projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add HCI Read Flow Control Mode function
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
a9de9248 197}
04837f64 198
a9de9248
MH		 199static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
200{
201 __u8 status = *((__u8 *) skb->data);
202 void *sent;
04837f64 203
a9de9248 204 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 205
a9de9248
MH		 206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
207 if (!sent)
208 return;
04837f64 209
56e5cb86
JH		 210 hci_dev_lock(hdev);
211
b312b161 212 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 213 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 214
56e5cb86
JH		 215 if (status == 0)
216 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 217
56e5cb86 218 hci_dev_unlock(hdev);
a9de9248
MH		 219}
220
221static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222{
223 struct hci_rp_read_local_name *rp = (void *) skb->data;
224
225 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226
227 if (rp->status)
228 return;
229
1f6c6378 230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 231}
232
233static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 __u8 status = *((__u8 *) skb->data);
236 void *sent;
237
238 BT_DBG("%s status 0x%x", hdev->name, status);
239
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 if (!sent)
242 return;
243
244 if (!status) {
245 __u8 param = *((__u8 *) sent);
246
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
249 else
250 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 251 }
a9de9248 252
23bb5763 253 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 254}
255
a9de9248 256static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 257{
a9de9248 258 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 259 void *sent;
260
a9de9248 261 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 262
a9de9248
MH		 263 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
264 if (!sent)
265 return;
1da177e4 266
a9de9248
MH		 267 if (!status) {
268 __u8 param = *((__u8 *) sent);
269
270 if (param)
271 set_bit(HCI_ENCRYPT, &hdev->flags);
272 else
273 clear_bit(HCI_ENCRYPT, &hdev->flags);
274 }
1da177e4 275
23bb5763 276 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 277}
1da177e4 278
a9de9248
MH		 279static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
280{
36f7fc7e
JH		 281 __u8 param, status = *((__u8 *) skb->data);
282 int old_pscan, old_iscan;
a9de9248 283 void *sent;
1da177e4 284
a9de9248 285 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 286
a9de9248
MH		 287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
288 if (!sent)
289 return;
1da177e4 290
36f7fc7e
JH		 291 param = *((__u8 *) sent);
292
56e5cb86
JH		 293 hci_dev_lock(hdev);
294
2d7cee58 295 if (status != 0) {
744cf19e 296 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 297 hdev->discov_timeout = 0;
298 goto done;
299 }
300
36f7fc7e
JH		 301 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
302 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
303
304 if (param & SCAN_INQUIRY) {
305 set_bit(HCI_ISCAN, &hdev->flags);
306 if (!old_iscan)
744cf19e 307 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 308 if (hdev->discov_timeout > 0) {
309 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
310 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
311 to);
312 }
36f7fc7e 313 } else if (old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 315
316 if (param & SCAN_PAGE) {
317 set_bit(HCI_PSCAN, &hdev->flags);
318 if (!old_pscan)
744cf19e 319 mgmt_connectable(hdev, 1);
36f7fc7e 320 } else if (old_pscan)
744cf19e 321 mgmt_connectable(hdev, 0);
1da177e4 322
36f7fc7e 323done:
56e5cb86 324 hci_dev_unlock(hdev);
23bb5763 325 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 326}
1da177e4 327
a9de9248
MH		 328static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
329{
330 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 331
a9de9248 332 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 333
a9de9248
MH		 334 if (rp->status)
335 return;
1da177e4 336
a9de9248 337 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 338
a9de9248
MH		 339 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
340 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
341}
1da177e4 342
a9de9248
MH		 343static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344{
345 __u8 status = *((__u8 *) skb->data);
346 void *sent;
1da177e4 347
a9de9248 348 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 349
f383f275
MH		 350 if (status)
351 return;
352
a9de9248
MH		 353 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
354 if (!sent)
355 return;
1da177e4 356
f383f275 357 memcpy(hdev->dev_class, sent, 3);
a9de9248 358}
1da177e4 359
a9de9248
MH		 360static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
361{
362 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
363 __u16 setting;
364
365 BT_DBG("%s status 0x%x", hdev->name, rp->status);
366
367 if (rp->status)
368 return;
369
370 setting = __le16_to_cpu(rp->voice_setting);
371
f383f275 372 if (hdev->voice_setting == setting)
a9de9248
MH		 373 return;
374
375 hdev->voice_setting = setting;
376
377 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
378
379 if (hdev->notify) {
380 tasklet_disable(&hdev->tx_task);
381 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
382 tasklet_enable(&hdev->tx_task);
383 }
384}
385
386static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 __u8 status = *((__u8 *) skb->data);
f383f275 389 __u16 setting;
a9de9248
MH		 390 void *sent;
391
392 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 393
f383f275
MH		 394 if (status)
395 return;
396
a9de9248
MH		 397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
398 if (!sent)
399 return;
1da177e4 400
f383f275 401 setting = get_unaligned_le16(sent);
1da177e4 402
f383f275
MH		 403 if (hdev->voice_setting == setting)
404 return;
405
406 hdev->voice_setting = setting;
1da177e4 407
f383f275 408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 409
f383f275
MH		 410 if (hdev->notify) {
411 tasklet_disable(&hdev->tx_task);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 414 }
415}
416
a9de9248 417static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 418{
a9de9248 419 __u8 status = *((__u8 *) skb->data);
1da177e4 420
a9de9248 421 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 422
23bb5763 423 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 424}
1143e5a6 425
333140b5
MH		 426static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
427{
428 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
429
430 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431
432 if (rp->status)
433 return;
434
435 hdev->ssp_mode = rp->mode;
436}
437
438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
441 void *sent;
442
443 BT_DBG("%s status 0x%x", hdev->name, status);
444
445 if (status)
446 return;
447
448 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 if (!sent)
450 return;
451
452 hdev->ssp_mode = *((__u8 *) sent);
453}
454
d5859e22
JH		 455static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
456{
457 if (hdev->features[6] & LMP_EXT_INQ)
458 return 2;
459
460 if (hdev->features[3] & LMP_RSSI_INQ)
461 return 1;
462
463 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
464 hdev->lmp_subver == 0x0757)
465 return 1;
466
467 if (hdev->manufacturer == 15) {
468 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
469 return 1;
470 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
471 return 1;
472 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
473 return 1;
474 }
475
476 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
477 hdev->lmp_subver == 0x1805)
478 return 1;
479
480 return 0;
481}
482
483static void hci_setup_inquiry_mode(struct hci_dev *hdev)
484{
485 u8 mode;
486
487 mode = hci_get_inquiry_mode(hdev);
488
489 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
490}
491
492static void hci_setup_event_mask(struct hci_dev *hdev)
493{
494 /* The second byte is 0xff instead of 0x9f (two reserved bits
495 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
496 * command otherwise */
497 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
498
6de6c18d
VT		 499 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
500 * any event mask for pre 1.2 devices */
501 if (hdev->lmp_ver <= 1)
502 return;
503
504 events[4] |= 0x01; /* Flow Specification Complete */
505 events[4] |= 0x02; /* Inquiry Result with RSSI */
506 events[4] |= 0x04; /* Read Remote Extended Features Complete */
507 events[5] |= 0x08; /* Synchronous Connection Complete */
508 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 509
510 if (hdev->features[3] & LMP_RSSI_INQ)
511 events[4] |= 0x04; /* Inquiry Result with RSSI */
512
513 if (hdev->features[5] & LMP_SNIFF_SUBR)
514 events[5] |= 0x20; /* Sniff Subrating */
515
516 if (hdev->features[5] & LMP_PAUSE_ENC)
517 events[5] |= 0x80; /* Encryption Key Refresh Complete */
518
519 if (hdev->features[6] & LMP_EXT_INQ)
520 events[5] |= 0x40; /* Extended Inquiry Result */
521
522 if (hdev->features[6] & LMP_NO_FLUSH)
523 events[7] |= 0x01; /* Enhanced Flush Complete */
524
525 if (hdev->features[7] & LMP_LSTO)
526 events[6] |= 0x80; /* Link Supervision Timeout Changed */
527
528 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
529 events[6] |= 0x01; /* IO Capability Request */
530 events[6] |= 0x02; /* IO Capability Response */
531 events[6] |= 0x04; /* User Confirmation Request */
532 events[6] |= 0x08; /* User Passkey Request */
533 events[6] |= 0x10; /* Remote OOB Data Request */
534 events[6] |= 0x20; /* Simple Pairing Complete */
535 events[7] |= 0x04; /* User Passkey Notification */
536 events[7] |= 0x08; /* Keypress Notification */
537 events[7] |= 0x10; /* Remote Host Supported
538 * Features Notification */
539 }
540
541 if (hdev->features[4] & LMP_LE)
542 events[7] |= 0x20; /* LE Meta-Event */
543
544 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
545}
546
e6100a25
AG		 547static void hci_set_le_support(struct hci_dev *hdev)
548{
549 struct hci_cp_write_le_host_supported cp;
550
551 memset(&cp, 0, sizeof(cp));
552
553 if (enable_le) {
554 cp.le = 1;
555 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
556 }
557
558 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
559}
560
d5859e22
JH		 561static void hci_setup(struct hci_dev *hdev)
562{
563 hci_setup_event_mask(hdev);
564
565 if (hdev->lmp_ver > 1)
566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567
568 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 u8 mode = 0x01;
570 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
571 }
572
573 if (hdev->features[3] & LMP_RSSI_INQ)
574 hci_setup_inquiry_mode(hdev);
575
576 if (hdev->features[7] & LMP_INQ_TX_PWR)
577 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 578
579 if (hdev->features[7] & LMP_EXTFEATURES) {
