2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
63 mgmt_discovering(hdev->id, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 hci_conn_check_pending(hdev);
82 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
84 BT_DBG("%s", hdev->name);
87 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 conn->link_mode &= ~HCI_LM_MASTER;
104 conn->link_mode |= HCI_LM_MASTER;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
184 __u8 status = *((__u8 *) skb->data);
186 BT_DBG("%s status 0x%x", hdev->name, status);
188 clear_bit(HCI_RESET, &hdev->flags);
190 hci_req_complete(hdev, HCI_OP_RESET, status);
193 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
195 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%x", hdev->name, status);
200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev->id, sent, status);
210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
227 __u8 status = *((__u8 *) skb->data);
230 BT_DBG("%s status 0x%x", hdev->name, status);
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 __u8 param = *((__u8 *) sent);
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
242 clear_bit(HCI_AUTH, &hdev->flags);
245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
250 __u8 status = *((__u8 *) skb->data);
253 BT_DBG("%s status 0x%x", hdev->name, status);
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 __u8 param = *((__u8 *) sent);
263 set_bit(HCI_ENCRYPT, &hdev->flags);
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
277 BT_DBG("%s status 0x%x", hdev->name, status);
279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
286 param = *((__u8 *) sent);
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 if (hdev->discov_timeout > 0) {
296 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
297 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
300 } else if (old_iscan)
301 mgmt_discoverable(hdev->id, 0);
303 if (param & SCAN_PAGE) {
304 set_bit(HCI_PSCAN, &hdev->flags);
306 mgmt_connectable(hdev->id, 1);
307 } else if (old_pscan)
308 mgmt_connectable(hdev->id, 0);
311 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
314 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
316 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
318 BT_DBG("%s status 0x%x", hdev->name, rp->status);
323 memcpy(hdev->dev_class, rp->dev_class, 3);
325 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
326 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
329 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
331 __u8 status = *((__u8 *) skb->data);
334 BT_DBG("%s status 0x%x", hdev->name, status);
339 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
343 memcpy(hdev->dev_class, sent, 3);
346 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
348 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
351 BT_DBG("%s status 0x%x", hdev->name, rp->status);
356 setting = __le16_to_cpu(rp->voice_setting);
358 if (hdev->voice_setting == setting)
361 hdev->voice_setting = setting;
363 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
366 tasklet_disable(&hdev->tx_task);
367 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
368 tasklet_enable(&hdev->tx_task);
372 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
374 __u8 status = *((__u8 *) skb->data);
378 BT_DBG("%s status 0x%x", hdev->name, status);
383 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
387 setting = get_unaligned_le16(sent);
389 if (hdev->voice_setting == setting)
392 hdev->voice_setting = setting;
394 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
397 tasklet_disable(&hdev->tx_task);
398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 tasklet_enable(&hdev->tx_task);
403 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
405 __u8 status = *((__u8 *) skb->data);
407 BT_DBG("%s status 0x%x", hdev->name, status);
409 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
412 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
414 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
416 BT_DBG("%s status 0x%x", hdev->name, rp->status);
421 hdev->ssp_mode = rp->mode;
424 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
426 __u8 status = *((__u8 *) skb->data);
429 BT_DBG("%s status 0x%x", hdev->name, status);
434 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
438 hdev->ssp_mode = *((__u8 *) sent);
441 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
443 if (hdev->features[6] & LMP_EXT_INQ)
446 if (hdev->features[3] & LMP_RSSI_INQ)
449 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
450 hdev->lmp_subver == 0x0757)
453 if (hdev->manufacturer == 15) {
454 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
456 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
458 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
462 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
463 hdev->lmp_subver == 0x1805)
469 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
473 mode = hci_get_inquiry_mode(hdev);
475 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
478 static void hci_setup_event_mask(struct hci_dev *hdev)
480 /* The second byte is 0xff instead of 0x9f (two reserved bits
481 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
482 * command otherwise */
483 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
485 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
486 * any event mask for pre 1.2 devices */
487 if (hdev->lmp_ver <= 1)
490 events[4] |= 0x01; /* Flow Specification Complete */
491 events[4] |= 0x02; /* Inquiry Result with RSSI */
492 events[4] |= 0x04; /* Read Remote Extended Features Complete */
493 events[5] |= 0x08; /* Synchronous Connection Complete */
494 events[5] |= 0x10; /* Synchronous Connection Changed */
496 if (hdev->features[3] & LMP_RSSI_INQ)
497 events[4] |= 0x04; /* Inquiry Result with RSSI */
499 if (hdev->features[5] & LMP_SNIFF_SUBR)
500 events[5] |= 0x20; /* Sniff Subrating */
502 if (hdev->features[5] & LMP_PAUSE_ENC)
503 events[5] |= 0x80; /* Encryption Key Refresh Complete */
505 if (hdev->features[6] & LMP_EXT_INQ)
506 events[5] |= 0x40; /* Extended Inquiry Result */
508 if (hdev->features[6] & LMP_NO_FLUSH)
509 events[7] |= 0x01; /* Enhanced Flush Complete */
511 if (hdev->features[7] & LMP_LSTO)
512 events[6] |= 0x80; /* Link Supervision Timeout Changed */
514 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
515 events[6] |= 0x01; /* IO Capability Request */
516 events[6] |= 0x02; /* IO Capability Response */
517 events[6] |= 0x04; /* User Confirmation Request */
518 events[6] |= 0x08; /* User Passkey Request */
519 events[6] |= 0x10; /* Remote OOB Data Request */
520 events[6] |= 0x20; /* Simple Pairing Complete */
521 events[7] |= 0x04; /* User Passkey Notification */
522 events[7] |= 0x08; /* Keypress Notification */
523 events[7] |= 0x10; /* Remote Host Supported
524 * Features Notification */
527 if (hdev->features[4] & LMP_LE)
528 events[7] |= 0x20; /* LE Meta-Event */
530 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
533 static void hci_set_le_support(struct hci_dev *hdev)
535 struct hci_cp_write_le_host_supported cp;
537 memset(&cp, 0, sizeof(cp));
541 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
544 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
547 static void hci_setup(struct hci_dev *hdev)
549 hci_setup_event_mask(hdev);
551 if (hdev->lmp_ver > 1)
552 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
554 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
556 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
559 if (hdev->features[3] & LMP_RSSI_INQ)
