2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
205 __u8 status = *((__u8 *) skb->data);
208 BT_DBG("%s status 0x%x", hdev->name, status);
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222 hci_dev_unlock(hdev);
225 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
260 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
262 __u8 status = *((__u8 *) skb->data);
265 BT_DBG("%s status 0x%x", hdev->name, status);
267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
272 __u8 param = *((__u8 *) sent);
275 set_bit(HCI_ENCRYPT, &hdev->flags);
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
283 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
289 BT_DBG("%s status 0x%x", hdev->name, status);
291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 param = *((__u8 *) sent);
300 mgmt_write_scan_failed(hdev, param, status);
301 hdev->discov_timeout = 0;
305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
311 mgmt_discoverable(hdev, 1);
312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 } else if (old_iscan)
318 mgmt_discoverable(hdev, 0);
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
323 mgmt_connectable(hdev, 1);
324 } else if (old_pscan)
325 mgmt_connectable(hdev, 0);
328 hci_dev_unlock(hdev);
329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%x", hdev->name, status);
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
364 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
366 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
369 BT_DBG("%s status 0x%x", hdev->name, rp->status);
374 setting = __le16_to_cpu(rp->voice_setting);
376 if (hdev->voice_setting == setting)
379 hdev->voice_setting = setting;
381 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
387 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
417 __u8 status = *((__u8 *) skb->data);
419 BT_DBG("%s status 0x%x", hdev->name, status);
421 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
424 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
426 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%x", hdev->name, rp->status);
434 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
436 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441 __u8 status = *((__u8 *) skb->data);
444 BT_DBG("%s status 0x%x", hdev->name, status);
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
461 if (hdev->features[6] & LMP_EXT_INQ)
464 if (hdev->features[3] & LMP_RSSI_INQ)
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
487 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
491 mode = hci_get_inquiry_mode(hdev);
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496 static void hci_setup_event_mask(struct hci_dev *hdev)
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
551 static void hci_set_le_support(struct hci_dev *hdev)
553 struct hci_cp_write_le_host_supported cp;
555 memset(&cp, 0, sizeof(cp));
559 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
562 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
565 static void hci_setup(struct hci_dev *hdev)
567 if (hdev->dev_type != HCI_BREDR)
570 hci_setup_event_mask(hdev);
572 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
573 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
577 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
580 if (hdev->features[3] & LMP_RSSI_INQ)
581 hci_setup_inquiry_mode(hdev);
583 if (hdev->features[7] & LMP_INQ_TX_PWR)
584 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
586 if (hdev->features[7] & LMP_EXTFEATURES) {
587 struct hci_cp_read_local_ext_features cp;
590 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
594 if (hdev->features[4] & LMP_LE)
595 hci_set_le_support(hdev);
598 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%x", hdev->name, rp->status);
607 hdev->hci_ver = rp->hci_ver;
608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
609 hdev->lmp_ver = rp->lmp_ver;
610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
613 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
615 hdev->hci_ver, hdev->hci_rev);
617 if (test_bit(HCI_INIT, &hdev->flags))
621 static void hci_setup_link_policy(struct hci_dev *hdev)
625 if (hdev->features[0] & LMP_RSWITCH)
626 link_policy |= HCI_LP_RSWITCH;
627 if (hdev->features[0] & LMP_HOLD)
628 link_policy |= HCI_LP_HOLD;
629 if (hdev->features[0] & LMP_SNIFF)
630 link_policy |= HCI_LP_SNIFF;
631 if (hdev->features[1] & LMP_PARK)
632 link_policy |= HCI_LP_PARK;
634 link_policy = cpu_to_le16(link_policy);
635 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
636 sizeof(link_policy), &link_policy);
639 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
641 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
648 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
650 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
651 hci_setup_link_policy(hdev);
654 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
657 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
659 struct hci_rp_read_local_features *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666 memcpy(hdev->features, rp->features, 8);
668 /* Adjust default settings according to features
669 * supported by device. */
671 if (hdev->features[0] & LMP_3SLOT)
672 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
674 if (hdev->features[0] & LMP_5SLOT)
675 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
677 if (hdev->features[1] & LMP_HV2) {
678 hdev->pkt_type |= (HCI_HV2);
679 hdev->esco_type |= (ESCO_HV2);
682 if (hdev->features[1] & LMP_HV3) {
683 hdev->pkt_type |= (HCI_HV3);
684 hdev->esco_type |= (ESCO_HV3);
687 if (hdev->features[3] & LMP_ESCO)
688 hdev->esco_type |= (ESCO_EV3);
690 if (hdev->features[4] & LMP_EV4)
691 hdev->esco_type |= (ESCO_EV4);
693 if (hdev->features[4] & LMP_EV5)
694 hdev->esco_type |= (ESCO_EV5);
696 if (hdev->features[5] & LMP_EDR_ESCO_2M)
697 hdev->esco_type |= (ESCO_2EV3);
699 if (hdev->features[5] & LMP_EDR_ESCO_3M)
700 hdev->esco_type |= (ESCO_3EV3);
702 if (hdev->features[5] & LMP_EDR_3S_ESCO)
703 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
705 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
706 hdev->features[0], hdev->features[1],
707 hdev->features[2], hdev->features[3],
708 hdev->features[4], hdev->features[5],
709 hdev->features[6], hdev->features[7]);
712 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
715 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
717 BT_DBG("%s status 0x%x", hdev->name, rp->status);
724 memcpy(hdev->features, rp->features, 8);
727 memcpy(hdev->host_features, rp->features, 8);
731 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
734 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
737 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
744 hdev->flow_ctl_mode = rp->mode;
746 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
749 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
758 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
759 hdev->sco_mtu = rp->sco_mtu;
760 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
761 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
763 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
768 hdev->acl_cnt = hdev->acl_pkts;
769 hdev->sco_cnt = hdev->sco_pkts;
771 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
772 hdev->acl_mtu, hdev->acl_pkts,
773 hdev->sco_mtu, hdev->sco_pkts);
776 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
778 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
780 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783 bacpy(&hdev->bdaddr, &rp->bdaddr);
785 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
788 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
791 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
798 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
799 hdev->block_len = __le16_to_cpu(rp->block_len);
800 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
802 hdev->block_cnt = hdev->num_blocks;
804 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
805 hdev->block_cnt, hdev->block_len);
807 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
810 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
812 __u8 status = *((__u8 *) skb->data);
814 BT_DBG("%s status 0x%x", hdev->name, status);
816 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
819 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
822 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
829 hdev->amp_status = rp->amp_status;
830 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
831 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
832 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
833 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
834 hdev->amp_type = rp->amp_type;
835 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
836 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
837 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
838 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
840 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
843 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
846 __u8 status = *((__u8 *) skb->data);
848 BT_DBG("%s status 0x%x", hdev->name, status);
850 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
853 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
855 __u8 status = *((__u8 *) skb->data);
857 BT_DBG("%s status 0x%x", hdev->name, status);
859 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
862 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
865 __u8 status = *((__u8 *) skb->data);
867 BT_DBG("%s status 0x%x", hdev->name, status);
869 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
872 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
875 __u8 status = *((__u8 *) skb->data);
877 BT_DBG("%s status 0x%x", hdev->name, status);
879 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
882 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
884 __u8 status = *((__u8 *) skb->data);
886 BT_DBG("%s status 0x%x", hdev->name, status);
888 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
891 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
893 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
894 struct hci_cp_pin_code_reply *cp;
895 struct hci_conn *conn;
897 BT_DBG("%s status 0x%x", hdev->name, rp->status);
901 if (test_bit(HCI_MGMT, &hdev->dev_flags))
902 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
907 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
913 conn->pin_length = cp->pin_len;
916 hci_dev_unlock(hdev);
919 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
921 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
927 if (test_bit(HCI_MGMT, &hdev->dev_flags))
928 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
931 hci_dev_unlock(hdev);
934 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
937 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
945 hdev->le_pkts = rp->le_max_pkt;
947 hdev->le_cnt = hdev->le_pkts;
949 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
951 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
954 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
956 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
963 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
966 hci_dev_unlock(hdev);
969 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
979 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
994 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
997 hci_dev_unlock(hdev);
1000 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1013 hci_dev_unlock(hdev);
1016 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1025 rp->randomizer, rp->status);
1026 hci_dev_unlock(hdev);
1029 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1031 __u8 status = *((__u8 *) skb->data);
1033 BT_DBG("%s status 0x%x", hdev->name, status);
1035 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1039 mgmt_start_discovery_failed(hdev, status);
1040 hci_dev_unlock(hdev);
1045 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1046 struct sk_buff *skb)
1048 struct hci_cp_le_set_scan_enable *cp;
1049 __u8 status = *((__u8 *) skb->data);
1051 BT_DBG("%s status 0x%x", hdev->name, status);
1053 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1057 switch (cp->enable) {
1058 case LE_SCANNING_ENABLED:
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1068 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1070 cancel_delayed_work_sync(&hdev->adv_work);
1073 hci_adv_entries_clear(hdev);
1074 hci_discovery_set_state(hdev, DISCOVERY_LE_SCAN);
1075 hci_dev_unlock(hdev);
1078 case LE_SCANNING_DISABLED:
1082 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1085 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1086 hci_dev_unlock(hdev);
1088 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1092 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1097 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1099 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1101 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1106 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1109 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1111 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1113 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1118 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1121 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1122 struct sk_buff *skb)
1124 struct hci_cp_read_local_ext_features cp;
1125 __u8 status = *((__u8 *) skb->data);
1127 BT_DBG("%s status 0x%x", hdev->name, status);
1133 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1136 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1138 BT_DBG("%s status 0x%x", hdev->name, status);
1141 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1142 hci_conn_check_pending(hdev);
1144 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1145 mgmt_start_discovery_failed(hdev, status);
1146 hci_dev_unlock(hdev);
1150 set_bit(HCI_INQUIRY, &hdev->flags);
1153 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
1154 hci_dev_unlock(hdev);
1157 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1159 struct hci_cp_create_conn *cp;
1160 struct hci_conn *conn;
1162 BT_DBG("%s status 0x%x", hdev->name, status);
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1170 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1172 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1175 if (conn && conn->state == BT_CONNECT) {
1176 if (status != 0x0c || conn->attempt > 2) {
1177 conn->state = BT_CLOSED;
1178 hci_proto_connect_cfm(conn, status);
1181 conn->state = BT_CONNECT2;
1185 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1188 conn->link_mode |= HCI_LM_MASTER;
1190 BT_ERR("No memory for new connection");
1194 hci_dev_unlock(hdev);
1197 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1199 struct hci_cp_add_sco *cp;
1200 struct hci_conn *acl, *sco;
1203 BT_DBG("%s status 0x%x", hdev->name, status);
1208 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1212 handle = __le16_to_cpu(cp->handle);
1214 BT_DBG("%s handle %d", hdev->name, handle);
1218 acl = hci_conn_hash_lookup_handle(hdev, handle);
1222 sco->state = BT_CLOSED;
1224 hci_proto_connect_cfm(sco, status);
1229 hci_dev_unlock(hdev);
1232 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1234 struct hci_cp_auth_requested *cp;
1235 struct hci_conn *conn;
1237 BT_DBG("%s status 0x%x", hdev->name, status);
1242 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1248 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1250 if (conn->state == BT_CONFIG) {
1251 hci_proto_connect_cfm(conn, status);
1256 hci_dev_unlock(hdev);
1259 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1261 struct hci_cp_set_conn_encrypt *cp;
1262 struct hci_conn *conn;
1264 BT_DBG("%s status 0x%x", hdev->name, status);
1269 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1275 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1277 if (conn->state == BT_CONFIG) {
1278 hci_proto_connect_cfm(conn, status);
1283 hci_dev_unlock(hdev);
1286 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1287 struct hci_conn *conn)
1289 if (conn->state != BT_CONFIG || !conn->out)
1292 if (conn->pending_sec_level == BT_SECURITY_SDP)
1295 /* Only request authentication for SSP connections or non-SSP
1296 * devices with sec_level HIGH or if MITM protection is requested */
1297 if (!hci_conn_ssp_enabled(conn) &&
1298 conn->pending_sec_level != BT_SECURITY_HIGH &&
1299 !(conn->auth_type & 0x01))
1305 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1307 struct hci_cp_remote_name_req cp;
1309 memset(&cp, 0, sizeof(cp));
1311 bacpy(&cp.bdaddr, &e->data.bdaddr);
1312 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1313 cp.pscan_mode = e->data.pscan_mode;
1314 cp.clock_offset = e->data.clock_offset;
1316 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1319 static bool hci_resolve_next_name(struct hci_dev *hdev)
1321 struct discovery_state *discov = &hdev->discovery;
1322 struct inquiry_entry *e;
1324 if (list_empty(&discov->resolve))
1327 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1328 if (hci_resolve_name(hdev, e) == 0) {
1329 e->name_state = NAME_PENDING;
1336 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1337 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1339 struct discovery_state *discov = &hdev->discovery;
1340 struct inquiry_entry *e;
1342 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1343 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1344 name, name_len, conn->dev_class);
1346 if (discov->state == DISCOVERY_STOPPED)
1349 if (discov->state == DISCOVERY_STOPPING)
1350 goto discov_complete;
1352 if (discov->state != DISCOVERY_RESOLVING)
1355 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1357 e->name_state = NAME_KNOWN;
1360 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1361 e->data.rssi, name, name_len);
1364 if (hci_resolve_next_name(hdev))
1368 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1371 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1373 struct hci_cp_remote_name_req *cp;
1374 struct hci_conn *conn;
1376 BT_DBG("%s status 0x%x", hdev->name, status);
1378 /* If successful wait for the name req complete event before
1379 * checking for the need to do authentication */
1383 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1391 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1392 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1397 if (!hci_outgoing_auth_needed(hdev, conn))
1400 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1401 struct hci_cp_auth_requested cp;
1402 cp.handle = __cpu_to_le16(conn->handle);
1403 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1407 hci_dev_unlock(hdev);
1410 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1412 struct hci_cp_read_remote_features *cp;
1413 struct hci_conn *conn;
1415 BT_DBG("%s status 0x%x", hdev->name, status);
1420 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1426 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1428 if (conn->state == BT_CONFIG) {
1429 hci_proto_connect_cfm(conn, status);
1434 hci_dev_unlock(hdev);
1437 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1439 struct hci_cp_read_remote_ext_features *cp;
1440 struct hci_conn *conn;
1442 BT_DBG("%s status 0x%x", hdev->name, status);
1447 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1455 if (conn->state == BT_CONFIG) {
1456 hci_proto_connect_cfm(conn, status);
1461 hci_dev_unlock(hdev);
1464 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1466 struct hci_cp_setup_sync_conn *cp;
1467 struct hci_conn *acl, *sco;
1470 BT_DBG("%s status 0x%x", hdev->name, status);
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1479 handle = __le16_to_cpu(cp->handle);
1481 BT_DBG("%s handle %d", hdev->name, handle);
1485 acl = hci_conn_hash_lookup_handle(hdev, handle);
1489 sco->state = BT_CLOSED;
1491 hci_proto_connect_cfm(sco, status);
1496 hci_dev_unlock(hdev);
1499 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1501 struct hci_cp_sniff_mode *cp;
1502 struct hci_conn *conn;
1504 BT_DBG("%s status 0x%x", hdev->name, status);
1509 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1517 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1519 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1520 hci_sco_setup(conn, status);
1523 hci_dev_unlock(hdev);
1526 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1528 struct hci_cp_exit_sniff_mode *cp;
1529 struct hci_conn *conn;
1531 BT_DBG("%s status 0x%x", hdev->name, status);
1536 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1542 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1544 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1546 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1547 hci_sco_setup(conn, status);
1550 hci_dev_unlock(hdev);
1553 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1555 struct hci_cp_le_create_conn *cp;
1556 struct hci_conn *conn;
1558 BT_DBG("%s status 0x%x", hdev->name, status);
1560 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1566 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1568 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1572 if (conn && conn->state == BT_CONNECT) {
1573 conn->state = BT_CLOSED;
1574 hci_proto_connect_cfm(conn, status);
1579 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1581 conn->dst_type = cp->peer_addr_type;
1584 BT_ERR("No memory for new connection");
1589 hci_dev_unlock(hdev);
1592 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1594 BT_DBG("%s status 0x%x", hdev->name, status);
1597 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1599 __u8 status = *((__u8 *) skb->data);
1600 struct discovery_state *discov = &hdev->discovery;
1601 struct inquiry_entry *e;
1603 BT_DBG("%s status %d", hdev->name, status);
1605 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1607 hci_conn_check_pending(hdev);
1609 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1612 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1617 if (discov->state != DISCOVERY_INQUIRY)
1620 if (list_empty(&discov->resolve)) {
1621 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1625 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1626 if (e && hci_resolve_name(hdev, e) == 0) {
1627 e->name_state = NAME_PENDING;
1628 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1630 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1634 hci_dev_unlock(hdev);
1637 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1639 struct inquiry_data data;
1640 struct inquiry_info *info = (void *) (skb->data + 1);
1641 int num_rsp = *((__u8 *) skb->data);
1643 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1650 for (; num_rsp; num_rsp--, info++) {
1653 bacpy(&data.bdaddr, &info->bdaddr);
1654 data.pscan_rep_mode = info->pscan_rep_mode;
1655 data.pscan_period_mode = info->pscan_period_mode;
1656 data.pscan_mode = info->pscan_mode;
1657 memcpy(data.dev_class, info->dev_class, 3);
1658 data.clock_offset = info->clock_offset;
1660 data.ssp_mode = 0x00;
1662 name_known = hci_inquiry_cache_update(hdev, &data, false);
1663 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1664 info->dev_class, 0, !name_known,
1668 hci_dev_unlock(hdev);
1671 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1673 struct hci_ev_conn_complete *ev = (void *) skb->data;
1674 struct hci_conn *conn;
1676 BT_DBG("%s", hdev->name);
1680 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1682 if (ev->link_type != SCO_LINK)
1685 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1689 conn->type = SCO_LINK;
1693 conn->handle = __le16_to_cpu(ev->handle);
1695 if (conn->type == ACL_LINK) {
1696 conn->state = BT_CONFIG;
1697 hci_conn_hold(conn);
1698 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1700 conn->state = BT_CONNECTED;
1702 hci_conn_hold_device(conn);
1703 hci_conn_add_sysfs(conn);
1705 if (test_bit(HCI_AUTH, &hdev->flags))
1706 conn->link_mode |= HCI_LM_AUTH;
1708 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1709 conn->link_mode |= HCI_LM_ENCRYPT;
1711 /* Get remote features */
1712 if (conn->type == ACL_LINK) {
1713 struct hci_cp_read_remote_features cp;
1714 cp.handle = ev->handle;
1715 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1719 /* Set packet type for incoming connection */
1720 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1721 struct hci_cp_change_conn_ptype cp;
1722 cp.handle = ev->handle;
1723 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1724 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1728 conn->state = BT_CLOSED;
1729 if (conn->type == ACL_LINK)
1730 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1731 conn->dst_type, ev->status);
1734 if (conn->type == ACL_LINK)
1735 hci_sco_setup(conn, ev->status);
1738 hci_proto_connect_cfm(conn, ev->status);
1740 } else if (ev->link_type != ACL_LINK)
1741 hci_proto_connect_cfm(conn, ev->status);
1744 hci_dev_unlock(hdev);
1746 hci_conn_check_pending(hdev);
1749 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1751 struct hci_ev_conn_request *ev = (void *) skb->data;
1752 int mask = hdev->link_mode;
1754 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1755 batostr(&ev->bdaddr), ev->link_type);
1757 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1759 if ((mask & HCI_LM_ACCEPT) &&
1760 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1761 /* Connection accepted */
1762 struct inquiry_entry *ie;
1763 struct hci_conn *conn;
1767 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1769 memcpy(ie->data.dev_class, ev->dev_class, 3);
1771 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1773 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1775 BT_ERR("No memory for new connection");
1776 hci_dev_unlock(hdev);
1781 memcpy(conn->dev_class, ev->dev_class, 3);
1782 conn->state = BT_CONNECT;
1784 hci_dev_unlock(hdev);
1786 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1787 struct hci_cp_accept_conn_req cp;
1789 bacpy(&cp.bdaddr, &ev->bdaddr);
1791 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1792 cp.role = 0x00; /* Become master */
1794 cp.role = 0x01; /* Remain slave */
1796 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1799 struct hci_cp_accept_sync_conn_req cp;
1801 bacpy(&cp.bdaddr, &ev->bdaddr);
1802 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1804 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1805 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1806 cp.max_latency = cpu_to_le16(0xffff);
1807 cp.content_format = cpu_to_le16(hdev->voice_setting);
1808 cp.retrans_effort = 0xff;
1810 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1814 /* Connection rejected */
1815 struct hci_cp_reject_conn_req cp;
1817 bacpy(&cp.bdaddr, &ev->bdaddr);
1818 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1819 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1823 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1825 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1826 struct hci_conn *conn;
1828 BT_DBG("%s status %d", hdev->name, ev->status);
1832 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1836 if (ev->status == 0)
1837 conn->state = BT_CLOSED;
1839 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1840 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1841 if (ev->status != 0)
1842 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1844 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1848 if (ev->status == 0) {
1849 hci_proto_disconn_cfm(conn, ev->reason);
1854 hci_dev_unlock(hdev);
1857 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1859 struct hci_ev_auth_complete *ev = (void *) skb->data;
1860 struct hci_conn *conn;
1862 BT_DBG("%s status %d", hdev->name, ev->status);
1866 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1871 if (!hci_conn_ssp_enabled(conn) &&
1872 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1873 BT_INFO("re-auth of legacy device is not possible.");
1875 conn->link_mode |= HCI_LM_AUTH;
1876 conn->sec_level = conn->pending_sec_level;
1879 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1882 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1883 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1885 if (conn->state == BT_CONFIG) {
1886 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1887 struct hci_cp_set_conn_encrypt cp;
1888 cp.handle = ev->handle;
1890 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1893 conn->state = BT_CONNECTED;
1894 hci_proto_connect_cfm(conn, ev->status);
1898 hci_auth_cfm(conn, ev->status);
1900 hci_conn_hold(conn);
1901 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1905 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1907 struct hci_cp_set_conn_encrypt cp;
1908 cp.handle = ev->handle;
1910 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1913 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1914 hci_encrypt_cfm(conn, ev->status, 0x00);
1919 hci_dev_unlock(hdev);
1922 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1924 struct hci_ev_remote_name *ev = (void *) skb->data;
1925 struct hci_conn *conn;
1927 BT_DBG("%s", hdev->name);
1929 hci_conn_check_pending(hdev);
1933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1935 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1938 if (ev->status == 0)
1939 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1940 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1942 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1948 if (!hci_outgoing_auth_needed(hdev, conn))
1951 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1952 struct hci_cp_auth_requested cp;
1953 cp.handle = __cpu_to_le16(conn->handle);
1954 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1958 hci_dev_unlock(hdev);
1961 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1963 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1964 struct hci_conn *conn;
1966 BT_DBG("%s status %d", hdev->name, ev->status);
1970 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1974 /* Encryption implies authentication */
1975 conn->link_mode |= HCI_LM_AUTH;
1976 conn->link_mode |= HCI_LM_ENCRYPT;
1977 conn->sec_level = conn->pending_sec_level;
1979 conn->link_mode &= ~HCI_LM_ENCRYPT;
1982 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1984 if (conn->state == BT_CONFIG) {
1986 conn->state = BT_CONNECTED;
1988 hci_proto_connect_cfm(conn, ev->status);
1991 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1994 hci_dev_unlock(hdev);
1997 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1999 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2000 struct hci_conn *conn;
2002 BT_DBG("%s status %d", hdev->name, ev->status);
2006 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2009 conn->link_mode |= HCI_LM_SECURE;
2011 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2013 hci_key_change_cfm(conn, ev->status);
2016 hci_dev_unlock(hdev);
2019 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2021 struct hci_ev_remote_features *ev = (void *) skb->data;
2022 struct hci_conn *conn;
2024 BT_DBG("%s status %d", hdev->name, ev->status);
2028 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2033 memcpy(conn->features, ev->features, 8);
2035 if (conn->state != BT_CONFIG)
2038 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2039 struct hci_cp_read_remote_ext_features cp;
2040 cp.handle = ev->handle;
2042 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2048 struct hci_cp_remote_name_req cp;
2049 memset(&cp, 0, sizeof(cp));
2050 bacpy(&cp.bdaddr, &conn->dst);
2051 cp.pscan_rep_mode = 0x02;
2052 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2053 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2054 mgmt_device_connected(hdev, &conn->dst, conn->type,
2055 conn->dst_type, NULL, 0,
2058 if (!hci_outgoing_auth_needed(hdev, conn)) {
2059 conn->state = BT_CONNECTED;
2060 hci_proto_connect_cfm(conn, ev->status);
2065 hci_dev_unlock(hdev);
2068 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2070 BT_DBG("%s", hdev->name);
2073 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2075 BT_DBG("%s", hdev->name);
2078 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2080 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2083 skb_pull(skb, sizeof(*ev));
2085 opcode = __le16_to_cpu(ev->opcode);
2088 case HCI_OP_INQUIRY_CANCEL:
2089 hci_cc_inquiry_cancel(hdev, skb);
2092 case HCI_OP_EXIT_PERIODIC_INQ:
2093 hci_cc_exit_periodic_inq(hdev, skb);
2096 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2097 hci_cc_remote_name_req_cancel(hdev, skb);
2100 case HCI_OP_ROLE_DISCOVERY:
2101 hci_cc_role_discovery(hdev, skb);
2104 case HCI_OP_READ_LINK_POLICY:
2105 hci_cc_read_link_policy(hdev, skb);
2108 case HCI_OP_WRITE_LINK_POLICY:
2109 hci_cc_write_link_policy(hdev, skb);
2112 case HCI_OP_READ_DEF_LINK_POLICY:
2113 hci_cc_read_def_link_policy(hdev, skb);
2116 case HCI_OP_WRITE_DEF_LINK_POLICY:
2117 hci_cc_write_def_link_policy(hdev, skb);
2121 hci_cc_reset(hdev, skb);
2124 case HCI_OP_WRITE_LOCAL_NAME:
2125 hci_cc_write_local_name(hdev, skb);
2128 case HCI_OP_READ_LOCAL_NAME:
2129 hci_cc_read_local_name(hdev, skb);
2132 case HCI_OP_WRITE_AUTH_ENABLE:
2133 hci_cc_write_auth_enable(hdev, skb);
2136 case HCI_OP_WRITE_ENCRYPT_MODE:
2137 hci_cc_write_encrypt_mode(hdev, skb);
2140 case HCI_OP_WRITE_SCAN_ENABLE:
2141 hci_cc_write_scan_enable(hdev, skb);
2144 case HCI_OP_READ_CLASS_OF_DEV:
2145 hci_cc_read_class_of_dev(hdev, skb);
2148 case HCI_OP_WRITE_CLASS_OF_DEV:
2149 hci_cc_write_class_of_dev(hdev, skb);
2152 case HCI_OP_READ_VOICE_SETTING:
2153 hci_cc_read_voice_setting(hdev, skb);
2156 case HCI_OP_WRITE_VOICE_SETTING:
2157 hci_cc_write_voice_setting(hdev, skb);
2160 case HCI_OP_HOST_BUFFER_SIZE:
2161 hci_cc_host_buffer_size(hdev, skb);
2164 case HCI_OP_READ_SSP_MODE:
2165 hci_cc_read_ssp_mode(hdev, skb);
2168 case HCI_OP_WRITE_SSP_MODE:
2169 hci_cc_write_ssp_mode(hdev, skb);
2172 case HCI_OP_READ_LOCAL_VERSION:
2173 hci_cc_read_local_version(hdev, skb);
2176 case HCI_OP_READ_LOCAL_COMMANDS:
2177 hci_cc_read_local_commands(hdev, skb);
2180 case HCI_OP_READ_LOCAL_FEATURES:
2181 hci_cc_read_local_features(hdev, skb);
2184 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2185 hci_cc_read_local_ext_features(hdev, skb);
2188 case HCI_OP_READ_BUFFER_SIZE:
2189 hci_cc_read_buffer_size(hdev, skb);
2192 case HCI_OP_READ_BD_ADDR:
2193 hci_cc_read_bd_addr(hdev, skb);
2196 case HCI_OP_READ_DATA_BLOCK_SIZE:
2197 hci_cc_read_data_block_size(hdev, skb);
2200 case HCI_OP_WRITE_CA_TIMEOUT:
2201 hci_cc_write_ca_timeout(hdev, skb);
2204 case HCI_OP_READ_FLOW_CONTROL_MODE:
2205 hci_cc_read_flow_control_mode(hdev, skb);
2208 case HCI_OP_READ_LOCAL_AMP_INFO:
2209 hci_cc_read_local_amp_info(hdev, skb);
2212 case HCI_OP_DELETE_STORED_LINK_KEY:
2213 hci_cc_delete_stored_link_key(hdev, skb);
2216 case HCI_OP_SET_EVENT_MASK:
2217 hci_cc_set_event_mask(hdev, skb);
2220 case HCI_OP_WRITE_INQUIRY_MODE:
2221 hci_cc_write_inquiry_mode(hdev, skb);
2224 case HCI_OP_READ_INQ_RSP_TX_POWER:
2225 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2228 case HCI_OP_SET_EVENT_FLT:
2229 hci_cc_set_event_flt(hdev, skb);
2232 case HCI_OP_PIN_CODE_REPLY:
2233 hci_cc_pin_code_reply(hdev, skb);
2236 case HCI_OP_PIN_CODE_NEG_REPLY:
2237 hci_cc_pin_code_neg_reply(hdev, skb);
2240 case HCI_OP_READ_LOCAL_OOB_DATA:
2241 hci_cc_read_local_oob_data_reply(hdev, skb);
2244 case HCI_OP_LE_READ_BUFFER_SIZE:
2245 hci_cc_le_read_buffer_size(hdev, skb);
2248 case HCI_OP_USER_CONFIRM_REPLY:
2249 hci_cc_user_confirm_reply(hdev, skb);
2252 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2253 hci_cc_user_confirm_neg_reply(hdev, skb);
2256 case HCI_OP_USER_PASSKEY_REPLY:
2257 hci_cc_user_passkey_reply(hdev, skb);
2260 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2261 hci_cc_user_passkey_neg_reply(hdev, skb);
2263 case HCI_OP_LE_SET_SCAN_PARAM:
2264 hci_cc_le_set_scan_param(hdev, skb);
2267 case HCI_OP_LE_SET_SCAN_ENABLE:
2268 hci_cc_le_set_scan_enable(hdev, skb);
2271 case HCI_OP_LE_LTK_REPLY:
2272 hci_cc_le_ltk_reply(hdev, skb);
2275 case HCI_OP_LE_LTK_NEG_REPLY:
2276 hci_cc_le_ltk_neg_reply(hdev, skb);
2279 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2280 hci_cc_write_le_host_supported(hdev, skb);
2284 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2288 if (ev->opcode != HCI_OP_NOP)
2289 del_timer(&hdev->cmd_timer);
2292 atomic_set(&hdev->cmd_cnt, 1);
2293 if (!skb_queue_empty(&hdev->cmd_q))
2294 queue_work(hdev->workqueue, &hdev->cmd_work);
2298 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2300 struct hci_ev_cmd_status *ev = (void *) skb->data;
2303 skb_pull(skb, sizeof(*ev));
2305 opcode = __le16_to_cpu(ev->opcode);
2308 case HCI_OP_INQUIRY:
2309 hci_cs_inquiry(hdev, ev->status);
2312 case HCI_OP_CREATE_CONN:
2313 hci_cs_create_conn(hdev, ev->status);
2316 case HCI_OP_ADD_SCO:
2317 hci_cs_add_sco(hdev, ev->status);
2320 case HCI_OP_AUTH_REQUESTED:
2321 hci_cs_auth_requested(hdev, ev->status);
2324 case HCI_OP_SET_CONN_ENCRYPT:
2325 hci_cs_set_conn_encrypt(hdev, ev->status);
2328 case HCI_OP_REMOTE_NAME_REQ:
2329 hci_cs_remote_name_req(hdev, ev->status);
2332 case HCI_OP_READ_REMOTE_FEATURES:
2333 hci_cs_read_remote_features(hdev, ev->status);
2336 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2337 hci_cs_read_remote_ext_features(hdev, ev->status);
2340 case HCI_OP_SETUP_SYNC_CONN:
2341 hci_cs_setup_sync_conn(hdev, ev->status);
2344 case HCI_OP_SNIFF_MODE:
2345 hci_cs_sniff_mode(hdev, ev->status);
2348 case HCI_OP_EXIT_SNIFF_MODE:
2349 hci_cs_exit_sniff_mode(hdev, ev->status);
2352 case HCI_OP_DISCONNECT:
2353 if (ev->status != 0)
2354 mgmt_disconnect_failed(hdev, NULL, ev->status);
2357 case HCI_OP_LE_CREATE_CONN:
2358 hci_cs_le_create_conn(hdev, ev->status);
2361 case HCI_OP_LE_START_ENC:
2362 hci_cs_le_start_enc(hdev, ev->status);
2366 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2370 if (ev->opcode != HCI_OP_NOP)
2371 del_timer(&hdev->cmd_timer);
2373 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2374 atomic_set(&hdev->cmd_cnt, 1);
2375 if (!skb_queue_empty(&hdev->cmd_q))
2376 queue_work(hdev->workqueue, &hdev->cmd_work);
2380 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2382 struct hci_ev_role_change *ev = (void *) skb->data;
2383 struct hci_conn *conn;
2385 BT_DBG("%s status %d", hdev->name, ev->status);
2389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2393 conn->link_mode &= ~HCI_LM_MASTER;
2395 conn->link_mode |= HCI_LM_MASTER;
2398 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2400 hci_role_switch_cfm(conn, ev->status, ev->role);
2403 hci_dev_unlock(hdev);
2406 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2408 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2411 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2412 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2416 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2417 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2418 BT_DBG("%s bad parameters", hdev->name);
2422 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2424 for (i = 0; i < ev->num_hndl; i++) {
2425 struct hci_comp_pkts_info *info = &ev->handles[i];
2426 struct hci_conn *conn;
2427 __u16 handle, count;
2429 handle = __le16_to_cpu(info->handle);
2430 count = __le16_to_cpu(info->count);
2432 conn = hci_conn_hash_lookup_handle(hdev, handle);
2436 conn->sent -= count;
2438 switch (conn->type) {
2440 hdev->acl_cnt += count;
2441 if (hdev->acl_cnt > hdev->acl_pkts)
2442 hdev->acl_cnt = hdev->acl_pkts;
2446 if (hdev->le_pkts) {
2447 hdev->le_cnt += count;
2448 if (hdev->le_cnt > hdev->le_pkts)
2449 hdev->le_cnt = hdev->le_pkts;
2451 hdev->acl_cnt += count;
2452 if (hdev->acl_cnt > hdev->acl_pkts)
2453 hdev->acl_cnt = hdev->acl_pkts;
2458 hdev->sco_cnt += count;
2459 if (hdev->sco_cnt > hdev->sco_pkts)
2460 hdev->sco_cnt = hdev->sco_pkts;
2464 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2469 queue_work(hdev->workqueue, &hdev->tx_work);
2472 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2473 struct sk_buff *skb)
2475 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2478 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2479 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2483 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2484 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2485 BT_DBG("%s bad parameters", hdev->name);
2489 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2492 for (i = 0; i < ev->num_hndl; i++) {
2493 struct hci_comp_blocks_info *info = &ev->handles[i];
2494 struct hci_conn *conn;
2495 __u16 handle, block_count;
2497 handle = __le16_to_cpu(info->handle);
2498 block_count = __le16_to_cpu(info->blocks);
2500 conn = hci_conn_hash_lookup_handle(hdev, handle);
2504 conn->sent -= block_count;
2506 switch (conn->type) {
2508 hdev->block_cnt += block_count;
2509 if (hdev->block_cnt > hdev->num_blocks)
2510 hdev->block_cnt = hdev->num_blocks;
2514 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2519 queue_work(hdev->workqueue, &hdev->tx_work);
2522 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2524 struct hci_ev_mode_change *ev = (void *) skb->data;
2525 struct hci_conn *conn;
2527 BT_DBG("%s status %d", hdev->name, ev->status);
2531 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2533 conn->mode = ev->mode;
2534 conn->interval = __le16_to_cpu(ev->interval);
2536 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2537 if (conn->mode == HCI_CM_ACTIVE)
2538 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2540 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2543 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2544 hci_sco_setup(conn, ev->status);
2547 hci_dev_unlock(hdev);
2550 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2552 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2553 struct hci_conn *conn;
2555 BT_DBG("%s", hdev->name);
2559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2563 if (conn->state == BT_CONNECTED) {
2564 hci_conn_hold(conn);
2565 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2569 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2570 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2571 sizeof(ev->bdaddr), &ev->bdaddr);
2572 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2575 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2580 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2584 hci_dev_unlock(hdev);
2587 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2589 struct hci_ev_link_key_req *ev = (void *) skb->data;
2590 struct hci_cp_link_key_reply cp;
2591 struct hci_conn *conn;
2592 struct link_key *key;
2594 BT_DBG("%s", hdev->name);
2596 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2601 key = hci_find_link_key(hdev, &ev->bdaddr);
2603 BT_DBG("%s link key not found for %s", hdev->name,
2604 batostr(&ev->bdaddr));
2608 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2609 batostr(&ev->bdaddr));
2611 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2612 key->type == HCI_LK_DEBUG_COMBINATION) {
2613 BT_DBG("%s ignoring debug key", hdev->name);
2617 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2619 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2620 conn->auth_type != 0xff &&
2621 (conn->auth_type & 0x01)) {
2622 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2626 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2627 conn->pending_sec_level == BT_SECURITY_HIGH) {
2628 BT_DBG("%s ignoring key unauthenticated for high \
2629 security", hdev->name);
2633 conn->key_type = key->type;
2634 conn->pin_length = key->pin_len;
2637 bacpy(&cp.bdaddr, &ev->bdaddr);
2638 memcpy(cp.link_key, key->val, 16);
2640 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2642 hci_dev_unlock(hdev);
2647 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2648 hci_dev_unlock(hdev);
2651 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2653 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2654 struct hci_conn *conn;
2657 BT_DBG("%s", hdev->name);
2661 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2663 hci_conn_hold(conn);
2664 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2665 pin_len = conn->pin_length;
2667 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2668 conn->key_type = ev->key_type;
2673 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2674 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2675 ev->key_type, pin_len);
2677 hci_dev_unlock(hdev);
2680 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2682 struct hci_ev_clock_offset *ev = (void *) skb->data;
2683 struct hci_conn *conn;
2685 BT_DBG("%s status %d", hdev->name, ev->status);
2689 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2690 if (conn && !ev->status) {
2691 struct inquiry_entry *ie;
2693 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2695 ie->data.clock_offset = ev->clock_offset;
2696 ie->timestamp = jiffies;
2700 hci_dev_unlock(hdev);
2703 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2705 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2706 struct hci_conn *conn;
2708 BT_DBG("%s status %d", hdev->name, ev->status);
2712 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2713 if (conn && !ev->status)
2714 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2716 hci_dev_unlock(hdev);
2719 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2722 struct inquiry_entry *ie;
2724 BT_DBG("%s", hdev->name);
2728 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2730 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2731 ie->timestamp = jiffies;
2734 hci_dev_unlock(hdev);
2737 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2739 struct inquiry_data data;
2740 int num_rsp = *((__u8 *) skb->data);
2743 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2750 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2751 struct inquiry_info_with_rssi_and_pscan_mode *info;
2752 info = (void *) (skb->data + 1);
2754 for (; num_rsp; num_rsp--, info++) {
2755 bacpy(&data.bdaddr, &info->bdaddr);
2756 data.pscan_rep_mode = info->pscan_rep_mode;
2757 data.pscan_period_mode = info->pscan_period_mode;
2758 data.pscan_mode = info->pscan_mode;
2759 memcpy(data.dev_class, info->dev_class, 3);
2760 data.clock_offset = info->clock_offset;
2761 data.rssi = info->rssi;
2762 data.ssp_mode = 0x00;
2764 name_known = hci_inquiry_cache_update(hdev, &data,
2766 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2767 info->dev_class, info->rssi,
2768 !name_known, NULL, 0);
2771 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2773 for (; num_rsp; num_rsp--, info++) {
2774 bacpy(&data.bdaddr, &info->bdaddr);
2775 data.pscan_rep_mode = info->pscan_rep_mode;
2776 data.pscan_period_mode = info->pscan_period_mode;
2777 data.pscan_mode = 0x00;
2778 memcpy(data.dev_class, info->dev_class, 3);
2779 data.clock_offset = info->clock_offset;
2780 data.rssi = info->rssi;
2781 data.ssp_mode = 0x00;
2782 name_known = hci_inquiry_cache_update(hdev, &data,
2784 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2785 info->dev_class, info->rssi,
2786 !name_known, NULL, 0);
2790 hci_dev_unlock(hdev);
2793 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2795 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2796 struct hci_conn *conn;
2798 BT_DBG("%s", hdev->name);
2802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2806 if (!ev->status && ev->page == 0x01) {
2807 struct inquiry_entry *ie;
2809 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2811 ie->data.ssp_mode = (ev->features[0] & 0x01);
2813 if (ev->features[0] & 0x01)
2814 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2817 if (conn->state != BT_CONFIG)
2821 struct hci_cp_remote_name_req cp;
2822 memset(&cp, 0, sizeof(cp));
2823 bacpy(&cp.bdaddr, &conn->dst);
2824 cp.pscan_rep_mode = 0x02;
2825 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2826 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2827 mgmt_device_connected(hdev, &conn->dst, conn->type,
2828 conn->dst_type, NULL, 0,
2831 if (!hci_outgoing_auth_needed(hdev, conn)) {
2832 conn->state = BT_CONNECTED;
2833 hci_proto_connect_cfm(conn, ev->status);
2838 hci_dev_unlock(hdev);
2841 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2843 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2844 struct hci_conn *conn;
2846 BT_DBG("%s status %d", hdev->name, ev->status);
2850 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2852 if (ev->link_type == ESCO_LINK)
2855 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2859 conn->type = SCO_LINK;
2862 switch (ev->status) {
2864 conn->handle = __le16_to_cpu(ev->handle);
2865 conn->state = BT_CONNECTED;
2867 hci_conn_hold_device(conn);
2868 hci_conn_add_sysfs(conn);
2871 case 0x11: /* Unsupported Feature or Parameter Value */
2872 case 0x1c: /* SCO interval rejected */
2873 case 0x1a: /* Unsupported Remote Feature */
2874 case 0x1f: /* Unspecified error */
2875 if (conn->out && conn->attempt < 2) {
2876 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2877 (hdev->esco_type & EDR_ESCO_MASK);
2878 hci_setup_sync(conn, conn->link->handle);
2884 conn->state = BT_CLOSED;
2888 hci_proto_connect_cfm(conn, ev->status);
2893 hci_dev_unlock(hdev);
2896 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2898 BT_DBG("%s", hdev->name);
2901 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2903 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2905 BT_DBG("%s status %d", hdev->name, ev->status);
2908 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2910 struct inquiry_data data;
2911 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2912 int num_rsp = *((__u8 *) skb->data);
2914 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2921 for (; num_rsp; num_rsp--, info++) {
2924 bacpy(&data.bdaddr, &info->bdaddr);
2925 data.pscan_rep_mode = info->pscan_rep_mode;
2926 data.pscan_period_mode = info->pscan_period_mode;
2927 data.pscan_mode = 0x00;
2928 memcpy(data.dev_class, info->dev_class, 3);
2929 data.clock_offset = info->clock_offset;
2930 data.rssi = info->rssi;
2931 data.ssp_mode = 0x01;
2933 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2934 name_known = eir_has_data_type(info->data,
2940 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2941 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2942 info->dev_class, info->rssi,
2943 !name_known, info->data,
2944 sizeof(info->data));
2947 hci_dev_unlock(hdev);
2950 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2952 /* If remote requests dedicated bonding follow that lead */
2953 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2954 /* If both remote and local IO capabilities allow MITM
2955 * protection then require it, otherwise don't */
2956 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2962 /* If remote requests no-bonding follow that lead */
2963 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2964 return conn->remote_auth | (conn->auth_type & 0x01);
2966 return conn->auth_type;
2969 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2971 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2972 struct hci_conn *conn;
2974 BT_DBG("%s", hdev->name);
2978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2982 hci_conn_hold(conn);
2984 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2987 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2988 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2989 struct hci_cp_io_capability_reply cp;
2991 bacpy(&cp.bdaddr, &ev->bdaddr);
2992 /* Change the IO capability from KeyboardDisplay
2993 * to DisplayYesNo as it is not supported by BT spec. */
2994 cp.capability = (conn->io_capability == 0x04) ?
2995 0x01 : conn->io_capability;
2996 conn->auth_type = hci_get_auth_req(conn);
2997 cp.authentication = conn->auth_type;
2999 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3000 hci_find_remote_oob_data(hdev, &conn->dst))
3005 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3008 struct hci_cp_io_capability_neg_reply cp;
3010 bacpy(&cp.bdaddr, &ev->bdaddr);
3011 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3013 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3018 hci_dev_unlock(hdev);
3021 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3023 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3024 struct hci_conn *conn;
3026 BT_DBG("%s", hdev->name);
3030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3034 conn->remote_cap = ev->capability;
3035 conn->remote_auth = ev->authentication;
3037 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3040 hci_dev_unlock(hdev);
3043 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3044 struct sk_buff *skb)
3046 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3047 int loc_mitm, rem_mitm, confirm_hint = 0;
3048 struct hci_conn *conn;
3050 BT_DBG("%s", hdev->name);
3054 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3061 loc_mitm = (conn->auth_type & 0x01);
3062 rem_mitm = (conn->remote_auth & 0x01);
3064 /* If we require MITM but the remote device can't provide that
3065 * (it has NoInputNoOutput) then reject the confirmation
3066 * request. The only exception is when we're dedicated bonding
3067 * initiators (connect_cfm_cb set) since then we always have the MITM
3069 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3070 BT_DBG("Rejecting request: remote device can't provide MITM");
3071 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3072 sizeof(ev->bdaddr), &ev->bdaddr);
3076 /* If no side requires MITM protection; auto-accept */
3077 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3078 (!rem_mitm || conn->io_capability == 0x03)) {
3080 /* If we're not the initiators request authorization to
3081 * proceed from user space (mgmt_user_confirm with
3082 * confirm_hint set to 1). */
3083 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3084 BT_DBG("Confirming auto-accept as acceptor");
3089 BT_DBG("Auto-accept of user confirmation with %ums delay",
3090 hdev->auto_accept_delay);
3092 if (hdev->auto_accept_delay > 0) {
3093 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3094 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3098 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3099 sizeof(ev->bdaddr), &ev->bdaddr);
3104 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
3108 hci_dev_unlock(hdev);
3111 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3112 struct sk_buff *skb)
3114 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3116 BT_DBG("%s", hdev->name);
3120 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3121 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3123 hci_dev_unlock(hdev);
3126 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3128 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3129 struct hci_conn *conn;
3131 BT_DBG("%s", hdev->name);
3135 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3139 /* To avoid duplicate auth_failed events to user space we check
3140 * the HCI_CONN_AUTH_PEND flag which will be set if we
3141 * initiated the authentication. A traditional auth_complete
3142 * event gets always produced as initiator and is also mapped to
3143 * the mgmt_auth_failed event */
3144 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3145 mgmt_auth_failed(hdev, &conn->dst, ev->status);
3150 hci_dev_unlock(hdev);
3153 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3155 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3156 struct inquiry_entry *ie;
3158 BT_DBG("%s", hdev->name);
3162 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3164 ie->data.ssp_mode = (ev->features[0] & 0x01);
3166 hci_dev_unlock(hdev);
3169 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3170 struct sk_buff *skb)
3172 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3173 struct oob_data *data;
3175 BT_DBG("%s", hdev->name);
3179 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3182 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3184 struct hci_cp_remote_oob_data_reply cp;
3186 bacpy(&cp.bdaddr, &ev->bdaddr);
3187 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3188 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3190 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3193 struct hci_cp_remote_oob_data_neg_reply cp;
3195 bacpy(&cp.bdaddr, &ev->bdaddr);
3196 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3201 hci_dev_unlock(hdev);
3204 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3206 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3207 struct hci_conn *conn;
3209 BT_DBG("%s status %d", hdev->name, ev->status);
3213 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3215 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3217 BT_ERR("No memory for new connection");
3218 hci_dev_unlock(hdev);
3222 conn->dst_type = ev->bdaddr_type;
3226 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3227 conn->dst_type, ev->status);
3228 hci_proto_connect_cfm(conn, ev->status);
3229 conn->state = BT_CLOSED;
3234 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3235 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3236 conn->dst_type, NULL, 0, 0);
3238 conn->sec_level = BT_SECURITY_LOW;
3239 conn->handle = __le16_to_cpu(ev->handle);
3240 conn->state = BT_CONNECTED;
3242 hci_conn_hold_device(conn);
3243 hci_conn_add_sysfs(conn);
3245 hci_proto_connect_cfm(conn, ev->status);
3248 hci_dev_unlock(hdev);
3251 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
3254 u8 num_reports = skb->data[0];
3255 void *ptr = &skb->data[1];
3260 while (num_reports--) {
3261 struct hci_ev_le_advertising_info *ev = ptr;
3263 hci_add_adv_entry(hdev, ev);
3265 rssi = ev->data[ev->length];
3266 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3267 NULL, rssi, 0, ev->data, ev->length);
3269 ptr += sizeof(*ev) + ev->length + 1;
3272 hci_dev_unlock(hdev);
3275 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3276 struct sk_buff *skb)
3278 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3279 struct hci_cp_le_ltk_reply cp;
3280 struct hci_cp_le_ltk_neg_reply neg;
3281 struct hci_conn *conn;
3282 struct smp_ltk *ltk;
3284 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3292 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3296 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3297 cp.handle = cpu_to_le16(conn->handle);
3299 if (ltk->authenticated)
3300 conn->sec_level = BT_SECURITY_HIGH;
3302 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3304 if (ltk->type & HCI_SMP_STK) {
3305 list_del(<k->list);
3309 hci_dev_unlock(hdev);
3314 neg.handle = ev->handle;
3315 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3316 hci_dev_unlock(hdev);
3319 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3321 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3323 skb_pull(skb, sizeof(*le_ev));
3325 switch (le_ev->subevent) {
3326 case HCI_EV_LE_CONN_COMPLETE:
3327 hci_le_conn_complete_evt(hdev, skb);
3330 case HCI_EV_LE_ADVERTISING_REPORT:
3331 hci_le_adv_report_evt(hdev, skb);
3334 case HCI_EV_LE_LTK_REQ:
3335 hci_le_ltk_request_evt(hdev, skb);
3343 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3345 struct hci_event_hdr *hdr = (void *) skb->data;
3346 __u8 event = hdr->evt;
3348 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3351 case HCI_EV_INQUIRY_COMPLETE:
3352 hci_inquiry_complete_evt(hdev, skb);
3355 case HCI_EV_INQUIRY_RESULT:
3356 hci_inquiry_result_evt(hdev, skb);
3359 case HCI_EV_CONN_COMPLETE:
3360 hci_conn_complete_evt(hdev, skb);
3363 case HCI_EV_CONN_REQUEST:
3364 hci_conn_request_evt(hdev, skb);
3367 case HCI_EV_DISCONN_COMPLETE:
3368 hci_disconn_complete_evt(hdev, skb);
3371 case HCI_EV_AUTH_COMPLETE:
3372 hci_auth_complete_evt(hdev, skb);
3375 case HCI_EV_REMOTE_NAME:
3376 hci_remote_name_evt(hdev, skb);
3379 case HCI_EV_ENCRYPT_CHANGE:
3380 hci_encrypt_change_evt(hdev, skb);
3383 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3384 hci_change_link_key_complete_evt(hdev, skb);
3387 case HCI_EV_REMOTE_FEATURES:
3388 hci_remote_features_evt(hdev, skb);
3391 case HCI_EV_REMOTE_VERSION:
3392 hci_remote_version_evt(hdev, skb);
3395 case HCI_EV_QOS_SETUP_COMPLETE:
3396 hci_qos_setup_complete_evt(hdev, skb);
3399 case HCI_EV_CMD_COMPLETE:
3400 hci_cmd_complete_evt(hdev, skb);
3403 case HCI_EV_CMD_STATUS:
3404 hci_cmd_status_evt(hdev, skb);
3407 case HCI_EV_ROLE_CHANGE:
3408 hci_role_change_evt(hdev, skb);
3411 case HCI_EV_NUM_COMP_PKTS:
3412 hci_num_comp_pkts_evt(hdev, skb);
3415 case HCI_EV_MODE_CHANGE:
3416 hci_mode_change_evt(hdev, skb);
3419 case HCI_EV_PIN_CODE_REQ:
3420 hci_pin_code_request_evt(hdev, skb);
3423 case HCI_EV_LINK_KEY_REQ:
3424 hci_link_key_request_evt(hdev, skb);
3427 case HCI_EV_LINK_KEY_NOTIFY:
3428 hci_link_key_notify_evt(hdev, skb);
3431 case HCI_EV_CLOCK_OFFSET:
3432 hci_clock_offset_evt(hdev, skb);
3435 case HCI_EV_PKT_TYPE_CHANGE:
3436 hci_pkt_type_change_evt(hdev, skb);
3439 case HCI_EV_PSCAN_REP_MODE:
3440 hci_pscan_rep_mode_evt(hdev, skb);
3443 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3444 hci_inquiry_result_with_rssi_evt(hdev, skb);
3447 case HCI_EV_REMOTE_EXT_FEATURES:
3448 hci_remote_ext_features_evt(hdev, skb);
3451 case HCI_EV_SYNC_CONN_COMPLETE:
3452 hci_sync_conn_complete_evt(hdev, skb);
3455 case HCI_EV_SYNC_CONN_CHANGED:
3456 hci_sync_conn_changed_evt(hdev, skb);
3459 case HCI_EV_SNIFF_SUBRATE:
3460 hci_sniff_subrate_evt(hdev, skb);
3463 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3464 hci_extended_inquiry_result_evt(hdev, skb);
3467 case HCI_EV_IO_CAPA_REQUEST:
3468 hci_io_capa_request_evt(hdev, skb);
3471 case HCI_EV_IO_CAPA_REPLY:
3472 hci_io_capa_reply_evt(hdev, skb);
3475 case HCI_EV_USER_CONFIRM_REQUEST:
3476 hci_user_confirm_request_evt(hdev, skb);
3479 case HCI_EV_USER_PASSKEY_REQUEST:
3480 hci_user_passkey_request_evt(hdev, skb);
3483 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3484 hci_simple_pair_complete_evt(hdev, skb);
3487 case HCI_EV_REMOTE_HOST_FEATURES:
3488 hci_remote_host_features_evt(hdev, skb);
3491 case HCI_EV_LE_META:
3492 hci_le_meta_evt(hdev, skb);
3495 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3496 hci_remote_oob_data_request_evt(hdev, skb);
3499 case HCI_EV_NUM_COMP_BLOCKS:
3500 hci_num_comp_blocks_evt(hdev, skb);
3504 BT_DBG("%s event 0x%x", hdev->name, event);
3509 hdev->stat.evt_rx++;
3512 /* Generate internal stack event */
3513 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3515 struct hci_event_hdr *hdr;
3516 struct hci_ev_stack_internal *ev;
3517 struct sk_buff *skb;
3519 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3523 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3524 hdr->evt = HCI_EV_STACK_INTERNAL;
3525 hdr->plen = sizeof(*ev) + dlen;
3527 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3529 memcpy(ev->data, data, dlen);
3531 bt_cb(skb)->incoming = 1;
3532 __net_timestamp(skb);
3534 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3535 skb->dev = (void *) hdev;
3536 hci_send_to_sock(hdev, skb, NULL);
3540 module_param(enable_le, bool, 0644);
3541 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob