2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 static bool enable_le;
49 /* Handle HCI Event packets */
51 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
53 __u8 status = *((__u8 *) skb->data);
55 BT_DBG("%s status 0x%x", hdev->name, status);
59 mgmt_stop_discovery_failed(hdev, status);
64 clear_bit(HCI_INQUIRY, &hdev->flags);
67 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
70 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
72 hci_conn_check_pending(hdev);
75 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
77 __u8 status = *((__u8 *) skb->data);
79 BT_DBG("%s status 0x%x", hdev->name, status);
84 hci_conn_check_pending(hdev);
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
89 BT_DBG("%s", hdev->name);
92 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94 struct hci_rp_role_discovery *rp = (void *) skb->data;
95 struct hci_conn *conn;
97 BT_DBG("%s status 0x%x", hdev->name, rp->status);
104 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
107 conn->link_mode &= ~HCI_LM_MASTER;
109 conn->link_mode |= HCI_LM_MASTER;
112 hci_dev_unlock(hdev);
115 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117 struct hci_rp_read_link_policy *rp = (void *) skb->data;
118 struct hci_conn *conn;
120 BT_DBG("%s status 0x%x", hdev->name, rp->status);
127 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 conn->link_policy = __le16_to_cpu(rp->policy);
131 hci_dev_unlock(hdev);
134 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 struct hci_rp_write_link_policy *rp = (void *) skb->data;
137 struct hci_conn *conn;
140 BT_DBG("%s status 0x%x", hdev->name, rp->status);
145 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 conn->link_policy = get_unaligned_le16(sent + 2);
155 hci_dev_unlock(hdev);
158 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
172 __u8 status = *((__u8 *) skb->data);
175 BT_DBG("%s status 0x%x", hdev->name, status);
177 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
182 hdev->link_policy = get_unaligned_le16(sent);
184 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
187 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189 __u8 status = *((__u8 *) skb->data);
191 BT_DBG("%s status 0x%x", hdev->name, status);
193 clear_bit(HCI_RESET, &hdev->flags);
195 hci_req_complete(hdev, HCI_OP_RESET, status);
197 /* Reset all flags, except persistent ones */
198 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
199 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
202 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204 __u8 status = *((__u8 *) skb->data);
207 BT_DBG("%s status 0x%x", hdev->name, status);
209 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
216 mgmt_set_local_name_complete(hdev, sent, status);
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
221 hci_dev_unlock(hdev);
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
236 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238 __u8 status = *((__u8 *) skb->data);
241 BT_DBG("%s status 0x%x", hdev->name, status);
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
248 __u8 param = *((__u8 *) sent);
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
253 clear_bit(HCI_AUTH, &hdev->flags);
256 if (test_bit(HCI_MGMT, &hdev->dev_flags))
257 mgmt_auth_enable_complete(hdev, status);
259 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
262 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
264 __u8 status = *((__u8 *) skb->data);
267 BT_DBG("%s status 0x%x", hdev->name, status);
269 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
274 __u8 param = *((__u8 *) sent);
277 set_bit(HCI_ENCRYPT, &hdev->flags);
279 clear_bit(HCI_ENCRYPT, &hdev->flags);
282 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
285 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
287 __u8 param, status = *((__u8 *) skb->data);
288 int old_pscan, old_iscan;
291 BT_DBG("%s status 0x%x", hdev->name, status);
293 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
297 param = *((__u8 *) sent);
302 mgmt_write_scan_failed(hdev, param, status);
303 hdev->discov_timeout = 0;
307 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
308 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
310 if (param & SCAN_INQUIRY) {
311 set_bit(HCI_ISCAN, &hdev->flags);
313 mgmt_discoverable(hdev, 1);
314 if (hdev->discov_timeout > 0) {
315 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
316 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
319 } else if (old_iscan)
320 mgmt_discoverable(hdev, 0);
322 if (param & SCAN_PAGE) {
323 set_bit(HCI_PSCAN, &hdev->flags);
325 mgmt_connectable(hdev, 1);
326 } else if (old_pscan)
327 mgmt_connectable(hdev, 0);
330 hci_dev_unlock(hdev);
331 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338 BT_DBG("%s status 0x%x", hdev->name, rp->status);
343 memcpy(hdev->dev_class, rp->dev_class, 3);
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 __u8 status = *((__u8 *) skb->data);
354 BT_DBG("%s status 0x%x", hdev->name, status);
359 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 memcpy(hdev->dev_class, sent, 3);
366 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
368 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
371 BT_DBG("%s status 0x%x", hdev->name, rp->status);
376 setting = __le16_to_cpu(rp->voice_setting);
378 if (hdev->voice_setting == setting)
381 hdev->voice_setting = setting;
383 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
386 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
389 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
391 __u8 status = *((__u8 *) skb->data);
395 BT_DBG("%s status 0x%x", hdev->name, status);
400 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
404 setting = get_unaligned_le16(sent);
406 if (hdev->voice_setting == setting)
409 hdev->voice_setting = setting;
411 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
414 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
417 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
419 __u8 status = *((__u8 *) skb->data);
421 BT_DBG("%s status 0x%x", hdev->name, status);
423 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
426 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
428 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
430 BT_DBG("%s status 0x%x", hdev->name, rp->status);
436 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
438 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
441 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443 __u8 status = *((__u8 *) skb->data);
446 BT_DBG("%s status 0x%x", hdev->name, status);
451 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
462 mgmt_ssp_enable_complete(hdev, status);
465 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
467 if (hdev->features[6] & LMP_EXT_INQ)
470 if (hdev->features[3] & LMP_RSSI_INQ)
473 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
474 hdev->lmp_subver == 0x0757)
477 if (hdev->manufacturer == 15) {
478 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
480 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
482 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
486 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
487 hdev->lmp_subver == 0x1805)
493 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
497 mode = hci_get_inquiry_mode(hdev);
499 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
502 static void hci_setup_event_mask(struct hci_dev *hdev)
504 /* The second byte is 0xff instead of 0x9f (two reserved bits
505 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
506 * command otherwise */
507 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
509 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
510 * any event mask for pre 1.2 devices */
511 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
514 events[4] |= 0x01; /* Flow Specification Complete */
515 events[4] |= 0x02; /* Inquiry Result with RSSI */
516 events[4] |= 0x04; /* Read Remote Extended Features Complete */
517 events[5] |= 0x08; /* Synchronous Connection Complete */
518 events[5] |= 0x10; /* Synchronous Connection Changed */
520 if (hdev->features[3] & LMP_RSSI_INQ)
521 events[4] |= 0x04; /* Inquiry Result with RSSI */
523 if (hdev->features[5] & LMP_SNIFF_SUBR)
524 events[5] |= 0x20; /* Sniff Subrating */
526 if (hdev->features[5] & LMP_PAUSE_ENC)
527 events[5] |= 0x80; /* Encryption Key Refresh Complete */
529 if (hdev->features[6] & LMP_EXT_INQ)
530 events[5] |= 0x40; /* Extended Inquiry Result */
532 if (hdev->features[6] & LMP_NO_FLUSH)
533 events[7] |= 0x01; /* Enhanced Flush Complete */
535 if (hdev->features[7] & LMP_LSTO)
536 events[6] |= 0x80; /* Link Supervision Timeout Changed */
538 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
539 events[6] |= 0x01; /* IO Capability Request */
540 events[6] |= 0x02; /* IO Capability Response */
