projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: A2MP: Create amp_mgr global list
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
8c520a59 27#include <linux/export.h>
1da177e4
LT		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
f0d6a0ea 32#include <net/bluetooth/mgmt.h>
1da177e4 33
1da177e4
LT		 34/* Handle HCI Event packets */
35
a9de9248 36static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 37{
a9de9248 38 __u8 status = *((__u8 *) skb->data);
1da177e4 39
9f1db00c 40 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 41
e6d465cb
AG		 42 if (status) {
43 hci_dev_lock(hdev);
44 mgmt_stop_discovery_failed(hdev, status);
45 hci_dev_unlock(hdev);
a9de9248 46 return;
e6d465cb 47 }
1da177e4 48
89352e7d
AG		 49 clear_bit(HCI_INQUIRY, &hdev->flags);
50
56e5cb86 51 hci_dev_lock(hdev);
ff9ef578 52 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 53 hci_dev_unlock(hdev);
6bd57416 54
23bb5763 55 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 56
57 hci_conn_check_pending(hdev);
58}
6bd57416 59
4d93483b
AG		 60static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61{
62 __u8 status = *((__u8 *) skb->data);
63
9f1db00c 64 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 65
66 if (status)
67 return;
68
69 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 70}
71
a9de9248
MH		 72static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
6bd57416 75
9f1db00c 76 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 77
a9de9248
MH		 78 if (status)
79 return;
1da177e4 80
ae854a70
AG		 81 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82
a9de9248
MH		 83 hci_conn_check_pending(hdev);
84}
85
807deac2
GP		 86static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
87 struct sk_buff *skb)
a9de9248
MH		 88{
89 BT_DBG("%s", hdev->name);
90}
91
92static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93{
94 struct hci_rp_role_discovery *rp = (void *) skb->data;
95 struct hci_conn *conn;
96
9f1db00c 97 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 98
99 if (rp->status)
100 return;
101
102 hci_dev_lock(hdev);
103
104 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 if (conn) {
106 if (rp->role)
107 conn->link_mode &= ~HCI_LM_MASTER;
108 else
109 conn->link_mode |= HCI_LM_MASTER;
1da177e4 110 }
a9de9248
MH		 111
112 hci_dev_unlock(hdev);
1da177e4
LT		 113}
114
e4e8e37c
MH		 115static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116{
117 struct hci_rp_read_link_policy *rp = (void *) skb->data;
118 struct hci_conn *conn;
119
9f1db00c 120 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 121
122 if (rp->status)
123 return;
124
125 hci_dev_lock(hdev);
126
127 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 if (conn)
129 conn->link_policy = __le16_to_cpu(rp->policy);
130
131 hci_dev_unlock(hdev);
132}
133
a9de9248 134static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 135{
a9de9248 136 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 137 struct hci_conn *conn;
04837f64 138 void *sent;
1da177e4 139
9f1db00c 140 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 141
a9de9248
MH		 142 if (rp->status)
143 return;
1da177e4 144
a9de9248
MH		 145 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 if (!sent)
147 return;
1da177e4 148
a9de9248 149 hci_dev_lock(hdev);
1da177e4 150
a9de9248 151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 152 if (conn)
83985319 153 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 154
a9de9248
MH		 155 hci_dev_unlock(hdev);
156}
1da177e4 157
807deac2
GP		 158static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
159 struct sk_buff *skb)
e4e8e37c
MH		 160{
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162
9f1db00c 163 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 164
165 if (rp->status)
166 return;
167
168 hdev->link_policy = __le16_to_cpu(rp->policy);
169}
170
807deac2
GP		 171static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
172 struct sk_buff *skb)
e4e8e37c
MH		 173{
174 __u8 status = *((__u8 *) skb->data);
175 void *sent;
176
9f1db00c 177 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 178
179 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 if (!sent)
181 return;
182
183 if (!status)
184 hdev->link_policy = get_unaligned_le16(sent);
185
23bb5763 186 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 187}
188
a9de9248
MH		 189static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190{
191 __u8 status = *((__u8 *) skb->data);
04837f64 192
9f1db00c 193 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 194
10572132
GP		 195 clear_bit(HCI_RESET, &hdev->flags);
196
23bb5763 197 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 198
a297e97c 199 /* Reset all non-persistent flags */
ae854a70
AG		 200 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
201 BIT(HCI_PERIODIC_INQ));
69775ff6
AG		 202
203 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 204}
04837f64 205
a9de9248
MH		 206static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207{
208 __u8 status = *((__u8 *) skb->data);
209 void *sent;
04837f64 210
9f1db00c 211 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 212
a9de9248
MH		 213 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (!sent)
215 return;
04837f64 216
56e5cb86
JH		 217 hci_dev_lock(hdev);
218
f51d5b24
JH		 219 if (test_bit(HCI_MGMT, &hdev->dev_flags))
220 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 221 else if (!status)
222 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 223
56e5cb86 224 hci_dev_unlock(hdev);
3159d384
JH		 225
226 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 227}
228
229static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230{
231 struct hci_rp_read_local_name *rp = (void *) skb->data;
232
9f1db00c 233 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 234
235 if (rp->status)
236 return;
237
db99b5fc
JH		 238 if (test_bit(HCI_SETUP, &hdev->dev_flags))
239 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 240}
241
242static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243{
244 __u8 status = *((__u8 *) skb->data);
245 void *sent;
246
9f1db00c 247 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 248
249 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
250 if (!sent)
251 return;
252
253 if (!status) {
254 __u8 param = *((__u8 *) sent);
255
256 if (param == AUTH_ENABLED)
257 set_bit(HCI_AUTH, &hdev->flags);
258 else
259 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 260 }
a9de9248 261
33ef95ed
JH		 262 if (test_bit(HCI_MGMT, &hdev->dev_flags))
263 mgmt_auth_enable_complete(hdev, status);
264
23bb5763 265 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 266}
267
a9de9248 268static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 269{
a9de9248 270 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 271 void *sent;
272
9f1db00c 273 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 274
a9de9248
MH		 275 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
276 if (!sent)
277 return;
1da177e4 278
a9de9248
MH		 279 if (!status) {
280 __u8 param = *((__u8 *) sent);
281
282 if (param)
283 set_bit(HCI_ENCRYPT, &hdev->flags);
284 else
285 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 }
1da177e4 287
23bb5763 288 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 289}
1da177e4 290
a9de9248
MH		 291static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292{
36f7fc7e
JH		 293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
a9de9248 295 void *sent;
1da177e4 296
9f1db00c 297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 298
a9de9248
MH		 299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
300 if (!sent)
301 return;
1da177e4 302
36f7fc7e
JH		 303 param = *((__u8 *) sent);
304
56e5cb86
JH		 305 hci_dev_lock(hdev);
306
fa1bd918 307 if (status) {
744cf19e 308 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 309 hdev->discov_timeout = 0;
310 goto done;
311 }
312
36f7fc7e
JH		 313 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
314 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315
316 if (param & SCAN_INQUIRY) {
317 set_bit(HCI_ISCAN, &hdev->flags);
318 if (!old_iscan)
744cf19e 319 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 320 if (hdev->discov_timeout > 0) {
321 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
322 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
807deac2 323 to);
16ab91ab 324 }
36f7fc7e 325 } else if (old_iscan)
744cf19e 326 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 327
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
330 if (!old_pscan)
744cf19e 331 mgmt_connectable(hdev, 1);
36f7fc7e 332 } else if (old_pscan)
744cf19e 333 mgmt_connectable(hdev, 0);
1da177e4 334
36f7fc7e 335done:
56e5cb86 336 hci_dev_unlock(hdev);
23bb5763 337 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 338}
1da177e4 339
a9de9248
MH		 340static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341{
342 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 343
9f1db00c 344 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 345
a9de9248
MH		 346 if (rp->status)
347 return;
1da177e4 348
a9de9248 349 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 350
a9de9248 351 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 352 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 353}
1da177e4 354
a9de9248
MH		 355static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356{
357 __u8 status = *((__u8 *) skb->data);
358 void *sent;
1da177e4 359
9f1db00c 360 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 361
a9de9248
MH		 362 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 if (!sent)
364 return;
1da177e4 365
7f9a903c
MH		 366 hci_dev_lock(hdev);
367
368 if (status == 0)
369 memcpy(hdev->dev_class, sent, 3);
370
371 if (test_bit(HCI_MGMT, &hdev->dev_flags))
372 mgmt_set_class_of_dev_complete(hdev, sent, status);
373
374 hci_dev_unlock(hdev);
a9de9248 375}
1da177e4 376
a9de9248
MH		 377static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378{
379 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
380 __u16 setting;
381
9f1db00c 382 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 383
384 if (rp->status)
385 return;
386
387 setting = __le16_to_cpu(rp->voice_setting);
388
f383f275 389 if (hdev->voice_setting == setting)
a9de9248
MH		 390 return;
391
392 hdev->voice_setting = setting;
393
9f1db00c 394 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 395
3c54711c 396 if (hdev->notify)
a9de9248 397 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 398}
399
8fc9ced3
GP		 400static void hci_cc_write_voice_setting(struct hci_dev *hdev,
401 struct sk_buff *skb)
a9de9248
MH		 402{
403 __u8 status = *((__u8 *) skb->data);
f383f275 404 __u16 setting;
a9de9248
MH		 405 void *sent;
406
9f1db00c 407 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 408
f383f275
MH		 409 if (status)
410 return;
411
a9de9248
MH		 412 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
413 if (!sent)
414 return;
1da177e4 415
f383f275 416 setting = get_unaligned_le16(sent);
1da177e4 417
f383f275
MH		 418 if (hdev->voice_setting == setting)
419 return;
420
421 hdev->voice_setting = setting;
1da177e4 422
9f1db00c 423 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 424
3c54711c 425 if (hdev->notify)
f383f275 426 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 427}
428
a9de9248 429static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 430{
a9de9248 431 __u8 status = *((__u8 *) skb->data);
1da177e4 432
9f1db00c 433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 434
23bb5763 435 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 436}
1143e5a6 437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
441 void *sent;
442
9f1db00c 443 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
ed2c4ee3 449 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 450 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
451 else if (!status) {
452 if (*((u8 *) sent))
453 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 else
455 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 }
333140b5
MH		 457}
458
d5859e22
JH		 459static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460{
461 if (hdev->features[6] & LMP_EXT_INQ)
462 return 2;
463
464 if (hdev->features[3] & LMP_RSSI_INQ)
465 return 1;
466
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
807deac2 468 hdev->lmp_subver == 0x0757)
d5859e22
JH		 469 return 1;
470
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
477 return 1;
478 }
479
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
807deac2 481 hdev->lmp_subver == 0x1805)
d5859e22
JH		 482 return 1;
483
484 return 0;
485}
486
487static void hci_setup_inquiry_mode(struct hci_dev *hdev)
488{
489 u8 mode;
490
491 mode = hci_get_inquiry_mode(hdev);
492
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
494}
495
496static void hci_setup_event_mask(struct hci_dev *hdev)
497{
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502
6de6c18d
VT		 503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
5a13b095 505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 506 return;
507
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 513
514 if (hdev->features[3] & LMP_RSSI_INQ)
a24299e6 515 events[4] |= 0x02; /* Inquiry Result with RSSI */
d5859e22 516
999dcd10 517 if (lmp_sniffsubr_capable(hdev))
d5859e22
JH		 518 events[5] |= 0x20; /* Sniff Subrating */
519
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
525
c58e810e 526 if (lmp_no_flush_capable(hdev))
d5859e22
JH		 527 events[7] |= 0x01; /* Enhanced Flush Complete */
528