560 hci_setup_inquiry_mode(hdev);
562 if (hdev->features[7] & LMP_INQ_TX_PWR)
563 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
565 if (hdev->features[7] & LMP_EXTFEATURES) {
566 struct hci_cp_read_local_ext_features cp;
569 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
573 if (hdev->features[4] & LMP_LE)
574 hci_set_le_support(hdev);
577 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
579 struct hci_rp_read_local_version *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%x", hdev->name, rp->status);
586 hdev->hci_ver = rp->hci_ver;
587 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
588 hdev->lmp_ver = rp->lmp_ver;
589 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
590 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
592 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
594 hdev->hci_ver, hdev->hci_rev);
596 if (test_bit(HCI_INIT, &hdev->flags))
600 static void hci_setup_link_policy(struct hci_dev *hdev)
604 if (hdev->features[0] & LMP_RSWITCH)
605 link_policy |= HCI_LP_RSWITCH;
606 if (hdev->features[0] & LMP_HOLD)
607 link_policy |= HCI_LP_HOLD;
608 if (hdev->features[0] & LMP_SNIFF)
609 link_policy |= HCI_LP_SNIFF;
610 if (hdev->features[1] & LMP_PARK)
611 link_policy |= HCI_LP_PARK;
613 link_policy = cpu_to_le16(link_policy);
614 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
615 sizeof(link_policy), &link_policy);
618 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
620 struct hci_rp_read_local_commands *rp = (void *) skb->data;
622 BT_DBG("%s status 0x%x", hdev->name, rp->status);
627 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
629 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
630 hci_setup_link_policy(hdev);
633 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
636 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
638 struct hci_rp_read_local_features *rp = (void *) skb->data;
640 BT_DBG("%s status 0x%x", hdev->name, rp->status);
645 memcpy(hdev->features, rp->features, 8);
647 /* Adjust default settings according to features
648 * supported by device. */
650 if (hdev->features[0] & LMP_3SLOT)
651 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
653 if (hdev->features[0] & LMP_5SLOT)
654 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
656 if (hdev->features[1] & LMP_HV2) {
657 hdev->pkt_type |= (HCI_HV2);
658 hdev->esco_type |= (ESCO_HV2);
661 if (hdev->features[1] & LMP_HV3) {
662 hdev->pkt_type |= (HCI_HV3);
663 hdev->esco_type |= (ESCO_HV3);
666 if (hdev->features[3] & LMP_ESCO)
667 hdev->esco_type |= (ESCO_EV3);
669 if (hdev->features[4] & LMP_EV4)
670 hdev->esco_type |= (ESCO_EV4);
672 if (hdev->features[4] & LMP_EV5)
673 hdev->esco_type |= (ESCO_EV5);
675 if (hdev->features[5] & LMP_EDR_ESCO_2M)
676 hdev->esco_type |= (ESCO_2EV3);
678 if (hdev->features[5] & LMP_EDR_ESCO_3M)
679 hdev->esco_type |= (ESCO_3EV3);
681 if (hdev->features[5] & LMP_EDR_3S_ESCO)
682 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
684 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
685 hdev->features[0], hdev->features[1],
686 hdev->features[2], hdev->features[3],
687 hdev->features[4], hdev->features[5],
688 hdev->features[6], hdev->features[7]);
691 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
694 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
696 BT_DBG("%s status 0x%x", hdev->name, rp->status);
701 memcpy(hdev->extfeatures, rp->features, 8);
703 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
706 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
708 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
715 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
716 hdev->sco_mtu = rp->sco_mtu;
717 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
718 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
720 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
725 hdev->acl_cnt = hdev->acl_pkts;
726 hdev->sco_cnt = hdev->sco_pkts;
728 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
729 hdev->acl_mtu, hdev->acl_pkts,
730 hdev->sco_mtu, hdev->sco_pkts);
733 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
735 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
737 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740 bacpy(&hdev->bdaddr, &rp->bdaddr);
742 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
745 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
747 __u8 status = *((__u8 *) skb->data);
749 BT_DBG("%s status 0x%x", hdev->name, status);
751 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
754 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
757 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
759 BT_DBG("%s status 0x%x", hdev->name, rp->status);
764 hdev->amp_status = rp->amp_status;
765 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
766 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
767 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
768 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
769 hdev->amp_type = rp->amp_type;
770 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
771 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
772 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
773 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
775 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
778 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
781 __u8 status = *((__u8 *) skb->data);
783 BT_DBG("%s status 0x%x", hdev->name, status);
785 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
788 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
790 __u8 status = *((__u8 *) skb->data);
792 BT_DBG("%s status 0x%x", hdev->name, status);
794 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
797 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
800 __u8 status = *((__u8 *) skb->data);
802 BT_DBG("%s status 0x%x", hdev->name, status);
804 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
807 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
810 __u8 status = *((__u8 *) skb->data);
812 BT_DBG("%s status 0x%x", hdev->name, status);
814 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
817 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
819 __u8 status = *((__u8 *) skb->data);
821 BT_DBG("%s status 0x%x", hdev->name, status);
823 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
826 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
828 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
829 struct hci_cp_pin_code_reply *cp;
830 struct hci_conn *conn;
832 BT_DBG("%s status 0x%x", hdev->name, rp->status);
834 if (test_bit(HCI_MGMT, &hdev->flags))
835 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
840 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
844 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
846 conn->pin_length = cp->pin_len;
849 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
851 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
853 BT_DBG("%s status 0x%x", hdev->name, rp->status);
855 if (test_bit(HCI_MGMT, &hdev->flags))
856 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
859 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
862 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
864 BT_DBG("%s status 0x%x", hdev->name, rp->status);
869 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
870 hdev->le_pkts = rp->le_max_pkt;
872 hdev->le_cnt = hdev->le_pkts;
874 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
876 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
879 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%x", hdev->name, rp->status);