541 events[6] |= 0x04; /* User Confirmation Request */
542 events[6] |= 0x08; /* User Passkey Request */
543 events[6] |= 0x10; /* Remote OOB Data Request */
544 events[6] |= 0x20; /* Simple Pairing Complete */
545 events[7] |= 0x04; /* User Passkey Notification */
546 events[7] |= 0x08; /* Keypress Notification */
547 events[7] |= 0x10; /* Remote Host Supported
548 * Features Notification */
551 if (hdev->features[4] & LMP_LE)
552 events[7] |= 0x20; /* LE Meta-Event */
554 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
557 static void hci_set_le_support(struct hci_dev *hdev)
559 struct hci_cp_write_le_host_supported cp;
561 memset(&cp, 0, sizeof(cp));
565 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
568 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
571 static void hci_setup(struct hci_dev *hdev)
573 if (hdev->dev_type != HCI_BREDR)
576 hci_setup_event_mask(hdev);
578 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
581 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
583 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
586 if (hdev->features[3] & LMP_RSSI_INQ)
587 hci_setup_inquiry_mode(hdev);
589 if (hdev->features[7] & LMP_INQ_TX_PWR)
590 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
592 if (hdev->features[7] & LMP_EXTFEATURES) {
593 struct hci_cp_read_local_ext_features cp;
596 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
600 if (hdev->features[4] & LMP_LE)
601 hci_set_le_support(hdev);
604 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_local_version *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%x", hdev->name, rp->status);
613 hdev->hci_ver = rp->hci_ver;
614 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
615 hdev->lmp_ver = rp->lmp_ver;
616 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
617 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
619 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
621 hdev->hci_ver, hdev->hci_rev);
623 if (test_bit(HCI_INIT, &hdev->flags))
627 static void hci_setup_link_policy(struct hci_dev *hdev)
631 if (hdev->features[0] & LMP_RSWITCH)
632 link_policy |= HCI_LP_RSWITCH;
633 if (hdev->features[0] & LMP_HOLD)
634 link_policy |= HCI_LP_HOLD;
635 if (hdev->features[0] & LMP_SNIFF)
636 link_policy |= HCI_LP_SNIFF;
637 if (hdev->features[1] & LMP_PARK)
638 link_policy |= HCI_LP_PARK;
640 link_policy = cpu_to_le16(link_policy);
641 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
642 sizeof(link_policy), &link_policy);
645 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
647 struct hci_rp_read_local_commands *rp = (void *) skb->data;
649 BT_DBG("%s status 0x%x", hdev->name, rp->status);
654 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
656 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
657 hci_setup_link_policy(hdev);
660 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
663 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
665 struct hci_rp_read_local_features *rp = (void *) skb->data;
667 BT_DBG("%s status 0x%x", hdev->name, rp->status);
672 memcpy(hdev->features, rp->features, 8);
674 /* Adjust default settings according to features
675 * supported by device. */
677 if (hdev->features[0] & LMP_3SLOT)
678 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
680 if (hdev->features[0] & LMP_5SLOT)
681 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
683 if (hdev->features[1] & LMP_HV2) {
684 hdev->pkt_type |= (HCI_HV2);
685 hdev->esco_type |= (ESCO_HV2);
688 if (hdev->features[1] & LMP_HV3) {
689 hdev->pkt_type |= (HCI_HV3);
690 hdev->esco_type |= (ESCO_HV3);
693 if (hdev->features[3] & LMP_ESCO)
694 hdev->esco_type |= (ESCO_EV3);
696 if (hdev->features[4] & LMP_EV4)
697 hdev->esco_type |= (ESCO_EV4);
699 if (hdev->features[4] & LMP_EV5)
700 hdev->esco_type |= (ESCO_EV5);
702 if (hdev->features[5] & LMP_EDR_ESCO_2M)
703 hdev->esco_type |= (ESCO_2EV3);
705 if (hdev->features[5] & LMP_EDR_ESCO_3M)
706 hdev->esco_type |= (ESCO_3EV3);
708 if (hdev->features[5] & LMP_EDR_3S_ESCO)
709 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
711 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
712 hdev->features[0], hdev->features[1],
713 hdev->features[2], hdev->features[3],
714 hdev->features[4], hdev->features[5],
715 hdev->features[6], hdev->features[7]);
718 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
721 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
723 BT_DBG("%s status 0x%x", hdev->name, rp->status);
730 memcpy(hdev->features, rp->features, 8);
733 memcpy(hdev->host_features, rp->features, 8);
737 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
740 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
743 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
745 BT_DBG("%s status 0x%x", hdev->name, rp->status);
750 hdev->flow_ctl_mode = rp->mode;
752 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
755 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
757 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
759 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
765 hdev->sco_mtu = rp->sco_mtu;
766 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
767 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
769 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
774 hdev->acl_cnt = hdev->acl_pkts;
775 hdev->sco_cnt = hdev->sco_pkts;
777 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
778 hdev->acl_mtu, hdev->acl_pkts,
779 hdev->sco_mtu, hdev->sco_pkts);
782 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
784 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%x", hdev->name, rp->status);
789 bacpy(&hdev->bdaddr, &rp->bdaddr);
791 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
794 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
797 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
799 BT_DBG("%s status 0x%x", hdev->name, rp->status);
804 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
805 hdev->block_len = __le16_to_cpu(rp->block_len);
806 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
808 hdev->block_cnt = hdev->num_blocks;
810 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
811 hdev->block_cnt, hdev->block_len);
813 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
816 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
818 __u8 status = *((__u8 *) skb->data);
820 BT_DBG("%s status 0x%x", hdev->name, status);
822 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
825 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
828 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
830 BT_DBG("%s status 0x%x", hdev->name, rp->status);
835 hdev->amp_status = rp->amp_status;
836 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
837 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
838 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
839 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
840 hdev->amp_type = rp->amp_type;
841 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
842 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
843 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
844 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
846 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
849 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
852 __u8 status = *((__u8 *) skb->data);
854 BT_DBG("%s status 0x%x", hdev->name, status);
856 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
859 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
861 __u8 status = *((__u8 *) skb->data);
863 BT_DBG("%s status 0x%x", hdev->name, status);
865 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
868 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
871 __u8 status = *((__u8 *) skb->data);
873 BT_DBG("%s status 0x%x", hdev->name, status);
875 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
878 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
881 __u8 status = *((__u8 *) skb->data);
883 BT_DBG("%s status 0x%x", hdev->name, status);
885 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
888 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
890 __u8 status = *((__u8 *) skb->data);
892 BT_DBG("%s status 0x%x", hdev->name, status);
894 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
897 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
899 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
900 struct hci_cp_pin_code_reply *cp;
901 struct hci_conn *conn;
903 BT_DBG("%s status 0x%x", hdev->name, rp->status);
907 if (test_bit(HCI_MGMT, &hdev->dev_flags))
908 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
913 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
917 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
919 conn->pin_length = cp->pin_len;
922 hci_dev_unlock(hdev);
925 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