580 struct hci_cp_read_local_ext_features cp;
581
582 cp.page = 0x01;
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
584 sizeof(cp), &cp);
585 }
e6100a25
AG		 586
587 if (hdev->features[4] & LMP_LE)
588 hci_set_le_support(hdev);
d5859e22
JH		 589}
590
a9de9248
MH		 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592{
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 594
a9de9248 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 596
a9de9248
MH		 597 if (rp->status)
598 return;
1143e5a6 599
a9de9248 600 hdev->hci_ver = rp->hci_ver;
e4e8e37c 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 602 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 605
a9de9248
MH		 606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->manufacturer,
608 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 609
610 if (test_bit(HCI_INIT, &hdev->flags))
611 hci_setup(hdev);
612}
613
614static void hci_setup_link_policy(struct hci_dev *hdev)
615{
616 u16 link_policy = 0;
617
618 if (hdev->features[0] & LMP_RSWITCH)
619 link_policy |= HCI_LP_RSWITCH;
620 if (hdev->features[0] & LMP_HOLD)
621 link_policy |= HCI_LP_HOLD;
622 if (hdev->features[0] & LMP_SNIFF)
623 link_policy |= HCI_LP_SNIFF;
624 if (hdev->features[1] & LMP_PARK)
625 link_policy |= HCI_LP_PARK;
626
627 link_policy = cpu_to_le16(link_policy);
628 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
629 sizeof(link_policy), &link_policy);
a9de9248 630}
1da177e4 631
a9de9248
MH		 632static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633{
634 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 635
a9de9248 636 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 637
a9de9248 638 if (rp->status)
d5859e22 639 goto done;
1da177e4 640
a9de9248 641 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 642
643 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
644 hci_setup_link_policy(hdev);
645
646done:
647 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 648}
1da177e4 649
a9de9248
MH		 650static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651{
652 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 653
a9de9248 654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 655
a9de9248
MH		 656 if (rp->status)
657 return;
5b7f9909 658
a9de9248 659 memcpy(hdev->features, rp->features, 8);
5b7f9909 660
a9de9248
MH		 661 /* Adjust default settings according to features
662 * supported by device. */
1da177e4 663
a9de9248
MH		 664 if (hdev->features[0] & LMP_3SLOT)
665 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 666
a9de9248
MH		 667 if (hdev->features[0] & LMP_5SLOT)
668 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 669
a9de9248
MH		 670 if (hdev->features[1] & LMP_HV2) {
671 hdev->pkt_type |= (HCI_HV2);
672 hdev->esco_type |= (ESCO_HV2);
673 }
1da177e4 674
a9de9248
MH		 675 if (hdev->features[1] & LMP_HV3) {
676 hdev->pkt_type |= (HCI_HV3);
677 hdev->esco_type |= (ESCO_HV3);
678 }
1da177e4 679
a9de9248
MH		 680 if (hdev->features[3] & LMP_ESCO)
681 hdev->esco_type |= (ESCO_EV3);
da1f5198 682
a9de9248
MH		 683 if (hdev->features[4] & LMP_EV4)
684 hdev->esco_type |= (ESCO_EV4);
da1f5198 685
a9de9248
MH		 686 if (hdev->features[4] & LMP_EV5)
687 hdev->esco_type |= (ESCO_EV5);
1da177e4 688
efc7688b
MH		 689 if (hdev->features[5] & LMP_EDR_ESCO_2M)
690 hdev->esco_type |= (ESCO_2EV3);
691
692 if (hdev->features[5] & LMP_EDR_ESCO_3M)
693 hdev->esco_type |= (ESCO_3EV3);
694
695 if (hdev->features[5] & LMP_EDR_3S_ESCO)
696 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697
a9de9248
MH		 698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
699 hdev->features[0], hdev->features[1],
700 hdev->features[2], hdev->features[3],
701 hdev->features[4], hdev->features[5],
702 hdev->features[6], hdev->features[7]);
703}
1da177e4 704
971e3a4b
AG		 705static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
706 struct sk_buff *skb)
707{
708 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711
712 if (rp->status)
713 return;
714
715 memcpy(hdev->extfeatures, rp->features, 8);
716
717 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
718}
719
1e89cffb
AE		 720static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
721 struct sk_buff *skb)
722{
723 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
724
725 BT_DBG("%s status 0x%x", hdev->name, rp->status);
726
727 if (rp->status)
728 return;
729
730 hdev->flow_ctl_mode = rp->mode;
731
732 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
733}
734
a9de9248
MH		 735static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
736{
737 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 738
a9de9248 739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 740
a9de9248
MH		 741 if (rp->status)
742 return;
1da177e4 743
a9de9248
MH		 744 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
745 hdev->sco_mtu = rp->sco_mtu;
746 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
747 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
748
749 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
750 hdev->sco_mtu = 64;
751 hdev->sco_pkts = 8;
1da177e4 752 }
a9de9248
MH		 753
754 hdev->acl_cnt = hdev->acl_pkts;
755 hdev->sco_cnt = hdev->sco_pkts;
756
757 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
758 hdev->acl_mtu, hdev->acl_pkts,
759 hdev->sco_mtu, hdev->sco_pkts);
760}
761
762static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
763{
764 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
765
766 BT_DBG("%s status 0x%x", hdev->name, rp->status);
767
768 if (!rp->status)
769 bacpy(&hdev->bdaddr, &rp->bdaddr);
770
23bb5763
JH		 771 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
772}
773
774static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
775{
776 __u8 status = *((__u8 *) skb->data);
777
778 BT_DBG("%s status 0x%x", hdev->name, status);
779
780 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 781}
782
928abaa7
AE		 783static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
784 struct sk_buff *skb)
785{
786 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
787
788 BT_DBG("%s status 0x%x", hdev->name, rp->status);
789
790 if (rp->status)
791 return;
792
793 hdev->amp_status = rp->amp_status;
794 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
795 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
796 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
797 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
798 hdev->amp_type = rp->amp_type;
799 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
800 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
801 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
802 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
803
804 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
805}
806
b0916ea0
JH		 807static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
808 struct sk_buff *skb)
809{
810 __u8 status = *((__u8 *) skb->data);
811
812 BT_DBG("%s status 0x%x", hdev->name, status);
813
814 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
815}
816
d5859e22
JH		 817static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
818{
819 __u8 status = *((__u8 *) skb->data);
820
821 BT_DBG("%s status 0x%x", hdev->name, status);
822
823 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
824}
825
826static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
827 struct sk_buff *skb)
828{
829 __u8 status = *((__u8 *) skb->data);
830
831 BT_DBG("%s status 0x%x", hdev->name, status);
832
833 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
834}
835
836static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
837 struct sk_buff *skb)
838{
839 __u8 status = *((__u8 *) skb->data);
840
841 BT_DBG("%s status 0x%x", hdev->name, status);
842
843 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
844}
845
846static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
847{
848 __u8 status = *((__u8 *) skb->data);
849
850 BT_DBG("%s status 0x%x", hdev->name, status);
851
852 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
853}
854
980e1a53
JH		 855static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
856{
857 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
858 struct hci_cp_pin_code_reply *cp;
859 struct hci_conn *conn;
860
861 BT_DBG("%s status 0x%x", hdev->name, rp->status);
862
56e5cb86
JH		 863 hci_dev_lock(hdev);
864
980e1a53 865 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 866 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 867
868 if (rp->status != 0)
56e5cb86 869 goto unlock;
980e1a53
JH		 870
871 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
872 if (!cp)
56e5cb86 873 goto unlock;
980e1a53
JH		 874
875 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
876 if (conn)
877 conn->pin_length = cp->pin_len;
56e5cb86
JH		 878
879unlock:
880 hci_dev_unlock(hdev);
980e1a53
JH		 881}
882
883static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
884{
885 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
886
887 BT_DBG("%s status 0x%x", hdev->name, rp->status);
888
56e5cb86
JH		 889 hci_dev_lock(hdev);
890
980e1a53 891 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 892 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 893 rp->status);
56e5cb86
JH		 894
895 hci_dev_unlock(hdev);
980e1a53 896}
56e5cb86 897
6ed58ec5
VT		 898static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
899 struct sk_buff *skb)
900{
901 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
902
903 BT_DBG("%s status 0x%x", hdev->name, rp->status);
904
905 if (rp->status)
906 return;
907
908 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
909 hdev->le_pkts = rp->le_max_pkt;
910
911 hdev->le_cnt = hdev->le_pkts;
912
913 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
914
915 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
916}
980e1a53 917
a5c29683
JH		 918static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
919{
920 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
921
922 BT_DBG("%s status 0x%x", hdev->name, rp->status);
923
56e5cb86
JH		 924 hci_dev_lock(hdev);
925
a5c29683 926 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 927 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 928 rp->status);
56e5cb86
JH		 929
930 hci_dev_unlock(hdev);
a5c29683
JH		 931}
932
933static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
934 struct sk_buff *skb)
935{
936 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
937
938 BT_DBG("%s status 0x%x", hdev->name, rp->status);
939
56e5cb86
JH		 940 hci_dev_lock(hdev);
941
a5c29683 942 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 943 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 944 rp->status);
56e5cb86
JH		 945
946 hci_dev_unlock(hdev);
a5c29683
JH		 947}
948
1143d458
BG		 949static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
950{
951 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
952
953 BT_DBG("%s status 0x%x", hdev->name, rp->status);
954
955 hci_dev_lock(hdev);
