projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
381 if (hdev->notify) {
382 tasklet_disable(&hdev->tx_task);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
384 tasklet_enable(&hdev->tx_task);
385 }
386}
387
388static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
389{
390 __u8 status = *((__u8 *) skb->data);
f383f275 391 __u16 setting;
a9de9248
MH		 392 void *sent;
393
394 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 395
f383f275
MH		 396 if (status)
397 return;
398
a9de9248
MH		 399 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 if (!sent)
401 return;
1da177e4 402
f383f275 403 setting = get_unaligned_le16(sent);
1da177e4 404
f383f275
MH		 405 if (hdev->voice_setting == setting)
406 return;
407
408 hdev->voice_setting = setting;
1da177e4 409
f383f275 410 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 411
f383f275
MH		 412 if (hdev->notify) {
413 tasklet_disable(&hdev->tx_task);
414 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 416 }
417}
418
a9de9248 419static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 420{
a9de9248 421 __u8 status = *((__u8 *) skb->data);
1da177e4 422
a9de9248 423 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 424
23bb5763 425 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 426}
1143e5a6 427
333140b5
MH		 428static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429{
430 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
431
432 BT_DBG("%s status 0x%x", hdev->name, rp->status);
433
434 if (rp->status)
435 return;
436
437 hdev->ssp_mode = rp->mode;
438}
439
440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
443 void *sent;
444
445 BT_DBG("%s status 0x%x", hdev->name, status);
446
447 if (status)
448 return;
449
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (!sent)
452 return;
453
454 hdev->ssp_mode = *((__u8 *) sent);
455}
456
d5859e22
JH		 457static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
458{
459 if (hdev->features[6] & LMP_EXT_INQ)
460 return 2;
461
462 if (hdev->features[3] & LMP_RSSI_INQ)
463 return 1;
464
465 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
466 hdev->lmp_subver == 0x0757)
467 return 1;
468
469 if (hdev->manufacturer == 15) {
470 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
471 return 1;
472 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
475 return 1;
476 }
477
478 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
479 hdev->lmp_subver == 0x1805)
480 return 1;
481
482 return 0;
483}
484
485static void hci_setup_inquiry_mode(struct hci_dev *hdev)
486{
487 u8 mode;
488
489 mode = hci_get_inquiry_mode(hdev);
490
491 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
492}
493
494static void hci_setup_event_mask(struct hci_dev *hdev)
495{
496 /* The second byte is 0xff instead of 0x9f (two reserved bits
497 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
498 * command otherwise */
499 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
500
6de6c18d
VT		 501 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
502 * any event mask for pre 1.2 devices */
503 if (hdev->lmp_ver <= 1)
504 return;
505
506 events[4] |= 0x01; /* Flow Specification Complete */
507 events[4] |= 0x02; /* Inquiry Result with RSSI */
508 events[4] |= 0x04; /* Read Remote Extended Features Complete */
509 events[5] |= 0x08; /* Synchronous Connection Complete */
510 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 511
512 if (hdev->features[3] & LMP_RSSI_INQ)
513 events[4] |= 0x04; /* Inquiry Result with RSSI */
514
515 if (hdev->features[5] & LMP_SNIFF_SUBR)
516 events[5] |= 0x20; /* Sniff Subrating */
517
518 if (hdev->features[5] & LMP_PAUSE_ENC)
519 events[5] |= 0x80; /* Encryption Key Refresh Complete */
520
521 if (hdev->features[6] & LMP_EXT_INQ)
522 events[5] |= 0x40; /* Extended Inquiry Result */
523
524 if (hdev->features[6] & LMP_NO_FLUSH)
525 events[7] |= 0x01; /* Enhanced Flush Complete */
526
527 if (hdev->features[7] & LMP_LSTO)
528 events[6] |= 0x80; /* Link Supervision Timeout Changed */
529
530 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
531 events[6] |= 0x01; /* IO Capability Request */
532 events[6] |= 0x02; /* IO Capability Response */
533 events[6] |= 0x04; /* User Confirmation Request */
534 events[6] |= 0x08; /* User Passkey Request */
535 events[6] |= 0x10; /* Remote OOB Data Request */
536 events[6] |= 0x20; /* Simple Pairing Complete */
537 events[7] |= 0x04; /* User Passkey Notification */
538 events[7] |= 0x08; /* Keypress Notification */
539 events[7] |= 0x10; /* Remote Host Supported
540 * Features Notification */
541 }
542
543 if (hdev->features[4] & LMP_LE)
544 events[7] |= 0x20; /* LE Meta-Event */
545
546 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
547}
548
e6100a25
AG		 549static void hci_set_le_support(struct hci_dev *hdev)
550{
551 struct hci_cp_write_le_host_supported cp;
552
553 memset(&cp, 0, sizeof(cp));
554
555 if (enable_le) {
556 cp.le = 1;
557 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
558 }
559
560 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
561}
562
d5859e22
JH		 563static void hci_setup(struct hci_dev *hdev)
564{
565 hci_setup_event_mask(hdev);
566
33cb722c 567 if (hdev->hci_ver > 1)
d5859e22
JH		 568 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
569
570 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
571 u8 mode = 0x01;
572 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
586 sizeof(cp), &cp);
587 }
e6100a25
AG		 588
589 if (hdev->features[4] & LMP_LE)
590 hci_set_le_support(hdev);
d5859e22
JH		 591}
592
a9de9248
MH		 593static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
594{
595 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 596
a9de9248 597 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 598
a9de9248
MH		 599 if (rp->status)
600 return;
1143e5a6 601
a9de9248 602 hdev->hci_ver = rp->hci_ver;
e4e8e37c 603 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 604 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 605 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 606 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 607
a9de9248
MH		 608 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
609 hdev->manufacturer,
610 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 611
612 if (test_bit(HCI_INIT, &hdev->flags))
613 hci_setup(hdev);
614}
615
616static void hci_setup_link_policy(struct hci_dev *hdev)
617{
618 u16 link_policy = 0;
619
620 if (hdev->features[0] & LMP_RSWITCH)
621 link_policy |= HCI_LP_RSWITCH;
622 if (hdev->features[0] & LMP_HOLD)
623 link_policy |= HCI_LP_HOLD;
624 if (hdev->features[0] & LMP_SNIFF)
625 link_policy |= HCI_LP_SNIFF;
626 if (hdev->features[1] & LMP_PARK)
627 link_policy |= HCI_LP_PARK;
628
629 link_policy = cpu_to_le16(link_policy);
630 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
631 sizeof(link_policy), &link_policy);
a9de9248 632}
1da177e4 633
a9de9248
MH		 634static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
635{
636 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 637
a9de9248 638 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 639
a9de9248 640 if (rp->status)
d5859e22 641 goto done;
1da177e4 642
a9de9248 643 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 644
645 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
646 hci_setup_link_policy(hdev);
647
648done:
649 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 650}
1da177e4 651
a9de9248
MH		 652static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
653{
654 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 655
a9de9248 656 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 657
a9de9248
MH		 658 if (rp->status)
659 return;
5b7f9909 660
a9de9248 661 memcpy(hdev->features, rp->features, 8);
5b7f9909 662
a9de9248
MH		 663 /* Adjust default settings according to features
664 * supported by device. */
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_3SLOT)
667 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[0] & LMP_5SLOT)
670 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 671
a9de9248
MH		 672 if (hdev->features[1] & LMP_HV2) {
673 hdev->pkt_type |= (HCI_HV2);
674 hdev->esco_type |= (ESCO_HV2);
675 }
1da177e4 676
a9de9248
MH		 677 if (hdev->features[1] & LMP_HV3) {
678 hdev->pkt_type |= (HCI_HV3);
679 hdev->esco_type |= (ESCO_HV3);
680 }
1da177e4 681
a9de9248
MH		 682 if (hdev->features[3] & LMP_ESCO)
683 hdev->esco_type |= (ESCO_EV3);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV4)
686 hdev->esco_type |= (ESCO_EV4);
da1f5198 687
a9de9248
MH		 688 if (hdev->features[4] & LMP_EV5)
689 hdev->esco_type |= (ESCO_EV5);
1da177e4 690
efc7688b
MH		 691 if (hdev->features[5] & LMP_EDR_ESCO_2M)
692 hdev->esco_type |= (ESCO_2EV3);
693
694 if (hdev->features[5] & LMP_EDR_ESCO_3M)
695 hdev->esco_type |= (ESCO_3EV3);
696
697 if (hdev->features[5] & LMP_EDR_3S_ESCO)
698 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
699
a9de9248
MH		 700 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
701 hdev->features[0], hdev->features[1],
702 hdev->features[2], hdev->features[3],
703 hdev->features[4], hdev->features[5],
704 hdev->features[6], hdev->features[7]);
705}
1da177e4 706
971e3a4b
AG		 707static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
711
712 BT_DBG("%s status 0x%x", hdev->name, rp->status);
713
714 if (rp->status)
715 return;
716
717 memcpy(hdev->extfeatures, rp->features, 8);
718
719 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
720}
721
1e89cffb
AE		 722static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
723 struct sk_buff *skb)
724{
725 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
726
727 BT_DBG("%s status 0x%x", hdev->name, rp->status);
728
729 if (rp->status)
730 return;
731
732 hdev->flow_ctl_mode = rp->mode;
733
734 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
735}
736
a9de9248
MH		 737static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
738{
739 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 740
a9de9248 741 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 742
a9de9248
MH		 743 if (rp->status)
744 return;
1da177e4 745
a9de9248
MH		 746 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
747 hdev->sco_mtu = rp->sco_mtu;
748 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
749 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
750
751 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
752 hdev->sco_mtu = 64;
753 hdev->sco_pkts = 8;
1da177e4 754 }
a9de9248
MH		 755
756 hdev->acl_cnt = hdev->acl_pkts;
757 hdev->sco_cnt = hdev->sco_pkts;
758
759 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
760 hdev->acl_mtu, hdev->acl_pkts,
761 hdev->sco_mtu, hdev->sco_pkts);
762}
763
764static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
765{
766 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
767
768 BT_DBG("%s status 0x%x", hdev->name, rp->status);
769
770 if (!rp->status)
771 bacpy(&hdev->bdaddr, &rp->bdaddr);
772
23bb5763
JH		 773 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
774}
775
776static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
777{
778 __u8 status = *((__u8 *) skb->data);
779
780 BT_DBG("%s status 0x%x", hdev->name, status);
781
782 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 783}
784
928abaa7
AE		 785static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
786 struct sk_buff *skb)
787{
788 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
789
790 BT_DBG("%s status 0x%x", hdev->name, rp->status);
791
792 if (rp->status)
793 return;
794
795 hdev->amp_status = rp->amp_status;
796 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
797 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
798 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
799 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
800 hdev->amp_type = rp->amp_type;
801 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
802 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
803 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
804 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
805
806 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
807}
808
b0916ea0
JH		 809static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
810 struct sk_buff *skb)
811{
812 __u8 status = *((__u8 *) skb->data);
813
814 BT_DBG("%s status 0x%x", hdev->name, status);
815
816 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
817}
818
d5859e22
JH		 819static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
820{
821 __u8 status = *((__u8 *) skb->data);
822
823 BT_DBG("%s status 0x%x", hdev->name, status);
824
825 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
826}
827
828static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
829 struct sk_buff *skb)
830{
831 __u8 status = *((__u8 *) skb->data);
832
833 BT_DBG("%s status 0x%x", hdev->name, status);
834
835 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
836}
837
838static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
839 struct sk_buff *skb)
840{
841 __u8 status = *((__u8 *) skb->data);
842
843 BT_DBG("%s status 0x%x", hdev->name, status);
844
845 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
846}
847
848static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
849{
850 __u8 status = *((__u8 *) skb->data);
851
852 BT_DBG("%s status 0x%x", hdev->name, status);
853
854 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
855}
856
980e1a53
JH		 857static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
858{
859 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
860 struct hci_cp_pin_code_reply *cp;
861 struct hci_conn *conn;
862
863 BT_DBG("%s status 0x%x", hdev->name, rp->status);
864
56e5cb86
JH		 865 hci_dev_lock(hdev);
866
980e1a53 867 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 868 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 869
870 if (rp->status != 0)
56e5cb86 871 goto unlock;
980e1a53
JH		 872
873 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
874 if (!cp)
56e5cb86 875 goto unlock;
980e1a53
JH		 876
877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
878 if (conn)
879 conn->pin_length = cp->pin_len;
56e5cb86
JH		 880
881unlock:
882 hci_dev_unlock(hdev);
980e1a53
JH		 883}
884
885static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
886{
887 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
888
889 BT_DBG("%s status 0x%x", hdev->name, rp->status);
890
56e5cb86
JH		 891 hci_dev_lock(hdev);
892
980e1a53 893 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 894 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 895 rp->status);
56e5cb86
JH		 896
897 hci_dev_unlock(hdev);
980e1a53 898}
56e5cb86 899
6ed58ec5
VT		 900static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
901 struct sk_buff *skb)
902{
903 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
904
905 BT_DBG("%s status 0x%x", hdev->name, rp->status);
906
907 if (rp->status)
908 return;
909
910 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
911 hdev->le_pkts = rp->le_max_pkt;
912
913 hdev->le_cnt = hdev->le_pkts;
914
915 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
916
917 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
918}
980e1a53 919
a5c29683
JH		 920static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
925
56e5cb86
JH		 926 hci_dev_lock(hdev);
927
a5c29683 928 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 929 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 930 rp->status);
56e5cb86
JH		 931
932 hci_dev_unlock(hdev);
a5c29683
JH		 933}
934
935static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
936 struct sk_buff *skb)
937{
938 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
939
940 BT_DBG("%s status 0x%x", hdev->name, rp->status);
941
56e5cb86
JH		 942 hci_dev_lock(hdev);
943
a5c29683 944 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 945 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 946 rp->status);
56e5cb86
JH		 947
948 hci_dev_unlock(hdev);
a5c29683
JH		 949}
950
1143d458
BG		 951static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
952{
953 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958
959 if (test_bit(HCI_MGMT, &hdev->flags))
960 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
961 rp->status);
962
963 hci_dev_unlock(hdev);
964}
965
966static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
967 struct sk_buff *skb)
968{
969 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
970
971 BT_DBG("%s status 0x%x", hdev->name, rp->status);
972
973 hci_dev_lock(hdev);
974
975 if (test_bit(HCI_MGMT, &hdev->flags))
976 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
977 rp->status);
978
979 hci_dev_unlock(hdev);
980}
981
c35938b2
SJ		 982static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
983 struct sk_buff *skb)
984{
985 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
986
987 BT_DBG("%s status 0x%x", hdev->name, rp->status);
988
56e5cb86 989 hci_dev_lock(hdev);
744cf19e 990 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 991 rp->randomizer, rp->status);
56e5cb86 992 hci_dev_unlock(hdev);
c35938b2
SJ		 993}
994
07f7fa5d
AG		 995static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
996{
997 __u8 status = *((__u8 *) skb->data);
998
999 BT_DBG("%s status 0x%x", hdev->name, status);
1000}
1001
eb9d91f5
AG		 1002static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1004{
1005 struct hci_cp_le_set_scan_enable *cp;
1006 __u8 status = *((__u8 *) skb->data);
1007
1008 BT_DBG("%s status 0x%x", hdev->name, status);
1009
1010 if (status)
1011 return;
1012
1013 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1014 if (!cp)
1015 return;
1016
35815085 1017 if (cp->enable == 0x01) {
d23264a8
AG		 1018 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1019
35815085 1020 del_timer(&hdev->adv_timer);
a8f13c8c
AG		 1021
1022 hci_dev_lock(hdev);
eb9d91f5 1023 hci_adv_entries_clear(hdev);
a8f13c8c 1024 hci_dev_unlock(hdev);
35815085 1025 } else if (cp->enable == 0x00) {
d23264a8
AG		 1026 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1027
35815085
AG		 1028 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
1029 }
eb9d91f5
AG		 1030}
1031
a7a595f6
VCG		 1032static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1033{
1034 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1035
1036 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1037
1038 if (rp->status)
1039 return;
1040
1041 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1042}
1043
1044static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1045{
1046 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1047
1048 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1049
1050 if (rp->status)
1051 return;
1052
1053 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1054}
1055
f9b49306
AG		 1056static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1057 struct sk_buff *skb)
1058{
1059 struct hci_cp_read_local_ext_features cp;
1060 __u8 status = *((__u8 *) skb->data);
1061
1062 BT_DBG("%s status 0x%x", hdev->name, status);
1063
1064 if (status)
1065 return;
1066
1067 cp.page = 0x01;
1068 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1069}
1070
a9de9248
MH		 1071static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1072{
1073 BT_DBG("%s status 0x%x", hdev->name, status);
1074
1075 if (status) {
23bb5763 1076 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1077 hci_conn_check_pending(hdev);
56e5cb86 1078 hci_dev_lock(hdev);
164a6e78 1079 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1080 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1081 hci_dev_unlock(hdev);
314b2381
JH		 1082 return;
1083 }
1084
89352e7d
AG		 1085 set_bit(HCI_INQUIRY, &hdev->flags);
1086
56e5cb86 1087 hci_dev_lock(hdev);
744cf19e 1088 mgmt_discovering(hdev, 1);
56e5cb86 1089 hci_dev_unlock(hdev);
1da177e4
LT		 1090}
1091
1da177e4
LT		 1092static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1093{
a9de9248 1094 struct hci_cp_create_conn *cp;
1da177e4 1095 struct hci_conn *conn;
1da177e4 1096
a9de9248
MH		 1097 BT_DBG("%s status 0x%x", hdev->name, status);
1098
1099 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1100 if (!cp)
1101 return;
1102
1103 hci_dev_lock(hdev);
1104
1105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1106
a9de9248 1107 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1108
1109 if (status) {
1110 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1111 if (status != 0x0c || conn->attempt > 2) {
1112 conn->state = BT_CLOSED;
1113 hci_proto_connect_cfm(conn, status);
1114 hci_conn_del(conn);
1115 } else
1116 conn->state = BT_CONNECT2;
1da177e4
LT		 1117 }
1118 } else {
1119 if (!conn) {
1120 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1121 if (conn) {
1122 conn->out = 1;
1123 conn->link_mode |= HCI_LM_MASTER;
1124 } else
893ef971 1125 BT_ERR("No memory for new connection");
1da177e4
LT		 1126 }
1127 }
1128
1129 hci_dev_unlock(hdev);
1130}
1131
a9de9248 1132static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1133{
a9de9248
MH		 1134 struct hci_cp_add_sco *cp;
1135 struct hci_conn *acl, *sco;
1136 __u16 handle;
1da177e4 1137
b6a0dc82
MH		 1138 BT_DBG("%s status 0x%x", hdev->name, status);
1139
a9de9248
MH		 1140 if (!status)
1141 return;
1da177e4 1142
a9de9248
MH		 1143 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1144 if (!cp)
1145 return;
1da177e4 1146
a9de9248 1147 handle = __le16_to_cpu(cp->handle);
1da177e4 1148
a9de9248 1149 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1150
a9de9248 1151 hci_dev_lock(hdev);
1da177e4 1152
a9de9248 1153 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1154 if (acl) {
1155 sco = acl->link;
1156 if (sco) {
1157 sco->state = BT_CLOSED;
1da177e4 1158
5a08ecce
AE		 1159 hci_proto_connect_cfm(sco, status);
1160 hci_conn_del(sco);
1161 }
a9de9248 1162 }
1da177e4 1163
a9de9248
MH		 1164 hci_dev_unlock(hdev);
1165}
1da177e4 1166
f8558555
MH		 1167static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1168{
1169 struct hci_cp_auth_requested *cp;
1170 struct hci_conn *conn;
1171
1172 BT_DBG("%s status 0x%x", hdev->name, status);
1173
1174 if (!status)
1175 return;
1176
1177 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1178 if (!cp)
1179 return;
1180
1181 hci_dev_lock(hdev);
1182
1183 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1184 if (conn) {
1185 if (conn->state == BT_CONFIG) {
1186 hci_proto_connect_cfm(conn, status);
1187 hci_conn_put(conn);
1188 }
1189 }
1190
1191 hci_dev_unlock(hdev);
1192}
1193
1194static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1195{
1196 struct hci_cp_set_conn_encrypt *cp;
1197 struct hci_conn *conn;
1198
1199 BT_DBG("%s status 0x%x", hdev->name, status);
1200
1201 if (!status)
1202 return;
1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1205 if (!cp)
1206 return;
1207
1208 hci_dev_lock(hdev);
1209
1210 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1211 if (conn) {
1212 if (conn->state == BT_CONFIG) {
1213 hci_proto_connect_cfm(conn, status);
1214 hci_conn_put(conn);
1215 }
1216 }
1217
1218 hci_dev_unlock(hdev);
1219}
1220
127178d2 1221static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1222 struct hci_conn *conn)
392599b9 1223{
392599b9
JH		 1224 if (conn->state != BT_CONFIG || !conn->out)
1225 return 0;
1226
765c2a96 1227 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1228 return 0;
1229
1230 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1231 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1232 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1233 conn->pending_sec_level != BT_SECURITY_HIGH &&
1234 !(conn->auth_type & 0x01))
392599b9
JH		 1235 return 0;
1236
392599b9
JH		 1237 return 1;
1238}
1239
a9de9248
MH		 1240static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1241{
127178d2
JH		 1242 struct hci_cp_remote_name_req *cp;
1243 struct hci_conn *conn;
1244
a9de9248 1245 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1246
1247 /* If successful wait for the name req complete event before
1248 * checking for the need to do authentication */
1249 if (!status)
1250 return;
1251
1252 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1253 if (!cp)
1254 return;
1255
1256 hci_dev_lock(hdev);
1257
1258 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1259 if (!conn)
1260 goto unlock;
1261
1262 if (!hci_outgoing_auth_needed(hdev, conn))
1263 goto unlock;
1264
1265 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1266 struct hci_cp_auth_requested cp;
1267 cp.handle = __cpu_to_le16(conn->handle);
1268 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1269 }
1270
79c6c70c 1271unlock:
127178d2 1272 hci_dev_unlock(hdev);
a9de9248 1273}
1da177e4 1274
769be974
MH		 1275static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1276{
1277 struct hci_cp_read_remote_features *cp;
1278 struct hci_conn *conn;
1279
1280 BT_DBG("%s status 0x%x", hdev->name, status);
1281
1282 if (!status)
1283 return;
1284
1285 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1286 if (!cp)
1287 return;
1288
1289 hci_dev_lock(hdev);
1290
1291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1292 if (conn) {
1293 if (conn->state == BT_CONFIG) {
769be974
MH		 1294 hci_proto_connect_cfm(conn, status);
1295 hci_conn_put(conn);
1296 }
1297 }
1298
1299 hci_dev_unlock(hdev);
1300}
1301
1302static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1303{
1304 struct hci_cp_read_remote_ext_features *cp;
1305 struct hci_conn *conn;
1306
1307 BT_DBG("%s status 0x%x", hdev->name, status);
1308
1309 if (!status)
1310 return;
1311
1312 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1313 if (!cp)
1314 return;
1315
1316 hci_dev_lock(hdev);
1317
1318 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1319 if (conn) {
1320 if (conn->state == BT_CONFIG) {
769be974
MH		 1321 hci_proto_connect_cfm(conn, status);
1322 hci_conn_put(conn);
1323 }
1324 }
1325
1326 hci_dev_unlock(hdev);
1327}
1328
a9de9248
MH		 1329static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1330{
b6a0dc82
MH		 1331 struct hci_cp_setup_sync_conn *cp;
1332 struct hci_conn *acl, *sco;
1333 __u16 handle;
1334
a9de9248 1335 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1336
1337 if (!status)
1338 return;
1339
1340 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1341 if (!cp)
1342 return;
1343
1344 handle = __le16_to_cpu(cp->handle);
1345
1346 BT_DBG("%s handle %d", hdev->name, handle);
1347
1348 hci_dev_lock(hdev);
1349
1350 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1351 if (acl) {
1352 sco = acl->link;
1353 if (sco) {
1354 sco->state = BT_CLOSED;
b6a0dc82 1355
5a08ecce
AE		 1356 hci_proto_connect_cfm(sco, status);
1357 hci_conn_del(sco);
1358 }
b6a0dc82
MH		 1359 }
1360
1361 hci_dev_unlock(hdev);
1da177e4
LT		 1362}
1363
a9de9248 1364static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1365{
a9de9248
MH		 1366 struct hci_cp_sniff_mode *cp;
1367 struct hci_conn *conn;
1da177e4 1368
a9de9248 1369 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1370
a9de9248
MH		 1371 if (!status)
1372 return;
04837f64 1373
a9de9248
MH		 1374 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1375 if (!cp)
1376 return;
04837f64 1377
a9de9248 1378 hci_dev_lock(hdev);
04837f64 1379
a9de9248 1380 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1381 if (conn) {
a9de9248 1382 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1383
e73439d8
MH		 1384 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1385 hci_sco_setup(conn, status);
1386 }
1387
a9de9248
MH		 1388 hci_dev_unlock(hdev);
1389}
04837f64 1390
a9de9248
MH		 1391static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1392{
1393 struct hci_cp_exit_sniff_mode *cp;
1394 struct hci_conn *conn;
04837f64 1395
a9de9248 1396 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1397
a9de9248
MH		 1398 if (!status)
1399 return;
04837f64 1400
a9de9248
MH		 1401 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1402 if (!cp)
1403 return;
04837f64 1404
a9de9248 1405 hci_dev_lock(hdev);
1da177e4 1406
a9de9248 1407 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1408 if (conn) {
a9de9248 1409 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1410
e73439d8
MH		 1411 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1412 hci_sco_setup(conn, status);
1413 }
1414
a9de9248 1415 hci_dev_unlock(hdev);
1da177e4
LT		 1416}
1417
fcd89c09
VT		 1418static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1419{
1420 struct hci_cp_le_create_conn *cp;
1421 struct hci_conn *conn;
1422
1423 BT_DBG("%s status 0x%x", hdev->name, status);
1424
1425 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1426 if (!cp)
1427 return;
1428
1429 hci_dev_lock(hdev);
1430
1431 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1432
1433 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1434 conn);
1435
1436 if (status) {
1437 if (conn && conn->state == BT_CONNECT) {
1438 conn->state = BT_CLOSED;
1439 hci_proto_connect_cfm(conn, status);
1440 hci_conn_del(conn);
1441 }
1442 } else {
1443 if (!conn) {
1444 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1445 if (conn) {
1446 conn->dst_type = cp->peer_addr_type;
fcd89c09 1447 conn->out = 1;
29b7988a 1448 } else {
fcd89c09 1449 BT_ERR("No memory for new connection");
29b7988a 1450 }
fcd89c09
VT		 1451 }
1452 }
1453
1454 hci_dev_unlock(hdev);
1455}
1456
a7a595f6
VCG		 1457static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1458{
1459 BT_DBG("%s status 0x%x", hdev->name, status);
1460}
1461
1da177e4
LT		 1462static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1463{
1464 __u8 status = *((__u8 *) skb->data);
1465
1466 BT_DBG("%s status %d", hdev->name, status);
1467
23bb5763 1468 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1469
a9de9248 1470 hci_conn_check_pending(hdev);
89352e7d
AG		 1471
1472 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1473 return;
1474
56e5cb86 1475 hci_dev_lock(hdev);
744cf19e 1476 mgmt_discovering(hdev, 0);
56e5cb86 1477 hci_dev_unlock(hdev);
1da177e4
LT		 1478}
1479
1da177e4
LT		 1480static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1481{
45bb4bf0 1482 struct inquiry_data data;
a9de9248 1483 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1484 int num_rsp = *((__u8 *) skb->data);
1485
1486 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1487
45bb4bf0
MH		 1488 if (!num_rsp)
1489 return;
1490
1da177e4 1491 hci_dev_lock(hdev);
45bb4bf0 1492
e17acd40 1493 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1494 bacpy(&data.bdaddr, &info->bdaddr);
1495 data.pscan_rep_mode = info->pscan_rep_mode;
1496 data.pscan_period_mode = info->pscan_period_mode;
1497 data.pscan_mode = info->pscan_mode;
1498 memcpy(data.dev_class, info->dev_class, 3);
1499 data.clock_offset = info->clock_offset;
1500 data.rssi = 0x00;
41a96212 1501 data.ssp_mode = 0x00;
1da177e4 1502 hci_inquiry_cache_update(hdev, &data);
48264f06 1503 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1504 info->dev_class, 0, NULL);
1da177e4 1505 }
45bb4bf0 1506
1da177e4
LT		 1507 hci_dev_unlock(hdev);
1508}
1509
1da177e4
LT		 1510static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1511{
a9de9248
MH		 1512 struct hci_ev_conn_complete *ev = (void *) skb->data;
1513 struct hci_conn *conn;
1da177e4
LT		 1514
1515 BT_DBG("%s", hdev->name);
1516
1517 hci_dev_lock(hdev);
1518
1519 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1520 if (!conn) {
1521 if (ev->link_type != SCO_LINK)
1522 goto unlock;
1523
1524 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1525 if (!conn)
1526 goto unlock;
1527
1528 conn->type = SCO_LINK;
1529 }
1da177e4
LT		 1530
1531 if (!ev->status) {
1532 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1533
1534 if (conn->type == ACL_LINK) {
1535 conn->state = BT_CONFIG;
1536 hci_conn_hold(conn);
052b30b0 1537 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1538 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1539 conn->dst_type);
769be974
MH		 1540 } else
1541 conn->state = BT_CONNECTED;
1da177e4 1542
9eba32b8 1543 hci_conn_hold_device(conn);
7d0db0a3
MH		 1544 hci_conn_add_sysfs(conn);
1545
1da177e4
LT		 1546 if (test_bit(HCI_AUTH, &hdev->flags))
1547 conn->link_mode |= HCI_LM_AUTH;
1548
1549 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1550 conn->link_mode |= HCI_LM_ENCRYPT;
1551
04837f64
MH		 1552 /* Get remote features */
1553 if (conn->type == ACL_LINK) {
1554 struct hci_cp_read_remote_features cp;
1555 cp.handle = ev->handle;
769be974
MH		 1556 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1557 sizeof(cp), &cp);
04837f64
MH		 1558 }
1559
1da177e4 1560 /* Set packet type for incoming connection */
a8746417 1561 if (!conn->out && hdev->hci_ver < 3) {
1da177e4
LT		 1562 struct hci_cp_change_conn_ptype cp;
1563 cp.handle = ev->handle;
a8746417
MH		 1564 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1565 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1566 sizeof(cp), &cp);
1da177e4 1567 }
17d5c04c 1568 } else {
1da177e4 1569 conn->state = BT_CLOSED;
17d5c04c 1570 if (conn->type == ACL_LINK)
744cf19e 1571 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1572 conn->dst_type, ev->status);
17d5c04c 1573 }
1da177e4 1574
e73439d8
MH		 1575 if (conn->type == ACL_LINK)
1576 hci_sco_setup(conn, ev->status);
1da177e4 1577
769be974
MH		 1578 if (ev->status) {
1579 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1580 hci_conn_del(conn);
c89b6e6b
MH		 1581 } else if (ev->link_type != ACL_LINK)
1582 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1583
a9de9248 1584unlock:
1da177e4 1585 hci_dev_unlock(hdev);
1da177e4 1586
a9de9248 1587 hci_conn_check_pending(hdev);
1da177e4
LT		 1588}
1589
a9de9248 1590static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1591{
a9de9248
MH		 1592 struct hci_ev_conn_request *ev = (void *) skb->data;
1593 int mask = hdev->link_mode;
1da177e4 1594
a9de9248
MH		 1595 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1596 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1597
a9de9248 1598 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1599
138d22ef
SJ		 1600 if ((mask & HCI_LM_ACCEPT) &&
1601 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1602 /* Connection accepted */
c7bdd502 1603 struct inquiry_entry *ie;
1da177e4 1604 struct hci_conn *conn;
1da177e4 1605
a9de9248 1606 hci_dev_lock(hdev);
b6a0dc82 1607
cc11b9c1
AE		 1608 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1609 if (ie)
c7bdd502
MH		 1610 memcpy(ie->data.dev_class, ev->dev_class, 3);
1611
a9de9248
MH		 1612 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1613 if (!conn) {
cc11b9c1
AE		 1614 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1615 if (!conn) {
893ef971 1616 BT_ERR("No memory for new connection");
a9de9248
MH		 1617 hci_dev_unlock(hdev);
1618 return;
1da177e4
LT		 1619 }
1620 }
b6a0dc82 1621
a9de9248
MH		 1622 memcpy(conn->dev_class, ev->dev_class, 3);
1623 conn->state = BT_CONNECT;
b6a0dc82 1624
a9de9248 1625 hci_dev_unlock(hdev);
1da177e4 1626
b6a0dc82
MH		 1627 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1628 struct hci_cp_accept_conn_req cp;
1da177e4 1629
b6a0dc82
MH		 1630 bacpy(&cp.bdaddr, &ev->bdaddr);
1631
1632 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1633 cp.role = 0x00; /* Become master */
1634 else
1635 cp.role = 0x01; /* Remain slave */
1636
1637 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1638 sizeof(cp), &cp);
1639 } else {
1640 struct hci_cp_accept_sync_conn_req cp;
1641
1642 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1643 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1644
1645 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1646 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1647 cp.max_latency = cpu_to_le16(0xffff);
1648 cp.content_format = cpu_to_le16(hdev->voice_setting);
1649 cp.retrans_effort = 0xff;
1da177e4 1650
b6a0dc82
MH		 1651 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1652 sizeof(cp), &cp);
1653 }
a9de9248
MH		 1654 } else {
1655 /* Connection rejected */
1656 struct hci_cp_reject_conn_req cp;
1da177e4 1657
a9de9248 1658 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1659 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1660 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1661 }
1da177e4
LT		 1662}
1663
a9de9248 1664static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1665{
a9de9248 1666 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1667 struct hci_conn *conn;
1668
1669 BT_DBG("%s status %d", hdev->name, ev->status);
1670
1671 hci_dev_lock(hdev);
1672
1673 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1674 if (!conn)
1675 goto unlock;
7d0db0a3 1676
37d9ef76
JH		 1677 if (ev->status == 0)
1678 conn->state = BT_CLOSED;
04837f64 1679
37d9ef76
JH		 1680 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1681 if (ev->status != 0)
1682 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1683 else
1684 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1685 conn->dst_type);
37d9ef76 1686 }
f7520543 1687
37d9ef76
JH		 1688 if (ev->status == 0) {
1689 hci_proto_disconn_cfm(conn, ev->reason);
1690 hci_conn_del(conn);
1691 }
f7520543
JH		 1692
1693unlock:
04837f64
MH		 1694 hci_dev_unlock(hdev);
1695}
1696
1da177e4
LT		 1697static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1698{
a9de9248 1699 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1700 struct hci_conn *conn;
1da177e4
LT		 1701
1702 BT_DBG("%s status %d", hdev->name, ev->status);
1703
1704 hci_dev_lock(hdev);
1705
04837f64 1706 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1707 if (!conn)
1708 goto unlock;
1709
1710 if (!ev->status) {
1711 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1712 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1713 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1714 } else {
d7556e20
WR		 1715 conn->link_mode |= HCI_LM_AUTH;
1716 conn->sec_level = conn->pending_sec_level;
2a611692 1717 }
d7556e20 1718 } else {
744cf19e 1719 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1720 }
1da177e4 1721
d7556e20
WR		 1722 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1723 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1724
d7556e20
WR		 1725 if (conn->state == BT_CONFIG) {
1726 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1727 struct hci_cp_set_conn_encrypt cp;
1728 cp.handle = ev->handle;
1729 cp.encrypt = 0x01;
1730 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1731 &cp);
052b30b0 1732 } else {
d7556e20
WR		 1733 conn->state = BT_CONNECTED;
1734 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1735 hci_conn_put(conn);
1736 }
d7556e20
WR		 1737 } else {
1738 hci_auth_cfm(conn, ev->status);
052b30b0 1739
d7556e20
WR		 1740 hci_conn_hold(conn);
1741 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1742 hci_conn_put(conn);
1743 }
1744
1745 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1746 if (!ev->status) {
1747 struct hci_cp_set_conn_encrypt cp;
1748 cp.handle = ev->handle;
1749 cp.encrypt = 0x01;
1750 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1751 &cp);
1752 } else {
1753 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1754 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1755 }
1756 }
1757
d7556e20 1758unlock:
1da177e4
LT		 1759 hci_dev_unlock(hdev);
1760}
1761
a9de9248 1762static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1763{
127178d2
JH		 1764 struct hci_ev_remote_name *ev = (void *) skb->data;
1765 struct hci_conn *conn;
1766
a9de9248 1767 BT_DBG("%s", hdev->name);
1da177e4 1768
a9de9248 1769 hci_conn_check_pending(hdev);
127178d2
JH		 1770
1771 hci_dev_lock(hdev);
1772
a88a9652 1773 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1774 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1775
127178d2 1776 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1777 if (!conn)
1778 goto unlock;
1779
1780 if (!hci_outgoing_auth_needed(hdev, conn))
1781 goto unlock;
1782
1783 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1784 struct hci_cp_auth_requested cp;
1785 cp.handle = __cpu_to_le16(conn->handle);
1786 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1787 }
1788
79c6c70c 1789unlock:
127178d2 1790 hci_dev_unlock(hdev);
a9de9248
MH		 1791}
1792
1793static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1794{
1795 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1796 struct hci_conn *conn;
1797
1798 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1799
1800 hci_dev_lock(hdev);
1801
04837f64 1802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1803 if (conn) {
1804 if (!ev->status) {
ae293196
MH		 1805 if (ev->encrypt) {
1806 /* Encryption implies authentication */
1807 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1808 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1809 conn->sec_level = conn->pending_sec_level;
ae293196 1810 } else
1da177e4
LT		 1811 conn->link_mode &= ~HCI_LM_ENCRYPT;
1812 }
1813
1814 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1815
f8558555
MH		 1816 if (conn->state == BT_CONFIG) {
1817 if (!ev->status)
1818 conn->state = BT_CONNECTED;
1819
1820 hci_proto_connect_cfm(conn, ev->status);
1821 hci_conn_put(conn);
1822 } else
