projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add Periodic Inquiry command complete handler
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
70f23020 40#include <linux/uaccess.h>
1da177e4
LT		 41#include <asm/unaligned.h>
42
43#include <net/bluetooth/bluetooth.h>
44#include <net/bluetooth/hci_core.h>
45
1da177e4
LT		 46/* Handle HCI Event packets */
47
a9de9248 48static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 49{
a9de9248 50 __u8 status = *((__u8 *) skb->data);
1da177e4 51
a9de9248 52 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 53
e6d465cb
AG		 54 if (status) {
55 hci_dev_lock(hdev);
56 mgmt_stop_discovery_failed(hdev, status);
57 hci_dev_unlock(hdev);
a9de9248 58 return;
e6d465cb 59 }
1da177e4 60
89352e7d
AG		 61 clear_bit(HCI_INQUIRY, &hdev->flags);
62
56e5cb86 63 hci_dev_lock(hdev);
ff9ef578 64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 65 hci_dev_unlock(hdev);
6bd57416 66
23bb5763 67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 68
69 hci_conn_check_pending(hdev);
70}
6bd57416 71
4d93483b
AG		 72static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73{
74 __u8 status = *((__u8 *) skb->data);
75
76 BT_DBG("%s status 0x%x", hdev->name, status);
77}
78
a9de9248
MH		 79static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
80{
81 __u8 status = *((__u8 *) skb->data);
6bd57416 82
a9de9248 83 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 84
a9de9248
MH		 85 if (status)
86 return;
1da177e4 87
a9de9248
MH		 88 hci_conn_check_pending(hdev);
89}
90
91static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
92{
93 BT_DBG("%s", hdev->name);
94}
95
96static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
97{
98 struct hci_rp_role_discovery *rp = (void *) skb->data;
99 struct hci_conn *conn;
100
101 BT_DBG("%s status 0x%x", hdev->name, rp->status);
102
103 if (rp->status)
104 return;
105
106 hci_dev_lock(hdev);
107
108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
109 if (conn) {
110 if (rp->role)
111 conn->link_mode &= ~HCI_LM_MASTER;
112 else
113 conn->link_mode |= HCI_LM_MASTER;
1da177e4 114 }
a9de9248
MH		 115
116 hci_dev_unlock(hdev);
1da177e4
LT		 117}
118
e4e8e37c
MH		 119static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
120{
121 struct hci_rp_read_link_policy *rp = (void *) skb->data;
122 struct hci_conn *conn;
123
124 BT_DBG("%s status 0x%x", hdev->name, rp->status);
125
126 if (rp->status)
127 return;
128
129 hci_dev_lock(hdev);
130
131 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
132 if (conn)
133 conn->link_policy = __le16_to_cpu(rp->policy);
134
135 hci_dev_unlock(hdev);
136}
137
a9de9248 138static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 139{
a9de9248 140 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 141 struct hci_conn *conn;
04837f64 142 void *sent;
1da177e4 143
a9de9248 144 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 145
a9de9248
MH		 146 if (rp->status)
147 return;
1da177e4 148
a9de9248
MH		 149 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 if (!sent)
151 return;
1da177e4 152
a9de9248 153 hci_dev_lock(hdev);
1da177e4 154
a9de9248 155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 156 if (conn)
83985319 157 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 158
a9de9248
MH		 159 hci_dev_unlock(hdev);
160}
1da177e4 161
e4e8e37c
MH		 162static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
163{
164 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
165
166 BT_DBG("%s status 0x%x", hdev->name, rp->status);
167
168 if (rp->status)
169 return;
170
171 hdev->link_policy = __le16_to_cpu(rp->policy);
172}
173
174static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
175{
176 __u8 status = *((__u8 *) skb->data);
177 void *sent;
178
179 BT_DBG("%s status 0x%x", hdev->name, status);
180
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 if (!sent)
183 return;
184
185 if (!status)
186 hdev->link_policy = get_unaligned_le16(sent);
187
23bb5763 188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 189}
190
a9de9248
MH		 191static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
192{
193 __u8 status = *((__u8 *) skb->data);
04837f64 194
a9de9248 195 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 196
10572132
GP		 197 clear_bit(HCI_RESET, &hdev->flags);
198
23bb5763 199 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 200
a297e97c 201 /* Reset all non-persistent flags */
9f8ce967 202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
69775ff6
AG		 203
204 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 205}
04837f64 206
a9de9248
MH		 207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
04837f64 211
a9de9248 212 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 213
a9de9248
MH		 214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
04837f64 217
56e5cb86
JH		 218 hci_dev_lock(hdev);
219
f51d5b24
JH		 220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 224
56e5cb86 225 hci_dev_unlock(hdev);
3159d384
JH		 226
227 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 228}
229
230static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
231{
232 struct hci_rp_read_local_name *rp = (void *) skb->data;
233
234 BT_DBG("%s status 0x%x", hdev->name, rp->status);
235
236 if (rp->status)
237 return;
238
db99b5fc
JH		 239 if (test_bit(HCI_SETUP, &hdev->dev_flags))
240 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 241}
242
243static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
244{
245 __u8 status = *((__u8 *) skb->data);
246 void *sent;
247
248 BT_DBG("%s status 0x%x", hdev->name, status);
249
250 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 if (!sent)
252 return;
253
254 if (!status) {
255 __u8 param = *((__u8 *) sent);
256
257 if (param == AUTH_ENABLED)
258 set_bit(HCI_AUTH, &hdev->flags);
259 else
260 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 261 }
a9de9248 262
33ef95ed
JH		 263 if (test_bit(HCI_MGMT, &hdev->dev_flags))
264 mgmt_auth_enable_complete(hdev, status);
265
23bb5763 266 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 267}
268
a9de9248 269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 270{
a9de9248 271 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 272 void *sent;
273
a9de9248 274 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 275
a9de9248
MH		 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
1da177e4 279
a9de9248
MH		 280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
1da177e4 288
23bb5763 289 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 290}
1da177e4 291
a9de9248
MH		 292static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293{
36f7fc7e
JH		 294 __u8 param, status = *((__u8 *) skb->data);
295 int old_pscan, old_iscan;
a9de9248 296 void *sent;
1da177e4 297
a9de9248 298 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 299
a9de9248
MH		 300 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
301 if (!sent)
302 return;
1da177e4 303
36f7fc7e
JH		 304 param = *((__u8 *) sent);
305
56e5cb86
JH		 306 hci_dev_lock(hdev);
307
2d7cee58 308 if (status != 0) {
744cf19e 309 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 310 hdev->discov_timeout = 0;
311 goto done;
312 }
313
36f7fc7e
JH		 314 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
315 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316
317 if (param & SCAN_INQUIRY) {
318 set_bit(HCI_ISCAN, &hdev->flags);
319 if (!old_iscan)
744cf19e 320 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 321 if (hdev->discov_timeout > 0) {
322 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
323 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 to);
325 }
36f7fc7e 326 } else if (old_iscan)
744cf19e 327 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 328
329 if (param & SCAN_PAGE) {
330 set_bit(HCI_PSCAN, &hdev->flags);
331 if (!old_pscan)
744cf19e 332 mgmt_connectable(hdev, 1);
36f7fc7e 333 } else if (old_pscan)
744cf19e 334 mgmt_connectable(hdev, 0);
1da177e4 335
36f7fc7e 336done:
56e5cb86 337 hci_dev_unlock(hdev);
23bb5763 338 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 339}
1da177e4 340
a9de9248
MH		 341static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 344
a9de9248 345 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 346
a9de9248
MH		 347 if (rp->status)
348 return;
1da177e4 349
a9de9248 350 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 351
a9de9248
MH		 352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
353 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354}
1da177e4 355
a9de9248
MH		 356static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
357{
358 __u8 status = *((__u8 *) skb->data);
359 void *sent;
1da177e4 360
a9de9248 361 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 362
a9de9248
MH		 363 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 if (!sent)
365 return;
1da177e4 366
7f9a903c
MH		 367 hci_dev_lock(hdev);
368
369 if (status == 0)
370 memcpy(hdev->dev_class, sent, 3);
371
372 if (test_bit(HCI_MGMT, &hdev->dev_flags))
373 mgmt_set_class_of_dev_complete(hdev, sent, status);
374
375 hci_dev_unlock(hdev);
a9de9248 376}
1da177e4 377
a9de9248
MH		 378static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
379{
380 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 __u16 setting;
382
383 BT_DBG("%s status 0x%x", hdev->name, rp->status);
384
385 if (rp->status)
386 return;
387
388 setting = __le16_to_cpu(rp->voice_setting);
389
f383f275 390 if (hdev->voice_setting == setting)
a9de9248
MH		 391 return;
392
393 hdev->voice_setting = setting;
394
395 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
396
3c54711c 397 if (hdev->notify)
a9de9248 398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 399}
400
401static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
402{
403 __u8 status = *((__u8 *) skb->data);
f383f275 404 __u16 setting;
a9de9248
MH		 405 void *sent;
406
407 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 408
f383f275
MH		 409 if (status)
410 return;
411
a9de9248
MH		 412 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
413 if (!sent)
414 return;
1da177e4 415
f383f275 416 setting = get_unaligned_le16(sent);
1da177e4 417
f383f275
MH		 418 if (hdev->voice_setting == setting)
419 return;
420
421 hdev->voice_setting = setting;
1da177e4 422
f383f275 423 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 424
3c54711c 425 if (hdev->notify)
f383f275 426 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 427}
428
a9de9248 429static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 430{
a9de9248 431 __u8 status = *((__u8 *) skb->data);
1da177e4 432
a9de9248 433 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 434
23bb5763 435 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 436}
1143e5a6 437
333140b5
MH		 438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{
440 __u8 status = *((__u8 *) skb->data);
441 void *sent;
442
443 BT_DBG("%s status 0x%x", hdev->name, status);
444
333140b5
MH		 445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
446 if (!sent)
447 return;
448
ed2c4ee3 449 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 450 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
451 else if (!status) {
452 if (*((u8 *) sent))
453 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 else
455 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 }
333140b5
MH		 457}
458
d5859e22
JH		 459static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460{
461 if (hdev->features[6] & LMP_EXT_INQ)
462 return 2;
463
464 if (hdev->features[3] & LMP_RSSI_INQ)
465 return 1;
466
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
469 return 1;
470
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 return 1;
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 return 1;
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
477 return 1;
478 }
479
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
482 return 1;
483
484 return 0;
485}
486
487static void hci_setup_inquiry_mode(struct hci_dev *hdev)
488{
489 u8 mode;
490
491 mode = hci_get_inquiry_mode(hdev);
492
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
494}
495
496static void hci_setup_event_mask(struct hci_dev *hdev)
497{
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502
