2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
63 mgmt_discovering(hdev->id, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 hci_conn_check_pending(hdev);
82 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
84 BT_DBG("%s", hdev->name);
87 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 conn->link_mode &= ~HCI_LM_MASTER;
104 conn->link_mode |= HCI_LM_MASTER;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
184 __u8 status = *((__u8 *) skb->data);
186 BT_DBG("%s status 0x%x", hdev->name, status);
188 clear_bit(HCI_RESET, &hdev->flags);
190 hci_req_complete(hdev, HCI_OP_RESET, status);
193 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
195 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%x", hdev->name, status);
200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev->id, sent, status);
210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
227 __u8 status = *((__u8 *) skb->data);
230 BT_DBG("%s status 0x%x", hdev->name, status);
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 __u8 param = *((__u8 *) sent);
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
242 clear_bit(HCI_AUTH, &hdev->flags);
245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
250 __u8 status = *((__u8 *) skb->data);
253 BT_DBG("%s status 0x%x", hdev->name, status);
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 __u8 param = *((__u8 *) sent);
263 set_bit(HCI_ENCRYPT, &hdev->flags);
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
277 BT_DBG("%s status 0x%x", hdev->name, status);
279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
283 param = *((__u8 *) sent);
286 mgmt_write_scan_failed(hdev->id, param, status);
287 hdev->discov_timeout = 0;
291 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
292 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
294 if (param & SCAN_INQUIRY) {
295 set_bit(HCI_ISCAN, &hdev->flags);
297 mgmt_discoverable(hdev->id, 1);
298 if (hdev->discov_timeout > 0) {
299 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
300 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
303 } else if (old_iscan)
304 mgmt_discoverable(hdev->id, 0);
306 if (param & SCAN_PAGE) {
307 set_bit(HCI_PSCAN, &hdev->flags);
309 mgmt_connectable(hdev->id, 1);
310 } else if (old_pscan)
311 mgmt_connectable(hdev->id, 0);
314 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
317 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
319 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
321 BT_DBG("%s status 0x%x", hdev->name, rp->status);
326 memcpy(hdev->dev_class, rp->dev_class, 3);
328 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
329 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
332 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 __u8 status = *((__u8 *) skb->data);
337 BT_DBG("%s status 0x%x", hdev->name, status);
342 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
346 memcpy(hdev->dev_class, sent, 3);
349 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
351 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
354 BT_DBG("%s status 0x%x", hdev->name, rp->status);
359 setting = __le16_to_cpu(rp->voice_setting);
361 if (hdev->voice_setting == setting)
364 hdev->voice_setting = setting;
366 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
369 tasklet_disable(&hdev->tx_task);
370 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
371 tasklet_enable(&hdev->tx_task);
375 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377 __u8 status = *((__u8 *) skb->data);
381 BT_DBG("%s status 0x%x", hdev->name, status);
386 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
390 setting = get_unaligned_le16(sent);
392 if (hdev->voice_setting == setting)
395 hdev->voice_setting = setting;
397 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
400 tasklet_disable(&hdev->tx_task);
401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 tasklet_enable(&hdev->tx_task);
406 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
408 __u8 status = *((__u8 *) skb->data);
410 BT_DBG("%s status 0x%x", hdev->name, status);
412 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
415 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
417 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
419 BT_DBG("%s status 0x%x", hdev->name, rp->status);
424 hdev->ssp_mode = rp->mode;
427 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429 __u8 status = *((__u8 *) skb->data);
432 BT_DBG("%s status 0x%x", hdev->name, status);
437 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
441 hdev->ssp_mode = *((__u8 *) sent);
444 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
446 if (hdev->features[6] & LMP_EXT_INQ)
449 if (hdev->features[3] & LMP_RSSI_INQ)
452 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
453 hdev->lmp_subver == 0x0757)
456 if (hdev->manufacturer == 15) {
457 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
459 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
461 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
465 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
466 hdev->lmp_subver == 0x1805)
472 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
476 mode = hci_get_inquiry_mode(hdev);
478 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
481 static void hci_setup_event_mask(struct hci_dev *hdev)
483 /* The second byte is 0xff instead of 0x9f (two reserved bits
484 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
485 * command otherwise */
486 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
488 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
489 * any event mask for pre 1.2 devices */
490 if (hdev->lmp_ver <= 1)
493 events[4] |= 0x01; /* Flow Specification Complete */
494 events[4] |= 0x02; /* Inquiry Result with RSSI */
495 events[4] |= 0x04; /* Read Remote Extended Features Complete */
496 events[5] |= 0x08; /* Synchronous Connection Complete */
497 events[5] |= 0x10; /* Synchronous Connection Changed */
499 if (hdev->features[3] & LMP_RSSI_INQ)
500 events[4] |= 0x04; /* Inquiry Result with RSSI */
502 if (hdev->features[5] & LMP_SNIFF_SUBR)
503 events[5] |= 0x20; /* Sniff Subrating */
505 if (hdev->features[5] & LMP_PAUSE_ENC)
506 events[5] |= 0x80; /* Encryption Key Refresh Complete */
508 if (hdev->features[6] & LMP_EXT_INQ)
509 events[5] |= 0x40; /* Extended Inquiry Result */
511 if (hdev->features[6] & LMP_NO_FLUSH)
512 events[7] |= 0x01; /* Enhanced Flush Complete */
514 if (hdev->features[7] & LMP_LSTO)
515 events[6] |= 0x80; /* Link Supervision Timeout Changed */
517 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
518 events[6] |= 0x01; /* IO Capability Request */
519 events[6] |= 0x02; /* IO Capability Response */
520 events[6] |= 0x04; /* User Confirmation Request */
521 events[6] |= 0x08; /* User Passkey Request */
522 events[6] |= 0x10; /* Remote OOB Data Request */
523 events[6] |= 0x20; /* Simple Pairing Complete */
524 events[7] |= 0x04; /* User Passkey Notification */
525 events[7] |= 0x08; /* Keypress Notification */
526 events[7] |= 0x10; /* Remote Host Supported
527 * Features Notification */
530 if (hdev->features[4] & LMP_LE)
531 events[7] |= 0x20; /* LE Meta-Event */
533 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
536 static void hci_set_le_support(struct hci_dev *hdev)
538 struct hci_cp_write_le_host_supported cp;
540 memset(&cp, 0, sizeof(cp));
544 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
547 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
550 static void hci_setup(struct hci_dev *hdev)
