projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for AR3012 [0cf3:e004]
[deliverable/linux.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/errno.h>
31#include <linux/kernel.h>
1da177e4
LT		 32#include <linux/slab.h>
33#include <linux/poll.h>
34#include <linux/fcntl.h>
35#include <linux/init.h>
36#include <linux/skbuff.h>
37#include <linux/interrupt.h>
1da177e4
LT		 38#include <net/sock.h>
39
40#include <asm/system.h>
70f23020 41#include <linux/uaccess.h>
1da177e4
LT		 42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46
1da177e4
LT		 47/* Handle HCI Event packets */
48
a9de9248 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 50{
a9de9248 51 __u8 status = *((__u8 *) skb->data);
1da177e4 52
a9de9248 53 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 54
e6d465cb
AG		 55 if (status) {
56 hci_dev_lock(hdev);
57 mgmt_stop_discovery_failed(hdev, status);
58 hci_dev_unlock(hdev);
a9de9248 59 return;
e6d465cb 60 }
1da177e4 61
89352e7d
AG		 62 clear_bit(HCI_INQUIRY, &hdev->flags);
63
56e5cb86 64 hci_dev_lock(hdev);
ff9ef578 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56e5cb86 66 hci_dev_unlock(hdev);
6bd57416 67
23bb5763 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
a9de9248
MH		 69
70 hci_conn_check_pending(hdev);
71}
6bd57416 72
a9de9248
MH		 73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
6bd57416 76
a9de9248 77 BT_DBG("%s status 0x%x", hdev->name, status);
6bd57416 78
a9de9248
MH		 79 if (status)
80 return;
1da177e4 81
a9de9248
MH		 82 hci_conn_check_pending(hdev);
83}
84
85static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
a9de9248 138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
e4e8e37c
MH		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
23bb5763 182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
a9de9248 189 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
23bb5763 193 hci_req_complete(hdev, HCI_OP_RESET, status);
d23264a8 194
a297e97c 195 /* Reset all non-persistent flags */
9f8ce967 196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
69775ff6
AG		 197
198 hdev->discovery.state = DISCOVERY_STOPPED;
a9de9248 199}
04837f64 200
a9de9248
MH		 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202{
203 __u8 status = *((__u8 *) skb->data);
204 void *sent;
04837f64 205
a9de9248 206 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 207
a9de9248
MH		 208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
209 if (!sent)
210 return;
04837f64 211
56e5cb86
JH		 212 hci_dev_lock(hdev);
213
f51d5b24
JH		 214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 216 else if (!status)
217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 218
56e5cb86 219 hci_dev_unlock(hdev);
3159d384
JH		 220
221 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
a9de9248
MH		 222}
223
224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225{
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
227
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
229
230 if (rp->status)
231 return;
232
db99b5fc
JH		 233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 235}
236
237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238{
239 __u8 status = *((__u8 *) skb->data);
240 void *sent;
241
242 BT_DBG("%s status 0x%x", hdev->name, status);
243
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 if (!sent)
246 return;
247
248 if (!status) {
249 __u8 param = *((__u8 *) sent);
250
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
253 else
254 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 255 }
a9de9248 256
33ef95ed
JH		 257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
23bb5763 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
1da177e4
LT		 261}
262
a9de9248 263static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 264{
a9de9248 265 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 266 void *sent;
267
a9de9248 268 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 269
a9de9248
MH		 270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 if (!sent)
272 return;
1da177e4 273
a9de9248
MH		 274 if (!status) {
275 __u8 param = *((__u8 *) sent);
276
277 if (param)
278 set_bit(HCI_ENCRYPT, &hdev->flags);
279 else
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 }
1da177e4 282
23bb5763 283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
a9de9248 284}
1da177e4 285
a9de9248
MH		 286static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287{
36f7fc7e
JH		 288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
a9de9248 290 void *sent;
1da177e4 291
a9de9248 292 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 293
a9de9248
MH		 294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 if (!sent)
296 return;
1da177e4 297
36f7fc7e
JH		 298 param = *((__u8 *) sent);
299
56e5cb86
JH		 300 hci_dev_lock(hdev);
301
2d7cee58 302 if (status != 0) {
744cf19e 303 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 304 hdev->discov_timeout = 0;
305 goto done;
306 }
307
36f7fc7e
JH		 308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
313 if (!old_iscan)
744cf19e 314 mgmt_discoverable(hdev, 1);
16ab91ab
JH		 315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 to);
319 }
36f7fc7e 320 } else if (old_iscan)
744cf19e 321 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 322
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
325 if (!old_pscan)
744cf19e 326 mgmt_connectable(hdev, 1);
36f7fc7e 327 } else if (old_pscan)
744cf19e 328 mgmt_connectable(hdev, 0);
1da177e4 329
36f7fc7e 330done:
56e5cb86 331 hci_dev_unlock(hdev);
23bb5763 332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
a9de9248 333}
1da177e4 334
a9de9248
MH		 335static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336{
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 338
a9de9248 339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 340
a9de9248
MH		 341 if (rp->status)
342 return;
1da177e4 343
a9de9248 344 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 345
a9de9248
MH		 346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348}
1da177e4 349
a9de9248
MH		 350static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351{
352 __u8 status = *((__u8 *) skb->data);
353 void *sent;
1da177e4 354
a9de9248 355 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 356
a9de9248
MH		 357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
358 if (!sent)
359 return;
1da177e4 360
7f9a903c
MH		 361 hci_dev_lock(hdev);
362
363 if (status == 0)
364 memcpy(hdev->dev_class, sent, 3);
365
366 if (test_bit(HCI_MGMT, &hdev->dev_flags))
367 mgmt_set_class_of_dev_complete(hdev, sent, status);
368
369 hci_dev_unlock(hdev);
a9de9248 370}
1da177e4 371
a9de9248
MH		 372static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373{
374 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
375 __u16 setting;
376
377 BT_DBG("%s status 0x%x", hdev->name, rp->status);
378
379 if (rp->status)
380 return;
381
382 setting = __le16_to_cpu(rp->voice_setting);
383
f383f275 384 if (hdev->voice_setting == setting)
a9de9248
MH		 385 return;
386
387 hdev->voice_setting = setting;
388
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390
3c54711c 391 if (hdev->notify)
a9de9248 392 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 393}
394
395static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
396{
397 __u8 status = *((__u8 *) skb->data);
f383f275 398 __u16 setting;
a9de9248
MH		 399 void *sent;
400
401 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 402
f383f275
MH		 403 if (status)
404 return;
405
a9de9248
MH		 406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 if (!sent)
408 return;
1da177e4 409
f383f275 410 setting = get_unaligned_le16(sent);
1da177e4 411
f383f275
MH		 412 if (hdev->voice_setting == setting)
413 return;
414
415 hdev->voice_setting = setting;
1da177e4 416
f383f275 417 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
1da177e4 418
3c54711c 419 if (hdev->notify)
f383f275 420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 421}
422
a9de9248 423static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 424{
a9de9248 425 __u8 status = *((__u8 *) skb->data);
1da177e4 426
a9de9248 427 BT_DBG("%s status 0x%x", hdev->name, status);
1da177e4 428
23bb5763 429 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
a9de9248 430}
1143e5a6 431
333140b5
MH		 432static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433{
434 __u8 status = *((__u8 *) skb->data);
435 void *sent;
436
437 BT_DBG("%s status 0x%x", hdev->name, status);
438
333140b5
MH		 439 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
440 if (!sent)
441 return;
442
ed2c4ee3 443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
c0ecddc2
JH		 444 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445 else if (!status) {
446 if (*((u8 *) sent))
447 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 else
449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450 }
333140b5
MH		 451}
452
d5859e22
JH		 453static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
454{
455 if (hdev->features[6] & LMP_EXT_INQ)
456 return 2;
457
458 if (hdev->features[3] & LMP_RSSI_INQ)
459 return 1;
460
461 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
462 hdev->lmp_subver == 0x0757)
463 return 1;
464
465 if (hdev->manufacturer == 15) {
466 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
467 return 1;
468 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
469 return 1;
470 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
471 return 1;
472 }
473
474 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
475 hdev->lmp_subver == 0x1805)
476 return 1;
477
478 return 0;
479}
480
481static void hci_setup_inquiry_mode(struct hci_dev *hdev)
482{
483 u8 mode;
484
485 mode = hci_get_inquiry_mode(hdev);
486
487 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488}
489
490static void hci_setup_event_mask(struct hci_dev *hdev)
491{
492 /* The second byte is 0xff instead of 0x9f (two reserved bits
493 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
494 * command otherwise */
495 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496
6de6c18d
VT		 497 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
498 * any event mask for pre 1.2 devices */
5a13b095 499 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
6de6c18d
VT		 500 return;
501
502 events[4] |= 0x01; /* Flow Specification Complete */
503 events[4] |= 0x02; /* Inquiry Result with RSSI */
504 events[4] |= 0x04; /* Read Remote Extended Features Complete */
505 events[5] |= 0x08; /* Synchronous Connection Complete */
506 events[5] |= 0x10; /* Synchronous Connection Changed */
d5859e22
JH		 507
508 if (hdev->features[3] & LMP_RSSI_INQ)
509 events[4] |= 0x04; /* Inquiry Result with RSSI */
510
511 if (hdev->features[5] & LMP_SNIFF_SUBR)
512 events[5] |= 0x20; /* Sniff Subrating */
513
514 if (hdev->features[5] & LMP_PAUSE_ENC)
515 events[5] |= 0x80; /* Encryption Key Refresh Complete */
516
517 if (hdev->features[6] & LMP_EXT_INQ)
518 events[5] |= 0x40; /* Extended Inquiry Result */
519
520 if (hdev->features[6] & LMP_NO_FLUSH)
521 events[7] |= 0x01; /* Enhanced Flush Complete */
522
523 if (hdev->features[7] & LMP_LSTO)
524 events[6] |= 0x80; /* Link Supervision Timeout Changed */
525
526 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527 events[6] |= 0x01; /* IO Capability Request */
528 events[6] |= 0x02; /* IO Capability Response */
529 events[6] |= 0x04; /* User Confirmation Request */
530 events[6] |= 0x08; /* User Passkey Request */
531 events[6] |= 0x10; /* Remote OOB Data Request */
532 events[6] |= 0x20; /* Simple Pairing Complete */
533 events[7] |= 0x04; /* User Passkey Notification */
534 events[7] |= 0x08; /* Keypress Notification */
535 events[7] |= 0x10; /* Remote Host Supported
536 * Features Notification */
537 }
538
539 if (hdev->features[4] & LMP_LE)
540 events[7] |= 0x20; /* LE Meta-Event */
541
542 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543}
544
545static void hci_setup(struct hci_dev *hdev)
546{
e61ef499
AE		 547 if (hdev->dev_type != HCI_BREDR)
548 return;
549
d5859e22
JH		 550 hci_setup_event_mask(hdev);
551
d095c1eb 552 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
d5859e22
JH		 553 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
554
54d04dbb
JH		 555 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
556 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
557 u8 mode = 0x01;
558 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
04124681 559 sizeof(mode), &mode);
54d04dbb
JH		 560 } else {
561 struct hci_cp_write_eir cp;
562
563 memset(hdev->eir, 0, sizeof(hdev->eir));
564 memset(&cp, 0, sizeof(cp));
565
566 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
567 }
d5859e22
JH		 568 }
569
570 if (hdev->features[3] & LMP_RSSI_INQ)
571 hci_setup_inquiry_mode(hdev);
572
573 if (hdev->features[7] & LMP_INQ_TX_PWR)
574 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
971e3a4b
AG		 575
576 if (hdev->features[7] & LMP_EXTFEATURES) {
577 struct hci_cp_read_local_ext_features cp;
578
579 cp.page = 0x01;
04124681
GP		 580 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
581 &cp);
971e3a4b 582 }
e6100a25 583
47990ea0
JH		 584 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
585 u8 enable = 1;
04124681
GP		 586 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
587 &enable);
47990ea0 588 }
d5859e22
JH		 589}
590
a9de9248
MH		 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592{
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 594
a9de9248 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143e5a6 596
a9de9248 597 if (rp->status)
28b8df77 598 goto done;
1143e5a6 599
a9de9248 600 hdev->hci_ver = rp->hci_ver;
e4e8e37c 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
d5859e22 602 hdev->lmp_ver = rp->lmp_ver;
e4e8e37c 603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
d5859e22 604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
1143e5a6 605
a9de9248
MH		 606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->manufacturer,
608 hdev->hci_ver, hdev->hci_rev);
d5859e22
JH		 609
610 if (test_bit(HCI_INIT, &hdev->flags))
611 hci_setup(hdev);
28b8df77
AE		 612
613done:
614 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
d5859e22
JH		 615}
616
617static void hci_setup_link_policy(struct hci_dev *hdev)
618{
619 u16 link_policy = 0;
620
621 if (hdev->features[0] & LMP_RSWITCH)
622 link_policy |= HCI_LP_RSWITCH;
623 if (hdev->features[0] & LMP_HOLD)
624 link_policy |= HCI_LP_HOLD;
625 if (hdev->features[0] & LMP_SNIFF)
626 link_policy |= HCI_LP_SNIFF;
627 if (hdev->features[1] & LMP_PARK)
628 link_policy |= HCI_LP_PARK;
629
630 link_policy = cpu_to_le16(link_policy);
04124681
GP		 631 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(link_policy),
632 &link_policy);
a9de9248 633}
1da177e4 634
a9de9248
MH		 635static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
636{
637 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 638
a9de9248 639 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 640
a9de9248 641 if (rp->status)
d5859e22 642 goto done;
1da177e4 643
a9de9248 644 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
d5859e22
JH		 645
646 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
647 hci_setup_link_policy(hdev);
648
649done:
650 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
a9de9248 651}
1da177e4 652
a9de9248
MH		 653static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
654{
655 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 656
a9de9248 657 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 658
a9de9248
MH		 659 if (rp->status)
660 return;
5b7f9909 661
a9de9248 662 memcpy(hdev->features, rp->features, 8);
5b7f9909 663
a9de9248
MH		 664 /* Adjust default settings according to features
665 * supported by device. */
1da177e4 666
a9de9248
MH		 667 if (hdev->features[0] & LMP_3SLOT)
668 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 669
a9de9248
MH		 670 if (hdev->features[0] & LMP_5SLOT)
671 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 672
a9de9248
MH		 673 if (hdev->features[1] & LMP_HV2) {
674 hdev->pkt_type |= (HCI_HV2);
675 hdev->esco_type |= (ESCO_HV2);
676 }
1da177e4 677
a9de9248
MH		 678 if (hdev->features[1] & LMP_HV3) {
679 hdev->pkt_type |= (HCI_HV3);
680 hdev->esco_type |= (ESCO_HV3);
681 }
1da177e4 682
a9de9248
MH		 683 if (hdev->features[3] & LMP_ESCO)
684 hdev->esco_type |= (ESCO_EV3);
da1f5198 685
a9de9248
MH		 686 if (hdev->features[4] & LMP_EV4)
687 hdev->esco_type |= (ESCO_EV4);
da1f5198 688
a9de9248
MH		 689 if (hdev->features[4] & LMP_EV5)
690 hdev->esco_type |= (ESCO_EV5);
1da177e4 691
efc7688b
MH		 692 if (hdev->features[5] & LMP_EDR_ESCO_2M)
693 hdev->esco_type |= (ESCO_2EV3);
694
695 if (hdev->features[5] & LMP_EDR_ESCO_3M)
696 hdev->esco_type |= (ESCO_3EV3);
697
698 if (hdev->features[5] & LMP_EDR_3S_ESCO)
699 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
700
a9de9248
MH		 701 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
702 hdev->features[0], hdev->features[1],
703 hdev->features[2], hdev->features[3],
704 hdev->features[4], hdev->features[5],
705 hdev->features[6], hdev->features[7]);
706}
1da177e4 707
8f984dfa
JH		 708static void hci_set_le_support(struct hci_dev *hdev)
709{
710 struct hci_cp_write_le_host_supported cp;
711
712 memset(&cp, 0, sizeof(cp));
713
714 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
715 cp.le = 1;
716 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
717 }
718
719 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
04124681
GP		 720 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
721 &cp);
8f984dfa
JH		 722}
723
971e3a4b
AG		 724static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
725 struct sk_buff *skb)
726{
727 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
728
729 BT_DBG("%s status 0x%x", hdev->name, rp->status);
730
731 if (rp->status)
8f984dfa 732 goto done;
971e3a4b 733
b5b32b65
AG		 734 switch (rp->page) {
735 case 0:
736 memcpy(hdev->features, rp->features, 8);
737 break;
738 case 1:
739 memcpy(hdev->host_features, rp->features, 8);
740 break;
741 }
971e3a4b 742
8f984dfa
JH		 743 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
744 hci_set_le_support(hdev);
745
746done:
971e3a4b
AG		 747 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
748}
749
1e89cffb
AE		 750static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
751 struct sk_buff *skb)
752{
753 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
754
755 BT_DBG("%s status 0x%x", hdev->name, rp->status);
756
757 if (rp->status)
758 return;
759
760 hdev->flow_ctl_mode = rp->mode;
761
762 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
763}
764
a9de9248
MH		 765static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
766{
767 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 768
a9de9248 769 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1da177e4 770
a9de9248
MH		 771 if (rp->status)
772 return;
1da177e4 773
a9de9248
MH		 774 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
775 hdev->sco_mtu = rp->sco_mtu;
776 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
777 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
778
779 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
780 hdev->sco_mtu = 64;
781 hdev->sco_pkts = 8;
1da177e4 782 }
a9de9248
MH		 783
784 hdev->acl_cnt = hdev->acl_pkts;
785 hdev->sco_cnt = hdev->sco_pkts;
786
787 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
788 hdev->acl_mtu, hdev->acl_pkts,
789 hdev->sco_mtu, hdev->sco_pkts);
790}
791
792static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
793{
794 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
795
796 BT_DBG("%s status 0x%x", hdev->name, rp->status);
797
798 if (!rp->status)
799 bacpy(&hdev->bdaddr, &rp->bdaddr);
800
23bb5763
JH		 801 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
802}
803
350ee4cf
AE		 804static void hci_cc_read_data_block_size(struct hci_dev *hdev,
805 struct sk_buff *skb)
806{
807 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
808
809 BT_DBG("%s status 0x%x", hdev->name, rp->status);
810
811 if (rp->status)
812 return;
813
814 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
815 hdev->block_len = __le16_to_cpu(rp->block_len);
816 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
817
818 hdev->block_cnt = hdev->num_blocks;
819
820 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
821 hdev->block_cnt, hdev->block_len);
822
823 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
824}
825
23bb5763
JH		 826static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
827{
828 __u8 status = *((__u8 *) skb->data);
829
830 BT_DBG("%s status 0x%x", hdev->name, status);
831
832 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
a9de9248
MH		 833}
834
928abaa7
AE		 835static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
836 struct sk_buff *skb)
837{
838 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
839
840 BT_DBG("%s status 0x%x", hdev->name, rp->status);
841
842 if (rp->status)
843 return;
844
845 hdev->amp_status = rp->amp_status;
846 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
847 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
848 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
849 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
850 hdev->amp_type = rp->amp_type;
851 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
852 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
853 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
854 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
855
856 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
857}
858
b0916ea0
JH		 859static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
860 struct sk_buff *skb)
861{
862 __u8 status = *((__u8 *) skb->data);
863
864 BT_DBG("%s status 0x%x", hdev->name, status);
865
866 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
867}
868
d5859e22
JH		 869static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
870{
871 __u8 status = *((__u8 *) skb->data);
872
873 BT_DBG("%s status 0x%x", hdev->name, status);
874
875 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
876}
877
878static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
879 struct sk_buff *skb)
880{
881 __u8 status = *((__u8 *) skb->data);
882
883 BT_DBG("%s status 0x%x", hdev->name, status);
884
885 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
886}
887
888static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
889 struct sk_buff *skb)
890{
891 __u8 status = *((__u8 *) skb->data);
892
893 BT_DBG("%s status 0x%x", hdev->name, status);
894
895 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
896}
897
898static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 __u8 status = *((__u8 *) skb->data);
901
902 BT_DBG("%s status 0x%x", hdev->name, status);
903
904 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
905}
906
980e1a53
JH		 907static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
908{
909 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
910 struct hci_cp_pin_code_reply *cp;
911 struct hci_conn *conn;
912
913 BT_DBG("%s status 0x%x", hdev->name, rp->status);
914
56e5cb86
JH		 915 hci_dev_lock(hdev);
916
a8b2d5c2 917 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 918 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53
JH		 919
920 if (rp->status != 0)
56e5cb86 921 goto unlock;
980e1a53
JH		 922
923 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
924 if (!cp)
56e5cb86 925 goto unlock;
980e1a53
JH		 926
927 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
928 if (conn)
929 conn->pin_length = cp->pin_len;
56e5cb86
JH		 930
931unlock:
932 hci_dev_unlock(hdev);
980e1a53
JH		 933}
934
935static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
936{
937 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
938
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
940
56e5cb86
JH		 941 hci_dev_lock(hdev);
942
a8b2d5c2 943 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 944 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
980e1a53 945 rp->status);
56e5cb86
JH		 946
947 hci_dev_unlock(hdev);
980e1a53 948}
56e5cb86 949
6ed58ec5
VT		 950static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
951 struct sk_buff *skb)
952{
953 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
954
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
956
957 if (rp->status)
958 return;