927 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
929 BT_DBG("%s status 0x%x", hdev->name, rp->status);
933 if (test_bit(HCI_MGMT, &hdev->dev_flags))
934 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
937 hci_dev_unlock(hdev);
940 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
943 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
945 BT_DBG("%s status 0x%x", hdev->name, rp->status);
950 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
951 hdev->le_pkts = rp->le_max_pkt;
953 hdev->le_cnt = hdev->le_pkts;
955 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
957 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
960 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
962 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
964 BT_DBG("%s status 0x%x", hdev->name, rp->status);
968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
969 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
972 hci_dev_unlock(hdev);
975 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
978 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
980 BT_DBG("%s status 0x%x", hdev->name, rp->status);
984 if (test_bit(HCI_MGMT, &hdev->dev_flags))
985 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
989 hci_dev_unlock(hdev);
992 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
994 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
996 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1000 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1001 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1004 hci_dev_unlock(hdev);
1007 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1008 struct sk_buff *skb)
1010 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1016 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1017 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1025 struct sk_buff *skb)
1027 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1029 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1032 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1033 rp->randomizer, rp->status);
1034 hci_dev_unlock(hdev);
1037 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1039 __u8 status = *((__u8 *) skb->data);
1041 BT_DBG("%s status 0x%x", hdev->name, status);
1043 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1047 mgmt_start_discovery_failed(hdev, status);
1048 hci_dev_unlock(hdev);
1053 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1054 struct sk_buff *skb)
1056 struct hci_cp_le_set_scan_enable *cp;
1057 __u8 status = *((__u8 *) skb->data);
1059 BT_DBG("%s status 0x%x", hdev->name, status);
1061 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1065 switch (cp->enable) {
1066 case LE_SCANNING_ENABLED:
1067 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1071 mgmt_start_discovery_failed(hdev, status);
1072 hci_dev_unlock(hdev);
1076 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1078 cancel_delayed_work_sync(&hdev->adv_work);
1081 hci_adv_entries_clear(hdev);
1082 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1083 hci_dev_unlock(hdev);
1086 case LE_SCANNING_DISABLED:
1090 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1092 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1094 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1095 mgmt_interleaved_discovery(hdev);
1098 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1099 hci_dev_unlock(hdev);
1105 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1110 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1112 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1114 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1119 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1122 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1124 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1126 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1131 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1134 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1135 struct sk_buff *skb)
1137 struct hci_cp_read_local_ext_features cp;
1138 __u8 status = *((__u8 *) skb->data);
1140 BT_DBG("%s status 0x%x", hdev->name, status);
1146 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1149 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1151 BT_DBG("%s status 0x%x", hdev->name, status);
1154 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1155 hci_conn_check_pending(hdev);
1157 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1158 mgmt_start_discovery_failed(hdev, status);
1159 hci_dev_unlock(hdev);
1163 set_bit(HCI_INQUIRY, &hdev->flags);
1166 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1167 hci_dev_unlock(hdev);
1170 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1172 struct hci_cp_create_conn *cp;
1173 struct hci_conn *conn;
1175 BT_DBG("%s status 0x%x", hdev->name, status);
1177 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1185 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1188 if (conn && conn->state == BT_CONNECT) {
1189 if (status != 0x0c || conn->attempt > 2) {
1190 conn->state = BT_CLOSED;
1191 hci_proto_connect_cfm(conn, status);
1194 conn->state = BT_CONNECT2;
1198 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1201 conn->link_mode |= HCI_LM_MASTER;
1203 BT_ERR("No memory for new connection");
1207 hci_dev_unlock(hdev);
1210 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1212 struct hci_cp_add_sco *cp;
1213 struct hci_conn *acl, *sco;
1216 BT_DBG("%s status 0x%x", hdev->name, status);
1221 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1225 handle = __le16_to_cpu(cp->handle);
1227 BT_DBG("%s handle %d", hdev->name, handle);
1231 acl = hci_conn_hash_lookup_handle(hdev, handle);
1235 sco->state = BT_CLOSED;
1237 hci_proto_connect_cfm(sco, status);
1242 hci_dev_unlock(hdev);
1245 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1247 struct hci_cp_auth_requested *cp;
1248 struct hci_conn *conn;
1250 BT_DBG("%s status 0x%x", hdev->name, status);
1255 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1263 if (conn->state == BT_CONFIG) {
1264 hci_proto_connect_cfm(conn, status);
1269 hci_dev_unlock(hdev);
1272 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_set_conn_encrypt *cp;
1275 struct hci_conn *conn;
1277 BT_DBG("%s status 0x%x", hdev->name, status);
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1296 hci_dev_unlock(hdev);
1299 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1300 struct hci_conn *conn)
1302 if (conn->state != BT_CONFIG || !conn->out)
1305 if (conn->pending_sec_level == BT_SECURITY_SDP)
1308 /* Only request authentication for SSP connections or non-SSP
1309 * devices with sec_level HIGH or if MITM protection is requested */
1310 if (!hci_conn_ssp_enabled(conn) &&
1311 conn->pending_sec_level != BT_SECURITY_HIGH &&
1312 !(conn->auth_type & 0x01))
1318 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1320 struct hci_cp_remote_name_req cp;
1322 memset(&cp, 0, sizeof(cp));
1324 bacpy(&cp.bdaddr, &e->data.bdaddr);
1325 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1326 cp.pscan_mode = e->data.pscan_mode;
1327 cp.clock_offset = e->data.clock_offset;
1329 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1332 static bool hci_resolve_next_name(struct hci_dev *hdev)
1334 struct discovery_state *discov = &hdev->discovery;
1335 struct inquiry_entry *e;
1337 if (list_empty(&discov->resolve))
1340 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1341 if (hci_resolve_name(hdev, e) == 0) {
1342 e->name_state = NAME_PENDING;
1349 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1350 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1352 struct discovery_state *discov = &hdev->discovery;
1353 struct inquiry_entry *e;
1355 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1356 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1357 name, name_len, conn->dev_class);
1359 if (discov->state == DISCOVERY_STOPPED)
1362 if (discov->state == DISCOVERY_STOPPING)
1363 goto discov_complete;
1365 if (discov->state != DISCOVERY_RESOLVING)
1368 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1370 e->name_state = NAME_KNOWN;
1373 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1374 e->data.rssi, name, name_len);
1377 if (hci_resolve_next_name(hdev))
1381 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1384 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1386 struct hci_cp_remote_name_req *cp;
1387 struct hci_conn *conn;
1389 BT_DBG("%s status 0x%x", hdev->name, status);
1391 /* If successful wait for the name req complete event before
1392 * checking for the need to do authentication */
1396 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1404 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1405 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1410 if (!hci_outgoing_auth_needed(hdev, conn))
1413 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1414 struct hci_cp_auth_requested cp;
1415 cp.handle = __cpu_to_le16(conn->handle);
1416 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1420 hci_dev_unlock(hdev);
1423 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1425 struct hci_cp_read_remote_features *cp;
1426 struct hci_conn *conn;
1428 BT_DBG("%s status 0x%x", hdev->name, status);
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1441 if (conn->state == BT_CONFIG) {
1442 hci_proto_connect_cfm(conn, status);
1447 hci_dev_unlock(hdev);
1450 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1452 struct hci_cp_read_remote_ext_features *cp;
1453 struct hci_conn *conn;
1455 BT_DBG("%s status 0x%x", hdev->name, status);
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1468 if (conn->state == BT_CONFIG) {
1469 hci_proto_connect_cfm(conn, status);
1474 hci_dev_unlock(hdev);
1477 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1479 struct hci_cp_setup_sync_conn *cp;
1480 struct hci_conn *acl, *sco;
1483 BT_DBG("%s status 0x%x", hdev->name, status);
1488 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1492 handle = __le16_to_cpu(cp->handle);
1494 BT_DBG("%s handle %d", hdev->name, handle);
1498 acl = hci_conn_hash_lookup_handle(hdev, handle);
1502 sco->state = BT_CLOSED;
1504 hci_proto_connect_cfm(sco, status);
1509 hci_dev_unlock(hdev);
1512 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1514 struct hci_cp_sniff_mode *cp;
1515 struct hci_conn *conn;
1517 BT_DBG("%s status 0x%x", hdev->name, status);
1522 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1528 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1530 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1532 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1533 hci_sco_setup(conn, status);
1536 hci_dev_unlock(hdev);
1539 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1541 struct hci_cp_exit_sniff_mode *cp;
1542 struct hci_conn *conn;
1544 BT_DBG("%s status 0x%x", hdev->name, status);
1549 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1560 hci_sco_setup(conn, status);
1563 hci_dev_unlock(hdev);
1566 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1568 struct hci_cp_disconnect *cp;
1569 struct hci_conn *conn;
1574 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1582 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1583 conn->dst_type, status);
1585 hci_dev_unlock(hdev);
1588 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1590 struct hci_cp_le_create_conn *cp;
1591 struct hci_conn *conn;
1593 BT_DBG("%s status 0x%x", hdev->name, status);
1595 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1601 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1603 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1607 if (conn && conn->state == BT_CONNECT) {
1608 conn->state = BT_CLOSED;
1609 hci_proto_connect_cfm(conn, status);
1614 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1616 conn->dst_type = cp->peer_addr_type;
1619 BT_ERR("No memory for new connection");
1624 hci_dev_unlock(hdev);
1627 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1629 BT_DBG("%s status 0x%x", hdev->name, status);
1632 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1634 __u8 status = *((__u8 *) skb->data);
1635 struct discovery_state *discov = &hdev->discovery;
1636 struct inquiry_entry *e;
1638 BT_DBG("%s status %d", hdev->name, status);
1640 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1642 hci_conn_check_pending(hdev);
1644 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1647 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1652 if (discov->state != DISCOVERY_FINDING)
1655 if (list_empty(&discov->resolve)) {
1656 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1660 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1661 if (e && hci_resolve_name(hdev, e) == 0) {
1662 e->name_state = NAME_PENDING;
1663 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1665 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1669 hci_dev_unlock(hdev);
1672 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1674 struct inquiry_data data;
1675 struct inquiry_info *info = (void *) (skb->data + 1);
1676 int num_rsp = *((__u8 *) skb->data);
1678 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1685 for (; num_rsp; num_rsp--, info++) {
1688 bacpy(&data.bdaddr, &info->bdaddr);
1689 data.pscan_rep_mode = info->pscan_rep_mode;
1690 data.pscan_period_mode = info->pscan_period_mode;
1691 data.pscan_mode = info->pscan_mode;
1692 memcpy(data.dev_class, info->dev_class, 3);
1693 data.clock_offset = info->clock_offset;
1695 data.ssp_mode = 0x00;
1697 name_known = hci_inquiry_cache_update(hdev, &data, false);
1698 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1699 info->dev_class, 0, !name_known,
1703 hci_dev_unlock(hdev);
1706 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1708 struct hci_ev_conn_complete *ev = (void *) skb->data;
1709 struct hci_conn *conn;
1711 BT_DBG("%s", hdev->name);
1715 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1717 if (ev->link_type != SCO_LINK)
1720 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1724 conn->type = SCO_LINK;
1728 conn->handle = __le16_to_cpu(ev->handle);
1730 if (conn->type == ACL_LINK) {
1731 conn->state = BT_CONFIG;
1732 hci_conn_hold(conn);
1733 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1735 conn->state = BT_CONNECTED;
1737 hci_conn_hold_device(conn);
1738 hci_conn_add_sysfs(conn);
1740 if (test_bit(HCI_AUTH, &hdev->flags))
1741 conn->link_mode |= HCI_LM_AUTH;
1743 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1744 conn->link_mode |= HCI_LM_ENCRYPT;
1746 /* Get remote features */
1747 if (conn->type == ACL_LINK) {
1748 struct hci_cp_read_remote_features cp;
1749 cp.handle = ev->handle;
1750 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1754 /* Set packet type for incoming connection */
1755 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1756 struct hci_cp_change_conn_ptype cp;
1757 cp.handle = ev->handle;
1758 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1759 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1763 conn->state = BT_CLOSED;
1764 if (conn->type == ACL_LINK)
1765 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1766 conn->dst_type, ev->status);
1769 if (conn->type == ACL_LINK)
1770 hci_sco_setup(conn, ev->status);
1773 hci_proto_connect_cfm(conn, ev->status);
1775 } else if (ev->link_type != ACL_LINK)
1776 hci_proto_connect_cfm(conn, ev->status);
1779 hci_dev_unlock(hdev);
1781 hci_conn_check_pending(hdev);
1784 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1786 struct hci_ev_conn_request *ev = (void *) skb->data;
1787 int mask = hdev->link_mode;
1789 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1790 batostr(&ev->bdaddr), ev->link_type);
1792 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1794 if ((mask & HCI_LM_ACCEPT) &&
1795 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1796 /* Connection accepted */
1797 struct inquiry_entry *ie;
1798 struct hci_conn *conn;
1802 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1804 memcpy(ie->data.dev_class, ev->dev_class, 3);
1806 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1808 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1810 BT_ERR("No memory for new connection");
1811 hci_dev_unlock(hdev);
1816 memcpy(conn->dev_class, ev->dev_class, 3);
1817 conn->state = BT_CONNECT;
1819 hci_dev_unlock(hdev);
1821 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1822 struct hci_cp_accept_conn_req cp;
1824 bacpy(&cp.bdaddr, &ev->bdaddr);
1826 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1827 cp.role = 0x00; /* Become master */
1829 cp.role = 0x01; /* Remain slave */
1831 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1834 struct hci_cp_accept_sync_conn_req cp;
1836 bacpy(&cp.bdaddr, &ev->bdaddr);
1837 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1839 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1840 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1841 cp.max_latency = cpu_to_le16(0xffff);
1842 cp.content_format = cpu_to_le16(hdev->voice_setting);
1843 cp.retrans_effort = 0xff;
1845 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1849 /* Connection rejected */
1850 struct hci_cp_reject_conn_req cp;
1852 bacpy(&cp.bdaddr, &ev->bdaddr);
1853 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1854 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1858 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1860 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1861 struct hci_conn *conn;
1863 BT_DBG("%s status %d", hdev->name, ev->status);
1867 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1871 if (ev->status == 0)
1872 conn->state = BT_CLOSED;
1874 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1875 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1876 if (ev->status != 0)
1877 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1878 conn->dst_type, ev->status);
1880 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1884 if (ev->status == 0) {
1885 hci_proto_disconn_cfm(conn, ev->reason);
1890 hci_dev_unlock(hdev);
1893 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1895 struct hci_ev_auth_complete *ev = (void *) skb->data;
1896 struct hci_conn *conn;
1898 BT_DBG("%s status %d", hdev->name, ev->status);
1902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1907 if (!hci_conn_ssp_enabled(conn) &&
1908 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1909 BT_INFO("re-auth of legacy device is not possible.");
1911 conn->link_mode |= HCI_LM_AUTH;
1912 conn->sec_level = conn->pending_sec_level;
1915 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1919 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1920 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1922 if (conn->state == BT_CONFIG) {
1923 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1924 struct hci_cp_set_conn_encrypt cp;
1925 cp.handle = ev->handle;
1927 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1930 conn->state = BT_CONNECTED;
1931 hci_proto_connect_cfm(conn, ev->status);
1935 hci_auth_cfm(conn, ev->status);
1937 hci_conn_hold(conn);
1938 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1942 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1944 struct hci_cp_set_conn_encrypt cp;
1945 cp.handle = ev->handle;
1947 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1950 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1951 hci_encrypt_cfm(conn, ev->status, 0x00);
1956 hci_dev_unlock(hdev);
1959 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1961 struct hci_ev_remote_name *ev = (void *) skb->data;
1962 struct hci_conn *conn;
1964 BT_DBG("%s", hdev->name);
1966 hci_conn_check_pending(hdev);
1970 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1972 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1975 if (ev->status == 0)
1976 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1977 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1979 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1985 if (!hci_outgoing_auth_needed(hdev, conn))
1988 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1989 struct hci_cp_auth_requested cp;
1990 cp.handle = __cpu_to_le16(conn->handle);
1991 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1995 hci_dev_unlock(hdev);
1998 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2000 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2001 struct hci_conn *conn;
2003 BT_DBG("%s status %d", hdev->name, ev->status);
2007 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2011 /* Encryption implies authentication */
2012 conn->link_mode |= HCI_LM_AUTH;
2013 conn->link_mode |= HCI_LM_ENCRYPT;
2014 conn->sec_level = conn->pending_sec_level;
2016 conn->link_mode &= ~HCI_LM_ENCRYPT;
2019 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2021 if (conn->state == BT_CONFIG) {
2023 conn->state = BT_CONNECTED;
2025 hci_proto_connect_cfm(conn, ev->status);
2028 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2031 hci_dev_unlock(hdev);
2034 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2036 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2037 struct hci_conn *conn;
2039 BT_DBG("%s status %d", hdev->name, ev->status);
2043 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2046 conn->link_mode |= HCI_LM_SECURE;
2048 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2050 hci_key_change_cfm(conn, ev->status);
2053 hci_dev_unlock(hdev);
2056 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2058 struct hci_ev_remote_features *ev = (void *) skb->data;
2059 struct hci_conn *conn;
2061 BT_DBG("%s status %d", hdev->name, ev->status);
2065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2070 memcpy(conn->features, ev->features, 8);
2072 if (conn->state != BT_CONFIG)
2075 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2076 struct hci_cp_read_remote_ext_features cp;
2077 cp.handle = ev->handle;
2079 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2085 struct hci_cp_remote_name_req cp;
2086 memset(&cp, 0, sizeof(cp));
2087 bacpy(&cp.bdaddr, &conn->dst);
2088 cp.pscan_rep_mode = 0x02;
2089 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2090 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2091 mgmt_device_connected(hdev, &conn->dst, conn->type,
2092 conn->dst_type, NULL, 0,
2095 if (!hci_outgoing_auth_needed(hdev, conn)) {
2096 conn->state = BT_CONNECTED;
2097 hci_proto_connect_cfm(conn, ev->status);
2102 hci_dev_unlock(hdev);
2105 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2107 BT_DBG("%s", hdev->name);
2110 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2112 BT_DBG("%s", hdev->name);
2115 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2120 skb_pull(skb, sizeof(*ev));
2122 opcode = __le16_to_cpu(ev->opcode);
2125 case HCI_OP_INQUIRY_CANCEL:
2126 hci_cc_inquiry_cancel(hdev, skb);
2129 case HCI_OP_EXIT_PERIODIC_INQ:
2130 hci_cc_exit_periodic_inq(hdev, skb);
2133 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2134 hci_cc_remote_name_req_cancel(hdev, skb);
2137 case HCI_OP_ROLE_DISCOVERY:
2138 hci_cc_role_discovery(hdev, skb);
2141 case HCI_OP_READ_LINK_POLICY:
2142 hci_cc_read_link_policy(hdev, skb);
2145 case HCI_OP_WRITE_LINK_POLICY:
2146 hci_cc_write_link_policy(hdev, skb);
2149 case HCI_OP_READ_DEF_LINK_POLICY:
2150 hci_cc_read_def_link_policy(hdev, skb);
2153 case HCI_OP_WRITE_DEF_LINK_POLICY:
2154 hci_cc_write_def_link_policy(hdev, skb);
2158 hci_cc_reset(hdev, skb);
2161 case HCI_OP_WRITE_LOCAL_NAME:
2162 hci_cc_write_local_name(hdev, skb);
2165 case HCI_OP_READ_LOCAL_NAME:
2166 hci_cc_read_local_name(hdev, skb);
2169 case HCI_OP_WRITE_AUTH_ENABLE:
2170 hci_cc_write_auth_enable(hdev, skb);
2173 case HCI_OP_WRITE_ENCRYPT_MODE:
2174 hci_cc_write_encrypt_mode(hdev, skb);
2177 case HCI_OP_WRITE_SCAN_ENABLE:
2178 hci_cc_write_scan_enable(hdev, skb);
2181 case HCI_OP_READ_CLASS_OF_DEV:
2182 hci_cc_read_class_of_dev(hdev, skb);
2185 case HCI_OP_WRITE_CLASS_OF_DEV:
2186 hci_cc_write_class_of_dev(hdev, skb);
2189 case HCI_OP_READ_VOICE_SETTING:
2190 hci_cc_read_voice_setting(hdev, skb);
2193 case HCI_OP_WRITE_VOICE_SETTING:
2194 hci_cc_write_voice_setting(hdev, skb);
2197 case HCI_OP_HOST_BUFFER_SIZE:
2198 hci_cc_host_buffer_size(hdev, skb);
2201 case HCI_OP_READ_SSP_MODE:
2202 hci_cc_read_ssp_mode(hdev, skb);
2205 case HCI_OP_WRITE_SSP_MODE:
2206 hci_cc_write_ssp_mode(hdev, skb);
2209 case HCI_OP_READ_LOCAL_VERSION:
2210 hci_cc_read_local_version(hdev, skb);
2213 case HCI_OP_READ_LOCAL_COMMANDS:
2214 hci_cc_read_local_commands(hdev, skb);
2217 case HCI_OP_READ_LOCAL_FEATURES:
2218 hci_cc_read_local_features(hdev, skb);
2221 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2222 hci_cc_read_local_ext_features(hdev, skb);
2225 case HCI_OP_READ_BUFFER_SIZE:
2226 hci_cc_read_buffer_size(hdev, skb);
2229 case HCI_OP_READ_BD_ADDR:
2230 hci_cc_read_bd_addr(hdev, skb);
2233 case HCI_OP_READ_DATA_BLOCK_SIZE:
2234 hci_cc_read_data_block_size(hdev, skb);
2237 case HCI_OP_WRITE_CA_TIMEOUT:
2238 hci_cc_write_ca_timeout(hdev, skb);
2241 case HCI_OP_READ_FLOW_CONTROL_MODE:
2242 hci_cc_read_flow_control_mode(hdev, skb);
2245 case HCI_OP_READ_LOCAL_AMP_INFO:
2246 hci_cc_read_local_amp_info(hdev, skb);
2249 case HCI_OP_DELETE_STORED_LINK_KEY:
2250 hci_cc_delete_stored_link_key(hdev, skb);
2253 case HCI_OP_SET_EVENT_MASK:
2254 hci_cc_set_event_mask(hdev, skb);
2257 case HCI_OP_WRITE_INQUIRY_MODE:
2258 hci_cc_write_inquiry_mode(hdev, skb);
2261 case HCI_OP_READ_INQ_RSP_TX_POWER:
2262 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2265 case HCI_OP_SET_EVENT_FLT:
2266 hci_cc_set_event_flt(hdev, skb);
2269 case HCI_OP_PIN_CODE_REPLY:
2270 hci_cc_pin_code_reply(hdev, skb);
2273 case HCI_OP_PIN_CODE_NEG_REPLY:
2274 hci_cc_pin_code_neg_reply(hdev, skb);
2277 case HCI_OP_READ_LOCAL_OOB_DATA:
2278 hci_cc_read_local_oob_data_reply(hdev, skb);
2281 case HCI_OP_LE_READ_BUFFER_SIZE:
2282 hci_cc_le_read_buffer_size(hdev, skb);
2285 case HCI_OP_USER_CONFIRM_REPLY:
2286 hci_cc_user_confirm_reply(hdev, skb);
2289 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2290 hci_cc_user_confirm_neg_reply(hdev, skb);
2293 case HCI_OP_USER_PASSKEY_REPLY:
2294 hci_cc_user_passkey_reply(hdev, skb);
2297 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2298 hci_cc_user_passkey_neg_reply(hdev, skb);
2300 case HCI_OP_LE_SET_SCAN_PARAM:
2301 hci_cc_le_set_scan_param(hdev, skb);
2304 case HCI_OP_LE_SET_SCAN_ENABLE:
2305 hci_cc_le_set_scan_enable(hdev, skb);
