projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for reading LE White List Size
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
23bb5763 56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
23bb5763 187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 188}
189
a9de9248
MH		 190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
04837f64 193
9f1db00c 194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 195
10572132
GP		 196 clear_bit(HCI_RESET, &hdev->flags);
197
23bb5763 198 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 199
a297e97c 200 /* Reset all non-persistent flags */
ae854a70
AG		 201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
a9de9248 210}
04837f64 211
a9de9248
MH		 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
213{
214 __u8 status = *((__u8 *) skb->data);
215 void *sent;
04837f64 216
9f1db00c 217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 218
a9de9248
MH		 219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (!sent)
221 return;
04837f64 222
56e5cb86
JH		 223 hci_dev_lock(hdev);
224
f51d5b24
JH		 225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 227 else if (!status)
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 229
56e5cb86 230 hci_dev_unlock(hdev);
3159d384 231
3f0f524b
JH		 232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
3159d384 235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 236}
237
238static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
239{
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
241
9f1db00c 242 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 243
244 if (rp->status)
245 return;
246
db99b5fc
JH		 247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 249}
250
251static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252{
253 __u8 status = *((__u8 *) skb->data);
254 void *sent;
255
9f1db00c 256 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 257
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
259 if (!sent)
260 return;
261
262 if (!status) {
263 __u8 param = *((__u8 *) sent);
264
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
267 else
268 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 269 }
a9de9248 270
33ef95ed
JH		 271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
273
23bb5763 274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 275}
276
a9de9248 277static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 278{
a9de9248 279 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 280 void *sent;
281
9f1db00c 282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 283
a9de9248
MH		 284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
285 if (!sent)
286 return;
1da177e4 287
a9de9248
MH		 288 if (!status) {
289 __u8 param = *((__u8 *) sent);
290
291 if (param)
292 set_bit(HCI_ENCRYPT, &hdev->flags);
293 else
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
295 }
1da177e4 296
23bb5763 297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 298}
1da177e4 299
a9de9248
MH		 300static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
301{
36f7fc7e
JH		 302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
a9de9248 304 void *sent;
1da177e4 305
9f1db00c 306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 307
a9de9248
MH		 308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
309 if (!sent)
310 return;
1da177e4 311
36f7fc7e
JH		 312 param = *((__u8 *) sent);
313
56e5cb86
JH		 314 hci_dev_lock(hdev);
315
fa1bd918 316 if (status) {
744cf19e 317 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 318 hdev->discov_timeout = 0;
319 goto done;
320 }
321
36f7fc7e
JH		 322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
324
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
327 if (!old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 332 to);
16ab91ab 333 }
36f7fc7e 334 } else if (old_iscan)
744cf19e 335 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 336
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
339 if (!old_pscan)
744cf19e 340 mgmt_connectable(hdev, 1);
36f7fc7e 341 } else if (old_pscan)
744cf19e 342 mgmt_connectable(hdev, 0);
1da177e4 343
36f7fc7e 344done:
56e5cb86 345 hci_dev_unlock(hdev);
23bb5763 346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 352
9f1db00c 353 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 354
a9de9248
MH		 355 if (rp->status)
356 return;
1da177e4 357
a9de9248 358 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 359
a9de9248 360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 362}
1da177e4 363
a9de9248
MH		 364static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
365{
366 __u8 status = *((__u8 *) skb->data);
367 void *sent;
1da177e4 368
9f1db00c 369 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 370
a9de9248
MH		 371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
372 if (!sent)
373 return;
1da177e4 374
7f9a903c
MH		 375 hci_dev_lock(hdev);
376
377 if (status == 0)
378 memcpy(hdev->dev_class, sent, 3);
379
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
382
383 hci_dev_unlock(hdev);
a9de9248 384}
1da177e4 385
a9de9248
MH		 386static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387{
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
389 __u16 setting;
390
9f1db00c 391 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 392
393 if (rp->status)
394 return;
395
396 setting = __le16_to_cpu(rp->voice_setting);
397
f383f275 398 if (hdev->voice_setting == setting)
a9de9248
MH		 399 return;
400
401 hdev->voice_setting = setting;
402
9f1db00c 403 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 404
3c54711c 405 if (hdev->notify)
a9de9248 406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 407}
408
8fc9ced3
GP		 409static void hci_cc_write_voice_setting(struct hci_dev *hdev,
410 struct sk_buff *skb)
a9de9248
MH		 411{
412 __u8 status = *((__u8 *) skb->data);
f383f275 413 __u16 setting;
a9de9248
MH		 414 void *sent;
415
9f1db00c 416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 417
f383f275
MH		 418 if (status)
419 return;
420
a9de9248
MH		 421 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
422 if (!sent)
423 return;
1da177e4 424
f383f275 425 setting = get_unaligned_le16(sent);
1da177e4 426
f383f275
MH		 427 if (hdev->voice_setting == setting)
428 return;
429
430 hdev->voice_setting = setting;
1da177e4 431
9f1db00c 432 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 433
3c54711c 434 if (hdev->notify)
f383f275 435 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 436}
437
a9de9248 438static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 439{
a9de9248 440 __u8 status = *((__u8 *) skb->data);
1da177e4 441
9f1db00c 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 443
23bb5763 444 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 445}
1143e5a6 446
333140b5
MH		 447static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448{
449 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 450 struct hci_cp_write_ssp_mode *sent;
333140b5 451
9f1db00c 452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 453
333140b5
MH		 454 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
455 if (!sent)
456 return;
457
5ed8eb2f
JH		 458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
ed2c4ee3 465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 467 else if (!status) {
5ed8eb2f 468 if (sent->mode)
c0ecddc2
JH		 469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 else
471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
472 }
333140b5
MH		 473}
474
d5859e22
JH		 475static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
476{
976eb20e 477 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 478 return 2;
479
976eb20e 480 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 481 return 1;
482
483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 484 hdev->lmp_subver == 0x0757)
d5859e22
JH		 485 return 1;
486
487 if (hdev->manufacturer == 15) {
488 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
489 return 1;
490 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
491 return 1;
492 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
493 return 1;
494 }
495
496 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 497 hdev->lmp_subver == 0x1805)
d5859e22
JH		 498 return 1;
499
500 return 0;
501}
502
503static void hci_setup_inquiry_mode(struct hci_dev *hdev)
504{
505 u8 mode;
506
507 mode = hci_get_inquiry_mode(hdev);
508
509 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
510}
511
512static void hci_setup_event_mask(struct hci_dev *hdev)
513{
514 /* The second byte is 0xff instead of 0x9f (two reserved bits
515 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
516 * command otherwise */
517 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
518
6de6c18d
VT		 519 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
520 * any event mask for pre 1.2 devices */
5a13b095 521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 522 return;
523
e1171e8d
JH		 524 if (lmp_bredr_capable(hdev)) {
525 events[4] |= 0x01; /* Flow Specification Complete */
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
d5859e22 531
976eb20e 532 if (lmp_inq_rssi_capable(hdev))
a24299e6 533 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 534
999dcd10 535 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 536 events[5] |= 0x20; /* Sniff Subrating */
537
976eb20e 538 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
540
976eb20e 541 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 542 events[5] |= 0x40; /* Extended Inquiry Result */
543
c58e810e 544 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 545 events[7] |= 0x01; /* Enhanced Flush Complete */
546
976eb20e 547 if (lmp_lsto_capable(hdev))
d5859e22
JH		 548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
549
9a1a1996 550 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 551 events[6] |= 0x01; /* IO Capability Request */
552 events[6] |= 0x02; /* IO Capability Response */
553 events[6] |= 0x04; /* User Confirmation Request */
554 events[6] |= 0x08; /* User Passkey Request */
555 events[6] |= 0x10; /* Remote OOB Data Request */
556 events[6] |= 0x20; /* Simple Pairing Complete */
557 events[7] |= 0x04; /* User Passkey Notification */
558 events[7] |= 0x08; /* Keypress Notification */
559 events[7] |= 0x10; /* Remote Host Supported
560 * Features Notification */
561 }
562
c383ddc4 563 if (lmp_le_capable(hdev))
d5859e22
JH		 564 events[7] |= 0x20; /* LE Meta-Event */
565
566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
d5859e22
JH		 574}
575
4611dfa8 576static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 577{
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605}
606
4611dfa8 607static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 608{
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098 611
60e77321
JH		 612 /* Read LE Local Supported Features */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
614
8fa19098
JH		 615 /* Read LE Advertising Channel TX Power */
616 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
cf1d081f
JH		 617
618 /* Read LE White List Size */
619 hci_send_cmd(hdev, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
e1171e8d
JH		 620}
621
d5859e22
JH		 622static void hci_setup(struct hci_dev *hdev)
623{
e61ef499
AE		 624 if (hdev->dev_type != HCI_BREDR)
625 return;
626
e1171e8d
JH		 627 /* Read BD Address */
628 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
629
630 if (lmp_bredr_capable(hdev))
4611dfa8 631 bredr_setup(hdev);
e1171e8d
JH		 632
633 if (lmp_le_capable(hdev))
4611dfa8 634 le_setup(hdev);
e1171e8d 635
d5859e22
JH		 636 hci_setup_event_mask(hdev);
637
d095c1eb 638 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 639 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
640
6d3c730f 641 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 642 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
643 u8 mode = 0x01;
644 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 645 sizeof(mode), &mode);
54d04dbb
JH		 646 } else {
647 struct hci_cp_write_eir cp;
648
649 memset(hdev->eir, 0, sizeof(hdev->eir));
650 memset(&cp, 0, sizeof(cp));
651
652 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
653 }
d5859e22
JH		 654 }
655
976eb20e 656 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 657 hci_setup_inquiry_mode(hdev);
658
976eb20e 659 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 660 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 661
976eb20e 662 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 663 struct hci_cp_read_local_ext_features cp;
664
665 cp.page = 0x01;
04124681
GP		 666 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
667 &cp);
971e3a4b 668 }
e6100a25 669
47990ea0
JH		 670 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
671 u8 enable = 1;
04124681
GP		 672 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
673 &enable);
47990ea0 674 }
d5859e22
JH		 675}
676
a9de9248
MH		 677static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
678{
679 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 680
9f1db00c 681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 682
a9de9248 683 if (rp->status)
28b8df77 684 goto done;
1143e5a6 685
a9de9248 686 hdev->hci_ver = rp->hci_ver;
e4e8e37c 687 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 688 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 689 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 690 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 691
9f1db00c 692 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 693 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 694
695 if (test_bit(HCI_INIT, &hdev->flags))
696 hci_setup(hdev);
28b8df77
AE		 697
698done:
699 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 700}
701
702static void hci_setup_link_policy(struct hci_dev *hdev)
703{
035100c8 704 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 705 u16 link_policy = 0;
706
9f92ebf6 707 if (lmp_rswitch_capable(hdev))
d5859e22 708 link_policy |= HCI_LP_RSWITCH;
976eb20e 709 if (lmp_hold_capable(hdev))
d5859e22 710 link_policy |= HCI_LP_HOLD;
6eded100 711 if (lmp_sniff_capable(hdev))
d5859e22 712 link_policy |= HCI_LP_SNIFF;
976eb20e 713 if (lmp_park_capable(hdev))
d5859e22
JH		 714 link_policy |= HCI_LP_PARK;
715
035100c8
AE		 716 cp.policy = cpu_to_le16(link_policy);
717 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 718}
1da177e4 719
8fc9ced3
GP		 720static void hci_cc_read_local_commands(struct hci_dev *hdev,
721 struct sk_buff *skb)
a9de9248
MH		 722{
723 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 724
9f1db00c 725 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 726
a9de9248 727 if (rp->status)
d5859e22 728 goto done;
1da177e4 729
a9de9248 730 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 731
732 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
733 hci_setup_link_policy(hdev);
734
735done:
736 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 737}
1da177e4 738
8fc9ced3
GP		 739static void hci_cc_read_local_features(struct hci_dev *hdev,
740 struct sk_buff *skb)
a9de9248
MH		 741{
742 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 743
9f1db00c 744 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 745
a9de9248
MH		 746 if (rp->status)
747 return;
5b7f9909 748
a9de9248 749 memcpy(hdev->features, rp->features, 8);
5b7f9909 750
a9de9248
MH		 751 /* Adjust default settings according to features
752 * supported by device. */
1da177e4 753
a9de9248
MH		 754 if (hdev->features[0] & LMP_3SLOT)
755 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 756
a9de9248
MH		 757 if (hdev->features[0] & LMP_5SLOT)
758 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 759
a9de9248
MH		 760 if (hdev->features[1] & LMP_HV2) {
761 hdev->pkt_type |= (HCI_HV2);
762 hdev->esco_type |= (ESCO_HV2);
763 }
1da177e4 764
a9de9248
MH		 765 if (hdev->features[1] & LMP_HV3) {
766 hdev->pkt_type |= (HCI_HV3);
767 hdev->esco_type |= (ESCO_HV3);
768 }
1da177e4 769
45db810f 770 if (lmp_esco_capable(hdev))
a9de9248 771 hdev->esco_type |= (ESCO_EV3);
da1f5198 772
a9de9248
MH		 773 if (hdev->features[4] & LMP_EV4)
774 hdev->esco_type |= (ESCO_EV4);
da1f5198 775
a9de9248
MH		 776 if (hdev->features[4] & LMP_EV5)
777 hdev->esco_type |= (ESCO_EV5);
1da177e4 778
efc7688b
MH		 779 if (hdev->features[5] & LMP_EDR_ESCO_2M)
780 hdev->esco_type |= (ESCO_2EV3);
781
782 if (hdev->features[5] & LMP_EDR_ESCO_3M)
783 hdev->esco_type |= (ESCO_3EV3);
784
785 if (hdev->features[5] & LMP_EDR_3S_ESCO)
786 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
787
a9de9248 788 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 789 hdev->features[0], hdev->features[1],
790 hdev->features[2], hdev->features[3],
791 hdev->features[4], hdev->features[5],
792 hdev->features[6], hdev->features[7]);
a9de9248 793}
1da177e4 794
8f984dfa
JH		 795static void hci_set_le_support(struct hci_dev *hdev)
796{
797 struct hci_cp_write_le_host_supported cp;
798
799 memset(&cp, 0, sizeof(cp));
800
9d42820f 801 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 802 cp.le = 1;
ffa88e02 803 cp.simul = lmp_le_br_capable(hdev);
8f984dfa
JH		 804 }
805
ffa88e02 806 if (cp.le != lmp_host_le_capable(hdev))
04124681
GP		 807 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
808 &cp);
8f984dfa
JH		 809}
810
971e3a4b 811static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 812 struct sk_buff *skb)
971e3a4b
AG		 813{
814 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
815
9f1db00c 816 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 817
818 if (rp->status)
8f984dfa 819 goto done;
971e3a4b 820
b5b32b65
AG		 821 switch (rp->page) {
822 case 0:
823 memcpy(hdev->features, rp->features, 8);
824 break;
825 case 1:
826 memcpy(hdev->host_features, rp->features, 8);
827 break;
828 }
971e3a4b 829
c383ddc4 830 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 831 hci_set_le_support(hdev);
832
833done:
971e3a4b
AG		 834 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
835}
836
1e89cffb 837static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 838 struct sk_buff *skb)
1e89cffb
AE		 839{
840 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
841
9f1db00c 842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 843
844 if (rp->status)
845 return;
846
847 hdev->flow_ctl_mode = rp->mode;
848
849 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
850}
851
a9de9248
MH		 852static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
853{
854 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 855
9f1db00c 856 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 857
a9de9248
MH		 858 if (rp->status)
859 return;
1da177e4 860
a9de9248
MH		 861 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
862 hdev->sco_mtu = rp->sco_mtu;
863 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
864 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
865
866 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
867 hdev->sco_mtu = 64;
868 hdev->sco_pkts = 8;
1da177e4 869 }
a9de9248
MH		 870
871 hdev->acl_cnt = hdev->acl_pkts;
872 hdev->sco_cnt = hdev->sco_pkts;
873
807deac2
GP		 874 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
875 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 876}
877
878static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
879{
880 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
881
9f1db00c 882 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 883
884 if (!rp->status)
885 bacpy(&hdev->bdaddr, &rp->bdaddr);
886
23bb5763
JH		 887 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
888}
889
350ee4cf 890static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 891 struct sk_buff *skb)
350ee4cf
AE		 892{
893 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
894
9f1db00c 895 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 896
897 if (rp->status)
898 return;
899
900 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
901 hdev->block_len = __le16_to_cpu(rp->block_len);
902 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
903
904 hdev->block_cnt = hdev->num_blocks;
905
906 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 907 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 908
909 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
910}
911
23bb5763
JH		 912static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
913{
914 __u8 status = *((__u8 *) skb->data);
915
9f1db00c 916 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 917
918 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 919}
920
928abaa7 921static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 922 struct sk_buff *skb)
928abaa7
AE		 923{
924 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
925
9f1db00c 926 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 927
928 if (rp->status)
8e2a0d92 929 goto a2mp_rsp;
928abaa7
AE		 930
931 hdev->amp_status = rp->amp_status;
932 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
933 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
934 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
935 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
936 hdev->amp_type = rp->amp_type;
937 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
938 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
939 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
940 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
941
942 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 943
944a2mp_rsp:
945 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 946}
947
903e4541
AE		 948static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
949 struct sk_buff *skb)
950{
951 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
952 struct amp_assoc *assoc = &hdev->loc_assoc;
953 size_t rem_len, frag_len;
954
955 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
956
957 if (rp->status)
958 goto a2mp_rsp;
959
960 frag_len = skb->len - sizeof(*rp);
961 rem_len = __le16_to_cpu(rp->rem_len);
962
963 if (rem_len > frag_len) {
2e430be3 964 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 965
966 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
967 assoc->offset += frag_len;
968
969 /* Read other fragments */
970 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
971
972 return;
973 }
974
975 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
976 assoc->len = assoc->offset + rem_len;
977 assoc->offset = 0;
978
979a2mp_rsp:
980 /* Send A2MP Rsp when all fragments are received */
981 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 982 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 983}
984
b0916ea0 985static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 986 struct sk_buff *skb)
b0916ea0
JH		 987{
988 __u8 status = *((__u8 *) skb->data);
989
9f1db00c 990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 991
992 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
993}
994
d5859e22
JH		 995static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
996{
997 __u8 status = *((__u8 *) skb->data);
998
9f1db00c 999 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1000
1001 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
1002}
1003
1004static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 1005 struct sk_buff *skb)
d5859e22
JH		 1006{
1007 __u8 status = *((__u8 *) skb->data);
1008
9f1db00c 1009 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1010
1011 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
1012}
1013
1014static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1015 struct sk_buff *skb)
d5859e22 1016{
91c4e9b1 1017 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1018
9f1db00c 1019 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1020
1021 if (!rp->status)
1022 hdev->inq_tx_power = rp->tx_power;
d5859e22 1023
91c4e9b1 1024 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1025}
1026
1027static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1028{
1029 __u8 status = *((__u8 *) skb->data);
1030
9f1db00c 1031 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1032
1033 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1034}
1035
980e1a53
JH		 1036static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1037{
1038 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1039 struct hci_cp_pin_code_reply *cp;
1040 struct hci_conn *conn;
1041
9f1db00c 1042 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1043
56e5cb86
JH		 1044 hci_dev_lock(hdev);
1045
a8b2d5c2 1046 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1047 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1048
fa1bd918 1049 if (rp->status)
56e5cb86 1050 goto unlock;
980e1a53
JH		 1051
1052 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1053 if (!cp)
56e5cb86 1054 goto unlock;
980e1a53
JH		 1055
1056 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1057 if (conn)
1058 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1059
1060unlock:
1061 hci_dev_unlock(hdev);
980e1a53
JH		 1062}
1063
1064static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1065{
1066 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1067
9f1db00c 1068 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1069
56e5cb86
JH		 1070 hci_dev_lock(hdev);
1071
a8b2d5c2 1072 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1073 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1074 rp->status);
56e5cb86
JH		 1075
1076 hci_dev_unlock(hdev);
980e1a53 1077}
56e5cb86 1078
6ed58ec5
VT		 1079static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1080 struct sk_buff *skb)
1081{
1082 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1083
9f1db00c 1084 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1085
1086 if (rp->status)
1087 return;
1088
1089 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1090 hdev->le_pkts = rp->le_max_pkt;
1091
1092 hdev->le_cnt = hdev->le_pkts;
1093
1094 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1095
1096 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1097}
980e1a53 1098
60e77321
JH		 1099static void hci_cc_le_read_local_features(struct hci_dev *hdev,
1100 struct sk_buff *skb)
1101{
1102 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
1103
1104 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1105
1106 if (!rp->status)
1107 memcpy(hdev->le_features, rp->features, 8);
1108
1109 hci_req_complete(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, rp->status);
1110}
1111
8fa19098
JH		 1112static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1113 struct sk_buff *skb)
1114{
1115 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1116
1117 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1118
3f0f524b 1119 if (!rp->status) {
8fa19098 1120 hdev->adv_tx_power = rp->tx_power;
3f0f524b
JH		 1121 if (!test_bit(HCI_INIT, &hdev->flags))
1122 hci_update_ad(hdev);
1123 }
8fa19098
JH		 1124
1125 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1126}
1127
e36b04c8
JH		 1128static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1129{
1130 __u8 status = *((__u8 *) skb->data);
1131
1132 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1133
1134 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1135}
1136
a5c29683
JH		 1137static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1138{
1139 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1140
9f1db00c 1141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1142
56e5cb86
JH		 1143 hci_dev_lock(hdev);
1144
a8b2d5c2 1145 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1146 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1147 rp->status);
56e5cb86
JH		 1148
1149 hci_dev_unlock(hdev);
a5c29683
JH		 1150}
1151
1152static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1153 struct sk_buff *skb)
a5c29683
JH		 1154{
1155 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1156
9f1db00c 1157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1158
56e5cb86
JH		 1159 hci_dev_lock(hdev);
1160
a8b2d5c2 1161 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1162 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1163 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1164
1165 hci_dev_unlock(hdev);
a5c29683
JH		 1166}
1167
1143d458
BG		 1168static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1169{
1170 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1171
9f1db00c 1172 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1173
1174 hci_dev_lock(hdev);
1175
a8b2d5c2 1176 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1177 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1178 0, rp->status);
1143d458
BG		 1179
1180 hci_dev_unlock(hdev);
1181}
1182
1183static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1184 struct sk_buff *skb)
1143d458
BG		 1185{
1186 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1187
9f1db00c 1188 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1189
1190 hci_dev_lock(hdev);
1191
a8b2d5c2 1192 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1193 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1194 ACL_LINK, 0, rp->status);
1143d458
BG		 1195
1196 hci_dev_unlock(hdev);
1197}
1198
c35938b2 1199static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1200 struct sk_buff *skb)
c35938b2
SJ		 1201{
1202 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1203
9f1db00c 1204 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1205
56e5cb86 1206 hci_dev_lock(hdev);
744cf19e 1207 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1208 rp->randomizer, rp->status);
56e5cb86 1209 hci_dev_unlock(hdev);
c35938b2
SJ		 1210}
1211
c1d5dc4a
JH		 1212static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1213{
1214 __u8 *sent, status = *((__u8 *) skb->data);
1215
1216 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1217
1218 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1219 if (!sent)
1220 return;
1221
1222 hci_dev_lock(hdev);
1223
1224 if (!status) {
1225 if (*sent)
1226 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1227 else
1228 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1229 }
1230
1231 hci_dev_unlock(hdev);
1232
1233 if (!test_bit(HCI_INIT, &hdev->flags))
1234 hci_update_ad(hdev);
1235
1236 hci_req_complete(hdev, HCI_OP_LE_SET_ADV_ENABLE, status);
1237}
1238
07f7fa5d
AG		 1239static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1240{
1241 __u8 status = *((__u8 *) skb->data);
1242
9f1db00c 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1244
1245 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1246
1247 if (status) {
1248 hci_dev_lock(hdev);
1249 mgmt_start_discovery_failed(hdev, status);
1250 hci_dev_unlock(hdev);
1251 return;
1252 }
07f7fa5d
AG		 1253}
1254
eb9d91f5 1255static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1256 struct sk_buff *skb)
eb9d91f5
AG		 1257{
1258 struct hci_cp_le_set_scan_enable *cp;
1259 __u8 status = *((__u8 *) skb->data);
1260
9f1db00c 1261 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1262
eb9d91f5
AG		 1263 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1264 if (!cp)
1265 return;
1266
68a8aea4
AE		 1267 switch (cp->enable) {
1268 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1269 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1270
3fd24153
AG		 1271 if (status) {
1272 hci_dev_lock(hdev);
1273 mgmt_start_discovery_failed(hdev, status);
1274 hci_dev_unlock(hdev);
7ba8b4be 1275 return;
3fd24153 1276 }
7ba8b4be 1277
d23264a8
AG		 1278 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1279
a8f13c8c 1280 hci_dev_lock(hdev);
343f935b 1281 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1282 hci_dev_unlock(hdev);
68a8aea4
AE		 1283 break;
1284
1285 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1286 if (status) {
1287 hci_dev_lock(hdev);
1288 mgmt_stop_discovery_failed(hdev, status);
1289 hci_dev_unlock(hdev);
7ba8b4be 1290 return;
c9ecc48e 1291 }
7ba8b4be 1292
d23264a8
AG		 1293 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1294
bc3dd33c
AG		 1295 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1296 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1297 mgmt_interleaved_discovery(hdev);
1298 } else {
1299 hci_dev_lock(hdev);
1300 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1301 hci_dev_unlock(hdev);
1302 }
1303
68a8aea4
AE		 1304 break;
1305
1306 default:
1307 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1308 break;
35815085 1309 }
eb9d91f5
AG		 1310}
1311
cf1d081f
JH		 1312static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1313 struct sk_buff *skb)
1314{
1315 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1316
1317 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1318
1319 if (!rp->status)
1320 hdev->le_white_list_size = rp->size;
1321
1322 hci_req_complete(hdev, HCI_OP_LE_READ_WHITE_LIST_SIZE, rp->status);
1323}
1324
a7a595f6
VCG		 1325static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1326{
1327 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1328
9f1db00c 1329 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1330
1331 if (rp->status)
1332 return;
1333
1334 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1335}
1336
1337static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1338{
1339 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1340
9f1db00c 1341 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1342
1343 if (rp->status)
1344 return;
1345
1346 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1347}
1348
6039aa73
GP		 1349static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1350 struct sk_buff *skb)
f9b49306 1351{
06199cf8 1352 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1353 __u8 status = *((__u8 *) skb->data);
1354
9f1db00c 1355 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1356
06199cf8 1357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1358 if (!sent)
f9b49306
AG		 1359 return;
1360
8f984dfa
JH		 1361 if (!status) {
1362 if (sent->le)
1363 hdev->host_features[0] |= LMP_HOST_LE;
1364 else
1365 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1366
1367 if (sent->simul)
1368 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1369 else
1370 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1371 }
1372
1373 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1374 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1375 mgmt_le_enable_complete(hdev, sent->le, status);
1376
1377 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1378}
1379
93c284ee
AE		 1380static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1381 struct sk_buff *skb)
1382{
1383 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1384
1385 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1386 hdev->name, rp->status, rp->phy_handle);
1387
1388 if (rp->status)
1389 return;
1390
1391 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1392}
1393
6039aa73 1394static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1395{
9f1db00c 1396 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1397
1398 if (status) {
23bb5763 1399 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1400 hci_conn_check_pending(hdev);
56e5cb86 1401 hci_dev_lock(hdev);
a8b2d5c2 1402 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1403 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1404 hci_dev_unlock(hdev);
314b2381
JH		 1405 return;
1406 }
1407
89352e7d
AG		 1408 set_bit(HCI_INQUIRY, &hdev->flags);
1409
56e5cb86 1410 hci_dev_lock(hdev);
343f935b 1411 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1412 hci_dev_unlock(hdev);
1da177e4
LT		 1413}
1414
6039aa73 1415static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1416{
a9de9248 1417 struct hci_cp_create_conn *cp;
1da177e4 1418 struct hci_conn *conn;
1da177e4 1419
9f1db00c 1420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1421
1422 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1423 if (!cp)
1424 return;
1425
1426 hci_dev_lock(hdev);
1427
1428 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1429
6ed93dc6 1430 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1431
1432 if (status) {
1433 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1434 if (status != 0x0c || conn->attempt > 2) {
1435 conn->state = BT_CLOSED;
1436 hci_proto_connect_cfm(conn, status);
1437 hci_conn_del(conn);
1438 } else
1439 conn->state = BT_CONNECT2;
1da177e4
LT		 1440 }
1441 } else {
1442 if (!conn) {
1443 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1444 if (conn) {
a0c808b3 1445 conn->out = true;
1da177e4
LT		 1446 conn->link_mode |= HCI_LM_MASTER;
1447 } else
893ef971 1448 BT_ERR("No memory for new connection");
1da177e4
LT		 1449 }
1450 }
1451
1452 hci_dev_unlock(hdev);
1453}
1454
a9de9248 1455static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1456{
a9de9248
MH		 1457 struct hci_cp_add_sco *cp;
1458 struct hci_conn *acl, *sco;
1459 __u16 handle;
1da177e4 1460
9f1db00c 1461 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1462
a9de9248
MH		 1463 if (!status)
1464 return;
1da177e4 1465
a9de9248
MH		 1466 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1467 if (!cp)
1468 return;
1da177e4 1469
a9de9248 1470 handle = __le16_to_cpu(cp->handle);
1da177e4 1471
9f1db00c 1472 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1473
a9de9248 1474 hci_dev_lock(hdev);
1da177e4 1475
a9de9248 1476 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1477 if (acl) {
1478 sco = acl->link;
1479 if (sco) {
1480 sco->state = BT_CLOSED;
1da177e4 1481
5a08ecce
AE		 1482 hci_proto_connect_cfm(sco, status);
1483 hci_conn_del(sco);
1484 }
a9de9248 1485 }
1da177e4 1486
a9de9248
MH		 1487 hci_dev_unlock(hdev);
1488}
1da177e4 1489
f8558555
MH		 1490static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1491{
1492 struct hci_cp_auth_requested *cp;
1493 struct hci_conn *conn;
1494
9f1db00c 1495 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1496
1497 if (!status)
1498 return;
1499
1500 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1501 if (!cp)
1502 return;
1503
1504 hci_dev_lock(hdev);
1505
1506 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1507 if (conn) {
1508 if (conn->state == BT_CONFIG) {
1509 hci_proto_connect_cfm(conn, status);
1510 hci_conn_put(conn);
1511 }
1512 }
1513
1514 hci_dev_unlock(hdev);
1515}
1516
1517static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1518{
1519 struct hci_cp_set_conn_encrypt *cp;
1520 struct hci_conn *conn;
1521
9f1db00c 1522 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1523
1524 if (!status)
1525 return;
1526
1527 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1528 if (!cp)
1529 return;
1530
1531 hci_dev_lock(hdev);
1532
1533 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1534 if (conn) {
1535 if (conn->state == BT_CONFIG) {
1536 hci_proto_connect_cfm(conn, status);
1537 hci_conn_put(conn);
1538 }
1539 }
1540
1541 hci_dev_unlock(hdev);
1542}
1543
127178d2 1544static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1545 struct hci_conn *conn)
392599b9 1546{
392599b9
JH		 1547 if (conn->state != BT_CONFIG || !conn->out)
1548 return 0;
1549
765c2a96 1550 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1551 return 0;
1552
1553 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1554 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1555 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1556 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1557 return 0;
1558
392599b9
JH		 1559 return 1;
1560}
1561
6039aa73 1562static int hci_resolve_name(struct hci_dev *hdev,
04124681 1563 struct inquiry_entry *e)
30dc78e1
JH		 1564{
1565 struct hci_cp_remote_name_req cp;
1566
1567 memset(&cp, 0, sizeof(cp));
1568
1569 bacpy(&cp.bdaddr, &e->data.bdaddr);
1570 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1571 cp.pscan_mode = e->data.pscan_mode;
1572 cp.clock_offset = e->data.clock_offset;
1573
1574 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1575}
1576
b644ba33 1577static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1578{
1579 struct discovery_state *discov = &hdev->discovery;
1580 struct inquiry_entry *e;
1581
b644ba33
JH		 1582 if (list_empty(&discov->resolve))
1583 return false;
1584
1585 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1586 if (!e)
1587 return false;
1588
b644ba33
JH		 1589 if (hci_resolve_name(hdev, e) == 0) {
1590 e->name_state = NAME_PENDING;
1591 return true;
1592 }
1593
1594 return false;
1595}
1596
1597static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1598 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1599{
1600 struct discovery_state *discov = &hdev->discovery;
1601 struct inquiry_entry *e;
1602
1603 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1604 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1605 name_len, conn->dev_class);
b644ba33
JH		 1606
1607 if (discov->state == DISCOVERY_STOPPED)
1608 return;
1609
30dc78e1
JH		 1610 if (discov->state == DISCOVERY_STOPPING)
1611 goto discov_complete;
1612
1613 if (discov->state != DISCOVERY_RESOLVING)
1614 return;
1615
1616 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1617 /* If the device was not found in a list of found devices names of which
1618 * are pending. there is no need to continue resolving a next name as it
1619 * will be done upon receiving another Remote Name Request Complete
1620 * Event */
1621 if (!e)
1622 return;
1623
1624 list_del(&e->list);
1625 if (name) {
30dc78e1 1626 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1627 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1628 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1629 } else {
1630 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1631 }
1632
b644ba33 1633 if (hci_resolve_next_name(hdev))
30dc78e1 1634 return;
30dc78e1
JH		 1635
1636discov_complete:
1637 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1638}
1639
a9de9248
MH		 1640static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1641{
127178d2
JH		 1642 struct hci_cp_remote_name_req *cp;
1643 struct hci_conn *conn;
1644
9f1db00c 1645 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1646
1647 /* If successful wait for the name req complete event before
1648 * checking for the need to do authentication */
1649 if (!status)
1650 return;
1651
1652 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1653 if (!cp)
1654 return;
1655
1656 hci_dev_lock(hdev);
1657
b644ba33
JH		 1658 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1659
a8b2d5c2 1660 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1661 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1662
79c6c70c
JH		 1663 if (!conn)
1664 goto unlock;
1665
1666 if (!hci_outgoing_auth_needed(hdev, conn))
1667 goto unlock;
1668
51a8efd7 1669 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1670 struct hci_cp_auth_requested cp;
1671 cp.handle = __cpu_to_le16(conn->handle);
1672 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1673 }
1674
79c6c70c 1675unlock:
127178d2 1676 hci_dev_unlock(hdev);
a9de9248 1677}
1da177e4 1678
769be974
MH		 1679static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1680{
1681 struct hci_cp_read_remote_features *cp;
1682 struct hci_conn *conn;
1683
9f1db00c 1684 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1685
1686 if (!status)
1687 return;
1688
1689 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1690 if (!cp)
1691 return;
1692
1693 hci_dev_lock(hdev);
1694
1695 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1696 if (conn) {
1697 if (conn->state == BT_CONFIG) {
769be974
MH		 1698 hci_proto_connect_cfm(conn, status);
1699 hci_conn_put(conn);
1700 }
1701 }
1702
1703 hci_dev_unlock(hdev);
1704}
1705
1706static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1707{
1708 struct hci_cp_read_remote_ext_features *cp;
1709 struct hci_conn *conn;
1710
9f1db00c 1711 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1712
1713 if (!status)
1714 return;
1715
1716 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1717 if (!cp)
1718 return;
1719
1720 hci_dev_lock(hdev);
1721
1722 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1723 if (conn) {
1724 if (conn->state == BT_CONFIG) {
769be974
MH		 1725 hci_proto_connect_cfm(conn, status);
1726 hci_conn_put(conn);
1727 }
1728 }
1729
1730 hci_dev_unlock(hdev);
1731}
1732
a9de9248
MH		 1733static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1734{
b6a0dc82
MH		 1735 struct hci_cp_setup_sync_conn *cp;
1736 struct hci_conn *acl, *sco;
1737 __u16 handle;
1738
9f1db00c 1739 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1740
1741 if (!status)
1742 return;
1743
1744 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1745 if (!cp)
1746 return;
1747
1748 handle = __le16_to_cpu(cp->handle);
1749
9f1db00c 1750 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1751
1752 hci_dev_lock(hdev);
1753
1754 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1755 if (acl) {
1756 sco = acl->link;
1757 if (sco) {
1758 sco->state = BT_CLOSED;
b6a0dc82 1759
5a08ecce
AE		 1760 hci_proto_connect_cfm(sco, status);
1761 hci_conn_del(sco);
1762 }
b6a0dc82
MH		 1763 }
1764
1765 hci_dev_unlock(hdev);
1da177e4
LT		 1766}
1767
a9de9248 1768static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1769{
a9de9248
MH		 1770 struct hci_cp_sniff_mode *cp;
1771 struct hci_conn *conn;
1da177e4 1772
9f1db00c 1773 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1774
a9de9248
MH		 1775 if (!status)
1776 return;
04837f64 1777
a9de9248
MH		 1778 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1779 if (!cp)
1780 return;
04837f64 1781
a9de9248 1782 hci_dev_lock(hdev);
04837f64 1783
a9de9248 1784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1785 if (conn) {
51a8efd7 1786 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1787
51a8efd7 1788 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1789 hci_sco_setup(conn, status);
1790 }
1791
a9de9248
MH		 1792 hci_dev_unlock(hdev);
1793}
04837f64 1794
a9de9248
MH		 1795static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1796{
1797 struct hci_cp_exit_sniff_mode *cp;
1798 struct hci_conn *conn;
04837f64 1799
9f1db00c 1800 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1801
a9de9248
MH		 1802 if (!status)
1803 return;
04837f64 1804
a9de9248
MH		 1805 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1806 if (!cp)
1807 return;
04837f64 1808
a9de9248 1809 hci_dev_lock(hdev);
1da177e4 1810
a9de9248 1811 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1812 if (conn) {
51a8efd7 1813 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1814
51a8efd7 1815 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1816 hci_sco_setup(conn, status);
1817 }
1818
a9de9248 1819 hci_dev_unlock(hdev);
1da177e4
LT		 1820}
1821
88c3df13
JH		 1822static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1823{
1824 struct hci_cp_disconnect *cp;
1825 struct hci_conn *conn;
1826
1827 if (!status)
1828 return;
1829
1830 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1831 if (!cp)
1832 return;
1833
1834 hci_dev_lock(hdev);
1835
1836 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1837 if (conn)
1838 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1839 conn->dst_type, status);
88c3df13
JH		 1840
1841 hci_dev_unlock(hdev);
1842}
1843
fcd89c09
VT		 1844static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1845{
fcd89c09
VT		 1846 struct hci_conn *conn;
1847
9f1db00c 1848 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1849
f00a06ac
AG		 1850 if (status) {
1851 hci_dev_lock(hdev);
fcd89c09 1852
0c95ab78 1853 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1854 if (!conn) {
1855 hci_dev_unlock(hdev);
1856 return;
1857 }
fcd89c09 1858
6ed93dc6 1859 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1860
f00a06ac 1861 conn->state = BT_CLOSED;
0c95ab78 1862 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1863 conn->dst_type, status);
1864 hci_proto_connect_cfm(conn, status);
1865 hci_conn_del(conn);
fcd89c09 1866
f00a06ac
AG		 1867 hci_dev_unlock(hdev);
1868 }
fcd89c09
VT		 1869}
1870
a7a595f6
VCG		 1871static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1872{
9f1db00c 1873 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1874}
1875
a02226d6
AE		 1876static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1877{
93c284ee
AE		 1878 struct hci_cp_create_phy_link *cp;
1879
a02226d6 1880 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1881
93c284ee
AE		 1882 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1883 if (!cp)
1884 return;
1885
e58917b9
AE		 1886 hci_dev_lock(hdev);
1887
1888 if (status) {
1889 struct hci_conn *hcon;
1890
1891 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1892 if (hcon)
1893 hci_conn_del(hcon);
1894 } else {
1895 amp_write_remote_assoc(hdev, cp->phy_handle);
1896 }
1897
1898 hci_dev_unlock(hdev);
a02226d6
AE		 1899}
1900
0b26ab9d
AE		 1901static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1902{
1903 struct hci_cp_accept_phy_link *cp;
1904
1905 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1906
1907 if (status)
1908 return;
1909
1910 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1911 if (!cp)
1912 return;
1913
1914 amp_write_remote_assoc(hdev, cp->phy_handle);
1915}
1916
5ce66b59
AE		 1917static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1918{
1919 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1920}
1921
6039aa73 1922static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1923{
1924 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1925 struct discovery_state *discov = &hdev->discovery;
1926 struct inquiry_entry *e;
1da177e4 1927
9f1db00c 1928 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1929
23bb5763 1930 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1931
a9de9248 1932 hci_conn_check_pending(hdev);
89352e7d
AG		 1933
1934 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1935 return;
1936
a8b2d5c2 1937 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1938 return;
1939
56e5cb86 1940 hci_dev_lock(hdev);
30dc78e1 1941
343f935b 1942 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1943 goto unlock;
1944
1945 if (list_empty(&discov->resolve)) {
1946 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1947 goto unlock;
1948 }
1949
1950 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1951 if (e && hci_resolve_name(hdev, e) == 0) {
1952 e->name_state = NAME_PENDING;
1953 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1954 } else {
1955 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1956 }
1957
1958unlock:
56e5cb86 1959 hci_dev_unlock(hdev);
1da177e4
LT		 1960}
1961
6039aa73 1962static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1963{
45bb4bf0 1964 struct inquiry_data data;
a9de9248 1965 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1966 int num_rsp = *((__u8 *) skb->data);
1967
1968 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1969
45bb4bf0
MH		 1970 if (!num_rsp)
1971 return;
1972
1519cc17
AG		 1973 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1974 return;
1975
1da177e4 1976 hci_dev_lock(hdev);
45bb4bf0 1977
e17acd40 1978 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1979 bool name_known, ssp;
3175405b 1980
1da177e4
LT		 1981 bacpy(&data.bdaddr, &info->bdaddr);
1982 data.pscan_rep_mode = info->pscan_rep_mode;
1983 data.pscan_period_mode = info->pscan_period_mode;
1984 data.pscan_mode = info->pscan_mode;
1985 memcpy(data.dev_class, info->dev_class, 3);
1986 data.clock_offset = info->clock_offset;
1987 data.rssi = 0x00;
41a96212 1988 data.ssp_mode = 0x00;
3175405b 1989
388fc8fa 1990 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1991 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1992 info->dev_class, 0, !name_known, ssp, NULL,
1993 0);
1da177e4 1994 }
45bb4bf0 1995
1da177e4
LT		 1996 hci_dev_unlock(hdev);
1997}
1998
6039aa73 1999static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2000{
a9de9248
MH		 2001 struct hci_ev_conn_complete *ev = (void *) skb->data;
2002 struct hci_conn *conn;
1da177e4
LT		 2003
2004 BT_DBG("%s", hdev->name);
2005
2006 hci_dev_lock(hdev);
2007
2008 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 2009 if (!conn) {
2010 if (ev->link_type != SCO_LINK)
2011 goto unlock;
2012
2013 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2014 if (!conn)
2015 goto unlock;
2016
2017 conn->type = SCO_LINK;
2018 }
1da177e4
LT		 2019
2020 if (!ev->status) {
2021 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 2022
2023 if (conn->type == ACL_LINK) {
2024 conn->state = BT_CONFIG;
2025 hci_conn_hold(conn);
a9ea3ed9
SJ		 2026
2027 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2028 !hci_find_link_key(hdev, &ev->bdaddr))
2029 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2030 else
2031 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 2032 } else
2033 conn->state = BT_CONNECTED;
1da177e4 2034
9eba32b8 2035 hci_conn_hold_device(conn);
7d0db0a3
MH		 2036 hci_conn_add_sysfs(conn);
2037
1da177e4
LT		 2038 if (test_bit(HCI_AUTH, &hdev->flags))
2039 conn->link_mode |= HCI_LM_AUTH;
2040
2041 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2042 conn->link_mode |= HCI_LM_ENCRYPT;
2043
04837f64
MH		 2044 /* Get remote features */
2045 if (conn->type == ACL_LINK) {
2046 struct hci_cp_read_remote_features cp;
2047 cp.handle = ev->handle;
769be974 2048 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2049 sizeof(cp), &cp);
04837f64
MH		 2050 }
2051
1da177e4 2052 /* Set packet type for incoming connection */
d095c1eb 2053 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2054 struct hci_cp_change_conn_ptype cp;
2055 cp.handle = ev->handle;
a8746417 2056 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2057 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2058 &cp);
1da177e4 2059 }
17d5c04c 2060 } else {
1da177e4 2061 conn->state = BT_CLOSED;
17d5c04c 2062 if (conn->type == ACL_LINK)
744cf19e 2063 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 2064 conn->dst_type, ev->status);
17d5c04c 2065 }
1da177e4 2066
e73439d8
MH		 2067 if (conn->type == ACL_LINK)
2068 hci_sco_setup(conn, ev->status);
1da177e4 2069
769be974
MH		 2070 if (ev->status) {
2071 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2072 hci_conn_del(conn);
c89b6e6b
MH		 2073 } else if (ev->link_type != ACL_LINK)
2074 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2075
a9de9248 2076unlock:
1da177e4 2077 hci_dev_unlock(hdev);
1da177e4 2078
a9de9248 2079 hci_conn_check_pending(hdev);
1da177e4
LT		 2080}
2081
20714bfe
FD		 2082void hci_conn_accept(struct hci_conn *conn, int mask)
2083{
2084 struct hci_dev *hdev = conn->hdev;
2085
2086 BT_DBG("conn %p", conn);
2087
2088 conn->state = BT_CONFIG;
2089
2090 if (!lmp_esco_capable(hdev)) {
2091 struct hci_cp_accept_conn_req cp;
2092
2093 bacpy(&cp.bdaddr, &conn->dst);
2094
2095 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2096 cp.role = 0x00; /* Become master */
2097 else
2098 cp.role = 0x01; /* Remain slave */
2099
2100 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2101 } else /* lmp_esco_capable(hdev)) */ {
2102 struct hci_cp_accept_sync_conn_req cp;
2103
2104 bacpy(&cp.bdaddr, &conn->dst);
2105 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2106
2107 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2108 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2109 cp.max_latency = __constant_cpu_to_le16(0xffff);
2110 cp.content_format = cpu_to_le16(hdev->voice_setting);
2111 cp.retrans_effort = 0xff;
2112
2113 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2114 sizeof(cp), &cp);
2115 }
2116}
2117
6039aa73 2118static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2119{
a9de9248
MH		 2120 struct hci_ev_conn_request *ev = (void *) skb->data;
2121 int mask = hdev->link_mode;
20714bfe 2122 __u8 flags = 0;
1da177e4 2123
6ed93dc6 2124 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2125 ev->link_type);
1da177e4 2126
20714bfe
FD		 2127 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2128 &flags);
1da177e4 2129
138d22ef 2130 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2131 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2132 /* Connection accepted */
c7bdd502 2133 struct inquiry_entry *ie;
1da177e4 2134 struct hci_conn *conn;
1da177e4 2135
a9de9248 2136 hci_dev_lock(hdev);
b6a0dc82 2137
cc11b9c1
AE		 2138 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2139 if (ie)
c7bdd502
MH		 2140 memcpy(ie->data.dev_class, ev->dev_class, 3);
2141
8fc9ced3
GP		 2142 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2143 &ev->bdaddr);
a9de9248 2144 if (!conn) {
cc11b9c1
AE		 2145 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2146 if (!conn) {
893ef971 2147 BT_ERR("No memory for new connection");
a9de9248
MH		 2148 hci_dev_unlock(hdev);
2149 return;
1da177e4
LT		 2150 }
2151 }
b6a0dc82 2152
a9de9248 2153 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2154
a9de9248 2155 hci_dev_unlock(hdev);
1da177e4 2156
20714bfe
FD		 2157 if (ev->link_type == ACL_LINK ||
2158 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2159 struct hci_cp_accept_conn_req cp;
20714bfe 2160 conn->state = BT_CONNECT;
1da177e4 2161
b6a0dc82
MH		 2162 bacpy(&cp.bdaddr, &ev->bdaddr);
2163
2164 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2165 cp.role = 0x00; /* Become master */
2166 else
2167 cp.role = 0x01; /* Remain slave */
2168
04124681
GP		 2169 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2170 &cp);
20714bfe 2171 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2172 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2173 conn->state = BT_CONNECT;
b6a0dc82
MH		 2174
2175 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2176 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2177
82781e63
AE		 2178 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2179 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2180 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2181 cp.content_format = cpu_to_le16(hdev->voice_setting);
2182 cp.retrans_effort = 0xff;
1da177e4 2183
b6a0dc82 2184 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2185 sizeof(cp), &cp);
20714bfe
FD		 2186 } else {
2187 conn->state = BT_CONNECT2;
2188 hci_proto_connect_cfm(conn, 0);
2189 hci_conn_put(conn);
b6a0dc82 2190 }
a9de9248
MH		 2191 } else {
2192 /* Connection rejected */
2193 struct hci_cp_reject_conn_req cp;
1da177e4 2194
a9de9248 2195 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2196 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2197 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2198 }
1da177e4
LT		 2199}
2200
f0d6a0ea
MA		 2201static u8 hci_to_mgmt_reason(u8 err)
2202{
2203 switch (err) {
2204 case HCI_ERROR_CONNECTION_TIMEOUT:
2205 return MGMT_DEV_DISCONN_TIMEOUT;
2206 case HCI_ERROR_REMOTE_USER_TERM:
2207 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2208 case HCI_ERROR_REMOTE_POWER_OFF:
2209 return MGMT_DEV_DISCONN_REMOTE;
2210 case HCI_ERROR_LOCAL_HOST_TERM:
2211 return MGMT_DEV_DISCONN_LOCAL_HOST;
2212 default:
2213 return MGMT_DEV_DISCONN_UNKNOWN;
2214 }
2215}
2216
6039aa73 2217static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2218{
a9de9248 2219 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2220 struct hci_conn *conn;
2221
9f1db00c 2222 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2223
2224 hci_dev_lock(hdev);
2225
2226 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2227 if (!conn)
2228 goto unlock;
7d0db0a3 2229
37d9ef76
JH		 2230 if (ev->status == 0)
2231 conn->state = BT_CLOSED;
04837f64 2232
b644ba33 2233 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2234 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2235 if (ev->status) {
88c3df13 2236 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2237 conn->dst_type, ev->status);
f0d6a0ea
MA		 2238 } else {
2239 u8 reason = hci_to_mgmt_reason(ev->reason);
2240
afc747a6 2241 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2242 conn->dst_type, reason);
2243 }
37d9ef76 2244 }
f7520543 2245
37d9ef76 2246 if (ev->status == 0) {
6ec5bcad
VA		 2247 if (conn->type == ACL_LINK && conn->flush_key)
2248 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2249 hci_proto_disconn_cfm(conn, ev->reason);
2250 hci_conn_del(conn);
2251 }
f7520543
JH		 2252
2253unlock:
04837f64
MH		 2254 hci_dev_unlock(hdev);
2255}
2256
6039aa73 2257static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2258{
a9de9248 2259 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2260 struct hci_conn *conn;
1da177e4 2261
9f1db00c 2262 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2263
2264 hci_dev_lock(hdev);
2265
04837f64 2266 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2267 if (!conn)
2268 goto unlock;
2269
2270 if (!ev->status) {
aa64a8b5 2271 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2272 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2273 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2274 } else {
d7556e20
WR		 2275 conn->link_mode |= HCI_LM_AUTH;
2276 conn->sec_level = conn->pending_sec_level;
2a611692 2277 }
d7556e20 2278 } else {
bab73cb6 2279 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2280 ev->status);
d7556e20 2281 }
1da177e4 2282
51a8efd7
JH		 2283 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2284 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2285
d7556e20 2286 if (conn->state == BT_CONFIG) {
aa64a8b5 2287 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2288 struct hci_cp_set_conn_encrypt cp;
2289 cp.handle = ev->handle;
2290 cp.encrypt = 0x01;
2291 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2292 &cp);
052b30b0 2293 } else {
d7556e20
WR		 2294 conn->state = BT_CONNECTED;
2295 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2296 hci_conn_put(conn);
2297 }
d7556e20
WR		 2298 } else {
2299 hci_auth_cfm(conn, ev->status);
052b30b0 2300
d7556e20
WR		 2301 hci_conn_hold(conn);
2302 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2303 hci_conn_put(conn);
2304 }
2305
51a8efd7 2306 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2307 if (!ev->status) {
2308 struct hci_cp_set_conn_encrypt cp;
2309 cp.handle = ev->handle;
2310 cp.encrypt = 0x01;
2311 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2312 &cp);
d7556e20 2313 } else {
51a8efd7 2314 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2315 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2316 }
2317 }
2318
d7556e20 2319unlock:
1da177e4
LT		 2320 hci_dev_unlock(hdev);
2321}
2322
6039aa73 2323static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2324{
127178d2
JH		 2325 struct hci_ev_remote_name *ev = (void *) skb->data;
2326 struct hci_conn *conn;
2327
a9de9248 2328 BT_DBG("%s", hdev->name);
1da177e4 2329
a9de9248 2330 hci_conn_check_pending(hdev);
127178d2
JH		 2331
2332 hci_dev_lock(hdev);
2333
b644ba33 2334 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2335
b644ba33
JH		 2336 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2337 goto check_auth;
a88a9652 2338
b644ba33
JH		 2339 if (ev->status == 0)
2340 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2341 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2342 else
2343 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2344
2345check_auth:
79c6c70c
JH		 2346 if (!conn)
2347 goto unlock;
2348
2349 if (!hci_outgoing_auth_needed(hdev, conn))
2350 goto unlock;
2351
51a8efd7 2352 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2353 struct hci_cp_auth_requested cp;
2354 cp.handle = __cpu_to_le16(conn->handle);
2355 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2356 }
2357
79c6c70c 2358unlock:
127178d2 2359 hci_dev_unlock(hdev);
a9de9248
MH		 2360}
2361
6039aa73 2362static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2363{
2364 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2365 struct hci_conn *conn;
2366
9f1db00c 2367 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2368
2369 hci_dev_lock(hdev);
2370
04837f64 2371 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2372 if (conn) {
2373 if (!ev->status) {
ae293196
MH		 2374 if (ev->encrypt) {
2375 /* Encryption implies authentication */
2376 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2377 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2378 conn->sec_level = conn->pending_sec_level;
ae293196 2379 } else
1da177e4
LT		 2380 conn->link_mode &= ~HCI_LM_ENCRYPT;
2381 }
2382
51a8efd7 2383 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2384
a7d7723a 2385 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2386 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2387 hci_conn_put(conn);
2388 goto unlock;
2389 }
2390
f8558555
MH		 2391 if (conn->state == BT_CONFIG) {
2392 if (!ev->status)
2393 conn->state = BT_CONNECTED;
2394
2395 hci_proto_connect_cfm(conn, ev->status);
2396 hci_conn_put(conn);
2397 } else
2398 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2399 }
2400
a7d7723a 2401unlock:
1da177e4
LT		 2402 hci_dev_unlock(hdev);
2403}
2404
6039aa73
GP		 2405static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2406 struct sk_buff *skb)
1da177e4 2407{
a9de9248 2408 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2409 struct hci_conn *conn;
1da177e4 2410
9f1db00c 2411 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2412
2413 hci_dev_lock(hdev);
2414
04837f64 2415 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2416 if (conn) {
2417 if (!ev->status)
2418 conn->link_mode |= HCI_LM_SECURE;
2419
51a8efd7 2420 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2421
2422 hci_key_change_cfm(conn, ev->status);
2423 }
2424
2425 hci_dev_unlock(hdev);
2426}
2427
6039aa73
GP		 2428static void hci_remote_features_evt(struct hci_dev *hdev,
2429 struct sk_buff *skb)
1da177e4 2430{
a9de9248
MH		 2431 struct hci_ev_remote_features *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2433
9f1db00c 2434 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2435
a9de9248
MH		 2436 hci_dev_lock(hdev);
2437
2438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2439 if (!conn)
2440 goto unlock;
769be974 2441
ccd556fe
JH		 2442 if (!ev->status)
2443 memcpy(conn->features, ev->features, 8);
2444
2445 if (conn->state != BT_CONFIG)
2446 goto unlock;
2447
2448 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2449 struct hci_cp_read_remote_ext_features cp;
2450 cp.handle = ev->handle;
2451 cp.page = 0x01;
2452 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2453 sizeof(cp), &cp);
392599b9
JH		 2454 goto unlock;
2455 }
2456
671267bf 2457 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2458 struct hci_cp_remote_name_req cp;
2459 memset(&cp, 0, sizeof(cp));
2460 bacpy(&cp.bdaddr, &conn->dst);
2461 cp.pscan_rep_mode = 0x02;
2462 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2463 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2464 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2465 conn->dst_type, 0, NULL, 0,
2466 conn->dev_class);
392599b9 2467
127178d2 2468 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2469 conn->state = BT_CONNECTED;
2470 hci_proto_connect_cfm(conn, ev->status);
2471 hci_conn_put(conn);
769be974 2472 }
a9de9248 2473
ccd556fe 2474unlock:
a9de9248 2475 hci_dev_unlock(hdev);
1da177e4
LT		 2476}
2477
6039aa73 2478static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2479{
a9de9248 2480 BT_DBG("%s", hdev->name);
1da177e4
LT		 2481}
2482
6039aa73
GP		 2483static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2484 struct sk_buff *skb)
1da177e4 2485{
a9de9248 2486 BT_DBG("%s", hdev->name);
1da177e4
LT		 2487}
2488
6039aa73 2489static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2490{
2491 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2492 __u16 opcode;
2493
2494 skb_pull(skb, sizeof(*ev));
2495
2496 opcode = __le16_to_cpu(ev->opcode);
2497
2498 switch (opcode) {
2499 case HCI_OP_INQUIRY_CANCEL:
2500 hci_cc_inquiry_cancel(hdev, skb);
2501 break;
2502
4d93483b
AG		 2503 case HCI_OP_PERIODIC_INQ:
2504 hci_cc_periodic_inq(hdev, skb);
2505 break;
2506
a9de9248
MH		 2507 case HCI_OP_EXIT_PERIODIC_INQ:
2508 hci_cc_exit_periodic_inq(hdev, skb);
2509 break;
2510
2511 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2512 hci_cc_remote_name_req_cancel(hdev, skb);
2513 break;
2514
2515 case HCI_OP_ROLE_DISCOVERY:
2516 hci_cc_role_discovery(hdev, skb);
2517 break;
2518
e4e8e37c
MH		 2519 case HCI_OP_READ_LINK_POLICY:
2520 hci_cc_read_link_policy(hdev, skb);
2521 break;
2522
a9de9248
MH		 2523 case HCI_OP_WRITE_LINK_POLICY:
2524 hci_cc_write_link_policy(hdev, skb);
2525 break;
2526
e4e8e37c
MH		 2527 case HCI_OP_READ_DEF_LINK_POLICY:
2528 hci_cc_read_def_link_policy(hdev, skb);
2529 break;
2530
2531 case HCI_OP_WRITE_DEF_LINK_POLICY:
2532 hci_cc_write_def_link_policy(hdev, skb);
2533 break;
2534
a9de9248
MH		 2535 case HCI_OP_RESET:
2536 hci_cc_reset(hdev, skb);
2537 break;
2538
2539 case HCI_OP_WRITE_LOCAL_NAME:
2540 hci_cc_write_local_name(hdev, skb);
2541 break;
2542
2543 case HCI_OP_READ_LOCAL_NAME:
2544 hci_cc_read_local_name(hdev, skb);
2545 break;
2546
2547 case HCI_OP_WRITE_AUTH_ENABLE:
2548 hci_cc_write_auth_enable(hdev, skb);
2549 break;
2550
2551 case HCI_OP_WRITE_ENCRYPT_MODE:
2552 hci_cc_write_encrypt_mode(hdev, skb);
2553 break;
2554
2555 case HCI_OP_WRITE_SCAN_ENABLE:
2556 hci_cc_write_scan_enable(hdev, skb);
2557 break;
2558
2559 case HCI_OP_READ_CLASS_OF_DEV:
2560 hci_cc_read_class_of_dev(hdev, skb);
2561 break;
2562
2563 case HCI_OP_WRITE_CLASS_OF_DEV:
2564 hci_cc_write_class_of_dev(hdev, skb);
2565 break;
2566
2567 case HCI_OP_READ_VOICE_SETTING:
2568 hci_cc_read_voice_setting(hdev, skb);
2569 break;
2570
2571 case HCI_OP_WRITE_VOICE_SETTING:
2572 hci_cc_write_voice_setting(hdev, skb);
2573 break;
2574
2575 case HCI_OP_HOST_BUFFER_SIZE:
2576 hci_cc_host_buffer_size(hdev, skb);
2577 break;
2578
333140b5
MH		 2579 case HCI_OP_WRITE_SSP_MODE:
2580 hci_cc_write_ssp_mode(hdev, skb);
2581 break;
2582
a9de9248
MH		 2583 case HCI_OP_READ_LOCAL_VERSION:
2584 hci_cc_read_local_version(hdev, skb);
2585 break;
2586
2587 case HCI_OP_READ_LOCAL_COMMANDS:
2588 hci_cc_read_local_commands(hdev, skb);
2589 break;
2590
2591 case HCI_OP_READ_LOCAL_FEATURES:
2592 hci_cc_read_local_features(hdev, skb);
2593 break;
2594
971e3a4b
AG		 2595 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2596 hci_cc_read_local_ext_features(hdev, skb);
2597 break;
2598
a9de9248
MH		 2599 case HCI_OP_READ_BUFFER_SIZE:
2600 hci_cc_read_buffer_size(hdev, skb);
2601 break;
2602
2603 case HCI_OP_READ_BD_ADDR:
2604 hci_cc_read_bd_addr(hdev, skb);
2605 break;
2606
350ee4cf
AE		 2607 case HCI_OP_READ_DATA_BLOCK_SIZE:
2608 hci_cc_read_data_block_size(hdev, skb);
2609 break;
2610
23bb5763
JH		 2611 case HCI_OP_WRITE_CA_TIMEOUT:
2612 hci_cc_write_ca_timeout(hdev, skb);
2613 break;
2614
1e89cffb
AE		 2615 case HCI_OP_READ_FLOW_CONTROL_MODE:
2616 hci_cc_read_flow_control_mode(hdev, skb);
2617 break;
2618
928abaa7
AE		 2619 case HCI_OP_READ_LOCAL_AMP_INFO:
2620 hci_cc_read_local_amp_info(hdev, skb);
2621 break;
2622
903e4541
AE		 2623 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2624 hci_cc_read_local_amp_assoc(hdev, skb);
2625 break;
2626
b0916ea0
JH		 2627 case HCI_OP_DELETE_STORED_LINK_KEY:
2628 hci_cc_delete_stored_link_key(hdev, skb);
2629 break;
2630
d5859e22
JH		 2631 case HCI_OP_SET_EVENT_MASK:
2632 hci_cc_set_event_mask(hdev, skb);
2633 break;
2634
2635 case HCI_OP_WRITE_INQUIRY_MODE:
2636 hci_cc_write_inquiry_mode(hdev, skb);
2637 break;
2638
2639 case HCI_OP_READ_INQ_RSP_TX_POWER:
2640 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2641 break;
2642
2643 case HCI_OP_SET_EVENT_FLT:
2644 hci_cc_set_event_flt(hdev, skb);
2645 break;
2646
980e1a53
JH		 2647 case HCI_OP_PIN_CODE_REPLY:
2648 hci_cc_pin_code_reply(hdev, skb);
2649 break;
2650
2651 case HCI_OP_PIN_CODE_NEG_REPLY:
2652 hci_cc_pin_code_neg_reply(hdev, skb);
2653 break;
2654
c35938b2
SJ		 2655 case HCI_OP_READ_LOCAL_OOB_DATA:
2656 hci_cc_read_local_oob_data_reply(hdev, skb);
2657 break;
2658
6ed58ec5
VT		 2659 case HCI_OP_LE_READ_BUFFER_SIZE:
2660 hci_cc_le_read_buffer_size(hdev, skb);
2661 break;
2662
60e77321
JH		 2663 case HCI_OP_LE_READ_LOCAL_FEATURES:
2664 hci_cc_le_read_local_features(hdev, skb);
2665 break;
2666
8fa19098
JH		 2667 case HCI_OP_LE_READ_ADV_TX_POWER:
2668 hci_cc_le_read_adv_tx_power(hdev, skb);
2669 break;
2670
e36b04c8
JH		 2671 case HCI_OP_LE_SET_EVENT_MASK:
2672 hci_cc_le_set_event_mask(hdev, skb);
2673 break;
2674
a5c29683
JH		 2675 case HCI_OP_USER_CONFIRM_REPLY:
2676 hci_cc_user_confirm_reply(hdev, skb);
2677 break;
2678
2679 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2680 hci_cc_user_confirm_neg_reply(hdev, skb);
2681 break;
2682
1143d458
BG		 2683 case HCI_OP_USER_PASSKEY_REPLY:
2684 hci_cc_user_passkey_reply(hdev, skb);
2685 break;
2686
2687 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2688 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2689 break;
07f7fa5d
AG		 2690
2691 case HCI_OP_LE_SET_SCAN_PARAM:
2692 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2693 break;
2694
c1d5dc4a
JH		 2695 case HCI_OP_LE_SET_ADV_ENABLE:
2696 hci_cc_le_set_adv_enable(hdev, skb);
2697 break;
2698
eb9d91f5
AG		 2699 case HCI_OP_LE_SET_SCAN_ENABLE:
2700 hci_cc_le_set_scan_enable(hdev, skb);
2701 break;
2702
cf1d081f
JH		 2703 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2704 hci_cc_le_read_white_list_size(hdev, skb);
2705 break;
2706
a7a595f6
VCG		 2707 case HCI_OP_LE_LTK_REPLY:
2708 hci_cc_le_ltk_reply(hdev, skb);
2709 break;
2710
2711 case HCI_OP_LE_LTK_NEG_REPLY:
2712 hci_cc_le_ltk_neg_reply(hdev, skb);
2713 break;
2714
f9b49306
AG		 2715 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2716 hci_cc_write_le_host_supported(hdev, skb);
2717 break;
2718
93c284ee
AE		 2719 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2720 hci_cc_write_remote_amp_assoc(hdev, skb);
2721 break;
2722
a9de9248 2723 default:
9f1db00c 2724 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2725 break;
2726 }
2727
6bd32326
VT		 2728 if (ev->opcode != HCI_OP_NOP)
2729 del_timer(&hdev->cmd_timer);
2730
a9de9248
MH		 2731 if (ev->ncmd) {
2732 atomic_set(&hdev->cmd_cnt, 1);
2733 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2734 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2735 }
2736}
2737
6039aa73 2738static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2739{
2740 struct hci_ev_cmd_status *ev = (void *) skb->data;
2741 __u16 opcode;
2742
2743 skb_pull(skb, sizeof(*ev));
2744
2745 opcode = __le16_to_cpu(ev->opcode);
2746
2747 switch (opcode) {
2748 case HCI_OP_INQUIRY:
2749 hci_cs_inquiry(hdev, ev->status);
2750 break;
2751
2752 case HCI_OP_CREATE_CONN:
2753 hci_cs_create_conn(hdev, ev->status);
2754 break;
2755
2756 case HCI_OP_ADD_SCO:
2757 hci_cs_add_sco(hdev, ev->status);
2758 break;
2759
f8558555
MH		 2760 case HCI_OP_AUTH_REQUESTED:
2761 hci_cs_auth_requested(hdev, ev->status);
2762 break;
2763
2764 case HCI_OP_SET_CONN_ENCRYPT:
2765 hci_cs_set_conn_encrypt(hdev, ev->status);
2766 break;
2767
a9de9248
MH		 2768 case HCI_OP_REMOTE_NAME_REQ:
2769 hci_cs_remote_name_req(hdev, ev->status);
2770 break;
2771
769be974
MH		 2772 case HCI_OP_READ_REMOTE_FEATURES:
2773 hci_cs_read_remote_features(hdev, ev->status);
2774 break;
2775
2776 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2777 hci_cs_read_remote_ext_features(hdev, ev->status);
2778 break;
2779
a9de9248
MH		 2780 case HCI_OP_SETUP_SYNC_CONN:
2781 hci_cs_setup_sync_conn(hdev, ev->status);
2782 break;
2783
2784 case HCI_OP_SNIFF_MODE:
2785 hci_cs_sniff_mode(hdev, ev->status);
2786 break;
2787
2788 case HCI_OP_EXIT_SNIFF_MODE:
2789 hci_cs_exit_sniff_mode(hdev, ev->status);
2790 break;
2791
8962ee74 2792 case HCI_OP_DISCONNECT:
88c3df13 2793 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2794 break;
2795
fcd89c09
VT		 2796 case HCI_OP_LE_CREATE_CONN:
2797 hci_cs_le_create_conn(hdev, ev->status);
2798 break;
2799
a7a595f6
VCG		 2800 case HCI_OP_LE_START_ENC:
2801 hci_cs_le_start_enc(hdev, ev->status);
2802 break;
2803
a02226d6
AE		 2804 case HCI_OP_CREATE_PHY_LINK:
2805 hci_cs_create_phylink(hdev, ev->status);
2806 break;
2807
0b26ab9d
AE		 2808 case HCI_OP_ACCEPT_PHY_LINK:
2809 hci_cs_accept_phylink(hdev, ev->status);
2810 break;
2811
5ce66b59
AE		 2812 case HCI_OP_CREATE_LOGICAL_LINK:
2813 hci_cs_create_logical_link(hdev, ev->status);
2814 break;
2815
a9de9248 2816 default:
9f1db00c 2817 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2818 break;
2819 }
2820
6bd32326
VT		 2821 if (ev->opcode != HCI_OP_NOP)
2822 del_timer(&hdev->cmd_timer);
2823
10572132 2824 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2825 atomic_set(&hdev->cmd_cnt, 1);
2826 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2827 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2828 }
2829}
2830
6039aa73 2831static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2832{
2833 struct hci_ev_role_change *ev = (void *) skb->data;
2834 struct hci_conn *conn;
2835
9f1db00c 2836 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2837
2838 hci_dev_lock(hdev);
2839
2840 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2841 if (conn) {
2842 if (!ev->status) {
2843 if (ev->role)
2844 conn->link_mode &= ~HCI_LM_MASTER;
2845 else
2846 conn->link_mode |= HCI_LM_MASTER;
2847 }
2848
51a8efd7 2849 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2850
2851 hci_role_switch_cfm(conn, ev->status, ev->role);
2852 }
2853
2854 hci_dev_unlock(hdev);
2855}
2856
6039aa73 2857static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2858{
2859 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2860 int i;
2861
32ac5b9b
AE		 2862 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2863 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2864 return;
2865 }
2866
c5993de8 2867 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2868 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2869 BT_DBG("%s bad parameters", hdev->name);
2870 return;
2871 }
2872
c5993de8
AE		 2873 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2874
613a1c0c
AE		 2875 for (i = 0; i < ev->num_hndl; i++) {
2876 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2877 struct hci_conn *conn;
2878 __u16 handle, count;
2879
613a1c0c
AE		 2880 handle = __le16_to_cpu(info->handle);
2881 count = __le16_to_cpu(info->count);
a9de9248
MH		 2882
2883 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2884 if (!conn)
2885 continue;
2886
2887 conn->sent -= count;
2888
2889 switch (conn->type) {
2890 case ACL_LINK:
2891 hdev->acl_cnt += count;
2892 if (hdev->acl_cnt > hdev->acl_pkts)
2893 hdev->acl_cnt = hdev->acl_pkts;
2894 break;
2895
2896 case LE_LINK:
2897 if (hdev->le_pkts) {
2898 hdev->le_cnt += count;
2899 if (hdev->le_cnt > hdev->le_pkts)
2900 hdev->le_cnt = hdev->le_pkts;
2901 } else {
70f23020
AE		 2902 hdev->acl_cnt += count;
2903 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2904 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2905 }
f4280918
AE		 2906 break;
2907
2908 case SCO_LINK:
2909 hdev->sco_cnt += count;
2910 if (hdev->sco_cnt > hdev->sco_pkts)
2911 hdev->sco_cnt = hdev->sco_pkts;
2912 break;
2913
2914 default:
2915 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2916 break;
a9de9248
MH		 2917 }
2918 }
2919
3eff45ea 2920 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2921}
2922
76ef7cf7
AE		 2923static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2924 __u16 handle)
2925{
2926 struct hci_chan *chan;
2927
2928 switch (hdev->dev_type) {
2929 case HCI_BREDR:
2930 return hci_conn_hash_lookup_handle(hdev, handle);
2931 case HCI_AMP:
2932 chan = hci_chan_lookup_handle(hdev, handle);
2933 if (chan)
2934 return chan->conn;
2935 break;
2936 default:
2937 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2938 break;
2939 }
2940
2941 return NULL;
2942}
2943
6039aa73 2944static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2945{
2946 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2947 int i;
2948
2949 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2950 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2951 return;
2952 }
2953
2954 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2955 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2956 BT_DBG("%s bad parameters", hdev->name);
2957 return;
2958 }
2959
2960 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2961 ev->num_hndl);
25e89e99
AE		 2962
2963 for (i = 0; i < ev->num_hndl; i++) {
2964 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2965 struct hci_conn *conn = NULL;
25e89e99
AE		 2966 __u16 handle, block_count;
2967
2968 handle = __le16_to_cpu(info->handle);
2969 block_count = __le16_to_cpu(info->blocks);
2970
76ef7cf7 2971 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2972 if (!conn)
2973 continue;
2974
2975 conn->sent -= block_count;
2976
2977 switch (conn->type) {
2978 case ACL_LINK:
bd1eb66b 2979 case AMP_LINK:
25e89e99
AE		 2980 hdev->block_cnt += block_count;
2981 if (hdev->block_cnt > hdev->num_blocks)
2982 hdev->block_cnt = hdev->num_blocks;
2983 break;
2984
2985 default:
2986 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2987 break;
2988 }
2989 }
2990
2991 queue_work(hdev->workqueue, &hdev->tx_work);
2992}
2993
6039aa73 2994static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2995{
a9de9248 2996 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2997 struct hci_conn *conn;
2998
9f1db00c 2999 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3000
3001 hci_dev_lock(hdev);
3002
3003 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 3004 if (conn) {
3005 conn->mode = ev->mode;
3006 conn->interval = __le16_to_cpu(ev->interval);
3007
8fc9ced3
GP		 3008 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3009 &conn->flags)) {
a9de9248 3010 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 3011 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3012 else
58a681ef 3013 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 3014 }
e73439d8 3015
51a8efd7 3016 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3017 hci_sco_setup(conn, ev->status);
04837f64
MH		 3018 }
3019
3020 hci_dev_unlock(hdev);
3021}
3022
6039aa73 3023static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3024{
052b30b0
MH		 3025 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3026 struct hci_conn *conn;
3027
a9de9248 3028 BT_DBG("%s", hdev->name);
052b30b0
MH		 3029
3030 hci_dev_lock(hdev);
3031
3032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3033 if (!conn)
3034 goto unlock;
3035
3036 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3037 hci_conn_hold(conn);
3038 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3039 hci_conn_put(conn);
3040 }
3041
a8b2d5c2 3042 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3043 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3044 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3045 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3046 u8 secure;
3047
3048 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3049 secure = 1;
3050 else
3051 secure = 0;
3052
744cf19e 3053 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3054 }
980e1a53 3055
b6f98044 3056unlock:
052b30b0 3057 hci_dev_unlock(hdev);
a9de9248
MH		 3058}
3059
6039aa73 3060static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3061{
55ed8ca1
JH		 3062 struct hci_ev_link_key_req *ev = (void *) skb->data;
3063 struct hci_cp_link_key_reply cp;
3064 struct hci_conn *conn;
3065 struct link_key *key;
3066
a9de9248 3067 BT_DBG("%s", hdev->name);
55ed8ca1 3068
a8b2d5c2 3069 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 3070 return;
3071
3072 hci_dev_lock(hdev);
3073
3074 key = hci_find_link_key(hdev, &ev->bdaddr);
3075 if (!key) {
6ed93dc6
AE		 3076 BT_DBG("%s link key not found for %pMR", hdev->name,
3077 &ev->bdaddr);
55ed8ca1
JH		 3078 goto not_found;
3079 }
3080
6ed93dc6
AE		 3081 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3082 &ev->bdaddr);
55ed8ca1 3083
a8b2d5c2 3084 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3085 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3086 BT_DBG("%s ignoring debug key", hdev->name);
3087 goto not_found;
3088 }
3089
3090 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 3091 if (conn) {
3092 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 3093 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3094 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3095 goto not_found;
3096 }
55ed8ca1 3097
60b83f57 3098 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 3099 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 3100 BT_DBG("%s ignoring key unauthenticated for high security",
3101 hdev->name);
60b83f57
WR		 3102 goto not_found;
3103 }
3104
3105 conn->key_type = key->type;
3106 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3107 }
3108
3109 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3110 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3111
3112 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3113
3114 hci_dev_unlock(hdev);
3115
3116 return;
3117
3118not_found:
3119 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3120 hci_dev_unlock(hdev);
a9de9248
MH		 3121}
3122
6039aa73 3123static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3124{
052b30b0
MH		 3125 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3126 struct hci_conn *conn;
55ed8ca1 3127 u8 pin_len = 0;
052b30b0 3128
a9de9248 3129 BT_DBG("%s", hdev->name);
052b30b0
MH		 3130
3131 hci_dev_lock(hdev);
3132
3133 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3134 if (conn) {
3135 hci_conn_hold(conn);
3136 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3137 pin_len = conn->pin_length;
13d39315
WR		 3138
3139 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3140 conn->key_type = ev->key_type;
3141
052b30b0
MH		 3142 hci_conn_put(conn);
3143 }
3144
a8b2d5c2 3145 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3146 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3147 ev->key_type, pin_len);
55ed8ca1 3148
052b30b0 3149 hci_dev_unlock(hdev);
a9de9248
MH		 3150}
3151
6039aa73 3152static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3153{
a9de9248 3154 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3155 struct hci_conn *conn;
1da177e4 3156
9f1db00c 3157 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3158
3159 hci_dev_lock(hdev);
3160
04837f64 3161 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3162 if (conn && !ev->status) {
3163 struct inquiry_entry *ie;
3164
cc11b9c1
AE		 3165 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3166 if (ie) {
1da177e4
LT		 3167 ie->data.clock_offset = ev->clock_offset;
3168 ie->timestamp = jiffies;
3169 }
3170 }
3171
3172 hci_dev_unlock(hdev);
3173}
3174
6039aa73 3175static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3176{
3177 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3178 struct hci_conn *conn;
3179
9f1db00c 3180 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3181
3182 hci_dev_lock(hdev);
3183
3184 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3185 if (conn && !ev->status)
3186 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3187
3188 hci_dev_unlock(hdev);
3189}
3190
6039aa73 3191static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3192{
a9de9248 3193 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3194 struct inquiry_entry *ie;
3195
3196 BT_DBG("%s", hdev->name);
3197
3198 hci_dev_lock(hdev);
3199
cc11b9c1
AE		 3200 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3201 if (ie) {
85a1e930
MH		 3202 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3203 ie->timestamp = jiffies;
3204 }
3205
3206 hci_dev_unlock(hdev);
3207}
3208
6039aa73
GP		 3209static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3210 struct sk_buff *skb)
a9de9248
MH		 3211{
3212 struct inquiry_data data;
3213 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3214 bool name_known, ssp;
a9de9248
MH		 3215
3216 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3217
3218 if (!num_rsp)
3219 return;
3220
1519cc17
AG		 3221 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3222 return;
3223
a9de9248
MH		 3224 hci_dev_lock(hdev);
3225
3226 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3227 struct inquiry_info_with_rssi_and_pscan_mode *info;
3228 info = (void *) (skb->data + 1);
a9de9248 3229
e17acd40 3230 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3231 bacpy(&data.bdaddr, &info->bdaddr);
3232 data.pscan_rep_mode = info->pscan_rep_mode;
3233 data.pscan_period_mode = info->pscan_period_mode;
3234 data.pscan_mode = info->pscan_mode;
3235 memcpy(data.dev_class, info->dev_class, 3);
3236 data.clock_offset = info->clock_offset;
3237 data.rssi = info->rssi;
41a96212 3238 data.ssp_mode = 0x00;
3175405b
JH		 3239
3240 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3241 false, &ssp);
48264f06 3242 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3243 info->dev_class, info->rssi,
3244 !name_known, ssp, NULL, 0);
a9de9248
MH		 3245 }
3246 } else {
3247 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3248
e17acd40 3249 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3250 bacpy(&data.bdaddr, &info->bdaddr);
3251 data.pscan_rep_mode = info->pscan_rep_mode;
3252 data.pscan_period_mode = info->pscan_period_mode;
3253 data.pscan_mode = 0x00;
3254 memcpy(data.dev_class, info->dev_class, 3);
3255 data.clock_offset = info->clock_offset;
3256 data.rssi = info->rssi;
41a96212 3257 data.ssp_mode = 0x00;
3175405b 3258 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3259 false, &ssp);
48264f06 3260 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3261 info->dev_class, info->rssi,
3262 !name_known, ssp, NULL, 0);
a9de9248
MH		 3263 }
3264 }
3265
3266 hci_dev_unlock(hdev);
3267}
3268
6039aa73
GP		 3269static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3270 struct sk_buff *skb)
a9de9248 3271{
41a96212
MH		 3272 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3273 struct hci_conn *conn;
3274
a9de9248 3275 BT_DBG("%s", hdev->name);
41a96212 3276
41a96212
MH		 3277 hci_dev_lock(hdev);
3278
3279 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3280 if (!conn)
3281 goto unlock;
41a96212 3282
ccd556fe
JH		 3283 if (!ev->status && ev->page == 0x01) {
3284 struct inquiry_entry *ie;
41a96212 3285
cc11b9c1
AE		 3286 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3287 if (ie)
02b7cc62 3288 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3289
02b7cc62 3290 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3291 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3292 }
3293
3294 if (conn->state != BT_CONFIG)
3295 goto unlock;
3296
671267bf 3297 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3298 struct hci_cp_remote_name_req cp;
3299 memset(&cp, 0, sizeof(cp));
3300 bacpy(&cp.bdaddr, &conn->dst);
3301 cp.pscan_rep_mode = 0x02;
3302 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3303 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3304 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3305 conn->dst_type, 0, NULL, 0,
3306 conn->dev_class);
392599b9 3307
127178d2 3308 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3309 conn->state = BT_CONNECTED;
3310 hci_proto_connect_cfm(conn, ev->status);
3311 hci_conn_put(conn);
41a96212
MH		 3312 }
3313
ccd556fe 3314unlock:
41a96212 3315 hci_dev_unlock(hdev);
a9de9248
MH		 3316}
3317
6039aa73
GP		 3318static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3319 struct sk_buff *skb)
a9de9248 3320{
b6a0dc82
MH		 3321 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3322 struct hci_conn *conn;
3323
9f1db00c 3324 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3325
3326 hci_dev_lock(hdev);
3327
3328 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3329 if (!conn) {
3330 if (ev->link_type == ESCO_LINK)
3331 goto unlock;
3332
3333 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3334 if (!conn)
3335 goto unlock;
3336
3337 conn->type = SCO_LINK;
3338 }
b6a0dc82 3339
732547f9
MH		 3340 switch (ev->status) {
3341 case 0x00:
b6a0dc82
MH		 3342 conn->handle = __le16_to_cpu(ev->handle);
3343 conn->state = BT_CONNECTED;
7d0db0a3 3344
9eba32b8 3345 hci_conn_hold_device(conn);
7d0db0a3 3346 hci_conn_add_sysfs(conn);
732547f9
MH		 3347 break;
3348
705e5711 3349 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3350 case 0x1c: /* SCO interval rejected */
1038a00b 3351 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3352 case 0x1f: /* Unspecified error */
3353 if (conn->out && conn->attempt < 2) {
3354 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3355 (hdev->esco_type & EDR_ESCO_MASK);
3356 hci_setup_sync(conn, conn->link->handle);
3357 goto unlock;
3358 }
3359 /* fall through */
3360
3361 default:
b6a0dc82 3362 conn->state = BT_CLOSED;
732547f9
MH		 3363 break;
3364 }
b6a0dc82
MH		 3365
3366 hci_proto_connect_cfm(conn, ev->status);
3367 if (ev->status)
3368 hci_conn_del(conn);
3369
3370unlock:
3371 hci_dev_unlock(hdev);
a9de9248
MH		 3372}
3373
6039aa73 3374static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3375{
3376 BT_DBG("%s", hdev->name);
3377}
3378
6039aa73 3379static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3380{
a9de9248 3381 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3382
9f1db00c 3383 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3384}
3385
6039aa73
GP		 3386static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
1da177e4 3388{
a9de9248
MH		 3389 struct inquiry_data data;
3390 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3391 int num_rsp = *((__u8 *) skb->data);
9d939d94 3392 size_t eir_len;
1da177e4 3393
a9de9248 3394 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3395
a9de9248
MH		 3396 if (!num_rsp)
3397 return;
1da177e4 3398
1519cc17
AG		 3399 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3400 return;
3401
a9de9248
MH		 3402 hci_dev_lock(hdev);
3403
e17acd40 3404 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3405 bool name_known, ssp;
561aafbc 3406
a9de9248 3407 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3408 data.pscan_rep_mode = info->pscan_rep_mode;
3409 data.pscan_period_mode = info->pscan_period_mode;
3410 data.pscan_mode = 0x00;
a9de9248 3411 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3412 data.clock_offset = info->clock_offset;
3413 data.rssi = info->rssi;
41a96212 3414 data.ssp_mode = 0x01;
561aafbc 3415
a8b2d5c2 3416 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3417 name_known = eir_has_data_type(info->data,
04124681
GP		 3418 sizeof(info->data),
3419 EIR_NAME_COMPLETE);
561aafbc
JH		 3420 else
3421 name_known = true;
3422
388fc8fa 3423 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3424 &ssp);
9d939d94 3425 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3426 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3427 info->dev_class, info->rssi, !name_known,
9d939d94 3428 ssp, info->data, eir_len);
a9de9248
MH		 3429 }
3430
3431 hci_dev_unlock(hdev);
3432}
1da177e4 3433
1c2e0041
JH		 3434static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3435 struct sk_buff *skb)
3436{
3437 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3438 struct hci_conn *conn;
3439
9f1db00c 3440 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3441 __le16_to_cpu(ev->handle));
3442
3443 hci_dev_lock(hdev);
3444
3445 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3446 if (!conn)
3447 goto unlock;
3448
3449 if (!ev->status)
3450 conn->sec_level = conn->pending_sec_level;
3451
3452 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3453
3454 if (ev->status && conn->state == BT_CONNECTED) {
3455 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3456 hci_conn_put(conn);
3457 goto unlock;
3458 }
3459
3460 if (conn->state == BT_CONFIG) {
3461 if (!ev->status)
3462 conn->state = BT_CONNECTED;
3463
3464 hci_proto_connect_cfm(conn, ev->status);
3465 hci_conn_put(conn);
3466 } else {
3467 hci_auth_cfm(conn, ev->status);
3468
3469 hci_conn_hold(conn);
3470 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3471 hci_conn_put(conn);
3472 }
3473
3474unlock:
3475 hci_dev_unlock(hdev);
3476}
3477
6039aa73 3478static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3479{
3480 /* If remote requests dedicated bonding follow that lead */
3481 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3482 /* If both remote and local IO capabilities allow MITM
3483 * protection then require it, otherwise don't */
3484 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3485 return 0x02;
3486 else
3487 return 0x03;
3488 }
3489
3490 /* If remote requests no-bonding follow that lead */
3491 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3492 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3493
3494 return conn->auth_type;
3495}
3496
6039aa73 3497static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3498{
3499 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3500 struct hci_conn *conn;
3501
3502 BT_DBG("%s", hdev->name);
3503
3504 hci_dev_lock(hdev);
3505
3506 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3507 if (!conn)
3508 goto unlock;
3509
3510 hci_conn_hold(conn);
3511
a8b2d5c2 3512 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3513 goto unlock;
3514
a8b2d5c2 3515 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3516 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3517 struct hci_cp_io_capability_reply cp;
3518
3519 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3520 /* Change the IO capability from KeyboardDisplay
3521 * to DisplayYesNo as it is not supported by BT spec. */
3522 cp.capability = (conn->io_capability == 0x04) ?
3523 0x01 : conn->io_capability;
7cbc9bd9
JH		 3524 conn->auth_type = hci_get_auth_req(conn);
3525 cp.authentication = conn->auth_type;
17fa4b9d 3526
8fc9ced3
GP		 3527 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3528 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3529 cp.oob_data = 0x01;
3530 else
3531 cp.oob_data = 0x00;
3532
17fa4b9d 3533 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3534 sizeof(cp), &cp);
03b555e1
JH		 3535 } else {
3536 struct hci_cp_io_capability_neg_reply cp;
3537
3538 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3539 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3540
03b555e1 3541 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3542 sizeof(cp), &cp);
03b555e1
JH		 3543 }
3544
3545unlock:
3546 hci_dev_unlock(hdev);
3547}
3548
6039aa73 3549static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3550{
3551 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3552 struct hci_conn *conn;
3553
3554 BT_DBG("%s", hdev->name);
3555
3556 hci_dev_lock(hdev);
3557
3558 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3559 if (!conn)
3560 goto unlock;
3561
03b555e1 3562 conn->remote_cap = ev->capability;
03b555e1 3563 conn->remote_auth = ev->authentication;
58a681ef
JH		 3564 if (ev->oob_data)
3565 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3566
3567unlock:
0493684e
MH		 3568 hci_dev_unlock(hdev);
3569}
3570
6039aa73
GP		 3571static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3572 struct sk_buff *skb)
a5c29683
JH		 3573{
3574 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3575 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3576 struct hci_conn *conn;
a5c29683
JH		 3577
3578 BT_DBG("%s", hdev->name);
3579
3580 hci_dev_lock(hdev);
3581
a8b2d5c2 3582 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3583 goto unlock;
a5c29683 3584
7a828908
JH		 3585 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3586 if (!conn)
3587 goto unlock;
3588
3589 loc_mitm = (conn->auth_type & 0x01);
3590 rem_mitm = (conn->remote_auth & 0x01);
3591
3592 /* If we require MITM but the remote device can't provide that
3593 * (it has NoInputNoOutput) then reject the confirmation
3594 * request. The only exception is when we're dedicated bonding
3595 * initiators (connect_cfm_cb set) since then we always have the MITM
3596 * bit set. */
3597 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3598 BT_DBG("Rejecting request: remote device can't provide MITM");
3599 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3600 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3601 goto unlock;
3602 }
3603
3604 /* If no side requires MITM protection; auto-accept */
3605 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3606 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3607
3608 /* If we're not the initiators request authorization to
3609 * proceed from user space (mgmt_user_confirm with
3610 * confirm_hint set to 1). */
51a8efd7 3611 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3612 BT_DBG("Confirming auto-accept as acceptor");
3613 confirm_hint = 1;
3614 goto confirm;
3615 }
3616
9f61656a 3617 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3618 hdev->auto_accept_delay);
9f61656a
JH		 3619
3620 if (hdev->auto_accept_delay > 0) {
3621 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3622 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3623 goto unlock;
3624 }
3625
7a828908 3626 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3627 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3628 goto unlock;
3629 }
3630
55bc1a37 3631confirm:
272d90df 3632 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3633 confirm_hint);
7a828908
JH		 3634
3635unlock:
a5c29683
JH		 3636 hci_dev_unlock(hdev);
3637}
3638
6039aa73
GP		 3639static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3640 struct sk_buff *skb)
1143d458
BG		 3641{
3642 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3643
3644 BT_DBG("%s", hdev->name);
3645
a8b2d5c2 3646 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3647 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3648}
3649
92a25256
JH		 3650static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3651 struct sk_buff *skb)
3652{
3653 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3654 struct hci_conn *conn;
3655
3656 BT_DBG("%s", hdev->name);
3657
3658 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3659 if (!conn)
3660 return;
3661
3662 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3663 conn->passkey_entered = 0;
3664
3665 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3666 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3667 conn->dst_type, conn->passkey_notify,
3668 conn->passkey_entered);
3669}
3670
3671static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3672{
3673 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3674 struct hci_conn *conn;
3675
3676 BT_DBG("%s", hdev->name);
3677
3678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3679 if (!conn)
3680 return;
3681
3682 switch (ev->type) {
3683 case HCI_KEYPRESS_STARTED:
3684 conn->passkey_entered = 0;
3685 return;
3686
3687 case HCI_KEYPRESS_ENTERED:
3688 conn->passkey_entered++;
3689 break;
3690
3691 case HCI_KEYPRESS_ERASED:
3692 conn->passkey_entered--;
3693 break;
3694
3695 case HCI_KEYPRESS_CLEARED:
3696 conn->passkey_entered = 0;
3697 break;
3698
3699 case HCI_KEYPRESS_COMPLETED:
3700 return;
3701 }
3702
3703 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3704 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3705 conn->dst_type, conn->passkey_notify,
3706 conn->passkey_entered);
3707}
3708
6039aa73
GP		 3709static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3710 struct sk_buff *skb)
0493684e
MH		 3711{
3712 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3713 struct hci_conn *conn;
3714
3715 BT_DBG("%s", hdev->name);
3716
3717 hci_dev_lock(hdev);
3718
3719 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3720 if (!conn)
3721 goto unlock;
3722
3723 /* To avoid duplicate auth_failed events to user space we check
3724 * the HCI_CONN_AUTH_PEND flag which will be set if we
3725 * initiated the authentication. A traditional auth_complete
3726 * event gets always produced as initiator and is also mapped to
3727 * the mgmt_auth_failed event */
fa1bd918 3728 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3729 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3730 ev->status);
0493684e 3731
2a611692
JH		 3732 hci_conn_put(conn);
3733
3734unlock:
0493684e
MH		 3735 hci_dev_unlock(hdev);
3736}
3737
6039aa73
GP		 3738static void hci_remote_host_features_evt(struct hci_dev *hdev,
3739 struct sk_buff *skb)
41a96212
MH		 3740{
3741 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3742 struct inquiry_entry *ie;
3743
3744 BT_DBG("%s", hdev->name);
3745
3746 hci_dev_lock(hdev);
3747
cc11b9c1
AE		 3748 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3749 if (ie)
02b7cc62 3750 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3751
3752 hci_dev_unlock(hdev);
3753}
3754
6039aa73
GP		 3755static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3756 struct sk_buff *skb)
2763eda6
SJ		 3757{
3758 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3759 struct oob_data *data;
3760
3761 BT_DBG("%s", hdev->name);
3762
3763 hci_dev_lock(hdev);
3764
a8b2d5c2 3765 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3766 goto unlock;
3767
2763eda6
SJ		 3768 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3769 if (data) {
3770 struct hci_cp_remote_oob_data_reply cp;
3771
3772 bacpy(&cp.bdaddr, &ev->bdaddr);
3773 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3774 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3775
3776 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3777 &cp);
2763eda6
SJ		 3778 } else {
3779 struct hci_cp_remote_oob_data_neg_reply cp;
3780
3781 bacpy(&cp.bdaddr, &ev->bdaddr);
3782 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3783 &cp);
2763eda6
SJ		 3784 }
3785
e1ba1f15 3786unlock:
2763eda6
SJ		 3787 hci_dev_unlock(hdev);
3788}
3789
d5e91192
AE		 3790static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3791 struct sk_buff *skb)
3792{
3793 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3794 struct hci_conn *hcon, *bredr_hcon;
3795
3796 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3797 ev->status);
3798
3799 hci_dev_lock(hdev);
3800
3801 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3802 if (!hcon) {
3803 hci_dev_unlock(hdev);
3804 return;
3805 }
3806
3807 if (ev->status) {
3808 hci_conn_del(hcon);
3809 hci_dev_unlock(hdev);
3810 return;
3811 }
3812
3813 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3814
3815 hcon->state = BT_CONNECTED;
3816 bacpy(&hcon->dst, &bredr_hcon->dst);
3817
3818 hci_conn_hold(hcon);
3819 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3820 hci_conn_put(hcon);
3821
3822 hci_conn_hold_device(hcon);
3823 hci_conn_add_sysfs(hcon);
3824
cf70ff22 3825 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3826
cf70ff22 3827 hci_dev_unlock(hdev);
d5e91192
AE		 3828}
3829
27695fb4
AE		 3830static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3831{
3832 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3833 struct hci_conn *hcon;
3834 struct hci_chan *hchan;
3835 struct amp_mgr *mgr;
3836
3837 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3838 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3839 ev->status);
3840
3841 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3842 if (!hcon)
3843 return;
3844
3845 /* Create AMP hchan */
3846 hchan = hci_chan_create(hcon);
3847 if (!hchan)
3848 return;
3849
3850 hchan->handle = le16_to_cpu(ev->handle);
3851
3852 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3853
3854 mgr = hcon->amp_mgr;
3855 if (mgr && mgr->bredr_chan) {
3856 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3857
3858 l2cap_chan_lock(bredr_chan);
3859
3860 bredr_chan->conn->mtu = hdev->block_mtu;
3861 l2cap_logical_cfm(bredr_chan, hchan, 0);
3862 hci_conn_hold(hcon);
3863
3864 l2cap_chan_unlock(bredr_chan);
3865 }
3866}
3867
606e2a10
AE		 3868static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3869 struct sk_buff *skb)
3870{
3871 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3872 struct hci_chan *hchan;
3873
3874 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3875 le16_to_cpu(ev->handle), ev->status);
3876
3877 if (ev->status)
3878 return;
3879
3880 hci_dev_lock(hdev);
3881
3882 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3883 if (!hchan)
3884 goto unlock;
3885
3886 amp_destroy_logical_link(hchan, ev->reason);
3887
3888unlock:
3889 hci_dev_unlock(hdev);
3890}
3891
9eef6b3a
AE		 3892static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3893 struct sk_buff *skb)
3894{
3895 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3896 struct hci_conn *hcon;
3897
3898 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3899
3900 if (ev->status)
3901 return;
3902
3903 hci_dev_lock(hdev);
3904
3905 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3906 if (hcon) {
3907 hcon->state = BT_CLOSED;
3908 hci_conn_del(hcon);
3909 }
3910
3911 hci_dev_unlock(hdev);
3912}
3913
6039aa73 3914static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3915{
3916 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3917 struct hci_conn *conn;
3918
9f1db00c 3919 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3920
3921 hci_dev_lock(hdev);
3922
b47a09b3 3923 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3924 if (!conn) {
3925 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3926 if (!conn) {
3927 BT_ERR("No memory for new connection");
230fd16a 3928 goto unlock;
b62f328b 3929 }
29b7988a
AG		 3930
3931 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3932
3933 if (ev->role == LE_CONN_ROLE_MASTER) {
3934 conn->out = true;
3935 conn->link_mode |= HCI_LM_MASTER;
3936 }
b62f328b 3937 }
fcd89c09 3938
cd17decb
AG		 3939 if (ev->status) {
3940 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3941 conn->dst_type, ev->status);
3942 hci_proto_connect_cfm(conn, ev->status);
3943 conn->state = BT_CLOSED;
3944 hci_conn_del(conn);
3945 goto unlock;
3946 }
3947
b644ba33
JH		 3948 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3949 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3950 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3951
7b5c0d52 3952 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3953 conn->handle = __le16_to_cpu(ev->handle);
3954 conn->state = BT_CONNECTED;
3955
3956 hci_conn_hold_device(conn);
3957 hci_conn_add_sysfs(conn);
3958
3959 hci_proto_connect_cfm(conn, ev->status);
3960
3961unlock:
3962 hci_dev_unlock(hdev);
3963}
3964
6039aa73 3965static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3966{
e95beb41
AG		 3967 u8 num_reports = skb->data[0];
3968 void *ptr = &skb->data[1];
3c9e9195 3969 s8 rssi;
9aa04c91
AG		 3970
3971 hci_dev_lock(hdev);
3972
e95beb41
AG		 3973 while (num_reports--) {
3974 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3975
3c9e9195
AG		 3976 rssi = ev->data[ev->length];
3977 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3978 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3979
e95beb41 3980 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3981 }
3982
3983 hci_dev_unlock(hdev);
3984}
3985
6039aa73 3986static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3987{
3988 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3989 struct hci_cp_le_ltk_reply cp;
bea710fe 3990 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3991 struct hci_conn *conn;
c9839a11 3992 struct smp_ltk *ltk;
a7a595f6 3993
9f1db00c 3994 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3995
3996 hci_dev_lock(hdev);
3997
3998 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3999 if (conn == NULL)
4000 goto not_found;
a7a595f6 4001
bea710fe
VCG		 4002 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
4003 if (ltk == NULL)
4004 goto not_found;
4005
4006 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4007 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4008
4009 if (ltk->authenticated)
4010 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 4011
4012 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4013
c9839a11
VCG		 4014 if (ltk->type & HCI_SMP_STK) {
4015 list_del(&ltk->list);
4016 kfree(ltk);
4017 }
4018
a7a595f6 4019 hci_dev_unlock(hdev);
bea710fe
VCG		 4020
4021 return;
4022
4023not_found:
4024 neg.handle = ev->handle;
4025 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4026 hci_dev_unlock(hdev);
a7a595f6
VCG		 4027}
4028
6039aa73 4029static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4030{
4031 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4032
4033 skb_pull(skb, sizeof(*le_ev));
4034
4035 switch (le_ev->subevent) {
4036 case HCI_EV_LE_CONN_COMPLETE:
4037 hci_le_conn_complete_evt(hdev, skb);
4038 break;
4039
9aa04c91
AG		 4040 case HCI_EV_LE_ADVERTISING_REPORT:
4041 hci_le_adv_report_evt(hdev, skb);
4042 break;
4043
a7a595f6
VCG		 4044 case HCI_EV_LE_LTK_REQ:
4045 hci_le_ltk_request_evt(hdev, skb);
4046 break;
4047
fcd89c09
VT		 4048 default:
4049 break;
4050 }
4051}
4052
9495b2ee
AE		 4053static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4054{
4055 struct hci_ev_channel_selected *ev = (void *) skb->data;
4056 struct hci_conn *hcon;
4057
4058 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4059
4060 skb_pull(skb, sizeof(*ev));
4061
4062 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4063 if (!hcon)
4064 return;
4065
4066 amp_read_loc_assoc_final_data(hdev, hcon);
4067}
4068
a9de9248
MH		 4069void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4070{
4071 struct hci_event_hdr *hdr = (void *) skb->data;
4072 __u8 event = hdr->evt;
4073
4074 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4075
4076 switch (event) {
1da177e4
LT		 4077 case HCI_EV_INQUIRY_COMPLETE:
4078 hci_inquiry_complete_evt(hdev, skb);
4079 break;
4080
4081 case HCI_EV_INQUIRY_RESULT:
4082 hci_inquiry_result_evt(hdev, skb);
4083 break;
4084
a9de9248
MH		 4085 case HCI_EV_CONN_COMPLETE:
4086 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4087 break;
4088
1da177e4
LT		 4089 case HCI_EV_CONN_REQUEST:
4090 hci_conn_request_evt(hdev, skb);
4091 break;
4092
1da177e4
LT		 4093 case HCI_EV_DISCONN_COMPLETE:
4094 hci_disconn_complete_evt(hdev, skb);
4095 break;
4096
1da177e4
LT		 4097 case HCI_EV_AUTH_COMPLETE:
4098 hci_auth_complete_evt(hdev, skb);
4099 break;
4100
a9de9248
MH		 4101 case HCI_EV_REMOTE_NAME:
4102 hci_remote_name_evt(hdev, skb);
4103 break;
4104
1da177e4
LT		 4105 case HCI_EV_ENCRYPT_CHANGE:
4106 hci_encrypt_change_evt(hdev, skb);
4107 break;
4108
a9de9248
MH		 4109 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4110 hci_change_link_key_complete_evt(hdev, skb);
4111 break;
4112
4113 case HCI_EV_REMOTE_FEATURES:
4114 hci_remote_features_evt(hdev, skb);
4115 break;
4116
4117 case HCI_EV_REMOTE_VERSION:
4118 hci_remote_version_evt(hdev, skb);
4119 break;
4120
4121 case HCI_EV_QOS_SETUP_COMPLETE:
4122 hci_qos_setup_complete_evt(hdev, skb);
4123 break;
4124
4125 case HCI_EV_CMD_COMPLETE:
4126 hci_cmd_complete_evt(hdev, skb);
4127 break;
4128
4129 case HCI_EV_CMD_STATUS:
4130 hci_cmd_status_evt(hdev, skb);
4131 break;
4132
4133 case HCI_EV_ROLE_CHANGE:
4134 hci_role_change_evt(hdev, skb);
4135 break;
4136
4137 case HCI_EV_NUM_COMP_PKTS:
4138 hci_num_comp_pkts_evt(hdev, skb);
4139 break;
4140
4141 case HCI_EV_MODE_CHANGE:
4142 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4143 break;
4144
4145 case HCI_EV_PIN_CODE_REQ:
4146 hci_pin_code_request_evt(hdev, skb);
4147 break;
4148
4149 case HCI_EV_LINK_KEY_REQ:
4150 hci_link_key_request_evt(hdev, skb);
4151 break;
4152
4153 case HCI_EV_LINK_KEY_NOTIFY:
4154 hci_link_key_notify_evt(hdev, skb);
4155 break;
4156
4157 case HCI_EV_CLOCK_OFFSET:
4158 hci_clock_offset_evt(hdev, skb);
4159 break;
4160
a8746417
MH		 4161 case HCI_EV_PKT_TYPE_CHANGE:
4162 hci_pkt_type_change_evt(hdev, skb);
4163 break;
4164
85a1e930
MH		 4165 case HCI_EV_PSCAN_REP_MODE:
4166 hci_pscan_rep_mode_evt(hdev, skb);
4167 break;
4168
a9de9248
MH		 4169 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4170 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4171 break;
4172
a9de9248
MH		 4173 case HCI_EV_REMOTE_EXT_FEATURES:
4174 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4175 break;
4176
a9de9248
MH		 4177 case HCI_EV_SYNC_CONN_COMPLETE:
4178 hci_sync_conn_complete_evt(hdev, skb);
4179 break;
1da177e4 4180
a9de9248
MH		 4181 case HCI_EV_SYNC_CONN_CHANGED:
4182 hci_sync_conn_changed_evt(hdev, skb);
4183 break;
1da177e4 4184
a9de9248
MH		 4185 case HCI_EV_SNIFF_SUBRATE:
4186 hci_sniff_subrate_evt(hdev, skb);
4187 break;
1da177e4 4188
a9de9248
MH		 4189 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4190 hci_extended_inquiry_result_evt(hdev, skb);
4191 break;
1da177e4 4192
1c2e0041
JH		 4193 case HCI_EV_KEY_REFRESH_COMPLETE:
4194 hci_key_refresh_complete_evt(hdev, skb);
4195 break;
4196
0493684e
MH		 4197 case HCI_EV_IO_CAPA_REQUEST:
4198 hci_io_capa_request_evt(hdev, skb);
4199 break;
4200
03b555e1
JH		 4201 case HCI_EV_IO_CAPA_REPLY:
4202 hci_io_capa_reply_evt(hdev, skb);
4203 break;
4204
a5c29683
JH		 4205 case HCI_EV_USER_CONFIRM_REQUEST:
4206 hci_user_confirm_request_evt(hdev, skb);
4207 break;
4208
1143d458
BG		 4209 case HCI_EV_USER_PASSKEY_REQUEST:
4210 hci_user_passkey_request_evt(hdev, skb);
4211 break;
4212
92a25256
JH		 4213 case HCI_EV_USER_PASSKEY_NOTIFY:
4214 hci_user_passkey_notify_evt(hdev, skb);
4215 break;
4216
4217 case HCI_EV_KEYPRESS_NOTIFY:
4218 hci_keypress_notify_evt(hdev, skb);
4219 break;
4220
0493684e
MH		 4221 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4222 hci_simple_pair_complete_evt(hdev, skb);
4223 break;
4224
41a96212
MH		 4225 case HCI_EV_REMOTE_HOST_FEATURES:
4226 hci_remote_host_features_evt(hdev, skb);
4227 break;
4228
fcd89c09
VT		 4229 case HCI_EV_LE_META:
4230 hci_le_meta_evt(hdev, skb);
4231 break;
4232
9495b2ee
AE		 4233 case HCI_EV_CHANNEL_SELECTED:
4234 hci_chan_selected_evt(hdev, skb);
4235 break;
4236
2763eda6
SJ		 4237 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4238 hci_remote_oob_data_request_evt(hdev, skb);
4239 break;
4240
d5e91192
AE		 4241 case HCI_EV_PHY_LINK_COMPLETE:
4242 hci_phy_link_complete_evt(hdev, skb);
4243 break;
4244
27695fb4
AE		 4245 case HCI_EV_LOGICAL_LINK_COMPLETE:
4246 hci_loglink_complete_evt(hdev, skb);
4247 break;
4248
606e2a10
AE		 4249 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4250 hci_disconn_loglink_complete_evt(hdev, skb);
4251 break;
4252
9eef6b3a
AE		 4253 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4254 hci_disconn_phylink_complete_evt(hdev, skb);
4255 break;
4256
25e89e99
AE		 4257 case HCI_EV_NUM_COMP_BLOCKS:
4258 hci_num_comp_blocks_evt(hdev, skb);
4259 break;
4260
a9de9248 4261 default:
9f1db00c 4262 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4263 break;
4264 }
4265
4266 kfree_skb(skb);
4267 hdev->stat.evt_rx++;
4268}
Linux kernel - Deliverables
This page took 1.441491 seconds and 5 git commands to generate.