projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Disable fast connectable when disabling connectable
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
8e2a0d92 32#include <net/bluetooth/a2mp.h>
903e4541 33#include <net/bluetooth/amp.h>
1da177e4 34
1da177e4
LT		 35/* Handle HCI Event packets */
36
a9de9248 37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 38{
a9de9248 39 __u8 status = *((__u8 *) skb->data);
1da177e4 40
9f1db00c 41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 42
e6d465cb
AG		 43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
a9de9248 47 return;
e6d465cb 48 }
1da177e4 49
89352e7d
AG		 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
56e5cb86 52 hci_dev_lock(hdev);
ff9ef578 53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 54 hci_dev_unlock(hdev);
6bd57416 55
9238f36a 56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248
MH		 57
58 hci_conn_check_pending(hdev);
59}
6bd57416 60
4d93483b
AG		 61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
9f1db00c 65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 71}
72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
9f1db00c 77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
ae854a70
AG		 82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
a9de9248
MH		 84 hci_conn_check_pending(hdev);
85}
86
807deac2
GP		 87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
a9de9248
MH		 89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
9f1db00c 98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
1da177e4 111 }
a9de9248
MH		 112
113 hci_dev_unlock(hdev);
1da177e4
LT		 114}
115
e4e8e37c
MH		 116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
9f1db00c 121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
a9de9248 135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 136{
a9de9248 137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 138 struct hci_conn *conn;
04837f64 139 void *sent;
1da177e4 140
9f1db00c 141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 142
a9de9248
MH		 143 if (rp->status)
144 return;
1da177e4 145
a9de9248
MH		 146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
1da177e4 149
a9de9248 150 hci_dev_lock(hdev);
1da177e4 151
a9de9248 152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 153 if (conn)
83985319 154 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 155
a9de9248
MH		 156 hci_dev_unlock(hdev);
157}
1da177e4 158
807deac2
GP		 159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
e4e8e37c
MH		 161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
9f1db00c 164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
807deac2
GP		 172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
e4e8e37c
MH		 174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
9f1db00c 178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 186}
187
a9de9248
MH		 188static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{
190 __u8 status = *((__u8 *) skb->data);
04837f64 191
9f1db00c 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 193
10572132
GP		 194 clear_bit(HCI_RESET, &hdev->flags);
195
a297e97c 196 /* Reset all non-persistent flags */
2cc6fb00 197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 198
199 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 202
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
9f1db00c 212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
a9de9248
MH		 226}
227
228static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231
9f1db00c 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 233
234 if (rp->status)
235 return;
236
db99b5fc
JH		 237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 239}
240
241static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
242{
243 __u8 status = *((__u8 *) skb->data);
244 void *sent;
245
9f1db00c 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent)
250 return;
251
252 if (!status) {
253 __u8 param = *((__u8 *) sent);
254
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
257 else
258 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 259 }
a9de9248 260
33ef95ed
JH		 261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 263}
264
a9de9248 265static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 266{
a9de9248 267 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 268 void *sent;
269
9f1db00c 270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 271
a9de9248
MH		 272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 if (!sent)
274 return;
1da177e4 275
a9de9248
MH		 276 if (!status) {
277 __u8 param = *((__u8 *) sent);
278
279 if (param)
280 set_bit(HCI_ENCRYPT, &hdev->flags);
281 else
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 }
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
9f1db00c 292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
fa1bd918 302 if (status) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 318 to);
16ab91ab 319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
a9de9248 332}
1da177e4 333
a9de9248
MH		 334static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335{
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 337
9f1db00c 338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 339
a9de9248
MH		 340 if (rp->status)
341 return;
1da177e4 342
a9de9248 343 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 344
a9de9248 345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 347}
1da177e4 348
a9de9248
MH		 349static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350{
351 __u8 status = *((__u8 *) skb->data);
352 void *sent;
1da177e4 353
9f1db00c 354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 355
a9de9248
MH		 356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
357 if (!sent)
358 return;
1da177e4 359
7f9a903c
MH		 360 hci_dev_lock(hdev);
361
362 if (status == 0)
363 memcpy(hdev->dev_class, sent, 3);
364
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
367
368 hci_dev_unlock(hdev);
a9de9248 369}
1da177e4 370
a9de9248
MH		 371static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372{
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 __u16 setting;
375
9f1db00c 376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 377
378 if (rp->status)
379 return;
380
381 setting = __le16_to_cpu(rp->voice_setting);
382
f383f275 383 if (hdev->voice_setting == setting)
a9de9248
MH		 384 return;
385
386 hdev->voice_setting = setting;
387
9f1db00c 388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 389
3c54711c 390 if (hdev->notify)
a9de9248 391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 392}
393
8fc9ced3
GP		 394static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 struct sk_buff *skb)
a9de9248
MH		 396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
9f1db00c 401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
9f1db00c 417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
333140b5
MH		 423static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424{
425 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 426 struct hci_cp_write_ssp_mode *sent;
333140b5 427
9f1db00c 428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 429
333140b5
MH		 430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
431 if (!sent)
432 return;
433
5ed8eb2f
JH		 434 if (!status) {
435 if (sent->mode)
436 hdev->host_features[0] |= LMP_HOST_SSP;
437 else
438 hdev->host_features[0] &= ~LMP_HOST_SSP;
439 }
440
ed2c4ee3 441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 442 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 443 else if (!status) {
5ed8eb2f 444 if (sent->mode)
c0ecddc2
JH		 445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
446 else
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 }
333140b5
MH		 449}
450
a9de9248
MH		 451static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
452{
453 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 454
9f1db00c 455 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 456
a9de9248 457 if (rp->status)
42c6b129 458 return;
1143e5a6 459
a9de9248 460 hdev->hci_ver = rp->hci_ver;
e4e8e37c 461 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 462 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 463 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 464 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 465
9f1db00c 466 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 467 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 468}
469
8fc9ced3
GP		 470static void hci_cc_read_local_commands(struct hci_dev *hdev,
471 struct sk_buff *skb)
a9de9248
MH		 472{
473 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 474
9f1db00c 475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 476
2177bab5
JH		 477 if (!rp->status)
478 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 479}
1da177e4 480
8fc9ced3
GP		 481static void hci_cc_read_local_features(struct hci_dev *hdev,
482 struct sk_buff *skb)
a9de9248
MH		 483{
484 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 485
9f1db00c 486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 487
a9de9248
MH		 488 if (rp->status)
489 return;
5b7f9909 490
a9de9248 491 memcpy(hdev->features, rp->features, 8);
5b7f9909 492
a9de9248
MH		 493 /* Adjust default settings according to features
494 * supported by device. */
1da177e4 495
a9de9248
MH		 496 if (hdev->features[0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 498
a9de9248
MH		 499 if (hdev->features[0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 501
a9de9248
MH		 502 if (hdev->features[1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2);
505 }
1da177e4 506
a9de9248
MH		 507 if (hdev->features[1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3);
510 }
1da177e4 511
45db810f 512 if (lmp_esco_capable(hdev))
a9de9248 513 hdev->esco_type |= (ESCO_EV3);
da1f5198 514
a9de9248
MH		 515 if (hdev->features[4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4);
da1f5198 517
a9de9248
MH		 518 if (hdev->features[4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5);
1da177e4 520
efc7688b
MH		 521 if (hdev->features[5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3);
523
524 if (hdev->features[5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3);
526
527 if (hdev->features[5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529
a9de9248 530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 531 hdev->features[0], hdev->features[1],
532 hdev->features[2], hdev->features[3],
533 hdev->features[4], hdev->features[5],
534 hdev->features[6], hdev->features[7]);
a9de9248 535}
1da177e4 536
971e3a4b 537static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 538 struct sk_buff *skb)
971e3a4b
AG		 539{
540 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
541
9f1db00c 542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 543
544 if (rp->status)
42c6b129 545 return;
971e3a4b 546
b5b32b65
AG		 547 switch (rp->page) {
548 case 0:
549 memcpy(hdev->features, rp->features, 8);
550 break;
551 case 1:
552 memcpy(hdev->host_features, rp->features, 8);
553 break;
554 }
971e3a4b
AG		 555}
556
1e89cffb 557static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 558 struct sk_buff *skb)
1e89cffb
AE		 559{
560 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
561
9f1db00c 562 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 563
42c6b129
JH		 564 if (!rp->status)
565 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 566}
567
a9de9248
MH		 568static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
569{
570 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 571
9f1db00c 572 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 573
a9de9248
MH		 574 if (rp->status)
575 return;
1da177e4 576
a9de9248
MH		 577 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
578 hdev->sco_mtu = rp->sco_mtu;
579 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
580 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
581
582 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
583 hdev->sco_mtu = 64;
584 hdev->sco_pkts = 8;
1da177e4 585 }
a9de9248
MH		 586
587 hdev->acl_cnt = hdev->acl_pkts;
588 hdev->sco_cnt = hdev->sco_pkts;
589
807deac2
GP		 590 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
591 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 592}
593
594static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
595{
596 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
597
9f1db00c 598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 599
600 if (!rp->status)
601 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 602}
603
350ee4cf 604static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 605 struct sk_buff *skb)
350ee4cf
AE		 606{
607 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
608
9f1db00c 609 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 610
611 if (rp->status)
612 return;
613
614 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
615 hdev->block_len = __le16_to_cpu(rp->block_len);
616 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
617
618 hdev->block_cnt = hdev->num_blocks;
619
620 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 621 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 622}
623
928abaa7 624static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 625 struct sk_buff *skb)
928abaa7
AE		 626{
627 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
628
9f1db00c 629 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 630
631 if (rp->status)
8e2a0d92 632 goto a2mp_rsp;
928abaa7
AE		 633
634 hdev->amp_status = rp->amp_status;
635 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
636 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
637 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
638 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
639 hdev->amp_type = rp->amp_type;
640 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
641 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
642 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
643 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
644
8e2a0d92
AE		 645a2mp_rsp:
646 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 647}
648
903e4541
AE		 649static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
650 struct sk_buff *skb)
651{
652 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
653 struct amp_assoc *assoc = &hdev->loc_assoc;
654 size_t rem_len, frag_len;
655
656 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
657
658 if (rp->status)
659 goto a2mp_rsp;
660
661 frag_len = skb->len - sizeof(*rp);
662 rem_len = __le16_to_cpu(rp->rem_len);
663
664 if (rem_len > frag_len) {
2e430be3 665 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 666
667 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
668 assoc->offset += frag_len;
669
670 /* Read other fragments */
671 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
672
673 return;
674 }
675
676 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
677 assoc->len = assoc->offset + rem_len;
678 assoc->offset = 0;
679
680a2mp_rsp:
681 /* Send A2MP Rsp when all fragments are received */
682 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 683 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 684}
685
d5859e22 686static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 687 struct sk_buff *skb)
d5859e22 688{
91c4e9b1 689 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 690
9f1db00c 691 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 692
693 if (!rp->status)
694 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 695}
696
980e1a53
JH		 697static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
698{
699 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
700 struct hci_cp_pin_code_reply *cp;
701 struct hci_conn *conn;
702
9f1db00c 703 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 704
56e5cb86
JH		 705 hci_dev_lock(hdev);
706
a8b2d5c2 707 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 708 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 709
fa1bd918 710 if (rp->status)
56e5cb86 711 goto unlock;
980e1a53
JH		 712
713 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
714 if (!cp)
56e5cb86 715 goto unlock;
980e1a53
JH		 716
717 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
718 if (conn)
719 conn->pin_length = cp->pin_len;
56e5cb86
JH		 720
721unlock:
722 hci_dev_unlock(hdev);
980e1a53
JH		 723}
724
725static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
726{
727 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
728
9f1db00c 729 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 730
56e5cb86
JH		 731 hci_dev_lock(hdev);
732
a8b2d5c2 733 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 734 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 735 rp->status);
56e5cb86
JH		 736
737 hci_dev_unlock(hdev);
980e1a53 738}
56e5cb86 739
6ed58ec5
VT		 740static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
741 struct sk_buff *skb)
742{
743 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
744
9f1db00c 745 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 746
747 if (rp->status)
748 return;
749
750 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
751 hdev->le_pkts = rp->le_max_pkt;
752
753 hdev->le_cnt = hdev->le_pkts;
754
755 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 756}
980e1a53 757
60e77321
JH		 758static void hci_cc_le_read_local_features(struct hci_dev *hdev,
759 struct sk_buff *skb)
760{
761 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
762
763 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
764
765 if (!rp->status)
766 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 767}
768
8fa19098
JH		 769static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
770 struct sk_buff *skb)
771{
772 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
773
774 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
775
04b4edcb 776 if (!rp->status)
8fa19098 777 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 778}
779
a5c29683
JH		 780static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
781{
782 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
783
9f1db00c 784 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 785
56e5cb86
JH		 786 hci_dev_lock(hdev);
787
a8b2d5c2 788 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 789 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
790 rp->status);
56e5cb86
JH		 791
792 hci_dev_unlock(hdev);
a5c29683
JH		 793}
794
795static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 796 struct sk_buff *skb)
a5c29683
JH		 797{
798 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
799
9f1db00c 800 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 801
56e5cb86
JH		 802 hci_dev_lock(hdev);
803
a8b2d5c2 804 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 805 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 806 ACL_LINK, 0, rp->status);
56e5cb86
JH		 807
808 hci_dev_unlock(hdev);
a5c29683
JH		 809}
810
1143d458
BG		 811static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
812{
813 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
814
9f1db00c 815 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 816
817 hci_dev_lock(hdev);
818
a8b2d5c2 819 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 820 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 821 0, rp->status);
1143d458
BG		 822
823 hci_dev_unlock(hdev);
824}
825
826static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 827 struct sk_buff *skb)
1143d458
BG		 828{
829 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
830
9f1db00c 831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 832
833 hci_dev_lock(hdev);
834
a8b2d5c2 835 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 836 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 837 ACL_LINK, 0, rp->status);
1143d458
BG		 838
839 hci_dev_unlock(hdev);
840}
841
c35938b2 842static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 843 struct sk_buff *skb)
c35938b2
SJ		 844{
845 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
846
9f1db00c 847 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 848
56e5cb86 849 hci_dev_lock(hdev);
744cf19e 850 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 851 rp->randomizer, rp->status);
56e5cb86 852 hci_dev_unlock(hdev);
c35938b2
SJ		 853}
854
c1d5dc4a
JH		 855static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
856{
857 __u8 *sent, status = *((__u8 *) skb->data);
858
859 BT_DBG("%s status 0x%2.2x", hdev->name, status);
860
861 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
862 if (!sent)
863 return;
864
865 hci_dev_lock(hdev);
866
867 if (!status) {
868 if (*sent)
869 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
870 else
871 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
872 }
873
04b4edcb
JH		 874 if (!test_bit(HCI_INIT, &hdev->flags)) {
875 struct hci_request req;
c1d5dc4a 876
04b4edcb
JH		 877 hci_req_init(&req, hdev);
878 hci_update_ad(&req);
879 hci_req_run(&req, NULL);
880 }
881
882 hci_dev_unlock(hdev);
c1d5dc4a
JH		 883}
884
07f7fa5d
AG		 885static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
886{
887 __u8 status = *((__u8 *) skb->data);
888
9f1db00c 889 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be 890
3fd24153
AG		 891 if (status) {
892 hci_dev_lock(hdev);
893 mgmt_start_discovery_failed(hdev, status);
894 hci_dev_unlock(hdev);
895 return;
896 }
07f7fa5d
AG		 897}
898
eb9d91f5 899static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 900 struct sk_buff *skb)
eb9d91f5
AG		 901{
902 struct hci_cp_le_set_scan_enable *cp;
903 __u8 status = *((__u8 *) skb->data);
904
9f1db00c 905 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 906
eb9d91f5
AG		 907 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
908 if (!cp)
909 return;
910
68a8aea4
AE		 911 switch (cp->enable) {
912 case LE_SCANNING_ENABLED:
3fd24153
AG		 913 if (status) {
914 hci_dev_lock(hdev);
915 mgmt_start_discovery_failed(hdev, status);
916 hci_dev_unlock(hdev);
7ba8b4be 917 return;
3fd24153 918 }
7ba8b4be 919
d23264a8
AG		 920 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
921
a8f13c8c 922 hci_dev_lock(hdev);
343f935b 923 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 924 hci_dev_unlock(hdev);
68a8aea4
AE		 925 break;
926
927 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 928 if (status) {
929 hci_dev_lock(hdev);
930 mgmt_stop_discovery_failed(hdev, status);
931 hci_dev_unlock(hdev);
7ba8b4be 932 return;
c9ecc48e 933 }
7ba8b4be 934
d23264a8
AG		 935 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
936
bc3dd33c
AG		 937 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
938 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 939 mgmt_interleaved_discovery(hdev);
940 } else {
941 hci_dev_lock(hdev);
942 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
943 hci_dev_unlock(hdev);
944 }
945
68a8aea4
AE		 946 break;
947
948 default:
949 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
950 break;
35815085 951 }
eb9d91f5
AG		 952}
953
cf1d081f
JH		 954static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
955 struct sk_buff *skb)
956{
957 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
958
959 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
960
961 if (!rp->status)
962 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 963}
964
9b008c04
JH		 965static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
966 struct sk_buff *skb)
967{
968 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
969
970 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971
972 if (!rp->status)
973 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 974}
975
6039aa73
GP		 976static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
977 struct sk_buff *skb)
f9b49306 978{
06199cf8 979 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 980 __u8 status = *((__u8 *) skb->data);
981
9f1db00c 982 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 983
06199cf8 984 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 985 if (!sent)
f9b49306
AG		 986 return;
987
8f984dfa
JH		 988 if (!status) {
989 if (sent->le)
990 hdev->host_features[0] |= LMP_HOST_LE;
991 else
992 hdev->host_features[0] &= ~LMP_HOST_LE;
53b2caab
JH		 993
994 if (sent->simul)
995 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
996 else
997 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
8f984dfa
JH		 998 }
999
1000 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1001 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa 1002 mgmt_le_enable_complete(hdev, sent->le, status);
f9b49306
AG		 1003}
1004
93c284ee
AE		 1005static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1006 struct sk_buff *skb)
1007{
1008 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1009
1010 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1011 hdev->name, rp->status, rp->phy_handle);
1012
1013 if (rp->status)
1014 return;
1015
1016 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1017}
1018
6039aa73 1019static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1020{
9f1db00c 1021 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1022
1023 if (status) {
a9de9248 1024 hci_conn_check_pending(hdev);
56e5cb86 1025 hci_dev_lock(hdev);
a8b2d5c2 1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1027 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1028 hci_dev_unlock(hdev);
314b2381
JH		 1029 return;
1030 }
1031
89352e7d
AG		 1032 set_bit(HCI_INQUIRY, &hdev->flags);
1033
56e5cb86 1034 hci_dev_lock(hdev);
343f935b 1035 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1036 hci_dev_unlock(hdev);
1da177e4
LT		 1037}
1038
6039aa73 1039static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1040{
a9de9248 1041 struct hci_cp_create_conn *cp;
1da177e4 1042 struct hci_conn *conn;
1da177e4 1043
9f1db00c 1044 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1045
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1047 if (!cp)
1048 return;
1049
1050 hci_dev_lock(hdev);
1051
1052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1053
6ed93dc6 1054 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1055
1056 if (status) {
1057 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1058 if (status != 0x0c || conn->attempt > 2) {
1059 conn->state = BT_CLOSED;
1060 hci_proto_connect_cfm(conn, status);
1061 hci_conn_del(conn);
1062 } else
1063 conn->state = BT_CONNECT2;
1da177e4
LT		 1064 }
1065 } else {
1066 if (!conn) {
1067 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1068 if (conn) {
a0c808b3 1069 conn->out = true;
1da177e4
LT		 1070 conn->link_mode |= HCI_LM_MASTER;
1071 } else
893ef971 1072 BT_ERR("No memory for new connection");
1da177e4
LT		 1073 }
1074 }
1075
1076 hci_dev_unlock(hdev);
1077}
1078
a9de9248 1079static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1080{
a9de9248
MH		 1081 struct hci_cp_add_sco *cp;
1082 struct hci_conn *acl, *sco;
1083 __u16 handle;
1da177e4 1084
9f1db00c 1085 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1086
a9de9248
MH		 1087 if (!status)
1088 return;
1da177e4 1089
a9de9248
MH		 1090 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1091 if (!cp)
1092 return;
1da177e4 1093
a9de9248 1094 handle = __le16_to_cpu(cp->handle);
1da177e4 1095
9f1db00c 1096 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1097
a9de9248 1098 hci_dev_lock(hdev);
1da177e4 1099
a9de9248 1100 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1101 if (acl) {
1102 sco = acl->link;
1103 if (sco) {
1104 sco->state = BT_CLOSED;
1da177e4 1105
5a08ecce
AE		 1106 hci_proto_connect_cfm(sco, status);
1107 hci_conn_del(sco);
1108 }
a9de9248 1109 }
1da177e4 1110
a9de9248
MH		 1111 hci_dev_unlock(hdev);
1112}
1da177e4 1113
f8558555
MH		 1114static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1115{
1116 struct hci_cp_auth_requested *cp;
1117 struct hci_conn *conn;
1118
9f1db00c 1119 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1120
1121 if (!status)
1122 return;
1123
1124 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1125 if (!cp)
1126 return;
1127
1128 hci_dev_lock(hdev);
1129
1130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1131 if (conn) {
1132 if (conn->state == BT_CONFIG) {
1133 hci_proto_connect_cfm(conn, status);
1134 hci_conn_put(conn);
1135 }
1136 }
1137
1138 hci_dev_unlock(hdev);
1139}
1140
1141static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1142{
1143 struct hci_cp_set_conn_encrypt *cp;
1144 struct hci_conn *conn;
1145
9f1db00c 1146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1147
1148 if (!status)
1149 return;
1150
1151 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1152 if (!cp)
1153 return;
1154
1155 hci_dev_lock(hdev);
1156
1157 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1158 if (conn) {
1159 if (conn->state == BT_CONFIG) {
1160 hci_proto_connect_cfm(conn, status);
1161 hci_conn_put(conn);
1162 }
1163 }
1164
1165 hci_dev_unlock(hdev);
1166}
1167
127178d2 1168static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1169 struct hci_conn *conn)
392599b9 1170{
392599b9
JH		 1171 if (conn->state != BT_CONFIG || !conn->out)
1172 return 0;
1173
765c2a96 1174 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1175 return 0;
1176
1177 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1178 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1179 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1180 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1181 return 0;
1182
392599b9
JH		 1183 return 1;
1184}
1185
6039aa73 1186static int hci_resolve_name(struct hci_dev *hdev,
04124681 1187 struct inquiry_entry *e)
30dc78e1
JH		 1188{
1189 struct hci_cp_remote_name_req cp;
1190
1191 memset(&cp, 0, sizeof(cp));
1192
1193 bacpy(&cp.bdaddr, &e->data.bdaddr);
1194 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1195 cp.pscan_mode = e->data.pscan_mode;
1196 cp.clock_offset = e->data.clock_offset;
1197
1198 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1199}
1200
b644ba33 1201static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1202{
1203 struct discovery_state *discov = &hdev->discovery;
1204 struct inquiry_entry *e;
1205
b644ba33
JH		 1206 if (list_empty(&discov->resolve))
1207 return false;
1208
1209 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1210 if (!e)
1211 return false;
1212
b644ba33
JH		 1213 if (hci_resolve_name(hdev, e) == 0) {
1214 e->name_state = NAME_PENDING;
1215 return true;
1216 }
1217
1218 return false;
1219}
1220
1221static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1222 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1223{
1224 struct discovery_state *discov = &hdev->discovery;
1225 struct inquiry_entry *e;
1226
1227 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1228 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1229 name_len, conn->dev_class);
b644ba33
JH		 1230
1231 if (discov->state == DISCOVERY_STOPPED)
1232 return;
1233
30dc78e1
JH		 1234 if (discov->state == DISCOVERY_STOPPING)
1235 goto discov_complete;
1236
1237 if (discov->state != DISCOVERY_RESOLVING)
1238 return;
1239
1240 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1241 /* If the device was not found in a list of found devices names of which
1242 * are pending. there is no need to continue resolving a next name as it
1243 * will be done upon receiving another Remote Name Request Complete
1244 * Event */
1245 if (!e)
1246 return;
1247
1248 list_del(&e->list);
1249 if (name) {
30dc78e1 1250 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1251 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1252 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1253 } else {
1254 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1255 }
1256
b644ba33 1257 if (hci_resolve_next_name(hdev))
30dc78e1 1258 return;
30dc78e1
JH		 1259
1260discov_complete:
1261 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1262}
1263
a9de9248
MH		 1264static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1265{
127178d2
JH		 1266 struct hci_cp_remote_name_req *cp;
1267 struct hci_conn *conn;
1268
9f1db00c 1269 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1270
1271 /* If successful wait for the name req complete event before
1272 * checking for the need to do authentication */
1273 if (!status)
1274 return;
1275
1276 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1277 if (!cp)
1278 return;
1279
1280 hci_dev_lock(hdev);
1281
b644ba33
JH		 1282 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283
a8b2d5c2 1284 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1285 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1286
79c6c70c
JH		 1287 if (!conn)
1288 goto unlock;
1289
1290 if (!hci_outgoing_auth_needed(hdev, conn))
1291 goto unlock;
1292
51a8efd7 1293 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1294 struct hci_cp_auth_requested cp;
1295 cp.handle = __cpu_to_le16(conn->handle);
1296 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1297 }
1298
79c6c70c 1299unlock:
127178d2 1300 hci_dev_unlock(hdev);
a9de9248 1301}
1da177e4 1302
769be974
MH		 1303static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1304{
1305 struct hci_cp_read_remote_features *cp;
1306 struct hci_conn *conn;
1307
9f1db00c 1308 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1309
1310 if (!status)
1311 return;
1312
1313 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1314 if (!cp)
1315 return;
1316
1317 hci_dev_lock(hdev);
1318
1319 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1320 if (conn) {
1321 if (conn->state == BT_CONFIG) {
769be974
MH		 1322 hci_proto_connect_cfm(conn, status);
1323 hci_conn_put(conn);
1324 }
1325 }
1326
1327 hci_dev_unlock(hdev);
1328}
1329
1330static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1331{
1332 struct hci_cp_read_remote_ext_features *cp;
1333 struct hci_conn *conn;
1334
9f1db00c 1335 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1336
1337 if (!status)
1338 return;
1339
1340 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1341 if (!cp)
1342 return;
1343
1344 hci_dev_lock(hdev);
1345
1346 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347 if (conn) {
1348 if (conn->state == BT_CONFIG) {
769be974
MH		 1349 hci_proto_connect_cfm(conn, status);
1350 hci_conn_put(conn);
1351 }
1352 }
1353
1354 hci_dev_unlock(hdev);
1355}
1356
a9de9248
MH		 1357static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1358{
b6a0dc82
MH		 1359 struct hci_cp_setup_sync_conn *cp;
1360 struct hci_conn *acl, *sco;
1361 __u16 handle;
1362
9f1db00c 1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1364
1365 if (!status)
1366 return;
1367
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1369 if (!cp)
1370 return;
1371
1372 handle = __le16_to_cpu(cp->handle);
1373
9f1db00c 1374 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1375
1376 hci_dev_lock(hdev);
1377
1378 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1379 if (acl) {
1380 sco = acl->link;
1381 if (sco) {
1382 sco->state = BT_CLOSED;
b6a0dc82 1383
5a08ecce
AE		 1384 hci_proto_connect_cfm(sco, status);
1385 hci_conn_del(sco);
1386 }
b6a0dc82
MH		 1387 }
1388
1389 hci_dev_unlock(hdev);
1da177e4
LT		 1390}
1391
a9de9248 1392static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1393{
a9de9248
MH		 1394 struct hci_cp_sniff_mode *cp;
1395 struct hci_conn *conn;
1da177e4 1396
9f1db00c 1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1398
a9de9248
MH		 1399 if (!status)
1400 return;
04837f64 1401
a9de9248
MH		 1402 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1403 if (!cp)
1404 return;
04837f64 1405
a9de9248 1406 hci_dev_lock(hdev);
04837f64 1407
a9de9248 1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1409 if (conn) {
51a8efd7 1410 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1411
51a8efd7 1412 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1413 hci_sco_setup(conn, status);
1414 }
1415
a9de9248
MH		 1416 hci_dev_unlock(hdev);
1417}
04837f64 1418
a9de9248
MH		 1419static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1420{
1421 struct hci_cp_exit_sniff_mode *cp;
1422 struct hci_conn *conn;
04837f64 1423
9f1db00c 1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1425
a9de9248
MH		 1426 if (!status)
1427 return;
04837f64 1428
a9de9248
MH		 1429 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1430 if (!cp)
1431 return;
04837f64 1432
a9de9248 1433 hci_dev_lock(hdev);
1da177e4 1434
a9de9248 1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1436 if (conn) {
51a8efd7 1437 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1438
51a8efd7 1439 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1440 hci_sco_setup(conn, status);
1441 }
1442
a9de9248 1443 hci_dev_unlock(hdev);
1da177e4
LT		 1444}
1445
88c3df13
JH		 1446static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1447{
1448 struct hci_cp_disconnect *cp;
1449 struct hci_conn *conn;
1450
1451 if (!status)
1452 return;
1453
1454 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1455 if (!cp)
1456 return;
1457
1458 hci_dev_lock(hdev);
1459
1460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1461 if (conn)
1462 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1463 conn->dst_type, status);
88c3df13
JH		 1464
1465 hci_dev_unlock(hdev);
1466}
1467
fcd89c09
VT		 1468static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1469{
fcd89c09
VT		 1470 struct hci_conn *conn;
1471
9f1db00c 1472 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1473
f00a06ac
AG		 1474 if (status) {
1475 hci_dev_lock(hdev);
fcd89c09 1476
0c95ab78 1477 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1478 if (!conn) {
1479 hci_dev_unlock(hdev);
1480 return;
1481 }
fcd89c09 1482
6ed93dc6 1483 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
fcd89c09 1484
f00a06ac 1485 conn->state = BT_CLOSED;
0c95ab78 1486 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1487 conn->dst_type, status);
1488 hci_proto_connect_cfm(conn, status);
1489 hci_conn_del(conn);
fcd89c09 1490
f00a06ac
AG		 1491 hci_dev_unlock(hdev);
1492 }
fcd89c09
VT		 1493}
1494
a02226d6
AE		 1495static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1496{
93c284ee
AE		 1497 struct hci_cp_create_phy_link *cp;
1498
a02226d6 1499 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1500
93c284ee
AE		 1501 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1502 if (!cp)
1503 return;
1504
e58917b9
AE		 1505 hci_dev_lock(hdev);
1506
1507 if (status) {
1508 struct hci_conn *hcon;
1509
1510 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1511 if (hcon)
1512 hci_conn_del(hcon);
1513 } else {
1514 amp_write_remote_assoc(hdev, cp->phy_handle);
1515 }
1516
1517 hci_dev_unlock(hdev);
a02226d6
AE		 1518}
1519
0b26ab9d
AE		 1520static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1521{
1522 struct hci_cp_accept_phy_link *cp;
1523
1524 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525
1526 if (status)
1527 return;
1528
1529 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1530 if (!cp)
1531 return;
1532
1533 amp_write_remote_assoc(hdev, cp->phy_handle);
1534}
1535
6039aa73 1536static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1537{
1538 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1539 struct discovery_state *discov = &hdev->discovery;
1540 struct inquiry_entry *e;
1da177e4 1541
9f1db00c 1542 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1543
9238f36a 1544 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1545
a9de9248 1546 hci_conn_check_pending(hdev);
89352e7d
AG		 1547
1548 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1549 return;
1550
a8b2d5c2 1551 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1552 return;
1553
56e5cb86 1554 hci_dev_lock(hdev);
30dc78e1 1555
343f935b 1556 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1557 goto unlock;
1558
1559 if (list_empty(&discov->resolve)) {
1560 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1561 goto unlock;
1562 }
1563
1564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1565 if (e && hci_resolve_name(hdev, e) == 0) {
1566 e->name_state = NAME_PENDING;
1567 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1568 } else {
1569 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1570 }
1571
1572unlock:
56e5cb86 1573 hci_dev_unlock(hdev);
1da177e4
LT		 1574}
1575
6039aa73 1576static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1577{
45bb4bf0 1578 struct inquiry_data data;
a9de9248 1579 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1580 int num_rsp = *((__u8 *) skb->data);
1581
1582 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1583
45bb4bf0
MH		 1584 if (!num_rsp)
1585 return;
1586
1519cc17
AG		 1587 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1588 return;
1589
1da177e4 1590 hci_dev_lock(hdev);
45bb4bf0 1591
e17acd40 1592 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1593 bool name_known, ssp;
3175405b 1594
1da177e4
LT		 1595 bacpy(&data.bdaddr, &info->bdaddr);
1596 data.pscan_rep_mode = info->pscan_rep_mode;
1597 data.pscan_period_mode = info->pscan_period_mode;
1598 data.pscan_mode = info->pscan_mode;
1599 memcpy(data.dev_class, info->dev_class, 3);
1600 data.clock_offset = info->clock_offset;
1601 data.rssi = 0x00;
41a96212 1602 data.ssp_mode = 0x00;
3175405b 1603
388fc8fa 1604 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1605 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1606 info->dev_class, 0, !name_known, ssp, NULL,
1607 0);
1da177e4 1608 }
45bb4bf0 1609
1da177e4
LT		 1610 hci_dev_unlock(hdev);
1611}
1612
6039aa73 1613static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1614{
a9de9248
MH		 1615 struct hci_ev_conn_complete *ev = (void *) skb->data;
1616 struct hci_conn *conn;
1da177e4
LT		 1617
1618 BT_DBG("%s", hdev->name);
1619
1620 hci_dev_lock(hdev);
1621
1622 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1623 if (!conn) {
1624 if (ev->link_type != SCO_LINK)
1625 goto unlock;
1626
1627 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1628 if (!conn)
1629 goto unlock;
1630
1631 conn->type = SCO_LINK;
1632 }
1da177e4
LT		 1633
1634 if (!ev->status) {
1635 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1636
1637 if (conn->type == ACL_LINK) {
1638 conn->state = BT_CONFIG;
1639 hci_conn_hold(conn);
a9ea3ed9
SJ		 1640
1641 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1642 !hci_find_link_key(hdev, &ev->bdaddr))
1643 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1644 else
1645 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1646 } else
1647 conn->state = BT_CONNECTED;
1da177e4 1648
9eba32b8 1649 hci_conn_hold_device(conn);
7d0db0a3
MH		 1650 hci_conn_add_sysfs(conn);
1651
1da177e4
LT		 1652 if (test_bit(HCI_AUTH, &hdev->flags))
1653 conn->link_mode |= HCI_LM_AUTH;
1654
1655 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1656 conn->link_mode |= HCI_LM_ENCRYPT;
1657
04837f64
MH		 1658 /* Get remote features */
1659 if (conn->type == ACL_LINK) {
1660 struct hci_cp_read_remote_features cp;
1661 cp.handle = ev->handle;
769be974 1662 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1663 sizeof(cp), &cp);
04837f64
MH		 1664 }
1665
1da177e4 1666 /* Set packet type for incoming connection */
d095c1eb 1667 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1668 struct hci_cp_change_conn_ptype cp;
1669 cp.handle = ev->handle;
a8746417 1670 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1671 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1672 &cp);
1da177e4 1673 }
17d5c04c 1674 } else {
1da177e4 1675 conn->state = BT_CLOSED;
17d5c04c 1676 if (conn->type == ACL_LINK)
744cf19e 1677 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1678 conn->dst_type, ev->status);
17d5c04c 1679 }
1da177e4 1680
e73439d8
MH		 1681 if (conn->type == ACL_LINK)
1682 hci_sco_setup(conn, ev->status);
1da177e4 1683
769be974
MH		 1684 if (ev->status) {
1685 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1686 hci_conn_del(conn);
c89b6e6b
MH		 1687 } else if (ev->link_type != ACL_LINK)
1688 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1689
a9de9248 1690unlock:
1da177e4 1691 hci_dev_unlock(hdev);
1da177e4 1692
a9de9248 1693 hci_conn_check_pending(hdev);
1da177e4
LT		 1694}
1695
20714bfe
FD		 1696void hci_conn_accept(struct hci_conn *conn, int mask)
1697{
1698 struct hci_dev *hdev = conn->hdev;
1699
1700 BT_DBG("conn %p", conn);
1701
1702 conn->state = BT_CONFIG;
1703
1704 if (!lmp_esco_capable(hdev)) {
1705 struct hci_cp_accept_conn_req cp;
1706
1707 bacpy(&cp.bdaddr, &conn->dst);
1708
1709 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1710 cp.role = 0x00; /* Become master */
1711 else
1712 cp.role = 0x01; /* Remain slave */
1713
1714 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1715 } else /* lmp_esco_capable(hdev)) */ {
1716 struct hci_cp_accept_sync_conn_req cp;
1717
1718 bacpy(&cp.bdaddr, &conn->dst);
1719 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1720
1721 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1722 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1723 cp.max_latency = __constant_cpu_to_le16(0xffff);
1724 cp.content_format = cpu_to_le16(hdev->voice_setting);
1725 cp.retrans_effort = 0xff;
1726
1727 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1728 sizeof(cp), &cp);
1729 }
1730}
1731
6039aa73 1732static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1733{
a9de9248
MH		 1734 struct hci_ev_conn_request *ev = (void *) skb->data;
1735 int mask = hdev->link_mode;
20714bfe 1736 __u8 flags = 0;
1da177e4 1737
6ed93dc6 1738 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 1739 ev->link_type);
1da177e4 1740
20714bfe
FD		 1741 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1742 &flags);
1da177e4 1743
138d22ef 1744 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1745 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1746 /* Connection accepted */
c7bdd502 1747 struct inquiry_entry *ie;
1da177e4 1748 struct hci_conn *conn;
1da177e4 1749
a9de9248 1750 hci_dev_lock(hdev);
b6a0dc82 1751
cc11b9c1
AE		 1752 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1753 if (ie)
c7bdd502
MH		 1754 memcpy(ie->data.dev_class, ev->dev_class, 3);
1755
8fc9ced3
GP		 1756 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1757 &ev->bdaddr);
a9de9248 1758 if (!conn) {
cc11b9c1
AE		 1759 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1760 if (!conn) {
893ef971 1761 BT_ERR("No memory for new connection");
a9de9248
MH		 1762 hci_dev_unlock(hdev);
1763 return;
1da177e4
LT		 1764 }
1765 }
b6a0dc82 1766
a9de9248 1767 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 1768
a9de9248 1769 hci_dev_unlock(hdev);
1da177e4 1770
20714bfe
FD		 1771 if (ev->link_type == ACL_LINK ||
1772 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 1773 struct hci_cp_accept_conn_req cp;
20714bfe 1774 conn->state = BT_CONNECT;
1da177e4 1775
b6a0dc82
MH		 1776 bacpy(&cp.bdaddr, &ev->bdaddr);
1777
1778 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1779 cp.role = 0x00; /* Become master */
1780 else
1781 cp.role = 0x01; /* Remain slave */
1782
04124681
GP		 1783 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1784 &cp);
20714bfe 1785 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 1786 struct hci_cp_accept_sync_conn_req cp;
20714bfe 1787 conn->state = BT_CONNECT;
b6a0dc82
MH		 1788
1789 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1790 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1791
82781e63
AE		 1792 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1793 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1794 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1795 cp.content_format = cpu_to_le16(hdev->voice_setting);
1796 cp.retrans_effort = 0xff;
1da177e4 1797
b6a0dc82 1798 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1799 sizeof(cp), &cp);
20714bfe
FD		 1800 } else {
1801 conn->state = BT_CONNECT2;
1802 hci_proto_connect_cfm(conn, 0);
1803 hci_conn_put(conn);
b6a0dc82 1804 }
a9de9248
MH		 1805 } else {
1806 /* Connection rejected */
1807 struct hci_cp_reject_conn_req cp;
1da177e4 1808
a9de9248 1809 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1810 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1811 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1812 }
1da177e4
LT		 1813}
1814
f0d6a0ea
MA		 1815static u8 hci_to_mgmt_reason(u8 err)
1816{
1817 switch (err) {
1818 case HCI_ERROR_CONNECTION_TIMEOUT:
1819 return MGMT_DEV_DISCONN_TIMEOUT;
1820 case HCI_ERROR_REMOTE_USER_TERM:
1821 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1822 case HCI_ERROR_REMOTE_POWER_OFF:
1823 return MGMT_DEV_DISCONN_REMOTE;
1824 case HCI_ERROR_LOCAL_HOST_TERM:
1825 return MGMT_DEV_DISCONN_LOCAL_HOST;
1826 default:
1827 return MGMT_DEV_DISCONN_UNKNOWN;
1828 }
1829}
1830
6039aa73 1831static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1832{
a9de9248 1833 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1834 struct hci_conn *conn;
1835
9f1db00c 1836 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1837
1838 hci_dev_lock(hdev);
1839
1840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1841 if (!conn)
1842 goto unlock;
7d0db0a3 1843
37d9ef76
JH		 1844 if (ev->status == 0)
1845 conn->state = BT_CLOSED;
04837f64 1846
b644ba33 1847 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1848 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1849 if (ev->status) {
88c3df13 1850 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1851 conn->dst_type, ev->status);
f0d6a0ea
MA		 1852 } else {
1853 u8 reason = hci_to_mgmt_reason(ev->reason);
1854
afc747a6 1855 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1856 conn->dst_type, reason);
1857 }
37d9ef76 1858 }
f7520543 1859
37d9ef76 1860 if (ev->status == 0) {
6ec5bcad
VA		 1861 if (conn->type == ACL_LINK && conn->flush_key)
1862 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1863 hci_proto_disconn_cfm(conn, ev->reason);
1864 hci_conn_del(conn);
1865 }
f7520543
JH		 1866
1867unlock:
04837f64
MH		 1868 hci_dev_unlock(hdev);
1869}
1870
6039aa73 1871static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1872{
a9de9248 1873 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1874 struct hci_conn *conn;
1da177e4 1875
9f1db00c 1876 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1877
1878 hci_dev_lock(hdev);
1879
04837f64 1880 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1881 if (!conn)
1882 goto unlock;
1883
1884 if (!ev->status) {
aa64a8b5 1885 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1886 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1887 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1888 } else {
d7556e20
WR		 1889 conn->link_mode |= HCI_LM_AUTH;
1890 conn->sec_level = conn->pending_sec_level;
2a611692 1891 }
d7556e20 1892 } else {
bab73cb6 1893 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1894 ev->status);
d7556e20 1895 }
1da177e4 1896
51a8efd7
JH		 1897 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1898 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1899
d7556e20 1900 if (conn->state == BT_CONFIG) {
aa64a8b5 1901 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1902 struct hci_cp_set_conn_encrypt cp;
1903 cp.handle = ev->handle;
1904 cp.encrypt = 0x01;
1905 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1906 &cp);
052b30b0 1907 } else {
d7556e20
WR		 1908 conn->state = BT_CONNECTED;
1909 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1910 hci_conn_put(conn);
1911 }
d7556e20
WR		 1912 } else {
1913 hci_auth_cfm(conn, ev->status);
052b30b0 1914
d7556e20
WR		 1915 hci_conn_hold(conn);
1916 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1917 hci_conn_put(conn);
1918 }
1919
51a8efd7 1920 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1921 if (!ev->status) {
1922 struct hci_cp_set_conn_encrypt cp;
1923 cp.handle = ev->handle;
1924 cp.encrypt = 0x01;
1925 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1926 &cp);
d7556e20 1927 } else {
51a8efd7 1928 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1929 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1930 }
1931 }
1932
d7556e20 1933unlock:
1da177e4
LT		 1934 hci_dev_unlock(hdev);
1935}
1936
6039aa73 1937static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1938{
127178d2
JH		 1939 struct hci_ev_remote_name *ev = (void *) skb->data;
1940 struct hci_conn *conn;
1941
a9de9248 1942 BT_DBG("%s", hdev->name);
1da177e4 1943
a9de9248 1944 hci_conn_check_pending(hdev);
127178d2
JH		 1945
1946 hci_dev_lock(hdev);
1947
b644ba33 1948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1949
b644ba33
JH		 1950 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1951 goto check_auth;
a88a9652 1952
b644ba33
JH		 1953 if (ev->status == 0)
1954 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1955 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 1956 else
1957 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1958
1959check_auth:
79c6c70c
JH		 1960 if (!conn)
1961 goto unlock;
1962
1963 if (!hci_outgoing_auth_needed(hdev, conn))
1964 goto unlock;
1965
51a8efd7 1966 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1967 struct hci_cp_auth_requested cp;
1968 cp.handle = __cpu_to_le16(conn->handle);
1969 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1970 }
1971
79c6c70c 1972unlock:
127178d2 1973 hci_dev_unlock(hdev);
a9de9248
MH		 1974}
1975
6039aa73 1976static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 1977{
1978 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1979 struct hci_conn *conn;
1980
9f1db00c 1981 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1982
1983 hci_dev_lock(hdev);
1984
04837f64 1985 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 1986 if (conn) {
1987 if (!ev->status) {
ae293196
MH		 1988 if (ev->encrypt) {
1989 /* Encryption implies authentication */
1990 conn->link_mode |= HCI_LM_AUTH;
1da177e4 1991 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 1992 conn->sec_level = conn->pending_sec_level;
ae293196 1993 } else
1da177e4
LT		 1994 conn->link_mode &= ~HCI_LM_ENCRYPT;
1995 }
1996
51a8efd7 1997 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 1998
a7d7723a 1999 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 2000 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2001 hci_conn_put(conn);
2002 goto unlock;
2003 }
2004
f8558555
MH		 2005 if (conn->state == BT_CONFIG) {
2006 if (!ev->status)
2007 conn->state = BT_CONNECTED;
2008
2009 hci_proto_connect_cfm(conn, ev->status);
2010 hci_conn_put(conn);
2011 } else
2012 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2013 }
2014
a7d7723a 2015unlock:
1da177e4
LT		 2016 hci_dev_unlock(hdev);
2017}
2018
6039aa73
GP		 2019static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2020 struct sk_buff *skb)
1da177e4 2021{
a9de9248 2022 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2023 struct hci_conn *conn;
1da177e4 2024
9f1db00c 2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2026
2027 hci_dev_lock(hdev);
2028
04837f64 2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2030 if (conn) {
2031 if (!ev->status)
2032 conn->link_mode |= HCI_LM_SECURE;
2033
51a8efd7 2034 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2035
2036 hci_key_change_cfm(conn, ev->status);
2037 }
2038
2039 hci_dev_unlock(hdev);
2040}
2041
6039aa73
GP		 2042static void hci_remote_features_evt(struct hci_dev *hdev,
2043 struct sk_buff *skb)
1da177e4 2044{
a9de9248
MH		 2045 struct hci_ev_remote_features *ev = (void *) skb->data;
2046 struct hci_conn *conn;
2047
9f1db00c 2048 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2049
a9de9248
MH		 2050 hci_dev_lock(hdev);
2051
2052 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2053 if (!conn)
2054 goto unlock;
769be974 2055
ccd556fe
JH		 2056 if (!ev->status)
2057 memcpy(conn->features, ev->features, 8);
2058
2059 if (conn->state != BT_CONFIG)
2060 goto unlock;
2061
2062 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2063 struct hci_cp_read_remote_ext_features cp;
2064 cp.handle = ev->handle;
2065 cp.page = 0x01;
2066 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2067 sizeof(cp), &cp);
392599b9
JH		 2068 goto unlock;
2069 }
2070
671267bf 2071 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2072 struct hci_cp_remote_name_req cp;
2073 memset(&cp, 0, sizeof(cp));
2074 bacpy(&cp.bdaddr, &conn->dst);
2075 cp.pscan_rep_mode = 0x02;
2076 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2077 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2078 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2079 conn->dst_type, 0, NULL, 0,
2080 conn->dev_class);
392599b9 2081
127178d2 2082 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2083 conn->state = BT_CONNECTED;
2084 hci_proto_connect_cfm(conn, ev->status);
2085 hci_conn_put(conn);
769be974 2086 }
a9de9248 2087
ccd556fe 2088unlock:
a9de9248 2089 hci_dev_unlock(hdev);
1da177e4
LT		 2090}
2091
6039aa73 2092static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2093{
2094 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2095 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2096 __u16 opcode;
2097
2098 skb_pull(skb, sizeof(*ev));
2099
2100 opcode = __le16_to_cpu(ev->opcode);
2101
2102 switch (opcode) {
2103 case HCI_OP_INQUIRY_CANCEL:
2104 hci_cc_inquiry_cancel(hdev, skb);
2105 break;
2106
4d93483b
AG		 2107 case HCI_OP_PERIODIC_INQ:
2108 hci_cc_periodic_inq(hdev, skb);
2109 break;
2110
a9de9248
MH		 2111 case HCI_OP_EXIT_PERIODIC_INQ:
2112 hci_cc_exit_periodic_inq(hdev, skb);
2113 break;
2114
2115 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2116 hci_cc_remote_name_req_cancel(hdev, skb);
2117 break;
2118
2119 case HCI_OP_ROLE_DISCOVERY:
2120 hci_cc_role_discovery(hdev, skb);
2121 break;
2122
e4e8e37c
MH		 2123 case HCI_OP_READ_LINK_POLICY:
2124 hci_cc_read_link_policy(hdev, skb);
2125 break;
2126
a9de9248
MH		 2127 case HCI_OP_WRITE_LINK_POLICY:
2128 hci_cc_write_link_policy(hdev, skb);
2129 break;
2130
e4e8e37c
MH		 2131 case HCI_OP_READ_DEF_LINK_POLICY:
2132 hci_cc_read_def_link_policy(hdev, skb);
2133 break;
2134
2135 case HCI_OP_WRITE_DEF_LINK_POLICY:
2136 hci_cc_write_def_link_policy(hdev, skb);
2137 break;
2138
a9de9248
MH		 2139 case HCI_OP_RESET:
2140 hci_cc_reset(hdev, skb);
2141 break;
2142
2143 case HCI_OP_WRITE_LOCAL_NAME:
2144 hci_cc_write_local_name(hdev, skb);
2145 break;
2146
2147 case HCI_OP_READ_LOCAL_NAME:
2148 hci_cc_read_local_name(hdev, skb);
2149 break;
2150
2151 case HCI_OP_WRITE_AUTH_ENABLE:
2152 hci_cc_write_auth_enable(hdev, skb);
2153 break;
2154
2155 case HCI_OP_WRITE_ENCRYPT_MODE:
2156 hci_cc_write_encrypt_mode(hdev, skb);
2157 break;
2158
2159 case HCI_OP_WRITE_SCAN_ENABLE:
2160 hci_cc_write_scan_enable(hdev, skb);
2161 break;
2162
2163 case HCI_OP_READ_CLASS_OF_DEV:
2164 hci_cc_read_class_of_dev(hdev, skb);
2165 break;
2166
2167 case HCI_OP_WRITE_CLASS_OF_DEV:
2168 hci_cc_write_class_of_dev(hdev, skb);
2169 break;
2170
2171 case HCI_OP_READ_VOICE_SETTING:
2172 hci_cc_read_voice_setting(hdev, skb);
2173 break;
2174
2175 case HCI_OP_WRITE_VOICE_SETTING:
2176 hci_cc_write_voice_setting(hdev, skb);
2177 break;
2178
333140b5
MH		 2179 case HCI_OP_WRITE_SSP_MODE:
2180 hci_cc_write_ssp_mode(hdev, skb);
2181 break;
2182
a9de9248
MH		 2183 case HCI_OP_READ_LOCAL_VERSION:
2184 hci_cc_read_local_version(hdev, skb);
2185 break;
2186
2187 case HCI_OP_READ_LOCAL_COMMANDS:
2188 hci_cc_read_local_commands(hdev, skb);
2189 break;
2190
2191 case HCI_OP_READ_LOCAL_FEATURES:
2192 hci_cc_read_local_features(hdev, skb);
2193 break;
2194
971e3a4b
AG		 2195 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2196 hci_cc_read_local_ext_features(hdev, skb);
2197 break;
2198
a9de9248
MH		 2199 case HCI_OP_READ_BUFFER_SIZE:
2200 hci_cc_read_buffer_size(hdev, skb);
2201 break;
2202
2203 case HCI_OP_READ_BD_ADDR:
2204 hci_cc_read_bd_addr(hdev, skb);
2205 break;
2206
350ee4cf
AE		 2207 case HCI_OP_READ_DATA_BLOCK_SIZE:
2208 hci_cc_read_data_block_size(hdev, skb);
2209 break;
2210
1e89cffb
AE		 2211 case HCI_OP_READ_FLOW_CONTROL_MODE:
2212 hci_cc_read_flow_control_mode(hdev, skb);
2213 break;
2214
928abaa7
AE		 2215 case HCI_OP_READ_LOCAL_AMP_INFO:
2216 hci_cc_read_local_amp_info(hdev, skb);
2217 break;
2218
903e4541
AE		 2219 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2220 hci_cc_read_local_amp_assoc(hdev, skb);
2221 break;
2222
d5859e22
JH		 2223 case HCI_OP_READ_INQ_RSP_TX_POWER:
2224 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2225 break;
2226
980e1a53
JH		 2227 case HCI_OP_PIN_CODE_REPLY:
2228 hci_cc_pin_code_reply(hdev, skb);
2229 break;
2230
2231 case HCI_OP_PIN_CODE_NEG_REPLY:
2232 hci_cc_pin_code_neg_reply(hdev, skb);
2233 break;
2234
c35938b2
SJ		 2235 case HCI_OP_READ_LOCAL_OOB_DATA:
2236 hci_cc_read_local_oob_data_reply(hdev, skb);
2237 break;
2238
6ed58ec5
VT		 2239 case HCI_OP_LE_READ_BUFFER_SIZE:
2240 hci_cc_le_read_buffer_size(hdev, skb);
2241 break;
2242
60e77321
JH		 2243 case HCI_OP_LE_READ_LOCAL_FEATURES:
2244 hci_cc_le_read_local_features(hdev, skb);
2245 break;
2246
8fa19098
JH		 2247 case HCI_OP_LE_READ_ADV_TX_POWER:
2248 hci_cc_le_read_adv_tx_power(hdev, skb);
2249 break;
2250
a5c29683
JH		 2251 case HCI_OP_USER_CONFIRM_REPLY:
2252 hci_cc_user_confirm_reply(hdev, skb);
2253 break;
2254
2255 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2256 hci_cc_user_confirm_neg_reply(hdev, skb);
2257 break;
2258
1143d458
BG		 2259 case HCI_OP_USER_PASSKEY_REPLY:
2260 hci_cc_user_passkey_reply(hdev, skb);
2261 break;
2262
2263 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2264 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2265 break;
07f7fa5d
AG		 2266
2267 case HCI_OP_LE_SET_SCAN_PARAM:
2268 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2269 break;
2270
c1d5dc4a
JH		 2271 case HCI_OP_LE_SET_ADV_ENABLE:
2272 hci_cc_le_set_adv_enable(hdev, skb);
2273 break;
2274
eb9d91f5
AG		 2275 case HCI_OP_LE_SET_SCAN_ENABLE:
2276 hci_cc_le_set_scan_enable(hdev, skb);
2277 break;
2278
cf1d081f
JH		 2279 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2280 hci_cc_le_read_white_list_size(hdev, skb);
2281 break;
2282
9b008c04
JH		 2283 case HCI_OP_LE_READ_SUPPORTED_STATES:
2284 hci_cc_le_read_supported_states(hdev, skb);
2285 break;
2286
f9b49306
AG		 2287 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2288 hci_cc_write_le_host_supported(hdev, skb);
2289 break;
2290
93c284ee
AE		 2291 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2292 hci_cc_write_remote_amp_assoc(hdev, skb);
2293 break;
2294
a9de9248 2295 default:
9f1db00c 2296 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2297 break;
2298 }
2299
ad82cdd1 2300 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2301 del_timer(&hdev->cmd_timer);
2302
ad82cdd1 2303 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2304
dbccd791 2305 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2306 atomic_set(&hdev->cmd_cnt, 1);
2307 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2308 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2309 }
2310}
2311
6039aa73 2312static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2313{
2314 struct hci_ev_cmd_status *ev = (void *) skb->data;
2315 __u16 opcode;
2316
2317 skb_pull(skb, sizeof(*ev));
2318
2319 opcode = __le16_to_cpu(ev->opcode);
2320
2321 switch (opcode) {
2322 case HCI_OP_INQUIRY:
2323 hci_cs_inquiry(hdev, ev->status);
2324 break;
2325
2326 case HCI_OP_CREATE_CONN:
2327 hci_cs_create_conn(hdev, ev->status);
2328 break;
2329
2330 case HCI_OP_ADD_SCO:
2331 hci_cs_add_sco(hdev, ev->status);
2332 break;
2333
f8558555
MH		 2334 case HCI_OP_AUTH_REQUESTED:
2335 hci_cs_auth_requested(hdev, ev->status);
2336 break;
2337
2338 case HCI_OP_SET_CONN_ENCRYPT:
2339 hci_cs_set_conn_encrypt(hdev, ev->status);
2340 break;
2341
a9de9248
MH		 2342 case HCI_OP_REMOTE_NAME_REQ:
2343 hci_cs_remote_name_req(hdev, ev->status);
2344 break;
2345
769be974
MH		 2346 case HCI_OP_READ_REMOTE_FEATURES:
2347 hci_cs_read_remote_features(hdev, ev->status);
2348 break;
2349
2350 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2351 hci_cs_read_remote_ext_features(hdev, ev->status);
2352 break;
2353
a9de9248
MH		 2354 case HCI_OP_SETUP_SYNC_CONN:
2355 hci_cs_setup_sync_conn(hdev, ev->status);
2356 break;
2357
2358 case HCI_OP_SNIFF_MODE:
2359 hci_cs_sniff_mode(hdev, ev->status);
2360 break;
2361
2362 case HCI_OP_EXIT_SNIFF_MODE:
2363 hci_cs_exit_sniff_mode(hdev, ev->status);
2364 break;
2365
8962ee74 2366 case HCI_OP_DISCONNECT:
88c3df13 2367 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2368 break;
2369
fcd89c09
VT		 2370 case HCI_OP_LE_CREATE_CONN:
2371 hci_cs_le_create_conn(hdev, ev->status);
2372 break;
2373
a02226d6
AE		 2374 case HCI_OP_CREATE_PHY_LINK:
2375 hci_cs_create_phylink(hdev, ev->status);
2376 break;
2377
0b26ab9d
AE		 2378 case HCI_OP_ACCEPT_PHY_LINK:
2379 hci_cs_accept_phylink(hdev, ev->status);
2380 break;
2381
a9de9248 2382 default:
9f1db00c 2383 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2384 break;
2385 }
2386
ad82cdd1 2387 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2388 del_timer(&hdev->cmd_timer);
2389
ad82cdd1 2390 hci_req_cmd_status(hdev, opcode, ev->status);
9238f36a 2391
10572132 2392 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2393 atomic_set(&hdev->cmd_cnt, 1);
2394 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2395 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2396 }
2397}
2398
6039aa73 2399static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2400{
2401 struct hci_ev_role_change *ev = (void *) skb->data;
2402 struct hci_conn *conn;
2403
9f1db00c 2404 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2405
2406 hci_dev_lock(hdev);
2407
2408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2409 if (conn) {
2410 if (!ev->status) {
2411 if (ev->role)
2412 conn->link_mode &= ~HCI_LM_MASTER;
2413 else
2414 conn->link_mode |= HCI_LM_MASTER;
2415 }
2416
51a8efd7 2417 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2418
2419 hci_role_switch_cfm(conn, ev->status, ev->role);
2420 }
2421
2422 hci_dev_unlock(hdev);
2423}
2424
6039aa73 2425static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2426{
2427 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2428 int i;
2429
32ac5b9b
AE		 2430 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2431 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2432 return;
2433 }
2434
c5993de8 2435 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2436 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2437 BT_DBG("%s bad parameters", hdev->name);
2438 return;
2439 }
2440
c5993de8
AE		 2441 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2442
613a1c0c
AE		 2443 for (i = 0; i < ev->num_hndl; i++) {
2444 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2445 struct hci_conn *conn;
2446 __u16 handle, count;
2447
613a1c0c
AE		 2448 handle = __le16_to_cpu(info->handle);
2449 count = __le16_to_cpu(info->count);
a9de9248
MH		 2450
2451 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2452 if (!conn)
2453 continue;
2454
2455 conn->sent -= count;
2456
2457 switch (conn->type) {
2458 case ACL_LINK:
2459 hdev->acl_cnt += count;
2460 if (hdev->acl_cnt > hdev->acl_pkts)
2461 hdev->acl_cnt = hdev->acl_pkts;
2462 break;
2463
2464 case LE_LINK:
2465 if (hdev->le_pkts) {
2466 hdev->le_cnt += count;
2467 if (hdev->le_cnt > hdev->le_pkts)
2468 hdev->le_cnt = hdev->le_pkts;
2469 } else {
70f23020
AE		 2470 hdev->acl_cnt += count;
2471 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2472 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2473 }
f4280918
AE		 2474 break;
2475
2476 case SCO_LINK:
2477 hdev->sco_cnt += count;
2478 if (hdev->sco_cnt > hdev->sco_pkts)
2479 hdev->sco_cnt = hdev->sco_pkts;
2480 break;
2481
2482 default:
2483 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2484 break;
a9de9248
MH		 2485 }
2486 }
2487
3eff45ea 2488 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2489}
2490
76ef7cf7
AE		 2491static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2492 __u16 handle)
2493{
2494 struct hci_chan *chan;
2495
2496 switch (hdev->dev_type) {
2497 case HCI_BREDR:
2498 return hci_conn_hash_lookup_handle(hdev, handle);
2499 case HCI_AMP:
2500 chan = hci_chan_lookup_handle(hdev, handle);
2501 if (chan)
2502 return chan->conn;
2503 break;
2504 default:
2505 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2506 break;
2507 }
2508
2509 return NULL;
2510}
2511
6039aa73 2512static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2513{
2514 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2515 int i;
2516
2517 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2518 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2519 return;
2520 }
2521
2522 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2523 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2524 BT_DBG("%s bad parameters", hdev->name);
2525 return;
2526 }
2527
2528 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2529 ev->num_hndl);
25e89e99
AE		 2530
2531 for (i = 0; i < ev->num_hndl; i++) {
2532 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2533 struct hci_conn *conn = NULL;
25e89e99
AE		 2534 __u16 handle, block_count;
2535
2536 handle = __le16_to_cpu(info->handle);
2537 block_count = __le16_to_cpu(info->blocks);
2538
76ef7cf7 2539 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2540 if (!conn)
2541 continue;
2542
2543 conn->sent -= block_count;
2544
2545 switch (conn->type) {
2546 case ACL_LINK:
bd1eb66b 2547 case AMP_LINK:
25e89e99
AE		 2548 hdev->block_cnt += block_count;
2549 if (hdev->block_cnt > hdev->num_blocks)
2550 hdev->block_cnt = hdev->num_blocks;
2551 break;
2552
2553 default:
2554 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2555 break;
2556 }
2557 }
2558
2559 queue_work(hdev->workqueue, &hdev->tx_work);
2560}
2561
6039aa73 2562static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2563{
a9de9248 2564 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2565 struct hci_conn *conn;
2566
9f1db00c 2567 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2568
2569 hci_dev_lock(hdev);
2570
2571 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2572 if (conn) {
2573 conn->mode = ev->mode;
2574 conn->interval = __le16_to_cpu(ev->interval);
2575
8fc9ced3
GP		 2576 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2577 &conn->flags)) {
a9de9248 2578 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2579 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2580 else
58a681ef 2581 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2582 }
e73439d8 2583
51a8efd7 2584 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2585 hci_sco_setup(conn, ev->status);
04837f64
MH		 2586 }
2587
2588 hci_dev_unlock(hdev);
2589}
2590
6039aa73 2591static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2592{
052b30b0
MH		 2593 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2594 struct hci_conn *conn;
2595
a9de9248 2596 BT_DBG("%s", hdev->name);
052b30b0
MH		 2597
2598 hci_dev_lock(hdev);
2599
2600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2601 if (!conn)
2602 goto unlock;
2603
2604 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2605 hci_conn_hold(conn);
2606 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2607 hci_conn_put(conn);
2608 }
2609
a8b2d5c2 2610 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2611 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2612 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2613 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2614 u8 secure;
2615
2616 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2617 secure = 1;
2618 else
2619 secure = 0;
2620
744cf19e 2621 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2622 }
980e1a53 2623
b6f98044 2624unlock:
052b30b0 2625 hci_dev_unlock(hdev);
a9de9248
MH		 2626}
2627
6039aa73 2628static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2629{
55ed8ca1
JH		 2630 struct hci_ev_link_key_req *ev = (void *) skb->data;
2631 struct hci_cp_link_key_reply cp;
2632 struct hci_conn *conn;
2633 struct link_key *key;
2634
a9de9248 2635 BT_DBG("%s", hdev->name);
55ed8ca1 2636
a8b2d5c2 2637 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2638 return;
2639
2640 hci_dev_lock(hdev);
2641
2642 key = hci_find_link_key(hdev, &ev->bdaddr);
2643 if (!key) {
6ed93dc6
AE		 2644 BT_DBG("%s link key not found for %pMR", hdev->name,
2645 &ev->bdaddr);
55ed8ca1
JH		 2646 goto not_found;
2647 }
2648
6ed93dc6
AE		 2649 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2650 &ev->bdaddr);
55ed8ca1 2651
a8b2d5c2 2652 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2653 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2654 BT_DBG("%s ignoring debug key", hdev->name);
2655 goto not_found;
2656 }
2657
2658 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2659 if (conn) {
2660 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2661 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2662 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2663 goto not_found;
2664 }
55ed8ca1 2665
60b83f57 2666 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2667 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2668 BT_DBG("%s ignoring key unauthenticated for high security",
2669 hdev->name);
60b83f57
WR		 2670 goto not_found;
2671 }
2672
2673 conn->key_type = key->type;
2674 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2675 }
2676
2677 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2678 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2679
2680 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2681
2682 hci_dev_unlock(hdev);
2683
2684 return;
2685
2686not_found:
2687 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2688 hci_dev_unlock(hdev);
a9de9248
MH		 2689}
2690
6039aa73 2691static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2692{
052b30b0
MH		 2693 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2694 struct hci_conn *conn;
55ed8ca1 2695 u8 pin_len = 0;
052b30b0 2696
a9de9248 2697 BT_DBG("%s", hdev->name);
052b30b0
MH		 2698
2699 hci_dev_lock(hdev);
2700
2701 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2702 if (conn) {
2703 hci_conn_hold(conn);
2704 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2705 pin_len = conn->pin_length;
13d39315
WR		 2706
2707 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2708 conn->key_type = ev->key_type;
2709
052b30b0
MH		 2710 hci_conn_put(conn);
2711 }
2712
a8b2d5c2 2713 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2714 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2715 ev->key_type, pin_len);
55ed8ca1 2716
052b30b0 2717 hci_dev_unlock(hdev);
a9de9248
MH		 2718}
2719
6039aa73 2720static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2721{
a9de9248 2722 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2723 struct hci_conn *conn;
1da177e4 2724
9f1db00c 2725 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2726
2727 hci_dev_lock(hdev);
2728
04837f64 2729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2730 if (conn && !ev->status) {
2731 struct inquiry_entry *ie;
2732
cc11b9c1
AE		 2733 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2734 if (ie) {
1da177e4
LT		 2735 ie->data.clock_offset = ev->clock_offset;
2736 ie->timestamp = jiffies;
2737 }
2738 }
2739
2740 hci_dev_unlock(hdev);
2741}
2742
6039aa73 2743static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2744{
2745 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2746 struct hci_conn *conn;
2747
9f1db00c 2748 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2749
2750 hci_dev_lock(hdev);
2751
2752 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2753 if (conn && !ev->status)
2754 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2755
2756 hci_dev_unlock(hdev);
2757}
2758
6039aa73 2759static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2760{
a9de9248 2761 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2762 struct inquiry_entry *ie;
2763
2764 BT_DBG("%s", hdev->name);
2765
2766 hci_dev_lock(hdev);
2767
cc11b9c1
AE		 2768 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2769 if (ie) {
85a1e930
MH		 2770 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2771 ie->timestamp = jiffies;
2772 }
2773
2774 hci_dev_unlock(hdev);
2775}
2776
6039aa73
GP		 2777static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2778 struct sk_buff *skb)
a9de9248
MH		 2779{
2780 struct inquiry_data data;
2781 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2782 bool name_known, ssp;
a9de9248
MH		 2783
2784 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2785
2786 if (!num_rsp)
2787 return;
2788
1519cc17
AG		 2789 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2790 return;
2791
a9de9248
MH		 2792 hci_dev_lock(hdev);
2793
2794 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2795 struct inquiry_info_with_rssi_and_pscan_mode *info;
2796 info = (void *) (skb->data + 1);
a9de9248 2797
e17acd40 2798 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2799 bacpy(&data.bdaddr, &info->bdaddr);
2800 data.pscan_rep_mode = info->pscan_rep_mode;
2801 data.pscan_period_mode = info->pscan_period_mode;
2802 data.pscan_mode = info->pscan_mode;
2803 memcpy(data.dev_class, info->dev_class, 3);
2804 data.clock_offset = info->clock_offset;
2805 data.rssi = info->rssi;
41a96212 2806 data.ssp_mode = 0x00;
3175405b
JH		 2807
2808 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2809 false, &ssp);
48264f06 2810 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2811 info->dev_class, info->rssi,
2812 !name_known, ssp, NULL, 0);
a9de9248
MH		 2813 }
2814 } else {
2815 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2816
e17acd40 2817 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2818 bacpy(&data.bdaddr, &info->bdaddr);
2819 data.pscan_rep_mode = info->pscan_rep_mode;
2820 data.pscan_period_mode = info->pscan_period_mode;
2821 data.pscan_mode = 0x00;
2822 memcpy(data.dev_class, info->dev_class, 3);
2823 data.clock_offset = info->clock_offset;
2824 data.rssi = info->rssi;
41a96212 2825 data.ssp_mode = 0x00;
3175405b 2826 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2827 false, &ssp);
48264f06 2828 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2829 info->dev_class, info->rssi,
2830 !name_known, ssp, NULL, 0);
a9de9248
MH		 2831 }
2832 }
2833
2834 hci_dev_unlock(hdev);
2835}
2836
6039aa73
GP		 2837static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2838 struct sk_buff *skb)
a9de9248 2839{
41a96212
MH		 2840 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2841 struct hci_conn *conn;
2842
a9de9248 2843 BT_DBG("%s", hdev->name);
41a96212 2844
41a96212
MH		 2845 hci_dev_lock(hdev);
2846
2847 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2848 if (!conn)
2849 goto unlock;
41a96212 2850
ccd556fe
JH		 2851 if (!ev->status && ev->page == 0x01) {
2852 struct inquiry_entry *ie;
41a96212 2853
cc11b9c1
AE		 2854 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2855 if (ie)
02b7cc62 2856 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2857
02b7cc62 2858 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2859 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2860 }
2861
2862 if (conn->state != BT_CONFIG)
2863 goto unlock;
2864
671267bf 2865 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2866 struct hci_cp_remote_name_req cp;
2867 memset(&cp, 0, sizeof(cp));
2868 bacpy(&cp.bdaddr, &conn->dst);
2869 cp.pscan_rep_mode = 0x02;
2870 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2871 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2872 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2873 conn->dst_type, 0, NULL, 0,
2874 conn->dev_class);
392599b9 2875
127178d2 2876 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2877 conn->state = BT_CONNECTED;
2878 hci_proto_connect_cfm(conn, ev->status);
2879 hci_conn_put(conn);
41a96212
MH		 2880 }
2881
ccd556fe 2882unlock:
41a96212 2883 hci_dev_unlock(hdev);
a9de9248
MH		 2884}
2885
6039aa73
GP		 2886static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2887 struct sk_buff *skb)
a9de9248 2888{
b6a0dc82
MH		 2889 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2890 struct hci_conn *conn;
2891
9f1db00c 2892 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2893
2894 hci_dev_lock(hdev);
2895
2896 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2897 if (!conn) {
2898 if (ev->link_type == ESCO_LINK)
2899 goto unlock;
2900
2901 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2902 if (!conn)
2903 goto unlock;
2904
2905 conn->type = SCO_LINK;
2906 }
b6a0dc82 2907
732547f9
MH		 2908 switch (ev->status) {
2909 case 0x00:
b6a0dc82
MH		 2910 conn->handle = __le16_to_cpu(ev->handle);
2911 conn->state = BT_CONNECTED;
7d0db0a3 2912
9eba32b8 2913 hci_conn_hold_device(conn);
7d0db0a3 2914 hci_conn_add_sysfs(conn);
732547f9
MH		 2915 break;
2916
705e5711 2917 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2918 case 0x1c: /* SCO interval rejected */
1038a00b 2919 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2920 case 0x1f: /* Unspecified error */
2921 if (conn->out && conn->attempt < 2) {
2922 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2923 (hdev->esco_type & EDR_ESCO_MASK);
2924 hci_setup_sync(conn, conn->link->handle);
2925 goto unlock;
2926 }
2927 /* fall through */
2928
2929 default:
b6a0dc82 2930 conn->state = BT_CLOSED;
732547f9
MH		 2931 break;
2932 }
b6a0dc82
MH		 2933
2934 hci_proto_connect_cfm(conn, ev->status);
2935 if (ev->status)
2936 hci_conn_del(conn);
2937
2938unlock:
2939 hci_dev_unlock(hdev);
a9de9248
MH		 2940}
2941
6039aa73
GP		 2942static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2943 struct sk_buff *skb)
1da177e4 2944{
a9de9248
MH		 2945 struct inquiry_data data;
2946 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2947 int num_rsp = *((__u8 *) skb->data);
9d939d94 2948 size_t eir_len;
1da177e4 2949
a9de9248 2950 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2951
a9de9248
MH		 2952 if (!num_rsp)
2953 return;
1da177e4 2954
1519cc17
AG		 2955 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2956 return;
2957
a9de9248
MH		 2958 hci_dev_lock(hdev);
2959
e17acd40 2960 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2961 bool name_known, ssp;
561aafbc 2962
a9de9248 2963 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2964 data.pscan_rep_mode = info->pscan_rep_mode;
2965 data.pscan_period_mode = info->pscan_period_mode;
2966 data.pscan_mode = 0x00;
a9de9248 2967 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2968 data.clock_offset = info->clock_offset;
2969 data.rssi = info->rssi;
41a96212 2970 data.ssp_mode = 0x01;
561aafbc 2971
a8b2d5c2 2972 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2973 name_known = eir_has_data_type(info->data,
04124681
GP		 2974 sizeof(info->data),
2975 EIR_NAME_COMPLETE);
561aafbc
JH		 2976 else
2977 name_known = true;
2978
388fc8fa 2979 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 2980 &ssp);
9d939d94 2981 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 2982 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 2983 info->dev_class, info->rssi, !name_known,
9d939d94 2984 ssp, info->data, eir_len);
a9de9248
MH		 2985 }
2986
2987 hci_dev_unlock(hdev);
2988}
1da177e4 2989
1c2e0041
JH		 2990static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2991 struct sk_buff *skb)
2992{
2993 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2994 struct hci_conn *conn;
2995
9f1db00c 2996 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 2997 __le16_to_cpu(ev->handle));
2998
2999 hci_dev_lock(hdev);
3000
3001 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3002 if (!conn)
3003 goto unlock;
3004
3005 if (!ev->status)
3006 conn->sec_level = conn->pending_sec_level;
3007
3008 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3009
3010 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3011 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1c2e0041
JH		 3012 hci_conn_put(conn);
3013 goto unlock;
3014 }
3015
3016 if (conn->state == BT_CONFIG) {
3017 if (!ev->status)
3018 conn->state = BT_CONNECTED;
3019
3020 hci_proto_connect_cfm(conn, ev->status);
3021 hci_conn_put(conn);
3022 } else {
3023 hci_auth_cfm(conn, ev->status);
3024
3025 hci_conn_hold(conn);
3026 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3027 hci_conn_put(conn);
3028 }
3029
3030unlock:
3031 hci_dev_unlock(hdev);
3032}
3033
6039aa73 3034static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3035{
3036 /* If remote requests dedicated bonding follow that lead */
3037 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3038 /* If both remote and local IO capabilities allow MITM
3039 * protection then require it, otherwise don't */
3040 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3041 return 0x02;
3042 else
3043 return 0x03;
3044 }
3045
3046 /* If remote requests no-bonding follow that lead */
3047 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3048 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3049
3050 return conn->auth_type;
3051}
3052
6039aa73 3053static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3054{
3055 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3056 struct hci_conn *conn;
3057
3058 BT_DBG("%s", hdev->name);
3059
3060 hci_dev_lock(hdev);
3061
3062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3063 if (!conn)
3064 goto unlock;
3065
3066 hci_conn_hold(conn);
3067
a8b2d5c2 3068 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3069 goto unlock;
3070
a8b2d5c2 3071 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3072 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3073 struct hci_cp_io_capability_reply cp;
3074
3075 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3076 /* Change the IO capability from KeyboardDisplay
3077 * to DisplayYesNo as it is not supported by BT spec. */
3078 cp.capability = (conn->io_capability == 0x04) ?
3079 0x01 : conn->io_capability;
7cbc9bd9
JH		 3080 conn->auth_type = hci_get_auth_req(conn);
3081 cp.authentication = conn->auth_type;
17fa4b9d 3082
8fc9ced3
GP		 3083 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3084 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3085 cp.oob_data = 0x01;
3086 else
3087 cp.oob_data = 0x00;
3088
17fa4b9d 3089 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3090 sizeof(cp), &cp);
03b555e1
JH		 3091 } else {
3092 struct hci_cp_io_capability_neg_reply cp;
3093
3094 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3095 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3096
03b555e1 3097 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3098 sizeof(cp), &cp);
03b555e1
JH		 3099 }
3100
3101unlock:
3102 hci_dev_unlock(hdev);
3103}
3104
6039aa73 3105static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3106{
3107 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3108 struct hci_conn *conn;
3109
3110 BT_DBG("%s", hdev->name);
3111
3112 hci_dev_lock(hdev);
3113
3114 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3115 if (!conn)
3116 goto unlock;
3117
03b555e1 3118 conn->remote_cap = ev->capability;
03b555e1 3119 conn->remote_auth = ev->authentication;
58a681ef
JH		 3120 if (ev->oob_data)
3121 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3122
3123unlock:
0493684e
MH		 3124 hci_dev_unlock(hdev);
3125}
3126
6039aa73
GP		 3127static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3128 struct sk_buff *skb)
a5c29683
JH		 3129{
3130 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3131 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3132 struct hci_conn *conn;
a5c29683
JH		 3133
3134 BT_DBG("%s", hdev->name);
3135
3136 hci_dev_lock(hdev);
3137
a8b2d5c2 3138 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3139 goto unlock;
a5c29683 3140
7a828908
JH		 3141 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3142 if (!conn)
3143 goto unlock;
3144
3145 loc_mitm = (conn->auth_type & 0x01);
3146 rem_mitm = (conn->remote_auth & 0x01);
3147
3148 /* If we require MITM but the remote device can't provide that
3149 * (it has NoInputNoOutput) then reject the confirmation
3150 * request. The only exception is when we're dedicated bonding
3151 * initiators (connect_cfm_cb set) since then we always have the MITM
3152 * bit set. */
3153 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3154 BT_DBG("Rejecting request: remote device can't provide MITM");
3155 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3156 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3157 goto unlock;
3158 }
3159
3160 /* If no side requires MITM protection; auto-accept */
3161 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3162 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3163
3164 /* If we're not the initiators request authorization to
3165 * proceed from user space (mgmt_user_confirm with
3166 * confirm_hint set to 1). */
51a8efd7 3167 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3168 BT_DBG("Confirming auto-accept as acceptor");
3169 confirm_hint = 1;
3170 goto confirm;
3171 }
3172
9f61656a 3173 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3174 hdev->auto_accept_delay);
9f61656a
JH		 3175
3176 if (hdev->auto_accept_delay > 0) {
3177 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3178 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3179 goto unlock;
3180 }
3181
7a828908 3182 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3183 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3184 goto unlock;
3185 }
3186
55bc1a37 3187confirm:
272d90df 3188 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3189 confirm_hint);
7a828908
JH		 3190
3191unlock:
a5c29683
JH		 3192 hci_dev_unlock(hdev);
3193}
3194
6039aa73
GP		 3195static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3196 struct sk_buff *skb)
1143d458
BG		 3197{
3198 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3199
3200 BT_DBG("%s", hdev->name);
3201
a8b2d5c2 3202 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3203 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3204}
3205
92a25256
JH		 3206static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3207 struct sk_buff *skb)
3208{
3209 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3210 struct hci_conn *conn;
3211
3212 BT_DBG("%s", hdev->name);
3213
3214 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3215 if (!conn)
3216 return;
3217
3218 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3219 conn->passkey_entered = 0;
3220
3221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3222 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3223 conn->dst_type, conn->passkey_notify,
3224 conn->passkey_entered);
3225}
3226
3227static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3228{
3229 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3230 struct hci_conn *conn;
3231
3232 BT_DBG("%s", hdev->name);
3233
3234 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3235 if (!conn)
3236 return;
3237
3238 switch (ev->type) {
3239 case HCI_KEYPRESS_STARTED:
3240 conn->passkey_entered = 0;
3241 return;
3242
3243 case HCI_KEYPRESS_ENTERED:
3244 conn->passkey_entered++;
3245 break;
3246
3247 case HCI_KEYPRESS_ERASED:
3248 conn->passkey_entered--;
3249 break;
3250
3251 case HCI_KEYPRESS_CLEARED:
3252 conn->passkey_entered = 0;
3253 break;
3254
3255 case HCI_KEYPRESS_COMPLETED:
3256 return;
3257 }
3258
3259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3260 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3261 conn->dst_type, conn->passkey_notify,
3262 conn->passkey_entered);
3263}
3264
6039aa73
GP		 3265static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3266 struct sk_buff *skb)
0493684e
MH		 3267{
3268 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3269 struct hci_conn *conn;
3270
3271 BT_DBG("%s", hdev->name);
3272
3273 hci_dev_lock(hdev);
3274
3275 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3276 if (!conn)
3277 goto unlock;
3278
3279 /* To avoid duplicate auth_failed events to user space we check
3280 * the HCI_CONN_AUTH_PEND flag which will be set if we
3281 * initiated the authentication. A traditional auth_complete
3282 * event gets always produced as initiator and is also mapped to
3283 * the mgmt_auth_failed event */
fa1bd918 3284 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3285 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3286 ev->status);
0493684e 3287
2a611692
JH		 3288 hci_conn_put(conn);
3289
3290unlock:
0493684e
MH		 3291 hci_dev_unlock(hdev);
3292}
3293
6039aa73
GP		 3294static void hci_remote_host_features_evt(struct hci_dev *hdev,
3295 struct sk_buff *skb)
41a96212
MH		 3296{
3297 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3298 struct inquiry_entry *ie;
3299
3300 BT_DBG("%s", hdev->name);
3301
3302 hci_dev_lock(hdev);
3303
cc11b9c1
AE		 3304 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3305 if (ie)
02b7cc62 3306 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3307
3308 hci_dev_unlock(hdev);
3309}
3310
6039aa73
GP		 3311static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3312 struct sk_buff *skb)
2763eda6
SJ		 3313{
3314 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3315 struct oob_data *data;
3316
3317 BT_DBG("%s", hdev->name);
3318
3319 hci_dev_lock(hdev);
3320
a8b2d5c2 3321 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3322 goto unlock;
3323
2763eda6
SJ		 3324 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3325 if (data) {
3326 struct hci_cp_remote_oob_data_reply cp;
3327
3328 bacpy(&cp.bdaddr, &ev->bdaddr);
3329 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3330 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3331
3332 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3333 &cp);
2763eda6
SJ		 3334 } else {
3335 struct hci_cp_remote_oob_data_neg_reply cp;
3336
3337 bacpy(&cp.bdaddr, &ev->bdaddr);
3338 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3339 &cp);
2763eda6
SJ		 3340 }
3341
e1ba1f15 3342unlock:
2763eda6
SJ		 3343 hci_dev_unlock(hdev);
3344}
3345
d5e91192
AE		 3346static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3347 struct sk_buff *skb)
3348{
3349 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3350 struct hci_conn *hcon, *bredr_hcon;
3351
3352 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3353 ev->status);
3354
3355 hci_dev_lock(hdev);
3356
3357 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3358 if (!hcon) {
3359 hci_dev_unlock(hdev);
3360 return;
3361 }
3362
3363 if (ev->status) {
3364 hci_conn_del(hcon);
3365 hci_dev_unlock(hdev);
3366 return;
3367 }
3368
3369 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3370
3371 hcon->state = BT_CONNECTED;
3372 bacpy(&hcon->dst, &bredr_hcon->dst);
3373
3374 hci_conn_hold(hcon);
3375 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3376 hci_conn_put(hcon);
3377
3378 hci_conn_hold_device(hcon);
3379 hci_conn_add_sysfs(hcon);
3380
cf70ff22 3381 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3382
cf70ff22 3383 hci_dev_unlock(hdev);
d5e91192
AE		 3384}
3385
27695fb4
AE		 3386static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3387{
3388 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3389 struct hci_conn *hcon;
3390 struct hci_chan *hchan;
3391 struct amp_mgr *mgr;
3392
3393 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3394 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3395 ev->status);
3396
3397 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3398 if (!hcon)
3399 return;
3400
3401 /* Create AMP hchan */
3402 hchan = hci_chan_create(hcon);
3403 if (!hchan)
3404 return;
3405
3406 hchan->handle = le16_to_cpu(ev->handle);
3407
3408 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3409
3410 mgr = hcon->amp_mgr;
3411 if (mgr && mgr->bredr_chan) {
3412 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3413
3414 l2cap_chan_lock(bredr_chan);
3415
3416 bredr_chan->conn->mtu = hdev->block_mtu;
3417 l2cap_logical_cfm(bredr_chan, hchan, 0);
3418 hci_conn_hold(hcon);
3419
3420 l2cap_chan_unlock(bredr_chan);
3421 }
3422}
3423
606e2a10
AE		 3424static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3425 struct sk_buff *skb)
3426{
3427 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3428 struct hci_chan *hchan;
3429
3430 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3431 le16_to_cpu(ev->handle), ev->status);
3432
3433 if (ev->status)
3434 return;
3435
3436 hci_dev_lock(hdev);
3437
3438 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3439 if (!hchan)
3440 goto unlock;
3441
3442 amp_destroy_logical_link(hchan, ev->reason);
3443
3444unlock:
3445 hci_dev_unlock(hdev);
3446}
3447
9eef6b3a
AE		 3448static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3449 struct sk_buff *skb)
3450{
3451 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3452 struct hci_conn *hcon;
3453
3454 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3455
3456 if (ev->status)
3457 return;
3458
3459 hci_dev_lock(hdev);
3460
3461 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3462 if (hcon) {
3463 hcon->state = BT_CLOSED;
3464 hci_conn_del(hcon);
3465 }
3466
3467 hci_dev_unlock(hdev);
3468}
3469
6039aa73 3470static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3471{
3472 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3473 struct hci_conn *conn;
3474
9f1db00c 3475 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3476
3477 hci_dev_lock(hdev);
3478
b47a09b3 3479 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3480 if (!conn) {
3481 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3482 if (!conn) {
3483 BT_ERR("No memory for new connection");
230fd16a 3484 goto unlock;
b62f328b 3485 }
29b7988a
AG		 3486
3487 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3488
3489 if (ev->role == LE_CONN_ROLE_MASTER) {
3490 conn->out = true;
3491 conn->link_mode |= HCI_LM_MASTER;
3492 }
b62f328b 3493 }
fcd89c09 3494
cd17decb
AG		 3495 if (ev->status) {
3496 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3497 conn->dst_type, ev->status);
3498 hci_proto_connect_cfm(conn, ev->status);
3499 conn->state = BT_CLOSED;
3500 hci_conn_del(conn);
3501 goto unlock;
3502 }
3503
b644ba33
JH		 3504 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3505 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3506 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3507
7b5c0d52 3508 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3509 conn->handle = __le16_to_cpu(ev->handle);
3510 conn->state = BT_CONNECTED;
3511
3512 hci_conn_hold_device(conn);
3513 hci_conn_add_sysfs(conn);
3514
3515 hci_proto_connect_cfm(conn, ev->status);
3516
3517unlock:
3518 hci_dev_unlock(hdev);
3519}
3520
6039aa73 3521static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3522{
e95beb41
AG		 3523 u8 num_reports = skb->data[0];
3524 void *ptr = &skb->data[1];
3c9e9195 3525 s8 rssi;
9aa04c91 3526
e95beb41
AG		 3527 while (num_reports--) {
3528 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3529
3c9e9195
AG		 3530 rssi = ev->data[ev->length];
3531 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3532 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3533
e95beb41 3534 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 3535 }
9aa04c91
AG		 3536}
3537
6039aa73 3538static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3539{
3540 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3541 struct hci_cp_le_ltk_reply cp;
bea710fe 3542 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3543 struct hci_conn *conn;
c9839a11 3544 struct smp_ltk *ltk;
a7a595f6 3545
9f1db00c 3546 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3547
3548 hci_dev_lock(hdev);
3549
3550 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3551 if (conn == NULL)
3552 goto not_found;
a7a595f6 3553
bea710fe
VCG		 3554 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3555 if (ltk == NULL)
3556 goto not_found;
3557
3558 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3559 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3560
3561 if (ltk->authenticated)
3562 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3563
3564 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3565
c9839a11
VCG		 3566 if (ltk->type & HCI_SMP_STK) {
3567 list_del(&ltk->list);
3568 kfree(ltk);
3569 }
3570
a7a595f6 3571 hci_dev_unlock(hdev);
bea710fe
VCG		 3572
3573 return;
3574
3575not_found:
3576 neg.handle = ev->handle;
3577 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3578 hci_dev_unlock(hdev);
a7a595f6
VCG		 3579}
3580
6039aa73 3581static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3582{
3583 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3584
3585 skb_pull(skb, sizeof(*le_ev));
3586
3587 switch (le_ev->subevent) {
3588 case HCI_EV_LE_CONN_COMPLETE:
3589 hci_le_conn_complete_evt(hdev, skb);
3590 break;
3591
9aa04c91
AG		 3592 case HCI_EV_LE_ADVERTISING_REPORT:
3593 hci_le_adv_report_evt(hdev, skb);
3594 break;
3595
a7a595f6
VCG		 3596 case HCI_EV_LE_LTK_REQ:
3597 hci_le_ltk_request_evt(hdev, skb);
3598 break;
3599
fcd89c09
VT		 3600 default:
3601 break;
3602 }
3603}
3604
9495b2ee
AE		 3605static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3606{
3607 struct hci_ev_channel_selected *ev = (void *) skb->data;
3608 struct hci_conn *hcon;
3609
3610 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3611
3612 skb_pull(skb, sizeof(*ev));
3613
3614 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3615 if (!hcon)
3616 return;
3617
3618 amp_read_loc_assoc_final_data(hdev, hcon);
3619}
3620
a9de9248
MH		 3621void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3622{
3623 struct hci_event_hdr *hdr = (void *) skb->data;
3624 __u8 event = hdr->evt;
3625
3626 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3627
3628 switch (event) {
1da177e4
LT		 3629 case HCI_EV_INQUIRY_COMPLETE:
3630 hci_inquiry_complete_evt(hdev, skb);
3631 break;
3632
3633 case HCI_EV_INQUIRY_RESULT:
3634 hci_inquiry_result_evt(hdev, skb);
3635 break;
3636
a9de9248
MH		 3637 case HCI_EV_CONN_COMPLETE:
3638 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3639 break;
3640
1da177e4
LT		 3641 case HCI_EV_CONN_REQUEST:
3642 hci_conn_request_evt(hdev, skb);
3643 break;
3644
1da177e4
LT		 3645 case HCI_EV_DISCONN_COMPLETE:
3646 hci_disconn_complete_evt(hdev, skb);
3647 break;
3648
1da177e4
LT		 3649 case HCI_EV_AUTH_COMPLETE:
3650 hci_auth_complete_evt(hdev, skb);
3651 break;
3652
a9de9248
MH		 3653 case HCI_EV_REMOTE_NAME:
3654 hci_remote_name_evt(hdev, skb);
3655 break;
3656
1da177e4
LT		 3657 case HCI_EV_ENCRYPT_CHANGE:
3658 hci_encrypt_change_evt(hdev, skb);
3659 break;
3660
a9de9248
MH		 3661 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3662 hci_change_link_key_complete_evt(hdev, skb);
3663 break;
3664
3665 case HCI_EV_REMOTE_FEATURES:
3666 hci_remote_features_evt(hdev, skb);
3667 break;
3668
a9de9248
MH		 3669 case HCI_EV_CMD_COMPLETE:
3670 hci_cmd_complete_evt(hdev, skb);
3671 break;
3672
3673 case HCI_EV_CMD_STATUS:
3674 hci_cmd_status_evt(hdev, skb);
3675 break;
3676
3677 case HCI_EV_ROLE_CHANGE:
3678 hci_role_change_evt(hdev, skb);
3679 break;
3680
3681 case HCI_EV_NUM_COMP_PKTS:
3682 hci_num_comp_pkts_evt(hdev, skb);
3683 break;
3684
3685 case HCI_EV_MODE_CHANGE:
3686 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3687 break;
3688
3689 case HCI_EV_PIN_CODE_REQ:
3690 hci_pin_code_request_evt(hdev, skb);
3691 break;
3692
3693 case HCI_EV_LINK_KEY_REQ:
3694 hci_link_key_request_evt(hdev, skb);
3695 break;
3696
3697 case HCI_EV_LINK_KEY_NOTIFY:
3698 hci_link_key_notify_evt(hdev, skb);
3699 break;
3700
3701 case HCI_EV_CLOCK_OFFSET:
3702 hci_clock_offset_evt(hdev, skb);
3703 break;
3704
a8746417
MH		 3705 case HCI_EV_PKT_TYPE_CHANGE:
3706 hci_pkt_type_change_evt(hdev, skb);
3707 break;
3708
85a1e930
MH		 3709 case HCI_EV_PSCAN_REP_MODE:
3710 hci_pscan_rep_mode_evt(hdev, skb);
3711 break;
3712
a9de9248
MH		 3713 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3714 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3715 break;
3716
a9de9248
MH		 3717 case HCI_EV_REMOTE_EXT_FEATURES:
3718 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3719 break;
3720
a9de9248
MH		 3721 case HCI_EV_SYNC_CONN_COMPLETE:
3722 hci_sync_conn_complete_evt(hdev, skb);
3723 break;
1da177e4 3724
a9de9248
MH		 3725 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3726 hci_extended_inquiry_result_evt(hdev, skb);
3727 break;
1da177e4 3728
1c2e0041
JH		 3729 case HCI_EV_KEY_REFRESH_COMPLETE:
3730 hci_key_refresh_complete_evt(hdev, skb);
3731 break;
3732
0493684e
MH		 3733 case HCI_EV_IO_CAPA_REQUEST:
3734 hci_io_capa_request_evt(hdev, skb);
3735 break;
3736
03b555e1
JH		 3737 case HCI_EV_IO_CAPA_REPLY:
3738 hci_io_capa_reply_evt(hdev, skb);
3739 break;
3740
a5c29683
JH		 3741 case HCI_EV_USER_CONFIRM_REQUEST:
3742 hci_user_confirm_request_evt(hdev, skb);
3743 break;
3744
1143d458
BG		 3745 case HCI_EV_USER_PASSKEY_REQUEST:
3746 hci_user_passkey_request_evt(hdev, skb);
3747 break;
3748
92a25256
JH		 3749 case HCI_EV_USER_PASSKEY_NOTIFY:
3750 hci_user_passkey_notify_evt(hdev, skb);
3751 break;
3752
3753 case HCI_EV_KEYPRESS_NOTIFY:
3754 hci_keypress_notify_evt(hdev, skb);
3755 break;
3756
0493684e
MH		 3757 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3758 hci_simple_pair_complete_evt(hdev, skb);
3759 break;
3760
41a96212
MH		 3761 case HCI_EV_REMOTE_HOST_FEATURES:
3762 hci_remote_host_features_evt(hdev, skb);
3763 break;
3764
fcd89c09
VT		 3765 case HCI_EV_LE_META:
3766 hci_le_meta_evt(hdev, skb);
3767 break;
3768
9495b2ee
AE		 3769 case HCI_EV_CHANNEL_SELECTED:
3770 hci_chan_selected_evt(hdev, skb);
3771 break;
3772
2763eda6
SJ		 3773 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3774 hci_remote_oob_data_request_evt(hdev, skb);
3775 break;
3776
d5e91192
AE		 3777 case HCI_EV_PHY_LINK_COMPLETE:
3778 hci_phy_link_complete_evt(hdev, skb);
3779 break;
3780
27695fb4
AE		 3781 case HCI_EV_LOGICAL_LINK_COMPLETE:
3782 hci_loglink_complete_evt(hdev, skb);
3783 break;
3784
606e2a10
AE		 3785 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3786 hci_disconn_loglink_complete_evt(hdev, skb);
3787 break;
3788
9eef6b3a
AE		 3789 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3790 hci_disconn_phylink_complete_evt(hdev, skb);
3791 break;
3792
25e89e99
AE		 3793 case HCI_EV_NUM_COMP_BLOCKS:
3794 hci_num_comp_blocks_evt(hdev, skb);
3795 break;
3796
a9de9248 3797 default:
9f1db00c 3798 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3799 break;
3800 }
3801
3802 kfree_skb(skb);
3803 hdev->stat.evt_rx++;
3804}
Linux kernel - Deliverables
This page took 0.963879 seconds and 5 git commands to generate.