2308 case HCI_OP_LE_LTK_REPLY:
2309 hci_cc_le_ltk_reply(hdev, skb);
2312 case HCI_OP_LE_LTK_NEG_REPLY:
2313 hci_cc_le_ltk_neg_reply(hdev, skb);
2316 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2317 hci_cc_write_le_host_supported(hdev, skb);
2321 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2325 if (ev->opcode != HCI_OP_NOP)
2326 del_timer(&hdev->cmd_timer);
2329 atomic_set(&hdev->cmd_cnt, 1);
2330 if (!skb_queue_empty(&hdev->cmd_q))
2331 queue_work(hdev->workqueue, &hdev->cmd_work);
2335 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2337 struct hci_ev_cmd_status *ev = (void *) skb->data;
2340 skb_pull(skb, sizeof(*ev));
2342 opcode = __le16_to_cpu(ev->opcode);
2345 case HCI_OP_INQUIRY:
2346 hci_cs_inquiry(hdev, ev->status);
2349 case HCI_OP_CREATE_CONN:
2350 hci_cs_create_conn(hdev, ev->status);
2353 case HCI_OP_ADD_SCO:
2354 hci_cs_add_sco(hdev, ev->status);
2357 case HCI_OP_AUTH_REQUESTED:
2358 hci_cs_auth_requested(hdev, ev->status);
2361 case HCI_OP_SET_CONN_ENCRYPT:
2362 hci_cs_set_conn_encrypt(hdev, ev->status);
2365 case HCI_OP_REMOTE_NAME_REQ:
2366 hci_cs_remote_name_req(hdev, ev->status);
2369 case HCI_OP_READ_REMOTE_FEATURES:
2370 hci_cs_read_remote_features(hdev, ev->status);
2373 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2374 hci_cs_read_remote_ext_features(hdev, ev->status);
2377 case HCI_OP_SETUP_SYNC_CONN:
2378 hci_cs_setup_sync_conn(hdev, ev->status);
2381 case HCI_OP_SNIFF_MODE:
2382 hci_cs_sniff_mode(hdev, ev->status);
2385 case HCI_OP_EXIT_SNIFF_MODE:
2386 hci_cs_exit_sniff_mode(hdev, ev->status);
2389 case HCI_OP_DISCONNECT:
2390 hci_cs_disconnect(hdev, ev->status);
2393 case HCI_OP_LE_CREATE_CONN:
2394 hci_cs_le_create_conn(hdev, ev->status);
2397 case HCI_OP_LE_START_ENC:
2398 hci_cs_le_start_enc(hdev, ev->status);
2402 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2406 if (ev->opcode != HCI_OP_NOP)
2407 del_timer(&hdev->cmd_timer);
2409 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2410 atomic_set(&hdev->cmd_cnt, 1);
2411 if (!skb_queue_empty(&hdev->cmd_q))
2412 queue_work(hdev->workqueue, &hdev->cmd_work);
2416 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2418 struct hci_ev_role_change *ev = (void *) skb->data;
2419 struct hci_conn *conn;
2421 BT_DBG("%s status %d", hdev->name, ev->status);
2425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2429 conn->link_mode &= ~HCI_LM_MASTER;
2431 conn->link_mode |= HCI_LM_MASTER;
2434 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2436 hci_role_switch_cfm(conn, ev->status, ev->role);
2439 hci_dev_unlock(hdev);
2442 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2444 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2447 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2448 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2452 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2453 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2454 BT_DBG("%s bad parameters", hdev->name);
2458 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2460 for (i = 0; i < ev->num_hndl; i++) {
2461 struct hci_comp_pkts_info *info = &ev->handles[i];
2462 struct hci_conn *conn;
2463 __u16 handle, count;
2465 handle = __le16_to_cpu(info->handle);
2466 count = __le16_to_cpu(info->count);
2468 conn = hci_conn_hash_lookup_handle(hdev, handle);
2472 conn->sent -= count;
2474 switch (conn->type) {
2476 hdev->acl_cnt += count;
2477 if (hdev->acl_cnt > hdev->acl_pkts)
2478 hdev->acl_cnt = hdev->acl_pkts;
2482 if (hdev->le_pkts) {
2483 hdev->le_cnt += count;
2484 if (hdev->le_cnt > hdev->le_pkts)
2485 hdev->le_cnt = hdev->le_pkts;
2487 hdev->acl_cnt += count;
2488 if (hdev->acl_cnt > hdev->acl_pkts)
2489 hdev->acl_cnt = hdev->acl_pkts;
2494 hdev->sco_cnt += count;
2495 if (hdev->sco_cnt > hdev->sco_pkts)
2496 hdev->sco_cnt = hdev->sco_pkts;
2500 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2505 queue_work(hdev->workqueue, &hdev->tx_work);
2508 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2509 struct sk_buff *skb)
2511 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2514 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2515 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2519 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2520 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2521 BT_DBG("%s bad parameters", hdev->name);
2525 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2528 for (i = 0; i < ev->num_hndl; i++) {
2529 struct hci_comp_blocks_info *info = &ev->handles[i];
2530 struct hci_conn *conn;
2531 __u16 handle, block_count;
2533 handle = __le16_to_cpu(info->handle);
2534 block_count = __le16_to_cpu(info->blocks);
2536 conn = hci_conn_hash_lookup_handle(hdev, handle);
2540 conn->sent -= block_count;
2542 switch (conn->type) {
2544 hdev->block_cnt += block_count;
2545 if (hdev->block_cnt > hdev->num_blocks)
2546 hdev->block_cnt = hdev->num_blocks;
2550 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2555 queue_work(hdev->workqueue, &hdev->tx_work);
2558 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2560 struct hci_ev_mode_change *ev = (void *) skb->data;
2561 struct hci_conn *conn;
2563 BT_DBG("%s status %d", hdev->name, ev->status);
2567 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2569 conn->mode = ev->mode;
2570 conn->interval = __le16_to_cpu(ev->interval);
2572 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2573 if (conn->mode == HCI_CM_ACTIVE)
2574 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2576 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2579 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2580 hci_sco_setup(conn, ev->status);
2583 hci_dev_unlock(hdev);
2586 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2588 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2589 struct hci_conn *conn;
2591 BT_DBG("%s", hdev->name);
2595 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2599 if (conn->state == BT_CONNECTED) {
2600 hci_conn_hold(conn);
2601 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2605 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2606 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2607 sizeof(ev->bdaddr), &ev->bdaddr);
2608 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2611 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2616 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2620 hci_dev_unlock(hdev);
2623 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2625 struct hci_ev_link_key_req *ev = (void *) skb->data;
2626 struct hci_cp_link_key_reply cp;
2627 struct hci_conn *conn;
2628 struct link_key *key;
2630 BT_DBG("%s", hdev->name);
2632 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2637 key = hci_find_link_key(hdev, &ev->bdaddr);
2639 BT_DBG("%s link key not found for %s", hdev->name,
2640 batostr(&ev->bdaddr));
2644 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2645 batostr(&ev->bdaddr));
2647 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2648 key->type == HCI_LK_DEBUG_COMBINATION) {
2649 BT_DBG("%s ignoring debug key", hdev->name);
2653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2655 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2656 conn->auth_type != 0xff &&
2657 (conn->auth_type & 0x01)) {
2658 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2662 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2663 conn->pending_sec_level == BT_SECURITY_HIGH) {
2664 BT_DBG("%s ignoring key unauthenticated for high \
2665 security", hdev->name);
2669 conn->key_type = key->type;
2670 conn->pin_length = key->pin_len;
2673 bacpy(&cp.bdaddr, &ev->bdaddr);
2674 memcpy(cp.link_key, key->val, 16);
2676 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2678 hci_dev_unlock(hdev);
2683 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2684 hci_dev_unlock(hdev);
2687 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2689 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2690 struct hci_conn *conn;
2693 BT_DBG("%s", hdev->name);
2697 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2699 hci_conn_hold(conn);
2700 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2701 pin_len = conn->pin_length;
2703 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2704 conn->key_type = ev->key_type;
2709 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2710 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2711 ev->key_type, pin_len);
2713 hci_dev_unlock(hdev);
2716 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2718 struct hci_ev_clock_offset *ev = (void *) skb->data;
2719 struct hci_conn *conn;
2721 BT_DBG("%s status %d", hdev->name, ev->status);
2725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2726 if (conn && !ev->status) {
2727 struct inquiry_entry *ie;
2729 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2731 ie->data.clock_offset = ev->clock_offset;
2732 ie->timestamp = jiffies;
2736 hci_dev_unlock(hdev);
2739 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2741 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2742 struct hci_conn *conn;
2744 BT_DBG("%s status %d", hdev->name, ev->status);
2748 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2749 if (conn && !ev->status)
2750 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2752 hci_dev_unlock(hdev);
2755 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2757 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2758 struct inquiry_entry *ie;
2760 BT_DBG("%s", hdev->name);
2764 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2766 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2767 ie->timestamp = jiffies;
2770 hci_dev_unlock(hdev);
2773 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2775 struct inquiry_data data;
2776 int num_rsp = *((__u8 *) skb->data);
2779 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2786 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2787 struct inquiry_info_with_rssi_and_pscan_mode *info;
2788 info = (void *) (skb->data + 1);
2790 for (; num_rsp; num_rsp--, info++) {
2791 bacpy(&data.bdaddr, &info->bdaddr);
2792 data.pscan_rep_mode = info->pscan_rep_mode;
2793 data.pscan_period_mode = info->pscan_period_mode;
2794 data.pscan_mode = info->pscan_mode;
2795 memcpy(data.dev_class, info->dev_class, 3);
2796 data.clock_offset = info->clock_offset;
2797 data.rssi = info->rssi;
2798 data.ssp_mode = 0x00;
2800 name_known = hci_inquiry_cache_update(hdev, &data,
2802 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2803 info->dev_class, info->rssi,
2804 !name_known, NULL, 0);
2807 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2809 for (; num_rsp; num_rsp--, info++) {
2810 bacpy(&data.bdaddr, &info->bdaddr);
2811 data.pscan_rep_mode = info->pscan_rep_mode;
2812 data.pscan_period_mode = info->pscan_period_mode;
2813 data.pscan_mode = 0x00;
2814 memcpy(data.dev_class, info->dev_class, 3);
2815 data.clock_offset = info->clock_offset;
2816 data.rssi = info->rssi;
2817 data.ssp_mode = 0x00;
2818 name_known = hci_inquiry_cache_update(hdev, &data,
2820 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2821 info->dev_class, info->rssi,
2822 !name_known, NULL, 0);
2826 hci_dev_unlock(hdev);
2829 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2831 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2832 struct hci_conn *conn;
2834 BT_DBG("%s", hdev->name);
2838 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2842 if (!ev->status && ev->page == 0x01) {
2843 struct inquiry_entry *ie;
2845 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2847 ie->data.ssp_mode = (ev->features[0] & 0x01);
2849 if (ev->features[0] & 0x01)
2850 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2853 if (conn->state != BT_CONFIG)
2857 struct hci_cp_remote_name_req cp;
2858 memset(&cp, 0, sizeof(cp));
2859 bacpy(&cp.bdaddr, &conn->dst);
2860 cp.pscan_rep_mode = 0x02;
2861 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2862 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2863 mgmt_device_connected(hdev, &conn->dst, conn->type,
2864 conn->dst_type, NULL, 0,
2867 if (!hci_outgoing_auth_needed(hdev, conn)) {
2868 conn->state = BT_CONNECTED;
2869 hci_proto_connect_cfm(conn, ev->status);
2874 hci_dev_unlock(hdev);
2877 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2879 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2880 struct hci_conn *conn;
2882 BT_DBG("%s status %d", hdev->name, ev->status);
2886 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2888 if (ev->link_type == ESCO_LINK)
2891 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2895 conn->type = SCO_LINK;
2898 switch (ev->status) {
2900 conn->handle = __le16_to_cpu(ev->handle);
2901 conn->state = BT_CONNECTED;
2903 hci_conn_hold_device(conn);
2904 hci_conn_add_sysfs(conn);
2907 case 0x11: /* Unsupported Feature or Parameter Value */
2908 case 0x1c: /* SCO interval rejected */
2909 case 0x1a: /* Unsupported Remote Feature */
2910 case 0x1f: /* Unspecified error */
2911 if (conn->out && conn->attempt < 2) {
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK);
2914 hci_setup_sync(conn, conn->link->handle);
2920 conn->state = BT_CLOSED;
2924 hci_proto_connect_cfm(conn, ev->status);
2929 hci_dev_unlock(hdev);
2932 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2934 BT_DBG("%s", hdev->name);
2937 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2939 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2941 BT_DBG("%s status %d", hdev->name, ev->status);
2944 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2946 struct inquiry_data data;
2947 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2948 int num_rsp = *((__u8 *) skb->data);
2950 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2957 for (; num_rsp; num_rsp--, info++) {
2960 bacpy(&data.bdaddr, &info->bdaddr);
2961 data.pscan_rep_mode = info->pscan_rep_mode;
2962 data.pscan_period_mode = info->pscan_period_mode;
2963 data.pscan_mode = 0x00;
2964 memcpy(data.dev_class, info->dev_class, 3);
2965 data.clock_offset = info->clock_offset;
2966 data.rssi = info->rssi;
2967 data.ssp_mode = 0x01;
2969 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2970 name_known = eir_has_data_type(info->data,
2976 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2977 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2978 info->dev_class, info->rssi,
2979 !name_known, info->data,
2980 sizeof(info->data));
2983 hci_dev_unlock(hdev);
2986 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2988 /* If remote requests dedicated bonding follow that lead */
2989 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2990 /* If both remote and local IO capabilities allow MITM
2991 * protection then require it, otherwise don't */
2992 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2998 /* If remote requests no-bonding follow that lead */
2999 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3000 return conn->remote_auth | (conn->auth_type & 0x01);
3002 return conn->auth_type;
3005 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3007 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3008 struct hci_conn *conn;
3010 BT_DBG("%s", hdev->name);
3014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3018 hci_conn_hold(conn);
3020 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3023 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3024 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3025 struct hci_cp_io_capability_reply cp;
3027 bacpy(&cp.bdaddr, &ev->bdaddr);
3028 /* Change the IO capability from KeyboardDisplay
3029 * to DisplayYesNo as it is not supported by BT spec. */
3030 cp.capability = (conn->io_capability == 0x04) ?
3031 0x01 : conn->io_capability;
3032 conn->auth_type = hci_get_auth_req(conn);
3033 cp.authentication = conn->auth_type;
3035 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3036 hci_find_remote_oob_data(hdev, &conn->dst))
3041 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3044 struct hci_cp_io_capability_neg_reply cp;
3046 bacpy(&cp.bdaddr, &ev->bdaddr);
3047 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3049 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3054 hci_dev_unlock(hdev);
3057 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3059 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3060 struct hci_conn *conn;
3062 BT_DBG("%s", hdev->name);
3066 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3070 conn->remote_cap = ev->capability;
3071 conn->remote_auth = ev->authentication;
3073 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3076 hci_dev_unlock(hdev);
3079 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3080 struct sk_buff *skb)
3082 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3083 int loc_mitm, rem_mitm, confirm_hint = 0;
3084 struct hci_conn *conn;
3086 BT_DBG("%s", hdev->name);
3090 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3093 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3097 loc_mitm = (conn->auth_type & 0x01);
3098 rem_mitm = (conn->remote_auth & 0x01);
3100 /* If we require MITM but the remote device can't provide that
3101 * (it has NoInputNoOutput) then reject the confirmation
3102 * request. The only exception is when we're dedicated bonding
3103 * initiators (connect_cfm_cb set) since then we always have the MITM
3105 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3106 BT_DBG("Rejecting request: remote device can't provide MITM");
3107 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3108 sizeof(ev->bdaddr), &ev->bdaddr);
3112 /* If no side requires MITM protection; auto-accept */
3113 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3114 (!rem_mitm || conn->io_capability == 0x03)) {
3116 /* If we're not the initiators request authorization to
3117 * proceed from user space (mgmt_user_confirm with
3118 * confirm_hint set to 1). */
3119 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3120 BT_DBG("Confirming auto-accept as acceptor");
3125 BT_DBG("Auto-accept of user confirmation with %ums delay",
3126 hdev->auto_accept_delay);
3128 if (hdev->auto_accept_delay > 0) {
3129 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3130 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3134 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3135 sizeof(ev->bdaddr), &ev->bdaddr);
3140 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3144 hci_dev_unlock(hdev);
3147 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3148 struct sk_buff *skb)
3150 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3152 BT_DBG("%s", hdev->name);
3156 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3157 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3159 hci_dev_unlock(hdev);
3162 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3164 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3165 struct hci_conn *conn;
3167 BT_DBG("%s", hdev->name);
3171 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3175 /* To avoid duplicate auth_failed events to user space we check
3176 * the HCI_CONN_AUTH_PEND flag which will be set if we
3177 * initiated the authentication. A traditional auth_complete
3178 * event gets always produced as initiator and is also mapped to
3179 * the mgmt_auth_failed event */
3180 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3181 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3187 hci_dev_unlock(hdev);
3190 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3192 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3193 struct inquiry_entry *ie;
3195 BT_DBG("%s", hdev->name);
3199 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3201 ie->data.ssp_mode = (ev->features[0] & 0x01);
3203 hci_dev_unlock(hdev);
3206 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3207 struct sk_buff *skb)
3209 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3210 struct oob_data *data;
3212 BT_DBG("%s", hdev->name);
3216 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3219 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3221 struct hci_cp_remote_oob_data_reply cp;
3223 bacpy(&cp.bdaddr, &ev->bdaddr);
3224 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3225 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3227 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3230 struct hci_cp_remote_oob_data_neg_reply cp;
3232 bacpy(&cp.bdaddr, &ev->bdaddr);
3233 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3238 hci_dev_unlock(hdev);
3241 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3243 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3244 struct hci_conn *conn;
3246 BT_DBG("%s status %d", hdev->name, ev->status);
3250 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3252 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3254 BT_ERR("No memory for new connection");
3255 hci_dev_unlock(hdev);
3259 conn->dst_type = ev->bdaddr_type;
3263 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3264 conn->dst_type, ev->status);
3265 hci_proto_connect_cfm(conn, ev->status);
3266 conn->state = BT_CLOSED;
3271 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3272 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3273 conn->dst_type, NULL, 0, 0);
3275 conn->sec_level = BT_SECURITY_LOW;
3276 conn->handle = __le16_to_cpu(ev->handle);
3277 conn->state = BT_CONNECTED;
3279 hci_conn_hold_device(conn);
3280 hci_conn_add_sysfs(conn);
3282 hci_proto_connect_cfm(conn, ev->status);
3285 hci_dev_unlock(hdev);
3288 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3289 struct sk_buff *skb)
3291 u8 num_reports = skb->data[0];
3292 void *ptr = &skb->data[1];
3297 while (num_reports--) {
3298 struct hci_ev_le_advertising_info *ev = ptr;
3300 hci_add_adv_entry(hdev, ev);
3302 rssi = ev->data[ev->length];
3303 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3304 NULL, rssi, 0, ev->data, ev->length);
3306 ptr += sizeof(*ev) + ev->length + 1;
3309 hci_dev_unlock(hdev);
3312 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3313 struct sk_buff *skb)
3315 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3316 struct hci_cp_le_ltk_reply cp;
3317 struct hci_cp_le_ltk_neg_reply neg;
3318 struct hci_conn *conn;
3319 struct smp_ltk *ltk;
3321 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3329 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3333 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3334 cp.handle = cpu_to_le16(conn->handle);
3336 if (ltk->authenticated)
3337 conn->sec_level = BT_SECURITY_HIGH;
3339 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3341 if (ltk->type & HCI_SMP_STK) {
3342 list_del(<k->list);
3346 hci_dev_unlock(hdev);
3351 neg.handle = ev->handle;
3352 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3353 hci_dev_unlock(hdev);
3356 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3358 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3360 skb_pull(skb, sizeof(*le_ev));
3362 switch (le_ev->subevent) {
3363 case HCI_EV_LE_CONN_COMPLETE:
3364 hci_le_conn_complete_evt(hdev, skb);
3367 case HCI_EV_LE_ADVERTISING_REPORT:
3368 hci_le_adv_report_evt(hdev, skb);
3371 case HCI_EV_LE_LTK_REQ:
3372 hci_le_ltk_request_evt(hdev, skb);
3380 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3382 struct hci_event_hdr *hdr = (void *) skb->data;
3383 __u8 event = hdr->evt;
3385 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3388 case HCI_EV_INQUIRY_COMPLETE:
3389 hci_inquiry_complete_evt(hdev, skb);
3392 case HCI_EV_INQUIRY_RESULT:
3393 hci_inquiry_result_evt(hdev, skb);
3396 case HCI_EV_CONN_COMPLETE:
3397 hci_conn_complete_evt(hdev, skb);
3400 case HCI_EV_CONN_REQUEST:
3401 hci_conn_request_evt(hdev, skb);
3404 case HCI_EV_DISCONN_COMPLETE:
3405 hci_disconn_complete_evt(hdev, skb);
3408 case HCI_EV_AUTH_COMPLETE:
3409 hci_auth_complete_evt(hdev, skb);
3412 case HCI_EV_REMOTE_NAME:
3413 hci_remote_name_evt(hdev, skb);
3416 case HCI_EV_ENCRYPT_CHANGE:
3417 hci_encrypt_change_evt(hdev, skb);
3420 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3421 hci_change_link_key_complete_evt(hdev, skb);
3424 case HCI_EV_REMOTE_FEATURES:
3425 hci_remote_features_evt(hdev, skb);
3428 case HCI_EV_REMOTE_VERSION:
3429 hci_remote_version_evt(hdev, skb);
3432 case HCI_EV_QOS_SETUP_COMPLETE:
3433 hci_qos_setup_complete_evt(hdev, skb);
3436 case HCI_EV_CMD_COMPLETE:
3437 hci_cmd_complete_evt(hdev, skb);
3440 case HCI_EV_CMD_STATUS:
3441 hci_cmd_status_evt(hdev, skb);
3444 case HCI_EV_ROLE_CHANGE:
3445 hci_role_change_evt(hdev, skb);
3448 case HCI_EV_NUM_COMP_PKTS:
3449 hci_num_comp_pkts_evt(hdev, skb);
3452 case HCI_EV_MODE_CHANGE:
3453 hci_mode_change_evt(hdev, skb);
3456 case HCI_EV_PIN_CODE_REQ:
3457 hci_pin_code_request_evt(hdev, skb);
3460 case HCI_EV_LINK_KEY_REQ:
3461 hci_link_key_request_evt(hdev, skb);
3464 case HCI_EV_LINK_KEY_NOTIFY:
3465 hci_link_key_notify_evt(hdev, skb);
3468 case HCI_EV_CLOCK_OFFSET:
3469 hci_clock_offset_evt(hdev, skb);
3472 case HCI_EV_PKT_TYPE_CHANGE:
3473 hci_pkt_type_change_evt(hdev, skb);
3476 case HCI_EV_PSCAN_REP_MODE:
3477 hci_pscan_rep_mode_evt(hdev, skb);
3480 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3481 hci_inquiry_result_with_rssi_evt(hdev, skb);
3484 case HCI_EV_REMOTE_EXT_FEATURES:
3485 hci_remote_ext_features_evt(hdev, skb);
3488 case HCI_EV_SYNC_CONN_COMPLETE:
3489 hci_sync_conn_complete_evt(hdev, skb);
3492 case HCI_EV_SYNC_CONN_CHANGED:
3493 hci_sync_conn_changed_evt(hdev, skb);
3496 case HCI_EV_SNIFF_SUBRATE:
3497 hci_sniff_subrate_evt(hdev, skb);
3500 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3501 hci_extended_inquiry_result_evt(hdev, skb);
3504 case HCI_EV_IO_CAPA_REQUEST:
3505 hci_io_capa_request_evt(hdev, skb);
3508 case HCI_EV_IO_CAPA_REPLY:
3509 hci_io_capa_reply_evt(hdev, skb);
3512 case HCI_EV_USER_CONFIRM_REQUEST:
3513 hci_user_confirm_request_evt(hdev, skb);
3516 case HCI_EV_USER_PASSKEY_REQUEST:
3517 hci_user_passkey_request_evt(hdev, skb);
3520 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3521 hci_simple_pair_complete_evt(hdev, skb);
3524 case HCI_EV_REMOTE_HOST_FEATURES:
3525 hci_remote_host_features_evt(hdev, skb);
3528 case HCI_EV_LE_META:
3529 hci_le_meta_evt(hdev, skb);
3532 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3533 hci_remote_oob_data_request_evt(hdev, skb);
3536 case HCI_EV_NUM_COMP_BLOCKS:
3537 hci_num_comp_blocks_evt(hdev, skb);
3541 BT_DBG("%s event 0x%x", hdev->name, event);
3546 hdev->stat.evt_rx++;
3549 module_param(enable_le, bool, 0644);
3550 MODULE_PARM_DESC(enable_le, "Enable LE support");