projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix coding style in the subsystem
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
4d93483b
AG		 72static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
75
76 BT_DBG("%s status 0x%x", hdev->name, status);
ae854a70
AG		 77
78 if (status)
79 return;
80
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 82}
83
a9de9248
MH		 84static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
85{
86 __u8 status = *((__u8 *) skb->data);
6bd57416 87
a9de9248 88 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 89
a9de9248
MH		 90 if (status)
91 return;
1da177e4 92
ae854a70
AG		 93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
94
a9de9248
MH		 95 hci_conn_check_pending(hdev);
96}
97
807deac2
GP		 98static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
99 struct sk_buff *skb)
a9de9248
MH		 100{
101 BT_DBG("%s", hdev->name);
102}
103
104static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
105{
106 struct hci_rp_role_discovery *rp = (void *) skb->data;
107 struct hci_conn *conn;
108
109 BT_DBG("%s status 0x%x", hdev->name, rp->status);
110
111 if (rp->status)
112 return;
113
114 hci_dev_lock(hdev);
115
116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
117 if (conn) {
118 if (rp->role)
119 conn->link_mode &= ~HCI_LM_MASTER;
120 else
121 conn->link_mode |= HCI_LM_MASTER;
1da177e4 122 }
a9de9248
MH		 123
124 hci_dev_unlock(hdev);
1da177e4
LT		 125}
126
e4e8e37c
MH		 127static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128{
129 struct hci_rp_read_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
131
132 BT_DBG("%s status 0x%x", hdev->name, rp->status);
133
134 if (rp->status)
135 return;
136
137 hci_dev_lock(hdev);
138
139 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
140 if (conn)
141 conn->link_policy = __le16_to_cpu(rp->policy);
142
143 hci_dev_unlock(hdev);
144}
145
a9de9248 146static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 147{
a9de9248 148 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 149 struct hci_conn *conn;
04837f64 150 void *sent;
1da177e4 151
a9de9248 152 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 153
a9de9248
MH		 154 if (rp->status)
155 return;
1da177e4 156
a9de9248
MH		 157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
158 if (!sent)
159 return;
1da177e4 160
a9de9248 161 hci_dev_lock(hdev);
1da177e4 162
a9de9248 163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 164 if (conn)
83985319 165 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 166
a9de9248
MH		 167 hci_dev_unlock(hdev);
168}
1da177e4 169
807deac2
GP		 170static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
171 struct sk_buff *skb)
e4e8e37c
MH		 172{
173 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
174
175 BT_DBG("%s status 0x%x", hdev->name, rp->status);
176
177 if (rp->status)
178 return;
179
180 hdev->link_policy = __le16_to_cpu(rp->policy);
181}
182
807deac2
GP		 183static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
184 struct sk_buff *skb)
e4e8e37c
MH		 185{
186 __u8 status = *((__u8 *) skb->data);
187 void *sent;
188
189 BT_DBG("%s status 0x%x", hdev->name, status);
190
191 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
192 if (!sent)
193 return;
194
195 if (!status)
196 hdev->link_policy = get_unaligned_le16(sent);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 199}
200
a9de9248
MH		 201static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
04837f64 204
a9de9248 205 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 206
10572132
GP		 207 clear_bit(HCI_RESET, &hdev->flags);
208
23bb5763 209 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 210
a297e97c 211 /* Reset all non-persistent flags */
ae854a70
AG		 212 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
213 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 214
215 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 216}
04837f64 217
a9de9248
MH		 218static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
219{
220 __u8 status = *((__u8 *) skb->data);
221 void *sent;
04837f64 222
a9de9248 223 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 224
a9de9248
MH		 225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
226 if (!sent)
227 return;
04837f64 228
56e5cb86
JH		 229 hci_dev_lock(hdev);
230
f51d5b24
JH		 231 if (test_bit(HCI_MGMT, &hdev->dev_flags))
232 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 233 else if (!status)
234 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 235
56e5cb86 236 hci_dev_unlock(hdev);
3159d384
JH		 237
238 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 239}
240
241static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 struct hci_rp_read_local_name *rp = (void *) skb->data;
244
245 BT_DBG("%s status 0x%x", hdev->name, rp->status);
246
247 if (rp->status)
248 return;
249
db99b5fc
JH		 250 if (test_bit(HCI_SETUP, &hdev->dev_flags))
251 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 252}
253
254static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
255{
256 __u8 status = *((__u8 *) skb->data);
257 void *sent;
258
259 BT_DBG("%s status 0x%x", hdev->name, status);
260
261 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
262 if (!sent)
263 return;
264
265 if (!status) {
266 __u8 param = *((__u8 *) sent);
267
268 if (param == AUTH_ENABLED)
269 set_bit(HCI_AUTH, &hdev->flags);
270 else
271 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 272 }
a9de9248 273
33ef95ed
JH		 274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
275 mgmt_auth_enable_complete(hdev, status);
276
23bb5763 277 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 278}
279
a9de9248 280static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 281{
a9de9248 282 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 283 void *sent;
284
a9de9248 285 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 286
a9de9248
MH		 287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
288 if (!sent)
289 return;
1da177e4 290
a9de9248
MH		 291 if (!status) {
292 __u8 param = *((__u8 *) sent);
293
294 if (param)
295 set_bit(HCI_ENCRYPT, &hdev->flags);
296 else
297 clear_bit(HCI_ENCRYPT, &hdev->flags);
298 }
1da177e4 299
23bb5763 300 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 301}
1da177e4 302
a9de9248
MH		 303static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
304{
36f7fc7e
JH		 305 __u8 param, status = *((__u8 *) skb->data);
306 int old_pscan, old_iscan;
a9de9248 307 void *sent;
1da177e4 308
a9de9248 309 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 310
a9de9248
MH		 311 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
312 if (!sent)
313 return;
1da177e4 314
36f7fc7e
JH		 315 param = *((__u8 *) sent);
316
56e5cb86
JH		 317 hci_dev_lock(hdev);
318
2d7cee58 319 if (status != 0) {
744cf19e 320 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 321 hdev->discov_timeout = 0;
322 goto done;
323 }
324
36f7fc7e
JH		 325 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
326 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
327
328 if (param & SCAN_INQUIRY) {
329 set_bit(HCI_ISCAN, &hdev->flags);
330 if (!old_iscan)
744cf19e 331 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 332 if (hdev->discov_timeout > 0) {
333 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
334 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 335 to);
16ab91ab 336 }
36f7fc7e 337 } else if (old_iscan)
744cf19e 338 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 339
340 if (param & SCAN_PAGE) {
341 set_bit(HCI_PSCAN, &hdev->flags);
342 if (!old_pscan)
744cf19e 343 mgmt_connectable(hdev, 1);
36f7fc7e 344 } else if (old_pscan)
744cf19e 345 mgmt_connectable(hdev, 0);
1da177e4 346
36f7fc7e 347done:
56e5cb86 348 hci_dev_unlock(hdev);
23bb5763 349 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 350}
1da177e4 351
a9de9248
MH		 352static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
353{
354 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 355
a9de9248 356 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 357
a9de9248
MH		 358 if (rp->status)
359 return;
1da177e4 360
a9de9248 361 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 362
a9de9248 363 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 364 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 365}
1da177e4 366
a9de9248
MH		 367static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
368{
369 __u8 status = *((__u8 *) skb->data);
370 void *sent;
1da177e4 371
a9de9248 372 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 373
a9de9248
MH		 374 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
375 if (!sent)
376 return;
1da177e4 377
7f9a903c
MH		 378 hci_dev_lock(hdev);
379
380 if (status == 0)
381 memcpy(hdev->dev_class, sent, 3);
382
383 if (test_bit(HCI_MGMT, &hdev->dev_flags))
384 mgmt_set_class_of_dev_complete(hdev, sent, status);
385
386 hci_dev_unlock(hdev);
a9de9248 387}
1da177e4 388
a9de9248
MH		 389static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
390{
391 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
392 __u16 setting;
393
394 BT_DBG("%s status 0x%x", hdev->name, rp->status);
395
396 if (rp->status)
397 return;
398
399 setting = __le16_to_cpu(rp->voice_setting);
400
f383f275 401 if (hdev->voice_setting == setting)
a9de9248
MH		 402 return;
403
404 hdev->voice_setting = setting;
405
406 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
407
3c54711c 408 if (hdev->notify)
a9de9248 409 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 410}
411
8fc9ced3
GP		 412static void hci_cc_write_voice_setting(struct hci_dev *hdev,
413 struct sk_buff *skb)
a9de9248
MH		 414{
415 __u8 status = *((__u8 *) skb->data);
f383f275 416 __u16 setting;
a9de9248
MH		 417 void *sent;
418
419 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 420
f383f275
MH		 421 if (status)
422 return;
423
a9de9248
MH		 424 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
425 if (!sent)
426 return;
1da177e4 427
f383f275 428 setting = get_unaligned_le16(sent);
1da177e4 429
f383f275
MH		 430 if (hdev->voice_setting == setting)
431 return;
432
433 hdev->voice_setting = setting;
1da177e4 434
f383f275 435 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 436
3c54711c 437 if (hdev->notify)
f383f275 438 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 439}
440
a9de9248 441static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 442{
a9de9248 443 __u8 status = *((__u8 *) skb->data);
1da177e4 444
a9de9248 445 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 446
23bb5763 447 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 448}
1143e5a6 449
333140b5
MH		 450static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
451{
452 __u8 status = *((__u8 *) skb->data);
453 void *sent;
454
455 BT_DBG("%s status 0x%x", hdev->name, status);
456
333140b5
MH		 457 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
458 if (!sent)
459 return;
460
ed2c4ee3 461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 462 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
463 else if (!status) {
464 if (*((u8 *) sent))
465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 else
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
468 }
333140b5
MH		 469}
470
d5859e22
JH		 471static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
472{
473 if (hdev->features[6] & LMP_EXT_INQ)
474 return 2;
475
476 if (hdev->features[3] & LMP_RSSI_INQ)
477 return 1;
478
479 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 480 hdev->lmp_subver == 0x0757)
d5859e22
JH		 481 return 1;
482
483 if (hdev->manufacturer == 15) {
484 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
485 return 1;
486 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
487 return 1;
488 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
489 return 1;
490 }
491
492 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 493 hdev->lmp_subver == 0x1805)
d5859e22
JH		 494 return 1;
495
496 return 0;
497}
498
499static void hci_setup_inquiry_mode(struct hci_dev *hdev)
500{
501 u8 mode;
502
503 mode = hci_get_inquiry_mode(hdev);
504
505 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
506}
507
508static void hci_setup_event_mask(struct hci_dev *hdev)
509{
510 /* The second byte is 0xff instead of 0x9f (two reserved bits
511 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
512 * command otherwise */
513 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
514
6de6c18d
VT		 515 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
516 * any event mask for pre 1.2 devices */
5a13b095 517 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 518 return;
519
520 events[4] |= 0x01; /* Flow Specification Complete */
521 events[4] |= 0x02; /* Inquiry Result with RSSI */
522 events[4] |= 0x04; /* Read Remote Extended Features Complete */
523 events[5] |= 0x08; /* Synchronous Connection Complete */
524 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 525
526 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 527 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22
JH		 528
529 if (hdev->features[5] & LMP_SNIFF_SUBR)
530 events[5] |= 0x20; /* Sniff Subrating */
531
532 if (hdev->features[5] & LMP_PAUSE_ENC)
533 events[5] |= 0x80; /* Encryption Key Refresh Complete */
534
535 if (hdev->features[6] & LMP_EXT_INQ)
536 events[5] |= 0x40; /* Extended Inquiry Result */
537
538 if (hdev->features[6] & LMP_NO_FLUSH)
539 events[7] |= 0x01; /* Enhanced Flush Complete */
540
541 if (hdev->features[7] & LMP_LSTO)
542 events[6] |= 0x80; /* Link Supervision Timeout Changed */
543
544 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
545 events[6] |= 0x01; /* IO Capability Request */
546 events[6] |= 0x02; /* IO Capability Response */
547 events[6] |= 0x04; /* User Confirmation Request */
548 events[6] |= 0x08; /* User Passkey Request */
549 events[6] |= 0x10; /* Remote OOB Data Request */
550 events[6] |= 0x20; /* Simple Pairing Complete */
551 events[7] |= 0x04; /* User Passkey Notification */
552 events[7] |= 0x08; /* Keypress Notification */
553 events[7] |= 0x10; /* Remote Host Supported
554 * Features Notification */
555 }
556
557 if (hdev->features[4] & LMP_LE)
558 events[7] |= 0x20; /* LE Meta-Event */
559
560 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
561}
562
563static void hci_setup(struct hci_dev *hdev)
564{
e61ef499
AE		 565 if (hdev->dev_type != HCI_BREDR)
566 return;
567
d5859e22
JH		 568 hci_setup_event_mask(hdev);
569
d095c1eb 570 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 571 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
572
54d04dbb
JH		 573 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
574 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
575 u8 mode = 0x01;
576 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 577 sizeof(mode), &mode);
54d04dbb
JH		 578 } else {
579 struct hci_cp_write_eir cp;
580
581 memset(hdev->eir, 0, sizeof(hdev->eir));
582 memset(&cp, 0, sizeof(cp));
583
584 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
585 }
d5859e22
JH		 586 }
587
588 if (hdev->features[3] & LMP_RSSI_INQ)
589 hci_setup_inquiry_mode(hdev);
590
591 if (hdev->features[7] & LMP_INQ_TX_PWR)
592 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 593
594 if (hdev->features[7] & LMP_EXTFEATURES) {
595 struct hci_cp_read_local_ext_features cp;
596
597 cp.page = 0x01;
04124681
GP		 598 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
599 &cp);
971e3a4b 600 }
e6100a25 601
47990ea0
JH		 602 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
603 u8 enable = 1;
04124681
GP		 604 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
605 &enable);
47990ea0 606 }
d5859e22
JH		 607}
608
a9de9248
MH		 609static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
610{
611 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 612
a9de9248 613 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 614
a9de9248 615 if (rp->status)
28b8df77 616 goto done;
1143e5a6 617
a9de9248 618 hdev->hci_ver = rp->hci_ver;
e4e8e37c 619 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 620 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 621 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 622 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 623
a9de9248 624 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
807deac2 625 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 626
627 if (test_bit(HCI_INIT, &hdev->flags))
628 hci_setup(hdev);
28b8df77
AE		 629
630done:
631 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 632}
633
634static void hci_setup_link_policy(struct hci_dev *hdev)
635{
035100c8 636 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 637 u16 link_policy = 0;
638
639 if (hdev->features[0] & LMP_RSWITCH)
640 link_policy |= HCI_LP_RSWITCH;
641 if (hdev->features[0] & LMP_HOLD)
642 link_policy |= HCI_LP_HOLD;
643 if (hdev->features[0] & LMP_SNIFF)
644 link_policy |= HCI_LP_SNIFF;
645 if (hdev->features[1] & LMP_PARK)
646 link_policy |= HCI_LP_PARK;
647
035100c8
AE		 648 cp.policy = cpu_to_le16(link_policy);
649 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 650}
1da177e4 651
8fc9ced3
GP		 652static void hci_cc_read_local_commands(struct hci_dev *hdev,
653 struct sk_buff *skb)
a9de9248
MH		 654{
655 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 656
a9de9248 657 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 658
a9de9248 659 if (rp->status)
d5859e22 660 goto done;
1da177e4 661
a9de9248 662 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 663
664 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
665 hci_setup_link_policy(hdev);
666
667done:
668 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 669}
1da177e4 670
8fc9ced3
GP		 671static void hci_cc_read_local_features(struct hci_dev *hdev,
672 struct sk_buff *skb)
a9de9248
MH		 673{
674 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 675
a9de9248 676 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 677
a9de9248
MH		 678 if (rp->status)
679 return;
5b7f9909 680
a9de9248 681 memcpy(hdev->features, rp->features, 8);
5b7f9909 682
a9de9248
MH		 683 /* Adjust default settings according to features
684 * supported by device. */
1da177e4 685
a9de9248
MH		 686 if (hdev->features[0] & LMP_3SLOT)
687 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 688
a9de9248
MH		 689 if (hdev->features[0] & LMP_5SLOT)
690 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 691
a9de9248
MH		 692 if (hdev->features[1] & LMP_HV2) {
693 hdev->pkt_type |= (HCI_HV2);
694 hdev->esco_type |= (ESCO_HV2);
695 }
1da177e4 696
a9de9248
MH		 697 if (hdev->features[1] & LMP_HV3) {
698 hdev->pkt_type |= (HCI_HV3);
699 hdev->esco_type |= (ESCO_HV3);
700 }
1da177e4 701
a9de9248
MH		 702 if (hdev->features[3] & LMP_ESCO)
703 hdev->esco_type |= (ESCO_EV3);
da1f5198 704
a9de9248
MH		 705 if (hdev->features[4] & LMP_EV4)
706 hdev->esco_type |= (ESCO_EV4);
da1f5198 707
a9de9248
MH		 708 if (hdev->features[4] & LMP_EV5)
709 hdev->esco_type |= (ESCO_EV5);
1da177e4 710
efc7688b
MH		 711 if (hdev->features[5] & LMP_EDR_ESCO_2M)
712 hdev->esco_type |= (ESCO_2EV3);
713
714 if (hdev->features[5] & LMP_EDR_ESCO_3M)
715 hdev->esco_type |= (ESCO_3EV3);
716
717 if (hdev->features[5] & LMP_EDR_3S_ESCO)
718 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
719
a9de9248 720 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 721 hdev->features[0], hdev->features[1],
722 hdev->features[2], hdev->features[3],
723 hdev->features[4], hdev->features[5],
724 hdev->features[6], hdev->features[7]);
a9de9248 725}
1da177e4 726
8f984dfa
JH		 727static void hci_set_le_support(struct hci_dev *hdev)
728{
729 struct hci_cp_write_le_host_supported cp;
730
731 memset(&cp, 0, sizeof(cp));
732
9d42820f 733 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 734 cp.le = 1;
735 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
736 }
737
738 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 739 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
740 &cp);
8f984dfa
JH		 741}
742
971e3a4b 743static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 744 struct sk_buff *skb)
971e3a4b
AG		 745{
746 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
747
748 BT_DBG("%s status 0x%x", hdev->name, rp->status);
749
750 if (rp->status)
8f984dfa 751 goto done;
971e3a4b 752
b5b32b65
AG		 753 switch (rp->page) {
754 case 0:
755 memcpy(hdev->features, rp->features, 8);
756 break;
757 case 1:
758 memcpy(hdev->host_features, rp->features, 8);
759 break;
760 }
971e3a4b 761
8f984dfa
JH		 762 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
763 hci_set_le_support(hdev);
764
765done:
971e3a4b
AG		 766 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
767}
768
1e89cffb 769static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 770 struct sk_buff *skb)
1e89cffb
AE		 771{
772 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
773
774 BT_DBG("%s status 0x%x", hdev->name, rp->status);
775
776 if (rp->status)
777 return;
778
779 hdev->flow_ctl_mode = rp->mode;
780
781 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
782}
783
a9de9248
MH		 784static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
785{
786 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 787
a9de9248 788 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 789
a9de9248
MH		 790 if (rp->status)
791 return;
1da177e4 792
a9de9248
MH		 793 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
794 hdev->sco_mtu = rp->sco_mtu;
795 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
796 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
797
798 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
799 hdev->sco_mtu = 64;
800 hdev->sco_pkts = 8;
1da177e4 801 }
a9de9248
MH		 802
803 hdev->acl_cnt = hdev->acl_pkts;
804 hdev->sco_cnt = hdev->sco_pkts;
805
807deac2
GP		 806 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
807 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 808}
809
810static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
811{
812 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
815
816 if (!rp->status)
817 bacpy(&hdev->bdaddr, &rp->bdaddr);
818
23bb5763
JH		 819 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
820}
821
350ee4cf 822static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 823 struct sk_buff *skb)
350ee4cf
AE		 824{
825 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
826
827 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828
829 if (rp->status)
830 return;
831
832 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
833 hdev->block_len = __le16_to_cpu(rp->block_len);
834 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
835
836 hdev->block_cnt = hdev->num_blocks;
837
838 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 839 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 840
841 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
842}
843
23bb5763
JH		 844static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
845{
846 __u8 status = *((__u8 *) skb->data);
847
848 BT_DBG("%s status 0x%x", hdev->name, status);
849
850 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 851}
852
928abaa7 853static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 854 struct sk_buff *skb)
928abaa7
AE		 855{
856 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
857
858 BT_DBG("%s status 0x%x", hdev->name, rp->status);
859
860 if (rp->status)
861 return;
862
863 hdev->amp_status = rp->amp_status;
864 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
865 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
866 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
867 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
868 hdev->amp_type = rp->amp_type;
869 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
870 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
871 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
872 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
873
874 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
875}
876
b0916ea0 877static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 878 struct sk_buff *skb)
b0916ea0
JH		 879{
880 __u8 status = *((__u8 *) skb->data);
881
882 BT_DBG("%s status 0x%x", hdev->name, status);
883
884 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
885}
886
d5859e22
JH		 887static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
888{
889 __u8 status = *((__u8 *) skb->data);
890
891 BT_DBG("%s status 0x%x", hdev->name, status);
892
893 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
894}
895
896static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 897 struct sk_buff *skb)
d5859e22
JH		 898{
899 __u8 status = *((__u8 *) skb->data);
900
901 BT_DBG("%s status 0x%x", hdev->name, status);
902
903 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
904}
905
906static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 907 struct sk_buff *skb)
d5859e22 908{
91c4e9b1 909 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 910
91c4e9b1
MH		 911 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912
913 if (!rp->status)
914 hdev->inq_tx_power = rp->tx_power;
d5859e22 915
91c4e9b1 916 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 917}
918
919static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
920{
921 __u8 status = *((__u8 *) skb->data);
922
923 BT_DBG("%s status 0x%x", hdev->name, status);
924
925 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
926}
927
980e1a53
JH		 928static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
929{
930 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
931 struct hci_cp_pin_code_reply *cp;
932 struct hci_conn *conn;
933
934 BT_DBG("%s status 0x%x", hdev->name, rp->status);
935
56e5cb86
JH		 936 hci_dev_lock(hdev);
937
a8b2d5c2 938 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 939 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 940
941 if (rp->status != 0)
56e5cb86 942 goto unlock;
980e1a53
JH		 943
944 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
945 if (!cp)
56e5cb86 946 goto unlock;
980e1a53
JH		 947
948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
949 if (conn)
950 conn->pin_length = cp->pin_len;
56e5cb86
JH		 951
952unlock:
953 hci_dev_unlock(hdev);
980e1a53
JH		 954}
955
956static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
957{
958 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
959
960 BT_DBG("%s status 0x%x", hdev->name, rp->status);
961
56e5cb86
JH		 962 hci_dev_lock(hdev);
963
a8b2d5c2 964 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 965 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 966 rp->status);
56e5cb86
JH		 967
968 hci_dev_unlock(hdev);
980e1a53 969}
56e5cb86 970
6ed58ec5
VT		 971static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
972 struct sk_buff *skb)
973{
974 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
975
976 BT_DBG("%s status 0x%x", hdev->name, rp->status);
977
978 if (rp->status)
979 return;
980
981 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
982 hdev->le_pkts = rp->le_max_pkt;
983
984 hdev->le_cnt = hdev->le_pkts;
985
986 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
987
988 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
989}
980e1a53 990
a5c29683
JH		 991static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
992{
993 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
994
995 BT_DBG("%s status 0x%x", hdev->name, rp->status);
996
56e5cb86
JH		 997 hci_dev_lock(hdev);
998
a8b2d5c2 999 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1000 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1001 rp->status);
56e5cb86
JH		 1002
1003 hci_dev_unlock(hdev);
a5c29683
JH		 1004}
1005
1006static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1007 struct sk_buff *skb)
a5c29683
JH		 1008{
1009 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1010
1011 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1012
56e5cb86
JH		 1013 hci_dev_lock(hdev);
1014
a8b2d5c2 1015 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1016 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1017 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1018
1019 hci_dev_unlock(hdev);
a5c29683
JH		 1020}
1021
1143d458
BG		 1022static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1025
1026 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1027
1028 hci_dev_lock(hdev);
1029
a8b2d5c2 1030 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1031 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1032 0, rp->status);
1143d458
BG		 1033
1034 hci_dev_unlock(hdev);
1035}
1036
1037static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1038 struct sk_buff *skb)
1143d458
BG		 1039{
1040 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1041
1042 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1043
1044 hci_dev_lock(hdev);
1045
a8b2d5c2 1046 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1047 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1048 ACL_LINK, 0, rp->status);
1143d458
BG		 1049
1050 hci_dev_unlock(hdev);
1051}
1052
c35938b2 1053static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1054 struct sk_buff *skb)
c35938b2
SJ		 1055{
1056 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1057
1058 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1059
56e5cb86 1060 hci_dev_lock(hdev);
744cf19e 1061 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1062 rp->randomizer, rp->status);
56e5cb86 1063 hci_dev_unlock(hdev);
c35938b2
SJ		 1064}
1065
07f7fa5d
AG		 1066static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1067{
1068 __u8 status = *((__u8 *) skb->data);
1069
1070 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1071
1072 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1073
1074 if (status) {
1075 hci_dev_lock(hdev);
1076 mgmt_start_discovery_failed(hdev, status);
1077 hci_dev_unlock(hdev);
1078 return;
1079 }
07f7fa5d
AG		 1080}
1081
eb9d91f5 1082static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1083 struct sk_buff *skb)
eb9d91f5
AG		 1084{
1085 struct hci_cp_le_set_scan_enable *cp;
1086 __u8 status = *((__u8 *) skb->data);
1087
1088 BT_DBG("%s status 0x%x", hdev->name, status);
1089
eb9d91f5
AG		 1090 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1091 if (!cp)
1092 return;
1093
68a8aea4
AE		 1094 switch (cp->enable) {
1095 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1096 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1097
3fd24153
AG		 1098 if (status) {
1099 hci_dev_lock(hdev);
1100 mgmt_start_discovery_failed(hdev, status);
1101 hci_dev_unlock(hdev);
7ba8b4be 1102 return;
3fd24153 1103 }
7ba8b4be 1104
d23264a8
AG		 1105 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1106
a8f13c8c 1107 hci_dev_lock(hdev);
343f935b 1108 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1109 hci_dev_unlock(hdev);
68a8aea4
AE		 1110 break;
1111
1112 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1113 if (status) {
1114 hci_dev_lock(hdev);
1115 mgmt_stop_discovery_failed(hdev, status);
1116 hci_dev_unlock(hdev);
7ba8b4be 1117 return;
c9ecc48e 1118 }
7ba8b4be 1119
d23264a8
AG		 1120 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1121
bc3dd33c
AG		 1122 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1123 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1124 mgmt_interleaved_discovery(hdev);
1125 } else {
1126 hci_dev_lock(hdev);
1127 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1128 hci_dev_unlock(hdev);
1129 }
1130
68a8aea4
AE		 1131 break;
1132
1133 default:
1134 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1135 break;
35815085 1136 }
eb9d91f5
AG		 1137}
1138
a7a595f6
VCG		 1139static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1140{
1141 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1142
1143 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1144
1145 if (rp->status)
1146 return;
1147
1148 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1149}
1150
1151static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1152{
1153 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1154
1155 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1156
1157 if (rp->status)
1158 return;
1159
1160 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1161}
1162
6039aa73
GP		 1163static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1164 struct sk_buff *skb)
f9b49306 1165{
06199cf8 1166 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1167 __u8 status = *((__u8 *) skb->data);
1168
1169 BT_DBG("%s status 0x%x", hdev->name, status);
1170
06199cf8 1171 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1172 if (!sent)
f9b49306
AG		 1173 return;
1174
8f984dfa
JH		 1175 if (!status) {
1176 if (sent->le)
1177 hdev->host_features[0] |= LMP_HOST_LE;
1178 else
1179 hdev->host_features[0] &= ~LMP_HOST_LE;
1180 }
1181
1182 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1183 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1184 mgmt_le_enable_complete(hdev, sent->le, status);
1185
1186 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1187}
1188
6039aa73 1189static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248
MH		 1190{
1191 BT_DBG("%s status 0x%x", hdev->name, status);
1192
1193 if (status) {
23bb5763 1194 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1195 hci_conn_check_pending(hdev);
56e5cb86 1196 hci_dev_lock(hdev);
a8b2d5c2 1197 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1198 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1199 hci_dev_unlock(hdev);
314b2381
JH		 1200 return;
1201 }
1202
89352e7d
AG		 1203 set_bit(HCI_INQUIRY, &hdev->flags);
1204
56e5cb86 1205 hci_dev_lock(hdev);
343f935b 1206 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1207 hci_dev_unlock(hdev);
1da177e4
LT		 1208}
1209
6039aa73 1210static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1211{
a9de9248 1212 struct hci_cp_create_conn *cp;
1da177e4 1213 struct hci_conn *conn;
1da177e4 1214
a9de9248
MH		 1215 BT_DBG("%s status 0x%x", hdev->name, status);
1216
1217 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1218 if (!cp)
1219 return;
1220
1221 hci_dev_lock(hdev);
1222
1223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1224
a9de9248 1225 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1226
1227 if (status) {
1228 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1229 if (status != 0x0c || conn->attempt > 2) {
1230 conn->state = BT_CLOSED;
1231 hci_proto_connect_cfm(conn, status);
1232 hci_conn_del(conn);
1233 } else
1234 conn->state = BT_CONNECT2;
1da177e4
LT		 1235 }
1236 } else {
1237 if (!conn) {
1238 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1239 if (conn) {
a0c808b3 1240 conn->out = true;
1da177e4
LT		 1241 conn->link_mode |= HCI_LM_MASTER;
1242 } else
893ef971 1243 BT_ERR("No memory for new connection");
1da177e4
LT		 1244 }
1245 }
1246
1247 hci_dev_unlock(hdev);
1248}
1249
a9de9248 1250static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1251{
a9de9248
MH		 1252 struct hci_cp_add_sco *cp;
1253 struct hci_conn *acl, *sco;
1254 __u16 handle;
1da177e4 1255
b6a0dc82
MH		 1256 BT_DBG("%s status 0x%x", hdev->name, status);
1257
a9de9248
MH		 1258 if (!status)
1259 return;
1da177e4 1260
a9de9248
MH		 1261 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1262 if (!cp)
1263 return;
1da177e4 1264
a9de9248 1265 handle = __le16_to_cpu(cp->handle);
1da177e4 1266
a9de9248 1267 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1268
a9de9248 1269 hci_dev_lock(hdev);
1da177e4 1270
a9de9248 1271 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1272 if (acl) {
1273 sco = acl->link;
1274 if (sco) {
1275 sco->state = BT_CLOSED;
1da177e4 1276
5a08ecce
AE		 1277 hci_proto_connect_cfm(sco, status);
1278 hci_conn_del(sco);
1279 }
a9de9248 1280 }
1da177e4 1281
a9de9248
MH		 1282 hci_dev_unlock(hdev);
1283}
1da177e4 1284
f8558555
MH		 1285static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1286{
1287 struct hci_cp_auth_requested *cp;
1288 struct hci_conn *conn;
1289
1290 BT_DBG("%s status 0x%x", hdev->name, status);
1291
1292 if (!status)
1293 return;
1294
1295 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1296 if (!cp)
1297 return;
1298
1299 hci_dev_lock(hdev);
1300
1301 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1302 if (conn) {
1303 if (conn->state == BT_CONFIG) {
1304 hci_proto_connect_cfm(conn, status);
1305 hci_conn_put(conn);
1306 }
1307 }
1308
1309 hci_dev_unlock(hdev);
1310}
1311
1312static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1313{
1314 struct hci_cp_set_conn_encrypt *cp;
1315 struct hci_conn *conn;
1316
1317 BT_DBG("%s status 0x%x", hdev->name, status);
1318
1319 if (!status)
1320 return;
1321
1322 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1323 if (!cp)
1324 return;
1325
1326 hci_dev_lock(hdev);
1327
1328 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1329 if (conn) {
1330 if (conn->state == BT_CONFIG) {
1331 hci_proto_connect_cfm(conn, status);
1332 hci_conn_put(conn);
1333 }
1334 }
1335
1336 hci_dev_unlock(hdev);
1337}
1338
127178d2 1339static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1340 struct hci_conn *conn)
392599b9 1341{
392599b9
JH		 1342 if (conn->state != BT_CONFIG || !conn->out)
1343 return 0;
1344
765c2a96 1345 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1346 return 0;
1347
1348 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1349 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1350 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1351 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1352 return 0;
1353
392599b9
JH		 1354 return 1;
1355}
1356
6039aa73 1357static int hci_resolve_name(struct hci_dev *hdev,
04124681 1358 struct inquiry_entry *e)
30dc78e1
JH		 1359{
1360 struct hci_cp_remote_name_req cp;
1361
1362 memset(&cp, 0, sizeof(cp));
1363
1364 bacpy(&cp.bdaddr, &e->data.bdaddr);
1365 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1366 cp.pscan_mode = e->data.pscan_mode;
1367 cp.clock_offset = e->data.clock_offset;
1368
1369 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1370}
1371
b644ba33 1372static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1373{
1374 struct discovery_state *discov = &hdev->discovery;
1375 struct inquiry_entry *e;
1376
b644ba33
JH		 1377 if (list_empty(&discov->resolve))
1378 return false;
1379
1380 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1381 if (hci_resolve_name(hdev, e) == 0) {
1382 e->name_state = NAME_PENDING;
1383 return true;
1384 }
1385
1386 return false;
1387}
1388
1389static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1390 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1391{
1392 struct discovery_state *discov = &hdev->discovery;
1393 struct inquiry_entry *e;
1394
1395 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1396 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1397 name_len, conn->dev_class);
b644ba33
JH		 1398
1399 if (discov->state == DISCOVERY_STOPPED)
1400 return;
1401
30dc78e1
JH		 1402 if (discov->state == DISCOVERY_STOPPING)
1403 goto discov_complete;
1404
1405 if (discov->state != DISCOVERY_RESOLVING)
1406 return;
1407
1408 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1409 if (e) {
1410 e->name_state = NAME_KNOWN;
1411 list_del(&e->list);
b644ba33
JH		 1412 if (name)
1413 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1414 e->data.rssi, name, name_len);
30dc78e1
JH		 1415 }
1416
b644ba33 1417 if (hci_resolve_next_name(hdev))
30dc78e1 1418 return;
30dc78e1
JH		 1419
1420discov_complete:
1421 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1422}
1423
a9de9248
MH		 1424static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1425{
127178d2
JH		 1426 struct hci_cp_remote_name_req *cp;
1427 struct hci_conn *conn;
1428
a9de9248 1429 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1430
1431 /* If successful wait for the name req complete event before
1432 * checking for the need to do authentication */
1433 if (!status)
1434 return;
1435
1436 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1437 if (!cp)
1438 return;
1439
1440 hci_dev_lock(hdev);
1441
b644ba33
JH		 1442 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1443
a8b2d5c2 1444 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1445 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1446
79c6c70c
JH		 1447 if (!conn)
1448 goto unlock;
1449
1450 if (!hci_outgoing_auth_needed(hdev, conn))
1451 goto unlock;
1452
51a8efd7 1453 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1454 struct hci_cp_auth_requested cp;
1455 cp.handle = __cpu_to_le16(conn->handle);
1456 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1457 }
1458
79c6c70c 1459unlock:
127178d2 1460 hci_dev_unlock(hdev);
a9de9248 1461}
1da177e4 1462
769be974
MH		 1463static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1464{
1465 struct hci_cp_read_remote_features *cp;
1466 struct hci_conn *conn;
1467
1468 BT_DBG("%s status 0x%x", hdev->name, status);
1469
1470 if (!status)
1471 return;
1472
1473 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1474 if (!cp)
1475 return;
1476
1477 hci_dev_lock(hdev);
1478
1479 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1480 if (conn) {
1481 if (conn->state == BT_CONFIG) {
769be974
MH		 1482 hci_proto_connect_cfm(conn, status);
1483 hci_conn_put(conn);
1484 }
1485 }
1486
1487 hci_dev_unlock(hdev);
1488}
1489
1490static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1491{
1492 struct hci_cp_read_remote_ext_features *cp;
1493 struct hci_conn *conn;
1494
1495 BT_DBG("%s status 0x%x", hdev->name, status);
1496
1497 if (!status)
1498 return;
1499
1500 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1501 if (!cp)
1502 return;
1503
1504 hci_dev_lock(hdev);
1505
1506 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1507 if (conn) {
1508 if (conn->state == BT_CONFIG) {
769be974
MH		 1509 hci_proto_connect_cfm(conn, status);
1510 hci_conn_put(conn);
1511 }
1512 }
1513
1514 hci_dev_unlock(hdev);
1515}
1516
a9de9248
MH		 1517static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1518{
b6a0dc82
MH		 1519 struct hci_cp_setup_sync_conn *cp;
1520 struct hci_conn *acl, *sco;
1521 __u16 handle;
1522
a9de9248 1523 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1524
1525 if (!status)
1526 return;
1527
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1529 if (!cp)
1530 return;
1531
1532 handle = __le16_to_cpu(cp->handle);
1533
1534 BT_DBG("%s handle %d", hdev->name, handle);
1535
1536 hci_dev_lock(hdev);
1537
1538 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1539 if (acl) {
1540 sco = acl->link;
1541 if (sco) {
1542 sco->state = BT_CLOSED;
b6a0dc82 1543
5a08ecce
AE		 1544 hci_proto_connect_cfm(sco, status);
1545 hci_conn_del(sco);
1546 }
b6a0dc82
MH		 1547 }
1548
1549 hci_dev_unlock(hdev);
1da177e4
LT		 1550}
1551
a9de9248 1552static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1553{
a9de9248
MH		 1554 struct hci_cp_sniff_mode *cp;
1555 struct hci_conn *conn;
1da177e4 1556
a9de9248 1557 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1558
a9de9248
MH		 1559 if (!status)
1560 return;
04837f64 1561
a9de9248
MH		 1562 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1563 if (!cp)
1564 return;
04837f64 1565
a9de9248 1566 hci_dev_lock(hdev);
04837f64 1567
a9de9248 1568 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1569 if (conn) {
51a8efd7 1570 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1571
51a8efd7 1572 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1573 hci_sco_setup(conn, status);
1574 }
1575
a9de9248
MH		 1576 hci_dev_unlock(hdev);
1577}
04837f64 1578
a9de9248
MH		 1579static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1580{
1581 struct hci_cp_exit_sniff_mode *cp;
1582 struct hci_conn *conn;
04837f64 1583
a9de9248 1584 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1585
a9de9248
MH		 1586 if (!status)
1587 return;
04837f64 1588
a9de9248
MH		 1589 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1590 if (!cp)
1591 return;
04837f64 1592
a9de9248 1593 hci_dev_lock(hdev);
1da177e4 1594
a9de9248 1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1596 if (conn) {
51a8efd7 1597 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1598
51a8efd7 1599 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1600 hci_sco_setup(conn, status);
1601 }
1602
a9de9248 1603 hci_dev_unlock(hdev);
1da177e4
LT		 1604}
1605
88c3df13
JH		 1606static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1607{
1608 struct hci_cp_disconnect *cp;
1609 struct hci_conn *conn;
1610
1611 if (!status)
1612 return;
1613
1614 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1615 if (!cp)
1616 return;
1617
1618 hci_dev_lock(hdev);
1619
1620 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1621 if (conn)
1622 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1623 conn->dst_type, status);
88c3df13
JH		 1624
1625 hci_dev_unlock(hdev);
1626}
1627
fcd89c09
VT		 1628static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1629{
1630 struct hci_cp_le_create_conn *cp;
1631 struct hci_conn *conn;
1632
1633 BT_DBG("%s status 0x%x", hdev->name, status);
1634
1635 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1636 if (!cp)
1637 return;
1638
1639 hci_dev_lock(hdev);
1640
1641 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1642
1643 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
807deac2 1644 conn);
fcd89c09
VT		 1645
1646 if (status) {
1647 if (conn && conn->state == BT_CONNECT) {
1648 conn->state = BT_CLOSED;
328c9248
HG		 1649 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1650 conn->dst_type, status);
fcd89c09
VT		 1651 hci_proto_connect_cfm(conn, status);
1652 hci_conn_del(conn);
1653 }
1654 } else {
1655 if (!conn) {
1656 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1657 if (conn) {
1658 conn->dst_type = cp->peer_addr_type;
a0c808b3 1659 conn->out = true;
29b7988a 1660 } else {
fcd89c09 1661 BT_ERR("No memory for new connection");
29b7988a 1662 }
fcd89c09
VT		 1663 }
1664 }
1665
1666 hci_dev_unlock(hdev);
1667}
1668
a7a595f6
VCG		 1669static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1670{
1671 BT_DBG("%s status 0x%x", hdev->name, status);
1672}
1673
6039aa73 1674static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1675{
1676 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1677 struct discovery_state *discov = &hdev->discovery;
1678 struct inquiry_entry *e;
1da177e4
LT		 1679
1680 BT_DBG("%s status %d", hdev->name, status);
1681
23bb5763 1682 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1683
a9de9248 1684 hci_conn_check_pending(hdev);
89352e7d
AG		 1685
1686 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1687 return;
1688
a8b2d5c2 1689 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1690 return;
1691
56e5cb86 1692 hci_dev_lock(hdev);
30dc78e1 1693
343f935b 1694 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1695 goto unlock;
1696
1697 if (list_empty(&discov->resolve)) {
1698 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1699 goto unlock;
1700 }
1701
1702 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1703 if (e && hci_resolve_name(hdev, e) == 0) {
1704 e->name_state = NAME_PENDING;
1705 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1706 } else {
1707 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1708 }
1709
1710unlock:
56e5cb86 1711 hci_dev_unlock(hdev);
1da177e4
LT		 1712}
1713
6039aa73 1714static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1715{
45bb4bf0 1716 struct inquiry_data data;
a9de9248 1717 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1718 int num_rsp = *((__u8 *) skb->data);
1719
1720 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1721
45bb4bf0
MH		 1722 if (!num_rsp)
1723 return;
1724
1519cc17
AG		 1725 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1726 return;
1727
1da177e4 1728 hci_dev_lock(hdev);
45bb4bf0 1729
e17acd40 1730 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1731 bool name_known, ssp;
3175405b 1732
1da177e4
LT		 1733 bacpy(&data.bdaddr, &info->bdaddr);
1734 data.pscan_rep_mode = info->pscan_rep_mode;
1735 data.pscan_period_mode = info->pscan_period_mode;
1736 data.pscan_mode = info->pscan_mode;
1737 memcpy(data.dev_class, info->dev_class, 3);
1738 data.clock_offset = info->clock_offset;
1739 data.rssi = 0x00;
41a96212 1740 data.ssp_mode = 0x00;
3175405b 1741
388fc8fa 1742 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1743 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1744 info->dev_class, 0, !name_known, ssp, NULL,
1745 0);
1da177e4 1746 }
45bb4bf0 1747
1da177e4
LT		 1748 hci_dev_unlock(hdev);
1749}
1750
6039aa73 1751static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1752{
a9de9248
MH		 1753 struct hci_ev_conn_complete *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1da177e4
LT		 1755
1756 BT_DBG("%s", hdev->name);
1757
1758 hci_dev_lock(hdev);
1759
1760 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1761 if (!conn) {
1762 if (ev->link_type != SCO_LINK)
1763 goto unlock;
1764
1765 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1766 if (!conn)
1767 goto unlock;
1768
1769 conn->type = SCO_LINK;
1770 }
1da177e4
LT		 1771
1772 if (!ev->status) {
1773 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1774
1775 if (conn->type == ACL_LINK) {
1776 conn->state = BT_CONFIG;
1777 hci_conn_hold(conn);
052b30b0 1778 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1779 } else
1780 conn->state = BT_CONNECTED;
1da177e4 1781
9eba32b8 1782 hci_conn_hold_device(conn);
7d0db0a3
MH		 1783 hci_conn_add_sysfs(conn);
1784
1da177e4
LT		 1785 if (test_bit(HCI_AUTH, &hdev->flags))
1786 conn->link_mode |= HCI_LM_AUTH;
1787
1788 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1789 conn->link_mode |= HCI_LM_ENCRYPT;
1790
04837f64
MH		 1791 /* Get remote features */
1792 if (conn->type == ACL_LINK) {
1793 struct hci_cp_read_remote_features cp;
1794 cp.handle = ev->handle;
769be974 1795 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1796 sizeof(cp), &cp);
04837f64
MH		 1797 }
1798
1da177e4 1799 /* Set packet type for incoming connection */
d095c1eb 1800 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1801 struct hci_cp_change_conn_ptype cp;
1802 cp.handle = ev->handle;
a8746417 1803 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1804 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1805 &cp);
1da177e4 1806 }
17d5c04c 1807 } else {
1da177e4 1808 conn->state = BT_CLOSED;
17d5c04c 1809 if (conn->type == ACL_LINK)
744cf19e 1810 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1811 conn->dst_type, ev->status);
17d5c04c 1812 }
1da177e4 1813
e73439d8
MH		 1814 if (conn->type == ACL_LINK)
1815 hci_sco_setup(conn, ev->status);
1da177e4 1816
769be974
MH		 1817 if (ev->status) {
1818 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1819 hci_conn_del(conn);
c89b6e6b
MH		 1820 } else if (ev->link_type != ACL_LINK)
1821 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1822
a9de9248 1823unlock:
1da177e4 1824 hci_dev_unlock(hdev);
1da177e4 1825
a9de9248 1826 hci_conn_check_pending(hdev);
1da177e4
LT		 1827}
1828
6039aa73 1829static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1830{
a9de9248
MH		 1831 struct hci_ev_conn_request *ev = (void *) skb->data;
1832 int mask = hdev->link_mode;
1da177e4 1833
807deac2
GP		 1834 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1835 ev->link_type);
1da177e4 1836
a9de9248 1837 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1838
138d22ef 1839 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1840 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1841 /* Connection accepted */
c7bdd502 1842 struct inquiry_entry *ie;
1da177e4 1843 struct hci_conn *conn;
1da177e4 1844
a9de9248 1845 hci_dev_lock(hdev);
b6a0dc82 1846
cc11b9c1
AE		 1847 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1848 if (ie)
c7bdd502
MH		 1849 memcpy(ie->data.dev_class, ev->dev_class, 3);
1850
8fc9ced3
GP		 1851 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1852 &ev->bdaddr);
a9de9248 1853 if (!conn) {
cc11b9c1
AE		 1854 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1855 if (!conn) {
893ef971 1856 BT_ERR("No memory for new connection");
a9de9248
MH		 1857 hci_dev_unlock(hdev);
1858 return;
1da177e4
LT		 1859 }
1860 }
b6a0dc82 1861
a9de9248
MH		 1862 memcpy(conn->dev_class, ev->dev_class, 3);
1863 conn->state = BT_CONNECT;
b6a0dc82 1864
a9de9248 1865 hci_dev_unlock(hdev);
1da177e4 1866
b6a0dc82
MH		 1867 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1868 struct hci_cp_accept_conn_req cp;
1da177e4 1869
b6a0dc82
MH		 1870 bacpy(&cp.bdaddr, &ev->bdaddr);
1871
1872 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1873 cp.role = 0x00; /* Become master */
1874 else
1875 cp.role = 0x01; /* Remain slave */
1876
04124681
GP		 1877 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1878 &cp);
b6a0dc82
MH		 1879 } else {
1880 struct hci_cp_accept_sync_conn_req cp;
1881
1882 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1883 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1884
1885 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1886 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1887 cp.max_latency = cpu_to_le16(0xffff);
1888 cp.content_format = cpu_to_le16(hdev->voice_setting);
1889 cp.retrans_effort = 0xff;
1da177e4 1890
b6a0dc82 1891 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1892 sizeof(cp), &cp);
b6a0dc82 1893 }
a9de9248
MH		 1894 } else {
1895 /* Connection rejected */
1896 struct hci_cp_reject_conn_req cp;
1da177e4 1897
a9de9248 1898 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1899 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1900 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1901 }
1da177e4
LT		 1902}
1903
6039aa73 1904static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1905{
a9de9248 1906 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1907 struct hci_conn *conn;
1908
1909 BT_DBG("%s status %d", hdev->name, ev->status);
1910
1911 hci_dev_lock(hdev);
1912
1913 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1914 if (!conn)
1915 goto unlock;
7d0db0a3 1916
37d9ef76
JH		 1917 if (ev->status == 0)
1918 conn->state = BT_CLOSED;
04837f64 1919
b644ba33 1920 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1921 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1922 if (ev->status != 0)
88c3df13 1923 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1924 conn->dst_type, ev->status);
37d9ef76 1925 else
afc747a6 1926 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1927 conn->dst_type);
37d9ef76 1928 }
f7520543 1929
37d9ef76 1930 if (ev->status == 0) {
6ec5bcad
VA		 1931 if (conn->type == ACL_LINK && conn->flush_key)
1932 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1933 hci_proto_disconn_cfm(conn, ev->reason);
1934 hci_conn_del(conn);
1935 }
f7520543
JH		 1936
1937unlock:
04837f64
MH		 1938 hci_dev_unlock(hdev);
1939}
1940
6039aa73 1941static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1942{
a9de9248 1943 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1944 struct hci_conn *conn;
1da177e4
LT		 1945
1946 BT_DBG("%s status %d", hdev->name, ev->status);
1947
1948 hci_dev_lock(hdev);
1949
04837f64 1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1951 if (!conn)
1952 goto unlock;
1953
1954 if (!ev->status) {
aa64a8b5 1955 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1956 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1957 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1958 } else {
d7556e20
WR		 1959 conn->link_mode |= HCI_LM_AUTH;
1960 conn->sec_level = conn->pending_sec_level;
2a611692 1961 }
d7556e20 1962 } else {
bab73cb6 1963 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1964 ev->status);
d7556e20 1965 }
1da177e4 1966
51a8efd7
JH		 1967 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1968 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1969
d7556e20 1970 if (conn->state == BT_CONFIG) {
aa64a8b5 1971 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1972 struct hci_cp_set_conn_encrypt cp;
1973 cp.handle = ev->handle;
1974 cp.encrypt = 0x01;
1975 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1976 &cp);
052b30b0 1977 } else {
d7556e20
WR		 1978 conn->state = BT_CONNECTED;
1979 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1980 hci_conn_put(conn);
1981 }
d7556e20
WR		 1982 } else {
1983 hci_auth_cfm(conn, ev->status);
052b30b0 1984
d7556e20
WR		 1985 hci_conn_hold(conn);
1986 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1987 hci_conn_put(conn);
1988 }
1989
51a8efd7 1990 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1991 if (!ev->status) {
1992 struct hci_cp_set_conn_encrypt cp;
1993 cp.handle = ev->handle;
1994 cp.encrypt = 0x01;
1995 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1996 &cp);
d7556e20 1997 } else {
51a8efd7 1998 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1999 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2000 }
2001 }
2002
d7556e20 2003unlock:
1da177e4
LT		 2004 hci_dev_unlock(hdev);
2005}
2006
6039aa73 2007static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2008{
127178d2
JH		 2009 struct hci_ev_remote_name *ev = (void *) skb->data;
2010 struct hci_conn *conn;
2011
a9de9248 2012 BT_DBG("%s", hdev->name);
1da177e4 2013
a9de9248 2014 hci_conn_check_pending(hdev);
127178d2
JH		 2015
2016 hci_dev_lock(hdev);
2017
b644ba33 2018 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2019
b644ba33
JH		 2020 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2021 goto check_auth;
a88a9652 2022
b644ba33
JH		 2023 if (ev->status == 0)
2024 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2025 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2026 else
2027 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2028
2029check_auth:
79c6c70c
JH		 2030 if (!conn)
2031 goto unlock;
2032
2033 if (!hci_outgoing_auth_needed(hdev, conn))
2034 goto unlock;
2035
51a8efd7 2036 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2037 struct hci_cp_auth_requested cp;
2038 cp.handle = __cpu_to_le16(conn->handle);
2039 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2040 }
2041
79c6c70c 2042unlock:
127178d2 2043 hci_dev_unlock(hdev);
a9de9248
MH		 2044}
2045
6039aa73 2046static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2047{
2048 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2049 struct hci_conn *conn;
2050
2051 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2052
2053 hci_dev_lock(hdev);
2054
04837f64 2055 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2056 if (conn) {
2057 if (!ev->status) {
ae293196
MH		 2058 if (ev->encrypt) {
2059 /* Encryption implies authentication */
2060 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2061 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2062 conn->sec_level = conn->pending_sec_level;
ae293196 2063 } else
1da177e4
LT		 2064 conn->link_mode &= ~HCI_LM_ENCRYPT;
2065 }
2066
51a8efd7 2067 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2068
a7d7723a 2069 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2070 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2071 hci_conn_put(conn);
2072 goto unlock;
2073 }
2074
f8558555
MH		 2075 if (conn->state == BT_CONFIG) {
2076 if (!ev->status)
2077 conn->state = BT_CONNECTED;
2078
2079 hci_proto_connect_cfm(conn, ev->status);
2080 hci_conn_put(conn);
2081 } else
2082 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2083 }
2084
a7d7723a 2085unlock:
1da177e4
LT		 2086 hci_dev_unlock(hdev);
2087}
2088
6039aa73
GP		 2089static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2090 struct sk_buff *skb)
1da177e4 2091{
a9de9248 2092 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2093 struct hci_conn *conn;
1da177e4
LT		 2094
2095 BT_DBG("%s status %d", hdev->name, ev->status);
2096
2097 hci_dev_lock(hdev);
2098
04837f64 2099 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2100 if (conn) {
2101 if (!ev->status)
2102 conn->link_mode |= HCI_LM_SECURE;
2103
51a8efd7 2104 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2105
2106 hci_key_change_cfm(conn, ev->status);
2107 }
2108
2109 hci_dev_unlock(hdev);
2110}
2111
6039aa73
GP		 2112static void hci_remote_features_evt(struct hci_dev *hdev,
2113 struct sk_buff *skb)
1da177e4 2114{
a9de9248
MH		 2115 struct hci_ev_remote_features *ev = (void *) skb->data;
2116 struct hci_conn *conn;
2117
2118 BT_DBG("%s status %d", hdev->name, ev->status);
2119
a9de9248
MH		 2120 hci_dev_lock(hdev);
2121
2122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2123 if (!conn)
2124 goto unlock;
769be974 2125
ccd556fe
JH		 2126 if (!ev->status)
2127 memcpy(conn->features, ev->features, 8);
2128
2129 if (conn->state != BT_CONFIG)
2130 goto unlock;
2131
2132 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2133 struct hci_cp_read_remote_ext_features cp;
2134 cp.handle = ev->handle;
2135 cp.page = 0x01;
2136 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2137 sizeof(cp), &cp);
392599b9
JH		 2138 goto unlock;
2139 }
2140
671267bf 2141 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2142 struct hci_cp_remote_name_req cp;
2143 memset(&cp, 0, sizeof(cp));
2144 bacpy(&cp.bdaddr, &conn->dst);
2145 cp.pscan_rep_mode = 0x02;
2146 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2147 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2148 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2149 conn->dst_type, 0, NULL, 0,
2150 conn->dev_class);
392599b9 2151
127178d2 2152 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2153 conn->state = BT_CONNECTED;
2154 hci_proto_connect_cfm(conn, ev->status);
2155 hci_conn_put(conn);
769be974 2156 }
a9de9248 2157
ccd556fe 2158unlock:
a9de9248 2159 hci_dev_unlock(hdev);
1da177e4
LT		 2160}
2161
6039aa73 2162static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2163{
a9de9248 2164 BT_DBG("%s", hdev->name);
1da177e4
LT		 2165}
2166
6039aa73
GP		 2167static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2168 struct sk_buff *skb)
1da177e4 2169{
a9de9248 2170 BT_DBG("%s", hdev->name);
1da177e4
LT		 2171}
2172
6039aa73 2173static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2174{
2175 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2176 __u16 opcode;
2177
2178 skb_pull(skb, sizeof(*ev));
2179
2180 opcode = __le16_to_cpu(ev->opcode);
2181
2182 switch (opcode) {
2183 case HCI_OP_INQUIRY_CANCEL:
2184 hci_cc_inquiry_cancel(hdev, skb);
2185 break;
2186
4d93483b
AG		 2187 case HCI_OP_PERIODIC_INQ:
2188 hci_cc_periodic_inq(hdev, skb);
2189 break;
2190
a9de9248
MH		 2191 case HCI_OP_EXIT_PERIODIC_INQ:
2192 hci_cc_exit_periodic_inq(hdev, skb);
2193 break;
2194
2195 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2196 hci_cc_remote_name_req_cancel(hdev, skb);
2197 break;
2198
2199 case HCI_OP_ROLE_DISCOVERY:
2200 hci_cc_role_discovery(hdev, skb);
2201 break;
2202
e4e8e37c
MH		 2203 case HCI_OP_READ_LINK_POLICY:
2204 hci_cc_read_link_policy(hdev, skb);
2205 break;
2206
a9de9248
MH		 2207 case HCI_OP_WRITE_LINK_POLICY:
2208 hci_cc_write_link_policy(hdev, skb);
2209 break;
2210
e4e8e37c
MH		 2211 case HCI_OP_READ_DEF_LINK_POLICY:
2212 hci_cc_read_def_link_policy(hdev, skb);
2213 break;
2214
2215 case HCI_OP_WRITE_DEF_LINK_POLICY:
2216 hci_cc_write_def_link_policy(hdev, skb);
2217 break;
2218
a9de9248
MH		 2219 case HCI_OP_RESET:
2220 hci_cc_reset(hdev, skb);
2221 break;
2222
2223 case HCI_OP_WRITE_LOCAL_NAME:
2224 hci_cc_write_local_name(hdev, skb);
2225 break;
2226
2227 case HCI_OP_READ_LOCAL_NAME:
2228 hci_cc_read_local_name(hdev, skb);
2229 break;
2230
2231 case HCI_OP_WRITE_AUTH_ENABLE:
2232 hci_cc_write_auth_enable(hdev, skb);
2233 break;
2234
2235 case HCI_OP_WRITE_ENCRYPT_MODE:
2236 hci_cc_write_encrypt_mode(hdev, skb);
2237 break;
2238
2239 case HCI_OP_WRITE_SCAN_ENABLE:
2240 hci_cc_write_scan_enable(hdev, skb);
2241 break;
2242
2243 case HCI_OP_READ_CLASS_OF_DEV:
2244 hci_cc_read_class_of_dev(hdev, skb);
2245 break;
2246
2247 case HCI_OP_WRITE_CLASS_OF_DEV:
2248 hci_cc_write_class_of_dev(hdev, skb);
2249 break;
2250
2251 case HCI_OP_READ_VOICE_SETTING:
2252 hci_cc_read_voice_setting(hdev, skb);
2253 break;
2254
2255 case HCI_OP_WRITE_VOICE_SETTING:
2256 hci_cc_write_voice_setting(hdev, skb);
2257 break;
2258
2259 case HCI_OP_HOST_BUFFER_SIZE:
2260 hci_cc_host_buffer_size(hdev, skb);
2261 break;
2262
333140b5
MH		 2263 case HCI_OP_WRITE_SSP_MODE:
2264 hci_cc_write_ssp_mode(hdev, skb);
2265 break;
2266
a9de9248
MH		 2267 case HCI_OP_READ_LOCAL_VERSION:
2268 hci_cc_read_local_version(hdev, skb);
2269 break;
2270
2271 case HCI_OP_READ_LOCAL_COMMANDS:
2272 hci_cc_read_local_commands(hdev, skb);
2273 break;
2274
2275 case HCI_OP_READ_LOCAL_FEATURES:
2276 hci_cc_read_local_features(hdev, skb);
2277 break;
2278
971e3a4b
AG		 2279 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2280 hci_cc_read_local_ext_features(hdev, skb);
2281 break;
2282
a9de9248
MH		 2283 case HCI_OP_READ_BUFFER_SIZE:
2284 hci_cc_read_buffer_size(hdev, skb);
2285 break;
2286
2287 case HCI_OP_READ_BD_ADDR:
2288 hci_cc_read_bd_addr(hdev, skb);
2289 break;
2290
350ee4cf
AE		 2291 case HCI_OP_READ_DATA_BLOCK_SIZE:
2292 hci_cc_read_data_block_size(hdev, skb);
2293 break;
2294
23bb5763
JH		 2295 case HCI_OP_WRITE_CA_TIMEOUT:
2296 hci_cc_write_ca_timeout(hdev, skb);
2297 break;
2298
1e89cffb
AE		 2299 case HCI_OP_READ_FLOW_CONTROL_MODE:
2300 hci_cc_read_flow_control_mode(hdev, skb);
2301 break;
2302
928abaa7
AE		 2303 case HCI_OP_READ_LOCAL_AMP_INFO:
2304 hci_cc_read_local_amp_info(hdev, skb);
2305 break;
2306
b0916ea0
JH		 2307 case HCI_OP_DELETE_STORED_LINK_KEY:
2308 hci_cc_delete_stored_link_key(hdev, skb);
2309 break;
2310
d5859e22
JH		 2311 case HCI_OP_SET_EVENT_MASK:
2312 hci_cc_set_event_mask(hdev, skb);
2313 break;
2314
2315 case HCI_OP_WRITE_INQUIRY_MODE:
2316 hci_cc_write_inquiry_mode(hdev, skb);
2317 break;
2318
2319 case HCI_OP_READ_INQ_RSP_TX_POWER:
2320 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2321 break;
2322
2323 case HCI_OP_SET_EVENT_FLT:
2324 hci_cc_set_event_flt(hdev, skb);
2325 break;
2326
980e1a53
JH		 2327 case HCI_OP_PIN_CODE_REPLY:
2328 hci_cc_pin_code_reply(hdev, skb);
2329 break;
2330
2331 case HCI_OP_PIN_CODE_NEG_REPLY:
2332 hci_cc_pin_code_neg_reply(hdev, skb);
2333 break;
2334
c35938b2
SJ		 2335 case HCI_OP_READ_LOCAL_OOB_DATA:
2336 hci_cc_read_local_oob_data_reply(hdev, skb);
2337 break;
2338
6ed58ec5
VT		 2339 case HCI_OP_LE_READ_BUFFER_SIZE:
2340 hci_cc_le_read_buffer_size(hdev, skb);
2341 break;
2342
a5c29683
JH		 2343 case HCI_OP_USER_CONFIRM_REPLY:
2344 hci_cc_user_confirm_reply(hdev, skb);
2345 break;
2346
2347 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2348 hci_cc_user_confirm_neg_reply(hdev, skb);
2349 break;
2350
1143d458
BG		 2351 case HCI_OP_USER_PASSKEY_REPLY:
2352 hci_cc_user_passkey_reply(hdev, skb);
2353 break;
2354
2355 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2356 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2357 break;
07f7fa5d
AG		 2358
2359 case HCI_OP_LE_SET_SCAN_PARAM:
2360 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2361 break;
2362
eb9d91f5
AG		 2363 case HCI_OP_LE_SET_SCAN_ENABLE:
2364 hci_cc_le_set_scan_enable(hdev, skb);
2365 break;
2366
a7a595f6
VCG		 2367 case HCI_OP_LE_LTK_REPLY:
2368 hci_cc_le_ltk_reply(hdev, skb);
2369 break;
2370
2371 case HCI_OP_LE_LTK_NEG_REPLY:
2372 hci_cc_le_ltk_neg_reply(hdev, skb);
2373 break;
2374
f9b49306
AG		 2375 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2376 hci_cc_write_le_host_supported(hdev, skb);
2377 break;
2378
a9de9248
MH		 2379 default:
2380 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2381 break;
2382 }
2383
6bd32326
VT		 2384 if (ev->opcode != HCI_OP_NOP)
2385 del_timer(&hdev->cmd_timer);
2386
a9de9248
MH		 2387 if (ev->ncmd) {
2388 atomic_set(&hdev->cmd_cnt, 1);
2389 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2390 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2391 }
2392}
2393
6039aa73 2394static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2395{
2396 struct hci_ev_cmd_status *ev = (void *) skb->data;
2397 __u16 opcode;
2398
2399 skb_pull(skb, sizeof(*ev));
2400
2401 opcode = __le16_to_cpu(ev->opcode);
2402
2403 switch (opcode) {
2404 case HCI_OP_INQUIRY:
2405 hci_cs_inquiry(hdev, ev->status);
2406 break;
2407
2408 case HCI_OP_CREATE_CONN:
2409 hci_cs_create_conn(hdev, ev->status);
2410 break;
2411
2412 case HCI_OP_ADD_SCO:
2413 hci_cs_add_sco(hdev, ev->status);
2414 break;
2415
f8558555
MH		 2416 case HCI_OP_AUTH_REQUESTED:
2417 hci_cs_auth_requested(hdev, ev->status);
2418 break;
2419
2420 case HCI_OP_SET_CONN_ENCRYPT:
2421 hci_cs_set_conn_encrypt(hdev, ev->status);
2422 break;
2423
a9de9248
MH		 2424 case HCI_OP_REMOTE_NAME_REQ:
2425 hci_cs_remote_name_req(hdev, ev->status);
2426 break;
2427
769be974
MH		 2428 case HCI_OP_READ_REMOTE_FEATURES:
2429 hci_cs_read_remote_features(hdev, ev->status);
2430 break;
2431
2432 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2433 hci_cs_read_remote_ext_features(hdev, ev->status);
2434 break;
2435
a9de9248
MH		 2436 case HCI_OP_SETUP_SYNC_CONN:
2437 hci_cs_setup_sync_conn(hdev, ev->status);
2438 break;
2439
2440 case HCI_OP_SNIFF_MODE:
2441 hci_cs_sniff_mode(hdev, ev->status);
2442 break;
2443
2444 case HCI_OP_EXIT_SNIFF_MODE:
2445 hci_cs_exit_sniff_mode(hdev, ev->status);
2446 break;
2447
8962ee74 2448 case HCI_OP_DISCONNECT:
88c3df13 2449 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2450 break;
2451
fcd89c09
VT		 2452 case HCI_OP_LE_CREATE_CONN:
2453 hci_cs_le_create_conn(hdev, ev->status);
2454 break;
2455
a7a595f6
VCG		 2456 case HCI_OP_LE_START_ENC:
2457 hci_cs_le_start_enc(hdev, ev->status);
2458 break;
2459
a9de9248
MH		 2460 default:
2461 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2462 break;
2463 }
2464
6bd32326
VT		 2465 if (ev->opcode != HCI_OP_NOP)
2466 del_timer(&hdev->cmd_timer);
2467
10572132 2468 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2469 atomic_set(&hdev->cmd_cnt, 1);
2470 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2471 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2472 }
2473}
2474
6039aa73 2475static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2476{
2477 struct hci_ev_role_change *ev = (void *) skb->data;
2478 struct hci_conn *conn;
2479
2480 BT_DBG("%s status %d", hdev->name, ev->status);
2481
2482 hci_dev_lock(hdev);
2483
2484 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2485 if (conn) {
2486 if (!ev->status) {
2487 if (ev->role)
2488 conn->link_mode &= ~HCI_LM_MASTER;
2489 else
2490 conn->link_mode |= HCI_LM_MASTER;
2491 }
2492
51a8efd7 2493 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2494
2495 hci_role_switch_cfm(conn, ev->status, ev->role);
2496 }
2497
2498 hci_dev_unlock(hdev);
2499}
2500
6039aa73 2501static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2502{
2503 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2504 int i;
2505
32ac5b9b
AE		 2506 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2507 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2508 return;
2509 }
2510
c5993de8 2511 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2512 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2513 BT_DBG("%s bad parameters", hdev->name);
2514 return;
2515 }
2516
c5993de8
AE		 2517 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2518
613a1c0c
AE		 2519 for (i = 0; i < ev->num_hndl; i++) {
2520 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2521 struct hci_conn *conn;
2522 __u16 handle, count;
2523
613a1c0c
AE		 2524 handle = __le16_to_cpu(info->handle);
2525 count = __le16_to_cpu(info->count);
a9de9248
MH		 2526
2527 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2528 if (!conn)
2529 continue;
2530
2531 conn->sent -= count;
2532
2533 switch (conn->type) {
2534 case ACL_LINK:
2535 hdev->acl_cnt += count;
2536 if (hdev->acl_cnt > hdev->acl_pkts)
2537 hdev->acl_cnt = hdev->acl_pkts;
2538 break;
2539
2540 case LE_LINK:
2541 if (hdev->le_pkts) {
2542 hdev->le_cnt += count;
2543 if (hdev->le_cnt > hdev->le_pkts)
2544 hdev->le_cnt = hdev->le_pkts;
2545 } else {
70f23020
AE		 2546 hdev->acl_cnt += count;
2547 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2548 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2549 }
f4280918
AE		 2550 break;
2551
2552 case SCO_LINK:
2553 hdev->sco_cnt += count;
2554 if (hdev->sco_cnt > hdev->sco_pkts)
2555 hdev->sco_cnt = hdev->sco_pkts;
2556 break;
2557
2558 default:
2559 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2560 break;
a9de9248
MH		 2561 }
2562 }
2563
3eff45ea 2564 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2565}
2566
6039aa73 2567static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2568{
2569 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2570 int i;
2571
2572 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2573 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2574 return;
2575 }
2576
2577 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2578 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2579 BT_DBG("%s bad parameters", hdev->name);
2580 return;
2581 }
2582
2583 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2584 ev->num_hndl);
25e89e99
AE		 2585
2586 for (i = 0; i < ev->num_hndl; i++) {
2587 struct hci_comp_blocks_info *info = &ev->handles[i];
2588 struct hci_conn *conn;
2589 __u16 handle, block_count;
2590
2591 handle = __le16_to_cpu(info->handle);
2592 block_count = __le16_to_cpu(info->blocks);
2593
2594 conn = hci_conn_hash_lookup_handle(hdev, handle);
2595 if (!conn)
2596 continue;
2597
2598 conn->sent -= block_count;
2599
2600 switch (conn->type) {
2601 case ACL_LINK:
2602 hdev->block_cnt += block_count;
2603 if (hdev->block_cnt > hdev->num_blocks)
2604 hdev->block_cnt = hdev->num_blocks;
2605 break;
2606
2607 default:
2608 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2609 break;
2610 }
2611 }
2612
2613 queue_work(hdev->workqueue, &hdev->tx_work);
2614}
2615
6039aa73 2616static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2617{
a9de9248 2618 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2619 struct hci_conn *conn;
2620
2621 BT_DBG("%s status %d", hdev->name, ev->status);
2622
2623 hci_dev_lock(hdev);
2624
2625 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2626 if (conn) {
2627 conn->mode = ev->mode;
2628 conn->interval = __le16_to_cpu(ev->interval);
2629
8fc9ced3
GP		 2630 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2631 &conn->flags)) {
a9de9248 2632 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2633 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2634 else
58a681ef 2635 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2636 }
e73439d8 2637
51a8efd7 2638 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2639 hci_sco_setup(conn, ev->status);
04837f64
MH		 2640 }
2641
2642 hci_dev_unlock(hdev);
2643}
2644
6039aa73 2645static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2646{
052b30b0
MH		 2647 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2648 struct hci_conn *conn;
2649
a9de9248 2650 BT_DBG("%s", hdev->name);
052b30b0
MH		 2651
2652 hci_dev_lock(hdev);
2653
2654 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2655 if (!conn)
2656 goto unlock;
2657
2658 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2659 hci_conn_hold(conn);
2660 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2661 hci_conn_put(conn);
2662 }
2663
a8b2d5c2 2664 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2665 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2666 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2667 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2668 u8 secure;
2669
2670 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2671 secure = 1;
2672 else
2673 secure = 0;
2674
744cf19e 2675 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2676 }
980e1a53 2677
b6f98044 2678unlock:
052b30b0 2679 hci_dev_unlock(hdev);
a9de9248
MH		 2680}
2681
6039aa73 2682static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2683{
55ed8ca1
JH		 2684 struct hci_ev_link_key_req *ev = (void *) skb->data;
2685 struct hci_cp_link_key_reply cp;
2686 struct hci_conn *conn;
2687 struct link_key *key;
2688
a9de9248 2689 BT_DBG("%s", hdev->name);
55ed8ca1 2690
a8b2d5c2 2691 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2692 return;
2693
2694 hci_dev_lock(hdev);
2695
2696 key = hci_find_link_key(hdev, &ev->bdaddr);
2697 if (!key) {
2698 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2699 batostr(&ev->bdaddr));
55ed8ca1
JH		 2700 goto not_found;
2701 }
2702
2703 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2704 batostr(&ev->bdaddr));
55ed8ca1 2705
a8b2d5c2 2706 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2707 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2708 BT_DBG("%s ignoring debug key", hdev->name);
2709 goto not_found;
2710 }
2711
2712 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2713 if (conn) {
2714 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2715 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2716 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2717 goto not_found;
2718 }
55ed8ca1 2719
60b83f57 2720 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2721 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2722 BT_DBG("%s ignoring key unauthenticated for high security",
2723 hdev->name);
60b83f57
WR		 2724 goto not_found;
2725 }
2726
2727 conn->key_type = key->type;
2728 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2729 }
2730
2731 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2732 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2733
2734 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2735
2736 hci_dev_unlock(hdev);
2737
2738 return;
2739
2740not_found:
2741 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2742 hci_dev_unlock(hdev);
a9de9248
MH		 2743}
2744
6039aa73 2745static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2746{
052b30b0
MH		 2747 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2748 struct hci_conn *conn;
55ed8ca1 2749 u8 pin_len = 0;
052b30b0 2750
a9de9248 2751 BT_DBG("%s", hdev->name);
052b30b0
MH		 2752
2753 hci_dev_lock(hdev);
2754
2755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2756 if (conn) {
2757 hci_conn_hold(conn);
2758 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2759 pin_len = conn->pin_length;
13d39315
WR		 2760
2761 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2762 conn->key_type = ev->key_type;
2763
052b30b0
MH		 2764 hci_conn_put(conn);
2765 }
2766
a8b2d5c2 2767 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2768 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2769 ev->key_type, pin_len);
55ed8ca1 2770
052b30b0 2771 hci_dev_unlock(hdev);
a9de9248
MH		 2772}
2773
6039aa73 2774static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2775{
a9de9248 2776 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2777 struct hci_conn *conn;
1da177e4
LT		 2778
2779 BT_DBG("%s status %d", hdev->name, ev->status);
2780
2781 hci_dev_lock(hdev);
2782
04837f64 2783 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2784 if (conn && !ev->status) {
2785 struct inquiry_entry *ie;
2786
cc11b9c1
AE		 2787 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2788 if (ie) {
1da177e4
LT		 2789 ie->data.clock_offset = ev->clock_offset;
2790 ie->timestamp = jiffies;
2791 }
2792 }
2793
2794 hci_dev_unlock(hdev);
2795}
2796
6039aa73 2797static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2798{
2799 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2800 struct hci_conn *conn;
2801
2802 BT_DBG("%s status %d", hdev->name, ev->status);
2803
2804 hci_dev_lock(hdev);
2805
2806 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2807 if (conn && !ev->status)
2808 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2809
2810 hci_dev_unlock(hdev);
2811}
2812
6039aa73 2813static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2814{
a9de9248 2815 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2816 struct inquiry_entry *ie;
2817
2818 BT_DBG("%s", hdev->name);
2819
2820 hci_dev_lock(hdev);
2821
cc11b9c1
AE		 2822 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2823 if (ie) {
85a1e930
MH		 2824 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2825 ie->timestamp = jiffies;
2826 }
2827
2828 hci_dev_unlock(hdev);
2829}
2830
6039aa73
GP		 2831static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2832 struct sk_buff *skb)
a9de9248
MH		 2833{
2834 struct inquiry_data data;
2835 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2836 bool name_known, ssp;
a9de9248
MH		 2837
2838 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2839
2840 if (!num_rsp)
2841 return;
2842
1519cc17
AG		 2843 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2844 return;
2845
a9de9248
MH		 2846 hci_dev_lock(hdev);
2847
2848 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2849 struct inquiry_info_with_rssi_and_pscan_mode *info;
2850 info = (void *) (skb->data + 1);
a9de9248 2851
e17acd40 2852 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2853 bacpy(&data.bdaddr, &info->bdaddr);
2854 data.pscan_rep_mode = info->pscan_rep_mode;
2855 data.pscan_period_mode = info->pscan_period_mode;
2856 data.pscan_mode = info->pscan_mode;
2857 memcpy(data.dev_class, info->dev_class, 3);
2858 data.clock_offset = info->clock_offset;
2859 data.rssi = info->rssi;
41a96212 2860 data.ssp_mode = 0x00;
3175405b
JH		 2861
2862 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2863 false, &ssp);
48264f06 2864 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2865 info->dev_class, info->rssi,
2866 !name_known, ssp, NULL, 0);
a9de9248
MH		 2867 }
2868 } else {
2869 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2870
e17acd40 2871 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2872 bacpy(&data.bdaddr, &info->bdaddr);
2873 data.pscan_rep_mode = info->pscan_rep_mode;
2874 data.pscan_period_mode = info->pscan_period_mode;
2875 data.pscan_mode = 0x00;
2876 memcpy(data.dev_class, info->dev_class, 3);
2877 data.clock_offset = info->clock_offset;
2878 data.rssi = info->rssi;
41a96212 2879 data.ssp_mode = 0x00;
3175405b 2880 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2881 false, &ssp);
48264f06 2882 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2883 info->dev_class, info->rssi,
2884 !name_known, ssp, NULL, 0);
a9de9248
MH		 2885 }
2886 }
2887
2888 hci_dev_unlock(hdev);
2889}
2890
6039aa73
GP		 2891static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2892 struct sk_buff *skb)
a9de9248 2893{
41a96212
MH		 2894 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2895 struct hci_conn *conn;
2896
a9de9248 2897 BT_DBG("%s", hdev->name);
41a96212 2898
41a96212
MH		 2899 hci_dev_lock(hdev);
2900
2901 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2902 if (!conn)
2903 goto unlock;
41a96212 2904
ccd556fe
JH		 2905 if (!ev->status && ev->page == 0x01) {
2906 struct inquiry_entry *ie;
41a96212 2907
cc11b9c1
AE		 2908 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2909 if (ie)
02b7cc62 2910 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2911
02b7cc62 2912 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2913 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2914 }
2915
2916 if (conn->state != BT_CONFIG)
2917 goto unlock;
2918
671267bf 2919 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2920 struct hci_cp_remote_name_req cp;
2921 memset(&cp, 0, sizeof(cp));
2922 bacpy(&cp.bdaddr, &conn->dst);
2923 cp.pscan_rep_mode = 0x02;
2924 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2925 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2926 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2927 conn->dst_type, 0, NULL, 0,
2928 conn->dev_class);
392599b9 2929
127178d2 2930 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2931 conn->state = BT_CONNECTED;
2932 hci_proto_connect_cfm(conn, ev->status);
2933 hci_conn_put(conn);
41a96212
MH		 2934 }
2935
ccd556fe 2936unlock:
41a96212 2937 hci_dev_unlock(hdev);
a9de9248
MH		 2938}
2939
6039aa73
GP		 2940static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2941 struct sk_buff *skb)
a9de9248 2942{
b6a0dc82
MH		 2943 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2944 struct hci_conn *conn;
2945
2946 BT_DBG("%s status %d", hdev->name, ev->status);
2947
2948 hci_dev_lock(hdev);
2949
2950 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2951 if (!conn) {
2952 if (ev->link_type == ESCO_LINK)
2953 goto unlock;
2954
2955 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2956 if (!conn)
2957 goto unlock;
2958
2959 conn->type = SCO_LINK;
2960 }
b6a0dc82 2961
732547f9
MH		 2962 switch (ev->status) {
2963 case 0x00:
b6a0dc82
MH		 2964 conn->handle = __le16_to_cpu(ev->handle);
2965 conn->state = BT_CONNECTED;
7d0db0a3 2966
9eba32b8 2967 hci_conn_hold_device(conn);
7d0db0a3 2968 hci_conn_add_sysfs(conn);
732547f9
MH		 2969 break;
2970
705e5711 2971 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2972 case 0x1c: /* SCO interval rejected */
1038a00b 2973 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2974 case 0x1f: /* Unspecified error */
2975 if (conn->out && conn->attempt < 2) {
2976 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2977 (hdev->esco_type & EDR_ESCO_MASK);
2978 hci_setup_sync(conn, conn->link->handle);
2979 goto unlock;
2980 }
2981 /* fall through */
2982
2983 default:
b6a0dc82 2984 conn->state = BT_CLOSED;
732547f9
MH		 2985 break;
2986 }
b6a0dc82
MH		 2987
2988 hci_proto_connect_cfm(conn, ev->status);
2989 if (ev->status)
2990 hci_conn_del(conn);
2991
2992unlock:
2993 hci_dev_unlock(hdev);
a9de9248
MH		 2994}
2995
6039aa73 2996static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2997{
2998 BT_DBG("%s", hdev->name);
2999}
3000
6039aa73 3001static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3002{
a9de9248 3003 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 3004
3005 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 3006}
3007
6039aa73
GP		 3008static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3009 struct sk_buff *skb)
1da177e4 3010{
a9de9248
MH		 3011 struct inquiry_data data;
3012 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3013 int num_rsp = *((__u8 *) skb->data);
9d939d94 3014 size_t eir_len;
1da177e4 3015
a9de9248 3016 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3017
a9de9248
MH		 3018 if (!num_rsp)
3019 return;
1da177e4 3020
1519cc17
AG		 3021 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3022 return;
3023
a9de9248
MH		 3024 hci_dev_lock(hdev);
3025
e17acd40 3026 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3027 bool name_known, ssp;
561aafbc 3028
a9de9248 3029 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3030 data.pscan_rep_mode = info->pscan_rep_mode;
3031 data.pscan_period_mode = info->pscan_period_mode;
3032 data.pscan_mode = 0x00;
a9de9248 3033 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3034 data.clock_offset = info->clock_offset;
3035 data.rssi = info->rssi;
41a96212 3036 data.ssp_mode = 0x01;
561aafbc 3037
a8b2d5c2 3038 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3039 name_known = eir_has_data_type(info->data,
04124681
GP		 3040 sizeof(info->data),
3041 EIR_NAME_COMPLETE);
561aafbc
JH		 3042 else
3043 name_known = true;
3044
388fc8fa 3045 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3046 &ssp);
9d939d94 3047 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3048 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3049 info->dev_class, info->rssi, !name_known,
9d939d94 3050 ssp, info->data, eir_len);
a9de9248
MH		 3051 }
3052
3053 hci_dev_unlock(hdev);
3054}
1da177e4 3055
6039aa73 3056static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3057{
3058 /* If remote requests dedicated bonding follow that lead */
3059 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3060 /* If both remote and local IO capabilities allow MITM
3061 * protection then require it, otherwise don't */
3062 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3063 return 0x02;
3064 else
3065 return 0x03;
3066 }
3067
3068 /* If remote requests no-bonding follow that lead */
3069 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3070 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3071
3072 return conn->auth_type;
3073}
3074
6039aa73 3075static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3076{
3077 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3078 struct hci_conn *conn;
3079
3080 BT_DBG("%s", hdev->name);
3081
3082 hci_dev_lock(hdev);
3083
3084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3085 if (!conn)
3086 goto unlock;
3087
3088 hci_conn_hold(conn);
3089
a8b2d5c2 3090 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3091 goto unlock;
3092
a8b2d5c2 3093 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3094 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3095 struct hci_cp_io_capability_reply cp;
3096
3097 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3098 /* Change the IO capability from KeyboardDisplay
3099 * to DisplayYesNo as it is not supported by BT spec. */
3100 cp.capability = (conn->io_capability == 0x04) ?
3101 0x01 : conn->io_capability;
7cbc9bd9
JH		 3102 conn->auth_type = hci_get_auth_req(conn);
3103 cp.authentication = conn->auth_type;
17fa4b9d 3104
8fc9ced3
GP		 3105 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3106 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3107 cp.oob_data = 0x01;
3108 else
3109 cp.oob_data = 0x00;
3110
17fa4b9d 3111 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3112 sizeof(cp), &cp);
03b555e1
JH		 3113 } else {
3114 struct hci_cp_io_capability_neg_reply cp;
3115
3116 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3117 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3118
03b555e1 3119 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3120 sizeof(cp), &cp);
03b555e1
JH		 3121 }
3122
3123unlock:
3124 hci_dev_unlock(hdev);
3125}
3126
6039aa73 3127static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3128{
3129 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3130 struct hci_conn *conn;
3131
3132 BT_DBG("%s", hdev->name);
3133
3134 hci_dev_lock(hdev);
3135
3136 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3137 if (!conn)
3138 goto unlock;
3139
03b555e1 3140 conn->remote_cap = ev->capability;
03b555e1 3141 conn->remote_auth = ev->authentication;
58a681ef
JH		 3142 if (ev->oob_data)
3143 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3144
3145unlock:
0493684e
MH		 3146 hci_dev_unlock(hdev);
3147}
3148
6039aa73
GP		 3149static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3150 struct sk_buff *skb)
a5c29683
JH		 3151{
3152 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3153 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3154 struct hci_conn *conn;
a5c29683
JH		 3155
3156 BT_DBG("%s", hdev->name);
3157
3158 hci_dev_lock(hdev);
3159
a8b2d5c2 3160 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3161 goto unlock;
a5c29683 3162
7a828908
JH		 3163 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3164 if (!conn)
3165 goto unlock;
3166
3167 loc_mitm = (conn->auth_type & 0x01);
3168 rem_mitm = (conn->remote_auth & 0x01);
3169
3170 /* If we require MITM but the remote device can't provide that
3171 * (it has NoInputNoOutput) then reject the confirmation
3172 * request. The only exception is when we're dedicated bonding
3173 * initiators (connect_cfm_cb set) since then we always have the MITM
3174 * bit set. */
3175 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3176 BT_DBG("Rejecting request: remote device can't provide MITM");
3177 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3178 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3179 goto unlock;
3180 }
3181
3182 /* If no side requires MITM protection; auto-accept */
3183 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3184 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3185
3186 /* If we're not the initiators request authorization to
3187 * proceed from user space (mgmt_user_confirm with
3188 * confirm_hint set to 1). */
51a8efd7 3189 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3190 BT_DBG("Confirming auto-accept as acceptor");
3191 confirm_hint = 1;
3192 goto confirm;
3193 }
3194
9f61656a 3195 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3196 hdev->auto_accept_delay);
9f61656a
JH		 3197
3198 if (hdev->auto_accept_delay > 0) {
3199 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3200 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3201 goto unlock;
3202 }
3203
7a828908 3204 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3205 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3206 goto unlock;
3207 }
3208
55bc1a37 3209confirm:
272d90df 3210 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3211 confirm_hint);
7a828908
JH		 3212
3213unlock:
a5c29683
JH		 3214 hci_dev_unlock(hdev);
3215}
3216
6039aa73
GP		 3217static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3218 struct sk_buff *skb)
1143d458
BG		 3219{
3220 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3221
3222 BT_DBG("%s", hdev->name);
3223
3224 hci_dev_lock(hdev);
3225
a8b2d5c2 3226 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3227 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3228
3229 hci_dev_unlock(hdev);
3230}
3231
6039aa73
GP		 3232static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3233 struct sk_buff *skb)
0493684e
MH		 3234{
3235 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3236 struct hci_conn *conn;
3237
3238 BT_DBG("%s", hdev->name);
3239
3240 hci_dev_lock(hdev);
3241
3242 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3243 if (!conn)
3244 goto unlock;
3245
3246 /* To avoid duplicate auth_failed events to user space we check
3247 * the HCI_CONN_AUTH_PEND flag which will be set if we
3248 * initiated the authentication. A traditional auth_complete
3249 * event gets always produced as initiator and is also mapped to
3250 * the mgmt_auth_failed event */
51a8efd7 3251 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3252 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3253 ev->status);
0493684e 3254
2a611692
JH		 3255 hci_conn_put(conn);
3256
3257unlock:
0493684e
MH		 3258 hci_dev_unlock(hdev);
3259}
3260
6039aa73
GP		 3261static void hci_remote_host_features_evt(struct hci_dev *hdev,
3262 struct sk_buff *skb)
41a96212
MH		 3263{
3264 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3265 struct inquiry_entry *ie;
3266
3267 BT_DBG("%s", hdev->name);
3268
3269 hci_dev_lock(hdev);
3270
cc11b9c1
AE		 3271 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3272 if (ie)
02b7cc62 3273 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3274
3275 hci_dev_unlock(hdev);
3276}
3277
6039aa73
GP		 3278static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3279 struct sk_buff *skb)
2763eda6
SJ		 3280{
3281 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3282 struct oob_data *data;
3283
3284 BT_DBG("%s", hdev->name);
3285
3286 hci_dev_lock(hdev);
3287
a8b2d5c2 3288 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3289 goto unlock;
3290
2763eda6
SJ		 3291 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3292 if (data) {
3293 struct hci_cp_remote_oob_data_reply cp;
3294
3295 bacpy(&cp.bdaddr, &ev->bdaddr);
3296 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3297 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3298
3299 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3300 &cp);
2763eda6
SJ		 3301 } else {
3302 struct hci_cp_remote_oob_data_neg_reply cp;
3303
3304 bacpy(&cp.bdaddr, &ev->bdaddr);
3305 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3306 &cp);
2763eda6
SJ		 3307 }
3308
e1ba1f15 3309unlock:
2763eda6
SJ		 3310 hci_dev_unlock(hdev);
3311}
3312
6039aa73 3313static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3314{
3315 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3316 struct hci_conn *conn;
3317
3318 BT_DBG("%s status %d", hdev->name, ev->status);
3319
3320 hci_dev_lock(hdev);
3321
3322 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3323 if (!conn) {
3324 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3325 if (!conn) {
3326 BT_ERR("No memory for new connection");
3327 hci_dev_unlock(hdev);
3328 return;
3329 }
29b7988a
AG		 3330
3331 conn->dst_type = ev->bdaddr_type;
b62f328b 3332 }
fcd89c09
VT		 3333
3334 if (ev->status) {
48264f06 3335 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
807deac2 3336 conn->dst_type, ev->status);
fcd89c09
VT		 3337 hci_proto_connect_cfm(conn, ev->status);
3338 conn->state = BT_CLOSED;
3339 hci_conn_del(conn);
3340 goto unlock;
3341 }
3342
b644ba33
JH		 3343 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3344 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3345 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3346
7b5c0d52 3347 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3348 conn->handle = __le16_to_cpu(ev->handle);
3349 conn->state = BT_CONNECTED;
3350
3351 hci_conn_hold_device(conn);
3352 hci_conn_add_sysfs(conn);
3353
3354 hci_proto_connect_cfm(conn, ev->status);
3355
3356unlock:
3357 hci_dev_unlock(hdev);
3358}
3359
6039aa73 3360static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3361{
e95beb41
AG		 3362 u8 num_reports = skb->data[0];
3363 void *ptr = &skb->data[1];
3c9e9195 3364 s8 rssi;
9aa04c91
AG		 3365
3366 hci_dev_lock(hdev);
3367
e95beb41
AG		 3368 while (num_reports--) {
3369 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3370
3c9e9195
AG		 3371 rssi = ev->data[ev->length];
3372 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3373 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3374
e95beb41 3375 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3376 }
3377
3378 hci_dev_unlock(hdev);
3379}
3380
6039aa73 3381static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3382{
3383 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3384 struct hci_cp_le_ltk_reply cp;
bea710fe 3385 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3386 struct hci_conn *conn;
c9839a11 3387 struct smp_ltk *ltk;
a7a595f6 3388
e4666881 3389 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3390
3391 hci_dev_lock(hdev);
3392
3393 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3394 if (conn == NULL)
3395 goto not_found;
a7a595f6 3396
bea710fe
VCG		 3397 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3398 if (ltk == NULL)
3399 goto not_found;
3400
3401 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3402 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3403
3404 if (ltk->authenticated)
3405 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3406
3407 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3408
c9839a11
VCG		 3409 if (ltk->type & HCI_SMP_STK) {
3410 list_del(&ltk->list);
3411 kfree(ltk);
3412 }
3413
a7a595f6 3414 hci_dev_unlock(hdev);
bea710fe
VCG		 3415
3416 return;
3417
3418not_found:
3419 neg.handle = ev->handle;
3420 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3421 hci_dev_unlock(hdev);
a7a595f6
VCG		 3422}
3423
6039aa73 3424static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3425{
3426 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3427
3428 skb_pull(skb, sizeof(*le_ev));
3429
3430 switch (le_ev->subevent) {
3431 case HCI_EV_LE_CONN_COMPLETE:
3432 hci_le_conn_complete_evt(hdev, skb);
3433 break;
3434
9aa04c91
AG		 3435 case HCI_EV_LE_ADVERTISING_REPORT:
3436 hci_le_adv_report_evt(hdev, skb);
3437 break;
3438
a7a595f6
VCG		 3439 case HCI_EV_LE_LTK_REQ:
3440 hci_le_ltk_request_evt(hdev, skb);
3441 break;
3442
fcd89c09
VT		 3443 default:
3444 break;
3445 }
3446}
3447
a9de9248
MH		 3448void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3449{
3450 struct hci_event_hdr *hdr = (void *) skb->data;
3451 __u8 event = hdr->evt;
3452
3453 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3454
3455 switch (event) {
1da177e4
LT		 3456 case HCI_EV_INQUIRY_COMPLETE:
3457 hci_inquiry_complete_evt(hdev, skb);
3458 break;
3459
3460 case HCI_EV_INQUIRY_RESULT:
3461 hci_inquiry_result_evt(hdev, skb);
3462 break;
3463
a9de9248
MH		 3464 case HCI_EV_CONN_COMPLETE:
3465 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3466 break;
3467
1da177e4
LT		 3468 case HCI_EV_CONN_REQUEST:
3469 hci_conn_request_evt(hdev, skb);
3470 break;
3471
1da177e4
LT		 3472 case HCI_EV_DISCONN_COMPLETE:
3473 hci_disconn_complete_evt(hdev, skb);
3474 break;
3475
1da177e4
LT		 3476 case HCI_EV_AUTH_COMPLETE:
3477 hci_auth_complete_evt(hdev, skb);
3478 break;
3479
a9de9248
MH		 3480 case HCI_EV_REMOTE_NAME:
3481 hci_remote_name_evt(hdev, skb);
3482 break;
3483
1da177e4
LT		 3484 case HCI_EV_ENCRYPT_CHANGE:
3485 hci_encrypt_change_evt(hdev, skb);
3486 break;
3487
a9de9248
MH		 3488 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3489 hci_change_link_key_complete_evt(hdev, skb);
3490 break;
3491
3492 case HCI_EV_REMOTE_FEATURES:
3493 hci_remote_features_evt(hdev, skb);
3494 break;
3495
3496 case HCI_EV_REMOTE_VERSION:
3497 hci_remote_version_evt(hdev, skb);
3498 break;
3499
3500 case HCI_EV_QOS_SETUP_COMPLETE:
3501 hci_qos_setup_complete_evt(hdev, skb);
3502 break;
3503
3504 case HCI_EV_CMD_COMPLETE:
3505 hci_cmd_complete_evt(hdev, skb);
3506 break;
3507
3508 case HCI_EV_CMD_STATUS:
3509 hci_cmd_status_evt(hdev, skb);
3510 break;
3511
3512 case HCI_EV_ROLE_CHANGE:
3513 hci_role_change_evt(hdev, skb);
3514 break;
3515
3516 case HCI_EV_NUM_COMP_PKTS:
3517 hci_num_comp_pkts_evt(hdev, skb);
3518 break;
3519
3520 case HCI_EV_MODE_CHANGE:
3521 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3522 break;
3523
3524 case HCI_EV_PIN_CODE_REQ:
3525 hci_pin_code_request_evt(hdev, skb);
3526 break;
3527
3528 case HCI_EV_LINK_KEY_REQ:
3529 hci_link_key_request_evt(hdev, skb);
3530 break;
3531
3532 case HCI_EV_LINK_KEY_NOTIFY:
3533 hci_link_key_notify_evt(hdev, skb);
3534 break;
3535
3536 case HCI_EV_CLOCK_OFFSET:
3537 hci_clock_offset_evt(hdev, skb);
3538 break;
3539
a8746417
MH		 3540 case HCI_EV_PKT_TYPE_CHANGE:
3541 hci_pkt_type_change_evt(hdev, skb);
3542 break;
3543
85a1e930
MH		 3544 case HCI_EV_PSCAN_REP_MODE:
3545 hci_pscan_rep_mode_evt(hdev, skb);
3546 break;
3547
a9de9248
MH		 3548 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3549 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3550 break;
3551
a9de9248
MH		 3552 case HCI_EV_REMOTE_EXT_FEATURES:
3553 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3554 break;
3555
a9de9248
MH		 3556 case HCI_EV_SYNC_CONN_COMPLETE:
3557 hci_sync_conn_complete_evt(hdev, skb);
3558 break;
1da177e4 3559
a9de9248
MH		 3560 case HCI_EV_SYNC_CONN_CHANGED:
3561 hci_sync_conn_changed_evt(hdev, skb);
3562 break;
1da177e4 3563
a9de9248
MH		 3564 case HCI_EV_SNIFF_SUBRATE:
3565 hci_sniff_subrate_evt(hdev, skb);
3566 break;
1da177e4 3567
a9de9248
MH		 3568 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3569 hci_extended_inquiry_result_evt(hdev, skb);
3570 break;
1da177e4 3571
0493684e
MH		 3572 case HCI_EV_IO_CAPA_REQUEST:
3573 hci_io_capa_request_evt(hdev, skb);
3574 break;
3575
03b555e1
JH		 3576 case HCI_EV_IO_CAPA_REPLY:
3577 hci_io_capa_reply_evt(hdev, skb);
3578 break;
3579
a5c29683
JH		 3580 case HCI_EV_USER_CONFIRM_REQUEST:
3581 hci_user_confirm_request_evt(hdev, skb);
3582 break;
3583
1143d458
BG		 3584 case HCI_EV_USER_PASSKEY_REQUEST:
3585 hci_user_passkey_request_evt(hdev, skb);
3586 break;
3587
0493684e
MH		 3588 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3589 hci_simple_pair_complete_evt(hdev, skb);
3590 break;
3591
41a96212
MH		 3592 case HCI_EV_REMOTE_HOST_FEATURES:
3593 hci_remote_host_features_evt(hdev, skb);
3594 break;
3595
fcd89c09
VT		 3596 case HCI_EV_LE_META:
3597 hci_le_meta_evt(hdev, skb);
3598 break;
3599
2763eda6
SJ		 3600 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3601 hci_remote_oob_data_request_evt(hdev, skb);
3602 break;
3603
25e89e99
AE		 3604 case HCI_EV_NUM_COMP_BLOCKS:
3605 hci_num_comp_blocks_evt(hdev, skb);
3606 break;
3607
a9de9248
MH		 3608 default:
3609 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3610 break;
3611 }
3612
3613 kfree_skb(skb);
3614 hdev->stat.evt_rx++;
3615}
Linux kernel - Deliverables
This page took 0.837793 seconds and 5 git commands to generate.