projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Check for flow control mode
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
3c54711c 381 if (hdev->notify)
a9de9248 382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 383}
384
385static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
386{
387 __u8 status = *((__u8 *) skb->data);
f383f275 388 __u16 setting;
a9de9248
MH		 389 void *sent;
390
391 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 392
f383f275
MH		 393 if (status)
394 return;
395
a9de9248
MH		 396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
397 if (!sent)
398 return;
1da177e4 399
f383f275 400 setting = get_unaligned_le16(sent);
1da177e4 401
f383f275
MH		 402 if (hdev->voice_setting == setting)
403 return;
404
405 hdev->voice_setting = setting;
1da177e4 406
f383f275 407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 408
3c54711c 409 if (hdev->notify)
f383f275 410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 411}
412
a9de9248 413static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 414{
a9de9248 415 __u8 status = *((__u8 *) skb->data);
1da177e4 416
a9de9248 417 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 418
23bb5763 419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 420}
1143e5a6 421
333140b5
MH		 422static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423{
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->ssp_mode = rp->mode;
432}
433
434static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
435{
436 __u8 status = *((__u8 *) skb->data);
437 void *sent;
438
439 BT_DBG("%s status 0x%x", hdev->name, status);
440
441 if (status)
442 return;
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent)
446 return;
447
448 hdev->ssp_mode = *((__u8 *) sent);
449}
450
d5859e22
JH		 451static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
452{
453 if (hdev->features[6] & LMP_EXT_INQ)
454 return 2;
455
456 if (hdev->features[3] & LMP_RSSI_INQ)
457 return 1;
458
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
461 return 1;
462
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
465 return 1;
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
469 return 1;
470 }
471
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
474 return 1;
475
476 return 0;
477}
478
479static void hci_setup_inquiry_mode(struct hci_dev *hdev)
480{
481 u8 mode;
482
483 mode = hci_get_inquiry_mode(hdev);
484
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
486}
487
488static void hci_setup_event_mask(struct hci_dev *hdev)
489{
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
494
6de6c18d
VT		 495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
5a13b095 497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 498 return;
499
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 505
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
508
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
511
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
514
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
517
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
520
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
523
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
535 }
536
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
539
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
541}
542
e6100a25
AG		 543static void hci_set_le_support(struct hci_dev *hdev)
544{
545 struct hci_cp_write_le_host_supported cp;
546
547 memset(&cp, 0, sizeof(cp));
548
549 if (enable_le) {
550 cp.le = 1;
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
552 }
553
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
555}
556
d5859e22
JH		 557static void hci_setup(struct hci_dev *hdev)
558{
e61ef499
AE		 559 if (hdev->dev_type != HCI_BREDR)
560 return;
561
d5859e22
JH		 562 hci_setup_event_mask(hdev);
563
d095c1eb 564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
566
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
568 u8 mode = 0x01;
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
570 }
571
572 if (hdev->features[3] & LMP_RSSI_INQ)
573 hci_setup_inquiry_mode(hdev);
574
575 if (hdev->features[7] & LMP_INQ_TX_PWR)
576 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 577
578 if (hdev->features[7] & LMP_EXTFEATURES) {
579 struct hci_cp_read_local_ext_features cp;
580
581 cp.page = 0x01;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 sizeof(cp), &cp);
584 }
e6100a25
AG		 585
586 if (hdev->features[4] & LMP_LE)
587 hci_set_le_support(hdev);
d5859e22
JH		 588}
589
a9de9248
MH		 590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
591{
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 593
a9de9248 594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 595
a9de9248
MH		 596 if (rp->status)
597 return;
1143e5a6 598
a9de9248 599 hdev->hci_ver = rp->hci_ver;
e4e8e37c 600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 601 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 604
a9de9248
MH		 605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
606 hdev->manufacturer,
607 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 608
609 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev);
611}
612
613static void hci_setup_link_policy(struct hci_dev *hdev)
614{
615 u16 link_policy = 0;
616
617 if (hdev->features[0] & LMP_RSWITCH)
618 link_policy |= HCI_LP_RSWITCH;
619 if (hdev->features[0] & LMP_HOLD)
620 link_policy |= HCI_LP_HOLD;
621 if (hdev->features[0] & LMP_SNIFF)
622 link_policy |= HCI_LP_SNIFF;
623 if (hdev->features[1] & LMP_PARK)
624 link_policy |= HCI_LP_PARK;
625
626 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
628 sizeof(link_policy), &link_policy);
a9de9248 629}
1da177e4 630
a9de9248
MH		 631static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
632{
633 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 634
a9de9248 635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 636
a9de9248 637 if (rp->status)
d5859e22 638 goto done;
1da177e4 639
a9de9248 640 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 641
642 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
643 hci_setup_link_policy(hdev);
644
645done:
646 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 647}
1da177e4 648
a9de9248
MH		 649static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
650{
651 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 652
a9de9248 653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 654
a9de9248
MH		 655 if (rp->status)
656 return;
5b7f9909 657
a9de9248 658 memcpy(hdev->features, rp->features, 8);
5b7f9909 659
a9de9248
MH		 660 /* Adjust default settings according to features
661 * supported by device. */
1da177e4 662
a9de9248
MH		 663 if (hdev->features[0] & LMP_3SLOT)
664 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_5SLOT)
667 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[1] & LMP_HV2) {
670 hdev->pkt_type |= (HCI_HV2);
671 hdev->esco_type |= (ESCO_HV2);
672 }
1da177e4 673
a9de9248
MH		 674 if (hdev->features[1] & LMP_HV3) {
675 hdev->pkt_type |= (HCI_HV3);
676 hdev->esco_type |= (ESCO_HV3);
677 }
1da177e4 678
a9de9248
MH		 679 if (hdev->features[3] & LMP_ESCO)
680 hdev->esco_type |= (ESCO_EV3);
da1f5198 681
a9de9248
MH		 682 if (hdev->features[4] & LMP_EV4)
683 hdev->esco_type |= (ESCO_EV4);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV5)
686 hdev->esco_type |= (ESCO_EV5);
1da177e4 687
efc7688b
MH		 688 if (hdev->features[5] & LMP_EDR_ESCO_2M)
689 hdev->esco_type |= (ESCO_2EV3);
690
691 if (hdev->features[5] & LMP_EDR_ESCO_3M)
692 hdev->esco_type |= (ESCO_3EV3);
693
694 if (hdev->features[5] & LMP_EDR_3S_ESCO)
695 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
696
a9de9248
MH		 697 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
698 hdev->features[0], hdev->features[1],
699 hdev->features[2], hdev->features[3],
700 hdev->features[4], hdev->features[5],
701 hdev->features[6], hdev->features[7]);
702}
1da177e4 703
971e3a4b
AG		 704static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
705 struct sk_buff *skb)
706{
707 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
708
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
710
711 if (rp->status)
712 return;
713
714 memcpy(hdev->extfeatures, rp->features, 8);
715
716 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
717}
718
1e89cffb
AE		 719static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
720 struct sk_buff *skb)
721{
722 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
723
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
725
726 if (rp->status)
727 return;
728
729 hdev->flow_ctl_mode = rp->mode;
730
731 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
732}
733
a9de9248
MH		 734static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
735{
736 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 737
a9de9248 738 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 739
a9de9248
MH		 740 if (rp->status)
741 return;
1da177e4 742
a9de9248
MH		 743 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
744 hdev->sco_mtu = rp->sco_mtu;
745 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
746 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
747
748 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
749 hdev->sco_mtu = 64;
750 hdev->sco_pkts = 8;
1da177e4 751 }
a9de9248
MH		 752
753 hdev->acl_cnt = hdev->acl_pkts;
754 hdev->sco_cnt = hdev->sco_pkts;
755
756 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
757 hdev->acl_mtu, hdev->acl_pkts,
758 hdev->sco_mtu, hdev->sco_pkts);
759}
760
761static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
762{
763 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
764
765 BT_DBG("%s status 0x%x", hdev->name, rp->status);
766
767 if (!rp->status)
768 bacpy(&hdev->bdaddr, &rp->bdaddr);
769
23bb5763
JH		 770 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
771}
772
350ee4cf
AE		 773static void hci_cc_read_data_block_size(struct hci_dev *hdev,
774 struct sk_buff *skb)
775{
776 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
777
778 BT_DBG("%s status 0x%x", hdev->name, rp->status);
779
780 if (rp->status)
781 return;
782
783 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
784 hdev->block_len = __le16_to_cpu(rp->block_len);