885 if (test_bit(HCI_MGMT, &hdev->flags))
886 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
890 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
893 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
895 BT_DBG("%s status 0x%x", hdev->name, rp->status);
897 if (test_bit(HCI_MGMT, &hdev->flags))
898 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
902 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
905 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
907 BT_DBG("%s status 0x%x", hdev->name, rp->status);
909 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
910 rp->randomizer, rp->status);
913 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
916 struct hci_cp_le_set_scan_enable *cp;
917 __u8 status = *((__u8 *) skb->data);
919 BT_DBG("%s status 0x%x", hdev->name, status);
924 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
928 if (cp->enable == 0x01) {
929 del_timer(&hdev->adv_timer);
932 hci_adv_entries_clear(hdev);
933 hci_dev_unlock(hdev);
934 } else if (cp->enable == 0x00) {
935 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
939 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
941 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
943 BT_DBG("%s status 0x%x", hdev->name, rp->status);
948 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
951 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
953 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
960 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
963 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
966 struct hci_cp_read_local_ext_features cp;
967 __u8 status = *((__u8 *) skb->data);
969 BT_DBG("%s status 0x%x", hdev->name, status);
975 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
978 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
980 BT_DBG("%s status 0x%x", hdev->name, status);
983 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
984 hci_conn_check_pending(hdev);
985 if (test_bit(HCI_MGMT, &hdev->flags))
986 mgmt_inquiry_failed(hdev->id, status);
990 set_bit(HCI_INQUIRY, &hdev->flags);
992 mgmt_discovering(hdev->id, 1);
995 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
997 struct hci_cp_create_conn *cp;
998 struct hci_conn *conn;
1000 BT_DBG("%s status 0x%x", hdev->name, status);
1002 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1010 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1013 if (conn && conn->state == BT_CONNECT) {
1014 if (status != 0x0c || conn->attempt > 2) {
1015 conn->state = BT_CLOSED;
1016 hci_proto_connect_cfm(conn, status);
1019 conn->state = BT_CONNECT2;
1023 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1026 conn->link_mode |= HCI_LM_MASTER;
1028 BT_ERR("No memory for new connection");
1032 hci_dev_unlock(hdev);
1035 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1037 struct hci_cp_add_sco *cp;
1038 struct hci_conn *acl, *sco;
1041 BT_DBG("%s status 0x%x", hdev->name, status);
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1050 handle = __le16_to_cpu(cp->handle);
1052 BT_DBG("%s handle %d", hdev->name, handle);
1056 acl = hci_conn_hash_lookup_handle(hdev, handle);
1060 sco->state = BT_CLOSED;
1062 hci_proto_connect_cfm(sco, status);
1067 hci_dev_unlock(hdev);
1070 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1072 struct hci_cp_auth_requested *cp;
1073 struct hci_conn *conn;
1075 BT_DBG("%s status 0x%x", hdev->name, status);
1080 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1086 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1088 if (conn->state == BT_CONFIG) {
1089 hci_proto_connect_cfm(conn, status);
1094 hci_dev_unlock(hdev);
1097 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1099 struct hci_cp_set_conn_encrypt *cp;
1100 struct hci_conn *conn;
1102 BT_DBG("%s status 0x%x", hdev->name, status);
1107 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1113 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1115 if (conn->state == BT_CONFIG) {
1116 hci_proto_connect_cfm(conn, status);
1121 hci_dev_unlock(hdev);
1124 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1125 struct hci_conn *conn)
1127 if (conn->state != BT_CONFIG || !conn->out)
1130 if (conn->pending_sec_level == BT_SECURITY_SDP)
1133 /* Only request authentication for SSP connections or non-SSP
1134 * devices with sec_level HIGH or if MITM protection is requested */
1135 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1136 conn->pending_sec_level != BT_SECURITY_HIGH &&
1137 !(conn->auth_type & 0x01))
1143 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1145 struct hci_cp_remote_name_req *cp;
1146 struct hci_conn *conn;
1148 BT_DBG("%s status 0x%x", hdev->name, status);
1150 /* If successful wait for the name req complete event before
1151 * checking for the need to do authentication */
1155 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1161 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1165 if (!hci_outgoing_auth_needed(hdev, conn))
1168 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1169 struct hci_cp_auth_requested cp;
1170 cp.handle = __cpu_to_le16(conn->handle);
1171 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1175 hci_dev_unlock(hdev);
1178 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1180 struct hci_cp_read_remote_features *cp;
1181 struct hci_conn *conn;
1183 BT_DBG("%s status 0x%x", hdev->name, status);
1188 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1194 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1196 if (conn->state == BT_CONFIG) {
1197 hci_proto_connect_cfm(conn, status);
1202 hci_dev_unlock(hdev);
1205 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1207 struct hci_cp_read_remote_ext_features *cp;
1208 struct hci_conn *conn;
1210 BT_DBG("%s status 0x%x", hdev->name, status);
1215 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1221 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1223 if (conn->state == BT_CONFIG) {
1224 hci_proto_connect_cfm(conn, status);
1229 hci_dev_unlock(hdev);
1232 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1234 struct hci_cp_setup_sync_conn *cp;
1235 struct hci_conn *acl, *sco;
1238 BT_DBG("%s status 0x%x", hdev->name, status);
1243 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1247 handle = __le16_to_cpu(cp->handle);
1249 BT_DBG("%s handle %d", hdev->name, handle);
1253 acl = hci_conn_hash_lookup_handle(hdev, handle);
1257 sco->state = BT_CLOSED;
1259 hci_proto_connect_cfm(sco, status);
1264 hci_dev_unlock(hdev);
1267 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1269 struct hci_cp_sniff_mode *cp;
1270 struct hci_conn *conn;
1272 BT_DBG("%s status 0x%x", hdev->name, status);
1277 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1283 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1285 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1287 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1288 hci_sco_setup(conn, status);
1291 hci_dev_unlock(hdev);
1294 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1296 struct hci_cp_exit_sniff_mode *cp;
1297 struct hci_conn *conn;
1299 BT_DBG("%s status 0x%x", hdev->name, status);
1304 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1310 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1312 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1314 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1315 hci_sco_setup(conn, status);
1318 hci_dev_unlock(hdev);
1321 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1323 struct hci_cp_le_create_conn *cp;
1324 struct hci_conn *conn;