552 hci_setup_event_mask(hdev);
554 if (hdev->lmp_ver > 1)
555 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
557 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
559 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
562 if (hdev->features[3] & LMP_RSSI_INQ)
563 hci_setup_inquiry_mode(hdev);
565 if (hdev->features[7] & LMP_INQ_TX_PWR)
566 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
568 if (hdev->features[7] & LMP_EXTFEATURES) {
569 struct hci_cp_read_local_ext_features cp;
572 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
576 if (hdev->features[4] & LMP_LE)
577 hci_set_le_support(hdev);
580 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
582 struct hci_rp_read_local_version *rp = (void *) skb->data;
584 BT_DBG("%s status 0x%x", hdev->name, rp->status);
589 hdev->hci_ver = rp->hci_ver;
590 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
591 hdev->lmp_ver = rp->lmp_ver;
592 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
593 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
595 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
597 hdev->hci_ver, hdev->hci_rev);
599 if (test_bit(HCI_INIT, &hdev->flags))
603 static void hci_setup_link_policy(struct hci_dev *hdev)
607 if (hdev->features[0] & LMP_RSWITCH)
608 link_policy |= HCI_LP_RSWITCH;
609 if (hdev->features[0] & LMP_HOLD)
610 link_policy |= HCI_LP_HOLD;
611 if (hdev->features[0] & LMP_SNIFF)
612 link_policy |= HCI_LP_SNIFF;
613 if (hdev->features[1] & LMP_PARK)
614 link_policy |= HCI_LP_PARK;
616 link_policy = cpu_to_le16(link_policy);
617 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
618 sizeof(link_policy), &link_policy);
621 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
623 struct hci_rp_read_local_commands *rp = (void *) skb->data;
625 BT_DBG("%s status 0x%x", hdev->name, rp->status);
630 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
632 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
633 hci_setup_link_policy(hdev);
636 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
639 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
641 struct hci_rp_read_local_features *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
648 memcpy(hdev->features, rp->features, 8);
650 /* Adjust default settings according to features
651 * supported by device. */
653 if (hdev->features[0] & LMP_3SLOT)
654 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
656 if (hdev->features[0] & LMP_5SLOT)
657 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
659 if (hdev->features[1] & LMP_HV2) {
660 hdev->pkt_type |= (HCI_HV2);
661 hdev->esco_type |= (ESCO_HV2);
664 if (hdev->features[1] & LMP_HV3) {
665 hdev->pkt_type |= (HCI_HV3);
666 hdev->esco_type |= (ESCO_HV3);
669 if (hdev->features[3] & LMP_ESCO)
670 hdev->esco_type |= (ESCO_EV3);
672 if (hdev->features[4] & LMP_EV4)
673 hdev->esco_type |= (ESCO_EV4);
675 if (hdev->features[4] & LMP_EV5)
676 hdev->esco_type |= (ESCO_EV5);
678 if (hdev->features[5] & LMP_EDR_ESCO_2M)
679 hdev->esco_type |= (ESCO_2EV3);
681 if (hdev->features[5] & LMP_EDR_ESCO_3M)
682 hdev->esco_type |= (ESCO_3EV3);
684 if (hdev->features[5] & LMP_EDR_3S_ESCO)
685 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
687 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
688 hdev->features[0], hdev->features[1],
689 hdev->features[2], hdev->features[3],
690 hdev->features[4], hdev->features[5],
691 hdev->features[6], hdev->features[7]);
694 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
697 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
699 BT_DBG("%s status 0x%x", hdev->name, rp->status);
704 memcpy(hdev->extfeatures, rp->features, 8);
706 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
709 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
711 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
713 BT_DBG("%s status 0x%x", hdev->name, rp->status);
718 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
719 hdev->sco_mtu = rp->sco_mtu;
720 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
721 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
723 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
728 hdev->acl_cnt = hdev->acl_pkts;
729 hdev->sco_cnt = hdev->sco_pkts;
731 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
732 hdev->acl_mtu, hdev->acl_pkts,
733 hdev->sco_mtu, hdev->sco_pkts);
736 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
738 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
740 BT_DBG("%s status 0x%x", hdev->name, rp->status);
743 bacpy(&hdev->bdaddr, &rp->bdaddr);
745 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
748 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
750 __u8 status = *((__u8 *) skb->data);
752 BT_DBG("%s status 0x%x", hdev->name, status);
754 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
757 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
760 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
767 hdev->amp_status = rp->amp_status;
768 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
769 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
770 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
771 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
772 hdev->amp_type = rp->amp_type;
773 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
774 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
775 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
776 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
778 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
781 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
784 __u8 status = *((__u8 *) skb->data);
786 BT_DBG("%s status 0x%x", hdev->name, status);
788 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
791 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
793 __u8 status = *((__u8 *) skb->data);
795 BT_DBG("%s status 0x%x", hdev->name, status);
797 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
800 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
803 __u8 status = *((__u8 *) skb->data);
805 BT_DBG("%s status 0x%x", hdev->name, status);
807 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
810 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
813 __u8 status = *((__u8 *) skb->data);
815 BT_DBG("%s status 0x%x", hdev->name, status);
817 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
820 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
822 __u8 status = *((__u8 *) skb->data);
824 BT_DBG("%s status 0x%x", hdev->name, status);
826 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
829 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
831 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
832 struct hci_cp_pin_code_reply *cp;
833 struct hci_conn *conn;
835 BT_DBG("%s status 0x%x", hdev->name, rp->status);
837 if (test_bit(HCI_MGMT, &hdev->flags))
838 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
843 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
849 conn->pin_length = cp->pin_len;
852 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
854 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
856 BT_DBG("%s status 0x%x", hdev->name, rp->status);
858 if (test_bit(HCI_MGMT, &hdev->flags))
859 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
862 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
865 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%x", hdev->name, rp->status);
872 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
873 hdev->le_pkts = rp->le_max_pkt;
875 hdev->le_cnt = hdev->le_pkts;
