_DBG("%s", hdev->name);
3128
3129 hci_dev_lock(hdev);
3130
3131 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3132 if (!conn)
3133 goto unlock;
3134
3135 hci_conn_hold(conn);
3136
a8b2d5c2 3137 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3138 goto unlock;
3139
a8b2d5c2 3140 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3141 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3142 struct hci_cp_io_capability_reply cp;
3143
3144 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3145 /* Change the IO capability from KeyboardDisplay
3146 * to DisplayYesNo as it is not supported by BT spec. */
3147 cp.capability = (conn->io_capability == 0x04) ?
3148 0x01 : conn->io_capability;
7cbc9bd9
JH		 3149 conn->auth_type = hci_get_auth_req(conn);
3150 cp.authentication = conn->auth_type;
17fa4b9d 3151
8fc9ced3
GP		 3152 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3153 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3154 cp.oob_data = 0x01;
3155 else
3156 cp.oob_data = 0x00;
3157
17fa4b9d 3158 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3159 sizeof(cp), &cp);
03b555e1
JH		 3160 } else {
3161 struct hci_cp_io_capability_neg_reply cp;
3162
3163 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3164 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3165
03b555e1 3166 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3167 sizeof(cp), &cp);
03b555e1
JH		 3168 }
3169
3170unlock:
3171 hci_dev_unlock(hdev);
3172}
3173
6039aa73 3174static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3175{
3176 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3177 struct hci_conn *conn;
3178
3179 BT_DBG("%s", hdev->name);
3180
3181 hci_dev_lock(hdev);
3182
3183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3184 if (!conn)
3185 goto unlock;
3186
03b555e1 3187 conn->remote_cap = ev->capability;
03b555e1 3188 conn->remote_auth = ev->authentication;
58a681ef
JH		 3189 if (ev->oob_data)
3190 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3191
3192unlock:
0493684e
MH		 3193 hci_dev_unlock(hdev);
3194}
3195
6039aa73
GP		 3196static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
a5c29683
JH		 3198{
3199 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3200 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3201 struct hci_conn *conn;
a5c29683
JH		 3202
3203 BT_DBG("%s", hdev->name);
3204
3205 hci_dev_lock(hdev);
3206
a8b2d5c2 3207 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3208 goto unlock;
a5c29683 3209
7a828908
JH		 3210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3211 if (!conn)
3212 goto unlock;
3213
3214 loc_mitm = (conn->auth_type & 0x01);
3215 rem_mitm = (conn->remote_auth & 0x01);
3216
3217 /* If we require MITM but the remote device can't provide that
3218 * (it has NoInputNoOutput) then reject the confirmation
3219 * request. The only exception is when we're dedicated bonding
3220 * initiators (connect_cfm_cb set) since then we always have the MITM
3221 * bit set. */
3222 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3223 BT_DBG("Rejecting request: remote device can't provide MITM");
3224 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3225 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3226 goto unlock;
3227 }
3228
3229 /* If no side requires MITM protection; auto-accept */
3230 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3231 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3232
3233 /* If we're not the initiators request authorization to
3234 * proceed from user space (mgmt_user_confirm with
3235 * confirm_hint set to 1). */
51a8efd7 3236 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3237 BT_DBG("Confirming auto-accept as acceptor");
3238 confirm_hint = 1;
3239 goto confirm;
3240 }
3241
9f61656a 3242 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3243 hdev->auto_accept_delay);
9f61656a
JH		 3244
3245 if (hdev->auto_accept_delay > 0) {