785 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
786
787 hdev->block_cnt = hdev->num_blocks;
788
789 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
790 hdev->block_cnt, hdev->block_len);
791
792 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
793}
794
23bb5763
JH		 795static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
796{
797 __u8 status = *((__u8 *) skb->data);
798
799 BT_DBG("%s status 0x%x", hdev->name, status);
800
801 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 802}
803
928abaa7
AE		 804static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
805 struct sk_buff *skb)
806{
807 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
808
809 BT_DBG("%s status 0x%x", hdev->name, rp->status);
810
811 if (rp->status)
812 return;
813
814 hdev->amp_status = rp->amp_status;
815 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
816 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
817 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
818 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
819 hdev->amp_type = rp->amp_type;
820 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
821 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
822 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
823 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
824
825 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
826}
827
b0916ea0
JH		 828static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
829 struct sk_buff *skb)
830{
831 __u8 status = *((__u8 *) skb->data);
832
833 BT_DBG("%s status 0x%x", hdev->name, status);
834
835 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
836}
837
d5859e22
JH		 838static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 __u8 status = *((__u8 *) skb->data);
841
842 BT_DBG("%s status 0x%x", hdev->name, status);
843
844 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
845}
846
847static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
848 struct sk_buff *skb)
849{
850 __u8 status = *((__u8 *) skb->data);
851
852 BT_DBG("%s status 0x%x", hdev->name, status);
853
854 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
855}
856
857static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
858 struct sk_buff *skb)
859{
860 __u8 status = *((__u8 *) skb->data);
861
862 BT_DBG("%s status 0x%x", hdev->name, status);
863
864 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
865}
866
867static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
868{
869 __u8 status = *((__u8 *) skb->data);
870
871 BT_DBG("%s status 0x%x", hdev->name, status);
872
873 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
874}
875
980e1a53
JH		 876static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
877{
878 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
879 struct hci_cp_pin_code_reply *cp;
880 struct hci_conn *conn;
881
882 BT_DBG("%s status 0x%x", hdev->name, rp->status);
883
56e5cb86
JH		 884 hci_dev_lock(hdev);
885
980e1a53 886 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 887 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 888
889 if (rp->status != 0)
56e5cb86 890 goto unlock;
980e1a53
JH		 891
892 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
893 if (!cp)
56e5cb86 894 goto unlock;
980e1a53
JH		 895
896 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
897 if (conn)
898 conn->pin_length = cp->pin_len;
56e5cb86
JH		 899
900unlock:
901 hci_dev_unlock(hdev);
980e1a53
JH		 902}
903
904static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
905{
906 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
907
908 BT_DBG("%s status 0x%x", hdev->name, rp->status);
909
56e5cb86
JH		 910 hci_dev_lock(hdev);
911
980e1a53 912 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 913 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 914 rp->status);
56e5cb86
JH		 915
916 hci_dev_unlock(hdev);
980e1a53 917}
56e5cb86 918
6ed58ec5
VT		 919static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
920 struct sk_buff *skb)
921{
922 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
923
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
925
926 if (rp->status)
927 return;
928
929 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
930 hdev->le_pkts = rp->le_max_pkt;
931
932 hdev->le_cnt = hdev->le_pkts;
933
934 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
935
936 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
937}
980e1a53 938
a5c29683
JH		 939static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
940{
941 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
942
943 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944
56e5cb86
JH		 945 hci_dev_lock(hdev);
946
a5c29683 947 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 948 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 949 rp->status);
56e5cb86
JH		 950
951 hci_dev_unlock(hdev);
a5c29683
JH		 952}
953
954static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
955 struct sk_buff *skb)
956{
957 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
958
959 BT_DBG("%s status 0x%x", hdev->name, rp->status);
960
56e5cb86
JH		 961 hci_dev_lock(hdev);
962
a5c29683 963 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 964 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 965 rp->status);
56e5cb86
JH		 966
967 hci_dev_unlock(hdev);
a5c29683
JH		 968}
969
1143d458
BG		 970static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
971{
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
975
976 hci_dev_lock(hdev);
977
978 if (test_bit(HCI_MGMT, &hdev->flags))
979 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
980 rp->status);
981
982 hci_dev_unlock(hdev);
983}
984
985static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
986 struct sk_buff *skb)
987{
988 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989
990 BT_DBG("%s status 0x%x", hdev->name, rp->status);
991
992 hci_dev_lock(hdev);
993
994 if (test_bit(HCI_MGMT, &hdev->flags))
995 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
996 rp->status);
997
998 hci_dev_unlock(hdev);
999}
1000
c35938b2
SJ		 1001static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1003{
1004 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1005
1006 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1007
56e5cb86 1008 hci_dev_lock(hdev);
744cf19e 1009 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1010 rp->randomizer, rp->status);
56e5cb86 1011 hci_dev_unlock(hdev);
c35938b2
SJ		 1012}
1013
07f7fa5d
AG		 1014static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1015{
1016 __u8 status = *((__u8 *) skb->data);
1017
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1019}
1020
eb9d91f5
AG		 1021static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1023{
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1026
1027 BT_DBG("%s status 0x%x", hdev->name, status);
1028
1029 if (status)
1030 return;
1031
1032 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1033 if (!cp)
1034 return;
1035
35815085 1036 if (cp->enable == 0x01) {
d23264a8
AG		 1037 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1038
db323f2f 1039 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1040
1041 hci_dev_lock(hdev);
eb9d91f5 1042 hci_adv_entries_clear(hdev);
a8f13c8c 1043 hci_dev_unlock(hdev);
35815085 1044 } else if (cp->enable == 0x00) {
d23264a8
AG		 1045 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1046
db323f2f
GP		 1047 cancel_delayed_work_sync(&hdev->adv_work);
1048 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1049 jiffies + ADV_CLEAR_TIMEOUT);
35815085 1050 }
eb9d91f5
AG		 1051}
1052
a7a595f6
VCG		 1053static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1054{
1055 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1056
1057 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1058
1059 if (rp->status)
1060 return;
1061
1062 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1063}
1064
1065static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1066{
1067 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1068
1069 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1070
1071 if (rp->status)
1072 return;
1073
1074 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1075}
1076
f9b49306
AG		 1077static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1078 struct sk_buff *skb)
1079{
1080 struct hci_cp_read_local_ext_features cp;
1081 __u8 status = *((__u8 *) skb->data);
1082
1083 BT_DBG("%s status 0x%x", hdev->name, status);
1084
1085 if (status)
1086 return;
1087
1088 cp.page = 0x01;
1089 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1090}
1091
a9de9248
MH		 1092static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1093{
1094 BT_DBG("%s status 0x%x", hdev->name, status);
1095
1096 if (status) {
23bb5763 1097 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1098 hci_conn_check_pending(hdev);
56e5cb86 1099 hci_dev_lock(hdev);
164a6e78 1100 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1101 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1102 hci_dev_unlock(hdev);
314b2381
JH		 1103 return;
1104 }
1105
89352e7d
AG		 1106 set_bit(HCI_INQUIRY, &hdev->flags);
1107
56e5cb86 1108 hci_dev_lock(hdev);
744cf19e 1109 mgmt_discovering(hdev, 1);
56e5cb86 1110 hci_dev_unlock(hdev);
1da177e4
LT		 1111}
1112
1da177e4
LT		 1113static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1114{
a9de9248 1115 struct hci_cp_create_conn *cp;
1da177e4 1116 struct hci_conn *conn;
1da177e4 1117
a9de9248
MH		 1118 BT_DBG("%s status 0x%x", hdev->name, status);
1119
1120 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1121 if (!cp)
1122 return;
1123
1124 hci_dev_lock(hdev);
1125
1126 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1127
a9de9248 1128 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1129
1130 if (status) {
1131 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1132 if (status != 0x0c || conn->attempt > 2) {
1133 conn->state = BT_CLOSED;
1134 hci_proto_connect_cfm(conn, status);
1135 hci_conn_del(conn);
1136 } else
1137 conn->state = BT_CONNECT2;
1da177e4
LT		 1138 }
1139 } else {
1140 if (!conn) {
1141 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1142 if (conn) {
1143 conn->out = 1;
1144 conn->link_mode |= HCI_LM_MASTER;
1145 } else
893ef971 1146 BT_ERR("No memory for new connection");
1da177e4
LT		 1147 }
1148 }
1149
1150 hci_dev_unlock(hdev);
1151}
1152
a9de9248 1153static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1154{
a9de9248
MH		 1155 struct hci_cp_add_sco *cp;
1156 struct hci_conn *acl, *sco;
1157 __u16 handle;
1da177e4 1158
b6a0dc82
MH		 1159 BT_DBG("%s status 0x%x", hdev->name, status);
1160
a9de9248
MH		 1161 if (!status)
1162 return;
1da177e4 1163
a9de9248
MH		 1164 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1165 if (!cp)
1166 return;
1da177e4 1167
a9de9248 1168 handle = __le16_to_cpu(cp->handle);
1da177e4 1169
a9de9248 1170 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1171
a9de9248 1172 hci_dev_lock(hdev);
1da177e4 1173
a9de9248 1174 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1175 if (acl) {
1176 sco = acl->link;
1177 if (sco) {
1178 sco->state = BT_CLOSED;
1da177e4 1179
5a08ecce
AE		 1180 hci_proto_connect_cfm(sco, status);
1181 hci_conn_del(sco);
1182 }
a9de9248 1183 }
1da177e4 1184
a9de9248
MH		 1185 hci_dev_unlock(hdev);
1186}
1da177e4 1187
f8558555
MH		 1188static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1189{
1190 struct hci_cp_auth_requested *cp;
1191 struct hci_conn *conn;
1192
1193 BT_DBG("%s status 0x%x", hdev->name, status);
1194
1195 if (!status)
1196 return;
1197
1198 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1199 if (!cp)
1200 return;
1201
1202 hci_dev_lock(hdev);
1203
1204 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1205 if (conn) {
1206 if (conn->state == BT_CONFIG) {
1207 hci_proto_connect_cfm(conn, status);
1208 hci_conn_put(conn);
1209 }
1210 }
1211
1212 hci_dev_unlock(hdev);
1213}
1214
1215static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1216{
1217 struct hci_cp_set_conn_encrypt *cp;
1218 struct hci_conn *conn;
1219
1220 BT_DBG("%s status 0x%x", hdev->name, status);
1221
1222 if (!status)
1223 return;
1224
1225 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1226 if (!cp)
1227 return;
1228
1229 hci_dev_lock(hdev);
1230
1231 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1232 if (conn) {
1233 if (conn->state == BT_CONFIG) {
1234 hci_proto_connect_cfm(conn, status);
1235 hci_conn_put(conn);
1236 }
1237 }
1238
1239 hci_dev_unlock(hdev);
1240}
1241
127178d2 1242static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1243 struct hci_conn *conn)
392599b9 1244{
392599b9
JH		 1245 if (conn->state != BT_CONFIG || !conn->out)
1246 return 0;
1247
765c2a96 1248 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1249 return 0;
1250
1251 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1252 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1253 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1254 conn->pending_sec_level != BT_SECURITY_HIGH &&
1255 !(conn->auth_type & 0x01))
392599b9
JH		 1256 return 0;
1257
392599b9
JH		 1258 return 1;
1259}
1260
a9de9248
MH		 1261static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1262{
127178d2
JH		 1263 struct hci_cp_remote_name_req *cp;
1264 struct hci_conn *conn;
1265
a9de9248 1266 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1267
1268 /* If successful wait for the name req complete event before
1269 * checking for the need to do authentication */
1270 if (!status)
1271 return;
1272
1273 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1274 if (!cp)
1275 return;
1276
1277 hci_dev_lock(hdev);
1278
1279 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1280 if (!conn)
1281 goto unlock;
1282
1283 if (!hci_outgoing_auth_needed(hdev, conn))
1284 goto unlock;
1285
1286 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1287 struct hci_cp_auth_requested cp;
1288 cp.handle = __cpu_to_le16(conn->handle);
1289 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1290 }
1291
79c6c70c 1292unlock:
127178d2 1293 hci_dev_unlock(hdev);
a9de9248 1294}
1da177e4 1295
769be974
MH		 1296static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1297{
1298 struct hci_cp_read_remote_features *cp;
1299 struct hci_conn *conn;
1300
1301 BT_DBG("%s status 0x%x", hdev->name, status);
1302
1303 if (!status)
1304 return;
1305
1306 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1307 if (!cp)
1308 return;
1309
1310 hci_dev_lock(hdev);
1311
1312 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1313 if (conn) {
1314 if (conn->state == BT_CONFIG) {
769be974
MH		 1315 hci_proto_connect_cfm(conn, status);
1316 hci_conn_put(conn);
1317 }
1318 }
1319
1320 hci_dev_unlock(hdev);
1321}
1322
1323static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1324{
1325 struct hci_cp_read_remote_ext_features *cp;
1326 struct hci_conn *conn;
1327
1328 BT_DBG("%s status 0x%x", hdev->name, status);
1329
1330 if (!status)
1331 return;
1332
1333 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1334 if (!cp)
1335 return;
1336
1337 hci_dev_lock(hdev);
1338
1339 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1340 if (conn) {
1341 if (conn->state == BT_CONFIG) {
769be974
MH		 1342 hci_proto_connect_cfm(conn, status);
1343 hci_conn_put(conn);
1344 }
1345 }
1346
1347 hci_dev_unlock(hdev);
1348}
1349
a9de9248
MH		 1350static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1351{
b6a0dc82
MH		 1352 struct hci_cp_setup_sync_conn *cp;
1353 struct hci_conn *acl, *sco;
1354 __u16 handle;
1355
a9de9248 1356 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1357
1358 if (!status)
1359 return;
1360
1361 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1362 if (!cp)
1363 return;
1364
1365 handle = __le16_to_cpu(cp->handle);
1366
1367 BT_DBG("%s handle %d", hdev->name, handle);
1368
1369 hci_dev_lock(hdev);
1370
1371 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1372 if (acl) {
1373 sco = acl->link;
1374 if (sco) {
1375 sco->state = BT_CLOSED;
b6a0dc82 1376
5a08ecce
AE		 1377 hci_proto_connect_cfm(sco, status);
1378 hci_conn_del(sco);
1379 }
b6a0dc82
MH		 1380 }
1381
1382 hci_dev_unlock(hdev);
1da177e4
LT		 1383}
1384
a9de9248 1385static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1386{
a9de9248
MH		 1387 struct hci_cp_sniff_mode *cp;
1388 struct hci_conn *conn;
1da177e4 1389
a9de9248 1390 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1391
a9de9248
MH		 1392 if (!status)
1393 return;
04837f64 1394
a9de9248
MH		 1395 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1396 if (!cp)
1397 return;
04837f64 1398
a9de9248 1399 hci_dev_lock(hdev);
04837f64 1400
a9de9248 1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1402 if (conn) {
a9de9248 1403 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1404
e73439d8
MH		 1405 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1406 hci_sco_setup(conn, status);
1407 }
1408
a9de9248
MH		 1409 hci_dev_unlock(hdev);
1410}
04837f64 1411
a9de9248
MH		 1412static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1413{
1414 struct hci_cp_exit_sniff_mode *cp;
1415 struct hci_conn *conn;
04837f64 1416
a9de9248 1417 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1418
a9de9248
MH		 1419 if (!status)
1420 return;
04837f64 1421
a9de9248
MH		 1422 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1423 if (!cp)
1424 return;
04837f64 1425
a9de9248 1426 hci_dev_lock(hdev);
1da177e4 1427
a9de9248 1428 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1429 if (conn) {
a9de9248 1430 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1431
e73439d8
MH		 1432 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1433 hci_sco_setup(conn, status);
1434 }
1435
a9de9248 1436 hci_dev_unlock(hdev);
1da177e4
LT		 1437}
1438
fcd89c09
VT		 1439static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1440{
1441 struct hci_cp_le_create_conn *cp;
1442 struct hci_conn *conn;
1443
1444 BT_DBG("%s status 0x%x", hdev->name, status);
1445
1446 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1447 if (!cp)
1448 return;
1449
1450 hci_dev_lock(hdev);
1451
1452 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1453
1454 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1455 conn);
1456
1457 if (status) {
1458 if (conn && conn->state == BT_CONNECT) {
1459 conn->state = BT_CLOSED;
1460 hci_proto_connect_cfm(conn, status);
1461 hci_conn_del(conn);
1462 }
1463 } else {
1464 if (!conn) {
1465 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1466 if (conn) {
1467 conn->dst_type = cp->peer_addr_type;
fcd89c09 1468 conn->out = 1;
29b7988a 1469 } else {
fcd89c09 1470 BT_ERR("No memory for new connection");
29b7988a 1471 }
fcd89c09
VT		 1472 }
1473 }
1474
1475 hci_dev_unlock(hdev);
1476}
1477
a7a595f6
VCG		 1478static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1479{
1480 BT_DBG("%s status 0x%x", hdev->name, status);
1481}
1482
1da177e4
LT		 1483static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1484{
1485 __u8 status = *((__u8 *) skb->data);
1486
1487 BT_DBG("%s status %d", hdev->name, status);
1488
23bb5763 1489 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1490
a9de9248 1491 hci_conn_check_pending(hdev);
89352e7d
AG		 1492
1493 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1494 return;
1495
56e5cb86 1496 hci_dev_lock(hdev);
744cf19e 1497 mgmt_discovering(hdev, 0);
56e5cb86 1498 hci_dev_unlock(hdev);
1da177e4
LT		 1499}
1500
1da177e4
LT		 1501static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1502{
45bb4bf0 1503 struct inquiry_data data;
a9de9248 1504 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1505 int num_rsp = *((__u8 *) skb->data);
1506
1507 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1508
45bb4bf0
MH		 1509 if (!num_rsp)
1510 return;
1511
1da177e4 1512 hci_dev_lock(hdev);
45bb4bf0 1513
e17acd40 1514 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1515 bacpy(&data.bdaddr, &info->bdaddr);
1516 data.pscan_rep_mode = info->pscan_rep_mode;
1517 data.pscan_period_mode = info->pscan_period_mode;
1518 data.pscan_mode = info->pscan_mode;
1519 memcpy(data.dev_class, info->dev_class, 3);
1520 data.clock_offset = info->clock_offset;
1521 data.rssi = 0x00;
41a96212 1522 data.ssp_mode = 0x00;
1da177e4 1523 hci_inquiry_cache_update(hdev, &data);
48264f06 1524 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1525 info->dev_class, 0, NULL);
1da177e4 1526 }
45bb4bf0 1527
1da177e4
LT		 1528 hci_dev_unlock(hdev);
1529}
1530
1da177e4
LT		 1531static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1532{
a9de9248
MH		 1533 struct hci_ev_conn_complete *ev = (void *) skb->data;
1534 struct hci_conn *conn;
1da177e4
LT		 1535
1536 BT_DBG("%s", hdev->name);
1537
1538 hci_dev_lock(hdev);
1539
1540 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1541 if (!conn) {
1542 if (ev->link_type != SCO_LINK)
1543 goto unlock;
1544
1545 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1546 if (!conn)
1547 goto unlock;
1548
1549 conn->type = SCO_LINK;
1550 }
1da177e4
LT		 1551
1552 if (!ev->status) {
1553 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1554
1555 if (conn->type == ACL_LINK) {
1556 conn->state = BT_CONFIG;
1557 hci_conn_hold(conn);
052b30b0 1558 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1559 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1560 conn->dst_type);
769be974
MH		 1561 } else
1562 conn->state = BT_CONNECTED;
1da177e4 1563
9eba32b8 1564 hci_conn_hold_device(conn);
7d0db0a3
MH		 1565 hci_conn_add_sysfs(conn);
1566
1da177e4
LT		 1567 if (test_bit(HCI_AUTH, &hdev->flags))
1568 conn->link_mode |= HCI_LM_AUTH;
1569
1570 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1571 conn->link_mode |= HCI_LM_ENCRYPT;
1572
04837f64
MH		 1573 /* Get remote features */
1574 if (conn->type == ACL_LINK) {
1575 struct hci_cp_read_remote_features cp;
1576 cp.handle = ev->handle;
769be974
MH		 1577 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1578 sizeof(cp), &cp);
04837f64
MH		 1579 }
1580
1da177e4 1581 /* Set packet type for incoming connection */
d095c1eb 1582 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1583 struct hci_cp_change_conn_ptype cp;
1584 cp.handle = ev->handle;
a8746417
MH		 1585 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1586 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1587 sizeof(cp), &cp);
1da177e4 1588 }
17d5c04c 1589 } else {
1da177e4 1590 conn->state = BT_CLOSED;
17d5c04c 1591 if (conn->type == ACL_LINK)
744cf19e 1592 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1593 conn->dst_type, ev->status);
17d5c04c 1594 }
1da177e4 1595
e73439d8
MH		 1596 if (conn->type == ACL_LINK)
1597 hci_sco_setup(conn, ev->status);
1da177e4 1598
769be974
MH		 1599 if (ev->status) {
1600 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1601 hci_conn_del(conn);
c89b6e6b
MH		 1602 } else if (ev->link_type != ACL_LINK)
1603 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1604
a9de9248 1605unlock:
1da177e4 1606 hci_dev_unlock(hdev);
1da177e4 1607
a9de9248 1608 hci_conn_check_pending(hdev);
1da177e4
LT		 1609}
1610
a9de9248 1611static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1612{
a9de9248
MH		 1613 struct hci_ev_conn_request *ev = (void *) skb->data;
1614 int mask = hdev->link_mode;
1da177e4 1615
a9de9248
MH		 1616 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1617 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1618
a9de9248 1619 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1620
138d22ef
SJ		 1621 if ((mask & HCI_LM_ACCEPT) &&
1622 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1623 /* Connection accepted */
c7bdd502 1624 struct inquiry_entry *ie;
1da177e4 1625 struct hci_conn *conn;
1da177e4 1626
a9de9248 1627 hci_dev_lock(hdev);
b6a0dc82 1628
cc11b9c1
AE		 1629 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1630 if (ie)
c7bdd502
MH		 1631 memcpy(ie->data.dev_class, ev->dev_class, 3);
1632
a9de9248
MH		 1633 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1634 if (!conn) {
cc11b9c1
AE		 1635 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1636 if (!conn) {
893ef971 1637 BT_ERR("No memory for new connection");
a9de9248
MH		 1638 hci_dev_unlock(hdev);
1639 return;
1da177e4
LT		 1640 }
1641 }
b6a0dc82 1642
a9de9248
MH		 1643 memcpy(conn->dev_class, ev->dev_class, 3);
1644 conn->state = BT_CONNECT;
b6a0dc82 1645
a9de9248 1646 hci_dev_unlock(hdev);
1da177e4 1647
b6a0dc82
MH		 1648 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1649 struct hci_cp_accept_conn_req cp;
1da177e4 1650
b6a0dc82
MH		 1651 bacpy(&cp.bdaddr, &ev->bdaddr);
1652
1653 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1654 cp.role = 0x00; /* Become master */
1655 else
1656 cp.role = 0x01; /* Remain slave */
1657
1658 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1659 sizeof(cp), &cp);
1660 } else {
1661 struct hci_cp_accept_sync_conn_req cp;
1662
1663 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1664 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1665
1666 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1667 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1668 cp.max_latency = cpu_to_le16(0xffff);
1669 cp.content_format = cpu_to_le16(hdev->voice_setting);
1670 cp.retrans_effort = 0xff;
1da177e4 1671
b6a0dc82
MH		 1672 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1673 sizeof(cp), &cp);
1674 }
a9de9248
MH		 1675 } else {
1676 /* Connection rejected */
1677 struct hci_cp_reject_conn_req cp;
1da177e4 1678
a9de9248 1679 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1680 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1681 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1682 }
1da177e4
LT		 1683}
1684
a9de9248 1685static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1686{
a9de9248 1687 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1688 struct hci_conn *conn;
1689
1690 BT_DBG("%s status %d", hdev->name, ev->status);
1691
1692 hci_dev_lock(hdev);
1693
1694 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1695 if (!conn)
1696 goto unlock;
7d0db0a3 1697
37d9ef76
JH		 1698 if (ev->status == 0)
1699 conn->state = BT_CLOSED;
04837f64 1700
37d9ef76
JH		 1701 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1702 if (ev->status != 0)
1703 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1704 else
1705 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1706 conn->dst_type);
37d9ef76 1707 }
f7520543 1708
37d9ef76
JH		 1709 if (ev->status == 0) {
1710 hci_proto_disconn_cfm(conn, ev->reason);
1711 hci_conn_del(conn);
1712 }
f7520543
JH		 1713
1714unlock:
04837f64
MH		 1715 hci_dev_unlock(hdev);
1716}
1717
1da177e4
LT		 1718static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1719{
a9de9248 1720 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1721 struct hci_conn *conn;
1da177e4
LT		 1722
1723 BT_DBG("%s status %d", hdev->name, ev->status);
1724
1725 hci_dev_lock(hdev);
1726
04837f64 1727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1728 if (!conn)
1729 goto unlock;
1730
1731 if (!ev->status) {
1732 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1733 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1734 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1735 } else {
d7556e20
WR		 1736 conn->link_mode |= HCI_LM_AUTH;
1737 conn->sec_level = conn->pending_sec_level;
2a611692 1738 }
d7556e20 1739 } else {
744cf19e 1740 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1741 }
1da177e4 1742
d7556e20
WR		 1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1745
d7556e20
WR		 1746 if (conn->state == BT_CONFIG) {
1747 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1748 struct hci_cp_set_conn_encrypt cp;
1749 cp.handle = ev->handle;
1750 cp.encrypt = 0x01;
1751 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1752 &cp);
052b30b0 1753 } else {
d7556e20
WR		 1754 conn->state = BT_CONNECTED;
1755 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1756 hci_conn_put(conn);
1757 }
d7556e20
WR		 1758 } else {
1759 hci_auth_cfm(conn, ev->status);
052b30b0 1760
d7556e20
WR		 1761 hci_conn_hold(conn);
1762 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1763 hci_conn_put(conn);
1764 }
1765
1766 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1767 if (!ev->status) {
1768 struct hci_cp_set_conn_encrypt cp;
1769 cp.handle = ev->handle;
1770 cp.encrypt = 0x01;
1771 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1772 &cp);
1773 } else {
1774 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1775 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1776 }
1777 }
1778
d7556e20 1779unlock:
1da177e4
LT		 1780 hci_dev_unlock(hdev);
1781}
1782
a9de9248 1783static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1784{
127178d2
JH		 1785 struct hci_ev_remote_name *ev = (void *) skb->data;
1786 struct hci_conn *conn;
1787
a9de9248 1788 BT_DBG("%s", hdev->name);
1da177e4 1789
a9de9248 1790 hci_conn_check_pending(hdev);
127178d2
JH		 1791
1792 hci_dev_lock(hdev);
1793
a88a9652 1794 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1795 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1796
127178d2 1797 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1798 if (!conn)
1799 goto unlock;
1800
1801 if (!hci_outgoing_auth_needed(hdev, conn))
1802 goto unlock;
1803
1804 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1805 struct hci_cp_auth_requested cp;
1806 cp.handle = __cpu_to_le16(conn->handle);
1807 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1808 }
1809
79c6c70c 1810unlock:
127178d2 1811 hci_dev_unlock(hdev);
a9de9248
MH		 1812}
1813
1814static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1815{
1816 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1817 struct hci_conn *conn;
1818
1819 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1820
1821 hci_dev_lock(hdev);
1822
04837f64 1823 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1824 if (conn) {
1825 if (!ev->status) {
ae293196
MH		 1826 if (ev->encrypt) {
1827 /* Encryption implies authentication */
1828 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1829 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1830 conn->sec_level = conn->pending_sec_level;
ae293196 1831 } else
1da177e4
LT		 1832 conn->link_mode &= ~HCI_LM_ENCRYPT;
1833 }
1834
1835 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1836
f8558555
MH		 1837 if (conn->state == BT_CONFIG) {
1838 if (!ev->status)
1839 conn->state = BT_CONNECTED;
1840
1841 hci_proto_connect_cfm(conn, ev->status);
1842 hci_conn_put(conn);
1843 } else
1844 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1845 }
1846
1847 hci_dev_unlock(hdev);
1848}
1849
a9de9248 1850static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1851{
a9de9248 1852 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1853 struct hci_conn *conn;
1da177e4
LT		 1854
1855 BT_DBG("%s status %d", hdev->name, ev->status);
1856
1857 hci_dev_lock(hdev);
1858
04837f64 1859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1860 if (conn) {
1861 if (!ev->status)
1862 conn->link_mode |= HCI_LM_SECURE;
1863
1864 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1865
1866 hci_key_change_cfm(conn, ev->status);
1867 }
1868
1869 hci_dev_unlock(hdev);
1870}
1871
a9de9248 1872static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1873{
a9de9248
MH		 1874 struct hci_ev_remote_features *ev = (void *) skb->data;
1875 struct hci_conn *conn;
1876
1877 BT_DBG("%s status %d", hdev->name, ev->status);
1878
a9de9248
MH		 1879 hci_dev_lock(hdev);
1880
1881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1882 if (!conn)
1883 goto unlock;
769be974 1884
ccd556fe
JH		 1885 if (!ev->status)
1886 memcpy(conn->features, ev->features, 8);
1887
1888 if (conn->state != BT_CONFIG)
1889 goto unlock;
1890
1891 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1892 struct hci_cp_read_remote_ext_features cp;
1893 cp.handle = ev->handle;
1894 cp.page = 0x01;
1895 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1896 sizeof(cp), &cp);
392599b9
JH		 1897 goto unlock;
1898 }
1899
127178d2
JH		 1900 if (!ev->status) {
1901 struct hci_cp_remote_name_req cp;
1902 memset(&cp, 0, sizeof(cp));
1903 bacpy(&cp.bdaddr, &conn->dst);
1904 cp.pscan_rep_mode = 0x02;
1905 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1906 }
392599b9 1907
127178d2 1908 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1909 conn->state = BT_CONNECTED;
1910 hci_proto_connect_cfm(conn, ev->status);
1911 hci_conn_put(conn);
769be974 1912 }
a9de9248 1913
ccd556fe 1914unlock:
a9de9248 1915 hci_dev_unlock(hdev);
1da177e4
LT		 1916}
1917
a9de9248 1918static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1919{
a9de9248 1920 BT_DBG("%s", hdev->name);
1da177e4
LT		 1921}
1922
a9de9248 1923static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1924{
a9de9248 1925 BT_DBG("%s", hdev->name);
1da177e4
LT		 1926}
1927
a9de9248
MH		 1928static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1929{
1930 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1931 __u16 opcode;
1932
1933 skb_pull(skb, sizeof(*ev));
1934
1935 opcode = __le16_to_cpu(ev->opcode);
1936
1937 switch (opcode) {
1938 case HCI_OP_INQUIRY_CANCEL:
1939 hci_cc_inquiry_cancel(hdev, skb);
1940 break;
1941
1942 case HCI_OP_EXIT_PERIODIC_INQ:
1943 hci_cc_exit_periodic_inq(hdev, skb);
1944 break;
1945
1946 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1947 hci_cc_remote_name_req_cancel(hdev, skb);
1948 break;
1949
1950 case HCI_OP_ROLE_DISCOVERY:
1951 hci_cc_role_discovery(hdev, skb);
1952 break;
1953
e4e8e37c
MH		 1954 case HCI_OP_READ_LINK_POLICY:
1955 hci_cc_read_link_policy(hdev, skb);
1956 break;
1957
a9de9248
MH		 1958 case HCI_OP_WRITE_LINK_POLICY:
1959 hci_cc_write_link_policy(hdev, skb);
1960 break;
1961
e4e8e37c
MH		 1962 case HCI_OP_READ_DEF_LINK_POLICY:
1963 hci_cc_read_def_link_policy(hdev, skb);
1964 break;
1965
1966 case HCI_OP_WRITE_DEF_LINK_POLICY:
1967 hci_cc_write_def_link_policy(hdev, skb);
1968 break;
1969
a9de9248
MH		 1970 case HCI_OP_RESET:
1971 hci_cc_reset(hdev, skb);
1972 break;
1973
1974 case HCI_OP_WRITE_LOCAL_NAME:
1975 hci_cc_write_local_name(hdev, skb);
1976 break;
1977
1978 case HCI_OP_READ_LOCAL_NAME:
1979 hci_cc_read_local_name(hdev, skb);
1980 break;
1981
1982 case HCI_OP_WRITE_AUTH_ENABLE:
1983 hci_cc_write_auth_enable(hdev, skb);
1984 break;
1985
1986 case HCI_OP_WRITE_ENCRYPT_MODE:
1987 hci_cc_write_encrypt_mode(hdev, skb);
1988 break;
1989
1990 case HCI_OP_WRITE_SCAN_ENABLE:
1991 hci_cc_write_scan_enable(hdev, skb);
1992 break;
1993
1994 case HCI_OP_READ_CLASS_OF_DEV:
1995 hci_cc_read_class_of_dev(hdev, skb);
1996 break;
1997
1998 case HCI_OP_WRITE_CLASS_OF_DEV:
1999 hci_cc_write_class_of_dev(hdev, skb);
2000 break;
2001
2002 case HCI_OP_READ_VOICE_SETTING:
2003 hci_cc_read_voice_setting(hdev, skb);
2004 break;
2005
2006 case HCI_OP_WRITE_VOICE_SETTING:
2007 hci_cc_write_voice_setting(hdev, skb);
2008 break;
2009
2010 case HCI_OP_HOST_BUFFER_SIZE:
2011 hci_cc_host_buffer_size(hdev, skb);
2012 break;
2013
333140b5
MH		 2014 case HCI_OP_READ_SSP_MODE:
2015 hci_cc_read_ssp_mode(hdev, skb);
2016 break;
2017
2018 case HCI_OP_WRITE_SSP_MODE:
2019 hci_cc_write_ssp_mode(hdev, skb);
2020 break;
2021
a9de9248
MH		 2022 case HCI_OP_READ_LOCAL_VERSION:
2023 hci_cc_read_local_version(hdev, skb);
2024 break;
2025
2026 case HCI_OP_READ_LOCAL_COMMANDS:
2027 hci_cc_read_local_commands(hdev, skb);
2028 break;
2029
2030 case HCI_OP_READ_LOCAL_FEATURES:
2031 hci_cc_read_local_features(hdev, skb);
2032 break;
2033
971e3a4b
AG		 2034 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2035 hci_cc_read_local_ext_features(hdev, skb);
2036 break;
2037
a9de9248
MH		 2038 case HCI_OP_READ_BUFFER_SIZE:
2039 hci_cc_read_buffer_size(hdev, skb);
2040 break;
2041
2042 case HCI_OP_READ_BD_ADDR:
2043 hci_cc_read_bd_addr(hdev, skb);
2044 break;
2045
350ee4cf
AE		 2046 case HCI_OP_READ_DATA_BLOCK_SIZE:
2047 hci_cc_read_data_block_size(hdev, skb);
2048 break;
2049
23bb5763
JH		 2050 case HCI_OP_WRITE_CA_TIMEOUT:
2051 hci_cc_write_ca_timeout(hdev, skb);
2052 break;
2053
1e89cffb
AE		 2054 case HCI_OP_READ_FLOW_CONTROL_MODE:
2055 hci_cc_read_flow_control_mode(hdev, skb);
2056 break;
2057
928abaa7
AE		 2058 case HCI_OP_READ_LOCAL_AMP_INFO:
2059 hci_cc_read_local_amp_info(hdev, skb);
2060 break;
2061
b0916ea0
JH		 2062 case HCI_OP_DELETE_STORED_LINK_KEY:
2063 hci_cc_delete_stored_link_key(hdev, skb);
2064 break;
2065
d5859e22
JH		 2066 case HCI_OP_SET_EVENT_MASK:
2067 hci_cc_set_event_mask(hdev, skb);
2068 break;
2069
2070 case HCI_OP_WRITE_INQUIRY_MODE:
2071 hci_cc_write_inquiry_mode(hdev, skb);
2072 break;
2073
2074 case HCI_OP_READ_INQ_RSP_TX_POWER:
2075 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2076 break;
2077
2078 case HCI_OP_SET_EVENT_FLT:
2079 hci_cc_set_event_flt(hdev, skb);
2080 break;
2081
980e1a53
JH		 2082 case HCI_OP_PIN_CODE_REPLY:
2083 hci_cc_pin_code_reply(hdev, skb);
2084 break;
2085
2086 case HCI_OP_PIN_CODE_NEG_REPLY:
2087 hci_cc_pin_code_neg_reply(hdev, skb);
2088 break;
2089
c35938b2
SJ		 2090 case HCI_OP_READ_LOCAL_OOB_DATA:
2091 hci_cc_read_local_oob_data_reply(hdev, skb);
2092 break;
2093
6ed58ec5
VT		 2094 case HCI_OP_LE_READ_BUFFER_SIZE:
2095 hci_cc_le_read_buffer_size(hdev, skb);
2096 break;
2097
a5c29683
JH		 2098 case HCI_OP_USER_CONFIRM_REPLY:
2099 hci_cc_user_confirm_reply(hdev, skb);
2100 break;
2101
2102 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2103 hci_cc_user_confirm_neg_reply(hdev, skb);
2104 break;
2105
1143d458
BG		 2106 case HCI_OP_USER_PASSKEY_REPLY:
2107 hci_cc_user_passkey_reply(hdev, skb);
2108 break;
2109
2110 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2111 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2112
2113 case HCI_OP_LE_SET_SCAN_PARAM:
2114 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2115 break;
2116
eb9d91f5
AG		 2117 case HCI_OP_LE_SET_SCAN_ENABLE:
2118 hci_cc_le_set_scan_enable(hdev, skb);
2119 break;
2120
a7a595f6
VCG		 2121 case HCI_OP_LE_LTK_REPLY:
2122 hci_cc_le_ltk_reply(hdev, skb);
2123 break;
2124
2125 case HCI_OP_LE_LTK_NEG_REPLY:
2126 hci_cc_le_ltk_neg_reply(hdev, skb);
2127 break;
2128
f9b49306
AG		 2129 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2130 hci_cc_write_le_host_supported(hdev, skb);
2131 break;
2132
a9de9248
MH		 2133 default:
2134 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2135 break;
2136 }
2137
6bd32326
VT		 2138 if (ev->opcode != HCI_OP_NOP)
2139 del_timer(&hdev->cmd_timer);
2140
a9de9248
MH		 2141 if (ev->ncmd) {
2142 atomic_set(&hdev->cmd_cnt, 1);
2143 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2144 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2145 }
2146}
2147
2148static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2149{
2150 struct hci_ev_cmd_status *ev = (void *) skb->data;
2151 __u16 opcode;
2152
2153 skb_pull(skb, sizeof(*ev));
2154
2155 opcode = __le16_to_cpu(ev->opcode);
2156
2157 switch (opcode) {
2158 case HCI_OP_INQUIRY:
2159 hci_cs_inquiry(hdev, ev->status);
2160 break;
2161
2162 case HCI_OP_CREATE_CONN:
2163 hci_cs_create_conn(hdev, ev->status);
2164 break;
2165
2166 case HCI_OP_ADD_SCO:
2167 hci_cs_add_sco(hdev, ev->status);
2168 break;
2169
f8558555
MH		 2170 case HCI_OP_AUTH_REQUESTED:
2171 hci_cs_auth_requested(hdev, ev->status);
2172 break;
2173
2174 case HCI_OP_SET_CONN_ENCRYPT:
2175 hci_cs_set_conn_encrypt(hdev, ev->status);
2176 break;
2177
a9de9248
MH		 2178 case HCI_OP_REMOTE_NAME_REQ:
2179 hci_cs_remote_name_req(hdev, ev->status);
2180 break;
2181
769be974
MH		 2182 case HCI_OP_READ_REMOTE_FEATURES:
2183 hci_cs_read_remote_features(hdev, ev->status);
2184 break;
2185
2186 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2187 hci_cs_read_remote_ext_features(hdev, ev->status);
2188 break;
2189
a9de9248
MH		 2190 case HCI_OP_SETUP_SYNC_CONN:
2191 hci_cs_setup_sync_conn(hdev, ev->status);
2192 break;
2193
2194 case HCI_OP_SNIFF_MODE:
2195 hci_cs_sniff_mode(hdev, ev->status);
2196 break;
2197
2198 case HCI_OP_EXIT_SNIFF_MODE:
2199 hci_cs_exit_sniff_mode(hdev, ev->status);
2200 break;
2201
8962ee74
JH		 2202 case HCI_OP_DISCONNECT:
2203 if (ev->status != 0)
37d9ef76 2204 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2205 break;
2206
fcd89c09
VT		 2207 case HCI_OP_LE_CREATE_CONN:
2208 hci_cs_le_create_conn(hdev, ev->status);
2209 break;
2210
a7a595f6
VCG		 2211 case HCI_OP_LE_START_ENC:
2212 hci_cs_le_start_enc(hdev, ev->status);
2213 break;
2214
a9de9248
MH		 2215 default:
2216 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2217 break;
2218 }
2219
6bd32326
VT		 2220 if (ev->opcode != HCI_OP_NOP)
2221 del_timer(&hdev->cmd_timer);
2222
10572132 2223 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2224 atomic_set(&hdev->cmd_cnt, 1);
2225 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2226 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2227 }
2228}
2229
2230static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2231{
2232 struct hci_ev_role_change *ev = (void *) skb->data;
2233 struct hci_conn *conn;
2234
2235 BT_DBG("%s status %d", hdev->name, ev->status);
2236
2237 hci_dev_lock(hdev);
2238
2239 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2240 if (conn) {