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531
9a1a1996 532 if (lmp_ssp_capable(hdev)) {
d5859e22
JH		 533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
543 }
544
c383ddc4 545 if (lmp_le_capable(hdev))
d5859e22
JH		 546 events[7] |= 0x20; /* LE Meta-Event */
547
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
549}
550
551static void hci_setup(struct hci_dev *hdev)
552{
e61ef499
AE		 553 if (hdev->dev_type != HCI_BREDR)
554 return;
555
d5859e22
JH		 556 hci_setup_event_mask(hdev);
557
d095c1eb 558 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 559 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
560
6d3c730f 561 if (lmp_ssp_capable(hdev)) {
54d04dbb
JH		 562 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
563 u8 mode = 0x01;
564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 565 sizeof(mode), &mode);
54d04dbb
JH		 566 } else {
567 struct hci_cp_write_eir cp;
568
569 memset(hdev->eir, 0, sizeof(hdev->eir));
570 memset(&cp, 0, sizeof(cp));
571
572 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
573 }
d5859e22
JH		 574 }
575
576 if (hdev->features[3] & LMP_RSSI_INQ)
577 hci_setup_inquiry_mode(hdev);
578
579 if (hdev->features[7] & LMP_INQ_TX_PWR)
580 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 581
582 if (hdev->features[7] & LMP_EXTFEATURES) {
583 struct hci_cp_read_local_ext_features cp;
584
585 cp.page = 0x01;
04124681
GP		 586 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
587 &cp);
971e3a4b 588 }
e6100a25 589
47990ea0
JH		 590 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
591 u8 enable = 1;
04124681
GP		 592 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
593 &enable);
47990ea0 594 }
d5859e22
JH		 595}
596
a9de9248
MH		 597static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
598{
599 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 600
9f1db00c 601 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 602
a9de9248 603 if (rp->status)
28b8df77 604 goto done;
1143e5a6 605
a9de9248 606 hdev->hci_ver = rp->hci_ver;
e4e8e37c 607 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 608 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 609 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 610 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 611
9f1db00c 612 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
807deac2 613 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 614
615 if (test_bit(HCI_INIT, &hdev->flags))
616 hci_setup(hdev);
28b8df77
AE		 617
618done:
619 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 620}
621
622static void hci_setup_link_policy(struct hci_dev *hdev)
623{
035100c8 624 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 625 u16 link_policy = 0;
626
9f92ebf6 627 if (lmp_rswitch_capable(hdev))
d5859e22
JH		 628 link_policy |= HCI_LP_RSWITCH;
629 if (hdev->features[0] & LMP_HOLD)
630 link_policy |= HCI_LP_HOLD;
6eded100 631 if (lmp_sniff_capable(hdev))
d5859e22
JH		 632 link_policy |= HCI_LP_SNIFF;
633 if (hdev->features[1] & LMP_PARK)
634 link_policy |= HCI_LP_PARK;
635
035100c8
AE		 636 cp.policy = cpu_to_le16(link_policy);
637 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 638}
1da177e4 639
8fc9ced3
GP		 640static void hci_cc_read_local_commands(struct hci_dev *hdev,
641 struct sk_buff *skb)
a9de9248
MH		 642{
643 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 644
9f1db00c 645 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 646
a9de9248 647 if (rp->status)
d5859e22 648 goto done;
1da177e4 649
a9de9248 650 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 651
652 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
653 hci_setup_link_policy(hdev);
654
655done:
656 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 657}
1da177e4 658
8fc9ced3
GP		 659static void hci_cc_read_local_features(struct hci_dev *hdev,
660 struct sk_buff *skb)
a9de9248
MH		 661{
662 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 663
9f1db00c 664 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 665
a9de9248
MH		 666 if (rp->status)
667 return;
5b7f9909 668
a9de9248 669 memcpy(hdev->features, rp->features, 8);
5b7f9909 670
a9de9248
MH		 671 /* Adjust default settings according to features
672 * supported by device. */
1da177e4 673
a9de9248
MH		 674 if (hdev->features[0] & LMP_3SLOT)
675 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 676
a9de9248
MH		 677 if (hdev->features[0] & LMP_5SLOT)
678 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 679
a9de9248
MH		 680 if (hdev->features[1] & LMP_HV2) {
681 hdev->pkt_type |= (HCI_HV2);
682 hdev->esco_type |= (ESCO_HV2);
683 }
1da177e4 684
a9de9248
MH		 685 if (hdev->features[1] & LMP_HV3) {
686 hdev->pkt_type |= (HCI_HV3);
687 hdev->esco_type |= (ESCO_HV3);
688 }
1da177e4 689
45db810f 690 if (lmp_esco_capable(hdev))
a9de9248 691 hdev->esco_type |= (ESCO_EV3);
da1f5198 692
a9de9248
MH		 693 if (hdev->features[4] & LMP_EV4)
694 hdev->esco_type |= (ESCO_EV4);
da1f5198 695
a9de9248
MH		 696 if (hdev->features[4] & LMP_EV5)
697 hdev->esco_type |= (ESCO_EV5);
1da177e4 698
efc7688b
MH		 699 if (hdev->features[5] & LMP_EDR_ESCO_2M)
700 hdev->esco_type |= (ESCO_2EV3);
701
702 if (hdev->features[5] & LMP_EDR_ESCO_3M)
703 hdev->esco_type |= (ESCO_3EV3);
704
705 if (hdev->features[5] & LMP_EDR_3S_ESCO)
706 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
707
a9de9248 708 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
807deac2
GP		 709 hdev->features[0], hdev->features[1],
710 hdev->features[2], hdev->features[3],
711 hdev->features[4], hdev->features[5],
712 hdev->features[6], hdev->features[7]);
a9de9248 713}
1da177e4 714
8f984dfa
JH		 715static void hci_set_le_support(struct hci_dev *hdev)
716{
717 struct hci_cp_write_le_host_supported cp;
718
719 memset(&cp, 0, sizeof(cp));
720
9d42820f 721 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8f984dfa
JH		 722 cp.le = 1;
723 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
724 }
725
726 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 727 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
728 &cp);
8f984dfa
JH		 729}
730
971e3a4b 731static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 732 struct sk_buff *skb)
971e3a4b
AG		 733{
734 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
735
9f1db00c 736 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 737
738 if (rp->status)
8f984dfa 739 goto done;
971e3a4b 740
b5b32b65
AG		 741 switch (rp->page) {
742 case 0:
743 memcpy(hdev->features, rp->features, 8);
744 break;
745 case 1:
746 memcpy(hdev->host_features, rp->features, 8);
747 break;
748 }
971e3a4b 749
c383ddc4 750 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
8f984dfa
JH		 751 hci_set_le_support(hdev);
752
753done:
971e3a4b
AG		 754 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
755}
756
1e89cffb 757static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 758 struct sk_buff *skb)
1e89cffb
AE		 759{
760 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
761
9f1db00c 762 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb
AE		 763
764 if (rp->status)
765 return;
766
767 hdev->flow_ctl_mode = rp->mode;
768
769 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
770}
771
a9de9248
MH		 772static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
773{
774 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 775
9f1db00c 776 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 777
a9de9248
MH		 778 if (rp->status)
779 return;
1da177e4 780
a9de9248
MH		 781 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
782 hdev->sco_mtu = rp->sco_mtu;
783 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
784 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
785
786 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
787 hdev->sco_mtu = 64;
788 hdev->sco_pkts = 8;
1da177e4 789 }
a9de9248
MH		 790
791 hdev->acl_cnt = hdev->acl_pkts;
792 hdev->sco_cnt = hdev->sco_pkts;
793
807deac2
GP		 794 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
795 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 796}
797
798static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
799{
800 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
801
9f1db00c 802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 803
804 if (!rp->status)
805 bacpy(&hdev->bdaddr, &rp->bdaddr);
806
23bb5763
JH		 807 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
808}
809
350ee4cf 810static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 811 struct sk_buff *skb)
350ee4cf
AE		 812{
813 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
814
9f1db00c 815 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 816
817 if (rp->status)
818 return;
819
820 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
821 hdev->block_len = __le16_to_cpu(rp->block_len);
822 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
823
824 hdev->block_cnt = hdev->num_blocks;
825
826 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 827 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 828
829 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
830}
831
23bb5763
JH		 832static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
833{
834 __u8 status = *((__u8 *) skb->data);
835
9f1db00c 836 BT_DBG("%s status 0x%2.2x", hdev->name, status);
23bb5763
JH		 837
838 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 839}
840
928abaa7 841static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 842 struct sk_buff *skb)
928abaa7
AE		 843{
844 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
845
9f1db00c 846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 847
848 if (rp->status)
849 return;
850
851 hdev->amp_status = rp->amp_status;
852 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
853 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
854 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
855 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
856 hdev->amp_type = rp->amp_type;
857 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
858 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
859 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
860 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861
862 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
863}
864
b0916ea0 865static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
807deac2 866 struct sk_buff *skb)
b0916ea0
JH		 867{
868 __u8 status = *((__u8 *) skb->data);
869
9f1db00c 870 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b0916ea0
JH		 871
872 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
873}
874
d5859e22
JH		 875static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 __u8 status = *((__u8 *) skb->data);
878
9f1db00c 879 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 880
881 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
882}
883
884static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
807deac2 885 struct sk_buff *skb)
d5859e22
JH		 886{
887 __u8 status = *((__u8 *) skb->data);
888
9f1db00c 889 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 890
891 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
892}
893
894static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 895 struct sk_buff *skb)
d5859e22 896{
91c4e9b1 897 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 898
9f1db00c 899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 900
901 if (!rp->status)
902 hdev->inq_tx_power = rp->tx_power;
d5859e22 903
91c4e9b1 904 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 905}
906
907static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
908{
909 __u8 status = *((__u8 *) skb->data);
910
9f1db00c 911 BT_DBG("%s status 0x%2.2x", hdev->name, status);
d5859e22
JH		 912
913 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
914}
915
980e1a53
JH		 916static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
917{
918 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
919 struct hci_cp_pin_code_reply *cp;
920 struct hci_conn *conn;
921
9f1db00c 922 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 923
56e5cb86
JH		 924 hci_dev_lock(hdev);
925
a8b2d5c2 926 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 927 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 928
fa1bd918 929 if (rp->status)
56e5cb86 930 goto unlock;
980e1a53
JH		 931
932 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
933 if (!cp)
56e5cb86 934 goto unlock;
980e1a53
JH		 935
936 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
937 if (conn)
938 conn->pin_length = cp->pin_len;
56e5cb86
JH		 939
940unlock:
941 hci_dev_unlock(hdev);
980e1a53
JH		 942}
943
944static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
945{
946 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
947
9f1db00c 948 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 949
56e5cb86
JH		 950 hci_dev_lock(hdev);
951
a8b2d5c2 952 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 953 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 954 rp->status);
56e5cb86
JH		 955
956 hci_dev_unlock(hdev);
980e1a53 957}
56e5cb86 958
6ed58ec5
VT		 959static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960 struct sk_buff *skb)
961{
962 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
963
9f1db00c 964 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 965
966 if (rp->status)
967 return;
968
969 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
970 hdev->le_pkts = rp->le_max_pkt;
971
972 hdev->le_cnt = hdev->le_pkts;
973
974 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975
976 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
977}
980e1a53 978
a5c29683
JH		 979static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
980{
981 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
982
9f1db00c 983 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 984
56e5cb86
JH		 985 hci_dev_lock(hdev);
986
a8b2d5c2 987 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 988 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
989 rp->status);
56e5cb86
JH		 990
991 hci_dev_unlock(hdev);
a5c29683
JH		 992}
993
994static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 995 struct sk_buff *skb)
a5c29683
JH		 996{
997 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
998
9f1db00c 999 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 1000
56e5cb86
JH		 1001 hci_dev_lock(hdev);
1002
a8b2d5c2 1003 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1004 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1005 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1006
1007 hci_dev_unlock(hdev);
a5c29683
JH		 1008}
1009
1143d458
BG		 1010static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1011{
1012 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013
9f1db00c 1014 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1015
1016 hci_dev_lock(hdev);
1017
a8b2d5c2 1018 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1019 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1020 0, rp->status);
1143d458
BG		 1021
1022 hci_dev_unlock(hdev);
1023}
1024
1025static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 1026 struct sk_buff *skb)
1143d458
BG		 1027{
1028 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1029
9f1db00c 1030 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 1031
1032 hci_dev_lock(hdev);
1033
a8b2d5c2 1034 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1035 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1036 ACL_LINK, 0, rp->status);
1143d458
BG		 1037
1038 hci_dev_unlock(hdev);
1039}
1040
c35938b2 1041static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
807deac2 1042 struct sk_buff *skb)
c35938b2
SJ		 1043{
1044 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1045
9f1db00c 1046 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 1047
56e5cb86 1048 hci_dev_lock(hdev);
744cf19e 1049 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1050 rp->randomizer, rp->status);
56e5cb86 1051 hci_dev_unlock(hdev);
c35938b2
SJ		 1052}
1053
07f7fa5d
AG		 1054static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1055{
1056 __u8 status = *((__u8 *) skb->data);
1057
9f1db00c 1058 BT_DBG("%s status 0x%2.2x", hdev->name, status);
7ba8b4be
AG		 1059
1060 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1061
1062 if (status) {
1063 hci_dev_lock(hdev);
1064 mgmt_start_discovery_failed(hdev, status);
1065 hci_dev_unlock(hdev);
1066 return;
1067 }
07f7fa5d
AG		 1068}
1069
eb9d91f5 1070static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1071 struct sk_buff *skb)
eb9d91f5
AG		 1072{
1073 struct hci_cp_le_set_scan_enable *cp;
1074 __u8 status = *((__u8 *) skb->data);
1075
9f1db00c 1076 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1077
eb9d91f5
AG		 1078 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1079 if (!cp)
1080 return;
1081
68a8aea4
AE		 1082 switch (cp->enable) {
1083 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1084 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1085
3fd24153
AG		 1086 if (status) {
1087 hci_dev_lock(hdev);
1088 mgmt_start_discovery_failed(hdev, status);
1089 hci_dev_unlock(hdev);
7ba8b4be 1090 return;
3fd24153 1091 }
7ba8b4be 1092
d23264a8
AG		 1093 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1094
a8f13c8c 1095 hci_dev_lock(hdev);
343f935b 1096 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1097 hci_dev_unlock(hdev);
68a8aea4
AE		 1098 break;
1099
1100 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1101 if (status) {
1102 hci_dev_lock(hdev);
1103 mgmt_stop_discovery_failed(hdev, status);
1104 hci_dev_unlock(hdev);
7ba8b4be 1105 return;
c9ecc48e 1106 }
7ba8b4be 1107
d23264a8
AG		 1108 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1109
bc3dd33c
AG		 1110 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1111 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1112 mgmt_interleaved_discovery(hdev);
1113 } else {
1114 hci_dev_lock(hdev);
1115 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1116 hci_dev_unlock(hdev);
1117 }
1118
68a8aea4
AE		 1119 break;
1120
1121 default:
1122 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1123 break;
35815085 1124 }
eb9d91f5
AG		 1125}
1126
a7a595f6
VCG		 1127static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1128{
1129 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1130
9f1db00c 1131 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1132
1133 if (rp->status)
1134 return;
1135
1136 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1137}
1138
1139static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1140{
1141 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1142
9f1db00c 1143 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a7a595f6
VCG		 1144
1145 if (rp->status)
1146 return;
1147
1148 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1149}
1150
6039aa73
GP		 1151static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1152 struct sk_buff *skb)
f9b49306 1153{
06199cf8 1154 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1155 __u8 status = *((__u8 *) skb->data);
1156
9f1db00c 1157 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1158
06199cf8 1159 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1160 if (!sent)
f9b49306
AG		 1161 return;
1162
8f984dfa
JH		 1163 if (!status) {
1164 if (sent->le)
1165 hdev->host_features[0] |= LMP_HOST_LE;
1166 else
1167 hdev->host_features[0] &= ~LMP_HOST_LE;
1168 }
1169
1170 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
807deac2 1171 !test_bit(HCI_INIT, &hdev->flags))
8f984dfa
JH		 1172 mgmt_le_enable_complete(hdev, sent->le, status);
1173
1174 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1175}
1176
6039aa73 1177static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1178{
9f1db00c 1179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1180
1181 if (status) {
23bb5763 1182 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1183 hci_conn_check_pending(hdev);
56e5cb86 1184 hci_dev_lock(hdev);
a8b2d5c2 1185 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1186 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1187 hci_dev_unlock(hdev);
314b2381
JH		 1188 return;
1189 }
1190
89352e7d
AG		 1191 set_bit(HCI_INQUIRY, &hdev->flags);
1192
56e5cb86 1193 hci_dev_lock(hdev);
343f935b 1194 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1195 hci_dev_unlock(hdev);
1da177e4
LT		 1196}
1197
6039aa73 1198static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1199{
a9de9248 1200 struct hci_cp_create_conn *cp;
1da177e4 1201 struct hci_conn *conn;
1da177e4 1202
9f1db00c 1203 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1204
1205 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1206 if (!cp)
1207 return;
1208
1209 hci_dev_lock(hdev);
1210
1211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212
9f1db00c 1213 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1214
1215 if (status) {
1216 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1217 if (status != 0x0c || conn->attempt > 2) {
1218 conn->state = BT_CLOSED;
1219 hci_proto_connect_cfm(conn, status);
1220 hci_conn_del(conn);
1221 } else
1222 conn->state = BT_CONNECT2;
1da177e4
LT		 1223 }
1224 } else {
1225 if (!conn) {
1226 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1227 if (conn) {
a0c808b3 1228 conn->out = true;
1da177e4
LT		 1229 conn->link_mode |= HCI_LM_MASTER;
1230 } else
893ef971 1231 BT_ERR("No memory for new connection");
1da177e4
LT		 1232 }
1233 }
1234
1235 hci_dev_unlock(hdev);
1236}
1237
a9de9248 1238static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1239{
a9de9248
MH		 1240 struct hci_cp_add_sco *cp;
1241 struct hci_conn *acl, *sco;
1242 __u16 handle;
1da177e4 1243
9f1db00c 1244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1245
a9de9248
MH		 1246 if (!status)
1247 return;
1da177e4 1248
a9de9248
MH		 1249 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1250 if (!cp)
1251 return;
1da177e4 1252
a9de9248 1253 handle = __le16_to_cpu(cp->handle);
1da177e4 1254
9f1db00c 1255 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1256
a9de9248 1257 hci_dev_lock(hdev);
1da177e4 1258
a9de9248 1259 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1260 if (acl) {
1261 sco = acl->link;
1262 if (sco) {
1263 sco->state = BT_CLOSED;
1da177e4 1264
5a08ecce
AE		 1265 hci_proto_connect_cfm(sco, status);
1266 hci_conn_del(sco);
1267 }
a9de9248 1268 }
1da177e4 1269
a9de9248
MH		 1270 hci_dev_unlock(hdev);
1271}
1da177e4 1272
f8558555
MH		 1273static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1274{
1275 struct hci_cp_auth_requested *cp;
1276 struct hci_conn *conn;
1277
9f1db00c 1278 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1279
1280 if (!status)
1281 return;
1282
1283 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1284 if (!cp)
1285 return;
1286
1287 hci_dev_lock(hdev);
1288
1289 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1290 if (conn) {
1291 if (conn->state == BT_CONFIG) {
1292 hci_proto_connect_cfm(conn, status);
1293 hci_conn_put(conn);
1294 }
1295 }
1296
1297 hci_dev_unlock(hdev);
1298}
1299
1300static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1301{
1302 struct hci_cp_set_conn_encrypt *cp;
1303 struct hci_conn *conn;
1304
9f1db00c 1305 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1306
1307 if (!status)
1308 return;
1309
1310 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1311 if (!cp)
1312 return;
1313
1314 hci_dev_lock(hdev);
1315
1316 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1317 if (conn) {
1318 if (conn->state == BT_CONFIG) {
1319 hci_proto_connect_cfm(conn, status);
1320 hci_conn_put(conn);
1321 }
1322 }
1323
1324 hci_dev_unlock(hdev);
1325}
1326
127178d2 1327static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1328 struct hci_conn *conn)
392599b9 1329{
392599b9
JH		 1330 if (conn->state != BT_CONFIG || !conn->out)
1331 return 0;
1332
765c2a96 1333 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1334 return 0;
1335
1336 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1337 * devices with sec_level HIGH or if MITM protection is requested */
807deac2
GP		 1338 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1339 conn->pending_sec_level != BT_SECURITY_HIGH)
392599b9
JH		 1340 return 0;
1341
392599b9
JH		 1342 return 1;
1343}
1344
6039aa73 1345static int hci_resolve_name(struct hci_dev *hdev,
04124681 1346 struct inquiry_entry *e)
30dc78e1
JH		 1347{
1348 struct hci_cp_remote_name_req cp;
1349
1350 memset(&cp, 0, sizeof(cp));
1351
1352 bacpy(&cp.bdaddr, &e->data.bdaddr);
1353 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1354 cp.pscan_mode = e->data.pscan_mode;
1355 cp.clock_offset = e->data.clock_offset;
1356
1357 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1358}
1359
b644ba33 1360static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1361{
1362 struct discovery_state *discov = &hdev->discovery;
1363 struct inquiry_entry *e;
1364
b644ba33
JH		 1365 if (list_empty(&discov->resolve))
1366 return false;
1367
1368 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1369 if (!e)
1370 return false;
1371
b644ba33
JH		 1372 if (hci_resolve_name(hdev, e) == 0) {
1373 e->name_state = NAME_PENDING;
1374 return true;
1375 }
1376
1377 return false;
1378}
1379
1380static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1381 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1382{
1383 struct discovery_state *discov = &hdev->discovery;
1384 struct inquiry_entry *e;
1385
1386 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1387 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1388 name_len, conn->dev_class);
b644ba33
JH		 1389
1390 if (discov->state == DISCOVERY_STOPPED)
1391 return;
1392
30dc78e1
JH		 1393 if (discov->state == DISCOVERY_STOPPING)
1394 goto discov_complete;
1395
1396 if (discov->state != DISCOVERY_RESOLVING)
1397 return;
1398
1399 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1400 /* If the device was not found in a list of found devices names of which
1401 * are pending. there is no need to continue resolving a next name as it
1402 * will be done upon receiving another Remote Name Request Complete
1403 * Event */
1404 if (!e)
1405 return;
1406
1407 list_del(&e->list);
1408 if (name) {
30dc78e1 1409 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1410 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1411 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1412 } else {
1413 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1414 }
1415
b644ba33 1416 if (hci_resolve_next_name(hdev))
30dc78e1 1417 return;
30dc78e1
JH		 1418
1419discov_complete:
1420 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1421}
1422
a9de9248
MH		 1423static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1424{
127178d2
JH		 1425 struct hci_cp_remote_name_req *cp;
1426 struct hci_conn *conn;
1427
9f1db00c 1428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1429
1430 /* If successful wait for the name req complete event before
1431 * checking for the need to do authentication */
1432 if (!status)
1433 return;
1434
1435 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1436 if (!cp)
1437 return;
1438
1439 hci_dev_lock(hdev);
1440
b644ba33