956
957 if (test_bit(HCI_MGMT, &hdev->flags))
958 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
959 rp->status);
960
961 hci_dev_unlock(hdev);
962}
963
964static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
965 struct sk_buff *skb)
966{
967 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
968
969 BT_DBG("%s status 0x%x", hdev->name, rp->status);
970
971 hci_dev_lock(hdev);
972
973 if (test_bit(HCI_MGMT, &hdev->flags))
974 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
975 rp->status);
976
977 hci_dev_unlock(hdev);
978}
979
c35938b2
SJ		 980static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
981 struct sk_buff *skb)
982{
983 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
984
985 BT_DBG("%s status 0x%x", hdev->name, rp->status);
986
56e5cb86 987 hci_dev_lock(hdev);
744cf19e 988 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 989 rp->randomizer, rp->status);
56e5cb86 990 hci_dev_unlock(hdev);
c35938b2
SJ		 991}
992
eb9d91f5
AG		 993static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
994 struct sk_buff *skb)
995{
996 struct hci_cp_le_set_scan_enable *cp;
997 __u8 status = *((__u8 *) skb->data);
998
999 BT_DBG("%s status 0x%x", hdev->name, status);
1000
1001 if (status)
1002 return;
1003
1004 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1005 if (!cp)
1006 return;
1007
35815085
AG		 1008 if (cp->enable == 0x01) {
1009 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 1010
1011 hci_dev_lock(hdev);
eb9d91f5 1012 hci_adv_entries_clear(hdev);
a8f13c8c 1013 hci_dev_unlock(hdev);
35815085
AG		 1014 } else if (cp->enable == 0x00) {
1015 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
1016 }
eb9d91f5
AG		 1017}
1018
a7a595f6
VCG		 1019static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1020{
1021 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1022
1023 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024
1025 if (rp->status)
1026 return;
1027
1028 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1029}
1030
1031static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1032{
1033 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1034
1035 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1036
1037 if (rp->status)
1038 return;
1039
1040 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1041}
1042
f9b49306
AG		 1043static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1044 struct sk_buff *skb)
1045{
1046 struct hci_cp_read_local_ext_features cp;
1047 __u8 status = *((__u8 *) skb->data);
1048
1049 BT_DBG("%s status 0x%x", hdev->name, status);
1050
1051 if (status)
1052 return;
1053
1054 cp.page = 0x01;
1055 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1056}
1057
a9de9248
MH		 1058static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1059{
1060 BT_DBG("%s status 0x%x", hdev->name, status);
1061
1062 if (status) {
23bb5763 1063 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1064 hci_conn_check_pending(hdev);
56e5cb86 1065 hci_dev_lock(hdev);
164a6e78 1066 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1067 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1068 hci_dev_unlock(hdev);
314b2381
JH		 1069 return;
1070 }
1071
89352e7d
AG		 1072 set_bit(HCI_INQUIRY, &hdev->flags);
1073
56e5cb86 1074 hci_dev_lock(hdev);
744cf19e 1075 mgmt_discovering(hdev, 1);
56e5cb86 1076 hci_dev_unlock(hdev);
1da177e4
LT		 1077}
1078
1da177e4
LT		 1079static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1080{
a9de9248 1081 struct hci_cp_create_conn *cp;
1da177e4 1082 struct hci_conn *conn;
1da177e4 1083
a9de9248
MH		 1084 BT_DBG("%s status 0x%x", hdev->name, status);
1085
1086 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1087 if (!cp)
1088 return;
1089
1090 hci_dev_lock(hdev);
1091
1092 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1093
a9de9248 1094 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1095
1096 if (status) {
1097 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1098 if (status != 0x0c || conn->attempt > 2) {
1099 conn->state = BT_CLOSED;
1100 hci_proto_connect_cfm(conn, status);
1101 hci_conn_del(conn);
1102 } else
1103 conn->state = BT_CONNECT2;
1da177e4
LT		 1104 }
1105 } else {
1106 if (!conn) {
1107 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1108 if (conn) {
1109 conn->out = 1;
1110 conn->link_mode |= HCI_LM_MASTER;
1111 } else
893ef971 1112 BT_ERR("No memory for new connection");
1da177e4
LT		 1113 }
1114 }
1115
1116 hci_dev_unlock(hdev);
1117}
1118
a9de9248 1119static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1120{
a9de9248
MH		 1121 struct hci_cp_add_sco *cp;
1122 struct hci_conn *acl, *sco;
1123 __u16 handle;
1da177e4 1124
b6a0dc82
MH		 1125 BT_DBG("%s status 0x%x", hdev->name, status);
1126
a9de9248
MH		 1127 if (!status)
1128 return;
1da177e4 1129
a9de9248
MH		 1130 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1131 if (!cp)
1132 return;
1da177e4 1133
a9de9248 1134 handle = __le16_to_cpu(cp->handle);
1da177e4 1135
a9de9248 1136 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1137
a9de9248 1138 hci_dev_lock(hdev);
1da177e4 1139
a9de9248 1140 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1141 if (acl) {
1142 sco = acl->link;
1143 if (sco) {
1144 sco->state = BT_CLOSED;
1da177e4 1145
5a08ecce
AE		 1146 hci_proto_connect_cfm(sco, status);
1147 hci_conn_del(sco);
1148 }
a9de9248 1149 }
1da177e4 1150
a9de9248
MH		 1151 hci_dev_unlock(hdev);
1152}
1da177e4 1153
f8558555
MH		 1154static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1155{
1156 struct hci_cp_auth_requested *cp;
1157 struct hci_conn *conn;
1158
1159 BT_DBG("%s status 0x%x", hdev->name, status);
1160
1161 if (!status)
1162 return;
1163
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1165 if (!cp)
1166 return;
1167
1168 hci_dev_lock(hdev);
1169
1170 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1171 if (conn) {
1172 if (conn->state == BT_CONFIG) {
1173 hci_proto_connect_cfm(conn, status);
1174 hci_conn_put(conn);
1175 }
1176 }
1177
1178 hci_dev_unlock(hdev);
1179}
1180
1181static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1182{
1183 struct hci_cp_set_conn_encrypt *cp;
1184 struct hci_conn *conn;
1185
1186 BT_DBG("%s status 0x%x", hdev->name, status);
1187
1188 if (!status)
1189 return;
1190
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1192 if (!cp)
1193 return;
1194
1195 hci_dev_lock(hdev);
1196
1197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1198 if (conn) {
1199 if (conn->state == BT_CONFIG) {
1200 hci_proto_connect_cfm(conn, status);
1201 hci_conn_put(conn);
1202 }
1203 }
1204
1205 hci_dev_unlock(hdev);
1206}
1207
127178d2 1208static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1209 struct hci_conn *conn)
392599b9 1210{
392599b9
JH		 1211 if (conn->state != BT_CONFIG || !conn->out)
1212 return 0;
1213
765c2a96 1214 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1215 return 0;
1216
1217 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1218 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1219 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1220 conn->pending_sec_level != BT_SECURITY_HIGH &&
1221 !(conn->auth_type & 0x01))
392599b9
JH		 1222 return 0;
1223
392599b9
JH		 1224 return 1;
1225}
1226
a9de9248
MH		 1227static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1228{
127178d2
JH		 1229 struct hci_cp_remote_name_req *cp;
1230 struct hci_conn *conn;
1231
a9de9248 1232 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1233
1234 /* If successful wait for the name req complete event before
1235 * checking for the need to do authentication */
1236 if (!status)
1237 return;
1238
1239 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1240 if (!cp)
1241 return;
1242
1243 hci_dev_lock(hdev);
1244
1245 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1246 if (!conn)
1247 goto unlock;
1248
1249 if (!hci_outgoing_auth_needed(hdev, conn))
1250 goto unlock;
1251
1252 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1253 struct hci_cp_auth_requested cp;
1254 cp.handle = __cpu_to_le16(conn->handle);
1255 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1256 }
1257
79c6c70c 1258unlock:
127178d2 1259 hci_dev_unlock(hdev);
a9de9248 1260}
1da177e4 1261
769be974
MH		 1262static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1263{
1264 struct hci_cp_read_remote_features *cp;
1265 struct hci_conn *conn;
1266
1267 BT_DBG("%s status 0x%x", hdev->name, status);
1268
1269 if (!status)
1270 return;
1271
1272 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1273 if (!cp)
1274 return;
1275
1276 hci_dev_lock(hdev);
1277
1278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1279 if (conn) {
1280 if (conn->state == BT_CONFIG) {
769be974
MH		 1281 hci_proto_connect_cfm(conn, status);
1282 hci_conn_put(conn);
1283 }
1284 }
1285
1286 hci_dev_unlock(hdev);
1287}
1288
1289static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1290{
1291 struct hci_cp_read_remote_ext_features *cp;
1292 struct hci_conn *conn;
1293
1294 BT_DBG("%s status 0x%x", hdev->name, status);
1295
1296 if (!status)
1297 return;
1298
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1300 if (!cp)
1301 return;
1302
1303 hci_dev_lock(hdev);
1304
1305 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1306 if (conn) {
1307 if (conn->state == BT_CONFIG) {
769be974
MH		 1308 hci_proto_connect_cfm(conn, status);
1309 hci_conn_put(conn);
1310 }
1311 }
1312
1313 hci_dev_unlock(hdev);
1314}
1315
a9de9248
MH		 1316static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1317{
b6a0dc82
MH		 1318 struct hci_cp_setup_sync_conn *cp;
1319 struct hci_conn *acl, *sco;
1320 __u16 handle;
1321
a9de9248 1322 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1323
1324 if (!status)
1325 return;
1326
1327 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1328 if (!cp)
1329 return;
1330
1331 handle = __le16_to_cpu(cp->handle);
1332
1333 BT_DBG("%s handle %d", hdev->name, handle);
1334
1335 hci_dev_lock(hdev);
1336
1337 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1338 if (acl) {
1339 sco = acl->link;
1340 if (sco) {
1341 sco->state = BT_CLOSED;
b6a0dc82 1342
5a08ecce
AE		 1343 hci_proto_connect_cfm(sco, status);
1344 hci_conn_del(sco);
1345 }
b6a0dc82
MH		 1346 }
1347
1348 hci_dev_unlock(hdev);
1da177e4
LT		 1349}
1350
a9de9248 1351static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1352{
a9de9248
MH		 1353 struct hci_cp_sniff_mode *cp;
1354 struct hci_conn *conn;
1da177e4 1355
a9de9248 1356 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1357
a9de9248
MH		 1358 if (!status)
1359 return;
04837f64 1360
a9de9248
MH		 1361 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1362 if (!cp)
1363 return;
04837f64 1364
a9de9248 1365 hci_dev_lock(hdev);
04837f64 1366
a9de9248 1367 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1368 if (conn) {
a9de9248 1369 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1370
e73439d8