2241 if (!ev->status) {
2242 if (ev->role)
2243 conn->link_mode &= ~HCI_LM_MASTER;
2244 else
2245 conn->link_mode |= HCI_LM_MASTER;
2246 }
2247
2248 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2249
2250 hci_role_switch_cfm(conn, ev->status, ev->role);
2251 }
2252
2253 hci_dev_unlock(hdev);
2254}
2255
2256static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2257{
2258 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2259 __le16 *ptr;
2260 int i;
2261
2262 skb_pull(skb, sizeof(*ev));
2263
2264 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2265
32ac5b9b
AE		 2266 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2267 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2268 return;
2269 }
2270
a9de9248
MH		 2271 if (skb->len < ev->num_hndl * 4) {
2272 BT_DBG("%s bad parameters", hdev->name);
2273 return;
2274 }
2275
a9de9248
MH		 2276 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2277 struct hci_conn *conn;
2278 __u16 handle, count;
2279
83985319
HH		 2280 handle = get_unaligned_le16(ptr++);
2281 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2282
2283 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2284 if (!conn)
2285 continue;
2286
2287 conn->sent -= count;
2288
2289 switch (conn->type) {
2290 case ACL_LINK:
2291 hdev->acl_cnt += count;
2292 if (hdev->acl_cnt > hdev->acl_pkts)
2293 hdev->acl_cnt = hdev->acl_pkts;
2294 break;
2295
2296 case LE_LINK:
2297 if (hdev->le_pkts) {
2298 hdev->le_cnt += count;
2299 if (hdev->le_cnt > hdev->le_pkts)
2300 hdev->le_cnt = hdev->le_pkts;
2301 } else {
70f23020
AE		 2302 hdev->acl_cnt += count;
2303 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2304 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2305 }
f4280918
AE		 2306 break;
2307
2308 case SCO_LINK:
2309 hdev->sco_cnt += count;
2310 if (hdev->sco_cnt > hdev->sco_pkts)
2311 hdev->sco_cnt = hdev->sco_pkts;
2312 break;
2313
2314 default:
2315 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2316 break;
a9de9248
MH		 2317 }
2318 }
2319
3eff45ea 2320 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2321}
2322
2323static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2324{
a9de9248 2325 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2326 struct hci_conn *conn;
2327
2328 BT_DBG("%s status %d", hdev->name, ev->status);
2329
2330 hci_dev_lock(hdev);
2331
2332 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2333 if (conn) {
2334 conn->mode = ev->mode;
2335 conn->interval = __le16_to_cpu(ev->interval);
2336
2337 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2338 if (conn->mode == HCI_CM_ACTIVE)
2339 conn->power_save = 1;
2340 else
2341 conn->power_save = 0;
2342 }
e73439d8
MH		 2343
2344 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2345 hci_sco_setup(conn, ev->status);
04837f64
MH		 2346 }
2347
2348 hci_dev_unlock(hdev);
2349}
2350
a9de9248
MH		 2351static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2352{
052b30b0
MH		 2353 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2354 struct hci_conn *conn;
2355
a9de9248 2356 BT_DBG("%s", hdev->name);
052b30b0
MH		 2357
2358 hci_dev_lock(hdev);
2359
2360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2361 if (!conn)
2362 goto unlock;
2363
2364 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2365 hci_conn_hold(conn);
2366 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2367 hci_conn_put(conn);
2368 }
2369
03b555e1
JH		 2370 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2371 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2372 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2373 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2374 u8 secure;
2375
2376 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2377 secure = 1;
2378 else
2379 secure = 0;
2380
744cf19e 2381 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2382 }
980e1a53 2383
b6f98044 2384unlock:
052b30b0 2385 hci_dev_unlock(hdev);
a9de9248
MH		 2386}
2387
2388static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2389{
55ed8ca1
JH		 2390 struct hci_ev_link_key_req *ev = (void *) skb->data;
2391 struct hci_cp_link_key_reply cp;
2392 struct hci_conn *conn;
2393 struct link_key *key;
2394
a9de9248 2395 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2396
2397 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2398 return;
2399
2400 hci_dev_lock(hdev);
2401
2402 key = hci_find_link_key(hdev, &ev->bdaddr);
2403 if (!key) {
2404 BT_DBG("%s link key not found for %s", hdev->name,
2405 batostr(&ev->bdaddr));
2406 goto not_found;
2407 }
2408
2409 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2410 batostr(&ev->bdaddr));
2411
b6020ba0
WR		 2412 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2413 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2414 BT_DBG("%s ignoring debug key", hdev->name);
2415 goto not_found;
2416 }
2417
2418 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2419 if (conn) {
2420 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2421 conn->auth_type != 0xff &&
2422 (conn->auth_type & 0x01)) {
2423 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2424 goto not_found;
2425 }
55ed8ca1 2426
60b83f57
WR		 2427 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2428 conn->pending_sec_level == BT_SECURITY_HIGH) {
2429 BT_DBG("%s ignoring key unauthenticated for high \
2430 security", hdev->name);
2431 goto not_found;
2432 }
2433
2434 conn->key_type = key->type;
2435 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2436 }
2437
2438 bacpy(&cp.bdaddr, &ev->bdaddr);
2439 memcpy(cp.link_key, key->val, 16);
2440
2441 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2442
2443 hci_dev_unlock(hdev);
2444
2445 return;
2446
2447not_found:
2448 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2449 hci_dev_unlock(hdev);
a9de9248
MH		 2450}
2451
2452static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2453{
052b30b0
MH		 2454 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2455 struct hci_conn *conn;
55ed8ca1 2456 u8 pin_len = 0;
052b30b0 2457
a9de9248 2458 BT_DBG("%s", hdev->name);
052b30b0
MH		 2459
2460 hci_dev_lock(hdev);
2461
2462 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2463 if (conn) {
2464 hci_conn_hold(conn);
2465 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2466 pin_len = conn->pin_length;
13d39315
WR		 2467
2468 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2469 conn->key_type = ev->key_type;
2470
052b30b0
MH		 2471 hci_conn_put(conn);
2472 }
2473
55ed8ca1 2474 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2475 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2476 ev->key_type, pin_len);
2477
052b30b0 2478 hci_dev_unlock(hdev);
a9de9248
MH		 2479}
2480
1da177e4
LT		 2481static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2482{
a9de9248 2483 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2484 struct hci_conn *conn;
1da177e4
LT		 2485
2486 BT_DBG("%s status %d", hdev->name, ev->status);
2487
2488 hci_dev_lock(hdev);
2489
04837f64 2490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2491 if (conn && !ev->status) {
2492 struct inquiry_entry *ie;
2493
cc11b9c1
AE		 2494 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2495 if (ie) {
1da177e4
LT		 2496 ie->data.clock_offset = ev->clock_offset;
2497 ie->timestamp = jiffies;
2498 }
2499 }
2500
2501 hci_dev_unlock(hdev);
2502}
2503
a8746417
MH		 2504static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2505{
2506 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2507 struct hci_conn *conn;
2508
2509 BT_DBG("%s status %d", hdev->name, ev->status);
2510
2511 hci_dev_lock(hdev);
2512
2513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2514 if (conn && !ev->status)
2515 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2516
2517 hci_dev_unlock(hdev);
2518}
2519
85a1e930
MH		 2520static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2521{
a9de9248 2522 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2523 struct inquiry_entry *ie;
2524
2525 BT_DBG("%s", hdev->name);
2526
2527 hci_dev_lock(hdev);
2528
cc11b9c1
AE		 2529 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2530 if (ie) {
85a1e930
MH		 2531 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2532 ie->timestamp = jiffies;
2533 }
2534
2535 hci_dev_unlock(hdev);
2536}
2537
a9de9248
MH		 2538static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2539{
2540 struct inquiry_data data;
2541 int num_rsp = *((__u8 *) skb->data);
2542
2543 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2544
2545 if (!num_rsp)
2546 return;
2547
2548 hci_dev_lock(hdev);
2549
2550 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2551 struct inquiry_info_with_rssi_and_pscan_mode *info;
2552 info = (void *) (skb->data + 1);
a9de9248 2553
e17acd40 2554 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2555 bacpy(&data.bdaddr, &info->bdaddr);
2556 data.pscan_rep_mode = info->pscan_rep_mode;
2557 data.pscan_period_mode = info->pscan_period_mode;
2558 data.pscan_mode = info->pscan_mode;
2559 memcpy(data.dev_class, info->dev_class, 3);
2560 data.clock_offset = info->clock_offset;
2561 data.rssi = info->rssi;
41a96212 2562 data.ssp_mode = 0x00;
a9de9248 2563 hci_inquiry_cache_update(hdev, &data);
48264f06 2564 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2565 info->dev_class, info->rssi,
2566 NULL);
a9de9248
MH		 2567 }
2568 } else {
2569 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2570
e17acd40 2571 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2572 bacpy(&data.bdaddr, &info->bdaddr);
2573 data.pscan_rep_mode = info->pscan_rep_mode;
2574 data.pscan_period_mode = info->pscan_period_mode;
2575 data.pscan_mode = 0x00;
2576 memcpy(data.dev_class, info->dev_class, 3);
2577 data.clock_offset = info->clock_offset;
2578 data.rssi = info->rssi;
41a96212 2579 data.ssp_mode = 0x00;
a9de9248 2580 hci_inquiry_cache_update(hdev, &data);
48264f06 2581 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2582 info->dev_class, info->rssi,
2583 NULL);
a9de9248
MH		 2584 }
2585 }
2586
2587 hci_dev_unlock(hdev);
2588}
2589
2590static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2591{
41a96212
MH		 2592 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2593 struct hci_conn *conn;
2594
a9de9248 2595 BT_DBG("%s", hdev->name);
41a96212 2596
41a96212
MH		 2597 hci_dev_lock(hdev);
2598
2599 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2600 if (!conn)
2601 goto unlock;
41a96212 2602
ccd556fe
JH		 2603 if (!ev->status && ev->page == 0x01) {
2604 struct inquiry_entry *ie;
41a96212 2605
cc11b9c1
AE		 2606 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2607 if (ie)
ccd556fe 2608 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2609
ccd556fe
JH		 2610 conn->ssp_mode = (ev->features[0] & 0x01);
2611 }
2612
2613 if (conn->state != BT_CONFIG)
2614 goto unlock;
2615
127178d2
JH		 2616 if (!ev->status) {
2617 struct hci_cp_remote_name_req cp;
2618 memset(&cp, 0, sizeof(cp));
2619 bacpy(&cp.bdaddr, &conn->dst);
2620 cp.pscan_rep_mode = 0x02;
2621 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2622 }
392599b9 2623
127178d2 2624 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2625 conn->state = BT_CONNECTED;
2626 hci_proto_connect_cfm(conn, ev->status);
2627 hci_conn_put(conn);
41a96212
MH		 2628 }
2629
ccd556fe 2630unlock:
41a96212 2631 hci_dev_unlock(hdev);
a9de9248
MH		 2632}
2633
2634static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2635{
b6a0dc82
MH		 2636 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2637 struct hci_conn *conn;
2638
2639 BT_DBG("%s status %d", hdev->name, ev->status);
2640
2641 hci_dev_lock(hdev);
2642
2643 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2644 if (!conn) {
2645 if (ev->link_type == ESCO_LINK)
2646 goto unlock;
2647
2648 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2649 if (!conn)
2650 goto unlock;
2651
2652 conn->type = SCO_LINK;
2653 }
b6a0dc82 2654
732547f9
MH		 2655 switch (ev->status) {
2656 case 0x00:
b6a0dc82
MH		 2657 conn->handle = __le16_to_cpu(ev->handle);
2658 conn->state = BT_CONNECTED;
7d0db0a3 2659
9eba32b8 2660 hci_conn_hold_device(conn);
7d0db0a3 2661 hci_conn_add_sysfs(conn);
732547f9
MH		 2662 break;
2663
705e5711 2664 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2665 case 0x1c: /* SCO interval rejected */
1038a00b 2666 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2667 case 0x1f: /* Unspecified error */
2668 if (conn->out && conn->attempt < 2) {
2669 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2670 (hdev->esco_type & EDR_ESCO_MASK);
2671 hci_setup_sync(conn, conn->link->handle);
2672 goto unlock;
2673 }
2674 /* fall through */
2675
2676 default:
b6a0dc82 2677 conn->state = BT_CLOSED;
732547f9
MH		 2678 break;
2679 }
b6a0dc82
MH		 2680
2681 hci_proto_connect_cfm(conn, ev->status);
2682 if (ev->status)
2683 hci_conn_del(conn);
2684
2685unlock:
2686 hci_dev_unlock(hdev);
a9de9248
MH		 2687}
2688
2689static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2690{
2691 BT_DBG("%s", hdev->name);
2692}
2693
04837f64
MH		 2694static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2695{
a9de9248 2696 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2697
2698 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2699}
2700
a9de9248 2701static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2702{
a9de9248
MH		 2703 struct inquiry_data data;
2704 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2705 int num_rsp = *((__u8 *) skb->data);
1da177e4 2706
a9de9248 2707 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2708
a9de9248
MH		 2709 if (!num_rsp)
2710 return;
1da177e4 2711
a9de9248
MH		 2712 hci_dev_lock(hdev);
2713
e17acd40 2714 for (; num_rsp; num_rsp--, info++) {
a9de9248 2715 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2716 data.pscan_rep_mode = info->pscan_rep_mode;
2717 data.pscan_period_mode = info->pscan_period_mode;
2718 data.pscan_mode = 0x00;
a9de9248 2719 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2720 data.clock_offset = info->clock_offset;
2721 data.rssi = info->rssi;
41a96212 2722 data.ssp_mode = 0x01;
a9de9248 2723 hci_inquiry_cache_update(hdev, &data);
48264f06 2724 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2725 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2726 }
2727
2728 hci_dev_unlock(hdev);
2729}
1da177e4 2730
17fa4b9d
JH		 2731static inline u8 hci_get_auth_req(struct hci_conn *conn)
2732{
2733 /* If remote requests dedicated bonding follow that lead */
2734 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2735 /* If both remote and local IO capabilities allow MITM
2736 * protection then require it, otherwise don't */
2737 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2738 return 0x02;
2739 else
2740 return 0x03;
2741 }
2742
2743 /* If remote requests no-bonding follow that lead */
2744 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2745 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2746
2747 return conn->auth_type;
2748}
2749
0493684e
MH		 2750static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2751{
2752 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2753 struct hci_conn *conn;
2754
2755 BT_DBG("%s", hdev->name);
2756
2757 hci_dev_lock(hdev);
2758
2759 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2760 if (!conn)
2761 goto unlock;
2762
2763 hci_conn_hold(conn);
2764
2765 if (!test_bit(HCI_MGMT, &hdev->flags))
2766 goto unlock;
2767
2768 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2769 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2770 struct hci_cp_io_capability_reply cp;
2771
2772 bacpy(&cp.bdaddr, &ev->bdaddr);
2773 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2774 conn->auth_type = hci_get_auth_req(conn);
2775 cp.authentication = conn->auth_type;
17fa4b9d 2776
ce85ee13
SJ		 2777 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2778 hci_find_remote_oob_data(hdev, &conn->dst))
2779 cp.oob_data = 0x01;
2780 else
2781 cp.oob_data = 0x00;
2782
17fa4b9d
JH		 2783 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2784 sizeof(cp), &cp);
03b555e1
JH		 2785 } else {
2786 struct hci_cp_io_capability_neg_reply cp;
2787
2788 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2789 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2790
03b555e1
JH		 2791 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2792 sizeof(cp), &cp);
2793 }
2794
2795unlock:
2796 hci_dev_unlock(hdev);
2797}
2798
2799static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2800{
2801 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2802 struct hci_conn *conn;
2803
2804 BT_DBG("%s", hdev->name);
2805
2806 hci_dev_lock(hdev);
2807
2808 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2809 if (!conn)
2810 goto unlock;
2811
03b555e1
JH		 2812 conn->remote_cap = ev->capability;
2813 conn->remote_oob = ev->oob_data;
2814 conn->remote_auth = ev->authentication;
2815
2816unlock:
0493684e
MH		 2817 hci_dev_unlock(hdev);
2818}
2819
a5c29683
JH		 2820static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2821 struct sk_buff *skb)
2822{
2823 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2824 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2825 struct hci_conn *conn;
a5c29683
JH		 2826
2827 BT_DBG("%s", hdev->name);
2828
2829 hci_dev_lock(hdev);
2830
7a828908
JH		 2831 if (!test_bit(HCI_MGMT, &hdev->flags))
2832 goto unlock;
a5c29683 2833
7a828908
JH		 2834 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2835 if (!conn)
2836 goto unlock;
2837
2838 loc_mitm = (conn->auth_type & 0x01);
2839 rem_mitm = (conn->remote_auth & 0x01);
2840
2841 /* If we require MITM but the remote device can't provide that
2842 * (it has NoInputNoOutput) then reject the confirmation
2843 * request. The only exception is when we're dedicated bonding
2844 * initiators (connect_cfm_cb set) since then we always have the MITM
2845 * bit set. */
2846 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2847 BT_DBG("Rejecting request: remote device can't provide MITM");
2848 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2849 sizeof(ev->bdaddr), &ev->bdaddr);
2850 goto unlock;
2851 }
2852
2853 /* If no side requires MITM protection; auto-accept */
2854 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2855 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2856
2857 /* If we're not the initiators request authorization to
2858 * proceed from user space (mgmt_user_confirm with
2859 * confirm_hint set to 1). */
2860 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2861 BT_DBG("Confirming auto-accept as acceptor");
2862 confirm_hint = 1;
2863 goto confirm;
2864 }
2865
9f61656a
JH		 2866 BT_DBG("Auto-accept of user confirmation with %ums delay",
2867 hdev->auto_accept_delay);
2868
2869 if (hdev->auto_accept_delay > 0) {
2870 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2871 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2872 goto unlock;
2873 }
2874
7a828908
JH		 2875 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2876 sizeof(ev->bdaddr), &ev->bdaddr);
2877 goto unlock;
2878 }
2879
55bc1a37 2880confirm:
744cf19e 2881 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2882 confirm_hint);
7a828908
JH		 2883
2884unlock:
a5c29683
JH		 2885 hci_dev_unlock(hdev);
2886}
2887
1143d458
BG		 2888static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2889 struct sk_buff *skb)
2890{
2891 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2892
2893 BT_DBG("%s", hdev->name);
2894
2895 hci_dev_lock(hdev);
2896
2897 if (test_bit(HCI_MGMT, &hdev->flags))
2898 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2899
2900 hci_dev_unlock(hdev);
2901}
2902
0493684e
MH		 2903static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2904{
2905 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2906 struct hci_conn *conn;
2907
2908 BT_DBG("%s", hdev->name);
2909
2910 hci_dev_lock(hdev);
2911
2912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2913 if (!conn)
2914 goto unlock;
2915
2916 /* To avoid duplicate auth_failed events to user space we check
2917 * the HCI_CONN_AUTH_PEND flag which will be set if we
2918 * initiated the authentication. A traditional auth_complete
2919 * event gets always produced as initiator and is also mapped to
2920 * the mgmt_auth_failed event */
2921 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2922 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2923
2a611692
JH		 2924 hci_conn_put(conn);
2925
2926unlock:
0493684e
MH		 2927 hci_dev_unlock(hdev);
2928}
2929
41a96212
MH		 2930static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2931{
2932 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2933 struct inquiry_entry *ie;
2934
2935 BT_DBG("%s", hdev->name);
2936
2937 hci_dev_lock(hdev);
2938
cc11b9c1
AE		 2939 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2940 if (ie)
41a96212
MH		 2941 ie->data.ssp_mode = (ev->features[0] & 0x01);
2942
2943 hci_dev_unlock(hdev);
2944}
2945
2763eda6
SJ		 2946static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2947 struct sk_buff *skb)
2948{
2949 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2950 struct oob_data *data;
2951
2952 BT_DBG("%s", hdev->name);
2953
2954 hci_dev_lock(hdev);
2955
e1ba1f15
SJ		 2956 if (!test_bit(HCI_MGMT, &hdev->flags))
2957 goto unlock;
2958
2763eda6
SJ		 2959 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2960 if (data) {
2961 struct hci_cp_remote_oob_data_reply cp;
2962
2963 bacpy(&cp.bdaddr, &ev->bdaddr);
2964 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2965 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2966
2967 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2968 &cp);
2969 } else {
2970 struct hci_cp_remote_oob_data_neg_reply cp;
2971
2972 bacpy(&cp.bdaddr, &ev->bdaddr);
2973 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2974 &cp);
2975 }
2976
e1ba1f15 2977unlock:
2763eda6
SJ		 2978 hci_dev_unlock(hdev);
2979}
2980
fcd89c09
VT		 2981static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2982{
2983 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2985
2986 BT_DBG("%s status %d", hdev->name, ev->status);
2987
2988 hci_dev_lock(hdev);
2989
2990 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2991 if (!conn) {
2992 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2993 if (!conn) {
2994 BT_ERR("No memory for new connection");
2995 hci_dev_unlock(hdev);
2996 return;
2997 }
29b7988a
AG		 2998
2999 conn->dst_type = ev->bdaddr_type;
b62f328b 3000 }
fcd89c09
VT		 3001
3002 if (ev->status) {
48264f06
JH		 3003 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3004 conn->dst_type, ev->status);
fcd89c09
VT		 3005 hci_proto_connect_cfm(conn, ev->status);
3006 conn->state = BT_CLOSED;
3007 hci_conn_del(conn);
3008 goto unlock;
3009 }
3010
48264f06 3011 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 3012
7b5c0d52 3013 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3014 conn->handle = __le16_to_cpu(ev->handle);
3015 conn->state = BT_CONNECTED;
3016
3017 hci_conn_hold_device(conn);
3018 hci_conn_add_sysfs(conn);
3019
3020 hci_proto_connect_cfm(conn, ev->status);
3021
3022unlock:
3023 hci_dev_unlock(hdev);
3024}
3025
9aa04c91
AG		 3026static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3027 struct sk_buff *skb)
3028{
e95beb41
AG		 3029 u8 num_reports = skb->data[0];
3030 void *ptr = &skb->data[1];
9aa04c91
AG		 3031
3032 hci_dev_lock(hdev);
3033
e95beb41
AG		 3034 while (num_reports--) {
3035 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3036
9aa04c91 3037 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 3038
3039 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3040 }
3041
3042 hci_dev_unlock(hdev);
3043}
3044
a7a595f6
VCG		 3045static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3046 struct sk_buff *skb)
3047{
3048 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3049 struct hci_cp_le_ltk_reply cp;
bea710fe 3050 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3051 struct hci_conn *conn;
bea710fe 3052 struct link_key *ltk;
a7a595f6
VCG		 3053
3054 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3055
3056 hci_dev_lock(hdev);
3057
3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3059 if (conn == NULL)
3060 goto not_found;
a7a595f6 3061
bea710fe
VCG		 3062 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3063 if (ltk == NULL)
3064 goto not_found;
3065
3066 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3067 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3068 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3069
3070 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3071
3072 hci_dev_unlock(hdev);
bea710fe
VCG		 3073
3074 return;
3075
3076not_found:
3077 neg.handle = ev->handle;
3078 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3079 hci_dev_unlock(hdev);
a7a595f6
VCG		 3080}
3081
fcd89c09
VT		 3082static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3083{
3084 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3085
3086 skb_pull(skb, sizeof(*le_ev));
3087
3088 switch (le_ev->subevent) {
3089 case HCI_EV_LE_CONN_COMPLETE:
3090 hci_le_conn_complete_evt(hdev, skb);
3091 break;
3092
9aa04c91
AG		 3093 case HCI_EV_LE_ADVERTISING_REPORT:
3094 hci_le_adv_report_evt(hdev, skb);
3095 break;
3096
a7a595f6
VCG		 3097 case HCI_EV_LE_LTK_REQ:
3098 hci_le_ltk_request_evt(hdev, skb);
3099 break;
3100
fcd89c09
VT		 3101 default:
3102 break;
3103 }
3104}
3105
a9de9248
MH		 3106void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3107{
3108 struct hci_event_hdr *hdr = (void *) skb->data;
3109 __u8 event = hdr->evt;
3110
3111 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3112
3113 switch (event) {
1da177e4
LT		 3114 case HCI_EV_INQUIRY_COMPLETE:
3115 hci_inquiry_complete_evt(hdev, skb);
3116 break;
3117
3118 case HCI_EV_INQUIRY_RESULT:
3119 hci_inquiry_result_evt(hdev, skb);
3120 break;
3121
a9de9248
MH		 3122 case HCI_EV_CONN_COMPLETE:
3123 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3124 break;
3125
1da177e4
LT		 3126 case HCI_EV_CONN_REQUEST:
3127 hci_conn_request_evt(hdev, skb);
3128 break;
3129
1da177e4
LT		 3130 case HCI_EV_DISCONN_COMPLETE:
3131 hci_disconn_complete_evt(hdev, skb);
3132 break;
3133
1da177e4
LT		 3134 case HCI_EV_AUTH_COMPLETE:
3135 hci_auth_complete_evt(hdev, skb);
3136 break;
3137
a9de9248
MH		 3138 case HCI_EV_REMOTE_NAME:
3139 hci_remote_name_evt(hdev, skb);
3140 break;
3141
1da177e4
LT		 3142 case HCI_EV_ENCRYPT_CHANGE:
3143 hci_encrypt_change_evt(hdev, skb);
3144 break;
3145
a9de9248
MH		 3146 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3147 hci_change_link_key_complete_evt(hdev, skb);
3148 break;
3149
3150 case HCI_EV_REMOTE_FEATURES:
3151 hci_remote_features_evt(hdev, skb);
3152 break;
3153
3154 case HCI_EV_REMOTE_VERSION:
3155 hci_remote_version_evt(hdev, skb);
3156 break;
3157
3158 case HCI_EV_QOS_SETUP_COMPLETE:
3159 hci_qos_setup_complete_evt(hdev, skb);
3160 break;
3161
3162 case HCI_EV_CMD_COMPLETE:
3163 hci_cmd_complete_evt(hdev, skb);
3164 break;
3165
3166 case HCI_EV_CMD_STATUS:
3167 hci_cmd_status_evt(hdev, skb);
3168 break;
3169
3170 case HCI_EV_ROLE_CHANGE:
3171 hci_role_change_evt(hdev, skb);
3172 break;
3173
3174 case HCI_EV_NUM_COMP_PKTS:
3175 hci_num_comp_pkts_evt(hdev, skb);
3176 break;
3177
3178 case HCI_EV_MODE_CHANGE:
3179 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3180 break;
3181
3182 case HCI_EV_PIN_CODE_REQ:
3183 hci_pin_code_request_evt(hdev, skb);
3184 break;
3185
3186 case HCI_EV_LINK_KEY_REQ:
3187 hci_link_key_request_evt(hdev, skb);
3188 break;
3189
3190 case HCI_EV_LINK_KEY_NOTIFY:
3191 hci_link_key_notify_evt(hdev, skb);
3192 break;
3193
3194 case HCI_EV_CLOCK_OFFSET:
3195 hci_clock_offset_evt(hdev, skb);
3196 break;
3197
a8746417
MH		 3198 case HCI_EV_PKT_TYPE_CHANGE:
3199 hci_pkt_type_change_evt(hdev, skb);
3200 break;
3201
85a1e930
MH		 3202 case HCI_EV_PSCAN_REP_MODE:
3203 hci_pscan_rep_mode_evt(hdev, skb);
3204 break;
3205
a9de9248
MH		 3206 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3207 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3208 break;
3209
a9de9248
MH		 3210 case HCI_EV_REMOTE_EXT_FEATURES:
3211 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3212 break;
3213
a9de9248
MH		 3214 case HCI_EV_SYNC_CONN_COMPLETE:
3215 hci_sync_conn_complete_evt(hdev, skb);
3216 break;
1da177e4 3217
a9de9248
MH		 3218 case HCI_EV_SYNC_CONN_CHANGED:
3219 hci_sync_conn_changed_evt(hdev, skb);
3220 break;
1da177e4 3221
a9de9248
MH		 3222 case HCI_EV_SNIFF_SUBRATE:
3223 hci_sniff_subrate_evt(hdev, skb);
3224 break;
1da177e4 3225
a9de9248
MH		 3226 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3227 hci_extended_inquiry_result_evt(hdev, skb);
3228 break;
1da177e4 3229
0493684e
MH		 3230 case HCI_EV_IO_CAPA_REQUEST:
3231 hci_io_capa_request_evt(hdev, skb);
3232 break;
3233
03b555e1
JH		 3234 case HCI_EV_IO_CAPA_REPLY:
3235 hci_io_capa_reply_evt(hdev, skb);
3236 break;
3237
a5c29683
JH		 3238 case HCI_EV_USER_CONFIRM_REQUEST:
3239 hci_user_confirm_request_evt(hdev, skb);
3240 break;
3241
1143d458
BG		 3242 case HCI_EV_USER_PASSKEY_REQUEST:
3243 hci_user_passkey_request_evt(hdev, skb);
3244 break;
3245
0493684e
MH		 3246 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3247 hci_simple_pair_complete_evt(hdev, skb);
3248 break;
3249
41a96212
MH		 3250 case HCI_EV_REMOTE_HOST_FEATURES:
3251 hci_remote_host_features_evt(hdev, skb);
3252 break;
3253
fcd89c09
VT		 3254 case HCI_EV_LE_META:
3255 hci_le_meta_evt(hdev, skb);
3256 break;
3257
2763eda6
SJ		 3258 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3259 hci_remote_oob_data_request_evt(hdev, skb);
3260 break;
3261
a9de9248
MH		 3262 default:
3263 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3264 break;
3265 }
3266
3267 kfree_skb(skb);
3268 hdev->stat.evt_rx++;
3269}
3270
3271/* Generate internal stack event */
3272void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3273{
3274 struct hci_event_hdr *hdr;
3275 struct hci_ev_stack_internal *ev;
3276 struct sk_buff *skb;
3277
3278 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3279 if (!skb)
3280 return;
3281
3282 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3283 hdr->evt = HCI_EV_STACK_INTERNAL;
3284 hdr->plen = sizeof(*ev) + dlen;
3285
3286 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3287 ev->type = type;
3288 memcpy(ev->data, data, dlen);
3289
576c7d85 3290 bt_cb(skb)->incoming = 1;
a61bbcf2 3291 __net_timestamp(skb);
576c7d85 3292
0d48d939 3293 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3294 skb->dev = (void *) hdev;
eec8d2bc 3295 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3296 kfree_skb(skb);
3297}
e6100a25 3298
669bb396 3299module_param(enable_le, bool, 0644);
e6100a25 3300MODULE_PARM_DESC(enable_le, "Enable LE support");
Linux kernel - Deliverables
This page took 1.131235 seconds and 5 git commands to generate.