1326 BT_DBG("%s status 0x%x", hdev->name, status);
1328 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1334 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1336 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1340 if (conn && conn->state == BT_CONNECT) {
1341 conn->state = BT_CLOSED;
1342 hci_proto_connect_cfm(conn, status);
1347 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1349 conn->dst_type = cp->peer_addr_type;
1352 BT_ERR("No memory for new connection");
1357 hci_dev_unlock(hdev);
1360 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1362 BT_DBG("%s status 0x%x", hdev->name, status);
1365 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1367 __u8 status = *((__u8 *) skb->data);
1369 BT_DBG("%s status %d", hdev->name, status);
1371 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1373 hci_conn_check_pending(hdev);
1375 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1378 mgmt_discovering(hdev->id, 0);
1381 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1383 struct inquiry_data data;
1384 struct inquiry_info *info = (void *) (skb->data + 1);
1385 int num_rsp = *((__u8 *) skb->data);
1387 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1394 for (; num_rsp; num_rsp--, info++) {
1395 bacpy(&data.bdaddr, &info->bdaddr);
1396 data.pscan_rep_mode = info->pscan_rep_mode;
1397 data.pscan_period_mode = info->pscan_period_mode;
1398 data.pscan_mode = info->pscan_mode;
1399 memcpy(data.dev_class, info->dev_class, 3);
1400 data.clock_offset = info->clock_offset;
1402 data.ssp_mode = 0x00;
1403 hci_inquiry_cache_update(hdev, &data);
1404 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1408 hci_dev_unlock(hdev);
1411 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1413 struct hci_ev_conn_complete *ev = (void *) skb->data;
1414 struct hci_conn *conn;
1416 BT_DBG("%s", hdev->name);
1420 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1422 if (ev->link_type != SCO_LINK)
1425 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1429 conn->type = SCO_LINK;
1433 conn->handle = __le16_to_cpu(ev->handle);
1435 if (conn->type == ACL_LINK) {
1436 conn->state = BT_CONFIG;
1437 hci_conn_hold(conn);
1438 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1439 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
1441 conn->state = BT_CONNECTED;
1443 hci_conn_hold_device(conn);
1444 hci_conn_add_sysfs(conn);
1446 if (test_bit(HCI_AUTH, &hdev->flags))
1447 conn->link_mode |= HCI_LM_AUTH;
1449 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1450 conn->link_mode |= HCI_LM_ENCRYPT;
1452 /* Get remote features */
1453 if (conn->type == ACL_LINK) {
1454 struct hci_cp_read_remote_features cp;
1455 cp.handle = ev->handle;
1456 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1460 /* Set packet type for incoming connection */
1461 if (!conn->out && hdev->hci_ver < 3) {
1462 struct hci_cp_change_conn_ptype cp;
1463 cp.handle = ev->handle;
1464 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1465 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1469 conn->state = BT_CLOSED;
1470 if (conn->type == ACL_LINK)
1471 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1474 if (conn->type == ACL_LINK)
1475 hci_sco_setup(conn, ev->status);
1478 hci_proto_connect_cfm(conn, ev->status);
1480 } else if (ev->link_type != ACL_LINK)
1481 hci_proto_connect_cfm(conn, ev->status);
1484 hci_dev_unlock(hdev);
1486 hci_conn_check_pending(hdev);
1489 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1491 struct hci_ev_conn_request *ev = (void *) skb->data;
1492 int mask = hdev->link_mode;
1494 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1495 batostr(&ev->bdaddr), ev->link_type);
1497 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1499 if ((mask & HCI_LM_ACCEPT) &&
1500 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1501 /* Connection accepted */
1502 struct inquiry_entry *ie;
1503 struct hci_conn *conn;
1507 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1509 memcpy(ie->data.dev_class, ev->dev_class, 3);
1511 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1513 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1515 BT_ERR("No memory for new connection");
1516 hci_dev_unlock(hdev);
1521 memcpy(conn->dev_class, ev->dev_class, 3);
1522 conn->state = BT_CONNECT;
1524 hci_dev_unlock(hdev);
1526 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1527 struct hci_cp_accept_conn_req cp;
1529 bacpy(&cp.bdaddr, &ev->bdaddr);
1531 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1532 cp.role = 0x00; /* Become master */
1534 cp.role = 0x01; /* Remain slave */
1536 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1539 struct hci_cp_accept_sync_conn_req cp;
1541 bacpy(&cp.bdaddr, &ev->bdaddr);
1542 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1544 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1545 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1546 cp.max_latency = cpu_to_le16(0xffff);
1547 cp.content_format = cpu_to_le16(hdev->voice_setting);
1548 cp.retrans_effort = 0xff;
1550 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1554 /* Connection rejected */
1555 struct hci_cp_reject_conn_req cp;
1557 bacpy(&cp.bdaddr, &ev->bdaddr);
1558 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1559 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1563 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1565 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1566 struct hci_conn *conn;
1568 BT_DBG("%s status %d", hdev->name, ev->status);
1571 mgmt_disconnect_failed(hdev->id);
1577 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1581 conn->state = BT_CLOSED;
1583 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1584 mgmt_disconnected(hdev->id, &conn->dst);
1586 hci_proto_disconn_cfm(conn, ev->reason);
1590 hci_dev_unlock(hdev);
1593 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1595 struct hci_ev_auth_complete *ev = (void *) skb->data;
1596 struct hci_conn *conn;
1598 BT_DBG("%s status %d", hdev->name, ev->status);
1602 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1607 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1608 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1609 BT_INFO("re-auth of legacy device is not possible.");
1611 conn->link_mode |= HCI_LM_AUTH;
1612 conn->sec_level = conn->pending_sec_level;
1615 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1618 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1619 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1621 if (conn->state == BT_CONFIG) {
1622 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1623 struct hci_cp_set_conn_encrypt cp;
1624 cp.handle = ev->handle;
1626 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1629 conn->state = BT_CONNECTED;
1630 hci_proto_connect_cfm(conn, ev->status);
1634 hci_auth_cfm(conn, ev->status);
1636 hci_conn_hold(conn);
1637 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1641 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1643 struct hci_cp_set_conn_encrypt cp;
1644 cp.handle = ev->handle;
1646 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1649 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1650 hci_encrypt_cfm(conn, ev->status, 0x00);
1655 hci_dev_unlock(hdev);
1658 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1660 struct hci_ev_remote_name *ev = (void *) skb->data;
1661 struct hci_conn *conn;
1663 BT_DBG("%s", hdev->name);
1665 hci_conn_check_pending(hdev);
1669 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1670 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1672 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1676 if (!hci_outgoing_auth_needed(hdev, conn))
1679 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1680 struct hci_cp_auth_requested cp;
1681 cp.handle = __cpu_to_le16(conn->handle);
1682 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1686 hci_dev_unlock(hdev);
1689 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1691 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1692 struct hci_conn *conn;
1694 BT_DBG("%s status %d", hdev->name, ev->status);
1698 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1702 /* Encryption implies authentication */
1703 conn->link_mode |= HCI_LM_AUTH;
1704 conn->link_mode |= HCI_LM_ENCRYPT;
1705 conn->sec_level = conn->pending_sec_level;
1707 conn->link_mode &= ~HCI_LM_ENCRYPT;
1710 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1712 if (conn->state == BT_CONFIG) {
1714 conn->state = BT_CONNECTED;
1716 hci_proto_connect_cfm(conn, ev->status);
1719 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1722 hci_dev_unlock(hdev);
1725 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1728 struct hci_conn *conn;
1730 BT_DBG("%s status %d", hdev->name, ev->status);
1734 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1737 conn->link_mode |= HCI_LM_SECURE;
1739 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1741 hci_key_change_cfm(conn, ev->status);
1744 hci_dev_unlock(hdev);
1747 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1749 struct hci_ev_remote_features *ev = (void *) skb->data;
1750 struct hci_conn *conn;
1752 BT_DBG("%s status %d", hdev->name, ev->status);
1756 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1761 memcpy(conn->features, ev->features, 8);
1763 if (conn->state != BT_CONFIG)
1766 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1767 struct hci_cp_read_remote_ext_features cp;
1768 cp.handle = ev->handle;
1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1776 struct hci_cp_remote_name_req cp;
1777 memset(&cp, 0, sizeof(cp));
1778 bacpy(&cp.bdaddr, &conn->dst);
1779 cp.pscan_rep_mode = 0x02;
1780 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1783 if (!hci_outgoing_auth_needed(hdev, conn)) {
1784 conn->state = BT_CONNECTED;
1785 hci_proto_connect_cfm(conn, ev->status);
1790 hci_dev_unlock(hdev);
1793 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1795 BT_DBG("%s", hdev->name);
1798 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1800 BT_DBG("%s", hdev->name);
1803 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1805 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1808 skb_pull(skb, sizeof(*ev));
1810 opcode = __le16_to_cpu(ev->opcode);
1813 case HCI_OP_INQUIRY_CANCEL:
1814 hci_cc_inquiry_cancel(hdev, skb);
1817 case HCI_OP_EXIT_PERIODIC_INQ:
1818 hci_cc_exit_periodic_inq(hdev, skb);
1821 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1822 hci_cc_remote_name_req_cancel(hdev, skb);
1825 case HCI_OP_ROLE_DISCOVERY:
1826 hci_cc_role_discovery(hdev, skb);
1829 case HCI_OP_READ_LINK_POLICY:
1830 hci_cc_read_link_policy(hdev, skb);
1833 case HCI_OP_WRITE_LINK_POLICY:
1834 hci_cc_write_link_policy(hdev, skb);
1837 case HCI_OP_READ_DEF_LINK_POLICY:
1838 hci_cc_read_def_link_policy(hdev, skb);
1841 case HCI_OP_WRITE_DEF_LINK_POLICY:
1842 hci_cc_write_def_link_policy(hdev, skb);
1846 hci_cc_reset(hdev, skb);
1849 case HCI_OP_WRITE_LOCAL_NAME:
1850 hci_cc_write_local_name(hdev, skb);
1853 case HCI_OP_READ_LOCAL_NAME:
1854 hci_cc_read_local_name(hdev, skb);
1857 case HCI_OP_WRITE_AUTH_ENABLE:
1858 hci_cc_write_auth_enable(hdev, skb);
1861 case HCI_OP_WRITE_ENCRYPT_MODE:
1862 hci_cc_write_encrypt_mode(hdev, skb);
1865 case HCI_OP_WRITE_SCAN_ENABLE:
1866 hci_cc_write_scan_enable(hdev, skb);
1869 case HCI_OP_READ_CLASS_OF_DEV:
1870 hci_cc_read_class_of_dev(hdev, skb);
1873 case HCI_OP_WRITE_CLASS_OF_DEV:
1874 hci_cc_write_class_of_dev(hdev, skb);
1877 case HCI_OP_READ_VOICE_SETTING:
1878 hci_cc_read_voice_setting(hdev, skb);
1881 case HCI_OP_WRITE_VOICE_SETTING:
1882 hci_cc_write_voice_setting(hdev, skb);
1885 case HCI_OP_HOST_BUFFER_SIZE:
1886 hci_cc_host_buffer_size(hdev, skb);
1889 case HCI_OP_READ_SSP_MODE:
1890 hci_cc_read_ssp_mode(hdev, skb);
1893 case HCI_OP_WRITE_SSP_MODE:
1894 hci_cc_write_ssp_mode(hdev, skb);
1897 case HCI_OP_READ_LOCAL_VERSION:
1898 hci_cc_read_local_version(hdev, skb);
1901 case HCI_OP_READ_LOCAL_COMMANDS:
1902 hci_cc_read_local_commands(hdev, skb);
1905 case HCI_OP_READ_LOCAL_FEATURES:
1906 hci_cc_read_local_features(hdev, skb);
1909 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1910 hci_cc_read_local_ext_features(hdev, skb);
1913 case HCI_OP_READ_BUFFER_SIZE:
1914 hci_cc_read_buffer_size(hdev, skb);
1917 case HCI_OP_READ_BD_ADDR:
1918 hci_cc_read_bd_addr(hdev, skb);
1921 case HCI_OP_WRITE_CA_TIMEOUT:
1922 hci_cc_write_ca_timeout(hdev, skb);
1925 case HCI_OP_READ_LOCAL_AMP_INFO:
1926 hci_cc_read_local_amp_info(hdev, skb);
1929 case HCI_OP_DELETE_STORED_LINK_KEY:
1930 hci_cc_delete_stored_link_key(hdev, skb);
1933 case HCI_OP_SET_EVENT_MASK:
1934 hci_cc_set_event_mask(hdev, skb);
1937 case HCI_OP_WRITE_INQUIRY_MODE:
1938 hci_cc_write_inquiry_mode(hdev, skb);
1941 case HCI_OP_READ_INQ_RSP_TX_POWER:
1942 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1945 case HCI_OP_SET_EVENT_FLT:
1946 hci_cc_set_event_flt(hdev, skb);
1949 case HCI_OP_PIN_CODE_REPLY:
1950 hci_cc_pin_code_reply(hdev, skb);
1953 case HCI_OP_PIN_CODE_NEG_REPLY:
1954 hci_cc_pin_code_neg_reply(hdev, skb);
1957 case HCI_OP_READ_LOCAL_OOB_DATA:
1958 hci_cc_read_local_oob_data_reply(hdev, skb);
1961 case HCI_OP_LE_READ_BUFFER_SIZE:
1962 hci_cc_le_read_buffer_size(hdev, skb);
1965 case HCI_OP_USER_CONFIRM_REPLY:
1966 hci_cc_user_confirm_reply(hdev, skb);
1969 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1970 hci_cc_user_confirm_neg_reply(hdev, skb);
1973 case HCI_OP_LE_SET_SCAN_ENABLE:
1974 hci_cc_le_set_scan_enable(hdev, skb);
1977 case HCI_OP_LE_LTK_REPLY:
1978 hci_cc_le_ltk_reply(hdev, skb);
1981 case HCI_OP_LE_LTK_NEG_REPLY:
1982 hci_cc_le_ltk_neg_reply(hdev, skb);
1985 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1986 hci_cc_write_le_host_supported(hdev, skb);
1990 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1994 if (ev->opcode != HCI_OP_NOP)
1995 del_timer(&hdev->cmd_timer);
1998 atomic_set(&hdev->cmd_cnt, 1);
1999 if (!skb_queue_empty(&hdev->cmd_q))
2000 tasklet_schedule(&hdev->cmd_task);
2004 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2006 struct hci_ev_cmd_status *ev = (void *) skb->data;
2009 skb_pull(skb, sizeof(*ev));
2011 opcode = __le16_to_cpu(ev->opcode);
2014 case HCI_OP_INQUIRY:
2015 hci_cs_inquiry(hdev, ev->status);
2018 case HCI_OP_CREATE_CONN:
2019 hci_cs_create_conn(hdev, ev->status);
2022 case HCI_OP_ADD_SCO:
2023 hci_cs_add_sco(hdev, ev->status);
2026 case HCI_OP_AUTH_REQUESTED:
2027 hci_cs_auth_requested(hdev, ev->status);
2030 case HCI_OP_SET_CONN_ENCRYPT:
2031 hci_cs_set_conn_encrypt(hdev, ev->status);
2034 case HCI_OP_REMOTE_NAME_REQ:
2035 hci_cs_remote_name_req(hdev, ev->status);
2038 case HCI_OP_READ_REMOTE_FEATURES:
2039 hci_cs_read_remote_features(hdev, ev->status);
2042 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2043 hci_cs_read_remote_ext_features(hdev, ev->status);
2046 case HCI_OP_SETUP_SYNC_CONN:
2047 hci_cs_setup_sync_conn(hdev, ev->status);
2050 case HCI_OP_SNIFF_MODE:
2051 hci_cs_sniff_mode(hdev, ev->status);
2054 case HCI_OP_EXIT_SNIFF_MODE:
2055 hci_cs_exit_sniff_mode(hdev, ev->status);
2058 case HCI_OP_DISCONNECT:
2059 if (ev->status != 0)
2060 mgmt_disconnect_failed(hdev->id);
2063 case HCI_OP_LE_CREATE_CONN:
2064 hci_cs_le_create_conn(hdev, ev->status);
2067 case HCI_OP_LE_START_ENC:
2068 hci_cs_le_start_enc(hdev, ev->status);
2072 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2076 if (ev->opcode != HCI_OP_NOP)
2077 del_timer(&hdev->cmd_timer);
2079 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2080 atomic_set(&hdev->cmd_cnt, 1);
2081 if (!skb_queue_empty(&hdev->cmd_q))
2082 tasklet_schedule(&hdev->cmd_task);
2086 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2088 struct hci_ev_role_change *ev = (void *) skb->data;
2089 struct hci_conn *conn;
2091 BT_DBG("%s status %d", hdev->name, ev->status);
2095 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2099 conn->link_mode &= ~HCI_LM_MASTER;
2101 conn->link_mode |= HCI_LM_MASTER;
2104 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2106 hci_role_switch_cfm(conn, ev->status, ev->role);
2109 hci_dev_unlock(hdev);
2112 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2114 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2118 skb_pull(skb, sizeof(*ev));
2120 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2122 if (skb->len < ev->num_hndl * 4) {
2123 BT_DBG("%s bad parameters", hdev->name);
2127 tasklet_disable(&hdev->tx_task);
2129 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2130 struct hci_conn *conn;
2131 __u16 handle, count;
2133 handle = get_unaligned_le16(ptr++);
2134 count = get_unaligned_le16(ptr++);
2136 conn = hci_conn_hash_lookup_handle(hdev, handle);
2138 conn->sent -= count;
2140 if (conn->type == ACL_LINK) {
2141 hdev->acl_cnt += count;
2142 if (hdev->acl_cnt > hdev->acl_pkts)
2143 hdev->acl_cnt = hdev->acl_pkts;
2144 } else if (conn->type == LE_LINK) {
2145 if (hdev->le_pkts) {
2146 hdev->le_cnt += count;
2147 if (hdev->le_cnt > hdev->le_pkts)
2148 hdev->le_cnt = hdev->le_pkts;
2150 hdev->acl_cnt += count;
2151 if (hdev->acl_cnt > hdev->acl_pkts)
2152 hdev->acl_cnt = hdev->acl_pkts;
2155 hdev->sco_cnt += count;
2156 if (hdev->sco_cnt > hdev->sco_pkts)
2157 hdev->sco_cnt = hdev->sco_pkts;
2162 tasklet_schedule(&hdev->tx_task);
2164 tasklet_enable(&hdev->tx_task);
2167 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2169 struct hci_ev_mode_change *ev = (void *) skb->data;
2170 struct hci_conn *conn;
2172 BT_DBG("%s status %d", hdev->name, ev->status);
2176 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2178 conn->mode = ev->mode;
2179 conn->interval = __le16_to_cpu(ev->interval);
2181 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2182 if (conn->mode == HCI_CM_ACTIVE)
2183 conn->power_save = 1;
2185 conn->power_save = 0;
2188 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2189 hci_sco_setup(conn, ev->status);
2192 hci_dev_unlock(hdev);
2195 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2197 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2198 struct hci_conn *conn;
2200 BT_DBG("%s", hdev->name);
2204 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2208 if (conn->state == BT_CONNECTED) {
2209 hci_conn_hold(conn);
2210 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2214 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2215 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2216 sizeof(ev->bdaddr), &ev->bdaddr);
2217 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2220 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2225 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2229 hci_dev_unlock(hdev);
2232 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2234 struct hci_ev_link_key_req *ev = (void *) skb->data;
2235 struct hci_cp_link_key_reply cp;
2236 struct hci_conn *conn;
2237 struct link_key *key;
2239 BT_DBG("%s", hdev->name);
2241 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2246 key = hci_find_link_key(hdev, &ev->bdaddr);
2248 BT_DBG("%s link key not found for %s", hdev->name,
2249 batostr(&ev->bdaddr));
2253 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2254 batostr(&ev->bdaddr));
2256 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2257 key->type == HCI_LK_DEBUG_COMBINATION) {
2258 BT_DBG("%s ignoring debug key", hdev->name);
2262 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2264 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2265 conn->auth_type != 0xff &&
2266 (conn->auth_type & 0x01)) {
2267 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2271 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2272 conn->pending_sec_level == BT_SECURITY_HIGH) {
2273 BT_DBG("%s ignoring key unauthenticated for high \
2274 security", hdev->name);
2278 conn->key_type = key->type;
2279 conn->pin_length = key->pin_len;
2282 bacpy(&cp.bdaddr, &ev->bdaddr);
2283 memcpy(cp.link_key, key->val, 16);
2285 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2287 hci_dev_unlock(hdev);
2292 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2293 hci_dev_unlock(hdev);
2296 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2298 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2299 struct hci_conn *conn;
2302 BT_DBG("%s", hdev->name);
2306 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2308 hci_conn_hold(conn);
2309 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2310 pin_len = conn->pin_length;
2312 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2313 conn->key_type = ev->key_type;
2318 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2319 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2320 ev->key_type, pin_len);
2322 hci_dev_unlock(hdev);
2325 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2327 struct hci_ev_clock_offset *ev = (void *) skb->data;
2328 struct hci_conn *conn;
2330 BT_DBG("%s status %d", hdev->name, ev->status);
2334 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2335 if (conn && !ev->status) {
2336 struct inquiry_entry *ie;
2338 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2340 ie->data.clock_offset = ev->clock_offset;
2341 ie->timestamp = jiffies;
2345 hci_dev_unlock(hdev);
2348 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2350 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2351 struct hci_conn *conn;
2353 BT_DBG("%s status %d", hdev->name, ev->status);
2357 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2358 if (conn && !ev->status)
2359 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2361 hci_dev_unlock(hdev);
2364 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2366 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2367 struct inquiry_entry *ie;
2369 BT_DBG("%s", hdev->name);
2373 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2375 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2376 ie->timestamp = jiffies;
2379 hci_dev_unlock(hdev);
2382 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2384 struct inquiry_data data;
2385 int num_rsp = *((__u8 *) skb->data);
2387 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2394 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2395 struct inquiry_info_with_rssi_and_pscan_mode *info;
2396 info = (void *) (skb->data + 1);
2398 for (; num_rsp; num_rsp--, info++) {
2399 bacpy(&data.bdaddr, &info->bdaddr);
2400 data.pscan_rep_mode = info->pscan_rep_mode;
2401 data.pscan_period_mode = info->pscan_period_mode;
2402 data.pscan_mode = info->pscan_mode;
2403 memcpy(data.dev_class, info->dev_class, 3);
2404 data.clock_offset = info->clock_offset;
2405 data.rssi = info->rssi;
2406 data.ssp_mode = 0x00;
2407 hci_inquiry_cache_update(hdev, &data);
2408 mgmt_device_found(hdev->id, &info->bdaddr,
2409 info->dev_class, info->rssi,