MH		 1371 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1372 hci_sco_setup(conn, status);
1373 }
1374
a9de9248
MH		 1375 hci_dev_unlock(hdev);
1376}
04837f64 1377
a9de9248
MH		 1378static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1379{
1380 struct hci_cp_exit_sniff_mode *cp;
1381 struct hci_conn *conn;
04837f64 1382
a9de9248 1383 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1384
a9de9248
MH		 1385 if (!status)
1386 return;
04837f64 1387
a9de9248
MH		 1388 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1389 if (!cp)
1390 return;
04837f64 1391
a9de9248 1392 hci_dev_lock(hdev);
1da177e4 1393
a9de9248 1394 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1395 if (conn) {
a9de9248 1396 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1397
e73439d8
MH		 1398 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1399 hci_sco_setup(conn, status);
1400 }
1401
a9de9248 1402 hci_dev_unlock(hdev);
1da177e4
LT		 1403}
1404
fcd89c09
VT		 1405static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1406{
1407 struct hci_cp_le_create_conn *cp;
1408 struct hci_conn *conn;
1409
1410 BT_DBG("%s status 0x%x", hdev->name, status);
1411
1412 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1413 if (!cp)
1414 return;
1415
1416 hci_dev_lock(hdev);
1417
1418 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1419
1420 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1421 conn);
1422
1423 if (status) {
1424 if (conn && conn->state == BT_CONNECT) {
1425 conn->state = BT_CLOSED;
1426 hci_proto_connect_cfm(conn, status);
1427 hci_conn_del(conn);
1428 }
1429 } else {
1430 if (!conn) {
1431 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1432 if (conn) {
1433 conn->dst_type = cp->peer_addr_type;
fcd89c09 1434 conn->out = 1;
29b7988a 1435 } else {
fcd89c09 1436 BT_ERR("No memory for new connection");
29b7988a 1437 }
fcd89c09
VT		 1438 }
1439 }
1440
1441 hci_dev_unlock(hdev);
1442}
1443
a7a595f6
VCG		 1444static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1445{
1446 BT_DBG("%s status 0x%x", hdev->name, status);
1447}
1448
1da177e4
LT		 1449static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1450{
1451 __u8 status = *((__u8 *) skb->data);
1452
1453 BT_DBG("%s status %d", hdev->name, status);
1454
23bb5763 1455 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1456
a9de9248 1457 hci_conn_check_pending(hdev);
89352e7d
AG		 1458
1459 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1460 return;
1461
56e5cb86 1462 hci_dev_lock(hdev);
744cf19e 1463 mgmt_discovering(hdev, 0);
56e5cb86 1464 hci_dev_unlock(hdev);
1da177e4
LT		 1465}
1466
1da177e4
LT		 1467static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1468{
45bb4bf0 1469 struct inquiry_data data;
a9de9248 1470 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1471 int num_rsp = *((__u8 *) skb->data);
1472
1473 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1474
45bb4bf0
MH		 1475 if (!num_rsp)
1476 return;
1477
1da177e4 1478 hci_dev_lock(hdev);
45bb4bf0 1479
e17acd40 1480 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1481 bacpy(&data.bdaddr, &info->bdaddr);
1482 data.pscan_rep_mode = info->pscan_rep_mode;
1483 data.pscan_period_mode = info->pscan_period_mode;
1484 data.pscan_mode = info->pscan_mode;
1485 memcpy(data.dev_class, info->dev_class, 3);
1486 data.clock_offset = info->clock_offset;
1487 data.rssi = 0x00;
41a96212 1488 data.ssp_mode = 0x00;
1da177e4 1489 hci_inquiry_cache_update(hdev, &data);
48264f06 1490 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1491 info->dev_class, 0, NULL);
1da177e4 1492 }
45bb4bf0 1493
1da177e4
LT		 1494 hci_dev_unlock(hdev);
1495}
1496
1da177e4
LT		 1497static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1498{
a9de9248
MH		 1499 struct hci_ev_conn_complete *ev = (void *) skb->data;
1500 struct hci_conn *conn;
1da177e4
LT		 1501
1502 BT_DBG("%s", hdev->name);
1503
1504 hci_dev_lock(hdev);
1505
1506 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1507 if (!conn) {
1508 if (ev->link_type != SCO_LINK)
1509 goto unlock;
1510
1511 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1512 if (!conn)
1513 goto unlock;
1514
1515 conn->type = SCO_LINK;
1516 }
1da177e4
LT		 1517
1518 if (!ev->status) {
1519 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1520
1521 if (conn->type == ACL_LINK) {
1522 conn->state = BT_CONFIG;
1523 hci_conn_hold(conn);
052b30b0 1524 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1525 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1526 conn->dst_type);
769be974
MH		 1527 } else
1528 conn->state = BT_CONNECTED;
1da177e4 1529
9eba32b8 1530 hci_conn_hold_device(conn);
7d0db0a3
MH		 1531 hci_conn_add_sysfs(conn);
1532
1da177e4
LT		 1533 if (test_bit(HCI_AUTH, &hdev->flags))
1534 conn->link_mode |= HCI_LM_AUTH;
1535
1536 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1537 conn->link_mode |= HCI_LM_ENCRYPT;
1538
04837f64
MH		 1539 /* Get remote features */
1540 if (conn->type == ACL_LINK) {
1541 struct hci_cp_read_remote_features cp;
1542 cp.handle = ev->handle;
769be974
MH		 1543 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1544 sizeof(cp), &cp);
04837f64
MH		 1545 }
1546
1da177e4 1547 /* Set packet type for incoming connection */
a8746417 1548 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1549 struct hci_cp_change_conn_ptype cp;
1550 cp.handle = ev->handle;
a8746417
MH		 1551 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1552 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1553 sizeof(cp), &cp);
1da177e4 1554 }
17d5c04c 1555 } else {
1da177e4 1556 conn->state = BT_CLOSED;
17d5c04c 1557 if (conn->type == ACL_LINK)
744cf19e 1558 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1559 conn->dst_type, ev->status);
17d5c04c 1560 }
1da177e4 1561
e73439d8
MH		 1562 if (conn->type == ACL_LINK)
1563 hci_sco_setup(conn, ev->status);
1da177e4 1564
769be974
MH		 1565 if (ev->status) {
1566 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1567 hci_conn_del(conn);
c89b6e6b
MH		 1568 } else if (ev->link_type != ACL_LINK)
1569 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1570
a9de9248 1571unlock:
1da177e4 1572 hci_dev_unlock(hdev);
1da177e4 1573
a9de9248 1574 hci_conn_check_pending(hdev);
1da177e4
LT		 1575}
1576
a9de9248 1577static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1578{
a9de9248
MH		 1579 struct hci_ev_conn_request *ev = (void *) skb->data;
1580 int mask = hdev->link_mode;
1da177e4 1581
a9de9248
MH		 1582 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1583 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1584
a9de9248 1585 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1586
138d22ef
SJ		 1587 if ((mask & HCI_LM_ACCEPT) &&
1588 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1589 /* Connection accepted */
c7bdd502 1590 struct inquiry_entry *ie;
1da177e4 1591 struct hci_conn *conn;
1da177e4 1592
a9de9248 1593 hci_dev_lock(hdev);
b6a0dc82 1594
cc11b9c1
AE		 1595 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1596 if (ie)
c7bdd502
MH		 1597 memcpy(ie->data.dev_class, ev->dev_class, 3);
1598
a9de9248
MH		 1599 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1600 if (!conn) {
cc11b9c1
AE		 1601 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1602 if (!conn) {
893ef971 1603 BT_ERR("No memory for new connection");
a9de9248
MH		 1604 hci_dev_unlock(hdev);
1605 return;
1da177e4
LT		 1606 }
1607 }
b6a0dc82 1608
a9de9248
MH		 1609 memcpy(conn->dev_class, ev->dev_class, 3);
1610 conn->state = BT_CONNECT;
b6a0dc82 1611
a9de9248 1612 hci_dev_unlock(hdev);
1da177e4 1613
b6a0dc82
MH		 1614 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1615 struct hci_cp_accept_conn_req cp;
1da177e4 1616
b6a0dc82
MH		 1617 bacpy(&cp.bdaddr, &ev->bdaddr);
1618
1619 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1620 cp.role = 0x00; /* Become master */
1621 else
1622 cp.role = 0x01; /* Remain slave */
1623
1624 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1625 sizeof(cp), &cp);
1626 } else {
1627 struct hci_cp_accept_sync_conn_req cp;
1628
1629 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1630 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1631
1632 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1633 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1634 cp.max_latency = cpu_to_le16(0xffff);
1635 cp.content_format = cpu_to_le16(hdev->voice_setting);
1636 cp.retrans_effort = 0xff;
1da177e4 1637
b6a0dc82
MH		 1638 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1639 sizeof(cp), &cp);
1640 }
a9de9248
MH		 1641 } else {
1642 /* Connection rejected */
1643 struct hci_cp_reject_conn_req cp;
1da177e4 1644
a9de9248 1645 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1646 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1647 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1648 }
1da177e4
LT		 1649}
1650
a9de9248 1651static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1652{
a9de9248 1653 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1654 struct hci_conn *conn;
1655
1656 BT_DBG("%s status %d", hdev->name, ev->status);
1657
1658 hci_dev_lock(hdev);
1659
1660 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1661 if (!conn)
1662 goto unlock;
7d0db0a3 1663
37d9ef76
JH		 1664 if (ev->status == 0)
1665 conn->state = BT_CLOSED;
04837f64 1666
37d9ef76
JH		 1667 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1668 if (ev->status != 0)
1669 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1670 else
1671 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1672 conn->dst_type);
37d9ef76 1673 }
f7520543 1674
37d9ef76
JH		 1675 if (ev->status == 0) {
1676 hci_proto_disconn_cfm(conn, ev->reason);
1677 hci_conn_del(conn);
1678 }
f7520543
JH		 1679
1680unlock:
04837f64
MH		 1681 hci_dev_unlock(hdev);
1682}
1683
1da177e4
LT		 1684static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1685{
a9de9248 1686 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1687 struct hci_conn *conn;
1da177e4
LT		 1688
1689 BT_DBG("%s status %d", hdev->name, ev->status);
1690
1691 hci_dev_lock(hdev);
1692
04837f64 1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1694 if (!conn)
1695 goto unlock;
1696
1697 if (!ev->status) {
1698 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1699 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1700 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1701 } else {
d7556e20
WR		 1702 conn->link_mode |= HCI_LM_AUTH;
1703 conn->sec_level = conn->pending_sec_level;
2a611692 1704 }
d7556e20 1705 } else {
744cf19e 1706 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1707 }
1da177e4 1708
d7556e20
WR		 1709 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1710 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1711
d7556e20
WR		 1712 if (conn->state == BT_CONFIG) {
1713 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1714 struct hci_cp_set_conn_encrypt cp;
1715 cp.handle = ev->handle;
1716 cp.encrypt = 0x01;
