projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix init request completion with old controllers
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
40#include <asm/system.h>
70f23020 41#include <linux/uaccess.h>
1da177e4
LT		 42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46
1da177e4
LT		 47/* Handle HCI Event packets */
48
a9de9248 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 50{
a9de9248 51 __u8 status = *((__u8 *) skb->data);
1da177e4 52
a9de9248 53 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 54
e6d465cb
AG		 55 if (status) {
56 hci_dev_lock(hdev);
57 mgmt_stop_discovery_failed(hdev, status);
58 hci_dev_unlock(hdev);
a9de9248 59 return;
e6d465cb 60 }
1da177e4 61
89352e7d
AG		 62 clear_bit(HCI_INQUIRY, &hdev->flags);
63
56e5cb86 64 hci_dev_lock(hdev);
ff9ef578 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 66 hci_dev_unlock(hdev);
6bd57416 67
23bb5763 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 69
70 hci_conn_check_pending(hdev);
71}
6bd57416 72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
a9de9248 77 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
a9de9248 138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
e4e8e37c
MH		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
23bb5763 182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
a9de9248 189 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
23bb5763 193 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 194
a297e97c
JH		 195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
69775ff6
AG		 197
198 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
f51d5b24
JH		 214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 216 else if (!status)
217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 218
56e5cb86 219 hci_dev_unlock(hdev);
3159d384
JH		 220
221 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 222}
223
224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225{
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
db99b5fc
JH		 233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
33ef95ed
JH		 257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
23bb5763 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
a9de9248 268 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
1da177e4 282
23bb5763 283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
a9de9248 292 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
2d7cee58 302 if (status != 0) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
23bb5763 332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 333}
1da177e4 334
a9de9248
MH		 335static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336{
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 338
a9de9248 339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 340
a9de9248
MH		 341 if (rp->status)
342 return;
1da177e4 343
a9de9248 344 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 345
a9de9248
MH		 346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348}
1da177e4 349
a9de9248
MH		 350static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351{
352 __u8 status = *((__u8 *) skb->data);
353 void *sent;
1da177e4 354
a9de9248 355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
a9de9248
MH		 357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358 if (!sent)
359 return;
1da177e4 360
7f9a903c
MH		 361 hci_dev_lock(hdev);
362
363 if (status == 0)
364 memcpy(hdev->dev_class, sent, 3);
365
366 if (test_bit(HCI_MGMT, &hdev->dev_flags))
367 mgmt_set_class_of_dev_complete(hdev, sent, status);
368
369 hci_dev_unlock(hdev);
a9de9248 370}
1da177e4 371
a9de9248
MH		 372static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373{
374 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
375 __u16 setting;
376
377 BT_DBG("%s status 0x%x", hdev->name, rp->status);
378
379 if (rp->status)
380 return;
381
382 setting = __le16_to_cpu(rp->voice_setting);
383
f383f275 384 if (hdev->voice_setting == setting)
a9de9248
MH		 385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
3c54711c 391 if (hdev->notify)
a9de9248 392 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 393}
394
395static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
401 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
f383f275 417 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
a9de9248 423static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 424{
a9de9248 425 __u8 status = *((__u8 *) skb->data);
1da177e4 426
a9de9248 427 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 428
23bb5763 429 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 430}
1143e5a6 431
333140b5
MH		 432static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433{
434 __u8 status = *((__u8 *) skb->data);
435 void *sent;
436
437 BT_DBG("%s status 0x%x", hdev->name, status);
438
333140b5
MH		 439 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
440 if (!sent)
441 return;
442
ed2c4ee3 443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 444 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445 else if (!status) {
446 if (*((u8 *) sent))
447 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 else
449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450 }
333140b5
MH		 451}
452
d5859e22
JH		 453static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
454{
455 if (hdev->features[6] & LMP_EXT_INQ)
456 return 2;
457
458 if (hdev->features[3] & LMP_RSSI_INQ)
459 return 1;
460
461 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
462 hdev->lmp_subver == 0x0757)
463 return 1;
464
465 if (hdev->manufacturer == 15) {
466 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
469 return 1;
470 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
471 return 1;
472 }
473
474 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
475 hdev->lmp_subver == 0x1805)
476 return 1;
477
478 return 0;
479}
480
481static void hci_setup_inquiry_mode(struct hci_dev *hdev)
482{
483 u8 mode;
484
485 mode = hci_get_inquiry_mode(hdev);
486
487 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488}
489
490static void hci_setup_event_mask(struct hci_dev *hdev)
491{
492 /* The second byte is 0xff instead of 0x9f (two reserved bits
493 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
494 * command otherwise */
495 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496
6de6c18d
VT		 497 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
498 * any event mask for pre 1.2 devices */
5a13b095 499 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 500 return;
501
502 events[4] |= 0x01; /* Flow Specification Complete */
503 events[4] |= 0x02; /* Inquiry Result with RSSI */
504 events[4] |= 0x04; /* Read Remote Extended Features Complete */
505 events[5] |= 0x08; /* Synchronous Connection Complete */
506 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 507
508 if (hdev->features[3] & LMP_RSSI_INQ)
509 events[4] |= 0x04; /* Inquiry Result with RSSI */
510
511 if (hdev->features[5] & LMP_SNIFF_SUBR)
512 events[5] |= 0x20; /* Sniff Subrating */
513
514 if (hdev->features[5] & LMP_PAUSE_ENC)
515 events[5] |= 0x80; /* Encryption Key Refresh Complete */
516
517 if (hdev->features[6] & LMP_EXT_INQ)
518 events[5] |= 0x40; /* Extended Inquiry Result */
519
520 if (hdev->features[6] & LMP_NO_FLUSH)
521 events[7] |= 0x01; /* Enhanced Flush Complete */
522
523 if (hdev->features[7] & LMP_LSTO)
524 events[6] |= 0x80; /* Link Supervision Timeout Changed */
525
526 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527 events[6] |= 0x01; /* IO Capability Request */
528 events[6] |= 0x02; /* IO Capability Response */
529 events[6] |= 0x04; /* User Confirmation Request */
530 events[6] |= 0x08; /* User Passkey Request */
531 events[6] |= 0x10; /* Remote OOB Data Request */
532 events[6] |= 0x20; /* Simple Pairing Complete */
533 events[7] |= 0x04; /* User Passkey Notification */
534 events[7] |= 0x08; /* Keypress Notification */
535 events[7] |= 0x10; /* Remote Host Supported
536 * Features Notification */
537 }
538
539 if (hdev->features[4] & LMP_LE)
540 events[7] |= 0x20; /* LE Meta-Event */
541
542 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543}
544
e6100a25
AG		 545static void hci_set_le_support(struct hci_dev *hdev)
546{
547 struct hci_cp_write_le_host_supported cp;
548
549 memset(&cp, 0, sizeof(cp));
550
06199cf8 551 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
e6100a25
AG		 552 cp.le = 1;
553 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 }
555
556 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557}
558
d5859e22
JH		 559static void hci_setup(struct hci_dev *hdev)
560{
e61ef499
AE		 561 if (hdev->dev_type != HCI_BREDR)
562 return;
563
d5859e22
JH		 564 hci_setup_event_mask(hdev);
565
d095c1eb 566 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 567 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
568
28cc7bde
JH		 569 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
570 test_bit(HCI_MGMT, &hdev->dev_flags)) {
571 struct hci_cp_write_local_name cp;
572
573 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
574 hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
575 }
576
54d04dbb
JH		 577 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
578 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
579 u8 mode = 0x01;
580 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
581 sizeof(mode), &mode);
582 } else {
583 struct hci_cp_write_eir cp;
584
585 memset(hdev->eir, 0, sizeof(hdev->eir));
586 memset(&cp, 0, sizeof(cp));
587
588 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
589 }
d5859e22
JH		 590 }
591
592 if (hdev->features[3] & LMP_RSSI_INQ)
593 hci_setup_inquiry_mode(hdev);
594
595 if (hdev->features[7] & LMP_INQ_TX_PWR)
596 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 597
598 if (hdev->features[7] & LMP_EXTFEATURES) {
599 struct hci_cp_read_local_ext_features cp;
600
601 cp.page = 0x01;
602 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
603 sizeof(cp), &cp);
604 }
e6100a25 605
47990ea0
JH		 606 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
607 u8 enable = 1;
608 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
609 sizeof(enable), &enable);
610 }
611
e6100a25
AG		 612 if (hdev->features[4] & LMP_LE)
613 hci_set_le_support(hdev);
d5859e22
JH		 614}
615
a9de9248
MH		 616static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
617{
618 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 619
a9de9248 620 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 621
a9de9248
MH		 622 if (rp->status)
623 return;
1143e5a6 624
a9de9248 625 hdev->hci_ver = rp->hci_ver;
e4e8e37c 626 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 627 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 628 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 629 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 630
a9de9248
MH		 631 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
632 hdev->manufacturer,
633 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 634
635 if (test_bit(HCI_INIT, &hdev->flags))
636 hci_setup(hdev);
637}
638
639static void hci_setup_link_policy(struct hci_dev *hdev)
640{
641 u16 link_policy = 0;
642
643 if (hdev->features[0] & LMP_RSWITCH)
644 link_policy |= HCI_LP_RSWITCH;
645 if (hdev->features[0] & LMP_HOLD)
646 link_policy |= HCI_LP_HOLD;
647 if (hdev->features[0] & LMP_SNIFF)
648 link_policy |= HCI_LP_SNIFF;
649 if (hdev->features[1] & LMP_PARK)
650 link_policy |= HCI_LP_PARK;
651
652 link_policy = cpu_to_le16(link_policy);
653 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
654 sizeof(link_policy), &link_policy);
a9de9248 655}
1da177e4 656
a9de9248
MH		 657static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
658{
659 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 660
a9de9248 661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 662
a9de9248 663 if (rp->status)
d5859e22 664 goto done;
1da177e4 665
a9de9248 666 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 667
668 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
669 hci_setup_link_policy(hdev);
670
671done:
672 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 673}
1da177e4 674
a9de9248
MH		 675static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
676{
677 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 678
a9de9248 679 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 680
a9de9248
MH		 681 if (rp->status)
682 return;
5b7f9909 683
a9de9248 684 memcpy(hdev->features, rp->features, 8);
5b7f9909 685
a9de9248
MH		 686 /* Adjust default settings according to features
687 * supported by device. */
1da177e4 688
a9de9248
MH		 689 if (hdev->features[0] & LMP_3SLOT)
690 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 691
a9de9248
MH		 692 if (hdev->features[0] & LMP_5SLOT)
693 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 694
a9de9248
MH		 695 if (hdev->features[1] & LMP_HV2) {
696 hdev->pkt_type |= (HCI_HV2);
697 hdev->esco_type |= (ESCO_HV2);
698 }
1da177e4 699
a9de9248
MH		 700 if (hdev->features[1] & LMP_HV3) {
701 hdev->pkt_type |= (HCI_HV3);
702 hdev->esco_type |= (ESCO_HV3);
703 }
1da177e4 704
a9de9248
MH		 705 if (hdev->features[3] & LMP_ESCO)
706 hdev->esco_type |= (ESCO_EV3);
da1f5198 707
a9de9248
MH		 708 if (hdev->features[4] & LMP_EV4)
709 hdev->esco_type |= (ESCO_EV4);
da1f5198 710
a9de9248
MH		 711 if (hdev->features[4] & LMP_EV5)
712 hdev->esco_type |= (ESCO_EV5);
1da177e4 713
efc7688b
MH		 714 if (hdev->features[5] & LMP_EDR_ESCO_2M)
715 hdev->esco_type |= (ESCO_2EV3);
716
717 if (hdev->features[5] & LMP_EDR_ESCO_3M)
718 hdev->esco_type |= (ESCO_3EV3);
719
720 if (hdev->features[5] & LMP_EDR_3S_ESCO)
721 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
722
a9de9248
MH		 723 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
724 hdev->features[0], hdev->features[1],
725 hdev->features[2], hdev->features[3],
726 hdev->features[4], hdev->features[5],
727 hdev->features[6], hdev->features[7]);
728}
1da177e4 729
971e3a4b
AG		 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
731 struct sk_buff *skb)
732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
736
737 if (rp->status)
738 return;
739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b
AG		 748
749 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
750}
751
1e89cffb
AE		 752static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
753 struct sk_buff *skb)
754{
755 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
756
757 BT_DBG("%s status 0x%x", hdev->name, rp->status);
758
759 if (rp->status)
760 return;
761
762 hdev->flow_ctl_mode = rp->mode;
763
764 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
765}
766
a9de9248
MH		 767static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
768{
769 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 770
a9de9248 771 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 772
a9de9248
MH		 773 if (rp->status)
774 return;
1da177e4 775
a9de9248
MH		 776 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
777 hdev->sco_mtu = rp->sco_mtu;
778 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
779 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
780
781 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
782 hdev->sco_mtu = 64;
783 hdev->sco_pkts = 8;
1da177e4 784 }
a9de9248
MH		 785
786 hdev->acl_cnt = hdev->acl_pkts;
787 hdev->sco_cnt = hdev->sco_pkts;
788
789 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
790 hdev->acl_mtu, hdev->acl_pkts,
791 hdev->sco_mtu, hdev->sco_pkts);
792}
793
794static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
795{
796 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
797
798 BT_DBG("%s status 0x%x", hdev->name, rp->status);
799
800 if (!rp->status)
801 bacpy(&hdev->bdaddr, &rp->bdaddr);
802
23bb5763
JH		 803 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
804}
805
350ee4cf
AE		 806static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807 struct sk_buff *skb)
808{
809 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
810
811 BT_DBG("%s status 0x%x", hdev->name, rp->status);
812
813 if (rp->status)
814 return;
815
816 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
817 hdev->block_len = __le16_to_cpu(rp->block_len);
818 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
819
820 hdev->block_cnt = hdev->num_blocks;
821
822 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
823 hdev->block_cnt, hdev->block_len);
824
825 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
826}
827
23bb5763
JH		 828static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
829{
830 __u8 status = *((__u8 *) skb->data);
831
832 BT_DBG("%s status 0x%x", hdev->name, status);
833
834 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 835}
836
928abaa7
AE		 837static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
838 struct sk_buff *skb)
839{
840 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
841
842 BT_DBG("%s status 0x%x", hdev->name, rp->status);
843
844 if (rp->status)
845 return;
846
847 hdev->amp_status = rp->amp_status;
848 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
849 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
850 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
851 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
852 hdev->amp_type = rp->amp_type;
853 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
854 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
855 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
856 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
857
858 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
859}
860
b0916ea0
JH		 861static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
862 struct sk_buff *skb)
863{
864 __u8 status = *((__u8 *) skb->data);
865
866 BT_DBG("%s status 0x%x", hdev->name, status);
867
868 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
869}
870
d5859e22
JH		 871static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
872{
873 __u8 status = *((__u8 *) skb->data);
874
875 BT_DBG("%s status 0x%x", hdev->name, status);
876
877 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
878}
879
880static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
881 struct sk_buff *skb)
882{
883 __u8 status = *((__u8 *) skb->data);
884
885 BT_DBG("%s status 0x%x", hdev->name, status);
886
887 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
888}
889
890static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
891 struct sk_buff *skb)
892{
893 __u8 status = *((__u8 *) skb->data);
894
895 BT_DBG("%s status 0x%x", hdev->name, status);
896
897 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
898}
899
900static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
901{
902 __u8 status = *((__u8 *) skb->data);
903
904 BT_DBG("%s status 0x%x", hdev->name, status);
905
906 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
907}
908
980e1a53
JH		 909static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
910{
911 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
912 struct hci_cp_pin_code_reply *cp;
913 struct hci_conn *conn;
914
915 BT_DBG("%s status 0x%x", hdev->name, rp->status);
916
56e5cb86
JH		 917 hci_dev_lock(hdev);
918
a8b2d5c2 919 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 920 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 921
922 if (rp->status != 0)
56e5cb86 923 goto unlock;
980e1a53
JH		 924
925 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
926 if (!cp)
56e5cb86 927 goto unlock;
980e1a53
JH		 928
929 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
930 if (conn)
931 conn->pin_length = cp->pin_len;
56e5cb86
JH		 932
933unlock:
934 hci_dev_unlock(hdev);
980e1a53
JH		 935}
936
937static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
938{
939 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
940
941 BT_DBG("%s status 0x%x", hdev->name, rp->status);
942
56e5cb86
JH		 943 hci_dev_lock(hdev);
944
a8b2d5c2 945 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 946 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 947 rp->status);
56e5cb86
JH		 948
949 hci_dev_unlock(hdev);
980e1a53 950}
56e5cb86 951
6ed58ec5
VT		 952static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
953 struct sk_buff *skb)
954{
955 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
956
957 BT_DBG("%s status 0x%x", hdev->name, rp->status);
958
959 if (rp->status)
960 return;
961
962 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
963 hdev->le_pkts = rp->le_max_pkt;
964
965 hdev->le_cnt = hdev->le_pkts;
966
967 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
968
969 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
970}
980e1a53 971
a5c29683
JH		 972static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
973{
974 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
975
976 BT_DBG("%s status 0x%x", hdev->name, rp->status);
977
56e5cb86
JH		 978 hci_dev_lock(hdev);
979
a8b2d5c2 980 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 981 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
982 0, rp->status);
56e5cb86
JH		 983
984 hci_dev_unlock(hdev);
a5c29683
JH		 985}
986
987static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
988 struct sk_buff *skb)
989{
990 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
991
992 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993
56e5cb86
JH		 994 hci_dev_lock(hdev);
995
a8b2d5c2 996 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 997 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 998 ACL_LINK, 0,
a5c29683 999 rp->status);
56e5cb86
JH		 1000
1001 hci_dev_unlock(hdev);
a5c29683
JH		 1002}
1003
1143d458
BG		 1004static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1005{
1006 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1007
1008 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009
1010 hci_dev_lock(hdev);
1011
a8b2d5c2 1012 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df
JH		 1013 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1014 0, rp->status);
1143d458
BG		 1015
1016 hci_dev_unlock(hdev);
1017}
1018
1019static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1020 struct sk_buff *skb)
1021{
1022 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1023
1024 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1025
1026 hci_dev_lock(hdev);
1027
a8b2d5c2 1028 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1029 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
272d90df 1030 ACL_LINK, 0,
1143d458
BG		 1031 rp->status);
1032
1033 hci_dev_unlock(hdev);
1034}
1035
c35938b2
SJ		 1036static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1038{
1039 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1040
1041 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1042
56e5cb86 1043 hci_dev_lock(hdev);
744cf19e 1044 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1045 rp->randomizer, rp->status);
56e5cb86 1046 hci_dev_unlock(hdev);
c35938b2
SJ		 1047}
1048
07f7fa5d
AG		 1049static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1050{
1051 __u8 status = *((__u8 *) skb->data);
1052
1053 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1054
1055 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1056
1057 if (status) {
1058 hci_dev_lock(hdev);
1059 mgmt_start_discovery_failed(hdev, status);
1060 hci_dev_unlock(hdev);
1061 return;
1062 }
07f7fa5d
AG		 1063}
1064
eb9d91f5
AG		 1065static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1067{
1068 struct hci_cp_le_set_scan_enable *cp;
1069 __u8 status = *((__u8 *) skb->data);
1070
1071 BT_DBG("%s status 0x%x", hdev->name, status);
1072
eb9d91f5
AG		 1073 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1074 if (!cp)
1075 return;
1076
68a8aea4
AE		 1077 switch (cp->enable) {
1078 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1079 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1080
3fd24153
AG		 1081 if (status) {
1082 hci_dev_lock(hdev);
1083 mgmt_start_discovery_failed(hdev, status);
1084 hci_dev_unlock(hdev);
7ba8b4be 1085 return;
3fd24153 1086 }
7ba8b4be 1087
d23264a8
AG		 1088 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1089
db323f2f 1090 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1091
1092 hci_dev_lock(hdev);
eb9d91f5 1093 hci_adv_entries_clear(hdev);
343f935b 1094 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1095 hci_dev_unlock(hdev);
68a8aea4
AE		 1096 break;
1097
1098 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1099 if (status)
1100 return;
1101
d23264a8
AG		 1102 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1103
d084329e 1104 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0
AG		 1105
1106 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1107 mgmt_interleaved_discovery(hdev);
1108 } else {
1109 hci_dev_lock(hdev);
1110 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1111 hci_dev_unlock(hdev);
1112 }
1113
68a8aea4
AE		 1114 break;
1115
1116 default:
1117 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1118 break;
35815085 1119 }
eb9d91f5
AG		 1120}
1121
a7a595f6
VCG		 1122static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1123{
1124 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1125
1126 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1127
1128 if (rp->status)
1129 return;
1130
1131 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1132}
1133
1134static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1135{
1136 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1137
1138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1139
1140 if (rp->status)
1141 return;
1142
1143 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1144}
1145
f9b49306
AG		 1146static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1147 struct sk_buff *skb)
1148{
1149 struct hci_cp_read_local_ext_features cp;
06199cf8 1150 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1151 __u8 status = *((__u8 *) skb->data);
1152
1153 BT_DBG("%s status 0x%x", hdev->name, status);
1154
06199cf8
JH		 1155 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1156 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1157 mgmt_le_enable_complete(hdev, sent->le, status);
1158
f9b49306
AG		 1159 if (status)
1160 return;
1161
1162 cp.page = 0x01;
1163 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1164}
1165
a9de9248
MH		 1166static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1167{
1168 BT_DBG("%s status 0x%x", hdev->name, status);
1169
1170 if (status) {
23bb5763 1171 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1172 hci_conn_check_pending(hdev);
56e5cb86 1173 hci_dev_lock(hdev);
a8b2d5c2 1174 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1175 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1176 hci_dev_unlock(hdev);
314b2381
JH		 1177 return;
1178 }
1179
89352e7d
AG		 1180 set_bit(HCI_INQUIRY, &hdev->flags);
1181
56e5cb86 1182 hci_dev_lock(hdev);
343f935b 1183 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1184 hci_dev_unlock(hdev);
1da177e4
LT		 1185}
1186
1da177e4
LT		 1187static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1188{
a9de9248 1189 struct hci_cp_create_conn *cp;
1da177e4 1190 struct hci_conn *conn;
1da177e4 1191
a9de9248
MH		 1192 BT_DBG("%s status 0x%x", hdev->name, status);
1193
1194 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1195 if (!cp)
1196 return;
1197
1198 hci_dev_lock(hdev);
1199
1200 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1201
a9de9248 1202 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1203
1204 if (status) {
1205 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1206 if (status != 0x0c || conn->attempt > 2) {
1207 conn->state = BT_CLOSED;
1208 hci_proto_connect_cfm(conn, status);
1209 hci_conn_del(conn);
1210 } else
1211 conn->state = BT_CONNECT2;
1da177e4
LT		 1212 }
1213 } else {
1214 if (!conn) {
1215 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1216 if (conn) {
a0c808b3 1217 conn->out = true;
1da177e4
LT		 1218 conn->link_mode |= HCI_LM_MASTER;
1219 } else
893ef971 1220 BT_ERR("No memory for new connection");
1da177e4
LT		 1221 }
1222 }
1223
1224 hci_dev_unlock(hdev);
1225}
1226
a9de9248 1227static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1228{
a9de9248
MH		 1229 struct hci_cp_add_sco *cp;
1230 struct hci_conn *acl, *sco;
1231 __u16 handle;
1da177e4 1232
b6a0dc82
MH		 1233 BT_DBG("%s status 0x%x", hdev->name, status);
1234
a9de9248
MH		 1235 if (!status)
1236 return;
1da177e4 1237
a9de9248
MH		 1238 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1239 if (!cp)
1240 return;
1da177e4 1241
a9de9248 1242 handle = __le16_to_cpu(cp->handle);
1da177e4 1243
a9de9248 1244 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1245
a9de9248 1246 hci_dev_lock(hdev);
1da177e4 1247
a9de9248 1248 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1249 if (acl) {
1250 sco = acl->link;
1251 if (sco) {
1252 sco->state = BT_CLOSED;
1da177e4 1253
5a08ecce
AE		 1254 hci_proto_connect_cfm(sco, status);
1255 hci_conn_del(sco);
1256 }
a9de9248 1257 }
1da177e4 1258
a9de9248
MH		 1259 hci_dev_unlock(hdev);
1260}
1da177e4 1261
f8558555
MH		 1262static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1263{
1264 struct hci_cp_auth_requested *cp;
1265 struct hci_conn *conn;
1266
1267 BT_DBG("%s status 0x%x", hdev->name, status);
1268
1269 if (!status)
1270 return;
1271
1272 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1273 if (!cp)
1274 return;
1275
1276 hci_dev_lock(hdev);
1277
1278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1279 if (conn) {
1280 if (conn->state == BT_CONFIG) {
1281 hci_proto_connect_cfm(conn, status);
1282 hci_conn_put(conn);
1283 }
1284 }
1285
1286 hci_dev_unlock(hdev);
1287}
1288
1289static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1290{
1291 struct hci_cp_set_conn_encrypt *cp;
1292 struct hci_conn *conn;
1293
1294 BT_DBG("%s status 0x%x", hdev->name, status);
1295
1296 if (!status)
1297 return;
1298
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1300 if (!cp)
1301 return;
1302
1303 hci_dev_lock(hdev);
1304
1305 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1306 if (conn) {
1307 if (conn->state == BT_CONFIG) {
1308 hci_proto_connect_cfm(conn, status);
1309 hci_conn_put(conn);
1310 }
1311 }
1312
1313 hci_dev_unlock(hdev);
1314}
1315
127178d2 1316static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1317 struct hci_conn *conn)
392599b9 1318{
392599b9
JH		 1319 if (conn->state != BT_CONFIG || !conn->out)
1320 return 0;
1321
765c2a96 1322 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1323 return 0;
1324
1325 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1326 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1327 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1328 conn->pending_sec_level != BT_SECURITY_HIGH &&
1329 !(conn->auth_type & 0x01))
392599b9
JH		 1330 return 0;
1331
392599b9
JH		 1332 return 1;
1333}
1334
30dc78e1
JH		 1335static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1336{
1337 struct hci_cp_remote_name_req cp;
1338
1339 memset(&cp, 0, sizeof(cp));
1340
1341 bacpy(&cp.bdaddr, &e->data.bdaddr);
1342 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1343 cp.pscan_mode = e->data.pscan_mode;
1344 cp.clock_offset = e->data.clock_offset;
1345
1346 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1347}
1348
b644ba33 1349static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1350{
1351 struct discovery_state *discov = &hdev->discovery;
1352 struct inquiry_entry *e;
1353
b644ba33
JH		 1354 if (list_empty(&discov->resolve))
1355 return false;
1356
1357 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1358 if (hci_resolve_name(hdev, e) == 0) {
1359 e->name_state = NAME_PENDING;
1360 return true;
1361 }
1362
1363 return false;
1364}
1365
1366static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1367 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1368{
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1371
1372 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
08c79b61 1373 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0,
b644ba33
JH		 1374 name, name_len, conn->dev_class);
1375
1376 if (discov->state == DISCOVERY_STOPPED)
1377 return;
1378
30dc78e1
JH		 1379 if (discov->state == DISCOVERY_STOPPING)
1380 goto discov_complete;
1381
1382 if (discov->state != DISCOVERY_RESOLVING)
1383 return;
1384
1385 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1386 if (e) {
1387 e->name_state = NAME_KNOWN;
1388 list_del(&e->list);
b644ba33
JH		 1389 if (name)
1390 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1391 e->data.rssi, name, name_len);
30dc78e1
JH		 1392 }
1393
b644ba33 1394 if (hci_resolve_next_name(hdev))
30dc78e1 1395 return;
30dc78e1
JH		 1396
1397discov_complete:
1398 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1399}
1400
a9de9248
MH		 1401static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1402{
127178d2
JH		 1403 struct hci_cp_remote_name_req *cp;
1404 struct hci_conn *conn;
1405
a9de9248 1406 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1407
1408 /* If successful wait for the name req complete event before
1409 * checking for the need to do authentication */
1410 if (!status)
1411 return;
1412
1413 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1414 if (!cp)
1415 return;
1416
1417 hci_dev_lock(hdev);
1418
b644ba33
JH		 1419 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1420
a8b2d5c2 1421 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1422 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1423
79c6c70c
JH		 1424 if (!conn)
1425 goto unlock;
1426
1427 if (!hci_outgoing_auth_needed(hdev, conn))
1428 goto unlock;
1429
51a8efd7 1430 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1431 struct hci_cp_auth_requested cp;
1432 cp.handle = __cpu_to_le16(conn->handle);
1433 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1434 }
1435
79c6c70c 1436unlock:
127178d2 1437 hci_dev_unlock(hdev);
a9de9248 1438}
1da177e4 1439
769be974
MH		 1440static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1441{
1442 struct hci_cp_read_remote_features *cp;
1443 struct hci_conn *conn;
1444
1445 BT_DBG("%s status 0x%x", hdev->name, status);
1446
1447 if (!status)
1448 return;
1449
1450 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1451 if (!cp)
1452 return;
1453
1454 hci_dev_lock(hdev);
1455
1456 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1457 if (conn) {
1458 if (conn->state == BT_CONFIG) {
769be974
MH		 1459 hci_proto_connect_cfm(conn, status);
1460 hci_conn_put(conn);
1461 }
1462 }
1463
1464 hci_dev_unlock(hdev);
1465}
1466
1467static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1468{
1469 struct hci_cp_read_remote_ext_features *cp;
1470 struct hci_conn *conn;
1471
1472 BT_DBG("%s status 0x%x", hdev->name, status);
1473
1474 if (!status)
1475 return;
1476
1477 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1478 if (!cp)
1479 return;
1480
1481 hci_dev_lock(hdev);
1482
1483 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1484 if (conn) {
1485 if (conn->state == BT_CONFIG) {
769be974
MH		 1486 hci_proto_connect_cfm(conn, status);
1487 hci_conn_put(conn);
1488 }
1489 }
1490
1491 hci_dev_unlock(hdev);
1492}
1493
a9de9248
MH		 1494static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1495{
b6a0dc82
MH		 1496 struct hci_cp_setup_sync_conn *cp;
1497 struct hci_conn *acl, *sco;
1498 __u16 handle;
1499
a9de9248 1500 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1501
1502 if (!status)
1503 return;
1504
1505 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1506 if (!cp)
1507 return;
1508
1509 handle = __le16_to_cpu(cp->handle);
1510
1511 BT_DBG("%s handle %d", hdev->name, handle);
1512
1513 hci_dev_lock(hdev);
1514
1515 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1516 if (acl) {
1517 sco = acl->link;
1518 if (sco) {
1519 sco->state = BT_CLOSED;
b6a0dc82 1520
5a08ecce
AE		 1521 hci_proto_connect_cfm(sco, status);
1522 hci_conn_del(sco);
1523 }
b6a0dc82
MH		 1524 }
1525
1526 hci_dev_unlock(hdev);
1da177e4
LT		 1527}
1528
a9de9248 1529static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1530{
a9de9248
MH		 1531 struct hci_cp_sniff_mode *cp;
1532 struct hci_conn *conn;
1da177e4 1533
a9de9248 1534 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1535
a9de9248
MH		 1536 if (!status)
1537 return;
04837f64 1538
a9de9248
MH		 1539 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1540 if (!cp)
1541 return;
04837f64 1542
a9de9248 1543 hci_dev_lock(hdev);
04837f64 1544
a9de9248 1545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1546 if (conn) {
51a8efd7 1547 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1548
51a8efd7 1549 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1550 hci_sco_setup(conn, status);
1551 }
1552
a9de9248
MH		 1553 hci_dev_unlock(hdev);
1554}
04837f64 1555
a9de9248
MH		 1556static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1557{
1558 struct hci_cp_exit_sniff_mode *cp;
1559 struct hci_conn *conn;
04837f64 1560
a9de9248 1561 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1562
a9de9248
MH		 1563 if (!status)
1564 return;
04837f64 1565
a9de9248
MH		 1566 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1567 if (!cp)
1568 return;
04837f64 1569
a9de9248 1570 hci_dev_lock(hdev);
1da177e4 1571
a9de9248 1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1573 if (conn) {
51a8efd7 1574 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1575
51a8efd7 1576 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1577 hci_sco_setup(conn, status);
1578 }
1579
a9de9248 1580 hci_dev_unlock(hdev);
1da177e4
LT		 1581}
1582
88c3df13
JH		 1583static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1584{
1585 struct hci_cp_disconnect *cp;
1586 struct hci_conn *conn;
1587
1588 if (!status)
1589 return;
1590
1591 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1592 if (!cp)
1593 return;
1594
1595 hci_dev_lock(hdev);
1596
1597 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1598 if (conn)
1599 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1600 conn->dst_type, status);
1601
1602 hci_dev_unlock(hdev);
1603}
1604
fcd89c09
VT		 1605static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1606{
1607 struct hci_cp_le_create_conn *cp;
1608 struct hci_conn *conn;
1609
1610 BT_DBG("%s status 0x%x", hdev->name, status);
1611
1612 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1613 if (!cp)
1614 return;
1615
1616 hci_dev_lock(hdev);
1617
1618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1619
1620 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1621 conn);
1622
1623 if (status) {
1624 if (conn && conn->state == BT_CONNECT) {
1625 conn->state = BT_CLOSED;
1626 hci_proto_connect_cfm(conn, status);
1627 hci_conn_del(conn);
1628 }
1629 } else {
1630 if (!conn) {
1631 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1632 if (conn) {
1633 conn->dst_type = cp->peer_addr_type;
a0c808b3 1634 conn->out = true;
29b7988a 1635 } else {
fcd89c09 1636 BT_ERR("No memory for new connection");
29b7988a 1637 }
fcd89c09
VT		 1638 }
1639 }
1640
1641 hci_dev_unlock(hdev);
1642}
1643
a7a595f6
VCG		 1644static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1645{
1646 BT_DBG("%s status 0x%x", hdev->name, status);
1647}
1648
1da177e4
LT		 1649static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1650{
1651 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1652 struct discovery_state *discov = &hdev->discovery;
1653 struct inquiry_entry *e;
1da177e4
LT		 1654
1655 BT_DBG("%s status %d", hdev->name, status);
1656
23bb5763 1657 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1658
a9de9248 1659 hci_conn_check_pending(hdev);
89352e7d
AG		 1660
1661 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1662 return;
1663
a8b2d5c2 1664 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1665 return;
1666
56e5cb86 1667 hci_dev_lock(hdev);
30dc78e1 1668
343f935b 1669 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1670 goto unlock;
1671
1672 if (list_empty(&discov->resolve)) {
1673 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1674 goto unlock;
1675 }
1676
1677 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1678 if (e && hci_resolve_name(hdev, e) == 0) {
1679 e->name_state = NAME_PENDING;
1680 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1681 } else {
1682 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1683 }
1684
1685unlock:
56e5cb86 1686 hci_dev_unlock(hdev);
1da177e4
LT		 1687}
1688
1da177e4
LT		 1689static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1690{
45bb4bf0 1691 struct inquiry_data data;
a9de9248 1692 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1693 int num_rsp = *((__u8 *) skb->data);
1694
1695 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1696
45bb4bf0
MH		 1697 if (!num_rsp)
1698 return;
1699
1da177e4 1700 hci_dev_lock(hdev);
45bb4bf0 1701
e17acd40 1702 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1703 bool name_known, ssp;
3175405b 1704
1da177e4
LT		 1705 bacpy(&data.bdaddr, &info->bdaddr);
1706 data.pscan_rep_mode = info->pscan_rep_mode;
1707 data.pscan_period_mode = info->pscan_period_mode;
1708 data.pscan_mode = info->pscan_mode;
1709 memcpy(data.dev_class, info->dev_class, 3);
1710 data.clock_offset = info->clock_offset;
1711 data.rssi = 0x00;
41a96212 1712 data.ssp_mode = 0x00;
3175405b 1713
388fc8fa 1714 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1715 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
388fc8fa 1716 info->dev_class, 0, !name_known, ssp,
7d262f86 1717 NULL, 0);
1da177e4 1718 }
45bb4bf0 1719
1da177e4
LT		 1720 hci_dev_unlock(hdev);
1721}
1722
1da177e4
LT		 1723static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1724{
a9de9248
MH		 1725 struct hci_ev_conn_complete *ev = (void *) skb->data;
1726 struct hci_conn *conn;
1da177e4
LT		 1727
1728 BT_DBG("%s", hdev->name);
1729
1730 hci_dev_lock(hdev);
1731
1732 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1733 if (!conn) {
1734 if (ev->link_type != SCO_LINK)
1735 goto unlock;
1736
1737 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1738 if (!conn)
1739 goto unlock;
1740
1741 conn->type = SCO_LINK;
1742 }
1da177e4
LT		 1743
1744 if (!ev->status) {
1745 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1746
1747 if (conn->type == ACL_LINK) {
1748 conn->state = BT_CONFIG;
1749 hci_conn_hold(conn);
052b30b0 1750 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1751 } else
1752 conn->state = BT_CONNECTED;
1da177e4 1753
9eba32b8 1754 hci_conn_hold_device(conn);
7d0db0a3
MH		 1755 hci_conn_add_sysfs(conn);
1756
1da177e4
LT		 1757 if (test_bit(HCI_AUTH, &hdev->flags))
1758 conn->link_mode |= HCI_LM_AUTH;
1759
1760 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1761 conn->link_mode |= HCI_LM_ENCRYPT;
1762
04837f64
MH		 1763 /* Get remote features */
1764 if (conn->type == ACL_LINK) {
1765 struct hci_cp_read_remote_features cp;
1766 cp.handle = ev->handle;
769be974
MH		 1767 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1768 sizeof(cp), &cp);
04837f64
MH		 1769 }
1770
1da177e4 1771 /* Set packet type for incoming connection */
d095c1eb 1772 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1773 struct hci_cp_change_conn_ptype cp;
1774 cp.handle = ev->handle;
a8746417
MH		 1775 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1776 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1777 sizeof(cp), &cp);
1da177e4 1778 }
17d5c04c 1779 } else {
1da177e4 1780 conn->state = BT_CLOSED;
17d5c04c 1781 if (conn->type == ACL_LINK)
744cf19e 1782 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1783 conn->dst_type, ev->status);
17d5c04c 1784 }
1da177e4 1785
e73439d8
MH		 1786 if (conn->type == ACL_LINK)
1787 hci_sco_setup(conn, ev->status);
1da177e4 1788
769be974
MH		 1789 if (ev->status) {
1790 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1791 hci_conn_del(conn);
c89b6e6b
MH		 1792 } else if (ev->link_type != ACL_LINK)
1793 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1794
a9de9248 1795unlock:
1da177e4 1796 hci_dev_unlock(hdev);
1da177e4 1797
a9de9248 1798 hci_conn_check_pending(hdev);
1da177e4
LT		 1799}
1800
a9de9248 1801static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1802{
a9de9248
MH		 1803 struct hci_ev_conn_request *ev = (void *) skb->data;
1804 int mask = hdev->link_mode;
1da177e4 1805
a9de9248
MH		 1806 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1807 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1808
a9de9248 1809 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1810
138d22ef
SJ		 1811 if ((mask & HCI_LM_ACCEPT) &&
1812 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1813 /* Connection accepted */
c7bdd502 1814 struct inquiry_entry *ie;
1da177e4 1815 struct hci_conn *conn;
1da177e4 1816
a9de9248 1817 hci_dev_lock(hdev);
b6a0dc82 1818
cc11b9c1
AE		 1819 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1820 if (ie)
c7bdd502
MH		 1821 memcpy(ie->data.dev_class, ev->dev_class, 3);
1822
a9de9248
MH		 1823 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1824 if (!conn) {
cc11b9c1
AE		 1825 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1826 if (!conn) {
893ef971 1827 BT_ERR("No memory for new connection");
a9de9248
MH		 1828 hci_dev_unlock(hdev);
1829 return;
1da177e4
LT		 1830 }
1831 }
b6a0dc82 1832
a9de9248
MH		 1833 memcpy(conn->dev_class, ev->dev_class, 3);
1834 conn->state = BT_CONNECT;
b6a0dc82 1835
a9de9248 1836 hci_dev_unlock(hdev);
1da177e4 1837
b6a0dc82
MH		 1838 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1839 struct hci_cp_accept_conn_req cp;
1da177e4 1840
b6a0dc82
MH		 1841 bacpy(&cp.bdaddr, &ev->bdaddr);
1842
1843 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1844 cp.role = 0x00; /* Become master */
1845 else
1846 cp.role = 0x01; /* Remain slave */
1847
1848 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1849 sizeof(cp), &cp);
1850 } else {
1851 struct hci_cp_accept_sync_conn_req cp;
1852
1853 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1854 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1855
1856 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1857 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1858 cp.max_latency = cpu_to_le16(0xffff);
1859 cp.content_format = cpu_to_le16(hdev->voice_setting);
1860 cp.retrans_effort = 0xff;
1da177e4 1861
b6a0dc82
MH		 1862 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1863 sizeof(cp), &cp);
1864 }
a9de9248
MH		 1865 } else {
1866 /* Connection rejected */
1867 struct hci_cp_reject_conn_req cp;
1da177e4 1868
a9de9248 1869 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1870 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1871 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1872 }
1da177e4
LT		 1873}
1874
a9de9248 1875static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1876{
a9de9248 1877 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1878 struct hci_conn *conn;
1879
1880 BT_DBG("%s status %d", hdev->name, ev->status);
1881
1882 hci_dev_lock(hdev);
1883
1884 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1885 if (!conn)
1886 goto unlock;
7d0db0a3 1887
37d9ef76
JH		 1888 if (ev->status == 0)
1889 conn->state = BT_CLOSED;
04837f64 1890
b644ba33
JH		 1891 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1892 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1893 if (ev->status != 0)
88c3df13
JH		 1894 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1895 conn->dst_type, ev->status);
37d9ef76 1896 else
afc747a6 1897 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
48264f06 1898 conn->dst_type);
37d9ef76 1899 }
f7520543 1900
37d9ef76
JH		 1901 if (ev->status == 0) {
1902 hci_proto_disconn_cfm(conn, ev->reason);
1903 hci_conn_del(conn);
1904 }
f7520543
JH		 1905
1906unlock:
04837f64
MH		 1907 hci_dev_unlock(hdev);
1908}
1909
1da177e4
LT		 1910static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1911{
a9de9248 1912 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1913 struct hci_conn *conn;
1da177e4
LT		 1914
1915 BT_DBG("%s status %d", hdev->name, ev->status);
1916
1917 hci_dev_lock(hdev);
1918
04837f64 1919 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1920 if (!conn)
1921 goto unlock;
1922
1923 if (!ev->status) {
aa64a8b5
JH		 1924 if (!hci_conn_ssp_enabled(conn) &&
1925 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1926 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1927 } else {
d7556e20
WR		 1928 conn->link_mode |= HCI_LM_AUTH;
1929 conn->sec_level = conn->pending_sec_level;
2a611692 1930 }
d7556e20 1931 } else {
bab73cb6
JH		 1932 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1933 ev->status);
d7556e20 1934 }
1da177e4 1935
51a8efd7
JH		 1936 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1937 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1938
d7556e20 1939 if (conn->state == BT_CONFIG) {
aa64a8b5 1940 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1941 struct hci_cp_set_conn_encrypt cp;
1942 cp.handle = ev->handle;
1943 cp.encrypt = 0x01;
1944 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1945 &cp);
052b30b0 1946 } else {
d7556e20
WR		 1947 conn->state = BT_CONNECTED;
1948 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1949 hci_conn_put(conn);
1950 }
d7556e20
WR		 1951 } else {
1952 hci_auth_cfm(conn, ev->status);
052b30b0 1953
d7556e20
WR		 1954 hci_conn_hold(conn);
1955 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1956 hci_conn_put(conn);
1957 }
1958
51a8efd7 1959 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1960 if (!ev->status) {
1961 struct hci_cp_set_conn_encrypt cp;
1962 cp.handle = ev->handle;
1963 cp.encrypt = 0x01;
1964 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1965 &cp);
1966 } else {
51a8efd7 1967 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1968 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1969 }
1970 }
1971
d7556e20 1972unlock:
1da177e4
LT		 1973 hci_dev_unlock(hdev);
1974}
1975
a9de9248 1976static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1977{
127178d2
JH		 1978 struct hci_ev_remote_name *ev = (void *) skb->data;
1979 struct hci_conn *conn;
1980
a9de9248 1981 BT_DBG("%s", hdev->name);
1da177e4 1982
a9de9248 1983 hci_conn_check_pending(hdev);
127178d2
JH		 1984
1985 hci_dev_lock(hdev);
1986
b644ba33 1987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1988
b644ba33
JH		 1989 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1990 goto check_auth;
a88a9652 1991
b644ba33
JH		 1992 if (ev->status == 0)
1993 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1994 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1995 else
1996 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1997
1998check_auth:
79c6c70c
JH		 1999 if (!conn)
2000 goto unlock;
2001
2002 if (!hci_outgoing_auth_needed(hdev, conn))
2003 goto unlock;
2004
51a8efd7 2005 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2006 struct hci_cp_auth_requested cp;
2007 cp.handle = __cpu_to_le16(conn->handle);
2008 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2009 }
2010
79c6c70c 2011unlock:
127178d2 2012 hci_dev_unlock(hdev);
a9de9248
MH		 2013}
2014
2015static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2016{
2017 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2018 struct hci_conn *conn;
2019
2020 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2021
2022 hci_dev_lock(hdev);
2023
04837f64 2024 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2025 if (conn) {
2026 if (!ev->status) {
ae293196
MH		 2027 if (ev->encrypt) {
2028 /* Encryption implies authentication */
2029 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2030 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2031 conn->sec_level = conn->pending_sec_level;
ae293196 2032 } else
1da177e4
LT		 2033 conn->link_mode &= ~HCI_LM_ENCRYPT;
2034 }
2035
51a8efd7 2036 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2037
f8558555
MH		 2038 if (conn->state == BT_CONFIG) {
2039 if (!ev->status)
2040 conn->state = BT_CONNECTED;
2041
2042 hci_proto_connect_cfm(conn, ev->status);
2043 hci_conn_put(conn);
2044 } else
2045 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2046 }
2047
2048 hci_dev_unlock(hdev);
2049}
2050
a9de9248 2051static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2052{
a9de9248 2053 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2054 struct hci_conn *conn;
1da177e4
LT		 2055
2056 BT_DBG("%s status %d", hdev->name, ev->status);
2057
2058 hci_dev_lock(hdev);
2059
04837f64 2060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2061 if (conn) {
2062 if (!ev->status)
2063 conn->link_mode |= HCI_LM_SECURE;
2064
51a8efd7 2065 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2066
2067 hci_key_change_cfm(conn, ev->status);
2068 }
2069
2070 hci_dev_unlock(hdev);
2071}
2072
a9de9248 2073static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2074{
a9de9248
MH		 2075 struct hci_ev_remote_features *ev = (void *) skb->data;
2076 struct hci_conn *conn;
2077
2078 BT_DBG("%s status %d", hdev->name, ev->status);
2079
a9de9248
MH		 2080 hci_dev_lock(hdev);
2081
2082 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2083 if (!conn)
2084 goto unlock;
769be974 2085
ccd556fe
JH		 2086 if (!ev->status)
2087 memcpy(conn->features, ev->features, 8);
2088
2089 if (conn->state != BT_CONFIG)
2090 goto unlock;
2091
2092 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2093 struct hci_cp_read_remote_ext_features cp;
2094 cp.handle = ev->handle;
2095 cp.page = 0x01;
2096 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2097 sizeof(cp), &cp);
392599b9
JH		 2098 goto unlock;
2099 }
2100
127178d2
JH		 2101 if (!ev->status) {
2102 struct hci_cp_remote_name_req cp;
2103 memset(&cp, 0, sizeof(cp));
2104 bacpy(&cp.bdaddr, &conn->dst);
2105 cp.pscan_rep_mode = 0x02;
2106 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2107 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2108 mgmt_device_connected(hdev, &conn->dst, conn->type,
08c79b61 2109 conn->dst_type, 0, NULL, 0,
b644ba33 2110 conn->dev_class);
392599b9 2111
127178d2 2112 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2113 conn->state = BT_CONNECTED;
2114 hci_proto_connect_cfm(conn, ev->status);
2115 hci_conn_put(conn);
769be974 2116 }
a9de9248 2117
ccd556fe 2118unlock:
a9de9248 2119 hci_dev_unlock(hdev);
1da177e4
LT		 2120}
2121
a9de9248 2122static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2123{
a9de9248 2124 BT_DBG("%s", hdev->name);
1da177e4
LT		 2125}
2126
a9de9248 2127static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2128{
a9de9248 2129 BT_DBG("%s", hdev->name);
1da177e4
LT		 2130}
2131
a9de9248
MH		 2132static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2133{
2134 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2135 __u16 opcode;
2136
2137 skb_pull(skb, sizeof(*ev));
2138
2139 opcode = __le16_to_cpu(ev->opcode);
2140
2141 switch (opcode) {
2142 case HCI_OP_INQUIRY_CANCEL:
2143 hci_cc_inquiry_cancel(hdev, skb);
2144 break;
2145
2146 case HCI_OP_EXIT_PERIODIC_INQ:
2147 hci_cc_exit_periodic_inq(hdev, skb);
2148 break;
2149
2150 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2151 hci_cc_remote_name_req_cancel(hdev, skb);
2152 break;
2153
2154 case HCI_OP_ROLE_DISCOVERY:
2155 hci_cc_role_discovery(hdev, skb);
2156 break;
2157
e4e8e37c
MH		 2158 case HCI_OP_READ_LINK_POLICY:
2159 hci_cc_read_link_policy(hdev, skb);
2160 break;
2161
a9de9248
MH		 2162 case HCI_OP_WRITE_LINK_POLICY:
2163 hci_cc_write_link_policy(hdev, skb);
2164 break;
2165
e4e8e37c
MH		 2166 case HCI_OP_READ_DEF_LINK_POLICY:
2167 hci_cc_read_def_link_policy(hdev, skb);
2168 break;
2169
2170 case HCI_OP_WRITE_DEF_LINK_POLICY:
2171 hci_cc_write_def_link_policy(hdev, skb);
2172 break;
2173
a9de9248
MH		 2174 case HCI_OP_RESET:
2175 hci_cc_reset(hdev, skb);
2176 break;
2177
2178 case HCI_OP_WRITE_LOCAL_NAME:
2179 hci_cc_write_local_name(hdev, skb);
2180 break;
2181
2182 case HCI_OP_READ_LOCAL_NAME:
2183 hci_cc_read_local_name(hdev, skb);
2184 break;
2185
2186 case HCI_OP_WRITE_AUTH_ENABLE:
2187 hci_cc_write_auth_enable(hdev, skb);
2188 break;
2189
2190 case HCI_OP_WRITE_ENCRYPT_MODE:
2191 hci_cc_write_encrypt_mode(hdev, skb);
2192 break;
2193
2194 case HCI_OP_WRITE_SCAN_ENABLE:
2195 hci_cc_write_scan_enable(hdev, skb);
2196 break;
2197
2198 case HCI_OP_READ_CLASS_OF_DEV:
2199 hci_cc_read_class_of_dev(hdev, skb);
2200 break;
2201
2202 case HCI_OP_WRITE_CLASS_OF_DEV:
2203 hci_cc_write_class_of_dev(hdev, skb);
2204 break;
2205
2206 case HCI_OP_READ_VOICE_SETTING:
2207 hci_cc_read_voice_setting(hdev, skb);
2208 break;
2209
2210 case HCI_OP_WRITE_VOICE_SETTING:
2211 hci_cc_write_voice_setting(hdev, skb);
2212 break;
2213
2214 case HCI_OP_HOST_BUFFER_SIZE:
2215 hci_cc_host_buffer_size(hdev, skb);
2216 break;
2217
333140b5
MH		 2218 case HCI_OP_WRITE_SSP_MODE:
2219 hci_cc_write_ssp_mode(hdev, skb);
2220 break;
2221
a9de9248
MH		 2222 case HCI_OP_READ_LOCAL_VERSION:
2223 hci_cc_read_local_version(hdev, skb);
2224 break;
2225
2226 case HCI_OP_READ_LOCAL_COMMANDS:
2227 hci_cc_read_local_commands(hdev, skb);
2228 break;
2229
2230 case HCI_OP_READ_LOCAL_FEATURES:
2231 hci_cc_read_local_features(hdev, skb);
2232 break;
2233
971e3a4b
AG		 2234 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2235 hci_cc_read_local_ext_features(hdev, skb);
2236 break;
2237
a9de9248
MH		 2238 case HCI_OP_READ_BUFFER_SIZE:
2239 hci_cc_read_buffer_size(hdev, skb);
2240 break;
2241
2242 case HCI_OP_READ_BD_ADDR:
2243 hci_cc_read_bd_addr(hdev, skb);
2244 break;
2245
350ee4cf
AE		 2246 case HCI_OP_READ_DATA_BLOCK_SIZE:
2247 hci_cc_read_data_block_size(hdev, skb);
2248 break;
2249
23bb5763
JH		 2250 case HCI_OP_WRITE_CA_TIMEOUT:
2251 hci_cc_write_ca_timeout(hdev, skb);
2252 break;
2253
1e89cffb
AE		 2254 case HCI_OP_READ_FLOW_CONTROL_MODE:
2255 hci_cc_read_flow_control_mode(hdev, skb);
2256 break;
2257
928abaa7
AE		 2258 case HCI_OP_READ_LOCAL_AMP_INFO:
2259 hci_cc_read_local_amp_info(hdev, skb);
2260 break;
2261
b0916ea0
JH		 2262 case HCI_OP_DELETE_STORED_LINK_KEY:
2263 hci_cc_delete_stored_link_key(hdev, skb);
2264 break;
2265
d5859e22
JH		 2266 case HCI_OP_SET_EVENT_MASK:
2267 hci_cc_set_event_mask(hdev, skb);
2268 break;
2269
2270 case HCI_OP_WRITE_INQUIRY_MODE:
2271 hci_cc_write_inquiry_mode(hdev, skb);
2272 break;
2273
2274 case HCI_OP_READ_INQ_RSP_TX_POWER:
2275 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2276 break;
2277
2278 case HCI_OP_SET_EVENT_FLT:
2279 hci_cc_set_event_flt(hdev, skb);
2280 break;
2281
980e1a53
JH		 2282 case HCI_OP_PIN_CODE_REPLY:
2283 hci_cc_pin_code_reply(hdev, skb);
2284 break;
2285
2286 case HCI_OP_PIN_CODE_NEG_REPLY:
2287 hci_cc_pin_code_neg_reply(hdev, skb);
2288 break;
2289
c35938b2
SJ		 2290 case HCI_OP_READ_LOCAL_OOB_DATA:
2291 hci_cc_read_local_oob_data_reply(hdev, skb);
2292 break;
2293
6ed58ec5
VT		 2294 case HCI_OP_LE_READ_BUFFER_SIZE:
2295 hci_cc_le_read_buffer_size(hdev, skb);
2296 break;
2297
a5c29683
JH		 2298 case HCI_OP_USER_CONFIRM_REPLY:
2299 hci_cc_user_confirm_reply(hdev, skb);
2300 break;
2301
2302 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2303 hci_cc_user_confirm_neg_reply(hdev, skb);
2304 break;
2305
1143d458
BG		 2306 case HCI_OP_USER_PASSKEY_REPLY:
2307 hci_cc_user_passkey_reply(hdev, skb);
2308 break;
2309
2310 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2311 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2312
2313 case HCI_OP_LE_SET_SCAN_PARAM:
2314 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2315 break;
2316
eb9d91f5
AG		 2317 case HCI_OP_LE_SET_SCAN_ENABLE:
2318 hci_cc_le_set_scan_enable(hdev, skb);
2319 break;
2320
a7a595f6
VCG		 2321 case HCI_OP_LE_LTK_REPLY:
2322 hci_cc_le_ltk_reply(hdev, skb);
2323 break;
2324
2325 case HCI_OP_LE_LTK_NEG_REPLY:
2326 hci_cc_le_ltk_neg_reply(hdev, skb);
2327 break;
2328
f9b49306
AG		 2329 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2330 hci_cc_write_le_host_supported(hdev, skb);
2331 break;
2332
a9de9248
MH		 2333 default:
2334 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2335 break;
2336 }
2337
6bd32326
VT		 2338 if (ev->opcode != HCI_OP_NOP)
2339 del_timer(&hdev->cmd_timer);
2340
a9de9248
MH		 2341 if (ev->ncmd) {
2342 atomic_set(&hdev->cmd_cnt, 1);
2343 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2344 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2345 }
2346}
2347
2348static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2349{
2350 struct hci_ev_cmd_status *ev = (void *) skb->data;
2351 __u16 opcode;
2352
2353 skb_pull(skb, sizeof(*ev));
2354
2355 opcode = __le16_to_cpu(ev->opcode);
2356
2357 switch (opcode) {
2358 case HCI_OP_INQUIRY:
2359 hci_cs_inquiry(hdev, ev->status);
2360 break;
2361
2362 case HCI_OP_CREATE_CONN:
2363 hci_cs_create_conn(hdev, ev->status);
2364 break;
2365
2366 case HCI_OP_ADD_SCO:
2367 hci_cs_add_sco(hdev, ev->status);
2368 break;
2369
f8558555
MH		 2370 case HCI_OP_AUTH_REQUESTED:
2371 hci_cs_auth_requested(hdev, ev->status);
2372 break;
2373
2374 case HCI_OP_SET_CONN_ENCRYPT:
2375 hci_cs_set_conn_encrypt(hdev, ev->status);
2376 break;
2377
a9de9248
MH		 2378 case HCI_OP_REMOTE_NAME_REQ:
2379 hci_cs_remote_name_req(hdev, ev->status);
2380 break;
2381
769be974
MH		 2382 case HCI_OP_READ_REMOTE_FEATURES:
2383 hci_cs_read_remote_features(hdev, ev->status);
2384 break;
2385
2386 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2387 hci_cs_read_remote_ext_features(hdev, ev->status);
2388 break;
2389
a9de9248
MH		 2390 case HCI_OP_SETUP_SYNC_CONN:
2391 hci_cs_setup_sync_conn(hdev, ev->status);
2392 break;
2393
2394 case HCI_OP_SNIFF_MODE:
2395 hci_cs_sniff_mode(hdev, ev->status);
2396 break;
2397
2398 case HCI_OP_EXIT_SNIFF_MODE:
2399 hci_cs_exit_sniff_mode(hdev, ev->status);
2400 break;
2401
8962ee74 2402 case HCI_OP_DISCONNECT:
88c3df13 2403 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2404 break;
2405
fcd89c09
VT		 2406 case HCI_OP_LE_CREATE_CONN:
2407 hci_cs_le_create_conn(hdev, ev->status);
2408 break;
2409
a7a595f6
VCG		 2410 case HCI_OP_LE_START_ENC:
2411 hci_cs_le_start_enc(hdev, ev->status);
2412 break;
2413
a9de9248
MH		 2414 default:
2415 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2416 break;
2417 }
2418
6bd32326
VT		 2419 if (ev->opcode != HCI_OP_NOP)
2420 del_timer(&hdev->cmd_timer);
2421
10572132 2422 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2423 atomic_set(&hdev->cmd_cnt, 1);
2424 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2425 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2426 }
2427}
2428
2429static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2430{
2431 struct hci_ev_role_change *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2433
2434 BT_DBG("%s status %d", hdev->name, ev->status);
2435
2436 hci_dev_lock(hdev);
2437
2438 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2439 if (conn) {
2440 if (!ev->status) {
2441 if (ev->role)
2442 conn->link_mode &= ~HCI_LM_MASTER;
2443 else
2444 conn->link_mode |= HCI_LM_MASTER;
2445 }
2446
51a8efd7 2447 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2448
2449 hci_role_switch_cfm(conn, ev->status, ev->role);
2450 }
2451
2452 hci_dev_unlock(hdev);
2453}
2454
2455static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2456{
2457 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2458 int i;
2459
32ac5b9b
AE		 2460 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2461 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2462 return;
2463 }
2464
c5993de8
AE		 2465 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2466 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2467 BT_DBG("%s bad parameters", hdev->name);
2468 return;
2469 }
2470
c5993de8
AE		 2471 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2472
613a1c0c
AE		 2473 for (i = 0; i < ev->num_hndl; i++) {
2474 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2475 struct hci_conn *conn;
2476 __u16 handle, count;
2477
613a1c0c
AE		 2478 handle = __le16_to_cpu(info->handle);
2479 count = __le16_to_cpu(info->count);
a9de9248
MH		 2480
2481 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2482 if (!conn)
2483 continue;
2484
2485 conn->sent -= count;
2486
2487 switch (conn->type) {
2488 case ACL_LINK:
2489 hdev->acl_cnt += count;
2490 if (hdev->acl_cnt > hdev->acl_pkts)
2491 hdev->acl_cnt = hdev->acl_pkts;
2492 break;
2493
2494 case LE_LINK:
2495 if (hdev->le_pkts) {
2496 hdev->le_cnt += count;
2497 if (hdev->le_cnt > hdev->le_pkts)
2498 hdev->le_cnt = hdev->le_pkts;
2499 } else {
70f23020
AE		 2500 hdev->acl_cnt += count;
2501 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2502 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2503 }
f4280918
AE		 2504 break;
2505
2506 case SCO_LINK:
2507 hdev->sco_cnt += count;
2508 if (hdev->sco_cnt > hdev->sco_pkts)
2509 hdev->sco_cnt = hdev->sco_pkts;
2510 break;
2511
2512 default:
2513 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2514 break;
a9de9248
MH		 2515 }
2516 }
2517
3eff45ea 2518 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2519}
2520
25e89e99
AE		 2521static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2522 struct sk_buff *skb)
2523{
2524 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2525 int i;
2526
2527 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2528 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2529 return;
2530 }
2531
2532 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2533 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2534 BT_DBG("%s bad parameters", hdev->name);
2535 return;
2536 }
2537
2538 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2539 ev->num_hndl);
2540
2541 for (i = 0; i < ev->num_hndl; i++) {
2542 struct hci_comp_blocks_info *info = &ev->handles[i];
2543 struct hci_conn *conn;
2544 __u16 handle, block_count;
2545
2546 handle = __le16_to_cpu(info->handle);
2547 block_count = __le16_to_cpu(info->blocks);
2548
2549 conn = hci_conn_hash_lookup_handle(hdev, handle);
2550 if (!conn)
2551 continue;
2552
2553 conn->sent -= block_count;
2554
2555 switch (conn->type) {
2556 case ACL_LINK:
2557 hdev->block_cnt += block_count;
2558 if (hdev->block_cnt > hdev->num_blocks)
2559 hdev->block_cnt = hdev->num_blocks;
2560 break;
2561
2562 default:
2563 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2564 break;
2565 }
2566 }
2567
2568 queue_work(hdev->workqueue, &hdev->tx_work);
2569}
2570
a9de9248 2571static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2572{
a9de9248 2573 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2574 struct hci_conn *conn;
2575
2576 BT_DBG("%s status %d", hdev->name, ev->status);
2577
2578 hci_dev_lock(hdev);
2579
2580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2581 if (conn) {
2582 conn->mode = ev->mode;
2583 conn->interval = __le16_to_cpu(ev->interval);
2584
51a8efd7 2585 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2586 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2587 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2588 else
58a681ef 2589 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2590 }
e73439d8 2591
51a8efd7 2592 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2593 hci_sco_setup(conn, ev->status);
04837f64
MH		 2594 }
2595
2596 hci_dev_unlock(hdev);
2597}
2598
a9de9248
MH		 2599static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2600{
052b30b0
MH		 2601 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2602 struct hci_conn *conn;
2603
a9de9248 2604 BT_DBG("%s", hdev->name);
052b30b0
MH		 2605
2606 hci_dev_lock(hdev);
2607
2608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2609 if (!conn)
2610 goto unlock;
2611
2612 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2613 hci_conn_hold(conn);
2614 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2615 hci_conn_put(conn);
2616 }
2617
a8b2d5c2 2618 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2619 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2620 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2621 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2622 u8 secure;
2623
2624 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2625 secure = 1;
2626 else
2627 secure = 0;
2628
744cf19e 2629 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2630 }
980e1a53 2631
b6f98044 2632unlock:
052b30b0 2633 hci_dev_unlock(hdev);
a9de9248
MH		 2634}
2635
2636static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2637{
55ed8ca1
JH		 2638 struct hci_ev_link_key_req *ev = (void *) skb->data;
2639 struct hci_cp_link_key_reply cp;
2640 struct hci_conn *conn;
2641 struct link_key *key;
2642
a9de9248 2643 BT_DBG("%s", hdev->name);
55ed8ca1 2644
a8b2d5c2 2645 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2646 return;
2647
2648 hci_dev_lock(hdev);
2649
2650 key = hci_find_link_key(hdev, &ev->bdaddr);
2651 if (!key) {
2652 BT_DBG("%s link key not found for %s", hdev->name,
2653 batostr(&ev->bdaddr));
2654 goto not_found;
2655 }
2656
2657 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2658 batostr(&ev->bdaddr));
2659
a8b2d5c2 2660 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2661 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2662 BT_DBG("%s ignoring debug key", hdev->name);
2663 goto not_found;
2664 }
2665
2666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2667 if (conn) {
2668 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2669 conn->auth_type != 0xff &&
2670 (conn->auth_type & 0x01)) {
2671 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2672 goto not_found;
2673 }
55ed8ca1 2674
60b83f57
WR		 2675 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2676 conn->pending_sec_level == BT_SECURITY_HIGH) {
2677 BT_DBG("%s ignoring key unauthenticated for high \
2678 security", hdev->name);
2679 goto not_found;
2680 }
2681
2682 conn->key_type = key->type;
2683 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2684 }
2685
2686 bacpy(&cp.bdaddr, &ev->bdaddr);
2687 memcpy(cp.link_key, key->val, 16);
2688
2689 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2690
2691 hci_dev_unlock(hdev);
2692
2693 return;
2694
2695not_found:
2696 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2697 hci_dev_unlock(hdev);
a9de9248
MH		 2698}
2699
2700static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2701{
052b30b0
MH		 2702 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2703 struct hci_conn *conn;
55ed8ca1 2704 u8 pin_len = 0;
052b30b0 2705
a9de9248 2706 BT_DBG("%s", hdev->name);
052b30b0
MH		 2707
2708 hci_dev_lock(hdev);
2709
2710 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2711 if (conn) {
2712 hci_conn_hold(conn);
2713 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2714 pin_len = conn->pin_length;
13d39315
WR		 2715
2716 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2717 conn->key_type = ev->key_type;
2718
052b30b0
MH		 2719 hci_conn_put(conn);
2720 }
2721
a8b2d5c2 2722 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2723 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2724 ev->key_type, pin_len);
2725
052b30b0 2726 hci_dev_unlock(hdev);
a9de9248
MH		 2727}
2728
1da177e4
LT		 2729static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2730{
a9de9248 2731 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2732 struct hci_conn *conn;
1da177e4
LT		 2733
2734 BT_DBG("%s status %d", hdev->name, ev->status);
2735
2736 hci_dev_lock(hdev);
2737
04837f64 2738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2739 if (conn && !ev->status) {
2740 struct inquiry_entry *ie;
2741
cc11b9c1
AE		 2742 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2743 if (ie) {
1da177e4
LT		 2744 ie->data.clock_offset = ev->clock_offset;
2745 ie->timestamp = jiffies;
2746 }
2747 }
2748
2749 hci_dev_unlock(hdev);
2750}
2751
a8746417
MH		 2752static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2753{
2754 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2755 struct hci_conn *conn;
2756
2757 BT_DBG("%s status %d", hdev->name, ev->status);
2758
2759 hci_dev_lock(hdev);
2760
2761 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2762 if (conn && !ev->status)
2763 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2764
2765 hci_dev_unlock(hdev);
2766}
2767
85a1e930
MH		 2768static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2769{
a9de9248 2770 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2771 struct inquiry_entry *ie;
2772
2773 BT_DBG("%s", hdev->name);
2774
2775 hci_dev_lock(hdev);
2776
cc11b9c1
AE		 2777 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2778 if (ie) {
85a1e930
MH		 2779 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2780 ie->timestamp = jiffies;
2781 }
2782
2783 hci_dev_unlock(hdev);
2784}
2785
a9de9248
MH		 2786static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2787{
2788 struct inquiry_data data;
2789 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2790 bool name_known, ssp;
a9de9248
MH		 2791
2792 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2793
2794 if (!num_rsp)
2795 return;
2796
2797 hci_dev_lock(hdev);
2798
2799 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2800 struct inquiry_info_with_rssi_and_pscan_mode *info;
2801 info = (void *) (skb->data + 1);
a9de9248 2802
e17acd40 2803 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2804 bacpy(&data.bdaddr, &info->bdaddr);
2805 data.pscan_rep_mode = info->pscan_rep_mode;
2806 data.pscan_period_mode = info->pscan_period_mode;
2807 data.pscan_mode = info->pscan_mode;
2808 memcpy(data.dev_class, info->dev_class, 3);
2809 data.clock_offset = info->clock_offset;
2810 data.rssi = info->rssi;
41a96212 2811 data.ssp_mode = 0x00;
3175405b
JH		 2812
2813 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2814 false, &ssp);
48264f06 2815 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2816 info->dev_class, info->rssi,
388fc8fa 2817 !name_known, ssp, NULL, 0);
a9de9248
MH		 2818 }
2819 } else {
2820 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2821
e17acd40 2822 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2823 bacpy(&data.bdaddr, &info->bdaddr);
2824 data.pscan_rep_mode = info->pscan_rep_mode;
2825 data.pscan_period_mode = info->pscan_period_mode;
2826 data.pscan_mode = 0x00;
2827 memcpy(data.dev_class, info->dev_class, 3);
2828 data.clock_offset = info->clock_offset;
2829 data.rssi = info->rssi;
41a96212 2830 data.ssp_mode = 0x00;
3175405b 2831 name_known = hci_inquiry_cache_update(hdev, &data,
388fc8fa 2832 false, &ssp);
48264f06 2833 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40 2834 info->dev_class, info->rssi,
388fc8fa 2835 !name_known, ssp, NULL, 0);
a9de9248
MH		 2836 }
2837 }
2838
2839 hci_dev_unlock(hdev);
2840}
2841
2842static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2843{
41a96212
MH		 2844 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2845 struct hci_conn *conn;
2846
a9de9248 2847 BT_DBG("%s", hdev->name);
41a96212 2848
41a96212
MH		 2849 hci_dev_lock(hdev);
2850
2851 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2852 if (!conn)
2853 goto unlock;
41a96212 2854
ccd556fe
JH		 2855 if (!ev->status && ev->page == 0x01) {
2856 struct inquiry_entry *ie;
41a96212 2857
cc11b9c1
AE		 2858 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2859 if (ie)
ccd556fe 2860 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2861
58a681ef
JH		 2862 if (ev->features[0] & 0x01)
2863 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2864 }
2865
2866 if (conn->state != BT_CONFIG)
2867 goto unlock;
2868
127178d2
JH		 2869 if (!ev->status) {
2870 struct hci_cp_remote_name_req cp;
2871 memset(&cp, 0, sizeof(cp));
2872 bacpy(&cp.bdaddr, &conn->dst);
2873 cp.pscan_rep_mode = 0x02;
2874 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2875 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2876 mgmt_device_connected(hdev, &conn->dst, conn->type,
08c79b61 2877 conn->dst_type, 0, NULL, 0,
b644ba33 2878 conn->dev_class);
392599b9 2879
127178d2 2880 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2881 conn->state = BT_CONNECTED;
2882 hci_proto_connect_cfm(conn, ev->status);
2883 hci_conn_put(conn);
41a96212
MH		 2884 }
2885
ccd556fe 2886unlock:
41a96212 2887 hci_dev_unlock(hdev);
a9de9248
MH		 2888}
2889
2890static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2891{
b6a0dc82
MH		 2892 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2893 struct hci_conn *conn;
2894
2895 BT_DBG("%s status %d", hdev->name, ev->status);
2896
2897 hci_dev_lock(hdev);
2898
2899 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2900 if (!conn) {
2901 if (ev->link_type == ESCO_LINK)
2902 goto unlock;
2903
2904 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2905 if (!conn)
2906 goto unlock;
2907
2908 conn->type = SCO_LINK;
2909 }
b6a0dc82 2910
732547f9
MH		 2911 switch (ev->status) {
2912 case 0x00:
b6a0dc82
MH		 2913 conn->handle = __le16_to_cpu(ev->handle);
2914 conn->state = BT_CONNECTED;
7d0db0a3 2915
9eba32b8 2916 hci_conn_hold_device(conn);
7d0db0a3 2917 hci_conn_add_sysfs(conn);
732547f9
MH		 2918 break;
2919
705e5711 2920 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2921 case 0x1c: /* SCO interval rejected */
1038a00b 2922 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2923 case 0x1f: /* Unspecified error */
2924 if (conn->out && conn->attempt < 2) {
2925 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2926 (hdev->esco_type & EDR_ESCO_MASK);
2927 hci_setup_sync(conn, conn->link->handle);
2928 goto unlock;
2929 }
2930 /* fall through */
2931
2932 default:
b6a0dc82 2933 conn->state = BT_CLOSED;
732547f9
MH		 2934 break;
2935 }
b6a0dc82
MH		 2936
2937 hci_proto_connect_cfm(conn, ev->status);
2938 if (ev->status)
2939 hci_conn_del(conn);
2940
2941unlock:
2942 hci_dev_unlock(hdev);
a9de9248
MH		 2943}
2944
2945static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2946{
2947 BT_DBG("%s", hdev->name);
2948}
2949
04837f64
MH		 2950static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2951{
a9de9248 2952 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2953
2954 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2955}
2956
a9de9248 2957static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2958{
a9de9248
MH		 2959 struct inquiry_data data;
2960 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2961 int num_rsp = *((__u8 *) skb->data);
1da177e4 2962
a9de9248 2963 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2964
a9de9248
MH		 2965 if (!num_rsp)
2966 return;
1da177e4 2967
a9de9248
MH		 2968 hci_dev_lock(hdev);
2969
e17acd40 2970 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2971 bool name_known, ssp;
561aafbc 2972
a9de9248 2973 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
a9de9248 2977 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
41a96212 2980 data.ssp_mode = 0x01;
561aafbc 2981
a8b2d5c2 2982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930
JH		 2983 name_known = eir_has_data_type(info->data,
2984 sizeof(info->data),
2985 EIR_NAME_COMPLETE);
561aafbc
JH		 2986 else
2987 name_known = true;
2988
388fc8fa
JH		 2989 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2990 &ssp);
48264f06 2991 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
561aafbc 2992 info->dev_class, info->rssi,
388fc8fa 2993 !name_known, ssp, info->data,
7d262f86 2994 sizeof(info->data));
a9de9248
MH		 2995 }
2996
2997 hci_dev_unlock(hdev);
2998}
1da177e4 2999
17fa4b9d
JH		 3000static inline u8 hci_get_auth_req(struct hci_conn *conn)
3001{
3002 /* If remote requests dedicated bonding follow that lead */
3003 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3004 /* If both remote and local IO capabilities allow MITM
3005 * protection then require it, otherwise don't */
3006 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3007 return 0x02;
3008 else
3009 return 0x03;
3010 }
3011
3012 /* If remote requests no-bonding follow that lead */
3013 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3014 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3015
3016 return conn->auth_type;
3017}
3018
0493684e
MH		 3019static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3020{
3021 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3022 struct hci_conn *conn;
3023
3024 BT_DBG("%s", hdev->name);
3025
3026 hci_dev_lock(hdev);
3027
3028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3029 if (!conn)
3030 goto unlock;
3031
3032 hci_conn_hold(conn);
3033
a8b2d5c2 3034 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3035 goto unlock;
3036
a8b2d5c2 3037 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3038 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3039 struct hci_cp_io_capability_reply cp;
3040
3041 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3042 /* Change the IO capability from KeyboardDisplay
3043 * to DisplayYesNo as it is not supported by BT spec. */
3044 cp.capability = (conn->io_capability == 0x04) ?
3045 0x01 : conn->io_capability;
7cbc9bd9
JH		 3046 conn->auth_type = hci_get_auth_req(conn);
3047 cp.authentication = conn->auth_type;
17fa4b9d 3048
58a681ef 3049 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3050 hci_find_remote_oob_data(hdev, &conn->dst))
3051 cp.oob_data = 0x01;
3052 else
3053 cp.oob_data = 0x00;
3054
17fa4b9d
JH		 3055 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3056 sizeof(cp), &cp);
03b555e1
JH		 3057 } else {
3058 struct hci_cp_io_capability_neg_reply cp;
3059
3060 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3061 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3062
03b555e1
JH		 3063 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3064 sizeof(cp), &cp);
3065 }
3066
3067unlock:
3068 hci_dev_unlock(hdev);
3069}
3070
3071static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3072{
3073 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3074 struct hci_conn *conn;
3075
3076 BT_DBG("%s", hdev->name);
3077
3078 hci_dev_lock(hdev);
3079
3080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3081 if (!conn)
3082 goto unlock;
3083
03b555e1 3084 conn->remote_cap = ev->capability;
03b555e1 3085 conn->remote_auth = ev->authentication;
58a681ef
JH		 3086 if (ev->oob_data)
3087 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3088
3089unlock:
0493684e
MH		 3090 hci_dev_unlock(hdev);
3091}
3092
a5c29683
JH		 3093static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3094 struct sk_buff *skb)
3095{
3096 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3097 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3098 struct hci_conn *conn;
a5c29683
JH		 3099
3100 BT_DBG("%s", hdev->name);
3101
3102 hci_dev_lock(hdev);
3103
a8b2d5c2 3104 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3105 goto unlock;
a5c29683 3106
7a828908
JH		 3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3108 if (!conn)
3109 goto unlock;
3110
3111 loc_mitm = (conn->auth_type & 0x01);
3112 rem_mitm = (conn->remote_auth & 0x01);
3113
3114 /* If we require MITM but the remote device can't provide that
3115 * (it has NoInputNoOutput) then reject the confirmation
3116 * request. The only exception is when we're dedicated bonding
3117 * initiators (connect_cfm_cb set) since then we always have the MITM
3118 * bit set. */
3119 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3120 BT_DBG("Rejecting request: remote device can't provide MITM");
3121 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3122 sizeof(ev->bdaddr), &ev->bdaddr);
3123 goto unlock;
3124 }
3125
3126 /* If no side requires MITM protection; auto-accept */
3127 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3128 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3129
3130 /* If we're not the initiators request authorization to
3131 * proceed from user space (mgmt_user_confirm with
3132 * confirm_hint set to 1). */
51a8efd7 3133 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3134 BT_DBG("Confirming auto-accept as acceptor");
3135 confirm_hint = 1;
3136 goto confirm;
3137 }
3138
9f61656a
JH		 3139 BT_DBG("Auto-accept of user confirmation with %ums delay",
3140 hdev->auto_accept_delay);
3141
3142 if (hdev->auto_accept_delay > 0) {
3143 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3144 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3145 goto unlock;
3146 }
3147
7a828908
JH		 3148 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3149 sizeof(ev->bdaddr), &ev->bdaddr);
3150 goto unlock;
3151 }
3152
55bc1a37 3153confirm:
272d90df 3154 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
55bc1a37 3155 confirm_hint);
7a828908
JH		 3156
3157unlock:
a5c29683
JH		 3158 hci_dev_unlock(hdev);
3159}
3160
1143d458
BG		 3161static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3162 struct sk_buff *skb)
3163{
3164 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3165
3166 BT_DBG("%s", hdev->name);
3167
3168 hci_dev_lock(hdev);
3169
a8b2d5c2 3170 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3171 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3172
3173 hci_dev_unlock(hdev);
3174}
3175
0493684e
MH		 3176static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3177{
3178 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3179 struct hci_conn *conn;
3180
3181 BT_DBG("%s", hdev->name);
3182
3183 hci_dev_lock(hdev);
3184
3185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3186 if (!conn)
3187 goto unlock;
3188
3189 /* To avoid duplicate auth_failed events to user space we check
3190 * the HCI_CONN_AUTH_PEND flag which will be set if we
3191 * initiated the authentication. A traditional auth_complete
3192 * event gets always produced as initiator and is also mapped to
3193 * the mgmt_auth_failed event */
51a8efd7 3194 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6
JH		 3195 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3196 ev->status);
0493684e 3197
2a611692
JH		 3198 hci_conn_put(conn);
3199
3200unlock:
0493684e
MH		 3201 hci_dev_unlock(hdev);
3202}
3203
41a96212
MH		 3204static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3205{
3206 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3207 struct inquiry_entry *ie;
3208
3209 BT_DBG("%s", hdev->name);
3210
3211 hci_dev_lock(hdev);
3212
cc11b9c1
AE		 3213 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3214 if (ie)
41a96212
MH		 3215 ie->data.ssp_mode = (ev->features[0] & 0x01);
3216
3217 hci_dev_unlock(hdev);
3218}
3219
2763eda6
SJ		 3220static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3221 struct sk_buff *skb)
3222{
3223 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3224 struct oob_data *data;
3225
3226 BT_DBG("%s", hdev->name);
3227
3228 hci_dev_lock(hdev);
3229
a8b2d5c2 3230 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3231 goto unlock;
3232
2763eda6
SJ		 3233 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3234 if (data) {
3235 struct hci_cp_remote_oob_data_reply cp;
3236
3237 bacpy(&cp.bdaddr, &ev->bdaddr);
3238 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3239 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3240
3241 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3242 &cp);
3243 } else {
3244 struct hci_cp_remote_oob_data_neg_reply cp;
3245
3246 bacpy(&cp.bdaddr, &ev->bdaddr);
3247 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3248 &cp);
3249 }
3250
e1ba1f15 3251unlock:
2763eda6
SJ		 3252 hci_dev_unlock(hdev);
3253}
3254
fcd89c09
VT		 3255static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3256{
3257 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3258 struct hci_conn *conn;
3259
3260 BT_DBG("%s status %d", hdev->name, ev->status);
3261
3262 hci_dev_lock(hdev);
3263
3264 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3265 if (!conn) {
3266 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3267 if (!conn) {
3268 BT_ERR("No memory for new connection");
3269 hci_dev_unlock(hdev);
3270 return;
3271 }
29b7988a
AG		 3272
3273 conn->dst_type = ev->bdaddr_type;
b62f328b 3274 }
fcd89c09
VT		 3275
3276 if (ev->status) {
48264f06
JH		 3277 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3278 conn->dst_type, ev->status);
fcd89c09
VT		 3279 hci_proto_connect_cfm(conn, ev->status);
3280 conn->state = BT_CLOSED;
3281 hci_conn_del(conn);
3282 goto unlock;
3283 }
3284
b644ba33
JH		 3285 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3286 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
08c79b61 3287 conn->dst_type, 0, NULL, 0, 0);
83bc71b4 3288
7b5c0d52 3289 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3290 conn->handle = __le16_to_cpu(ev->handle);
3291 conn->state = BT_CONNECTED;
3292
3293 hci_conn_hold_device(conn);
3294 hci_conn_add_sysfs(conn);
3295
3296 hci_proto_connect_cfm(conn, ev->status);
3297
3298unlock:
3299 hci_dev_unlock(hdev);
3300}
3301
9aa04c91
AG		 3302static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3303 struct sk_buff *skb)
3304{
e95beb41
AG		 3305 u8 num_reports = skb->data[0];
3306 void *ptr = &skb->data[1];
3c9e9195 3307 s8 rssi;
9aa04c91
AG		 3308
3309 hci_dev_lock(hdev);
3310
e95beb41
AG		 3311 while (num_reports--) {
3312 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3313
9aa04c91 3314 hci_add_adv_entry(hdev, ev);
e95beb41 3315
3c9e9195
AG		 3316 rssi = ev->data[ev->length];
3317 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
388fc8fa
JH		 3318 NULL, rssi, 0, 1, ev->data,
3319 ev->length);
3c9e9195 3320
e95beb41 3321 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3322 }
3323
3324 hci_dev_unlock(hdev);
3325}
3326
a7a595f6
VCG		 3327static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3328 struct sk_buff *skb)
3329{
3330 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3331 struct hci_cp_le_ltk_reply cp;
bea710fe 3332 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3333 struct hci_conn *conn;
c9839a11 3334 struct smp_ltk *ltk;
a7a595f6
VCG		 3335
3336 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3337
3338 hci_dev_lock(hdev);
3339
3340 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3341 if (conn == NULL)
3342 goto not_found;
a7a595f6 3343
bea710fe
VCG		 3344 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3345 if (ltk == NULL)
3346 goto not_found;
3347
3348 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3349 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3350
3351 if (ltk->authenticated)
3352 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3353
3354 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3355
c9839a11
VCG		 3356 if (ltk->type & HCI_SMP_STK) {
3357 list_del(&ltk->list);
3358 kfree(ltk);
3359 }
3360
a7a595f6 3361 hci_dev_unlock(hdev);
bea710fe
VCG		 3362
3363 return;
3364
3365not_found:
3366 neg.handle = ev->handle;
3367 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3368 hci_dev_unlock(hdev);
a7a595f6
VCG		 3369}
3370
fcd89c09
VT		 3371static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3372{
3373 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3374
3375 skb_pull(skb, sizeof(*le_ev));
3376
3377 switch (le_ev->subevent) {
3378 case HCI_EV_LE_CONN_COMPLETE:
3379 hci_le_conn_complete_evt(hdev, skb);
3380 break;
3381
9aa04c91
AG		 3382 case HCI_EV_LE_ADVERTISING_REPORT:
3383 hci_le_adv_report_evt(hdev, skb);
3384 break;
3385
a7a595f6
VCG		 3386 case HCI_EV_LE_LTK_REQ:
3387 hci_le_ltk_request_evt(hdev, skb);
3388 break;
3389
fcd89c09
VT		 3390 default:
3391 break;
3392 }
3393}
3394
a9de9248
MH		 3395void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3396{
3397 struct hci_event_hdr *hdr = (void *) skb->data;
3398 __u8 event = hdr->evt;
3399
3400 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3401
3402 switch (event) {
1da177e4
LT		 3403 case HCI_EV_INQUIRY_COMPLETE:
3404 hci_inquiry_complete_evt(hdev, skb);
3405 break;
3406
3407 case HCI_EV_INQUIRY_RESULT:
3408 hci_inquiry_result_evt(hdev, skb);
3409 break;
3410
a9de9248
MH		 3411 case HCI_EV_CONN_COMPLETE:
3412 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3413 break;
3414
1da177e4
LT		 3415 case HCI_EV_CONN_REQUEST:
3416 hci_conn_request_evt(hdev, skb);
3417 break;
3418
1da177e4
LT		 3419 case HCI_EV_DISCONN_COMPLETE:
3420 hci_disconn_complete_evt(hdev, skb);
3421 break;
3422
1da177e4
LT		 3423 case HCI_EV_AUTH_COMPLETE:
3424 hci_auth_complete_evt(hdev, skb);
3425 break;
3426
a9de9248
MH		 3427 case HCI_EV_REMOTE_NAME:
3428 hci_remote_name_evt(hdev, skb);
3429 break;
3430
1da177e4
LT		 3431 case HCI_EV_ENCRYPT_CHANGE:
3432 hci_encrypt_change_evt(hdev, skb);
3433 break;
3434
a9de9248
MH		 3435 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3436 hci_change_link_key_complete_evt(hdev, skb);
3437 break;
3438
3439 case HCI_EV_REMOTE_FEATURES:
3440 hci_remote_features_evt(hdev, skb);
3441 break;
3442
3443 case HCI_EV_REMOTE_VERSION:
3444 hci_remote_version_evt(hdev, skb);
3445 break;
3446
3447 case HCI_EV_QOS_SETUP_COMPLETE:
3448 hci_qos_setup_complete_evt(hdev, skb);
3449 break;
3450
3451 case HCI_EV_CMD_COMPLETE:
3452 hci_cmd_complete_evt(hdev, skb);
3453 break;
3454
3455 case HCI_EV_CMD_STATUS:
3456 hci_cmd_status_evt(hdev, skb);
3457 break;
3458
3459 case HCI_EV_ROLE_CHANGE:
3460 hci_role_change_evt(hdev, skb);
3461 break;
3462
3463 case HCI_EV_NUM_COMP_PKTS:
3464 hci_num_comp_pkts_evt(hdev, skb);
3465 break;
3466
3467 case HCI_EV_MODE_CHANGE:
3468 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3469 break;
3470
3471 case HCI_EV_PIN_CODE_REQ:
3472 hci_pin_code_request_evt(hdev, skb);
3473 break;
3474
3475 case HCI_EV_LINK_KEY_REQ:
3476 hci_link_key_request_evt(hdev, skb);
3477 break;
3478
3479 case HCI_EV_LINK_KEY_NOTIFY:
3480 hci_link_key_notify_evt(hdev, skb);
3481 break;
3482
3483 case HCI_EV_CLOCK_OFFSET:
3484 hci_clock_offset_evt(hdev, skb);
3485 break;
3486
a8746417
MH		 3487 case HCI_EV_PKT_TYPE_CHANGE:
3488 hci_pkt_type_change_evt(hdev, skb);
3489 break;
3490
85a1e930
MH		 3491 case HCI_EV_PSCAN_REP_MODE:
3492 hci_pscan_rep_mode_evt(hdev, skb);
3493 break;
3494
a9de9248
MH		 3495 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3496 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3497 break;
3498
a9de9248
MH		 3499 case HCI_EV_REMOTE_EXT_FEATURES:
3500 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3501 break;
3502
a9de9248
MH		 3503 case HCI_EV_SYNC_CONN_COMPLETE:
3504 hci_sync_conn_complete_evt(hdev, skb);
3505 break;
1da177e4 3506
a9de9248
MH		 3507 case HCI_EV_SYNC_CONN_CHANGED:
3508 hci_sync_conn_changed_evt(hdev, skb);
3509 break;
1da177e4 3510
a9de9248
MH		 3511 case HCI_EV_SNIFF_SUBRATE:
3512 hci_sniff_subrate_evt(hdev, skb);
3513 break;
1da177e4 3514
a9de9248
MH		 3515 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3516 hci_extended_inquiry_result_evt(hdev, skb);
3517 break;
1da177e4 3518
0493684e
MH		 3519 case HCI_EV_IO_CAPA_REQUEST:
3520 hci_io_capa_request_evt(hdev, skb);
3521 break;
3522
03b555e1
JH		 3523 case HCI_EV_IO_CAPA_REPLY:
3524 hci_io_capa_reply_evt(hdev, skb);
3525 break;
3526
a5c29683
JH		 3527 case HCI_EV_USER_CONFIRM_REQUEST:
3528 hci_user_confirm_request_evt(hdev, skb);
3529 break;
3530
1143d458
BG		 3531 case HCI_EV_USER_PASSKEY_REQUEST:
3532 hci_user_passkey_request_evt(hdev, skb);
3533 break;
3534
0493684e
MH		 3535 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3536 hci_simple_pair_complete_evt(hdev, skb);
3537 break;
3538
41a96212
MH		 3539 case HCI_EV_REMOTE_HOST_FEATURES:
3540 hci_remote_host_features_evt(hdev, skb);
3541 break;
3542
fcd89c09
VT		 3543 case HCI_EV_LE_META:
3544 hci_le_meta_evt(hdev, skb);
3545 break;
3546
2763eda6
SJ		 3547 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3548 hci_remote_oob_data_request_evt(hdev, skb);
3549 break;
3550
25e89e99
AE		 3551 case HCI_EV_NUM_COMP_BLOCKS:
3552 hci_num_comp_blocks_evt(hdev, skb);
3553 break;
3554
a9de9248
MH		 3555 default:
3556 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3557 break;
3558 }
3559
3560 kfree_skb(skb);
3561 hdev->stat.evt_rx++;
3562}
Linux kernel - Deliverables
This page took 1.160453 seconds and 5 git commands to generate.