1 files changed, 148 insertions, 56 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index bfef5bae0b3a..38100170d380 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -39,7 +39,7 @@
 #include <net/sock.h>
 #include <asm/system.h>
-#include <asm/uaccess.h>
+#include <linux/uaccess.h>
 #include <asm/unaligned.h>
 #include <net/bluetooth/bluetooth.h>
@@ -58,7 +58,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
        clear_bit(HCI_INQUIRY, &hdev->flags);
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
        hci_conn_check_pending(hdev);
 }
@@ -174,7 +174,7 @@ static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *s
        if (!status)
                hdev->link_policy = get_unaligned_le16(sent);
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
 }
 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
@@ -183,7 +183,7 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
        BT_DBG("%s status 0x%x", hdev->name, status);
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_RESET, status);
 }
 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -235,7 +235,7 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
                        clear_bit(HCI_AUTH, &hdev->flags);
        }
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
 }
 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -258,7 +258,7 @@ static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
                        clear_bit(HCI_ENCRYPT, &hdev->flags);
        }
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
 }
 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
@@ -285,7 +285,7 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
                        set_bit(HCI_PSCAN, &hdev->flags);
        }
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
 }
 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
@@ -383,7 +383,7 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
        BT_DBG("%s status 0x%x", hdev->name, status);
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
 }
 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -536,7 +536,16 @@ static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
        if (!rp->status)
                bacpy(&hdev->bdaddr, &rp->bdaddr);
-        hci_req_complete(hdev, rp->status);
+        hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
+}
+static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
+{
+        __u8 status = *((__u8 *) skb->data);
+        BT_DBG("%s status 0x%x", hdev->name, status);
+        hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
 }
 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
@@ -544,7 +553,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
        BT_DBG("%s status 0x%x", hdev->name, status);
        if (status) {
-                hci_req_complete(hdev, status);
+                hci_req_complete(hdev, HCI_OP_INQUIRY, status);
                hci_conn_check_pending(hdev);
        } else
@@ -677,9 +686,50 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
        hci_dev_unlock(hdev);
 }
+static int hci_outgoing_auth_needed(struct hci_dev *hdev,
+                                                struct hci_conn *conn)
+{
+        if (conn->state != BT_CONFIG || !conn->out)
+                return 0;
+        if (conn->sec_level == BT_SECURITY_SDP)
+                return 0;
+        /* Only request authentication for SSP connections or non-SSP
+         * devices with sec_level HIGH */
+        if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
+                                        conn->sec_level != BT_SECURITY_HIGH)
+                return 0;
+        return 1;
+}
 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
 {
+        struct hci_cp_remote_name_req *cp;
+        struct hci_conn *conn;
        BT_DBG("%s status 0x%x", hdev->name, status);
+        /* If successful wait for the name req complete event before
+         * checking for the need to do authentication */
+        if (!status)
+                return;
+        cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
+        if (!cp)
+                return;
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
+        if (conn && hci_outgoing_auth_needed(hdev, conn)) {
+                struct hci_cp_auth_requested cp;
+                cp.handle = __cpu_to_le16(conn->handle);
+                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
+        }
+        hci_dev_unlock(hdev);
 }
 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
@@ -830,7 +880,7 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
        clear_bit(HCI_INQUIRY, &hdev->flags);
-        hci_req_complete(hdev, status);
+        hci_req_complete(hdev, HCI_OP_INQUIRY, status);
        hci_conn_check_pending(hdev);
 }
@@ -955,12 +1005,14 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
                hci_dev_lock(hdev);
-                if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
+                ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
+                if (ie)
                        memcpy(ie->data.dev_class, ev->dev_class, 3);
                conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
                if (!conn) {
-                        if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
+                        conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
+                        if (!conn) {
                                BT_ERR("No memory for new connection");
                                hci_dev_unlock(hdev);
                                return;
@@ -1090,9 +1142,23 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
+        struct hci_ev_remote_name *ev = (void *) skb->data;
+        struct hci_conn *conn;
        BT_DBG("%s", hdev->name);
        hci_conn_check_pending(hdev);
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
+        if (conn && hci_outgoing_auth_needed(hdev, conn)) {
+                struct hci_cp_auth_requested cp;
+                cp.handle = __cpu_to_le16(conn->handle);
+                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
+        }
+        hci_dev_unlock(hdev);
 }
 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1162,27 +1228,39 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
        hci_dev_lock(hdev);
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
-        if (conn) {
+        if (!conn)
-                if (!ev->status)
+                goto unlock;
-                        memcpy(conn->features, ev->features, 8);
-                if (conn->state == BT_CONFIG) {
+        if (!ev->status)
-                        if (!ev->status && lmp_ssp_capable(hdev) &&
+                memcpy(conn->features, ev->features, 8);
-                                                lmp_ssp_capable(conn)) {
-                                struct hci_cp_read_remote_ext_features cp;
+        if (conn->state != BT_CONFIG)
-                                cp.handle = ev->handle;
+                goto unlock;
-                                cp.page = 0x01;
-                                hci_send_cmd(hdev,
+        if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
-                                        HCI_OP_READ_REMOTE_EXT_FEATURES,
+                struct hci_cp_read_remote_ext_features cp;
+                cp.handle = ev->handle;
+                cp.page = 0x01;
+                hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
                                                        sizeof(cp), &cp);
-                        } else {
+                goto unlock;
-                                conn->state = BT_CONNECTED;
+        }
-                                hci_proto_connect_cfm(conn, ev->status);
-                                hci_conn_put(conn);
+        if (!ev->status) {
-                        }
+                struct hci_cp_remote_name_req cp;
-                }
+                memset(&cp, 0, sizeof(cp));
+                bacpy(&cp.bdaddr, &conn->dst);
+                cp.pscan_rep_mode = 0x02;
+                hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
+        }
+        if (!hci_outgoing_auth_needed(hdev, conn)) {
+                conn->state = BT_CONNECTED;
+                hci_proto_connect_cfm(conn, ev->status);
+                hci_conn_put(conn);
        }
+unlock:
        hci_dev_unlock(hdev);
 }
@@ -1310,6 +1388,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
                hci_cc_read_bd_addr(hdev, skb);
                break;
+        case HCI_OP_WRITE_CA_TIMEOUT:
+                hci_cc_write_ca_timeout(hdev, skb);
+                break;
        default:
                BT_DBG("%s opcode 0x%x", hdev->name, opcode);
                break;
@@ -1443,10 +1525,12 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
                        conn->sent -= count;
                        if (conn->type == ACL_LINK) {
-                                if ((hdev->acl_cnt += count) > hdev->acl_pkts)
+                                hdev->acl_cnt += count;
+                                if (hdev->acl_cnt > hdev->acl_pkts)
                                        hdev->acl_cnt = hdev->acl_pkts;
                        } else {
-                                if ((hdev->sco_cnt += count) > hdev->sco_pkts)
+                                hdev->sco_cnt += count;
+                                if (hdev->sco_cnt > hdev->sco_pkts)
                                        hdev->sco_cnt = hdev->sco_pkts;
                        }
                }
@@ -1541,7 +1625,8 @@ static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *sk
        if (conn && !ev->status) {
                struct inquiry_entry *ie;
-                if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
+                ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
+                if (ie) {
                        ie->data.clock_offset = ev->clock_offset;
                        ie->timestamp = jiffies;
                }
@@ -1575,7 +1660,8 @@ static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *
        hci_dev_lock(hdev);
-        if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
+        ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
+        if (ie) {
                ie->data.pscan_rep_mode = ev->pscan_rep_mode;
                ie->timestamp = jiffies;
        }
@@ -1640,32 +1726,37 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
        hci_dev_lock(hdev);
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
-        if (conn) {
+        if (!conn)
-                if (!ev->status && ev->page == 0x01) {
+                goto unlock;
-                        struct inquiry_entry *ie;
-                        if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
+        if (!ev->status && ev->page == 0x01) {
-                                ie->data.ssp_mode = (ev->features[0] & 0x01);
+                struct inquiry_entry *ie;
-                        conn->ssp_mode = (ev->features[0] & 0x01);
+                ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
-                }
+                if (ie)
+                        ie->data.ssp_mode = (ev->features[0] & 0x01);
-                if (conn->state == BT_CONFIG) {
+                conn->ssp_mode = (ev->features[0] & 0x01);
-                        if (!ev->status && hdev->ssp_mode > 0 &&
-                                        conn->ssp_mode > 0 && conn->out &&
-                                        conn->sec_level != BT_SECURITY_SDP) {
-                                struct hci_cp_auth_requested cp;
-                                cp.handle = ev->handle;
-                                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
-                                                        sizeof(cp), &cp);
-                        } else {
-                                conn->state = BT_CONNECTED;
-                                hci_proto_connect_cfm(conn, ev->status);
-                                hci_conn_put(conn);
-                        }
-                }
        }
+        if (conn->state != BT_CONFIG)
+                goto unlock;
+        if (!ev->status) {
+                struct hci_cp_remote_name_req cp;
+                memset(&cp, 0, sizeof(cp));
+                bacpy(&cp.bdaddr, &conn->dst);
+                cp.pscan_rep_mode = 0x02;
+                hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
+        }
+        if (!hci_outgoing_auth_needed(hdev, conn)) {
+                conn->state = BT_CONNECTED;
+                hci_proto_connect_cfm(conn, ev->status);
+                hci_conn_put(conn);
+        }
+unlock:
        hci_dev_unlock(hdev);
 }
@@ -1815,7 +1906,8 @@ static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_
        hci_dev_lock(hdev);
-        if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
+        ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
+        if (ie)
                ie->data.ssp_mode = (ev->features[0] & 0x01);
        hci_dev_unlock(hdev);

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index bfef5bae0b3a..38100170d380 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -39,7 +39,7 @@
39	#include <net/sock.h>	39	#include <net/sock.h>
40		40
41	#include <asm/system.h>	41	#include <asm/system.h>
42	#include <asm/uaccess.h>	42	#include <linux/uaccess.h>
43	#include <asm/unaligned.h>	43	#include <asm/unaligned.h>
44		44
45	#include <net/bluetooth/bluetooth.h>	45	#include <net/bluetooth/bluetooth.h>
@@ -58,7 +58,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev hdev, struct sk_buff skb)
58		58
59	clear_bit(HCI_INQUIRY, &hdev->flags);	59	clear_bit(HCI_INQUIRY, &hdev->flags);
60		60
61	hci_req_complete(hdev, status);	61	hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
62		62
63	hci_conn_check_pending(hdev);	63	hci_conn_check_pending(hdev);
64	}	64	}
@@ -174,7 +174,7 @@ static void hci_cc_write_def_link_policy(struct hci_dev hdev, struct sk_buff s
174	if (!status)	174	if (!status)
175	hdev->link_policy = get_unaligned_le16(sent);	175	hdev->link_policy = get_unaligned_le16(sent);
176		176
177	hci_req_complete(hdev, status);	177	hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
178	}	178	}
179		179
180	static void hci_cc_reset(struct hci_dev hdev, struct sk_buff skb)	180	static void hci_cc_reset(struct hci_dev hdev, struct sk_buff skb)
@@ -183,7 +183,7 @@ static void hci_cc_reset(struct hci_dev hdev, struct sk_buff skb)
183		183
184	BT_DBG("%s status 0x%x", hdev->name, status);	184	BT_DBG("%s status 0x%x", hdev->name, status);
185		185
186	hci_req_complete(hdev, status);	186	hci_req_complete(hdev, HCI_OP_RESET, status);
187	}	187	}
188		188
189	static void hci_cc_write_local_name(struct hci_dev hdev, struct sk_buff skb)	189	static void hci_cc_write_local_name(struct hci_dev hdev, struct sk_buff skb)
@@ -235,7 +235,7 @@ static void hci_cc_write_auth_enable(struct hci_dev hdev, struct sk_buff skb)
235	clear_bit(HCI_AUTH, &hdev->flags);	235	clear_bit(HCI_AUTH, &hdev->flags);
236	}	236	}
237		237
238	hci_req_complete(hdev, status);	238	hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
239	}	239	}
240		240
241	static void hci_cc_write_encrypt_mode(struct hci_dev hdev, struct sk_buff skb)	241	static void hci_cc_write_encrypt_mode(struct hci_dev hdev, struct sk_buff skb)
@@ -258,7 +258,7 @@ static void hci_cc_write_encrypt_mode(struct hci_dev hdev, struct sk_buff skb)
258	clear_bit(HCI_ENCRYPT, &hdev->flags);	258	clear_bit(HCI_ENCRYPT, &hdev->flags);
259	}	259	}
260		260
261	hci_req_complete(hdev, status);	261	hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
262	}	262	}
263		263
264	static void hci_cc_write_scan_enable(struct hci_dev hdev, struct sk_buff skb)	264	static void hci_cc_write_scan_enable(struct hci_dev hdev, struct sk_buff skb)
@@ -285,7 +285,7 @@ static void hci_cc_write_scan_enable(struct hci_dev hdev, struct sk_buff skb)
285	set_bit(HCI_PSCAN, &hdev->flags);	285	set_bit(HCI_PSCAN, &hdev->flags);
286	}	286	}
287		287
288	hci_req_complete(hdev, status);	288	hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
289	}	289	}
290		290
291	static void hci_cc_read_class_of_dev(struct hci_dev hdev, struct sk_buff skb)	291	static void hci_cc_read_class_of_dev(struct hci_dev hdev, struct sk_buff skb)
@@ -383,7 +383,7 @@ static void hci_cc_host_buffer_size(struct hci_dev hdev, struct sk_buff skb)
383		383
384	BT_DBG("%s status 0x%x", hdev->name, status);	384	BT_DBG("%s status 0x%x", hdev->name, status);
385		385
386	hci_req_complete(hdev, status);	386	hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
387	}	387	}
388		388
389	static void hci_cc_read_ssp_mode(struct hci_dev hdev, struct sk_buff skb)	389	static void hci_cc_read_ssp_mode(struct hci_dev hdev, struct sk_buff skb)
@@ -536,7 +536,16 @@ static void hci_cc_read_bd_addr(struct hci_dev hdev, struct sk_buff skb)
536	if (!rp->status)	536	if (!rp->status)
537	bacpy(&hdev->bdaddr, &rp->bdaddr);	537	bacpy(&hdev->bdaddr, &rp->bdaddr);
538		538
539	hci_req_complete(hdev, rp->status);	539	hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
		540	}
		541
		542	static void hci_cc_write_ca_timeout(struct hci_dev hdev, struct sk_buff skb)
		543	{
		544	__u8 status = ((__u8 ) skb->data);
		545
		546	BT_DBG("%s status 0x%x", hdev->name, status);
		547
		548	hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
540	}	549	}
541		550
542	static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)	551	static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
@@ -544,7 +553,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
544	BT_DBG("%s status 0x%x", hdev->name, status);	553	BT_DBG("%s status 0x%x", hdev->name, status);
545		554
546	if (status) {	555	if (status) {
547	hci_req_complete(hdev, status);	556	hci_req_complete(hdev, HCI_OP_INQUIRY, status);
548		557
549	hci_conn_check_pending(hdev);	558	hci_conn_check_pending(hdev);
550	} else	559	} else
@@ -677,9 +686,50 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
677	hci_dev_unlock(hdev);	686	hci_dev_unlock(hdev);
678	}	687	}
679		688
		689	static int hci_outgoing_auth_needed(struct hci_dev *hdev,
		690	struct hci_conn *conn)
		691	{
		692	if (conn->state != BT_CONFIG \|\| !conn->out)
		693	return 0;
		694
		695	if (conn->sec_level == BT_SECURITY_SDP)
		696	return 0;
		697
		698	/* Only request authentication for SSP connections or non-SSP
		699	* devices with sec_level HIGH */
		700	if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
		701	conn->sec_level != BT_SECURITY_HIGH)
		702	return 0;
		703
		704	return 1;
		705	}
		706
680	static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)	707	static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
681	{	708	{
		709	struct hci_cp_remote_name_req *cp;
		710	struct hci_conn *conn;
		711
682	BT_DBG("%s status 0x%x", hdev->name, status);	712	BT_DBG("%s status 0x%x", hdev->name, status);
		713
		714	/* If successful wait for the name req complete event before
		715	* checking for the need to do authentication */
		716	if (!status)
		717	return;
		718
		719	cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
		720	if (!cp)
		721	return;
		722
		723	hci_dev_lock(hdev);
		724
		725	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
		726	if (conn && hci_outgoing_auth_needed(hdev, conn)) {
		727	struct hci_cp_auth_requested cp;
		728	cp.handle = __cpu_to_le16(conn->handle);
		729	hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
		730	}
		731
		732	hci_dev_unlock(hdev);
683	}	733	}
684		734
685	static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)	735	static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
@@ -830,7 +880,7 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
830		880
831	clear_bit(HCI_INQUIRY, &hdev->flags);	881	clear_bit(HCI_INQUIRY, &hdev->flags);
832		882
833	hci_req_complete(hdev, status);	883	hci_req_complete(hdev, HCI_OP_INQUIRY, status);
834		884
835	hci_conn_check_pending(hdev);	885	hci_conn_check_pending(hdev);
836	}	886	}
@@ -955,12 +1005,14 @@ static inline void hci_conn_request_evt(struct hci_dev hdev, struct sk_buff sk
955		1005
956	hci_dev_lock(hdev);	1006	hci_dev_lock(hdev);
957		1007
958	if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))	1008	ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
		1009	if (ie)
959	memcpy(ie->data.dev_class, ev->dev_class, 3);	1010	memcpy(ie->data.dev_class, ev->dev_class, 3);
960		1011
961	conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);	1012	conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
962	if (!conn) {	1013	if (!conn) {
963	if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {	1014	conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
		1015	if (!conn) {
964	BT_ERR("No memory for new connection");	1016	BT_ERR("No memory for new connection");
965	hci_dev_unlock(hdev);	1017	hci_dev_unlock(hdev);
966	return;	1018	return;
@@ -1090,9 +1142,23 @@ static inline void hci_auth_complete_evt(struct hci_dev hdev, struct sk_buff s
1090		1142
1091	static inline void hci_remote_name_evt(struct hci_dev hdev, struct sk_buff skb)	1143	static inline void hci_remote_name_evt(struct hci_dev hdev, struct sk_buff skb)
1092	{	1144	{
		1145	struct hci_ev_remote_name ev = (void ) skb->data;
		1146	struct hci_conn *conn;
		1147
1093	BT_DBG("%s", hdev->name);	1148	BT_DBG("%s", hdev->name);
1094		1149
1095	hci_conn_check_pending(hdev);	1150	hci_conn_check_pending(hdev);
		1151
		1152	hci_dev_lock(hdev);
		1153
		1154	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
		1155	if (conn && hci_outgoing_auth_needed(hdev, conn)) {
		1156	struct hci_cp_auth_requested cp;
		1157	cp.handle = __cpu_to_le16(conn->handle);
		1158	hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
		1159	}
		1160
		1161	hci_dev_unlock(hdev);
1096	}	1162	}
1097		1163
1098	static inline void hci_encrypt_change_evt(struct hci_dev hdev, struct sk_buff skb)	1164	static inline void hci_encrypt_change_evt(struct hci_dev hdev, struct sk_buff skb)
@@ -1162,27 +1228,39 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
1162	hci_dev_lock(hdev);	1228	hci_dev_lock(hdev);
1163		1229
1164	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));	1230	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1165	if (conn) {	1231	if (!conn)
1166	if (!ev->status)	1232	goto unlock;
1167	memcpy(conn->features, ev->features, 8);
1168		1233
1169	if (conn->state == BT_CONFIG) {	1234	if (!ev->status)
1170	if (!ev->status && lmp_ssp_capable(hdev) &&	1235	memcpy(conn->features, ev->features, 8);
1171	lmp_ssp_capable(conn)) {	1236
1172	struct hci_cp_read_remote_ext_features cp;	1237	if (conn->state != BT_CONFIG)
1173	cp.handle = ev->handle;	1238	goto unlock;
1174	cp.page = 0x01;	1239
1175	hci_send_cmd(hdev,	1240	if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1176	HCI_OP_READ_REMOTE_EXT_FEATURES,	1241	struct hci_cp_read_remote_ext_features cp;
		1242	cp.handle = ev->handle;
		1243	cp.page = 0x01;
		1244	hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1177	sizeof(cp), &cp);	1245	sizeof(cp), &cp);
1178	} else {	1246	goto unlock;
1179	conn->state = BT_CONNECTED;	1247	}
1180	hci_proto_connect_cfm(conn, ev->status);	1248
1181	hci_conn_put(conn);	1249	if (!ev->status) {
1182	}	1250	struct hci_cp_remote_name_req cp;
1183	}	1251	memset(&cp, 0, sizeof(cp));
		1252	bacpy(&cp.bdaddr, &conn->dst);
		1253	cp.pscan_rep_mode = 0x02;
		1254	hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
		1255	}
		1256
		1257	if (!hci_outgoing_auth_needed(hdev, conn)) {
		1258	conn->state = BT_CONNECTED;
		1259	hci_proto_connect_cfm(conn, ev->status);
		1260	hci_conn_put(conn);
1184	}	1261	}
1185		1262
		1263	unlock:
1186	hci_dev_unlock(hdev);	1264	hci_dev_unlock(hdev);
1187	}	1265	}
1188		1266
@@ -1310,6 +1388,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev hdev, struct sk_buff sk
1310	hci_cc_read_bd_addr(hdev, skb);	1388	hci_cc_read_bd_addr(hdev, skb);
1311	break;	1389	break;
1312		1390
		1391	case HCI_OP_WRITE_CA_TIMEOUT:
		1392	hci_cc_write_ca_timeout(hdev, skb);
		1393	break;
		1394
1313	default:	1395	default:
1314	BT_DBG("%s opcode 0x%x", hdev->name, opcode);	1396	BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1315	break;	1397	break;
@@ -1443,10 +1525,12 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev hdev, struct sk_buff s
1443	conn->sent -= count;	1525	conn->sent -= count;
1444		1526
1445	if (conn->type == ACL_LINK) {	1527	if (conn->type == ACL_LINK) {
1446	if ((hdev->acl_cnt += count) > hdev->acl_pkts)	1528	hdev->acl_cnt += count;
		1529	if (hdev->acl_cnt > hdev->acl_pkts)
1447	hdev->acl_cnt = hdev->acl_pkts;	1530	hdev->acl_cnt = hdev->acl_pkts;
1448	} else {	1531	} else {
1449	if ((hdev->sco_cnt += count) > hdev->sco_pkts)	1532	hdev->sco_cnt += count;
		1533	if (hdev->sco_cnt > hdev->sco_pkts)
1450	hdev->sco_cnt = hdev->sco_pkts;	1534	hdev->sco_cnt = hdev->sco_pkts;
1451	}	1535	}
1452	}	1536	}
@@ -1541,7 +1625,8 @@ static inline void hci_clock_offset_evt(struct hci_dev hdev, struct sk_buff sk
1541	if (conn && !ev->status) {	1625	if (conn && !ev->status) {
1542	struct inquiry_entry *ie;	1626	struct inquiry_entry *ie;
1543		1627
1544	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {	1628	ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
		1629	if (ie) {
1545	ie->data.clock_offset = ev->clock_offset;	1630	ie->data.clock_offset = ev->clock_offset;
1546	ie->timestamp = jiffies;	1631	ie->timestamp = jiffies;
1547	}	1632	}
@@ -1575,7 +1660,8 @@ static inline void hci_pscan_rep_mode_evt(struct hci_dev hdev, struct sk_buff
1575		1660
1576	hci_dev_lock(hdev);	1661	hci_dev_lock(hdev);
1577		1662
1578	if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {	1663	ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
		1664	if (ie) {
1579	ie->data.pscan_rep_mode = ev->pscan_rep_mode;	1665	ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1580	ie->timestamp = jiffies;	1666	ie->timestamp = jiffies;
1581	}	1667	}
@@ -1640,32 +1726,37 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
1640	hci_dev_lock(hdev);	1726	hci_dev_lock(hdev);
1641		1727
1642	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));	1728	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1643	if (conn) {	1729	if (!conn)
1644	if (!ev->status && ev->page == 0x01) {	1730	goto unlock;
1645	struct inquiry_entry *ie;
1646		1731
1647	if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))	1732	if (!ev->status && ev->page == 0x01) {
1648	ie->data.ssp_mode = (ev->features[0] & 0x01);	1733	struct inquiry_entry *ie;
1649		1734
1650	conn->ssp_mode = (ev->features[0] & 0x01);	1735	ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
1651	}	1736	if (ie)
		1737	ie->data.ssp_mode = (ev->features[0] & 0x01);
1652		1738
1653	if (conn->state == BT_CONFIG) {	1739	conn->ssp_mode = (ev->features[0] & 0x01);
1654	if (!ev->status && hdev->ssp_mode > 0 &&
1655	conn->ssp_mode > 0 && conn->out &&
1656	conn->sec_level != BT_SECURITY_SDP) {
1657	struct hci_cp_auth_requested cp;
1658	cp.handle = ev->handle;
1659	hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1660	sizeof(cp), &cp);
1661	} else {
1662	conn->state = BT_CONNECTED;
1663	hci_proto_connect_cfm(conn, ev->status);
1664	hci_conn_put(conn);
1665	}
1666	}
1667	}	1740	}
1668		1741
		1742	if (conn->state != BT_CONFIG)
		1743	goto unlock;
		1744
		1745	if (!ev->status) {
		1746	struct hci_cp_remote_name_req cp;
		1747	memset(&cp, 0, sizeof(cp));
		1748	bacpy(&cp.bdaddr, &conn->dst);
		1749	cp.pscan_rep_mode = 0x02;
		1750	hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
		1751	}
		1752
		1753	if (!hci_outgoing_auth_needed(hdev, conn)) {
		1754	conn->state = BT_CONNECTED;
		1755	hci_proto_connect_cfm(conn, ev->status);
		1756	hci_conn_put(conn);
		1757	}
		1758
		1759	unlock:
1669	hci_dev_unlock(hdev);	1760	hci_dev_unlock(hdev);
1670	}	1761	}
1671		1762
@@ -1815,7 +1906,8 @@ static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_
1815		1906
1816	hci_dev_lock(hdev);	1907	hci_dev_lock(hdev);
1817		1908
1818	if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))	1909	ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
		1910	if (ie)
1819	ie->data.ssp_mode = (ev->features[0] & 0x01);	1911	ie->data.ssp_mode = (ev->features[0] & 0x01);
1820		1912
1821	hci_dev_unlock(hdev);	1913	hci_dev_unlock(hdev);