projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Prevent transparent SCO on older devices
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
82f4785c 43 if (status)
a9de9248 44 return;
1da177e4 45
89352e7d 46 clear_bit(HCI_INQUIRY, &hdev->flags);
3e13fa1e
AG		 47 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
48 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 49
a9de9248
MH		 50 hci_conn_check_pending(hdev);
51}
6bd57416 52
4d93483b
AG		 53static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
54{
55 __u8 status = *((__u8 *) skb->data);
56
9f1db00c 57 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 58
59 if (status)
60 return;
61
62 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 63}
64
a9de9248
MH		 65static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
66{
67 __u8 status = *((__u8 *) skb->data);
6bd57416 68
9f1db00c 69 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 70
a9de9248
MH		 71 if (status)
72 return;
1da177e4 73
ae854a70
AG		 74 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
75
a9de9248
MH		 76 hci_conn_check_pending(hdev);
77}
78
807deac2
GP		 79static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
80 struct sk_buff *skb)
a9de9248
MH		 81{
82 BT_DBG("%s", hdev->name);
83}
84
85static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
89
9f1db00c 90 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 91
92 if (rp->status)
93 return;
94
95 hci_dev_lock(hdev);
96
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
98 if (conn) {
99 if (rp->role)
100 conn->link_mode &= ~HCI_LM_MASTER;
101 else
102 conn->link_mode |= HCI_LM_MASTER;
1da177e4 103 }
a9de9248
MH		 104
105 hci_dev_unlock(hdev);
1da177e4
LT		 106}
107
e4e8e37c
MH		 108static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
109{
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
112
9f1db00c 113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 114
115 if (rp->status)
116 return;
117
118 hci_dev_lock(hdev);
119
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
121 if (conn)
122 conn->link_policy = __le16_to_cpu(rp->policy);
123
124 hci_dev_unlock(hdev);
125}
126
a9de9248 127static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 128{
a9de9248 129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 130 struct hci_conn *conn;
04837f64 131 void *sent;
1da177e4 132
9f1db00c 133 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 134
a9de9248
MH		 135 if (rp->status)
136 return;
1da177e4 137
a9de9248
MH		 138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
139 if (!sent)
140 return;
1da177e4 141
a9de9248 142 hci_dev_lock(hdev);
1da177e4 143
a9de9248 144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 145 if (conn)
83985319 146 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 147
a9de9248
MH		 148 hci_dev_unlock(hdev);
149}
1da177e4 150
807deac2
GP		 151static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
152 struct sk_buff *skb)
e4e8e37c
MH		 153{
154 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
155
9f1db00c 156 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 157
158 if (rp->status)
159 return;
160
161 hdev->link_policy = __le16_to_cpu(rp->policy);
162}
163
807deac2
GP		 164static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
165 struct sk_buff *skb)
e4e8e37c
MH		 166{
167 __u8 status = *((__u8 *) skb->data);
168 void *sent;
169
9f1db00c 170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 171
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
173 if (!sent)
174 return;
175
176 if (!status)
177 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 178}
179
a9de9248
MH		 180static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
181{
182 __u8 status = *((__u8 *) skb->data);
04837f64 183
9f1db00c 184 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 185
10572132
GP		 186 clear_bit(HCI_RESET, &hdev->flags);
187
a297e97c 188 /* Reset all non-persistent flags */
2cc6fb00 189 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 190
191 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 192 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
193 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 194
195 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
196 hdev->adv_data_len = 0;
a9de9248 197}
04837f64 198
a9de9248
MH		 199static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
200{
201 __u8 status = *((__u8 *) skb->data);
202 void *sent;
04837f64 203
9f1db00c 204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 205
a9de9248
MH		 206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
207 if (!sent)
208 return;
04837f64 209
56e5cb86
JH		 210 hci_dev_lock(hdev);
211
f51d5b24
JH		 212 if (test_bit(HCI_MGMT, &hdev->dev_flags))
213 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 214 else if (!status)
215 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 216
56e5cb86 217 hci_dev_unlock(hdev);
a9de9248
MH		 218}
219
220static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
221{
222 struct hci_rp_read_local_name *rp = (void *) skb->data;
223
9f1db00c 224 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 225
226 if (rp->status)
227 return;
228
db99b5fc
JH		 229 if (test_bit(HCI_SETUP, &hdev->dev_flags))
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 231}
232
233static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
234{
235 __u8 status = *((__u8 *) skb->data);
236 void *sent;
237
9f1db00c 238 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 239
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 if (!sent)
242 return;
243
244 if (!status) {
245 __u8 param = *((__u8 *) sent);
246
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
249 else
250 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 251 }
a9de9248 252
33ef95ed
JH		 253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 255}
256
a9de9248 257static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 258{
a9de9248 259 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 260 void *sent;
261
9f1db00c 262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 263
a9de9248
MH		 264 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
265 if (!sent)
266 return;
1da177e4 267
a9de9248
MH		 268 if (!status) {
269 __u8 param = *((__u8 *) sent);
270
271 if (param)
272 set_bit(HCI_ENCRYPT, &hdev->flags);
273 else
274 clear_bit(HCI_ENCRYPT, &hdev->flags);
275 }
a9de9248 276}
1da177e4 277
a9de9248
MH		 278static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
279{
36f7fc7e
JH		 280 __u8 param, status = *((__u8 *) skb->data);
281 int old_pscan, old_iscan;
a9de9248 282 void *sent;
1da177e4 283
9f1db00c 284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 285
a9de9248
MH		 286 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
287 if (!sent)
288 return;
1da177e4 289
36f7fc7e
JH		 290 param = *((__u8 *) sent);
291
56e5cb86
JH		 292 hci_dev_lock(hdev);
293
fa1bd918 294 if (status) {
744cf19e 295 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 296 hdev->discov_timeout = 0;
297 goto done;
298 }
299
36f7fc7e
JH		 300 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
301 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
302
303 if (param & SCAN_INQUIRY) {
304 set_bit(HCI_ISCAN, &hdev->flags);
305 if (!old_iscan)
744cf19e 306 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 307 if (hdev->discov_timeout > 0) {
308 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
309 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 310 to);
16ab91ab 311 }
36f7fc7e 312 } else if (old_iscan)
744cf19e 313 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 314
315 if (param & SCAN_PAGE) {
316 set_bit(HCI_PSCAN, &hdev->flags);
317 if (!old_pscan)
744cf19e 318 mgmt_connectable(hdev, 1);
36f7fc7e 319 } else if (old_pscan)
744cf19e 320 mgmt_connectable(hdev, 0);
1da177e4 321
36f7fc7e 322done:
56e5cb86 323 hci_dev_unlock(hdev);
a9de9248 324}
1da177e4 325
a9de9248
MH		 326static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
327{
328 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 329
9f1db00c 330 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 331
a9de9248
MH		 332 if (rp->status)
333 return;
1da177e4 334
a9de9248 335 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 336
a9de9248 337 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 338 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 __u8 status = *((__u8 *) skb->data);
344 void *sent;
1da177e4 345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 347
a9de9248
MH		 348 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
349 if (!sent)
350 return;
1da177e4 351
7f9a903c
MH		 352 hci_dev_lock(hdev);
353
354 if (status == 0)
355 memcpy(hdev->dev_class, sent, 3);
356
357 if (test_bit(HCI_MGMT, &hdev->dev_flags))
358 mgmt_set_class_of_dev_complete(hdev, sent, status);
359
360 hci_dev_unlock(hdev);
a9de9248 361}
1da177e4 362
a9de9248
MH		 363static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364{
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
366 __u16 setting;
367
9f1db00c 368 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 369
370 if (rp->status)
371 return;
372
373 setting = __le16_to_cpu(rp->voice_setting);
374
f383f275 375 if (hdev->voice_setting == setting)
a9de9248
MH		 376 return;
377
378 hdev->voice_setting = setting;
379
9f1db00c 380 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 381
3c54711c 382 if (hdev->notify)
a9de9248 383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 384}
385
8fc9ced3
GP		 386static void hci_cc_write_voice_setting(struct hci_dev *hdev,
387 struct sk_buff *skb)
a9de9248
MH		 388{
389 __u8 status = *((__u8 *) skb->data);
f383f275 390 __u16 setting;
a9de9248
MH		 391 void *sent;
392
9f1db00c 393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 394
f383f275
MH		 395 if (status)
396 return;
397
a9de9248
MH		 398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
399 if (!sent)
400 return;
1da177e4 401
f383f275 402 setting = get_unaligned_le16(sent);
1da177e4 403
f383f275
MH		 404 if (hdev->voice_setting == setting)
405 return;
406
407 hdev->voice_setting = setting;
1da177e4 408
9f1db00c 409 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 410
3c54711c 411 if (hdev->notify)
f383f275 412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 413}
414
333140b5
MH		 415static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
416{
417 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 418 struct hci_cp_write_ssp_mode *sent;
333140b5 419
9f1db00c 420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 421
333140b5
MH		 422 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
423 if (!sent)
424 return;
425
5ed8eb2f
JH		 426 if (!status) {
427 if (sent->mode)
cad718ed 428 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 429 else
cad718ed 430 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 431 }
432
ed2c4ee3 433 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 434 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 435 else if (!status) {
5ed8eb2f 436 if (sent->mode)
c0ecddc2
JH		 437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
438 else
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
440 }
333140b5
MH		 441}
442
a9de9248
MH		 443static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
444{
445 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 446
9f1db00c 447 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 448
a9de9248 449 if (rp->status)
42c6b129 450 return;
1143e5a6 451
a9de9248 452 hdev->hci_ver = rp->hci_ver;
e4e8e37c 453 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 454 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 455 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 456 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 457
9f1db00c 458 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 459 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 460}
461
8fc9ced3
GP		 462static void hci_cc_read_local_commands(struct hci_dev *hdev,
463 struct sk_buff *skb)
a9de9248
MH		 464{
465 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 466
9f1db00c 467 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 468
2177bab5
JH		 469 if (!rp->status)
470 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 471}
1da177e4 472
8fc9ced3
GP		 473static void hci_cc_read_local_features(struct hci_dev *hdev,
474 struct sk_buff *skb)
a9de9248
MH		 475{
476 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 477
9f1db00c 478 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 479
a9de9248
MH		 480 if (rp->status)
481 return;
5b7f9909 482
a9de9248 483 memcpy(hdev->features, rp->features, 8);
5b7f9909 484
a9de9248
MH		 485 /* Adjust default settings according to features
486 * supported by device. */
1da177e4 487
cad718ed 488 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 489 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 490
cad718ed 491 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 492 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 493
cad718ed 494 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 495 hdev->pkt_type |= (HCI_HV2);
496 hdev->esco_type |= (ESCO_HV2);
497 }
1da177e4 498
cad718ed 499 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 500 hdev->pkt_type |= (HCI_HV3);
501 hdev->esco_type |= (ESCO_HV3);
502 }
1da177e4 503
45db810f 504 if (lmp_esco_capable(hdev))
a9de9248 505 hdev->esco_type |= (ESCO_EV3);
da1f5198 506
cad718ed 507 if (hdev->features[0][4] & LMP_EV4)
a9de9248 508 hdev->esco_type |= (ESCO_EV4);
da1f5198 509
cad718ed 510 if (hdev->features[0][4] & LMP_EV5)
a9de9248 511 hdev->esco_type |= (ESCO_EV5);
1da177e4 512
cad718ed 513 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 514 hdev->esco_type |= (ESCO_2EV3);
515
cad718ed 516 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 517 hdev->esco_type |= (ESCO_3EV3);