1823 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1824 }
1825
1826 hci_dev_unlock(hdev);
1827}
1828
a9de9248 1829static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1830{
a9de9248 1831 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1832 struct hci_conn *conn;
1da177e4
LT		 1833
1834 BT_DBG("%s status %d", hdev->name, ev->status);
1835
1836 hci_dev_lock(hdev);
1837
04837f64 1838 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1839 if (conn) {
1840 if (!ev->status)
1841 conn->link_mode |= HCI_LM_SECURE;
1842
1843 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1844
1845 hci_key_change_cfm(conn, ev->status);
1846 }
1847
1848 hci_dev_unlock(hdev);
1849}
1850
a9de9248 1851static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1852{
a9de9248
MH		 1853 struct hci_ev_remote_features *ev = (void *) skb->data;
1854 struct hci_conn *conn;
1855
1856 BT_DBG("%s status %d", hdev->name, ev->status);
1857
a9de9248
MH		 1858 hci_dev_lock(hdev);
1859
1860 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1861 if (!conn)
1862 goto unlock;
769be974 1863
ccd556fe
JH		 1864 if (!ev->status)
1865 memcpy(conn->features, ev->features, 8);
1866
1867 if (conn->state != BT_CONFIG)
1868 goto unlock;
1869
1870 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1871 struct hci_cp_read_remote_ext_features cp;
1872 cp.handle = ev->handle;
1873 cp.page = 0x01;
1874 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1875 sizeof(cp), &cp);
392599b9
JH		 1876 goto unlock;
1877 }
1878
127178d2
JH		 1879 if (!ev->status) {
1880 struct hci_cp_remote_name_req cp;
1881 memset(&cp, 0, sizeof(cp));
1882 bacpy(&cp.bdaddr, &conn->dst);
1883 cp.pscan_rep_mode = 0x02;
1884 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1885 }
392599b9 1886
127178d2 1887 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1888 conn->state = BT_CONNECTED;
1889 hci_proto_connect_cfm(conn, ev->status);
1890 hci_conn_put(conn);
769be974 1891 }
a9de9248 1892
ccd556fe 1893unlock:
a9de9248 1894 hci_dev_unlock(hdev);
1da177e4
LT		 1895}
1896
a9de9248 1897static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1898{
a9de9248 1899 BT_DBG("%s", hdev->name);
1da177e4
LT		 1900}
1901
a9de9248 1902static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1903{
a9de9248 1904 BT_DBG("%s", hdev->name);
1da177e4
LT		 1905}
1906
a9de9248
MH		 1907static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1908{
1909 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1910 __u16 opcode;
1911
1912 skb_pull(skb, sizeof(*ev));
1913
1914 opcode = __le16_to_cpu(ev->opcode);
1915
1916 switch (opcode) {
1917 case HCI_OP_INQUIRY_CANCEL:
1918 hci_cc_inquiry_cancel(hdev, skb);
1919 break;
1920
1921 case HCI_OP_EXIT_PERIODIC_INQ:
1922 hci_cc_exit_periodic_inq(hdev, skb);
1923 break;
1924
1925 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1926 hci_cc_remote_name_req_cancel(hdev, skb);
1927 break;
1928
1929 case HCI_OP_ROLE_DISCOVERY:
1930 hci_cc_role_discovery(hdev, skb);
1931 break;
1932
e4e8e37c
MH		 1933 case HCI_OP_READ_LINK_POLICY:
1934 hci_cc_read_link_policy(hdev, skb);
1935 break;
1936
a9de9248
MH		 1937 case HCI_OP_WRITE_LINK_POLICY:
1938 hci_cc_write_link_policy(hdev, skb);
1939 break;
1940
e4e8e37c
MH		 1941 case HCI_OP_READ_DEF_LINK_POLICY:
1942 hci_cc_read_def_link_policy(hdev, skb);
1943 break;
1944
1945 case HCI_OP_WRITE_DEF_LINK_POLICY:
1946 hci_cc_write_def_link_policy(hdev, skb);
1947 break;
1948
a9de9248
MH		 1949 case HCI_OP_RESET:
1950 hci_cc_reset(hdev, skb);
1951 break;
1952
1953 case HCI_OP_WRITE_LOCAL_NAME:
1954 hci_cc_write_local_name(hdev, skb);
1955 break;
1956
1957 case HCI_OP_READ_LOCAL_NAME:
1958 hci_cc_read_local_name(hdev, skb);
1959 break;
1960
1961 case HCI_OP_WRITE_AUTH_ENABLE:
1962 hci_cc_write_auth_enable(hdev, skb);
1963 break;
1964
1965 case HCI_OP_WRITE_ENCRYPT_MODE:
1966 hci_cc_write_encrypt_mode(hdev, skb);
1967 break;
1968
1969 case HCI_OP_WRITE_SCAN_ENABLE:
1970 hci_cc_write_scan_enable(hdev, skb);
1971 break;
1972
1973 case HCI_OP_READ_CLASS_OF_DEV:
1974 hci_cc_read_class_of_dev(hdev, skb);
1975 break;
1976
1977 case HCI_OP_WRITE_CLASS_OF_DEV:
1978 hci_cc_write_class_of_dev(hdev, skb);
1979 break;
1980
1981 case HCI_OP_READ_VOICE_SETTING:
1982 hci_cc_read_voice_setting(hdev, skb);
1983 break;
1984
1985 case HCI_OP_WRITE_VOICE_SETTING:
1986 hci_cc_write_voice_setting(hdev, skb);
1987 break;
1988
1989 case HCI_OP_HOST_BUFFER_SIZE:
1990 hci_cc_host_buffer_size(hdev, skb);
1991 break;
1992
333140b5
MH		 1993 case HCI_OP_READ_SSP_MODE:
1994 hci_cc_read_ssp_mode(hdev, skb);
1995 break;
1996
1997 case HCI_OP_WRITE_SSP_MODE:
1998 hci_cc_write_ssp_mode(hdev, skb);
1999 break;
2000
a9de9248
MH		 2001 case HCI_OP_READ_LOCAL_VERSION:
2002 hci_cc_read_local_version(hdev, skb);
2003 break;
2004
2005 case HCI_OP_READ_LOCAL_COMMANDS:
2006 hci_cc_read_local_commands(hdev, skb);
2007 break;
2008
2009 case HCI_OP_READ_LOCAL_FEATURES:
2010 hci_cc_read_local_features(hdev, skb);
2011 break;
2012
971e3a4b
AG		 2013 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2014 hci_cc_read_local_ext_features(hdev, skb);
2015 break;
2016
a9de9248
MH		 2017 case HCI_OP_READ_BUFFER_SIZE:
2018 hci_cc_read_buffer_size(hdev, skb);
2019 break;
2020
2021 case HCI_OP_READ_BD_ADDR:
2022 hci_cc_read_bd_addr(hdev, skb);
2023 break;
2024
23bb5763
JH		 2025 case HCI_OP_WRITE_CA_TIMEOUT:
2026 hci_cc_write_ca_timeout(hdev, skb);
2027 break;
2028
1e89cffb
AE		 2029 case HCI_OP_READ_FLOW_CONTROL_MODE:
2030 hci_cc_read_flow_control_mode(hdev, skb);
2031 break;
2032
928abaa7
AE		 2033 case HCI_OP_READ_LOCAL_AMP_INFO:
2034 hci_cc_read_local_amp_info(hdev, skb);
2035 break;
2036
b0916ea0
JH		 2037 case HCI_OP_DELETE_STORED_LINK_KEY:
2038 hci_cc_delete_stored_link_key(hdev, skb);
2039 break;
2040
d5859e22
JH		 2041 case HCI_OP_SET_EVENT_MASK:
2042 hci_cc_set_event_mask(hdev, skb);
2043 break;
2044
2045 case HCI_OP_WRITE_INQUIRY_MODE:
2046 hci_cc_write_inquiry_mode(hdev, skb);
2047 break;
2048
2049 case HCI_OP_READ_INQ_RSP_TX_POWER:
2050 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2051 break;
2052
2053 case HCI_OP_SET_EVENT_FLT:
2054 hci_cc_set_event_flt(hdev, skb);
2055 break;
2056
980e1a53
JH		 2057 case HCI_OP_PIN_CODE_REPLY:
2058 hci_cc_pin_code_reply(hdev, skb);
2059 break;
2060
2061 case HCI_OP_PIN_CODE_NEG_REPLY:
2062 hci_cc_pin_code_neg_reply(hdev, skb);
2063 break;
2064
c35938b2
SJ		 2065 case HCI_OP_READ_LOCAL_OOB_DATA:
2066 hci_cc_read_local_oob_data_reply(hdev, skb);
2067 break;
2068
6ed58ec5
VT		 2069 case HCI_OP_LE_READ_BUFFER_SIZE:
2070 hci_cc_le_read_buffer_size(hdev, skb);
2071 break;
2072
a5c29683
JH		 2073 case HCI_OP_USER_CONFIRM_REPLY:
2074 hci_cc_user_confirm_reply(hdev, skb);
2075 break;
2076
2077 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2078 hci_cc_user_confirm_neg_reply(hdev, skb);
2079 break;
2080
1143d458
BG		 2081 case HCI_OP_USER_PASSKEY_REPLY:
2082 hci_cc_user_passkey_reply(hdev, skb);
2083 break;
2084
2085 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2086 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2087
2088 case HCI_OP_LE_SET_SCAN_PARAM:
2089 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2090 break;
2091
eb9d91f5
AG		 2092 case HCI_OP_LE_SET_SCAN_ENABLE:
2093 hci_cc_le_set_scan_enable(hdev, skb);
2094 break;
2095
a7a595f6
VCG		 2096 case HCI_OP_LE_LTK_REPLY:
2097 hci_cc_le_ltk_reply(hdev, skb);
2098 break;
2099
2100 case HCI_OP_LE_LTK_NEG_REPLY:
2101 hci_cc_le_ltk_neg_reply(hdev, skb);
2102 break;
2103
f9b49306
AG		 2104 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2105 hci_cc_write_le_host_supported(hdev, skb);
2106 break;
2107
a9de9248
MH		 2108 default:
2109 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2110 break;
2111 }
2112
6bd32326
VT		 2113 if (ev->opcode != HCI_OP_NOP)
2114 del_timer(&hdev->cmd_timer);
2115
a9de9248
MH		 2116 if (ev->ncmd) {
2117 atomic_set(&hdev->cmd_cnt, 1);
2118 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2119 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2120 }
2121}
2122
2123static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2124{
2125 struct hci_ev_cmd_status *ev = (void *) skb->data;
2126 __u16 opcode;
2127
2128 skb_pull(skb, sizeof(*ev));
2129
2130 opcode = __le16_to_cpu(ev->opcode);
2131
2132 switch (opcode) {
2133 case HCI_OP_INQUIRY:
2134 hci_cs_inquiry(hdev, ev->status);
2135 break;
2136
2137 case HCI_OP_CREATE_CONN:
2138 hci_cs_create_conn(hdev, ev->status);
2139 break;
2140
2141 case HCI_OP_ADD_SCO:
2142 hci_cs_add_sco(hdev, ev->status);
2143 break;
2144
f8558555
MH		 2145 case HCI_OP_AUTH_REQUESTED:
2146 hci_cs_auth_requested(hdev, ev->status);
2147 break;
2148
2149 case HCI_OP_SET_CONN_ENCRYPT:
2150 hci_cs_set_conn_encrypt(hdev, ev->status);
2151 break;
2152
a9de9248
MH		 2153 case HCI_OP_REMOTE_NAME_REQ:
2154 hci_cs_remote_name_req(hdev, ev->status);
2155 break;
2156
769be974
MH		 2157 case HCI_OP_READ_REMOTE_FEATURES:
2158 hci_cs_read_remote_features(hdev, ev->status);
2159 break;
2160
2161 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2162 hci_cs_read_remote_ext_features(hdev, ev->status);
2163 break;
2164
a9de9248
MH		 2165 case HCI_OP_SETUP_SYNC_CONN:
2166 hci_cs_setup_sync_conn(hdev, ev->status);
2167 break;
2168
2169 case HCI_OP_SNIFF_MODE:
2170 hci_cs_sniff_mode(hdev, ev->status);
2171 break;
2172
2173 case HCI_OP_EXIT_SNIFF_MODE:
2174 hci_cs_exit_sniff_mode(hdev, ev->status);
2175 break;
2176
8962ee74
JH		 2177 case HCI_OP_DISCONNECT:
2178 if (ev->status != 0)
37d9ef76 2179 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2180 break;
2181
fcd89c09
VT		 2182 case HCI_OP_LE_CREATE_CONN:
2183 hci_cs_le_create_conn(hdev, ev->status);
2184 break;
2185
a7a595f6
VCG		 2186 case HCI_OP_LE_START_ENC:
2187 hci_cs_le_start_enc(hdev, ev->status);
2188 break;
2189
a9de9248
MH		 2190 default:
2191 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2192 break;
2193 }
2194
6bd32326
VT		 2195 if (ev->opcode != HCI_OP_NOP)
2196 del_timer(&hdev->cmd_timer);
2197
10572132 2198 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2199 atomic_set(&hdev->cmd_cnt, 1);
2200 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2201 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2202 }
2203}
2204
2205static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2206{
2207 struct hci_ev_role_change *ev = (void *) skb->data;
2208 struct hci_conn *conn;
2209
2210 BT_DBG("%s status %d", hdev->name, ev->status);
2211
2212 hci_dev_lock(hdev);
2213
2214 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2215 if (conn) {
2216 if (!ev->status) {
2217 if (ev->role)
2218 conn->link_mode &= ~HCI_LM_MASTER;
2219 else
2220 conn->link_mode |= HCI_LM_MASTER;
2221 }
2222
2223 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2224
2225 hci_role_switch_cfm(conn, ev->status, ev->role);
2226 }
2227
2228 hci_dev_unlock(hdev);
2229}
2230
2231static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2232{
2233 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2234 __le16 *ptr;
2235 int i;
2236
2237 skb_pull(skb, sizeof(*ev));
2238
2239 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2240
2241 if (skb->len < ev->num_hndl * 4) {
2242 BT_DBG("%s bad parameters", hdev->name);
2243 return;
2244 }
2245
2246 tasklet_disable(&hdev->tx_task);
2247
2248 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2249 struct hci_conn *conn;
2250 __u16 handle, count;
2251
83985319
HH		 2252 handle = get_unaligned_le16(ptr++);
2253 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2254
2255 conn = hci_conn_hash_lookup_handle(hdev, handle);
2256 if (conn) {
2257 conn->sent -= count;
2258
2259 if (conn->type == ACL_LINK) {
70f23020
AE		 2260 hdev->acl_cnt += count;
2261 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2262 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2263 } else if (conn->type == LE_LINK) {
2264 if (hdev->le_pkts) {
2265 hdev->le_cnt += count;
2266 if (hdev->le_cnt > hdev->le_pkts)
2267 hdev->le_cnt = hdev->le_pkts;
2268 } else {
2269 hdev->acl_cnt += count;
2270 if (hdev->acl_cnt > hdev->acl_pkts)
2271 hdev->acl_cnt = hdev->acl_pkts;
2272 }
a9de9248 2273 } else {
70f23020
AE		 2274 hdev->sco_cnt += count;
2275 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2276 hdev->sco_cnt = hdev->sco_pkts;
2277 }
2278 }
2279 }
2280
c78ae283 2281 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2282
2283 tasklet_enable(&hdev->tx_task);
2284}
2285
2286static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2287{
a9de9248 2288 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2289 struct hci_conn *conn;
2290
2291 BT_DBG("%s status %d", hdev->name, ev->status);
2292
2293 hci_dev_lock(hdev);
2294
2295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2296 if (conn) {
2297 conn->mode = ev->mode;
2298 conn->interval = __le16_to_cpu(ev->interval);
2299
2300 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2301 if (conn->mode == HCI_CM_ACTIVE)
2302 conn->power_save = 1;
2303 else
2304 conn->power_save = 0;
2305 }
e73439d8
MH		 2306
2307 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2308 hci_sco_setup(conn, ev->status);
04837f64
MH		 2309 }
2310
2311 hci_dev_unlock(hdev);
2312}
2313
a9de9248
MH		 2314static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2315{
052b30b0
MH		 2316 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2317 struct hci_conn *conn;
2318
a9de9248 2319 BT_DBG("%s", hdev->name);
052b30b0
MH		 2320
2321 hci_dev_lock(hdev);
2322
2323 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2324 if (!conn)
2325 goto unlock;
2326
2327 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2328 hci_conn_hold(conn);
2329 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2330 hci_conn_put(conn);
2331 }
2332
03b555e1
JH		 2333 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2334 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2335 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2336 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2337 u8 secure;
2338
2339 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2340 secure = 1;
2341 else
2342 secure = 0;
2343
744cf19e 2344 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2345 }
980e1a53 2346
b6f98044 2347unlock:
052b30b0 2348 hci_dev_unlock(hdev);
a9de9248
MH		 2349}
2350
2351static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2352{
55ed8ca1
JH		 2353 struct hci_ev_link_key_req *ev = (void *) skb->data;
2354 struct hci_cp_link_key_reply cp;
2355 struct hci_conn *conn;
2356 struct link_key *key;
2357
a9de9248 2358 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2359
2360 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2361 return;
2362
2363 hci_dev_lock(hdev);
2364
2365 key = hci_find_link_key(hdev, &ev->bdaddr);
2366 if (!key) {
2367 BT_DBG("%s link key not found for %s", hdev->name,
2368 batostr(&ev->bdaddr));
2369 goto not_found;
2370 }
2371
2372 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2373 batostr(&ev->bdaddr));
2374
b6020ba0
WR		 2375 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2376 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2377 BT_DBG("%s ignoring debug key", hdev->name);
2378 goto not_found;
2379 }
2380
2381 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2382 if (conn) {
2383 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2384 conn->auth_type != 0xff &&
2385 (conn->auth_type & 0x01)) {
2386 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2387 goto not_found;
2388 }
55ed8ca1 2389
60b83f57
WR		 2390 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2391 conn->pending_sec_level == BT_SECURITY_HIGH) {
2392 BT_DBG("%s ignoring key unauthenticated for high \
2393 security", hdev->name);
2394 goto not_found;
2395 }
2396
2397 conn->key_type = key->type;
2398 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2399 }
2400
2401 bacpy(&cp.bdaddr, &ev->bdaddr);
2402 memcpy(cp.link_key, key->val, 16);
2403
2404 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2405
2406 hci_dev_unlock(hdev);
2407
2408 return;
2409
2410not_found:
2411 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2412 hci_dev_unlock(hdev);
a9de9248
MH		 2413}
2414
2415static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2416{
052b30b0
MH		 2417 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2418 struct hci_conn *conn;
55ed8ca1 2419 u8 pin_len = 0;
052b30b0 2420
a9de9248 2421 BT_DBG("%s", hdev->name);
052b30b0
MH		 2422
2423 hci_dev_lock(hdev);
2424
2425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2426 if (conn) {
2427 hci_conn_hold(conn);
2428 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2429 pin_len = conn->pin_length;
13d39315
WR		 2430
2431 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2432 conn->key_type = ev->key_type;
2433
052b30b0
MH		 2434 hci_conn_put(conn);
2435 }
2436
55ed8ca1 2437 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2438 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2439 ev->key_type, pin_len);
2440
052b30b0 2441 hci_dev_unlock(hdev);
a9de9248
MH		 2442}
2443
1da177e4
LT		 2444static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445{
a9de9248 2446 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2447 struct hci_conn *conn;
1da177e4
LT		 2448
2449 BT_DBG("%s status %d", hdev->name, ev->status);
2450
2451 hci_dev_lock(hdev);
2452
04837f64 2453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2454 if (conn && !ev->status) {
2455 struct inquiry_entry *ie;
2456
cc11b9c1
AE		 2457 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2458 if (ie) {
1da177e4
LT		 2459 ie->data.clock_offset = ev->clock_offset;
2460 ie->timestamp = jiffies;
2461 }
2462 }
2463
2464 hci_dev_unlock(hdev);
2465}
2466
a8746417
MH		 2467static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2468{
2469 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2470 struct hci_conn *conn;
2471
2472 BT_DBG("%s status %d", hdev->name, ev->status);
2473
2474 hci_dev_lock(hdev);
2475
2476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2477 if (conn && !ev->status)
2478 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2479
2480 hci_dev_unlock(hdev);
2481}
2482
85a1e930
MH		 2483static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2484{
a9de9248 2485 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2486 struct inquiry_entry *ie;
2487
2488 BT_DBG("%s", hdev->name);
2489
2490 hci_dev_lock(hdev);
2491
cc11b9c1
AE		 2492 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2493 if (ie) {
85a1e930
MH		 2494 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2495 ie->timestamp = jiffies;
2496 }
2497
2498 hci_dev_unlock(hdev);
2499}
2500
a9de9248
MH		 2501static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2502{
2503 struct inquiry_data data;
2504 int num_rsp = *((__u8 *) skb->data);
2505
2506 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2507
2508 if (!num_rsp)
2509 return;
2510
2511 hci_dev_lock(hdev);
2512
2513 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2514 struct inquiry_info_with_rssi_and_pscan_mode *info;
2515 info = (void *) (skb->data + 1);
a9de9248 2516
e17acd40 2517 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2518 bacpy(&data.bdaddr, &info->bdaddr);
2519 data.pscan_rep_mode = info->pscan_rep_mode;
2520 data.pscan_period_mode = info->pscan_period_mode;
2521 data.pscan_mode = info->pscan_mode;
2522 memcpy(data.dev_class, info->dev_class, 3);
2523 data.clock_offset = info->clock_offset;
2524 data.rssi = info->rssi;
41a96212 2525 data.ssp_mode = 0x00;
a9de9248 2526 hci_inquiry_cache_update(hdev, &data);
48264f06 2527 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2528 info->dev_class, info->rssi,
2529 NULL);
a9de9248
MH		 2530 }
2531 } else {
2532 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2533
e17acd40 2534 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2535 bacpy(&data.bdaddr, &info->bdaddr);
2536 data.pscan_rep_mode = info->pscan_rep_mode;
2537 data.pscan_period_mode = info->pscan_period_mode;
2538 data.pscan_mode = 0x00;
2539 memcpy(data.dev_class, info->dev_class, 3);
2540 data.clock_offset = info->clock_offset;
2541 data.rssi = info->rssi;
41a96212 2542 data.ssp_mode = 0x00;
a9de9248 2543 hci_inquiry_cache_update(hdev, &data);
48264f06 2544 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2545 info->dev_class, info->rssi,
2546 NULL);
a9de9248
MH		 2547 }
2548 }
2549
2550 hci_dev_unlock(hdev);
2551}
2552
2553static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2554{
41a96212
MH		 2555 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2556 struct hci_conn *conn;
2557
a9de9248 2558 BT_DBG("%s", hdev->name);
41a96212 2559
41a96212
MH		 2560 hci_dev_lock(hdev);
2561
2562 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2563 if (!conn)
2564 goto unlock;
41a96212 2565
ccd556fe
JH		 2566 if (!ev->status && ev->page == 0x01) {
2567 struct inquiry_entry *ie;
41a96212 2568
cc11b9c1
AE		 2569 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2570 if (ie)
ccd556fe 2571 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2572
ccd556fe
JH		 2573 conn->ssp_mode = (ev->features[0] & 0x01);
2574 }
2575
2576 if (conn->state != BT_CONFIG)
2577 goto unlock;
2578
127178d2
JH		 2579 if (!ev->status) {
2580 struct hci_cp_remote_name_req cp;
2581 memset(&cp, 0, sizeof(cp));
2582 bacpy(&cp.bdaddr, &conn->dst);
2583 cp.pscan_rep_mode = 0x02;
2584 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2585 }
392599b9 2586
127178d2 2587 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2588 conn->state = BT_CONNECTED;
2589 hci_proto_connect_cfm(conn, ev->status);
2590 hci_conn_put(conn);
41a96212
MH		 2591 }
2592
ccd556fe 2593unlock:
41a96212 2594 hci_dev_unlock(hdev);
a9de9248
MH		 2595}
2596
2597static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2598{
b6a0dc82
MH		 2599 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2600 struct hci_conn *conn;
2601
2602 BT_DBG("%s status %d", hdev->name, ev->status);
2603
2604 hci_dev_lock(hdev);
2605
2606 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2607 if (!conn) {
2608 if (ev->link_type == ESCO_LINK)
2609 goto unlock;
2610
2611 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2612 if (!conn)
2613 goto unlock;
2614
2615 conn->type = SCO_LINK;
2616 }
b6a0dc82 2617
732547f9
MH		 2618 switch (ev->status) {
2619 case 0x00:
b6a0dc82
MH		 2620 conn->handle = __le16_to_cpu(ev->handle);
2621 conn->state = BT_CONNECTED;
7d0db0a3 2622
9eba32b8 2623 hci_conn_hold_device(conn);
7d0db0a3 2624 hci_conn_add_sysfs(conn);
732547f9
MH		 2625 break;
2626
705e5711 2627 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2628 case 0x1c: /* SCO interval rejected */
1038a00b 2629 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2630 case 0x1f: /* Unspecified error */
2631 if (conn->out && conn->attempt < 2) {
2632 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2633 (hdev->esco_type & EDR_ESCO_MASK);
2634 hci_setup_sync(conn, conn->link->handle);
2635 goto unlock;
2636 }
2637 /* fall through */
2638
2639 default:
b6a0dc82 2640 conn->state = BT_CLOSED;
732547f9
MH		 2641 break;
2642 }
b6a0dc82
MH		 2643
2644 hci_proto_connect_cfm(conn, ev->status);
2645 if (ev->status)
2646 hci_conn_del(conn);
2647
2648unlock:
2649 hci_dev_unlock(hdev);
a9de9248
MH		 2650}
2651
2652static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2653{
2654 BT_DBG("%s", hdev->name);
2655}
2656
04837f64
MH		 2657static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2658{
a9de9248 2659 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2660
2661 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2662}
2663
a9de9248 2664static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2665{
a9de9248
MH		 2666 struct inquiry_data data;
2667 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2668 int num_rsp = *((__u8 *) skb->data);
1da177e4 2669
a9de9248 2670 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2671
a9de9248
MH		 2672 if (!num_rsp)
2673 return;
1da177e4 2674
a9de9248
MH		 2675 hci_dev_lock(hdev);
2676
e17acd40 2677 for (; num_rsp; num_rsp--, info++) {
a9de9248 2678 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2679 data.pscan_rep_mode = info->pscan_rep_mode;
2680 data.pscan_period_mode = info->pscan_period_mode;
2681 data.pscan_mode = 0x00;
a9de9248 2682 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2683 data.clock_offset = info->clock_offset;
2684 data.rssi = info->rssi;
41a96212 2685 data.ssp_mode = 0x01;
a9de9248 2686 hci_inquiry_cache_update(hdev, &data);
48264f06 2687 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2688 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2689 }
2690
2691 hci_dev_unlock(hdev);
2692}
1da177e4 2693
17fa4b9d
JH		 2694static inline u8 hci_get_auth_req(struct hci_conn *conn)
2695{
2696 /* If remote requests dedicated bonding follow that lead */
2697 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2698 /* If both remote and local IO capabilities allow MITM
2699 * protection then require it, otherwise don't */
2700 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2701 return 0x02;
2702 else
2703 return 0x03;
2704 }
2705
2706 /* If remote requests no-bonding follow that lead */
2707 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2708 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2709
2710 return conn->auth_type;
2711}
2712
0493684e
MH		 2713static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2714{
2715 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2716 struct hci_conn *conn;
2717
2718 BT_DBG("%s", hdev->name);
2719
2720 hci_dev_lock(hdev);
2721
2722 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2723 if (!conn)
2724 goto unlock;
2725
2726 hci_conn_hold(conn);
2727
2728 if (!test_bit(HCI_MGMT, &hdev->flags))
2729 goto unlock;
2730
2731 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2732 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2733 struct hci_cp_io_capability_reply cp;
2734
2735 bacpy(&cp.bdaddr, &ev->bdaddr);
2736 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2737 conn->auth_type = hci_get_auth_req(conn);
2738 cp.authentication = conn->auth_type;
17fa4b9d 2739
ce85ee13
SJ		 2740 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2741 hci_find_remote_oob_data(hdev, &conn->dst))
2742 cp.oob_data = 0x01;
2743 else
2744 cp.oob_data = 0x00;
2745
17fa4b9d
JH		 2746 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2747 sizeof(cp), &cp);
03b555e1
JH		 2748 } else {
2749 struct hci_cp_io_capability_neg_reply cp;
2750
2751 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2752 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2753
03b555e1
JH		 2754 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2755 sizeof(cp), &cp);
2756 }
2757
2758unlock:
2759 hci_dev_unlock(hdev);
2760}
2761
2762static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2763{
2764 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2765 struct hci_conn *conn;
2766
2767 BT_DBG("%s", hdev->name);
2768
2769 hci_dev_lock(hdev);
2770
2771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2772 if (!conn)
2773 goto unlock;
2774
03b555e1
JH		 2775 conn->remote_cap = ev->capability;
2776 conn->remote_oob = ev->oob_data;
2777 conn->remote_auth = ev->authentication;
2778
2779unlock:
0493684e
MH		 2780 hci_dev_unlock(hdev);
2781}
2782
a5c29683
JH		 2783static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2784 struct sk_buff *skb)
2785{
2786 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2787 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2788 struct hci_conn *conn;
a5c29683
JH		 2789
2790 BT_DBG("%s", hdev->name);
2791
2792 hci_dev_lock(hdev);
2793
7a828908
JH		 2794 if (!test_bit(HCI_MGMT, &hdev->flags))
2795 goto unlock;
a5c29683 2796
7a828908
JH		 2797 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2798 if (!conn)
2799 goto unlock;
2800
2801 loc_mitm = (conn->auth_type & 0x01);
2802 rem_mitm = (conn->remote_auth & 0x01);
2803
2804 /* If we require MITM but the remote device can't provide that
2805 * (it has NoInputNoOutput) then reject the confirmation
2806 * request. The only exception is when we're dedicated bonding
2807 * initiators (connect_cfm_cb set) since then we always have the MITM
2808 * bit set. */
2809 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2810 BT_DBG("Rejecting request: remote device can't provide MITM");
2811 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2812 sizeof(ev->bdaddr), &ev->bdaddr);
2813 goto unlock;
2814 }
2815
2816 /* If no side requires MITM protection; auto-accept */
2817 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2818 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2819
2820 /* If we're not the initiators request authorization to
2821 * proceed from user space (mgmt_user_confirm with
2822 * confirm_hint set to 1). */
2823 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2824 BT_DBG("Confirming auto-accept as acceptor");
2825 confirm_hint = 1;
2826 goto confirm;
2827 }
2828
9f61656a
JH		 2829 BT_DBG("Auto-accept of user confirmation with %ums delay",
2830 hdev->auto_accept_delay);
2831
2832 if (hdev->auto_accept_delay > 0) {
2833 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2834 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2835 goto unlock;
2836 }
2837
7a828908
JH		 2838 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2839 sizeof(ev->bdaddr), &ev->bdaddr);
2840 goto unlock;
2841 }
2842
55bc1a37 2843confirm:
744cf19e 2844 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2845 confirm_hint);
7a828908
JH		 2846
2847unlock:
a5c29683
JH		 2848 hci_dev_unlock(hdev);
2849}
2850
1143d458
BG		 2851static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2852 struct sk_buff *skb)
2853{
2854 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2855
2856 BT_DBG("%s", hdev->name);
2857
2858 hci_dev_lock(hdev);
2859
2860 if (test_bit(HCI_MGMT, &hdev->flags))
2861 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2862
2863 hci_dev_unlock(hdev);
2864}
2865
0493684e
MH		 2866static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2867{
2868 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2869 struct hci_conn *conn;
2870
2871 BT_DBG("%s", hdev->name);
2872
2873 hci_dev_lock(hdev);
2874
2875 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2876 if (!conn)
2877 goto unlock;
2878
2879 /* To avoid duplicate auth_failed events to user space we check
2880 * the HCI_CONN_AUTH_PEND flag which will be set if we
2881 * initiated the authentication. A traditional auth_complete
2882 * event gets always produced as initiator and is also mapped to
2883 * the mgmt_auth_failed event */
2884 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2885 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2886
2a611692
JH		 2887 hci_conn_put(conn);
2888
2889unlock:
0493684e
MH		 2890 hci_dev_unlock(hdev);
2891}
2892
41a96212
MH		 2893static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2894{