3246 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3247 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3248 goto unlock;
3249 }
3250
7a828908 3251 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3252 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3253 goto unlock;
3254 }
3255
55bc1a37 3256confirm:
272d90df 3257 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3258 confirm_hint);
7a828908
JH		 3259
3260unlock:
a5c29683
JH		 3261 hci_dev_unlock(hdev);
3262}
3263
6039aa73
GP		 3264static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3265 struct sk_buff *skb)
1143d458
BG		 3266{
3267 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3268
3269 BT_DBG("%s", hdev->name);
3270
3271 hci_dev_lock(hdev);
3272
a8b2d5c2 3273 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3274 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3275
3276 hci_dev_unlock(hdev);
3277}
3278
6039aa73
GP		 3279static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3280 struct sk_buff *skb)
0493684e
MH		 3281{
3282 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3283 struct hci_conn *conn;
3284
3285 BT_DBG("%s", hdev->name);
3286
3287 hci_dev_lock(hdev);
3288
3289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3290 if (!conn)
3291 goto unlock;
3292
3293 /* To avoid duplicate auth_failed events to user space we check
3294 * the HCI_CONN_AUTH_PEND flag which will be set if we
3295 * initiated the authentication. A traditional auth_complete
3296 * event gets always produced as initiator and is also mapped to
3297 * the mgmt_auth_failed event */
51a8efd7 3298 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3299 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3300 ev->status);
0493684e 3301
2a611692
JH		 3302 hci_conn_put(conn);
3303
3304unlock:
0493684e
MH		 3305 hci_dev_unlock(hdev);
3306}
3307
6039aa73
GP		 3308static void hci_remote_host_features_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
41a96212
MH		 3310{
3311 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3312 struct inquiry_entry *ie;
3313
3314 BT_DBG("%s", hdev->name);
3315
3316 hci_dev_lock(hdev);
3317
cc11b9c1
AE		 3318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3319 if (ie)
02b7cc62 3320 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3321
3322 hci_dev_unlock(hdev);
3323}
3324
6039aa73
GP		 3325static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
2763eda6
SJ		 3327{
3328 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3329 struct oob_data *data;
3330
3331 BT_DBG("%s", hdev->name);
3332
3333 hci_dev_lock(hdev);
3334
a8b2d5c2 3335 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3336 goto unlock;
3337
2763eda6
SJ		 3338 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3339 if (data) {
3340 struct hci_cp_remote_oob_data_reply cp;
3341
3342 bacpy(&cp.bdaddr, &ev->bdaddr);
3343 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3344 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3345
3346 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3347 &cp);
2763eda6
SJ		 3348 } else {
3349 struct hci_cp_remote_oob_data_neg_reply cp;
3350
3351 bacpy(&cp.bdaddr, &ev->bdaddr);
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3353 &cp);
2763eda6
SJ		 3354 }
3355
e1ba1f15 3356unlock:
2763eda6
SJ		 3357 hci_dev_unlock(hdev);
3358}
3359
6039aa73 3360static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3361{
3362 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3363 struct hci_conn *conn;
3364
9f1db00c 3365 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3366
3367 hci_dev_lock(hdev);
3368
4f72b329
AK		 3369 if (ev->status) {
3370 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3371 if (!conn)
3372 goto unlock;
3373
3374 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3375 conn->dst_type, ev->status);
3376 hci_proto_connect_cfm(conn, ev->status);
3377 conn->state = BT_CLOSED;
3378 hci_conn_del(conn);
3379 goto unlock;
3380 }
3381
fcd89c09 3382 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3383 if (!conn) {
3384 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3385 if (!conn) {
3386 BT_ERR("No memory for new connection");
3387 hci_dev_unlock(hdev);
3388 return;
3389 }
29b7988a
AG		 3390
3391 conn->dst_type = ev->bdaddr_type;
b62f328b 3392 }
fcd89c09 3393
b644ba33
JH		 3394 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3395 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3396 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3397
7b5c0d52 3398 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3399 conn->handle = __le16_to_cpu(ev->handle);
3400 conn->state = BT_CONNECTED;
3401
3402 hci_conn_hold_device(conn);
3403 hci_conn_add_sysfs(conn);
3404
3405 hci_proto_connect_cfm(conn, ev->status);
3406
3407unlock:
3408 hci_dev_unlock(hdev);
3409}
3410
6039aa73 3411static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3412{
e95beb41
AG		 3413 u8 num_reports = skb->data[0];
3414 void *ptr = &skb->data[1];
3c9e9195 3415 s8 rssi;
9aa04c91
AG		 3416
3417 hci_dev_lock(hdev);
3418
e95beb41
AG		 3419 while (num_reports--) {
3420 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3421
3c9e9195
AG		 3422 rssi = ev->data[ev->length];
3423 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3424 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3425
e95beb41 3426 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3427 }
3428
3429 hci_dev_unlock(hdev);
3430}
3431
6039aa73 3432static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3433{
3434 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3435 struct hci_cp_le_ltk_reply cp;
bea710fe 3436 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3437 struct hci_conn *conn;
c9839a11 3438 struct smp_ltk *ltk;
a7a595f6 3439
9f1db00c 3440 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3441
3442 hci_dev_lock(hdev);
3443
3444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3445 if (conn == NULL)
3446 goto not_found;
a7a595f6 3447
bea710fe
VCG		 3448 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3449 if (ltk == NULL)
3450 goto not_found;
3451
3452 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3453 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3454
3455 if (ltk->authenticated)
3456 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3457
3458 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3459
c9839a11
VCG		 3460 if (ltk->type & HCI_SMP_STK) {
3461 list_del(&ltk->list);
3462 kfree(ltk);
3463 }
3464
a7a595f6 3465 hci_dev_unlock(hdev);
bea710fe
VCG		 3466
3467 return;
3468
3469not_found:
3470 neg.handle = ev->handle;
3471 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3472 hci_dev_unlock(hdev);
a7a595f6
VCG		 3473}
3474
6039aa73 3475static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3476{
3477 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3478
3479 skb_pull(skb, sizeof(*le_ev));
3480
3481 switch (le_ev->subevent) {
3482 case HCI_EV_LE_CONN_COMPLETE:
3483 hci_le_conn_complete_evt(hdev, skb);
3484 break;
3485
9aa04c91
AG		 3486 case HCI_EV_LE_ADVERTISING_REPORT:
3487 hci_le_adv_report_evt(hdev, skb);
3488 break;
3489
a7a595f6
VCG		 3490 case HCI_EV_LE_LTK_REQ:
3491 hci_le_ltk_request_evt(hdev, skb);
3492 break;
3493
fcd89c09
VT		 3494 default:
3495 break;
3496 }
3497}
3498
a9de9248
MH		 3499void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3500{
3501 struct hci_event_hdr *hdr = (void *) skb->data;
3502 __u8 event = hdr->evt;
3503
3504 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3505
3506 switch (event) {
1da177e4
LT		 3507 case HCI_EV_INQUIRY_COMPLETE:
3508 hci_inquiry_complete_evt(hdev, skb);
3509 break;
3510
3511 case HCI_EV_INQUIRY_RESULT:
3512 hci_inquiry_result_evt(hdev, skb);
3513 break;
3514
a9de9248
MH		 3515 case HCI_EV_CONN_COMPLETE:
3516 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3517 break;
3518
1da177e4
LT		 3519 case HCI_EV_CONN_REQUEST:
3520 hci_conn_request_evt(hdev, skb);
3521 break;
3522
1da177e4
LT		 3523 case HCI_EV_DISCONN_COMPLETE:
3524 hci_disconn_complete_evt(hdev, skb);
3525 break;
3526
1da177e4
LT		 3527 case HCI_EV_AUTH_COMPLETE:
3528 hci_auth_complete_evt(hdev, skb);
3529 break;
3530
a9de9248
MH		 3531 case HCI_EV_REMOTE_NAME:
3532 hci_remote_name_evt(hdev, skb);
3533 break;
3534
1da177e4
LT		 3535 case HCI_EV_ENCRYPT_CHANGE:
3536 hci_encrypt_change_evt(hdev, skb);
3537 break;
3538
a9de9248
MH		 3539 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3540 hci_change_link_key_complete_evt(hdev, skb);
3541 break;
3542
3543 case HCI_EV_REMOTE_FEATURES:
3544 hci_remote_features_evt(hdev, skb);
3545 break;
3546
3547 case HCI_EV_REMOTE_VERSION:
3548 hci_remote_version_evt(hdev, skb);
3549 break;
3550
3551 case HCI_EV_QOS_SETUP_COMPLETE:
3552 hci_qos_setup_complete_evt(hdev, skb);
3553 break;
3554
3555 case HCI_EV_CMD_COMPLETE:
3556 hci_cmd_complete_evt(hdev, skb);
3557 break;
3558
3559 case HCI_EV_CMD_STATUS:
3560 hci_cmd_status_evt(hdev, skb);
3561 break;
3562
3563 case HCI_EV_ROLE_CHANGE:
3564 hci_role_change_evt(hdev, skb);
3565 break;
3566
3567 case HCI_EV_NUM_COMP_PKTS:
3568 hci_num_comp_pkts_evt(hdev, skb);
3569 break;
3570
3571 case HCI_EV_MODE_CHANGE:
3572 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3573 break;
3574
3575 case HCI_EV_PIN_CODE_REQ:
3576 hci_pin_code_request_evt(hdev, skb);
3577 break;
3578
3579 case HCI_EV_LINK_KEY_REQ:
3580 hci_link_key_request_evt(hdev, skb);
3581 break;
3582
3583 case HCI_EV_LINK_KEY_NOTIFY:
3584 hci_link_key_notify_evt(hdev, skb);
3585 break;
3586
3587 case HCI_EV_CLOCK_OFFSET:
3588 hci_clock_offset_evt(hdev, skb);
3589 break;
3590
a8746417
MH		 3591 case HCI_EV_PKT_TYPE_CHANGE:
3592 hci_pkt_type_change_evt(hdev, skb);
3593 break;
3594
85a1e930
MH		 3595 case HCI_EV_PSCAN_REP_MODE:
3596 hci_pscan_rep_mode_evt(hdev, skb);
3597 break;
3598
a9de9248
MH		 3599 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3600 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3601 break;
3602
a9de9248
MH		 3603 case HCI_EV_REMOTE_EXT_FEATURES:
3604 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3605 break;
3606
a9de9248
MH		 3607 case HCI_EV_SYNC_CONN_COMPLETE:
3608 hci_sync_conn_complete_evt(hdev, skb);
3609 break;
1da177e4 3610
a9de9248
MH		 3611 case HCI_EV_SYNC_CONN_CHANGED:
3612 hci_sync_conn_changed_evt(hdev, skb);
3613 break;
1da177e4 3614
a9de9248
MH		 3615 case HCI_EV_SNIFF_SUBRATE:
3616 hci_sniff_subrate_evt(hdev, skb);
3617 break;
1da177e4 3618
a9de9248
MH		 3619 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3620 hci_extended_inquiry_result_evt(hdev, skb);
3621 break;
1da177e4 3622
1c2e0041
JH		 3623 case HCI_EV_KEY_REFRESH_COMPLETE:
3624 hci_key_refresh_complete_evt(hdev, skb);
3625 break;
3626
0493684e
MH		 3627 case HCI_EV_IO_CAPA_REQUEST:
3628 hci_io_capa_request_evt(hdev, skb);
3629 break;
3630
03b555e1
JH		 3631 case HCI_EV_IO_CAPA_REPLY:
3632 hci_io_capa_reply_evt(hdev, skb);
3633 break;
3634
a5c29683
JH		 3635 case HCI_EV_USER_CONFIRM_REQUEST:
3636 hci_user_confirm_request_evt(hdev, skb);
3637 break;
3638
1143d458
BG		 3639 case HCI_EV_USER_PASSKEY_REQUEST:
3640 hci_user_passkey_request_evt(hdev, skb);
3641 break;
3642
0493684e
MH		 3643 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3644 hci_simple_pair_complete_evt(hdev, skb);
3645 break;
3646
41a96212
MH		 3647 case HCI_EV_REMOTE_HOST_FEATURES:
3648 hci_remote_host_features_evt(hdev, skb);
3649 break;
3650
fcd89c09
VT		 3651 case HCI_EV_LE_META:
3652 hci_le_meta_evt(hdev, skb);
3653 break;
3654
2763eda6
SJ		 3655 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3656 hci_remote_oob_data_request_evt(hdev, skb);
3657 break;
3658
25e89e99
AE		 3659 case HCI_EV_NUM_COMP_BLOCKS:
3660 hci_num_comp_blocks_evt(hdev, skb);
3661 break;
3662
a9de9248 3663 default:
9f1db00c 3664 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3665 break;
3666 }
3667
3668 kfree_skb(skb);
3669 hdev->stat.evt_rx++;
3670}
Linux kernel - Deliverables
This page took 1.109126 seconds and 5 git commands to generate.