518
cad718ed 519 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b
MH		 520 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
521
a9de9248 522 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
cad718ed
JH		 523 hdev->features[0][0], hdev->features[0][1],
524 hdev->features[0][2], hdev->features[0][3],
525 hdev->features[0][4], hdev->features[0][5],
526 hdev->features[0][6], hdev->features[0][7]);
a9de9248 527}
1da177e4 528
971e3a4b 529static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 530 struct sk_buff *skb)
971e3a4b
AG		 531{
532 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
533
9f1db00c 534 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 535
536 if (rp->status)
42c6b129 537 return;
971e3a4b 538
d2c5d77f
JH		 539 hdev->max_page = rp->max_page;
540
cad718ed
JH		 541 if (rp->page < HCI_MAX_PAGES)
542 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 543}
544
1e89cffb 545static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 546 struct sk_buff *skb)
1e89cffb
AE		 547{
548 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
549
9f1db00c 550 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 551
42c6b129
JH		 552 if (!rp->status)
553 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 554}
555
a9de9248
MH		 556static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
557{
558 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 559
9f1db00c 560 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 561
a9de9248
MH		 562 if (rp->status)
563 return;
1da177e4 564
a9de9248
MH		 565 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
566 hdev->sco_mtu = rp->sco_mtu;
567 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
568 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
569
570 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
571 hdev->sco_mtu = 64;
572 hdev->sco_pkts = 8;
1da177e4 573 }
a9de9248
MH		 574
575 hdev->acl_cnt = hdev->acl_pkts;
576 hdev->sco_cnt = hdev->sco_pkts;
577
807deac2
GP		 578 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
579 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 580}
581
582static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
583{
584 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
585
9f1db00c 586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 587
588 if (!rp->status)
589 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 590}
591
f332ec66
JH		 592static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
593 struct sk_buff *skb)
594{
595 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
596
597 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
598
599 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
600 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
601 hdev->page_scan_window = __le16_to_cpu(rp->window);
602 }
603}
604
4a3ee763
JH		 605static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
606 struct sk_buff *skb)
607{
608 u8 status = *((u8 *) skb->data);
609 struct hci_cp_write_page_scan_activity *sent;
610
611 BT_DBG("%s status 0x%2.2x", hdev->name, status);
612
613 if (status)
614 return;
615
616 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
617 if (!sent)
618 return;
619
620 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
621 hdev->page_scan_window = __le16_to_cpu(sent->window);
622}
623
f332ec66
JH		 624static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
625 struct sk_buff *skb)
626{
627 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
628
629 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
630
631 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
632 hdev->page_scan_type = rp->type;
633}
634
4a3ee763
JH		 635static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
636 struct sk_buff *skb)
637{
638 u8 status = *((u8 *) skb->data);
639 u8 *type;
640
641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
642
643 if (status)
644 return;
645
646 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
647 if (type)
648 hdev->page_scan_type = *type;
649}
650
350ee4cf 651static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 652 struct sk_buff *skb)
350ee4cf
AE		 653{
654 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
655
9f1db00c 656 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 657
658 if (rp->status)
659 return;
660
661 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
662 hdev->block_len = __le16_to_cpu(rp->block_len);
663 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
664
665 hdev->block_cnt = hdev->num_blocks;
666
667 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 668 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 669}
670
928abaa7 671static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 672 struct sk_buff *skb)
928abaa7
AE		 673{
674 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
675
9f1db00c 676 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 677
678 if (rp->status)
8e2a0d92 679 goto a2mp_rsp;
928abaa7
AE		 680
681 hdev->amp_status = rp->amp_status;
682 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
683 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
684 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
685 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
686 hdev->amp_type = rp->amp_type;
687 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
688 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
689 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
690 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
691
8e2a0d92
AE		 692a2mp_rsp:
693 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 694}
695
903e4541
AE		 696static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
697 struct sk_buff *skb)
698{
699 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
700 struct amp_assoc *assoc = &hdev->loc_assoc;
701 size_t rem_len, frag_len;
702
703 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
704
705 if (rp->status)
706 goto a2mp_rsp;
707
708 frag_len = skb->len - sizeof(*rp);
709 rem_len = __le16_to_cpu(rp->rem_len);
710
711 if (rem_len > frag_len) {
2e430be3 712 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 713
714 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
715 assoc->offset += frag_len;
716
717 /* Read other fragments */
718 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
719
720 return;
721 }
722
723 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
724 assoc->len = assoc->offset + rem_len;
725 assoc->offset = 0;
726
727a2mp_rsp:
728 /* Send A2MP Rsp when all fragments are received */
729 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 730 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 731}
732
d5859e22 733static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 734 struct sk_buff *skb)
d5859e22 735{
91c4e9b1 736 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 737
9f1db00c 738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 739
740 if (!rp->status)
741 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 742}
743
980e1a53
JH		 744static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
745{
746 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
747 struct hci_cp_pin_code_reply *cp;
748 struct hci_conn *conn;
749
9f1db00c 750 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 751
56e5cb86
JH		 752 hci_dev_lock(hdev);
753
a8b2d5c2 754 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 755 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 756
fa1bd918 757 if (rp->status)
56e5cb86 758 goto unlock;
980e1a53
JH		 759
760 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
761 if (!cp)
56e5cb86 762 goto unlock;
980e1a53
JH		 763
764 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
765 if (conn)
766 conn->pin_length = cp->pin_len;
56e5cb86
JH		 767
768unlock:
769 hci_dev_unlock(hdev);
980e1a53
JH		 770}
771
772static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
773{
774 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
775
9f1db00c 776 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 777
56e5cb86
JH		 778 hci_dev_lock(hdev);
779
a8b2d5c2 780 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 781 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 782 rp->status);
56e5cb86
JH		 783
784 hci_dev_unlock(hdev);
980e1a53 785}
56e5cb86 786
6ed58ec5
VT		 787static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
788 struct sk_buff *skb)
789{
790 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
791
9f1db00c 792 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 793
794 if (rp->status)
795 return;
796
797 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
798 hdev->le_pkts = rp->le_max_pkt;
799
800 hdev->le_cnt = hdev->le_pkts;
801
802 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 803}
980e1a53 804
60e77321
JH		 805static void hci_cc_le_read_local_features(struct hci_dev *hdev,
806 struct sk_buff *skb)
807{
808 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
809
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811
812 if (!rp->status)
813 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 814}
815
8fa19098
JH		 816static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
817 struct sk_buff *skb)
818{
819 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
820
821 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
822
04b4edcb 823 if (!rp->status)
8fa19098 824 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 825}
826
a5c29683
JH		 827static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
828{
829 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
830
9f1db00c 831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 832
56e5cb86
JH		 833 hci_dev_lock(hdev);
834
a8b2d5c2 835 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 836 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
837 rp->status);
56e5cb86
JH		 838
839 hci_dev_unlock(hdev);
a5c29683
JH		 840}
841
842static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 843 struct sk_buff *skb)
a5c29683
JH		 844{
845 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
846
9f1db00c 847 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 848
56e5cb86
JH		 849 hci_dev_lock(hdev);
850
a8b2d5c2 851 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 852 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 853 ACL_LINK, 0, rp->status);
56e5cb86
JH		 854
855 hci_dev_unlock(hdev);
a5c29683
JH		 856}
857
1143d458
BG		 858static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
859{
860 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
861
9f1db00c 862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 863
864 hci_dev_lock(hdev);
865
a8b2d5c2 866 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 867 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 868 0, rp->status);
1143d458
BG		 869
870 hci_dev_unlock(hdev);
871}
872
873static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 874 struct sk_buff *skb)
1143d458
BG		 875{
876 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
877
9f1db00c 878 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 879
880 hci_dev_lock(hdev);
881
a8b2d5c2 882 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 883 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 884 ACL_LINK, 0, rp->status);
1143d458
BG		 885
886 hci_dev_unlock(hdev);
887}
888
c35938b2 889static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 890 struct sk_buff *skb)
c35938b2
SJ		 891{
892 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
893
9f1db00c 894 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 895
56e5cb86 896 hci_dev_lock(hdev);
744cf19e 897 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 898 rp->randomizer, rp->status);
56e5cb86 899 hci_dev_unlock(hdev);
c35938b2
SJ		 900}
901
c1d5dc4a
JH		 902static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
903{
904 __u8 *sent, status = *((__u8 *) skb->data);
905
906 BT_DBG("%s status 0x%2.2x", hdev->name, status);
907
908 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
909 if (!sent)
910 return;
911
912 hci_dev_lock(hdev);
913
914 if (!status) {
915 if (*sent)
916 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
917 else
918 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
919 }
920
04b4edcb
JH		 921 if (!test_bit(HCI_INIT, &hdev->flags)) {
922 struct hci_request req;
c1d5dc4a 923
04b4edcb
JH		 924 hci_req_init(&req, hdev);
925 hci_update_ad(&req);
926 hci_req_run(&req, NULL);
927 }
928
929 hci_dev_unlock(hdev);
c1d5dc4a
JH		 930}
931
eb9d91f5 932static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 933 struct sk_buff *skb)
eb9d91f5
AG		 934{
935 struct hci_cp_le_set_scan_enable *cp;
936 __u8 status = *((__u8 *) skb->data);
937
9f1db00c 938 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 939
eb9d91f5
AG		 940 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
941 if (!cp)
942 return;
943
3fd319b8
AG		 944 if (status)
945 return;
946
68a8aea4 947 switch (cp->enable) {
76a388be 948 case LE_SCAN_ENABLE:
d23264a8 949 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 950 break;
951
76a388be 952 case LE_SCAN_DISABLE:
d23264a8 953 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
68a8aea4
AE		 954 break;
955
956 default:
957 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
958 break;
35815085 959 }
eb9d91f5
AG		 960}
961
cf1d081f
JH		 962static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
963 struct sk_buff *skb)
964{
965 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
966
967 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
968
969 if (!rp->status)
970 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 971}
972
9b008c04
JH		 973static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
974 struct sk_buff *skb)
975{
976 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
977
978 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
979
980 if (!rp->status)
981 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 982}
983
6039aa73
GP		 984static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
985 struct sk_buff *skb)
f9b49306 986{
06199cf8 987 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 988 __u8 status = *((__u8 *) skb->data);
989
9f1db00c 990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 991
06199cf8 992 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 993 if (!sent)
f9b49306
AG		 994 return;
995
8f984dfa
JH		 996 if (!status) {
997 if (sent->le)
cad718ed 998 hdev->features[1][0] |= LMP_HOST_LE;
8f984dfa 999 else
cad718ed 1000 hdev->features[1][0] &= ~LMP_HOST_LE;
53b2caab
JH		 1001
1002 if (sent->simul)
cad718ed 1003 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1004 else
cad718ed 1005 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1006 }
1007
1008 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1009 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa 1010 mgmt_le_enable_complete(hdev, sent->le, status);
f9b49306
AG		 1011}
1012
93c284ee
AE		 1013static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1014 struct sk_buff *skb)
1015{
1016 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1017
1018 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1019 hdev->name, rp->status, rp->phy_handle);
1020
1021 if (rp->status)
1022 return;
1023
1024 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1025}
1026
6039aa73 1027static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1028{
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1030
1031 if (status) {
a9de9248 1032 hci_conn_check_pending(hdev);
314b2381
JH		 1033 return;
1034 }
1035
89352e7d 1036 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1037}
1038
6039aa73 1039static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1040{
a9de9248 1041 struct hci_cp_create_conn *cp;
1da177e4 1042 struct hci_conn *conn;
1da177e4 1043
9f1db00c 1044 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1045
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1047 if (!cp)
1048 return;
1049
1050 hci_dev_lock(hdev);
1051
1052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1053
6ed93dc6 1054 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1055
1056 if (status) {
1057 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1058 if (status != 0x0c || conn->attempt > 2) {
1059 conn->state = BT_CLOSED;
1060 hci_proto_connect_cfm(conn, status);
1061 hci_conn_del(conn);
1062 } else
1063 conn->state = BT_CONNECT2;
1da177e4
LT		 1064 }
1065 } else {
1066 if (!conn) {
1067 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1068 if (conn) {
a0c808b3 1069 conn->out = true;
1da177e4
LT		 1070 conn->link_mode |= HCI_LM_MASTER;
1071 } else
893ef971 1072 BT_ERR("No memory for new connection");
1da177e4
LT		 1073 }
1074 }
1075
1076 hci_dev_unlock(hdev);
1077}
1078
a9de9248 1079static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1080{
a9de9248
MH		 1081 struct hci_cp_add_sco *cp;
1082 struct hci_conn *acl, *sco;
1083 __u16 handle;
1da177e4 1084
9f1db00c 1085 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1086
a9de9248
MH		 1087 if (!status)
1088 return;
1da177e4 1089
a9de9248
MH		 1090 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1091 if (!cp)
1092 return;
1da177e4 1093
a9de9248 1094 handle = __le16_to_cpu(cp->handle);
1da177e4 1095
9f1db00c 1096 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1097
a9de9248 1098 hci_dev_lock(hdev);
1da177e4 1099
a9de9248 1100 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1101 if (acl) {
1102 sco = acl->link;
1103 if (sco) {
1104 sco->state = BT_CLOSED;
1da177e4 1105
5a08ecce
AE		 1106 hci_proto_connect_cfm(sco, status);
1107 hci_conn_del(sco);
1108 }
a9de9248 1109 }
1da177e4 1110
a9de9248
MH		 1111 hci_dev_unlock(hdev);
1112}
1da177e4 1113
f8558555
MH		 1114static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1115{
1116 struct hci_cp_auth_requested *cp;
1117 struct hci_conn *conn;
1118
9f1db00c 1119 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1120
1121 if (!status)
1122 return;
1123
1124 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1125 if (!cp)
1126 return;
1127
1128 hci_dev_lock(hdev);
1129
1130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1131 if (conn) {
1132 if (conn->state == BT_CONFIG) {
1133 hci_proto_connect_cfm(conn, status);
76a68ba0 1134 hci_conn_drop(conn);
f8558555
MH		 1135 }
1136 }
1137
1138 hci_dev_unlock(hdev);
1139}
1140
1141static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1142{
1143 struct hci_cp_set_conn_encrypt *cp;
1144 struct hci_conn *conn;
1145
9f1db00c 1146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1147
1148 if (!status)
1149 return;
1150
1151 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1152 if (!cp)
1153 return;
1154
1155 hci_dev_lock(hdev);
1156
1157 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1158 if (conn) {
1159 if (conn->state == BT_CONFIG) {
1160 hci_proto_connect_cfm(conn, status);
76a68ba0 1161 hci_conn_drop(conn);
f8558555
MH		 1162 }
1163 }
1164
1165 hci_dev_unlock(hdev);
1166}
1167
127178d2 1168static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1169 struct hci_conn *conn)
392599b9 1170{
392599b9
JH		 1171 if (conn->state != BT_CONFIG || !conn->out)
1172 return 0;
1173
765c2a96 1174 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1175 return 0;
1176
1177 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1178 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1179 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1180 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1181 return 0;
1182
392599b9
JH		 1183 return 1;
1184}
1185
6039aa73 1186static int hci_resolve_name(struct hci_dev *hdev,
04124681 1187 struct inquiry_entry *e)
30dc78e1
JH		 1188{
1189 struct hci_cp_remote_name_req cp;
1190
1191 memset(&cp, 0, sizeof(cp));
1192
1193 bacpy(&cp.bdaddr, &e->data.bdaddr);
1194 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1195 cp.pscan_mode = e->data.pscan_mode;
1196 cp.clock_offset = e->data.clock_offset;
1197
1198 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1199}
1200
b644ba33 1201static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1202{
1203 struct discovery_state *discov = &hdev->discovery;
1204 struct inquiry_entry *e;
1205
b644ba33
JH		 1206 if (list_empty(&discov->resolve))
1207 return false;
1208
1209 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1210 if (!e)
1211 return false;
1212
b644ba33
JH		 1213 if (hci_resolve_name(hdev, e) == 0) {
1214 e->name_state = NAME_PENDING;
1215 return true;
1216 }
1217
1218 return false;
1219}
1220
1221static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1222 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1223{
1224 struct discovery_state *discov = &hdev->discovery;
1225 struct inquiry_entry *e;
1226
1227 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1228 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1229 name_len, conn->dev_class);
b644ba33
JH		 1230
1231 if (discov->state == DISCOVERY_STOPPED)
1232 return;
1233
30dc78e1
JH		 1234 if (discov->state == DISCOVERY_STOPPING)
1235 goto discov_complete;
1236
1237 if (discov->state != DISCOVERY_RESOLVING)
1238 return;
1239
1240 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1241 /* If the device was not found in a list of found devices names of which
1242 * are pending. there is no need to continue resolving a next name as it
1243 * will be done upon receiving another Remote Name Request Complete
1244 * Event */
1245 if (!e)
1246 return;
1247
1248 list_del(&e->list);
1249 if (name) {
30dc78e1 1250 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1251 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1252 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1253 } else {
1254 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1255 }
1256
b644ba33 1257 if (hci_resolve_next_name(hdev))
30dc78e1 1258 return;
30dc78e1
JH		 1259
1260discov_complete:
1261 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1262}
1263
a9de9248
MH		 1264static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1265{
127178d2
JH		 1266 struct hci_cp_remote_name_req *cp;
1267 struct hci_conn *conn;
1268
9f1db00c 1269 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1270
1271 /* If successful wait for the name req complete event before
1272 * checking for the need to do authentication */
1273 if (!status)
1274 return;
1275
1276 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1277 if (!cp)
1278 return;
1279
1280 hci_dev_lock(hdev);
1281
b644ba33
JH		 1282 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283
a8b2d5c2 1284 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1285 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1286
79c6c70c
JH		 1287 if (!conn)
1288 goto unlock;
1289
1290 if (!hci_outgoing_auth_needed(hdev, conn))
1291 goto unlock;
1292
51a8efd7 1293 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1294 struct hci_cp_auth_requested cp;
1295 cp.handle = __cpu_to_le16(conn->handle);
1296 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1297 }
1298
79c6c70c 1299unlock:
127178d2 1300 hci_dev_unlock(hdev);
a9de9248 1301}
1da177e4 1302
769be974
MH		 1303static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1304{
1305 struct hci_cp_read_remote_features *cp;
1306 struct hci_conn *conn;
1307
9f1db00c 1308 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1309
1310 if (!status)
1311 return;
1312
1313 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1314 if (!cp)
1315 return;
1316
1317 hci_dev_lock(hdev);
1318
1319 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1320 if (conn) {
1321 if (conn->state == BT_CONFIG) {
769be974 1322 hci_proto_connect_cfm(conn, status);
76a68ba0 1323 hci_conn_drop(conn);
769be974
MH		 1324 }
1325 }
1326
1327 hci_dev_unlock(hdev);
1328}
1329
1330static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1331{
1332 struct hci_cp_read_remote_ext_features *cp;
1333 struct hci_conn *conn;
1334
9f1db00c 1335 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1336
1337 if (!status)
1338 return;
1339
1340 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1341 if (!cp)
1342 return;
1343
1344 hci_dev_lock(hdev);
1345
1346 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347 if (conn) {
1348 if (conn->state == BT_CONFIG) {
769be974 1349 hci_proto_connect_cfm(conn, status);
76a68ba0 1350 hci_conn_drop(conn);
769be974
MH		 1351 }
1352 }
1353
1354 hci_dev_unlock(hdev);
1355}
1356
a9de9248
MH		 1357static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1358{
b6a0dc82
MH		 1359 struct hci_cp_setup_sync_conn *cp;
1360 struct hci_conn *acl, *sco;
1361 __u16 handle;
1362
9f1db00c 1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1364
1365 if (!status)
1366 return;
1367
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1369 if (!cp)
1370 return;
1371
1372 handle = __le16_to_cpu(cp->handle);
1373
9f1db00c 1374 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1375
1376 hci_dev_lock(hdev);
1377
1378 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1379 if (acl) {
1380 sco = acl->link;
1381 if (sco) {
1382 sco->state = BT_CLOSED;
b6a0dc82 1383
5a08ecce
AE		 1384 hci_proto_connect_cfm(sco, status);
1385 hci_conn_del(sco);
1386 }
b6a0dc82
MH		 1387 }
1388
1389 hci_dev_unlock(hdev);
1da177e4
LT		 1390}
1391
a9de9248 1392static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1393{
a9de9248
MH		 1394 struct hci_cp_sniff_mode *cp;
1395 struct hci_conn *conn;
1da177e4 1396
9f1db00c 1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1398
a9de9248
MH		 1399 if (!status)
1400 return;
04837f64 1401
a9de9248
MH		 1402 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1403 if (!cp)
1404 return;
04837f64 1405
a9de9248 1406 hci_dev_lock(hdev);
04837f64 1407
a9de9248 1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1409 if (conn) {
51a8efd7 1410 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1411
51a8efd7 1412 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1413 hci_sco_setup(conn, status);
1414 }
1415
a9de9248
MH		 1416 hci_dev_unlock(hdev);
1417}
04837f64 1418
a9de9248
MH		 1419static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1420{
1421 struct hci_cp_exit_sniff_mode *cp;
1422 struct hci_conn *conn;
04837f64 1423
9f1db00c 1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1425
a9de9248
MH		 1426 if (!status)
1427 return;
04837f64 1428
a9de9248
MH		 1429 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1430 if (!cp)
1431 return;
04837f64 1432
a9de9248 1433 hci_dev_lock(hdev);
1da177e4 1434
a9de9248 1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1436 if (conn) {
51a8efd7 1437 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1438
51a8efd7 1439 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1440 hci_sco_setup(conn, status);
1441 }
1442
a9de9248 1443 hci_dev_unlock(hdev);
1da177e4
LT		 1444}
1445
88c3df13
JH		 1446static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1447{
1448 struct hci_cp_disconnect *cp;
1449 struct hci_conn *conn;
1450
1451 if (!status)
1452 return;
1453
1454 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1455 if (!cp)
1456 return;
1457
1458 hci_dev_lock(hdev);
1459
1460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1461 if (conn)
1462 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1463 conn->dst_type, status);
88c3df13
JH		 1464
1465 hci_dev_unlock(hdev);
1466}
1467
fcd89c09
VT		 1468static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1469{
fcd89c09
VT		 1470 struct hci_conn *conn;
1471
9f1db00c 1472 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1473
f00a06ac
AG		 1474 if (status) {
1475 hci_dev_lock(hdev);
fcd89c09 1476
0c95ab78 1477 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1478 if (!conn) {
1479 hci_dev_unlock(hdev);
1480 return;
1481 }
fcd89c09 1482
6ed93dc6 1483 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1484
f00a06ac 1485 conn->state = BT_CLOSED;
0c95ab78 1486 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1487 conn->dst_type, status);
1488 hci_proto_connect_cfm(conn, status);
1489 hci_conn_del(conn);
fcd89c09 1490
f00a06ac
AG		 1491 hci_dev_unlock(hdev);
1492 }
fcd89c09
VT		 1493}
1494
a02226d6
AE		 1495static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1496{
93c284ee
AE		 1497 struct hci_cp_create_phy_link *cp;
1498
a02226d6 1499 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1500
93c284ee
AE		 1501 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1502 if (!cp)
1503 return;
1504
e58917b9
AE		 1505 hci_dev_lock(hdev);
1506
1507 if (status) {
1508 struct hci_conn *hcon;
1509
1510 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1511 if (hcon)
1512 hci_conn_del(hcon);
1513 } else {
1514 amp_write_remote_assoc(hdev, cp->phy_handle);
1515 }
1516
1517 hci_dev_unlock(hdev);
a02226d6
AE		 1518}
1519
0b26ab9d
AE		 1520static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1521{
1522 struct hci_cp_accept_phy_link *cp;
1523
1524 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525
1526 if (status)
1527 return;
1528
1529 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1530 if (!cp)
1531 return;
1532
1533 amp_write_remote_assoc(hdev, cp->phy_handle);
1534}
1535
6039aa73 1536static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1537{
1538 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1539 struct discovery_state *discov = &hdev->discovery;
1540 struct inquiry_entry *e;
1da177e4 1541
9f1db00c 1542 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1543
a9de9248 1544 hci_conn_check_pending(hdev);
89352e7d
AG		 1545
1546 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1547 return;
1548
3e13fa1e
AG		 1549 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1550 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1551
a8b2d5c2 1552 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1553 return;
1554
56e5cb86 1555 hci_dev_lock(hdev);
30dc78e1 1556
343f935b 1557 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1558 goto unlock;
1559
1560 if (list_empty(&discov->resolve)) {
1561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562 goto unlock;
1563 }
1564
1565 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1566 if (e && hci_resolve_name(hdev, e) == 0) {
1567 e->name_state = NAME_PENDING;
1568 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1569 } else {
1570 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1571 }
1572
1573unlock:
56e5cb86 1574 hci_dev_unlock(hdev);
1da177e4
LT		 1575}
1576
6039aa73 1577static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1578{
45bb4bf0 1579 struct inquiry_data data;
a9de9248 1580 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1581 int num_rsp = *((__u8 *) skb->data);
1582
1583 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1584
45bb4bf0
MH		 1585 if (!num_rsp)
1586 return;
1587
1519cc17
AG		 1588 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1589 return;
1590
1da177e4 1591 hci_dev_lock(hdev);
45bb4bf0 1592
e17acd40 1593 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1594 bool name_known, ssp;
3175405b 1595
1da177e4
LT		 1596 bacpy(&data.bdaddr, &info->bdaddr);
1597 data.pscan_rep_mode = info->pscan_rep_mode;
1598 data.pscan_period_mode = info->pscan_period_mode;
1599 data.pscan_mode = info->pscan_mode;
1600 memcpy(data.dev_class, info->dev_class, 3);
1601 data.clock_offset = info->clock_offset;
1602 data.rssi = 0x00;
41a96212 1603 data.ssp_mode = 0x00;
3175405b 1604
388fc8fa 1605 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1606 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1607 info->dev_class, 0, !name_known, ssp, NULL,
1608 0);
1da177e4 1609 }
45bb4bf0 1610
1da177e4
LT		 1611 hci_dev_unlock(hdev);
1612}
1613
6039aa73 1614static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1615{
a9de9248
MH		 1616 struct hci_ev_conn_complete *ev = (void *) skb->data;
1617 struct hci_conn *conn;
1da177e4
LT		 1618
1619 BT_DBG("%s", hdev->name);
1620
1621 hci_dev_lock(hdev);
1622
1623 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1624 if (!conn) {
1625 if (ev->link_type != SCO_LINK)
1626 goto unlock;
1627
1628 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1629 if (!conn)
1630 goto unlock;
1631
1632 conn->type = SCO_LINK;
1633 }
1da177e4
LT		 1634
1635 if (!ev->status) {
1636 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1637
1638 if (conn->type == ACL_LINK) {
1639 conn->state = BT_CONFIG;
1640 hci_conn_hold(conn);
a9ea3ed9
SJ		 1641
1642 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1643 !hci_find_link_key(hdev, &ev->bdaddr))
1644 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1645 else
1646 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1647 } else
1648 conn->state = BT_CONNECTED;
1da177e4 1649
7d0db0a3
MH		 1650 hci_conn_add_sysfs(conn);
1651
1da177e4
LT		 1652 if (test_bit(HCI_AUTH, &hdev->flags))
1653 conn->link_mode |= HCI_LM_AUTH;
1654
1655 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1656 conn->link_mode |= HCI_LM_ENCRYPT;
1657
04837f64
MH		 1658 /* Get remote features */
1659 if (conn->type == ACL_LINK) {
1660 struct hci_cp_read_remote_features cp;
1661 cp.handle = ev->handle;
769be974 1662 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1663 sizeof(cp), &cp);
04837f64
MH		 1664 }
1665
1da177e4 1666 /* Set packet type for incoming connection */
d095c1eb 1667 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1668 struct hci_cp_change_conn_ptype cp;
1669 cp.handle = ev->handle;
a8746417 1670 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1671 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1672 &cp);
1da177e4 1673 }
17d5c04c 1674 } else {
1da177e4 1675 conn->state = BT_CLOSED;
17d5c04c 1676 if (conn->type == ACL_LINK)
744cf19e 1677 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1678 conn->dst_type, ev->status);
17d5c04c 1679 }
1da177e4 1680
e73439d8
MH		 1681 if (conn->type == ACL_LINK)
1682 hci_sco_setup(conn, ev->status);
1da177e4 1683
769be974
MH		 1684 if (ev->status) {
1685 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1686 hci_conn_del(conn);
c89b6e6b
MH		 1687 } else if (ev->link_type != ACL_LINK)
1688 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1689
a9de9248 1690unlock:
1da177e4 1691 hci_dev_unlock(hdev);
1da177e4 1692
a9de9248 1693 hci_conn_check_pending(hdev);
1da177e4
LT		 1694}
1695
6039aa73 1696static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1697{
a9de9248
MH		 1698 struct hci_ev_conn_request *ev = (void *) skb->data;
1699 int mask = hdev->link_mode;
20714bfe 1700 __u8 flags = 0;
1da177e4 1701
6ed93dc6 1702 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1703 ev->link_type);
1da177e4 1704
20714bfe
FD		 1705 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1706 &flags);
1da177e4 1707
138d22ef 1708 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1709 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1710 /* Connection accepted */
c7bdd502 1711 struct inquiry_entry *ie;
1da177e4 1712 struct hci_conn *conn;
1da177e4 1713
a9de9248 1714 hci_dev_lock(hdev);
b6a0dc82 1715
cc11b9c1
AE		 1716 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1717 if (ie)
c7bdd502
MH		 1718 memcpy(ie->data.dev_class, ev->dev_class, 3);
1719
8fc9ced3
GP		 1720 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1721 &ev->bdaddr);
a9de9248 1722 if (!conn) {
cc11b9c1
AE		 1723 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1724 if (!conn) {
893ef971 1725 BT_ERR("No memory for new connection");
a9de9248
MH		 1726 hci_dev_unlock(hdev);
1727 return;
1da177e4
LT		 1728 }
1729 }
b6a0dc82 1730
a9de9248 1731 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1732
a9de9248 1733 hci_dev_unlock(hdev);
1da177e4 1734
20714bfe
FD		 1735 if (ev->link_type == ACL_LINK ||
1736 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1737 struct hci_cp_accept_conn_req cp;
20714bfe 1738 conn->state = BT_CONNECT;
1da177e4 1739
b6a0dc82
MH		 1740 bacpy(&cp.bdaddr, &ev->bdaddr);
1741
1742 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1743 cp.role = 0x00; /* Become master */
1744 else
1745 cp.role = 0x01; /* Remain slave */
1746
04124681
GP		 1747 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1748 &cp);
20714bfe 1749 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1750 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1751 conn->state = BT_CONNECT;
b6a0dc82
MH		 1752
1753 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1754 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1755
82781e63
AE		 1756 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1757 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1758 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1759 cp.content_format = cpu_to_le16(hdev->voice_setting);
1760 cp.retrans_effort = 0xff;
1da177e4 1761
b6a0dc82 1762 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1763 sizeof(cp), &cp);
20714bfe
FD		 1764 } else {
1765 conn->state = BT_CONNECT2;
1766 hci_proto_connect_cfm(conn, 0);
b6a0dc82 1767 }
a9de9248
MH		 1768 } else {
1769 /* Connection rejected */
1770 struct hci_cp_reject_conn_req cp;
1da177e4 1771
a9de9248 1772 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1773 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1774 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1775 }
1da177e4
LT		 1776}
1777
f0d6a0ea
MA		 1778static u8 hci_to_mgmt_reason(u8 err)
1779{
1780 switch (err) {
1781 case HCI_ERROR_CONNECTION_TIMEOUT:
1782 return MGMT_DEV_DISCONN_TIMEOUT;
1783 case HCI_ERROR_REMOTE_USER_TERM:
1784 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1785 case HCI_ERROR_REMOTE_POWER_OFF:
1786 return MGMT_DEV_DISCONN_REMOTE;
1787 case HCI_ERROR_LOCAL_HOST_TERM:
1788 return MGMT_DEV_DISCONN_LOCAL_HOST;
1789 default:
1790 return MGMT_DEV_DISCONN_UNKNOWN;
1791 }
1792}
1793
6039aa73 1794static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1795{
a9de9248 1796 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1797 struct hci_conn *conn;
1798
9f1db00c 1799 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1800
1801 hci_dev_lock(hdev);
1802
1803 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1804 if (!conn)
1805 goto unlock;
7d0db0a3 1806
37d9ef76
JH		 1807 if (ev->status == 0)
1808 conn->state = BT_CLOSED;
04837f64 1809
b644ba33 1810 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1811 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1812 if (ev->status) {
88c3df13 1813 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1814 conn->dst_type, ev->status);
f0d6a0ea
MA		 1815 } else {
1816 u8 reason = hci_to_mgmt_reason(ev->reason);
1817
afc747a6 1818 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1819 conn->dst_type, reason);
1820 }
37d9ef76 1821 }
f7520543 1822
37d9ef76 1823 if (ev->status == 0) {
6ec5bcad
VA		 1824 if (conn->type == ACL_LINK && conn->flush_key)
1825 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1826 hci_proto_disconn_cfm(conn, ev->reason);
1827 hci_conn_del(conn);
1828 }
f7520543
JH		 1829
1830unlock:
04837f64
MH		 1831 hci_dev_unlock(hdev);
1832}
1833
6039aa73 1834static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1835{
a9de9248 1836 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1837 struct hci_conn *conn;
1da177e4 1838
9f1db00c 1839 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1840
1841 hci_dev_lock(hdev);
1842
04837f64 1843 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1844 if (!conn)
1845 goto unlock;
1846
1847 if (!ev->status) {
aa64a8b5 1848 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1849 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1850 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1851 } else {
d7556e20
WR		 1852 conn->link_mode |= HCI_LM_AUTH;
1853 conn->sec_level = conn->pending_sec_level;
2a611692 1854 }
d7556e20 1855 } else {
bab73cb6 1856 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1857 ev->status);
d7556e20 1858 }
1da177e4 1859
51a8efd7
JH		 1860 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1861 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1862
d7556e20 1863 if (conn->state == BT_CONFIG) {
aa64a8b5 1864 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1865 struct hci_cp_set_conn_encrypt cp;
1866 cp.handle = ev->handle;
1867 cp.encrypt = 0x01;
1868 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1869 &cp);
052b30b0 1870 } else {
d7556e20
WR		 1871 conn->state = BT_CONNECTED;
1872 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 1873 hci_conn_drop(conn);
052b30b0 1874 }
d7556e20
WR		 1875 } else {
1876 hci_auth_cfm(conn, ev->status);
052b30b0 1877
d7556e20
WR		 1878 hci_conn_hold(conn);
1879 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 1880 hci_conn_drop(conn);
d7556e20
WR		 1881 }
1882
51a8efd7 1883 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1884 if (!ev->status) {
1885 struct hci_cp_set_conn_encrypt cp;
1886 cp.handle = ev->handle;
1887 cp.encrypt = 0x01;
1888 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1889 &cp);
d7556e20 1890 } else {
51a8efd7 1891 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1892 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1893 }
1894 }
1895
d7556e20 1896unlock:
1da177e4
LT		 1897 hci_dev_unlock(hdev);
1898}
1899
6039aa73 1900static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1901{
127178d2
JH		 1902 struct hci_ev_remote_name *ev = (void *) skb->data;
1903 struct hci_conn *conn;
1904
a9de9248 1905 BT_DBG("%s", hdev->name);
1da177e4 1906
a9de9248 1907 hci_conn_check_pending(hdev);
127178d2
JH		 1908
1909 hci_dev_lock(hdev);
1910
b644ba33 1911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1912
b644ba33
JH		 1913 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1914 goto check_auth;
a88a9652 1915
b644ba33
JH		 1916 if (ev->status == 0)
1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1918 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 1919 else
1920 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1921
1922check_auth:
79c6c70c
JH		 1923 if (!conn)
1924 goto unlock;
1925
1926 if (!hci_outgoing_auth_needed(hdev, conn))
1927 goto unlock;
1928
51a8efd7 1929 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1930 struct hci_cp_auth_requested cp;
1931 cp.handle = __cpu_to_le16(conn->handle);
1932 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1933 }
1934
79c6c70c 1935unlock:
127178d2 1936 hci_dev_unlock(hdev);
a9de9248
MH		 1937}
1938
6039aa73 1939static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 1940{
1941 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1942 struct hci_conn *conn;
1943
9f1db00c 1944 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1945
1946 hci_dev_lock(hdev);
1947
04837f64 1948 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1949 if (conn) {
1950 if (!ev->status) {
ae293196
MH		 1951 if (ev->encrypt) {
1952 /* Encryption implies authentication */
1953 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1954 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1955 conn->sec_level = conn->pending_sec_level;
ae293196 1956 } else
1da177e4
LT		 1957 conn->link_mode &= ~HCI_LM_ENCRYPT;
1958 }
1959
51a8efd7 1960 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1961
a7d7723a 1962 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 1963 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 1964 hci_conn_drop(conn);
a7d7723a
GP		 1965 goto unlock;
1966 }
1967
f8558555
MH		 1968 if (conn->state == BT_CONFIG) {
1969 if (!ev->status)
1970 conn->state = BT_CONNECTED;
1971
1972 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 1973 hci_conn_drop(conn);
f8558555
MH		 1974 } else
1975 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1976 }
1977
a7d7723a 1978unlock:
1da177e4
LT		 1979 hci_dev_unlock(hdev);
1980}
1981
6039aa73
GP		 1982static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1983 struct sk_buff *skb)
1da177e4 1984{
a9de9248 1985 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1986 struct hci_conn *conn;
1da177e4 1987
9f1db00c 1988 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1989
1990 hci_dev_lock(hdev);
1991
04837f64 1992 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1993 if (conn) {
1994 if (!ev->status)
1995 conn->link_mode |= HCI_LM_SECURE;
1996
51a8efd7 1997 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 1998
1999 hci_key_change_cfm(conn, ev->status);
2000 }
2001
2002 hci_dev_unlock(hdev);
2003}
2004
6039aa73
GP		 2005static void hci_remote_features_evt(struct hci_dev *hdev,
2006 struct sk_buff *skb)
1da177e4 2007{
a9de9248
MH		 2008 struct hci_ev_remote_features *ev = (void *) skb->data;
2009 struct hci_conn *conn;
2010
9f1db00c 2011 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2012
a9de9248
MH		 2013 hci_dev_lock(hdev);
2014
2015 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2016 if (!conn)
2017 goto unlock;
769be974 2018
ccd556fe 2019 if (!ev->status)
cad718ed 2020 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2021
2022 if (conn->state != BT_CONFIG)
2023 goto unlock;
2024
2025 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2026 struct hci_cp_read_remote_ext_features cp;
2027 cp.handle = ev->handle;
2028 cp.page = 0x01;
2029 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2030 sizeof(cp), &cp);
392599b9
JH		 2031 goto unlock;
2032 }
2033
671267bf 2034 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2035 struct hci_cp_remote_name_req cp;
2036 memset(&cp, 0, sizeof(cp));
2037 bacpy(&cp.bdaddr, &conn->dst);
2038 cp.pscan_rep_mode = 0x02;
2039 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2040 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2041 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2042 conn->dst_type, 0, NULL, 0,
2043 conn->dev_class);
392599b9 2044
127178d2 2045 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2046 conn->state = BT_CONNECTED;
2047 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2048 hci_conn_drop(conn);
769be974 2049 }
a9de9248 2050
ccd556fe 2051unlock:
a9de9248 2052 hci_dev_unlock(hdev);
1da177e4
LT		 2053}
2054
6039aa73 2055static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2056{
2057 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2058 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2059 __u16 opcode;
2060
2061 skb_pull(skb, sizeof(*ev));
2062
2063 opcode = __le16_to_cpu(ev->opcode);
2064
2065 switch (opcode) {
2066 case HCI_OP_INQUIRY_CANCEL:
2067 hci_cc_inquiry_cancel(hdev, skb);
2068 break;
2069
4d93483b
AG		 2070 case HCI_OP_PERIODIC_INQ:
2071 hci_cc_periodic_inq(hdev, skb);
2072 break;
2073
a9de9248
MH		 2074 case HCI_OP_EXIT_PERIODIC_INQ:
2075 hci_cc_exit_periodic_inq(hdev, skb);
2076 break;
2077
2078 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2079 hci_cc_remote_name_req_cancel(hdev, skb);
2080 break;
2081
2082 case HCI_OP_ROLE_DISCOVERY:
2083 hci_cc_role_discovery(hdev, skb);
2084 break;
2085
e4e8e37c
MH		 2086 case HCI_OP_READ_LINK_POLICY:
2087 hci_cc_read_link_policy(hdev, skb);
2088 break;
2089
a9de9248
MH		 2090 case HCI_OP_WRITE_LINK_POLICY:
2091 hci_cc_write_link_policy(hdev, skb);
2092 break;
2093
e4e8e37c
MH		 2094 case HCI_OP_READ_DEF_LINK_POLICY:
2095 hci_cc_read_def_link_policy(hdev, skb);
2096 break;
2097
2098 case HCI_OP_WRITE_DEF_LINK_POLICY:
2099 hci_cc_write_def_link_policy(hdev, skb);
2100 break;
2101
a9de9248
MH		 2102 case HCI_OP_RESET:
2103 hci_cc_reset(hdev, skb);
2104 break;
2105
2106 case HCI_OP_WRITE_LOCAL_NAME:
2107 hci_cc_write_local_name(hdev, skb);
2108 break;
2109
2110 case HCI_OP_READ_LOCAL_NAME:
2111 hci_cc_read_local_name(hdev, skb);
2112 break;
2113
2114 case HCI_OP_WRITE_AUTH_ENABLE:
2115 hci_cc_write_auth_enable(hdev, skb);
2116 break;
2117
2118 case HCI_OP_WRITE_ENCRYPT_MODE:
2119 hci_cc_write_encrypt_mode(hdev, skb);
2120 break;
2121
2122 case HCI_OP_WRITE_SCAN_ENABLE:
2123 hci_cc_write_scan_enable(hdev, skb);
2124 break;
2125
2126 case HCI_OP_READ_CLASS_OF_DEV:
2127 hci_cc_read_class_of_dev(hdev, skb);
2128 break;
2129
2130 case HCI_OP_WRITE_CLASS_OF_DEV:
2131 hci_cc_write_class_of_dev(hdev, skb);
2132 break;
2133
2134 case HCI_OP_READ_VOICE_SETTING:
2135 hci_cc_read_voice_setting(hdev, skb);
2136 break;
2137
2138 case HCI_OP_WRITE_VOICE_SETTING:
2139 hci_cc_write_voice_setting(hdev, skb);
2140 break;
2141
333140b5
MH		 2142 case HCI_OP_WRITE_SSP_MODE:
2143 hci_cc_write_ssp_mode(hdev, skb);
2144 break;
2145
a9de9248
MH		 2146 case HCI_OP_READ_LOCAL_VERSION:
2147 hci_cc_read_local_version(hdev, skb);
2148 break;
2149
2150 case HCI_OP_READ_LOCAL_COMMANDS:
2151 hci_cc_read_local_commands(hdev, skb);
2152 break;
2153
2154 case HCI_OP_READ_LOCAL_FEATURES:
2155 hci_cc_read_local_features(hdev, skb);
2156 break;
2157
971e3a4b
AG		 2158 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2159 hci_cc_read_local_ext_features(hdev, skb);
2160 break;
2161
a9de9248
MH		 2162 case HCI_OP_READ_BUFFER_SIZE:
2163 hci_cc_read_buffer_size(hdev, skb);
2164 break;
2165
2166 case HCI_OP_READ_BD_ADDR:
2167 hci_cc_read_bd_addr(hdev, skb);
2168 break;
2169
f332ec66
JH		 2170 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2171 hci_cc_read_page_scan_activity(hdev, skb);
2172 break;
2173
4a3ee763
JH		 2174 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2175 hci_cc_write_page_scan_activity(hdev, skb);
2176 break;
2177
f332ec66
JH		 2178 case HCI_OP_READ_PAGE_SCAN_TYPE:
2179 hci_cc_read_page_scan_type(hdev, skb);
2180 break;
2181
4a3ee763
JH		 2182 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2183 hci_cc_write_page_scan_type(hdev, skb);
2184 break;
2185
350ee4cf
AE		 2186 case HCI_OP_READ_DATA_BLOCK_SIZE:
2187 hci_cc_read_data_block_size(hdev, skb);
2188 break;
2189
1e89cffb
AE		 2190 case HCI_OP_READ_FLOW_CONTROL_MODE:
2191 hci_cc_read_flow_control_mode(hdev, skb);
2192 break;
2193
928abaa7
AE		 2194 case HCI_OP_READ_LOCAL_AMP_INFO:
2195 hci_cc_read_local_amp_info(hdev, skb);
2196 break;
2197
903e4541
AE		 2198 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2199 hci_cc_read_local_amp_assoc(hdev, skb);
2200 break;
2201
d5859e22
JH		 2202 case HCI_OP_READ_INQ_RSP_TX_POWER:
2203 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2204 break;
2205
980e1a53
JH		 2206 case HCI_OP_PIN_CODE_REPLY:
2207 hci_cc_pin_code_reply(hdev, skb);
2208 break;
2209
2210 case HCI_OP_PIN_CODE_NEG_REPLY:
2211 hci_cc_pin_code_neg_reply(hdev, skb);
2212 break;
2213
c35938b2
SJ		 2214 case HCI_OP_READ_LOCAL_OOB_DATA:
2215 hci_cc_read_local_oob_data_reply(hdev, skb);
2216 break;
2217
6ed58ec5
VT		 2218 case HCI_OP_LE_READ_BUFFER_SIZE:
2219 hci_cc_le_read_buffer_size(hdev, skb);
2220 break;
2221
60e77321
JH		 2222 case HCI_OP_LE_READ_LOCAL_FEATURES:
2223 hci_cc_le_read_local_features(hdev, skb);
2224 break;
2225
8fa19098
JH		 2226 case HCI_OP_LE_READ_ADV_TX_POWER:
2227 hci_cc_le_read_adv_tx_power(hdev, skb);
2228 break;
2229
a5c29683
JH		 2230 case HCI_OP_USER_CONFIRM_REPLY:
2231 hci_cc_user_confirm_reply(hdev, skb);
2232 break;
2233
2234 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2235 hci_cc_user_confirm_neg_reply(hdev, skb);
2236 break;
2237
1143d458
BG		 2238 case HCI_OP_USER_PASSKEY_REPLY:
2239 hci_cc_user_passkey_reply(hdev, skb);
2240 break;
2241
2242 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2243 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2244 break;
07f7fa5d 2245
c1d5dc4a
JH		 2246 case HCI_OP_LE_SET_ADV_ENABLE:
2247 hci_cc_le_set_adv_enable(hdev, skb);
2248 break;
2249
eb9d91f5
AG		 2250 case HCI_OP_LE_SET_SCAN_ENABLE:
2251 hci_cc_le_set_scan_enable(hdev, skb);
2252 break;
2253
cf1d081f
JH		 2254 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2255 hci_cc_le_read_white_list_size(hdev, skb);
2256 break;
2257
9b008c04
JH		 2258 case HCI_OP_LE_READ_SUPPORTED_STATES:
2259 hci_cc_le_read_supported_states(hdev, skb);
2260 break;
2261
f9b49306
AG		 2262 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2263 hci_cc_write_le_host_supported(hdev, skb);
2264 break;
2265
93c284ee
AE		 2266 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2267 hci_cc_write_remote_amp_assoc(hdev, skb);
2268 break;
2269
a9de9248 2270 default:
9f1db00c 2271 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2272 break;
2273 }
2274
ad82cdd1 2275 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2276 del_timer(&hdev->cmd_timer);
2277
ad82cdd1 2278 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2279
dbccd791 2280 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2281 atomic_set(&hdev->cmd_cnt, 1);
2282 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2283 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2284 }
2285}
2286
6039aa73 2287static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2288{
2289 struct hci_ev_cmd_status *ev = (void *) skb->data;
2290 __u16 opcode;
2291
2292 skb_pull(skb, sizeof(*ev));
2293
2294 opcode = __le16_to_cpu(ev->opcode);
2295
2296 switch (opcode) {
2297 case HCI_OP_INQUIRY:
2298 hci_cs_inquiry(hdev, ev->status);
2299 break;
2300
2301 case HCI_OP_CREATE_CONN:
2302 hci_cs_create_conn(hdev, ev->status);
2303 break;
2304
2305 case HCI_OP_ADD_SCO:
2306 hci_cs_add_sco(hdev, ev->status);
2307 break;
2308
f8558555
MH		 2309 case HCI_OP_AUTH_REQUESTED:
2310 hci_cs_auth_requested(hdev, ev->status);
2311 break;
2312
2313 case HCI_OP_SET_CONN_ENCRYPT:
2314 hci_cs_set_conn_encrypt(hdev, ev->status);
2315 break;
2316
a9de9248
MH		 2317 case HCI_OP_REMOTE_NAME_REQ:
2318 hci_cs_remote_name_req(hdev, ev->status);
2319 break;
2320
769be974
MH		 2321 case HCI_OP_READ_REMOTE_FEATURES:
2322 hci_cs_read_remote_features(hdev, ev->status);
2323 break;
2324
2325 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2326 hci_cs_read_remote_ext_features(hdev, ev->status);
2327 break;
2328
a9de9248
MH		 2329 case HCI_OP_SETUP_SYNC_CONN:
2330 hci_cs_setup_sync_conn(hdev, ev->status);
2331 break;
2332
2333 case HCI_OP_SNIFF_MODE:
2334 hci_cs_sniff_mode(hdev, ev->status);
2335 break;
2336
2337 case HCI_OP_EXIT_SNIFF_MODE:
2338 hci_cs_exit_sniff_mode(hdev, ev->status);
2339 break;
2340
8962ee74 2341 case HCI_OP_DISCONNECT:
88c3df13 2342 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2343 break;
2344
fcd89c09
VT		 2345 case HCI_OP_LE_CREATE_CONN:
2346 hci_cs_le_create_conn(hdev, ev->status);
2347 break;
2348
a02226d6
AE		 2349 case HCI_OP_CREATE_PHY_LINK:
2350 hci_cs_create_phylink(hdev, ev->status);
2351 break;
2352
0b26ab9d
AE		 2353 case HCI_OP_ACCEPT_PHY_LINK:
2354 hci_cs_accept_phylink(hdev, ev->status);
2355 break;
2356
a9de9248 2357 default:
9f1db00c 2358 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2359 break;
2360 }
2361
ad82cdd1 2362 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2363 del_timer(&hdev->cmd_timer);
2364
02350a72
JH		 2365 if (ev->status ||
2366 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2367 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2368
10572132 2369 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2370 atomic_set(&hdev->cmd_cnt, 1);
2371 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2372 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2373 }
2374}
2375
6039aa73 2376static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2377{
2378 struct hci_ev_role_change *ev = (void *) skb->data;
2379 struct hci_conn *conn;
2380
9f1db00c 2381 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2382
2383 hci_dev_lock(hdev);
2384
2385 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2386 if (conn) {
2387 if (!ev->status) {
2388 if (ev->role)
2389 conn->link_mode &= ~HCI_LM_MASTER;
2390 else
2391 conn->link_mode |= HCI_LM_MASTER;
2392 }
2393
51a8efd7 2394 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2395
2396 hci_role_switch_cfm(conn, ev->status, ev->role);
2397 }
2398
2399 hci_dev_unlock(hdev);
2400}
2401
6039aa73 2402static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2403{
2404 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2405 int i;
2406
32ac5b9b
AE		 2407 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2408 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2409 return;
2410 }
2411
c5993de8 2412 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2413 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2414 BT_DBG("%s bad parameters", hdev->name);
2415 return;
2416 }
2417
c5993de8
AE		 2418 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2419
613a1c0c
AE		 2420 for (i = 0; i < ev->num_hndl; i++) {
2421 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2422 struct hci_conn *conn;
2423 __u16 handle, count;
2424
613a1c0c
AE		 2425 handle = __le16_to_cpu(info->handle);
2426 count = __le16_to_cpu(info->count);
a9de9248
MH		 2427
2428 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2429 if (!conn)
2430 continue;
2431
2432 conn->sent -= count;
2433
2434 switch (conn->type) {
2435 case ACL_LINK:
2436 hdev->acl_cnt += count;
2437 if (hdev->acl_cnt > hdev->acl_pkts)
2438 hdev->acl_cnt = hdev->acl_pkts;
2439 break;
2440
2441 case LE_LINK:
2442 if (hdev->le_pkts) {
2443 hdev->le_cnt += count;
2444 if (hdev->le_cnt > hdev->le_pkts)
2445 hdev->le_cnt = hdev->le_pkts;
2446 } else {
70f23020
AE		 2447 hdev->acl_cnt += count;
2448 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2449 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2450 }
f4280918
AE		 2451 break;
2452
2453 case SCO_LINK:
2454 hdev->sco_cnt += count;
2455 if (hdev->sco_cnt > hdev->sco_pkts)
2456 hdev->sco_cnt = hdev->sco_pkts;
2457 break;
2458
2459 default:
2460 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2461 break;
a9de9248
MH		 2462 }
2463 }
2464
3eff45ea 2465 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2466}
2467
76ef7cf7
AE		 2468static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2469 __u16 handle)
2470{
2471 struct hci_chan *chan;
2472
2473 switch (hdev->dev_type) {
2474 case HCI_BREDR:
2475 return hci_conn_hash_lookup_handle(hdev, handle);
2476 case HCI_AMP:
2477 chan = hci_chan_lookup_handle(hdev, handle);
2478 if (chan)
2479 return chan->conn;
2480 break;
2481 default:
2482 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2483 break;
2484 }
2485
2486 return NULL;
2487}
2488
6039aa73 2489static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2490{
2491 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2492 int i;
2493
2494 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2495 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2496 return;
2497 }
2498
2499 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2500 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2501 BT_DBG("%s bad parameters", hdev->name);
2502 return;
2503 }
2504
2505 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2506 ev->num_hndl);
25e89e99
AE		 2507
2508 for (i = 0; i < ev->num_hndl; i++) {
2509 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2510 struct hci_conn *conn = NULL;
25e89e99
AE		 2511 __u16 handle, block_count;
2512
2513 handle = __le16_to_cpu(info->handle);
2514 block_count = __le16_to_cpu(info->blocks);
2515
76ef7cf7 2516 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2517 if (!conn)
2518 continue;
2519
2520 conn->sent -= block_count;
2521
2522 switch (conn->type) {
2523 case ACL_LINK:
bd1eb66b 2524 case AMP_LINK:
25e89e99
AE		 2525 hdev->block_cnt += block_count;
2526 if (hdev->block_cnt > hdev->num_blocks)
2527 hdev->block_cnt = hdev->num_blocks;
2528 break;
2529
2530 default:
2531 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2532 break;
2533 }
2534 }
2535
2536 queue_work(hdev->workqueue, &hdev->tx_work);
2537}
2538
6039aa73 2539static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2540{
a9de9248 2541 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2542 struct hci_conn *conn;
2543
9f1db00c 2544 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2545
2546 hci_dev_lock(hdev);
2547
2548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2549 if (conn) {
2550 conn->mode = ev->mode;
2551 conn->interval = __le16_to_cpu(ev->interval);
2552
8fc9ced3
GP		 2553 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2554 &conn->flags)) {
a9de9248 2555 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2556 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2557 else
58a681ef 2558 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2559 }
e73439d8 2560
51a8efd7 2561 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2562 hci_sco_setup(conn, ev->status);
04837f64
MH		 2563 }
2564
2565 hci_dev_unlock(hdev);
2566}
2567
6039aa73 2568static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2569{
052b30b0
MH		 2570 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2571 struct hci_conn *conn;
2572
a9de9248 2573 BT_DBG("%s", hdev->name);
052b30b0
MH		 2574
2575 hci_dev_lock(hdev);
2576
2577 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2578 if (!conn)
2579 goto unlock;
2580
2581 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2582 hci_conn_hold(conn);
2583 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 2584 hci_conn_drop(conn);
052b30b0
MH		 2585 }
2586
a8b2d5c2 2587 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2588 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2589 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2590 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2591 u8 secure;
2592
2593 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2594 secure = 1;
2595 else
2596 secure = 0;
2597
744cf19e 2598 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2599 }
980e1a53 2600
b6f98044 2601unlock:
052b30b0 2602 hci_dev_unlock(hdev);
a9de9248
MH		 2603}
2604
6039aa73 2605static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2606{
55ed8ca1
JH		 2607 struct hci_ev_link_key_req *ev = (void *) skb->data;
2608 struct hci_cp_link_key_reply cp;
2609 struct hci_conn *conn;
2610 struct link_key *key;
2611
a9de9248 2612 BT_DBG("%s", hdev->name);
55ed8ca1 2613
034cbea0 2614 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 2615 return;
2616
2617 hci_dev_lock(hdev);
2618
2619 key = hci_find_link_key(hdev, &ev->bdaddr);
2620 if (!key) {
6ed93dc6
AE		 2621 BT_DBG("%s link key not found for %pMR", hdev->name,
2622 &ev->bdaddr);
55ed8ca1
JH		 2623 goto not_found;
2624 }
2625
6ed93dc6
AE		 2626 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2627 &ev->bdaddr);
55ed8ca1 2628
a8b2d5c2 2629 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2630 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2631 BT_DBG("%s ignoring debug key", hdev->name);
2632 goto not_found;
2633 }
2634
2635 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2636 if (conn) {
2637 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2638 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2639 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2640 goto not_found;
2641 }
55ed8ca1 2642
60b83f57 2643 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2644 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2645 BT_DBG("%s ignoring key unauthenticated for high security",
2646 hdev->name);
60b83f57
WR		 2647 goto not_found;
2648 }
2649
2650 conn->key_type = key->type;
2651 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2652 }
2653
2654 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2655 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2656
2657 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2658
2659 hci_dev_unlock(hdev);
2660
2661 return;
2662
2663not_found:
2664 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2665 hci_dev_unlock(hdev);
a9de9248
MH		 2666}
2667
6039aa73 2668static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2669{
052b30b0
MH		 2670 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2671 struct hci_conn *conn;
55ed8ca1 2672 u8 pin_len = 0;
052b30b0 2673
a9de9248 2674 BT_DBG("%s", hdev->name);
052b30b0
MH		 2675
2676 hci_dev_lock(hdev);
2677
2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2679 if (conn) {
2680 hci_conn_hold(conn);
2681 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2682 pin_len = conn->pin_length;
13d39315
WR		 2683
2684 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2685 conn->key_type = ev->key_type;
2686
76a68ba0 2687 hci_conn_drop(conn);
052b30b0
MH		 2688 }
2689
034cbea0 2690 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 2691 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2692 ev->key_type, pin_len);
55ed8ca1 2693
052b30b0 2694 hci_dev_unlock(hdev);
a9de9248
MH		 2695}
2696
6039aa73 2697static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2698{
a9de9248 2699 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2700 struct hci_conn *conn;
1da177e4 2701
9f1db00c 2702 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2703
2704 hci_dev_lock(hdev);
2705
04837f64 2706 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2707 if (conn && !ev->status) {
2708 struct inquiry_entry *ie;
2709
cc11b9c1
AE		 2710 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2711 if (ie) {
1da177e4
LT		 2712 ie->data.clock_offset = ev->clock_offset;
2713 ie->timestamp = jiffies;
2714 }
2715 }
2716
2717 hci_dev_unlock(hdev);
2718}
2719
6039aa73 2720static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2721{
2722 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2723 struct hci_conn *conn;
2724
9f1db00c 2725 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2726
2727 hci_dev_lock(hdev);
2728
2729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2730 if (conn && !ev->status)
2731 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2732
2733 hci_dev_unlock(hdev);
2734}
2735
6039aa73 2736static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2737{
a9de9248 2738 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2739 struct inquiry_entry *ie;
2740
2741 BT_DBG("%s", hdev->name);
2742
2743 hci_dev_lock(hdev);
2744
cc11b9c1
AE		 2745 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2746 if (ie) {
85a1e930
MH		 2747 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2748 ie->timestamp = jiffies;
2749 }
2750
2751 hci_dev_unlock(hdev);
2752}
2753
6039aa73
GP		 2754static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2755 struct sk_buff *skb)
a9de9248
MH		 2756{
2757 struct inquiry_data data;
2758 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2759 bool name_known, ssp;
a9de9248
MH		 2760
2761 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2762
2763 if (!num_rsp)
2764 return;
2765
1519cc17
AG		 2766 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2767 return;
2768
a9de9248
MH		 2769 hci_dev_lock(hdev);
2770
2771 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2772 struct inquiry_info_with_rssi_and_pscan_mode *info;
2773 info = (void *) (skb->data + 1);
a9de9248 2774
e17acd40 2775 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2776 bacpy(&data.bdaddr, &info->bdaddr);
2777 data.pscan_rep_mode = info->pscan_rep_mode;
2778 data.pscan_period_mode = info->pscan_period_mode;
2779 data.pscan_mode = info->pscan_mode;
2780 memcpy(data.dev_class, info->dev_class, 3);
2781 data.clock_offset = info->clock_offset;
2782 data.rssi = info->rssi;
41a96212 2783 data.ssp_mode = 0x00;
3175405b
JH		 2784
2785 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2786 false, &ssp);
48264f06 2787 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2788 info->dev_class, info->rssi,
2789 !name_known, ssp, NULL, 0);
a9de9248
MH		 2790 }
2791 } else {
2792 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2793
e17acd40 2794 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2795 bacpy(&data.bdaddr, &info->bdaddr);
2796 data.pscan_rep_mode = info->pscan_rep_mode;
2797 data.pscan_period_mode = info->pscan_period_mode;
2798 data.pscan_mode = 0x00;
2799 memcpy(data.dev_class, info->dev_class, 3);
2800 data.clock_offset = info->clock_offset;
2801 data.rssi = info->rssi;
41a96212 2802 data.ssp_mode = 0x00;
3175405b 2803 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2804 false, &ssp);
48264f06 2805 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2806 info->dev_class, info->rssi,
2807 !name_known, ssp, NULL, 0);
a9de9248
MH		 2808 }
2809 }
2810
2811 hci_dev_unlock(hdev);
2812}
2813
6039aa73
GP		 2814static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2815 struct sk_buff *skb)
a9de9248 2816{
41a96212
MH		 2817 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2818 struct hci_conn *conn;
2819
a9de9248 2820 BT_DBG("%s", hdev->name);
41a96212 2821
41a96212
MH		 2822 hci_dev_lock(hdev);
2823
2824 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2825 if (!conn)
2826 goto unlock;
41a96212 2827
cad718ed
JH		 2828 if (ev->page < HCI_MAX_PAGES)
2829 memcpy(conn->features[ev->page], ev->features, 8);
2830
ccd556fe
JH		 2831 if (!ev->status && ev->page == 0x01) {
2832 struct inquiry_entry *ie;
41a96212 2833
cc11b9c1
AE		 2834 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2835 if (ie)
02b7cc62 2836 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2837
bbb0eada 2838 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 2839 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 2840 } else {
2841 /* It is mandatory by the Bluetooth specification that
2842 * Extended Inquiry Results are only used when Secure
2843 * Simple Pairing is enabled, but some devices violate
2844 * this.
