projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: AMP: Process Physical Link Complete evt
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
8e2a0d92 33#include <net/bluetooth/a2mp.h>
903e4541 34#include <net/bluetooth/amp.h>
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
e6d465cb
AG		 44 if (status) {
45 hci_dev_lock(hdev);
46 mgmt_stop_discovery_failed(hdev, status);
47 hci_dev_unlock(hdev);
a9de9248 48 return;
e6d465cb 49 }
1da177e4 50
89352e7d
AG		 51 clear_bit(HCI_INQUIRY, &hdev->flags);
52
56e5cb86 53 hci_dev_lock(hdev);
ff9ef578 54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 55 hci_dev_unlock(hdev);
6bd57416 56
23bb5763 57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 58
59 hci_conn_check_pending(hdev);
60}
6bd57416 61
4d93483b
AG		 62static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63{
64 __u8 status = *((__u8 *) skb->data);
65
9f1db00c 66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 67
68 if (status)
69 return;
70
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 72}
73
a9de9248
MH		 74static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75{
76 __u8 status = *((__u8 *) skb->data);
6bd57416 77
9f1db00c 78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 79
a9de9248
MH		 80 if (status)
81 return;
1da177e4 82
ae854a70
AG		 83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84
a9de9248
MH		 85 hci_conn_check_pending(hdev);
86}
87
807deac2
GP		 88static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
89 struct sk_buff *skb)
a9de9248
MH		 90{
91 BT_DBG("%s", hdev->name);
92}
93
94static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95{
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
98
9f1db00c 99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 100
101 if (rp->status)
102 return;
103
104 hci_dev_lock(hdev);
105
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
107 if (conn) {
108 if (rp->role)
109 conn->link_mode &= ~HCI_LM_MASTER;
110 else
111 conn->link_mode |= HCI_LM_MASTER;
1da177e4 112 }
a9de9248
MH		 113
114 hci_dev_unlock(hdev);
1da177e4
LT		 115}
116
e4e8e37c
MH		 117static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118{
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
121
9f1db00c 122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 123
124 if (rp->status)
125 return;
126
127 hci_dev_lock(hdev);
128
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 if (conn)
131 conn->link_policy = __le16_to_cpu(rp->policy);
132
133 hci_dev_unlock(hdev);
134}
135
a9de9248 136static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 137{
a9de9248 138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 139 struct hci_conn *conn;
04837f64 140 void *sent;
1da177e4 141
9f1db00c 142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 143
a9de9248
MH		 144 if (rp->status)
145 return;
1da177e4 146
a9de9248
MH		 147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 if (!sent)
149 return;
1da177e4 150
a9de9248 151 hci_dev_lock(hdev);
1da177e4 152
a9de9248 153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 154 if (conn)
83985319 155 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 156
a9de9248
MH		 157 hci_dev_unlock(hdev);
158}
1da177e4 159
807deac2
GP		 160static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
161 struct sk_buff *skb)
e4e8e37c
MH		 162{
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164
9f1db00c 165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 166
167 if (rp->status)
168 return;
169
170 hdev->link_policy = __le16_to_cpu(rp->policy);
171}
172
807deac2
GP		 173static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
174 struct sk_buff *skb)
e4e8e37c
MH		 175{
176 __u8 status = *((__u8 *) skb->data);
177 void *sent;
178
9f1db00c 179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 180
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
185 if (!status)
186 hdev->link_policy = get_unaligned_le16(sent);
187
23bb5763 188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 189}
190
a9de9248
MH		 191static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
192{
193 __u8 status = *((__u8 *) skb->data);
04837f64 194
9f1db00c 195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 196
10572132
GP		 197 clear_bit(HCI_RESET, &hdev->flags);
198
23bb5763 199 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 200
a297e97c 201 /* Reset all non-persistent flags */
ae854a70
AG		 202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 204
205 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 206}
04837f64 207
a9de9248
MH		 208static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209{
210 __u8 status = *((__u8 *) skb->data);
211 void *sent;
04837f64 212
9f1db00c 213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 214
a9de9248
MH		 215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (!sent)
217 return;
04837f64 218
56e5cb86
JH		 219 hci_dev_lock(hdev);
220
f51d5b24
JH		 221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 223 else if (!status)
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 225
56e5cb86 226 hci_dev_unlock(hdev);
3159d384
JH		 227
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 229}
230
231static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
232{
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
234
9f1db00c 235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 236
237 if (rp->status)
238 return;
239
db99b5fc
JH		 240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 242}
243
244static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
245{
246 __u8 status = *((__u8 *) skb->data);
247 void *sent;
248
9f1db00c 249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 250
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
252 if (!sent)
253 return;
254
255 if (!status) {
256 __u8 param = *((__u8 *) sent);
257
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
260 else
261 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 262 }
a9de9248 263
33ef95ed
JH		 264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
266
23bb5763 267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 268}
269
a9de9248 270static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 271{
a9de9248 272 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 273 void *sent;
274
9f1db00c 275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 276
a9de9248
MH		 277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
278 if (!sent)
279 return;
1da177e4 280
a9de9248
MH		 281 if (!status) {
282 __u8 param = *((__u8 *) sent);
283
284 if (param)
285 set_bit(HCI_ENCRYPT, &hdev->flags);
286 else
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
288 }
1da177e4 289
23bb5763 290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 291}
1da177e4 292
a9de9248
MH		 293static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
294{
36f7fc7e
JH		 295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
a9de9248 297 void *sent;
1da177e4 298
9f1db00c 299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 300
a9de9248
MH		 301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 if (!sent)
303 return;
1da177e4 304
36f7fc7e
JH		 305 param = *((__u8 *) sent);
306
56e5cb86
JH		 307 hci_dev_lock(hdev);
308
fa1bd918 309 if (status) {
744cf19e 310 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 311 hdev->discov_timeout = 0;
312 goto done;
313 }
314
36f7fc7e
JH		 315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
317
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
320 if (!old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 325 to);
16ab91ab 326 }
36f7fc7e 327 } else if (old_iscan)
744cf19e 328 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 329
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
332 if (!old_pscan)
744cf19e 333 mgmt_connectable(hdev, 1);
36f7fc7e 334 } else if (old_pscan)
744cf19e 335 mgmt_connectable(hdev, 0);
1da177e4 336
36f7fc7e 337done:
56e5cb86 338 hci_dev_unlock(hdev);
23bb5763 339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 340}
1da177e4 341
a9de9248
MH		 342static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343{
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 345
9f1db00c 346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 347
a9de9248
MH		 348 if (rp->status)
349 return;
1da177e4 350
a9de9248 351 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 352
a9de9248 353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 355}
1da177e4 356
a9de9248
MH		 357static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
358{
359 __u8 status = *((__u8 *) skb->data);
360 void *sent;
1da177e4 361
9f1db00c 362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 363
a9de9248
MH		 364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
365 if (!sent)
366 return;
1da177e4 367
7f9a903c
MH		 368 hci_dev_lock(hdev);
369
370 if (status == 0)
371 memcpy(hdev->dev_class, sent, 3);
372
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
375
376 hci_dev_unlock(hdev);
a9de9248 377}
1da177e4 378
a9de9248
MH		 379static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
380{
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
382 __u16 setting;
383
9f1db00c 384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 385
386 if (rp->status)
387 return;
388
389 setting = __le16_to_cpu(rp->voice_setting);
390
f383f275 391 if (hdev->voice_setting == setting)
a9de9248
MH		 392 return;
393
394 hdev->voice_setting = setting;
395
9f1db00c 396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 397
3c54711c 398 if (hdev->notify)
a9de9248 399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 400}
401
8fc9ced3
GP		 402static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 struct sk_buff *skb)
a9de9248
MH		 404{
405 __u8 status = *((__u8 *) skb->data);
f383f275 406 __u16 setting;
a9de9248
MH		 407 void *sent;
408
9f1db00c 409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 410
f383f275
MH		 411 if (status)
412 return;
413
a9de9248
MH		 414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 if (!sent)
416 return;
1da177e4 417
f383f275 418 setting = get_unaligned_le16(sent);
1da177e4 419
f383f275
MH		 420 if (hdev->voice_setting == setting)
421 return;
422
423 hdev->voice_setting = setting;
1da177e4 424
9f1db00c 425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 426
3c54711c 427 if (hdev->notify)
f383f275 428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 429}
430
a9de9248 431static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 432{
a9de9248 433 __u8 status = *((__u8 *) skb->data);
1da177e4 434
9f1db00c 435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 436
23bb5763 437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 438}
1143e5a6 439
333140b5
MH		 440static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441{
442 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 443 struct hci_cp_write_ssp_mode *sent;
333140b5 444
9f1db00c 445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 446
333140b5
MH		 447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (!sent)
449 return;
450
5ed8eb2f
JH		 451 if (!status) {
452 if (sent->mode)
453 hdev->host_features[0] |= LMP_HOST_SSP;
454 else
455 hdev->host_features[0] &= ~LMP_HOST_SSP;
456 }
457
ed2c4ee3 458 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 459 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 460 else if (!status) {
5ed8eb2f 461 if (sent->mode)
c0ecddc2
JH		 462 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 else
464 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
465 }
333140b5
MH		 466}
467
d5859e22
JH		 468static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
469{
976eb20e 470 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 471 return 2;
472
976eb20e 473 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 474 return 1;
475
476 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 477 hdev->lmp_subver == 0x0757)
d5859e22
JH		 478 return 1;
479
480 if (hdev->manufacturer == 15) {
481 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
482 return 1;
483 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
484 return 1;
485 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
486 return 1;
487 }
488
489 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 490 hdev->lmp_subver == 0x1805)
d5859e22
JH		 491 return 1;
492
493 return 0;
494}
495
496static void hci_setup_inquiry_mode(struct hci_dev *hdev)
497{
498 u8 mode;
499
500 mode = hci_get_inquiry_mode(hdev);
501
502 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
503}
504
505static void hci_setup_event_mask(struct hci_dev *hdev)
506{
507 /* The second byte is 0xff instead of 0x9f (two reserved bits
508 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
509 * command otherwise */
510 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
511
6de6c18d
VT		 512 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
513 * any event mask for pre 1.2 devices */
5a13b095 514 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 515 return;
516
e1171e8d
JH		 517 if (lmp_bredr_capable(hdev)) {
518 events[4] |= 0x01; /* Flow Specification Complete */
519 events[4] |= 0x02; /* Inquiry Result with RSSI */
520 events[4] |= 0x04; /* Read Remote Extended Features Complete */
521 events[5] |= 0x08; /* Synchronous Connection Complete */
522 events[5] |= 0x10; /* Synchronous Connection Changed */
523 }
d5859e22 524
976eb20e 525 if (lmp_inq_rssi_capable(hdev))
a24299e6 526 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 527
999dcd10 528 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 529 events[5] |= 0x20; /* Sniff Subrating */
530
976eb20e 531 if (lmp_pause_enc_capable(hdev))
d5859e22
JH		 532 events[5] |= 0x80; /* Encryption Key Refresh Complete */
533
976eb20e 534 if (lmp_ext_inq_capable(hdev))
d5859e22
JH		 535 events[5] |= 0x40; /* Extended Inquiry Result */
536
c58e810e 537 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 538 events[7] |= 0x01; /* Enhanced Flush Complete */
539
976eb20e 540 if (lmp_lsto_capable(hdev))
d5859e22
JH		 541 events[6] |= 0x80; /* Link Supervision Timeout Changed */
542
9a1a1996 543 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 544 events[6] |= 0x01; /* IO Capability Request */
545 events[6] |= 0x02; /* IO Capability Response */
546 events[6] |= 0x04; /* User Confirmation Request */
547 events[6] |= 0x08; /* User Passkey Request */
548 events[6] |= 0x10; /* Remote OOB Data Request */
549 events[6] |= 0x20; /* Simple Pairing Complete */
550 events[7] |= 0x04; /* User Passkey Notification */
551 events[7] |= 0x08; /* Keypress Notification */
552 events[7] |= 0x10; /* Remote Host Supported
553 * Features Notification */
554 }
555
c383ddc4 556 if (lmp_le_capable(hdev))
d5859e22
JH		 557 events[7] |= 0x20; /* LE Meta-Event */
558
559 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
e36b04c8
JH		 560
561 if (lmp_le_capable(hdev)) {
562 memset(events, 0, sizeof(events));
563 events[0] = 0x1f;
564 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
565 sizeof(events), events);
566 }
d5859e22
JH		 567}
568
4611dfa8 569static void bredr_setup(struct hci_dev *hdev)
e1171e8d
JH		 570{
571 struct hci_cp_delete_stored_link_key cp;
572 __le16 param;
573 __u8 flt_type;
574
575 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
576 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
577
578 /* Read Class of Device */
579 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
580
581 /* Read Local Name */
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
583
584 /* Read Voice Setting */
585 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
586
587 /* Clear Event Filters */
588 flt_type = HCI_FLT_CLEAR_ALL;
589 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
590
591 /* Connection accept timeout ~20 secs */
592 param = __constant_cpu_to_le16(0x7d00);
593 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
594
595 bacpy(&cp.bdaddr, BDADDR_ANY);
596 cp.delete_all = 1;
597 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
598}
599
4611dfa8 600static void le_setup(struct hci_dev *hdev)
e1171e8d
JH		 601{
602 /* Read LE Buffer Size */
603 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
8fa19098
JH		 604
605 /* Read LE Advertising Channel TX Power */
606 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
e1171e8d
JH		 607}
608
d5859e22
JH		 609static void hci_setup(struct hci_dev *hdev)
610{
e61ef499
AE		 611 if (hdev->dev_type != HCI_BREDR)
612 return;
613
e1171e8d
JH		 614 /* Read BD Address */
615 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
616
617 if (lmp_bredr_capable(hdev))
4611dfa8 618 bredr_setup(hdev);
e1171e8d
JH		 619
620 if (lmp_le_capable(hdev))
4611dfa8 621 le_setup(hdev);
e1171e8d 622
d5859e22
JH		 623 hci_setup_event_mask(hdev);
624
d095c1eb 625 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 626 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
627
6d3c730f 628 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 629 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
630 u8 mode = 0x01;
631 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 632 sizeof(mode), &mode);
54d04dbb
JH		 633 } else {
634 struct hci_cp_write_eir cp;
635
636 memset(hdev->eir, 0, sizeof(hdev->eir));
637 memset(&cp, 0, sizeof(cp));
638
639 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
640 }
d5859e22
JH		 641 }
642
976eb20e 643 if (lmp_inq_rssi_capable(hdev))
d5859e22
JH		 644 hci_setup_inquiry_mode(hdev);
645
976eb20e 646 if (lmp_inq_tx_pwr_capable(hdev))
d5859e22 647 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b 648
976eb20e 649 if (lmp_ext_feat_capable(hdev)) {
971e3a4b
AG		 650 struct hci_cp_read_local_ext_features cp;
651
652 cp.page = 0x01;
04124681
GP		 653 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
654 &cp);
971e3a4b 655 }
e6100a25 656
47990ea0
JH		 657 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
658 u8 enable = 1;
04124681
GP		 659 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
660 &enable);
47990ea0 661 }
d5859e22
JH		 662}
663
a9de9248
MH		 664static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
665{
666 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 667
9f1db00c 668 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 669
a9de9248 670 if (rp->status)
28b8df77 671 goto done;
1143e5a6 672
a9de9248 673 hdev->hci_ver = rp->hci_ver;
e4e8e37c 674 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 675 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 676 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 677 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 678
9f1db00c 679 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 680 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 681
682 if (test_bit(HCI_INIT, &hdev->flags))
683 hci_setup(hdev);
28b8df77
AE		 684
685done:
686 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 687}
688
689static void hci_setup_link_policy(struct hci_dev *hdev)
690{
035100c8 691 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 692 u16 link_policy = 0;
693
9f92ebf6 694 if (lmp_rswitch_capable(hdev))
d5859e22 695 link_policy |= HCI_LP_RSWITCH;
976eb20e 696 if (lmp_hold_capable(hdev))
d5859e22 697 link_policy |= HCI_LP_HOLD;
6eded100 698 if (lmp_sniff_capable(hdev))
d5859e22 699 link_policy |= HCI_LP_SNIFF;
976eb20e 700 if (lmp_park_capable(hdev))
d5859e22
JH		 701 link_policy |= HCI_LP_PARK;
702
035100c8
AE		 703 cp.policy = cpu_to_le16(link_policy);
704 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 705}
1da177e4 706
8fc9ced3
GP		 707static void hci_cc_read_local_commands(struct hci_dev *hdev,
708 struct sk_buff *skb)
a9de9248
MH		 709{
710 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 711
9f1db00c 712 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 713
a9de9248 714 if (rp->status)
d5859e22 715 goto done;
1da177e4 716
a9de9248 717 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 718
719 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
720 hci_setup_link_policy(hdev);
721
722done:
723 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 724}
1da177e4 725
8fc9ced3
GP		 726static void hci_cc_read_local_features(struct hci_dev *hdev,
727 struct sk_buff *skb)
a9de9248
MH		 728{
729 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 730
9f1db00c 731 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 732
a9de9248
MH		 733 if (rp->status)
734 return;
5b7f9909 735
a9de9248 736 memcpy(hdev->features, rp->features, 8);
5b7f9909 737
a9de9248
MH		 738 /* Adjust default settings according to features
739 * supported by device. */
1da177e4 740
a9de9248
MH		 741 if (hdev->features[0] & LMP_3SLOT)
742 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 743
a9de9248
MH		 744 if (hdev->features[0] & LMP_5SLOT)
745 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 746
a9de9248
MH		 747 if (hdev->features[1] & LMP_HV2) {
748 hdev->pkt_type |= (HCI_HV2);
749 hdev->esco_type |= (ESCO_HV2);
750 }
1da177e4 751
a9de9248
MH		 752 if (hdev->features[1] & LMP_HV3) {
753 hdev->pkt_type |= (HCI_HV3);
754 hdev->esco_type |= (ESCO_HV3);
755 }
1da177e4 756
45db810f 757 if (lmp_esco_capable(hdev))
a9de9248 758 hdev->esco_type |= (ESCO_EV3);
da1f5198 759
a9de9248
MH		 760 if (hdev->features[4] & LMP_EV4)
761 hdev->esco_type |= (ESCO_EV4);
da1f5198 762
a9de9248
MH		 763 if (hdev->features[4] & LMP_EV5)
764 hdev->esco_type |= (ESCO_EV5);
1da177e4 765
efc7688b
MH		 766 if (hdev->features[5] & LMP_EDR_ESCO_2M)
767 hdev->esco_type |= (ESCO_2EV3);
768
769 if (hdev->features[5] & LMP_EDR_ESCO_3M)
770 hdev->esco_type |= (ESCO_3EV3);
771
772 if (hdev->features[5] & LMP_EDR_3S_ESCO)
773 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
774
a9de9248 775 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 776 hdev->features[0], hdev->features[1],
777 hdev->features[2], hdev->features[3],
778 hdev->features[4], hdev->features[5],
779 hdev->features[6], hdev->features[7]);
a9de9248 780}
1da177e4 781
8f984dfa
JH		 782static void hci_set_le_support(struct hci_dev *hdev)
783{
784 struct hci_cp_write_le_host_supported cp;
785
786 memset(&cp, 0, sizeof(cp));
787
9d42820f 788 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa 789 cp.le = 1;
976eb20e 790 cp.simul = !!lmp_le_br_capable(hdev);
8f984dfa
JH		 791 }
792
976eb20e 793 if (cp.le != !!lmp_host_le_capable(hdev))
04124681
GP		 794 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
795 &cp);
8f984dfa
JH		 796}
797
971e3a4b 798static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 799 struct sk_buff *skb)
971e3a4b
AG		 800{
801 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
802
9f1db00c 803 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 804
805 if (rp->status)
8f984dfa 806 goto done;
971e3a4b 807
b5b32b65
AG		 808 switch (rp->page) {
809 case 0:
810 memcpy(hdev->features, rp->features, 8);
811 break;
812 case 1:
813 memcpy(hdev->host_features, rp->features, 8);
814 break;
815 }
971e3a4b 816
c383ddc4 817 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 818 hci_set_le_support(hdev);
819
820done:
971e3a4b
AG		 821 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
822}
823
1e89cffb 824static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 825 struct sk_buff *skb)
1e89cffb
AE		 826{
827 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
828
9f1db00c 829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 830
831 if (rp->status)
832 return;
833
834 hdev->flow_ctl_mode = rp->mode;
835
836 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
837}
838
a9de9248
MH		 839static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
840{
841 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 842
9f1db00c 843 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 844
a9de9248
MH		 845 if (rp->status)
846 return;
1da177e4 847
a9de9248
MH		 848 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
849 hdev->sco_mtu = rp->sco_mtu;
850 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
851 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
852
853 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
854 hdev->sco_mtu = 64;
855 hdev->sco_pkts = 8;
1da177e4 856 }
a9de9248
MH		 857
858 hdev->acl_cnt = hdev->acl_pkts;
859 hdev->sco_cnt = hdev->sco_pkts;
860
807deac2
GP		 861 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
862 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 863}
864
865static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
866{
867 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
868
9f1db00c 869 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 870
871 if (!rp->status)
872 bacpy(&hdev->bdaddr, &rp->bdaddr);
873
23bb5763
JH		 874 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
875}
876
350ee4cf 877static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 878 struct sk_buff *skb)
350ee4cf
AE		 879{
880 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
881
9f1db00c 882 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 883
884 if (rp->status)
885 return;
886
887 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
888 hdev->block_len = __le16_to_cpu(rp->block_len);
889 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
890
891 hdev->block_cnt = hdev->num_blocks;
892
893 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 894 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 895
896 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
897}
898
23bb5763
JH		 899static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
900{
901 __u8 status = *((__u8 *) skb->data);
902
9f1db00c 903 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 904
905 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 906}
907
928abaa7 908static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 909 struct sk_buff *skb)
928abaa7
AE		 910{
911 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
912
9f1db00c 913 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 914
915 if (rp->status)
8e2a0d92 916 goto a2mp_rsp;
928abaa7
AE		 917
918 hdev->amp_status = rp->amp_status;
919 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
920 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
921 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
922 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
923 hdev->amp_type = rp->amp_type;
924 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
925 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
926 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
927 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
928
929 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
8e2a0d92
AE		 930
931a2mp_rsp:
932 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 933}
934
903e4541
AE		 935static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
936 struct sk_buff *skb)
937{
938 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
939 struct amp_assoc *assoc = &hdev->loc_assoc;
940 size_t rem_len, frag_len;
941
942 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
943
944 if (rp->status)
945 goto a2mp_rsp;
946
947 frag_len = skb->len - sizeof(*rp);
948 rem_len = __le16_to_cpu(rp->rem_len);
949
950 if (rem_len > frag_len) {
2e430be3 951 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 952
953 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
954 assoc->offset += frag_len;
955
956 /* Read other fragments */
957 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
958
959 return;
960 }
961
962 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
963 assoc->len = assoc->offset + rem_len;
964 assoc->offset = 0;
965
966a2mp_rsp:
967 /* Send A2MP Rsp when all fragments are received */
968 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 969 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 970}
971
b0916ea0 972static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 973 struct sk_buff *skb)
b0916ea0
JH		 974{
975 __u8 status = *((__u8 *) skb->data);
976
9f1db00c 977 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 978
979 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
980}
981
d5859e22
JH		 982static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
983{
984 __u8 status = *((__u8 *) skb->data);
985
9f1db00c 986 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 987
988 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
989}
990
991static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 992 struct sk_buff *skb)
d5859e22
JH		 993{
994 __u8 status = *((__u8 *) skb->data);
995
9f1db00c 996 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 997
998 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
999}
1000
1001static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 1002 struct sk_buff *skb)
d5859e22 1003{
91c4e9b1 1004 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 1005
9f1db00c 1006 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 1007
1008 if (!rp->status)
1009 hdev->inq_tx_power = rp->tx_power;
d5859e22 1010
91c4e9b1 1011 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 1012}
1013
1014static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1015{
1016 __u8 status = *((__u8 *) skb->data);
1017
9f1db00c 1018 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 1019
1020 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1021}
1022
980e1a53
JH		 1023static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1024{
1025 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1026 struct hci_cp_pin_code_reply *cp;
1027 struct hci_conn *conn;
1028
9f1db00c 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1030
56e5cb86
JH		 1031 hci_dev_lock(hdev);
1032
a8b2d5c2 1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1034 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 1035
fa1bd918 1036 if (rp->status)
56e5cb86 1037 goto unlock;
980e1a53
JH		 1038
1039 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1040 if (!cp)
56e5cb86 1041 goto unlock;
980e1a53
JH		 1042
1043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1044 if (conn)
1045 conn->pin_length = cp->pin_len;
56e5cb86
JH		 1046
1047unlock:
1048 hci_dev_unlock(hdev);
980e1a53
JH		 1049}
1050
1051static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1052{
1053 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1054
9f1db00c 1055 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 1056
56e5cb86
JH		 1057 hci_dev_lock(hdev);
1058
a8b2d5c2 1059 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1060 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 1061 rp->status);
56e5cb86
JH		 1062
1063 hci_dev_unlock(hdev);
980e1a53 1064}
56e5cb86 1065
6ed58ec5
VT		 1066static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1067 struct sk_buff *skb)
1068{
1069 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1070
9f1db00c 1071 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 1072
1073 if (rp->status)
1074 return;
1075
1076 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1077 hdev->le_pkts = rp->le_max_pkt;
1078
1079 hdev->le_cnt = hdev->le_pkts;
1080
1081 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1082
1083 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1084}
980e1a53 1085
8fa19098
JH		 1086static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1087 struct sk_buff *skb)
1088{
1089 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1090
1091 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1092
1093 if (!rp->status)
1094 hdev->adv_tx_power = rp->tx_power;
1095
1096 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1097}
1098
e36b04c8
JH		 1099static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1100{
1101 __u8 status = *((__u8 *) skb->data);
1102
1103 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1104
1105 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1106}
1107
a5c29683
JH		 1108static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1109{
1110 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1111
9f1db00c 1112 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1113
56e5cb86
JH		 1114 hci_dev_lock(hdev);
1115
a8b2d5c2 1116 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 1117 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1118 rp->status);
56e5cb86
JH		 1119
1120 hci_dev_unlock(hdev);
a5c29683
JH		 1121}
1122
1123static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 1124 struct sk_buff *skb)
a5c29683
JH		 1125{
1126 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1127
9f1db00c 1128 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1129
56e5cb86
JH		 1130 hci_dev_lock(hdev);
1131
a8b2d5c2 1132 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1133 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1134 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1135
1136 hci_dev_unlock(hdev);
a5c29683
JH		 1137}
1138
1143d458
BG		 1139static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1140{
1141 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1142
9f1db00c 1143 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1144
1145 hci_dev_lock(hdev);
1146
a8b2d5c2 1147 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1148 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1149 0, rp->status);
1143d458
BG		 1150
1151 hci_dev_unlock(hdev);
1152}
1153
1154static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1155 struct sk_buff *skb)
1143d458
BG		 1156{
1157 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1158
9f1db00c 1159 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1160
1161 hci_dev_lock(hdev);
1162
a8b2d5c2 1163 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1164 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1165 ACL_LINK, 0, rp->status);
1143d458
BG		 1166
1167 hci_dev_unlock(hdev);
1168}
1169
c35938b2 1170static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1171 struct sk_buff *skb)
c35938b2
SJ		 1172{
1173 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1174
9f1db00c 1175 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1176
56e5cb86 1177 hci_dev_lock(hdev);
744cf19e 1178 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1179 rp->randomizer, rp->status);
56e5cb86 1180 hci_dev_unlock(hdev);
c35938b2
SJ		 1181}
1182
07f7fa5d
AG		 1183static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1184{
1185 __u8 status = *((__u8 *) skb->data);
1186
9f1db00c 1187 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1188
1189 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1190
1191 if (status) {
1192 hci_dev_lock(hdev);
1193 mgmt_start_discovery_failed(hdev, status);
1194 hci_dev_unlock(hdev);
1195 return;
1196 }
07f7fa5d
AG		 1197}
1198
eb9d91f5 1199static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1200 struct sk_buff *skb)
eb9d91f5
AG		 1201{
1202 struct hci_cp_le_set_scan_enable *cp;
1203 __u8 status = *((__u8 *) skb->data);
1204
9f1db00c 1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1206
eb9d91f5
AG		 1207 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1208 if (!cp)
1209 return;
1210
68a8aea4
AE		 1211 switch (cp->enable) {
1212 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1213 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1214
3fd24153
AG		 1215 if (status) {
1216 hci_dev_lock(hdev);
1217 mgmt_start_discovery_failed(hdev, status);
1218 hci_dev_unlock(hdev);
7ba8b4be 1219 return;
3fd24153 1220 }
7ba8b4be 1221
d23264a8
AG		 1222 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1223
a8f13c8c 1224 hci_dev_lock(hdev);
343f935b 1225 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1226 hci_dev_unlock(hdev);
68a8aea4
AE		 1227 break;
1228
1229 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1230 if (status) {
1231 hci_dev_lock(hdev);
1232 mgmt_stop_discovery_failed(hdev, status);
1233 hci_dev_unlock(hdev);
7ba8b4be 1234 return;
c9ecc48e 1235 }
7ba8b4be 1236
d23264a8
AG		 1237 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1238
bc3dd33c
AG		 1239 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1240 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1241 mgmt_interleaved_discovery(hdev);
1242 } else {
1243 hci_dev_lock(hdev);
1244 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1245 hci_dev_unlock(hdev);
1246 }
1247
68a8aea4
AE		 1248 break;
1249
1250 default:
1251 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1252 break;
35815085 1253 }
eb9d91f5
AG		 1254}
1255
a7a595f6
VCG		 1256static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1257{
1258 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1259
9f1db00c 1260 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1261
1262 if (rp->status)
1263 return;
1264
1265 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1266}
1267
1268static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1269{
1270 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1271
9f1db00c 1272 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1273
1274 if (rp->status)
1275 return;
1276
1277 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1278}
1279
6039aa73
GP		 1280static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1281 struct sk_buff *skb)
f9b49306 1282{
06199cf8 1283 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1284 __u8 status = *((__u8 *) skb->data);
1285
9f1db00c 1286 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1287
06199cf8 1288 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1289 if (!sent)
f9b49306
AG		 1290 return;
1291
8f984dfa
JH		 1292 if (!status) {
1293 if (sent->le)
1294 hdev->host_features[0] |= LMP_HOST_LE;
1295 else
1296 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 1297
1298 if (sent->simul)
1299 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1300 else
1301 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 1302 }
1303
1304 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1305 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1306 mgmt_le_enable_complete(hdev, sent->le, status);
1307
1308 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1309}
1310
93c284ee
AE		 1311static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1312 struct sk_buff *skb)
1313{
1314 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1315
1316 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1317 hdev->name, rp->status, rp->phy_handle);
1318
1319 if (rp->status)
1320 return;
1321
1322 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1323}
1324
6039aa73 1325static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1326{
9f1db00c 1327 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1328
1329 if (status) {
23bb5763 1330 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1331 hci_conn_check_pending(hdev);
56e5cb86 1332 hci_dev_lock(hdev);
a8b2d5c2 1333 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1334 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1335 hci_dev_unlock(hdev);
314b2381
JH		 1336 return;
1337 }
1338
89352e7d
AG		 1339 set_bit(HCI_INQUIRY, &hdev->flags);
1340
56e5cb86 1341 hci_dev_lock(hdev);
343f935b 1342 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1343 hci_dev_unlock(hdev);
1da177e4
LT		 1344}
1345
6039aa73 1346static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1347{
a9de9248 1348 struct hci_cp_create_conn *cp;
1da177e4 1349 struct hci_conn *conn;
1da177e4 1350
9f1db00c 1351 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1352
1353 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1354 if (!cp)
1355 return;
1356
1357 hci_dev_lock(hdev);
1358
1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1360
6ed93dc6 1361 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1362
1363 if (status) {
1364 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1365 if (status != 0x0c || conn->attempt > 2) {
1366 conn->state = BT_CLOSED;
1367 hci_proto_connect_cfm(conn, status);
1368 hci_conn_del(conn);
1369 } else
1370 conn->state = BT_CONNECT2;
1da177e4
LT		 1371 }
1372 } else {
1373 if (!conn) {
1374 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1375 if (conn) {
a0c808b3 1376 conn->out = true;
1da177e4
LT		 1377 conn->link_mode |= HCI_LM_MASTER;
1378 } else
893ef971 1379 BT_ERR("No memory for new connection");
1da177e4
LT		 1380 }
1381 }
1382
1383 hci_dev_unlock(hdev);
1384}
1385
a9de9248 1386static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1387{
a9de9248
MH		 1388 struct hci_cp_add_sco *cp;
1389 struct hci_conn *acl, *sco;
1390 __u16 handle;
1da177e4 1391
9f1db00c 1392 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1393
a9de9248
MH		 1394 if (!status)
1395 return;
1da177e4 1396
a9de9248
MH		 1397 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1398 if (!cp)
1399 return;
1da177e4 1400
a9de9248 1401 handle = __le16_to_cpu(cp->handle);
1da177e4 1402
9f1db00c 1403 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1404
a9de9248 1405 hci_dev_lock(hdev);
1da177e4 1406
a9de9248 1407 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1408 if (acl) {
1409 sco = acl->link;
1410 if (sco) {
1411 sco->state = BT_CLOSED;
1da177e4 1412
5a08ecce
AE		 1413 hci_proto_connect_cfm(sco, status);
1414 hci_conn_del(sco);
1415 }
a9de9248 1416 }
1da177e4 1417
a9de9248
MH		 1418 hci_dev_unlock(hdev);
1419}
1da177e4 1420
f8558555
MH		 1421static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1422{
1423 struct hci_cp_auth_requested *cp;
1424 struct hci_conn *conn;
1425
9f1db00c 1426 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1427
1428 if (!status)
1429 return;
1430
1431 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1432 if (!cp)
1433 return;
1434
1435 hci_dev_lock(hdev);
1436
1437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1438 if (conn) {
1439 if (conn->state == BT_CONFIG) {
1440 hci_proto_connect_cfm(conn, status);
1441 hci_conn_put(conn);
1442 }
1443 }
1444
1445 hci_dev_unlock(hdev);
1446}
1447
1448static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1449{
1450 struct hci_cp_set_conn_encrypt *cp;
1451 struct hci_conn *conn;
1452
9f1db00c 1453 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1454
1455 if (!status)
1456 return;
1457
1458 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1459 if (!cp)
1460 return;
1461
1462 hci_dev_lock(hdev);
1463
1464 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1465 if (conn) {
1466 if (conn->state == BT_CONFIG) {
1467 hci_proto_connect_cfm(conn, status);
1468 hci_conn_put(conn);
1469 }
1470 }
1471
1472 hci_dev_unlock(hdev);
1473}
1474
127178d2 1475static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1476 struct hci_conn *conn)
392599b9 1477{
392599b9
JH		 1478 if (conn->state != BT_CONFIG || !conn->out)
1479 return 0;
1480
765c2a96 1481 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1482 return 0;
1483
1484 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1485 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1486 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1487 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1488 return 0;
1489
392599b9
JH		 1490 return 1;
1491}
1492
6039aa73 1493static int hci_resolve_name(struct hci_dev *hdev,
04124681 1494 struct inquiry_entry *e)
30dc78e1
JH		 1495{
1496 struct hci_cp_remote_name_req cp;
1497
1498 memset(&cp, 0, sizeof(cp));
1499
1500 bacpy(&cp.bdaddr, &e->data.bdaddr);
1501 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1502 cp.pscan_mode = e->data.pscan_mode;
1503 cp.clock_offset = e->data.clock_offset;
1504
1505 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1506}
1507
b644ba33 1508static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1509{
1510 struct discovery_state *discov = &hdev->discovery;
1511 struct inquiry_entry *e;
1512
b644ba33
JH		 1513 if (list_empty(&discov->resolve))
1514 return false;
1515
1516 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1517 if (!e)
1518 return false;
1519
b644ba33
JH		 1520 if (hci_resolve_name(hdev, e) == 0) {
1521 e->name_state = NAME_PENDING;
1522 return true;
1523 }
1524
1525 return false;
1526}
1527
1528static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1529 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1530{
1531 struct discovery_state *discov = &hdev->discovery;
1532 struct inquiry_entry *e;
1533
1534 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1535 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1536 name_len, conn->dev_class);
b644ba33
JH		 1537
1538 if (discov->state == DISCOVERY_STOPPED)
1539 return;
1540
30dc78e1
JH		 1541 if (discov->state == DISCOVERY_STOPPING)
1542 goto discov_complete;
1543
1544 if (discov->state != DISCOVERY_RESOLVING)
1545 return;
1546
1547 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1548 /* If the device was not found in a list of found devices names of which
1549 * are pending. there is no need to continue resolving a next name as it
1550 * will be done upon receiving another Remote Name Request Complete
1551 * Event */
1552 if (!e)
1553 return;
1554
1555 list_del(&e->list);
1556 if (name) {
30dc78e1 1557 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1558 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1559 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1560 } else {
1561 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1562 }
1563
b644ba33 1564 if (hci_resolve_next_name(hdev))
30dc78e1 1565 return;
30dc78e1
JH		 1566
1567discov_complete:
1568 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1569}
1570
a9de9248
MH		 1571static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1572{
127178d2
JH		 1573 struct hci_cp_remote_name_req *cp;
1574 struct hci_conn *conn;
1575
9f1db00c 1576 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1577
1578 /* If successful wait for the name req complete event before
1579 * checking for the need to do authentication */
1580 if (!status)
1581 return;
1582
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1584 if (!cp)
1585 return;
1586
1587 hci_dev_lock(hdev);
1588
b644ba33
JH		 1589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1590
a8b2d5c2 1591 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1592 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1593
79c6c70c
JH		 1594 if (!conn)
1595 goto unlock;
1596
1597 if (!hci_outgoing_auth_needed(hdev, conn))
1598 goto unlock;
1599
51a8efd7 1600 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1601 struct hci_cp_auth_requested cp;
1602 cp.handle = __cpu_to_le16(conn->handle);
1603 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1604 }
1605
79c6c70c 1606unlock:
127178d2 1607 hci_dev_unlock(hdev);
a9de9248 1608}
1da177e4 1609
769be974
MH		 1610static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1611{
1612 struct hci_cp_read_remote_features *cp;
1613 struct hci_conn *conn;
1614
9f1db00c 1615 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1616
1617 if (!status)
1618 return;
1619
1620 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1621 if (!cp)
1622 return;
1623
1624 hci_dev_lock(hdev);
1625
1626 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1627 if (conn) {
1628 if (conn->state == BT_CONFIG) {
769be974
MH		 1629 hci_proto_connect_cfm(conn, status);
1630 hci_conn_put(conn);
1631 }
1632 }
1633
1634 hci_dev_unlock(hdev);
1635}
1636
1637static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1638{
1639 struct hci_cp_read_remote_ext_features *cp;
1640 struct hci_conn *conn;
1641
9f1db00c 1642 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1643
1644 if (!status)
1645 return;
1646
1647 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1648 if (!cp)
1649 return;
1650
1651 hci_dev_lock(hdev);
1652
1653 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1654 if (conn) {
1655 if (conn->state == BT_CONFIG) {
769be974
MH		 1656 hci_proto_connect_cfm(conn, status);
1657 hci_conn_put(conn);
1658 }
1659 }
1660
1661 hci_dev_unlock(hdev);
1662}
1663
a9de9248
MH		 1664static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1665{
b6a0dc82
MH		 1666 struct hci_cp_setup_sync_conn *cp;
1667 struct hci_conn *acl, *sco;
1668 __u16 handle;
1669
9f1db00c 1670 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1671
1672 if (!status)
1673 return;
1674
1675 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1676 if (!cp)
1677 return;
1678
1679 handle = __le16_to_cpu(cp->handle);
1680
9f1db00c 1681 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1682
1683 hci_dev_lock(hdev);
1684
1685 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1686 if (acl) {
1687 sco = acl->link;
1688 if (sco) {
1689 sco->state = BT_CLOSED;
b6a0dc82 1690
5a08ecce
AE		 1691 hci_proto_connect_cfm(sco, status);
1692 hci_conn_del(sco);
1693 }
b6a0dc82
MH		 1694 }
1695
1696 hci_dev_unlock(hdev);
1da177e4
LT		 1697}
1698
a9de9248 1699static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1700{
a9de9248
MH		 1701 struct hci_cp_sniff_mode *cp;
1702 struct hci_conn *conn;
1da177e4 1703
9f1db00c 1704 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1705
a9de9248
MH		 1706 if (!status)
1707 return;
04837f64 1708
a9de9248
MH		 1709 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1710 if (!cp)
1711 return;
04837f64 1712
a9de9248 1713 hci_dev_lock(hdev);
04837f64 1714
a9de9248 1715 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1716 if (conn) {
51a8efd7 1717 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1718
51a8efd7 1719 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1720 hci_sco_setup(conn, status);
1721 }
1722
a9de9248
MH		 1723 hci_dev_unlock(hdev);
1724}
04837f64 1725
a9de9248
MH		 1726static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1727{
1728 struct hci_cp_exit_sniff_mode *cp;
1729 struct hci_conn *conn;
04837f64 1730
9f1db00c 1731 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1732
a9de9248
MH		 1733 if (!status)
1734 return;
04837f64 1735
a9de9248
MH		 1736 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1737 if (!cp)
1738 return;
04837f64 1739
a9de9248 1740 hci_dev_lock(hdev);
1da177e4 1741
a9de9248 1742 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1743 if (conn) {
51a8efd7 1744 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1745
51a8efd7 1746 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1747 hci_sco_setup(conn, status);
1748 }
1749
a9de9248 1750 hci_dev_unlock(hdev);
1da177e4
LT		 1751}
1752
88c3df13
JH		 1753static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1754{
1755 struct hci_cp_disconnect *cp;
1756 struct hci_conn *conn;
1757
1758 if (!status)
1759 return;
1760
1761 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1762 if (!cp)
1763 return;
1764
1765 hci_dev_lock(hdev);
1766
1767 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1768 if (conn)
1769 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1770 conn->dst_type, status);
88c3df13
JH		 1771
1772 hci_dev_unlock(hdev);
1773}
1774
fcd89c09
VT		 1775static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1776{
fcd89c09
VT		 1777 struct hci_conn *conn;
1778
9f1db00c 1779 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1780
f00a06ac
AG		 1781 if (status) {
1782 hci_dev_lock(hdev);
fcd89c09 1783
0c95ab78 1784 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1785 if (!conn) {
1786 hci_dev_unlock(hdev);
1787 return;
1788 }
fcd89c09 1789
6ed93dc6 1790 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1791
f00a06ac 1792 conn->state = BT_CLOSED;
0c95ab78 1793 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1794 conn->dst_type, status);
1795 hci_proto_connect_cfm(conn, status);
1796 hci_conn_del(conn);
fcd89c09 1797
f00a06ac
AG		 1798 hci_dev_unlock(hdev);
1799 }
fcd89c09
VT		 1800}
1801
a7a595f6
VCG		 1802static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1803{
9f1db00c 1804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1805}
1806
a02226d6
AE		 1807static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1808{
93c284ee
AE		 1809 struct hci_cp_create_phy_link *cp;
1810
a02226d6 1811 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee
AE		 1812
1813 if (status)
1814 return;
1815
1816 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1817 if (!cp)
1818 return;
1819
1820 amp_write_remote_assoc(hdev, cp->phy_handle);
a02226d6
AE		 1821}
1822
0b26ab9d
AE		 1823static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1824{
1825 struct hci_cp_accept_phy_link *cp;
1826
1827 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1828
1829 if (status)
1830 return;
1831
1832 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1833 if (!cp)
1834 return;
1835
1836 amp_write_remote_assoc(hdev, cp->phy_handle);
1837}
1838
6039aa73 1839static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1840{
1841 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1842 struct discovery_state *discov = &hdev->discovery;
1843 struct inquiry_entry *e;
1da177e4 1844
9f1db00c 1845 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1846
23bb5763 1847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1848
a9de9248 1849 hci_conn_check_pending(hdev);
89352e7d
AG		 1850
1851 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1852 return;
1853
a8b2d5c2 1854 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1855 return;
1856
56e5cb86 1857 hci_dev_lock(hdev);
30dc78e1 1858
343f935b 1859 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1860 goto unlock;
1861
1862 if (list_empty(&discov->resolve)) {
1863 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1864 goto unlock;
1865 }
1866
1867 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1868 if (e && hci_resolve_name(hdev, e) == 0) {
1869 e->name_state = NAME_PENDING;
1870 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1871 } else {
1872 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1873 }
1874
1875unlock:
56e5cb86 1876 hci_dev_unlock(hdev);
1da177e4
LT		 1877}
1878
6039aa73 1879static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1880{
45bb4bf0 1881 struct inquiry_data data;
a9de9248 1882 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1883 int num_rsp = *((__u8 *) skb->data);
1884
1885 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1886
45bb4bf0
MH		 1887 if (!num_rsp)
1888 return;
1889
1519cc17
AG		 1890 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1891 return;
1892
1da177e4 1893 hci_dev_lock(hdev);
45bb4bf0 1894
e17acd40 1895 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1896 bool name_known, ssp;
3175405b 1897
1da177e4
LT		 1898 bacpy(&data.bdaddr, &info->bdaddr);
1899 data.pscan_rep_mode = info->pscan_rep_mode;
1900 data.pscan_period_mode = info->pscan_period_mode;
1901 data.pscan_mode = info->pscan_mode;
1902 memcpy(data.dev_class, info->dev_class, 3);
1903 data.clock_offset = info->clock_offset;
1904 data.rssi = 0x00;
41a96212 1905 data.ssp_mode = 0x00;
3175405b 1906
388fc8fa 1907 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1908 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1909 info->dev_class, 0, !name_known, ssp, NULL,
1910 0);
1da177e4 1911 }
45bb4bf0 1912
1da177e4
LT		 1913 hci_dev_unlock(hdev);
1914}
1915
6039aa73 1916static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1917{
a9de9248
MH		 1918 struct hci_ev_conn_complete *ev = (void *) skb->data;
1919 struct hci_conn *conn;
1da177e4
LT		 1920
1921 BT_DBG("%s", hdev->name);
1922
1923 hci_dev_lock(hdev);
1924
1925 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1926 if (!conn) {
1927 if (ev->link_type != SCO_LINK)
1928 goto unlock;
1929
1930 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1931 if (!conn)
1932 goto unlock;
1933
1934 conn->type = SCO_LINK;
1935 }
1da177e4
LT		 1936
1937 if (!ev->status) {
1938 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1939
1940 if (conn->type == ACL_LINK) {
1941 conn->state = BT_CONFIG;
1942 hci_conn_hold(conn);
a9ea3ed9
SJ		 1943
1944 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1945 !hci_find_link_key(hdev, &ev->bdaddr))
1946 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1947 else
1948 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1949 } else
1950 conn->state = BT_CONNECTED;
1da177e4 1951
9eba32b8 1952 hci_conn_hold_device(conn);
7d0db0a3
MH		 1953 hci_conn_add_sysfs(conn);
1954
1da177e4
LT		 1955 if (test_bit(HCI_AUTH, &hdev->flags))
1956 conn->link_mode |= HCI_LM_AUTH;
1957
1958 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1959 conn->link_mode |= HCI_LM_ENCRYPT;
1960
04837f64
MH		 1961 /* Get remote features */
1962 if (conn->type == ACL_LINK) {
1963 struct hci_cp_read_remote_features cp;
1964 cp.handle = ev->handle;
769be974 1965 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1966 sizeof(cp), &cp);
04837f64
MH		 1967 }
1968
1da177e4 1969 /* Set packet type for incoming connection */
d095c1eb 1970 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1971 struct hci_cp_change_conn_ptype cp;
1972 cp.handle = ev->handle;
a8746417 1973 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1974 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1975 &cp);
1da177e4 1976 }
17d5c04c 1977 } else {
1da177e4 1978 conn->state = BT_CLOSED;
17d5c04c 1979 if (conn->type == ACL_LINK)
744cf19e 1980 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1981 conn->dst_type, ev->status);
17d5c04c 1982 }
1da177e4 1983
e73439d8
MH		 1984 if (conn->type == ACL_LINK)
1985 hci_sco_setup(conn, ev->status);
1da177e4 1986
769be974
MH		 1987 if (ev->status) {
1988 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1989 hci_conn_del(conn);
c89b6e6b
MH		 1990 } else if (ev->link_type != ACL_LINK)
1991 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1992
a9de9248 1993unlock:
1da177e4 1994 hci_dev_unlock(hdev);
1da177e4 1995
a9de9248 1996 hci_conn_check_pending(hdev);
1da177e4
LT		 1997}
1998
6039aa73 1999static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2000{
a9de9248
MH		 2001 struct hci_ev_conn_request *ev = (void *) skb->data;
2002 int mask = hdev->link_mode;
1da177e4 2003
6ed93dc6 2004 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2005 ev->link_type);
1da177e4 2006
a9de9248 2007 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 2008
138d22ef 2009 if ((mask & HCI_LM_ACCEPT) &&
807deac2 2010 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 2011 /* Connection accepted */
c7bdd502 2012 struct inquiry_entry *ie;
1da177e4 2013 struct hci_conn *conn;
1da177e4 2014
a9de9248 2015 hci_dev_lock(hdev);
b6a0dc82 2016
cc11b9c1
AE		 2017 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2018 if (ie)
c7bdd502
MH		 2019 memcpy(ie->data.dev_class, ev->dev_class, 3);
2020
8fc9ced3
GP		 2021 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2022 &ev->bdaddr);
a9de9248 2023 if (!conn) {
cc11b9c1
AE		 2024 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2025 if (!conn) {
893ef971 2026 BT_ERR("No memory for new connection");
a9de9248
MH		 2027 hci_dev_unlock(hdev);
2028 return;
1da177e4
LT		 2029 }
2030 }
b6a0dc82 2031
a9de9248
MH		 2032 memcpy(conn->dev_class, ev->dev_class, 3);
2033 conn->state = BT_CONNECT;
b6a0dc82 2034
a9de9248 2035 hci_dev_unlock(hdev);
1da177e4 2036
b6a0dc82
MH		 2037 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2038 struct hci_cp_accept_conn_req cp;
1da177e4 2039
b6a0dc82
MH		 2040 bacpy(&cp.bdaddr, &ev->bdaddr);
2041
2042 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2043 cp.role = 0x00; /* Become master */
2044 else
2045 cp.role = 0x01; /* Remain slave */
2046
04124681
GP		 2047 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2048 &cp);
b6a0dc82
MH		 2049 } else {
2050 struct hci_cp_accept_sync_conn_req cp;
2051
2052 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2053 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2054
82781e63
AE		 2055 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2056 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2057 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 2058 cp.content_format = cpu_to_le16(hdev->voice_setting);
2059 cp.retrans_effort = 0xff;
1da177e4 2060
b6a0dc82 2061 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2062 sizeof(cp), &cp);
b6a0dc82 2063 }
a9de9248
MH		 2064 } else {
2065 /* Connection rejected */
2066 struct hci_cp_reject_conn_req cp;
1da177e4 2067
a9de9248 2068 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2069 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2070 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2071 }
1da177e4
LT		 2072}
2073
f0d6a0ea
MA		 2074static u8 hci_to_mgmt_reason(u8 err)
2075{
2076 switch (err) {
2077 case HCI_ERROR_CONNECTION_TIMEOUT:
2078 return MGMT_DEV_DISCONN_TIMEOUT;
2079 case HCI_ERROR_REMOTE_USER_TERM:
2080 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2081 case HCI_ERROR_REMOTE_POWER_OFF:
2082 return MGMT_DEV_DISCONN_REMOTE;
2083 case HCI_ERROR_LOCAL_HOST_TERM:
2084 return MGMT_DEV_DISCONN_LOCAL_HOST;
2085 default:
2086 return MGMT_DEV_DISCONN_UNKNOWN;
2087 }
2088}
2089
6039aa73 2090static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2091{
a9de9248 2092 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 2093 struct hci_conn *conn;
2094
9f1db00c 2095 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2096
2097 hci_dev_lock(hdev);
2098
2099 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2100 if (!conn)
2101 goto unlock;
7d0db0a3 2102
37d9ef76
JH		 2103 if (ev->status == 0)
2104 conn->state = BT_CLOSED;
04837f64 2105
b644ba33 2106 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 2107 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 2108 if (ev->status) {
88c3df13 2109 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 2110 conn->dst_type, ev->status);
f0d6a0ea
MA		 2111 } else {
2112 u8 reason = hci_to_mgmt_reason(ev->reason);
2113
afc747a6 2114 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 2115 conn->dst_type, reason);
2116 }
37d9ef76 2117 }
f7520543 2118
37d9ef76 2119 if (ev->status == 0) {
6ec5bcad
VA		 2120 if (conn->type == ACL_LINK && conn->flush_key)
2121 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 2122 hci_proto_disconn_cfm(conn, ev->reason);
2123 hci_conn_del(conn);
2124 }
f7520543
JH		 2125
2126unlock:
04837f64
MH		 2127 hci_dev_unlock(hdev);
2128}
2129
6039aa73 2130static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2131{
a9de9248 2132 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2133 struct hci_conn *conn;
1da177e4 2134
9f1db00c 2135 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2136
2137 hci_dev_lock(hdev);
2138
04837f64 2139 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2140 if (!conn)
2141 goto unlock;
2142
2143 if (!ev->status) {
aa64a8b5 2144 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2145 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2146 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2147 } else {
d7556e20
WR		 2148 conn->link_mode |= HCI_LM_AUTH;
2149 conn->sec_level = conn->pending_sec_level;
2a611692 2150 }
d7556e20 2151 } else {
bab73cb6 2152 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2153 ev->status);
d7556e20 2154 }
1da177e4 2155
51a8efd7
JH		 2156 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2157 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2158
d7556e20 2159 if (conn->state == BT_CONFIG) {
aa64a8b5 2160 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2161 struct hci_cp_set_conn_encrypt cp;
2162 cp.handle = ev->handle;
2163 cp.encrypt = 0x01;
2164 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2165 &cp);
052b30b0 2166 } else {
d7556e20
WR		 2167 conn->state = BT_CONNECTED;
2168 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 2169 hci_conn_put(conn);
2170 }
d7556e20
WR		 2171 } else {
2172 hci_auth_cfm(conn, ev->status);
052b30b0 2173
d7556e20
WR		 2174 hci_conn_hold(conn);
2175 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2176 hci_conn_put(conn);
2177 }
2178
51a8efd7 2179 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2180 if (!ev->status) {
2181 struct hci_cp_set_conn_encrypt cp;
2182 cp.handle = ev->handle;
2183 cp.encrypt = 0x01;
2184 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2185 &cp);
d7556e20 2186 } else {
51a8efd7 2187 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2188 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2189 }
2190 }
2191
d7556e20 2192unlock:
1da177e4
LT		 2193 hci_dev_unlock(hdev);
2194}
2195
6039aa73 2196static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2197{
127178d2
JH		 2198 struct hci_ev_remote_name *ev = (void *) skb->data;
2199 struct hci_conn *conn;
2200
a9de9248 2201 BT_DBG("%s", hdev->name);
1da177e4 2202
a9de9248 2203 hci_conn_check_pending(hdev);
127178d2
JH		 2204
2205 hci_dev_lock(hdev);
2206
b644ba33 2207 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2208
b644ba33
JH		 2209 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2210 goto check_auth;
a88a9652 2211
b644ba33
JH		 2212 if (ev->status == 0)
2213 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2214 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2215 else
2216 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2217
2218check_auth:
79c6c70c
JH		 2219 if (!conn)
2220 goto unlock;
2221
2222 if (!hci_outgoing_auth_needed(hdev, conn))
2223 goto unlock;
2224
51a8efd7 2225 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2226 struct hci_cp_auth_requested cp;
2227 cp.handle = __cpu_to_le16(conn->handle);
2228 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2229 }
2230
79c6c70c 2231unlock:
127178d2 2232 hci_dev_unlock(hdev);
a9de9248
MH		 2233}
2234
6039aa73 2235static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2236{
2237 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2238 struct hci_conn *conn;
2239
9f1db00c 2240 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2241
2242 hci_dev_lock(hdev);
2243
04837f64 2244 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2245 if (conn) {
2246 if (!ev->status) {
ae293196
MH		 2247 if (ev->encrypt) {
2248 /* Encryption implies authentication */
2249 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2250 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2251 conn->sec_level = conn->pending_sec_level;
ae293196 2252 } else
1da177e4
LT		 2253 conn->link_mode &= ~HCI_LM_ENCRYPT;
2254 }
2255
51a8efd7 2256 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2257
a7d7723a 2258 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2259 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2260 hci_conn_put(conn);
2261 goto unlock;
2262 }
2263
f8558555
MH		 2264 if (conn->state == BT_CONFIG) {
2265 if (!ev->status)
2266 conn->state = BT_CONNECTED;
2267
2268 hci_proto_connect_cfm(conn, ev->status);
2269 hci_conn_put(conn);
2270 } else
2271 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2272 }
2273
a7d7723a 2274unlock:
1da177e4
LT		 2275 hci_dev_unlock(hdev);
2276}
2277
6039aa73
GP		 2278static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2279 struct sk_buff *skb)
1da177e4 2280{
a9de9248 2281 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2282 struct hci_conn *conn;
1da177e4 2283
9f1db00c 2284 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2285
2286 hci_dev_lock(hdev);
2287
04837f64 2288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2289 if (conn) {
2290 if (!ev->status)
2291 conn->link_mode |= HCI_LM_SECURE;
2292
51a8efd7 2293 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2294
2295 hci_key_change_cfm(conn, ev->status);
2296 }
2297
2298 hci_dev_unlock(hdev);
2299}
2300
6039aa73
GP		 2301static void hci_remote_features_evt(struct hci_dev *hdev,
2302 struct sk_buff *skb)
1da177e4 2303{
a9de9248
MH		 2304 struct hci_ev_remote_features *ev = (void *) skb->data;
2305 struct hci_conn *conn;
2306
9f1db00c 2307 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2308
a9de9248
MH		 2309 hci_dev_lock(hdev);
2310
2311 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2312 if (!conn)
2313 goto unlock;
769be974 2314
ccd556fe
JH		 2315 if (!ev->status)
2316 memcpy(conn->features, ev->features, 8);
2317
2318 if (conn->state != BT_CONFIG)
2319 goto unlock;
2320
2321 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2322 struct hci_cp_read_remote_ext_features cp;
2323 cp.handle = ev->handle;
2324 cp.page = 0x01;
2325 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2326 sizeof(cp), &cp);
392599b9
JH		 2327 goto unlock;
2328 }
2329
671267bf 2330 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2331 struct hci_cp_remote_name_req cp;
2332 memset(&cp, 0, sizeof(cp));
2333 bacpy(&cp.bdaddr, &conn->dst);
2334 cp.pscan_rep_mode = 0x02;
2335 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2336 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2337 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2338 conn->dst_type, 0, NULL, 0,
2339 conn->dev_class);
392599b9 2340
127178d2 2341 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2342 conn->state = BT_CONNECTED;
2343 hci_proto_connect_cfm(conn, ev->status);
2344 hci_conn_put(conn);
769be974 2345 }
a9de9248 2346
ccd556fe 2347unlock:
a9de9248 2348 hci_dev_unlock(hdev);
1da177e4
LT		 2349}
2350
6039aa73 2351static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2352{
a9de9248 2353 BT_DBG("%s", hdev->name);
1da177e4
LT		 2354}
2355
6039aa73
GP		 2356static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2357 struct sk_buff *skb)
1da177e4 2358{
a9de9248 2359 BT_DBG("%s", hdev->name);
1da177e4
LT		 2360}
2361
6039aa73 2362static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2363{
2364 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2365 __u16 opcode;
2366
2367 skb_pull(skb, sizeof(*ev));
2368
2369 opcode = __le16_to_cpu(ev->opcode);
2370
2371 switch (opcode) {
2372 case HCI_OP_INQUIRY_CANCEL:
2373 hci_cc_inquiry_cancel(hdev, skb);
2374 break;
2375
4d93483b
AG		 2376 case HCI_OP_PERIODIC_INQ:
2377 hci_cc_periodic_inq(hdev, skb);
2378 break;
2379
a9de9248
MH		 2380 case HCI_OP_EXIT_PERIODIC_INQ:
2381 hci_cc_exit_periodic_inq(hdev, skb);
2382 break;
2383
2384 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2385 hci_cc_remote_name_req_cancel(hdev, skb);
2386 break;
2387
2388 case HCI_OP_ROLE_DISCOVERY:
2389 hci_cc_role_discovery(hdev, skb);
2390 break;
2391
e4e8e37c
MH		 2392 case HCI_OP_READ_LINK_POLICY:
2393 hci_cc_read_link_policy(hdev, skb);
2394 break;
2395
a9de9248
MH		 2396 case HCI_OP_WRITE_LINK_POLICY:
2397 hci_cc_write_link_policy(hdev, skb);
2398 break;
2399
e4e8e37c
MH		 2400 case HCI_OP_READ_DEF_LINK_POLICY:
2401 hci_cc_read_def_link_policy(hdev, skb);
2402 break;
2403
2404 case HCI_OP_WRITE_DEF_LINK_POLICY:
2405 hci_cc_write_def_link_policy(hdev, skb);
2406 break;
2407
a9de9248
MH		 2408 case HCI_OP_RESET:
2409 hci_cc_reset(hdev, skb);
2410 break;
2411
2412 case HCI_OP_WRITE_LOCAL_NAME:
2413 hci_cc_write_local_name(hdev, skb);
2414 break;
2415
2416 case HCI_OP_READ_LOCAL_NAME:
2417 hci_cc_read_local_name(hdev, skb);
2418 break;
2419
2420 case HCI_OP_WRITE_AUTH_ENABLE:
2421 hci_cc_write_auth_enable(hdev, skb);
2422 break;
2423
2424 case HCI_OP_WRITE_ENCRYPT_MODE:
2425 hci_cc_write_encrypt_mode(hdev, skb);
2426 break;
2427
2428 case HCI_OP_WRITE_SCAN_ENABLE:
2429 hci_cc_write_scan_enable(hdev, skb);
2430 break;
2431
2432 case HCI_OP_READ_CLASS_OF_DEV:
2433 hci_cc_read_class_of_dev(hdev, skb);
2434 break;
2435
2436 case HCI_OP_WRITE_CLASS_OF_DEV:
2437 hci_cc_write_class_of_dev(hdev, skb);
2438 break;
2439
2440 case HCI_OP_READ_VOICE_SETTING:
2441 hci_cc_read_voice_setting(hdev, skb);
2442 break;
2443
2444 case HCI_OP_WRITE_VOICE_SETTING:
2445 hci_cc_write_voice_setting(hdev, skb);
2446 break;
2447
2448 case HCI_OP_HOST_BUFFER_SIZE:
2449 hci_cc_host_buffer_size(hdev, skb);
2450 break;
2451
333140b5
MH		 2452 case HCI_OP_WRITE_SSP_MODE:
2453 hci_cc_write_ssp_mode(hdev, skb);
2454 break;
2455
a9de9248
MH		 2456 case HCI_OP_READ_LOCAL_VERSION:
2457 hci_cc_read_local_version(hdev, skb);
2458 break;
2459
2460 case HCI_OP_READ_LOCAL_COMMANDS:
2461 hci_cc_read_local_commands(hdev, skb);
2462 break;
2463
2464 case HCI_OP_READ_LOCAL_FEATURES:
2465 hci_cc_read_local_features(hdev, skb);
2466 break;
2467
971e3a4b
AG		 2468 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2469 hci_cc_read_local_ext_features(hdev, skb);
2470 break;
2471
a9de9248
MH		 2472 case HCI_OP_READ_BUFFER_SIZE:
2473 hci_cc_read_buffer_size(hdev, skb);
2474 break;
2475
2476 case HCI_OP_READ_BD_ADDR:
2477 hci_cc_read_bd_addr(hdev, skb);
2478 break;
2479
350ee4cf
AE		 2480 case HCI_OP_READ_DATA_BLOCK_SIZE:
2481 hci_cc_read_data_block_size(hdev, skb);
2482 break;
2483
23bb5763
JH		 2484 case HCI_OP_WRITE_CA_TIMEOUT:
2485 hci_cc_write_ca_timeout(hdev, skb);
2486 break;
2487
1e89cffb
AE		 2488 case HCI_OP_READ_FLOW_CONTROL_MODE:
2489 hci_cc_read_flow_control_mode(hdev, skb);
2490 break;
2491
928abaa7
AE		 2492 case HCI_OP_READ_LOCAL_AMP_INFO:
2493 hci_cc_read_local_amp_info(hdev, skb);
2494 break;
2495
903e4541
AE		 2496 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2497 hci_cc_read_local_amp_assoc(hdev, skb);
2498 break;
2499
b0916ea0
JH		 2500 case HCI_OP_DELETE_STORED_LINK_KEY:
2501 hci_cc_delete_stored_link_key(hdev, skb);
2502 break;
2503
d5859e22
JH		 2504 case HCI_OP_SET_EVENT_MASK:
2505 hci_cc_set_event_mask(hdev, skb);
2506 break;
2507
2508 case HCI_OP_WRITE_INQUIRY_MODE:
2509 hci_cc_write_inquiry_mode(hdev, skb);
2510 break;
2511
2512 case HCI_OP_READ_INQ_RSP_TX_POWER:
2513 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2514 break;
2515
2516 case HCI_OP_SET_EVENT_FLT:
2517 hci_cc_set_event_flt(hdev, skb);
2518 break;
2519
980e1a53
JH		 2520 case HCI_OP_PIN_CODE_REPLY:
2521 hci_cc_pin_code_reply(hdev, skb);
2522 break;
2523
2524 case HCI_OP_PIN_CODE_NEG_REPLY:
2525 hci_cc_pin_code_neg_reply(hdev, skb);
2526 break;
2527
c35938b2
SJ		 2528 case HCI_OP_READ_LOCAL_OOB_DATA:
2529 hci_cc_read_local_oob_data_reply(hdev, skb);
2530 break;
2531
6ed58ec5
VT		 2532 case HCI_OP_LE_READ_BUFFER_SIZE:
2533 hci_cc_le_read_buffer_size(hdev, skb);
2534 break;
2535
8fa19098
JH		 2536 case HCI_OP_LE_READ_ADV_TX_POWER:
2537 hci_cc_le_read_adv_tx_power(hdev, skb);
2538 break;
2539
e36b04c8
JH		 2540 case HCI_OP_LE_SET_EVENT_MASK:
2541 hci_cc_le_set_event_mask(hdev, skb);
2542 break;
2543
a5c29683
JH		 2544 case HCI_OP_USER_CONFIRM_REPLY:
2545 hci_cc_user_confirm_reply(hdev, skb);
2546 break;
2547
2548 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2549 hci_cc_user_confirm_neg_reply(hdev, skb);
2550 break;
2551
1143d458
BG		 2552 case HCI_OP_USER_PASSKEY_REPLY:
2553 hci_cc_user_passkey_reply(hdev, skb);
2554 break;
2555
2556 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2557 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2558 break;
07f7fa5d
AG		 2559
2560 case HCI_OP_LE_SET_SCAN_PARAM:
2561 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2562 break;
2563
eb9d91f5
AG		 2564 case HCI_OP_LE_SET_SCAN_ENABLE:
2565 hci_cc_le_set_scan_enable(hdev, skb);
2566 break;
2567
a7a595f6
VCG		 2568 case HCI_OP_LE_LTK_REPLY:
2569 hci_cc_le_ltk_reply(hdev, skb);
2570 break;
2571
2572 case HCI_OP_LE_LTK_NEG_REPLY:
2573 hci_cc_le_ltk_neg_reply(hdev, skb);
2574 break;
2575
f9b49306
AG		 2576 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2577 hci_cc_write_le_host_supported(hdev, skb);
2578 break;
2579
93c284ee
AE		 2580 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2581 hci_cc_write_remote_amp_assoc(hdev, skb);
2582 break;
2583
a9de9248 2584 default:
9f1db00c 2585 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2586 break;
2587 }
2588
6bd32326
VT		 2589 if (ev->opcode != HCI_OP_NOP)
2590 del_timer(&hdev->cmd_timer);
2591
a9de9248
MH		 2592 if (ev->ncmd) {
2593 atomic_set(&hdev->cmd_cnt, 1);
2594 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2595 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2596 }
2597}
2598
6039aa73 2599static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2600{
2601 struct hci_ev_cmd_status *ev = (void *) skb->data;
2602 __u16 opcode;
2603
2604 skb_pull(skb, sizeof(*ev));
2605
2606 opcode = __le16_to_cpu(ev->opcode);
2607
2608 switch (opcode) {
2609 case HCI_OP_INQUIRY:
2610 hci_cs_inquiry(hdev, ev->status);
2611 break;
2612
2613 case HCI_OP_CREATE_CONN:
2614 hci_cs_create_conn(hdev, ev->status);
2615 break;
2616
2617 case HCI_OP_ADD_SCO:
2618 hci_cs_add_sco(hdev, ev->status);
2619 break;
2620
f8558555
MH		 2621 case HCI_OP_AUTH_REQUESTED:
2622 hci_cs_auth_requested(hdev, ev->status);
2623 break;
2624
2625 case HCI_OP_SET_CONN_ENCRYPT:
2626 hci_cs_set_conn_encrypt(hdev, ev->status);
2627 break;
2628
a9de9248
MH		 2629 case HCI_OP_REMOTE_NAME_REQ:
2630 hci_cs_remote_name_req(hdev, ev->status);
2631 break;
2632
769be974
MH		 2633 case HCI_OP_READ_REMOTE_FEATURES:
2634 hci_cs_read_remote_features(hdev, ev->status);
2635 break;
2636
2637 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2638 hci_cs_read_remote_ext_features(hdev, ev->status);
2639 break;
2640
a9de9248
MH		 2641 case HCI_OP_SETUP_SYNC_CONN:
2642 hci_cs_setup_sync_conn(hdev, ev->status);
2643 break;
2644
2645 case HCI_OP_SNIFF_MODE:
2646 hci_cs_sniff_mode(hdev, ev->status);
2647 break;
2648
2649 case HCI_OP_EXIT_SNIFF_MODE:
2650 hci_cs_exit_sniff_mode(hdev, ev->status);
2651 break;
2652
8962ee74 2653 case HCI_OP_DISCONNECT:
88c3df13 2654 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2655 break;
2656
fcd89c09
VT		 2657 case HCI_OP_LE_CREATE_CONN:
2658 hci_cs_le_create_conn(hdev, ev->status);
2659 break;
2660
a7a595f6
VCG		 2661 case HCI_OP_LE_START_ENC:
2662 hci_cs_le_start_enc(hdev, ev->status);
2663 break;
2664
a02226d6
AE		 2665 case HCI_OP_CREATE_PHY_LINK:
2666 hci_cs_create_phylink(hdev, ev->status);
2667 break;
2668
0b26ab9d
AE		 2669 case HCI_OP_ACCEPT_PHY_LINK:
2670 hci_cs_accept_phylink(hdev, ev->status);
2671 break;
2672
a9de9248 2673 default:
9f1db00c 2674 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2675 break;
2676 }
2677
6bd32326
VT		 2678 if (ev->opcode != HCI_OP_NOP)
2679 del_timer(&hdev->cmd_timer);
2680
10572132 2681 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2682 atomic_set(&hdev->cmd_cnt, 1);
2683 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2684 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2685 }
2686}
2687
6039aa73 2688static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2689{
2690 struct hci_ev_role_change *ev = (void *) skb->data;
2691 struct hci_conn *conn;
2692
9f1db00c 2693 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2694
2695 hci_dev_lock(hdev);
2696
2697 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2698 if (conn) {
2699 if (!ev->status) {
2700 if (ev->role)
2701 conn->link_mode &= ~HCI_LM_MASTER;
2702 else
2703 conn->link_mode |= HCI_LM_MASTER;
2704 }
2705
51a8efd7 2706 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2707
2708 hci_role_switch_cfm(conn, ev->status, ev->role);
2709 }
2710
2711 hci_dev_unlock(hdev);
2712}
2713
6039aa73 2714static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2715{
2716 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2717 int i;
2718
32ac5b9b
AE		 2719 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2720 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2721 return;
2722 }
2723
c5993de8 2724 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2725 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2726 BT_DBG("%s bad parameters", hdev->name);
2727 return;
2728 }
2729
c5993de8
AE		 2730 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2731
613a1c0c
AE		 2732 for (i = 0; i < ev->num_hndl; i++) {
2733 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2734 struct hci_conn *conn;
2735 __u16 handle, count;
2736
613a1c0c
AE		 2737 handle = __le16_to_cpu(info->handle);
2738 count = __le16_to_cpu(info->count);
a9de9248
MH		 2739
2740 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2741 if (!conn)
2742 continue;
2743
2744 conn->sent -= count;
2745
2746 switch (conn->type) {
2747 case ACL_LINK:
2748 hdev->acl_cnt += count;
2749 if (hdev->acl_cnt > hdev->acl_pkts)
2750 hdev->acl_cnt = hdev->acl_pkts;
2751 break;
2752
2753 case LE_LINK:
2754 if (hdev->le_pkts) {
2755 hdev->le_cnt += count;
2756 if (hdev->le_cnt > hdev->le_pkts)
2757 hdev->le_cnt = hdev->le_pkts;
2758 } else {
70f23020
AE		 2759 hdev->acl_cnt += count;
2760 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2761 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2762 }
f4280918
AE		 2763 break;
2764
2765 case SCO_LINK:
2766 hdev->sco_cnt += count;
2767 if (hdev->sco_cnt > hdev->sco_pkts)
2768 hdev->sco_cnt = hdev->sco_pkts;
2769 break;
2770
2771 default:
2772 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2773 break;
a9de9248
MH		 2774 }
2775 }
2776
3eff45ea 2777 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2778}
2779
76ef7cf7
AE		 2780static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2781 __u16 handle)
2782{
2783 struct hci_chan *chan;
2784
2785 switch (hdev->dev_type) {
2786 case HCI_BREDR:
2787 return hci_conn_hash_lookup_handle(hdev, handle);
2788 case HCI_AMP:
2789 chan = hci_chan_lookup_handle(hdev, handle);
2790 if (chan)
2791 return chan->conn;
2792 break;
2793 default:
2794 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2795 break;
2796 }
2797
2798 return NULL;
2799}
2800
6039aa73 2801static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2802{
2803 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2804 int i;
2805
2806 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2807 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2808 return;
2809 }
2810
2811 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2812 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2813 BT_DBG("%s bad parameters", hdev->name);
2814 return;
2815 }
2816
2817 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2818 ev->num_hndl);
25e89e99
AE		 2819
2820 for (i = 0; i < ev->num_hndl; i++) {
2821 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2822 struct hci_conn *conn = NULL;
25e89e99
AE		 2823 __u16 handle, block_count;
2824
2825 handle = __le16_to_cpu(info->handle);
2826 block_count = __le16_to_cpu(info->blocks);
2827
76ef7cf7 2828 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2829 if (!conn)
2830 continue;
2831
2832 conn->sent -= block_count;
2833
2834 switch (conn->type) {
2835 case ACL_LINK:
bd1eb66b 2836 case AMP_LINK:
25e89e99
AE		 2837 hdev->block_cnt += block_count;
2838 if (hdev->block_cnt > hdev->num_blocks)
2839 hdev->block_cnt = hdev->num_blocks;
2840 break;
2841
2842 default:
2843 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2844 break;
2845 }
2846 }
2847
2848 queue_work(hdev->workqueue, &hdev->tx_work);
2849}
2850
6039aa73 2851static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2852{
a9de9248 2853 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2854 struct hci_conn *conn;
2855
9f1db00c 2856 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2857
2858 hci_dev_lock(hdev);
2859
2860 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2861 if (conn) {
2862 conn->mode = ev->mode;
2863 conn->interval = __le16_to_cpu(ev->interval);
2864
8fc9ced3
GP		 2865 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2866 &conn->flags)) {
a9de9248 2867 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2868 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2869 else
58a681ef 2870 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2871 }
e73439d8 2872
51a8efd7 2873 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2874 hci_sco_setup(conn, ev->status);
04837f64
MH		 2875 }
2876
2877 hci_dev_unlock(hdev);
2878}
2879
6039aa73 2880static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2881{
052b30b0
MH		 2882 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2883 struct hci_conn *conn;
2884
a9de9248 2885 BT_DBG("%s", hdev->name);
052b30b0
MH		 2886
2887 hci_dev_lock(hdev);
2888
2889 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2890 if (!conn)
2891 goto unlock;
2892
2893 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2894 hci_conn_hold(conn);
2895 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2896 hci_conn_put(conn);
2897 }
2898
a8b2d5c2 2899 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2900 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2901 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2902 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2903 u8 secure;
2904
2905 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2906 secure = 1;
2907 else
2908 secure = 0;
2909
744cf19e 2910 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2911 }
980e1a53 2912
b6f98044 2913unlock:
052b30b0 2914 hci_dev_unlock(hdev);
a9de9248
MH		 2915}
2916
6039aa73 2917static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2918{
55ed8ca1
JH		 2919 struct hci_ev_link_key_req *ev = (void *) skb->data;
2920 struct hci_cp_link_key_reply cp;
2921 struct hci_conn *conn;
2922 struct link_key *key;
2923
a9de9248 2924 BT_DBG("%s", hdev->name);
55ed8ca1 2925
a8b2d5c2 2926 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2927 return;
2928
2929 hci_dev_lock(hdev);
2930
2931 key = hci_find_link_key(hdev, &ev->bdaddr);
2932 if (!key) {
6ed93dc6
AE		 2933 BT_DBG("%s link key not found for %pMR", hdev->name,
2934 &ev->bdaddr);
55ed8ca1
JH		 2935 goto not_found;
2936 }
2937
6ed93dc6
AE		 2938 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2939 &ev->bdaddr);
55ed8ca1 2940
a8b2d5c2 2941 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2942 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2943 BT_DBG("%s ignoring debug key", hdev->name);
2944 goto not_found;
2945 }
2946
2947 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2948 if (conn) {
2949 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2950 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2951 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2952 goto not_found;
2953 }
55ed8ca1 2954
60b83f57 2955 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2956 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2957 BT_DBG("%s ignoring key unauthenticated for high security",
2958 hdev->name);
60b83f57
WR		 2959 goto not_found;
2960 }
2961
2962 conn->key_type = key->type;
2963 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2964 }
2965
2966 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2967 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2968
2969 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2970
2971 hci_dev_unlock(hdev);
2972
2973 return;
2974
2975not_found:
2976 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2977 hci_dev_unlock(hdev);
a9de9248
MH		 2978}
2979
6039aa73 2980static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2981{
052b30b0
MH		 2982 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2983 struct hci_conn *conn;
55ed8ca1 2984 u8 pin_len = 0;
052b30b0 2985
a9de9248 2986 BT_DBG("%s", hdev->name);
052b30b0
MH		 2987
2988 hci_dev_lock(hdev);
2989
2990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2991 if (conn) {
2992 hci_conn_hold(conn);
2993 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2994 pin_len = conn->pin_length;
13d39315
WR		 2995
2996 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2997 conn->key_type = ev->key_type;
2998
052b30b0
MH		 2999 hci_conn_put(conn);
3000 }
3001
a8b2d5c2 3002 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 3003 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3004 ev->key_type, pin_len);
55ed8ca1 3005
052b30b0 3006 hci_dev_unlock(hdev);
a9de9248
MH		 3007}
3008
6039aa73 3009static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3010{
a9de9248 3011 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3012 struct hci_conn *conn;
1da177e4 3013
9f1db00c 3014 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3015
3016 hci_dev_lock(hdev);
3017
04837f64 3018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3019 if (conn && !ev->status) {
3020 struct inquiry_entry *ie;
3021
cc11b9c1
AE		 3022 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3023 if (ie) {
1da177e4
LT		 3024 ie->data.clock_offset = ev->clock_offset;
3025 ie->timestamp = jiffies;
3026 }
3027 }
3028
3029 hci_dev_unlock(hdev);
3030}
3031
6039aa73 3032static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3033{
3034 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3035 struct hci_conn *conn;
3036
9f1db00c 3037 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3038
3039 hci_dev_lock(hdev);
3040
3041 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3042 if (conn && !ev->status)
3043 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3044
3045 hci_dev_unlock(hdev);
3046}
3047
6039aa73 3048static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3049{
a9de9248 3050 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3051 struct inquiry_entry *ie;
3052
3053 BT_DBG("%s", hdev->name);
3054
3055 hci_dev_lock(hdev);
3056
cc11b9c1
AE		 3057 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3058 if (ie) {
85a1e930
MH		 3059 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3060 ie->timestamp = jiffies;
3061 }
3062
3063 hci_dev_unlock(hdev);
3064}
3065
6039aa73
GP		 3066static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3067 struct sk_buff *skb)
a9de9248
MH		 3068{
3069 struct inquiry_data data;
3070 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3071 bool name_known, ssp;
a9de9248
MH		 3072
3073 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3074
3075 if (!num_rsp)
3076 return;
3077
1519cc17
AG		 3078 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3079 return;
3080
a9de9248
MH		 3081 hci_dev_lock(hdev);
3082
3083 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3084 struct inquiry_info_with_rssi_and_pscan_mode *info;
3085 info = (void *) (skb->data + 1);
a9de9248 3086
e17acd40 3087 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3088 bacpy(&data.bdaddr, &info->bdaddr);
3089 data.pscan_rep_mode = info->pscan_rep_mode;
3090 data.pscan_period_mode = info->pscan_period_mode;
3091 data.pscan_mode = info->pscan_mode;
3092 memcpy(data.dev_class, info->dev_class, 3);
3093 data.clock_offset = info->clock_offset;
3094 data.rssi = info->rssi;
41a96212 3095 data.ssp_mode = 0x00;
3175405b
JH		 3096
3097 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3098 false, &ssp);
48264f06 3099 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3100 info->dev_class, info->rssi,
3101 !name_known, ssp, NULL, 0);
a9de9248
MH		 3102 }
3103 } else {
3104 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3105
e17acd40 3106 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3107 bacpy(&data.bdaddr, &info->bdaddr);
3108 data.pscan_rep_mode = info->pscan_rep_mode;
3109 data.pscan_period_mode = info->pscan_period_mode;
3110 data.pscan_mode = 0x00;
3111 memcpy(data.dev_class, info->dev_class, 3);
3112 data.clock_offset = info->clock_offset;
3113 data.rssi = info->rssi;
41a96212 3114 data.ssp_mode = 0x00;
3175405b 3115 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3116 false, &ssp);
48264f06 3117 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3118 info->dev_class, info->rssi,
3119 !name_known, ssp, NULL, 0);
a9de9248
MH		 3120 }
3121 }
3122
3123 hci_dev_unlock(hdev);
3124}
3125
6039aa73
GP		 3126static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3127 struct sk_buff *skb)
a9de9248 3128{
41a96212
MH		 3129 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3130 struct hci_conn *conn;
3131
a9de9248 3132 BT_DBG("%s", hdev->name);
41a96212 3133
41a96212
MH		 3134 hci_dev_lock(hdev);
3135
3136 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3137 if (!conn)
3138 goto unlock;
41a96212 3139
ccd556fe
JH		 3140 if (!ev->status && ev->page == 0x01) {
3141 struct inquiry_entry *ie;
41a96212 3142
cc11b9c1
AE		 3143 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3144 if (ie)
02b7cc62 3145 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3146
02b7cc62 3147 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 3148 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 3149 }
3150
3151 if (conn->state != BT_CONFIG)
3152 goto unlock;
3153
671267bf 3154 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3155 struct hci_cp_remote_name_req cp;
3156 memset(&cp, 0, sizeof(cp));
3157 bacpy(&cp.bdaddr, &conn->dst);
3158 cp.pscan_rep_mode = 0x02;
3159 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3160 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3161 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3162 conn->dst_type, 0, NULL, 0,
3163 conn->dev_class);
392599b9 3164
127178d2 3165 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3166 conn->state = BT_CONNECTED;
3167 hci_proto_connect_cfm(conn, ev->status);
3168 hci_conn_put(conn);
41a96212
MH		 3169 }
3170
ccd556fe 3171unlock:
41a96212 3172 hci_dev_unlock(hdev);
a9de9248
MH		 3173}
3174
6039aa73
GP		 3175static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3176 struct sk_buff *skb)
a9de9248 3177{
b6a0dc82
MH		 3178 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3179 struct hci_conn *conn;
3180
9f1db00c 3181 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3182
3183 hci_dev_lock(hdev);
3184
3185 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3186 if (!conn) {
3187 if (ev->link_type == ESCO_LINK)
3188 goto unlock;
3189
3190 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3191 if (!conn)
3192 goto unlock;
3193
3194 conn->type = SCO_LINK;
3195 }
b6a0dc82 3196
732547f9
MH		 3197 switch (ev->status) {
3198 case 0x00:
b6a0dc82
MH		 3199 conn->handle = __le16_to_cpu(ev->handle);
3200 conn->state = BT_CONNECTED;
7d0db0a3 3201
9eba32b8 3202 hci_conn_hold_device(conn);
7d0db0a3 3203 hci_conn_add_sysfs(conn);
732547f9
MH		 3204 break;
3205
705e5711 3206 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3207 case 0x1c: /* SCO interval rejected */
1038a00b 3208 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 3209 case 0x1f: /* Unspecified error */
3210 if (conn->out && conn->attempt < 2) {
3211 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3212 (hdev->esco_type & EDR_ESCO_MASK);
3213 hci_setup_sync(conn, conn->link->handle);
3214 goto unlock;
3215 }
3216 /* fall through */
3217
3218 default:
b6a0dc82 3219 conn->state = BT_CLOSED;
732547f9
MH		 3220 break;
3221 }
b6a0dc82
MH		 3222
3223 hci_proto_connect_cfm(conn, ev->status);
3224 if (ev->status)
3225 hci_conn_del(conn);
3226
3227unlock:
3228 hci_dev_unlock(hdev);
a9de9248
MH		 3229}
3230
6039aa73 3231static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3232{
3233 BT_DBG("%s", hdev->name);
3234}
3235
6039aa73 3236static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3237{
a9de9248 3238 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3239
9f1db00c 3240 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3241}
3242
6039aa73
GP		 3243static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3244 struct sk_buff *skb)
1da177e4 3245{
a9de9248
MH		 3246 struct inquiry_data data;
3247 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3248 int num_rsp = *((__u8 *) skb->data);
9d939d94 3249 size_t eir_len;
1da177e4 3250
a9de9248 3251 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3252
a9de9248
MH		 3253 if (!num_rsp)
3254 return;
1da177e4 3255
1519cc17
AG		 3256 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3257 return;
3258
a9de9248
MH		 3259 hci_dev_lock(hdev);
3260
e17acd40 3261 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3262 bool name_known, ssp;
561aafbc 3263
a9de9248 3264 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3265 data.pscan_rep_mode = info->pscan_rep_mode;
3266 data.pscan_period_mode = info->pscan_period_mode;
3267 data.pscan_mode = 0x00;
a9de9248 3268 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3269 data.clock_offset = info->clock_offset;
3270 data.rssi = info->rssi;
41a96212 3271 data.ssp_mode = 0x01;
561aafbc 3272
a8b2d5c2 3273 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3274 name_known = eir_has_data_type(info->data,
04124681
GP		 3275 sizeof(info->data),
3276 EIR_NAME_COMPLETE);
561aafbc
JH		 3277 else
3278 name_known = true;
3279
388fc8fa 3280 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3281 &ssp);
9d939d94 3282 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3283 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3284 info->dev_class, info->rssi, !name_known,
9d939d94 3285 ssp, info->data, eir_len);
a9de9248
MH		 3286 }
3287
3288 hci_dev_unlock(hdev);
3289}
1da177e4 3290
1c2e0041
JH		 3291static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3292 struct sk_buff *skb)
3293{
3294 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3295 struct hci_conn *conn;
3296
9f1db00c 3297 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3298 __le16_to_cpu(ev->handle));
3299
3300 hci_dev_lock(hdev);
3301
3302 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3303 if (!conn)
3304 goto unlock;
3305
3306 if (!ev->status)
3307 conn->sec_level = conn->pending_sec_level;
3308
3309 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3310
3311 if (ev->status && conn->state == BT_CONNECTED) {
3312 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3313 hci_conn_put(conn);
3314 goto unlock;
3315 }
3316
3317 if (conn->state == BT_CONFIG) {
3318 if (!ev->status)
3319 conn->state = BT_CONNECTED;
3320
3321 hci_proto_connect_cfm(conn, ev->status);
3322 hci_conn_put(conn);
3323 } else {
3324 hci_auth_cfm(conn, ev->status);
3325
3326 hci_conn_hold(conn);
3327 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3328 hci_conn_put(conn);
3329 }
3330
3331unlock:
3332 hci_dev_unlock(hdev);
3333}
3334
6039aa73 3335static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3336{
3337 /* If remote requests dedicated bonding follow that lead */
3338 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3339 /* If both remote and local IO capabilities allow MITM
3340 * protection then require it, otherwise don't */
3341 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3342 return 0x02;
3343 else
3344 return 0x03;
3345 }
3346
3347 /* If remote requests no-bonding follow that lead */
3348 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3349 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3350
3351 return conn->auth_type;
3352}
3353
6039aa73 3354static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3355{
3356 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3357 struct hci_conn *conn;
3358
3359 BT_DBG("%s", hdev->name);
3360
3361 hci_dev_lock(hdev);
3362
3363 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3364 if (!conn)
3365 goto unlock;
3366
3367 hci_conn_hold(conn);
3368
a8b2d5c2 3369 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3370 goto unlock;
3371
a8b2d5c2 3372 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3373 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3374 struct hci_cp_io_capability_reply cp;
3375
3376 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3377 /* Change the IO capability from KeyboardDisplay
3378 * to DisplayYesNo as it is not supported by BT spec. */
3379 cp.capability = (conn->io_capability == 0x04) ?
3380 0x01 : conn->io_capability;
7cbc9bd9
JH		 3381 conn->auth_type = hci_get_auth_req(conn);
3382 cp.authentication = conn->auth_type;
17fa4b9d 3383
8fc9ced3
GP		 3384 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3385 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3386 cp.oob_data = 0x01;
3387 else
3388 cp.oob_data = 0x00;
3389
17fa4b9d 3390 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3391 sizeof(cp), &cp);
03b555e1
JH		 3392 } else {
3393 struct hci_cp_io_capability_neg_reply cp;
3394
3395 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3396 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3397
03b555e1 3398 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3399 sizeof(cp), &cp);
03b555e1
JH		 3400 }
3401
3402unlock:
3403 hci_dev_unlock(hdev);
3404}
3405
6039aa73 3406static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3407{
3408 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3409 struct hci_conn *conn;
3410
3411 BT_DBG("%s", hdev->name);
3412
3413 hci_dev_lock(hdev);
3414
3415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3416 if (!conn)
3417 goto unlock;
3418
03b555e1 3419 conn->remote_cap = ev->capability;
03b555e1 3420 conn->remote_auth = ev->authentication;
58a681ef
JH		 3421 if (ev->oob_data)
3422 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3423
3424unlock:
0493684e
MH		 3425 hci_dev_unlock(hdev);
3426}
3427
6039aa73
GP		 3428static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3429 struct sk_buff *skb)
a5c29683
JH		 3430{
3431 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3432 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3433 struct hci_conn *conn;
a5c29683
JH		 3434
3435 BT_DBG("%s", hdev->name);
3436
3437 hci_dev_lock(hdev);
3438
a8b2d5c2 3439 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3440 goto unlock;
a5c29683 3441
7a828908
JH		 3442 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3443 if (!conn)
3444 goto unlock;
3445
3446 loc_mitm = (conn->auth_type & 0x01);
3447 rem_mitm = (conn->remote_auth & 0x01);
3448
3449 /* If we require MITM but the remote device can't provide that
3450 * (it has NoInputNoOutput) then reject the confirmation
3451 * request. The only exception is when we're dedicated bonding
3452 * initiators (connect_cfm_cb set) since then we always have the MITM
3453 * bit set. */
3454 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3455 BT_DBG("Rejecting request: remote device can't provide MITM");
3456 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3457 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3458 goto unlock;
3459 }
3460
3461 /* If no side requires MITM protection; auto-accept */
3462 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3463 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3464
3465 /* If we're not the initiators request authorization to
3466 * proceed from user space (mgmt_user_confirm with
3467 * confirm_hint set to 1). */
51a8efd7 3468 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3469 BT_DBG("Confirming auto-accept as acceptor");
3470 confirm_hint = 1;
3471 goto confirm;
3472 }
3473
9f61656a 3474 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3475 hdev->auto_accept_delay);
9f61656a
JH		 3476
3477 if (hdev->auto_accept_delay > 0) {
3478 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3479 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3480 goto unlock;
3481 }
3482
7a828908 3483 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3484 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3485 goto unlock;
3486 }
3487
55bc1a37 3488confirm:
272d90df 3489 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3490 confirm_hint);
7a828908
JH		 3491
3492unlock:
a5c29683
JH		 3493 hci_dev_unlock(hdev);
3494}
3495
6039aa73
GP		 3496static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3497 struct sk_buff *skb)
1143d458
BG		 3498{
3499 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3500
3501 BT_DBG("%s", hdev->name);
3502
a8b2d5c2 3503 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3504 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3505}
3506
92a25256
JH		 3507static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3508 struct sk_buff *skb)
3509{
3510 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3511 struct hci_conn *conn;
3512
3513 BT_DBG("%s", hdev->name);
3514
3515 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3516 if (!conn)
3517 return;
3518
3519 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3520 conn->passkey_entered = 0;
3521
3522 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3523 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3524 conn->dst_type, conn->passkey_notify,
3525 conn->passkey_entered);
3526}
3527
3528static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3529{
3530 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3531 struct hci_conn *conn;
3532
3533 BT_DBG("%s", hdev->name);
3534
3535 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3536 if (!conn)
3537 return;
3538
3539 switch (ev->type) {
3540 case HCI_KEYPRESS_STARTED:
3541 conn->passkey_entered = 0;
3542 return;
3543
3544 case HCI_KEYPRESS_ENTERED:
3545 conn->passkey_entered++;
3546 break;
3547
3548 case HCI_KEYPRESS_ERASED:
3549 conn->passkey_entered--;
3550 break;
3551
3552 case HCI_KEYPRESS_CLEARED:
3553 conn->passkey_entered = 0;
3554 break;
3555
3556 case HCI_KEYPRESS_COMPLETED:
3557 return;
3558 }
3559
3560 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3561 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3562 conn->dst_type, conn->passkey_notify,
3563 conn->passkey_entered);
3564}
3565
6039aa73
GP		 3566static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3567 struct sk_buff *skb)
0493684e
MH		 3568{
3569 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3570 struct hci_conn *conn;
3571
3572 BT_DBG("%s", hdev->name);
3573
3574 hci_dev_lock(hdev);
3575
3576 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3577 if (!conn)
3578 goto unlock;
3579
3580 /* To avoid duplicate auth_failed events to user space we check
3581 * the HCI_CONN_AUTH_PEND flag which will be set if we
3582 * initiated the authentication. A traditional auth_complete
3583 * event gets always produced as initiator and is also mapped to
3584 * the mgmt_auth_failed event */
fa1bd918 3585 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3586 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3587 ev->status);
0493684e 3588
2a611692
JH		 3589 hci_conn_put(conn);
3590
3591unlock:
0493684e
MH		 3592 hci_dev_unlock(hdev);
3593}
3594
6039aa73
GP		 3595static void hci_remote_host_features_evt(struct hci_dev *hdev,
3596 struct sk_buff *skb)
41a96212
MH		 3597{
3598 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3599 struct inquiry_entry *ie;
3600
3601 BT_DBG("%s", hdev->name);
3602
3603 hci_dev_lock(hdev);
3604
cc11b9c1
AE		 3605 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3606 if (ie)
02b7cc62 3607 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3608
3609 hci_dev_unlock(hdev);
3610}
3611
6039aa73
GP		 3612static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3613 struct sk_buff *skb)
2763eda6
SJ		 3614{
3615 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3616 struct oob_data *data;
3617
3618 BT_DBG("%s", hdev->name);
3619
3620 hci_dev_lock(hdev);
3621
a8b2d5c2 3622 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3623 goto unlock;
3624
2763eda6
SJ		 3625 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3626 if (data) {
3627 struct hci_cp_remote_oob_data_reply cp;
3628
3629 bacpy(&cp.bdaddr, &ev->bdaddr);
3630 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3631 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3632
3633 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3634 &cp);
2763eda6
SJ		 3635 } else {
3636 struct hci_cp_remote_oob_data_neg_reply cp;
3637
3638 bacpy(&cp.bdaddr, &ev->bdaddr);
3639 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3640 &cp);
2763eda6
SJ		 3641 }
3642
e1ba1f15 3643unlock:
2763eda6
SJ		 3644 hci_dev_unlock(hdev);
3645}
3646
d5e91192
AE		 3647static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3648 struct sk_buff *skb)
3649{
3650 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3651 struct hci_conn *hcon, *bredr_hcon;
3652
3653 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3654 ev->status);
3655
3656 hci_dev_lock(hdev);
3657
3658 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3659 if (!hcon) {
3660 hci_dev_unlock(hdev);
3661 return;
3662 }
3663
3664 if (ev->status) {
3665 hci_conn_del(hcon);
3666 hci_dev_unlock(hdev);
3667 return;
3668 }
3669
3670 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3671
3672 hcon->state = BT_CONNECTED;
3673 bacpy(&hcon->dst, &bredr_hcon->dst);
3674
3675 hci_conn_hold(hcon);
3676 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3677 hci_conn_put(hcon);
3678
3679 hci_conn_hold_device(hcon);
3680 hci_conn_add_sysfs(hcon);
3681
3682 hci_dev_unlock(hdev);
3683
3684 if (hcon->out) {
3685 struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev);
3686
3687 if (!bredr_hdev)
3688 return;
3689
3690 /* Placeholder - create chan req
3691 l2cap_chan_create_cfm(bredr_hcon, hcon->remote_id);
3692 */
3693
3694 hci_dev_put(bredr_hdev);
3695 }
3696}
3697
6039aa73 3698static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3699{
3700 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3701 struct hci_conn *conn;
3702
9f1db00c 3703 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3704
3705 hci_dev_lock(hdev);
3706
b47a09b3 3707 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3708 if (!conn) {
3709 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3710 if (!conn) {
3711 BT_ERR("No memory for new connection");
230fd16a 3712 goto unlock;
b62f328b 3713 }
29b7988a
AG		 3714
3715 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3716
3717 if (ev->role == LE_CONN_ROLE_MASTER) {
3718 conn->out = true;
3719 conn->link_mode |= HCI_LM_MASTER;
3720 }
b62f328b 3721 }
fcd89c09 3722
cd17decb
AG		 3723 if (ev->status) {
3724 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3725 conn->dst_type, ev->status);
3726 hci_proto_connect_cfm(conn, ev->status);
3727 conn->state = BT_CLOSED;
3728 hci_conn_del(conn);
3729 goto unlock;
3730 }
3731
b644ba33
JH		 3732 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3733 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3734 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3735
7b5c0d52 3736 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3737 conn->handle = __le16_to_cpu(ev->handle);
3738 conn->state = BT_CONNECTED;
3739
3740 hci_conn_hold_device(conn);
3741 hci_conn_add_sysfs(conn);
3742
3743 hci_proto_connect_cfm(conn, ev->status);
3744
3745unlock:
3746 hci_dev_unlock(hdev);
3747}
3748
6039aa73 3749static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3750{
e95beb41
AG		 3751 u8 num_reports = skb->data[0];
3752 void *ptr = &skb->data[1];
3c9e9195 3753 s8 rssi;
9aa04c91
AG		 3754
3755 hci_dev_lock(hdev);
3756
e95beb41
AG		 3757 while (num_reports--) {
3758 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3759
3c9e9195
AG		 3760 rssi = ev->data[ev->length];
3761 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3762 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3763
e95beb41 3764 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3765 }
3766
3767 hci_dev_unlock(hdev);
3768}
3769
6039aa73 3770static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3771{
3772 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3773 struct hci_cp_le_ltk_reply cp;
bea710fe 3774 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3775 struct hci_conn *conn;
c9839a11 3776 struct smp_ltk *ltk;
a7a595f6 3777
9f1db00c 3778 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3779
3780 hci_dev_lock(hdev);
3781
3782 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3783 if (conn == NULL)
3784 goto not_found;
a7a595f6 3785
bea710fe
VCG		 3786 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3787 if (ltk == NULL)
3788 goto not_found;
3789
3790 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3791 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3792
3793 if (ltk->authenticated)
3794 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3795
3796 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3797
c9839a11
VCG		 3798 if (ltk->type & HCI_SMP_STK) {
3799 list_del(&ltk->list);
3800 kfree(ltk);
3801 }
3802
a7a595f6 3803 hci_dev_unlock(hdev);
bea710fe
VCG		 3804
3805 return;
3806
3807not_found:
3808 neg.handle = ev->handle;
3809 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3810 hci_dev_unlock(hdev);
a7a595f6
VCG		 3811}
3812
6039aa73 3813static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3814{
3815 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3816
3817 skb_pull(skb, sizeof(*le_ev));
3818
3819 switch (le_ev->subevent) {
3820 case HCI_EV_LE_CONN_COMPLETE:
3821 hci_le_conn_complete_evt(hdev, skb);
3822 break;
3823
9aa04c91
AG		 3824 case HCI_EV_LE_ADVERTISING_REPORT:
3825 hci_le_adv_report_evt(hdev, skb);
3826 break;
3827
a7a595f6
VCG		 3828 case HCI_EV_LE_LTK_REQ:
3829 hci_le_ltk_request_evt(hdev, skb);
3830 break;
3831
fcd89c09
VT		 3832 default:
3833 break;
3834 }
3835}
3836
9495b2ee
AE		 3837static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3838{
3839 struct hci_ev_channel_selected *ev = (void *) skb->data;
3840 struct hci_conn *hcon;
3841
3842 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3843
3844 skb_pull(skb, sizeof(*ev));
3845
3846 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3847 if (!hcon)
3848 return;
3849
3850 amp_read_loc_assoc_final_data(hdev, hcon);
3851}
3852
a9de9248
MH		 3853void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3854{
3855 struct hci_event_hdr *hdr = (void *) skb->data;
3856 __u8 event = hdr->evt;
3857
3858 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3859
3860 switch (event) {
1da177e4
LT		 3861 case HCI_EV_INQUIRY_COMPLETE:
3862 hci_inquiry_complete_evt(hdev, skb);
3863 break;
3864
3865 case HCI_EV_INQUIRY_RESULT:
3866 hci_inquiry_result_evt(hdev, skb);
3867 break;
3868
a9de9248
MH		 3869 case HCI_EV_CONN_COMPLETE:
3870 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3871 break;
3872
1da177e4
LT		 3873 case HCI_EV_CONN_REQUEST:
3874 hci_conn_request_evt(hdev, skb);
3875 break;
3876
1da177e4
LT		 3877 case HCI_EV_DISCONN_COMPLETE:
3878 hci_disconn_complete_evt(hdev, skb);
3879 break;
3880
1da177e4
LT		 3881 case HCI_EV_AUTH_COMPLETE:
3882 hci_auth_complete_evt(hdev, skb);
3883 break;
3884
a9de9248
MH		 3885 case HCI_EV_REMOTE_NAME:
3886 hci_remote_name_evt(hdev, skb);
3887 break;
3888
1da177e4
LT		 3889 case HCI_EV_ENCRYPT_CHANGE:
3890 hci_encrypt_change_evt(hdev, skb);
3891 break;
3892
a9de9248
MH		 3893 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3894 hci_change_link_key_complete_evt(hdev, skb);
3895 break;
3896
3897 case HCI_EV_REMOTE_FEATURES:
3898 hci_remote_features_evt(hdev, skb);
3899 break;
3900
3901 case HCI_EV_REMOTE_VERSION:
3902 hci_remote_version_evt(hdev, skb);
3903 break;
3904
3905 case HCI_EV_QOS_SETUP_COMPLETE:
3906 hci_qos_setup_complete_evt(hdev, skb);
3907 break;
3908
3909 case HCI_EV_CMD_COMPLETE:
3910 hci_cmd_complete_evt(hdev, skb);
3911 break;
3912
3913 case HCI_EV_CMD_STATUS:
3914 hci_cmd_status_evt(hdev, skb);
3915 break;
3916
3917 case HCI_EV_ROLE_CHANGE:
3918 hci_role_change_evt(hdev, skb);
3919 break;
3920
3921 case HCI_EV_NUM_COMP_PKTS:
3922 hci_num_comp_pkts_evt(hdev, skb);
3923 break;
3924
3925 case HCI_EV_MODE_CHANGE:
3926 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3927 break;
3928
3929 case HCI_EV_PIN_CODE_REQ:
3930 hci_pin_code_request_evt(hdev, skb);
3931 break;
3932
3933 case HCI_EV_LINK_KEY_REQ:
3934 hci_link_key_request_evt(hdev, skb);
3935 break;
3936
3937 case HCI_EV_LINK_KEY_NOTIFY:
3938 hci_link_key_notify_evt(hdev, skb);
3939 break;
3940
3941 case HCI_EV_CLOCK_OFFSET:
3942 hci_clock_offset_evt(hdev, skb);
3943 break;
3944
a8746417
MH		 3945 case HCI_EV_PKT_TYPE_CHANGE:
3946 hci_pkt_type_change_evt(hdev, skb);
3947 break;
3948
85a1e930
MH		 3949 case HCI_EV_PSCAN_REP_MODE:
3950 hci_pscan_rep_mode_evt(hdev, skb);
3951 break;
3952
a9de9248
MH		 3953 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3954 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3955 break;
3956
a9de9248
MH		 3957 case HCI_EV_REMOTE_EXT_FEATURES:
3958 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3959 break;
3960
a9de9248
MH		 3961 case HCI_EV_SYNC_CONN_COMPLETE:
3962 hci_sync_conn_complete_evt(hdev, skb);
3963 break;
1da177e4 3964
a9de9248
MH		 3965 case HCI_EV_SYNC_CONN_CHANGED:
3966 hci_sync_conn_changed_evt(hdev, skb);
3967 break;
1da177e4 3968
a9de9248
MH		 3969 case HCI_EV_SNIFF_SUBRATE:
3970 hci_sniff_subrate_evt(hdev, skb);
3971 break;
1da177e4 3972
a9de9248
MH		 3973 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3974 hci_extended_inquiry_result_evt(hdev, skb);
3975 break;
1da177e4 3976
1c2e0041
JH		 3977 case HCI_EV_KEY_REFRESH_COMPLETE:
3978 hci_key_refresh_complete_evt(hdev, skb);
3979 break;
3980
0493684e
MH		 3981 case HCI_EV_IO_CAPA_REQUEST:
3982 hci_io_capa_request_evt(hdev, skb);
3983 break;
3984
03b555e1
JH		 3985 case HCI_EV_IO_CAPA_REPLY:
3986 hci_io_capa_reply_evt(hdev, skb);
3987 break;
3988
a5c29683
JH		 3989 case HCI_EV_USER_CONFIRM_REQUEST:
3990 hci_user_confirm_request_evt(hdev, skb);
3991 break;
3992
1143d458
BG		 3993 case HCI_EV_USER_PASSKEY_REQUEST:
3994 hci_user_passkey_request_evt(hdev, skb);
3995 break;
3996
92a25256
JH		 3997 case HCI_EV_USER_PASSKEY_NOTIFY:
3998 hci_user_passkey_notify_evt(hdev, skb);
3999 break;
4000
4001 case HCI_EV_KEYPRESS_NOTIFY:
4002 hci_keypress_notify_evt(hdev, skb);
4003 break;
4004
0493684e
MH		 4005 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4006 hci_simple_pair_complete_evt(hdev, skb);
4007 break;
4008
41a96212
MH		 4009 case HCI_EV_REMOTE_HOST_FEATURES:
4010 hci_remote_host_features_evt(hdev, skb);
4011 break;
4012
fcd89c09
VT		 4013 case HCI_EV_LE_META:
4014 hci_le_meta_evt(hdev, skb);
4015 break;
4016
9495b2ee
AE		 4017 case HCI_EV_CHANNEL_SELECTED:
4018 hci_chan_selected_evt(hdev, skb);
4019 break;
4020
2763eda6
SJ		 4021 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4022 hci_remote_oob_data_request_evt(hdev, skb);
4023 break;
4024
d5e91192
AE		 4025 case HCI_EV_PHY_LINK_COMPLETE:
4026 hci_phy_link_complete_evt(hdev, skb);
4027 break;
4028
25e89e99
AE		 4029 case HCI_EV_NUM_COMP_BLOCKS:
4030 hci_num_comp_blocks_evt(hdev, skb);
4031 break;
4032
a9de9248 4033 default:
9f1db00c 4034 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4035 break;
4036 }
4037
4038 kfree_skb(skb);
4039 hdev->stat.evt_rx++;
4040}
Linux kernel - Deliverables
This page took 0.932351 seconds and 5 git commands to generate.