2413 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2415 for (; num_rsp; num_rsp--, info++) {
2416 bacpy(&data.bdaddr, &info->bdaddr);
2417 data.pscan_rep_mode = info->pscan_rep_mode;
2418 data.pscan_period_mode = info->pscan_period_mode;
2419 data.pscan_mode = 0x00;
2420 memcpy(data.dev_class, info->dev_class, 3);
2421 data.clock_offset = info->clock_offset;
2422 data.rssi = info->rssi;
2423 data.ssp_mode = 0x00;
2424 hci_inquiry_cache_update(hdev, &data);
2425 mgmt_device_found(hdev->id, &info->bdaddr,
2426 info->dev_class, info->rssi,
2431 hci_dev_unlock(hdev);
2434 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2436 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2437 struct hci_conn *conn;
2439 BT_DBG("%s", hdev->name);
2443 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2447 if (!ev->status && ev->page == 0x01) {
2448 struct inquiry_entry *ie;
2450 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2452 ie->data.ssp_mode = (ev->features[0] & 0x01);
2454 conn->ssp_mode = (ev->features[0] & 0x01);
2457 if (conn->state != BT_CONFIG)
2461 struct hci_cp_remote_name_req cp;
2462 memset(&cp, 0, sizeof(cp));
2463 bacpy(&cp.bdaddr, &conn->dst);
2464 cp.pscan_rep_mode = 0x02;
2465 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2468 if (!hci_outgoing_auth_needed(hdev, conn)) {
2469 conn->state = BT_CONNECTED;
2470 hci_proto_connect_cfm(conn, ev->status);
2475 hci_dev_unlock(hdev);
2478 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2480 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2481 struct hci_conn *conn;
2483 BT_DBG("%s status %d", hdev->name, ev->status);
2487 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2489 if (ev->link_type == ESCO_LINK)
2492 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2496 conn->type = SCO_LINK;
2499 switch (ev->status) {
2501 conn->handle = __le16_to_cpu(ev->handle);
2502 conn->state = BT_CONNECTED;
2504 hci_conn_hold_device(conn);
2505 hci_conn_add_sysfs(conn);
2508 case 0x11: /* Unsupported Feature or Parameter Value */
2509 case 0x1c: /* SCO interval rejected */
2510 case 0x1a: /* Unsupported Remote Feature */
2511 case 0x1f: /* Unspecified error */
2512 if (conn->out && conn->attempt < 2) {
2513 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2514 (hdev->esco_type & EDR_ESCO_MASK);
2515 hci_setup_sync(conn, conn->link->handle);
2521 conn->state = BT_CLOSED;
2525 hci_proto_connect_cfm(conn, ev->status);
2530 hci_dev_unlock(hdev);
2533 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2535 BT_DBG("%s", hdev->name);
2538 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2540 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2542 BT_DBG("%s status %d", hdev->name, ev->status);
2545 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2547 struct inquiry_data data;
2548 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2549 int num_rsp = *((__u8 *) skb->data);
2551 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2558 for (; num_rsp; num_rsp--, info++) {
2559 bacpy(&data.bdaddr, &info->bdaddr);
2560 data.pscan_rep_mode = info->pscan_rep_mode;
2561 data.pscan_period_mode = info->pscan_period_mode;
2562 data.pscan_mode = 0x00;
2563 memcpy(data.dev_class, info->dev_class, 3);
2564 data.clock_offset = info->clock_offset;
2565 data.rssi = info->rssi;
2566 data.ssp_mode = 0x01;
2567 hci_inquiry_cache_update(hdev, &data);
2568 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2569 info->rssi, info->data);
2572 hci_dev_unlock(hdev);
2575 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2577 /* If remote requests dedicated bonding follow that lead */
2578 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2579 /* If both remote and local IO capabilities allow MITM
2580 * protection then require it, otherwise don't */
2581 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2587 /* If remote requests no-bonding follow that lead */
2588 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2589 return conn->remote_auth | (conn->auth_type & 0x01);
2591 return conn->auth_type;
2594 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2596 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2597 struct hci_conn *conn;
2599 BT_DBG("%s", hdev->name);
2603 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2607 hci_conn_hold(conn);
2609 if (!test_bit(HCI_MGMT, &hdev->flags))
2612 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2613 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2614 struct hci_cp_io_capability_reply cp;
2616 bacpy(&cp.bdaddr, &ev->bdaddr);
2617 cp.capability = conn->io_capability;
2618 conn->auth_type = hci_get_auth_req(conn);
2619 cp.authentication = conn->auth_type;
2621 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2622 hci_find_remote_oob_data(hdev, &conn->dst))
2627 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2630 struct hci_cp_io_capability_neg_reply cp;
2632 bacpy(&cp.bdaddr, &ev->bdaddr);
2633 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2635 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2640 hci_dev_unlock(hdev);
2643 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2646 struct hci_conn *conn;
2648 BT_DBG("%s", hdev->name);
2652 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2656 conn->remote_cap = ev->capability;
2657 conn->remote_oob = ev->oob_data;
2658 conn->remote_auth = ev->authentication;
2661 hci_dev_unlock(hdev);
2664 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2665 struct sk_buff *skb)
2667 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2668 int loc_mitm, rem_mitm, confirm_hint = 0;
2669 struct hci_conn *conn;
2671 BT_DBG("%s", hdev->name);
2675 if (!test_bit(HCI_MGMT, &hdev->flags))
2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2682 loc_mitm = (conn->auth_type & 0x01);
2683 rem_mitm = (conn->remote_auth & 0x01);
2685 /* If we require MITM but the remote device can't provide that
2686 * (it has NoInputNoOutput) then reject the confirmation
2687 * request. The only exception is when we're dedicated bonding
2688 * initiators (connect_cfm_cb set) since then we always have the MITM
2690 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2691 BT_DBG("Rejecting request: remote device can't provide MITM");
2692 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2693 sizeof(ev->bdaddr), &ev->bdaddr);
2697 /* If no side requires MITM protection; auto-accept */
2698 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2699 (!rem_mitm || conn->io_capability == 0x03)) {
2701 /* If we're not the initiators request authorization to
2702 * proceed from user space (mgmt_user_confirm with
2703 * confirm_hint set to 1). */
2704 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2705 BT_DBG("Confirming auto-accept as acceptor");
2710 BT_DBG("Auto-accept of user confirmation with %ums delay",
2711 hdev->auto_accept_delay);
2713 if (hdev->auto_accept_delay > 0) {
2714 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2715 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2719 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2720 sizeof(ev->bdaddr), &ev->bdaddr);
2725 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2729 hci_dev_unlock(hdev);
2732 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2734 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2735 struct hci_conn *conn;
2737 BT_DBG("%s", hdev->name);
2741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2745 /* To avoid duplicate auth_failed events to user space we check
2746 * the HCI_CONN_AUTH_PEND flag which will be set if we
2747 * initiated the authentication. A traditional auth_complete