2845 *
2846 * To make these devices work, the internal SSP
2847 * enabled flag needs to be cleared if the remote host
2848 * features do not indicate SSP support */
2849 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2850 }
ccd556fe
JH		 2851 }
2852
2853 if (conn->state != BT_CONFIG)
2854 goto unlock;
2855
671267bf 2856 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2857 struct hci_cp_remote_name_req cp;
2858 memset(&cp, 0, sizeof(cp));
2859 bacpy(&cp.bdaddr, &conn->dst);
2860 cp.pscan_rep_mode = 0x02;
2861 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2862 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2863 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2864 conn->dst_type, 0, NULL, 0,
2865 conn->dev_class);
392599b9 2866
127178d2 2867 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2868 conn->state = BT_CONNECTED;
2869 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2870 hci_conn_drop(conn);
41a96212
MH		 2871 }
2872
ccd556fe 2873unlock:
41a96212 2874 hci_dev_unlock(hdev);
a9de9248
MH		 2875}
2876
6039aa73
GP		 2877static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2878 struct sk_buff *skb)
a9de9248 2879{
b6a0dc82
MH		 2880 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2881 struct hci_conn *conn;
2882
9f1db00c 2883 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2884
2885 hci_dev_lock(hdev);
2886
2887 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2888 if (!conn) {
2889 if (ev->link_type == ESCO_LINK)
2890 goto unlock;
2891
2892 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2893 if (!conn)
2894 goto unlock;
2895
2896 conn->type = SCO_LINK;
2897 }
b6a0dc82 2898
732547f9
MH		 2899 switch (ev->status) {
2900 case 0x00:
b6a0dc82
MH		 2901 conn->handle = __le16_to_cpu(ev->handle);
2902 conn->state = BT_CONNECTED;
7d0db0a3
MH		 2903
2904 hci_conn_add_sysfs(conn);
732547f9
MH		 2905 break;
2906
705e5711 2907 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2908 case 0x1c: /* SCO interval rejected */
1038a00b 2909 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2910 case 0x1f: /* Unspecified error */
2911 if (conn->out && conn->attempt < 2) {
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK);
2914 hci_setup_sync(conn, conn->link->handle);
2915 goto unlock;
2916 }
2917 /* fall through */
2918
2919 default:
b6a0dc82 2920 conn->state = BT_CLOSED;
732547f9
MH		 2921 break;
2922 }
b6a0dc82
MH		 2923
2924 hci_proto_connect_cfm(conn, ev->status);
2925 if (ev->status)
2926 hci_conn_del(conn);
2927
2928unlock:
2929 hci_dev_unlock(hdev);
a9de9248
MH		 2930}
2931
6039aa73
GP		 2932static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2933 struct sk_buff *skb)
1da177e4 2934{
a9de9248
MH		 2935 struct inquiry_data data;
2936 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2937 int num_rsp = *((__u8 *) skb->data);
9d939d94 2938 size_t eir_len;
1da177e4 2939
a9de9248 2940 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2941
a9de9248
MH		 2942 if (!num_rsp)
2943 return;
1da177e4 2944
1519cc17
AG		 2945 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2946 return;
2947
a9de9248
MH		 2948 hci_dev_lock(hdev);
2949
e17acd40 2950 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2951 bool name_known, ssp;
561aafbc 2952
a9de9248 2953 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2954 data.pscan_rep_mode = info->pscan_rep_mode;
2955 data.pscan_period_mode = info->pscan_period_mode;
2956 data.pscan_mode = 0x00;
a9de9248 2957 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2958 data.clock_offset = info->clock_offset;
2959 data.rssi = info->rssi;
41a96212 2960 data.ssp_mode = 0x01;
561aafbc 2961
a8b2d5c2 2962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2963 name_known = eir_has_data_type(info->data,
04124681
GP		 2964 sizeof(info->data),
2965 EIR_NAME_COMPLETE);
561aafbc
JH		 2966 else
2967 name_known = true;
2968
388fc8fa 2969 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 2970 &ssp);
9d939d94 2971 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 2972 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 2973 info->dev_class, info->rssi, !name_known,
9d939d94 2974 ssp, info->data, eir_len);
a9de9248
MH		 2975 }
2976
2977 hci_dev_unlock(hdev);
2978}
1da177e4 2979
1c2e0041
JH		 2980static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2981 struct sk_buff *skb)
2982{
2983 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2985
9f1db00c 2986 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 2987 __le16_to_cpu(ev->handle));
2988
2989 hci_dev_lock(hdev);
2990
2991 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2992 if (!conn)
2993 goto unlock;
2994
2995 if (!ev->status)
2996 conn->sec_level = conn->pending_sec_level;
2997
2998 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2999
3000 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3001 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3002 hci_conn_drop(conn);
1c2e0041
JH		 3003 goto unlock;
3004 }
3005
3006 if (conn->state == BT_CONFIG) {
3007 if (!ev->status)
3008 conn->state = BT_CONNECTED;
3009
3010 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3011 hci_conn_drop(conn);
1c2e0041
JH		 3012 } else {
3013 hci_auth_cfm(conn, ev->status);
3014
3015 hci_conn_hold(conn);
3016 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3017 hci_conn_drop(conn);
1c2e0041
JH		 3018 }
3019
3020unlock:
3021 hci_dev_unlock(hdev);
3022}
3023
6039aa73 3024static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3025{
3026 /* If remote requests dedicated bonding follow that lead */
acabae96
MA		 3027 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3028 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
17fa4b9d
JH		 3029 /* If both remote and local IO capabilities allow MITM
3030 * protection then require it, otherwise don't */
acabae96
MA		 3031 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3032 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3033 return HCI_AT_DEDICATED_BONDING;
17fa4b9d 3034 else
acabae96 3035 return HCI_AT_DEDICATED_BONDING_MITM;
17fa4b9d
JH		 3036 }
3037
3038 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3039 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3040 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3041 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3042
3043 return conn->auth_type;
3044}
3045
6039aa73 3046static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3047{
3048 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3049 struct hci_conn *conn;
3050
3051 BT_DBG("%s", hdev->name);
3052
3053 hci_dev_lock(hdev);
3054
3055 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3056 if (!conn)
3057 goto unlock;
3058
3059 hci_conn_hold(conn);
3060
a8b2d5c2 3061 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3062 goto unlock;
3063
a8b2d5c2 3064 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3065 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3066 struct hci_cp_io_capability_reply cp;
3067
3068 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3069 /* Change the IO capability from KeyboardDisplay
3070 * to DisplayYesNo as it is not supported by BT spec. */
3071 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3072 HCI_IO_DISPLAY_YESNO : conn->io_capability;
7cbc9bd9
JH		 3073 conn->auth_type = hci_get_auth_req(conn);
3074 cp.authentication = conn->auth_type;
17fa4b9d 3075
8fc9ced3
GP		 3076 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3077 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3078 cp.oob_data = 0x01;
3079 else
3080 cp.oob_data = 0x00;
3081
17fa4b9d 3082 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3083 sizeof(cp), &cp);
03b555e1
JH		 3084 } else {
3085 struct hci_cp_io_capability_neg_reply cp;
3086
3087 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3088 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3089
03b555e1 3090 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3091 sizeof(cp), &cp);
03b555e1
JH		 3092 }
3093
3094unlock:
3095 hci_dev_unlock(hdev);
3096}
3097
6039aa73 3098static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3099{
3100 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3101 struct hci_conn *conn;
3102
3103 BT_DBG("%s", hdev->name);
3104
3105 hci_dev_lock(hdev);
3106
3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3108 if (!conn)
3109 goto unlock;
3110
03b555e1 3111 conn->remote_cap = ev->capability;
03b555e1 3112 conn->remote_auth = ev->authentication;
58a681ef
JH		 3113 if (ev->oob_data)
3114 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3115
3116unlock:
0493684e
MH		 3117 hci_dev_unlock(hdev);
3118}
3119
6039aa73
GP		 3120static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3121 struct sk_buff *skb)
a5c29683
JH		 3122{
3123 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3124 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3125 struct hci_conn *conn;
a5c29683
JH		 3126
3127 BT_DBG("%s", hdev->name);
3128
3129 hci_dev_lock(hdev);
3130
a8b2d5c2 3131 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3132 goto unlock;
a5c29683 3133
7a828908
JH		 3134 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3135 if (!conn)
3136 goto unlock;
3137
3138 loc_mitm = (conn->auth_type & 0x01);
3139 rem_mitm = (conn->remote_auth & 0x01);
3140
3141 /* If we require MITM but the remote device can't provide that
3142 * (it has NoInputNoOutput) then reject the confirmation
3143 * request. The only exception is when we're dedicated bonding
3144 * initiators (connect_cfm_cb set) since then we always have the MITM
3145 * bit set. */
a767631a
MA		 3146 if (!conn->connect_cfm_cb && loc_mitm &&
3147 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3148 BT_DBG("Rejecting request: remote device can't provide MITM");
3149 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3150 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3151 goto unlock;
3152 }
3153
3154 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3155 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3156 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3157
3158 /* If we're not the initiators request authorization to
3159 * proceed from user space (mgmt_user_confirm with
3160 * confirm_hint set to 1). */
51a8efd7 3161 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3162 BT_DBG("Confirming auto-accept as acceptor");
3163 confirm_hint = 1;
3164 goto confirm;
3165 }
3166
9f61656a 3167 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3168 hdev->auto_accept_delay);
9f61656a
JH		 3169
3170 if (hdev->auto_accept_delay > 0) {
3171 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3172 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3173 goto unlock;
3174 }
3175
7a828908 3176 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3177 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3178 goto unlock;
3179 }
3180
55bc1a37 3181confirm:
272d90df 3182 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3183 confirm_hint);
7a828908
JH		 3184
3185unlock:
a5c29683
JH		 3186 hci_dev_unlock(hdev);
3187}
3188
6039aa73
GP		 3189static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3190 struct sk_buff *skb)
1143d458
BG		 3191{
3192 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3193
3194 BT_DBG("%s", hdev->name);
3195
a8b2d5c2 3196 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3197 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3198}
3199
92a25256
JH		 3200static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3201 struct sk_buff *skb)
3202{
3203 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3204 struct hci_conn *conn;
3205
3206 BT_DBG("%s", hdev->name);
3207
3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3209 if (!conn)
3210 return;
3211
3212 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3213 conn->passkey_entered = 0;
3214
3215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3216 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3217 conn->dst_type, conn->passkey_notify,
3218 conn->passkey_entered);
3219}
3220
3221static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3222{
3223 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3224 struct hci_conn *conn;
3225
3226 BT_DBG("%s", hdev->name);
3227
3228 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3229 if (!conn)
3230 return;
3231
3232 switch (ev->type) {
3233 case HCI_KEYPRESS_STARTED:
3234 conn->passkey_entered = 0;
3235 return;
3236
3237 case HCI_KEYPRESS_ENTERED:
3238 conn->passkey_entered++;
3239 break;
3240
3241 case HCI_KEYPRESS_ERASED:
3242 conn->passkey_entered--;
3243 break;
3244
3245 case HCI_KEYPRESS_CLEARED:
3246 conn->passkey_entered = 0;
3247 break;
3248
3249 case HCI_KEYPRESS_COMPLETED:
3250 return;
3251 }
3252
3253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3254 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3255 conn->dst_type, conn->passkey_notify,
3256 conn->passkey_entered);
3257}
3258
6039aa73
GP		 3259static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3260 struct sk_buff *skb)
0493684e
MH		 3261{
3262 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3263 struct hci_conn *conn;
3264
3265 BT_DBG("%s", hdev->name);
3266
3267 hci_dev_lock(hdev);
3268
3269 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3270 if (!conn)
3271 goto unlock;
3272
3273 /* To avoid duplicate auth_failed events to user space we check
3274 * the HCI_CONN_AUTH_PEND flag which will be set if we
3275 * initiated the authentication. A traditional auth_complete
3276 * event gets always produced as initiator and is also mapped to
3277 * the mgmt_auth_failed event */
fa1bd918 3278 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3279 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3280 ev->status);
0493684e 3281
76a68ba0 3282 hci_conn_drop(conn);
2a611692
JH		 3283
3284unlock:
0493684e
MH		 3285 hci_dev_unlock(hdev);
3286}
3287
6039aa73
GP		 3288static void hci_remote_host_features_evt(struct hci_dev *hdev,
3289 struct sk_buff *skb)
41a96212
MH		 3290{
3291 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3292 struct inquiry_entry *ie;
cad718ed 3293 struct hci_conn *conn;
41a96212
MH		 3294
3295 BT_DBG("%s", hdev->name);
3296
3297 hci_dev_lock(hdev);
3298
cad718ed
JH		 3299 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3300 if (conn)
3301 memcpy(conn->features[1], ev->features, 8);
3302
cc11b9c1
AE		 3303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3304 if (ie)
02b7cc62 3305 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3306
3307 hci_dev_unlock(hdev);
3308}
3309
6039aa73
GP		 3310static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3311 struct sk_buff *skb)
2763eda6
SJ		 3312{
3313 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3314 struct oob_data *data;
3315
3316 BT_DBG("%s", hdev->name);
3317
3318 hci_dev_lock(hdev);
3319
a8b2d5c2 3320 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3321 goto unlock;
3322
2763eda6
SJ		 3323 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3324 if (data) {
3325 struct hci_cp_remote_oob_data_reply cp;
3326
3327 bacpy(&cp.bdaddr, &ev->bdaddr);
3328 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3329 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3330
3331 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3332 &cp);
2763eda6
SJ		 3333 } else {
3334 struct hci_cp_remote_oob_data_neg_reply cp;
3335
3336 bacpy(&cp.bdaddr, &ev->bdaddr);
3337 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3338 &cp);
2763eda6
SJ		 3339 }
3340
e1ba1f15 3341unlock:
2763eda6
SJ		 3342 hci_dev_unlock(hdev);
3343}
3344
d5e91192
AE		 3345static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3346 struct sk_buff *skb)
3347{
3348 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3349 struct hci_conn *hcon, *bredr_hcon;
3350
3351 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3352 ev->status);
3353
3354 hci_dev_lock(hdev);
3355
3356 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3357 if (!hcon) {
3358 hci_dev_unlock(hdev);
3359 return;
3360 }
3361
3362 if (ev->status) {
3363 hci_conn_del(hcon);
3364 hci_dev_unlock(hdev);
3365 return;
3366 }
3367
3368 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3369
3370 hcon->state = BT_CONNECTED;
3371 bacpy(&hcon->dst, &bredr_hcon->dst);
3372
3373 hci_conn_hold(hcon);
3374 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3375 hci_conn_drop(hcon);
d5e91192 3376
d5e91192
AE		 3377 hci_conn_add_sysfs(hcon);
3378
cf70ff22 3379 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3380
cf70ff22 3381 hci_dev_unlock(hdev);
d5e91192
AE		 3382}
3383
27695fb4
AE		 3384static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3385{
3386 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3387 struct hci_conn *hcon;
3388 struct hci_chan *hchan;
3389 struct amp_mgr *mgr;
3390
3391 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3392 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3393 ev->status);
3394
3395 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3396 if (!hcon)
3397 return;
3398
3399 /* Create AMP hchan */
3400 hchan = hci_chan_create(hcon);
3401 if (!hchan)
3402 return;
3403
3404 hchan->handle = le16_to_cpu(ev->handle);
3405
3406 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3407
3408 mgr = hcon->amp_mgr;
3409 if (mgr && mgr->bredr_chan) {
3410 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3411
3412 l2cap_chan_lock(bredr_chan);
3413
3414 bredr_chan->conn->mtu = hdev->block_mtu;
3415 l2cap_logical_cfm(bredr_chan, hchan, 0);
3416 hci_conn_hold(hcon);
3417
3418 l2cap_chan_unlock(bredr_chan);
3419 }
3420}
3421
606e2a10
AE		 3422static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3423 struct sk_buff *skb)
3424{
3425 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3426 struct hci_chan *hchan;
3427
3428 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3429 le16_to_cpu(ev->handle), ev->status);
3430
3431 if (ev->status)
3432 return;
3433
3434 hci_dev_lock(hdev);
3435
3436 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3437 if (!hchan)
3438 goto unlock;
3439
3440 amp_destroy_logical_link(hchan, ev->reason);
3441
3442unlock:
3443 hci_dev_unlock(hdev);
3444}
3445
9eef6b3a
AE		 3446static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3447 struct sk_buff *skb)
3448{
3449 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3450 struct hci_conn *hcon;
3451
3452 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3453
3454 if (ev->status)
3455 return;
3456
3457 hci_dev_lock(hdev);
3458
3459 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3460 if (hcon) {
3461 hcon->state = BT_CLOSED;
3462 hci_conn_del(hcon);
3463 }
3464
3465 hci_dev_unlock(hdev);
3466}
3467
6039aa73 3468static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3469{
3470 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3471 struct hci_conn *conn;
3472
9f1db00c 3473 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3474
3475 hci_dev_lock(hdev);
3476
b47a09b3 3477 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3478 if (!conn) {
3479 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3480 if (!conn) {
3481 BT_ERR("No memory for new connection");
230fd16a 3482 goto unlock;
b62f328b 3483 }
29b7988a
AG		 3484
3485 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3486
3487 if (ev->role == LE_CONN_ROLE_MASTER) {
3488 conn->out = true;
3489 conn->link_mode |= HCI_LM_MASTER;
3490 }
b62f328b 3491 }
fcd89c09 3492
cd17decb
AG		 3493 if (ev->status) {
3494 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3495 conn->dst_type, ev->status);
3496 hci_proto_connect_cfm(conn, ev->status);
3497 conn->state = BT_CLOSED;
3498 hci_conn_del(conn);
3499 goto unlock;
3500 }
3501
b644ba33
JH		 3502 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3503 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3504 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3505
7b5c0d52 3506 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3507 conn->handle = __le16_to_cpu(ev->handle);
3508 conn->state = BT_CONNECTED;
3509
fcd89c09
VT		 3510 hci_conn_add_sysfs(conn);
3511
3512 hci_proto_connect_cfm(conn, ev->status);
3513
3514unlock:
3515 hci_dev_unlock(hdev);
3516}
3517
6039aa73 3518static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3519{
e95beb41
AG		 3520 u8 num_reports = skb->data[0];
3521 void *ptr = &skb->data[1];
3c9e9195 3522 s8 rssi;
9aa04c91 3523
e95beb41
AG		 3524 while (num_reports--) {
3525 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3526
3c9e9195
AG		 3527 rssi = ev->data[ev->length];
3528 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3529 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3530
e95beb41 3531 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3532 }
9aa04c91
AG		 3533}
3534
6039aa73 3535static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3536{
3537 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3538 struct hci_cp_le_ltk_reply cp;
bea710fe 3539 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3540 struct hci_conn *conn;
c9839a11 3541 struct smp_ltk *ltk;
a7a595f6 3542
9f1db00c 3543 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3544
3545 hci_dev_lock(hdev);
3546
3547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3548 if (conn == NULL)
3549 goto not_found;
a7a595f6 3550
bea710fe
VCG		 3551 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3552 if (ltk == NULL)
3553 goto not_found;
3554
3555 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3556 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3557
3558 if (ltk->authenticated)
3559 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3560
3561 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3562
c9839a11
VCG		 3563 if (ltk->type & HCI_SMP_STK) {
3564 list_del(&ltk->list);
3565 kfree(ltk);
3566 }
3567
a7a595f6 3568 hci_dev_unlock(hdev);
bea710fe
VCG		 3569
3570 return;
3571
3572not_found:
3573 neg.handle = ev->handle;
3574 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3575 hci_dev_unlock(hdev);
a7a595f6
VCG		 3576}
3577
6039aa73 3578static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3579{
3580 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3581
3582 skb_pull(skb, sizeof(*le_ev));
3583
3584 switch (le_ev->subevent) {
3585 case HCI_EV_LE_CONN_COMPLETE:
3586 hci_le_conn_complete_evt(hdev, skb);
3587 break;
3588
9aa04c91
AG		 3589 case HCI_EV_LE_ADVERTISING_REPORT:
3590 hci_le_adv_report_evt(hdev, skb);
3591 break;
3592
a7a595f6
VCG		 3593 case HCI_EV_LE_LTK_REQ:
3594 hci_le_ltk_request_evt(hdev, skb);
3595 break;
3596
fcd89c09
VT		 3597 default:
3598 break;
3599 }
3600}
3601
9495b2ee
AE		 3602static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3603{
3604 struct hci_ev_channel_selected *ev = (void *) skb->data;
3605 struct hci_conn *hcon;
3606
3607 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3608
3609 skb_pull(skb, sizeof(*ev));
3610
3611 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3612 if (!hcon)
3613 return;
3614
3615 amp_read_loc_assoc_final_data(hdev, hcon);
3616}
3617
a9de9248
MH		 3618void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3619{
3620 struct hci_event_hdr *hdr = (void *) skb->data;
3621 __u8 event = hdr->evt;
3622
b6ddb638
JH		 3623 hci_dev_lock(hdev);
3624
3625 /* Received events are (currently) only needed when a request is
3626 * ongoing so avoid unnecessary memory allocation.
3627 */
3628 if (hdev->req_status == HCI_REQ_PEND) {
3629 kfree_skb(hdev->recv_evt);
3630 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3631 }
3632
3633 hci_dev_unlock(hdev);
3634
a9de9248
MH		 3635 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3636
02350a72
JH		 3637 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3638 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3639 u16 opcode = __le16_to_cpu(hdr->opcode);
3640
3641 hci_req_cmd_complete(hdev, opcode, 0);
3642 }
3643
a9de9248 3644 switch (event) {
1da177e4
LT		 3645 case HCI_EV_INQUIRY_COMPLETE:
3646 hci_inquiry_complete_evt(hdev, skb);
3647 break;
3648
3649 case HCI_EV_INQUIRY_RESULT:
3650 hci_inquiry_result_evt(hdev, skb);
3651 break;
3652
a9de9248
MH		 3653 case HCI_EV_CONN_COMPLETE:
3654 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3655 break;
3656
1da177e4
LT		 3657 case HCI_EV_CONN_REQUEST:
3658 hci_conn_request_evt(hdev, skb);
3659 break;
3660
1da177e4
LT		 3661 case HCI_EV_DISCONN_COMPLETE:
3662 hci_disconn_complete_evt(hdev, skb);
3663 break;
3664
1da177e4
LT		 3665 case HCI_EV_AUTH_COMPLETE:
3666 hci_auth_complete_evt(hdev, skb);
3667 break;
3668
a9de9248
MH		 3669 case HCI_EV_REMOTE_NAME:
3670 hci_remote_name_evt(hdev, skb);
3671 break;
3672
1da177e4
LT		 3673 case HCI_EV_ENCRYPT_CHANGE:
3674 hci_encrypt_change_evt(hdev, skb);
3675 break;
3676
a9de9248
MH		 3677 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3678 hci_change_link_key_complete_evt(hdev, skb);
3679 break;
3680
3681 case HCI_EV_REMOTE_FEATURES:
3682 hci_remote_features_evt(hdev, skb);
3683 break;
3684
a9de9248
MH		 3685 case HCI_EV_CMD_COMPLETE:
3686 hci_cmd_complete_evt(hdev, skb);
3687 break;
3688
3689 case HCI_EV_CMD_STATUS:
3690 hci_cmd_status_evt(hdev, skb);
3691 break;
3692
3693 case HCI_EV_ROLE_CHANGE:
3694 hci_role_change_evt(hdev, skb);
3695 break;
3696
3697 case HCI_EV_NUM_COMP_PKTS:
3698 hci_num_comp_pkts_evt(hdev, skb);
3699 break;
3700
3701 case HCI_EV_MODE_CHANGE:
3702 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3703 break;
3704
3705 case HCI_EV_PIN_CODE_REQ:
3706 hci_pin_code_request_evt(hdev, skb);
3707 break;
3708
3709 case HCI_EV_LINK_KEY_REQ:
3710 hci_link_key_request_evt(hdev, skb);
3711 break;
3712
3713 case HCI_EV_LINK_KEY_NOTIFY:
3714 hci_link_key_notify_evt(hdev, skb);
3715 break;
3716
3717 case HCI_EV_CLOCK_OFFSET:
3718 hci_clock_offset_evt(hdev, skb);
3719 break;
3720
a8746417
MH		 3721 case HCI_EV_PKT_TYPE_CHANGE:
3722 hci_pkt_type_change_evt(hdev, skb);
3723 break;
3724
85a1e930
MH		 3725 case HCI_EV_PSCAN_REP_MODE:
3726 hci_pscan_rep_mode_evt(hdev, skb);
3727 break;
3728
a9de9248
MH		 3729 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3730 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3731 break;
3732
a9de9248
MH		 3733 case HCI_EV_REMOTE_EXT_FEATURES:
3734 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3735 break;
3736
a9de9248
MH		 3737 case HCI_EV_SYNC_CONN_COMPLETE:
3738 hci_sync_conn_complete_evt(hdev, skb);
3739 break;
1da177e4 3740
a9de9248
MH		 3741 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3742 hci_extended_inquiry_result_evt(hdev, skb);
3743 break;
1da177e4 3744
1c2e0041
JH		 3745 case HCI_EV_KEY_REFRESH_COMPLETE:
3746 hci_key_refresh_complete_evt(hdev, skb);
3747 break;
3748
0493684e
MH		 3749 case HCI_EV_IO_CAPA_REQUEST:
3750 hci_io_capa_request_evt(hdev, skb);
3751 break;
3752
03b555e1
JH		 3753 case HCI_EV_IO_CAPA_REPLY:
3754 hci_io_capa_reply_evt(hdev, skb);
3755 break;
3756
a5c29683
JH		 3757 case HCI_EV_USER_CONFIRM_REQUEST:
3758 hci_user_confirm_request_evt(hdev, skb);
3759 break;
3760
1143d458
BG		 3761 case HCI_EV_USER_PASSKEY_REQUEST:
3762 hci_user_passkey_request_evt(hdev, skb);
3763 break;
3764
92a25256
JH		 3765 case HCI_EV_USER_PASSKEY_NOTIFY:
3766 hci_user_passkey_notify_evt(hdev, skb);
3767 break;
3768
3769 case HCI_EV_KEYPRESS_NOTIFY:
3770 hci_keypress_notify_evt(hdev, skb);
3771 break;
3772
0493684e
MH		 3773 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3774 hci_simple_pair_complete_evt(hdev, skb);
3775 break;
3776
41a96212
MH		 3777 case HCI_EV_REMOTE_HOST_FEATURES:
3778 hci_remote_host_features_evt(hdev, skb);
3779 break;
3780
fcd89c09
VT		 3781 case HCI_EV_LE_META:
3782 hci_le_meta_evt(hdev, skb);
3783 break;
3784
9495b2ee
AE		 3785 case HCI_EV_CHANNEL_SELECTED:
3786 hci_chan_selected_evt(hdev, skb);
3787 break;
3788
2763eda6
SJ		 3789 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3790 hci_remote_oob_data_request_evt(hdev, skb);
3791 break;
3792
d5e91192
AE		 3793 case HCI_EV_PHY_LINK_COMPLETE:
3794 hci_phy_link_complete_evt(hdev, skb);
3795 break;
3796
27695fb4
AE		 3797 case HCI_EV_LOGICAL_LINK_COMPLETE:
3798 hci_loglink_complete_evt(hdev, skb);
3799 break;
3800
606e2a10
AE		 3801 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3802 hci_disconn_loglink_complete_evt(hdev, skb);
3803 break;
3804
9eef6b3a
AE		 3805 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3806 hci_disconn_phylink_complete_evt(hdev, skb);
3807 break;
3808
25e89e99
AE		 3809 case HCI_EV_NUM_COMP_BLOCKS:
3810 hci_num_comp_blocks_evt(hdev, skb);
3811 break;
3812
a9de9248 3813 default:
9f1db00c 3814 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3815 break;
3816 }
3817
3818 kfree_skb(skb);
3819 hdev->stat.evt_rx++;
3820}
Linux kernel - Deliverables
This page took 0.921409 seconds and 5 git commands to generate.