1717 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1718 &cp);
052b30b0 1719 } else {
d7556e20
WR		 1720 conn->state = BT_CONNECTED;
1721 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1722 hci_conn_put(conn);
1723 }
d7556e20
WR		 1724 } else {
1725 hci_auth_cfm(conn, ev->status);
052b30b0 1726
d7556e20
WR		 1727 hci_conn_hold(conn);
1728 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1729 hci_conn_put(conn);
1730 }
1731
1732 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1733 if (!ev->status) {
1734 struct hci_cp_set_conn_encrypt cp;
1735 cp.handle = ev->handle;
1736 cp.encrypt = 0x01;
1737 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1738 &cp);
1739 } else {
1740 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1741 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1742 }
1743 }
1744
d7556e20 1745unlock:
1da177e4
LT		 1746 hci_dev_unlock(hdev);
1747}
1748
a9de9248 1749static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1750{
127178d2
JH		 1751 struct hci_ev_remote_name *ev = (void *) skb->data;
1752 struct hci_conn *conn;
1753
a9de9248 1754 BT_DBG("%s", hdev->name);
1da177e4 1755
a9de9248 1756 hci_conn_check_pending(hdev);
127178d2
JH		 1757
1758 hci_dev_lock(hdev);
1759
a88a9652 1760 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1761 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1762
127178d2 1763 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1764 if (!conn)
1765 goto unlock;
1766
1767 if (!hci_outgoing_auth_needed(hdev, conn))
1768 goto unlock;
1769
1770 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1771 struct hci_cp_auth_requested cp;
1772 cp.handle = __cpu_to_le16(conn->handle);
1773 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1774 }
1775
79c6c70c 1776unlock:
127178d2 1777 hci_dev_unlock(hdev);
a9de9248
MH		 1778}
1779
1780static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1781{
1782 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1783 struct hci_conn *conn;
1784
1785 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1786
1787 hci_dev_lock(hdev);
1788
04837f64 1789 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1790 if (conn) {
1791 if (!ev->status) {
ae293196
MH		 1792 if (ev->encrypt) {
1793 /* Encryption implies authentication */
1794 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1795 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1796 conn->sec_level = conn->pending_sec_level;
ae293196 1797 } else
1da177e4
LT		 1798 conn->link_mode &= ~HCI_LM_ENCRYPT;
1799 }
1800
1801 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1802
f8558555
MH		 1803 if (conn->state == BT_CONFIG) {
1804 if (!ev->status)
1805 conn->state = BT_CONNECTED;
1806
1807 hci_proto_connect_cfm(conn, ev->status);
1808 hci_conn_put(conn);
1809 } else
1810 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1811 }
1812
1813 hci_dev_unlock(hdev);
1814}
1815
a9de9248 1816static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1817{
a9de9248 1818 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1819 struct hci_conn *conn;
1da177e4
LT		 1820
1821 BT_DBG("%s status %d", hdev->name, ev->status);
1822
1823 hci_dev_lock(hdev);
1824
04837f64 1825 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1826 if (conn) {
1827 if (!ev->status)
1828 conn->link_mode |= HCI_LM_SECURE;
1829
1830 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1831
1832 hci_key_change_cfm(conn, ev->status);
1833 }
1834
1835 hci_dev_unlock(hdev);
1836}
1837
a9de9248 1838static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1839{
a9de9248
MH		 1840 struct hci_ev_remote_features *ev = (void *) skb->data;
1841 struct hci_conn *conn;
1842
1843 BT_DBG("%s status %d", hdev->name, ev->status);
1844
a9de9248
MH		 1845 hci_dev_lock(hdev);
1846
1847 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1848 if (!conn)
1849 goto unlock;
769be974 1850
ccd556fe
JH		 1851 if (!ev->status)
1852 memcpy(conn->features, ev->features, 8);
1853
1854 if (conn->state != BT_CONFIG)
1855 goto unlock;
1856
1857 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1858 struct hci_cp_read_remote_ext_features cp;
1859 cp.handle = ev->handle;
1860 cp.page = 0x01;
1861 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1862 sizeof(cp), &cp);
392599b9
JH		 1863 goto unlock;
1864 }
1865
127178d2
JH		 1866 if (!ev->status) {
1867 struct hci_cp_remote_name_req cp;
1868 memset(&cp, 0, sizeof(cp));
1869 bacpy(&cp.bdaddr, &conn->dst);
1870 cp.pscan_rep_mode = 0x02;
1871 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1872 }
392599b9 1873
127178d2 1874 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1875 conn->state = BT_CONNECTED;
1876 hci_proto_connect_cfm(conn, ev->status);
1877 hci_conn_put(conn);
769be974 1878 }
a9de9248 1879
ccd556fe 1880unlock:
a9de9248 1881 hci_dev_unlock(hdev);
1da177e4
LT		 1882}
1883
a9de9248 1884static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1885{
a9de9248 1886 BT_DBG("%s", hdev->name);
1da177e4
LT		 1887}
1888
a9de9248 1889static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1890{
a9de9248 1891 BT_DBG("%s", hdev->name);
1da177e4
LT		 1892}
1893
a9de9248
MH		 1894static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1895{
1896 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1897 __u16 opcode;
1898
1899 skb_pull(skb, sizeof(*ev));
1900
1901 opcode = __le16_to_cpu(ev->opcode);
1902
1903 switch (opcode) {
1904 case HCI_OP_INQUIRY_CANCEL:
1905 hci_cc_inquiry_cancel(hdev, skb);
1906 break;
1907
1908 case HCI_OP_EXIT_PERIODIC_INQ:
1909 hci_cc_exit_periodic_inq(hdev, skb);
1910 break;
1911
1912 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1913 hci_cc_remote_name_req_cancel(hdev, skb);
1914 break;
1915
1916 case HCI_OP_ROLE_DISCOVERY:
1917 hci_cc_role_discovery(hdev, skb);
1918 break;
1919
e4e8e37c
MH		 1920 case HCI_OP_READ_LINK_POLICY:
1921 hci_cc_read_link_policy(hdev, skb);
1922 break;
1923
a9de9248
MH		 1924 case HCI_OP_WRITE_LINK_POLICY:
1925 hci_cc_write_link_policy(hdev, skb);
1926 break;
1927
e4e8e37c
MH		 1928 case HCI_OP_READ_DEF_LINK_POLICY:
1929 hci_cc_read_def_link_policy(hdev, skb);
1930 break;
1931
1932 case HCI_OP_WRITE_DEF_LINK_POLICY:
1933 hci_cc_write_def_link_policy(hdev, skb);
1934 break;
1935
a9de9248
MH		 1936 case HCI_OP_RESET:
1937 hci_cc_reset(hdev, skb);
1938 break;
1939
1940 case HCI_OP_WRITE_LOCAL_NAME:
1941 hci_cc_write_local_name(hdev, skb);
1942 break;
1943
1944 case HCI_OP_READ_LOCAL_NAME:
1945 hci_cc_read_local_name(hdev, skb);
1946 break;
1947
1948 case HCI_OP_WRITE_AUTH_ENABLE:
1949 hci_cc_write_auth_enable(hdev, skb);
1950 break;
1951
1952 case HCI_OP_WRITE_ENCRYPT_MODE:
1953 hci_cc_write_encrypt_mode(hdev, skb);
1954 break;
1955
1956 case HCI_OP_WRITE_SCAN_ENABLE:
1957 hci_cc_write_scan_enable(hdev, skb);
1958 break;
1959
1960 case HCI_OP_READ_CLASS_OF_DEV:
1961 hci_cc_read_class_of_dev(hdev, skb);
1962 break;
1963
1964 case HCI_OP_WRITE_CLASS_OF_DEV:
1965 hci_cc_write_class_of_dev(hdev, skb);
1966 break;
1967
1968 case HCI_OP_READ_VOICE_SETTING:
1969 hci_cc_read_voice_setting(hdev, skb);
1970 break;
1971
1972 case HCI_OP_WRITE_VOICE_SETTING:
1973 hci_cc_write_voice_setting(hdev, skb);
1974 break;
1975
1976 case HCI_OP_HOST_BUFFER_SIZE:
1977 hci_cc_host_buffer_size(hdev, skb);
1978 break;
1979
333140b5
MH		 1980 case HCI_OP_READ_SSP_MODE:
1981 hci_cc_read_ssp_mode(hdev, skb);
1982 break;
1983
1984 case HCI_OP_WRITE_SSP_MODE:
1985 hci_cc_write_ssp_mode(hdev, skb);
1986 break;
1987
a9de9248
MH		 1988 case HCI_OP_READ_LOCAL_VERSION:
1989 hci_cc_read_local_version(hdev, skb);
1990 break;
1991
1992 case HCI_OP_READ_LOCAL_COMMANDS:
1993 hci_cc_read_local_commands(hdev, skb);
1994 break;
1995
1996 case HCI_OP_READ_LOCAL_FEATURES:
1997 hci_cc_read_local_features(hdev, skb);
1998 break;
1999
971e3a4b
AG		 2000 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2001 hci_cc_read_local_ext_features(hdev, skb);
2002 break;
2003
a9de9248
MH		 2004 case HCI_OP_READ_BUFFER_SIZE:
2005 hci_cc_read_buffer_size(hdev, skb);
2006 break;
2007
2008 case HCI_OP_READ_BD_ADDR:
2009 hci_cc_read_bd_addr(hdev, skb);
2010 break;
2011
23bb5763
JH		 2012 case HCI_OP_WRITE_CA_TIMEOUT:
2013 hci_cc_write_ca_timeout(hdev, skb);
2014 break;
2015
1e89cffb
AE		 2016 case HCI_OP_READ_FLOW_CONTROL_MODE:
2017 hci_cc_read_flow_control_mode(hdev, skb);
2018 break;
2019
928abaa7
AE		 2020 case HCI_OP_READ_LOCAL_AMP_INFO:
2021 hci_cc_read_local_amp_info(hdev, skb);
2022 break;
2023
b0916ea0
JH		 2024 case HCI_OP_DELETE_STORED_LINK_KEY:
2025 hci_cc_delete_stored_link_key(hdev, skb);
2026 break;
2027
d5859e22
JH		 2028 case HCI_OP_SET_EVENT_MASK:
2029 hci_cc_set_event_mask(hdev, skb);
2030 break;
2031
2032 case HCI_OP_WRITE_INQUIRY_MODE:
2033 hci_cc_write_inquiry_mode(hdev, skb);
2034 break;
2035
2036 case HCI_OP_READ_INQ_RSP_TX_POWER:
2037 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2038 break;
2039
2040 case HCI_OP_SET_EVENT_FLT:
2041 hci_cc_set_event_flt(hdev, skb);
2042 break;
2043
980e1a53
JH		 2044 case HCI_OP_PIN_CODE_REPLY:
2045 hci_cc_pin_code_reply(hdev, skb);
2046 break;
2047
2048 case HCI_OP_PIN_CODE_NEG_REPLY:
2049 hci_cc_pin_code_neg_reply(hdev, skb);
2050 break;
2051
c35938b2
SJ		 2052 case HCI_OP_READ_LOCAL_OOB_DATA:
2053 hci_cc_read_local_oob_data_reply(hdev, skb);
2054 break;
2055
6ed58ec5
VT		 2056 case HCI_OP_LE_READ_BUFFER_SIZE:
2057 hci_cc_le_read_buffer_size(hdev, skb);
2058 break;
2059
a5c29683
JH		 2060 case HCI_OP_USER_CONFIRM_REPLY:
2061 hci_cc_user_confirm_reply(hdev, skb);
2062 break;
2063
2064 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2065 hci_cc_user_confirm_neg_reply(hdev, skb);
2066 break;
2067
1143d458
BG		 2068 case HCI_OP_USER_PASSKEY_REPLY:
2069 hci_cc_user_passkey_reply(hdev, skb);
2070 break;
2071
2072 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2073 hci_cc_user_passkey_neg_reply(hdev, skb);
2074 break;
2075
eb9d91f5
AG		 2076 case HCI_OP_LE_SET_SCAN_ENABLE:
2077 hci_cc_le_set_scan_enable(hdev, skb);
2078 break;
2079
a7a595f6
VCG		 2080 case HCI_OP_LE_LTK_REPLY:
2081 hci_cc_le_ltk_reply(hdev, skb);
2082 break;
2083
2084 case HCI_OP_LE_LTK_NEG_REPLY:
2085 hci_cc_le_ltk_neg_reply(hdev, skb);
2086 break;
2087
f9b49306
AG		 2088 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2089 hci_cc_write_le_host_supported(hdev, skb);
2090 break;
2091
a9de9248
MH		 2092 default:
2093 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2094 break;
2095 }
2096
6bd32326
VT		 2097 if (ev->opcode != HCI_OP_NOP)
2098 del_timer(&hdev->cmd_timer);
2099
a9de9248
MH		 2100 if (ev->ncmd) {
2101 atomic_set(&hdev->cmd_cnt, 1);
2102 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2103 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2104 }
2105}
2106
2107static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2108{
2109 struct hci_ev_cmd_status *ev = (void *) skb->data;
2110 __u16 opcode;
2111
2112 skb_pull(skb, sizeof(*ev));
2113
2114 opcode = __le16_to_cpu(ev->opcode);
2115
2116 switch (opcode) {
2117 case HCI_OP_INQUIRY:
2118 hci_cs_inquiry(hdev, ev->status);
2119 break;
2120
2121 case HCI_OP_CREATE_CONN:
2122 hci_cs_create_conn(hdev, ev->status);
2123 break;
2124
2125 case HCI_OP_ADD_SCO:
2126 hci_cs_add_sco(hdev, ev->status);
2127 break;
2128
f8558555
MH		 2129 case HCI_OP_AUTH_REQUESTED:
2130 hci_cs_auth_requested(hdev, ev->status);
2131 break;
2132
2133 case HCI_OP_SET_CONN_ENCRYPT:
2134 hci_cs_set_conn_encrypt(hdev, ev->status);
2135 break;
2136
a9de9248
MH		 2137 case HCI_OP_REMOTE_NAME_REQ:
2138 hci_cs_remote_name_req(hdev, ev->status);
2139 break;
2140
769be974
MH		 2141 case HCI_OP_READ_REMOTE_FEATURES:
2142 hci_cs_read_remote_features(hdev, ev->status);
2143 break;
2144
2145 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2146 hci_cs_read_remote_ext_features(hdev, ev->status);
2147 break;
2148
a9de9248
MH		 2149 case HCI_OP_SETUP_SYNC_CONN:
2150 hci_cs_setup_sync_conn(hdev, ev->status);
2151 break;
2152
2153 case HCI_OP_SNIFF_MODE:
2154 hci_cs_sniff_mode(hdev, ev->status);
2155 break;
2156
2157 case HCI_OP_EXIT_SNIFF_MODE:
2158 hci_cs_exit_sniff_mode(hdev, ev->status);
2159 break;
2160
8962ee74
JH		 2161 case HCI_OP_DISCONNECT:
2162 if (ev->status != 0)
37d9ef76 2163 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2164 break;
2165
fcd89c09
VT		 2166 case HCI_OP_LE_CREATE_CONN:
2167 hci_cs_le_create_conn(hdev, ev->status);
2168 break;
2169
a7a595f6
VCG		 2170 case HCI_OP_LE_START_ENC:
2171 hci_cs_le_start_enc(hdev, ev->status);
2172 break;
2173
a9de9248
MH		 2174 default:
2175 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2176 break;
2177 }
2178
6bd32326
VT		 2179 if (ev->opcode != HCI_OP_NOP)
2180 del_timer(&hdev->cmd_timer);
2181
10572132 2182 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2183 atomic_set(&hdev->cmd_cnt, 1);
2184 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2185 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2186 }
2187}
2188
2189static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2190{
2191 struct hci_ev_role_change *ev = (void *) skb->data;
2192 struct hci_conn *conn;
2193
2194 BT_DBG("%s status %d", hdev->name, ev->status);
2195
2196 hci_dev_lock(hdev);
2197
2198 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2199 if (conn) {
2200 if (!ev->status) {
2201 if (ev->role)
2202 conn->link_mode &= ~HCI_LM_MASTER;
2203 else
2204 conn->link_mode |= HCI_LM_MASTER;
2205 }
2206
2207 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2208
2209 hci_role_switch_cfm(conn, ev->status, ev->role);
2210 }
2211
2212 hci_dev_unlock(hdev);
2213}
2214
2215static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2216{
2217 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2218 __le16 *ptr;
2219 int i;
2220
2221 skb_pull(skb, sizeof(*ev));
2222
2223 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2224
2225 if (skb->len < ev->num_hndl * 4) {
2226 BT_DBG("%s bad parameters", hdev->name);
2227 return;
2228 }
2229
2230 tasklet_disable(&hdev->tx_task);
2231
2232 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2233 struct hci_conn *conn;
2234 __u16 handle, count;
2235
83985319
HH		 2236 handle = get_unaligned_le16(ptr++);
2237 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2238
2239 conn = hci_conn_hash_lookup_handle(hdev, handle);
2240 if (conn) {
2241 conn->sent -= count;
2242
2243 if (conn->type == ACL_LINK) {
70f23020
AE		 2244 hdev->acl_cnt += count;
2245 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2246 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2247 } else if (conn->type == LE_LINK) {
2248 if (hdev->le_pkts) {
2249 hdev->le_cnt += count;
2250 if (hdev->le_cnt > hdev->le_pkts)
2251 hdev->le_cnt = hdev->le_pkts;
2252 } else {
2253 hdev->acl_cnt += count;
2254 if (hdev->acl_cnt > hdev->acl_pkts)
2255 hdev->acl_cnt = hdev->acl_pkts;
2256 }
a9de9248 2257 } else {
70f23020
AE		 2258 hdev->sco_cnt += count;
2259 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2260 hdev->sco_cnt = hdev->sco_pkts;
2261 }
2262 }
2263 }
2264
c78ae283 2265 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2266
2267 tasklet_enable(&hdev->tx_task);
2268}
2269
2270static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2271{
a9de9248 2272 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2273 struct hci_conn *conn;
2274
2275 BT_DBG("%s status %d", hdev->name, ev->status);
2276
2277 hci_dev_lock(hdev);
2278
2279 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2280 if (conn) {
2281 conn->mode = ev->mode;
2282 conn->interval = __le16_to_cpu(ev->interval);
2283
2284 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2285 if (conn->mode == HCI_CM_ACTIVE)
2286 conn->power_save = 1;
2287 else
2288 conn->power_save = 0;
2289 }
e73439d8
MH		 2290
2291 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2292 hci_sco_setup(conn, ev->status);
04837f64
MH		 2293 }
2294
2295 hci_dev_unlock(hdev);
2296}
2297
a9de9248
MH		 2298static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2299{
052b30b0
MH		 2300 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2301 struct hci_conn *conn;
2302
a9de9248 2303 BT_DBG("%s", hdev->name);
052b30b0
MH		 2304
2305 hci_dev_lock(hdev);
2306
2307 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2308 if (!conn)
2309 goto unlock;
2310
2311 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2312 hci_conn_hold(conn);
2313 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2314 hci_conn_put(conn);
2315 }
2316
03b555e1
JH		 2317 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2318 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2319 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2320 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2321 u8 secure;
2322
2323 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2324 secure = 1;
2325 else
2326 secure = 0;
2327
744cf19e 2328 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2329 }
980e1a53 2330
b6f98044 2331unlock:
052b30b0 2332 hci_dev_unlock(hdev);
a9de9248
MH		 2333}
2334
2335static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2336{
55ed8ca1
JH		 2337 struct hci_ev_link_key_req *ev = (void *) skb->data;
2338 struct hci_cp_link_key_reply cp;
2339 struct hci_conn *conn;
2340 struct link_key *key;
2341
a9de9248 2342 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2343
2344 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2345 return;
2346
2347 hci_dev_lock(hdev);
2348
2349 key = hci_find_link_key(hdev, &ev->bdaddr);
2350 if (!key) {
2351 BT_DBG("%s link key not found for %s", hdev->name,
2352 batostr(&ev->bdaddr));
2353 goto not_found;
2354 }
2355
2356 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2357 batostr(&ev->bdaddr));
2358
b6020ba0
WR		 2359 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2360 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2361 BT_DBG("%s ignoring debug key", hdev->name);
2362 goto not_found;
2363 }
2364
2365 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2366 if (conn) {
2367 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2368 conn->auth_type != 0xff &&
2369 (conn->auth_type & 0x01)) {
2370 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2371 goto not_found;
2372 }
55ed8ca1 2373
60b83f57
WR		 2374 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2375 conn->pending_sec_level == BT_SECURITY_HIGH) {
2376 BT_DBG("%s ignoring key unauthenticated for high \
2377 security", hdev->name);
2378 goto not_found;
2379 }
2380
2381 conn->key_type = key->type;
2382 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2383 }
2384
2385 bacpy(&cp.bdaddr, &ev->bdaddr);
2386 memcpy(cp.link_key, key->val, 16);
2387
2388 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2389
2390 hci_dev_unlock(hdev);
2391
2392 return;
2393
2394not_found:
2395 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2396 hci_dev_unlock(hdev);
a9de9248
MH		 2397}
2398
2399static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2400{
052b30b0
MH		 2401 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2402 struct hci_conn *conn;
55ed8ca1 2403 u8 pin_len = 0;
052b30b0 2404
a9de9248 2405 BT_DBG("%s", hdev->name);
052b30b0
MH		 2406
2407 hci_dev_lock(hdev);
2408
2409 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2410 if (conn) {
2411 hci_conn_hold(conn);
2412 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2413 pin_len = conn->pin_length;
13d39315
WR		 2414
2415 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2416 conn->key_type = ev->key_type;
2417
052b30b0
MH		 2418 hci_conn_put(conn);
2419 }
2420
55ed8ca1 2421 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2422 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2423 ev->key_type, pin_len);
2424
052b30b0 2425 hci_dev_unlock(hdev);
a9de9248
MH		 2426}
2427
1da177e4
LT		 2428static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429{
a9de9248 2430 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2431 struct hci_conn *conn;
1da177e4
LT		 2432
2433 BT_DBG("%s status %d", hdev->name, ev->status);
2434
2435 hci_dev_lock(hdev);
2436
04837f64 2437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2438 if (conn && !ev->status) {
2439 struct inquiry_entry *ie;
2440
cc11b9c1
AE		 2441 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2442 if (ie) {
1da177e4
LT		 2443 ie->data.clock_offset = ev->clock_offset;
2444 ie->timestamp = jiffies;
2445 }
2446 }
2447
2448 hci_dev_unlock(hdev);
2449}
2450
a8746417
MH		 2451static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2452{
2453 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2454 struct hci_conn *conn;
2455
2456 BT_DBG("%s status %d", hdev->name, ev->status);
2457
2458 hci_dev_lock(hdev);
2459
2460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2461 if (conn && !ev->status)
2462 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2463
2464 hci_dev_unlock(hdev);
2465}
2466
85a1e930
MH		 2467static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2468{
a9de9248 2469 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2470 struct inquiry_entry *ie;
2471
2472 BT_DBG("%s", hdev->name);
2473
2474 hci_dev_lock(hdev);
2475
cc11b9c1
AE		 2476 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2477 if (ie) {
85a1e930
MH		 2478 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2479 ie->timestamp = jiffies;
2480 }
2481
2482 hci_dev_unlock(hdev);
2483}
2484
a9de9248
MH		 2485static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2486{
2487 struct inquiry_data data;
2488 int num_rsp = *((__u8 *) skb->data);
2489
2490 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2491
2492 if (!num_rsp)
2493 return;
2494
2495 hci_dev_lock(hdev);
2496
2497 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2498 struct inquiry_info_with_rssi_and_pscan_mode *info;
2499 info = (void *) (skb->data + 1);
a9de9248 2500
e17acd40 2501 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2502 bacpy(&data.bdaddr, &info->bdaddr);
2503 data.pscan_rep_mode = info->pscan_rep_mode;