6de6c18d
VT		 503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
5a13b095 505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 506 return;
507
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 513
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
516
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
519
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
525
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
528
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
543 }
544
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
547
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
549}
550
551static void hci_setup(struct hci_dev *hdev)
552{
e61ef499
AE		 553 if (hdev->dev_type != HCI_BREDR)
554 return;
555
d5859e22
JH		 556 hci_setup_event_mask(hdev);
557
d095c1eb 558 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 559 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
560
54d04dbb
JH		 561 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
562 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
563 u8 mode = 0x01;
564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 565 sizeof(mode), &mode);
54d04dbb
JH		 566 } else {
567 struct hci_cp_write_eir cp;
568
569 memset(hdev->eir, 0, sizeof(hdev->eir));
570 memset(&cp, 0, sizeof(cp));
571
572 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
573 }
d5859e22
JH		 574 }
575
576 if (hdev->features[3] & LMP_RSSI_INQ)
577 hci_setup_inquiry_mode(hdev);
578
579 if (hdev->features[7] & LMP_INQ_TX_PWR)
580 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 581
582 if (hdev->features[7] & LMP_EXTFEATURES) {
583 struct hci_cp_read_local_ext_features cp;
584
585 cp.page = 0x01;
04124681
GP		 586 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
587 &cp);
971e3a4b 588 }
e6100a25 589
47990ea0
JH		 590 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
591 u8 enable = 1;
04124681
GP		 592 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
593 &enable);
47990ea0 594 }
d5859e22
JH		 595}
596
a9de9248
MH		 597static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
598{
599 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 600
a9de9248 601 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 602
a9de9248 603 if (rp->status)
28b8df77 604 goto done;
1143e5a6 605
a9de9248 606 hdev->hci_ver = rp->hci_ver;
e4e8e37c 607 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 608 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 609 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 610 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 611
a9de9248
MH		 612 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
613 hdev->manufacturer,
614 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 615
616 if (test_bit(HCI_INIT, &hdev->flags))
617 hci_setup(hdev);
28b8df77
AE		 618
619done:
620 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 621}
622
623static void hci_setup_link_policy(struct hci_dev *hdev)
624{
035100c8 625 struct hci_cp_write_def_link_policy cp;
d5859e22
JH		 626 u16 link_policy = 0;
627
628 if (hdev->features[0] & LMP_RSWITCH)
629 link_policy |= HCI_LP_RSWITCH;
630 if (hdev->features[0] & LMP_HOLD)
631 link_policy |= HCI_LP_HOLD;
632 if (hdev->features[0] & LMP_SNIFF)
633 link_policy |= HCI_LP_SNIFF;
634 if (hdev->features[1] & LMP_PARK)
635 link_policy |= HCI_LP_PARK;
636
035100c8
AE		 637 cp.policy = cpu_to_le16(link_policy);
638 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
a9de9248 639}
1da177e4 640
a9de9248
MH		 641static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
642{
643 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 644
a9de9248 645 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 646
a9de9248 647 if (rp->status)
d5859e22 648 goto done;
1da177e4 649
a9de9248 650 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 651
652 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
653 hci_setup_link_policy(hdev);
654
655done:
656 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 657}
1da177e4 658
a9de9248
MH		 659static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 662
a9de9248 663 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 664
a9de9248
MH		 665 if (rp->status)
666 return;
5b7f9909 667
a9de9248 668 memcpy(hdev->features, rp->features, 8);
5b7f9909 669
a9de9248
MH		 670 /* Adjust default settings according to features
671 * supported by device. */
1da177e4 672
a9de9248
MH		 673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 675
a9de9248
MH		 676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 678
a9de9248
MH		 679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
682 }
1da177e4 683
a9de9248
MH		 684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
687 }
1da177e4 688
a9de9248
MH		 689 if (hdev->features[3] & LMP_ESCO)
690 hdev->esco_type |= (ESCO_EV3);
da1f5198 691
a9de9248
MH		 692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
da1f5198 694
a9de9248
MH		 695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
1da177e4 697
efc7688b
MH		 698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
700
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
703
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706
a9de9248
MH		 707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
712}
1da177e4 713
8f984dfa
JH		 714static void hci_set_le_support(struct hci_dev *hdev)
715{
716 struct hci_cp_write_le_host_supported cp;
717
718 memset(&cp, 0, sizeof(cp));
719
720 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
721 cp.le = 1;
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
723 }
724
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
727 &cp);
8f984dfa
JH		 728}
729
971e3a4b
AG		 730static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
731 struct sk_buff *skb)
732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734
735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
736
737 if (rp->status)
8f984dfa 738 goto done;
971e3a4b 739
b5b32b65
AG		 740 switch (rp->page) {
741 case 0:
742 memcpy(hdev->features, rp->features, 8);
743 break;
744 case 1:
745 memcpy(hdev->host_features, rp->features, 8);
746 break;
747 }
971e3a4b 748
8f984dfa
JH		 749 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
750 hci_set_le_support(hdev);
751
752done:
971e3a4b
AG		 753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
754}
755
1e89cffb
AE		 756static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
757 struct sk_buff *skb)
758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760
761 BT_DBG("%s status 0x%x", hdev->name, rp->status);
762
763 if (rp->status)
764 return;
765
766 hdev->flow_ctl_mode = rp->mode;
767
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
769}
770
a9de9248
MH		 771static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 774
a9de9248 775 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 776
a9de9248
MH		 777 if (rp->status)
778 return;
1da177e4 779
a9de9248
MH		 780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
784
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->sco_mtu = 64;
787 hdev->sco_pkts = 8;
1da177e4 788 }
a9de9248
MH		 789
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
792
793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
794 hdev->acl_mtu, hdev->acl_pkts,
795 hdev->sco_mtu, hdev->sco_pkts);
796}
797
798static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
799{
800 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
801
802 BT_DBG("%s status 0x%x", hdev->name, rp->status);
803
804 if (!rp->status)
805 bacpy(&hdev->bdaddr, &rp->bdaddr);
806
23bb5763
JH		 807 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
808}
809
350ee4cf
AE		 810static void hci_cc_read_data_block_size(struct hci_dev *hdev,
811 struct sk_buff *skb)
812{
813 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
814
815 BT_DBG("%s status 0x%x", hdev->name, rp->status);
816
817 if (rp->status)
818 return;
819
820 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
821 hdev->block_len = __le16_to_cpu(rp->block_len);
822 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
823
824 hdev->block_cnt = hdev->num_blocks;
825
826 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
827 hdev->block_cnt, hdev->block_len);
828
829 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
830}
831
23bb5763
JH		 832static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
833{
834 __u8 status = *((__u8 *) skb->data);
835
836 BT_DBG("%s status 0x%x", hdev->name, status);
837
838 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 839}
840
928abaa7
AE		 841static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
842 struct sk_buff *skb)
843{
844 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
845
846 BT_DBG("%s status 0x%x", hdev->name, rp->status);
847
848 if (rp->status)
849 return;
850
851 hdev->amp_status = rp->amp_status;
852 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
853 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
854 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
855 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
856 hdev->amp_type = rp->amp_type;
857 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
858 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
859 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
860 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861
862 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
863}
864
b0916ea0
JH		 865static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
866 struct sk_buff *skb)
867{
868 __u8 status = *((__u8 *) skb->data);
869
870 BT_DBG("%s status 0x%x", hdev->name, status);
871
872 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
873}
874
d5859e22
JH		 875static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
876{
877 __u8 status = *((__u8 *) skb->data);
878
879 BT_DBG("%s status 0x%x", hdev->name, status);
880
881 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
882}
883
884static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
885 struct sk_buff *skb)
886{
887 __u8 status = *((__u8 *) skb->data);
888
889 BT_DBG("%s status 0x%x", hdev->name, status);
890
891 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
892}
893
894static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
895 struct sk_buff *skb)
896{
91c4e9b1 897 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 898
91c4e9b1
MH		 899 BT_DBG("%s status 0x%x", hdev->name, rp->status);
900
901 if (!rp->status)
902 hdev->inq_tx_power = rp->tx_power;
d5859e22 903
91c4e9b1 904 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
d5859e22
JH		 905}
906
907static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
908{
909 __u8 status = *((__u8 *) skb->data);
910
911 BT_DBG("%s status 0x%x", hdev->name, status);
912
913 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
914}
915
980e1a53
JH		 916static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
917{
918 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
919 struct hci_cp_pin_code_reply *cp;
920 struct hci_conn *conn;
921
922 BT_DBG("%s status 0x%x", hdev->name, rp->status);
923
56e5cb86
JH		 924 hci_dev_lock(hdev);
925
a8b2d5c2 926 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 927 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 928
929 if (rp->status != 0)
56e5cb86 930 goto unlock;
980e1a53
JH		 931
932 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
933 if (!cp)
56e5cb86 934 goto unlock;
980e1a53
JH		 935
936 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
937 if (conn)
938 conn->pin_length = cp->pin_len;
56e5cb86
JH		 939
940unlock:
941 hci_dev_unlock(hdev);
980e1a53
JH		 942}
943
944static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
945{
946 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
947
948 BT_DBG("%s status 0x%x", hdev->name, rp->status);
949
56e5cb86
JH		 950 hci_dev_lock(hdev);
951
a8b2d5c2 952 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 953 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 954 rp->status);
56e5cb86
JH		 955
956 hci_dev_unlock(hdev);
980e1a53 957}
56e5cb86 958
6ed58ec5
VT		 959static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960 struct sk_buff *skb)
961{
962 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
963
964 BT_DBG("%s status 0x%x", hdev->name, rp->status);
965
966 if (rp->status)
967 return;
968
969 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
970 hdev->le_pkts = rp->le_max_pkt;
971
972 hdev->le_cnt = hdev->le_pkts;
973
974 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975
976 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
977}
980e1a53 978
a5c29683
JH		 979static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
980{
981 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
982
983 BT_DBG("%s status 0x%x", hdev->name, rp->status);
984
56e5cb86
JH		 985 hci_dev_lock(hdev);
986
a8b2d5c2 987 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 988 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
989 rp->status);
56e5cb86
JH		 990
991 hci_dev_unlock(hdev);
a5c29683
JH		 992}
993
994static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
995 struct sk_buff *skb)
996{
997 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
998
999 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1000
56e5cb86
JH		 1001 hci_dev_lock(hdev);
1002
a8b2d5c2 1003 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 1004 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1005 ACL_LINK, 0, rp->status);
56e5cb86
JH		 1006
1007 hci_dev_unlock(hdev);
a5c29683
JH		 1008}
1009
1143d458
BG		 1010static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1011{
1012 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013
1014 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1015
1016 hci_dev_lock(hdev);
1017
a8b2d5c2 1018 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1019 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1020 0, rp->status);
1143d458
BG		 1021
1022 hci_dev_unlock(hdev);
1023}
1024
1025static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1027{
1028 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1029
1030 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1031
1032 hci_dev_lock(hdev);
1033
a8b2d5c2 1034 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1035 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1036 ACL_LINK, 0, rp->status);
1143d458
BG		 1037
1038 hci_dev_unlock(hdev);
1039}
1040
c35938b2
SJ		 1041static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1042 struct sk_buff *skb)
1043{
1044 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1045
1046 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1047
56e5cb86 1048 hci_dev_lock(hdev);
744cf19e 1049 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1050 rp->randomizer, rp->status);
56e5cb86 1051 hci_dev_unlock(hdev);
c35938b2
SJ		 1052}
1053
07f7fa5d
AG		 1054static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1055{
1056 __u8 status = *((__u8 *) skb->data);
1057
1058 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1059
1060 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1061
1062 if (status) {
1063 hci_dev_lock(hdev);
1064 mgmt_start_discovery_failed(hdev, status);
1065 hci_dev_unlock(hdev);
1066 return;
1067 }
07f7fa5d
AG		 1068}
1069
eb9d91f5
AG		 1070static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1071 struct sk_buff *skb)
1072{
1073 struct hci_cp_le_set_scan_enable *cp;
1074 __u8 status = *((__u8 *) skb->data);
1075
1076 BT_DBG("%s status 0x%x", hdev->name, status);
1077
eb9d91f5
AG		 1078 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1079 if (!cp)
1080 return;
1081
68a8aea4
AE		 1082 switch (cp->enable) {
1083 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1084 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1085
3fd24153
AG		 1086 if (status) {
1087 hci_dev_lock(hdev);
1088 mgmt_start_discovery_failed(hdev, status);
1089 hci_dev_unlock(hdev);
7ba8b4be 1090 return;
3fd24153 1091 }
7ba8b4be 1092
d23264a8
AG		 1093 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1094
db323f2f 1095 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1096
1097 hci_dev_lock(hdev);
eb9d91f5 1098 hci_adv_entries_clear(hdev);
343f935b 1099 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1100 hci_dev_unlock(hdev);
68a8aea4
AE		 1101 break;
1102
1103 case LE_SCANNING_DISABLED:
c9ecc48e
AG		 1104 if (status) {
1105 hci_dev_lock(hdev);
1106 mgmt_stop_discovery_failed(hdev, status);
1107 hci_dev_unlock(hdev);
7ba8b4be 1108 return;
c9ecc48e 1109 }
7ba8b4be 1110
d23264a8
AG		 1111 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1112
d084329e 1113 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0 1114
bc3dd33c
AG		 1115 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1116 hdev->discovery.state == DISCOVERY_FINDING) {
5e0452c0
AG		 1117 mgmt_interleaved_discovery(hdev);
1118 } else {
1119 hci_dev_lock(hdev);
1120 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1121 hci_dev_unlock(hdev);
1122 }
1123
68a8aea4
AE		 1124 break;
1125
1126 default:
1127 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1128 break;
35815085 1129 }
eb9d91f5
AG		 1130}
1131
a7a595f6
VCG		 1132static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1133{
1134 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1135
1136 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1137
1138 if (rp->status)
1139 return;
1140
1141 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1142}
1143
1144static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1145{
1146 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1147
1148 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1149
1150 if (rp->status)
1151 return;
1152
1153 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1154}
1155
f9b49306
AG		 1156static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1157 struct sk_buff *skb)
1158{
06199cf8 1159 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1160 __u8 status = *((__u8 *) skb->data);
1161
1162 BT_DBG("%s status 0x%x", hdev->name, status);
1163
06199cf8 1164 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1165 if (!sent)
f9b49306
AG		 1166 return;
1167
8f984dfa
JH		 1168 if (!status) {
1169 if (sent->le)
1170 hdev->host_features[0] |= LMP_HOST_LE;
1171 else
1172 hdev->host_features[0] &= ~LMP_HOST_LE;
1173 }
1174
1175 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1176 !test_bit(HCI_INIT, &hdev->flags))
1177 mgmt_le_enable_complete(hdev, sent->le, status);
1178
1179 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1180}
1181
a9de9248
MH		 1182static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1183{
1184 BT_DBG("%s status 0x%x", hdev->name, status);
1185
1186 if (status) {
23bb5763 1187 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1188 hci_conn_check_pending(hdev);
56e5cb86 1189 hci_dev_lock(hdev);
a8b2d5c2 1190 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1191 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1192 hci_dev_unlock(hdev);
314b2381
JH		 1193 return;
1194 }
1195
89352e7d
AG		 1196 set_bit(HCI_INQUIRY, &hdev->flags);
1197
56e5cb86 1198 hci_dev_lock(hdev);
343f935b 1199 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1200 hci_dev_unlock(hdev);
1da177e4
LT		 1201}
1202
1da177e4
LT		 1203static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1204{
a9de9248 1205 struct hci_cp_create_conn *cp;
1da177e4 1206 struct hci_conn *conn;
1da177e4 1207
a9de9248
MH		 1208 BT_DBG("%s status 0x%x", hdev->name, status);
1209
1210 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1211 if (!cp)
1212 return;
1213
1214 hci_dev_lock(hdev);
1215
1216 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1217
a9de9248 1218 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1219
1220 if (status) {
1221 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1222 if (status != 0x0c || conn->attempt > 2) {
1223 conn->state = BT_CLOSED;
1224 hci_proto_connect_cfm(conn, status);
1225 hci_conn_del(conn);
1226 } else
1227 conn->state = BT_CONNECT2;
1da177e4
LT		 1228 }
1229 } else {
1230 if (!conn) {
1231 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1232 if (conn) {
a0c808b3 1233 conn->out = true;
1da177e4
LT		 1234 conn->link_mode |= HCI_LM_MASTER;
1235 } else
893ef971 1236 BT_ERR("No memory for new connection");
1da177e4
LT		 1237 }
1238 }
1239
1240 hci_dev_unlock(hdev);
1241}
1242
a9de9248 1243static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1244{
a9de9248
MH		 1245 struct hci_cp_add_sco *cp;
1246 struct hci_conn *acl, *sco;
1247 __u16 handle;
1da177e4 1248
b6a0dc82
MH		 1249 BT_DBG("%s status 0x%x", hdev->name, status);
1250
a9de9248
MH		 1251 if (!status)
1252 return;
1da177e4 1253
a9de9248
MH		 1254 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1255 if (!cp)
1256 return;
1da177e4 1257
a9de9248 1258 handle = __le16_to_cpu(cp->handle);
1da177e4 1259
a9de9248 1260 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1261
a9de9248 1262 hci_dev_lock(hdev);
1da177e4 1263
a9de9248 1264 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1265 if (acl) {
1266 sco = acl->link;
1267 if (sco) {
1268 sco->state = BT_CLOSED;
1da177e4 1269
5a08ecce
AE		 1270 hci_proto_connect_cfm(sco, status);
1271 hci_conn_del(sco);
1272 }
a9de9248 1273 }
1da177e4 1274
a9de9248
MH		 1275 hci_dev_unlock(hdev);
1276}
1da177e4 1277
f8558555
MH		 1278static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1279{
1280 struct hci_cp_auth_requested *cp;
1281 struct hci_conn *conn;
1282
1283 BT_DBG("%s status 0x%x", hdev->name, status);
1284
1285 if (!status)
1286 return;
1287
1288 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1289 if (!cp)
1290 return;
1291
1292 hci_dev_lock(hdev);
1293
1294 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1295 if (conn) {
1296 if (conn->state == BT_CONFIG) {
1297 hci_proto_connect_cfm(conn, status);
1298 hci_conn_put(conn);
1299 }
1300 }
1301
1302 hci_dev_unlock(hdev);
1303}
1304
1305static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1306{
1307 struct hci_cp_set_conn_encrypt *cp;
1308 struct hci_conn *conn;
1309
1310 BT_DBG("%s status 0x%x", hdev->name, status);
1311
1312 if (!status)
1313 return;
1314
1315 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1316 if (!cp)
1317 return;
1318
1319 hci_dev_lock(hdev);
1320
1321 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1322 if (conn) {
1323 if (conn->state == BT_CONFIG) {
1324 hci_proto_connect_cfm(conn, status);
1325 hci_conn_put(conn);
1326 }
1327 }
1328
1329 hci_dev_unlock(hdev);
1330}
1331
127178d2 1332static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1333 struct hci_conn *conn)
392599b9 1334{
392599b9
JH		 1335 if (conn->state != BT_CONFIG || !conn->out)
1336 return 0;
1337
765c2a96 1338 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1339 return 0;
1340
1341 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1342 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1343 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1344 conn->pending_sec_level != BT_SECURITY_HIGH &&
1345 !(conn->auth_type & 0x01))
392599b9
JH		 1346 return 0;
1347
392599b9
JH		 1348 return 1;
1349}
1350
00abfe44 1351static inline int hci_resolve_name(struct hci_dev *hdev,
04124681 1352 struct inquiry_entry *e)
30dc78e1
JH		 1353{
1354 struct hci_cp_remote_name_req cp;
1355
1356 memset(&cp, 0, sizeof(cp));
1357
1358 bacpy(&cp.bdaddr, &e->data.bdaddr);
1359 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1360 cp.pscan_mode = e->data.pscan_mode;
1361 cp.clock_offset = e->data.clock_offset;
1362
1363 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1364}
1365
b644ba33 1366static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1367{
1368 struct discovery_state *discov = &hdev->discovery;
1369 struct inquiry_entry *e;
1370
b644ba33
JH		 1371 if (list_empty(&discov->resolve))
1372 return false;
1373
1374 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1375 if (hci_resolve_name(hdev, e) == 0) {
1376 e->name_state = NAME_PENDING;
1377 return true;
1378 }
1379
1380 return false;
1381}
1382
1383static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1384 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1385{
1386 struct discovery_state *discov = &hdev->discovery;
1387 struct inquiry_entry *e;
1388
1389 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1390 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1391 name_len, conn->dev_class);
b644ba33
JH		 1392
1393 if (discov->state == DISCOVERY_STOPPED)
1394 return;
1395
30dc78e1
JH		 1396 if (discov->state == DISCOVERY_STOPPING)
1397 goto discov_complete;
1398
1399 if (discov->state != DISCOVERY_RESOLVING)
1400 return;
1401
1402 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1403 if (e) {
1404 e->name_state = NAME_KNOWN;
1405 list_del(&e->list);
b644ba33
JH		 1406 if (name)
1407 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1408 e->data.rssi, name, name_len);
30dc78e1
JH		 1409 }
1410
b644ba33 1411 if (hci_resolve_next_name(hdev))
30dc78e1 1412 return;
30dc78e1
JH		 1413
1414discov_complete:
1415 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1416}
1417
a9de9248
MH		 1418static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1419{
127178d2
JH		 1420 struct hci_cp_remote_name_req *cp;
1421 struct hci_conn *conn;
1422
a9de9248 1423 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1424
1425 /* If successful wait for the name req complete event before
1426 * checking for the need to do authentication */
1427 if (!status)
1428 return;
1429
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1431 if (!cp)
1432 return;
1433
1434 hci_dev_lock(hdev);
1435
b644ba33
JH		 1436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1437
a8b2d5c2 1438 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1439 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1440
79c6c70c
JH		 1441 if (!conn)
1442 goto unlock;
1443
1444 if (!hci_outgoing_auth_needed(hdev, conn))
1445 goto unlock;
1446
51a8efd7 1447 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1448 struct hci_cp_auth_requested cp;
1449 cp.handle = __cpu_to_le16(conn->handle);
1450 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1451 }
1452
79c6c70c 1453unlock:
127178d2 1454 hci_dev_unlock(hdev);
a9de9248 1455}
1da177e4 1456
769be974
MH		 1457static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1458{
1459 struct hci_cp_read_remote_features *cp;
1460 struct hci_conn *conn;
1461
1462 BT_DBG("%s status 0x%x", hdev->name, status);
1463
1464 if (!status)
1465 return;
1466
1467 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1468 if (!cp)
1469 return;
1470
1471 hci_dev_lock(hdev);
1472
1473 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1474 if (conn) {
1475 if (conn->state == BT_CONFIG) {
769be974
MH		 1476 hci_proto_connect_cfm(conn, status);
1477 hci_conn_put(conn);
1478 }
1479 }
1480
1481 hci_dev_unlock(hdev);
1482}
1483
1484static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1485{
1486 struct hci_cp_read_remote_ext_features *cp;
1487 struct hci_conn *conn;
1488
1489 BT_DBG("%s status 0x%x", hdev->name, status);
1490
1491 if (!status)
1492 return;
1493
1494 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1495 if (!cp)
1496 return;
1497
1498 hci_dev_lock(hdev);
1499
1500 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1501 if (conn) {
1502 if (conn->state == BT_CONFIG) {
769be974
MH		 1503 hci_proto_connect_cfm(conn, status);
1504 hci_conn_put(conn);
1505 }
1506 }
1507
1508 hci_dev_unlock(hdev);
1509}
1510
a9de9248
MH		 1511static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1512{
b6a0dc82
MH		 1513 struct hci_cp_setup_sync_conn *cp;
1514 struct hci_conn *acl, *sco;
1515 __u16 handle;
1516
a9de9248 1517 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1518
1519 if (!status)
1520 return;
1521
1522 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1523 if (!cp)
1524 return;
1525
1526 handle = __le16_to_cpu(cp->handle);
1527
1528 BT_DBG("%s handle %d", hdev->name, handle);
1529
1530 hci_dev_lock(hdev);
1531
1532 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1533 if (acl) {
1534 sco = acl->link;
1535 if (sco) {
1536 sco->state = BT_CLOSED;
b6a0dc82 1537
5a08ecce
AE		 1538 hci_proto_connect_cfm(sco, status);
1539 hci_conn_del(sco);
1540 }
b6a0dc82
MH		 1541 }
1542
1543 hci_dev_unlock(hdev);
1da177e4
LT		 1544}
1545
a9de9248 1546static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1547{
a9de9248
MH		 1548 struct hci_cp_sniff_mode *cp;
1549 struct hci_conn *conn;
1da177e4 1550
a9de9248 1551 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1552
a9de9248
MH		 1553 if (!status)
1554 return;
04837f64 1555
a9de9248
MH		 1556 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1557 if (!cp)
1558 return;
04837f64 1559
a9de9248 1560 hci_dev_lock(hdev);
04837f64 1561
a9de9248 1562 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1563 if (conn) {
51a8efd7 1564 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1565
51a8efd7 1566 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1567 hci_sco_setup(conn, status);
1568 }
1569
a9de9248
MH		 1570 hci_dev_unlock(hdev);
1571}
04837f64 1572
a9de9248
MH		 1573static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1574{
1575 struct hci_cp_exit_sniff_mode *cp;
1576 struct hci_conn *conn;
04837f64 1577
a9de9248 1578 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1579
a9de9248
MH		 1580 if (!status)
1581 return;
04837f64 1582
a9de9248
MH		 1583 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1584 if (!cp)
1585 return;
04837f64 1586
a9de9248 1587 hci_dev_lock(hdev);
1da177e4 1588
a9de9248 1589 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1590 if (conn) {
51a8efd7 1591 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1592
51a8efd7 1593 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1594 hci_sco_setup(conn, status);
1595 }
1596
a9de9248 1597 hci_dev_unlock(hdev);
1da177e4
LT		 1598}
1599
88c3df13
JH		 1600static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1601{
1602 struct hci_cp_disconnect *cp;
1603 struct hci_conn *conn;
1604
1605 if (!status)
1606 return;
1607
1608 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1609 if (!cp)
1610 return;
1611
1612 hci_dev_lock(hdev);
1613
1614 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1615 if (conn)
1616 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1617 conn->dst_type, status);
88c3df13
JH		 1618
1619 hci_dev_unlock(hdev);
1620}
1621
fcd89c09
VT		 1622static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1623{
1624 struct hci_cp_le_create_conn *cp;
1625 struct hci_conn *conn;
1626
1627 BT_DBG("%s status 0x%x", hdev->name, status);
1628
1629 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1630 if (!cp)
1631 return;
1632
1633 hci_dev_lock(hdev);
1634
1635 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1636
1637 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1638 conn);
1639
1640 if (status) {
1641 if (conn && conn->state == BT_CONNECT) {
1642 conn->state = BT_CLOSED;
1643 hci_proto_connect_cfm(conn, status);
1644 hci_conn_del(conn);
1645 }
1646 } else {
1647 if (!conn) {
1648 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1649 if (conn) {
1650 conn->dst_type = cp->peer_addr_type;
a0c808b3 1651 conn->out = true;
29b7988a 1652 } else {
fcd89c09 1653 BT_ERR("No memory for new connection");
29b7988a 1654 }
fcd89c09
VT		 1655 }
1656 }
1657
1658 hci_dev_unlock(hdev);
1659}
1660
a7a595f6
VCG		 1661static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1662{
1663 BT_DBG("%s status 0x%x", hdev->name, status);
1664}
1665
1da177e4
LT		 1666static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1667{
1668 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1669 struct discovery_state *discov = &hdev->discovery;
1670 struct inquiry_entry *e;
1da177e4
LT		 1671
1672 BT_DBG("%s status %d", hdev->name, status);
1673
23bb5763 1674 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1675
a9de9248 1676 hci_conn_check_pending(hdev);
89352e7d
AG		 1677
1678 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1679 return;
1680
a8b2d5c2 1681 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1682 return;
1683
56e5cb86 1684 hci_dev_lock(hdev);
30dc78e1 1685
343f935b 1686 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1687 goto unlock;
1688
1689 if (list_empty(&discov->resolve)) {
1690 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1691 goto unlock;
1692 }
1693
1694 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1695 if (e && hci_resolve_name(hdev, e) == 0) {
1696 e->name_state = NAME_PENDING;
1697 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1698 } else {
1699 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1700 }
1701
1702unlock:
56e5cb86 1703 hci_dev_unlock(hdev);
1da177e4
LT		 1704}
1705
1da177e4
LT		 1706static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1707{
45bb4bf0 1708 struct inquiry_data data;
a9de9248 1709 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1710 int num_rsp = *((__u8 *) skb->data);
1711
1712 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1713
45bb4bf0
MH		 1714 if (!num_rsp)
1715 return;
1716
1da177e4 1717 hci_dev_lock(hdev);
45bb4bf0 1718
e17acd40 1719 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1720 bool name_known, ssp;
3175405b 1721
1da177e4
LT		 1722 bacpy(&data.bdaddr, &info->bdaddr);
1723 data.pscan_rep_mode = info->pscan_rep_mode;
1724 data.pscan_period_mode = info->pscan_period_mode;
1725 data.pscan_mode = info->pscan_mode;
1726 memcpy(data.dev_class, info->dev_class, 3);
1727 data.clock_offset = info->clock_offset;
1728 data.rssi = 0x00;
41a96212 1729 data.ssp_mode = 0x00;
3175405b 1730
388fc8fa 1731 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1732 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1733 info->dev_class, 0, !name_known, ssp, NULL,
1734 0);
1da177e4 1735 }
45bb4bf0 1736
1da177e4
LT		 1737 hci_dev_unlock(hdev);
1738}
1739
1da177e4
LT		 1740static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1741{
a9de9248
MH		 1742 struct hci_ev_conn_complete *ev = (void *) skb->data;
1743 struct hci_conn *conn;
1da177e4
LT		 1744
1745 BT_DBG("%s", hdev->name);
1746
1747 hci_dev_lock(hdev);
1748
1749 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1750 if (!conn) {
1751 if (ev->link_type != SCO_LINK)
1752 goto unlock;
1753
1754 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1755 if (!conn)
1756 goto unlock;
1757
1758 conn->type = SCO_LINK;
1759 }
1da177e4
LT		 1760
1761 if (!ev->status) {
1762 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1763
1764 if (conn->type == ACL_LINK) {
1765 conn->state = BT_CONFIG;
1766 hci_conn_hold(conn);
052b30b0 1767 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1768 } else
1769 conn->state = BT_CONNECTED;
1da177e4 1770
9eba32b8 1771 hci_conn_hold_device(conn);
7d0db0a3
MH		 1772 hci_conn_add_sysfs(conn);
1773
1da177e4
LT		 1774 if (test_bit(HCI_AUTH, &hdev->flags))
1775 conn->link_mode |= HCI_LM_AUTH;
1776
1777 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1778 conn->link_mode |= HCI_LM_ENCRYPT;
1779
04837f64
MH		 1780 /* Get remote features */
1781 if (conn->type == ACL_LINK) {
1782 struct hci_cp_read_remote_features cp;
1783 cp.handle = ev->handle;
769be974 1784 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1785 sizeof(cp), &cp);
04837f64
MH		 1786 }
1787
1da177e4 1788 /* Set packet type for incoming connection */
d095c1eb 1789 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1790 struct hci_cp_change_conn_ptype cp;
1791 cp.handle = ev->handle;
a8746417 1792 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1793 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1794 &cp);
1da177e4 1795 }
17d5c04c 1796 } else {
1da177e4 1797 conn->state = BT_CLOSED;
17d5c04c 1798 if (conn->type == ACL_LINK)
744cf19e 1799 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1800 conn->dst_type, ev->status);
17d5c04c 1801 }
1da177e4 1802
e73439d8
MH		 1803 if (conn->type == ACL_LINK)
1804 hci_sco_setup(conn, ev->status);
1da177e4 1805
769be974
MH		 1806 if (ev->status) {
1807 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1808 hci_conn_del(conn);
c89b6e6b
MH		 1809 } else if (ev->link_type != ACL_LINK)
1810 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1811
a9de9248 1812unlock:
1da177e4 1813 hci_dev_unlock(hdev);
1da177e4 1814
a9de9248 1815 hci_conn_check_pending(hdev);
1da177e4
LT		 1816}
1817
a9de9248 1818static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1819{
a9de9248
MH		 1820 struct hci_ev_conn_request *ev = (void *) skb->data;
1821 int mask = hdev->link_mode;
1da177e4 1822
a9de9248
MH		 1823 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1824 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1825
a9de9248 1826 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1827
138d22ef
SJ		 1828 if ((mask & HCI_LM_ACCEPT) &&
1829 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1830 /* Connection accepted */
c7bdd502 1831 struct inquiry_entry *ie;
1da177e4 1832 struct hci_conn *conn;
1da177e4 1833
a9de9248 1834 hci_dev_lock(hdev);
b6a0dc82 1835
cc11b9c1
AE		 1836 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1837 if (ie)
c7bdd502
MH		 1838 memcpy(ie->data.dev_class, ev->dev_class, 3);
1839
a9de9248
MH		 1840 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1841 if (!conn) {
cc11b9c1
AE		 1842 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1843 if (!conn) {
893ef971 1844 BT_ERR("No memory for new connection");
a9de9248
MH		 1845 hci_dev_unlock(hdev);
1846 return;
1da177e4
LT		 1847 }
1848 }
b6a0dc82 1849
a9de9248
MH		 1850 memcpy(conn->dev_class, ev->dev_class, 3);
1851 conn->state = BT_CONNECT;
b6a0dc82 1852
a9de9248 1853 hci_dev_unlock(hdev);
1da177e4 1854
b6a0dc82
MH		 1855 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1856 struct hci_cp_accept_conn_req cp;
1da177e4 1857
b6a0dc82
MH		 1858 bacpy(&cp.bdaddr, &ev->bdaddr);
1859
1860 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1861 cp.role = 0x00; /* Become master */
1862 else
1863 cp.role = 0x01; /* Remain slave */
1864
04124681
GP		 1865 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1866 &cp);
b6a0dc82
MH		 1867 } else {
1868 struct hci_cp_accept_sync_conn_req cp;
1869
1870 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1871 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1872
1873 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1874 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1875 cp.max_latency = cpu_to_le16(0xffff);
1876 cp.content_format = cpu_to_le16(hdev->voice_setting);
1877 cp.retrans_effort = 0xff;
1da177e4 1878
b6a0dc82 1879 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1880 sizeof(cp), &cp);
b6a0dc82 1881 }
a9de9248
MH		 1882 } else {
1883 /* Connection rejected */
1884 struct hci_cp_reject_conn_req cp;
1da177e4 1885
a9de9248 1886 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1887 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1888 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1889 }
1da177e4
LT		 1890}
1891
a9de9248 1892static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1893{
a9de9248 1894 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1895 struct hci_conn *conn;
1896
1897 BT_DBG("%s status %d", hdev->name, ev->status);
1898
1899 hci_dev_lock(hdev);
1900
1901 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1902 if (!conn)
1903 goto unlock;
7d0db0a3 1904
37d9ef76
JH		 1905 if (ev->status == 0)
1906 conn->state = BT_CLOSED;
04837f64 1907
b644ba33
JH		 1908 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1909 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1910 if (ev->status != 0)
88c3df13
JH		 1911 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1912 conn->dst_type, ev->status);
37d9ef76 1913 else
afc747a6 1914 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1915 conn->dst_type);
37d9ef76 1916 }
f7520543 1917
37d9ef76 1918 if (ev->status == 0) {
6ec5bcad
VA		 1919 if (conn->type == ACL_LINK && conn->flush_key)
1920 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1921 hci_proto_disconn_cfm(conn, ev->reason);
1922 hci_conn_del(conn);
1923 }
f7520543
JH		 1924
1925unlock:
04837f64
MH		 1926 hci_dev_unlock(hdev);
1927}
1928
1da177e4
LT		 1929static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930{
a9de9248 1931 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1932 struct hci_conn *conn;
1da177e4
LT		 1933
1934 BT_DBG("%s status %d", hdev->name, ev->status);
1935
1936 hci_dev_lock(hdev);
1937
04837f64 1938 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1939 if (!conn)
1940 goto unlock;
1941
1942 if (!ev->status) {
aa64a8b5
JH		 1943 if (!hci_conn_ssp_enabled(conn) &&
1944 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1945 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1946 } else {
d7556e20
WR		 1947 conn->link_mode |= HCI_LM_AUTH;
1948 conn->sec_level = conn->pending_sec_level;
2a611692 1949 }
d7556e20 1950 } else {
bab73cb6 1951 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1952 ev->status);
d7556e20 1953 }
1da177e4 1954
51a8efd7
JH		 1955 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1956 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1957
d7556e20 1958 if (conn->state == BT_CONFIG) {
aa64a8b5 1959 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1960 struct hci_cp_set_conn_encrypt cp;
1961 cp.handle = ev->handle;
1962 cp.encrypt = 0x01;
1963 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1964 &cp);
052b30b0 1965 } else {
d7556e20
WR		 1966 conn->state = BT_CONNECTED;
1967 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1968 hci_conn_put(conn);
1969 }
d7556e20
WR		 1970 } else {
1971 hci_auth_cfm(conn, ev->status);
052b30b0 1972
d7556e20
WR		 1973 hci_conn_hold(conn);
1974 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1975 hci_conn_put(conn);
1976 }
1977
51a8efd7 1978 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1979 if (!ev->status) {
1980 struct hci_cp_set_conn_encrypt cp;
1981 cp.handle = ev->handle;
1982 cp.encrypt = 0x01;
1983 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1984 &cp);
1985 } else {
51a8efd7 1986 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1987 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1988 }
1989 }
1990
d7556e20 1991unlock:
1da177e4
LT		 1992 hci_dev_unlock(hdev);
1993}
1994
a9de9248 1995static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1996{
127178d2
JH		 1997 struct hci_ev_remote_name *ev = (void *) skb->data;
1998 struct hci_conn *conn;
1999
a9de9248 2000 BT_DBG("%s", hdev->name);
1da177e4 2001
a9de9248 2002 hci_conn_check_pending(hdev);
127178d2
JH		 2003
2004 hci_dev_lock(hdev);
2005
b644ba33 2006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2007
b644ba33
JH		 2008 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2009 goto check_auth;
a88a9652 2010
b644ba33
JH		 2011 if (ev->status == 0)
2012 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2013 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2014 else
2015 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2016
2017check_auth:
79c6c70c
JH		 2018 if (!conn)
2019 goto unlock;
2020
2021 if (!hci_outgoing_auth_needed(hdev, conn))
2022 goto unlock;
2023
51a8efd7 2024 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2025 struct hci_cp_auth_requested cp;
2026 cp.handle = __cpu_to_le16(conn->handle);
2027 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2028 }
2029
79c6c70c 2030unlock:
127178d2 2031 hci_dev_unlock(hdev);
a9de9248
MH		 2032}
2033
2034static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2035{
2036 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2037 struct hci_conn *conn;
2038
2039 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2040
2041 hci_dev_lock(hdev);
2042
04837f64 2043 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2044 if (conn) {
2045 if (!ev->status) {
ae293196
MH		 2046 if (ev->encrypt) {
2047 /* Encryption implies authentication */
2048 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2049 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2050 conn->sec_level = conn->pending_sec_level;
ae293196 2051 } else
1da177e4
LT		 2052 conn->link_mode &= ~HCI_LM_ENCRYPT;
2053 }
2054
51a8efd7 2055 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2056
f8558555
MH		 2057 if (conn->state == BT_CONFIG) {
2058 if (!ev->status)
2059 conn->state = BT_CONNECTED;
2060
2061 hci_proto_connect_cfm(conn, ev->status);
2062 hci_conn_put(conn);
2063 } else
2064 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2065 }
2066
2067 hci_dev_unlock(hdev);
2068}
2069
a9de9248 2070static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2071{
a9de9248 2072 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2073 struct hci_conn *conn;
1da177e4
LT		 2074
2075 BT_DBG("%s status %d", hdev->name, ev->status);
2076
2077 hci_dev_lock(hdev);
2078
04837f64 2079 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2080 if (conn) {
2081 if (!ev->status)
2082 conn->link_mode |= HCI_LM_SECURE;
2083
51a8efd7 2084 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2085
2086 hci_key_change_cfm(conn, ev->status);
2087 }
2088
2089 hci_dev_unlock(hdev);
2090}
2091
a9de9248 2092static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2093{
a9de9248
MH		 2094 struct hci_ev_remote_features *ev = (void *) skb->data;
2095 struct hci_conn *conn;
2096
2097 BT_DBG("%s status %d", hdev->name, ev->status);
2098
a9de9248
MH		 2099 hci_dev_lock(hdev);
2100
2101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2102 if (!conn)
2103 goto unlock;
769be974 2104
ccd556fe
JH		 2105 if (!ev->status)
2106 memcpy(conn->features, ev->features, 8);
2107
2108 if (conn->state != BT_CONFIG)
2109 goto unlock;
2110
2111 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2112 struct hci_cp_read_remote_ext_features cp;
2113 cp.handle = ev->handle;
2114 cp.page = 0x01;
2115 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2116 sizeof(cp), &cp);
392599b9
JH		 2117 goto unlock;
2118 }
2119
127178d2
JH		 2120 if (!ev->status) {
2121 struct hci_cp_remote_name_req cp;
2122 memset(&cp, 0, sizeof(cp));
2123 bacpy(&cp.bdaddr, &conn->dst);
2124 cp.pscan_rep_mode = 0x02;
2125 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2126 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2127 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2128 conn->dst_type, 0, NULL, 0,
2129 conn->dev_class);
392599b9 2130
127178d2 2131 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2132 conn->state = BT_CONNECTED;
2133 hci_proto_connect_cfm(conn, ev->status);
2134 hci_conn_put(conn);
769be974 2135 }
a9de9248 2136
ccd556fe 2137unlock:
a9de9248 2138 hci_dev_unlock(hdev);
1da177e4
LT		 2139}
2140
a9de9248 2141static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2142{
a9de9248 2143 BT_DBG("%s", hdev->name);
1da177e4
LT		 2144}
2145
a9de9248 2146static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2147{
a9de9248 2148 BT_DBG("%s", hdev->name);
1da177e4
LT		 2149}
2150
a9de9248
MH		 2151static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2152{
2153 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2154 __u16 opcode;
2155
2156 skb_pull(skb, sizeof(*ev));
2157
2158 opcode = __le16_to_cpu(ev->opcode);
2159
2160 switch (opcode) {
2161 case HCI_OP_INQUIRY_CANCEL:
2162 hci_cc_inquiry_cancel(hdev, skb);
2163 break;
2164
4d93483b
AG		 2165 case HCI_OP_PERIODIC_INQ:
2166 hci_cc_periodic_inq(hdev, skb);
2167 break;
2168
a9de9248
MH		 2169 case HCI_OP_EXIT_PERIODIC_INQ:
2170 hci_cc_exit_periodic_inq(hdev, skb);
2171 break;
2172
2173 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2174 hci_cc_remote_name_req_cancel(hdev, skb);
2175 break;
2176
2177 case HCI_OP_ROLE_DISCOVERY:
2178 hci_cc_role_discovery(hdev, skb);
2179 break;
2180
e4e8e37c
MH		 2181 case HCI_OP_READ_LINK_POLICY:
2182 hci_cc_read_link_policy(hdev, skb);
2183 break;
2184
a9de9248
MH		 2185 case HCI_OP_WRITE_LINK_POLICY:
2186 hci_cc_write_link_policy(hdev, skb);
2187 break;
2188
e4e8e37c
MH		 2189 case HCI_OP_READ_DEF_LINK_POLICY:
2190 hci_cc_read_def_link_policy(hdev, skb);
2191 break;
2192
2193 case HCI_OP_WRITE_DEF_LINK_POLICY:
2194 hci_cc_write_def_link_policy(hdev, skb);
2195 break;
2196
a9de9248
MH		 2197 case HCI_OP_RESET:
2198 hci_cc_reset(hdev, skb);
2199 break;
2200
2201 case HCI_OP_WRITE_LOCAL_NAME:
2202 hci_cc_write_local_name(hdev, skb);
2203 break;
2204
2205 case HCI_OP_READ_LOCAL_NAME:
2206 hci_cc_read_local_name(hdev, skb);
2207 break;
2208
2209 case HCI_OP_WRITE_AUTH_ENABLE:
2210 hci_cc_write_auth_enable(hdev, skb);
2211 break;
2212
2213 case HCI_OP_WRITE_ENCRYPT_MODE:
2214 hci_cc_write_encrypt_mode(hdev, skb);
2215 break;
2216
2217 case HCI_OP_WRITE_SCAN_ENABLE:
2218 hci_cc_write_scan_enable(hdev, skb);
2219 break;
2220
2221 case HCI_OP_READ_CLASS_OF_DEV:
2222 hci_cc_read_class_of_dev(hdev, skb);
2223 break;
2224
2225 case HCI_OP_WRITE_CLASS_OF_DEV:
2226 hci_cc_write_class_of_dev(hdev, skb);
2227 break;
2228
2229 case HCI_OP_READ_VOICE_SETTING:
2230 hci_cc_read_voice_setting(hdev, skb);
2231 break;
2232
2233 case HCI_OP_WRITE_VOICE_SETTING:
2234 hci_cc_write_voice_setting(hdev, skb);
2235 break;
2236
2237 case HCI_OP_HOST_BUFFER_SIZE:
2238 hci_cc_host_buffer_size(hdev, skb);
2239 break;
2240
333140b5
MH		 2241 case HCI_OP_WRITE_SSP_MODE:
2242 hci_cc_write_ssp_mode(hdev, skb);
2243 break;
2244
a9de9248
MH		 2245 case HCI_OP_READ_LOCAL_VERSION:
2246 hci_cc_read_local_version(hdev, skb);
2247 break;
2248
2249 case HCI_OP_READ_LOCAL_COMMANDS:
2250 hci_cc_read_local_commands(hdev, skb);
2251 break;
2252
2253 case HCI_OP_READ_LOCAL_FEATURES:
2254 hci_cc_read_local_features(hdev, skb);
2255 break;
2256
971e3a4b
AG		 2257 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2258 hci_cc_read_local_ext_features(hdev, skb);
2259 break;
2260
a9de9248
MH		 2261 case HCI_OP_READ_BUFFER_SIZE:
2262 hci_cc_read_buffer_size(hdev, skb);
2263 break;
2264
2265 case HCI_OP_READ_BD_ADDR:
2266 hci_cc_read_bd_addr(hdev, skb);
2267 break;
2268
350ee4cf
AE		 2269 case HCI_OP_READ_DATA_BLOCK_SIZE:
2270 hci_cc_read_data_block_size(hdev, skb);
2271 break;
2272
23bb5763
JH		 2273 case HCI_OP_WRITE_CA_TIMEOUT:
2274 hci_cc_write_ca_timeout(hdev, skb);
2275 break;
2276
1e89cffb
AE		 2277 case HCI_OP_READ_FLOW_CONTROL_MODE:
2278 hci_cc_read_flow_control_mode(hdev, skb);
2279 break;
2280
928abaa7
AE		 2281 case HCI_OP_READ_LOCAL_AMP_INFO:
2282 hci_cc_read_local_amp_info(hdev, skb);
2283 break;
2284
b0916ea0
JH		 2285 case HCI_OP_DELETE_STORED_LINK_KEY:
2286 hci_cc_delete_stored_link_key(hdev, skb);
2287 break;
2288
d5859e22
JH		 2289 case HCI_OP_SET_EVENT_MASK:
2290 hci_cc_set_event_mask(hdev, skb);
2291 break;
2292
2293 case HCI_OP_WRITE_INQUIRY_MODE:
2294 hci_cc_write_inquiry_mode(hdev, skb);
2295 break;
2296
2297 case HCI_OP_READ_INQ_RSP_TX_POWER:
2298 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2299 break;
2300
2301 case HCI_OP_SET_EVENT_FLT:
2302 hci_cc_set_event_flt(hdev, skb);
2303 break;
2304
980e1a53
JH		 2305 case HCI_OP_PIN_CODE_REPLY:
2306 hci_cc_pin_code_reply(hdev, skb);
2307 break;
2308
2309 case HCI_OP_PIN_CODE_NEG_REPLY:
2310 hci_cc_pin_code_neg_reply(hdev, skb);
2311 break;
2312
c35938b2
SJ		 2313 case HCI_OP_READ_LOCAL_OOB_DATA:
2314 hci_cc_read_local_oob_data_reply(hdev, skb);
2315 break;
2316
6ed58ec5
VT		 2317 case HCI_OP_LE_READ_BUFFER_SIZE:
2318 hci_cc_le_read_buffer_size(hdev, skb);
2319 break;
2320
a5c29683
JH		 2321 case HCI_OP_USER_CONFIRM_REPLY:
2322 hci_cc_user_confirm_reply(hdev, skb);
2323 break;
2324
2325 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2326 hci_cc_user_confirm_neg_reply(hdev, skb);
2327 break;
2328
1143d458
BG		 2329 case HCI_OP_USER_PASSKEY_REPLY:
2330 hci_cc_user_passkey_reply(hdev, skb);
2331 break;
2332
2333 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2334 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2335 break;
07f7fa5d
AG		 2336
2337 case HCI_OP_LE_SET_SCAN_PARAM:
2338 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2339 break;
2340
eb9d91f5
AG		 2341 case HCI_OP_LE_SET_SCAN_ENABLE:
2342 hci_cc_le_set_scan_enable(hdev, skb);
2343 break;
2344
a7a595f6
VCG		 2345 case HCI_OP_LE_LTK_REPLY:
2346 hci_cc_le_ltk_reply(hdev, skb);
2347 break;
2348
2349 case HCI_OP_LE_LTK_NEG_REPLY:
2350 hci_cc_le_ltk_neg_reply(hdev, skb);
2351 break;
2352
f9b49306
AG		 2353 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2354 hci_cc_write_le_host_supported(hdev, skb);
2355 break;
2356
a9de9248
MH		 2357 default:
2358 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2359 break;
2360 }
2361
6bd32326
VT		 2362 if (ev->opcode != HCI_OP_NOP)
2363 del_timer(&hdev->cmd_timer);
2364
a9de9248
MH		 2365 if (ev->ncmd) {
2366 atomic_set(&hdev->cmd_cnt, 1);
2367 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2368 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2369 }
2370}
2371
2372static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2373{
2374 struct hci_ev_cmd_status *ev = (void *) skb->data;
2375 __u16 opcode;
2376
2377 skb_pull(skb, sizeof(*ev));
2378
2379 opcode = __le16_to_cpu(ev->opcode);
2380
2381 switch (opcode) {
2382 case HCI_OP_INQUIRY:
2383 hci_cs_inquiry(hdev, ev->status);
2384 break;
2385
2386 case HCI_OP_CREATE_CONN:
2387 hci_cs_create_conn(hdev, ev->status);
2388 break;
2389
2390 case HCI_OP_ADD_SCO:
2391 hci_cs_add_sco(hdev, ev->status);
2392 break;
2393
f8558555
MH		 2394 case HCI_OP_AUTH_REQUESTED:
2395 hci_cs_auth_requested(hdev, ev->status);
2396 break;
2397
2398 case HCI_OP_SET_CONN_ENCRYPT:
2399 hci_cs_set_conn_encrypt(hdev, ev->status);
2400 break;
2401
a9de9248
MH		 2402 case HCI_OP_REMOTE_NAME_REQ:
2403 hci_cs_remote_name_req(hdev, ev->status);
2404 break;
2405
769be974
MH		 2406 case HCI_OP_READ_REMOTE_FEATURES:
2407 hci_cs_read_remote_features(hdev, ev->status);
2408 break;
2409
2410 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2411 hci_cs_read_remote_ext_features(hdev, ev->status);
2412 break;
2413
a9de9248
MH		 2414 case HCI_OP_SETUP_SYNC_CONN:
2415 hci_cs_setup_sync_conn(hdev, ev->status);
2416 break;
2417
2418 case HCI_OP_SNIFF_MODE:
2419 hci_cs_sniff_mode(hdev, ev->status);
2420 break;
2421
2422 case HCI_OP_EXIT_SNIFF_MODE:
2423 hci_cs_exit_sniff_mode(hdev, ev->status);
2424 break;
2425
8962ee74 2426 case HCI_OP_DISCONNECT:
88c3df13 2427 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2428 break;
2429
fcd89c09
VT		 2430 case HCI_OP_LE_CREATE_CONN:
2431 hci_cs_le_create_conn(hdev, ev->status);
2432 break;
2433
a7a595f6
VCG		 2434 case HCI_OP_LE_START_ENC:
2435 hci_cs_le_start_enc(hdev, ev->status);
2436 break;
2437
a9de9248
MH		 2438 default:
2439 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2440 break;
2441 }
2442
6bd32326
VT		 2443 if (ev->opcode != HCI_OP_NOP)
2444 del_timer(&hdev->cmd_timer);
2445
10572132 2446 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2447 atomic_set(&hdev->cmd_cnt, 1);
2448 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2449 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2450 }
2451}
2452
2453static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2454{
2455 struct hci_ev_role_change *ev = (void *) skb->data;
2456 struct hci_conn *conn;
2457
2458 BT_DBG("%s status %d", hdev->name, ev->status);
2459
2460 hci_dev_lock(hdev);
2461
2462 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2463 if (conn) {
2464 if (!ev->status) {
2465 if (ev->role)
2466 conn->link_mode &= ~HCI_LM_MASTER;
2467 else
2468 conn->link_mode |= HCI_LM_MASTER;
2469 }
2470
51a8efd7 2471 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2472
2473 hci_role_switch_cfm(conn, ev->status, ev->role);
2474 }
2475
2476 hci_dev_unlock(hdev);
2477}
2478
2479static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2480{
2481 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2482 int i;
2483
32ac5b9b
AE		 2484 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2485 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2486 return;
2487 }
2488
c5993de8
AE		 2489 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2490 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2491 BT_DBG("%s bad parameters", hdev->name);
2492 return;
2493 }
2494
c5993de8
AE		 2495 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2496
613a1c0c
AE		 2497 for (i = 0; i < ev->num_hndl; i++) {
2498 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2499 struct hci_conn *conn;
2500 __u16 handle, count;
2501
613a1c0c
AE		 2502 handle = __le16_to_cpu(info->handle);
2503 count = __le16_to_cpu(info->count);
a9de9248
MH		 2504
2505 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2506 if (!conn)
2507 continue;
2508
2509 conn->sent -= count;
2510
2511 switch (conn->type) {
2512 case ACL_LINK:
2513 hdev->acl_cnt += count;
2514 if (hdev->acl_cnt > hdev->acl_pkts)
2515 hdev->acl_cnt = hdev->acl_pkts;
2516 break;
2517
2518 case LE_LINK:
2519 if (hdev->le_pkts) {
2520 hdev->le_cnt += count;
2521 if (hdev->le_cnt > hdev->le_pkts)
2522 hdev->le_cnt = hdev->le_pkts;
2523 } else {
70f23020
AE		 2524 hdev->acl_cnt += count;
2525 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2526 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2527 }
f4280918
AE		 2528 break;
2529
2530 case SCO_LINK:
2531 hdev->sco_cnt += count;
2532 if (hdev->sco_cnt > hdev->sco_pkts)
2533 hdev->sco_cnt = hdev->sco_pkts;
2534 break;
2535
2536 default:
2537 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2538 break;
a9de9248
MH		 2539 }
2540 }
2541
3eff45ea 2542 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2543}
2544
25e89e99 2545static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
04124681 2546 struct sk_buff *skb)
25e89e99
AE		 2547{
2548 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2549 int i;
2550
2551 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2552 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2553 return;
2554 }
2555
2556 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2557 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2558 BT_DBG("%s bad parameters", hdev->name);
2559 return;
2560 }
2561
2562 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2563 ev->num_hndl);
2564
2565 for (i = 0; i < ev->num_hndl; i++) {
2566 struct hci_comp_blocks_info *info = &ev->handles[i];
2567 struct hci_conn *conn;
2568 __u16 handle, block_count;
2569
2570 handle = __le16_to_cpu(info->handle);
2571 block_count = __le16_to_cpu(info->blocks);
2572
2573 conn = hci_conn_hash_lookup_handle(hdev, handle);
2574 if (!conn)
2575 continue;
2576
2577 conn->sent -= block_count;
2578
2579 switch (conn->type) {
2580 case ACL_LINK:
2581 hdev->block_cnt += block_count;
2582 if (hdev->block_cnt > hdev->num_blocks)
2583 hdev->block_cnt = hdev->num_blocks;
2584 break;
2585
2586 default:
2587 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2588 break;
2589 }
2590 }
2591
2592 queue_work(hdev->workqueue, &hdev->tx_work);
2593}
2594
a9de9248 2595static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2596{
a9de9248 2597 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2598 struct hci_conn *conn;
2599
2600 BT_DBG("%s status %d", hdev->name, ev->status);
2601
2602 hci_dev_lock(hdev);
2603
2604 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2605 if (conn) {
2606 conn->mode = ev->mode;
2607 conn->interval = __le16_to_cpu(ev->interval);
2608
51a8efd7 2609 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2610 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2611 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2612 else
58a681ef 2613 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2614 }
e73439d8 2615
51a8efd7 2616 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2617 hci_sco_setup(conn, ev->status);
04837f64
MH		 2618 }
2619
2620 hci_dev_unlock(hdev);
2621}
2622
a9de9248
MH		 2623static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2624{
052b30b0
MH		 2625 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2626 struct hci_conn *conn;
2627
a9de9248 2628 BT_DBG("%s", hdev->name);
052b30b0
MH		 2629
2630 hci_dev_lock(hdev);
2631
2632 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2633 if (!conn)
2634 goto unlock;
2635
2636 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2637 hci_conn_hold(conn);
2638 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2639 hci_conn_put(conn);
2640 }
2641
a8b2d5c2 2642 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2643 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2644 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2645 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2646 u8 secure;
2647
2648 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2649 secure = 1;
2650 else
2651 secure = 0;
2652
744cf19e 2653 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2654 }
980e1a53 2655
b6f98044 2656unlock:
052b30b0 2657 hci_dev_unlock(hdev);
a9de9248
MH		 2658}
2659
2660static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2661{
55ed8ca1
JH		 2662 struct hci_ev_link_key_req *ev = (void *) skb->data;
2663 struct hci_cp_link_key_reply cp;
2664 struct hci_conn *conn;
2665 struct link_key *key;
2666
a9de9248 2667 BT_DBG("%s", hdev->name);
55ed8ca1 2668
a8b2d5c2 2669 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2670 return;
2671
2672 hci_dev_lock(hdev);