2748 * event gets always produced as initiator and is also mapped to
2749 * the mgmt_auth_failed event */
2750 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2751 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2756 hci_dev_unlock(hdev);
2759 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2761 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2762 struct inquiry_entry *ie;
2764 BT_DBG("%s", hdev->name);
2768 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2770 ie->data.ssp_mode = (ev->features[0] & 0x01);
2772 hci_dev_unlock(hdev);
2775 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2776 struct sk_buff *skb)
2778 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2779 struct oob_data *data;
2781 BT_DBG("%s", hdev->name);
2785 if (!test_bit(HCI_MGMT, &hdev->flags))
2788 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2790 struct hci_cp_remote_oob_data_reply cp;
2792 bacpy(&cp.bdaddr, &ev->bdaddr);
2793 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2794 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2796 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2799 struct hci_cp_remote_oob_data_neg_reply cp;
2801 bacpy(&cp.bdaddr, &ev->bdaddr);
2802 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2807 hci_dev_unlock(hdev);
2810 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2812 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2813 struct hci_conn *conn;
2815 BT_DBG("%s status %d", hdev->name, ev->status);
2819 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2821 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2823 BT_ERR("No memory for new connection");
2824 hci_dev_unlock(hdev);
2828 conn->dst_type = ev->bdaddr_type;
2832 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2833 hci_proto_connect_cfm(conn, ev->status);
2834 conn->state = BT_CLOSED;
2839 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
2841 conn->sec_level = BT_SECURITY_LOW;
2842 conn->handle = __le16_to_cpu(ev->handle);
2843 conn->state = BT_CONNECTED;
2845 hci_conn_hold_device(conn);
2846 hci_conn_add_sysfs(conn);
2848 hci_proto_connect_cfm(conn, ev->status);
2851 hci_dev_unlock(hdev);
2854 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2855 struct sk_buff *skb)
2857 u8 num_reports = skb->data[0];
2858 void *ptr = &skb->data[1];
2862 while (num_reports--) {
2863 struct hci_ev_le_advertising_info *ev = ptr;
2865 hci_add_adv_entry(hdev, ev);
2867 ptr += sizeof(*ev) + ev->length + 1;
2870 hci_dev_unlock(hdev);
2873 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2874 struct sk_buff *skb)
2876 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2877 struct hci_cp_le_ltk_reply cp;
2878 struct hci_cp_le_ltk_neg_reply neg;
2879 struct hci_conn *conn;
2880 struct link_key *ltk;
2882 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2886 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2890 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2894 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2895 cp.handle = cpu_to_le16(conn->handle);
2896 conn->pin_length = ltk->pin_len;
2898 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2900 hci_dev_unlock(hdev);
2905 neg.handle = ev->handle;
2906 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2907 hci_dev_unlock(hdev);
2910 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2912 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2914 skb_pull(skb, sizeof(*le_ev));
2916 switch (le_ev->subevent) {
2917 case HCI_EV_LE_CONN_COMPLETE:
2918 hci_le_conn_complete_evt(hdev, skb);
2921 case HCI_EV_LE_ADVERTISING_REPORT:
2922 hci_le_adv_report_evt(hdev, skb);
2925 case HCI_EV_LE_LTK_REQ:
2926 hci_le_ltk_request_evt(hdev, skb);
2934 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2936 struct hci_event_hdr *hdr = (void *) skb->data;
2937 __u8 event = hdr->evt;
2939 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2942 case HCI_EV_INQUIRY_COMPLETE:
2943 hci_inquiry_complete_evt(hdev, skb);
2946 case HCI_EV_INQUIRY_RESULT:
2947 hci_inquiry_result_evt(hdev, skb);
2950 case HCI_EV_CONN_COMPLETE:
2951 hci_conn_complete_evt(hdev, skb);
2954 case HCI_EV_CONN_REQUEST:
2955 hci_conn_request_evt(hdev, skb);
2958 case HCI_EV_DISCONN_COMPLETE:
2959 hci_disconn_complete_evt(hdev, skb);
2962 case HCI_EV_AUTH_COMPLETE:
2963 hci_auth_complete_evt(hdev, skb);
2966 case HCI_EV_REMOTE_NAME:
2967 hci_remote_name_evt(hdev, skb);
2970 case HCI_EV_ENCRYPT_CHANGE:
2971 hci_encrypt_change_evt(hdev, skb);
2974 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2975 hci_change_link_key_complete_evt(hdev, skb);
2978 case HCI_EV_REMOTE_FEATURES:
2979 hci_remote_features_evt(hdev, skb);
2982 case HCI_EV_REMOTE_VERSION:
2983 hci_remote_version_evt(hdev, skb);
2986 case HCI_EV_QOS_SETUP_COMPLETE:
2987 hci_qos_setup_complete_evt(hdev, skb);
2990 case HCI_EV_CMD_COMPLETE:
2991 hci_cmd_complete_evt(hdev, skb);
2994 case HCI_EV_CMD_STATUS:
2995 hci_cmd_status_evt(hdev, skb);
2998 case HCI_EV_ROLE_CHANGE:
2999 hci_role_change_evt(hdev, skb);
3002 case HCI_EV_NUM_COMP_PKTS:
3003 hci_num_comp_pkts_evt(hdev, skb);
3006 case HCI_EV_MODE_CHANGE:
3007 hci_mode_change_evt(hdev, skb);
3010 case HCI_EV_PIN_CODE_REQ:
3011 hci_pin_code_request_evt(hdev, skb);
3014 case HCI_EV_LINK_KEY_REQ:
3015 hci_link_key_request_evt(hdev, skb);
3018 case HCI_EV_LINK_KEY_NOTIFY:
3019 hci_link_key_notify_evt(hdev, skb);
3022 case HCI_EV_CLOCK_OFFSET:
3023 hci_clock_offset_evt(hdev, skb);
3026 case HCI_EV_PKT_TYPE_CHANGE:
3027 hci_pkt_type_change_evt(hdev, skb);
3030 case HCI_EV_PSCAN_REP_MODE:
3031 hci_pscan_rep_mode_evt(hdev, skb);
3034 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3035 hci_inquiry_result_with_rssi_evt(hdev, skb);
3038 case HCI_EV_REMOTE_EXT_FEATURES:
3039 hci_remote_ext_features_evt(hdev, skb);
3042 case HCI_EV_SYNC_CONN_COMPLETE:
3043 hci_sync_conn_complete_evt(hdev, skb);
3046 case HCI_EV_SYNC_CONN_CHANGED:
3047 hci_sync_conn_changed_evt(hdev, skb);
3050 case HCI_EV_SNIFF_SUBRATE:
3051 hci_sniff_subrate_evt(hdev, skb);
3054 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3055 hci_extended_inquiry_result_evt(hdev, skb);
3058 case HCI_EV_IO_CAPA_REQUEST:
3059 hci_io_capa_request_evt(hdev, skb);
3062 case HCI_EV_IO_CAPA_REPLY:
3063 hci_io_capa_reply_evt(hdev, skb);
3066 case HCI_EV_USER_CONFIRM_REQUEST:
3067 hci_user_confirm_request_evt(hdev, skb);
3070 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3071 hci_simple_pair_complete_evt(hdev, skb);
3074 case HCI_EV_REMOTE_HOST_FEATURES:
3075 hci_remote_host_features_evt(hdev, skb);
3078 case HCI_EV_LE_META:
3079 hci_le_meta_evt(hdev, skb);
3082 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3083 hci_remote_oob_data_request_evt(hdev, skb);
3087 BT_DBG("%s event 0x%x", hdev->name, event);
3092 hdev->stat.evt_rx++;
3095 /* Generate internal stack event */
3096 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3098 struct hci_event_hdr *hdr;
3099 struct hci_ev_stack_internal *ev;
3100 struct sk_buff *skb;
3102 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3106 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3107 hdr->evt = HCI_EV_STACK_INTERNAL;
3108 hdr->plen = sizeof(*ev) + dlen;
3110 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3112 memcpy(ev->data, data, dlen);
3114 bt_cb(skb)->incoming = 1;
3115 __net_timestamp(skb);
3117 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3118 skb->dev = (void *) hdev;
3119 hci_send_to_sock(hdev, skb, NULL);
3123 module_param(enable_le, bool, 0644);
3124 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob