2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 /* Handle HCI Event packets */
49 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 __u8 status = *((__u8 *) skb->data);
53 BT_DBG("%s status 0x%x", hdev->name, status);
57 mgmt_stop_discovery_failed(hdev, status);
62 clear_bit(HCI_INQUIRY, &hdev->flags);
65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
70 hci_conn_check_pending(hdev);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%x", hdev->name, status);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87 BT_DBG("%s", hdev->name);
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->link_mode &= ~HCI_LM_MASTER;
107 conn->link_mode |= HCI_LM_MASTER;
110 hci_dev_unlock(hdev);
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 conn->link_policy = __le16_to_cpu(rp->policy);
129 hci_dev_unlock(hdev);
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
135 struct hci_conn *conn;
138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 conn->link_policy = get_unaligned_le16(sent + 2);
153 hci_dev_unlock(hdev);
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
165 hdev->link_policy = __le16_to_cpu(rp->policy);
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170 __u8 status = *((__u8 *) skb->data);
173 BT_DBG("%s status 0x%x", hdev->name, status);
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 hdev->link_policy = get_unaligned_le16(sent);
182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%x", hdev->name, status);
191 clear_bit(HCI_RESET, &hdev->flags);
193 hci_req_complete(hdev, HCI_OP_RESET, status);
195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
198 hdev->discovery.state = DISCOVERY_STOPPED;
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
219 hci_dev_unlock(hdev);
221 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
314 mgmt_discoverable(hdev, 1);
315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
335 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
344 memcpy(hdev->dev_class, rp->dev_class, 3);
346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
350 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
352 __u8 status = *((__u8 *) skb->data);
355 BT_DBG("%s status 0x%x", hdev->name, status);
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 memcpy(hdev->dev_class, sent, 3);
366 if (test_bit(HCI_MGMT, &hdev->dev_flags))
367 mgmt_set_class_of_dev_complete(hdev, sent, status);
369 hci_dev_unlock(hdev);
372 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
374 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
377 BT_DBG("%s status 0x%x", hdev->name, rp->status);
382 setting = __le16_to_cpu(rp->voice_setting);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
395 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
397 __u8 status = *((__u8 *) skb->data);
401 BT_DBG("%s status 0x%x", hdev->name, status);
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 setting = get_unaligned_le16(sent);
412 if (hdev->voice_setting == setting)
415 hdev->voice_setting = setting;
417 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
423 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
425 __u8 status = *((__u8 *) skb->data);
427 BT_DBG("%s status 0x%x", hdev->name, status);
429 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
432 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
434 __u8 status = *((__u8 *) skb->data);
437 BT_DBG("%s status 0x%x", hdev->name, status);
439 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
444 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
447 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
453 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
455 if (hdev->features[6] & LMP_EXT_INQ)
458 if (hdev->features[3] & LMP_RSSI_INQ)
461 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
462 hdev->lmp_subver == 0x0757)
465 if (hdev->manufacturer == 15) {
466 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
470 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
474 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
475 hdev->lmp_subver == 0x1805)
481 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
485 mode = hci_get_inquiry_mode(hdev);
487 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
490 static void hci_setup_event_mask(struct hci_dev *hdev)
492 /* The second byte is 0xff instead of 0x9f (two reserved bits
493 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
494 * command otherwise */
495 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
497 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
498 * any event mask for pre 1.2 devices */
499 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
502 events[4] |= 0x01; /* Flow Specification Complete */
503 events[4] |= 0x02; /* Inquiry Result with RSSI */
504 events[4] |= 0x04; /* Read Remote Extended Features Complete */
505 events[5] |= 0x08; /* Synchronous Connection Complete */
506 events[5] |= 0x10; /* Synchronous Connection Changed */
508 if (hdev->features[3] & LMP_RSSI_INQ)
509 events[4] |= 0x04; /* Inquiry Result with RSSI */
511 if (hdev->features[5] & LMP_SNIFF_SUBR)
512 events[5] |= 0x20; /* Sniff Subrating */
514 if (hdev->features[5] & LMP_PAUSE_ENC)
515 events[5] |= 0x80; /* Encryption Key Refresh Complete */
517 if (hdev->features[6] & LMP_EXT_INQ)
518 events[5] |= 0x40; /* Extended Inquiry Result */
520 if (hdev->features[6] & LMP_NO_FLUSH)
521 events[7] |= 0x01; /* Enhanced Flush Complete */
523 if (hdev->features[7] & LMP_LSTO)
524 events[6] |= 0x80; /* Link Supervision Timeout Changed */
526 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
527 events[6] |= 0x01; /* IO Capability Request */
528 events[6] |= 0x02; /* IO Capability Response */
529 events[6] |= 0x04; /* User Confirmation Request */
530 events[6] |= 0x08; /* User Passkey Request */
531 events[6] |= 0x10; /* Remote OOB Data Request */
532 events[6] |= 0x20; /* Simple Pairing Complete */
533 events[7] |= 0x04; /* User Passkey Notification */
534 events[7] |= 0x08; /* Keypress Notification */
535 events[7] |= 0x10; /* Remote Host Supported
536 * Features Notification */
539 if (hdev->features[4] & LMP_LE)
540 events[7] |= 0x20; /* LE Meta-Event */
542 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
545 static void hci_set_le_support(struct hci_dev *hdev)
547 struct hci_cp_write_le_host_supported cp;
549 memset(&cp, 0, sizeof(cp));
551 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
553 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
556 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
559 static void hci_setup(struct hci_dev *hdev)
561 if (hdev->dev_type != HCI_BREDR)
564 hci_setup_event_mask(hdev);
566 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
567 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
569 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
570 test_bit(HCI_MGMT, &hdev->dev_flags)) {
571 struct hci_cp_write_local_name cp;
573 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
574 hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
577 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
578 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
580 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
581 sizeof(mode), &mode);
583 struct hci_cp_write_eir cp;
585 memset(hdev->eir, 0, sizeof(hdev->eir));
586 memset(&cp, 0, sizeof(cp));
588 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
592 if (hdev->features[3] & LMP_RSSI_INQ)
593 hci_setup_inquiry_mode(hdev);
595 if (hdev->features[7] & LMP_INQ_TX_PWR)
596 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
598 if (hdev->features[7] & LMP_EXTFEATURES) {
599 struct hci_cp_read_local_ext_features cp;
602 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
606 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
608 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
609 sizeof(enable), &enable);
612 if (hdev->features[4] & LMP_LE)
613 hci_set_le_support(hdev);
616 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
618 struct hci_rp_read_local_version *rp = (void *) skb->data;
620 BT_DBG("%s status 0x%x", hdev->name, rp->status);
625 hdev->hci_ver = rp->hci_ver;
626 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
627 hdev->lmp_ver = rp->lmp_ver;
628 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
629 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
631 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
633 hdev->hci_ver, hdev->hci_rev);
635 if (test_bit(HCI_INIT, &hdev->flags))
639 static void hci_setup_link_policy(struct hci_dev *hdev)
643 if (hdev->features[0] & LMP_RSWITCH)
644 link_policy |= HCI_LP_RSWITCH;
645 if (hdev->features[0] & LMP_HOLD)
646 link_policy |= HCI_LP_HOLD;
647 if (hdev->features[0] & LMP_SNIFF)
648 link_policy |= HCI_LP_SNIFF;
649 if (hdev->features[1] & LMP_PARK)
650 link_policy |= HCI_LP_PARK;
652 link_policy = cpu_to_le16(link_policy);
653 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
654 sizeof(link_policy), &link_policy);
657 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
659 struct hci_rp_read_local_commands *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
668 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
669 hci_setup_link_policy(hdev);
672 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
675 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
677 struct hci_rp_read_local_features *rp = (void *) skb->data;
679 BT_DBG("%s status 0x%x", hdev->name, rp->status);
684 memcpy(hdev->features, rp->features, 8);
686 /* Adjust default settings according to features
687 * supported by device. */
689 if (hdev->features[0] & LMP_3SLOT)
690 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
692 if (hdev->features[0] & LMP_5SLOT)
693 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
695 if (hdev->features[1] & LMP_HV2) {
696 hdev->pkt_type |= (HCI_HV2);
697 hdev->esco_type |= (ESCO_HV2);
700 if (hdev->features[1] & LMP_HV3) {
701 hdev->pkt_type |= (HCI_HV3);
702 hdev->esco_type |= (ESCO_HV3);
705 if (hdev->features[3] & LMP_ESCO)
706 hdev->esco_type |= (ESCO_EV3);
708 if (hdev->features[4] & LMP_EV4)
709 hdev->esco_type |= (ESCO_EV4);
711 if (hdev->features[4] & LMP_EV5)
712 hdev->esco_type |= (ESCO_EV5);
714 if (hdev->features[5] & LMP_EDR_ESCO_2M)
715 hdev->esco_type |= (ESCO_2EV3);
717 if (hdev->features[5] & LMP_EDR_ESCO_3M)
718 hdev->esco_type |= (ESCO_3EV3);
720 if (hdev->features[5] & LMP_EDR_3S_ESCO)
721 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
723 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
724 hdev->features[0], hdev->features[1],
725 hdev->features[2], hdev->features[3],
726 hdev->features[4], hdev->features[5],
727 hdev->features[6], hdev->features[7]);
730 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
742 memcpy(hdev->features, rp->features, 8);
745 memcpy(hdev->host_features, rp->features, 8);
749 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
752 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
755 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
757 BT_DBG("%s status 0x%x", hdev->name, rp->status);
762 hdev->flow_ctl_mode = rp->mode;
764 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
767 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
769 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
771 BT_DBG("%s status 0x%x", hdev->name, rp->status);
776 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
777 hdev->sco_mtu = rp->sco_mtu;
778 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
779 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
781 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
786 hdev->acl_cnt = hdev->acl_pkts;
787 hdev->sco_cnt = hdev->sco_pkts;
789 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
790 hdev->acl_mtu, hdev->acl_pkts,
791 hdev->sco_mtu, hdev->sco_pkts);
794 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
796 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
798 BT_DBG("%s status 0x%x", hdev->name, rp->status);
801 bacpy(&hdev->bdaddr, &rp->bdaddr);
803 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
806 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
809 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
811 BT_DBG("%s status 0x%x", hdev->name, rp->status);
816 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
817 hdev->block_len = __le16_to_cpu(rp->block_len);
818 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
820 hdev->block_cnt = hdev->num_blocks;
822 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
823 hdev->block_cnt, hdev->block_len);
825 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
828 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
830 __u8 status = *((__u8 *) skb->data);
832 BT_DBG("%s status 0x%x", hdev->name, status);
834 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
837 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
840 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
842 BT_DBG("%s status 0x%x", hdev->name, rp->status);
847 hdev->amp_status = rp->amp_status;
848 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
849 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
850 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
851 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
852 hdev->amp_type = rp->amp_type;
853 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
854 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
855 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
856 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
858 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
861 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
864 __u8 status = *((__u8 *) skb->data);
866 BT_DBG("%s status 0x%x", hdev->name, status);
868 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
871 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
873 __u8 status = *((__u8 *) skb->data);
875 BT_DBG("%s status 0x%x", hdev->name, status);
877 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
880 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
883 __u8 status = *((__u8 *) skb->data);
885 BT_DBG("%s status 0x%x", hdev->name, status);
887 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
890 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
893 __u8 status = *((__u8 *) skb->data);
895 BT_DBG("%s status 0x%x", hdev->name, status);
897 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
900 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
902 __u8 status = *((__u8 *) skb->data);
904 BT_DBG("%s status 0x%x", hdev->name, status);
906 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
909 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
911 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
912 struct hci_cp_pin_code_reply *cp;
913 struct hci_conn *conn;
915 BT_DBG("%s status 0x%x", hdev->name, rp->status);
919 if (test_bit(HCI_MGMT, &hdev->dev_flags))
920 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
925 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
929 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
931 conn->pin_length = cp->pin_len;
934 hci_dev_unlock(hdev);
937 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
939 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
941 BT_DBG("%s status 0x%x", hdev->name, rp->status);
945 if (test_bit(HCI_MGMT, &hdev->dev_flags))
946 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
949 hci_dev_unlock(hdev);
952 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
955 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
957 BT_DBG("%s status 0x%x", hdev->name, rp->status);
962 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
963 hdev->le_pkts = rp->le_max_pkt;
965 hdev->le_cnt = hdev->le_pkts;
967 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
969 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
972 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
974 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
976 BT_DBG("%s status 0x%x", hdev->name, rp->status);
980 if (test_bit(HCI_MGMT, &hdev->dev_flags))
981 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
984 hci_dev_unlock(hdev);
987 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
990 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
992 BT_DBG("%s status 0x%x", hdev->name, rp->status);
996 if (test_bit(HCI_MGMT, &hdev->dev_flags))
997 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1001 hci_dev_unlock(hdev);
1004 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1006 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1008 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1012 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1013 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1016 hci_dev_unlock(hdev);
1019 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1020 struct sk_buff *skb)
1022 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1024 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1028 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1029 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1033 hci_dev_unlock(hdev);
1036 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1041 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1044 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1045 rp->randomizer, rp->status);
1046 hci_dev_unlock(hdev);
1049 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1051 __u8 status = *((__u8 *) skb->data);
1053 BT_DBG("%s status 0x%x", hdev->name, status);
1055 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1059 mgmt_start_discovery_failed(hdev, status);
1060 hci_dev_unlock(hdev);
1065 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1068 struct hci_cp_le_set_scan_enable *cp;
1069 __u8 status = *((__u8 *) skb->data);
1071 BT_DBG("%s status 0x%x", hdev->name, status);
1073 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1077 switch (cp->enable) {
1078 case LE_SCANNING_ENABLED:
1079 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1083 mgmt_start_discovery_failed(hdev, status);
1084 hci_dev_unlock(hdev);
1088 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1090 cancel_delayed_work_sync(&hdev->adv_work);
1093 hci_adv_entries_clear(hdev);
1094 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1095 hci_dev_unlock(hdev);
1098 case LE_SCANNING_DISABLED:
1102 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1104 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1106 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1107 mgmt_interleaved_discovery(hdev);
1110 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1111 hci_dev_unlock(hdev);
1117 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1122 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1124 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1126 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1131 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1134 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1136 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1143 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1146 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1147 struct sk_buff *skb)
1149 struct hci_cp_read_local_ext_features cp;
1150 struct hci_cp_write_le_host_supported *sent;
1151 __u8 status = *((__u8 *) skb->data);
1153 BT_DBG("%s status 0x%x", hdev->name, status);
1155 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1156 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1157 mgmt_le_enable_complete(hdev, sent->le, status);
1163 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1166 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1168 BT_DBG("%s status 0x%x", hdev->name, status);
1171 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1172 hci_conn_check_pending(hdev);
1174 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1175 mgmt_start_discovery_failed(hdev, status);
1176 hci_dev_unlock(hdev);
1180 set_bit(HCI_INQUIRY, &hdev->flags);
1183 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1184 hci_dev_unlock(hdev);
1187 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1189 struct hci_cp_create_conn *cp;
1190 struct hci_conn *conn;
1192 BT_DBG("%s status 0x%x", hdev->name, status);
1194 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1200 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1202 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1205 if (conn && conn->state == BT_CONNECT) {
1206 if (status != 0x0c || conn->attempt > 2) {
1207 conn->state = BT_CLOSED;
1208 hci_proto_connect_cfm(conn, status);
1211 conn->state = BT_CONNECT2;
1215 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1218 conn->link_mode |= HCI_LM_MASTER;
1220 BT_ERR("No memory for new connection");
1224 hci_dev_unlock(hdev);
1227 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1229 struct hci_cp_add_sco *cp;
1230 struct hci_conn *acl, *sco;
1233 BT_DBG("%s status 0x%x", hdev->name, status);
1238 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1242 handle = __le16_to_cpu(cp->handle);
1244 BT_DBG("%s handle %d", hdev->name, handle);
1248 acl = hci_conn_hash_lookup_handle(hdev, handle);
1252 sco->state = BT_CLOSED;
1254 hci_proto_connect_cfm(sco, status);
1259 hci_dev_unlock(hdev);
1262 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1264 struct hci_cp_auth_requested *cp;
1265 struct hci_conn *conn;
1267 BT_DBG("%s status 0x%x", hdev->name, status);
1272 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1280 if (conn->state == BT_CONFIG) {
1281 hci_proto_connect_cfm(conn, status);
1286 hci_dev_unlock(hdev);
1289 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1291 struct hci_cp_set_conn_encrypt *cp;
1292 struct hci_conn *conn;
1294 BT_DBG("%s status 0x%x", hdev->name, status);
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1305 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1307 if (conn->state == BT_CONFIG) {
1308 hci_proto_connect_cfm(conn, status);
1313 hci_dev_unlock(hdev);
1316 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1317 struct hci_conn *conn)
1319 if (conn->state != BT_CONFIG || !conn->out)
1322 if (conn->pending_sec_level == BT_SECURITY_SDP)
1325 /* Only request authentication for SSP connections or non-SSP
1326 * devices with sec_level HIGH or if MITM protection is requested */
1327 if (!hci_conn_ssp_enabled(conn) &&
1328 conn->pending_sec_level != BT_SECURITY_HIGH &&
1329 !(conn->auth_type & 0x01))
1335 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1337 struct hci_cp_remote_name_req cp;
1339 memset(&cp, 0, sizeof(cp));
1341 bacpy(&cp.bdaddr, &e->data.bdaddr);
1342 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1343 cp.pscan_mode = e->data.pscan_mode;
1344 cp.clock_offset = e->data.clock_offset;
1346 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1349 static bool hci_resolve_next_name(struct hci_dev *hdev)
1351 struct discovery_state *discov = &hdev->discovery;
1352 struct inquiry_entry *e;
1354 if (list_empty(&discov->resolve))
1357 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1358 if (hci_resolve_name(hdev, e) == 0) {
1359 e->name_state = NAME_PENDING;
1366 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1367 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1369 struct discovery_state *discov = &hdev->discovery;
1370 struct inquiry_entry *e;
1372 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1373 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0,
1374 name, name_len, conn->dev_class);
1376 if (discov->state == DISCOVERY_STOPPED)
1379 if (discov->state == DISCOVERY_STOPPING)
1380 goto discov_complete;
1382 if (discov->state != DISCOVERY_RESOLVING)
1385 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1387 e->name_state = NAME_KNOWN;
1390 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1391 e->data.rssi, name, name_len);
1394 if (hci_resolve_next_name(hdev))
1398 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1401 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1403 struct hci_cp_remote_name_req *cp;
1404 struct hci_conn *conn;
1406 BT_DBG("%s status 0x%x", hdev->name, status);
1408 /* If successful wait for the name req complete event before
1409 * checking for the need to do authentication */
1413 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1419 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1421 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1422 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1427 if (!hci_outgoing_auth_needed(hdev, conn))
1430 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1431 struct hci_cp_auth_requested cp;
1432 cp.handle = __cpu_to_le16(conn->handle);
1433 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1437 hci_dev_unlock(hdev);
1440 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1442 struct hci_cp_read_remote_features *cp;
1443 struct hci_conn *conn;
1445 BT_DBG("%s status 0x%x", hdev->name, status);
1450 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1456 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1458 if (conn->state == BT_CONFIG) {
1459 hci_proto_connect_cfm(conn, status);
1464 hci_dev_unlock(hdev);
1467 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1469 struct hci_cp_read_remote_ext_features *cp;
1470 struct hci_conn *conn;
1472 BT_DBG("%s status 0x%x", hdev->name, status);
1477 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1483 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1485 if (conn->state == BT_CONFIG) {
1486 hci_proto_connect_cfm(conn, status);
1491 hci_dev_unlock(hdev);
1494 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1496 struct hci_cp_setup_sync_conn *cp;
1497 struct hci_conn *acl, *sco;
1500 BT_DBG("%s status 0x%x", hdev->name, status);
1505 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1509 handle = __le16_to_cpu(cp->handle);
1511 BT_DBG("%s handle %d", hdev->name, handle);
1515 acl = hci_conn_hash_lookup_handle(hdev, handle);
1519 sco->state = BT_CLOSED;
1521 hci_proto_connect_cfm(sco, status);
1526 hci_dev_unlock(hdev);
1529 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1531 struct hci_cp_sniff_mode *cp;
1532 struct hci_conn *conn;
1534 BT_DBG("%s status 0x%x", hdev->name, status);
1539 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1547 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1549 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1550 hci_sco_setup(conn, status);
1553 hci_dev_unlock(hdev);
1556 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1558 struct hci_cp_exit_sniff_mode *cp;
1559 struct hci_conn *conn;
1561 BT_DBG("%s status 0x%x", hdev->name, status);
1566 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1574 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1576 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1577 hci_sco_setup(conn, status);
1580 hci_dev_unlock(hdev);
1583 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1585 struct hci_cp_disconnect *cp;
1586 struct hci_conn *conn;
1591 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1597 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1599 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1600 conn->dst_type, status);
1602 hci_dev_unlock(hdev);
1605 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1607 struct hci_cp_le_create_conn *cp;
1608 struct hci_conn *conn;
1610 BT_DBG("%s status 0x%x", hdev->name, status);
1612 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1620 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1624 if (conn && conn->state == BT_CONNECT) {
1625 conn->state = BT_CLOSED;
1626 hci_proto_connect_cfm(conn, status);
1631 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1633 conn->dst_type = cp->peer_addr_type;
1636 BT_ERR("No memory for new connection");
1641 hci_dev_unlock(hdev);
1644 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1646 BT_DBG("%s status 0x%x", hdev->name, status);
1649 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1651 __u8 status = *((__u8 *) skb->data);
1652 struct discovery_state *discov = &hdev->discovery;
1653 struct inquiry_entry *e;
1655 BT_DBG("%s status %d", hdev->name, status);
1657 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1659 hci_conn_check_pending(hdev);
1661 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1664 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1669 if (discov->state != DISCOVERY_FINDING)
1672 if (list_empty(&discov->resolve)) {
1673 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1677 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1678 if (e && hci_resolve_name(hdev, e) == 0) {
1679 e->name_state = NAME_PENDING;
1680 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1682 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 hci_dev_unlock(hdev);
1689 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1691 struct inquiry_data data;
1692 struct inquiry_info *info = (void *) (skb->data + 1);
1693 int num_rsp = *((__u8 *) skb->data);
1695 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1702 for (; num_rsp; num_rsp--, info++) {
1703 bool name_known, ssp;
1705 bacpy(&data.bdaddr, &info->bdaddr);
1706 data.pscan_rep_mode = info->pscan_rep_mode;
1707 data.pscan_period_mode = info->pscan_period_mode;
1708 data.pscan_mode = info->pscan_mode;
1709 memcpy(data.dev_class, info->dev_class, 3);
1710 data.clock_offset = info->clock_offset;
1712 data.ssp_mode = 0x00;
1714 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1715 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1716 info->dev_class, 0, !name_known, ssp,
1720 hci_dev_unlock(hdev);
1723 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1725 struct hci_ev_conn_complete *ev = (void *) skb->data;
1726 struct hci_conn *conn;
1728 BT_DBG("%s", hdev->name);
1732 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1734 if (ev->link_type != SCO_LINK)
1737 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1741 conn->type = SCO_LINK;
1745 conn->handle = __le16_to_cpu(ev->handle);
1747 if (conn->type == ACL_LINK) {
1748 conn->state = BT_CONFIG;
1749 hci_conn_hold(conn);
1750 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1752 conn->state = BT_CONNECTED;
1754 hci_conn_hold_device(conn);
1755 hci_conn_add_sysfs(conn);
1757 if (test_bit(HCI_AUTH, &hdev->flags))
1758 conn->link_mode |= HCI_LM_AUTH;
1760 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1761 conn->link_mode |= HCI_LM_ENCRYPT;
1763 /* Get remote features */
1764 if (conn->type == ACL_LINK) {
1765 struct hci_cp_read_remote_features cp;
1766 cp.handle = ev->handle;
1767 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1771 /* Set packet type for incoming connection */
1772 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1773 struct hci_cp_change_conn_ptype cp;
1774 cp.handle = ev->handle;
1775 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1776 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1780 conn->state = BT_CLOSED;
1781 if (conn->type == ACL_LINK)
1782 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1783 conn->dst_type, ev->status);
1786 if (conn->type == ACL_LINK)
1787 hci_sco_setup(conn, ev->status);
1790 hci_proto_connect_cfm(conn, ev->status);
1792 } else if (ev->link_type != ACL_LINK)
1793 hci_proto_connect_cfm(conn, ev->status);
1796 hci_dev_unlock(hdev);
1798 hci_conn_check_pending(hdev);
1801 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1803 struct hci_ev_conn_request *ev = (void *) skb->data;
1804 int mask = hdev->link_mode;
1806 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1807 batostr(&ev->bdaddr), ev->link_type);
1809 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1811 if ((mask & HCI_LM_ACCEPT) &&
1812 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1813 /* Connection accepted */
1814 struct inquiry_entry *ie;
1815 struct hci_conn *conn;
1819 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1821 memcpy(ie->data.dev_class, ev->dev_class, 3);
1823 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1825 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1827 BT_ERR("No memory for new connection");
1828 hci_dev_unlock(hdev);
1833 memcpy(conn->dev_class, ev->dev_class, 3);
1834 conn->state = BT_CONNECT;
1836 hci_dev_unlock(hdev);
1838 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1839 struct hci_cp_accept_conn_req cp;
1841 bacpy(&cp.bdaddr, &ev->bdaddr);
1843 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1844 cp.role = 0x00; /* Become master */
1846 cp.role = 0x01; /* Remain slave */
1848 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1851 struct hci_cp_accept_sync_conn_req cp;
1853 bacpy(&cp.bdaddr, &ev->bdaddr);
1854 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1856 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1857 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1858 cp.max_latency = cpu_to_le16(0xffff);
1859 cp.content_format = cpu_to_le16(hdev->voice_setting);
1860 cp.retrans_effort = 0xff;
1862 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1866 /* Connection rejected */
1867 struct hci_cp_reject_conn_req cp;
1869 bacpy(&cp.bdaddr, &ev->bdaddr);
1870 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1871 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1875 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1877 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1878 struct hci_conn *conn;
1880 BT_DBG("%s status %d", hdev->name, ev->status);
1884 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1888 if (ev->status == 0)
1889 conn->state = BT_CLOSED;
1891 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1892 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1893 if (ev->status != 0)
1894 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1895 conn->dst_type, ev->status);
1897 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1901 if (ev->status == 0) {
1902 hci_proto_disconn_cfm(conn, ev->reason);
1907 hci_dev_unlock(hdev);
1910 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1912 struct hci_ev_auth_complete *ev = (void *) skb->data;
1913 struct hci_conn *conn;
1915 BT_DBG("%s status %d", hdev->name, ev->status);
1919 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1924 if (!hci_conn_ssp_enabled(conn) &&
1925 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1926 BT_INFO("re-auth of legacy device is not possible.");
1928 conn->link_mode |= HCI_LM_AUTH;
1929 conn->sec_level = conn->pending_sec_level;
1932 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1936 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1937 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1939 if (conn->state == BT_CONFIG) {
1940 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1941 struct hci_cp_set_conn_encrypt cp;
1942 cp.handle = ev->handle;
1944 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1947 conn->state = BT_CONNECTED;
1948 hci_proto_connect_cfm(conn, ev->status);
1952 hci_auth_cfm(conn, ev->status);
1954 hci_conn_hold(conn);
1955 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1959 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1961 struct hci_cp_set_conn_encrypt cp;
1962 cp.handle = ev->handle;
1964 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1967 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1968 hci_encrypt_cfm(conn, ev->status, 0x00);
1973 hci_dev_unlock(hdev);
1976 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1978 struct hci_ev_remote_name *ev = (void *) skb->data;
1979 struct hci_conn *conn;
1981 BT_DBG("%s", hdev->name);
1983 hci_conn_check_pending(hdev);
1987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1989 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1992 if (ev->status == 0)
1993 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1994 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1996 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2002 if (!hci_outgoing_auth_needed(hdev, conn))
2005 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2006 struct hci_cp_auth_requested cp;
2007 cp.handle = __cpu_to_le16(conn->handle);
2008 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2012 hci_dev_unlock(hdev);
2015 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2017 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2018 struct hci_conn *conn;
2020 BT_DBG("%s status %d", hdev->name, ev->status);
2024 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2028 /* Encryption implies authentication */
2029 conn->link_mode |= HCI_LM_AUTH;
2030 conn->link_mode |= HCI_LM_ENCRYPT;
2031 conn->sec_level = conn->pending_sec_level;
2033 conn->link_mode &= ~HCI_LM_ENCRYPT;
2036 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2038 if (conn->state == BT_CONFIG) {
2040 conn->state = BT_CONNECTED;
2042 hci_proto_connect_cfm(conn, ev->status);
2045 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2048 hci_dev_unlock(hdev);
2051 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2053 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2054 struct hci_conn *conn;
2056 BT_DBG("%s status %d", hdev->name, ev->status);
2060 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2063 conn->link_mode |= HCI_LM_SECURE;
2065 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2067 hci_key_change_cfm(conn, ev->status);
2070 hci_dev_unlock(hdev);
2073 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2075 struct hci_ev_remote_features *ev = (void *) skb->data;
2076 struct hci_conn *conn;
2078 BT_DBG("%s status %d", hdev->name, ev->status);
2082 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2087 memcpy(conn->features, ev->features, 8);
2089 if (conn->state != BT_CONFIG)
2092 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2093 struct hci_cp_read_remote_ext_features cp;
2094 cp.handle = ev->handle;
2096 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2102 struct hci_cp_remote_name_req cp;
2103 memset(&cp, 0, sizeof(cp));
2104 bacpy(&cp.bdaddr, &conn->dst);
2105 cp.pscan_rep_mode = 0x02;
2106 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2107 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2108 mgmt_device_connected(hdev, &conn->dst, conn->type,
2109 conn->dst_type, 0, NULL, 0,
2112 if (!hci_outgoing_auth_needed(hdev, conn)) {
2113 conn->state = BT_CONNECTED;
2114 hci_proto_connect_cfm(conn, ev->status);
2119 hci_dev_unlock(hdev);
2122 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2124 BT_DBG("%s", hdev->name);
2127 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2129 BT_DBG("%s", hdev->name);
2132 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2134 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2137 skb_pull(skb, sizeof(*ev));
2139 opcode = __le16_to_cpu(ev->opcode);
2142 case HCI_OP_INQUIRY_CANCEL:
2143 hci_cc_inquiry_cancel(hdev, skb);
2146 case HCI_OP_EXIT_PERIODIC_INQ:
2147 hci_cc_exit_periodic_inq(hdev, skb);
2150 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2151 hci_cc_remote_name_req_cancel(hdev, skb);
2154 case HCI_OP_ROLE_DISCOVERY:
2155 hci_cc_role_discovery(hdev, skb);
2158 case HCI_OP_READ_LINK_POLICY:
2159 hci_cc_read_link_policy(hdev, skb);
2162 case HCI_OP_WRITE_LINK_POLICY:
2163 hci_cc_write_link_policy(hdev, skb);
2166 case HCI_OP_READ_DEF_LINK_POLICY:
2167 hci_cc_read_def_link_policy(hdev, skb);
2170 case HCI_OP_WRITE_DEF_LINK_POLICY:
2171 hci_cc_write_def_link_policy(hdev, skb);
2175 hci_cc_reset(hdev, skb);
2178 case HCI_OP_WRITE_LOCAL_NAME:
2179 hci_cc_write_local_name(hdev, skb);
2182 case HCI_OP_READ_LOCAL_NAME:
2183 hci_cc_read_local_name(hdev, skb);
2186 case HCI_OP_WRITE_AUTH_ENABLE:
2187 hci_cc_write_auth_enable(hdev, skb);
2190 case HCI_OP_WRITE_ENCRYPT_MODE:
2191 hci_cc_write_encrypt_mode(hdev, skb);
2194 case HCI_OP_WRITE_SCAN_ENABLE:
2195 hci_cc_write_scan_enable(hdev, skb);
2198 case HCI_OP_READ_CLASS_OF_DEV:
2199 hci_cc_read_class_of_dev(hdev, skb);
2202 case HCI_OP_WRITE_CLASS_OF_DEV:
2203 hci_cc_write_class_of_dev(hdev, skb);
2206 case HCI_OP_READ_VOICE_SETTING:
2207 hci_cc_read_voice_setting(hdev, skb);
2210 case HCI_OP_WRITE_VOICE_SETTING:
2211 hci_cc_write_voice_setting(hdev, skb);
2214 case HCI_OP_HOST_BUFFER_SIZE:
2215 hci_cc_host_buffer_size(hdev, skb);
2218 case HCI_OP_WRITE_SSP_MODE:
2219 hci_cc_write_ssp_mode(hdev, skb);
2222 case HCI_OP_READ_LOCAL_VERSION:
2223 hci_cc_read_local_version(hdev, skb);
2226 case HCI_OP_READ_LOCAL_COMMANDS:
2227 hci_cc_read_local_commands(hdev, skb);
2230 case HCI_OP_READ_LOCAL_FEATURES:
2231 hci_cc_read_local_features(hdev, skb);
2234 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2235 hci_cc_read_local_ext_features(hdev, skb);
2238 case HCI_OP_READ_BUFFER_SIZE:
2239 hci_cc_read_buffer_size(hdev, skb);
2242 case HCI_OP_READ_BD_ADDR:
2243 hci_cc_read_bd_addr(hdev, skb);
2246 case HCI_OP_READ_DATA_BLOCK_SIZE:
2247 hci_cc_read_data_block_size(hdev, skb);
2250 case HCI_OP_WRITE_CA_TIMEOUT:
2251 hci_cc_write_ca_timeout(hdev, skb);
2254 case HCI_OP_READ_FLOW_CONTROL_MODE:
2255 hci_cc_read_flow_control_mode(hdev, skb);
2258 case HCI_OP_READ_LOCAL_AMP_INFO:
2259 hci_cc_read_local_amp_info(hdev, skb);
2262 case HCI_OP_DELETE_STORED_LINK_KEY:
2263 hci_cc_delete_stored_link_key(hdev, skb);
2266 case HCI_OP_SET_EVENT_MASK:
2267 hci_cc_set_event_mask(hdev, skb);
2270 case HCI_OP_WRITE_INQUIRY_MODE:
2271 hci_cc_write_inquiry_mode(hdev, skb);
2274 case HCI_OP_READ_INQ_RSP_TX_POWER:
2275 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2278 case HCI_OP_SET_EVENT_FLT:
2279 hci_cc_set_event_flt(hdev, skb);
2282 case HCI_OP_PIN_CODE_REPLY:
2283 hci_cc_pin_code_reply(hdev, skb);
2286 case HCI_OP_PIN_CODE_NEG_REPLY:
2287 hci_cc_pin_code_neg_reply(hdev, skb);
2290 case HCI_OP_READ_LOCAL_OOB_DATA:
2291 hci_cc_read_local_oob_data_reply(hdev, skb);
2294 case HCI_OP_LE_READ_BUFFER_SIZE:
2295 hci_cc_le_read_buffer_size(hdev, skb);
2298 case HCI_OP_USER_CONFIRM_REPLY:
2299 hci_cc_user_confirm_reply(hdev, skb);
2302 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2303 hci_cc_user_confirm_neg_reply(hdev, skb);
2306 case HCI_OP_USER_PASSKEY_REPLY:
2307 hci_cc_user_passkey_reply(hdev, skb);
2310 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2311 hci_cc_user_passkey_neg_reply(hdev, skb);
2313 case HCI_OP_LE_SET_SCAN_PARAM:
2314 hci_cc_le_set_scan_param(hdev, skb);
2317 case HCI_OP_LE_SET_SCAN_ENABLE:
2318 hci_cc_le_set_scan_enable(hdev, skb);
2321 case HCI_OP_LE_LTK_REPLY:
2322 hci_cc_le_ltk_reply(hdev, skb);
2325 case HCI_OP_LE_LTK_NEG_REPLY:
2326 hci_cc_le_ltk_neg_reply(hdev, skb);
2329 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2330 hci_cc_write_le_host_supported(hdev, skb);
2334 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2338 if (ev->opcode != HCI_OP_NOP)
2339 del_timer(&hdev->cmd_timer);
2342 atomic_set(&hdev->cmd_cnt, 1);
2343 if (!skb_queue_empty(&hdev->cmd_q))
2344 queue_work(hdev->workqueue, &hdev->cmd_work);
2348 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2350 struct hci_ev_cmd_status *ev = (void *) skb->data;
2353 skb_pull(skb, sizeof(*ev));
2355 opcode = __le16_to_cpu(ev->opcode);
2358 case HCI_OP_INQUIRY:
2359 hci_cs_inquiry(hdev, ev->status);
2362 case HCI_OP_CREATE_CONN:
2363 hci_cs_create_conn(hdev, ev->status);
2366 case HCI_OP_ADD_SCO:
2367 hci_cs_add_sco(hdev, ev->status);
2370 case HCI_OP_AUTH_REQUESTED:
2371 hci_cs_auth_requested(hdev, ev->status);
2374 case HCI_OP_SET_CONN_ENCRYPT:
2375 hci_cs_set_conn_encrypt(hdev, ev->status);
2378 case HCI_OP_REMOTE_NAME_REQ:
2379 hci_cs_remote_name_req(hdev, ev->status);
2382 case HCI_OP_READ_REMOTE_FEATURES:
2383 hci_cs_read_remote_features(hdev, ev->status);
2386 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2387 hci_cs_read_remote_ext_features(hdev, ev->status);
2390 case HCI_OP_SETUP_SYNC_CONN:
2391 hci_cs_setup_sync_conn(hdev, ev->status);
2394 case HCI_OP_SNIFF_MODE:
2395 hci_cs_sniff_mode(hdev, ev->status);
2398 case HCI_OP_EXIT_SNIFF_MODE:
2399 hci_cs_exit_sniff_mode(hdev, ev->status);
2402 case HCI_OP_DISCONNECT:
2403 hci_cs_disconnect(hdev, ev->status);
2406 case HCI_OP_LE_CREATE_CONN:
2407 hci_cs_le_create_conn(hdev, ev->status);
2410 case HCI_OP_LE_START_ENC:
2411 hci_cs_le_start_enc(hdev, ev->status);
2415 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2419 if (ev->opcode != HCI_OP_NOP)
2420 del_timer(&hdev->cmd_timer);
2422 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2423 atomic_set(&hdev->cmd_cnt, 1);
2424 if (!skb_queue_empty(&hdev->cmd_q))
2425 queue_work(hdev->workqueue, &hdev->cmd_work);
2429 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2431 struct hci_ev_role_change *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2434 BT_DBG("%s status %d", hdev->name, ev->status);
2438 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2442 conn->link_mode &= ~HCI_LM_MASTER;
2444 conn->link_mode |= HCI_LM_MASTER;
2447 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2449 hci_role_switch_cfm(conn, ev->status, ev->role);
2452 hci_dev_unlock(hdev);
2455 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2457 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2460 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2461 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2465 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2466 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2467 BT_DBG("%s bad parameters", hdev->name);
2471 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2473 for (i = 0; i < ev->num_hndl; i++) {
2474 struct hci_comp_pkts_info *info = &ev->handles[i];
2475 struct hci_conn *conn;
2476 __u16 handle, count;
2478 handle = __le16_to_cpu(info->handle);
2479 count = __le16_to_cpu(info->count);
2481 conn = hci_conn_hash_lookup_handle(hdev, handle);
2485 conn->sent -= count;
2487 switch (conn->type) {
2489 hdev->acl_cnt += count;
2490 if (hdev->acl_cnt > hdev->acl_pkts)
2491 hdev->acl_cnt = hdev->acl_pkts;
2495 if (hdev->le_pkts) {
2496 hdev->le_cnt += count;
2497 if (hdev->le_cnt > hdev->le_pkts)
2498 hdev->le_cnt = hdev->le_pkts;
2500 hdev->acl_cnt += count;
2501 if (hdev->acl_cnt > hdev->acl_pkts)
2502 hdev->acl_cnt = hdev->acl_pkts;
2507 hdev->sco_cnt += count;
2508 if (hdev->sco_cnt > hdev->sco_pkts)
2509 hdev->sco_cnt = hdev->sco_pkts;
2513 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2518 queue_work(hdev->workqueue, &hdev->tx_work);
2521 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2522 struct sk_buff *skb)
2524 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2527 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2528 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2532 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2533 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2534 BT_DBG("%s bad parameters", hdev->name);
2538 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2541 for (i = 0; i < ev->num_hndl; i++) {
2542 struct hci_comp_blocks_info *info = &ev->handles[i];
2543 struct hci_conn *conn;
2544 __u16 handle, block_count;
2546 handle = __le16_to_cpu(info->handle);
2547 block_count = __le16_to_cpu(info->blocks);
2549 conn = hci_conn_hash_lookup_handle(hdev, handle);
2553 conn->sent -= block_count;
2555 switch (conn->type) {
2557 hdev->block_cnt += block_count;
2558 if (hdev->block_cnt > hdev->num_blocks)
2559 hdev->block_cnt = hdev->num_blocks;
2563 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2568 queue_work(hdev->workqueue, &hdev->tx_work);
2571 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2573 struct hci_ev_mode_change *ev = (void *) skb->data;
2574 struct hci_conn *conn;
2576 BT_DBG("%s status %d", hdev->name, ev->status);
2580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2582 conn->mode = ev->mode;
2583 conn->interval = __le16_to_cpu(ev->interval);
2585 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2586 if (conn->mode == HCI_CM_ACTIVE)
2587 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2589 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2592 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2593 hci_sco_setup(conn, ev->status);
2596 hci_dev_unlock(hdev);
2599 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2601 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2602 struct hci_conn *conn;
2604 BT_DBG("%s", hdev->name);
2608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2612 if (conn->state == BT_CONNECTED) {
2613 hci_conn_hold(conn);
2614 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2618 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2619 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2620 sizeof(ev->bdaddr), &ev->bdaddr);
2621 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2624 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2629 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2633 hci_dev_unlock(hdev);
2636 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2638 struct hci_ev_link_key_req *ev = (void *) skb->data;
2639 struct hci_cp_link_key_reply cp;
2640 struct hci_conn *conn;
2641 struct link_key *key;
2643 BT_DBG("%s", hdev->name);
2645 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2650 key = hci_find_link_key(hdev, &ev->bdaddr);
2652 BT_DBG("%s link key not found for %s", hdev->name,
2653 batostr(&ev->bdaddr));
2657 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2658 batostr(&ev->bdaddr));
2660 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2661 key->type == HCI_LK_DEBUG_COMBINATION) {
2662 BT_DBG("%s ignoring debug key", hdev->name);
2666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2668 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2669 conn->auth_type != 0xff &&
2670 (conn->auth_type & 0x01)) {
2671 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2675 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2676 conn->pending_sec_level == BT_SECURITY_HIGH) {
2677 BT_DBG("%s ignoring key unauthenticated for high \
2678 security", hdev->name);
2682 conn->key_type = key->type;
2683 conn->pin_length = key->pin_len;
2686 bacpy(&cp.bdaddr, &ev->bdaddr);
2687 memcpy(cp.link_key, key->val, 16);
2689 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2691 hci_dev_unlock(hdev);
2696 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2697 hci_dev_unlock(hdev);
2700 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2702 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2703 struct hci_conn *conn;
2706 BT_DBG("%s", hdev->name);
2710 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2712 hci_conn_hold(conn);
2713 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2714 pin_len = conn->pin_length;
2716 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2717 conn->key_type = ev->key_type;
2722 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2723 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2724 ev->key_type, pin_len);
2726 hci_dev_unlock(hdev);
2729 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2731 struct hci_ev_clock_offset *ev = (void *) skb->data;
2732 struct hci_conn *conn;
2734 BT_DBG("%s status %d", hdev->name, ev->status);
2738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2739 if (conn && !ev->status) {
2740 struct inquiry_entry *ie;
2742 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2744 ie->data.clock_offset = ev->clock_offset;
2745 ie->timestamp = jiffies;
2749 hci_dev_unlock(hdev);
2752 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2754 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2755 struct hci_conn *conn;
2757 BT_DBG("%s status %d", hdev->name, ev->status);
2761 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2762 if (conn && !ev->status)
2763 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2765 hci_dev_unlock(hdev);
2768 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2770 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2771 struct inquiry_entry *ie;
2773 BT_DBG("%s", hdev->name);
2777 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2779 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2780 ie->timestamp = jiffies;
2783 hci_dev_unlock(hdev);
2786 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2788 struct inquiry_data data;
2789 int num_rsp = *((__u8 *) skb->data);
2790 bool name_known, ssp;
2792 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2799 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2800 struct inquiry_info_with_rssi_and_pscan_mode *info;
2801 info = (void *) (skb->data + 1);
2803 for (; num_rsp; num_rsp--, info++) {
2804 bacpy(&data.bdaddr, &info->bdaddr);
2805 data.pscan_rep_mode = info->pscan_rep_mode;
2806 data.pscan_period_mode = info->pscan_period_mode;
2807 data.pscan_mode = info->pscan_mode;
2808 memcpy(data.dev_class, info->dev_class, 3);
2809 data.clock_offset = info->clock_offset;
2810 data.rssi = info->rssi;
2811 data.ssp_mode = 0x00;
2813 name_known = hci_inquiry_cache_update(hdev, &data,
2815 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2816 info->dev_class, info->rssi,
2817 !name_known, ssp, NULL, 0);
2820 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2822 for (; num_rsp; num_rsp--, info++) {
2823 bacpy(&data.bdaddr, &info->bdaddr);
2824 data.pscan_rep_mode = info->pscan_rep_mode;
2825 data.pscan_period_mode = info->pscan_period_mode;
2826 data.pscan_mode = 0x00;
2827 memcpy(data.dev_class, info->dev_class, 3);
2828 data.clock_offset = info->clock_offset;
2829 data.rssi = info->rssi;
2830 data.ssp_mode = 0x00;
2831 name_known = hci_inquiry_cache_update(hdev, &data,
2833 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2834 info->dev_class, info->rssi,
2835 !name_known, ssp, NULL, 0);
2839 hci_dev_unlock(hdev);
2842 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2844 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2845 struct hci_conn *conn;
2847 BT_DBG("%s", hdev->name);
2851 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2855 if (!ev->status && ev->page == 0x01) {
2856 struct inquiry_entry *ie;
2858 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2860 ie->data.ssp_mode = (ev->features[0] & 0x01);
2862 if (ev->features[0] & 0x01)
2863 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2866 if (conn->state != BT_CONFIG)
2870 struct hci_cp_remote_name_req cp;
2871 memset(&cp, 0, sizeof(cp));
2872 bacpy(&cp.bdaddr, &conn->dst);
2873 cp.pscan_rep_mode = 0x02;
2874 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2875 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2876 mgmt_device_connected(hdev, &conn->dst, conn->type,
2877 conn->dst_type, 0, NULL, 0,
2880 if (!hci_outgoing_auth_needed(hdev, conn)) {
2881 conn->state = BT_CONNECTED;
2882 hci_proto_connect_cfm(conn, ev->status);
2887 hci_dev_unlock(hdev);
2890 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2892 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2893 struct hci_conn *conn;
2895 BT_DBG("%s status %d", hdev->name, ev->status);
2899 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2901 if (ev->link_type == ESCO_LINK)
2904 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2908 conn->type = SCO_LINK;
2911 switch (ev->status) {
2913 conn->handle = __le16_to_cpu(ev->handle);
2914 conn->state = BT_CONNECTED;
2916 hci_conn_hold_device(conn);
2917 hci_conn_add_sysfs(conn);
2920 case 0x11: /* Unsupported Feature or Parameter Value */
2921 case 0x1c: /* SCO interval rejected */
2922 case 0x1a: /* Unsupported Remote Feature */
2923 case 0x1f: /* Unspecified error */
2924 if (conn->out && conn->attempt < 2) {
2925 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2926 (hdev->esco_type & EDR_ESCO_MASK);
2927 hci_setup_sync(conn, conn->link->handle);
2933 conn->state = BT_CLOSED;
2937 hci_proto_connect_cfm(conn, ev->status);
2942 hci_dev_unlock(hdev);
2945 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2947 BT_DBG("%s", hdev->name);
2950 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2952 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2954 BT_DBG("%s status %d", hdev->name, ev->status);
2957 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2959 struct inquiry_data data;
2960 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2961 int num_rsp = *((__u8 *) skb->data);
2963 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2970 for (; num_rsp; num_rsp--, info++) {
2971 bool name_known, ssp;
2973 bacpy(&data.bdaddr, &info->bdaddr);
2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
2977 memcpy(data.dev_class, info->dev_class, 3);
2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
2980 data.ssp_mode = 0x01;
2982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2983 name_known = eir_has_data_type(info->data,
2989 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2991 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2992 info->dev_class, info->rssi,
2993 !name_known, ssp, info->data,
2994 sizeof(info->data));
2997 hci_dev_unlock(hdev);
3000 static inline u8 hci_get_auth_req(struct hci_conn *conn)
3002 /* If remote requests dedicated bonding follow that lead */
3003 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3004 /* If both remote and local IO capabilities allow MITM
3005 * protection then require it, otherwise don't */
3006 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3012 /* If remote requests no-bonding follow that lead */
3013 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3014 return conn->remote_auth | (conn->auth_type & 0x01);
3016 return conn->auth_type;
3019 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3021 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3022 struct hci_conn *conn;
3024 BT_DBG("%s", hdev->name);
3028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3032 hci_conn_hold(conn);
3034 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3037 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3038 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3039 struct hci_cp_io_capability_reply cp;
3041 bacpy(&cp.bdaddr, &ev->bdaddr);
3042 /* Change the IO capability from KeyboardDisplay
3043 * to DisplayYesNo as it is not supported by BT spec. */
3044 cp.capability = (conn->io_capability == 0x04) ?
3045 0x01 : conn->io_capability;
3046 conn->auth_type = hci_get_auth_req(conn);
3047 cp.authentication = conn->auth_type;
3049 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3050 hci_find_remote_oob_data(hdev, &conn->dst))
3055 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3058 struct hci_cp_io_capability_neg_reply cp;
3060 bacpy(&cp.bdaddr, &ev->bdaddr);
3061 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3063 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3068 hci_dev_unlock(hdev);
3071 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3073 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3074 struct hci_conn *conn;
3076 BT_DBG("%s", hdev->name);
3080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3084 conn->remote_cap = ev->capability;
3085 conn->remote_auth = ev->authentication;
3087 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3090 hci_dev_unlock(hdev);
3093 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3094 struct sk_buff *skb)
3096 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3097 int loc_mitm, rem_mitm, confirm_hint = 0;
3098 struct hci_conn *conn;
3100 BT_DBG("%s", hdev->name);
3104 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3111 loc_mitm = (conn->auth_type & 0x01);
3112 rem_mitm = (conn->remote_auth & 0x01);
3114 /* If we require MITM but the remote device can't provide that
3115 * (it has NoInputNoOutput) then reject the confirmation
3116 * request. The only exception is when we're dedicated bonding
3117 * initiators (connect_cfm_cb set) since then we always have the MITM
3119 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3120 BT_DBG("Rejecting request: remote device can't provide MITM");
3121 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3122 sizeof(ev->bdaddr), &ev->bdaddr);
3126 /* If no side requires MITM protection; auto-accept */
3127 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3128 (!rem_mitm || conn->io_capability == 0x03)) {
3130 /* If we're not the initiators request authorization to
3131 * proceed from user space (mgmt_user_confirm with
3132 * confirm_hint set to 1). */
3133 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3134 BT_DBG("Confirming auto-accept as acceptor");
3139 BT_DBG("Auto-accept of user confirmation with %ums delay",
3140 hdev->auto_accept_delay);
3142 if (hdev->auto_accept_delay > 0) {
3143 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3144 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3148 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3149 sizeof(ev->bdaddr), &ev->bdaddr);
3154 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3158 hci_dev_unlock(hdev);
3161 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3162 struct sk_buff *skb)
3164 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3166 BT_DBG("%s", hdev->name);
3170 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3171 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3173 hci_dev_unlock(hdev);
3176 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3178 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3179 struct hci_conn *conn;
3181 BT_DBG("%s", hdev->name);
3185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3189 /* To avoid duplicate auth_failed events to user space we check
3190 * the HCI_CONN_AUTH_PEND flag which will be set if we
3191 * initiated the authentication. A traditional auth_complete
3192 * event gets always produced as initiator and is also mapped to
3193 * the mgmt_auth_failed event */
3194 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3195 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3201 hci_dev_unlock(hdev);
3204 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3206 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3207 struct inquiry_entry *ie;
3209 BT_DBG("%s", hdev->name);
3213 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3215 ie->data.ssp_mode = (ev->features[0] & 0x01);
3217 hci_dev_unlock(hdev);
3220 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3221 struct sk_buff *skb)
3223 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3224 struct oob_data *data;
3226 BT_DBG("%s", hdev->name);
3230 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3233 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3235 struct hci_cp_remote_oob_data_reply cp;
3237 bacpy(&cp.bdaddr, &ev->bdaddr);
3238 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3239 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3241 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3244 struct hci_cp_remote_oob_data_neg_reply cp;
3246 bacpy(&cp.bdaddr, &ev->bdaddr);
3247 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3252 hci_dev_unlock(hdev);
3255 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3257 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3258 struct hci_conn *conn;
3260 BT_DBG("%s status %d", hdev->name, ev->status);
3264 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3266 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3268 BT_ERR("No memory for new connection");
3269 hci_dev_unlock(hdev);
3273 conn->dst_type = ev->bdaddr_type;
3277 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3278 conn->dst_type, ev->status);
3279 hci_proto_connect_cfm(conn, ev->status);
3280 conn->state = BT_CLOSED;
3285 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3286 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3287 conn->dst_type, 0, NULL, 0, 0);
3289 conn->sec_level = BT_SECURITY_LOW;
3290 conn->handle = __le16_to_cpu(ev->handle);
3291 conn->state = BT_CONNECTED;
3293 hci_conn_hold_device(conn);
3294 hci_conn_add_sysfs(conn);
3296 hci_proto_connect_cfm(conn, ev->status);
3299 hci_dev_unlock(hdev);
3302 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3303 struct sk_buff *skb)
3305 u8 num_reports = skb->data[0];
3306 void *ptr = &skb->data[1];
3311 while (num_reports--) {
3312 struct hci_ev_le_advertising_info *ev = ptr;
3314 hci_add_adv_entry(hdev, ev);
3316 rssi = ev->data[ev->length];
3317 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3318 NULL, rssi, 0, 1, ev->data,
3321 ptr += sizeof(*ev) + ev->length + 1;
3324 hci_dev_unlock(hdev);
3327 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3328 struct sk_buff *skb)
3330 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3331 struct hci_cp_le_ltk_reply cp;
3332 struct hci_cp_le_ltk_neg_reply neg;
3333 struct hci_conn *conn;
3334 struct smp_ltk *ltk;
3336 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3340 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3344 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3348 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3349 cp.handle = cpu_to_le16(conn->handle);
3351 if (ltk->authenticated)
3352 conn->sec_level = BT_SECURITY_HIGH;
3354 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3356 if (ltk->type & HCI_SMP_STK) {
3357 list_del(<k->list);
3361 hci_dev_unlock(hdev);
3366 neg.handle = ev->handle;
3367 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3368 hci_dev_unlock(hdev);
3371 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3373 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3375 skb_pull(skb, sizeof(*le_ev));
3377 switch (le_ev->subevent) {
3378 case HCI_EV_LE_CONN_COMPLETE:
3379 hci_le_conn_complete_evt(hdev, skb);
3382 case HCI_EV_LE_ADVERTISING_REPORT:
3383 hci_le_adv_report_evt(hdev, skb);
3386 case HCI_EV_LE_LTK_REQ:
3387 hci_le_ltk_request_evt(hdev, skb);
3395 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3397 struct hci_event_hdr *hdr = (void *) skb->data;
3398 __u8 event = hdr->evt;
3400 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3403 case HCI_EV_INQUIRY_COMPLETE:
3404 hci_inquiry_complete_evt(hdev, skb);
3407 case HCI_EV_INQUIRY_RESULT:
3408 hci_inquiry_result_evt(hdev, skb);
3411 case HCI_EV_CONN_COMPLETE:
3412 hci_conn_complete_evt(hdev, skb);
3415 case HCI_EV_CONN_REQUEST:
3416 hci_conn_request_evt(hdev, skb);
3419 case HCI_EV_DISCONN_COMPLETE:
3420 hci_disconn_complete_evt(hdev, skb);
3423 case HCI_EV_AUTH_COMPLETE:
3424 hci_auth_complete_evt(hdev, skb);
3427 case HCI_EV_REMOTE_NAME:
3428 hci_remote_name_evt(hdev, skb);
3431 case HCI_EV_ENCRYPT_CHANGE:
3432 hci_encrypt_change_evt(hdev, skb);
3435 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3436 hci_change_link_key_complete_evt(hdev, skb);
3439 case HCI_EV_REMOTE_FEATURES:
3440 hci_remote_features_evt(hdev, skb);
3443 case HCI_EV_REMOTE_VERSION:
3444 hci_remote_version_evt(hdev, skb);
3447 case HCI_EV_QOS_SETUP_COMPLETE:
3448 hci_qos_setup_complete_evt(hdev, skb);
3451 case HCI_EV_CMD_COMPLETE:
3452 hci_cmd_complete_evt(hdev, skb);
3455 case HCI_EV_CMD_STATUS:
3456 hci_cmd_status_evt(hdev, skb);
3459 case HCI_EV_ROLE_CHANGE:
3460 hci_role_change_evt(hdev, skb);
3463 case HCI_EV_NUM_COMP_PKTS:
3464 hci_num_comp_pkts_evt(hdev, skb);
3467 case HCI_EV_MODE_CHANGE:
3468 hci_mode_change_evt(hdev, skb);
3471 case HCI_EV_PIN_CODE_REQ:
3472 hci_pin_code_request_evt(hdev, skb);
3475 case HCI_EV_LINK_KEY_REQ:
3476 hci_link_key_request_evt(hdev, skb);
3479 case HCI_EV_LINK_KEY_NOTIFY:
3480 hci_link_key_notify_evt(hdev, skb);
3483 case HCI_EV_CLOCK_OFFSET:
3484 hci_clock_offset_evt(hdev, skb);
3487 case HCI_EV_PKT_TYPE_CHANGE:
3488 hci_pkt_type_change_evt(hdev, skb);
3491 case HCI_EV_PSCAN_REP_MODE:
3492 hci_pscan_rep_mode_evt(hdev, skb);
3495 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3496 hci_inquiry_result_with_rssi_evt(hdev, skb);
3499 case HCI_EV_REMOTE_EXT_FEATURES:
3500 hci_remote_ext_features_evt(hdev, skb);
3503 case HCI_EV_SYNC_CONN_COMPLETE:
3504 hci_sync_conn_complete_evt(hdev, skb);
3507 case HCI_EV_SYNC_CONN_CHANGED:
3508 hci_sync_conn_changed_evt(hdev, skb);
3511 case HCI_EV_SNIFF_SUBRATE:
3512 hci_sniff_subrate_evt(hdev, skb);
3515 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3516 hci_extended_inquiry_result_evt(hdev, skb);
3519 case HCI_EV_IO_CAPA_REQUEST:
3520 hci_io_capa_request_evt(hdev, skb);
3523 case HCI_EV_IO_CAPA_REPLY:
3524 hci_io_capa_reply_evt(hdev, skb);
3527 case HCI_EV_USER_CONFIRM_REQUEST:
3528 hci_user_confirm_request_evt(hdev, skb);
3531 case HCI_EV_USER_PASSKEY_REQUEST:
3532 hci_user_passkey_request_evt(hdev, skb);
3535 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3536 hci_simple_pair_complete_evt(hdev, skb);
3539 case HCI_EV_REMOTE_HOST_FEATURES:
3540 hci_remote_host_features_evt(hdev, skb);
3543 case HCI_EV_LE_META:
3544 hci_le_meta_evt(hdev, skb);
3547 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3548 hci_remote_oob_data_request_evt(hdev, skb);
3551 case HCI_EV_NUM_COMP_BLOCKS:
3552 hci_num_comp_blocks_evt(hdev, skb);
3556 BT_DBG("%s event 0x%x", hdev->name, event);
3561 hdev->stat.evt_rx++;
projects / linux-flexiantxendom0-3.2.10.git / blob