2673
2674 key = hci_find_link_key(hdev, &ev->bdaddr);
2675 if (!key) {
2676 BT_DBG("%s link key not found for %s", hdev->name,
2677 batostr(&ev->bdaddr));
2678 goto not_found;
2679 }
2680
2681 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2682 batostr(&ev->bdaddr));
2683
a8b2d5c2 2684 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2685 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2686 BT_DBG("%s ignoring debug key", hdev->name);
2687 goto not_found;
2688 }
2689
2690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2691 if (conn) {
2692 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2693 conn->auth_type != 0xff &&
2694 (conn->auth_type & 0x01)) {
2695 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2696 goto not_found;
2697 }
55ed8ca1 2698
60b83f57
WR		 2699 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2700 conn->pending_sec_level == BT_SECURITY_HIGH) {
2701 BT_DBG("%s ignoring key unauthenticated for high \
2702 security", hdev->name);
2703 goto not_found;
2704 }
2705
2706 conn->key_type = key->type;
2707 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2708 }
2709
2710 bacpy(&cp.bdaddr, &ev->bdaddr);
2711 memcpy(cp.link_key, key->val, 16);
2712
2713 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2714
2715 hci_dev_unlock(hdev);
2716
2717 return;
2718
2719not_found:
2720 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2721 hci_dev_unlock(hdev);
a9de9248
MH		 2722}
2723
2724static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2725{
052b30b0
MH		 2726 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2727 struct hci_conn *conn;
55ed8ca1 2728 u8 pin_len = 0;
052b30b0 2729
a9de9248 2730 BT_DBG("%s", hdev->name);
052b30b0
MH		 2731
2732 hci_dev_lock(hdev);
2733
2734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2735 if (conn) {
2736 hci_conn_hold(conn);
2737 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2738 pin_len = conn->pin_length;
13d39315
WR		 2739
2740 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2741 conn->key_type = ev->key_type;
2742
052b30b0
MH		 2743 hci_conn_put(conn);
2744 }
2745
a8b2d5c2 2746 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2747 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2748 ev->key_type, pin_len);
2749
052b30b0 2750 hci_dev_unlock(hdev);
a9de9248
MH		 2751}
2752
1da177e4
LT		 2753static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2754{
a9de9248 2755 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2756 struct hci_conn *conn;
1da177e4
LT		 2757
2758 BT_DBG("%s status %d", hdev->name, ev->status);
2759
2760 hci_dev_lock(hdev);
2761
04837f64 2762 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2763 if (conn && !ev->status) {
2764 struct inquiry_entry *ie;
2765
cc11b9c1
AE		 2766 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2767 if (ie) {
1da177e4
LT		 2768 ie->data.clock_offset = ev->clock_offset;
2769 ie->timestamp = jiffies;
2770 }
2771 }
2772
2773 hci_dev_unlock(hdev);
2774}
2775
a8746417
MH		 2776static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2777{
2778 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2779 struct hci_conn *conn;
2780
2781 BT_DBG("%s status %d", hdev->name, ev->status);
2782
2783 hci_dev_lock(hdev);
2784
2785 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2786 if (conn && !ev->status)
2787 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2788
2789 hci_dev_unlock(hdev);
2790}
2791
85a1e930
MH		 2792static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2793{
a9de9248 2794 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2795 struct inquiry_entry *ie;
2796
2797 BT_DBG("%s", hdev->name);
2798
2799 hci_dev_lock(hdev);
2800
cc11b9c1
AE		 2801 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2802 if (ie) {
85a1e930
MH		 2803 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2804 ie->timestamp = jiffies;
2805 }
2806
2807 hci_dev_unlock(hdev);
2808}
2809
a9de9248
MH		 2810static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2811{
2812 struct inquiry_data data;
2813 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2814 bool name_known, ssp;
a9de9248
MH		 2815
2816 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2817
2818 if (!num_rsp)
2819 return;
2820
2821 hci_dev_lock(hdev);
2822
2823 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2824 struct inquiry_info_with_rssi_and_pscan_mode *info;
2825 info = (void *) (skb->data + 1);
a9de9248 2826
e17acd40 2827 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2828 bacpy(&data.bdaddr, &info->bdaddr);
2829 data.pscan_rep_mode = info->pscan_rep_mode;
2830 data.pscan_period_mode = info->pscan_period_mode;
2831 data.pscan_mode = info->pscan_mode;
2832 memcpy(data.dev_class, info->dev_class, 3);
2833 data.clock_offset = info->clock_offset;
2834 data.rssi = info->rssi;
41a96212 2835 data.ssp_mode = 0x00;
3175405b
JH		 2836
2837 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2838 false, &ssp);
48264f06 2839 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2840 info->dev_class, info->rssi,
2841 !name_known, ssp, NULL, 0);
a9de9248
MH		 2842 }
2843 } else {
2844 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2845
e17acd40 2846 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2847 bacpy(&data.bdaddr, &info->bdaddr);
2848 data.pscan_rep_mode = info->pscan_rep_mode;
2849 data.pscan_period_mode = info->pscan_period_mode;
2850 data.pscan_mode = 0x00;
2851 memcpy(data.dev_class, info->dev_class, 3);
2852 data.clock_offset = info->clock_offset;
2853 data.rssi = info->rssi;
41a96212 2854 data.ssp_mode = 0x00;
3175405b 2855 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2856 false, &ssp);
48264f06 2857 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2858 info->dev_class, info->rssi,
2859 !name_known, ssp, NULL, 0);
a9de9248
MH		 2860 }
2861 }
2862
2863 hci_dev_unlock(hdev);
2864}
2865
2866static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2867{
41a96212
MH		 2868 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2869 struct hci_conn *conn;
2870
a9de9248 2871 BT_DBG("%s", hdev->name);
41a96212 2872
41a96212
MH		 2873 hci_dev_lock(hdev);
2874
2875 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2876 if (!conn)
2877 goto unlock;
41a96212 2878
ccd556fe
JH		 2879 if (!ev->status && ev->page == 0x01) {
2880 struct inquiry_entry *ie;
41a96212 2881
cc11b9c1
AE		 2882 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2883 if (ie)
02b7cc62 2884 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2885
02b7cc62 2886 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2887 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2888 }
2889
2890 if (conn->state != BT_CONFIG)
2891 goto unlock;
2892
127178d2
JH		 2893 if (!ev->status) {
2894 struct hci_cp_remote_name_req cp;
2895 memset(&cp, 0, sizeof(cp));
2896 bacpy(&cp.bdaddr, &conn->dst);
2897 cp.pscan_rep_mode = 0x02;
2898 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2899 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2900 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2901 conn->dst_type, 0, NULL, 0,
2902 conn->dev_class);
392599b9 2903
127178d2 2904 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2905 conn->state = BT_CONNECTED;
2906 hci_proto_connect_cfm(conn, ev->status);
2907 hci_conn_put(conn);
41a96212
MH		 2908 }
2909
ccd556fe 2910unlock:
41a96212 2911 hci_dev_unlock(hdev);
a9de9248
MH		 2912}
2913
2914static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2915{
b6a0dc82
MH		 2916 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2917 struct hci_conn *conn;
2918
2919 BT_DBG("%s status %d", hdev->name, ev->status);
2920
2921 hci_dev_lock(hdev);
2922
2923 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2924 if (!conn) {
2925 if (ev->link_type == ESCO_LINK)
2926 goto unlock;
2927
2928 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2929 if (!conn)
2930 goto unlock;
2931
2932 conn->type = SCO_LINK;
2933 }
b6a0dc82 2934
732547f9
MH		 2935 switch (ev->status) {
2936 case 0x00:
b6a0dc82
MH		 2937 conn->handle = __le16_to_cpu(ev->handle);
2938 conn->state = BT_CONNECTED;
7d0db0a3 2939
9eba32b8 2940 hci_conn_hold_device(conn);
7d0db0a3 2941 hci_conn_add_sysfs(conn);
732547f9
MH		 2942 break;
2943
705e5711 2944 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2945 case 0x1c: /* SCO interval rejected */
1038a00b 2946 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2947 case 0x1f: /* Unspecified error */
2948 if (conn->out && conn->attempt < 2) {
2949 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2950 (hdev->esco_type & EDR_ESCO_MASK);
2951 hci_setup_sync(conn, conn->link->handle);
2952 goto unlock;
2953 }
2954 /* fall through */
2955
2956 default:
b6a0dc82 2957 conn->state = BT_CLOSED;
732547f9
MH		 2958 break;
2959 }
b6a0dc82
MH		 2960
2961 hci_proto_connect_cfm(conn, ev->status);
2962 if (ev->status)
2963 hci_conn_del(conn);
2964
2965unlock:
2966 hci_dev_unlock(hdev);
a9de9248
MH		 2967}
2968
2969static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2970{
2971 BT_DBG("%s", hdev->name);
2972}
2973
04837f64
MH		 2974static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2975{
a9de9248 2976 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2977
2978 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2979}
2980
a9de9248 2981static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2982{
a9de9248
MH		 2983 struct inquiry_data data;
2984 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2985 int num_rsp = *((__u8 *) skb->data);
1da177e4 2986
a9de9248 2987 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2988
a9de9248
MH		 2989 if (!num_rsp)
2990 return;
1da177e4 2991
a9de9248
MH		 2992 hci_dev_lock(hdev);
2993
e17acd40 2994 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2995 bool name_known, ssp;
561aafbc 2996
a9de9248 2997 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2998 data.pscan_rep_mode = info->pscan_rep_mode;
2999 data.pscan_period_mode = info->pscan_period_mode;
3000 data.pscan_mode = 0x00;
a9de9248 3001 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3002 data.clock_offset = info->clock_offset;
3003 data.rssi = info->rssi;
41a96212 3004 data.ssp_mode = 0x01;
561aafbc 3005
a8b2d5c2 3006 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3007 name_known = eir_has_data_type(info->data,
04124681
GP		 3008 sizeof(info->data),
3009 EIR_NAME_COMPLETE);
561aafbc
JH		 3010 else
3011 name_known = true;
3012
388fc8fa 3013 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3014 &ssp);
48264f06 3015 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 3016 info->dev_class, info->rssi, !name_known,
3017 ssp, info->data, sizeof(info->data));
a9de9248
MH		 3018 }
3019
3020 hci_dev_unlock(hdev);
3021}
1da177e4 3022
17fa4b9d
JH		 3023static inline u8 hci_get_auth_req(struct hci_conn *conn)
3024{
3025 /* If remote requests dedicated bonding follow that lead */
3026 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3027 /* If both remote and local IO capabilities allow MITM
3028 * protection then require it, otherwise don't */
3029 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3030 return 0x02;
3031 else
3032 return 0x03;
3033 }
3034
3035 /* If remote requests no-bonding follow that lead */
3036 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3037 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3038
3039 return conn->auth_type;
3040}
3041
0493684e
MH		 3042static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3043{
3044 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3045 struct hci_conn *conn;
3046
3047 BT_DBG("%s", hdev->name);
3048
3049 hci_dev_lock(hdev);
3050
3051 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3052 if (!conn)
3053 goto unlock;
3054
3055 hci_conn_hold(conn);
3056
a8b2d5c2 3057 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3058 goto unlock;
3059
a8b2d5c2 3060 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3061 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3062 struct hci_cp_io_capability_reply cp;
3063
3064 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3065 /* Change the IO capability from KeyboardDisplay
3066 * to DisplayYesNo as it is not supported by BT spec. */
3067 cp.capability = (conn->io_capability == 0x04) ?
3068 0x01 : conn->io_capability;
7cbc9bd9
JH		 3069 conn->auth_type = hci_get_auth_req(conn);
3070 cp.authentication = conn->auth_type;
17fa4b9d 3071
58a681ef 3072 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3073 hci_find_remote_oob_data(hdev, &conn->dst))
3074 cp.oob_data = 0x01;
3075 else
3076 cp.oob_data = 0x00;
3077
17fa4b9d
JH		 3078 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3079 sizeof(cp), &cp);
03b555e1
JH		 3080 } else {
3081 struct hci_cp_io_capability_neg_reply cp;
3082
3083 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3084 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3085
03b555e1
JH		 3086 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3087 sizeof(cp), &cp);
3088 }
3089
3090unlock:
3091 hci_dev_unlock(hdev);
3092}
3093
3094static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3095{
3096 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3097 struct hci_conn *conn;
3098
3099 BT_DBG("%s", hdev->name);
3100
3101 hci_dev_lock(hdev);
3102
3103 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3104 if (!conn)
3105 goto unlock;
3106
03b555e1 3107 conn->remote_cap = ev->capability;
03b555e1 3108 conn->remote_auth = ev->authentication;
58a681ef
JH		 3109 if (ev->oob_data)
3110 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3111
3112unlock:
0493684e
MH		 3113 hci_dev_unlock(hdev);
3114}
3115
a5c29683
JH		 3116static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3117 struct sk_buff *skb)
3118{
3119 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3120 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3121 struct hci_conn *conn;
a5c29683
JH		 3122
3123 BT_DBG("%s", hdev->name);
3124
3125 hci_dev_lock(hdev);
3126
a8b2d5c2 3127 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3128 goto unlock;
a5c29683 3129
7a828908
JH		 3130 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3131 if (!conn)
3132 goto unlock;
3133
3134 loc_mitm = (conn->auth_type & 0x01);
3135 rem_mitm = (conn->remote_auth & 0x01);
3136
3137 /* If we require MITM but the remote device can't provide that
3138 * (it has NoInputNoOutput) then reject the confirmation
3139 * request. The only exception is when we're dedicated bonding
3140 * initiators (connect_cfm_cb set) since then we always have the MITM
3141 * bit set. */
3142 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3143 BT_DBG("Rejecting request: remote device can't provide MITM");
3144 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3145 sizeof(ev->bdaddr), &ev->bdaddr);
3146 goto unlock;
3147 }
3148
3149 /* If no side requires MITM protection; auto-accept */
3150 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3151 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3152
3153 /* If we're not the initiators request authorization to
3154 * proceed from user space (mgmt_user_confirm with
3155 * confirm_hint set to 1). */
51a8efd7 3156 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3157 BT_DBG("Confirming auto-accept as acceptor");
3158 confirm_hint = 1;
3159 goto confirm;
3160 }
3161
9f61656a
JH		 3162 BT_DBG("Auto-accept of user confirmation with %ums delay",
3163 hdev->auto_accept_delay);
3164
3165 if (hdev->auto_accept_delay > 0) {
3166 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3167 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3168 goto unlock;
3169 }
3170
7a828908
JH		 3171 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3172 sizeof(ev->bdaddr), &ev->bdaddr);
3173 goto unlock;
3174 }
3175
55bc1a37 3176confirm:
272d90df 3177 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3178 confirm_hint);
7a828908
JH		 3179
3180unlock:
a5c29683
JH		 3181 hci_dev_unlock(hdev);
3182}
3183
1143d458
BG		 3184static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3185 struct sk_buff *skb)
3186{
3187 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3188
3189 BT_DBG("%s", hdev->name);
3190
3191 hci_dev_lock(hdev);
3192
a8b2d5c2 3193 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3194 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3195
3196 hci_dev_unlock(hdev);
3197}
3198
0493684e
MH		 3199static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3200{
3201 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3202 struct hci_conn *conn;
3203
3204 BT_DBG("%s", hdev->name);
3205
3206 hci_dev_lock(hdev);
3207
3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3209 if (!conn)
3210 goto unlock;
3211
3212 /* To avoid duplicate auth_failed events to user space we check
3213 * the HCI_CONN_AUTH_PEND flag which will be set if we
3214 * initiated the authentication. A traditional auth_complete
3215 * event gets always produced as initiator and is also mapped to
3216 * the mgmt_auth_failed event */
51a8efd7 3217 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3218 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3219 ev->status);
0493684e 3220
2a611692
JH		 3221 hci_conn_put(conn);
3222
3223unlock:
0493684e
MH		 3224 hci_dev_unlock(hdev);
3225}
3226
41a96212
MH		 3227static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3228{
3229 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3230 struct inquiry_entry *ie;
3231
3232 BT_DBG("%s", hdev->name);
3233
3234 hci_dev_lock(hdev);
3235
cc11b9c1
AE		 3236 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3237 if (ie)
02b7cc62 3238 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3239
3240 hci_dev_unlock(hdev);
3241}
3242
2763eda6 3243static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
04124681 3244 struct sk_buff *skb)
2763eda6
SJ		 3245{
3246 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3247 struct oob_data *data;
3248
3249 BT_DBG("%s", hdev->name);
3250
3251 hci_dev_lock(hdev);
3252
a8b2d5c2 3253 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3254 goto unlock;
3255
2763eda6
SJ		 3256 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3257 if (data) {
3258 struct hci_cp_remote_oob_data_reply cp;
3259
3260 bacpy(&cp.bdaddr, &ev->bdaddr);
3261 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3262 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3263
3264 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3265 &cp);
3266 } else {
3267 struct hci_cp_remote_oob_data_neg_reply cp;
3268
3269 bacpy(&cp.bdaddr, &ev->bdaddr);
3270 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3271 &cp);
3272 }
3273
e1ba1f15 3274unlock:
2763eda6
SJ		 3275 hci_dev_unlock(hdev);
3276}
3277
fcd89c09
VT		 3278static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3279{
3280 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3281 struct hci_conn *conn;
3282
3283 BT_DBG("%s status %d", hdev->name, ev->status);
3284
3285 hci_dev_lock(hdev);
3286
3287 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3288 if (!conn) {
3289 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3290 if (!conn) {
3291 BT_ERR("No memory for new connection");
3292 hci_dev_unlock(hdev);
3293 return;
3294 }
29b7988a
AG		 3295
3296 conn->dst_type = ev->bdaddr_type;
b62f328b 3297 }
fcd89c09
VT		 3298
3299 if (ev->status) {
48264f06
JH		 3300 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3301 conn->dst_type, ev->status);
fcd89c09
VT		 3302 hci_proto_connect_cfm(conn, ev->status);
3303 conn->state = BT_CLOSED;
3304 hci_conn_del(conn);
3305 goto unlock;
3306 }
3307
b644ba33
JH		 3308 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3309 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3310 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3311
7b5c0d52 3312 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3313 conn->handle = __le16_to_cpu(ev->handle);
3314 conn->state = BT_CONNECTED;
3315
3316 hci_conn_hold_device(conn);
3317 hci_conn_add_sysfs(conn);
3318
3319 hci_proto_connect_cfm(conn, ev->status);
3320
3321unlock:
3322 hci_dev_unlock(hdev);
3323}
3324
9aa04c91
AG		 3325static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
3327{
e95beb41
AG		 3328 u8 num_reports = skb->data[0];
3329 void *ptr = &skb->data[1];
3c9e9195 3330 s8 rssi;
9aa04c91
AG		 3331
3332 hci_dev_lock(hdev);
3333
e95beb41
AG		 3334 while (num_reports--) {
3335 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3336
9aa04c91 3337 hci_add_adv_entry(hdev, ev);
e95beb41 3338
3c9e9195
AG		 3339 rssi = ev->data[ev->length];
3340 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3341 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3342
e95beb41 3343 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3344 }
3345
3346 hci_dev_unlock(hdev);
3347}
3348
a7a595f6
VCG		 3349static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3350 struct sk_buff *skb)
3351{
3352 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3353 struct hci_cp_le_ltk_reply cp;
bea710fe 3354 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3355 struct hci_conn *conn;
c9839a11 3356 struct smp_ltk *ltk;
a7a595f6 3357
e4666881 3358 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 3359
3360 hci_dev_lock(hdev);
3361
3362 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3363 if (conn == NULL)
3364 goto not_found;
a7a595f6 3365
bea710fe
VCG		 3366 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3367 if (ltk == NULL)
3368 goto not_found;
3369
3370 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3371 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3372
3373 if (ltk->authenticated)
3374 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3375
3376 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3377
c9839a11
VCG		 3378 if (ltk->type & HCI_SMP_STK) {
3379 list_del(&ltk->list);
3380 kfree(ltk);
3381 }
3382
a7a595f6 3383 hci_dev_unlock(hdev);
bea710fe
VCG		 3384
3385 return;
3386
3387not_found:
3388 neg.handle = ev->handle;
3389 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3390 hci_dev_unlock(hdev);
a7a595f6
VCG		 3391}
3392
fcd89c09
VT		 3393static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3394{
3395 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3396
3397 skb_pull(skb, sizeof(*le_ev));
3398
3399 switch (le_ev->subevent) {
3400 case HCI_EV_LE_CONN_COMPLETE:
3401 hci_le_conn_complete_evt(hdev, skb);
3402 break;
3403
9aa04c91
AG		 3404 case HCI_EV_LE_ADVERTISING_REPORT:
3405 hci_le_adv_report_evt(hdev, skb);
3406 break;
3407
a7a595f6
VCG		 3408 case HCI_EV_LE_LTK_REQ:
3409 hci_le_ltk_request_evt(hdev, skb);
3410 break;
3411
fcd89c09
VT		 3412 default:
3413 break;
3414 }
3415}
3416
a9de9248
MH		 3417void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3418{
3419 struct hci_event_hdr *hdr = (void *) skb->data;
3420 __u8 event = hdr->evt;
3421
3422 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3423
3424 switch (event) {
1da177e4
LT		 3425 case HCI_EV_INQUIRY_COMPLETE:
3426 hci_inquiry_complete_evt(hdev, skb);
3427 break;
3428
3429 case HCI_EV_INQUIRY_RESULT:
3430 hci_inquiry_result_evt(hdev, skb);
3431 break;
3432
a9de9248
MH		 3433 case HCI_EV_CONN_COMPLETE:
3434 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3435 break;
3436
1da177e4
LT		 3437 case HCI_EV_CONN_REQUEST:
3438 hci_conn_request_evt(hdev, skb);
3439 break;
3440
1da177e4
LT		 3441 case HCI_EV_DISCONN_COMPLETE:
3442 hci_disconn_complete_evt(hdev, skb);
3443 break;
3444
1da177e4
LT		 3445 case HCI_EV_AUTH_COMPLETE:
3446 hci_auth_complete_evt(hdev, skb);
3447 break;
3448
a9de9248
MH		 3449 case HCI_EV_REMOTE_NAME:
3450 hci_remote_name_evt(hdev, skb);
3451 break;
3452
1da177e4
LT		 3453 case HCI_EV_ENCRYPT_CHANGE:
3454 hci_encrypt_change_evt(hdev, skb);
3455 break;
3456
a9de9248
MH		 3457 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3458 hci_change_link_key_complete_evt(hdev, skb);
3459 break;
3460
3461 case HCI_EV_REMOTE_FEATURES:
3462 hci_remote_features_evt(hdev, skb);
3463 break;
3464
3465 case HCI_EV_REMOTE_VERSION:
3466 hci_remote_version_evt(hdev, skb);
3467 break;
3468
3469 case HCI_EV_QOS_SETUP_COMPLETE:
3470 hci_qos_setup_complete_evt(hdev, skb);
3471 break;
3472
3473 case HCI_EV_CMD_COMPLETE:
3474 hci_cmd_complete_evt(hdev, skb);
3475 break;
3476
3477 case HCI_EV_CMD_STATUS:
3478 hci_cmd_status_evt(hdev, skb);
3479 break;
3480
3481 case HCI_EV_ROLE_CHANGE:
3482 hci_role_change_evt(hdev, skb);
3483 break;
3484
3485 case HCI_EV_NUM_COMP_PKTS:
3486 hci_num_comp_pkts_evt(hdev, skb);
3487 break;
3488
3489 case HCI_EV_MODE_CHANGE:
3490 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3491 break;
3492
3493 case HCI_EV_PIN_CODE_REQ:
3494 hci_pin_code_request_evt(hdev, skb);
3495 break;
3496
3497 case HCI_EV_LINK_KEY_REQ:
3498 hci_link_key_request_evt(hdev, skb);
3499 break;
3500
3501 case HCI_EV_LINK_KEY_NOTIFY:
3502 hci_link_key_notify_evt(hdev, skb);
3503 break;
3504
3505 case HCI_EV_CLOCK_OFFSET:
3506 hci_clock_offset_evt(hdev, skb);
3507 break;
3508
a8746417
MH		 3509 case HCI_EV_PKT_TYPE_CHANGE:
3510 hci_pkt_type_change_evt(hdev, skb);
3511 break;
3512
85a1e930
MH		 3513 case HCI_EV_PSCAN_REP_MODE:
3514 hci_pscan_rep_mode_evt(hdev, skb);
3515 break;
3516
a9de9248
MH		 3517 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3518 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3519 break;
3520
a9de9248
MH		 3521 case HCI_EV_REMOTE_EXT_FEATURES:
3522 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3523 break;
3524
a9de9248
MH		 3525 case HCI_EV_SYNC_CONN_COMPLETE:
3526 hci_sync_conn_complete_evt(hdev, skb);
3527 break;
1da177e4 3528
a9de9248
MH		 3529 case HCI_EV_SYNC_CONN_CHANGED:
3530 hci_sync_conn_changed_evt(hdev, skb);
3531 break;
1da177e4 3532
a9de9248
MH		 3533 case HCI_EV_SNIFF_SUBRATE:
3534 hci_sniff_subrate_evt(hdev, skb);
3535 break;
1da177e4 3536
a9de9248
MH		 3537 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3538 hci_extended_inquiry_result_evt(hdev, skb);
3539 break;
1da177e4 3540
0493684e
MH		 3541 case HCI_EV_IO_CAPA_REQUEST:
3542 hci_io_capa_request_evt(hdev, skb);
3543 break;
3544
03b555e1
JH		 3545 case HCI_EV_IO_CAPA_REPLY:
3546 hci_io_capa_reply_evt(hdev, skb);
3547 break;
3548
a5c29683
JH		 3549 case HCI_EV_USER_CONFIRM_REQUEST:
3550 hci_user_confirm_request_evt(hdev, skb);
3551 break;
3552
1143d458
BG		 3553 case HCI_EV_USER_PASSKEY_REQUEST:
3554 hci_user_passkey_request_evt(hdev, skb);
3555 break;
3556
0493684e
MH		 3557 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3558 hci_simple_pair_complete_evt(hdev, skb);
3559 break;
3560
41a96212
MH		 3561 case HCI_EV_REMOTE_HOST_FEATURES:
3562 hci_remote_host_features_evt(hdev, skb);
3563 break;
3564
fcd89c09
VT		 3565 case HCI_EV_LE_META:
3566 hci_le_meta_evt(hdev, skb);
3567 break;
3568
2763eda6
SJ		 3569 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3570 hci_remote_oob_data_request_evt(hdev, skb);
3571 break;
3572
25e89e99
AE		 3573 case HCI_EV_NUM_COMP_BLOCKS:
3574 hci_num_comp_blocks_evt(hdev, skb);
3575 break;
3576
a9de9248
MH		 3577 default:
3578 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3579 break;
3580 }
3581
3582 kfree_skb(skb);
3583 hdev->stat.evt_rx++;
3584}
Linux kernel - Deliverables
This page took 1.085131 seconds and 5 git commands to generate.