877 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
879 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
882 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
886 BT_DBG("%s status 0x%x", hdev->name, rp->status);
888 if (test_bit(HCI_MGMT, &hdev->flags))
889 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
893 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
896 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%x", hdev->name, rp->status);
900 if (test_bit(HCI_MGMT, &hdev->flags))
901 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
905 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
908 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
910 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
913 rp->randomizer, rp->status);
916 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
919 struct hci_cp_le_set_scan_enable *cp;
920 __u8 status = *((__u8 *) skb->data);
922 BT_DBG("%s status 0x%x", hdev->name, status);
927 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
931 if (cp->enable == 0x01) {
932 del_timer(&hdev->adv_timer);
935 hci_adv_entries_clear(hdev);
936 hci_dev_unlock(hdev);
937 } else if (cp->enable == 0x00) {
938 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
942 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
944 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
954 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
956 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
963 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
966 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
969 struct hci_cp_read_local_ext_features cp;
970 __u8 status = *((__u8 *) skb->data);
972 BT_DBG("%s status 0x%x", hdev->name, status);
978 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
981 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
983 BT_DBG("%s status 0x%x", hdev->name, status);
986 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
987 hci_conn_check_pending(hdev);
988 if (test_bit(HCI_MGMT, &hdev->flags))
989 mgmt_inquiry_failed(hdev->id, status);
993 set_bit(HCI_INQUIRY, &hdev->flags);
995 mgmt_discovering(hdev->id, 1);
998 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1000 struct hci_cp_create_conn *cp;
1001 struct hci_conn *conn;
1003 BT_DBG("%s status 0x%x", hdev->name, status);
1005 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1011 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1013 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1016 if (conn && conn->state == BT_CONNECT) {
1017 if (status != 0x0c || conn->attempt > 2) {
1018 conn->state = BT_CLOSED;
1019 hci_proto_connect_cfm(conn, status);
1022 conn->state = BT_CONNECT2;
1026 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1029 conn->link_mode |= HCI_LM_MASTER;
1031 BT_ERR("No memory for new connection");
1035 hci_dev_unlock(hdev);
1038 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1040 struct hci_cp_add_sco *cp;
1041 struct hci_conn *acl, *sco;
1044 BT_DBG("%s status 0x%x", hdev->name, status);
1049 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1053 handle = __le16_to_cpu(cp->handle);
1055 BT_DBG("%s handle %d", hdev->name, handle);
1059 acl = hci_conn_hash_lookup_handle(hdev, handle);
1063 sco->state = BT_CLOSED;
1065 hci_proto_connect_cfm(sco, status);
1070 hci_dev_unlock(hdev);
1073 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1075 struct hci_cp_auth_requested *cp;
1076 struct hci_conn *conn;
1078 BT_DBG("%s status 0x%x", hdev->name, status);
1083 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1089 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1091 if (conn->state == BT_CONFIG) {
1092 hci_proto_connect_cfm(conn, status);
1097 hci_dev_unlock(hdev);
1100 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1102 struct hci_cp_set_conn_encrypt *cp;
1103 struct hci_conn *conn;
1105 BT_DBG("%s status 0x%x", hdev->name, status);
1110 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1118 if (conn->state == BT_CONFIG) {
1119 hci_proto_connect_cfm(conn, status);
1124 hci_dev_unlock(hdev);
1127 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1128 struct hci_conn *conn)
1130 if (conn->state != BT_CONFIG || !conn->out)
1133 if (conn->pending_sec_level == BT_SECURITY_SDP)
1136 /* Only request authentication for SSP connections or non-SSP
1137 * devices with sec_level HIGH or if MITM protection is requested */
1138 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1139 conn->pending_sec_level != BT_SECURITY_HIGH &&
1140 !(conn->auth_type & 0x01))
1146 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1148 struct hci_cp_remote_name_req *cp;
1149 struct hci_conn *conn;
1151 BT_DBG("%s status 0x%x", hdev->name, status);
1153 /* If successful wait for the name req complete event before
1154 * checking for the need to do authentication */
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1168 if (!hci_outgoing_auth_needed(hdev, conn))
1171 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1172 struct hci_cp_auth_requested cp;
1173 cp.handle = __cpu_to_le16(conn->handle);
1174 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1178 hci_dev_unlock(hdev);
1181 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1183 struct hci_cp_read_remote_features *cp;
1184 struct hci_conn *conn;
1186 BT_DBG("%s status 0x%x", hdev->name, status);
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1199 if (conn->state == BT_CONFIG) {
1200 hci_proto_connect_cfm(conn, status);
1205 hci_dev_unlock(hdev);
1208 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1210 struct hci_cp_read_remote_ext_features *cp;
1211 struct hci_conn *conn;
1213 BT_DBG("%s status 0x%x", hdev->name, status);
1218 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1224 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1226 if (conn->state == BT_CONFIG) {
1227 hci_proto_connect_cfm(conn, status);
1232 hci_dev_unlock(hdev);
1235 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1237 struct hci_cp_setup_sync_conn *cp;
1238 struct hci_conn *acl, *sco;
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1246 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1250 handle = __le16_to_cpu(cp->handle);
1252 BT_DBG("%s handle %d", hdev->name, handle);
1256 acl = hci_conn_hash_lookup_handle(hdev, handle);
1260 sco->state = BT_CLOSED;
1262 hci_proto_connect_cfm(sco, status);
1267 hci_dev_unlock(hdev);
1270 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1272 struct hci_cp_sniff_mode *cp;
1273 struct hci_conn *conn;
1275 BT_DBG("%s status 0x%x", hdev->name, status);
1280 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1286 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1290 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1291 hci_sco_setup(conn, status);
1294 hci_dev_unlock(hdev);
1297 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1299 struct hci_cp_exit_sniff_mode *cp;
1300 struct hci_conn *conn;
1302 BT_DBG("%s status 0x%x", hdev->name, status);
1307 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1313 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1315 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1317 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1318 hci_sco_setup(conn, status);
1321 hci_dev_unlock(hdev);
1324 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1326 struct hci_cp_le_create_conn *cp;
1327 struct hci_conn *conn;
1329 BT_DBG("%s status 0x%x", hdev->name, status);
