2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
205 __u8 status = *((__u8 *) skb->data);
208 BT_DBG("%s status 0x%x", hdev->name, status);
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222 hci_dev_unlock(hdev);
225 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
283 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
314 mgmt_discoverable(hdev, 1);
315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
332 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
335 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
337 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
339 BT_DBG("%s status 0x%x", hdev->name, rp->status);
344 memcpy(hdev->dev_class, rp->dev_class, 3);
346 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
347 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
350 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
352 __u8 status = *((__u8 *) skb->data);
355 BT_DBG("%s status 0x%x", hdev->name, status);
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 memcpy(hdev->dev_class, sent, 3);
367 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 BT_DBG("%s status 0x%x", hdev->name, rp->status);
377 setting = __le16_to_cpu(rp->voice_setting);
379 if (hdev->voice_setting == setting)
382 hdev->voice_setting = setting;
384 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
387 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
392 __u8 status = *((__u8 *) skb->data);
396 BT_DBG("%s status 0x%x", hdev->name, status);
401 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
405 setting = get_unaligned_le16(sent);
407 if (hdev->voice_setting == setting)
410 hdev->voice_setting = setting;
412 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
415 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
418 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
420 __u8 status = *((__u8 *) skb->data);
422 BT_DBG("%s status 0x%x", hdev->name, status);
424 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
427 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
431 BT_DBG("%s status 0x%x", hdev->name, rp->status);
437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
442 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
444 __u8 status = *((__u8 *) skb->data);
447 BT_DBG("%s status 0x%x", hdev->name, status);
452 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
457 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 if (test_bit(HCI_MGMT, &hdev->dev_flags))
463 mgmt_ssp_enable_complete(hdev, status);
466 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
468 if (hdev->features[6] & LMP_EXT_INQ)
471 if (hdev->features[3] & LMP_RSSI_INQ)
474 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
475 hdev->lmp_subver == 0x0757)
478 if (hdev->manufacturer == 15) {
479 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
481 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
483 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
487 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
488 hdev->lmp_subver == 0x1805)
494 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
498 mode = hci_get_inquiry_mode(hdev);
500 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
503 static void hci_setup_event_mask(struct hci_dev *hdev)
505 /* The second byte is 0xff instead of 0x9f (two reserved bits
506 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
507 * command otherwise */
508 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
510 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
511 * any event mask for pre 1.2 devices */
512 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
515 events[4] |= 0x01; /* Flow Specification Complete */
516 events[4] |= 0x02; /* Inquiry Result with RSSI */
517 events[4] |= 0x04; /* Read Remote Extended Features Complete */
518 events[5] |= 0x08; /* Synchronous Connection Complete */
519 events[5] |= 0x10; /* Synchronous Connection Changed */
521 if (hdev->features[3] & LMP_RSSI_INQ)
522 events[4] |= 0x04; /* Inquiry Result with RSSI */
524 if (hdev->features[5] & LMP_SNIFF_SUBR)
525 events[5] |= 0x20; /* Sniff Subrating */
527 if (hdev->features[5] & LMP_PAUSE_ENC)
528 events[5] |= 0x80; /* Encryption Key Refresh Complete */
530 if (hdev->features[6] & LMP_EXT_INQ)
531 events[5] |= 0x40; /* Extended Inquiry Result */
533 if (hdev->features[6] & LMP_NO_FLUSH)
534 events[7] |= 0x01; /* Enhanced Flush Complete */
536 if (hdev->features[7] & LMP_LSTO)
537 events[6] |= 0x80; /* Link Supervision Timeout Changed */
539 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
540 events[6] |= 0x01; /* IO Capability Request */
541 events[6] |= 0x02; /* IO Capability Response */
542 events[6] |= 0x04; /* User Confirmation Request */
543 events[6] |= 0x08; /* User Passkey Request */
544 events[6] |= 0x10; /* Remote OOB Data Request */
545 events[6] |= 0x20; /* Simple Pairing Complete */
546 events[7] |= 0x04; /* User Passkey Notification */
547 events[7] |= 0x08; /* Keypress Notification */
548 events[7] |= 0x10; /* Remote Host Supported
549 * Features Notification */
552 if (hdev->features[4] & LMP_LE)
553 events[7] |= 0x20; /* LE Meta-Event */
555 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
558 static void hci_set_le_support(struct hci_dev *hdev)
560 struct hci_cp_write_le_host_supported cp;
562 memset(&cp, 0, sizeof(cp));
566 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
569 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
572 static void hci_setup(struct hci_dev *hdev)
574 if (hdev->dev_type != HCI_BREDR)
577 hci_setup_event_mask(hdev);
579 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
580 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
582 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
584 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
587 if (hdev->features[3] & LMP_RSSI_INQ)
588 hci_setup_inquiry_mode(hdev);
590 if (hdev->features[7] & LMP_INQ_TX_PWR)
591 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
593 if (hdev->features[7] & LMP_EXTFEATURES) {
594 struct hci_cp_read_local_ext_features cp;
597 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
601 if (hdev->features[4] & LMP_LE)
602 hci_set_le_support(hdev);
605 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
607 struct hci_rp_read_local_version *rp = (void *) skb->data;
609 BT_DBG("%s status 0x%x", hdev->name, rp->status);
614 hdev->hci_ver = rp->hci_ver;
615 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
616 hdev->lmp_ver = rp->lmp_ver;
617 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
618 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
620 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
622 hdev->hci_ver, hdev->hci_rev);
624 if (test_bit(HCI_INIT, &hdev->flags))
628 static void hci_setup_link_policy(struct hci_dev *hdev)
632 if (hdev->features[0] & LMP_RSWITCH)
633 link_policy |= HCI_LP_RSWITCH;
634 if (hdev->features[0] & LMP_HOLD)
635 link_policy |= HCI_LP_HOLD;
636 if (hdev->features[0] & LMP_SNIFF)
637 link_policy |= HCI_LP_SNIFF;
638 if (hdev->features[1] & LMP_PARK)
639 link_policy |= HCI_LP_PARK;
641 link_policy = cpu_to_le16(link_policy);
642 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
643 sizeof(link_policy), &link_policy);
646 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
648 struct hci_rp_read_local_commands *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
655 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
657 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
658 hci_setup_link_policy(hdev);
661 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
664 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
666 struct hci_rp_read_local_features *rp = (void *) skb->data;
668 BT_DBG("%s status 0x%x", hdev->name, rp->status);
673 memcpy(hdev->features, rp->features, 8);
675 /* Adjust default settings according to features
676 * supported by device. */
678 if (hdev->features[0] & LMP_3SLOT)
679 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
681 if (hdev->features[0] & LMP_5SLOT)
682 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
684 if (hdev->features[1] & LMP_HV2) {
685 hdev->pkt_type |= (HCI_HV2);
686 hdev->esco_type |= (ESCO_HV2);
689 if (hdev->features[1] & LMP_HV3) {
690 hdev->pkt_type |= (HCI_HV3);
691 hdev->esco_type |= (ESCO_HV3);
694 if (hdev->features[3] & LMP_ESCO)
695 hdev->esco_type |= (ESCO_EV3);
697 if (hdev->features[4] & LMP_EV4)
698 hdev->esco_type |= (ESCO_EV4);
700 if (hdev->features[4] & LMP_EV5)
701 hdev->esco_type |= (ESCO_EV5);
703 if (hdev->features[5] & LMP_EDR_ESCO_2M)
704 hdev->esco_type |= (ESCO_2EV3);
706 if (hdev->features[5] & LMP_EDR_ESCO_3M)
707 hdev->esco_type |= (ESCO_3EV3);
709 if (hdev->features[5] & LMP_EDR_3S_ESCO)
710 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
712 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
713 hdev->features[0], hdev->features[1],
714 hdev->features[2], hdev->features[3],
715 hdev->features[4], hdev->features[5],
716 hdev->features[6], hdev->features[7]);
719 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
722 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
731 memcpy(hdev->features, rp->features, 8);
734 memcpy(hdev->host_features, rp->features, 8);
738 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
741 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
744 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
751 hdev->flow_ctl_mode = rp->mode;
753 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
756 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
758 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
760 BT_DBG("%s status 0x%x", hdev->name, rp->status);
765 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
766 hdev->sco_mtu = rp->sco_mtu;
767 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
768 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
770 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
775 hdev->acl_cnt = hdev->acl_pkts;
776 hdev->sco_cnt = hdev->sco_pkts;
778 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
779 hdev->acl_mtu, hdev->acl_pkts,
780 hdev->sco_mtu, hdev->sco_pkts);
783 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
785 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
787 BT_DBG("%s status 0x%x", hdev->name, rp->status);
790 bacpy(&hdev->bdaddr, &rp->bdaddr);
792 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
795 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
798 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
800 BT_DBG("%s status 0x%x", hdev->name, rp->status);
805 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
806 hdev->block_len = __le16_to_cpu(rp->block_len);
807 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
809 hdev->block_cnt = hdev->num_blocks;
811 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
812 hdev->block_cnt, hdev->block_len);
814 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
817 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
819 __u8 status = *((__u8 *) skb->data);
821 BT_DBG("%s status 0x%x", hdev->name, status);
823 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
826 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
829 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
831 BT_DBG("%s status 0x%x", hdev->name, rp->status);
836 hdev->amp_status = rp->amp_status;
837 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
838 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
839 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
840 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
841 hdev->amp_type = rp->amp_type;
842 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
843 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
844 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
845 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
847 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
850 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
853 __u8 status = *((__u8 *) skb->data);
855 BT_DBG("%s status 0x%x", hdev->name, status);
857 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
860 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
862 __u8 status = *((__u8 *) skb->data);
864 BT_DBG("%s status 0x%x", hdev->name, status);
866 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
869 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
872 __u8 status = *((__u8 *) skb->data);
874 BT_DBG("%s status 0x%x", hdev->name, status);
876 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
879 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
882 __u8 status = *((__u8 *) skb->data);
884 BT_DBG("%s status 0x%x", hdev->name, status);
886 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
889 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
891 __u8 status = *((__u8 *) skb->data);
893 BT_DBG("%s status 0x%x", hdev->name, status);
895 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
898 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
900 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
901 struct hci_cp_pin_code_reply *cp;
902 struct hci_conn *conn;
904 BT_DBG("%s status 0x%x", hdev->name, rp->status);
908 if (test_bit(HCI_MGMT, &hdev->dev_flags))
909 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
914 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
920 conn->pin_length = cp->pin_len;
923 hci_dev_unlock(hdev);
926 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
928 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
930 BT_DBG("%s status 0x%x", hdev->name, rp->status);
934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
935 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
938 hci_dev_unlock(hdev);
941 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
944 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
952 hdev->le_pkts = rp->le_max_pkt;
954 hdev->le_cnt = hdev->le_pkts;
956 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
958 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
961 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965 BT_DBG("%s status 0x%x", hdev->name, rp->status);
969 if (test_bit(HCI_MGMT, &hdev->dev_flags))
970 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
973 hci_dev_unlock(hdev);
976 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
979 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
985 if (test_bit(HCI_MGMT, &hdev->dev_flags))
986 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
990 hci_dev_unlock(hdev);
993 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
995 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1001 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1002 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1005 hci_dev_unlock(hdev);
1008 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1009 struct sk_buff *skb)
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1018 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1022 hci_dev_unlock(hdev);
1025 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1028 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1030 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1033 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1034 rp->randomizer, rp->status);
1035 hci_dev_unlock(hdev);
1038 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1040 __u8 status = *((__u8 *) skb->data);
1042 BT_DBG("%s status 0x%x", hdev->name, status);
1044 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1048 mgmt_start_discovery_failed(hdev, status);
1049 hci_dev_unlock(hdev);
1054 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1055 struct sk_buff *skb)
1057 struct hci_cp_le_set_scan_enable *cp;
1058 __u8 status = *((__u8 *) skb->data);
1060 BT_DBG("%s status 0x%x", hdev->name, status);
1062 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1066 switch (cp->enable) {
1067 case LE_SCANNING_ENABLED:
1068 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1072 mgmt_start_discovery_failed(hdev, status);
1073 hci_dev_unlock(hdev);
1077 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1079 cancel_delayed_work_sync(&hdev->adv_work);
1082 hci_adv_entries_clear(hdev);
1083 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1084 hci_dev_unlock(hdev);
1087 case LE_SCANNING_DISABLED:
1091 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1093 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1095 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1096 mgmt_interleaved_discovery(hdev);
1099 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1100 hci_dev_unlock(hdev);
1106 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1111 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1113 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1120 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1123 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1125 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1127 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1132 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1135 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1136 struct sk_buff *skb)
1138 struct hci_cp_read_local_ext_features cp;
1139 __u8 status = *((__u8 *) skb->data);
1141 BT_DBG("%s status 0x%x", hdev->name, status);
1147 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1150 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1152 BT_DBG("%s status 0x%x", hdev->name, status);
1155 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1156 hci_conn_check_pending(hdev);
1158 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1159 mgmt_start_discovery_failed(hdev, status);
1160 hci_dev_unlock(hdev);
1164 set_bit(HCI_INQUIRY, &hdev->flags);
1167 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1168 hci_dev_unlock(hdev);
1171 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1173 struct hci_cp_create_conn *cp;
1174 struct hci_conn *conn;
1176 BT_DBG("%s status 0x%x", hdev->name, status);
1178 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1186 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1189 if (conn && conn->state == BT_CONNECT) {
1190 if (status != 0x0c || conn->attempt > 2) {
1191 conn->state = BT_CLOSED;
1192 hci_proto_connect_cfm(conn, status);
1195 conn->state = BT_CONNECT2;
1199 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1202 conn->link_mode |= HCI_LM_MASTER;
1204 BT_ERR("No memory for new connection");
1208 hci_dev_unlock(hdev);
1211 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1213 struct hci_cp_add_sco *cp;
1214 struct hci_conn *acl, *sco;
1217 BT_DBG("%s status 0x%x", hdev->name, status);
1222 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1226 handle = __le16_to_cpu(cp->handle);
1228 BT_DBG("%s handle %d", hdev->name, handle);
1232 acl = hci_conn_hash_lookup_handle(hdev, handle);
1236 sco->state = BT_CLOSED;
1238 hci_proto_connect_cfm(sco, status);
1243 hci_dev_unlock(hdev);
1246 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1248 struct hci_cp_auth_requested *cp;
1249 struct hci_conn *conn;
1251 BT_DBG("%s status 0x%x", hdev->name, status);
1256 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1262 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1264 if (conn->state == BT_CONFIG) {
1265 hci_proto_connect_cfm(conn, status);
1270 hci_dev_unlock(hdev);
1273 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1275 struct hci_cp_set_conn_encrypt *cp;
1276 struct hci_conn *conn;
1278 BT_DBG("%s status 0x%x", hdev->name, status);
1283 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1289 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1291 if (conn->state == BT_CONFIG) {
1292 hci_proto_connect_cfm(conn, status);
1297 hci_dev_unlock(hdev);
1300 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1301 struct hci_conn *conn)
1303 if (conn->state != BT_CONFIG || !conn->out)
1306 if (conn->pending_sec_level == BT_SECURITY_SDP)
1309 /* Only request authentication for SSP connections or non-SSP
1310 * devices with sec_level HIGH or if MITM protection is requested */
1311 if (!hci_conn_ssp_enabled(conn) &&
1312 conn->pending_sec_level != BT_SECURITY_HIGH &&
1313 !(conn->auth_type & 0x01))
1319 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1321 struct hci_cp_remote_name_req cp;
1323 memset(&cp, 0, sizeof(cp));
1325 bacpy(&cp.bdaddr, &e->data.bdaddr);
1326 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1327 cp.pscan_mode = e->data.pscan_mode;
1328 cp.clock_offset = e->data.clock_offset;
1330 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1333 static bool hci_resolve_next_name(struct hci_dev *hdev)
1335 struct discovery_state *discov = &hdev->discovery;
1336 struct inquiry_entry *e;
1338 if (list_empty(&discov->resolve))
1341 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1342 if (hci_resolve_name(hdev, e) == 0) {
1343 e->name_state = NAME_PENDING;
1350 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1351 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1353 struct discovery_state *discov = &hdev->discovery;
1354 struct inquiry_entry *e;
1356 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1357 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1358 name, name_len, conn->dev_class);
1360 if (discov->state == DISCOVERY_STOPPED)
1363 if (discov->state == DISCOVERY_STOPPING)
1364 goto discov_complete;
1366 if (discov->state != DISCOVERY_RESOLVING)
1369 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1371 e->name_state = NAME_KNOWN;
1374 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1375 e->data.rssi, name, name_len);
1378 if (hci_resolve_next_name(hdev))
1382 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1385 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1387 struct hci_cp_remote_name_req *cp;
1388 struct hci_conn *conn;
1390 BT_DBG("%s status 0x%x", hdev->name, status);
1392 /* If successful wait for the name req complete event before
1393 * checking for the need to do authentication */
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1403 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1405 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1406 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1411 if (!hci_outgoing_auth_needed(hdev, conn))
1414 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1415 struct hci_cp_auth_requested cp;
1416 cp.handle = __cpu_to_le16(conn->handle);
1417 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1421 hci_dev_unlock(hdev);
1424 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1426 struct hci_cp_read_remote_features *cp;
1427 struct hci_conn *conn;
1429 BT_DBG("%s status 0x%x", hdev->name, status);
1434 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1440 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1442 if (conn->state == BT_CONFIG) {
1443 hci_proto_connect_cfm(conn, status);
1448 hci_dev_unlock(hdev);
1451 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1453 struct hci_cp_read_remote_ext_features *cp;
1454 struct hci_conn *conn;
1456 BT_DBG("%s status 0x%x", hdev->name, status);
1461 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1467 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1469 if (conn->state == BT_CONFIG) {
1470 hci_proto_connect_cfm(conn, status);
1475 hci_dev_unlock(hdev);
1478 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1480 struct hci_cp_setup_sync_conn *cp;
1481 struct hci_conn *acl, *sco;
1484 BT_DBG("%s status 0x%x", hdev->name, status);
1489 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1493 handle = __le16_to_cpu(cp->handle);
1495 BT_DBG("%s handle %d", hdev->name, handle);
1499 acl = hci_conn_hash_lookup_handle(hdev, handle);
1503 sco->state = BT_CLOSED;
1505 hci_proto_connect_cfm(sco, status);
1510 hci_dev_unlock(hdev);
1513 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1515 struct hci_cp_sniff_mode *cp;
1516 struct hci_conn *conn;
1518 BT_DBG("%s status 0x%x", hdev->name, status);
1523 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1529 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1531 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1533 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1534 hci_sco_setup(conn, status);
1537 hci_dev_unlock(hdev);
1540 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1542 struct hci_cp_exit_sniff_mode *cp;
1543 struct hci_conn *conn;
1545 BT_DBG("%s status 0x%x", hdev->name, status);
1550 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1556 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1558 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1560 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1561 hci_sco_setup(conn, status);
1564 hci_dev_unlock(hdev);
1567 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1569 struct hci_cp_disconnect *cp;
1570 struct hci_conn *conn;
1575 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1581 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1583 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1584 conn->dst_type, status);
1586 hci_dev_unlock(hdev);
1589 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1591 struct hci_cp_le_create_conn *cp;
1592 struct hci_conn *conn;
1594 BT_DBG("%s status 0x%x", hdev->name, status);
1596 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1604 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1608 if (conn && conn->state == BT_CONNECT) {
1609 conn->state = BT_CLOSED;
1610 hci_proto_connect_cfm(conn, status);
1615 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1617 conn->dst_type = cp->peer_addr_type;
1620 BT_ERR("No memory for new connection");
1625 hci_dev_unlock(hdev);
1628 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1630 BT_DBG("%s status 0x%x", hdev->name, status);
1633 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1635 __u8 status = *((__u8 *) skb->data);
1636 struct discovery_state *discov = &hdev->discovery;
1637 struct inquiry_entry *e;
1639 BT_DBG("%s status %d", hdev->name, status);
1641 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1643 hci_conn_check_pending(hdev);
1645 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1648 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1653 if (discov->state != DISCOVERY_FINDING)
1656 if (list_empty(&discov->resolve)) {
1657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1661 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1662 if (e && hci_resolve_name(hdev, e) == 0) {
1663 e->name_state = NAME_PENDING;
1664 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1666 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1670 hci_dev_unlock(hdev);
1673 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1675 struct inquiry_data data;
1676 struct inquiry_info *info = (void *) (skb->data + 1);
1677 int num_rsp = *((__u8 *) skb->data);
1679 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1686 for (; num_rsp; num_rsp--, info++) {
1689 bacpy(&data.bdaddr, &info->bdaddr);
1690 data.pscan_rep_mode = info->pscan_rep_mode;
1691 data.pscan_period_mode = info->pscan_period_mode;
1692 data.pscan_mode = info->pscan_mode;
1693 memcpy(data.dev_class, info->dev_class, 3);
1694 data.clock_offset = info->clock_offset;
1696 data.ssp_mode = 0x00;
1698 name_known = hci_inquiry_cache_update(hdev, &data, false);
1699 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1700 info->dev_class, 0, !name_known,
1704 hci_dev_unlock(hdev);
1707 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1709 struct hci_ev_conn_complete *ev = (void *) skb->data;
1710 struct hci_conn *conn;
1712 BT_DBG("%s", hdev->name);
1716 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1718 if (ev->link_type != SCO_LINK)
1721 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1725 conn->type = SCO_LINK;
1729 conn->handle = __le16_to_cpu(ev->handle);
1731 if (conn->type == ACL_LINK) {
1732 conn->state = BT_CONFIG;
1733 hci_conn_hold(conn);
1734 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1736 conn->state = BT_CONNECTED;
1738 hci_conn_hold_device(conn);
1739 hci_conn_add_sysfs(conn);
1741 if (test_bit(HCI_AUTH, &hdev->flags))
1742 conn->link_mode |= HCI_LM_AUTH;
1744 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1745 conn->link_mode |= HCI_LM_ENCRYPT;
1747 /* Get remote features */
1748 if (conn->type == ACL_LINK) {
1749 struct hci_cp_read_remote_features cp;
1750 cp.handle = ev->handle;
1751 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1755 /* Set packet type for incoming connection */
1756 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1757 struct hci_cp_change_conn_ptype cp;
1758 cp.handle = ev->handle;
1759 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1760 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1764 conn->state = BT_CLOSED;
1765 if (conn->type == ACL_LINK)
1766 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1767 conn->dst_type, ev->status);
1770 if (conn->type == ACL_LINK)
1771 hci_sco_setup(conn, ev->status);
1774 hci_proto_connect_cfm(conn, ev->status);
1776 } else if (ev->link_type != ACL_LINK)
1777 hci_proto_connect_cfm(conn, ev->status);
1780 hci_dev_unlock(hdev);
1782 hci_conn_check_pending(hdev);
1785 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1787 struct hci_ev_conn_request *ev = (void *) skb->data;
1788 int mask = hdev->link_mode;
1790 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1791 batostr(&ev->bdaddr), ev->link_type);
1793 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1795 if ((mask & HCI_LM_ACCEPT) &&
1796 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1797 /* Connection accepted */
1798 struct inquiry_entry *ie;
1799 struct hci_conn *conn;
1803 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1805 memcpy(ie->data.dev_class, ev->dev_class, 3);
1807 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1809 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1811 BT_ERR("No memory for new connection");
1812 hci_dev_unlock(hdev);
1817 memcpy(conn->dev_class, ev->dev_class, 3);
1818 conn->state = BT_CONNECT;
1820 hci_dev_unlock(hdev);
1822 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1823 struct hci_cp_accept_conn_req cp;
1825 bacpy(&cp.bdaddr, &ev->bdaddr);
1827 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1828 cp.role = 0x00; /* Become master */
1830 cp.role = 0x01; /* Remain slave */
1832 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1835 struct hci_cp_accept_sync_conn_req cp;
1837 bacpy(&cp.bdaddr, &ev->bdaddr);
1838 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1840 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1841 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1842 cp.max_latency = cpu_to_le16(0xffff);
1843 cp.content_format = cpu_to_le16(hdev->voice_setting);
1844 cp.retrans_effort = 0xff;
1846 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1850 /* Connection rejected */
1851 struct hci_cp_reject_conn_req cp;
1853 bacpy(&cp.bdaddr, &ev->bdaddr);
1854 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1855 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1859 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1861 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1862 struct hci_conn *conn;
1864 BT_DBG("%s status %d", hdev->name, ev->status);
1868 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1872 if (ev->status == 0)
1873 conn->state = BT_CLOSED;
1875 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1876 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1877 if (ev->status != 0)
1878 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1879 conn->dst_type, ev->status);
1881 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1885 if (ev->status == 0) {
1886 hci_proto_disconn_cfm(conn, ev->reason);
1891 hci_dev_unlock(hdev);
1894 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1896 struct hci_ev_auth_complete *ev = (void *) skb->data;
1897 struct hci_conn *conn;
1899 BT_DBG("%s status %d", hdev->name, ev->status);
1903 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1908 if (!hci_conn_ssp_enabled(conn) &&
1909 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1910 BT_INFO("re-auth of legacy device is not possible.");
1912 conn->link_mode |= HCI_LM_AUTH;
1913 conn->sec_level = conn->pending_sec_level;
1916 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1920 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1921 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1923 if (conn->state == BT_CONFIG) {
1924 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1925 struct hci_cp_set_conn_encrypt cp;
1926 cp.handle = ev->handle;
1928 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1931 conn->state = BT_CONNECTED;
1932 hci_proto_connect_cfm(conn, ev->status);
1936 hci_auth_cfm(conn, ev->status);
1938 hci_conn_hold(conn);
1939 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1943 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1945 struct hci_cp_set_conn_encrypt cp;
1946 cp.handle = ev->handle;
1948 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1951 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1952 hci_encrypt_cfm(conn, ev->status, 0x00);
1957 hci_dev_unlock(hdev);
1960 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1962 struct hci_ev_remote_name *ev = (void *) skb->data;
1963 struct hci_conn *conn;
1965 BT_DBG("%s", hdev->name);
1967 hci_conn_check_pending(hdev);
1971 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1973 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1976 if (ev->status == 0)
1977 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1978 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1980 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1986 if (!hci_outgoing_auth_needed(hdev, conn))
1989 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1990 struct hci_cp_auth_requested cp;
1991 cp.handle = __cpu_to_le16(conn->handle);
1992 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1996 hci_dev_unlock(hdev);
1999 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2001 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2002 struct hci_conn *conn;
2004 BT_DBG("%s status %d", hdev->name, ev->status);
2008 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2012 /* Encryption implies authentication */
2013 conn->link_mode |= HCI_LM_AUTH;
2014 conn->link_mode |= HCI_LM_ENCRYPT;
2015 conn->sec_level = conn->pending_sec_level;
2017 conn->link_mode &= ~HCI_LM_ENCRYPT;
2020 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2022 if (conn->state == BT_CONFIG) {
2024 conn->state = BT_CONNECTED;
2026 hci_proto_connect_cfm(conn, ev->status);
2029 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2032 hci_dev_unlock(hdev);
2035 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2037 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2038 struct hci_conn *conn;
2040 BT_DBG("%s status %d", hdev->name, ev->status);
2044 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2047 conn->link_mode |= HCI_LM_SECURE;
2049 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2051 hci_key_change_cfm(conn, ev->status);
2054 hci_dev_unlock(hdev);
2057 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2059 struct hci_ev_remote_features *ev = (void *) skb->data;
2060 struct hci_conn *conn;
2062 BT_DBG("%s status %d", hdev->name, ev->status);
2066 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2071 memcpy(conn->features, ev->features, 8);
2073 if (conn->state != BT_CONFIG)
2076 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2077 struct hci_cp_read_remote_ext_features cp;
2078 cp.handle = ev->handle;
2080 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2086 struct hci_cp_remote_name_req cp;
2087 memset(&cp, 0, sizeof(cp));
2088 bacpy(&cp.bdaddr, &conn->dst);
2089 cp.pscan_rep_mode = 0x02;
2090 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2091 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2092 mgmt_device_connected(hdev, &conn->dst, conn->type,
2093 conn->dst_type, NULL, 0,
2096 if (!hci_outgoing_auth_needed(hdev, conn)) {
2097 conn->state = BT_CONNECTED;
2098 hci_proto_connect_cfm(conn, ev->status);
2103 hci_dev_unlock(hdev);
2106 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2108 BT_DBG("%s", hdev->name);
2111 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2113 BT_DBG("%s", hdev->name);
2116 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2118 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2121 skb_pull(skb, sizeof(*ev));
2123 opcode = __le16_to_cpu(ev->opcode);
2126 case HCI_OP_INQUIRY_CANCEL:
2127 hci_cc_inquiry_cancel(hdev, skb);
2130 case HCI_OP_EXIT_PERIODIC_INQ:
2131 hci_cc_exit_periodic_inq(hdev, skb);
2134 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2135 hci_cc_remote_name_req_cancel(hdev, skb);
2138 case HCI_OP_ROLE_DISCOVERY:
2139 hci_cc_role_discovery(hdev, skb);
2142 case HCI_OP_READ_LINK_POLICY:
2143 hci_cc_read_link_policy(hdev, skb);
2146 case HCI_OP_WRITE_LINK_POLICY:
2147 hci_cc_write_link_policy(hdev, skb);
2150 case HCI_OP_READ_DEF_LINK_POLICY:
2151 hci_cc_read_def_link_policy(hdev, skb);
2154 case HCI_OP_WRITE_DEF_LINK_POLICY:
2155 hci_cc_write_def_link_policy(hdev, skb);
2159 hci_cc_reset(hdev, skb);
2162 case HCI_OP_WRITE_LOCAL_NAME:
2163 hci_cc_write_local_name(hdev, skb);
2166 case HCI_OP_READ_LOCAL_NAME:
2167 hci_cc_read_local_name(hdev, skb);
2170 case HCI_OP_WRITE_AUTH_ENABLE:
2171 hci_cc_write_auth_enable(hdev, skb);
2174 case HCI_OP_WRITE_ENCRYPT_MODE:
2175 hci_cc_write_encrypt_mode(hdev, skb);
2178 case HCI_OP_WRITE_SCAN_ENABLE:
2179 hci_cc_write_scan_enable(hdev, skb);
2182 case HCI_OP_READ_CLASS_OF_DEV:
2183 hci_cc_read_class_of_dev(hdev, skb);
2186 case HCI_OP_WRITE_CLASS_OF_DEV:
2187 hci_cc_write_class_of_dev(hdev, skb);
2190 case HCI_OP_READ_VOICE_SETTING:
2191 hci_cc_read_voice_setting(hdev, skb);
2194 case HCI_OP_WRITE_VOICE_SETTING:
2195 hci_cc_write_voice_setting(hdev, skb);
2198 case HCI_OP_HOST_BUFFER_SIZE:
2199 hci_cc_host_buffer_size(hdev, skb);
2202 case HCI_OP_READ_SSP_MODE:
2203 hci_cc_read_ssp_mode(hdev, skb);
2206 case HCI_OP_WRITE_SSP_MODE:
2207 hci_cc_write_ssp_mode(hdev, skb);
2210 case HCI_OP_READ_LOCAL_VERSION:
2211 hci_cc_read_local_version(hdev, skb);
2214 case HCI_OP_READ_LOCAL_COMMANDS:
2215 hci_cc_read_local_commands(hdev, skb);
2218 case HCI_OP_READ_LOCAL_FEATURES:
2219 hci_cc_read_local_features(hdev, skb);
2222 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2223 hci_cc_read_local_ext_features(hdev, skb);
2226 case HCI_OP_READ_BUFFER_SIZE:
2227 hci_cc_read_buffer_size(hdev, skb);
2230 case HCI_OP_READ_BD_ADDR:
2231 hci_cc_read_bd_addr(hdev, skb);
2234 case HCI_OP_READ_DATA_BLOCK_SIZE:
2235 hci_cc_read_data_block_size(hdev, skb);
2238 case HCI_OP_WRITE_CA_TIMEOUT:
2239 hci_cc_write_ca_timeout(hdev, skb);
2242 case HCI_OP_READ_FLOW_CONTROL_MODE:
2243 hci_cc_read_flow_control_mode(hdev, skb);
2246 case HCI_OP_READ_LOCAL_AMP_INFO:
2247 hci_cc_read_local_amp_info(hdev, skb);
2250 case HCI_OP_DELETE_STORED_LINK_KEY:
2251 hci_cc_delete_stored_link_key(hdev, skb);
2254 case HCI_OP_SET_EVENT_MASK:
2255 hci_cc_set_event_mask(hdev, skb);
2258 case HCI_OP_WRITE_INQUIRY_MODE:
2259 hci_cc_write_inquiry_mode(hdev, skb);
2262 case HCI_OP_READ_INQ_RSP_TX_POWER:
2263 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2266 case HCI_OP_SET_EVENT_FLT:
2267 hci_cc_set_event_flt(hdev, skb);
2270 case HCI_OP_PIN_CODE_REPLY:
2271 hci_cc_pin_code_reply(hdev, skb);
2274 case HCI_OP_PIN_CODE_NEG_REPLY:
2275 hci_cc_pin_code_neg_reply(hdev, skb);
2278 case HCI_OP_READ_LOCAL_OOB_DATA:
2279 hci_cc_read_local_oob_data_reply(hdev, skb);
2282 case HCI_OP_LE_READ_BUFFER_SIZE:
2283 hci_cc_le_read_buffer_size(hdev, skb);
2286 case HCI_OP_USER_CONFIRM_REPLY:
2287 hci_cc_user_confirm_reply(hdev, skb);
2290 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2291 hci_cc_user_confirm_neg_reply(hdev, skb);
2294 case HCI_OP_USER_PASSKEY_REPLY:
2295 hci_cc_user_passkey_reply(hdev, skb);
2298 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2299 hci_cc_user_passkey_neg_reply(hdev, skb);
2301 case HCI_OP_LE_SET_SCAN_PARAM:
2302 hci_cc_le_set_scan_param(hdev, skb);
2305 case HCI_OP_LE_SET_SCAN_ENABLE:
2306 hci_cc_le_set_scan_enable(hdev, skb);
2309 case HCI_OP_LE_LTK_REPLY:
2310 hci_cc_le_ltk_reply(hdev, skb);
2313 case HCI_OP_LE_LTK_NEG_REPLY:
2314 hci_cc_le_ltk_neg_reply(hdev, skb);
2317 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2318 hci_cc_write_le_host_supported(hdev, skb);
2322 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2326 if (ev->opcode != HCI_OP_NOP)
2327 del_timer(&hdev->cmd_timer);
2330 atomic_set(&hdev->cmd_cnt, 1);
2331 if (!skb_queue_empty(&hdev->cmd_q))
2332 queue_work(hdev->workqueue, &hdev->cmd_work);
2336 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2338 struct hci_ev_cmd_status *ev = (void *) skb->data;
2341 skb_pull(skb, sizeof(*ev));
2343 opcode = __le16_to_cpu(ev->opcode);
2346 case HCI_OP_INQUIRY:
2347 hci_cs_inquiry(hdev, ev->status);
2350 case HCI_OP_CREATE_CONN:
2351 hci_cs_create_conn(hdev, ev->status);
2354 case HCI_OP_ADD_SCO:
2355 hci_cs_add_sco(hdev, ev->status);
2358 case HCI_OP_AUTH_REQUESTED:
2359 hci_cs_auth_requested(hdev, ev->status);
2362 case HCI_OP_SET_CONN_ENCRYPT:
2363 hci_cs_set_conn_encrypt(hdev, ev->status);
2366 case HCI_OP_REMOTE_NAME_REQ:
2367 hci_cs_remote_name_req(hdev, ev->status);
2370 case HCI_OP_READ_REMOTE_FEATURES:
2371 hci_cs_read_remote_features(hdev, ev->status);
2374 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2375 hci_cs_read_remote_ext_features(hdev, ev->status);
2378 case HCI_OP_SETUP_SYNC_CONN:
2379 hci_cs_setup_sync_conn(hdev, ev->status);
2382 case HCI_OP_SNIFF_MODE:
2383 hci_cs_sniff_mode(hdev, ev->status);
2386 case HCI_OP_EXIT_SNIFF_MODE:
2387 hci_cs_exit_sniff_mode(hdev, ev->status);
2390 case HCI_OP_DISCONNECT:
2391 hci_cs_disconnect(hdev, ev->status);
2394 case HCI_OP_LE_CREATE_CONN:
2395 hci_cs_le_create_conn(hdev, ev->status);
2398 case HCI_OP_LE_START_ENC:
2399 hci_cs_le_start_enc(hdev, ev->status);
2403 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2407 if (ev->opcode != HCI_OP_NOP)
2408 del_timer(&hdev->cmd_timer);
2410 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2411 atomic_set(&hdev->cmd_cnt, 1);
2412 if (!skb_queue_empty(&hdev->cmd_q))
2413 queue_work(hdev->workqueue, &hdev->cmd_work);
2417 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2419 struct hci_ev_role_change *ev = (void *) skb->data;
2420 struct hci_conn *conn;
2422 BT_DBG("%s status %d", hdev->name, ev->status);
2426 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2430 conn->link_mode &= ~HCI_LM_MASTER;
2432 conn->link_mode |= HCI_LM_MASTER;
2435 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2437 hci_role_switch_cfm(conn, ev->status, ev->role);
2440 hci_dev_unlock(hdev);
2443 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2448 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2449 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2453 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2454 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2455 BT_DBG("%s bad parameters", hdev->name);
2459 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2461 for (i = 0; i < ev->num_hndl; i++) {
2462 struct hci_comp_pkts_info *info = &ev->handles[i];
2463 struct hci_conn *conn;
2464 __u16 handle, count;
2466 handle = __le16_to_cpu(info->handle);
2467 count = __le16_to_cpu(info->count);
2469 conn = hci_conn_hash_lookup_handle(hdev, handle);
2473 conn->sent -= count;
2475 switch (conn->type) {
2477 hdev->acl_cnt += count;
2478 if (hdev->acl_cnt > hdev->acl_pkts)
2479 hdev->acl_cnt = hdev->acl_pkts;
2483 if (hdev->le_pkts) {
2484 hdev->le_cnt += count;
2485 if (hdev->le_cnt > hdev->le_pkts)
2486 hdev->le_cnt = hdev->le_pkts;
2488 hdev->acl_cnt += count;
2489 if (hdev->acl_cnt > hdev->acl_pkts)
2490 hdev->acl_cnt = hdev->acl_pkts;
2495 hdev->sco_cnt += count;
2496 if (hdev->sco_cnt > hdev->sco_pkts)
2497 hdev->sco_cnt = hdev->sco_pkts;
2501 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2506 queue_work(hdev->workqueue, &hdev->tx_work);
2509 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2510 struct sk_buff *skb)
2512 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2515 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2516 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2520 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2521 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2522 BT_DBG("%s bad parameters", hdev->name);
2526 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2529 for (i = 0; i < ev->num_hndl; i++) {
2530 struct hci_comp_blocks_info *info = &ev->handles[i];
2531 struct hci_conn *conn;
2532 __u16 handle, block_count;
2534 handle = __le16_to_cpu(info->handle);
2535 block_count = __le16_to_cpu(info->blocks);
2537 conn = hci_conn_hash_lookup_handle(hdev, handle);
2541 conn->sent -= block_count;
2543 switch (conn->type) {
2545 hdev->block_cnt += block_count;
2546 if (hdev->block_cnt > hdev->num_blocks)
2547 hdev->block_cnt = hdev->num_blocks;
2551 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2556 queue_work(hdev->workqueue, &hdev->tx_work);
2559 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2561 struct hci_ev_mode_change *ev = (void *) skb->data;
2562 struct hci_conn *conn;
2564 BT_DBG("%s status %d", hdev->name, ev->status);
2568 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2570 conn->mode = ev->mode;
2571 conn->interval = __le16_to_cpu(ev->interval);
2573 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2574 if (conn->mode == HCI_CM_ACTIVE)
2575 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2577 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2580 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2581 hci_sco_setup(conn, ev->status);
2584 hci_dev_unlock(hdev);
2587 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2589 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2590 struct hci_conn *conn;
2592 BT_DBG("%s", hdev->name);
2596 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2600 if (conn->state == BT_CONNECTED) {
2601 hci_conn_hold(conn);
2602 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2606 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2607 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2608 sizeof(ev->bdaddr), &ev->bdaddr);
2609 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2612 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2617 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2621 hci_dev_unlock(hdev);
2624 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2626 struct hci_ev_link_key_req *ev = (void *) skb->data;
2627 struct hci_cp_link_key_reply cp;
2628 struct hci_conn *conn;
2629 struct link_key *key;
2631 BT_DBG("%s", hdev->name);
2633 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2638 key = hci_find_link_key(hdev, &ev->bdaddr);
2640 BT_DBG("%s link key not found for %s", hdev->name,
2641 batostr(&ev->bdaddr));
2645 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2646 batostr(&ev->bdaddr));
2648 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2649 key->type == HCI_LK_DEBUG_COMBINATION) {
2650 BT_DBG("%s ignoring debug key", hdev->name);
2654 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2656 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2657 conn->auth_type != 0xff &&
2658 (conn->auth_type & 0x01)) {
2659 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2663 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2664 conn->pending_sec_level == BT_SECURITY_HIGH) {
2665 BT_DBG("%s ignoring key unauthenticated for high \
2666 security", hdev->name);
2670 conn->key_type = key->type;
2671 conn->pin_length = key->pin_len;
2674 bacpy(&cp.bdaddr, &ev->bdaddr);
2675 memcpy(cp.link_key, key->val, 16);
2677 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2679 hci_dev_unlock(hdev);
2684 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2685 hci_dev_unlock(hdev);
2688 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2690 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2691 struct hci_conn *conn;
2694 BT_DBG("%s", hdev->name);
2698 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2700 hci_conn_hold(conn);
2701 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2702 pin_len = conn->pin_length;
2704 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2705 conn->key_type = ev->key_type;
2710 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2711 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2712 ev->key_type, pin_len);
2714 hci_dev_unlock(hdev);
2717 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2719 struct hci_ev_clock_offset *ev = (void *) skb->data;
2720 struct hci_conn *conn;
2722 BT_DBG("%s status %d", hdev->name, ev->status);
2726 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2727 if (conn && !ev->status) {
2728 struct inquiry_entry *ie;
2730 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2732 ie->data.clock_offset = ev->clock_offset;
2733 ie->timestamp = jiffies;
2737 hci_dev_unlock(hdev);
2740 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2742 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2743 struct hci_conn *conn;
2745 BT_DBG("%s status %d", hdev->name, ev->status);
2749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2750 if (conn && !ev->status)
2751 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2753 hci_dev_unlock(hdev);
2756 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2758 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2759 struct inquiry_entry *ie;
2761 BT_DBG("%s", hdev->name);
2765 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2767 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2768 ie->timestamp = jiffies;
2771 hci_dev_unlock(hdev);
2774 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2776 struct inquiry_data data;
2777 int num_rsp = *((__u8 *) skb->data);
2780 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2787 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2788 struct inquiry_info_with_rssi_and_pscan_mode *info;
2789 info = (void *) (skb->data + 1);
2791 for (; num_rsp; num_rsp--, info++) {
2792 bacpy(&data.bdaddr, &info->bdaddr);
2793 data.pscan_rep_mode = info->pscan_rep_mode;
2794 data.pscan_period_mode = info->pscan_period_mode;
2795 data.pscan_mode = info->pscan_mode;
2796 memcpy(data.dev_class, info->dev_class, 3);
2797 data.clock_offset = info->clock_offset;
2798 data.rssi = info->rssi;
2799 data.ssp_mode = 0x00;
2801 name_known = hci_inquiry_cache_update(hdev, &data,
2803 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2804 info->dev_class, info->rssi,
2805 !name_known, NULL, 0);
2808 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2810 for (; num_rsp; num_rsp--, info++) {
2811 bacpy(&data.bdaddr, &info->bdaddr);
2812 data.pscan_rep_mode = info->pscan_rep_mode;
2813 data.pscan_period_mode = info->pscan_period_mode;
2814 data.pscan_mode = 0x00;
2815 memcpy(data.dev_class, info->dev_class, 3);
2816 data.clock_offset = info->clock_offset;
2817 data.rssi = info->rssi;
2818 data.ssp_mode = 0x00;
2819 name_known = hci_inquiry_cache_update(hdev, &data,
2821 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2822 info->dev_class, info->rssi,
2823 !name_known, NULL, 0);
2827 hci_dev_unlock(hdev);
2830 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2832 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2833 struct hci_conn *conn;
2835 BT_DBG("%s", hdev->name);
2839 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2843 if (!ev->status && ev->page == 0x01) {
2844 struct inquiry_entry *ie;
2846 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2848 ie->data.ssp_mode = (ev->features[0] & 0x01);
2850 if (ev->features[0] & 0x01)
2851 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2854 if (conn->state != BT_CONFIG)
2858 struct hci_cp_remote_name_req cp;
2859 memset(&cp, 0, sizeof(cp));
2860 bacpy(&cp.bdaddr, &conn->dst);
2861 cp.pscan_rep_mode = 0x02;
2862 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2863 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2864 mgmt_device_connected(hdev, &conn->dst, conn->type,
2865 conn->dst_type, NULL, 0,
2868 if (!hci_outgoing_auth_needed(hdev, conn)) {
2869 conn->state = BT_CONNECTED;
2870 hci_proto_connect_cfm(conn, ev->status);
2875 hci_dev_unlock(hdev);
2878 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2880 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2881 struct hci_conn *conn;
2883 BT_DBG("%s status %d", hdev->name, ev->status);
2887 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2889 if (ev->link_type == ESCO_LINK)
2892 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2896 conn->type = SCO_LINK;
2899 switch (ev->status) {
2901 conn->handle = __le16_to_cpu(ev->handle);
2902 conn->state = BT_CONNECTED;
2904 hci_conn_hold_device(conn);
2905 hci_conn_add_sysfs(conn);
2908 case 0x11: /* Unsupported Feature or Parameter Value */
2909 case 0x1c: /* SCO interval rejected */
2910 case 0x1a: /* Unsupported Remote Feature */
2911 case 0x1f: /* Unspecified error */
2912 if (conn->out && conn->attempt < 2) {
2913 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2914 (hdev->esco_type & EDR_ESCO_MASK);
2915 hci_setup_sync(conn, conn->link->handle);
2921 conn->state = BT_CLOSED;
2925 hci_proto_connect_cfm(conn, ev->status);
2930 hci_dev_unlock(hdev);
2933 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2935 BT_DBG("%s", hdev->name);
2938 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2940 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2942 BT_DBG("%s status %d", hdev->name, ev->status);
2945 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2947 struct inquiry_data data;
2948 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2949 int num_rsp = *((__u8 *) skb->data);
2951 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2958 for (; num_rsp; num_rsp--, info++) {
2961 bacpy(&data.bdaddr, &info->bdaddr);
2962 data.pscan_rep_mode = info->pscan_rep_mode;
2963 data.pscan_period_mode = info->pscan_period_mode;
2964 data.pscan_mode = 0x00;
2965 memcpy(data.dev_class, info->dev_class, 3);
2966 data.clock_offset = info->clock_offset;
2967 data.rssi = info->rssi;
2968 data.ssp_mode = 0x01;
2970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2971 name_known = eir_has_data_type(info->data,
2977 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2978 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2979 info->dev_class, info->rssi,
2980 !name_known, info->data,
2981 sizeof(info->data));
2984 hci_dev_unlock(hdev);
2987 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2989 /* If remote requests dedicated bonding follow that lead */
2990 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2991 /* If both remote and local IO capabilities allow MITM
2992 * protection then require it, otherwise don't */
2993 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2999 /* If remote requests no-bonding follow that lead */
3000 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3001 return conn->remote_auth | (conn->auth_type & 0x01);
3003 return conn->auth_type;
3006 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3008 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3009 struct hci_conn *conn;
3011 BT_DBG("%s", hdev->name);
3015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3019 hci_conn_hold(conn);
3021 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3024 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3025 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3026 struct hci_cp_io_capability_reply cp;
3028 bacpy(&cp.bdaddr, &ev->bdaddr);
3029 /* Change the IO capability from KeyboardDisplay
3030 * to DisplayYesNo as it is not supported by BT spec. */
3031 cp.capability = (conn->io_capability == 0x04) ?
3032 0x01 : conn->io_capability;
3033 conn->auth_type = hci_get_auth_req(conn);
3034 cp.authentication = conn->auth_type;
3036 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3037 hci_find_remote_oob_data(hdev, &conn->dst))
3042 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3045 struct hci_cp_io_capability_neg_reply cp;
3047 bacpy(&cp.bdaddr, &ev->bdaddr);
3048 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3050 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3055 hci_dev_unlock(hdev);
3058 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3060 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3061 struct hci_conn *conn;
3063 BT_DBG("%s", hdev->name);
3067 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3071 conn->remote_cap = ev->capability;
3072 conn->remote_auth = ev->authentication;
3074 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3077 hci_dev_unlock(hdev);
3080 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3081 struct sk_buff *skb)
3083 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3084 int loc_mitm, rem_mitm, confirm_hint = 0;
3085 struct hci_conn *conn;
3087 BT_DBG("%s", hdev->name);
3091 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3094 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3098 loc_mitm = (conn->auth_type & 0x01);
3099 rem_mitm = (conn->remote_auth & 0x01);
3101 /* If we require MITM but the remote device can't provide that
3102 * (it has NoInputNoOutput) then reject the confirmation
3103 * request. The only exception is when we're dedicated bonding
3104 * initiators (connect_cfm_cb set) since then we always have the MITM
3106 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3107 BT_DBG("Rejecting request: remote device can't provide MITM");
3108 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3109 sizeof(ev->bdaddr), &ev->bdaddr);
3113 /* If no side requires MITM protection; auto-accept */
3114 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3115 (!rem_mitm || conn->io_capability == 0x03)) {
3117 /* If we're not the initiators request authorization to
3118 * proceed from user space (mgmt_user_confirm with
3119 * confirm_hint set to 1). */
3120 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3121 BT_DBG("Confirming auto-accept as acceptor");
3126 BT_DBG("Auto-accept of user confirmation with %ums delay",
3127 hdev->auto_accept_delay);
3129 if (hdev->auto_accept_delay > 0) {
3130 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3131 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3135 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3136 sizeof(ev->bdaddr), &ev->bdaddr);
3141 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3145 hci_dev_unlock(hdev);
3148 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3149 struct sk_buff *skb)
3151 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3153 BT_DBG("%s", hdev->name);
3157 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3158 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3160 hci_dev_unlock(hdev);
3163 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3165 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3166 struct hci_conn *conn;
3168 BT_DBG("%s", hdev->name);
3172 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3176 /* To avoid duplicate auth_failed events to user space we check
3177 * the HCI_CONN_AUTH_PEND flag which will be set if we
3178 * initiated the authentication. A traditional auth_complete
3179 * event gets always produced as initiator and is also mapped to
3180 * the mgmt_auth_failed event */
3181 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3182 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3188 hci_dev_unlock(hdev);
3191 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3193 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3194 struct inquiry_entry *ie;
3196 BT_DBG("%s", hdev->name);
3200 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3202 ie->data.ssp_mode = (ev->features[0] & 0x01);
3204 hci_dev_unlock(hdev);
3207 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3208 struct sk_buff *skb)
3210 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3211 struct oob_data *data;
3213 BT_DBG("%s", hdev->name);
3217 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3220 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3222 struct hci_cp_remote_oob_data_reply cp;
3224 bacpy(&cp.bdaddr, &ev->bdaddr);
3225 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3226 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3228 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3231 struct hci_cp_remote_oob_data_neg_reply cp;
3233 bacpy(&cp.bdaddr, &ev->bdaddr);
3234 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3239 hci_dev_unlock(hdev);
3242 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3244 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3245 struct hci_conn *conn;
3247 BT_DBG("%s status %d", hdev->name, ev->status);
3251 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3253 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3255 BT_ERR("No memory for new connection");
3256 hci_dev_unlock(hdev);
3260 conn->dst_type = ev->bdaddr_type;
3264 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3265 conn->dst_type, ev->status);
3266 hci_proto_connect_cfm(conn, ev->status);
3267 conn->state = BT_CLOSED;
3272 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3273 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3274 conn->dst_type, NULL, 0, 0);
3276 conn->sec_level = BT_SECURITY_LOW;
3277 conn->handle = __le16_to_cpu(ev->handle);
3278 conn->state = BT_CONNECTED;
3280 hci_conn_hold_device(conn);
3281 hci_conn_add_sysfs(conn);
3283 hci_proto_connect_cfm(conn, ev->status);
3286 hci_dev_unlock(hdev);
3289 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3290 struct sk_buff *skb)
3292 u8 num_reports = skb->data[0];
3293 void *ptr = &skb->data[1];
3298 while (num_reports--) {
3299 struct hci_ev_le_advertising_info *ev = ptr;
3301 hci_add_adv_entry(hdev, ev);
3303 rssi = ev->data[ev->length];
3304 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3305 NULL, rssi, 0, ev->data, ev->length);
3307 ptr += sizeof(*ev) + ev->length + 1;
3310 hci_dev_unlock(hdev);
3313 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3314 struct sk_buff *skb)
3316 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3317 struct hci_cp_le_ltk_reply cp;
3318 struct hci_cp_le_ltk_neg_reply neg;
3319 struct hci_conn *conn;
3320 struct smp_ltk *ltk;
3322 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3326 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3330 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3334 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3335 cp.handle = cpu_to_le16(conn->handle);
3337 if (ltk->authenticated)
3338 conn->sec_level = BT_SECURITY_HIGH;
3340 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3342 if (ltk->type & HCI_SMP_STK) {
3343 list_del(<k->list);
3347 hci_dev_unlock(hdev);
3352 neg.handle = ev->handle;
3353 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3354 hci_dev_unlock(hdev);
3357 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3359 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3361 skb_pull(skb, sizeof(*le_ev));
3363 switch (le_ev->subevent) {
3364 case HCI_EV_LE_CONN_COMPLETE:
3365 hci_le_conn_complete_evt(hdev, skb);
3368 case HCI_EV_LE_ADVERTISING_REPORT:
3369 hci_le_adv_report_evt(hdev, skb);
3372 case HCI_EV_LE_LTK_REQ:
3373 hci_le_ltk_request_evt(hdev, skb);
3381 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3383 struct hci_event_hdr *hdr = (void *) skb->data;
3384 __u8 event = hdr->evt;
3386 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3389 case HCI_EV_INQUIRY_COMPLETE:
3390 hci_inquiry_complete_evt(hdev, skb);
3393 case HCI_EV_INQUIRY_RESULT:
3394 hci_inquiry_result_evt(hdev, skb);
3397 case HCI_EV_CONN_COMPLETE:
3398 hci_conn_complete_evt(hdev, skb);
3401 case HCI_EV_CONN_REQUEST:
3402 hci_conn_request_evt(hdev, skb);
3405 case HCI_EV_DISCONN_COMPLETE:
3406 hci_disconn_complete_evt(hdev, skb);
3409 case HCI_EV_AUTH_COMPLETE:
3410 hci_auth_complete_evt(hdev, skb);
3413 case HCI_EV_REMOTE_NAME:
3414 hci_remote_name_evt(hdev, skb);
3417 case HCI_EV_ENCRYPT_CHANGE:
3418 hci_encrypt_change_evt(hdev, skb);
3421 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3422 hci_change_link_key_complete_evt(hdev, skb);
3425 case HCI_EV_REMOTE_FEATURES:
3426 hci_remote_features_evt(hdev, skb);
3429 case HCI_EV_REMOTE_VERSION:
3430 hci_remote_version_evt(hdev, skb);
3433 case HCI_EV_QOS_SETUP_COMPLETE:
3434 hci_qos_setup_complete_evt(hdev, skb);
3437 case HCI_EV_CMD_COMPLETE:
3438 hci_cmd_complete_evt(hdev, skb);
3441 case HCI_EV_CMD_STATUS:
3442 hci_cmd_status_evt(hdev, skb);
3445 case HCI_EV_ROLE_CHANGE:
3446 hci_role_change_evt(hdev, skb);
3449 case HCI_EV_NUM_COMP_PKTS:
3450 hci_num_comp_pkts_evt(hdev, skb);
3453 case HCI_EV_MODE_CHANGE:
3454 hci_mode_change_evt(hdev, skb);
3457 case HCI_EV_PIN_CODE_REQ:
3458 hci_pin_code_request_evt(hdev, skb);
3461 case HCI_EV_LINK_KEY_REQ:
3462 hci_link_key_request_evt(hdev, skb);
3465 case HCI_EV_LINK_KEY_NOTIFY:
3466 hci_link_key_notify_evt(hdev, skb);
3469 case HCI_EV_CLOCK_OFFSET:
3470 hci_clock_offset_evt(hdev, skb);
3473 case HCI_EV_PKT_TYPE_CHANGE:
3474 hci_pkt_type_change_evt(hdev, skb);
3477 case HCI_EV_PSCAN_REP_MODE:
3478 hci_pscan_rep_mode_evt(hdev, skb);
3481 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3482 hci_inquiry_result_with_rssi_evt(hdev, skb);
3485 case HCI_EV_REMOTE_EXT_FEATURES:
3486 hci_remote_ext_features_evt(hdev, skb);
3489 case HCI_EV_SYNC_CONN_COMPLETE:
3490 hci_sync_conn_complete_evt(hdev, skb);
3493 case HCI_EV_SYNC_CONN_CHANGED:
3494 hci_sync_conn_changed_evt(hdev, skb);
3497 case HCI_EV_SNIFF_SUBRATE:
3498 hci_sniff_subrate_evt(hdev, skb);
3501 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3502 hci_extended_inquiry_result_evt(hdev, skb);
3505 case HCI_EV_IO_CAPA_REQUEST:
3506 hci_io_capa_request_evt(hdev, skb);
3509 case HCI_EV_IO_CAPA_REPLY:
3510 hci_io_capa_reply_evt(hdev, skb);
3513 case HCI_EV_USER_CONFIRM_REQUEST:
3514 hci_user_confirm_request_evt(hdev, skb);
3517 case HCI_EV_USER_PASSKEY_REQUEST:
3518 hci_user_passkey_request_evt(hdev, skb);
3521 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3522 hci_simple_pair_complete_evt(hdev, skb);
3525 case HCI_EV_REMOTE_HOST_FEATURES:
3526 hci_remote_host_features_evt(hdev, skb);
3529 case HCI_EV_LE_META:
3530 hci_le_meta_evt(hdev, skb);
3533 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3534 hci_remote_oob_data_request_evt(hdev, skb);
3537 case HCI_EV_NUM_COMP_BLOCKS:
3538 hci_num_comp_blocks_evt(hdev, skb);
3542 BT_DBG("%s event 0x%x", hdev->name, event);
3547 hdev->stat.evt_rx++;
3550 /* Generate internal stack event */
3551 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3553 struct hci_event_hdr *hdr;
3554 struct hci_ev_stack_internal *ev;
3555 struct sk_buff *skb;
3557 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3561 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3562 hdr->evt = HCI_EV_STACK_INTERNAL;
3563 hdr->plen = sizeof(*ev) + dlen;
3565 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3567 memcpy(ev->data, data, dlen);
3569 bt_cb(skb)->incoming = 1;
3570 __net_timestamp(skb);
3572 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3573 skb->dev = (void *) hdev;
3574 hci_send_to_sock(hdev, skb, NULL);
3578 module_param(enable_le, bool, 0644);
3579 MODULE_PARM_DESC(enable_le, "Enable LE support");