JH		 1441 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1442
a8b2d5c2 1443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1444 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1445
79c6c70c
JH		 1446 if (!conn)
1447 goto unlock;
1448
1449 if (!hci_outgoing_auth_needed(hdev, conn))
1450 goto unlock;
1451
51a8efd7 1452 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1453 struct hci_cp_auth_requested cp;
1454 cp.handle = __cpu_to_le16(conn->handle);
1455 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1456 }
1457
79c6c70c 1458unlock:
127178d2 1459 hci_dev_unlock(hdev);
a9de9248 1460}
1da177e4 1461
769be974
MH		 1462static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1463{
1464 struct hci_cp_read_remote_features *cp;
1465 struct hci_conn *conn;
1466
9f1db00c 1467 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1468
1469 if (!status)
1470 return;
1471
1472 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1473 if (!cp)
1474 return;
1475
1476 hci_dev_lock(hdev);
1477
1478 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1479 if (conn) {
1480 if (conn->state == BT_CONFIG) {
769be974
MH		 1481 hci_proto_connect_cfm(conn, status);
1482 hci_conn_put(conn);
1483 }
1484 }
1485
1486 hci_dev_unlock(hdev);
1487}
1488
1489static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1490{
1491 struct hci_cp_read_remote_ext_features *cp;
1492 struct hci_conn *conn;
1493
9f1db00c 1494 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1495
1496 if (!status)
1497 return;
1498
1499 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1500 if (!cp)
1501 return;
1502
1503 hci_dev_lock(hdev);
1504
1505 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1506 if (conn) {
1507 if (conn->state == BT_CONFIG) {
769be974
MH		 1508 hci_proto_connect_cfm(conn, status);
1509 hci_conn_put(conn);
1510 }
1511 }
1512
1513 hci_dev_unlock(hdev);
1514}
1515
a9de9248
MH		 1516static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1517{
b6a0dc82
MH		 1518 struct hci_cp_setup_sync_conn *cp;
1519 struct hci_conn *acl, *sco;
1520 __u16 handle;
1521
9f1db00c 1522 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1523
1524 if (!status)
1525 return;
1526
1527 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1528 if (!cp)
1529 return;
1530
1531 handle = __le16_to_cpu(cp->handle);
1532
9f1db00c 1533 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1534
1535 hci_dev_lock(hdev);
1536
1537 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1538 if (acl) {
1539 sco = acl->link;
1540 if (sco) {
1541 sco->state = BT_CLOSED;
b6a0dc82 1542
5a08ecce
AE		 1543 hci_proto_connect_cfm(sco, status);
1544 hci_conn_del(sco);
1545 }
b6a0dc82
MH		 1546 }
1547
1548 hci_dev_unlock(hdev);
1da177e4
LT		 1549}
1550
a9de9248 1551static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1552{
a9de9248
MH		 1553 struct hci_cp_sniff_mode *cp;
1554 struct hci_conn *conn;
1da177e4 1555
9f1db00c 1556 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1557
a9de9248
MH		 1558 if (!status)
1559 return;
04837f64 1560
a9de9248
MH		 1561 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1562 if (!cp)
1563 return;
04837f64 1564
a9de9248 1565 hci_dev_lock(hdev);
04837f64 1566
a9de9248 1567 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1568 if (conn) {
51a8efd7 1569 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1570
51a8efd7 1571 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1572 hci_sco_setup(conn, status);
1573 }
1574
a9de9248
MH		 1575 hci_dev_unlock(hdev);
1576}
04837f64 1577
a9de9248
MH		 1578static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1579{
1580 struct hci_cp_exit_sniff_mode *cp;
1581 struct hci_conn *conn;
04837f64 1582
9f1db00c 1583 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1584
a9de9248
MH		 1585 if (!status)
1586 return;
04837f64 1587
a9de9248
MH		 1588 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1589 if (!cp)
1590 return;
04837f64 1591
a9de9248 1592 hci_dev_lock(hdev);
1da177e4 1593
a9de9248 1594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1595 if (conn) {
51a8efd7 1596 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1597
51a8efd7 1598 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1599 hci_sco_setup(conn, status);
1600 }
1601
a9de9248 1602 hci_dev_unlock(hdev);
1da177e4
LT		 1603}
1604
88c3df13
JH		 1605static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1606{
1607 struct hci_cp_disconnect *cp;
1608 struct hci_conn *conn;
1609
1610 if (!status)
1611 return;
1612
1613 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1614 if (!cp)
1615 return;
1616
1617 hci_dev_lock(hdev);
1618
1619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1620 if (conn)
1621 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1622 conn->dst_type, status);
88c3df13
JH		 1623
1624 hci_dev_unlock(hdev);
1625}
1626
fcd89c09
VT		 1627static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1628{
fcd89c09
VT		 1629 struct hci_conn *conn;
1630
9f1db00c 1631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
fcd89c09 1632
f00a06ac
AG		 1633 if (status) {
1634 hci_dev_lock(hdev);
fcd89c09 1635
0c95ab78 1636 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
f00a06ac
AG		 1637 if (!conn) {
1638 hci_dev_unlock(hdev);
1639 return;
1640 }
fcd89c09 1641
0c95ab78 1642 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
f00a06ac 1643 conn);
fcd89c09 1644
f00a06ac 1645 conn->state = BT_CLOSED;
0c95ab78 1646 mgmt_connect_failed(hdev, &conn->dst, conn->type,
f00a06ac
AG		 1647 conn->dst_type, status);
1648 hci_proto_connect_cfm(conn, status);
1649 hci_conn_del(conn);
fcd89c09 1650
f00a06ac
AG		 1651 hci_dev_unlock(hdev);
1652 }
fcd89c09
VT		 1653}
1654
a7a595f6
VCG		 1655static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1656{
9f1db00c 1657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a7a595f6
VCG		 1658}
1659
6039aa73 1660static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1661{
1662 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1663 struct discovery_state *discov = &hdev->discovery;
1664 struct inquiry_entry *e;
1da177e4 1665
9f1db00c 1666 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1667
23bb5763 1668 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1669
a9de9248 1670 hci_conn_check_pending(hdev);
89352e7d
AG		 1671
1672 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1673 return;
1674
a8b2d5c2 1675 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1676 return;
1677
56e5cb86 1678 hci_dev_lock(hdev);
30dc78e1 1679
343f935b 1680 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1681 goto unlock;
1682
1683 if (list_empty(&discov->resolve)) {
1684 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1685 goto unlock;
1686 }
1687
1688 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1689 if (e && hci_resolve_name(hdev, e) == 0) {
1690 e->name_state = NAME_PENDING;
1691 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1692 } else {
1693 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1694 }
1695
1696unlock:
56e5cb86 1697 hci_dev_unlock(hdev);
1da177e4
LT		 1698}
1699
6039aa73 1700static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1701{
45bb4bf0 1702 struct inquiry_data data;
a9de9248 1703 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1704 int num_rsp = *((__u8 *) skb->data);
1705
1706 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1707
45bb4bf0
MH		 1708 if (!num_rsp)
1709 return;
1710
1519cc17
AG		 1711 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1712 return;
1713
1da177e4 1714 hci_dev_lock(hdev);
45bb4bf0 1715
e17acd40 1716 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1717 bool name_known, ssp;
3175405b 1718
1da177e4
LT		 1719 bacpy(&data.bdaddr, &info->bdaddr);
1720 data.pscan_rep_mode = info->pscan_rep_mode;
1721 data.pscan_period_mode = info->pscan_period_mode;
1722 data.pscan_mode = info->pscan_mode;
1723 memcpy(data.dev_class, info->dev_class, 3);
1724 data.clock_offset = info->clock_offset;
1725 data.rssi = 0x00;
41a96212 1726 data.ssp_mode = 0x00;
3175405b 1727
388fc8fa 1728 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1729 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1730 info->dev_class, 0, !name_known, ssp, NULL,
1731 0);
1da177e4 1732 }
45bb4bf0 1733
1da177e4
LT		 1734 hci_dev_unlock(hdev);
1735}
1736
6039aa73 1737static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1738{
a9de9248
MH		 1739 struct hci_ev_conn_complete *ev = (void *) skb->data;
1740 struct hci_conn *conn;
1da177e4
LT		 1741
1742 BT_DBG("%s", hdev->name);
1743
1744 hci_dev_lock(hdev);
1745
1746 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1747 if (!conn) {
1748 if (ev->link_type != SCO_LINK)
1749 goto unlock;
1750
1751 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1752 if (!conn)
1753 goto unlock;
1754
1755 conn->type = SCO_LINK;
1756 }
1da177e4
LT		 1757
1758 if (!ev->status) {
1759 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1760
1761 if (conn->type == ACL_LINK) {
1762 conn->state = BT_CONFIG;
1763 hci_conn_hold(conn);
a9ea3ed9
SJ		 1764
1765 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1766 !hci_find_link_key(hdev, &ev->bdaddr))
1767 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1768 else
1769 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1770 } else
1771 conn->state = BT_CONNECTED;
1da177e4 1772
9eba32b8 1773 hci_conn_hold_device(conn);
7d0db0a3
MH		 1774 hci_conn_add_sysfs(conn);
1775
1da177e4
LT		 1776 if (test_bit(HCI_AUTH, &hdev->flags))
1777 conn->link_mode |= HCI_LM_AUTH;
1778
1779 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1780 conn->link_mode |= HCI_LM_ENCRYPT;
1781
04837f64
MH		 1782 /* Get remote features */
1783 if (conn->type == ACL_LINK) {
1784 struct hci_cp_read_remote_features cp;
1785 cp.handle = ev->handle;
769be974 1786 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1787 sizeof(cp), &cp);
04837f64
MH		 1788 }
1789
1da177e4 1790 /* Set packet type for incoming connection */
d095c1eb 1791 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1792 struct hci_cp_change_conn_ptype cp;
1793 cp.handle = ev->handle;
a8746417 1794 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1795 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1796 &cp);
1da177e4 1797 }
17d5c04c 1798 } else {
1da177e4 1799 conn->state = BT_CLOSED;
17d5c04c 1800 if (conn->type == ACL_LINK)
744cf19e 1801 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1802 conn->dst_type, ev->status);
17d5c04c 1803 }
1da177e4 1804
e73439d8
MH		 1805 if (conn->type == ACL_LINK)
1806 hci_sco_setup(conn, ev->status);
1da177e4 1807
769be974
MH		 1808 if (ev->status) {
1809 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1810 hci_conn_del(conn);
c89b6e6b
MH		 1811 } else if (ev->link_type != ACL_LINK)
1812 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1813
a9de9248 1814unlock:
1da177e4 1815 hci_dev_unlock(hdev);
1da177e4 1816
a9de9248 1817 hci_conn_check_pending(hdev);
1da177e4
LT		 1818}
1819
6039aa73 1820static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1821{
a9de9248
MH		 1822 struct hci_ev_conn_request *ev = (void *) skb->data;
1823 int mask = hdev->link_mode;
1da177e4 1824
807deac2
GP		 1825 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1826 ev->link_type);
1da177e4 1827
a9de9248 1828 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1829
138d22ef 1830 if ((mask & HCI_LM_ACCEPT) &&
807deac2 1831 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1832 /* Connection accepted */
c7bdd502 1833 struct inquiry_entry *ie;
1da177e4 1834 struct hci_conn *conn;
1da177e4 1835
a9de9248 1836 hci_dev_lock(hdev);
b6a0dc82 1837
cc11b9c1
AE		 1838 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1839 if (ie)
c7bdd502
MH		 1840 memcpy(ie->data.dev_class, ev->dev_class, 3);
1841
8fc9ced3
GP		 1842 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1843 &ev->bdaddr);
a9de9248 1844 if (!conn) {
cc11b9c1
AE		 1845 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1846 if (!conn) {
893ef971 1847 BT_ERR("No memory for new connection");
a9de9248
MH		 1848 hci_dev_unlock(hdev);
1849 return;
1da177e4
LT		 1850 }
1851 }
b6a0dc82 1852
a9de9248
MH		 1853 memcpy(conn->dev_class, ev->dev_class, 3);
1854 conn->state = BT_CONNECT;
b6a0dc82 1855
a9de9248 1856 hci_dev_unlock(hdev);
1da177e4 1857
b6a0dc82
MH		 1858 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1859 struct hci_cp_accept_conn_req cp;
1da177e4 1860
b6a0dc82
MH		 1861 bacpy(&cp.bdaddr, &ev->bdaddr);
1862
1863 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1864 cp.role = 0x00; /* Become master */
1865 else
1866 cp.role = 0x01; /* Remain slave */
1867
04124681
GP		 1868 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1869 &cp);
b6a0dc82
MH		 1870 } else {
1871 struct hci_cp_accept_sync_conn_req cp;
1872
1873 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1874 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 1875
82781e63
AE		 1876 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1877 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1878 cp.max_latency = __constant_cpu_to_le16(0xffff);
b6a0dc82
MH		 1879 cp.content_format = cpu_to_le16(hdev->voice_setting);
1880 cp.retrans_effort = 0xff;
1da177e4 1881
b6a0dc82 1882 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1883 sizeof(cp), &cp);
b6a0dc82 1884 }
a9de9248
MH		 1885 } else {
1886 /* Connection rejected */
1887 struct hci_cp_reject_conn_req cp;
1da177e4 1888
a9de9248 1889 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1890 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1891 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1892 }
1da177e4
LT		 1893}
1894
f0d6a0ea
MA		 1895static u8 hci_to_mgmt_reason(u8 err)
1896{
1897 switch (err) {
1898 case HCI_ERROR_CONNECTION_TIMEOUT:
1899 return MGMT_DEV_DISCONN_TIMEOUT;
1900 case HCI_ERROR_REMOTE_USER_TERM:
1901 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1902 case HCI_ERROR_REMOTE_POWER_OFF:
1903 return MGMT_DEV_DISCONN_REMOTE;
1904 case HCI_ERROR_LOCAL_HOST_TERM:
1905 return MGMT_DEV_DISCONN_LOCAL_HOST;
1906 default:
1907 return MGMT_DEV_DISCONN_UNKNOWN;
1908 }
1909}
1910
6039aa73 1911static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1912{
a9de9248 1913 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1914 struct hci_conn *conn;
1915
9f1db00c 1916 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 1917
1918 hci_dev_lock(hdev);
1919
1920 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1921 if (!conn)
1922 goto unlock;
7d0db0a3 1923
37d9ef76
JH		 1924 if (ev->status == 0)
1925 conn->state = BT_CLOSED;
04837f64 1926
b644ba33 1927 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
807deac2 1928 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
f0d6a0ea 1929 if (ev->status) {
88c3df13 1930 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
807deac2 1931 conn->dst_type, ev->status);
f0d6a0ea
MA		 1932 } else {
1933 u8 reason = hci_to_mgmt_reason(ev->reason);
1934
afc747a6 1935 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
f0d6a0ea
MA		 1936 conn->dst_type, reason);
1937 }
37d9ef76 1938 }
f7520543 1939
37d9ef76 1940 if (ev->status == 0) {
6ec5bcad
VA		 1941 if (conn->type == ACL_LINK && conn->flush_key)
1942 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1943 hci_proto_disconn_cfm(conn, ev->reason);
1944 hci_conn_del(conn);
1945 }
f7520543
JH		 1946
1947unlock:
04837f64
MH		 1948 hci_dev_unlock(hdev);
1949}
1950
6039aa73 1951static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1952{
a9de9248 1953 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1954 struct hci_conn *conn;
1da177e4 1955
9f1db00c 1956 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 1957
1958 hci_dev_lock(hdev);
1959
04837f64 1960 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1961 if (!conn)
1962 goto unlock;
1963
1964 if (!ev->status) {
aa64a8b5 1965 if (!hci_conn_ssp_enabled(conn) &&
807deac2 1966 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1967 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1968 } else {
d7556e20
WR		 1969 conn->link_mode |= HCI_LM_AUTH;
1970 conn->sec_level = conn->pending_sec_level;
2a611692 1971 }
d7556e20 1972 } else {
bab73cb6 1973 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1974 ev->status);
d7556e20 1975 }
1da177e4 1976
51a8efd7
JH		 1977 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1978 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1979
d7556e20 1980 if (conn->state == BT_CONFIG) {
aa64a8b5 1981 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1982 struct hci_cp_set_conn_encrypt cp;
1983 cp.handle = ev->handle;
1984 cp.encrypt = 0x01;
1985 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 1986 &cp);
052b30b0 1987 } else {
d7556e20
WR		 1988 conn->state = BT_CONNECTED;
1989 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1990 hci_conn_put(conn);
1991 }
d7556e20
WR		 1992 } else {
1993 hci_auth_cfm(conn, ev->status);
052b30b0 1994
d7556e20
WR		 1995 hci_conn_hold(conn);
1996 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1997 hci_conn_put(conn);
1998 }
1999
51a8efd7 2000 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2001 if (!ev->status) {
2002 struct hci_cp_set_conn_encrypt cp;
2003 cp.handle = ev->handle;
2004 cp.encrypt = 0x01;
2005 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2006 &cp);
d7556e20 2007 } else {
51a8efd7 2008 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2009 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2010 }
2011 }
2012
d7556e20 2013unlock:
1da177e4
LT		 2014 hci_dev_unlock(hdev);
2015}
2016
6039aa73 2017static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2018{
127178d2
JH		 2019 struct hci_ev_remote_name *ev = (void *) skb->data;
2020 struct hci_conn *conn;
2021
a9de9248 2022 BT_DBG("%s", hdev->name);
1da177e4 2023
a9de9248 2024 hci_conn_check_pending(hdev);
127178d2
JH		 2025
2026 hci_dev_lock(hdev);
2027
b644ba33 2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2029
b644ba33
JH		 2030 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2031 goto check_auth;
a88a9652 2032
b644ba33
JH		 2033 if (ev->status == 0)
2034 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2035 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2036 else
2037 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2038
2039check_auth:
79c6c70c
JH		 2040 if (!conn)
2041 goto unlock;
2042
2043 if (!hci_outgoing_auth_needed(hdev, conn))
2044 goto unlock;
2045
51a8efd7 2046 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2047 struct hci_cp_auth_requested cp;
2048 cp.handle = __cpu_to_le16(conn->handle);
2049 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2050 }
2051
79c6c70c 2052unlock:
127178d2 2053 hci_dev_unlock(hdev);
a9de9248
MH		 2054}
2055
6039aa73 2056static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2057{
2058 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2059 struct hci_conn *conn;
2060
9f1db00c 2061 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2062
2063 hci_dev_lock(hdev);
2064
04837f64 2065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2066 if (conn) {
2067 if (!ev->status) {
ae293196
MH		 2068 if (ev->encrypt) {
2069 /* Encryption implies authentication */
2070 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2071 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2072 conn->sec_level = conn->pending_sec_level;
ae293196 2073 } else
1da177e4
LT		 2074 conn->link_mode &= ~HCI_LM_ENCRYPT;
2075 }
2076
51a8efd7 2077 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2078
a7d7723a 2079 if (ev->status && conn->state == BT_CONNECTED) {
d839c813 2080 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
a7d7723a
GP		 2081 hci_conn_put(conn);
2082 goto unlock;
2083 }
2084
f8558555
MH		 2085 if (conn->state == BT_CONFIG) {
2086 if (!ev->status)
2087 conn->state = BT_CONNECTED;
2088
2089 hci_proto_connect_cfm(conn, ev->status);
2090 hci_conn_put(conn);
2091 } else
2092 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2093 }
2094
a7d7723a 2095unlock:
1da177e4
LT		 2096 hci_dev_unlock(hdev);
2097}
2098
6039aa73
GP		 2099static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2100 struct sk_buff *skb)
1da177e4 2101{
a9de9248 2102 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2103 struct hci_conn *conn;
1da177e4 2104
9f1db00c 2105 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2106
2107 hci_dev_lock(hdev);
2108
04837f64 2109 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2110 if (conn) {
2111 if (!ev->status)
2112 conn->link_mode |= HCI_LM_SECURE;
2113
51a8efd7 2114 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2115
2116 hci_key_change_cfm(conn, ev->status);
2117 }
2118
2119 hci_dev_unlock(hdev);
2120}
2121
6039aa73
GP		 2122static void hci_remote_features_evt(struct hci_dev *hdev,
2123 struct sk_buff *skb)
1da177e4 2124{
a9de9248
MH		 2125 struct hci_ev_remote_features *ev = (void *) skb->data;
2126 struct hci_conn *conn;
2127
9f1db00c 2128 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2129
a9de9248
MH		 2130 hci_dev_lock(hdev);
2131
2132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2133 if (!conn)
2134 goto unlock;
769be974 2135
ccd556fe
JH		 2136 if (!ev->status)
2137 memcpy(conn->features, ev->features, 8);
2138
2139 if (conn->state != BT_CONFIG)
2140 goto unlock;
2141
2142 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2143 struct hci_cp_read_remote_ext_features cp;
2144 cp.handle = ev->handle;
2145 cp.page = 0x01;
2146 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2147 sizeof(cp), &cp);
392599b9
JH		 2148 goto unlock;
2149 }
2150
671267bf 2151 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2152 struct hci_cp_remote_name_req cp;
2153 memset(&cp, 0, sizeof(cp));
2154 bacpy(&cp.bdaddr, &conn->dst);
2155 cp.pscan_rep_mode = 0x02;
2156 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2157 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2158 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2159 conn->dst_type, 0, NULL, 0,
2160 conn->dev_class);
392599b9 2161
127178d2 2162 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2163 conn->state = BT_CONNECTED;
2164 hci_proto_connect_cfm(conn, ev->status);
2165 hci_conn_put(conn);
769be974 2166 }
a9de9248 2167
ccd556fe 2168unlock:
a9de9248 2169 hci_dev_unlock(hdev);
1da177e4
LT		 2170}
2171
6039aa73 2172static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2173{
a9de9248 2174 BT_DBG("%s", hdev->name);
1da177e4
LT		 2175}
2176
6039aa73
GP		 2177static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2178 struct sk_buff *skb)
1da177e4 2179{
a9de9248 2180 BT_DBG("%s", hdev->name);
1da177e4
LT		 2181}
2182
6039aa73 2183static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2184{
2185 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2186 __u16 opcode;
2187
2188 skb_pull(skb, sizeof(*ev));
2189
2190 opcode = __le16_to_cpu(ev->opcode);
2191
2192 switch (opcode) {
2193 case HCI_OP_INQUIRY_CANCEL:
2194 hci_cc_inquiry_cancel(hdev, skb);
2195 break;
2196
4d93483b
AG		 2197 case HCI_OP_PERIODIC_INQ:
2198 hci_cc_periodic_inq(hdev, skb);
2199 break;
2200
a9de9248
MH		 2201 case HCI_OP_EXIT_PERIODIC_INQ:
2202 hci_cc_exit_periodic_inq(hdev, skb);
2203 break;
2204
2205 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2206 hci_cc_remote_name_req_cancel(hdev, skb);
2207 break;
2208
2209 case HCI_OP_ROLE_DISCOVERY:
2210 hci_cc_role_discovery(hdev, skb);
2211 break;
2212
e4e8e37c
MH		 2213 case HCI_OP_READ_LINK_POLICY:
2214 hci_cc_read_link_policy(hdev, skb);
2215 break;
2216
a9de9248
MH		 2217 case HCI_OP_WRITE_LINK_POLICY:
2218 hci_cc_write_link_policy(hdev, skb);
2219 break;
2220
e4e8e37c
MH		 2221 case HCI_OP_READ_DEF_LINK_POLICY:
2222 hci_cc_read_def_link_policy(hdev, skb);
2223 break;
2224
2225 case HCI_OP_WRITE_DEF_LINK_POLICY:
2226 hci_cc_write_def_link_policy(hdev, skb);
2227 break;
2228
a9de9248
MH		 2229 case HCI_OP_RESET:
2230 hci_cc_reset(hdev, skb);
2231 break;
2232
2233 case HCI_OP_WRITE_LOCAL_NAME:
2234 hci_cc_write_local_name(hdev, skb);
2235 break;
2236
2237 case HCI_OP_READ_LOCAL_NAME:
2238 hci_cc_read_local_name(hdev, skb);
2239 break;
2240
2241 case HCI_OP_WRITE_AUTH_ENABLE:
2242 hci_cc_write_auth_enable(hdev, skb);
2243 break;
2244
2245 case HCI_OP_WRITE_ENCRYPT_MODE:
2246 hci_cc_write_encrypt_mode(hdev, skb);
2247 break;
2248
2249 case HCI_OP_WRITE_SCAN_ENABLE:
2250 hci_cc_write_scan_enable(hdev, skb);
2251 break;
2252
2253 case HCI_OP_READ_CLASS_OF_DEV:
2254 hci_cc_read_class_of_dev(hdev, skb);
2255 break;
2256
2257 case HCI_OP_WRITE_CLASS_OF_DEV:
2258 hci_cc_write_class_of_dev(hdev, skb);
2259 break;
2260
2261 case HCI_OP_READ_VOICE_SETTING:
2262 hci_cc_read_voice_setting(hdev, skb);
2263 break;
2264
2265 case HCI_OP_WRITE_VOICE_SETTING:
2266 hci_cc_write_voice_setting(hdev, skb);
2267 break;
2268
2269 case HCI_OP_HOST_BUFFER_SIZE:
2270 hci_cc_host_buffer_size(hdev, skb);
2271 break;
2272
333140b5
MH		 2273 case HCI_OP_WRITE_SSP_MODE:
2274 hci_cc_write_ssp_mode(hdev, skb);
2275 break;
2276
a9de9248
MH		 2277 case HCI_OP_READ_LOCAL_VERSION:
2278 hci_cc_read_local_version(hdev, skb);
2279 break;
2280
2281 case HCI_OP_READ_LOCAL_COMMANDS:
2282 hci_cc_read_local_commands(hdev, skb);
2283 break;
2284
2285 case HCI_OP_READ_LOCAL_FEATURES:
2286 hci_cc_read_local_features(hdev, skb);
2287 break;
2288
971e3a4b
AG		 2289 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2290 hci_cc_read_local_ext_features(hdev, skb);
2291 break;
2292
a9de9248
MH		 2293 case HCI_OP_READ_BUFFER_SIZE:
2294 hci_cc_read_buffer_size(hdev, skb);
2295 break;
2296
2297 case HCI_OP_READ_BD_ADDR:
2298 hci_cc_read_bd_addr(hdev, skb);
2299 break;
2300
350ee4cf
AE		 2301 case HCI_OP_READ_DATA_BLOCK_SIZE:
2302 hci_cc_read_data_block_size(hdev, skb);
2303 break;
2304
23bb5763
JH		 2305 case HCI_OP_WRITE_CA_TIMEOUT:
2306 hci_cc_write_ca_timeout(hdev, skb);
2307 break;
2308
1e89cffb
AE		 2309 case HCI_OP_READ_FLOW_CONTROL_MODE:
2310 hci_cc_read_flow_control_mode(hdev, skb);
2311 break;
2312
928abaa7
AE		 2313 case HCI_OP_READ_LOCAL_AMP_INFO:
2314 hci_cc_read_local_amp_info(hdev, skb);
2315 break;
2316
b0916ea0
JH		 2317 case HCI_OP_DELETE_STORED_LINK_KEY:
2318 hci_cc_delete_stored_link_key(hdev, skb);
2319 break;
2320
d5859e22
JH		 2321 case HCI_OP_SET_EVENT_MASK:
2322 hci_cc_set_event_mask(hdev, skb);
2323 break;
2324
2325 case HCI_OP_WRITE_INQUIRY_MODE:
2326 hci_cc_write_inquiry_mode(hdev, skb);
2327 break;
2328
2329 case HCI_OP_READ_INQ_RSP_TX_POWER:
2330 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2331 break;
2332
2333 case HCI_OP_SET_EVENT_FLT:
2334 hci_cc_set_event_flt(hdev, skb);
2335 break;
2336
980e1a53
JH		 2337 case HCI_OP_PIN_CODE_REPLY:
2338 hci_cc_pin_code_reply(hdev, skb);
2339 break;
2340
2341 case HCI_OP_PIN_CODE_NEG_REPLY:
2342 hci_cc_pin_code_neg_reply(hdev, skb);
2343 break;
2344
c35938b2
SJ		 2345 case HCI_OP_READ_LOCAL_OOB_DATA:
2346 hci_cc_read_local_oob_data_reply(hdev, skb);
2347 break;
2348
6ed58ec5
VT		 2349 case HCI_OP_LE_READ_BUFFER_SIZE:
2350 hci_cc_le_read_buffer_size(hdev, skb);
2351 break;
2352
a5c29683
JH		 2353 case HCI_OP_USER_CONFIRM_REPLY:
2354 hci_cc_user_confirm_reply(hdev, skb);
2355 break;
2356
2357 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2358 hci_cc_user_confirm_neg_reply(hdev, skb);
2359 break;
2360
1143d458
BG		 2361 case HCI_OP_USER_PASSKEY_REPLY:
2362 hci_cc_user_passkey_reply(hdev, skb);
2363 break;
2364
2365 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2366 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2367 break;
07f7fa5d
AG		 2368
2369 case HCI_OP_LE_SET_SCAN_PARAM:
2370 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2371 break;
2372
eb9d91f5
AG		 2373 case HCI_OP_LE_SET_SCAN_ENABLE:
2374 hci_cc_le_set_scan_enable(hdev, skb);
2375 break;
2376
a7a595f6
VCG		 2377 case HCI_OP_LE_LTK_REPLY:
2378 hci_cc_le_ltk_reply(hdev, skb);
2379 break;
2380
2381 case HCI_OP_LE_LTK_NEG_REPLY:
2382 hci_cc_le_ltk_neg_reply(hdev, skb);
2383 break;
2384
f9b49306
AG		 2385 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2386 hci_cc_write_le_host_supported(hdev, skb);
2387 break;
2388
a9de9248 2389 default:
9f1db00c 2390 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2391 break;
2392 }
2393
6bd32326
VT		 2394 if (ev->opcode != HCI_OP_NOP)
2395 del_timer(&hdev->cmd_timer);
2396
a9de9248
MH		 2397 if (ev->ncmd) {
2398 atomic_set(&hdev->cmd_cnt, 1);
2399 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2400 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2401 }
2402}
2403
6039aa73 2404static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2405{
2406 struct hci_ev_cmd_status *ev = (void *) skb->data;
2407 __u16 opcode;
2408
2409 skb_pull(skb, sizeof(*ev));
2410
2411 opcode = __le16_to_cpu(ev->opcode);
2412
2413 switch (opcode) {
2414 case HCI_OP_INQUIRY:
2415 hci_cs_inquiry(hdev, ev->status);
2416 break;
2417
2418 case HCI_OP_CREATE_CONN:
2419 hci_cs_create_conn(hdev, ev->status);
2420 break;
2421
2422 case HCI_OP_ADD_SCO:
2423 hci_cs_add_sco(hdev, ev->status);
2424 break;
2425
f8558555
MH		 2426 case HCI_OP_AUTH_REQUESTED:
2427 hci_cs_auth_requested(hdev, ev->status);
2428 break;
2429
2430 case HCI_OP_SET_CONN_ENCRYPT:
2431 hci_cs_set_conn_encrypt(hdev, ev->status);
2432 break;
2433
a9de9248
MH		 2434 case HCI_OP_REMOTE_NAME_REQ:
2435 hci_cs_remote_name_req(hdev, ev->status);
2436 break;
2437
769be974
MH		 2438 case HCI_OP_READ_REMOTE_FEATURES:
2439 hci_cs_read_remote_features(hdev, ev->status);
2440 break;
2441
2442 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2443 hci_cs_read_remote_ext_features(hdev, ev->status);
2444 break;
2445
a9de9248
MH		 2446 case HCI_OP_SETUP_SYNC_CONN:
2447 hci_cs_setup_sync_conn(hdev, ev->status);
2448 break;
2449
2450 case HCI_OP_SNIFF_MODE:
2451 hci_cs_sniff_mode(hdev, ev->status);
2452 break;
2453
2454 case HCI_OP_EXIT_SNIFF_MODE:
2455 hci_cs_exit_sniff_mode(hdev, ev->status);
2456 break;
2457
8962ee74 2458 case HCI_OP_DISCONNECT:
88c3df13 2459 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2460 break;
2461
fcd89c09
VT		 2462 case HCI_OP_LE_CREATE_CONN:
2463 hci_cs_le_create_conn(hdev, ev->status);
2464 break;
2465
a7a595f6
VCG		 2466 case HCI_OP_LE_START_ENC:
2467 hci_cs_le_start_enc(hdev, ev->status);
2468 break;
2469
a9de9248 2470 default:
9f1db00c 2471 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2472 break;
2473 }
2474
6bd32326
VT		 2475 if (ev->opcode != HCI_OP_NOP)
2476 del_timer(&hdev->cmd_timer);
2477
10572132 2478 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2479 atomic_set(&hdev->cmd_cnt, 1);
2480 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2481 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2482 }
2483}
2484
6039aa73 2485static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2486{
2487 struct hci_ev_role_change *ev = (void *) skb->data;
2488 struct hci_conn *conn;
2489
9f1db00c 2490 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2491
2492 hci_dev_lock(hdev);
2493
2494 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2495 if (conn) {
2496 if (!ev->status) {
2497 if (ev->role)
2498 conn->link_mode &= ~HCI_LM_MASTER;
2499 else
2500 conn->link_mode |= HCI_LM_MASTER;
2501 }
2502
51a8efd7 2503 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2504
2505 hci_role_switch_cfm(conn, ev->status, ev->role);
2506 }
2507
2508 hci_dev_unlock(hdev);
2509}
2510
6039aa73 2511static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2512{
2513 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2514 int i;
2515
32ac5b9b
AE		 2516 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2517 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2518 return;
2519 }
2520
c5993de8 2521 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2522 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2523 BT_DBG("%s bad parameters", hdev->name);
2524 return;
2525 }
2526
c5993de8
AE		 2527 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2528
613a1c0c
AE		 2529 for (i = 0; i < ev->num_hndl; i++) {
2530 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2531 struct hci_conn *conn;
2532 __u16 handle, count;
2533
613a1c0c
AE		 2534 handle = __le16_to_cpu(info->handle);
2535 count = __le16_to_cpu(info->count);
a9de9248
MH		 2536
2537 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2538 if (!conn)
2539 continue;
2540
2541 conn->sent -= count;
2542
2543 switch (conn->type) {
2544 case ACL_LINK:
2545 hdev->acl_cnt += count;
2546 if (hdev->acl_cnt > hdev->acl_pkts)
2547 hdev->acl_cnt = hdev->acl_pkts;
2548 break;
2549
2550 case LE_LINK:
2551 if (hdev->le_pkts) {
2552 hdev->le_cnt += count;
2553 if (hdev->le_cnt > hdev->le_pkts)
2554 hdev->le_cnt = hdev->le_pkts;
2555 } else {
70f23020
AE		 2556 hdev->acl_cnt += count;
2557 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2558 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2559 }
f4280918
AE		 2560 break;
2561
2562 case SCO_LINK:
2563 hdev->sco_cnt += count;
2564 if (hdev->sco_cnt > hdev->sco_pkts)
2565 hdev->sco_cnt = hdev->sco_pkts;
2566 break;
2567
2568 default:
2569 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2570 break;
a9de9248
MH		 2571 }
2572 }
2573
3eff45ea 2574 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2575}
2576
6039aa73 2577static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2578{
2579 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2580 int i;
2581
2582 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2583 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2584 return;
2585 }
2586
2587 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2588 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2589 BT_DBG("%s bad parameters", hdev->name);
2590 return;
2591 }
2592
2593 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2594 ev->num_hndl);
25e89e99
AE		 2595
2596 for (i = 0; i < ev->num_hndl; i++) {
2597 struct hci_comp_blocks_info *info = &ev->handles[i];
2598 struct hci_conn *conn;
2599 __u16 handle, block_count;
2600
2601 handle = __le16_to_cpu(info->handle);
2602 block_count = __le16_to_cpu(info->blocks);
2603
2604 conn = hci_conn_hash_lookup_handle(hdev, handle);
2605 if (!conn)
2606 continue;
2607
2608 conn->sent -= block_count;
2609
2610 switch (conn->type) {
2611 case ACL_LINK:
2612 hdev->block_cnt += block_count;
2613 if (hdev->block_cnt > hdev->num_blocks)
2614 hdev->block_cnt = hdev->num_blocks;
2615 break;
2616
2617 default:
2618 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2619 break;
2620 }
2621 }
2622
2623 queue_work(hdev->workqueue, &hdev->tx_work);
2624}
2625
6039aa73 2626static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2627{
a9de9248 2628 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2629 struct hci_conn *conn;
2630
9f1db00c 2631 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2632
2633 hci_dev_lock(hdev);
2634
2635 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2636 if (conn) {
2637 conn->mode = ev->mode;
2638 conn->interval = __le16_to_cpu(ev->interval);
2639
8fc9ced3
GP		 2640 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2641 &conn->flags)) {
a9de9248 2642 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2643 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2644 else
58a681ef 2645 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2646 }
e73439d8 2647
51a8efd7 2648 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2649 hci_sco_setup(conn, ev->status);
04837f64
MH		 2650 }
2651
2652 hci_dev_unlock(hdev);
2653}
2654
6039aa73 2655static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2656{
052b30b0
MH		 2657 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2658 struct hci_conn *conn;
2659
a9de9248 2660 BT_DBG("%s", hdev->name);
052b30b0
MH		 2661
2662 hci_dev_lock(hdev);
2663
2664 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2665 if (!conn)
2666 goto unlock;
2667
2668 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2669 hci_conn_hold(conn);
2670 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2671 hci_conn_put(conn);
2672 }
2673
a8b2d5c2 2674 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 2675 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 2676 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2677 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2678 u8 secure;
2679
2680 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2681 secure = 1;
2682 else
2683 secure = 0;
2684
744cf19e 2685 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2686 }
980e1a53 2687
b6f98044 2688unlock:
052b30b0 2689 hci_dev_unlock(hdev);
a9de9248
MH		 2690}
2691
6039aa73 2692static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2693{
55ed8ca1
JH		 2694 struct hci_ev_link_key_req *ev = (void *) skb->data;
2695 struct hci_cp_link_key_reply cp;
2696 struct hci_conn *conn;
2697 struct link_key *key;
2698
a9de9248 2699 BT_DBG("%s", hdev->name);
55ed8ca1 2700
a8b2d5c2 2701 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2702 return;
2703
2704 hci_dev_lock(hdev);
2705
2706 key = hci_find_link_key(hdev, &ev->bdaddr);
2707 if (!key) {
2708 BT_DBG("%s link key not found for %s", hdev->name,
807deac2 2709 batostr(&ev->bdaddr));
55ed8ca1
JH		 2710 goto not_found;
2711 }
2712
2713 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
807deac2 2714 batostr(&ev->bdaddr));
55ed8ca1 2715
a8b2d5c2 2716 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 2717 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2718 BT_DBG("%s ignoring debug key", hdev->name);
2719 goto not_found;
2720 }
2721
2722 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2723 if (conn) {
2724 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
807deac2 2725 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 2726 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2727 goto not_found;
2728 }
55ed8ca1 2729
60b83f57 2730 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
807deac2 2731 conn->pending_sec_level == BT_SECURITY_HIGH) {
8fc9ced3
GP		 2732 BT_DBG("%s ignoring key unauthenticated for high security",
2733 hdev->name);
60b83f57
WR		 2734 goto not_found;
2735 }
2736
2737 conn->key_type = key->type;
2738 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2739 }
2740
2741 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 2742 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2743
2744 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2745
2746 hci_dev_unlock(hdev);
2747
2748 return;
2749
2750not_found:
2751 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2752 hci_dev_unlock(hdev);
a9de9248
MH		 2753}
2754
6039aa73 2755static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 2756{
052b30b0
MH		 2757 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2758 struct hci_conn *conn;
55ed8ca1 2759 u8 pin_len = 0;
052b30b0 2760
a9de9248 2761 BT_DBG("%s", hdev->name);
052b30b0
MH		 2762
2763 hci_dev_lock(hdev);
2764
2765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2766 if (conn) {
2767 hci_conn_hold(conn);
2768 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2769 pin_len = conn->pin_length;
13d39315
WR		 2770
2771 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2772 conn->key_type = ev->key_type;
2773
052b30b0
MH		 2774 hci_conn_put(conn);
2775 }
2776
a8b2d5c2 2777 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2778 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 2779 ev->key_type, pin_len);
55ed8ca1 2780
052b30b0 2781 hci_dev_unlock(hdev);
a9de9248
MH		 2782}
2783
6039aa73 2784static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2785{
a9de9248 2786 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2787 struct hci_conn *conn;
1da177e4 2788
9f1db00c 2789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2790
2791 hci_dev_lock(hdev);
2792
04837f64 2793 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2794 if (conn && !ev->status) {
2795 struct inquiry_entry *ie;
2796
cc11b9c1
AE		 2797 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2798 if (ie) {
1da177e4
LT		 2799 ie->data.clock_offset = ev->clock_offset;
2800 ie->timestamp = jiffies;
2801 }
2802 }
2803
2804 hci_dev_unlock(hdev);
2805}
2806
6039aa73 2807static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 2808{
2809 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2810 struct hci_conn *conn;
2811
9f1db00c 2812 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 2813
2814 hci_dev_lock(hdev);
2815
2816 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2817 if (conn && !ev->status)
2818 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2819
2820 hci_dev_unlock(hdev);
2821}
2822
6039aa73 2823static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 2824{
a9de9248 2825 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2826 struct inquiry_entry *ie;
2827
2828 BT_DBG("%s", hdev->name);
2829
2830 hci_dev_lock(hdev);
2831
cc11b9c1
AE		 2832 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2833 if (ie) {
85a1e930
MH		 2834 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2835 ie->timestamp = jiffies;
2836 }
2837
2838 hci_dev_unlock(hdev);
2839}
2840
6039aa73
GP		 2841static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2842 struct sk_buff *skb)
a9de9248
MH		 2843{
2844 struct inquiry_data data;
2845 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2846 bool name_known, ssp;
a9de9248
MH		 2847
2848 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2849
2850 if (!num_rsp)
2851 return;
2852
1519cc17
AG		 2853 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2854 return;
2855
a9de9248
MH		 2856 hci_dev_lock(hdev);
2857
2858 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2859 struct inquiry_info_with_rssi_and_pscan_mode *info;
2860 info = (void *) (skb->data + 1);
a9de9248 2861
e17acd40 2862 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2863 bacpy(&data.bdaddr, &info->bdaddr);
2864 data.pscan_rep_mode = info->pscan_rep_mode;
2865 data.pscan_period_mode = info->pscan_period_mode;
2866 data.pscan_mode = info->pscan_mode;
2867 memcpy(data.dev_class, info->dev_class, 3);
2868 data.clock_offset = info->clock_offset;
2869 data.rssi = info->rssi;
41a96212 2870 data.ssp_mode = 0x00;
3175405b
JH		 2871
2872 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2873 false, &ssp);
48264f06 2874 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2875 info->dev_class, info->rssi,
2876 !name_known, ssp, NULL, 0);
a9de9248
MH		 2877 }
2878 } else {
2879 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2880
e17acd40 2881 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2882 bacpy(&data.bdaddr, &info->bdaddr);
2883 data.pscan_rep_mode = info->pscan_rep_mode;
2884 data.pscan_period_mode = info->pscan_period_mode;
2885 data.pscan_mode = 0x00;
2886 memcpy(data.dev_class, info->dev_class, 3);
2887 data.clock_offset = info->clock_offset;
2888 data.rssi = info->rssi;
41a96212 2889 data.ssp_mode = 0x00;
3175405b 2890 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2891 false, &ssp);
48264f06 2892 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2893 info->dev_class, info->rssi,
2894 !name_known, ssp, NULL, 0);
a9de9248
MH		 2895 }
2896 }
2897
2898 hci_dev_unlock(hdev);
2899}
2900
6039aa73
GP		 2901static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2902 struct sk_buff *skb)
a9de9248 2903{
41a96212
MH		 2904 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2905 struct hci_conn *conn;
2906
a9de9248 2907 BT_DBG("%s", hdev->name);
41a96212 2908
41a96212
MH		 2909 hci_dev_lock(hdev);
2910
2911 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2912 if (!conn)
2913 goto unlock;
41a96212 2914
ccd556fe
JH		 2915 if (!ev->status && ev->page == 0x01) {
2916 struct inquiry_entry *ie;
41a96212 2917
cc11b9c1
AE		 2918 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2919 if (ie)
02b7cc62 2920 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2921
02b7cc62 2922 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2923 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2924 }
2925
2926 if (conn->state != BT_CONFIG)
2927 goto unlock;
2928
671267bf 2929 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2930 struct hci_cp_remote_name_req cp;
2931 memset(&cp, 0, sizeof(cp));
2932 bacpy(&cp.bdaddr, &conn->dst);
2933 cp.pscan_rep_mode = 0x02;
2934 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2935 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2936 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2937 conn->dst_type, 0, NULL, 0,
2938 conn->dev_class);
392599b9 2939
127178d2 2940 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2941 conn->state = BT_CONNECTED;
2942 hci_proto_connect_cfm(conn, ev->status);
2943 hci_conn_put(conn);
41a96212
MH		 2944 }
2945
ccd556fe 2946unlock:
41a96212 2947 hci_dev_unlock(hdev);
a9de9248
MH		 2948}
2949
6039aa73
GP		 2950static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2951 struct sk_buff *skb)
a9de9248 2952{
b6a0dc82
MH		 2953 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2954 struct hci_conn *conn;
2955
9f1db00c 2956 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 2957
2958 hci_dev_lock(hdev);
2959
2960 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2961 if (!conn) {
2962 if (ev->link_type == ESCO_LINK)
2963 goto unlock;
2964
2965 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2966 if (!conn)
2967 goto unlock;
2968
2969 conn->type = SCO_LINK;
2970 }
b6a0dc82 2971
732547f9
MH		 2972 switch (ev->status) {
2973 case 0x00:
b6a0dc82
MH		 2974 conn->handle = __le16_to_cpu(ev->handle);
2975 conn->state = BT_CONNECTED;
7d0db0a3 2976
9eba32b8 2977 hci_conn_hold_device(conn);
7d0db0a3 2978 hci_conn_add_sysfs(conn);
732547f9
MH		 2979 break;
2980
705e5711 2981 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2982 case 0x1c: /* SCO interval rejected */
1038a00b 2983 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2984 case 0x1f: /* Unspecified error */
2985 if (conn->out && conn->attempt < 2) {
2986 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2987 (hdev->esco_type & EDR_ESCO_MASK);
2988 hci_setup_sync(conn, conn->link->handle);
2989 goto unlock;
2990 }
2991 /* fall through */
2992
2993 default:
b6a0dc82 2994 conn->state = BT_CLOSED;
732547f9
MH		 2995 break;
2996 }
b6a0dc82
MH		 2997
2998 hci_proto_connect_cfm(conn, ev->status);
2999 if (ev->status)
3000 hci_conn_del(conn);
3001
3002unlock:
3003 hci_dev_unlock(hdev);
a9de9248
MH		 3004}
3005
6039aa73 3006static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 3007{
3008 BT_DBG("%s", hdev->name);
3009}
3010
6039aa73 3011static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 3012{
a9de9248 3013 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64 3014
9f1db00c 3015 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 3016}
3017
6039aa73
GP		 3018static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3019 struct sk_buff *skb)
1da177e4 3020{
a9de9248
MH		 3021 struct inquiry_data data;
3022 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3023 int num_rsp = *((__u8 *) skb->data);
9d939d94 3024 size_t eir_len;
1da177e4 3025
a9de9248 3026 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3027
a9de9248
MH		 3028 if (!num_rsp)
3029 return;
1da177e4 3030
1519cc17
AG		 3031 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3032 return;
3033
a9de9248
MH		 3034 hci_dev_lock(hdev);
3035
e17acd40 3036 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3037 bool name_known, ssp;
561aafbc 3038
a9de9248 3039 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3040 data.pscan_rep_mode = info->pscan_rep_mode;
3041 data.pscan_period_mode = info->pscan_period_mode;
3042 data.pscan_mode = 0x00;
a9de9248 3043 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3044 data.clock_offset = info->clock_offset;
3045 data.rssi = info->rssi;
41a96212 3046 data.ssp_mode = 0x01;
561aafbc 3047
a8b2d5c2 3048 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3049 name_known = eir_has_data_type(info->data,
04124681
GP		 3050 sizeof(info->data),
3051 EIR_NAME_COMPLETE);
561aafbc
JH		 3052 else
3053 name_known = true;
3054
388fc8fa 3055 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3056 &ssp);
9d939d94 3057 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3058 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3059 info->dev_class, info->rssi, !name_known,
9d939d94 3060 ssp, info->data, eir_len);
a9de9248
MH		 3061 }
3062
3063 hci_dev_unlock(hdev);
3064}
1da177e4 3065
1c2e0041
JH		 3066static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3067 struct sk_buff *skb)
3068{
3069 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3070 struct hci_conn *conn;
3071
9f1db00c 3072 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3073 __le16_to_cpu(ev->handle));
3074
3075 hci_dev_lock(hdev);
3076
3077 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3078 if (!conn)
3079 goto unlock;
3080
3081 if (!ev->status)
3082 conn->sec_level = conn->pending_sec_level;
3083
3084 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3085
3086 if (ev->status && conn->state == BT_CONNECTED) {
3087 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3088 hci_conn_put(conn);
3089 goto unlock;
3090 }
3091
3092 if (conn->state == BT_CONFIG) {
3093 if (!ev->status)
3094 conn->state = BT_CONNECTED;
3095
3096 hci_proto_connect_cfm(conn, ev->status);
3097 hci_conn_put(conn);
3098 } else {
3099 hci_auth_cfm(conn, ev->status);
3100
3101 hci_conn_hold(conn);
3102 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3103 hci_conn_put(conn);
3104 }
3105
3106unlock:
3107 hci_dev_unlock(hdev);
3108}
3109
6039aa73 3110static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d
JH		 3111{
3112 /* If remote requests dedicated bonding follow that lead */
3113 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3114 /* If both remote and local IO capabilities allow MITM
3115 * protection then require it, otherwise don't */
3116 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3117 return 0x02;
3118 else
3119 return 0x03;
3120 }
3121
3122 /* If remote requests no-bonding follow that lead */
3123 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3124 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3125
3126 return conn->auth_type;
3127}
3128
6039aa73 3129static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3130{
3131 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3132 struct hci_conn *conn;
3133
3134 BT_DBG("%s", hdev->name);
3135
3136 hci_dev_lock(hdev);
3137
3138 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3139 if (!conn)
3140 goto unlock;
3141
3142 hci_conn_hold(conn);
3143
a8b2d5c2 3144 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3145 goto unlock;
3146
a8b2d5c2 3147 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3148 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3149 struct hci_cp_io_capability_reply cp;
3150
3151 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3152 /* Change the IO capability from KeyboardDisplay
3153 * to DisplayYesNo as it is not supported by BT spec. */
3154 cp.capability = (conn->io_capability == 0x04) ?
3155 0x01 : conn->io_capability;
7cbc9bd9
JH		 3156 conn->auth_type = hci_get_auth_req(conn);
3157 cp.authentication = conn->auth_type;
17fa4b9d 3158
8fc9ced3
GP		 3159 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3160 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3161 cp.oob_data = 0x01;
3162 else
3163 cp.oob_data = 0x00;
3164
17fa4b9d 3165 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3166 sizeof(cp), &cp);
03b555e1
JH		 3167 } else {
3168 struct hci_cp_io_capability_neg_reply cp;
3169
3170 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3171 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3172
03b555e1 3173 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3174 sizeof(cp), &cp);
03b555e1
JH		 3175 }
3176
3177unlock:
3178 hci_dev_unlock(hdev);
3179}
3180
6039aa73 3181static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3182{
3183 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3184 struct hci_conn *conn;
3185
3186 BT_DBG("%s", hdev->name);
3187
3188 hci_dev_lock(hdev);
3189
3190 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3191 if (!conn)
3192 goto unlock;
3193
03b555e1 3194 conn->remote_cap = ev->capability;
03b555e1 3195 conn->remote_auth = ev->authentication;
58a681ef
JH		 3196 if (ev->oob_data)
3197 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3198
3199unlock:
0493684e
MH		 3200 hci_dev_unlock(hdev);
3201}
3202
6039aa73
GP		 3203static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3204 struct sk_buff *skb)
a5c29683
JH		 3205{
3206 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3207 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3208 struct hci_conn *conn;
a5c29683
JH		 3209
3210 BT_DBG("%s", hdev->name);
3211
3212 hci_dev_lock(hdev);
3213
a8b2d5c2 3214 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3215 goto unlock;
a5c29683 3216
7a828908
JH		 3217 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3218 if (!conn)
3219 goto unlock;
3220
3221 loc_mitm = (conn->auth_type & 0x01);
3222 rem_mitm = (conn->remote_auth & 0x01);
3223
3224 /* If we require MITM but the remote device can't provide that
3225 * (it has NoInputNoOutput) then reject the confirmation
3226 * request. The only exception is when we're dedicated bonding
3227 * initiators (connect_cfm_cb set) since then we always have the MITM
3228 * bit set. */
3229 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3230 BT_DBG("Rejecting request: remote device can't provide MITM");
3231 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3232 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3233 goto unlock;
3234 }
3235
3236 /* If no side requires MITM protection; auto-accept */
3237 if ((!loc_mitm || conn->remote_cap == 0x03) &&
807deac2 3238 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3239
3240 /* If we're not the initiators request authorization to
3241 * proceed from user space (mgmt_user_confirm with
3242 * confirm_hint set to 1). */
51a8efd7 3243 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3244 BT_DBG("Confirming auto-accept as acceptor");
3245 confirm_hint = 1;
3246 goto confirm;
3247 }
3248
9f61656a 3249 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3250 hdev->auto_accept_delay);
9f61656a
JH		 3251
3252 if (hdev->auto_accept_delay > 0) {
3253 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3254 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3255 goto unlock;
3256 }
3257
7a828908 3258 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3259 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3260 goto unlock;
3261 }
3262
55bc1a37 3263confirm:
272d90df 3264 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3265 confirm_hint);
7a828908
JH		 3266
3267unlock:
a5c29683
JH		 3268 hci_dev_unlock(hdev);
3269}
3270
6039aa73
GP		 3271static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3272 struct sk_buff *skb)
1143d458
BG		 3273{
3274 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3275
3276 BT_DBG("%s", hdev->name);
3277
a8b2d5c2 3278 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3279 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3280}
3281
92a25256
JH		 3282static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3283 struct sk_buff *skb)
3284{
3285 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3286 struct hci_conn *conn;
3287
3288 BT_DBG("%s", hdev->name);
3289
3290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3291 if (!conn)
3292 return;
3293
3294 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3295 conn->passkey_entered = 0;
3296
3297 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3298 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3299 conn->dst_type, conn->passkey_notify,
3300 conn->passkey_entered);
3301}
3302
3303static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3304{
3305 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3306 struct hci_conn *conn;
3307
3308 BT_DBG("%s", hdev->name);
3309
3310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3311 if (!conn)
3312 return;
3313
3314 switch (ev->type) {
3315 case HCI_KEYPRESS_STARTED:
3316 conn->passkey_entered = 0;
3317 return;
3318
3319 case HCI_KEYPRESS_ENTERED:
3320 conn->passkey_entered++;
3321 break;
3322
3323 case HCI_KEYPRESS_ERASED:
3324 conn->passkey_entered--;
3325 break;
3326
3327 case HCI_KEYPRESS_CLEARED:
3328 conn->passkey_entered = 0;
3329 break;
3330
3331 case HCI_KEYPRESS_COMPLETED:
3332 return;
3333 }
3334
3335 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3336 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3337 conn->dst_type, conn->passkey_notify,
3338 conn->passkey_entered);
3339}
3340
6039aa73
GP		 3341static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3342 struct sk_buff *skb)
0493684e
MH		 3343{
3344 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3345 struct hci_conn *conn;
3346
3347 BT_DBG("%s", hdev->name);
3348
3349 hci_dev_lock(hdev);
3350
3351 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3352 if (!conn)
3353 goto unlock;
3354
3355 /* To avoid duplicate auth_failed events to user space we check
3356 * the HCI_CONN_AUTH_PEND flag which will be set if we
3357 * initiated the authentication. A traditional auth_complete
3358 * event gets always produced as initiator and is also mapped to
3359 * the mgmt_auth_failed event */
fa1bd918 3360 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3361 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3362 ev->status);
0493684e 3363
2a611692
JH		 3364 hci_conn_put(conn);
3365
3366unlock:
0493684e
MH		 3367 hci_dev_unlock(hdev);
3368}
3369
6039aa73
GP		 3370static void hci_remote_host_features_evt(struct hci_dev *hdev,
3371 struct sk_buff *skb)
41a96212
MH		 3372{
3373 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3374 struct inquiry_entry *ie;
3375
3376 BT_DBG("%s", hdev->name);
3377
3378 hci_dev_lock(hdev);
3379
cc11b9c1
AE		 3380 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3381 if (ie)
02b7cc62 3382 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3383
3384 hci_dev_unlock(hdev);
3385}
3386
6039aa73
GP		 3387static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3388 struct sk_buff *skb)
2763eda6
SJ		 3389{
3390 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3391 struct oob_data *data;
3392
3393 BT_DBG("%s", hdev->name);
3394
3395 hci_dev_lock(hdev);
3396
a8b2d5c2 3397 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3398 goto unlock;
3399
2763eda6
SJ		 3400 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3401 if (data) {
3402 struct hci_cp_remote_oob_data_reply cp;
3403
3404 bacpy(&cp.bdaddr, &ev->bdaddr);
3405 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3406 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3407
3408 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
807deac2 3409 &cp);
2763eda6
SJ		 3410 } else {
3411 struct hci_cp_remote_oob_data_neg_reply cp;
3412
3413 bacpy(&cp.bdaddr, &ev->bdaddr);
3414 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
807deac2 3415 &cp);
2763eda6
SJ		 3416 }
3417
e1ba1f15 3418unlock:
2763eda6
SJ		 3419 hci_dev_unlock(hdev);
3420}
3421
6039aa73 3422static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3423{
3424 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3425 struct hci_conn *conn;
3426
9f1db00c 3427 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3428
3429 hci_dev_lock(hdev);
3430
b47a09b3 3431 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3432 if (!conn) {
3433 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3434 if (!conn) {
3435 BT_ERR("No memory for new connection");
230fd16a 3436 goto unlock;
b62f328b 3437 }
29b7988a
AG		 3438
3439 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3440
3441 if (ev->role == LE_CONN_ROLE_MASTER) {
3442 conn->out = true;
3443 conn->link_mode |= HCI_LM_MASTER;
3444 }
b62f328b 3445 }
fcd89c09 3446
cd17decb
AG		 3447 if (ev->status) {
3448 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3449 conn->dst_type, ev->status);
3450 hci_proto_connect_cfm(conn, ev->status);
3451 conn->state = BT_CLOSED;
3452 hci_conn_del(conn);
3453 goto unlock;
3454 }
3455
b644ba33
JH		 3456 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3457 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3458 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3459
7b5c0d52 3460 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3461 conn->handle = __le16_to_cpu(ev->handle);
3462 conn->state = BT_CONNECTED;
3463
3464 hci_conn_hold_device(conn);
3465 hci_conn_add_sysfs(conn);
3466
3467 hci_proto_connect_cfm(conn, ev->status);
3468
3469unlock:
3470 hci_dev_unlock(hdev);
3471}
3472
6039aa73 3473static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 3474{
e95beb41
AG		 3475 u8 num_reports = skb->data[0];
3476 void *ptr = &skb->data[1];
3c9e9195 3477 s8 rssi;
9aa04c91
AG		 3478
3479 hci_dev_lock(hdev);
3480
e95beb41
AG		 3481 while (num_reports--) {
3482 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3483
3c9e9195
AG		 3484 rssi = ev->data[ev->length];
3485 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3486 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3487
e95beb41 3488 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3489 }
3490
3491 hci_dev_unlock(hdev);
3492}
3493
6039aa73 3494static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 3495{
3496 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3497 struct hci_cp_le_ltk_reply cp;
bea710fe 3498 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3499 struct hci_conn *conn;
c9839a11 3500 struct smp_ltk *ltk;
a7a595f6 3501
9f1db00c 3502 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3503
3504 hci_dev_lock(hdev);
3505
3506 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3507 if (conn == NULL)
3508 goto not_found;
a7a595f6 3509
bea710fe
VCG		 3510 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3511 if (ltk == NULL)
3512 goto not_found;
3513
3514 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3515 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3516
3517 if (ltk->authenticated)
3518 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3519
3520 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3521
c9839a11
VCG		 3522 if (ltk->type & HCI_SMP_STK) {
3523 list_del(&ltk->list);
3524 kfree(ltk);
3525 }
3526
a7a595f6 3527 hci_dev_unlock(hdev);
bea710fe
VCG		 3528
3529 return;
3530
3531not_found:
3532 neg.handle = ev->handle;
3533 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3534 hci_dev_unlock(hdev);
a7a595f6
VCG		 3535}
3536
6039aa73 3537static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3538{
3539 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3540
3541 skb_pull(skb, sizeof(*le_ev));
3542
3543 switch (le_ev->subevent) {
3544 case HCI_EV_LE_CONN_COMPLETE:
3545 hci_le_conn_complete_evt(hdev, skb);
3546 break;
3547
9aa04c91
AG		 3548 case HCI_EV_LE_ADVERTISING_REPORT:
3549 hci_le_adv_report_evt(hdev, skb);
3550 break;
3551
a7a595f6
VCG		 3552 case HCI_EV_LE_LTK_REQ:
3553 hci_le_ltk_request_evt(hdev, skb);
3554 break;
3555
fcd89c09
VT		 3556 default:
3557 break;
3558 }
3559}
3560
a9de9248
MH		 3561void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3562{
3563 struct hci_event_hdr *hdr = (void *) skb->data;
3564 __u8 event = hdr->evt;
3565
3566 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3567
3568 switch (event) {
1da177e4
LT		 3569 case HCI_EV_INQUIRY_COMPLETE:
3570 hci_inquiry_complete_evt(hdev, skb);
3571 break;
3572
3573 case HCI_EV_INQUIRY_RESULT:
3574 hci_inquiry_result_evt(hdev, skb);
3575 break;
3576
a9de9248
MH		 3577 case HCI_EV_CONN_COMPLETE:
3578 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3579 break;
3580
1da177e4
LT		 3581 case HCI_EV_CONN_REQUEST:
3582 hci_conn_request_evt(hdev, skb);
3583 break;
3584
1da177e4
LT		 3585 case HCI_EV_DISCONN_COMPLETE:
3586 hci_disconn_complete_evt(hdev, skb);
3587 break;
3588
1da177e4
LT		 3589 case HCI_EV_AUTH_COMPLETE:
3590 hci_auth_complete_evt(hdev, skb);
3591 break;
3592
a9de9248
MH		 3593 case HCI_EV_REMOTE_NAME:
3594 hci_remote_name_evt(hdev, skb);
3595 break;
3596
1da177e4
LT		 3597 case HCI_EV_ENCRYPT_CHANGE:
3598 hci_encrypt_change_evt(hdev, skb);
3599 break;
3600
a9de9248
MH		 3601 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3602 hci_change_link_key_complete_evt(hdev, skb);
3603 break;
3604
3605 case HCI_EV_REMOTE_FEATURES:
3606 hci_remote_features_evt(hdev, skb);
3607 break;
3608
3609 case HCI_EV_REMOTE_VERSION:
3610 hci_remote_version_evt(hdev, skb);
3611 break;
3612
3613 case HCI_EV_QOS_SETUP_COMPLETE:
3614 hci_qos_setup_complete_evt(hdev, skb);
3615 break;
3616
3617 case HCI_EV_CMD_COMPLETE:
3618 hci_cmd_complete_evt(hdev, skb);
3619 break;
3620
3621 case HCI_EV_CMD_STATUS:
3622 hci_cmd_status_evt(hdev, skb);
3623 break;
3624
3625 case HCI_EV_ROLE_CHANGE:
3626 hci_role_change_evt(hdev, skb);
3627 break;
3628
3629 case HCI_EV_NUM_COMP_PKTS:
3630 hci_num_comp_pkts_evt(hdev, skb);
3631 break;
3632
3633 case HCI_EV_MODE_CHANGE:
3634 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3635 break;
3636
3637 case HCI_EV_PIN_CODE_REQ:
3638 hci_pin_code_request_evt(hdev, skb);
3639 break;
3640
3641 case HCI_EV_LINK_KEY_REQ:
3642 hci_link_key_request_evt(hdev, skb);
3643 break;
3644
3645 case HCI_EV_LINK_KEY_NOTIFY:
3646 hci_link_key_notify_evt(hdev, skb);
3647 break;
3648
3649 case HCI_EV_CLOCK_OFFSET:
3650 hci_clock_offset_evt(hdev, skb);
3651 break;
3652
a8746417
MH		 3653 case HCI_EV_PKT_TYPE_CHANGE:
3654 hci_pkt_type_change_evt(hdev, skb);
3655 break;
3656
85a1e930
MH		 3657 case HCI_EV_PSCAN_REP_MODE:
3658 hci_pscan_rep_mode_evt(hdev, skb);
3659 break;
3660
a9de9248
MH		 3661 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3662 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3663 break;
3664
a9de9248
MH		 3665 case HCI_EV_REMOTE_EXT_FEATURES:
3666 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3667 break;
3668
a9de9248
MH		 3669 case HCI_EV_SYNC_CONN_COMPLETE:
3670 hci_sync_conn_complete_evt(hdev, skb);
3671 break;
1da177e4 3672
a9de9248
MH		 3673 case HCI_EV_SYNC_CONN_CHANGED:
3674 hci_sync_conn_changed_evt(hdev, skb);
3675 break;
1da177e4 3676
a9de9248
MH		 3677 case HCI_EV_SNIFF_SUBRATE:
3678 hci_sniff_subrate_evt(hdev, skb);
3679 break;
1da177e4 3680
a9de9248
MH		 3681 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3682 hci_extended_inquiry_result_evt(hdev, skb);
3683 break;
1da177e4 3684
1c2e0041
JH		 3685 case HCI_EV_KEY_REFRESH_COMPLETE:
3686 hci_key_refresh_complete_evt(hdev, skb);
3687 break;
3688
0493684e
MH		 3689 case HCI_EV_IO_CAPA_REQUEST:
3690 hci_io_capa_request_evt(hdev, skb);
3691 break;
3692
03b555e1
JH		 3693 case HCI_EV_IO_CAPA_REPLY:
3694 hci_io_capa_reply_evt(hdev, skb);
3695 break;
3696
a5c29683
JH		 3697 case HCI_EV_USER_CONFIRM_REQUEST:
3698 hci_user_confirm_request_evt(hdev, skb);
3699 break;
3700
1143d458
BG		 3701 case HCI_EV_USER_PASSKEY_REQUEST:
3702 hci_user_passkey_request_evt(hdev, skb);
3703 break;
3704
92a25256
JH		 3705 case HCI_EV_USER_PASSKEY_NOTIFY:
3706 hci_user_passkey_notify_evt(hdev, skb);
3707 break;
3708
3709 case HCI_EV_KEYPRESS_NOTIFY:
3710 hci_keypress_notify_evt(hdev, skb);
3711 break;
3712
0493684e
MH		 3713 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3714 hci_simple_pair_complete_evt(hdev, skb);
3715 break;
3716
41a96212
MH		 3717 case HCI_EV_REMOTE_HOST_FEATURES:
3718 hci_remote_host_features_evt(hdev, skb);
3719 break;
3720
fcd89c09
VT		 3721 case HCI_EV_LE_META:
3722 hci_le_meta_evt(hdev, skb);
3723 break;
3724
2763eda6
SJ		 3725 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3726 hci_remote_oob_data_request_evt(hdev, skb);
3727 break;
3728
25e89e99
AE		 3729 case HCI_EV_NUM_COMP_BLOCKS:
3730 hci_num_comp_blocks_evt(hdev, skb);
3731 break;
3732
a9de9248 3733 default:
9f1db00c 3734 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 3735 break;
3736 }
3737
3738 kfree_skb(skb);
3739 hdev->stat.evt_rx++;
3740}
Linux kernel - Deliverables
This page took 1.009737 seconds and 5 git commands to generate.