projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: convert conn hash to RCU
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h>
40
41#include <asm/system.h>
70f23020 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47
e6100a25
AG		 48static int enable_le;
49
1da177e4
LT		 50/* Handle HCI Event packets */
51
a9de9248 52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 53{
a9de9248 54 __u8 status = *((__u8 *) skb->data);
1da177e4 55
a9de9248 56 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 57
e6d465cb
AG		 58 if (status) {
59 hci_dev_lock(hdev);
60 mgmt_stop_discovery_failed(hdev, status);
61 hci_dev_unlock(hdev);
a9de9248 62 return;
e6d465cb 63 }
1da177e4 64
89352e7d
AG		 65 clear_bit(HCI_INQUIRY, &hdev->flags);
66
56e5cb86 67 hci_dev_lock(hdev);
744cf19e 68 mgmt_discovering(hdev, 0);
56e5cb86 69 hci_dev_unlock(hdev);
6bd57416 70
23bb5763 71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 72
73 hci_conn_check_pending(hdev);
74}
6bd57416 75
a9de9248
MH		 76static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77{
78 __u8 status = *((__u8 *) skb->data);
6bd57416 79
a9de9248 80 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 81
a9de9248
MH		 82 if (status)
83 return;
1da177e4 84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
a9de9248 141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
e4e8e37c
MH		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
171static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172{
173 __u8 status = *((__u8 *) skb->data);
174 void *sent;
175
176 BT_DBG("%s status 0x%x", hdev->name, status);
177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent)
180 return;
181
182 if (!status)
183 hdev->link_policy = get_unaligned_le16(sent);
184
23bb5763 185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
a9de9248 192 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
23bb5763 196 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8
AG		 197
198 hdev->dev_flags = 0;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
b312b161 214 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 215 mgmt_set_local_name_complete(hdev, sent, status);
b312b161 216
56e5cb86
JH		 217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
b312b161 219
56e5cb86 220 hci_dev_unlock(hdev);
a9de9248
MH		 221}
222
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224{
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
226
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
228
229 if (rp->status)
230 return;
231
1f6c6378 232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 233}
234
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236{
237 __u8 status = *((__u8 *) skb->data);
238 void *sent;
239
240 BT_DBG("%s status 0x%x", hdev->name, status);
241
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
243 if (!sent)
244 return;
245
246 if (!status) {
247 __u8 param = *((__u8 *) sent);
248
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
251 else
252 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 253 }
a9de9248 254
23bb5763 255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 256}
257
a9de9248 258static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 259{
a9de9248 260 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 261 void *sent;
262
a9de9248 263 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 264
a9de9248
MH		 265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
266 if (!sent)
267 return;
1da177e4 268
a9de9248
MH		 269 if (!status) {
270 __u8 param = *((__u8 *) sent);
271
272 if (param)
273 set_bit(HCI_ENCRYPT, &hdev->flags);
274 else
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
276 }
1da177e4 277
23bb5763 278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 279}
1da177e4 280
a9de9248
MH		 281static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
282{
36f7fc7e
JH		 283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
a9de9248 285 void *sent;
1da177e4 286
a9de9248 287 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 288
a9de9248
MH		 289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 if (!sent)
291 return;
1da177e4 292
36f7fc7e
JH		 293 param = *((__u8 *) sent);
294
56e5cb86
JH		 295 hci_dev_lock(hdev);
296
2d7cee58 297 if (status != 0) {
744cf19e 298 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 299 hdev->discov_timeout = 0;
300 goto done;
301 }
302
36f7fc7e
JH		 303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
305
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
308 if (!old_iscan)
744cf19e 309 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
313 to);
314 }
36f7fc7e 315 } else if (old_iscan)
744cf19e 316 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 317
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
320 if (!old_pscan)
744cf19e 321 mgmt_connectable(hdev, 1);
36f7fc7e 322 } else if (old_pscan)
744cf19e 323 mgmt_connectable(hdev, 0);
1da177e4 324
36f7fc7e 325done:
56e5cb86 326 hci_dev_unlock(hdev);
23bb5763 327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 328}
1da177e4 329
a9de9248
MH		 330static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331{
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 333
a9de9248 334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 335
a9de9248
MH		 336 if (rp->status)
337 return;
1da177e4 338
a9de9248 339 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 340
a9de9248
MH		 341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
343}
1da177e4 344
a9de9248
MH		 345static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
346{
347 __u8 status = *((__u8 *) skb->data);
348 void *sent;
1da177e4 349
a9de9248 350 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 351
f383f275
MH		 352 if (status)
353 return;
354
a9de9248
MH		 355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent)
357 return;
1da177e4 358
f383f275 359 memcpy(hdev->dev_class, sent, 3);
a9de9248 360}
1da177e4 361
a9de9248
MH		 362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
363{
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
365 __u16 setting;
366
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
368
369 if (rp->status)
370 return;
371
372 setting = __le16_to_cpu(rp->voice_setting);
373
f383f275 374 if (hdev->voice_setting == setting)
a9de9248
MH		 375 return;
376
377 hdev->voice_setting = setting;
378
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
380
381 if (hdev->notify) {
382 tasklet_disable(&hdev->tx_task);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
384 tasklet_enable(&hdev->tx_task);
385 }
386}
387
388static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
389{
390 __u8 status = *((__u8 *) skb->data);
f383f275 391 __u16 setting;
a9de9248
MH		 392 void *sent;
393
394 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 395
f383f275
MH		 396 if (status)
397 return;
398
a9de9248
MH		 399 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 if (!sent)
401 return;
1da177e4 402
f383f275 403 setting = get_unaligned_le16(sent);
1da177e4 404
f383f275
MH		 405 if (hdev->voice_setting == setting)
406 return;
407
408 hdev->voice_setting = setting;
1da177e4 409
f383f275 410 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 411
f383f275
MH		 412 if (hdev->notify) {
413 tasklet_disable(&hdev->tx_task);
414 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 tasklet_enable(&hdev->tx_task);
1da177e4
LT		 416 }
417}
418
a9de9248 419static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 420{
a9de9248 421 __u8 status = *((__u8 *) skb->data);
1da177e4 422
a9de9248 423 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 424
23bb5763 425 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 426}
1143e5a6 427
333140b5
MH		 428static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429{
430 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
431
432 BT_DBG("%s status 0x%x", hdev->name, rp->status);
433
434 if (rp->status)
435 return;
436
437 hdev->ssp_mode = rp->mode;
438}
439
440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
443 void *sent;
444
445 BT_DBG("%s status 0x%x", hdev->name, status);
446
447 if (status)
448 return;
449
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (!sent)
452 return;
453
454 hdev->ssp_mode = *((__u8 *) sent);
455}
456
d5859e22
JH		 457static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
458{
459 if (hdev->features[6] & LMP_EXT_INQ)
460 return 2;
461
462 if (hdev->features[3] & LMP_RSSI_INQ)
463 return 1;
464
465 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
466 hdev->lmp_subver == 0x0757)
467 return 1;
468
469 if (hdev->manufacturer == 15) {
470 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
471 return 1;
472 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
475 return 1;
476 }
477
478 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
479 hdev->lmp_subver == 0x1805)
480 return 1;
481
482 return 0;
483}
484
485static void hci_setup_inquiry_mode(struct hci_dev *hdev)
486{
487 u8 mode;
488
489 mode = hci_get_inquiry_mode(hdev);
490
491 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
492}
493
494static void hci_setup_event_mask(struct hci_dev *hdev)
495{
496 /* The second byte is 0xff instead of 0x9f (two reserved bits
497 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
498 * command otherwise */
499 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
500
6de6c18d
VT		 501 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
502 * any event mask for pre 1.2 devices */
5a13b095 503 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 504 return;
505
506 events[4] |= 0x01; /* Flow Specification Complete */
507 events[4] |= 0x02; /* Inquiry Result with RSSI */
508 events[4] |= 0x04; /* Read Remote Extended Features Complete */
509 events[5] |= 0x08; /* Synchronous Connection Complete */
510 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 511
512 if (hdev->features[3] & LMP_RSSI_INQ)
513 events[4] |= 0x04; /* Inquiry Result with RSSI */
514
515 if (hdev->features[5] & LMP_SNIFF_SUBR)
516 events[5] |= 0x20; /* Sniff Subrating */
517
518 if (hdev->features[5] & LMP_PAUSE_ENC)
519 events[5] |= 0x80; /* Encryption Key Refresh Complete */
520
521 if (hdev->features[6] & LMP_EXT_INQ)
522 events[5] |= 0x40; /* Extended Inquiry Result */
523
524 if (hdev->features[6] & LMP_NO_FLUSH)
525 events[7] |= 0x01; /* Enhanced Flush Complete */
526
527 if (hdev->features[7] & LMP_LSTO)
528 events[6] |= 0x80; /* Link Supervision Timeout Changed */
529
530 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
531 events[6] |= 0x01; /* IO Capability Request */
532 events[6] |= 0x02; /* IO Capability Response */
533 events[6] |= 0x04; /* User Confirmation Request */
534 events[6] |= 0x08; /* User Passkey Request */
535 events[6] |= 0x10; /* Remote OOB Data Request */
536 events[6] |= 0x20; /* Simple Pairing Complete */
537 events[7] |= 0x04; /* User Passkey Notification */
538 events[7] |= 0x08; /* Keypress Notification */
539 events[7] |= 0x10; /* Remote Host Supported
540 * Features Notification */
541 }
542
543 if (hdev->features[4] & LMP_LE)
544 events[7] |= 0x20; /* LE Meta-Event */
545
546 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
547}
548
e6100a25
AG		 549static void hci_set_le_support(struct hci_dev *hdev)
550{
551 struct hci_cp_write_le_host_supported cp;
552
553 memset(&cp, 0, sizeof(cp));
554
555 if (enable_le) {
556 cp.le = 1;
557 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
558 }
559
560 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
561}
562
d5859e22
JH		 563static void hci_setup(struct hci_dev *hdev)
564{
565 hci_setup_event_mask(hdev);
566
d095c1eb 567 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 568 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
569
570 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
571 u8 mode = 0x01;
572 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
573 }
574
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
577
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 580
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
583
584 cp.page = 0x01;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
586 sizeof(cp), &cp);
587 }
e6100a25
AG		 588
589 if (hdev->features[4] & LMP_LE)
590 hci_set_le_support(hdev);
d5859e22
JH		 591}
592
a9de9248
MH		 593static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
594{
595 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 596
a9de9248 597 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 598
a9de9248
MH		 599 if (rp->status)
600 return;
1143e5a6 601
a9de9248 602 hdev->hci_ver = rp->hci_ver;
e4e8e37c 603 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 604 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 605 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 606 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 607
a9de9248
MH		 608 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
609 hdev->manufacturer,
610 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 611
612 if (test_bit(HCI_INIT, &hdev->flags))
613 hci_setup(hdev);
614}
615
616static void hci_setup_link_policy(struct hci_dev *hdev)
617{
618 u16 link_policy = 0;
619
620 if (hdev->features[0] & LMP_RSWITCH)
621 link_policy |= HCI_LP_RSWITCH;
622 if (hdev->features[0] & LMP_HOLD)
623 link_policy |= HCI_LP_HOLD;
624 if (hdev->features[0] & LMP_SNIFF)
625 link_policy |= HCI_LP_SNIFF;
626 if (hdev->features[1] & LMP_PARK)
627 link_policy |= HCI_LP_PARK;
628
629 link_policy = cpu_to_le16(link_policy);
630 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
631 sizeof(link_policy), &link_policy);
a9de9248 632}
1da177e4 633
a9de9248
MH		 634static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
635{
636 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 637
a9de9248 638 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 639
a9de9248 640 if (rp->status)
d5859e22 641 goto done;
1da177e4 642
a9de9248 643 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 644
645 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
646 hci_setup_link_policy(hdev);
647
648done:
649 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 650}
1da177e4 651
a9de9248
MH		 652static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
653{
654 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 655
a9de9248 656 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 657
a9de9248
MH		 658 if (rp->status)
659 return;
5b7f9909 660
a9de9248 661 memcpy(hdev->features, rp->features, 8);
5b7f9909 662
a9de9248
MH		 663 /* Adjust default settings according to features
664 * supported by device. */
1da177e4 665
a9de9248
MH		 666 if (hdev->features[0] & LMP_3SLOT)
667 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 668
a9de9248
MH		 669 if (hdev->features[0] & LMP_5SLOT)
670 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 671
a9de9248
MH		 672 if (hdev->features[1] & LMP_HV2) {
673 hdev->pkt_type |= (HCI_HV2);
674 hdev->esco_type |= (ESCO_HV2);
675 }
1da177e4 676
a9de9248
MH		 677 if (hdev->features[1] & LMP_HV3) {
678 hdev->pkt_type |= (HCI_HV3);
679 hdev->esco_type |= (ESCO_HV3);
680 }
1da177e4 681
a9de9248
MH		 682 if (hdev->features[3] & LMP_ESCO)
683 hdev->esco_type |= (ESCO_EV3);
da1f5198 684
a9de9248
MH		 685 if (hdev->features[4] & LMP_EV4)
686 hdev->esco_type |= (ESCO_EV4);
da1f5198 687
a9de9248
MH		 688 if (hdev->features[4] & LMP_EV5)
689 hdev->esco_type |= (ESCO_EV5);
1da177e4 690
efc7688b
MH		 691 if (hdev->features[5] & LMP_EDR_ESCO_2M)
692 hdev->esco_type |= (ESCO_2EV3);
693
694 if (hdev->features[5] & LMP_EDR_ESCO_3M)
695 hdev->esco_type |= (ESCO_3EV3);
696
697 if (hdev->features[5] & LMP_EDR_3S_ESCO)
698 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
699
a9de9248
MH		 700 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
701 hdev->features[0], hdev->features[1],
702 hdev->features[2], hdev->features[3],
703 hdev->features[4], hdev->features[5],
704 hdev->features[6], hdev->features[7]);
705}
1da177e4 706
971e3a4b
AG		 707static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
708 struct sk_buff *skb)
709{
710 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
711
712 BT_DBG("%s status 0x%x", hdev->name, rp->status);
713
714 if (rp->status)
715 return;
716
717 memcpy(hdev->extfeatures, rp->features, 8);
718
719 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
720}
721
1e89cffb
AE		 722static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
723 struct sk_buff *skb)
724{
725 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
726
727 BT_DBG("%s status 0x%x", hdev->name, rp->status);
728
729 if (rp->status)
730 return;
731
732 hdev->flow_ctl_mode = rp->mode;
733
734 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
735}
736
a9de9248
MH		 737static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
738{
739 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 740
a9de9248 741 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 742
a9de9248
MH		 743 if (rp->status)
744 return;
1da177e4 745
a9de9248
MH		 746 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
747 hdev->sco_mtu = rp->sco_mtu;
748 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
749 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
750
751 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
752 hdev->sco_mtu = 64;
753 hdev->sco_pkts = 8;
1da177e4 754 }
a9de9248
MH		 755
756 hdev->acl_cnt = hdev->acl_pkts;
757 hdev->sco_cnt = hdev->sco_pkts;
758
759 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
760 hdev->acl_mtu, hdev->acl_pkts,
761 hdev->sco_mtu, hdev->sco_pkts);
762}
763
764static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
765{
766 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
767
768 BT_DBG("%s status 0x%x", hdev->name, rp->status);
769
770 if (!rp->status)
771 bacpy(&hdev->bdaddr, &rp->bdaddr);
772
23bb5763
JH		 773 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
774}
775
776static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
777{
778 __u8 status = *((__u8 *) skb->data);
779
780 BT_DBG("%s status 0x%x", hdev->name, status);
781
782 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 783}
784
928abaa7
AE		 785static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
786 struct sk_buff *skb)
787{
788 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
789
790 BT_DBG("%s status 0x%x", hdev->name, rp->status);
791
792 if (rp->status)
793 return;
794
795 hdev->amp_status = rp->amp_status;
796 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
797 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
798 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
799 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
800 hdev->amp_type = rp->amp_type;
801 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
802 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
803 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
804 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
805
806 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
807}
808
b0916ea0
JH		 809static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
810 struct sk_buff *skb)
811{
812 __u8 status = *((__u8 *) skb->data);
813
814 BT_DBG("%s status 0x%x", hdev->name, status);
815
816 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
817}
818
d5859e22
JH		 819static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
820{
821 __u8 status = *((__u8 *) skb->data);
822
823 BT_DBG("%s status 0x%x", hdev->name, status);
824
825 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
826}
827
828static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
829 struct sk_buff *skb)
830{
831 __u8 status = *((__u8 *) skb->data);
832
833 BT_DBG("%s status 0x%x", hdev->name, status);
834
835 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
836}
837
838static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
839 struct sk_buff *skb)
840{
841 __u8 status = *((__u8 *) skb->data);
842
843 BT_DBG("%s status 0x%x", hdev->name, status);
844
845 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
846}
847
848static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
849{
850 __u8 status = *((__u8 *) skb->data);
851
852 BT_DBG("%s status 0x%x", hdev->name, status);
853
854 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
855}
856
980e1a53
JH		 857static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
858{
859 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
860 struct hci_cp_pin_code_reply *cp;
861 struct hci_conn *conn;
862
863 BT_DBG("%s status 0x%x", hdev->name, rp->status);
864
56e5cb86
JH		 865 hci_dev_lock(hdev);
866
980e1a53 867 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 868 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 869
870 if (rp->status != 0)
56e5cb86 871 goto unlock;
980e1a53
JH		 872
873 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
874 if (!cp)
56e5cb86 875 goto unlock;
980e1a53
JH		 876
877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
878 if (conn)
879 conn->pin_length = cp->pin_len;
56e5cb86
JH		 880
881unlock:
882 hci_dev_unlock(hdev);
980e1a53
JH		 883}
884
885static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
886{
887 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
888
889 BT_DBG("%s status 0x%x", hdev->name, rp->status);
890
56e5cb86
JH		 891 hci_dev_lock(hdev);
892
980e1a53 893 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 894 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 895 rp->status);
56e5cb86
JH		 896
897 hci_dev_unlock(hdev);
980e1a53 898}
56e5cb86 899
6ed58ec5
VT		 900static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
901 struct sk_buff *skb)
902{
903 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
904
905 BT_DBG("%s status 0x%x", hdev->name, rp->status);
906
907 if (rp->status)
908 return;
909
910 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
911 hdev->le_pkts = rp->le_max_pkt;
912
913 hdev->le_cnt = hdev->le_pkts;
914
915 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
916
917 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
918}
980e1a53 919
a5c29683
JH		 920static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
921{
922 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
923
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
925
56e5cb86
JH		 926 hci_dev_lock(hdev);
927
a5c29683 928 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 929 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
a5c29683 930 rp->status);
56e5cb86
JH		 931
932 hci_dev_unlock(hdev);
a5c29683
JH		 933}
934
935static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
936 struct sk_buff *skb)
937{
938 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
939
940 BT_DBG("%s status 0x%x", hdev->name, rp->status);
941
56e5cb86
JH		 942 hci_dev_lock(hdev);
943
a5c29683 944 if (test_bit(HCI_MGMT, &hdev->flags))
744cf19e 945 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
a5c29683 946 rp->status);
56e5cb86
JH		 947
948 hci_dev_unlock(hdev);
a5c29683
JH		 949}
950
1143d458
BG		 951static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
952{
953 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
956
957 hci_dev_lock(hdev);
958
959 if (test_bit(HCI_MGMT, &hdev->flags))
960 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
961 rp->status);
962
963 hci_dev_unlock(hdev);
964}
965
966static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
967 struct sk_buff *skb)
968{
969 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
970
971 BT_DBG("%s status 0x%x", hdev->name, rp->status);
972
973 hci_dev_lock(hdev);
974
975 if (test_bit(HCI_MGMT, &hdev->flags))
976 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
977 rp->status);
978
979 hci_dev_unlock(hdev);
980}
981
c35938b2
SJ		 982static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
983 struct sk_buff *skb)
984{
985 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
986
987 BT_DBG("%s status 0x%x", hdev->name, rp->status);
988
56e5cb86 989 hci_dev_lock(hdev);
744cf19e 990 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 991 rp->randomizer, rp->status);
56e5cb86 992 hci_dev_unlock(hdev);
c35938b2
SJ		 993}
994
07f7fa5d
AG		 995static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
996{
997 __u8 status = *((__u8 *) skb->data);
998
999 BT_DBG("%s status 0x%x", hdev->name, status);
1000}
1001
eb9d91f5
AG		 1002static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1004{
1005 struct hci_cp_le_set_scan_enable *cp;
1006 __u8 status = *((__u8 *) skb->data);
1007
1008 BT_DBG("%s status 0x%x", hdev->name, status);
1009
1010 if (status)
1011 return;
1012
1013 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1014 if (!cp)
1015 return;
1016
35815085 1017 if (cp->enable == 0x01) {
d23264a8
AG		 1018 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1019
db323f2f 1020 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1021
1022 hci_dev_lock(hdev);
eb9d91f5 1023 hci_adv_entries_clear(hdev);
a8f13c8c 1024 hci_dev_unlock(hdev);
35815085 1025 } else if (cp->enable == 0x00) {
d23264a8
AG		 1026 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1027
db323f2f
GP		 1028 cancel_delayed_work_sync(&hdev->adv_work);
1029 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1030 jiffies + ADV_CLEAR_TIMEOUT);
35815085 1031 }
eb9d91f5
AG		 1032}
1033
a7a595f6
VCG		 1034static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1035{
1036 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1037
1038 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1039
1040 if (rp->status)
1041 return;
1042
1043 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1044}
1045
1046static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1047{
1048 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1049
1050 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1051
1052 if (rp->status)
1053 return;
1054
1055 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1056}
1057
f9b49306
AG		 1058static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1059 struct sk_buff *skb)
1060{
1061 struct hci_cp_read_local_ext_features cp;
1062 __u8 status = *((__u8 *) skb->data);
1063
1064 BT_DBG("%s status 0x%x", hdev->name, status);
1065
1066 if (status)
1067 return;
1068
1069 cp.page = 0x01;
1070 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1071}
1072
a9de9248
MH		 1073static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1074{
1075 BT_DBG("%s status 0x%x", hdev->name, status);
1076
1077 if (status) {
23bb5763 1078 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1079 hci_conn_check_pending(hdev);
56e5cb86 1080 hci_dev_lock(hdev);
164a6e78 1081 if (test_bit(HCI_MGMT, &hdev->flags))
7a135109 1082 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1083 hci_dev_unlock(hdev);
314b2381
JH		 1084 return;
1085 }
1086
89352e7d
AG		 1087 set_bit(HCI_INQUIRY, &hdev->flags);
1088
56e5cb86 1089 hci_dev_lock(hdev);
744cf19e 1090 mgmt_discovering(hdev, 1);
56e5cb86 1091 hci_dev_unlock(hdev);
1da177e4
LT		 1092}
1093
1da177e4
LT		 1094static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1095{
a9de9248 1096 struct hci_cp_create_conn *cp;
1da177e4 1097 struct hci_conn *conn;
1da177e4 1098
a9de9248
MH		 1099 BT_DBG("%s status 0x%x", hdev->name, status);
1100
1101 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1102 if (!cp)
1103 return;
1104
1105 hci_dev_lock(hdev);
1106
1107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1108
a9de9248 1109 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1110
1111 if (status) {
1112 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1113 if (status != 0x0c || conn->attempt > 2) {
1114 conn->state = BT_CLOSED;
1115 hci_proto_connect_cfm(conn, status);
1116 hci_conn_del(conn);
1117 } else
1118 conn->state = BT_CONNECT2;
1da177e4
LT		 1119 }
1120 } else {
1121 if (!conn) {
1122 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1123 if (conn) {
1124 conn->out = 1;
1125 conn->link_mode |= HCI_LM_MASTER;
1126 } else
893ef971 1127 BT_ERR("No memory for new connection");
1da177e4
LT		 1128 }
1129 }
1130
1131 hci_dev_unlock(hdev);
1132}
1133
a9de9248 1134static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1135{
a9de9248
MH		 1136 struct hci_cp_add_sco *cp;
1137 struct hci_conn *acl, *sco;
1138 __u16 handle;
1da177e4 1139
b6a0dc82
MH		 1140 BT_DBG("%s status 0x%x", hdev->name, status);
1141
a9de9248
MH		 1142 if (!status)
1143 return;
1da177e4 1144
a9de9248
MH		 1145 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1146 if (!cp)
1147 return;
1da177e4 1148
a9de9248 1149 handle = __le16_to_cpu(cp->handle);
1da177e4 1150
a9de9248 1151 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1152
a9de9248 1153 hci_dev_lock(hdev);
1da177e4 1154
a9de9248 1155 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1156 if (acl) {
1157 sco = acl->link;
1158 if (sco) {
1159 sco->state = BT_CLOSED;
1da177e4 1160
5a08ecce
AE		 1161 hci_proto_connect_cfm(sco, status);
1162 hci_conn_del(sco);
1163 }
a9de9248 1164 }
1da177e4 1165
a9de9248
MH		 1166 hci_dev_unlock(hdev);
1167}
1da177e4 1168
f8558555
MH		 1169static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1170{
1171 struct hci_cp_auth_requested *cp;
1172 struct hci_conn *conn;
1173
1174 BT_DBG("%s status 0x%x", hdev->name, status);
1175
1176 if (!status)
1177 return;
1178
1179 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1180 if (!cp)
1181 return;
1182
1183 hci_dev_lock(hdev);
1184
1185 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1186 if (conn) {
1187 if (conn->state == BT_CONFIG) {
1188 hci_proto_connect_cfm(conn, status);
1189 hci_conn_put(conn);
1190 }
1191 }
1192
1193 hci_dev_unlock(hdev);
1194}
1195
1196static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1197{
1198 struct hci_cp_set_conn_encrypt *cp;
1199 struct hci_conn *conn;
1200
1201 BT_DBG("%s status 0x%x", hdev->name, status);
1202
1203 if (!status)
1204 return;
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1207 if (!cp)
1208 return;
1209
1210 hci_dev_lock(hdev);
1211
1212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1213 if (conn) {
1214 if (conn->state == BT_CONFIG) {
1215 hci_proto_connect_cfm(conn, status);
1216 hci_conn_put(conn);
1217 }
1218 }
1219
1220 hci_dev_unlock(hdev);
1221}
1222
127178d2 1223static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1224 struct hci_conn *conn)
392599b9 1225{
392599b9
JH		 1226 if (conn->state != BT_CONFIG || !conn->out)
1227 return 0;
1228
765c2a96 1229 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1230 return 0;
1231
1232 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1233 * devices with sec_level HIGH or if MITM protection is requested */
392599b9 1234 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
e9bf2bf0
VCG		 1235 conn->pending_sec_level != BT_SECURITY_HIGH &&
1236 !(conn->auth_type & 0x01))
392599b9
JH		 1237 return 0;
1238
392599b9
JH		 1239 return 1;
1240}
1241
a9de9248
MH		 1242static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1243{
127178d2
JH		 1244 struct hci_cp_remote_name_req *cp;
1245 struct hci_conn *conn;
1246
a9de9248 1247 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1248
1249 /* If successful wait for the name req complete event before
1250 * checking for the need to do authentication */
1251 if (!status)
1252 return;
1253
1254 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1255 if (!cp)
1256 return;
1257
1258 hci_dev_lock(hdev);
1259
1260 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
79c6c70c
JH		 1261 if (!conn)
1262 goto unlock;
1263
1264 if (!hci_outgoing_auth_needed(hdev, conn))
1265 goto unlock;
1266
1267 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1268 struct hci_cp_auth_requested cp;
1269 cp.handle = __cpu_to_le16(conn->handle);
1270 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1271 }
1272
79c6c70c 1273unlock:
127178d2 1274 hci_dev_unlock(hdev);
a9de9248 1275}
1da177e4 1276
769be974
MH		 1277static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1278{
1279 struct hci_cp_read_remote_features *cp;
1280 struct hci_conn *conn;
1281
1282 BT_DBG("%s status 0x%x", hdev->name, status);
1283
1284 if (!status)
1285 return;
1286
1287 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1288 if (!cp)
1289 return;
1290
1291 hci_dev_lock(hdev);
1292
1293 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1294 if (conn) {
1295 if (conn->state == BT_CONFIG) {
769be974
MH		 1296 hci_proto_connect_cfm(conn, status);
1297 hci_conn_put(conn);
1298 }
1299 }
1300
1301 hci_dev_unlock(hdev);
1302}
1303
1304static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1305{
1306 struct hci_cp_read_remote_ext_features *cp;
1307 struct hci_conn *conn;
1308
1309 BT_DBG("%s status 0x%x", hdev->name, status);
1310
1311 if (!status)
1312 return;
1313
1314 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1315 if (!cp)
1316 return;
1317
1318 hci_dev_lock(hdev);
1319
1320 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321 if (conn) {
1322 if (conn->state == BT_CONFIG) {
769be974
MH		 1323 hci_proto_connect_cfm(conn, status);
1324 hci_conn_put(conn);
1325 }
1326 }
1327
1328 hci_dev_unlock(hdev);
1329}
1330
a9de9248
MH		 1331static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1332{
b6a0dc82
MH		 1333 struct hci_cp_setup_sync_conn *cp;
1334 struct hci_conn *acl, *sco;
1335 __u16 handle;
1336
a9de9248 1337 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1338
1339 if (!status)
1340 return;
1341
1342 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1343 if (!cp)
1344 return;
1345
1346 handle = __le16_to_cpu(cp->handle);
1347
1348 BT_DBG("%s handle %d", hdev->name, handle);
1349
1350 hci_dev_lock(hdev);
1351
1352 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1353 if (acl) {
1354 sco = acl->link;
1355 if (sco) {
1356 sco->state = BT_CLOSED;
b6a0dc82 1357
5a08ecce
AE		 1358 hci_proto_connect_cfm(sco, status);
1359 hci_conn_del(sco);
1360 }
b6a0dc82
MH		 1361 }
1362
1363 hci_dev_unlock(hdev);
1da177e4
LT		 1364}
1365
a9de9248 1366static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1367{
a9de9248
MH		 1368 struct hci_cp_sniff_mode *cp;
1369 struct hci_conn *conn;
1da177e4 1370
a9de9248 1371 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1372
a9de9248
MH		 1373 if (!status)
1374 return;
04837f64 1375
a9de9248
MH		 1376 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1377 if (!cp)
1378 return;
04837f64 1379
a9de9248 1380 hci_dev_lock(hdev);
04837f64 1381
a9de9248 1382 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1383 if (conn) {
a9de9248 1384 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
04837f64 1385
e73439d8
MH		 1386 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1387 hci_sco_setup(conn, status);
1388 }
1389
a9de9248
MH		 1390 hci_dev_unlock(hdev);
1391}
04837f64 1392
a9de9248
MH		 1393static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1394{
1395 struct hci_cp_exit_sniff_mode *cp;
1396 struct hci_conn *conn;
04837f64 1397
a9de9248 1398 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1399
a9de9248
MH		 1400 if (!status)
1401 return;
04837f64 1402
a9de9248
MH		 1403 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1404 if (!cp)
1405 return;
04837f64 1406
a9de9248 1407 hci_dev_lock(hdev);
1da177e4 1408
a9de9248 1409 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1410 if (conn) {
a9de9248 1411 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1da177e4 1412
e73439d8
MH		 1413 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1414 hci_sco_setup(conn, status);
1415 }
1416
a9de9248 1417 hci_dev_unlock(hdev);
1da177e4
LT		 1418}
1419
fcd89c09
VT		 1420static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_le_create_conn *cp;
1423 struct hci_conn *conn;
1424
1425 BT_DBG("%s status 0x%x", hdev->name, status);
1426
1427 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1428 if (!cp)
1429 return;
1430
1431 hci_dev_lock(hdev);
1432
1433 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1434
1435 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1436 conn);
1437
1438 if (status) {
1439 if (conn && conn->state == BT_CONNECT) {
1440 conn->state = BT_CLOSED;
1441 hci_proto_connect_cfm(conn, status);
1442 hci_conn_del(conn);
1443 }
1444 } else {
1445 if (!conn) {
1446 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1447 if (conn) {
1448 conn->dst_type = cp->peer_addr_type;
fcd89c09 1449 conn->out = 1;
29b7988a 1450 } else {
fcd89c09 1451 BT_ERR("No memory for new connection");
29b7988a 1452 }
fcd89c09
VT		 1453 }
1454 }
1455
1456 hci_dev_unlock(hdev);
1457}
1458
a7a595f6
VCG		 1459static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1460{
1461 BT_DBG("%s status 0x%x", hdev->name, status);
1462}
1463
1da177e4
LT		 1464static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1465{
1466 __u8 status = *((__u8 *) skb->data);
1467
1468 BT_DBG("%s status %d", hdev->name, status);
1469
23bb5763 1470 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1471
a9de9248 1472 hci_conn_check_pending(hdev);
89352e7d
AG		 1473
1474 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1475 return;
1476
56e5cb86 1477 hci_dev_lock(hdev);
744cf19e 1478 mgmt_discovering(hdev, 0);
56e5cb86 1479 hci_dev_unlock(hdev);
1da177e4
LT		 1480}
1481
1da177e4
LT		 1482static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1483{
45bb4bf0 1484 struct inquiry_data data;
a9de9248 1485 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1486 int num_rsp = *((__u8 *) skb->data);
1487
1488 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1489
45bb4bf0
MH		 1490 if (!num_rsp)
1491 return;
1492
1da177e4 1493 hci_dev_lock(hdev);
45bb4bf0 1494
e17acd40 1495 for (; num_rsp; num_rsp--, info++) {
1da177e4
LT		 1496 bacpy(&data.bdaddr, &info->bdaddr);
1497 data.pscan_rep_mode = info->pscan_rep_mode;
1498 data.pscan_period_mode = info->pscan_period_mode;
1499 data.pscan_mode = info->pscan_mode;
1500 memcpy(data.dev_class, info->dev_class, 3);
1501 data.clock_offset = info->clock_offset;
1502 data.rssi = 0x00;
41a96212 1503 data.ssp_mode = 0x00;
1da177e4 1504 hci_inquiry_cache_update(hdev, &data);
48264f06 1505 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 1506 info->dev_class, 0, NULL);
1da177e4 1507 }
45bb4bf0 1508
1da177e4
LT		 1509 hci_dev_unlock(hdev);
1510}
1511
1da177e4
LT		 1512static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1513{
a9de9248
MH		 1514 struct hci_ev_conn_complete *ev = (void *) skb->data;
1515 struct hci_conn *conn;
1da177e4
LT		 1516
1517 BT_DBG("%s", hdev->name);
1518
1519 hci_dev_lock(hdev);
1520
1521 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1522 if (!conn) {
1523 if (ev->link_type != SCO_LINK)
1524 goto unlock;
1525
1526 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1527 if (!conn)
1528 goto unlock;
1529
1530 conn->type = SCO_LINK;
1531 }
1da177e4
LT		 1532
1533 if (!ev->status) {
1534 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1535
1536 if (conn->type == ACL_LINK) {
1537 conn->state = BT_CONFIG;
1538 hci_conn_hold(conn);
052b30b0 1539 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
48264f06
JH		 1540 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1541 conn->dst_type);
769be974
MH		 1542 } else
1543 conn->state = BT_CONNECTED;
1da177e4 1544
9eba32b8 1545 hci_conn_hold_device(conn);
7d0db0a3
MH		 1546 hci_conn_add_sysfs(conn);
1547
1da177e4
LT		 1548 if (test_bit(HCI_AUTH, &hdev->flags))
1549 conn->link_mode |= HCI_LM_AUTH;
1550
1551 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1552 conn->link_mode |= HCI_LM_ENCRYPT;
1553
04837f64
MH		 1554 /* Get remote features */
1555 if (conn->type == ACL_LINK) {
1556 struct hci_cp_read_remote_features cp;
1557 cp.handle = ev->handle;
769be974
MH		 1558 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1559 sizeof(cp), &cp);
04837f64
MH		 1560 }
1561
1da177e4 1562 /* Set packet type for incoming connection */
d095c1eb 1563 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1564 struct hci_cp_change_conn_ptype cp;
1565 cp.handle = ev->handle;
a8746417
MH		 1566 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1567 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1568 sizeof(cp), &cp);
1da177e4 1569 }
17d5c04c 1570 } else {
1da177e4 1571 conn->state = BT_CLOSED;
17d5c04c 1572 if (conn->type == ACL_LINK)
744cf19e 1573 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
48264f06 1574 conn->dst_type, ev->status);
17d5c04c 1575 }
1da177e4 1576
e73439d8
MH		 1577 if (conn->type == ACL_LINK)
1578 hci_sco_setup(conn, ev->status);
1da177e4 1579
769be974
MH		 1580 if (ev->status) {
1581 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1582 hci_conn_del(conn);
c89b6e6b
MH		 1583 } else if (ev->link_type != ACL_LINK)
1584 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1585
a9de9248 1586unlock:
1da177e4 1587 hci_dev_unlock(hdev);
1da177e4 1588
a9de9248 1589 hci_conn_check_pending(hdev);
1da177e4
LT		 1590}
1591
a9de9248 1592static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1593{
a9de9248
MH		 1594 struct hci_ev_conn_request *ev = (void *) skb->data;
1595 int mask = hdev->link_mode;
1da177e4 1596
a9de9248
MH		 1597 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1598 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1599
a9de9248 1600 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1601
138d22ef
SJ		 1602 if ((mask & HCI_LM_ACCEPT) &&
1603 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1604 /* Connection accepted */
c7bdd502 1605 struct inquiry_entry *ie;
1da177e4 1606 struct hci_conn *conn;
1da177e4 1607
a9de9248 1608 hci_dev_lock(hdev);
b6a0dc82 1609
cc11b9c1
AE		 1610 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1611 if (ie)
c7bdd502
MH		 1612 memcpy(ie->data.dev_class, ev->dev_class, 3);
1613
a9de9248
MH		 1614 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1615 if (!conn) {
cc11b9c1
AE		 1616 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1617 if (!conn) {
893ef971 1618 BT_ERR("No memory for new connection");
a9de9248
MH		 1619 hci_dev_unlock(hdev);
1620 return;
1da177e4
LT		 1621 }
1622 }
b6a0dc82 1623
a9de9248
MH		 1624 memcpy(conn->dev_class, ev->dev_class, 3);
1625 conn->state = BT_CONNECT;
b6a0dc82 1626
a9de9248 1627 hci_dev_unlock(hdev);
1da177e4 1628
b6a0dc82
MH		 1629 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1630 struct hci_cp_accept_conn_req cp;
1da177e4 1631
b6a0dc82
MH		 1632 bacpy(&cp.bdaddr, &ev->bdaddr);
1633
1634 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1635 cp.role = 0x00; /* Become master */
1636 else
1637 cp.role = 0x01; /* Remain slave */
1638
1639 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1640 sizeof(cp), &cp);
1641 } else {
1642 struct hci_cp_accept_sync_conn_req cp;
1643
1644 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1645 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1646
1647 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1648 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1649 cp.max_latency = cpu_to_le16(0xffff);
1650 cp.content_format = cpu_to_le16(hdev->voice_setting);
1651 cp.retrans_effort = 0xff;
1da177e4 1652
b6a0dc82
MH		 1653 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1654 sizeof(cp), &cp);
1655 }
a9de9248
MH		 1656 } else {
1657 /* Connection rejected */
1658 struct hci_cp_reject_conn_req cp;
1da177e4 1659
a9de9248 1660 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1661 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1662 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1663 }
1da177e4
LT		 1664}
1665
a9de9248 1666static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1667{
a9de9248 1668 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1669 struct hci_conn *conn;
1670
1671 BT_DBG("%s status %d", hdev->name, ev->status);
1672
1673 hci_dev_lock(hdev);
1674
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1676 if (!conn)
1677 goto unlock;
7d0db0a3 1678
37d9ef76
JH		 1679 if (ev->status == 0)
1680 conn->state = BT_CLOSED;
04837f64 1681
37d9ef76
JH		 1682 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1683 if (ev->status != 0)
1684 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1685 else
1686 mgmt_disconnected(hdev, &conn->dst, conn->type,
48264f06 1687 conn->dst_type);
37d9ef76 1688 }
f7520543 1689
37d9ef76
JH		 1690 if (ev->status == 0) {
1691 hci_proto_disconn_cfm(conn, ev->reason);
1692 hci_conn_del(conn);
1693 }
f7520543
JH		 1694
1695unlock:
04837f64
MH		 1696 hci_dev_unlock(hdev);
1697}
1698
1da177e4
LT		 1699static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1700{
a9de9248 1701 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1702 struct hci_conn *conn;
1da177e4
LT		 1703
1704 BT_DBG("%s status %d", hdev->name, ev->status);
1705
1706 hci_dev_lock(hdev);
1707
04837f64 1708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1709 if (!conn)
1710 goto unlock;
1711
1712 if (!ev->status) {
1713 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1714 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1715 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1716 } else {
d7556e20
WR		 1717 conn->link_mode |= HCI_LM_AUTH;
1718 conn->sec_level = conn->pending_sec_level;
2a611692 1719 }
d7556e20 1720 } else {
744cf19e 1721 mgmt_auth_failed(hdev, &conn->dst, ev->status);
d7556e20 1722 }
1da177e4 1723
d7556e20
WR		 1724 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1725 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1da177e4 1726
d7556e20
WR		 1727 if (conn->state == BT_CONFIG) {
1728 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1729 struct hci_cp_set_conn_encrypt cp;
1730 cp.handle = ev->handle;
1731 cp.encrypt = 0x01;
1732 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1733 &cp);
052b30b0 1734 } else {
d7556e20
WR		 1735 conn->state = BT_CONNECTED;
1736 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1737 hci_conn_put(conn);
1738 }
d7556e20
WR		 1739 } else {
1740 hci_auth_cfm(conn, ev->status);
052b30b0 1741
d7556e20
WR		 1742 hci_conn_hold(conn);
1743 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1744 hci_conn_put(conn);
1745 }
1746
1747 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1748 if (!ev->status) {
1749 struct hci_cp_set_conn_encrypt cp;
1750 cp.handle = ev->handle;
1751 cp.encrypt = 0x01;
1752 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1753 &cp);
1754 } else {
1755 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1756 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1757 }
1758 }
1759
d7556e20 1760unlock:
1da177e4
LT		 1761 hci_dev_unlock(hdev);
1762}
1763
a9de9248 1764static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1765{
127178d2
JH		 1766 struct hci_ev_remote_name *ev = (void *) skb->data;
1767 struct hci_conn *conn;
1768
a9de9248 1769 BT_DBG("%s", hdev->name);
1da177e4 1770
a9de9248 1771 hci_conn_check_pending(hdev);
127178d2
JH		 1772
1773 hci_dev_lock(hdev);
1774
a88a9652 1775 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
744cf19e 1776 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
a88a9652 1777
127178d2 1778 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
79c6c70c
JH		 1779 if (!conn)
1780 goto unlock;
1781
1782 if (!hci_outgoing_auth_needed(hdev, conn))
1783 goto unlock;
1784
1785 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
127178d2
JH		 1786 struct hci_cp_auth_requested cp;
1787 cp.handle = __cpu_to_le16(conn->handle);
1788 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1789 }
1790
79c6c70c 1791unlock:
127178d2 1792 hci_dev_unlock(hdev);
a9de9248
MH		 1793}
1794
1795static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1796{
1797 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1798 struct hci_conn *conn;
1799
1800 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 1801
1802 hci_dev_lock(hdev);
1803
04837f64 1804 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1805 if (conn) {
1806 if (!ev->status) {
ae293196
MH		 1807 if (ev->encrypt) {
1808 /* Encryption implies authentication */
1809 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1810 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1811 conn->sec_level = conn->pending_sec_level;
ae293196 1812 } else
1da177e4
LT		 1813 conn->link_mode &= ~HCI_LM_ENCRYPT;
1814 }
1815
1816 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1817
f8558555
MH		 1818 if (conn->state == BT_CONFIG) {
1819 if (!ev->status)
1820 conn->state = BT_CONNECTED;
1821
1822 hci_proto_connect_cfm(conn, ev->status);
1823 hci_conn_put(conn);
1824 } else
1825 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 1826 }
1827
1828 hci_dev_unlock(hdev);
1829}
1830
a9de9248 1831static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1832{
a9de9248 1833 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 1834 struct hci_conn *conn;
1da177e4
LT		 1835
1836 BT_DBG("%s status %d", hdev->name, ev->status);
1837
1838 hci_dev_lock(hdev);
1839
04837f64 1840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1841 if (conn) {
1842 if (!ev->status)
1843 conn->link_mode |= HCI_LM_SECURE;
1844
1845 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1846
1847 hci_key_change_cfm(conn, ev->status);
1848 }
1849
1850 hci_dev_unlock(hdev);
1851}
1852
a9de9248 1853static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1854{
a9de9248
MH		 1855 struct hci_ev_remote_features *ev = (void *) skb->data;
1856 struct hci_conn *conn;
1857
1858 BT_DBG("%s status %d", hdev->name, ev->status);
1859
a9de9248
MH		 1860 hci_dev_lock(hdev);
1861
1862 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 1863 if (!conn)
1864 goto unlock;
769be974 1865
ccd556fe
JH		 1866 if (!ev->status)
1867 memcpy(conn->features, ev->features, 8);
1868
1869 if (conn->state != BT_CONFIG)
1870 goto unlock;
1871
1872 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1873 struct hci_cp_read_remote_ext_features cp;
1874 cp.handle = ev->handle;
1875 cp.page = 0x01;
1876 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 1877 sizeof(cp), &cp);
392599b9
JH		 1878 goto unlock;
1879 }
1880
127178d2
JH		 1881 if (!ev->status) {
1882 struct hci_cp_remote_name_req cp;
1883 memset(&cp, 0, sizeof(cp));
1884 bacpy(&cp.bdaddr, &conn->dst);
1885 cp.pscan_rep_mode = 0x02;
1886 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1887 }
392599b9 1888
127178d2 1889 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 1890 conn->state = BT_CONNECTED;
1891 hci_proto_connect_cfm(conn, ev->status);
1892 hci_conn_put(conn);
769be974 1893 }
a9de9248 1894
ccd556fe 1895unlock:
a9de9248 1896 hci_dev_unlock(hdev);
1da177e4
LT		 1897}
1898
a9de9248 1899static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1900{
a9de9248 1901 BT_DBG("%s", hdev->name);
1da177e4
LT		 1902}
1903
a9de9248 1904static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1905{
a9de9248 1906 BT_DBG("%s", hdev->name);
1da177e4
LT		 1907}
1908
a9de9248
MH		 1909static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1910{
1911 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1912 __u16 opcode;
1913
1914 skb_pull(skb, sizeof(*ev));
1915
1916 opcode = __le16_to_cpu(ev->opcode);
1917
1918 switch (opcode) {
1919 case HCI_OP_INQUIRY_CANCEL:
1920 hci_cc_inquiry_cancel(hdev, skb);
1921 break;
1922
1923 case HCI_OP_EXIT_PERIODIC_INQ:
1924 hci_cc_exit_periodic_inq(hdev, skb);
1925 break;
1926
1927 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1928 hci_cc_remote_name_req_cancel(hdev, skb);
1929 break;
1930
1931 case HCI_OP_ROLE_DISCOVERY:
1932 hci_cc_role_discovery(hdev, skb);
1933 break;
1934
e4e8e37c
MH		 1935 case HCI_OP_READ_LINK_POLICY:
1936 hci_cc_read_link_policy(hdev, skb);
1937 break;
1938
a9de9248
MH		 1939 case HCI_OP_WRITE_LINK_POLICY:
1940 hci_cc_write_link_policy(hdev, skb);
1941 break;
1942
e4e8e37c
MH		 1943 case HCI_OP_READ_DEF_LINK_POLICY:
1944 hci_cc_read_def_link_policy(hdev, skb);
1945 break;
1946
1947 case HCI_OP_WRITE_DEF_LINK_POLICY:
1948 hci_cc_write_def_link_policy(hdev, skb);
1949 break;
1950
a9de9248
MH		 1951 case HCI_OP_RESET:
1952 hci_cc_reset(hdev, skb);
1953 break;
1954
1955 case HCI_OP_WRITE_LOCAL_NAME:
1956 hci_cc_write_local_name(hdev, skb);
1957 break;
1958
1959 case HCI_OP_READ_LOCAL_NAME:
1960 hci_cc_read_local_name(hdev, skb);
1961 break;
1962
1963 case HCI_OP_WRITE_AUTH_ENABLE:
1964 hci_cc_write_auth_enable(hdev, skb);
1965 break;
1966
1967 case HCI_OP_WRITE_ENCRYPT_MODE:
1968 hci_cc_write_encrypt_mode(hdev, skb);
1969 break;
1970
1971 case HCI_OP_WRITE_SCAN_ENABLE:
1972 hci_cc_write_scan_enable(hdev, skb);
1973 break;
1974
1975 case HCI_OP_READ_CLASS_OF_DEV:
1976 hci_cc_read_class_of_dev(hdev, skb);
1977 break;
1978
1979 case HCI_OP_WRITE_CLASS_OF_DEV:
1980 hci_cc_write_class_of_dev(hdev, skb);
1981 break;
1982
1983 case HCI_OP_READ_VOICE_SETTING:
1984 hci_cc_read_voice_setting(hdev, skb);
1985 break;
1986
1987 case HCI_OP_WRITE_VOICE_SETTING:
1988 hci_cc_write_voice_setting(hdev, skb);
1989 break;
1990
1991 case HCI_OP_HOST_BUFFER_SIZE:
1992 hci_cc_host_buffer_size(hdev, skb);
1993 break;
1994
333140b5
MH		 1995 case HCI_OP_READ_SSP_MODE:
1996 hci_cc_read_ssp_mode(hdev, skb);
1997 break;
1998
1999 case HCI_OP_WRITE_SSP_MODE:
2000 hci_cc_write_ssp_mode(hdev, skb);
2001 break;
2002
a9de9248
MH		 2003 case HCI_OP_READ_LOCAL_VERSION:
2004 hci_cc_read_local_version(hdev, skb);
2005 break;
2006
2007 case HCI_OP_READ_LOCAL_COMMANDS:
2008 hci_cc_read_local_commands(hdev, skb);
2009 break;
2010
2011 case HCI_OP_READ_LOCAL_FEATURES:
2012 hci_cc_read_local_features(hdev, skb);
2013 break;
2014
971e3a4b
AG		 2015 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2016 hci_cc_read_local_ext_features(hdev, skb);
2017 break;
2018
a9de9248
MH		 2019 case HCI_OP_READ_BUFFER_SIZE:
2020 hci_cc_read_buffer_size(hdev, skb);
2021 break;
2022
2023 case HCI_OP_READ_BD_ADDR:
2024 hci_cc_read_bd_addr(hdev, skb);
2025 break;
2026
23bb5763
JH		 2027 case HCI_OP_WRITE_CA_TIMEOUT:
2028 hci_cc_write_ca_timeout(hdev, skb);
2029 break;
2030
1e89cffb
AE		 2031 case HCI_OP_READ_FLOW_CONTROL_MODE:
2032 hci_cc_read_flow_control_mode(hdev, skb);
2033 break;
2034
928abaa7
AE		 2035 case HCI_OP_READ_LOCAL_AMP_INFO:
2036 hci_cc_read_local_amp_info(hdev, skb);
2037 break;
2038
b0916ea0
JH		 2039 case HCI_OP_DELETE_STORED_LINK_KEY:
2040 hci_cc_delete_stored_link_key(hdev, skb);
2041 break;
2042
d5859e22
JH		 2043 case HCI_OP_SET_EVENT_MASK:
2044 hci_cc_set_event_mask(hdev, skb);
2045 break;
2046
2047 case HCI_OP_WRITE_INQUIRY_MODE:
2048 hci_cc_write_inquiry_mode(hdev, skb);
2049 break;
2050
2051 case HCI_OP_READ_INQ_RSP_TX_POWER:
2052 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2053 break;
2054
2055 case HCI_OP_SET_EVENT_FLT:
2056 hci_cc_set_event_flt(hdev, skb);
2057 break;
2058
980e1a53
JH		 2059 case HCI_OP_PIN_CODE_REPLY:
2060 hci_cc_pin_code_reply(hdev, skb);
2061 break;
2062
2063 case HCI_OP_PIN_CODE_NEG_REPLY:
2064 hci_cc_pin_code_neg_reply(hdev, skb);
2065 break;
2066
c35938b2
SJ		 2067 case HCI_OP_READ_LOCAL_OOB_DATA:
2068 hci_cc_read_local_oob_data_reply(hdev, skb);
2069 break;
2070
6ed58ec5
VT		 2071 case HCI_OP_LE_READ_BUFFER_SIZE:
2072 hci_cc_le_read_buffer_size(hdev, skb);
2073 break;
2074
a5c29683
JH		 2075 case HCI_OP_USER_CONFIRM_REPLY:
2076 hci_cc_user_confirm_reply(hdev, skb);
2077 break;
2078
2079 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2080 hci_cc_user_confirm_neg_reply(hdev, skb);
2081 break;
2082
1143d458
BG		 2083 case HCI_OP_USER_PASSKEY_REPLY:
2084 hci_cc_user_passkey_reply(hdev, skb);
2085 break;
2086
2087 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2088 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2089
2090 case HCI_OP_LE_SET_SCAN_PARAM:
2091 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2092 break;
2093
eb9d91f5
AG		 2094 case HCI_OP_LE_SET_SCAN_ENABLE:
2095 hci_cc_le_set_scan_enable(hdev, skb);
2096 break;
2097
a7a595f6
VCG		 2098 case HCI_OP_LE_LTK_REPLY:
2099 hci_cc_le_ltk_reply(hdev, skb);
2100 break;
2101
2102 case HCI_OP_LE_LTK_NEG_REPLY:
2103 hci_cc_le_ltk_neg_reply(hdev, skb);
2104 break;
2105
f9b49306
AG		 2106 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2107 hci_cc_write_le_host_supported(hdev, skb);
2108 break;
2109
a9de9248
MH		 2110 default:
2111 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2112 break;
2113 }
2114
6bd32326
VT		 2115 if (ev->opcode != HCI_OP_NOP)
2116 del_timer(&hdev->cmd_timer);
2117
a9de9248
MH		 2118 if (ev->ncmd) {
2119 atomic_set(&hdev->cmd_cnt, 1);
2120 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2121 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2122 }
2123}
2124
2125static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2126{
2127 struct hci_ev_cmd_status *ev = (void *) skb->data;
2128 __u16 opcode;
2129
2130 skb_pull(skb, sizeof(*ev));
2131
2132 opcode = __le16_to_cpu(ev->opcode);
2133
2134 switch (opcode) {
2135 case HCI_OP_INQUIRY:
2136 hci_cs_inquiry(hdev, ev->status);
2137 break;
2138
2139 case HCI_OP_CREATE_CONN:
2140 hci_cs_create_conn(hdev, ev->status);
2141 break;
2142
2143 case HCI_OP_ADD_SCO:
2144 hci_cs_add_sco(hdev, ev->status);
2145 break;
2146
f8558555
MH		 2147 case HCI_OP_AUTH_REQUESTED:
2148 hci_cs_auth_requested(hdev, ev->status);
2149 break;
2150
2151 case HCI_OP_SET_CONN_ENCRYPT:
2152 hci_cs_set_conn_encrypt(hdev, ev->status);
2153 break;
2154
a9de9248
MH		 2155 case HCI_OP_REMOTE_NAME_REQ:
2156 hci_cs_remote_name_req(hdev, ev->status);
2157 break;
2158
769be974
MH		 2159 case HCI_OP_READ_REMOTE_FEATURES:
2160 hci_cs_read_remote_features(hdev, ev->status);
2161 break;
2162
2163 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2164 hci_cs_read_remote_ext_features(hdev, ev->status);
2165 break;
2166
a9de9248
MH		 2167 case HCI_OP_SETUP_SYNC_CONN:
2168 hci_cs_setup_sync_conn(hdev, ev->status);
2169 break;
2170
2171 case HCI_OP_SNIFF_MODE:
2172 hci_cs_sniff_mode(hdev, ev->status);
2173 break;
2174
2175 case HCI_OP_EXIT_SNIFF_MODE:
2176 hci_cs_exit_sniff_mode(hdev, ev->status);
2177 break;
2178
8962ee74
JH		 2179 case HCI_OP_DISCONNECT:
2180 if (ev->status != 0)
37d9ef76 2181 mgmt_disconnect_failed(hdev, NULL, ev->status);
8962ee74
JH		 2182 break;
2183
fcd89c09
VT		 2184 case HCI_OP_LE_CREATE_CONN:
2185 hci_cs_le_create_conn(hdev, ev->status);
2186 break;
2187
a7a595f6
VCG		 2188 case HCI_OP_LE_START_ENC:
2189 hci_cs_le_start_enc(hdev, ev->status);
2190 break;
2191
a9de9248
MH		 2192 default:
2193 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2194 break;
2195 }
2196
6bd32326
VT		 2197 if (ev->opcode != HCI_OP_NOP)
2198 del_timer(&hdev->cmd_timer);
2199
10572132 2200 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2201 atomic_set(&hdev->cmd_cnt, 1);
2202 if (!skb_queue_empty(&hdev->cmd_q))
c78ae283 2203 tasklet_schedule(&hdev->cmd_task);
a9de9248
MH		 2204 }
2205}
2206
2207static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2208{
2209 struct hci_ev_role_change *ev = (void *) skb->data;
2210 struct hci_conn *conn;
2211
2212 BT_DBG("%s status %d", hdev->name, ev->status);
2213
2214 hci_dev_lock(hdev);
2215
2216 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2217 if (conn) {
2218 if (!ev->status) {
2219 if (ev->role)
2220 conn->link_mode &= ~HCI_LM_MASTER;
2221 else
2222 conn->link_mode |= HCI_LM_MASTER;
2223 }
2224
2225 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2226
2227 hci_role_switch_cfm(conn, ev->status, ev->role);
2228 }
2229
2230 hci_dev_unlock(hdev);
2231}
2232
2233static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2234{
2235 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2236 __le16 *ptr;
2237 int i;
2238
2239 skb_pull(skb, sizeof(*ev));
2240
2241 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2242
2243 if (skb->len < ev->num_hndl * 4) {
2244 BT_DBG("%s bad parameters", hdev->name);
2245 return;
2246 }
2247
2248 tasklet_disable(&hdev->tx_task);
2249
2250 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2251 struct hci_conn *conn;
2252 __u16 handle, count;
2253
83985319
HH		 2254 handle = get_unaligned_le16(ptr++);
2255 count = get_unaligned_le16(ptr++);
a9de9248
MH		 2256
2257 conn = hci_conn_hash_lookup_handle(hdev, handle);
2258 if (conn) {
2259 conn->sent -= count;
2260
2261 if (conn->type == ACL_LINK) {
70f23020
AE		 2262 hdev->acl_cnt += count;
2263 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2264 hdev->acl_cnt = hdev->acl_pkts;
6ed58ec5
VT		 2265 } else if (conn->type == LE_LINK) {
2266 if (hdev->le_pkts) {
2267 hdev->le_cnt += count;
2268 if (hdev->le_cnt > hdev->le_pkts)
2269 hdev->le_cnt = hdev->le_pkts;
2270 } else {
2271 hdev->acl_cnt += count;
2272 if (hdev->acl_cnt > hdev->acl_pkts)
2273 hdev->acl_cnt = hdev->acl_pkts;
2274 }
a9de9248 2275 } else {
70f23020
AE		 2276 hdev->sco_cnt += count;
2277 if (hdev->sco_cnt > hdev->sco_pkts)
a9de9248
MH		 2278 hdev->sco_cnt = hdev->sco_pkts;
2279 }
2280 }
2281 }
2282
c78ae283 2283 tasklet_schedule(&hdev->tx_task);
a9de9248
MH		 2284
2285 tasklet_enable(&hdev->tx_task);
2286}
2287
2288static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2289{
a9de9248 2290 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2291 struct hci_conn *conn;
2292
2293 BT_DBG("%s status %d", hdev->name, ev->status);
2294
2295 hci_dev_lock(hdev);
2296
2297 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2298 if (conn) {
2299 conn->mode = ev->mode;
2300 conn->interval = __le16_to_cpu(ev->interval);
2301
2302 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2303 if (conn->mode == HCI_CM_ACTIVE)
2304 conn->power_save = 1;
2305 else
2306 conn->power_save = 0;
2307 }
e73439d8
MH		 2308
2309 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2310 hci_sco_setup(conn, ev->status);
04837f64
MH		 2311 }
2312
2313 hci_dev_unlock(hdev);
2314}
2315
a9de9248
MH		 2316static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2317{
052b30b0
MH		 2318 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2319 struct hci_conn *conn;
2320
a9de9248 2321 BT_DBG("%s", hdev->name);
052b30b0
MH		 2322
2323 hci_dev_lock(hdev);
2324
2325 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2326 if (!conn)
2327 goto unlock;
2328
2329 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2330 hci_conn_hold(conn);
2331 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2332 hci_conn_put(conn);
2333 }
2334
03b555e1
JH		 2335 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2336 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2337 sizeof(ev->bdaddr), &ev->bdaddr);
582fbe9e 2338 else if (test_bit(HCI_MGMT, &hdev->flags)) {
a770bb5a
WR		 2339 u8 secure;
2340
2341 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2342 secure = 1;
2343 else
2344 secure = 0;
2345
744cf19e 2346 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2347 }
980e1a53 2348
b6f98044 2349unlock:
052b30b0 2350 hci_dev_unlock(hdev);
a9de9248
MH		 2351}
2352
2353static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354{
55ed8ca1
JH		 2355 struct hci_ev_link_key_req *ev = (void *) skb->data;
2356 struct hci_cp_link_key_reply cp;
2357 struct hci_conn *conn;
2358 struct link_key *key;
2359
a9de9248 2360 BT_DBG("%s", hdev->name);
55ed8ca1
JH		 2361
2362 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2363 return;
2364
2365 hci_dev_lock(hdev);
2366
2367 key = hci_find_link_key(hdev, &ev->bdaddr);
2368 if (!key) {
2369 BT_DBG("%s link key not found for %s", hdev->name,
2370 batostr(&ev->bdaddr));
2371 goto not_found;
2372 }
2373
2374 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2375 batostr(&ev->bdaddr));
2376
b6020ba0
WR		 2377 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2378 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2379 BT_DBG("%s ignoring debug key", hdev->name);
2380 goto not_found;
2381 }
2382
2383 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2384 if (conn) {
2385 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2386 conn->auth_type != 0xff &&
2387 (conn->auth_type & 0x01)) {
2388 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2389 goto not_found;
2390 }
55ed8ca1 2391
60b83f57
WR		 2392 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2393 conn->pending_sec_level == BT_SECURITY_HIGH) {
2394 BT_DBG("%s ignoring key unauthenticated for high \
2395 security", hdev->name);
2396 goto not_found;
2397 }
2398
2399 conn->key_type = key->type;
2400 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2401 }
2402
2403 bacpy(&cp.bdaddr, &ev->bdaddr);
2404 memcpy(cp.link_key, key->val, 16);
2405
2406 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2407
2408 hci_dev_unlock(hdev);
2409
2410 return;
2411
2412not_found:
2413 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2414 hci_dev_unlock(hdev);
a9de9248
MH		 2415}
2416
2417static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2418{
052b30b0
MH		 2419 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2420 struct hci_conn *conn;
55ed8ca1 2421 u8 pin_len = 0;
052b30b0 2422
a9de9248 2423 BT_DBG("%s", hdev->name);
052b30b0
MH		 2424
2425 hci_dev_lock(hdev);
2426
2427 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2428 if (conn) {
2429 hci_conn_hold(conn);
2430 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2431 pin_len = conn->pin_length;
13d39315
WR		 2432
2433 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2434 conn->key_type = ev->key_type;
2435
052b30b0
MH		 2436 hci_conn_put(conn);
2437 }
2438
55ed8ca1 2439 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
d25e28ab 2440 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2441 ev->key_type, pin_len);
2442
052b30b0 2443 hci_dev_unlock(hdev);
a9de9248
MH		 2444}
2445
1da177e4
LT		 2446static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2447{
a9de9248 2448 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2449 struct hci_conn *conn;
1da177e4
LT		 2450
2451 BT_DBG("%s status %d", hdev->name, ev->status);
2452
2453 hci_dev_lock(hdev);
2454
04837f64 2455 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2456 if (conn && !ev->status) {
2457 struct inquiry_entry *ie;
2458
cc11b9c1
AE		 2459 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2460 if (ie) {
1da177e4
LT		 2461 ie->data.clock_offset = ev->clock_offset;
2462 ie->timestamp = jiffies;
2463 }
2464 }
2465
2466 hci_dev_unlock(hdev);
2467}
2468
a8746417
MH		 2469static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2470{
2471 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2472 struct hci_conn *conn;
2473
2474 BT_DBG("%s status %d", hdev->name, ev->status);
2475
2476 hci_dev_lock(hdev);
2477
2478 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2479 if (conn && !ev->status)
2480 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2481
2482 hci_dev_unlock(hdev);
2483}
2484
85a1e930
MH		 2485static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2486{
a9de9248 2487 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2488 struct inquiry_entry *ie;
2489
2490 BT_DBG("%s", hdev->name);
2491
2492 hci_dev_lock(hdev);
2493
cc11b9c1
AE		 2494 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2495 if (ie) {
85a1e930
MH		 2496 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2497 ie->timestamp = jiffies;
2498 }
2499
2500 hci_dev_unlock(hdev);
2501}
2502
a9de9248
MH		 2503static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2504{
2505 struct inquiry_data data;
2506 int num_rsp = *((__u8 *) skb->data);
2507
2508 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2509
2510 if (!num_rsp)
2511 return;
2512
2513 hci_dev_lock(hdev);
2514
2515 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2516 struct inquiry_info_with_rssi_and_pscan_mode *info;
2517 info = (void *) (skb->data + 1);
a9de9248 2518
e17acd40 2519 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2520 bacpy(&data.bdaddr, &info->bdaddr);
2521 data.pscan_rep_mode = info->pscan_rep_mode;
2522 data.pscan_period_mode = info->pscan_period_mode;
2523 data.pscan_mode = info->pscan_mode;
2524 memcpy(data.dev_class, info->dev_class, 3);
2525 data.clock_offset = info->clock_offset;
2526 data.rssi = info->rssi;
41a96212 2527 data.ssp_mode = 0x00;
a9de9248 2528 hci_inquiry_cache_update(hdev, &data);
48264f06 2529 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2530 info->dev_class, info->rssi,
2531 NULL);
a9de9248
MH		 2532 }
2533 } else {
2534 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2535
e17acd40 2536 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2537 bacpy(&data.bdaddr, &info->bdaddr);
2538 data.pscan_rep_mode = info->pscan_rep_mode;
2539 data.pscan_period_mode = info->pscan_period_mode;
2540 data.pscan_mode = 0x00;
2541 memcpy(data.dev_class, info->dev_class, 3);
2542 data.clock_offset = info->clock_offset;
2543 data.rssi = info->rssi;
41a96212 2544 data.ssp_mode = 0x00;
a9de9248 2545 hci_inquiry_cache_update(hdev, &data);
48264f06 2546 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
e17acd40
JH		 2547 info->dev_class, info->rssi,
2548 NULL);
a9de9248
MH		 2549 }
2550 }
2551
2552 hci_dev_unlock(hdev);
2553}
2554
2555static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2556{
41a96212
MH		 2557 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2558 struct hci_conn *conn;
2559
a9de9248 2560 BT_DBG("%s", hdev->name);
41a96212 2561
41a96212
MH		 2562 hci_dev_lock(hdev);
2563
2564 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2565 if (!conn)
2566 goto unlock;
41a96212 2567
ccd556fe
JH		 2568 if (!ev->status && ev->page == 0x01) {
2569 struct inquiry_entry *ie;
41a96212 2570
cc11b9c1
AE		 2571 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2572 if (ie)
ccd556fe 2573 ie->data.ssp_mode = (ev->features[0] & 0x01);
769be974 2574
ccd556fe
JH		 2575 conn->ssp_mode = (ev->features[0] & 0x01);
2576 }
2577
2578 if (conn->state != BT_CONFIG)
2579 goto unlock;
2580
127178d2
JH		 2581 if (!ev->status) {
2582 struct hci_cp_remote_name_req cp;
2583 memset(&cp, 0, sizeof(cp));
2584 bacpy(&cp.bdaddr, &conn->dst);
2585 cp.pscan_rep_mode = 0x02;
2586 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2587 }
392599b9 2588
127178d2 2589 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2590 conn->state = BT_CONNECTED;
2591 hci_proto_connect_cfm(conn, ev->status);
2592 hci_conn_put(conn);
41a96212
MH		 2593 }
2594
ccd556fe 2595unlock:
41a96212 2596 hci_dev_unlock(hdev);
a9de9248
MH		 2597}
2598
2599static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2600{
b6a0dc82
MH		 2601 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2602 struct hci_conn *conn;
2603
2604 BT_DBG("%s status %d", hdev->name, ev->status);
2605
2606 hci_dev_lock(hdev);
2607
2608 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2609 if (!conn) {
2610 if (ev->link_type == ESCO_LINK)
2611 goto unlock;
2612
2613 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2614 if (!conn)
2615 goto unlock;
2616
2617 conn->type = SCO_LINK;
2618 }
b6a0dc82 2619
732547f9
MH		 2620 switch (ev->status) {
2621 case 0x00:
b6a0dc82
MH		 2622 conn->handle = __le16_to_cpu(ev->handle);
2623 conn->state = BT_CONNECTED;
7d0db0a3 2624
9eba32b8 2625 hci_conn_hold_device(conn);
7d0db0a3 2626 hci_conn_add_sysfs(conn);
732547f9
MH		 2627 break;
2628
705e5711 2629 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2630 case 0x1c: /* SCO interval rejected */
1038a00b 2631 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2632 case 0x1f: /* Unspecified error */
2633 if (conn->out && conn->attempt < 2) {
2634 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2635 (hdev->esco_type & EDR_ESCO_MASK);
2636 hci_setup_sync(conn, conn->link->handle);
2637 goto unlock;
2638 }
2639 /* fall through */
2640
2641 default:
b6a0dc82 2642 conn->state = BT_CLOSED;
732547f9
MH		 2643 break;
2644 }
b6a0dc82
MH		 2645
2646 hci_proto_connect_cfm(conn, ev->status);
2647 if (ev->status)
2648 hci_conn_del(conn);
2649
2650unlock:
2651 hci_dev_unlock(hdev);
a9de9248
MH		 2652}
2653
2654static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2655{
2656 BT_DBG("%s", hdev->name);
2657}
2658
04837f64
MH		 2659static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2660{
a9de9248 2661 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2662
2663 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2664}
2665
a9de9248 2666static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2667{
a9de9248
MH		 2668 struct inquiry_data data;
2669 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2670 int num_rsp = *((__u8 *) skb->data);
1da177e4 2671
a9de9248 2672 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2673
a9de9248
MH		 2674 if (!num_rsp)
2675 return;
1da177e4 2676
a9de9248
MH		 2677 hci_dev_lock(hdev);
2678
e17acd40 2679 for (; num_rsp; num_rsp--, info++) {
a9de9248 2680 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2681 data.pscan_rep_mode = info->pscan_rep_mode;
2682 data.pscan_period_mode = info->pscan_period_mode;
2683 data.pscan_mode = 0x00;
a9de9248 2684 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2685 data.clock_offset = info->clock_offset;
2686 data.rssi = info->rssi;
41a96212 2687 data.ssp_mode = 0x01;
a9de9248 2688 hci_inquiry_cache_update(hdev, &data);
48264f06 2689 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4c659c39 2690 info->dev_class, info->rssi, info->data);
a9de9248
MH		 2691 }
2692
2693 hci_dev_unlock(hdev);
2694}
1da177e4 2695
17fa4b9d
JH		 2696static inline u8 hci_get_auth_req(struct hci_conn *conn)
2697{
2698 /* If remote requests dedicated bonding follow that lead */
2699 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2700 /* If both remote and local IO capabilities allow MITM
2701 * protection then require it, otherwise don't */
2702 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2703 return 0x02;
2704 else
2705 return 0x03;
2706 }
2707
2708 /* If remote requests no-bonding follow that lead */
2709 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 2710 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 2711
2712 return conn->auth_type;
2713}
2714
0493684e
MH		 2715static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2716{
2717 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2718 struct hci_conn *conn;
2719
2720 BT_DBG("%s", hdev->name);
2721
2722 hci_dev_lock(hdev);
2723
2724 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 2725 if (!conn)
2726 goto unlock;
2727
2728 hci_conn_hold(conn);
2729
2730 if (!test_bit(HCI_MGMT, &hdev->flags))
2731 goto unlock;
2732
2733 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2734 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 2735 struct hci_cp_io_capability_reply cp;
2736
2737 bacpy(&cp.bdaddr, &ev->bdaddr);
2738 cp.capability = conn->io_capability;
7cbc9bd9
JH		 2739 conn->auth_type = hci_get_auth_req(conn);
2740 cp.authentication = conn->auth_type;
17fa4b9d 2741
ce85ee13
SJ		 2742 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2743 hci_find_remote_oob_data(hdev, &conn->dst))
2744 cp.oob_data = 0x01;
2745 else
2746 cp.oob_data = 0x00;
2747
17fa4b9d
JH		 2748 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2749 sizeof(cp), &cp);
03b555e1
JH		 2750 } else {
2751 struct hci_cp_io_capability_neg_reply cp;
2752
2753 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2754 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 2755
03b555e1
JH		 2756 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2757 sizeof(cp), &cp);
2758 }
2759
2760unlock:
2761 hci_dev_unlock(hdev);
2762}
2763
2764static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765{
2766 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2767 struct hci_conn *conn;
2768
2769 BT_DBG("%s", hdev->name);
2770
2771 hci_dev_lock(hdev);
2772
2773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2774 if (!conn)
2775 goto unlock;
2776
03b555e1
JH		 2777 conn->remote_cap = ev->capability;
2778 conn->remote_oob = ev->oob_data;
2779 conn->remote_auth = ev->authentication;
2780
2781unlock:
0493684e
MH		 2782 hci_dev_unlock(hdev);
2783}
2784
a5c29683
JH		 2785static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2786 struct sk_buff *skb)
2787{
2788 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 2789 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 2790 struct hci_conn *conn;
a5c29683
JH		 2791
2792 BT_DBG("%s", hdev->name);
2793
2794 hci_dev_lock(hdev);
2795
7a828908
JH		 2796 if (!test_bit(HCI_MGMT, &hdev->flags))
2797 goto unlock;
a5c29683 2798
7a828908
JH		 2799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2800 if (!conn)
2801 goto unlock;
2802
2803 loc_mitm = (conn->auth_type & 0x01);
2804 rem_mitm = (conn->remote_auth & 0x01);
2805
2806 /* If we require MITM but the remote device can't provide that
2807 * (it has NoInputNoOutput) then reject the confirmation
2808 * request. The only exception is when we're dedicated bonding
2809 * initiators (connect_cfm_cb set) since then we always have the MITM
2810 * bit set. */
2811 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2812 BT_DBG("Rejecting request: remote device can't provide MITM");
2813 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2814 sizeof(ev->bdaddr), &ev->bdaddr);
2815 goto unlock;
2816 }
2817
2818 /* If no side requires MITM protection; auto-accept */
2819 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2820 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 2821
2822 /* If we're not the initiators request authorization to
2823 * proceed from user space (mgmt_user_confirm with
2824 * confirm_hint set to 1). */
2825 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2826 BT_DBG("Confirming auto-accept as acceptor");
2827 confirm_hint = 1;
2828 goto confirm;
2829 }
2830
9f61656a
JH		 2831 BT_DBG("Auto-accept of user confirmation with %ums delay",
2832 hdev->auto_accept_delay);
2833
2834 if (hdev->auto_accept_delay > 0) {
2835 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2836 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2837 goto unlock;
2838 }
2839
7a828908
JH		 2840 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2841 sizeof(ev->bdaddr), &ev->bdaddr);
2842 goto unlock;
2843 }
2844
55bc1a37 2845confirm:
744cf19e 2846 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
55bc1a37 2847 confirm_hint);
7a828908
JH		 2848
2849unlock:
a5c29683
JH		 2850 hci_dev_unlock(hdev);
2851}
2852
1143d458
BG		 2853static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2854 struct sk_buff *skb)
2855{
2856 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2857
2858 BT_DBG("%s", hdev->name);
2859
2860 hci_dev_lock(hdev);
2861
2862 if (test_bit(HCI_MGMT, &hdev->flags))
2863 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2864
2865 hci_dev_unlock(hdev);
2866}
2867
0493684e
MH		 2868static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2869{
2870 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2871 struct hci_conn *conn;
2872
2873 BT_DBG("%s", hdev->name);
2874
2875 hci_dev_lock(hdev);
2876
2877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 2878 if (!conn)
2879 goto unlock;
2880
2881 /* To avoid duplicate auth_failed events to user space we check
2882 * the HCI_CONN_AUTH_PEND flag which will be set if we
2883 * initiated the authentication. A traditional auth_complete
2884 * event gets always produced as initiator and is also mapped to
2885 * the mgmt_auth_failed event */
2886 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
744cf19e 2887 mgmt_auth_failed(hdev, &conn->dst, ev->status);
0493684e 2888
2a611692
JH		 2889 hci_conn_put(conn);
2890
2891unlock:
0493684e
MH		 2892 hci_dev_unlock(hdev);
2893}
2894
41a96212
MH		 2895static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2896{
2897 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2898 struct inquiry_entry *ie;
2899
2900 BT_DBG("%s", hdev->name);
2901
2902 hci_dev_lock(hdev);
2903
cc11b9c1
AE		 2904 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2905 if (ie)
41a96212
MH		 2906 ie->data.ssp_mode = (ev->features[0] & 0x01);
2907
2908 hci_dev_unlock(hdev);
2909}
2910
2763eda6
SJ		 2911static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2912 struct sk_buff *skb)
2913{
2914 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2915 struct oob_data *data;
2916
2917 BT_DBG("%s", hdev->name);
2918
2919 hci_dev_lock(hdev);
2920
e1ba1f15
SJ		 2921 if (!test_bit(HCI_MGMT, &hdev->flags))
2922 goto unlock;
2923
2763eda6
SJ		 2924 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2925 if (data) {
2926 struct hci_cp_remote_oob_data_reply cp;
2927
2928 bacpy(&cp.bdaddr, &ev->bdaddr);
2929 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2930 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2931
2932 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2933 &cp);
2934 } else {
2935 struct hci_cp_remote_oob_data_neg_reply cp;
2936
2937 bacpy(&cp.bdaddr, &ev->bdaddr);
2938 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2939 &cp);
2940 }
2941
e1ba1f15 2942unlock:
2763eda6
SJ		 2943 hci_dev_unlock(hdev);
2944}
2945
fcd89c09
VT		 2946static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2947{
2948 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2949 struct hci_conn *conn;
2950
2951 BT_DBG("%s status %d", hdev->name, ev->status);
2952
2953 hci_dev_lock(hdev);
2954
2955 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 2956 if (!conn) {
2957 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2958 if (!conn) {
2959 BT_ERR("No memory for new connection");
2960 hci_dev_unlock(hdev);
2961 return;
2962 }
29b7988a
AG		 2963
2964 conn->dst_type = ev->bdaddr_type;
b62f328b 2965 }
fcd89c09
VT		 2966
2967 if (ev->status) {
48264f06
JH		 2968 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2969 conn->dst_type, ev->status);
fcd89c09
VT		 2970 hci_proto_connect_cfm(conn, ev->status);
2971 conn->state = BT_CLOSED;
2972 hci_conn_del(conn);
2973 goto unlock;
2974 }
2975
48264f06 2976 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
83bc71b4 2977
7b5c0d52 2978 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 2979 conn->handle = __le16_to_cpu(ev->handle);
2980 conn->state = BT_CONNECTED;
2981
2982 hci_conn_hold_device(conn);
2983 hci_conn_add_sysfs(conn);
2984
2985 hci_proto_connect_cfm(conn, ev->status);
2986
2987unlock:
2988 hci_dev_unlock(hdev);
2989}
2990
9aa04c91
AG		 2991static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2992 struct sk_buff *skb)
2993{
e95beb41
AG		 2994 u8 num_reports = skb->data[0];
2995 void *ptr = &skb->data[1];
9aa04c91
AG		 2996
2997 hci_dev_lock(hdev);
2998
e95beb41
AG		 2999 while (num_reports--) {
3000 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3001
9aa04c91 3002 hci_add_adv_entry(hdev, ev);
e95beb41
AG		 3003
3004 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3005 }
3006
3007 hci_dev_unlock(hdev);
3008}
3009
a7a595f6
VCG		 3010static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3011 struct sk_buff *skb)
3012{
3013 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3014 struct hci_cp_le_ltk_reply cp;
bea710fe 3015 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3016 struct hci_conn *conn;
bea710fe 3017 struct link_key *ltk;
a7a595f6
VCG		 3018
3019 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3020
3021 hci_dev_lock(hdev);
3022
3023 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3024 if (conn == NULL)
3025 goto not_found;
a7a595f6 3026
bea710fe
VCG		 3027 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3028 if (ltk == NULL)
3029 goto not_found;
3030
3031 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3032 cp.handle = cpu_to_le16(conn->handle);
726b4ffc 3033 conn->pin_length = ltk->pin_len;
a7a595f6
VCG		 3034
3035 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3036
3037 hci_dev_unlock(hdev);
bea710fe
VCG		 3038
3039 return;
3040
3041not_found:
3042 neg.handle = ev->handle;
3043 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3044 hci_dev_unlock(hdev);
a7a595f6
VCG		 3045}
3046
fcd89c09
VT		 3047static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3048{
3049 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3050
3051 skb_pull(skb, sizeof(*le_ev));
3052
3053 switch (le_ev->subevent) {
3054 case HCI_EV_LE_CONN_COMPLETE:
3055 hci_le_conn_complete_evt(hdev, skb);
3056 break;
3057
9aa04c91
AG		 3058 case HCI_EV_LE_ADVERTISING_REPORT:
3059 hci_le_adv_report_evt(hdev, skb);
3060 break;
3061
a7a595f6
VCG		 3062 case HCI_EV_LE_LTK_REQ:
3063 hci_le_ltk_request_evt(hdev, skb);
3064 break;
3065
fcd89c09
VT		 3066 default:
3067 break;
3068 }
3069}
3070
a9de9248
MH		 3071void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3072{
3073 struct hci_event_hdr *hdr = (void *) skb->data;
3074 __u8 event = hdr->evt;
3075
3076 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3077
3078 switch (event) {
1da177e4
LT		 3079 case HCI_EV_INQUIRY_COMPLETE:
3080 hci_inquiry_complete_evt(hdev, skb);
3081 break;
3082
3083 case HCI_EV_INQUIRY_RESULT:
3084 hci_inquiry_result_evt(hdev, skb);
3085 break;
3086
a9de9248
MH		 3087 case HCI_EV_CONN_COMPLETE:
3088 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3089 break;
3090
1da177e4
LT		 3091 case HCI_EV_CONN_REQUEST:
3092 hci_conn_request_evt(hdev, skb);
3093 break;
3094
1da177e4
LT		 3095 case HCI_EV_DISCONN_COMPLETE:
3096 hci_disconn_complete_evt(hdev, skb);
3097 break;
3098
1da177e4
LT		 3099 case HCI_EV_AUTH_COMPLETE:
3100 hci_auth_complete_evt(hdev, skb);
3101 break;
3102
a9de9248
MH		 3103 case HCI_EV_REMOTE_NAME:
3104 hci_remote_name_evt(hdev, skb);
3105 break;
3106
1da177e4
LT		 3107 case HCI_EV_ENCRYPT_CHANGE:
3108 hci_encrypt_change_evt(hdev, skb);
3109 break;
3110
a9de9248
MH		 3111 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3112 hci_change_link_key_complete_evt(hdev, skb);
3113 break;
3114
3115 case HCI_EV_REMOTE_FEATURES:
3116 hci_remote_features_evt(hdev, skb);
3117 break;
3118
3119 case HCI_EV_REMOTE_VERSION:
3120 hci_remote_version_evt(hdev, skb);
3121 break;
3122
3123 case HCI_EV_QOS_SETUP_COMPLETE:
3124 hci_qos_setup_complete_evt(hdev, skb);
3125 break;
3126
3127 case HCI_EV_CMD_COMPLETE:
3128 hci_cmd_complete_evt(hdev, skb);
3129 break;
3130
3131 case HCI_EV_CMD_STATUS:
3132 hci_cmd_status_evt(hdev, skb);
3133 break;
3134
3135 case HCI_EV_ROLE_CHANGE:
3136 hci_role_change_evt(hdev, skb);
3137 break;
3138
3139 case HCI_EV_NUM_COMP_PKTS:
3140 hci_num_comp_pkts_evt(hdev, skb);
3141 break;
3142
3143 case HCI_EV_MODE_CHANGE:
3144 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3145 break;
3146
3147 case HCI_EV_PIN_CODE_REQ:
3148 hci_pin_code_request_evt(hdev, skb);
3149 break;
3150
3151 case HCI_EV_LINK_KEY_REQ:
3152 hci_link_key_request_evt(hdev, skb);
3153 break;
3154
3155 case HCI_EV_LINK_KEY_NOTIFY:
3156 hci_link_key_notify_evt(hdev, skb);
3157 break;
3158
3159 case HCI_EV_CLOCK_OFFSET:
3160 hci_clock_offset_evt(hdev, skb);
3161 break;
3162
a8746417
MH		 3163 case HCI_EV_PKT_TYPE_CHANGE:
3164 hci_pkt_type_change_evt(hdev, skb);
3165 break;
3166
85a1e930
MH		 3167 case HCI_EV_PSCAN_REP_MODE:
3168 hci_pscan_rep_mode_evt(hdev, skb);
3169 break;
3170
a9de9248
MH		 3171 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3172 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3173 break;
3174
a9de9248
MH		 3175 case HCI_EV_REMOTE_EXT_FEATURES:
3176 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3177 break;
3178
a9de9248
MH		 3179 case HCI_EV_SYNC_CONN_COMPLETE:
3180 hci_sync_conn_complete_evt(hdev, skb);
3181 break;
1da177e4 3182
a9de9248
MH		 3183 case HCI_EV_SYNC_CONN_CHANGED:
3184 hci_sync_conn_changed_evt(hdev, skb);
3185 break;
1da177e4 3186
a9de9248
MH		 3187 case HCI_EV_SNIFF_SUBRATE:
3188 hci_sniff_subrate_evt(hdev, skb);
3189 break;
1da177e4 3190
a9de9248
MH		 3191 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3192 hci_extended_inquiry_result_evt(hdev, skb);
3193 break;
1da177e4 3194
0493684e
MH		 3195 case HCI_EV_IO_CAPA_REQUEST:
3196 hci_io_capa_request_evt(hdev, skb);
3197 break;
3198
03b555e1
JH		 3199 case HCI_EV_IO_CAPA_REPLY:
3200 hci_io_capa_reply_evt(hdev, skb);
3201 break;
3202
a5c29683
JH		 3203 case HCI_EV_USER_CONFIRM_REQUEST:
3204 hci_user_confirm_request_evt(hdev, skb);
3205 break;
3206
1143d458
BG		 3207 case HCI_EV_USER_PASSKEY_REQUEST:
3208 hci_user_passkey_request_evt(hdev, skb);
3209 break;
3210
0493684e
MH		 3211 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3212 hci_simple_pair_complete_evt(hdev, skb);
3213 break;
3214
41a96212
MH		 3215 case HCI_EV_REMOTE_HOST_FEATURES:
3216 hci_remote_host_features_evt(hdev, skb);
3217 break;
3218
fcd89c09
VT		 3219 case HCI_EV_LE_META:
3220 hci_le_meta_evt(hdev, skb);
3221 break;
3222
2763eda6
SJ		 3223 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3224 hci_remote_oob_data_request_evt(hdev, skb);
3225 break;
3226
a9de9248
MH		 3227 default:
3228 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3229 break;
3230 }
3231
3232 kfree_skb(skb);
3233 hdev->stat.evt_rx++;
3234}
3235
3236/* Generate internal stack event */
3237void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3238{
3239 struct hci_event_hdr *hdr;
3240 struct hci_ev_stack_internal *ev;
3241 struct sk_buff *skb;
3242
3243 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3244 if (!skb)
3245 return;
3246
3247 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3248 hdr->evt = HCI_EV_STACK_INTERNAL;
3249 hdr->plen = sizeof(*ev) + dlen;
3250
3251 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3252 ev->type = type;
3253 memcpy(ev->data, data, dlen);
3254
576c7d85 3255 bt_cb(skb)->incoming = 1;
a61bbcf2 3256 __net_timestamp(skb);
576c7d85 3257
0d48d939 3258 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1da177e4 3259 skb->dev = (void *) hdev;
eec8d2bc 3260 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 3261 kfree_skb(skb);
3262}
e6100a25 3263
669bb396 3264module_param(enable_le, bool, 0644);
e6100a25 3265MODULE_PARM_DESC(enable_le, "Enable LE support");
Linux kernel - Deliverables
This page took 0.725978 seconds and 5 git commands to generate.