2504 data.pscan_period_mode = info->pscan_period_mode;
2505 data.pscan_mode = info->pscan_mode;
2506 memcpy(data.dev_class, info->dev_class, 3);
2507 data.clock_offset = info->clock_offset;
2508 data.rssi = info->rssi;
41a96212 2509 data.ssp_mode = 0x00;
a9de9248 2510 hci_inquiry_cache_update(hdev, &data);
48264f06 2511 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2512 info->dev_class, info->rssi,
2513 NULL);
a9de9248
MH		 2514 }
2515 } else {
2516 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2517
e17acd40 2518 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2519 bacpy(&data.bdaddr, &info->bdaddr);
2520 data.pscan_rep_mode = info->pscan_rep_mode;
2521 data.pscan_period_mode = info->pscan_period_mode;
2522 data.pscan_mode = 0x00;
2523 memcpy(data.dev_class, info->dev_class, 3);
2524 data.clock_offset = info->clock_offset;
2525 data.rssi = info->rssi;
41a96212 2526 data.ssp_mode = 0x00;
a9de9248 2527 hci_inquiry_cache_update(hdev, &data);
48264f06 2528 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2529 info->dev_class, info->rssi,
2530 NULL);
a9de9248
MH		 2531 }
2532 }
2533
2534 hci_dev_unlock(hdev);
2535}
2536
2537static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2538{
41a96212
MH		 2539 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2540 struct hci_conn *conn;
2541
a9de9248 2542 BT_DBG("%s", hdev->name);
41a96212 2543
41a96212
MH		 2544 hci_dev_lock(hdev);
2545
2546 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2547 if (!conn)
2548 goto unlock;
41a96212 2549
ccd556fe
JH		 2550 if (!ev->status && ev->page == 0x01) {
2551 struct inquiry_entry *ie;
41a96212 2552
cc11b9c1
AE		 2553 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2554 if (ie)
ccd556fe 2555 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2556
ccd556fe
JH		 2557 conn->ssp_mode = (ev->features[0] & 0x01);
2558 }
2559
2560 if (conn->state != BT_CONFIG)
2561 goto unlock;
2562
127178d2
JH		 2563 if (!ev->status) {
2564 struct hci_cp_remote_name_req cp;
2565 memset(&cp, 0, sizeof(cp));
2566 bacpy(&cp.bdaddr, &conn->dst);
2567 cp.pscan_rep_mode = 0x02;
2568 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2569 }
392599b9 2570
127178d2 2571 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2572 conn->state = BT_CONNECTED;
2573 hci_proto_connect_cfm(conn, ev->status);
2574 hci_conn_put(conn);
41a96212
MH		 2575 }
2576
ccd556fe 2577unlock:
41a96212 2578 hci_dev_unlock(hdev);
a9de9248
MH		 2579}
2580
2581static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2582{
b6a0dc82
MH		 2583 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2584 struct hci_conn *conn;
2585
2586 BT_DBG("%s status %d", hdev->name, ev->status);
2587
2588 hci_dev_lock(hdev);
2589
2590 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2591 if (!conn) {
2592 if (ev->link_type == ESCO_LINK)
2593 goto unlock;
2594
2595 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2596 if (!conn)
2597 goto unlock;
2598
2599 conn->type = SCO_LINK;
2600 }
b6a0dc82 2601
732547f9
MH		 2602 switch (ev->status) {
2603 case 0x00:
b6a0dc82
MH		 2604 conn->handle = __le16_to_cpu(ev->handle);
2605 conn->state = BT_CONNECTED;
7d0db0a3 2606
9eba32b8 2607 hci_conn_hold_device(conn);
7d0db0a3 2608 hci_conn_add_sysfs(conn);
732547f9
MH		 2609 break;
2610
705e5711 2611 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2612 case 0x1c: /* SCO interval rejected */
1038a00b 2613 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2614 case 0x1f: /* Unspecified error */
2615 if (conn->out && conn->attempt < 2) {
2616 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2617 (hdev->esco_type & EDR_ESCO_MASK);
2618 hci_setup_sync(conn, conn->link->handle);
2619 goto unlock;
2620 }
2621 /* fall through */
2622
2623 default:
b6a0dc82 2624 conn->state = BT_CLOSED;
732547f9
MH		 2625 break;
2626 }
b6a0dc82
MH		 2627
2628 hci_proto_connect_cfm(conn, ev->status);
2629 if (ev->status)
2630 hci_conn_del(conn);
2631
2632unlock:
2633 hci_dev_unlock(hdev);
a9de9248
MH		 2634}
2635
2636static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2637{
2638 BT_DBG("%s", hdev->name);
2639}
2640
04837f64
MH		 2641static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2642{
a9de9248 2643 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2644
2645 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2646}
2647
a9de9248 2648static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2649{
a9de9248
MH		 2650 struct inquiry_data data;
2651 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2652 int num_rsp = *((__u8 *) skb->data);
1da177e4 2653
a9de9248 2654 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2655
a9de9248
MH		 2656 if (!num_rsp)
2657 return;
1da177e4 2658
a9de9248
MH		 2659 hci_dev_lock(hdev);
2660
e17acd40 2661 for (; num_rsp; num_rsp--, info++) {
a9de9248 2662 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2663 data.pscan_rep_mode = info->pscan_rep_mode;
2664 data.pscan_period_mode = info->pscan_period_mode;
2665 data.pscan_mode = 0x00;
a9de9248 2666 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2667 data.clock_offset = info->clock_offset;
2668 data.rssi = info->rssi;
41a96212 2669 data.ssp_mode = 0x01;
a9de9248 2670 hci_inquiry_cache_update(hdev, &data);
48264f06 2671 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2672 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2673 }
2674
2675 hci_dev_unlock(hdev);
2676}
1da177e4 2677
17fa4b9d
JH		 2678static inline u8 hci_get_auth_req(struct hci_conn *conn)
2679{
2680 /* If remote requests dedicated bonding follow that lead */
2681 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2682 /* If both remote and local IO capabilities allow MITM
2683 * protection then require it, otherwise don't */
2684 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2685 return 0x02;
2686 else
2687 return 0x03;
2688 }
2689
2690 /* If remote requests no-bonding follow that lead */
2691 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2692 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2693
2694 return conn->auth_type;
2695}
2696
0493684e
MH		 2697static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2698{
2699 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2700 struct hci_conn *conn;
2701
2702 BT_DBG("%s", hdev->name);
2703
2704 hci_dev_lock(hdev);
2705
2706 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2707 if (!conn)
2708 goto unlock;
2709
2710 hci_conn_hold(conn);
2711
2712 if (!test_bit(HCI_MGMT, &hdev->flags))
2713 goto unlock;
2714
2715 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2716 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2717 struct hci_cp_io_capability_reply cp;
2718
2719 bacpy(&cp.bdaddr, &ev->bdaddr);
2720 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2721 conn->auth_type = hci_get_auth_req(conn);
2722 cp.authentication = conn->auth_type;
17fa4b9d 2723
ce85ee13
SJ		 2724 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2725 hci_find_remote_oob_data(hdev, &conn->dst))
2726 cp.oob_data = 0x01;
2727 else
2728 cp.oob_data = 0x00;
2729
17fa4b9d
JH		 2730 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2731 sizeof(cp), &cp);
03b555e1
JH		 2732 } else {
2733 struct hci_cp_io_capability_neg_reply cp;
2734
2735 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2736 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2737
03b555e1
JH		 2738 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2739 sizeof(cp), &cp);
2740 }
2741
2742unlock:
2743 hci_dev_unlock(hdev);
2744}
2745
2746static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2747{
2748 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2749 struct hci_conn *conn;
2750
2751 BT_DBG("%s", hdev->name);
2752
2753 hci_dev_lock(hdev);
2754
2755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2756 if (!conn)
2757 goto unlock;
2758
03b555e1
JH		 2759 conn->remote_cap = ev->capability;
2760 conn->remote_oob = ev->oob_data;
2761 conn->remote_auth = ev->authentication;
2762
2763unlock:
0493684e
MH		 2764 hci_dev_unlock(hdev);
2765}
2766
a5c29683
JH		 2767static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2768 struct sk_buff *skb)
2769{
2770 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2771 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2772 struct hci_conn *conn;
a5c29683
JH		 2773
2774 BT_DBG("%s", hdev->name);
2775
2776 hci_dev_lock(hdev);
2777
7a828908
JH		 2778 if (!test_bit(HCI_MGMT, &hdev->flags))
2779 goto unlock;
a5c29683 2780
7a828908
JH		 2781 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2782 if (!conn)
2783 goto unlock;
2784
2785 loc_mitm = (conn->auth_type & 0x01);
2786 rem_mitm = (conn->remote_auth & 0x01);
2787
2788 /* If we require MITM but the remote device can't provide that
2789 * (it has NoInputNoOutput) then reject the confirmation
2790 * request. The only exception is when we're dedicated bonding
2791 * initiators (connect_cfm_cb set) since then we always have the MITM
2792 * bit set. */
2793 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2794 BT_DBG("Rejecting request: remote device can't provide MITM");
2795 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2796 sizeof(ev->bdaddr), &ev->bdaddr);
2797 goto unlock;
2798 }
2799
2800 /* If no side requires MITM protection; auto-accept */
2801 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2802 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2803
2804 /* If we're not the initiators request authorization to
2805 * proceed from user space (mgmt_user_confirm with
2806 * confirm_hint set to 1). */
2807 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2808 BT_DBG("Confirming auto-accept as acceptor");
2809 confirm_hint = 1;
2810 goto confirm;
2811 }
2812
9f61656a
JH		 2813 BT_DBG("Auto-accept of user confirmation with %ums delay",
2814 hdev->auto_accept_delay);
2815
2816 if (hdev->auto_accept_delay > 0) {
2817 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2818 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2819 goto unlock;
2820 }
2821
7a828908
JH		 2822 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2823 sizeof(ev->bdaddr), &ev->bdaddr);
2824 goto unlock;
2825 }
2826
55bc1a37 2827confirm:
744cf19e 2828 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2829 confirm_hint);
7a828908
JH		 2830
2831unlock:
a5c29683
JH		 2832 hci_dev_unlock(hdev);
2833}
2834
1143d458
BG		 2835static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2836 struct sk_buff *skb)
2837{
2838 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2839
2840 BT_DBG("%s", hdev->name);
2841
2842 hci_dev_lock(hdev);
2843
2844 if (test_bit(HCI_MGMT, &hdev->flags))
2845 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2846
2847 hci_dev_unlock(hdev);
2848}
2849
0493684e
MH		 2850static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2851{
2852 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2853 struct hci_conn *conn;
2854
2855 BT_DBG("%s", hdev->name);
2856
2857 hci_dev_lock(hdev);
2858
2859 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2860 if (!conn)
2861 goto unlock;
2862
2863 /* To avoid duplicate auth_failed events to user space we check
2864 * the HCI_CONN_AUTH_PEND flag which will be set if we
2865 * initiated the authentication. A traditional auth_complete
2866 * event gets always produced as initiator and is also mapped to
2867 * the mgmt_auth_failed event */
2868 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2869 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2870
2a611692
JH		 2871 hci_conn_put(conn);
2872
2873unlock:
0493684e
MH		 2874 hci_dev_unlock(hdev);
2875}
2876
41a96212
MH		 2877static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2878{
2879 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2880 struct inquiry_entry *ie;
2881
2882 BT_DBG("%s", hdev->name);
2883
2884 hci_dev_lock(hdev);
2885
cc11b9c1
AE		 2886 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2887 if (ie)
41a96212
MH		 2888 ie->data.ssp_mode = (ev->features[0] & 0x01);
2889
2890 hci_dev_unlock(hdev);
2891}
2892
2763eda6
SJ		 2893static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2894 struct sk_buff *skb)
2895{
2896 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2897 struct oob_data *data;
2898
2899 BT_DBG("%s", hdev->name);
2900
2901 hci_dev_lock(hdev);
2902
e1ba1f15
SJ		 2903 if (!test_bit(HCI_MGMT, &hdev->flags))
2904 goto unlock;
2905
2763eda6
SJ		 2906 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2907 if (data) {
2908 struct hci_cp_remote_oob_data_reply cp;
2909
2910 bacpy(&cp.bdaddr, &ev->bdaddr);
2911 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2912 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2913
2914 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2915 &cp);
2916 } else {
2917 struct hci_cp_remote_oob_data_neg_reply cp;
2918
2919 bacpy(&cp.bdaddr, &ev->bdaddr);
2920 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2921 &cp);
2922 }
2923
e1ba1f15 2924unlock:
2763eda6
SJ		 2925 hci_dev_unlock(hdev);
2926}
2927
fcd89c09
VT		 2928static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2929{
2930 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2931 struct hci_conn *conn;
2932
2933 BT_DBG("%s status %d", hdev->name, ev->status);
2934
2935 hci_dev_lock(hdev);
2936
2937 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2938 if (!conn) {
2939 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2940 if (!conn) {
2941 BT_ERR("No memory for new connection");
2942 hci_dev_unlock(hdev);
2943 return;
2944 }
29b7988a
AG		 2945
2946 conn->dst_type = ev->bdaddr_type;
b62f328b 2947 }
fcd89c09
VT		 2948
2949 if (ev->status) {
48264f06
JH		 2950 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2951 conn->dst_type, ev->status);
fcd89c09
VT		 2952 hci_proto_connect_cfm(conn, ev->status);
2953 conn->state = BT_CLOSED;
2954 hci_conn_del(conn);
2955 goto unlock;
2956 }
2957
48264f06 2958 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 2959
7b5c0d52 2960 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2961 conn->handle = __le16_to_cpu(ev->handle);
2962 conn->state = BT_CONNECTED;
2963
2964 hci_conn_hold_device(conn);
2965 hci_conn_add_sysfs(conn);
2966
2967 hci_proto_connect_cfm(conn, ev->status);
2968
2969unlock:
2970 hci_dev_unlock(hdev);
2971}
2972
9aa04c91
AG		 2973static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2974 struct sk_buff *skb)
2975{
e95beb41
AG		 2976 u8 num_reports = skb->data[0];
2977 void *ptr = &skb->data[1];
9aa04c91
AG		 2978
2979 hci_dev_lock(hdev);
2980
e95beb41
AG		 2981 while (num_reports--) {
2982 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2983
9aa04c91 2984 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 2985
2986 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 2987 }
2988
2989 hci_dev_unlock(hdev);
2990}
2991
a7a595f6
VCG		 2992static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
2994{
2995 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2996 struct hci_cp_le_ltk_reply cp;
bea710fe 2997 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 2998 struct hci_conn *conn;
bea710fe 2999 struct link_key *ltk;
a7a595f6
VCG		 3000
3001 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3002
3003 hci_dev_lock(hdev);
3004
3005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3006 if (conn == NULL)
3007 goto not_found;
a7a595f6 3008
bea710fe
VCG		 3009 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3010 if (ltk == NULL)
3011 goto not_found;
3012
3013 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3014 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3015 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3016
3017 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3018
3019 hci_dev_unlock(hdev);
bea710fe
VCG		 3020
3021 return;
3022
3023not_found:
3024 neg.handle = ev->handle;
3025 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3026 hci_dev_unlock(hdev);
a7a595f6
VCG		 3027}
3028
fcd89c09
VT		 3029static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3030{
3031 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3032
3033 skb_pull(skb, sizeof(*le_ev));
3034
3035 switch (le_ev->subevent) {
3036 case HCI_EV_LE_CONN_COMPLETE:
3037 hci_le_conn_complete_evt(hdev, skb);
3038 break;
3039
9aa04c91
AG		 3040 case HCI_EV_LE_ADVERTISING_REPORT:
3041 hci_le_adv_report_evt(hdev, skb);
3042 break;
3043
a7a595f6
VCG		 3044 case HCI_EV_LE_LTK_REQ:
3045 hci_le_ltk_request_evt(hdev, skb);
3046 break;
3047
fcd89c09
VT		 3048 default:
3049 break;
3050 }
3051}
3052
a9de9248
MH		 3053void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3054{
3055 struct hci_event_hdr *hdr = (void *) skb->data;
3056 __u8 event = hdr->evt;
3057
3058 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3059
3060 switch (event) {
1da177e4
LT		 3061 case HCI_EV_INQUIRY_COMPLETE:
3062 hci_inquiry_complete_evt(hdev, skb);
3063 break;
3064
3065 case HCI_EV_INQUIRY_RESULT:
3066 hci_inquiry_result_evt(hdev, skb);
3067 break;
3068
a9de9248
MH		 3069 case HCI_EV_CONN_COMPLETE:
3070 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3071 break;
3072
1da177e4
LT		 3073 case HCI_EV_CONN_REQUEST:
3074 hci_conn_request_evt(hdev, skb);
3075 break;
3076
1da177e4
LT		 3077 case HCI_EV_DISCONN_COMPLETE:
3078 hci_disconn_complete_evt(hdev, skb);
3079 break;
3080
1da177e4
LT		 3081 case HCI_EV_AUTH_COMPLETE:
3082 hci_auth_complete_evt(hdev, skb);
3083 break;
3084
a9de9248
MH		 3085 case HCI_EV_REMOTE_NAME:
3086 hci_remote_name_evt(hdev, skb);
3087 break;
3088
1da177e4
LT		 3089 case HCI_EV_ENCRYPT_CHANGE:
3090 hci_encrypt_change_evt(hdev, skb);
3091 break;
3092
a9de9248
MH		 3093 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3094 hci_change_link_key_complete_evt(hdev, skb);
3095 break;
3096
3097 case HCI_EV_REMOTE_FEATURES:
3098 hci_remote_features_evt(hdev, skb);
3099 break;
3100
3101 case HCI_EV_REMOTE_VERSION:
3102 hci_remote_version_evt(hdev, skb);
3103 break;
3104
3105 case HCI_EV_QOS_SETUP_COMPLETE:
3106 hci_qos_setup_complete_evt(hdev, skb);
3107 break;
3108
3109 case HCI_EV_CMD_COMPLETE:
3110 hci_cmd_complete_evt(hdev, skb);
3111 break;
3112
3113 case HCI_EV_CMD_STATUS:
3114 hci_cmd_status_evt(hdev, skb);
3115 break;
3116
3117 case HCI_EV_ROLE_CHANGE:
3118 hci_role_change_evt(hdev, skb);
3119 break;
3120
3121 case HCI_EV_NUM_COMP_PKTS:
3122 hci_num_comp_pkts_evt(hdev, skb);
3123 break;
3124
3125 case HCI_EV_MODE_CHANGE:
3126 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3127 break;
3128
3129 case HCI_EV_PIN_CODE_REQ:
3130 hci_pin_code_request_evt(hdev, skb);
3131 break;
3132
3133 case HCI_EV_LINK_KEY_REQ:
3134 hci_link_key_request_evt(hdev, skb);
3135 break;
3136
3137 case HCI_EV_LINK_KEY_NOTIFY:
3138 hci_link_key_notify_evt(hdev, skb);
3139 break;
3140
3141 case HCI_EV_CLOCK_OFFSET:
3142 hci_clock_offset_evt(hdev, skb);
3143 break;
3144
a8746417
MH		 3145 case HCI_EV_PKT_TYPE_CHANGE:
3146 hci_pkt_type_change_evt(hdev, skb);
3147 break;
3148
85a1e930
MH		 3149 case HCI_EV_PSCAN_REP_MODE:
3150 hci_pscan_rep_mode_evt(hdev, skb);
3151 break;
3152
a9de9248
MH		 3153 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3154 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3155 break;
3156
a9de9248
MH		 3157 case HCI_EV_REMOTE_EXT_FEATURES:
3158 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3159 break;
3160
a9de9248
MH		 3161 case HCI_EV_SYNC_CONN_COMPLETE:
3162 hci_sync_conn_complete_evt(hdev, skb);
3163 break;
1da177e4 3164
a9de9248
MH		 3165 case HCI_EV_SYNC_CONN_CHANGED:
3166 hci_sync_conn_changed_evt(hdev, skb);
3167 break;
1da177e4 3168
a9de9248
MH		 3169 case HCI_EV_SNIFF_SUBRATE:
3170 hci_sniff_subrate_evt(hdev, skb);
3171 break;
1da177e4 3172
a9de9248
MH		 3173 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3174 hci_extended_inquiry_result_evt(hdev, skb);
3175 break;
1da177e4 3176
0493684e
MH		 3177 case HCI_EV_IO_CAPA_REQUEST:
3178 hci_io_capa_request_evt(hdev, skb);
3179 break;
3180
03b555e1
JH		 3181 case HCI_EV_IO_CAPA_REPLY:
3182 hci_io_capa_reply_evt(hdev, skb);
3183 break;
3184
a5c29683
JH		 3185 case HCI_EV_USER_CONFIRM_REQUEST:
3186 hci_user_confirm_request_evt(hdev, skb);
3187 break;
3188
1143d458
BG		 3189 case HCI_EV_USER_PASSKEY_REQUEST:
3190 hci_user_passkey_request_evt(hdev, skb);
3191 break;
3192
0493684e
MH		 3193 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3194 hci_simple_pair_complete_evt(hdev, skb);
3195 break;
3196
41a96212
MH		 3197 case HCI_EV_REMOTE_HOST_FEATURES:
3198 hci_remote_host_features_evt(hdev, skb);
3199 break;
3200
fcd89c09
VT		 3201 case HCI_EV_LE_META:
3202 hci_le_meta_evt(hdev, skb);
3203 break;
3204
2763eda6
SJ		 3205 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3206 hci_remote_oob_data_request_evt(hdev, skb);
3207 break;
3208
a9de9248
MH		 3209 default:
3210 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3211 break;
3212 }
3213
3214 kfree_skb(skb);
3215 hdev->stat.evt_rx++;
3216}
3217
3218/* Generate internal stack event */
3219void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3220{
3221 struct hci_event_hdr *hdr;
3222 struct hci_ev_stack_internal *ev;
3223 struct sk_buff *skb;
3224
3225 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3226 if (!skb)
3227 return;
3228
3229 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3230 hdr->evt = HCI_EV_STACK_INTERNAL;
3231 hdr->plen = sizeof(*ev) + dlen;
3232
3233 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3234 ev->type = type;
3235 memcpy(ev->data, data, dlen);
3236
576c7d85 3237 bt_cb(skb)->incoming = 1;
a61bbcf2 3238 __net_timestamp(skb);
576c7d85 3239
0d48d939 3240 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3241 skb->dev = (void *) hdev;
eec8d2bc 3242 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3243 kfree_skb(skb);
3244}
e6100a25 3245
669bb396 3246module_param(enable_le, bool, 0644);
e6100a25 3247MODULE_PARM_DESC(enable_le, "Enable LE support");
Linux kernel - Deliverables
This page took 0.755645 seconds and 5 git commands to generate.