959
960 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
961 hdev->le_pkts = rp->le_max_pkt;
962
963 hdev->le_cnt = hdev->le_pkts;
964
965 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
966
967 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
968}
980e1a53 969
a5c29683
JH		 970static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
971{
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
973
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
975
56e5cb86
JH		 976 hci_dev_lock(hdev);
977
a8b2d5c2 978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 979 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
980 rp->status);
56e5cb86
JH		 981
982 hci_dev_unlock(hdev);
a5c29683
JH		 983}
984
985static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
986 struct sk_buff *skb)
987{
988 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989
990 BT_DBG("%s status 0x%x", hdev->name, rp->status);
991
56e5cb86
JH		 992 hci_dev_lock(hdev);
993
a8b2d5c2 994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 995 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 996 ACL_LINK, 0, rp->status);
56e5cb86
JH		 997
998 hci_dev_unlock(hdev);
a5c29683
JH		 999}
1000
1143d458
BG		 1001static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1002{
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1004
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1006
1007 hci_dev_lock(hdev);
1008
a8b2d5c2 1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 1010 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 1011 0, rp->status);
1143d458
BG		 1012
1013 hci_dev_unlock(hdev);
1014}
1015
1016static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1018{
1019 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1020
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1022
1023 hci_dev_lock(hdev);
1024
a8b2d5c2 1025 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 1026 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 1027 ACL_LINK, 0, rp->status);
1143d458
BG		 1028
1029 hci_dev_unlock(hdev);
1030}
1031
c35938b2
SJ		 1032static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1033 struct sk_buff *skb)
1034{
1035 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1036
1037 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1038
56e5cb86 1039 hci_dev_lock(hdev);
744cf19e 1040 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
c35938b2 1041 rp->randomizer, rp->status);
56e5cb86 1042 hci_dev_unlock(hdev);
c35938b2
SJ		 1043}
1044
07f7fa5d
AG		 1045static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1046{
1047 __u8 status = *((__u8 *) skb->data);
1048
1049 BT_DBG("%s status 0x%x", hdev->name, status);
7ba8b4be
AG		 1050
1051 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
3fd24153
AG		 1052
1053 if (status) {
1054 hci_dev_lock(hdev);
1055 mgmt_start_discovery_failed(hdev, status);
1056 hci_dev_unlock(hdev);
1057 return;
1058 }
07f7fa5d
AG		 1059}
1060
eb9d91f5
AG		 1061static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1062 struct sk_buff *skb)
1063{
1064 struct hci_cp_le_set_scan_enable *cp;
1065 __u8 status = *((__u8 *) skb->data);
1066
1067 BT_DBG("%s status 0x%x", hdev->name, status);
1068
eb9d91f5
AG		 1069 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1070 if (!cp)
1071 return;
1072
68a8aea4
AE		 1073 switch (cp->enable) {
1074 case LE_SCANNING_ENABLED:
7ba8b4be
AG		 1075 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1076
3fd24153
AG		 1077 if (status) {
1078 hci_dev_lock(hdev);
1079 mgmt_start_discovery_failed(hdev, status);
1080 hci_dev_unlock(hdev);
7ba8b4be 1081 return;
3fd24153 1082 }
7ba8b4be 1083
d23264a8
AG		 1084 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1085
db323f2f 1086 cancel_delayed_work_sync(&hdev->adv_work);
a8f13c8c
AG		 1087
1088 hci_dev_lock(hdev);
eb9d91f5 1089 hci_adv_entries_clear(hdev);
343f935b 1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
a8f13c8c 1091 hci_dev_unlock(hdev);
68a8aea4
AE		 1092 break;
1093
1094 case LE_SCANNING_DISABLED:
7ba8b4be
AG		 1095 if (status)
1096 return;
1097
d23264a8
AG		 1098 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1099
d084329e 1100 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
5e0452c0
AG		 1101
1102 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1103 mgmt_interleaved_discovery(hdev);
1104 } else {
1105 hci_dev_lock(hdev);
1106 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1107 hci_dev_unlock(hdev);
1108 }
1109
68a8aea4
AE		 1110 break;
1111
1112 default:
1113 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1114 break;
35815085 1115 }
eb9d91f5
AG		 1116}
1117
a7a595f6
VCG		 1118static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119{
1120 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1121
1122 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1123
1124 if (rp->status)
1125 return;
1126
1127 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1128}
1129
1130static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1131{
1132 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1133
1134 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1135
1136 if (rp->status)
1137 return;
1138
1139 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1140}
1141
f9b49306
AG		 1142static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1143 struct sk_buff *skb)
1144{
06199cf8 1145 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1146 __u8 status = *((__u8 *) skb->data);
1147
1148 BT_DBG("%s status 0x%x", hdev->name, status);
1149
06199cf8 1150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1151 if (!sent)
f9b49306
AG		 1152 return;
1153
8f984dfa
JH		 1154 if (!status) {
1155 if (sent->le)
1156 hdev->host_features[0] |= LMP_HOST_LE;
1157 else
1158 hdev->host_features[0] &= ~LMP_HOST_LE;
1159 }
1160
1161 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1162 !test_bit(HCI_INIT, &hdev->flags))
1163 mgmt_le_enable_complete(hdev, sent->le, status);
1164
1165 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
f9b49306
AG		 1166}
1167
a9de9248
MH		 1168static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1169{
1170 BT_DBG("%s status 0x%x", hdev->name, status);
1171
1172 if (status) {
23bb5763 1173 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
a9de9248 1174 hci_conn_check_pending(hdev);
56e5cb86 1175 hci_dev_lock(hdev);
a8b2d5c2 1176 if (test_bit(HCI_MGMT, &hdev->dev_flags))
7a135109 1177 mgmt_start_discovery_failed(hdev, status);
56e5cb86 1178 hci_dev_unlock(hdev);
314b2381
JH		 1179 return;
1180 }
1181
89352e7d
AG		 1182 set_bit(HCI_INQUIRY, &hdev->flags);
1183
56e5cb86 1184 hci_dev_lock(hdev);
343f935b 1185 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
56e5cb86 1186 hci_dev_unlock(hdev);
1da177e4
LT		 1187}
1188
1da177e4
LT		 1189static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1190{
a9de9248 1191 struct hci_cp_create_conn *cp;
1da177e4 1192 struct hci_conn *conn;
1da177e4 1193
a9de9248
MH		 1194 BT_DBG("%s status 0x%x", hdev->name, status);
1195
1196 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1197 if (!cp)
1198 return;
1199
1200 hci_dev_lock(hdev);
1201
1202 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1203
a9de9248 1204 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1da177e4
LT		 1205
1206 if (status) {
1207 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1208 if (status != 0x0c || conn->attempt > 2) {
1209 conn->state = BT_CLOSED;
1210 hci_proto_connect_cfm(conn, status);
1211 hci_conn_del(conn);
1212 } else
1213 conn->state = BT_CONNECT2;
1da177e4
LT		 1214 }
1215 } else {
1216 if (!conn) {
1217 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1218 if (conn) {
a0c808b3 1219 conn->out = true;
1da177e4
LT		 1220 conn->link_mode |= HCI_LM_MASTER;
1221 } else
893ef971 1222 BT_ERR("No memory for new connection");
1da177e4
LT		 1223 }
1224 }
1225
1226 hci_dev_unlock(hdev);
1227}
1228
a9de9248 1229static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1230{
a9de9248
MH		 1231 struct hci_cp_add_sco *cp;
1232 struct hci_conn *acl, *sco;
1233 __u16 handle;
1da177e4 1234
b6a0dc82
MH		 1235 BT_DBG("%s status 0x%x", hdev->name, status);
1236
a9de9248
MH		 1237 if (!status)
1238 return;
1da177e4 1239
a9de9248
MH		 1240 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1241 if (!cp)
1242 return;
1da177e4 1243
a9de9248 1244 handle = __le16_to_cpu(cp->handle);
1da177e4 1245
a9de9248 1246 BT_DBG("%s handle %d", hdev->name, handle);
1da177e4 1247
a9de9248 1248 hci_dev_lock(hdev);
1da177e4 1249
a9de9248 1250 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1251 if (acl) {
1252 sco = acl->link;
1253 if (sco) {
1254 sco->state = BT_CLOSED;
1da177e4 1255
5a08ecce
AE		 1256 hci_proto_connect_cfm(sco, status);
1257 hci_conn_del(sco);
1258 }
a9de9248 1259 }
1da177e4 1260
a9de9248
MH		 1261 hci_dev_unlock(hdev);
1262}
1da177e4 1263
f8558555
MH		 1264static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1265{
1266 struct hci_cp_auth_requested *cp;
1267 struct hci_conn *conn;
1268
1269 BT_DBG("%s status 0x%x", hdev->name, status);
1270
1271 if (!status)
1272 return;
1273
1274 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1275 if (!cp)
1276 return;
1277
1278 hci_dev_lock(hdev);
1279
1280 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1281 if (conn) {
1282 if (conn->state == BT_CONFIG) {
1283 hci_proto_connect_cfm(conn, status);
1284 hci_conn_put(conn);
1285 }
1286 }
1287
1288 hci_dev_unlock(hdev);
1289}
1290
1291static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1292{
1293 struct hci_cp_set_conn_encrypt *cp;
1294 struct hci_conn *conn;
1295
1296 BT_DBG("%s status 0x%x", hdev->name, status);
1297
1298 if (!status)
1299 return;
1300
1301 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1302 if (!cp)
1303 return;
1304
1305 hci_dev_lock(hdev);
1306
1307 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1308 if (conn) {
1309 if (conn->state == BT_CONFIG) {
1310 hci_proto_connect_cfm(conn, status);
1311 hci_conn_put(conn);
1312 }
1313 }
1314
1315 hci_dev_unlock(hdev);
1316}
1317
127178d2 1318static int hci_outgoing_auth_needed(struct hci_dev *hdev,
138d22ef 1319 struct hci_conn *conn)
392599b9 1320{
392599b9
JH		 1321 if (conn->state != BT_CONFIG || !conn->out)
1322 return 0;
1323
765c2a96 1324 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1325 return 0;
1326
1327 /* Only request authentication for SSP connections or non-SSP
e9bf2bf0 1328 * devices with sec_level HIGH or if MITM protection is requested */
aa64a8b5 1329 if (!hci_conn_ssp_enabled(conn) &&
e9bf2bf0
VCG		 1330 conn->pending_sec_level != BT_SECURITY_HIGH &&
1331 !(conn->auth_type & 0x01))
392599b9
JH		 1332 return 0;
1333
392599b9
JH		 1334 return 1;
1335}
1336
00abfe44 1337static inline int hci_resolve_name(struct hci_dev *hdev,
04124681 1338 struct inquiry_entry *e)
30dc78e1
JH		 1339{
1340 struct hci_cp_remote_name_req cp;
1341
1342 memset(&cp, 0, sizeof(cp));
1343
1344 bacpy(&cp.bdaddr, &e->data.bdaddr);
1345 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1346 cp.pscan_mode = e->data.pscan_mode;
1347 cp.clock_offset = e->data.clock_offset;
1348
1349 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1350}
1351
b644ba33 1352static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1353{
1354 struct discovery_state *discov = &hdev->discovery;
1355 struct inquiry_entry *e;
1356
b644ba33
JH		 1357 if (list_empty(&discov->resolve))
1358 return false;
1359
1360 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1361 if (hci_resolve_name(hdev, e) == 0) {
1362 e->name_state = NAME_PENDING;
1363 return true;
1364 }
1365
1366 return false;
1367}
1368
1369static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1370 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1371{
1372 struct discovery_state *discov = &hdev->discovery;
1373 struct inquiry_entry *e;
1374
1375 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1376 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1377 name_len, conn->dev_class);
b644ba33
JH		 1378
1379 if (discov->state == DISCOVERY_STOPPED)
1380 return;
1381
30dc78e1
JH		 1382 if (discov->state == DISCOVERY_STOPPING)
1383 goto discov_complete;
1384
1385 if (discov->state != DISCOVERY_RESOLVING)
1386 return;
1387
1388 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1389 if (e) {
1390 e->name_state = NAME_KNOWN;
1391 list_del(&e->list);
b644ba33
JH		 1392 if (name)
1393 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
04124681 1394 e->data.rssi, name, name_len);
30dc78e1
JH		 1395 }
1396
b644ba33 1397 if (hci_resolve_next_name(hdev))
30dc78e1 1398 return;
30dc78e1
JH		 1399
1400discov_complete:
1401 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1402}
1403
a9de9248
MH		 1404static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1405{
127178d2
JH		 1406 struct hci_cp_remote_name_req *cp;
1407 struct hci_conn *conn;
1408
a9de9248 1409 BT_DBG("%s status 0x%x", hdev->name, status);
127178d2
JH		 1410
1411 /* If successful wait for the name req complete event before
1412 * checking for the need to do authentication */
1413 if (!status)
1414 return;
1415
1416 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1417 if (!cp)
1418 return;
1419
1420 hci_dev_lock(hdev);
1421
b644ba33
JH		 1422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1423
a8b2d5c2 1424 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1425 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1426
79c6c70c
JH		 1427 if (!conn)
1428 goto unlock;
1429
1430 if (!hci_outgoing_auth_needed(hdev, conn))
1431 goto unlock;
1432
51a8efd7 1433 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 1434 struct hci_cp_auth_requested cp;
1435 cp.handle = __cpu_to_le16(conn->handle);
1436 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1437 }
1438
79c6c70c 1439unlock:
127178d2 1440 hci_dev_unlock(hdev);
a9de9248 1441}
1da177e4 1442
769be974
MH		 1443static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1444{
1445 struct hci_cp_read_remote_features *cp;
1446 struct hci_conn *conn;
1447
1448 BT_DBG("%s status 0x%x", hdev->name, status);
1449
1450 if (!status)
1451 return;
1452
1453 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1454 if (!cp)
1455 return;
1456
1457 hci_dev_lock(hdev);
1458
1459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1460 if (conn) {
1461 if (conn->state == BT_CONFIG) {
769be974
MH		 1462 hci_proto_connect_cfm(conn, status);
1463 hci_conn_put(conn);
1464 }
1465 }
1466
1467 hci_dev_unlock(hdev);
1468}
1469
1470static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1471{
1472 struct hci_cp_read_remote_ext_features *cp;
1473 struct hci_conn *conn;
1474
1475 BT_DBG("%s status 0x%x", hdev->name, status);
1476
1477 if (!status)
1478 return;
1479
1480 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1481 if (!cp)
1482 return;
1483
1484 hci_dev_lock(hdev);
1485
1486 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1487 if (conn) {
1488 if (conn->state == BT_CONFIG) {
769be974
MH		 1489 hci_proto_connect_cfm(conn, status);
1490 hci_conn_put(conn);
1491 }
1492 }
1493
1494 hci_dev_unlock(hdev);
1495}
1496
a9de9248
MH		 1497static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1498{
b6a0dc82
MH		 1499 struct hci_cp_setup_sync_conn *cp;
1500 struct hci_conn *acl, *sco;
1501 __u16 handle;
1502
a9de9248 1503 BT_DBG("%s status 0x%x", hdev->name, status);
b6a0dc82
MH		 1504
1505 if (!status)
1506 return;
1507
1508 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1509 if (!cp)
1510 return;
1511
1512 handle = __le16_to_cpu(cp->handle);
1513
1514 BT_DBG("%s handle %d", hdev->name, handle);
1515
1516 hci_dev_lock(hdev);
1517
1518 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1519 if (acl) {
1520 sco = acl->link;
1521 if (sco) {
1522 sco->state = BT_CLOSED;
b6a0dc82 1523
5a08ecce
AE		 1524 hci_proto_connect_cfm(sco, status);
1525 hci_conn_del(sco);
1526 }
b6a0dc82
MH		 1527 }
1528
1529 hci_dev_unlock(hdev);
1da177e4
LT		 1530}
1531
a9de9248 1532static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1533{
a9de9248
MH		 1534 struct hci_cp_sniff_mode *cp;
1535 struct hci_conn *conn;
1da177e4 1536
a9de9248 1537 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1538
a9de9248
MH		 1539 if (!status)
1540 return;
04837f64 1541
a9de9248
MH		 1542 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1543 if (!cp)
1544 return;
04837f64 1545
a9de9248 1546 hci_dev_lock(hdev);
04837f64 1547
a9de9248 1548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1549 if (conn) {
51a8efd7 1550 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1551
51a8efd7 1552 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1553 hci_sco_setup(conn, status);
1554 }
1555
a9de9248
MH		 1556 hci_dev_unlock(hdev);
1557}
04837f64 1558
a9de9248
MH		 1559static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1560{
1561 struct hci_cp_exit_sniff_mode *cp;
1562 struct hci_conn *conn;
04837f64 1563
a9de9248 1564 BT_DBG("%s status 0x%x", hdev->name, status);
04837f64 1565
a9de9248
MH		 1566 if (!status)
1567 return;
04837f64 1568
a9de9248
MH		 1569 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1570 if (!cp)
1571 return;
04837f64 1572
a9de9248 1573 hci_dev_lock(hdev);
1da177e4 1574
a9de9248 1575 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1576 if (conn) {
51a8efd7 1577 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1578
51a8efd7 1579 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1580 hci_sco_setup(conn, status);
1581 }
1582
a9de9248 1583 hci_dev_unlock(hdev);
1da177e4
LT		 1584}
1585
88c3df13
JH		 1586static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1587{
1588 struct hci_cp_disconnect *cp;
1589 struct hci_conn *conn;
1590
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1595 if (!cp)
1596 return;
1597
1598 hci_dev_lock(hdev);
1599
1600 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1601 if (conn)
1602 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1603 conn->dst_type, status);
88c3df13
JH		 1604
1605 hci_dev_unlock(hdev);
1606}
1607
fcd89c09
VT		 1608static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1609{
1610 struct hci_cp_le_create_conn *cp;
1611 struct hci_conn *conn;
1612
1613 BT_DBG("%s status 0x%x", hdev->name, status);
1614
1615 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1616 if (!cp)
1617 return;
1618
1619 hci_dev_lock(hdev);
1620
1621 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1622
1623 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1624 conn);
1625
1626 if (status) {
1627 if (conn && conn->state == BT_CONNECT) {
1628 conn->state = BT_CLOSED;
1629 hci_proto_connect_cfm(conn, status);
1630 hci_conn_del(conn);
1631 }
1632 } else {
1633 if (!conn) {
1634 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
29b7988a
AG		 1635 if (conn) {
1636 conn->dst_type = cp->peer_addr_type;
a0c808b3 1637 conn->out = true;
29b7988a 1638 } else {
fcd89c09 1639 BT_ERR("No memory for new connection");
29b7988a 1640 }
fcd89c09
VT		 1641 }
1642 }
1643
1644 hci_dev_unlock(hdev);
1645}
1646
a7a595f6
VCG		 1647static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1648{
1649 BT_DBG("%s status 0x%x", hdev->name, status);
1650}
1651
1da177e4
LT		 1652static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1653{
1654 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1655 struct discovery_state *discov = &hdev->discovery;
1656 struct inquiry_entry *e;
1da177e4
LT		 1657
1658 BT_DBG("%s status %d", hdev->name, status);
1659
23bb5763 1660 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
6bd57416 1661
a9de9248 1662 hci_conn_check_pending(hdev);
89352e7d
AG		 1663
1664 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1665 return;
1666
a8b2d5c2 1667 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1668 return;
1669
56e5cb86 1670 hci_dev_lock(hdev);
30dc78e1 1671
343f935b 1672 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1673 goto unlock;
1674
1675 if (list_empty(&discov->resolve)) {
1676 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1677 goto unlock;
1678 }
1679
1680 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1681 if (e && hci_resolve_name(hdev, e) == 0) {
1682 e->name_state = NAME_PENDING;
1683 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1684 } else {
1685 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 }
1687
1688unlock:
56e5cb86 1689 hci_dev_unlock(hdev);
1da177e4
LT		 1690}
1691
1da177e4
LT		 1692static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1693{
45bb4bf0 1694 struct inquiry_data data;
a9de9248 1695 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1696 int num_rsp = *((__u8 *) skb->data);
1697
1698 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1699
45bb4bf0
MH		 1700 if (!num_rsp)
1701 return;
1702
1da177e4 1703 hci_dev_lock(hdev);
45bb4bf0 1704
e17acd40 1705 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1706 bool name_known, ssp;
3175405b 1707
1da177e4
LT		 1708 bacpy(&data.bdaddr, &info->bdaddr);
1709 data.pscan_rep_mode = info->pscan_rep_mode;
1710 data.pscan_period_mode = info->pscan_period_mode;
1711 data.pscan_mode = info->pscan_mode;
1712 memcpy(data.dev_class, info->dev_class, 3);
1713 data.clock_offset = info->clock_offset;
1714 data.rssi = 0x00;
41a96212 1715 data.ssp_mode = 0x00;
3175405b 1716
388fc8fa 1717 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1718 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 1719 info->dev_class, 0, !name_known, ssp, NULL,
1720 0);
1da177e4 1721 }
45bb4bf0 1722
1da177e4
LT		 1723 hci_dev_unlock(hdev);
1724}
1725
1da177e4
LT		 1726static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727{
a9de9248
MH		 1728 struct hci_ev_conn_complete *ev = (void *) skb->data;
1729 struct hci_conn *conn;
1da177e4
LT		 1730
1731 BT_DBG("%s", hdev->name);
1732
1733 hci_dev_lock(hdev);
1734
1735 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1736 if (!conn) {
1737 if (ev->link_type != SCO_LINK)
1738 goto unlock;
1739
1740 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1741 if (!conn)
1742 goto unlock;
1743
1744 conn->type = SCO_LINK;
1745 }
1da177e4
LT		 1746
1747 if (!ev->status) {
1748 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1749
1750 if (conn->type == ACL_LINK) {
1751 conn->state = BT_CONFIG;
1752 hci_conn_hold(conn);
052b30b0 1753 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1754 } else
1755 conn->state = BT_CONNECTED;
1da177e4 1756
9eba32b8 1757 hci_conn_hold_device(conn);
7d0db0a3
MH		 1758 hci_conn_add_sysfs(conn);
1759
1da177e4
LT		 1760 if (test_bit(HCI_AUTH, &hdev->flags))
1761 conn->link_mode |= HCI_LM_AUTH;
1762
1763 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1764 conn->link_mode |= HCI_LM_ENCRYPT;
1765
04837f64
MH		 1766 /* Get remote features */
1767 if (conn->type == ACL_LINK) {
1768 struct hci_cp_read_remote_features cp;
1769 cp.handle = ev->handle;
769be974 1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 1771 sizeof(cp), &cp);
04837f64
MH		 1772 }
1773
1da177e4 1774 /* Set packet type for incoming connection */
d095c1eb 1775 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 1776 struct hci_cp_change_conn_ptype cp;
1777 cp.handle = ev->handle;
a8746417 1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 1779 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1780 &cp);
1da177e4 1781 }
17d5c04c 1782 } else {
1da177e4 1783 conn->state = BT_CLOSED;
17d5c04c 1784 if (conn->type == ACL_LINK)
744cf19e 1785 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
04124681 1786 conn->dst_type, ev->status);
17d5c04c 1787 }
1da177e4 1788
e73439d8
MH		 1789 if (conn->type == ACL_LINK)
1790 hci_sco_setup(conn, ev->status);
1da177e4 1791
769be974
MH		 1792 if (ev->status) {
1793 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1794 hci_conn_del(conn);
c89b6e6b
MH		 1795 } else if (ev->link_type != ACL_LINK)
1796 hci_proto_connect_cfm(conn, ev->status);
1da177e4 1797
a9de9248 1798unlock:
1da177e4 1799 hci_dev_unlock(hdev);
1da177e4 1800
a9de9248 1801 hci_conn_check_pending(hdev);
1da177e4
LT		 1802}
1803
a9de9248 1804static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1805{
a9de9248
MH		 1806 struct hci_ev_conn_request *ev = (void *) skb->data;
1807 int mask = hdev->link_mode;
1da177e4 1808
a9de9248
MH		 1809 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1810 batostr(&ev->bdaddr), ev->link_type);
1da177e4 1811
a9de9248 1812 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1da177e4 1813
138d22ef
SJ		 1814 if ((mask & HCI_LM_ACCEPT) &&
1815 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
a9de9248 1816 /* Connection accepted */
c7bdd502 1817 struct inquiry_entry *ie;
1da177e4 1818 struct hci_conn *conn;
1da177e4 1819
a9de9248 1820 hci_dev_lock(hdev);
b6a0dc82 1821
cc11b9c1
AE		 1822 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1823 if (ie)
c7bdd502
MH		 1824 memcpy(ie->data.dev_class, ev->dev_class, 3);
1825
a9de9248
MH		 1826 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1827 if (!conn) {
cc11b9c1
AE		 1828 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1829 if (!conn) {
893ef971 1830 BT_ERR("No memory for new connection");
a9de9248
MH		 1831 hci_dev_unlock(hdev);
1832 return;
1da177e4
LT		 1833 }
1834 }
b6a0dc82 1835
a9de9248
MH		 1836 memcpy(conn->dev_class, ev->dev_class, 3);
1837 conn->state = BT_CONNECT;
b6a0dc82 1838
a9de9248 1839 hci_dev_unlock(hdev);
1da177e4 1840
b6a0dc82
MH		 1841 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1842 struct hci_cp_accept_conn_req cp;
1da177e4 1843
b6a0dc82
MH		 1844 bacpy(&cp.bdaddr, &ev->bdaddr);
1845
1846 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1847 cp.role = 0x00; /* Become master */
1848 else
1849 cp.role = 0x01; /* Remain slave */
1850
04124681
GP		 1851 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1852 &cp);
b6a0dc82
MH		 1853 } else {
1854 struct hci_cp_accept_sync_conn_req cp;
1855
1856 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 1857 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82
MH		 1858
1859 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1860 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1861 cp.max_latency = cpu_to_le16(0xffff);
1862 cp.content_format = cpu_to_le16(hdev->voice_setting);
1863 cp.retrans_effort = 0xff;
1da177e4 1864
b6a0dc82 1865 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 1866 sizeof(cp), &cp);
b6a0dc82 1867 }
a9de9248
MH		 1868 } else {
1869 /* Connection rejected */
1870 struct hci_cp_reject_conn_req cp;
1da177e4 1871
a9de9248 1872 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 1873 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 1874 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 1875 }
1da177e4
LT		 1876}
1877
a9de9248 1878static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 1879{
a9de9248 1880 struct hci_ev_disconn_complete *ev = (void *) skb->data;
04837f64
MH		 1881 struct hci_conn *conn;
1882
1883 BT_DBG("%s status %d", hdev->name, ev->status);
1884
1885 hci_dev_lock(hdev);
1886
1887 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 1888 if (!conn)
1889 goto unlock;
7d0db0a3 1890
37d9ef76
JH		 1891 if (ev->status == 0)
1892 conn->state = BT_CLOSED;
04837f64 1893
b644ba33
JH		 1894 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1895 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
37d9ef76 1896 if (ev->status != 0)
88c3df13
JH		 1897 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1898 conn->dst_type, ev->status);
37d9ef76 1899 else
afc747a6 1900 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
04124681 1901 conn->dst_type);
37d9ef76 1902 }
f7520543 1903
37d9ef76 1904 if (ev->status == 0) {
6ec5bcad
VA		 1905 if (conn->type == ACL_LINK && conn->flush_key)
1906 hci_remove_link_key(hdev, &conn->dst);
37d9ef76
JH		 1907 hci_proto_disconn_cfm(conn, ev->reason);
1908 hci_conn_del(conn);
1909 }
f7520543
JH		 1910
1911unlock:
04837f64
MH		 1912 hci_dev_unlock(hdev);
1913}
1914
1da177e4
LT		 1915static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1916{
a9de9248 1917 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 1918 struct hci_conn *conn;
1da177e4
LT		 1919
1920 BT_DBG("%s status %d", hdev->name, ev->status);
1921
1922 hci_dev_lock(hdev);
1923
04837f64 1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 1925 if (!conn)
1926 goto unlock;
1927
1928 if (!ev->status) {
aa64a8b5
JH		 1929 if (!hci_conn_ssp_enabled(conn) &&
1930 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 1931 BT_INFO("re-auth of legacy device is not possible.");
2a611692 1932 } else {
d7556e20
WR		 1933 conn->link_mode |= HCI_LM_AUTH;
1934 conn->sec_level = conn->pending_sec_level;
2a611692 1935 }
d7556e20 1936 } else {
bab73cb6 1937 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 1938 ev->status);
d7556e20 1939 }
1da177e4 1940
51a8efd7
JH		 1941 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1942 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 1943
d7556e20 1944 if (conn->state == BT_CONFIG) {
aa64a8b5 1945 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 1946 struct hci_cp_set_conn_encrypt cp;
1947 cp.handle = ev->handle;
1948 cp.encrypt = 0x01;
1949 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1950 &cp);
052b30b0 1951 } else {
d7556e20
WR		 1952 conn->state = BT_CONNECTED;
1953 hci_proto_connect_cfm(conn, ev->status);
052b30b0
MH		 1954 hci_conn_put(conn);
1955 }
d7556e20
WR		 1956 } else {
1957 hci_auth_cfm(conn, ev->status);
052b30b0 1958
d7556e20
WR		 1959 hci_conn_hold(conn);
1960 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1961 hci_conn_put(conn);
1962 }
1963
51a8efd7 1964 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 1965 if (!ev->status) {
1966 struct hci_cp_set_conn_encrypt cp;
1967 cp.handle = ev->handle;
1968 cp.encrypt = 0x01;
1969 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1970 &cp);
1971 } else {
51a8efd7 1972 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 1973 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 1974 }
1975 }
1976
d7556e20 1977unlock:
1da177e4
LT		 1978 hci_dev_unlock(hdev);
1979}
1980
a9de9248 1981static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1982{
127178d2
JH		 1983 struct hci_ev_remote_name *ev = (void *) skb->data;
1984 struct hci_conn *conn;
1985
a9de9248 1986 BT_DBG("%s", hdev->name);
1da177e4 1987
a9de9248 1988 hci_conn_check_pending(hdev);
127178d2
JH		 1989
1990 hci_dev_lock(hdev);
1991
b644ba33 1992 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 1993
b644ba33
JH		 1994 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1995 goto check_auth;
a88a9652 1996
b644ba33
JH		 1997 if (ev->status == 0)
1998 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 1999 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2000 else
2001 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2002
2003check_auth:
79c6c70c
JH		 2004 if (!conn)
2005 goto unlock;
2006
2007 if (!hci_outgoing_auth_needed(hdev, conn))
2008 goto unlock;
2009
51a8efd7 2010 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2011 struct hci_cp_auth_requested cp;
2012 cp.handle = __cpu_to_le16(conn->handle);
2013 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2014 }
2015
79c6c70c 2016unlock:
127178d2 2017 hci_dev_unlock(hdev);
a9de9248
MH		 2018}
2019
2020static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021{
2022 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2024
2025 BT_DBG("%s status %d", hdev->name, ev->status);
1da177e4
LT		 2026
2027 hci_dev_lock(hdev);
2028
04837f64 2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2030 if (conn) {
2031 if (!ev->status) {
ae293196
MH		 2032 if (ev->encrypt) {
2033 /* Encryption implies authentication */
2034 conn->link_mode |= HCI_LM_AUTH;
1da177e4 2035 conn->link_mode |= HCI_LM_ENCRYPT;
da85e5e5 2036 conn->sec_level = conn->pending_sec_level;
ae293196 2037 } else
1da177e4
LT		 2038 conn->link_mode &= ~HCI_LM_ENCRYPT;
2039 }
2040
51a8efd7 2041 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1da177e4 2042
f8558555
MH		 2043 if (conn->state == BT_CONFIG) {
2044 if (!ev->status)
2045 conn->state = BT_CONNECTED;
2046
2047 hci_proto_connect_cfm(conn, ev->status);
2048 hci_conn_put(conn);
2049 } else
2050 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1da177e4
LT		 2051 }
2052
2053 hci_dev_unlock(hdev);
2054}
2055
a9de9248 2056static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2057{
a9de9248 2058 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2059 struct hci_conn *conn;
1da177e4
LT		 2060
2061 BT_DBG("%s status %d", hdev->name, ev->status);
2062
2063 hci_dev_lock(hdev);
2064
04837f64 2065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2066 if (conn) {
2067 if (!ev->status)
2068 conn->link_mode |= HCI_LM_SECURE;
2069
51a8efd7 2070 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2071
2072 hci_key_change_cfm(conn, ev->status);
2073 }
2074
2075 hci_dev_unlock(hdev);
2076}
2077
a9de9248 2078static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2079{
a9de9248
MH		 2080 struct hci_ev_remote_features *ev = (void *) skb->data;
2081 struct hci_conn *conn;
2082
2083 BT_DBG("%s status %d", hdev->name, ev->status);
2084
a9de9248
MH		 2085 hci_dev_lock(hdev);
2086
2087 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2088 if (!conn)
2089 goto unlock;
769be974 2090
ccd556fe
JH		 2091 if (!ev->status)
2092 memcpy(conn->features, ev->features, 8);
2093
2094 if (conn->state != BT_CONFIG)
2095 goto unlock;
2096
2097 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2098 struct hci_cp_read_remote_ext_features cp;
2099 cp.handle = ev->handle;
2100 cp.page = 0x01;
2101 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
bdb7524a 2102 sizeof(cp), &cp);
392599b9
JH		 2103 goto unlock;
2104 }
2105
127178d2
JH		 2106 if (!ev->status) {
2107 struct hci_cp_remote_name_req cp;
2108 memset(&cp, 0, sizeof(cp));
2109 bacpy(&cp.bdaddr, &conn->dst);
2110 cp.pscan_rep_mode = 0x02;
2111 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2112 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2113 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2114 conn->dst_type, 0, NULL, 0,
2115 conn->dev_class);
392599b9 2116
127178d2 2117 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2118 conn->state = BT_CONNECTED;
2119 hci_proto_connect_cfm(conn, ev->status);
2120 hci_conn_put(conn);
769be974 2121 }
a9de9248 2122
ccd556fe 2123unlock:
a9de9248 2124 hci_dev_unlock(hdev);
1da177e4
LT		 2125}
2126
a9de9248 2127static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2128{
a9de9248 2129 BT_DBG("%s", hdev->name);
1da177e4
LT		 2130}
2131
a9de9248 2132static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2133{
a9de9248 2134 BT_DBG("%s", hdev->name);
1da177e4
LT		 2135}
2136
a9de9248
MH		 2137static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2138{
2139 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2140 __u16 opcode;
2141
2142 skb_pull(skb, sizeof(*ev));
2143
2144 opcode = __le16_to_cpu(ev->opcode);
2145
2146 switch (opcode) {
2147 case HCI_OP_INQUIRY_CANCEL:
2148 hci_cc_inquiry_cancel(hdev, skb);
2149 break;
2150
2151 case HCI_OP_EXIT_PERIODIC_INQ:
2152 hci_cc_exit_periodic_inq(hdev, skb);
2153 break;
2154
2155 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2156 hci_cc_remote_name_req_cancel(hdev, skb);
2157 break;
2158
2159 case HCI_OP_ROLE_DISCOVERY:
2160 hci_cc_role_discovery(hdev, skb);
2161 break;
2162
e4e8e37c
MH		 2163 case HCI_OP_READ_LINK_POLICY:
2164 hci_cc_read_link_policy(hdev, skb);
2165 break;
2166
a9de9248
MH		 2167 case HCI_OP_WRITE_LINK_POLICY:
2168 hci_cc_write_link_policy(hdev, skb);
2169 break;
2170
e4e8e37c
MH		 2171 case HCI_OP_READ_DEF_LINK_POLICY:
2172 hci_cc_read_def_link_policy(hdev, skb);
2173 break;
2174
2175 case HCI_OP_WRITE_DEF_LINK_POLICY:
2176 hci_cc_write_def_link_policy(hdev, skb);
2177 break;
2178
a9de9248
MH		 2179 case HCI_OP_RESET:
2180 hci_cc_reset(hdev, skb);
2181 break;
2182
2183 case HCI_OP_WRITE_LOCAL_NAME:
2184 hci_cc_write_local_name(hdev, skb);
2185 break;
2186
2187 case HCI_OP_READ_LOCAL_NAME:
2188 hci_cc_read_local_name(hdev, skb);
2189 break;
2190
2191 case HCI_OP_WRITE_AUTH_ENABLE:
2192 hci_cc_write_auth_enable(hdev, skb);
2193 break;
2194
2195 case HCI_OP_WRITE_ENCRYPT_MODE:
2196 hci_cc_write_encrypt_mode(hdev, skb);
2197 break;
2198
2199 case HCI_OP_WRITE_SCAN_ENABLE:
2200 hci_cc_write_scan_enable(hdev, skb);
2201 break;
2202
2203 case HCI_OP_READ_CLASS_OF_DEV:
2204 hci_cc_read_class_of_dev(hdev, skb);
2205 break;
2206
2207 case HCI_OP_WRITE_CLASS_OF_DEV:
2208 hci_cc_write_class_of_dev(hdev, skb);
2209 break;
2210
2211 case HCI_OP_READ_VOICE_SETTING:
2212 hci_cc_read_voice_setting(hdev, skb);
2213 break;
2214
2215 case HCI_OP_WRITE_VOICE_SETTING:
2216 hci_cc_write_voice_setting(hdev, skb);
2217 break;
2218
2219 case HCI_OP_HOST_BUFFER_SIZE:
2220 hci_cc_host_buffer_size(hdev, skb);
2221 break;
2222
333140b5
MH		 2223 case HCI_OP_WRITE_SSP_MODE:
2224 hci_cc_write_ssp_mode(hdev, skb);
2225 break;
2226
a9de9248
MH		 2227 case HCI_OP_READ_LOCAL_VERSION:
2228 hci_cc_read_local_version(hdev, skb);
2229 break;
2230
2231 case HCI_OP_READ_LOCAL_COMMANDS:
2232 hci_cc_read_local_commands(hdev, skb);
2233 break;
2234
2235 case HCI_OP_READ_LOCAL_FEATURES:
2236 hci_cc_read_local_features(hdev, skb);
2237 break;
2238
971e3a4b
AG		 2239 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2240 hci_cc_read_local_ext_features(hdev, skb);
2241 break;
2242
a9de9248
MH		 2243 case HCI_OP_READ_BUFFER_SIZE:
2244 hci_cc_read_buffer_size(hdev, skb);
2245 break;
2246
2247 case HCI_OP_READ_BD_ADDR:
2248 hci_cc_read_bd_addr(hdev, skb);
2249 break;
2250
350ee4cf
AE		 2251 case HCI_OP_READ_DATA_BLOCK_SIZE:
2252 hci_cc_read_data_block_size(hdev, skb);
2253 break;
2254
23bb5763
JH		 2255 case HCI_OP_WRITE_CA_TIMEOUT:
2256 hci_cc_write_ca_timeout(hdev, skb);
2257 break;
2258
1e89cffb
AE		 2259 case HCI_OP_READ_FLOW_CONTROL_MODE:
2260 hci_cc_read_flow_control_mode(hdev, skb);
2261 break;
2262
928abaa7
AE		 2263 case HCI_OP_READ_LOCAL_AMP_INFO:
2264 hci_cc_read_local_amp_info(hdev, skb);
2265 break;
2266
b0916ea0
JH		 2267 case HCI_OP_DELETE_STORED_LINK_KEY:
2268 hci_cc_delete_stored_link_key(hdev, skb);
2269 break;
2270
d5859e22
JH		 2271 case HCI_OP_SET_EVENT_MASK:
2272 hci_cc_set_event_mask(hdev, skb);
2273 break;
2274
2275 case HCI_OP_WRITE_INQUIRY_MODE:
2276 hci_cc_write_inquiry_mode(hdev, skb);
2277 break;
2278
2279 case HCI_OP_READ_INQ_RSP_TX_POWER:
2280 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2281 break;
2282
2283 case HCI_OP_SET_EVENT_FLT:
2284 hci_cc_set_event_flt(hdev, skb);
2285 break;
2286
980e1a53
JH		 2287 case HCI_OP_PIN_CODE_REPLY:
2288 hci_cc_pin_code_reply(hdev, skb);
2289 break;
2290
2291 case HCI_OP_PIN_CODE_NEG_REPLY:
2292 hci_cc_pin_code_neg_reply(hdev, skb);
2293 break;
2294
c35938b2
SJ		 2295 case HCI_OP_READ_LOCAL_OOB_DATA:
2296 hci_cc_read_local_oob_data_reply(hdev, skb);
2297 break;
2298
6ed58ec5
VT		 2299 case HCI_OP_LE_READ_BUFFER_SIZE:
2300 hci_cc_le_read_buffer_size(hdev, skb);
2301 break;
2302
a5c29683
JH		 2303 case HCI_OP_USER_CONFIRM_REPLY:
2304 hci_cc_user_confirm_reply(hdev, skb);
2305 break;
2306
2307 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2308 hci_cc_user_confirm_neg_reply(hdev, skb);
2309 break;
2310
1143d458
BG		 2311 case HCI_OP_USER_PASSKEY_REPLY:
2312 hci_cc_user_passkey_reply(hdev, skb);
2313 break;
2314
2315 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2316 hci_cc_user_passkey_neg_reply(hdev, skb);
07f7fa5d
AG		 2317
2318 case HCI_OP_LE_SET_SCAN_PARAM:
2319 hci_cc_le_set_scan_param(hdev, skb);
1143d458
BG		 2320 break;
2321
eb9d91f5
AG		 2322 case HCI_OP_LE_SET_SCAN_ENABLE:
2323 hci_cc_le_set_scan_enable(hdev, skb);
2324 break;
2325
a7a595f6
VCG		 2326 case HCI_OP_LE_LTK_REPLY:
2327 hci_cc_le_ltk_reply(hdev, skb);
2328 break;
2329
2330 case HCI_OP_LE_LTK_NEG_REPLY:
2331 hci_cc_le_ltk_neg_reply(hdev, skb);
2332 break;
2333
f9b49306
AG		 2334 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2335 hci_cc_write_le_host_supported(hdev, skb);
2336 break;
2337
a9de9248
MH		 2338 default:
2339 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2340 break;
2341 }
2342
6bd32326
VT		 2343 if (ev->opcode != HCI_OP_NOP)
2344 del_timer(&hdev->cmd_timer);
2345
a9de9248
MH		 2346 if (ev->ncmd) {
2347 atomic_set(&hdev->cmd_cnt, 1);
2348 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2349 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2350 }
2351}
2352
2353static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354{
2355 struct hci_ev_cmd_status *ev = (void *) skb->data;
2356 __u16 opcode;
2357
2358 skb_pull(skb, sizeof(*ev));
2359
2360 opcode = __le16_to_cpu(ev->opcode);
2361
2362 switch (opcode) {
2363 case HCI_OP_INQUIRY:
2364 hci_cs_inquiry(hdev, ev->status);
2365 break;
2366
2367 case HCI_OP_CREATE_CONN:
2368 hci_cs_create_conn(hdev, ev->status);
2369 break;
2370
2371 case HCI_OP_ADD_SCO:
2372 hci_cs_add_sco(hdev, ev->status);
2373 break;
2374
f8558555
MH		 2375 case HCI_OP_AUTH_REQUESTED:
2376 hci_cs_auth_requested(hdev, ev->status);
2377 break;
2378
2379 case HCI_OP_SET_CONN_ENCRYPT:
2380 hci_cs_set_conn_encrypt(hdev, ev->status);
2381 break;
2382
a9de9248
MH		 2383 case HCI_OP_REMOTE_NAME_REQ:
2384 hci_cs_remote_name_req(hdev, ev->status);
2385 break;
2386
769be974
MH		 2387 case HCI_OP_READ_REMOTE_FEATURES:
2388 hci_cs_read_remote_features(hdev, ev->status);
2389 break;
2390
2391 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2392 hci_cs_read_remote_ext_features(hdev, ev->status);
2393 break;
2394
a9de9248
MH		 2395 case HCI_OP_SETUP_SYNC_CONN:
2396 hci_cs_setup_sync_conn(hdev, ev->status);
2397 break;
2398
2399 case HCI_OP_SNIFF_MODE:
2400 hci_cs_sniff_mode(hdev, ev->status);
2401 break;
2402
2403 case HCI_OP_EXIT_SNIFF_MODE:
2404 hci_cs_exit_sniff_mode(hdev, ev->status);
2405 break;
2406
8962ee74 2407 case HCI_OP_DISCONNECT:
88c3df13 2408 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2409 break;
2410
fcd89c09
VT		 2411 case HCI_OP_LE_CREATE_CONN:
2412 hci_cs_le_create_conn(hdev, ev->status);
2413 break;
2414
a7a595f6
VCG		 2415 case HCI_OP_LE_START_ENC:
2416 hci_cs_le_start_enc(hdev, ev->status);
2417 break;
2418
a9de9248
MH		 2419 default:
2420 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2421 break;
2422 }
2423
6bd32326
VT		 2424 if (ev->opcode != HCI_OP_NOP)
2425 del_timer(&hdev->cmd_timer);
2426
10572132 2427 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2428 atomic_set(&hdev->cmd_cnt, 1);
2429 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2430 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2431 }
2432}
2433
2434static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2435{
2436 struct hci_ev_role_change *ev = (void *) skb->data;
2437 struct hci_conn *conn;
2438
2439 BT_DBG("%s status %d", hdev->name, ev->status);
2440
2441 hci_dev_lock(hdev);
2442
2443 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2444 if (conn) {
2445 if (!ev->status) {
2446 if (ev->role)
2447 conn->link_mode &= ~HCI_LM_MASTER;
2448 else
2449 conn->link_mode |= HCI_LM_MASTER;
2450 }
2451
51a8efd7 2452 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2453
2454 hci_role_switch_cfm(conn, ev->status, ev->role);
2455 }
2456
2457 hci_dev_unlock(hdev);
2458}
2459
2460static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2461{
2462 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2463 int i;
2464
32ac5b9b
AE		 2465 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2466 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2467 return;
2468 }
2469
c5993de8
AE		 2470 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2471 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2472 BT_DBG("%s bad parameters", hdev->name);
2473 return;
2474 }
2475
c5993de8
AE		 2476 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2477
613a1c0c
AE		 2478 for (i = 0; i < ev->num_hndl; i++) {
2479 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2480 struct hci_conn *conn;
2481 __u16 handle, count;
2482
613a1c0c
AE		 2483 handle = __le16_to_cpu(info->handle);
2484 count = __le16_to_cpu(info->count);
a9de9248
MH		 2485
2486 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2487 if (!conn)
2488 continue;
2489
2490 conn->sent -= count;
2491
2492 switch (conn->type) {
2493 case ACL_LINK:
2494 hdev->acl_cnt += count;
2495 if (hdev->acl_cnt > hdev->acl_pkts)
2496 hdev->acl_cnt = hdev->acl_pkts;
2497 break;
2498
2499 case LE_LINK:
2500 if (hdev->le_pkts) {
2501 hdev->le_cnt += count;
2502 if (hdev->le_cnt > hdev->le_pkts)
2503 hdev->le_cnt = hdev->le_pkts;
2504 } else {
70f23020
AE		 2505 hdev->acl_cnt += count;
2506 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2507 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2508 }
f4280918
AE		 2509 break;
2510
2511 case SCO_LINK:
2512 hdev->sco_cnt += count;
2513 if (hdev->sco_cnt > hdev->sco_pkts)
2514 hdev->sco_cnt = hdev->sco_pkts;
2515 break;
2516
2517 default:
2518 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2519 break;
a9de9248
MH		 2520 }
2521 }
2522
3eff45ea 2523 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2524}
2525
25e89e99 2526static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
04124681 2527 struct sk_buff *skb)
25e89e99
AE		 2528{
2529 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2530 int i;
2531
2532 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2533 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2534 return;
2535 }
2536
2537 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2538 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2539 BT_DBG("%s bad parameters", hdev->name);
2540 return;
2541 }
2542
2543 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2544 ev->num_hndl);
2545
2546 for (i = 0; i < ev->num_hndl; i++) {
2547 struct hci_comp_blocks_info *info = &ev->handles[i];
2548 struct hci_conn *conn;
2549 __u16 handle, block_count;
2550
2551 handle = __le16_to_cpu(info->handle);
2552 block_count = __le16_to_cpu(info->blocks);
2553
2554 conn = hci_conn_hash_lookup_handle(hdev, handle);
2555 if (!conn)
2556 continue;
2557
2558 conn->sent -= block_count;
2559
2560 switch (conn->type) {
2561 case ACL_LINK:
2562 hdev->block_cnt += block_count;
2563 if (hdev->block_cnt > hdev->num_blocks)
2564 hdev->block_cnt = hdev->num_blocks;
2565 break;
2566
2567 default:
2568 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2569 break;
2570 }
2571 }
2572
2573 queue_work(hdev->workqueue, &hdev->tx_work);
2574}
2575
a9de9248 2576static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2577{
a9de9248 2578 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2579 struct hci_conn *conn;
2580
2581 BT_DBG("%s status %d", hdev->name, ev->status);
2582
2583 hci_dev_lock(hdev);
2584
2585 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2586 if (conn) {
2587 conn->mode = ev->mode;
2588 conn->interval = __le16_to_cpu(ev->interval);
2589
51a8efd7 2590 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
a9de9248 2591 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2592 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2593 else
58a681ef 2594 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2595 }
e73439d8 2596
51a8efd7 2597 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 2598 hci_sco_setup(conn, ev->status);
04837f64
MH		 2599 }
2600
2601 hci_dev_unlock(hdev);
2602}
2603
a9de9248
MH		 2604static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2605{
052b30b0
MH		 2606 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2607 struct hci_conn *conn;
2608
a9de9248 2609 BT_DBG("%s", hdev->name);
052b30b0
MH		 2610
2611 hci_dev_lock(hdev);
2612
2613 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 2614 if (!conn)
2615 goto unlock;
2616
2617 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 2618 hci_conn_hold(conn);
2619 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2620 hci_conn_put(conn);
2621 }
2622
a8b2d5c2 2623 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1
JH		 2624 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2625 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 2626 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 2627 u8 secure;
2628
2629 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2630 secure = 1;
2631 else
2632 secure = 0;
2633
744cf19e 2634 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 2635 }
980e1a53 2636
b6f98044 2637unlock:
052b30b0 2638 hci_dev_unlock(hdev);
a9de9248
MH		 2639}
2640
2641static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2642{
55ed8ca1
JH		 2643 struct hci_ev_link_key_req *ev = (void *) skb->data;
2644 struct hci_cp_link_key_reply cp;
2645 struct hci_conn *conn;
2646 struct link_key *key;
2647
a9de9248 2648 BT_DBG("%s", hdev->name);
55ed8ca1 2649
a8b2d5c2 2650 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
55ed8ca1
JH		 2651 return;
2652
2653 hci_dev_lock(hdev);
2654
2655 key = hci_find_link_key(hdev, &ev->bdaddr);
2656 if (!key) {
2657 BT_DBG("%s link key not found for %s", hdev->name,
2658 batostr(&ev->bdaddr));
2659 goto not_found;
2660 }
2661
2662 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2663 batostr(&ev->bdaddr));
2664
a8b2d5c2 2665 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
b6020ba0 2666 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 2667 BT_DBG("%s ignoring debug key", hdev->name);
2668 goto not_found;
2669 }
2670
2671 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57
WR		 2672 if (conn) {
2673 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2674 conn->auth_type != 0xff &&
2675 (conn->auth_type & 0x01)) {
2676 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2677 goto not_found;
2678 }
55ed8ca1 2679
60b83f57
WR		 2680 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2681 conn->pending_sec_level == BT_SECURITY_HIGH) {
2682 BT_DBG("%s ignoring key unauthenticated for high \
2683 security", hdev->name);
2684 goto not_found;
2685 }
2686
2687 conn->key_type = key->type;
2688 conn->pin_length = key->pin_len;
55ed8ca1
JH		 2689 }
2690
2691 bacpy(&cp.bdaddr, &ev->bdaddr);
2692 memcpy(cp.link_key, key->val, 16);
2693
2694 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2695
2696 hci_dev_unlock(hdev);
2697
2698 return;
2699
2700not_found:
2701 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2702 hci_dev_unlock(hdev);
a9de9248
MH		 2703}
2704
2705static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2706{
052b30b0
MH		 2707 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2708 struct hci_conn *conn;
55ed8ca1 2709 u8 pin_len = 0;
052b30b0 2710
a9de9248 2711 BT_DBG("%s", hdev->name);
052b30b0
MH		 2712
2713 hci_dev_lock(hdev);
2714
2715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2716 if (conn) {
2717 hci_conn_hold(conn);
2718 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 2719 pin_len = conn->pin_length;
13d39315
WR		 2720
2721 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2722 conn->key_type = ev->key_type;
2723
052b30b0
MH		 2724 hci_conn_put(conn);
2725 }
2726
a8b2d5c2 2727 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
d25e28ab 2728 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
55ed8ca1
JH		 2729 ev->key_type, pin_len);
2730
052b30b0 2731 hci_dev_unlock(hdev);
a9de9248
MH		 2732}
2733
1da177e4
LT		 2734static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2735{
a9de9248 2736 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 2737 struct hci_conn *conn;
1da177e4
LT		 2738
2739 BT_DBG("%s status %d", hdev->name, ev->status);
2740
2741 hci_dev_lock(hdev);
2742
04837f64 2743 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2744 if (conn && !ev->status) {
2745 struct inquiry_entry *ie;
2746
cc11b9c1
AE		 2747 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2748 if (ie) {
1da177e4
LT		 2749 ie->data.clock_offset = ev->clock_offset;
2750 ie->timestamp = jiffies;
2751 }
2752 }
2753
2754 hci_dev_unlock(hdev);
2755}
2756
a8746417
MH		 2757static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2758{
2759 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2760 struct hci_conn *conn;
2761
2762 BT_DBG("%s status %d", hdev->name, ev->status);
2763
2764 hci_dev_lock(hdev);
2765
2766 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2767 if (conn && !ev->status)
2768 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2769
2770 hci_dev_unlock(hdev);
2771}
2772
85a1e930
MH		 2773static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2774{
a9de9248 2775 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 2776 struct inquiry_entry *ie;
2777
2778 BT_DBG("%s", hdev->name);
2779
2780 hci_dev_lock(hdev);
2781
cc11b9c1
AE		 2782 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2783 if (ie) {
85a1e930
MH		 2784 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2785 ie->timestamp = jiffies;
2786 }
2787
2788 hci_dev_unlock(hdev);
2789}
2790
a9de9248
MH		 2791static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2792{
2793 struct inquiry_data data;
2794 int num_rsp = *((__u8 *) skb->data);
388fc8fa 2795 bool name_known, ssp;
a9de9248
MH		 2796
2797 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2798
2799 if (!num_rsp)
2800 return;
2801
2802 hci_dev_lock(hdev);
2803
2804 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 2805 struct inquiry_info_with_rssi_and_pscan_mode *info;
2806 info = (void *) (skb->data + 1);
a9de9248 2807
e17acd40 2808 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2809 bacpy(&data.bdaddr, &info->bdaddr);
2810 data.pscan_rep_mode = info->pscan_rep_mode;
2811 data.pscan_period_mode = info->pscan_period_mode;
2812 data.pscan_mode = info->pscan_mode;
2813 memcpy(data.dev_class, info->dev_class, 3);
2814 data.clock_offset = info->clock_offset;
2815 data.rssi = info->rssi;
41a96212 2816 data.ssp_mode = 0x00;
3175405b
JH		 2817
2818 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2819 false, &ssp);
48264f06 2820 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2821 info->dev_class, info->rssi,
2822 !name_known, ssp, NULL, 0);
a9de9248
MH		 2823 }
2824 } else {
2825 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2826
e17acd40 2827 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 2828 bacpy(&data.bdaddr, &info->bdaddr);
2829 data.pscan_rep_mode = info->pscan_rep_mode;
2830 data.pscan_period_mode = info->pscan_period_mode;
2831 data.pscan_mode = 0x00;
2832 memcpy(data.dev_class, info->dev_class, 3);
2833 data.clock_offset = info->clock_offset;
2834 data.rssi = info->rssi;
41a96212 2835 data.ssp_mode = 0x00;
3175405b 2836 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 2837 false, &ssp);
48264f06 2838 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2839 info->dev_class, info->rssi,
2840 !name_known, ssp, NULL, 0);
a9de9248
MH		 2841 }
2842 }
2843
2844 hci_dev_unlock(hdev);
2845}
2846
2847static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2848{
41a96212
MH		 2849 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2850 struct hci_conn *conn;
2851
a9de9248 2852 BT_DBG("%s", hdev->name);
41a96212 2853
41a96212
MH		 2854 hci_dev_lock(hdev);
2855
2856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2857 if (!conn)
2858 goto unlock;
41a96212 2859
ccd556fe
JH		 2860 if (!ev->status && ev->page == 0x01) {
2861 struct inquiry_entry *ie;
41a96212 2862
cc11b9c1
AE		 2863 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2864 if (ie)
02b7cc62 2865 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 2866
02b7cc62 2867 if (ev->features[0] & LMP_HOST_SSP)
58a681ef 2868 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
ccd556fe
JH		 2869 }
2870
2871 if (conn->state != BT_CONFIG)
2872 goto unlock;
2873
127178d2
JH		 2874 if (!ev->status) {
2875 struct hci_cp_remote_name_req cp;
2876 memset(&cp, 0, sizeof(cp));
2877 bacpy(&cp.bdaddr, &conn->dst);
2878 cp.pscan_rep_mode = 0x02;
2879 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2880 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2881 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2882 conn->dst_type, 0, NULL, 0,
2883 conn->dev_class);
392599b9 2884
127178d2 2885 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2886 conn->state = BT_CONNECTED;
2887 hci_proto_connect_cfm(conn, ev->status);
2888 hci_conn_put(conn);
41a96212
MH		 2889 }
2890
ccd556fe 2891unlock:
41a96212 2892 hci_dev_unlock(hdev);
a9de9248
MH		 2893}
2894
2895static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2896{
b6a0dc82
MH		 2897 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2898 struct hci_conn *conn;
2899
2900 BT_DBG("%s status %d", hdev->name, ev->status);
2901
2902 hci_dev_lock(hdev);
2903
2904 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 2905 if (!conn) {
2906 if (ev->link_type == ESCO_LINK)
2907 goto unlock;
2908
2909 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2910 if (!conn)
2911 goto unlock;
2912
2913 conn->type = SCO_LINK;
2914 }
b6a0dc82 2915
732547f9
MH		 2916 switch (ev->status) {
2917 case 0x00:
b6a0dc82
MH		 2918 conn->handle = __le16_to_cpu(ev->handle);
2919 conn->state = BT_CONNECTED;
7d0db0a3 2920
9eba32b8 2921 hci_conn_hold_device(conn);
7d0db0a3 2922 hci_conn_add_sysfs(conn);
732547f9
MH		 2923 break;
2924
705e5711 2925 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 2926 case 0x1c: /* SCO interval rejected */
1038a00b 2927 case 0x1a: /* Unsupported Remote Feature */
732547f9
MH		 2928 case 0x1f: /* Unspecified error */
2929 if (conn->out && conn->attempt < 2) {
2930 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2931 (hdev->esco_type & EDR_ESCO_MASK);
2932 hci_setup_sync(conn, conn->link->handle);
2933 goto unlock;
2934 }
2935 /* fall through */
2936
2937 default:
b6a0dc82 2938 conn->state = BT_CLOSED;
732547f9
MH		 2939 break;
2940 }
b6a0dc82
MH		 2941
2942 hci_proto_connect_cfm(conn, ev->status);
2943 if (ev->status)
2944 hci_conn_del(conn);
2945
2946unlock:
2947 hci_dev_unlock(hdev);
a9de9248
MH		 2948}
2949
2950static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2951{
2952 BT_DBG("%s", hdev->name);
2953}
2954
04837f64
MH		 2955static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2956{
a9de9248 2957 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
04837f64
MH		 2958
2959 BT_DBG("%s status %d", hdev->name, ev->status);
04837f64
MH		 2960}
2961
a9de9248 2962static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2963{
a9de9248
MH		 2964 struct inquiry_data data;
2965 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2966 int num_rsp = *((__u8 *) skb->data);
1da177e4 2967
a9de9248 2968 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 2969
a9de9248
MH		 2970 if (!num_rsp)
2971 return;
1da177e4 2972
a9de9248
MH		 2973 hci_dev_lock(hdev);
2974
e17acd40 2975 for (; num_rsp; num_rsp--, info++) {
388fc8fa 2976 bool name_known, ssp;
561aafbc 2977
a9de9248 2978 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 2979 data.pscan_rep_mode = info->pscan_rep_mode;
2980 data.pscan_period_mode = info->pscan_period_mode;
2981 data.pscan_mode = 0x00;
a9de9248 2982 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 2983 data.clock_offset = info->clock_offset;
2984 data.rssi = info->rssi;
41a96212 2985 data.ssp_mode = 0x01;
561aafbc 2986
a8b2d5c2 2987 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 2988 name_known = eir_has_data_type(info->data,
04124681
GP		 2989 sizeof(info->data),
2990 EIR_NAME_COMPLETE);
561aafbc
JH		 2991 else
2992 name_known = true;
2993
388fc8fa 2994 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 2995 &ssp);
48264f06 2996 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681
GP		 2997 info->dev_class, info->rssi, !name_known,
2998 ssp, info->data, sizeof(info->data));
a9de9248
MH		 2999 }
3000
3001 hci_dev_unlock(hdev);
3002}
1da177e4 3003
17fa4b9d
JH		 3004static inline u8 hci_get_auth_req(struct hci_conn *conn)
3005{
3006 /* If remote requests dedicated bonding follow that lead */
3007 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3008 /* If both remote and local IO capabilities allow MITM
3009 * protection then require it, otherwise don't */
3010 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3011 return 0x02;
3012 else
3013 return 0x03;
3014 }
3015
3016 /* If remote requests no-bonding follow that lead */
3017 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
58797bf7 3018 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d
JH		 3019
3020 return conn->auth_type;
3021}
3022
0493684e
MH		 3023static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3024{
3025 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3026 struct hci_conn *conn;
3027
3028 BT_DBG("%s", hdev->name);
3029
3030 hci_dev_lock(hdev);
3031
3032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3033 if (!conn)
3034 goto unlock;
3035
3036 hci_conn_hold(conn);
3037
a8b2d5c2 3038 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3039 goto unlock;
3040
a8b2d5c2 3041 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
03b555e1 3042 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3043 struct hci_cp_io_capability_reply cp;
3044
3045 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3046 /* Change the IO capability from KeyboardDisplay
3047 * to DisplayYesNo as it is not supported by BT spec. */
3048 cp.capability = (conn->io_capability == 0x04) ?
3049 0x01 : conn->io_capability;
7cbc9bd9
JH		 3050 conn->auth_type = hci_get_auth_req(conn);
3051 cp.authentication = conn->auth_type;
17fa4b9d 3052
58a681ef 3053 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
ce85ee13
SJ		 3054 hci_find_remote_oob_data(hdev, &conn->dst))
3055 cp.oob_data = 0x01;
3056 else
3057 cp.oob_data = 0x00;
3058
17fa4b9d
JH		 3059 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3060 sizeof(cp), &cp);
03b555e1
JH		 3061 } else {
3062 struct hci_cp_io_capability_neg_reply cp;
3063
3064 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3065 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3066
03b555e1
JH		 3067 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3068 sizeof(cp), &cp);
3069 }
3070
3071unlock:
3072 hci_dev_unlock(hdev);
3073}
3074
3075static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3076{
3077 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3078 struct hci_conn *conn;
3079
3080 BT_DBG("%s", hdev->name);
3081
3082 hci_dev_lock(hdev);
3083
3084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3085 if (!conn)
3086 goto unlock;
3087
03b555e1 3088 conn->remote_cap = ev->capability;
03b555e1 3089 conn->remote_auth = ev->authentication;
58a681ef
JH		 3090 if (ev->oob_data)
3091 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3092
3093unlock:
0493684e
MH		 3094 hci_dev_unlock(hdev);
3095}
3096
a5c29683
JH		 3097static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3098 struct sk_buff *skb)
3099{
3100 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3101 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3102 struct hci_conn *conn;
a5c29683
JH		 3103
3104 BT_DBG("%s", hdev->name);
3105
3106 hci_dev_lock(hdev);
3107
a8b2d5c2 3108 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3109 goto unlock;
a5c29683 3110
7a828908
JH		 3111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3112 if (!conn)
3113 goto unlock;
3114
3115 loc_mitm = (conn->auth_type & 0x01);
3116 rem_mitm = (conn->remote_auth & 0x01);
3117
3118 /* If we require MITM but the remote device can't provide that
3119 * (it has NoInputNoOutput) then reject the confirmation
3120 * request. The only exception is when we're dedicated bonding
3121 * initiators (connect_cfm_cb set) since then we always have the MITM
3122 * bit set. */
3123 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3124 BT_DBG("Rejecting request: remote device can't provide MITM");
3125 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3126 sizeof(ev->bdaddr), &ev->bdaddr);
3127 goto unlock;
3128 }
3129
3130 /* If no side requires MITM protection; auto-accept */
3131 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3132 (!rem_mitm || conn->io_capability == 0x03)) {
55bc1a37
JH		 3133
3134 /* If we're not the initiators request authorization to
3135 * proceed from user space (mgmt_user_confirm with
3136 * confirm_hint set to 1). */
51a8efd7 3137 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
55bc1a37
JH		 3138 BT_DBG("Confirming auto-accept as acceptor");
3139 confirm_hint = 1;
3140 goto confirm;
3141 }
3142
9f61656a
JH		 3143 BT_DBG("Auto-accept of user confirmation with %ums delay",
3144 hdev->auto_accept_delay);
3145
3146 if (hdev->auto_accept_delay > 0) {
3147 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3148 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3149 goto unlock;
3150 }
3151
7a828908
JH		 3152 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3153 sizeof(ev->bdaddr), &ev->bdaddr);
3154 goto unlock;
3155 }
3156
55bc1a37 3157confirm:
272d90df 3158 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
04124681 3159 confirm_hint);
7a828908
JH		 3160
3161unlock:
a5c29683
JH		 3162 hci_dev_unlock(hdev);
3163}
3164
1143d458
BG		 3165static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3166 struct sk_buff *skb)
3167{
3168 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3169
3170 BT_DBG("%s", hdev->name);
3171
3172 hci_dev_lock(hdev);
3173
a8b2d5c2 3174 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3175 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3176
3177 hci_dev_unlock(hdev);
3178}
3179
0493684e
MH		 3180static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3181{
3182 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3183 struct hci_conn *conn;
3184
3185 BT_DBG("%s", hdev->name);
3186
3187 hci_dev_lock(hdev);
3188
3189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3190 if (!conn)
3191 goto unlock;
3192
3193 /* To avoid duplicate auth_failed events to user space we check
3194 * the HCI_CONN_AUTH_PEND flag which will be set if we
3195 * initiated the authentication. A traditional auth_complete
3196 * event gets always produced as initiator and is also mapped to
3197 * the mgmt_auth_failed event */
51a8efd7 3198 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
bab73cb6 3199 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3200 ev->status);
0493684e 3201
2a611692
JH		 3202 hci_conn_put(conn);
3203
3204unlock:
0493684e
MH		 3205 hci_dev_unlock(hdev);
3206}
3207
41a96212
MH		 3208static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3209{
3210 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3211 struct inquiry_entry *ie;
3212
3213 BT_DBG("%s", hdev->name);
3214
3215 hci_dev_lock(hdev);
3216
cc11b9c1
AE		 3217 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3218 if (ie)
02b7cc62 3219 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3220
3221 hci_dev_unlock(hdev);
3222}
3223
2763eda6 3224static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
04124681 3225 struct sk_buff *skb)
2763eda6
SJ		 3226{
3227 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3228 struct oob_data *data;
3229
3230 BT_DBG("%s", hdev->name);
3231
3232 hci_dev_lock(hdev);
3233
a8b2d5c2 3234 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3235 goto unlock;
3236
2763eda6
SJ		 3237 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3238 if (data) {
3239 struct hci_cp_remote_oob_data_reply cp;
3240
3241 bacpy(&cp.bdaddr, &ev->bdaddr);
3242 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3243 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3244
3245 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3246 &cp);
3247 } else {
3248 struct hci_cp_remote_oob_data_neg_reply cp;
3249
3250 bacpy(&cp.bdaddr, &ev->bdaddr);
3251 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3252 &cp);
3253 }
3254
e1ba1f15 3255unlock:
2763eda6
SJ		 3256 hci_dev_unlock(hdev);
3257}
3258
fcd89c09
VT		 3259static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3260{
3261 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3262 struct hci_conn *conn;
3263
3264 BT_DBG("%s status %d", hdev->name, ev->status);
3265
3266 hci_dev_lock(hdev);
3267
3268 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
b62f328b
VT		 3269 if (!conn) {
3270 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3271 if (!conn) {
3272 BT_ERR("No memory for new connection");
3273 hci_dev_unlock(hdev);
3274 return;
3275 }
29b7988a
AG		 3276
3277 conn->dst_type = ev->bdaddr_type;
b62f328b 3278 }
fcd89c09
VT		 3279
3280 if (ev->status) {
48264f06
JH		 3281 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3282 conn->dst_type, ev->status);
fcd89c09
VT		 3283 hci_proto_connect_cfm(conn, ev->status);
3284 conn->state = BT_CLOSED;
3285 hci_conn_del(conn);
3286 goto unlock;
3287 }
3288
b644ba33
JH		 3289 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3290 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
04124681 3291 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 3292
7b5c0d52 3293 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 3294 conn->handle = __le16_to_cpu(ev->handle);
3295 conn->state = BT_CONNECTED;
3296
3297 hci_conn_hold_device(conn);
3298 hci_conn_add_sysfs(conn);
3299
3300 hci_proto_connect_cfm(conn, ev->status);
3301
3302unlock:
3303 hci_dev_unlock(hdev);
3304}
3305
9aa04c91
AG		 3306static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3307 struct sk_buff *skb)
3308{
e95beb41
AG		 3309 u8 num_reports = skb->data[0];
3310 void *ptr = &skb->data[1];
3c9e9195 3311 s8 rssi;
9aa04c91
AG		 3312
3313 hci_dev_lock(hdev);
3314
e95beb41
AG		 3315 while (num_reports--) {
3316 struct hci_ev_le_advertising_info *ev = ptr;
9aa04c91 3317
9aa04c91 3318 hci_add_adv_entry(hdev, ev);
e95beb41 3319
3c9e9195
AG		 3320 rssi = ev->data[ev->length];
3321 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
04124681 3322 NULL, rssi, 0, 1, ev->data, ev->length);
3c9e9195 3323
e95beb41 3324 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91
AG		 3325 }
3326
3327 hci_dev_unlock(hdev);
3328}
3329
a7a595f6
VCG		 3330static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3331 struct sk_buff *skb)
3332{
3333 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3334 struct hci_cp_le_ltk_reply cp;
bea710fe 3335 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 3336 struct hci_conn *conn;
c9839a11 3337 struct smp_ltk *ltk;
a7a595f6
VCG		 3338
3339 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3340
3341 hci_dev_lock(hdev);
3342
3343 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 3344 if (conn == NULL)
3345 goto not_found;
a7a595f6 3346
bea710fe
VCG		 3347 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3348 if (ltk == NULL)
3349 goto not_found;
3350
3351 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 3352 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 3353
3354 if (ltk->authenticated)
3355 conn->sec_level = BT_SECURITY_HIGH;
a7a595f6
VCG		 3356
3357 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3358
c9839a11
VCG		 3359 if (ltk->type & HCI_SMP_STK) {
3360 list_del(&ltk->list);
3361 kfree(ltk);
3362 }
3363
a7a595f6 3364 hci_dev_unlock(hdev);
bea710fe
VCG		 3365
3366 return;
3367
3368not_found:
3369 neg.handle = ev->handle;
3370 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3371 hci_dev_unlock(hdev);
a7a595f6
VCG		 3372}
3373
fcd89c09
VT		 3374static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3375{
3376 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3377
3378 skb_pull(skb, sizeof(*le_ev));
3379
3380 switch (le_ev->subevent) {
3381 case HCI_EV_LE_CONN_COMPLETE:
3382 hci_le_conn_complete_evt(hdev, skb);
3383 break;
3384
9aa04c91
AG		 3385 case HCI_EV_LE_ADVERTISING_REPORT:
3386 hci_le_adv_report_evt(hdev, skb);
3387 break;
3388
a7a595f6
VCG		 3389 case HCI_EV_LE_LTK_REQ:
3390 hci_le_ltk_request_evt(hdev, skb);
3391 break;
3392
fcd89c09
VT		 3393 default:
3394 break;
3395 }
3396}
3397
a9de9248
MH		 3398void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3399{
3400 struct hci_event_hdr *hdr = (void *) skb->data;
3401 __u8 event = hdr->evt;
3402
3403 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3404
3405 switch (event) {
1da177e4
LT		 3406 case HCI_EV_INQUIRY_COMPLETE:
3407 hci_inquiry_complete_evt(hdev, skb);
3408 break;
3409
3410 case HCI_EV_INQUIRY_RESULT:
3411 hci_inquiry_result_evt(hdev, skb);
3412 break;
3413
a9de9248
MH		 3414 case HCI_EV_CONN_COMPLETE:
3415 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 3416 break;
3417
1da177e4
LT		 3418 case HCI_EV_CONN_REQUEST:
3419 hci_conn_request_evt(hdev, skb);
3420 break;
3421
1da177e4
LT		 3422 case HCI_EV_DISCONN_COMPLETE:
3423 hci_disconn_complete_evt(hdev, skb);
3424 break;
3425
1da177e4
LT		 3426 case HCI_EV_AUTH_COMPLETE:
3427 hci_auth_complete_evt(hdev, skb);
3428 break;
3429
a9de9248
MH		 3430 case HCI_EV_REMOTE_NAME:
3431 hci_remote_name_evt(hdev, skb);
3432 break;
3433
1da177e4
LT		 3434 case HCI_EV_ENCRYPT_CHANGE:
3435 hci_encrypt_change_evt(hdev, skb);
3436 break;
3437
a9de9248
MH		 3438 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3439 hci_change_link_key_complete_evt(hdev, skb);
3440 break;
3441
3442 case HCI_EV_REMOTE_FEATURES:
3443 hci_remote_features_evt(hdev, skb);
3444 break;
3445
3446 case HCI_EV_REMOTE_VERSION:
3447 hci_remote_version_evt(hdev, skb);
3448 break;
3449
3450 case HCI_EV_QOS_SETUP_COMPLETE:
3451 hci_qos_setup_complete_evt(hdev, skb);
3452 break;
3453
3454 case HCI_EV_CMD_COMPLETE:
3455 hci_cmd_complete_evt(hdev, skb);
3456 break;
3457
3458 case HCI_EV_CMD_STATUS:
3459 hci_cmd_status_evt(hdev, skb);
3460 break;
3461
3462 case HCI_EV_ROLE_CHANGE:
3463 hci_role_change_evt(hdev, skb);
3464 break;
3465
3466 case HCI_EV_NUM_COMP_PKTS:
3467 hci_num_comp_pkts_evt(hdev, skb);
3468 break;
3469
3470 case HCI_EV_MODE_CHANGE:
3471 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 3472 break;
3473
3474 case HCI_EV_PIN_CODE_REQ:
3475 hci_pin_code_request_evt(hdev, skb);
3476 break;
3477
3478 case HCI_EV_LINK_KEY_REQ:
3479 hci_link_key_request_evt(hdev, skb);
3480 break;
3481
3482 case HCI_EV_LINK_KEY_NOTIFY:
3483 hci_link_key_notify_evt(hdev, skb);
3484 break;
3485
3486 case HCI_EV_CLOCK_OFFSET:
3487 hci_clock_offset_evt(hdev, skb);
3488 break;
3489
a8746417
MH		 3490 case HCI_EV_PKT_TYPE_CHANGE:
3491 hci_pkt_type_change_evt(hdev, skb);
3492 break;
3493
85a1e930
MH		 3494 case HCI_EV_PSCAN_REP_MODE:
3495 hci_pscan_rep_mode_evt(hdev, skb);
3496 break;
3497
a9de9248
MH		 3498 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3499 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 3500 break;
3501
a9de9248
MH		 3502 case HCI_EV_REMOTE_EXT_FEATURES:
3503 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 3504 break;
3505
a9de9248
MH		 3506 case HCI_EV_SYNC_CONN_COMPLETE:
3507 hci_sync_conn_complete_evt(hdev, skb);
3508 break;
1da177e4 3509
a9de9248
MH		 3510 case HCI_EV_SYNC_CONN_CHANGED:
3511 hci_sync_conn_changed_evt(hdev, skb);
3512 break;
1da177e4 3513
a9de9248
MH		 3514 case HCI_EV_SNIFF_SUBRATE:
3515 hci_sniff_subrate_evt(hdev, skb);
3516 break;
1da177e4 3517
a9de9248
MH		 3518 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3519 hci_extended_inquiry_result_evt(hdev, skb);
3520 break;
1da177e4 3521
0493684e
MH		 3522 case HCI_EV_IO_CAPA_REQUEST:
3523 hci_io_capa_request_evt(hdev, skb);
3524 break;
3525
03b555e1
JH		 3526 case HCI_EV_IO_CAPA_REPLY:
3527 hci_io_capa_reply_evt(hdev, skb);
3528 break;
3529
a5c29683
JH		 3530 case HCI_EV_USER_CONFIRM_REQUEST:
3531 hci_user_confirm_request_evt(hdev, skb);
3532 break;
3533
1143d458
BG		 3534 case HCI_EV_USER_PASSKEY_REQUEST:
3535 hci_user_passkey_request_evt(hdev, skb);
3536 break;
3537
0493684e
MH		 3538 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3539 hci_simple_pair_complete_evt(hdev, skb);
3540 break;
3541
41a96212
MH		 3542 case HCI_EV_REMOTE_HOST_FEATURES:
3543 hci_remote_host_features_evt(hdev, skb);
3544 break;
3545
fcd89c09
VT		 3546 case HCI_EV_LE_META:
3547 hci_le_meta_evt(hdev, skb);
3548 break;
3549
2763eda6
SJ		 3550 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3551 hci_remote_oob_data_request_evt(hdev, skb);
3552 break;
3553
25e89e99
AE		 3554 case HCI_EV_NUM_COMP_BLOCKS:
3555 hci_num_comp_blocks_evt(hdev, skb);
3556 break;
3557
a9de9248
MH		 3558 default:
3559 BT_DBG("%s event 0x%x", hdev->name, event);
1da177e4
LT		 3560 break;
3561 }
3562
3563 kfree_skb(skb);
3564 hdev->stat.evt_rx++;
3565}
Linux kernel - Deliverables
This page took 1.210829 seconds and 5 git commands to generate.