2895 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2896 struct inquiry_entry *ie;
2897
2898 BT_DBG("%s", hdev->name);
2899
2900 hci_dev_lock(hdev);
2901
cc11b9c1
AE		 2902 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2903 if (ie)
41a96212
MH		 2904 ie->data.ssp_mode = (ev->features[0] & 0x01);
2905
2906 hci_dev_unlock(hdev);
2907}
2908
2763eda6
SJ		 2909static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2910 struct sk_buff *skb)
2911{
2912 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2913 struct oob_data *data;
2914
2915 BT_DBG("%s", hdev->name);
2916
2917 hci_dev_lock(hdev);
2918
e1ba1f15
SJ		 2919 if (!test_bit(HCI_MGMT, &hdev->flags))
2920 goto unlock;
2921
2763eda6
SJ		 2922 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2923 if (data) {
2924 struct hci_cp_remote_oob_data_reply cp;
2925
2926 bacpy(&cp.bdaddr, &ev->bdaddr);
2927 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2928 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2929
2930 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2931 &cp);
2932 } else {
2933 struct hci_cp_remote_oob_data_neg_reply cp;
2934
2935 bacpy(&cp.bdaddr, &ev->bdaddr);
2936 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2937 &cp);
2938 }
2939
e1ba1f15 2940unlock:
2763eda6
SJ		 2941 hci_dev_unlock(hdev);
2942}
2943
fcd89c09
VT		 2944static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2945{
2946 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2947 struct hci_conn *conn;
2948
2949 BT_DBG("%s status %d", hdev->name, ev->status);
2950
2951 hci_dev_lock(hdev);
2952
2953 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2954 if (!conn) {
2955 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2956 if (!conn) {
2957 BT_ERR("No memory for new connection");
2958 hci_dev_unlock(hdev);
2959 return;
2960 }
29b7988a
AG		 2961
2962 conn->dst_type = ev->bdaddr_type;
b62f328b 2963 }
fcd89c09
VT		 2964
2965 if (ev->status) {
48264f06
JH		 2966 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2967 conn->dst_type, ev->status);
fcd89c09
VT		 2968 hci_proto_connect_cfm(conn, ev->status);
2969 conn->state = BT_CLOSED;
2970 hci_conn_del(conn);
2971 goto unlock;
2972 }
2973
48264f06 2974 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 2975
7b5c0d52 2976 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2977 conn->handle = __le16_to_cpu(ev->handle);
2978 conn->state = BT_CONNECTED;
2979
2980 hci_conn_hold_device(conn);
2981 hci_conn_add_sysfs(conn);
2982
2983 hci_proto_connect_cfm(conn, ev->status);
2984
2985unlock:
2986 hci_dev_unlock(hdev);
2987}
2988
9aa04c91
AG		 2989static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2990 struct sk_buff *skb)
2991{
e95beb41
AG		 2992 u8 num_reports = skb->data[0];
2993 void *ptr = &skb->data[1];
9aa04c91
AG		 2994
2995 hci_dev_lock(hdev);
2996
e95beb41
AG		 2997 while (num_reports--) {
2998 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 2999
9aa04c91 3000 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 3001
3002 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3003 }
3004
3005 hci_dev_unlock(hdev);
3006}
3007
a7a595f6
VCG		 3008static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3009 struct sk_buff *skb)
3010{
3011 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3012 struct hci_cp_le_ltk_reply cp;
bea710fe 3013 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3014 struct hci_conn *conn;
bea710fe 3015 struct link_key *ltk;
a7a595f6
VCG		 3016
3017 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3018
3019 hci_dev_lock(hdev);
3020
3021 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3022 if (conn == NULL)
3023 goto not_found;
a7a595f6 3024
bea710fe
VCG		 3025 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3026 if (ltk == NULL)
3027 goto not_found;
3028
3029 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3030 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3031 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3032
3033 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3034
3035 hci_dev_unlock(hdev);
bea710fe
VCG		 3036
3037 return;
3038
3039not_found:
3040 neg.handle = ev->handle;
3041 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3042 hci_dev_unlock(hdev);
a7a595f6
VCG		 3043}
3044
fcd89c09
VT		 3045static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3046{
3047 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3048
3049 skb_pull(skb, sizeof(*le_ev));
3050
3051 switch (le_ev->subevent) {
3052 case HCI_EV_LE_CONN_COMPLETE:
3053 hci_le_conn_complete_evt(hdev, skb);
3054 break;
3055
9aa04c91
AG		 3056 case HCI_EV_LE_ADVERTISING_REPORT:
3057 hci_le_adv_report_evt(hdev, skb);
3058 break;
3059
a7a595f6
VCG		 3060 case HCI_EV_LE_LTK_REQ:
3061 hci_le_ltk_request_evt(hdev, skb);
3062 break;
3063
fcd89c09
VT		 3064 default:
3065 break;
3066 }
3067}
3068
a9de9248
MH		 3069void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3070{
3071 struct hci_event_hdr *hdr = (void *) skb->data;
3072 __u8 event = hdr->evt;
3073
3074 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3075
3076 switch (event) {
1da177e4
LT		 3077 case HCI_EV_INQUIRY_COMPLETE:
3078 hci_inquiry_complete_evt(hdev, skb);
3079 break;
3080
3081 case HCI_EV_INQUIRY_RESULT:
3082 hci_inquiry_result_evt(hdev, skb);
3083 break;
3084
a9de9248
MH		 3085 case HCI_EV_CONN_COMPLETE:
3086 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3087 break;
3088
1da177e4
LT		 3089 case HCI_EV_CONN_REQUEST:
3090 hci_conn_request_evt(hdev, skb);
3091 break;
3092
1da177e4
LT		 3093 case HCI_EV_DISCONN_COMPLETE:
3094 hci_disconn_complete_evt(hdev, skb);
3095 break;
3096
1da177e4
LT		 3097 case HCI_EV_AUTH_COMPLETE:
3098 hci_auth_complete_evt(hdev, skb);
3099 break;
3100
a9de9248
MH		 3101 case HCI_EV_REMOTE_NAME:
3102 hci_remote_name_evt(hdev, skb);
3103 break;
3104
1da177e4
LT		 3105 case HCI_EV_ENCRYPT_CHANGE:
3106 hci_encrypt_change_evt(hdev, skb);
3107 break;
3108
a9de9248
MH		 3109 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3110 hci_change_link_key_complete_evt(hdev, skb);
3111 break;
3112
3113 case HCI_EV_REMOTE_FEATURES:
3114 hci_remote_features_evt(hdev, skb);
3115 break;
3116
3117 case HCI_EV_REMOTE_VERSION:
3118 hci_remote_version_evt(hdev, skb);
3119 break;
3120
3121 case HCI_EV_QOS_SETUP_COMPLETE:
3122 hci_qos_setup_complete_evt(hdev, skb);
3123 break;
3124
3125 case HCI_EV_CMD_COMPLETE:
3126 hci_cmd_complete_evt(hdev, skb);
3127 break;
3128
3129 case HCI_EV_CMD_STATUS:
3130 hci_cmd_status_evt(hdev, skb);
3131 break;
3132
3133 case HCI_EV_ROLE_CHANGE:
3134 hci_role_change_evt(hdev, skb);
3135 break;
3136
3137 case HCI_EV_NUM_COMP_PKTS:
3138 hci_num_comp_pkts_evt(hdev, skb);
3139 break;
3140
3141 case HCI_EV_MODE_CHANGE:
3142 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3143 break;
3144
3145 case HCI_EV_PIN_CODE_REQ:
3146 hci_pin_code_request_evt(hdev, skb);
3147 break;
3148
3149 case HCI_EV_LINK_KEY_REQ:
3150 hci_link_key_request_evt(hdev, skb);
3151 break;
3152
3153 case HCI_EV_LINK_KEY_NOTIFY:
3154 hci_link_key_notify_evt(hdev, skb);
3155 break;
3156
3157 case HCI_EV_CLOCK_OFFSET:
3158 hci_clock_offset_evt(hdev, skb);
3159 break;
3160
a8746417
MH		 3161 case HCI_EV_PKT_TYPE_CHANGE:
3162 hci_pkt_type_change_evt(hdev, skb);
3163 break;
3164
85a1e930
MH		 3165 case HCI_EV_PSCAN_REP_MODE:
3166 hci_pscan_rep_mode_evt(hdev, skb);
3167 break;
3168
a9de9248
MH		 3169 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3170 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3171 break;
3172
a9de9248
MH		 3173 case HCI_EV_REMOTE_EXT_FEATURES:
3174 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3175 break;
3176
a9de9248
MH		 3177 case HCI_EV_SYNC_CONN_COMPLETE:
3178 hci_sync_conn_complete_evt(hdev, skb);
3179 break;
1da177e4 3180
a9de9248
MH		 3181 case HCI_EV_SYNC_CONN_CHANGED:
3182 hci_sync_conn_changed_evt(hdev, skb);
3183 break;
1da177e4 3184
a9de9248
MH		 3185 case HCI_EV_SNIFF_SUBRATE:
3186 hci_sniff_subrate_evt(hdev, skb);
3187 break;
1da177e4 3188
a9de9248
MH		 3189 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3190 hci_extended_inquiry_result_evt(hdev, skb);
3191 break;
1da177e4 3192
0493684e
MH		 3193 case HCI_EV_IO_CAPA_REQUEST:
3194 hci_io_capa_request_evt(hdev, skb);
3195 break;
3196
03b555e1
JH		 3197 case HCI_EV_IO_CAPA_REPLY:
3198 hci_io_capa_reply_evt(hdev, skb);
3199 break;
3200
a5c29683
JH		 3201 case HCI_EV_USER_CONFIRM_REQUEST:
3202 hci_user_confirm_request_evt(hdev, skb);
3203 break;
3204
1143d458
BG		 3205 case HCI_EV_USER_PASSKEY_REQUEST:
3206 hci_user_passkey_request_evt(hdev, skb);
3207 break;
3208
0493684e
MH		 3209 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3210 hci_simple_pair_complete_evt(hdev, skb);
3211 break;
3212
41a96212
MH		 3213 case HCI_EV_REMOTE_HOST_FEATURES:
3214 hci_remote_host_features_evt(hdev, skb);
3215 break;
3216
fcd89c09
VT		 3217 case HCI_EV_LE_META:
3218 hci_le_meta_evt(hdev, skb);
3219 break;
3220
2763eda6
SJ		 3221 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3222 hci_remote_oob_data_request_evt(hdev, skb);
3223 break;
3224
a9de9248
MH		 3225 default:
3226 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3227 break;
3228 }
3229
3230 kfree_skb(skb);
3231 hdev->stat.evt_rx++;
3232}
3233
3234/* Generate internal stack event */
3235void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3236{
3237 struct hci_event_hdr *hdr;
3238 struct hci_ev_stack_internal *ev;
3239 struct sk_buff *skb;
3240
3241 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3242 if (!skb)
3243 return;
3244
3245 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3246 hdr->evt = HCI_EV_STACK_INTERNAL;
3247 hdr->plen = sizeof(*ev) + dlen;
3248
3249 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3250 ev->type = type;
3251 memcpy(ev->data, data, dlen);
3252
576c7d85 3253 bt_cb(skb)->incoming = 1;
a61bbcf2 3254 __net_timestamp(skb);
576c7d85 3255
0d48d939 3256 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3257 skb->dev = (void *) hdev;
eec8d2bc 3258 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3259 kfree_skb(skb);
3260}
e6100a25 3261
669bb396 3262module_param(enable_le, bool, 0644);
e6100a25 3263MODULE_PARM_DESC(enable_le, "Enable LE support");
Linux kernel - Deliverables
This page took 1.03213 seconds and 5 git commands to generate.