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1337 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1339 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1343 if (conn && conn->state == BT_CONNECT) {
1344 conn->state = BT_CLOSED;
1345 hci_proto_connect_cfm(conn, status);
1350 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1352 conn->dst_type = cp->peer_addr_type;
1355 BT_ERR("No memory for new connection");
1360 hci_dev_unlock(hdev);
1363 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1365 BT_DBG("%s status 0x%x", hdev->name, status);
1368 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1370 __u8 status = *((__u8 *) skb->data);
1372 BT_DBG("%s status %d", hdev->name, status);
1374 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1376 hci_conn_check_pending(hdev);
1378 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1381 mgmt_discovering(hdev->id, 0);
1384 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1386 struct inquiry_data data;
1387 struct inquiry_info *info = (void *) (skb->data + 1);
1388 int num_rsp = *((__u8 *) skb->data);
1390 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1397 for (; num_rsp; num_rsp--, info++) {
1398 bacpy(&data.bdaddr, &info->bdaddr);
1399 data.pscan_rep_mode = info->pscan_rep_mode;
1400 data.pscan_period_mode = info->pscan_period_mode;
1401 data.pscan_mode = info->pscan_mode;
1402 memcpy(data.dev_class, info->dev_class, 3);
1403 data.clock_offset = info->clock_offset;
1405 data.ssp_mode = 0x00;
1406 hci_inquiry_cache_update(hdev, &data);
1407 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1411 hci_dev_unlock(hdev);
1414 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1416 struct hci_ev_conn_complete *ev = (void *) skb->data;
1417 struct hci_conn *conn;
1419 BT_DBG("%s", hdev->name);
1423 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1425 if (ev->link_type != SCO_LINK)
1428 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1432 conn->type = SCO_LINK;
1436 conn->handle = __le16_to_cpu(ev->handle);
1438 if (conn->type == ACL_LINK) {
1439 conn->state = BT_CONFIG;
1440 hci_conn_hold(conn);
1441 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1442 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
1444 conn->state = BT_CONNECTED;
1446 hci_conn_hold_device(conn);
1447 hci_conn_add_sysfs(conn);
1449 if (test_bit(HCI_AUTH, &hdev->flags))
1450 conn->link_mode |= HCI_LM_AUTH;
1452 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1453 conn->link_mode |= HCI_LM_ENCRYPT;
1455 /* Get remote features */
1456 if (conn->type == ACL_LINK) {
1457 struct hci_cp_read_remote_features cp;
1458 cp.handle = ev->handle;
1459 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1463 /* Set packet type for incoming connection */
1464 if (!conn->out && hdev->hci_ver < 3) {
1465 struct hci_cp_change_conn_ptype cp;
1466 cp.handle = ev->handle;
1467 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1468 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1472 conn->state = BT_CLOSED;
1473 if (conn->type == ACL_LINK)
1474 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1477 if (conn->type == ACL_LINK)
1478 hci_sco_setup(conn, ev->status);
1481 hci_proto_connect_cfm(conn, ev->status);
1483 } else if (ev->link_type != ACL_LINK)
1484 hci_proto_connect_cfm(conn, ev->status);
1487 hci_dev_unlock(hdev);
1489 hci_conn_check_pending(hdev);
1492 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1494 struct hci_ev_conn_request *ev = (void *) skb->data;
1495 int mask = hdev->link_mode;
1497 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1498 batostr(&ev->bdaddr), ev->link_type);
1500 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1502 if ((mask & HCI_LM_ACCEPT) &&
1503 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1504 /* Connection accepted */
1505 struct inquiry_entry *ie;
1506 struct hci_conn *conn;
1510 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1512 memcpy(ie->data.dev_class, ev->dev_class, 3);
1514 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1516 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1518 BT_ERR("No memory for new connection");
1519 hci_dev_unlock(hdev);
1524 memcpy(conn->dev_class, ev->dev_class, 3);
1525 conn->state = BT_CONNECT;
1527 hci_dev_unlock(hdev);
1529 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1530 struct hci_cp_accept_conn_req cp;
1532 bacpy(&cp.bdaddr, &ev->bdaddr);
1534 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1535 cp.role = 0x00; /* Become master */
1537 cp.role = 0x01; /* Remain slave */
1539 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1542 struct hci_cp_accept_sync_conn_req cp;
1544 bacpy(&cp.bdaddr, &ev->bdaddr);
1545 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1547 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1548 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1549 cp.max_latency = cpu_to_le16(0xffff);
1550 cp.content_format = cpu_to_le16(hdev->voice_setting);
1551 cp.retrans_effort = 0xff;
1553 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1557 /* Connection rejected */
1558 struct hci_cp_reject_conn_req cp;
1560 bacpy(&cp.bdaddr, &ev->bdaddr);
1561 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1562 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1566 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1568 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1569 struct hci_conn *conn;
1571 BT_DBG("%s status %d", hdev->name, ev->status);
1574 mgmt_disconnect_failed(hdev->id);
1580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1584 conn->state = BT_CLOSED;
1586 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1587 mgmt_disconnected(hdev->id, &conn->dst);
1589 hci_proto_disconn_cfm(conn, ev->reason);
1593 hci_dev_unlock(hdev);
1596 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598 struct hci_ev_auth_complete *ev = (void *) skb->data;
1599 struct hci_conn *conn;
1601 BT_DBG("%s status %d", hdev->name, ev->status);
1605 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1610 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1611 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1612 BT_INFO("re-auth of legacy device is not possible.");
1614 conn->link_mode |= HCI_LM_AUTH;
1615 conn->sec_level = conn->pending_sec_level;
1618 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1621 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1622 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1624 if (conn->state == BT_CONFIG) {
1625 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1626 struct hci_cp_set_conn_encrypt cp;
1627 cp.handle = ev->handle;
1629 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1632 conn->state = BT_CONNECTED;
1633 hci_proto_connect_cfm(conn, ev->status);
1637 hci_auth_cfm(conn, ev->status);
1639 hci_conn_hold(conn);
1640 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1644 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1646 struct hci_cp_set_conn_encrypt cp;
1647 cp.handle = ev->handle;
1649 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1652 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1653 hci_encrypt_cfm(conn, ev->status, 0x00);
1658 hci_dev_unlock(hdev);
1661 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1663 struct hci_ev_remote_name *ev = (void *) skb->data;
1664 struct hci_conn *conn;
1666 BT_DBG("%s", hdev->name);
1668 hci_conn_check_pending(hdev);
1672 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1673 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1675 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1679 if (!hci_outgoing_auth_needed(hdev, conn))
1682 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1683 struct hci_cp_auth_requested cp;
1684 cp.handle = __cpu_to_le16(conn->handle);
1685 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1689 hci_dev_unlock(hdev);
1692 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1694 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1695 struct hci_conn *conn;
1697 BT_DBG("%s status %d", hdev->name, ev->status);
1701 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1705 /* Encryption implies authentication */
1706 conn->link_mode |= HCI_LM_AUTH;
1707 conn->link_mode |= HCI_LM_ENCRYPT;
1708 conn->sec_level = conn->pending_sec_level;
1710 conn->link_mode &= ~HCI_LM_ENCRYPT;
1713 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1715 if (conn->state == BT_CONFIG) {
1717 conn->state = BT_CONNECTED;
1719 hci_proto_connect_cfm(conn, ev->status);
1722 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1725 hci_dev_unlock(hdev);
1728 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1730 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1731 struct hci_conn *conn;
1733 BT_DBG("%s status %d", hdev->name, ev->status);
1737 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1740 conn->link_mode |= HCI_LM_SECURE;
1742 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744 hci_key_change_cfm(conn, ev->status);
1747 hci_dev_unlock(hdev);
1750 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1752 struct hci_ev_remote_features *ev = (void *) skb->data;
1753 struct hci_conn *conn;
1755 BT_DBG("%s status %d", hdev->name, ev->status);
1759 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1764 memcpy(conn->features, ev->features, 8);
1766 if (conn->state != BT_CONFIG)
1769 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1770 struct hci_cp_read_remote_ext_features cp;
1771 cp.handle = ev->handle;
1773 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1779 struct hci_cp_remote_name_req cp;
1780 memset(&cp, 0, sizeof(cp));
1781 bacpy(&cp.bdaddr, &conn->dst);
1782 cp.pscan_rep_mode = 0x02;
1783 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1786 if (!hci_outgoing_auth_needed(hdev, conn)) {
1787 conn->state = BT_CONNECTED;
1788 hci_proto_connect_cfm(conn, ev->status);
1793 hci_dev_unlock(hdev);
1796 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1798 BT_DBG("%s", hdev->name);
1801 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1803 BT_DBG("%s", hdev->name);
1806 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1808 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1811 skb_pull(skb, sizeof(*ev));
1813 opcode = __le16_to_cpu(ev->opcode);
1816 case HCI_OP_INQUIRY_CANCEL:
1817 hci_cc_inquiry_cancel(hdev, skb);
1820 case HCI_OP_EXIT_PERIODIC_INQ:
1821 hci_cc_exit_periodic_inq(hdev, skb);
1824 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1825 hci_cc_remote_name_req_cancel(hdev, skb);
1828 case HCI_OP_ROLE_DISCOVERY:
1829 hci_cc_role_discovery(hdev, skb);
1832 case HCI_OP_READ_LINK_POLICY:
1833 hci_cc_read_link_policy(hdev, skb);
1836 case HCI_OP_WRITE_LINK_POLICY:
1837 hci_cc_write_link_policy(hdev, skb);
1840 case HCI_OP_READ_DEF_LINK_POLICY:
1841 hci_cc_read_def_link_policy(hdev, skb);
1844 case HCI_OP_WRITE_DEF_LINK_POLICY:
1845 hci_cc_write_def_link_policy(hdev, skb);
1849 hci_cc_reset(hdev, skb);
1852 case HCI_OP_WRITE_LOCAL_NAME:
1853 hci_cc_write_local_name(hdev, skb);
1856 case HCI_OP_READ_LOCAL_NAME:
1857 hci_cc_read_local_name(hdev, skb);
1860 case HCI_OP_WRITE_AUTH_ENABLE:
1861 hci_cc_write_auth_enable(hdev, skb);
1864 case HCI_OP_WRITE_ENCRYPT_MODE:
1865 hci_cc_write_encrypt_mode(hdev, skb);
1868 case HCI_OP_WRITE_SCAN_ENABLE:
1869 hci_cc_write_scan_enable(hdev, skb);
1872 case HCI_OP_READ_CLASS_OF_DEV:
1873 hci_cc_read_class_of_dev(hdev, skb);
1876 case HCI_OP_WRITE_CLASS_OF_DEV:
1877 hci_cc_write_class_of_dev(hdev, skb);
1880 case HCI_OP_READ_VOICE_SETTING:
1881 hci_cc_read_voice_setting(hdev, skb);
1884 case HCI_OP_WRITE_VOICE_SETTING:
1885 hci_cc_write_voice_setting(hdev, skb);
1888 case HCI_OP_HOST_BUFFER_SIZE:
1889 hci_cc_host_buffer_size(hdev, skb);
1892 case HCI_OP_READ_SSP_MODE:
1893 hci_cc_read_ssp_mode(hdev, skb);
1896 case HCI_OP_WRITE_SSP_MODE:
1897 hci_cc_write_ssp_mode(hdev, skb);
1900 case HCI_OP_READ_LOCAL_VERSION:
1901 hci_cc_read_local_version(hdev, skb);
1904 case HCI_OP_READ_LOCAL_COMMANDS:
1905 hci_cc_read_local_commands(hdev, skb);
1908 case HCI_OP_READ_LOCAL_FEATURES:
1909 hci_cc_read_local_features(hdev, skb);
1912 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1913 hci_cc_read_local_ext_features(hdev, skb);
1916 case HCI_OP_READ_BUFFER_SIZE:
1917 hci_cc_read_buffer_size(hdev, skb);
1920 case HCI_OP_READ_BD_ADDR:
1921 hci_cc_read_bd_addr(hdev, skb);
1924 case HCI_OP_WRITE_CA_TIMEOUT:
1925 hci_cc_write_ca_timeout(hdev, skb);
1928 case HCI_OP_READ_LOCAL_AMP_INFO:
1929 hci_cc_read_local_amp_info(hdev, skb);
1932 case HCI_OP_DELETE_STORED_LINK_KEY:
1933 hci_cc_delete_stored_link_key(hdev, skb);
1936 case HCI_OP_SET_EVENT_MASK:
1937 hci_cc_set_event_mask(hdev, skb);
1940 case HCI_OP_WRITE_INQUIRY_MODE:
1941 hci_cc_write_inquiry_mode(hdev, skb);
1944 case HCI_OP_READ_INQ_RSP_TX_POWER:
1945 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1948 case HCI_OP_SET_EVENT_FLT:
1949 hci_cc_set_event_flt(hdev, skb);
1952 case HCI_OP_PIN_CODE_REPLY:
1953 hci_cc_pin_code_reply(hdev, skb);
1956 case HCI_OP_PIN_CODE_NEG_REPLY:
1957 hci_cc_pin_code_neg_reply(hdev, skb);
1960 case HCI_OP_READ_LOCAL_OOB_DATA:
1961 hci_cc_read_local_oob_data_reply(hdev, skb);
1964 case HCI_OP_LE_READ_BUFFER_SIZE:
1965 hci_cc_le_read_buffer_size(hdev, skb);
1968 case HCI_OP_USER_CONFIRM_REPLY:
1969 hci_cc_user_confirm_reply(hdev, skb);
1972 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1973 hci_cc_user_confirm_neg_reply(hdev, skb);
1976 case HCI_OP_LE_SET_SCAN_ENABLE:
1977 hci_cc_le_set_scan_enable(hdev, skb);
1980 case HCI_OP_LE_LTK_REPLY:
1981 hci_cc_le_ltk_reply(hdev, skb);
1984 case HCI_OP_LE_LTK_NEG_REPLY:
1985 hci_cc_le_ltk_neg_reply(hdev, skb);
1988 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1989 hci_cc_write_le_host_supported(hdev, skb);
1993 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1997 if (ev->opcode != HCI_OP_NOP)
1998 del_timer(&hdev->cmd_timer);
2001 atomic_set(&hdev->cmd_cnt, 1);
2002 if (!skb_queue_empty(&hdev->cmd_q))
2003 tasklet_schedule(&hdev->cmd_task);
2007 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2009 struct hci_ev_cmd_status *ev = (void *) skb->data;
2012 skb_pull(skb, sizeof(*ev));
2014 opcode = __le16_to_cpu(ev->opcode);
2017 case HCI_OP_INQUIRY:
2018 hci_cs_inquiry(hdev, ev->status);
2021 case HCI_OP_CREATE_CONN:
2022 hci_cs_create_conn(hdev, ev->status);
2025 case HCI_OP_ADD_SCO:
2026 hci_cs_add_sco(hdev, ev->status);
2029 case HCI_OP_AUTH_REQUESTED:
2030 hci_cs_auth_requested(hdev, ev->status);
2033 case HCI_OP_SET_CONN_ENCRYPT:
2034 hci_cs_set_conn_encrypt(hdev, ev->status);
2037 case HCI_OP_REMOTE_NAME_REQ:
2038 hci_cs_remote_name_req(hdev, ev->status);
2041 case HCI_OP_READ_REMOTE_FEATURES:
2042 hci_cs_read_remote_features(hdev, ev->status);
2045 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2046 hci_cs_read_remote_ext_features(hdev, ev->status);
2049 case HCI_OP_SETUP_SYNC_CONN:
2050 hci_cs_setup_sync_conn(hdev, ev->status);
2053 case HCI_OP_SNIFF_MODE:
2054 hci_cs_sniff_mode(hdev, ev->status);
2057 case HCI_OP_EXIT_SNIFF_MODE:
2058 hci_cs_exit_sniff_mode(hdev, ev->status);
2061 case HCI_OP_DISCONNECT:
2062 if (ev->status != 0)
2063 mgmt_disconnect_failed(hdev->id);
2066 case HCI_OP_LE_CREATE_CONN:
2067 hci_cs_le_create_conn(hdev, ev->status);
2070 case HCI_OP_LE_START_ENC:
2071 hci_cs_le_start_enc(hdev, ev->status);
2075 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2079 if (ev->opcode != HCI_OP_NOP)
2080 del_timer(&hdev->cmd_timer);
2082 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2083 atomic_set(&hdev->cmd_cnt, 1);
2084 if (!skb_queue_empty(&hdev->cmd_q))
2085 tasklet_schedule(&hdev->cmd_task);
2089 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2091 struct hci_ev_role_change *ev = (void *) skb->data;
2092 struct hci_conn *conn;
2094 BT_DBG("%s status %d", hdev->name, ev->status);
2098 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2102 conn->link_mode &= ~HCI_LM_MASTER;
2104 conn->link_mode |= HCI_LM_MASTER;
2107 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2109 hci_role_switch_cfm(conn, ev->status, ev->role);
2112 hci_dev_unlock(hdev);
2115 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2121 skb_pull(skb, sizeof(*ev));
2123 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2125 if (skb->len < ev->num_hndl * 4) {
2126 BT_DBG("%s bad parameters", hdev->name);
2130 tasklet_disable(&hdev->tx_task);
2132 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2133 struct hci_conn *conn;
2134 __u16 handle, count;
2136 handle = get_unaligned_le16(ptr++);
2137 count = get_unaligned_le16(ptr++);
2139 conn = hci_conn_hash_lookup_handle(hdev, handle);
2141 conn->sent -= count;
2143 if (conn->type == ACL_LINK) {
2144 hdev->acl_cnt += count;
2145 if (hdev->acl_cnt > hdev->acl_pkts)
2146 hdev->acl_cnt = hdev->acl_pkts;
2147 } else if (conn->type == LE_LINK) {
2148 if (hdev->le_pkts) {
2149 hdev->le_cnt += count;
2150 if (hdev->le_cnt > hdev->le_pkts)
2151 hdev->le_cnt = hdev->le_pkts;
2153 hdev->acl_cnt += count;
2154 if (hdev->acl_cnt > hdev->acl_pkts)
2155 hdev->acl_cnt = hdev->acl_pkts;
2158 hdev->sco_cnt += count;
2159 if (hdev->sco_cnt > hdev->sco_pkts)
2160 hdev->sco_cnt = hdev->sco_pkts;
2165 tasklet_schedule(&hdev->tx_task);
2167 tasklet_enable(&hdev->tx_task);
2170 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2172 struct hci_ev_mode_change *ev = (void *) skb->data;
2173 struct hci_conn *conn;
2175 BT_DBG("%s status %d", hdev->name, ev->status);
2179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2181 conn->mode = ev->mode;
2182 conn->interval = __le16_to_cpu(ev->interval);
2184 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2185 if (conn->mode == HCI_CM_ACTIVE)
2186 conn->power_save = 1;
2188 conn->power_save = 0;
2191 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2192 hci_sco_setup(conn, ev->status);
2195 hci_dev_unlock(hdev);
2198 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2200 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2201 struct hci_conn *conn;
2203 BT_DBG("%s", hdev->name);
2207 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2211 if (conn->state == BT_CONNECTED) {
2212 hci_conn_hold(conn);
2213 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2217 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2218 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2219 sizeof(ev->bdaddr), &ev->bdaddr);
2220 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2223 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2228 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2232 hci_dev_unlock(hdev);
2235 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2237 struct hci_ev_link_key_req *ev = (void *) skb->data;
2238 struct hci_cp_link_key_reply cp;
2239 struct hci_conn *conn;
2240 struct link_key *key;
2242 BT_DBG("%s", hdev->name);
2244 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2249 key = hci_find_link_key(hdev, &ev->bdaddr);
2251 BT_DBG("%s link key not found for %s", hdev->name,
2252 batostr(&ev->bdaddr));
2256 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2257 batostr(&ev->bdaddr));
2259 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2260 key->type == HCI_LK_DEBUG_COMBINATION) {
2261 BT_DBG("%s ignoring debug key", hdev->name);
2265 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2267 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2268 conn->auth_type != 0xff &&
2269 (conn->auth_type & 0x01)) {
2270 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2274 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2275 conn->pending_sec_level == BT_SECURITY_HIGH) {
2276 BT_DBG("%s ignoring key unauthenticated for high \
2277 security", hdev->name);
2281 conn->key_type = key->type;
2282 conn->pin_length = key->pin_len;
2285 bacpy(&cp.bdaddr, &ev->bdaddr);
2286 memcpy(cp.link_key, key->val, 16);
2288 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2290 hci_dev_unlock(hdev);
2295 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2296 hci_dev_unlock(hdev);
2299 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2301 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2302 struct hci_conn *conn;
2305 BT_DBG("%s", hdev->name);
2309 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2311 hci_conn_hold(conn);
2312 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2313 pin_len = conn->pin_length;
2315 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2316 conn->key_type = ev->key_type;
2321 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2322 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2323 ev->key_type, pin_len);
2325 hci_dev_unlock(hdev);
2328 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2330 struct hci_ev_clock_offset *ev = (void *) skb->data;
2331 struct hci_conn *conn;
2333 BT_DBG("%s status %d", hdev->name, ev->status);
2337 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2338 if (conn && !ev->status) {
2339 struct inquiry_entry *ie;
2341 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2343 ie->data.clock_offset = ev->clock_offset;
2344 ie->timestamp = jiffies;
2348 hci_dev_unlock(hdev);
2351 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2353 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2354 struct hci_conn *conn;
2356 BT_DBG("%s status %d", hdev->name, ev->status);
2360 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2361 if (conn && !ev->status)
2362 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2364 hci_dev_unlock(hdev);
2367 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2369 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2370 struct inquiry_entry *ie;
2372 BT_DBG("%s", hdev->name);
2376 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2378 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2379 ie->timestamp = jiffies;
2382 hci_dev_unlock(hdev);
2385 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2387 struct inquiry_data data;
2388 int num_rsp = *((__u8 *) skb->data);
2390 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2397 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2398 struct inquiry_info_with_rssi_and_pscan_mode *info;
2399 info = (void *) (skb->data + 1);
2401 for (; num_rsp; num_rsp--, info++) {
2402 bacpy(&data.bdaddr, &info->bdaddr);
2403 data.pscan_rep_mode = info->pscan_rep_mode;
2404 data.pscan_period_mode = info->pscan_period_mode;
2405 data.pscan_mode = info->pscan_mode;
2406 memcpy(data.dev_class, info->dev_class, 3);
2407 data.clock_offset = info->clock_offset;
2408 data.rssi = info->rssi;
2409 data.ssp_mode = 0x00;
2410 hci_inquiry_cache_update(hdev, &data);
2411 mgmt_device_found(hdev->id, &info->bdaddr,
2412 info->dev_class, info->rssi,
2416 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2418 for (; num_rsp; num_rsp--, info++) {
2419 bacpy(&data.bdaddr, &info->bdaddr);
2420 data.pscan_rep_mode = info->pscan_rep_mode;
2421 data.pscan_period_mode = info->pscan_period_mode;
2422 data.pscan_mode = 0x00;
2423 memcpy(data.dev_class, info->dev_class, 3);
2424 data.clock_offset = info->clock_offset;
2425 data.rssi = info->rssi;
2426 data.ssp_mode = 0x00;
2427 hci_inquiry_cache_update(hdev, &data);
2428 mgmt_device_found(hdev->id, &info->bdaddr,
2429 info->dev_class, info->rssi,
2434 hci_dev_unlock(hdev);
2437 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2439 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2440 struct hci_conn *conn;
2442 BT_DBG("%s", hdev->name);
2446 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2450 if (!ev->status && ev->page == 0x01) {
2451 struct inquiry_entry *ie;
2453 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2455 ie->data.ssp_mode = (ev->features[0] & 0x01);
2457 conn->ssp_mode = (ev->features[0] & 0x01);
2460 if (conn->state != BT_CONFIG)
2464 struct hci_cp_remote_name_req cp;
2465 memset(&cp, 0, sizeof(cp));
2466 bacpy(&cp.bdaddr, &conn->dst);
2467 cp.pscan_rep_mode = 0x02;
2468 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2471 if (!hci_outgoing_auth_needed(hdev, conn)) {
2472 conn->state = BT_CONNECTED;
2473 hci_proto_connect_cfm(conn, ev->status);
2478 hci_dev_unlock(hdev);
2481 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2483 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2484 struct hci_conn *conn;
2486 BT_DBG("%s status %d", hdev->name, ev->status);
2490 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2492 if (ev->link_type == ESCO_LINK)
2495 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2499 conn->type = SCO_LINK;
2502 switch (ev->status) {
2504 conn->handle = __le16_to_cpu(ev->handle);
2505 conn->state = BT_CONNECTED;
2507 hci_conn_hold_device(conn);
2508 hci_conn_add_sysfs(conn);
2511 case 0x11: /* Unsupported Feature or Parameter Value */
2512 case 0x1c: /* SCO interval rejected */
2513 case 0x1a: /* Unsupported Remote Feature */
2514 case 0x1f: /* Unspecified error */
2515 if (conn->out && conn->attempt < 2) {
2516 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2517 (hdev->esco_type & EDR_ESCO_MASK);
2518 hci_setup_sync(conn, conn->link->handle);
2524 conn->state = BT_CLOSED;
2528 hci_proto_connect_cfm(conn, ev->status);
2533 hci_dev_unlock(hdev);
2536 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2538 BT_DBG("%s", hdev->name);
2541 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2543 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2545 BT_DBG("%s status %d", hdev->name, ev->status);
2548 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2550 struct inquiry_data data;
2551 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2552 int num_rsp = *((__u8 *) skb->data);
2554 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2561 for (; num_rsp; num_rsp--, info++) {
2562 bacpy(&data.bdaddr, &info->bdaddr);
2563 data.pscan_rep_mode = info->pscan_rep_mode;
2564 data.pscan_period_mode = info->pscan_period_mode;
2565 data.pscan_mode = 0x00;
2566 memcpy(data.dev_class, info->dev_class, 3);
2567 data.clock_offset = info->clock_offset;
2568 data.rssi = info->rssi;
2569 data.ssp_mode = 0x01;
2570 hci_inquiry_cache_update(hdev, &data);
2571 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2572 info->rssi, info->data);
2575 hci_dev_unlock(hdev);
2578 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2580 /* If remote requests dedicated bonding follow that lead */
2581 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2582 /* If both remote and local IO capabilities allow MITM
2583 * protection then require it, otherwise don't */
2584 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2590 /* If remote requests no-bonding follow that lead */
2591 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2592 return conn->remote_auth | (conn->auth_type & 0x01);
2594 return conn->auth_type;
2597 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2600 struct hci_conn *conn;
2602 BT_DBG("%s", hdev->name);
2606 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2610 hci_conn_hold(conn);
2612 if (!test_bit(HCI_MGMT, &hdev->flags))
2615 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2616 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2617 struct hci_cp_io_capability_reply cp;
2619 bacpy(&cp.bdaddr, &ev->bdaddr);
2620 cp.capability = conn->io_capability;
2621 conn->auth_type = hci_get_auth_req(conn);
2622 cp.authentication = conn->auth_type;
2624 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2625 hci_find_remote_oob_data(hdev, &conn->dst))
2630 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2633 struct hci_cp_io_capability_neg_reply cp;
2635 bacpy(&cp.bdaddr, &ev->bdaddr);
2636 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2638 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2643 hci_dev_unlock(hdev);
2646 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2648 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2649 struct hci_conn *conn;
2651 BT_DBG("%s", hdev->name);
2655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2659 conn->remote_cap = ev->capability;
2660 conn->remote_oob = ev->oob_data;
2661 conn->remote_auth = ev->authentication;
2664 hci_dev_unlock(hdev);
2667 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2668 struct sk_buff *skb)
2670 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2671 int loc_mitm, rem_mitm, confirm_hint = 0;
2672 struct hci_conn *conn;
2674 BT_DBG("%s", hdev->name);
2678 if (!test_bit(HCI_MGMT, &hdev->flags))
2681 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2685 loc_mitm = (conn->auth_type & 0x01);
2686 rem_mitm = (conn->remote_auth & 0x01);
2688 /* If we require MITM but the remote device can't provide that
2689 * (it has NoInputNoOutput) then reject the confirmation
2690 * request. The only exception is when we're dedicated bonding
2691 * initiators (connect_cfm_cb set) since then we always have the MITM
2693 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2694 BT_DBG("Rejecting request: remote device can't provide MITM");
2695 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2696 sizeof(ev->bdaddr), &ev->bdaddr);
2700 /* If no side requires MITM protection; auto-accept */
2701 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2702 (!rem_mitm || conn->io_capability == 0x03)) {
2704 /* If we're not the initiators request authorization to
2705 * proceed from user space (mgmt_user_confirm with
2706 * confirm_hint set to 1). */
2707 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2708 BT_DBG("Confirming auto-accept as acceptor");
2713 BT_DBG("Auto-accept of user confirmation with %ums delay",
2714 hdev->auto_accept_delay);
2716 if (hdev->auto_accept_delay > 0) {
2717 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2718 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2722 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2723 sizeof(ev->bdaddr), &ev->bdaddr);
2728 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2732 hci_dev_unlock(hdev);
2735 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2738 struct hci_conn *conn;
2740 BT_DBG("%s", hdev->name);
2744 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2748 /* To avoid duplicate auth_failed events to user space we check
2749 * the HCI_CONN_AUTH_PEND flag which will be set if we
2750 * initiated the authentication. A traditional auth_complete
2751 * event gets always produced as initiator and is also mapped to
2752 * the mgmt_auth_failed event */
2753 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2754 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2759 hci_dev_unlock(hdev);
2762 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2764 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2765 struct inquiry_entry *ie;
2767 BT_DBG("%s", hdev->name);
2771 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2773 ie->data.ssp_mode = (ev->features[0] & 0x01);
2775 hci_dev_unlock(hdev);
2778 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2779 struct sk_buff *skb)
2781 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2782 struct oob_data *data;
2784 BT_DBG("%s", hdev->name);
2788 if (!test_bit(HCI_MGMT, &hdev->flags))
2791 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2793 struct hci_cp_remote_oob_data_reply cp;
2795 bacpy(&cp.bdaddr, &ev->bdaddr);
2796 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2797 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2799 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2802 struct hci_cp_remote_oob_data_neg_reply cp;
2804 bacpy(&cp.bdaddr, &ev->bdaddr);
2805 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2810 hci_dev_unlock(hdev);
2813 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2815 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2816 struct hci_conn *conn;
2818 BT_DBG("%s status %d", hdev->name, ev->status);
2822 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2824 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2826 BT_ERR("No memory for new connection");
2827 hci_dev_unlock(hdev);
2831 conn->dst_type = ev->bdaddr_type;
2835 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2836 hci_proto_connect_cfm(conn, ev->status);
2837 conn->state = BT_CLOSED;
2842 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
2844 conn->sec_level = BT_SECURITY_LOW;
2845 conn->handle = __le16_to_cpu(ev->handle);
2846 conn->state = BT_CONNECTED;
2848 hci_conn_hold_device(conn);
2849 hci_conn_add_sysfs(conn);
2851 hci_proto_connect_cfm(conn, ev->status);
2854 hci_dev_unlock(hdev);
2857 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2858 struct sk_buff *skb)
2860 u8 num_reports = skb->data[0];
2861 void *ptr = &skb->data[1];
2865 while (num_reports--) {
2866 struct hci_ev_le_advertising_info *ev = ptr;
2868 hci_add_adv_entry(hdev, ev);
2870 ptr += sizeof(*ev) + ev->length + 1;
2873 hci_dev_unlock(hdev);
2876 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2877 struct sk_buff *skb)
2879 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2880 struct hci_cp_le_ltk_reply cp;
2881 struct hci_cp_le_ltk_neg_reply neg;
2882 struct hci_conn *conn;
2883 struct link_key *ltk;
2885 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2889 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2893 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2897 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2898 cp.handle = cpu_to_le16(conn->handle);
2899 conn->pin_length = ltk->pin_len;
2901 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2903 hci_dev_unlock(hdev);
2908 neg.handle = ev->handle;
2909 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2910 hci_dev_unlock(hdev);
2913 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2915 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2917 skb_pull(skb, sizeof(*le_ev));
2919 switch (le_ev->subevent) {
2920 case HCI_EV_LE_CONN_COMPLETE:
2921 hci_le_conn_complete_evt(hdev, skb);
2924 case HCI_EV_LE_ADVERTISING_REPORT:
2925 hci_le_adv_report_evt(hdev, skb);
2928 case HCI_EV_LE_LTK_REQ:
2929 hci_le_ltk_request_evt(hdev, skb);
2937 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2939 struct hci_event_hdr *hdr = (void *) skb->data;
2940 __u8 event = hdr->evt;
2942 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2945 case HCI_EV_INQUIRY_COMPLETE:
2946 hci_inquiry_complete_evt(hdev, skb);
2949 case HCI_EV_INQUIRY_RESULT:
2950 hci_inquiry_result_evt(hdev, skb);
2953 case HCI_EV_CONN_COMPLETE:
2954 hci_conn_complete_evt(hdev, skb);
2957 case HCI_EV_CONN_REQUEST:
2958 hci_conn_request_evt(hdev, skb);
2961 case HCI_EV_DISCONN_COMPLETE:
2962 hci_disconn_complete_evt(hdev, skb);
2965 case HCI_EV_AUTH_COMPLETE:
2966 hci_auth_complete_evt(hdev, skb);
2969 case HCI_EV_REMOTE_NAME:
2970 hci_remote_name_evt(hdev, skb);
2973 case HCI_EV_ENCRYPT_CHANGE:
2974 hci_encrypt_change_evt(hdev, skb);
2977 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2978 hci_change_link_key_complete_evt(hdev, skb);
2981 case HCI_EV_REMOTE_FEATURES:
2982 hci_remote_features_evt(hdev, skb);
2985 case HCI_EV_REMOTE_VERSION:
2986 hci_remote_version_evt(hdev, skb);
2989 case HCI_EV_QOS_SETUP_COMPLETE:
2990 hci_qos_setup_complete_evt(hdev, skb);
2993 case HCI_EV_CMD_COMPLETE:
2994 hci_cmd_complete_evt(hdev, skb);
2997 case HCI_EV_CMD_STATUS:
2998 hci_cmd_status_evt(hdev, skb);
3001 case HCI_EV_ROLE_CHANGE:
3002 hci_role_change_evt(hdev, skb);
3005 case HCI_EV_NUM_COMP_PKTS:
3006 hci_num_comp_pkts_evt(hdev, skb);
3009 case HCI_EV_MODE_CHANGE:
3010 hci_mode_change_evt(hdev, skb);
3013 case HCI_EV_PIN_CODE_REQ:
3014 hci_pin_code_request_evt(hdev, skb);
3017 case HCI_EV_LINK_KEY_REQ:
3018 hci_link_key_request_evt(hdev, skb);
3021 case HCI_EV_LINK_KEY_NOTIFY:
3022 hci_link_key_notify_evt(hdev, skb);
3025 case HCI_EV_CLOCK_OFFSET:
3026 hci_clock_offset_evt(hdev, skb);
3029 case HCI_EV_PKT_TYPE_CHANGE:
3030 hci_pkt_type_change_evt(hdev, skb);
3033 case HCI_EV_PSCAN_REP_MODE:
3034 hci_pscan_rep_mode_evt(hdev, skb);
3037 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3038 hci_inquiry_result_with_rssi_evt(hdev, skb);
3041 case HCI_EV_REMOTE_EXT_FEATURES:
3042 hci_remote_ext_features_evt(hdev, skb);
3045 case HCI_EV_SYNC_CONN_COMPLETE:
3046 hci_sync_conn_complete_evt(hdev, skb);
3049 case HCI_EV_SYNC_CONN_CHANGED:
3050 hci_sync_conn_changed_evt(hdev, skb);
3053 case HCI_EV_SNIFF_SUBRATE:
3054 hci_sniff_subrate_evt(hdev, skb);
3057 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3058 hci_extended_inquiry_result_evt(hdev, skb);
3061 case HCI_EV_IO_CAPA_REQUEST:
3062 hci_io_capa_request_evt(hdev, skb);
3065 case HCI_EV_IO_CAPA_REPLY:
3066 hci_io_capa_reply_evt(hdev, skb);
3069 case HCI_EV_USER_CONFIRM_REQUEST:
3070 hci_user_confirm_request_evt(hdev, skb);
3073 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3074 hci_simple_pair_complete_evt(hdev, skb);
3077 case HCI_EV_REMOTE_HOST_FEATURES:
3078 hci_remote_host_features_evt(hdev, skb);
3081 case HCI_EV_LE_META:
3082 hci_le_meta_evt(hdev, skb);
3085 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3086 hci_remote_oob_data_request_evt(hdev, skb);
3090 BT_DBG("%s event 0x%x", hdev->name, event);
3095 hdev->stat.evt_rx++;
3098 /* Generate internal stack event */
3099 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3101 struct hci_event_hdr *hdr;
3102 struct hci_ev_stack_internal *ev;
3103 struct sk_buff *skb;
3105 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3109 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3110 hdr->evt = HCI_EV_STACK_INTERNAL;
3111 hdr->plen = sizeof(*ev) + dlen;
3113 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3115 memcpy(ev->data, data, dlen);
3117 bt_cb(skb)->incoming = 1;
3118 __net_timestamp(skb);
3120 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3121 skb->dev = (void *) hdev;
3122 hci_send_to_sock(hdev, skb, NULL);
3126 module_param(enable_le, bool, 0644);
3127 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob