2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
205 __u8 status = *((__u8 *) skb->data);
208 BT_DBG("%s status 0x%x", hdev->name, status);
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222 hci_dev_unlock(hdev);
225 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
260 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
262 __u8 status = *((__u8 *) skb->data);
265 BT_DBG("%s status 0x%x", hdev->name, status);
267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
272 __u8 param = *((__u8 *) sent);
275 set_bit(HCI_ENCRYPT, &hdev->flags);
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
283 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
289 BT_DBG("%s status 0x%x", hdev->name, status);
291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 param = *((__u8 *) sent);
300 mgmt_write_scan_failed(hdev, param, status);
301 hdev->discov_timeout = 0;
305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
311 mgmt_discoverable(hdev, 1);
312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 } else if (old_iscan)
318 mgmt_discoverable(hdev, 0);
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
323 mgmt_connectable(hdev, 1);
324 } else if (old_pscan)
325 mgmt_connectable(hdev, 0);
328 hci_dev_unlock(hdev);
329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%x", hdev->name, status);
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
364 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
366 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
369 BT_DBG("%s status 0x%x", hdev->name, rp->status);
374 setting = __le16_to_cpu(rp->voice_setting);
376 if (hdev->voice_setting == setting)
379 hdev->voice_setting = setting;
381 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
387 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
417 __u8 status = *((__u8 *) skb->data);
419 BT_DBG("%s status 0x%x", hdev->name, status);
421 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
424 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
426 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%x", hdev->name, rp->status);
434 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
436 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441 __u8 status = *((__u8 *) skb->data);
444 BT_DBG("%s status 0x%x", hdev->name, status);
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
461 if (hdev->features[6] & LMP_EXT_INQ)
464 if (hdev->features[3] & LMP_RSSI_INQ)
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
487 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
491 mode = hci_get_inquiry_mode(hdev);
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496 static void hci_setup_event_mask(struct hci_dev *hdev)
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
551 static void hci_set_le_support(struct hci_dev *hdev)
553 struct hci_cp_write_le_host_supported cp;
555 memset(&cp, 0, sizeof(cp));
559 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
562 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
565 static void hci_setup(struct hci_dev *hdev)
567 if (hdev->dev_type != HCI_BREDR)
570 hci_setup_event_mask(hdev);
572 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
573 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
577 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
580 if (hdev->features[3] & LMP_RSSI_INQ)
581 hci_setup_inquiry_mode(hdev);
583 if (hdev->features[7] & LMP_INQ_TX_PWR)
584 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
586 if (hdev->features[7] & LMP_EXTFEATURES) {
587 struct hci_cp_read_local_ext_features cp;
590 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
594 if (hdev->features[4] & LMP_LE)
595 hci_set_le_support(hdev);
598 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%x", hdev->name, rp->status);
607 hdev->hci_ver = rp->hci_ver;
608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
609 hdev->lmp_ver = rp->lmp_ver;
610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
613 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
615 hdev->hci_ver, hdev->hci_rev);
617 if (test_bit(HCI_INIT, &hdev->flags))
621 static void hci_setup_link_policy(struct hci_dev *hdev)
625 if (hdev->features[0] & LMP_RSWITCH)
626 link_policy |= HCI_LP_RSWITCH;
627 if (hdev->features[0] & LMP_HOLD)
628 link_policy |= HCI_LP_HOLD;
629 if (hdev->features[0] & LMP_SNIFF)
630 link_policy |= HCI_LP_SNIFF;
631 if (hdev->features[1] & LMP_PARK)
632 link_policy |= HCI_LP_PARK;
634 link_policy = cpu_to_le16(link_policy);
635 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
636 sizeof(link_policy), &link_policy);
639 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
641 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
648 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
650 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
651 hci_setup_link_policy(hdev);
654 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
657 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
659 struct hci_rp_read_local_features *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666 memcpy(hdev->features, rp->features, 8);
668 /* Adjust default settings according to features
669 * supported by device. */
671 if (hdev->features[0] & LMP_3SLOT)
672 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
674 if (hdev->features[0] & LMP_5SLOT)
675 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
677 if (hdev->features[1] & LMP_HV2) {
678 hdev->pkt_type |= (HCI_HV2);
679 hdev->esco_type |= (ESCO_HV2);
682 if (hdev->features[1] & LMP_HV3) {
683 hdev->pkt_type |= (HCI_HV3);
684 hdev->esco_type |= (ESCO_HV3);
687 if (hdev->features[3] & LMP_ESCO)
688 hdev->esco_type |= (ESCO_EV3);
690 if (hdev->features[4] & LMP_EV4)
691 hdev->esco_type |= (ESCO_EV4);
693 if (hdev->features[4] & LMP_EV5)
694 hdev->esco_type |= (ESCO_EV5);
696 if (hdev->features[5] & LMP_EDR_ESCO_2M)
697 hdev->esco_type |= (ESCO_2EV3);
699 if (hdev->features[5] & LMP_EDR_ESCO_3M)
700 hdev->esco_type |= (ESCO_3EV3);
702 if (hdev->features[5] & LMP_EDR_3S_ESCO)
703 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
705 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
706 hdev->features[0], hdev->features[1],
707 hdev->features[2], hdev->features[3],
708 hdev->features[4], hdev->features[5],
709 hdev->features[6], hdev->features[7]);
712 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
715 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
717 BT_DBG("%s status 0x%x", hdev->name, rp->status);
724 memcpy(hdev->features, rp->features, 8);
727 memcpy(hdev->host_features, rp->features, 8);
731 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
734 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
737 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
744 hdev->flow_ctl_mode = rp->mode;
746 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
749 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
758 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
759 hdev->sco_mtu = rp->sco_mtu;
760 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
761 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
763 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
768 hdev->acl_cnt = hdev->acl_pkts;
769 hdev->sco_cnt = hdev->sco_pkts;
771 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
772 hdev->acl_mtu, hdev->acl_pkts,
773 hdev->sco_mtu, hdev->sco_pkts);
776 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
778 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
780 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783 bacpy(&hdev->bdaddr, &rp->bdaddr);
785 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
788 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
791 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
798 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
799 hdev->block_len = __le16_to_cpu(rp->block_len);
800 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
802 hdev->block_cnt = hdev->num_blocks;
804 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
805 hdev->block_cnt, hdev->block_len);
807 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
810 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
812 __u8 status = *((__u8 *) skb->data);
814 BT_DBG("%s status 0x%x", hdev->name, status);
816 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
819 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
822 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
829 hdev->amp_status = rp->amp_status;
830 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
831 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
832 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
833 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
834 hdev->amp_type = rp->amp_type;
835 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
836 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
837 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
838 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
840 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
843 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
846 __u8 status = *((__u8 *) skb->data);
848 BT_DBG("%s status 0x%x", hdev->name, status);
850 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
853 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
855 __u8 status = *((__u8 *) skb->data);
857 BT_DBG("%s status 0x%x", hdev->name, status);
859 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
862 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
865 __u8 status = *((__u8 *) skb->data);
867 BT_DBG("%s status 0x%x", hdev->name, status);
869 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
872 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
875 __u8 status = *((__u8 *) skb->data);
877 BT_DBG("%s status 0x%x", hdev->name, status);
879 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
882 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
884 __u8 status = *((__u8 *) skb->data);
886 BT_DBG("%s status 0x%x", hdev->name, status);
888 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
891 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
893 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
894 struct hci_cp_pin_code_reply *cp;
895 struct hci_conn *conn;
897 BT_DBG("%s status 0x%x", hdev->name, rp->status);
901 if (test_bit(HCI_MGMT, &hdev->dev_flags))
902 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
907 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
913 conn->pin_length = cp->pin_len;
916 hci_dev_unlock(hdev);
919 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
921 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
927 if (test_bit(HCI_MGMT, &hdev->dev_flags))
928 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
931 hci_dev_unlock(hdev);
934 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
937 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
945 hdev->le_pkts = rp->le_max_pkt;
947 hdev->le_cnt = hdev->le_pkts;
949 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
951 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
954 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
956 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
963 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
966 hci_dev_unlock(hdev);
969 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
979 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
994 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
997 hci_dev_unlock(hdev);
1000 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1013 hci_dev_unlock(hdev);
1016 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1025 rp->randomizer, rp->status);
1026 hci_dev_unlock(hdev);
1029 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1031 __u8 status = *((__u8 *) skb->data);
1033 BT_DBG("%s status 0x%x", hdev->name, status);
1036 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_cp_le_set_scan_enable *cp;
1040 __u8 status = *((__u8 *) skb->data);
1042 BT_DBG("%s status 0x%x", hdev->name, status);
1047 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1051 switch (cp->enable) {
1052 case LE_SCANNING_ENABLED:
1053 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1055 cancel_delayed_work_sync(&hdev->adv_work);
1058 hci_adv_entries_clear(hdev);
1059 hci_discovery_set_state(hdev, DISCOVERY_LE_SCAN);
1060 hci_dev_unlock(hdev);
1063 case LE_SCANNING_DISABLED:
1064 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1067 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1068 hci_dev_unlock(hdev);
1070 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1074 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1079 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1081 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1083 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1088 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1091 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1093 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1095 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1100 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1103 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1104 struct sk_buff *skb)
1106 struct hci_cp_read_local_ext_features cp;
1107 __u8 status = *((__u8 *) skb->data);
1109 BT_DBG("%s status 0x%x", hdev->name, status);
1115 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1118 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1120 BT_DBG("%s status 0x%x", hdev->name, status);
1123 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1124 hci_conn_check_pending(hdev);
1126 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1127 mgmt_start_discovery_failed(hdev, status);
1128 hci_dev_unlock(hdev);
1132 set_bit(HCI_INQUIRY, &hdev->flags);
1135 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
1136 hci_dev_unlock(hdev);
1139 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1141 struct hci_cp_create_conn *cp;
1142 struct hci_conn *conn;
1144 BT_DBG("%s status 0x%x", hdev->name, status);
1146 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1152 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1154 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1157 if (conn && conn->state == BT_CONNECT) {
1158 if (status != 0x0c || conn->attempt > 2) {
1159 conn->state = BT_CLOSED;
1160 hci_proto_connect_cfm(conn, status);
1163 conn->state = BT_CONNECT2;
1167 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1170 conn->link_mode |= HCI_LM_MASTER;
1172 BT_ERR("No memory for new connection");
1176 hci_dev_unlock(hdev);
1179 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1181 struct hci_cp_add_sco *cp;
1182 struct hci_conn *acl, *sco;
1185 BT_DBG("%s status 0x%x", hdev->name, status);
1190 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1194 handle = __le16_to_cpu(cp->handle);
1196 BT_DBG("%s handle %d", hdev->name, handle);
1200 acl = hci_conn_hash_lookup_handle(hdev, handle);
1204 sco->state = BT_CLOSED;
1206 hci_proto_connect_cfm(sco, status);
1211 hci_dev_unlock(hdev);
1214 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1216 struct hci_cp_auth_requested *cp;
1217 struct hci_conn *conn;
1219 BT_DBG("%s status 0x%x", hdev->name, status);
1224 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1230 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1232 if (conn->state == BT_CONFIG) {
1233 hci_proto_connect_cfm(conn, status);
1238 hci_dev_unlock(hdev);
1241 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1243 struct hci_cp_set_conn_encrypt *cp;
1244 struct hci_conn *conn;
1246 BT_DBG("%s status 0x%x", hdev->name, status);
1251 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1257 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1259 if (conn->state == BT_CONFIG) {
1260 hci_proto_connect_cfm(conn, status);
1265 hci_dev_unlock(hdev);
1268 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1269 struct hci_conn *conn)
1271 if (conn->state != BT_CONFIG || !conn->out)
1274 if (conn->pending_sec_level == BT_SECURITY_SDP)
1277 /* Only request authentication for SSP connections or non-SSP
1278 * devices with sec_level HIGH or if MITM protection is requested */
1279 if (!hci_conn_ssp_enabled(conn) &&
1280 conn->pending_sec_level != BT_SECURITY_HIGH &&
1281 !(conn->auth_type & 0x01))
1287 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1289 struct hci_cp_remote_name_req cp;
1291 memset(&cp, 0, sizeof(cp));
1293 bacpy(&cp.bdaddr, &e->data.bdaddr);
1294 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1295 cp.pscan_mode = e->data.pscan_mode;
1296 cp.clock_offset = e->data.clock_offset;
1298 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1301 static bool hci_resolve_next_name(struct hci_dev *hdev)
1303 struct discovery_state *discov = &hdev->discovery;
1304 struct inquiry_entry *e;
1306 if (list_empty(&discov->resolve))
1309 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1310 if (hci_resolve_name(hdev, e) == 0) {
1311 e->name_state = NAME_PENDING;
1318 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1319 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1321 struct discovery_state *discov = &hdev->discovery;
1322 struct inquiry_entry *e;
1324 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1325 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1326 name, name_len, conn->dev_class);
1328 if (discov->state == DISCOVERY_STOPPED)
1331 if (discov->state == DISCOVERY_STOPPING)
1332 goto discov_complete;
1334 if (discov->state != DISCOVERY_RESOLVING)
1337 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1339 e->name_state = NAME_KNOWN;
1342 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1343 e->data.rssi, name, name_len);
1346 if (hci_resolve_next_name(hdev))
1350 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1353 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1355 struct hci_cp_remote_name_req *cp;
1356 struct hci_conn *conn;
1358 BT_DBG("%s status 0x%x", hdev->name, status);
1360 /* If successful wait for the name req complete event before
1361 * checking for the need to do authentication */
1365 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1371 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1374 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1379 if (!hci_outgoing_auth_needed(hdev, conn))
1382 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1383 struct hci_cp_auth_requested cp;
1384 cp.handle = __cpu_to_le16(conn->handle);
1385 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1389 hci_dev_unlock(hdev);
1392 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1394 struct hci_cp_read_remote_features *cp;
1395 struct hci_conn *conn;
1397 BT_DBG("%s status 0x%x", hdev->name, status);
1402 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1410 if (conn->state == BT_CONFIG) {
1411 hci_proto_connect_cfm(conn, status);
1416 hci_dev_unlock(hdev);
1419 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1421 struct hci_cp_read_remote_ext_features *cp;
1422 struct hci_conn *conn;
1424 BT_DBG("%s status 0x%x", hdev->name, status);
1429 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn->state == BT_CONFIG) {
1438 hci_proto_connect_cfm(conn, status);
1443 hci_dev_unlock(hdev);
1446 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1448 struct hci_cp_setup_sync_conn *cp;
1449 struct hci_conn *acl, *sco;
1452 BT_DBG("%s status 0x%x", hdev->name, status);
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1461 handle = __le16_to_cpu(cp->handle);
1463 BT_DBG("%s handle %d", hdev->name, handle);
1467 acl = hci_conn_hash_lookup_handle(hdev, handle);
1471 sco->state = BT_CLOSED;
1473 hci_proto_connect_cfm(sco, status);
1478 hci_dev_unlock(hdev);
1481 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1483 struct hci_cp_sniff_mode *cp;
1484 struct hci_conn *conn;
1486 BT_DBG("%s status 0x%x", hdev->name, status);
1491 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1497 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1499 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1501 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1502 hci_sco_setup(conn, status);
1505 hci_dev_unlock(hdev);
1508 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1510 struct hci_cp_exit_sniff_mode *cp;
1511 struct hci_conn *conn;
1513 BT_DBG("%s status 0x%x", hdev->name, status);
1518 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1524 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1526 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1528 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1529 hci_sco_setup(conn, status);
1532 hci_dev_unlock(hdev);
1535 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1537 struct hci_cp_le_create_conn *cp;
1538 struct hci_conn *conn;
1540 BT_DBG("%s status 0x%x", hdev->name, status);
1542 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1548 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1550 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1554 if (conn && conn->state == BT_CONNECT) {
1555 conn->state = BT_CLOSED;
1556 hci_proto_connect_cfm(conn, status);
1561 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1563 conn->dst_type = cp->peer_addr_type;
1566 BT_ERR("No memory for new connection");
1571 hci_dev_unlock(hdev);
1574 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1576 BT_DBG("%s status 0x%x", hdev->name, status);
1579 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1581 __u8 status = *((__u8 *) skb->data);
1582 struct discovery_state *discov = &hdev->discovery;
1583 struct inquiry_entry *e;
1585 BT_DBG("%s status %d", hdev->name, status);
1587 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1589 hci_conn_check_pending(hdev);
1591 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1594 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1599 if (discov->state != DISCOVERY_INQUIRY)
1602 if (list_empty(&discov->resolve)) {
1603 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1607 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1608 if (e && hci_resolve_name(hdev, e) == 0) {
1609 e->name_state = NAME_PENDING;
1610 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1612 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1616 hci_dev_unlock(hdev);
1619 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1621 struct inquiry_data data;
1622 struct inquiry_info *info = (void *) (skb->data + 1);
1623 int num_rsp = *((__u8 *) skb->data);
1625 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1632 for (; num_rsp; num_rsp--, info++) {
1635 bacpy(&data.bdaddr, &info->bdaddr);
1636 data.pscan_rep_mode = info->pscan_rep_mode;
1637 data.pscan_period_mode = info->pscan_period_mode;
1638 data.pscan_mode = info->pscan_mode;
1639 memcpy(data.dev_class, info->dev_class, 3);
1640 data.clock_offset = info->clock_offset;
1642 data.ssp_mode = 0x00;
1644 name_known = hci_inquiry_cache_update(hdev, &data, false);
1645 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1646 info->dev_class, 0, !name_known,
1650 hci_dev_unlock(hdev);
1653 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1655 struct hci_ev_conn_complete *ev = (void *) skb->data;
1656 struct hci_conn *conn;
1658 BT_DBG("%s", hdev->name);
1662 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1664 if (ev->link_type != SCO_LINK)
1667 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1671 conn->type = SCO_LINK;
1675 conn->handle = __le16_to_cpu(ev->handle);
1677 if (conn->type == ACL_LINK) {
1678 conn->state = BT_CONFIG;
1679 hci_conn_hold(conn);
1680 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1682 conn->state = BT_CONNECTED;
1684 hci_conn_hold_device(conn);
1685 hci_conn_add_sysfs(conn);
1687 if (test_bit(HCI_AUTH, &hdev->flags))
1688 conn->link_mode |= HCI_LM_AUTH;
1690 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1691 conn->link_mode |= HCI_LM_ENCRYPT;
1693 /* Get remote features */
1694 if (conn->type == ACL_LINK) {
1695 struct hci_cp_read_remote_features cp;
1696 cp.handle = ev->handle;
1697 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1701 /* Set packet type for incoming connection */
1702 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1703 struct hci_cp_change_conn_ptype cp;
1704 cp.handle = ev->handle;
1705 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1706 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1710 conn->state = BT_CLOSED;
1711 if (conn->type == ACL_LINK)
1712 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1713 conn->dst_type, ev->status);
1716 if (conn->type == ACL_LINK)
1717 hci_sco_setup(conn, ev->status);
1720 hci_proto_connect_cfm(conn, ev->status);
1722 } else if (ev->link_type != ACL_LINK)
1723 hci_proto_connect_cfm(conn, ev->status);
1726 hci_dev_unlock(hdev);
1728 hci_conn_check_pending(hdev);
1731 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1733 struct hci_ev_conn_request *ev = (void *) skb->data;
1734 int mask = hdev->link_mode;
1736 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1737 batostr(&ev->bdaddr), ev->link_type);
1739 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1741 if ((mask & HCI_LM_ACCEPT) &&
1742 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1743 /* Connection accepted */
1744 struct inquiry_entry *ie;
1745 struct hci_conn *conn;
1749 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1751 memcpy(ie->data.dev_class, ev->dev_class, 3);
1753 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1755 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1757 BT_ERR("No memory for new connection");
1758 hci_dev_unlock(hdev);
1763 memcpy(conn->dev_class, ev->dev_class, 3);
1764 conn->state = BT_CONNECT;
1766 hci_dev_unlock(hdev);
1768 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1769 struct hci_cp_accept_conn_req cp;
1771 bacpy(&cp.bdaddr, &ev->bdaddr);
1773 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1774 cp.role = 0x00; /* Become master */
1776 cp.role = 0x01; /* Remain slave */
1778 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1781 struct hci_cp_accept_sync_conn_req cp;
1783 bacpy(&cp.bdaddr, &ev->bdaddr);
1784 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1786 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1787 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1788 cp.max_latency = cpu_to_le16(0xffff);
1789 cp.content_format = cpu_to_le16(hdev->voice_setting);
1790 cp.retrans_effort = 0xff;
1792 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1796 /* Connection rejected */
1797 struct hci_cp_reject_conn_req cp;
1799 bacpy(&cp.bdaddr, &ev->bdaddr);
1800 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1801 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1805 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1807 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1808 struct hci_conn *conn;
1810 BT_DBG("%s status %d", hdev->name, ev->status);
1814 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1818 if (ev->status == 0)
1819 conn->state = BT_CLOSED;
1821 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1822 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1823 if (ev->status != 0)
1824 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1826 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1830 if (ev->status == 0) {
1831 hci_proto_disconn_cfm(conn, ev->reason);
1836 hci_dev_unlock(hdev);
1839 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1841 struct hci_ev_auth_complete *ev = (void *) skb->data;
1842 struct hci_conn *conn;
1844 BT_DBG("%s status %d", hdev->name, ev->status);
1848 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1853 if (!hci_conn_ssp_enabled(conn) &&
1854 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1855 BT_INFO("re-auth of legacy device is not possible.");
1857 conn->link_mode |= HCI_LM_AUTH;
1858 conn->sec_level = conn->pending_sec_level;
1861 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1864 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1865 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1867 if (conn->state == BT_CONFIG) {
1868 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1869 struct hci_cp_set_conn_encrypt cp;
1870 cp.handle = ev->handle;
1872 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1875 conn->state = BT_CONNECTED;
1876 hci_proto_connect_cfm(conn, ev->status);
1880 hci_auth_cfm(conn, ev->status);
1882 hci_conn_hold(conn);
1883 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1887 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1889 struct hci_cp_set_conn_encrypt cp;
1890 cp.handle = ev->handle;
1892 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1895 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1896 hci_encrypt_cfm(conn, ev->status, 0x00);
1901 hci_dev_unlock(hdev);
1904 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1906 struct hci_ev_remote_name *ev = (void *) skb->data;
1907 struct hci_conn *conn;
1909 BT_DBG("%s", hdev->name);
1911 hci_conn_check_pending(hdev);
1915 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1917 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1920 if (ev->status == 0)
1921 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1922 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1924 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1930 if (!hci_outgoing_auth_needed(hdev, conn))
1933 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1934 struct hci_cp_auth_requested cp;
1935 cp.handle = __cpu_to_le16(conn->handle);
1936 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1940 hci_dev_unlock(hdev);
1943 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1945 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1946 struct hci_conn *conn;
1948 BT_DBG("%s status %d", hdev->name, ev->status);
1952 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1956 /* Encryption implies authentication */
1957 conn->link_mode |= HCI_LM_AUTH;
1958 conn->link_mode |= HCI_LM_ENCRYPT;
1959 conn->sec_level = conn->pending_sec_level;
1961 conn->link_mode &= ~HCI_LM_ENCRYPT;
1964 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1966 if (conn->state == BT_CONFIG) {
1968 conn->state = BT_CONNECTED;
1970 hci_proto_connect_cfm(conn, ev->status);
1973 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1976 hci_dev_unlock(hdev);
1979 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1981 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1982 struct hci_conn *conn;
1984 BT_DBG("%s status %d", hdev->name, ev->status);
1988 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1991 conn->link_mode |= HCI_LM_SECURE;
1993 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1995 hci_key_change_cfm(conn, ev->status);
1998 hci_dev_unlock(hdev);
2001 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2003 struct hci_ev_remote_features *ev = (void *) skb->data;
2004 struct hci_conn *conn;
2006 BT_DBG("%s status %d", hdev->name, ev->status);
2010 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2015 memcpy(conn->features, ev->features, 8);
2017 if (conn->state != BT_CONFIG)
2020 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2021 struct hci_cp_read_remote_ext_features cp;
2022 cp.handle = ev->handle;
2024 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2030 struct hci_cp_remote_name_req cp;
2031 memset(&cp, 0, sizeof(cp));
2032 bacpy(&cp.bdaddr, &conn->dst);
2033 cp.pscan_rep_mode = 0x02;
2034 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2035 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2036 mgmt_device_connected(hdev, &conn->dst, conn->type,
2037 conn->dst_type, NULL, 0,
2040 if (!hci_outgoing_auth_needed(hdev, conn)) {
2041 conn->state = BT_CONNECTED;
2042 hci_proto_connect_cfm(conn, ev->status);
2047 hci_dev_unlock(hdev);
2050 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2052 BT_DBG("%s", hdev->name);
2055 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 BT_DBG("%s", hdev->name);
2060 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2062 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2065 skb_pull(skb, sizeof(*ev));
2067 opcode = __le16_to_cpu(ev->opcode);
2070 case HCI_OP_INQUIRY_CANCEL:
2071 hci_cc_inquiry_cancel(hdev, skb);
2074 case HCI_OP_EXIT_PERIODIC_INQ:
2075 hci_cc_exit_periodic_inq(hdev, skb);
2078 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2079 hci_cc_remote_name_req_cancel(hdev, skb);
2082 case HCI_OP_ROLE_DISCOVERY:
2083 hci_cc_role_discovery(hdev, skb);
2086 case HCI_OP_READ_LINK_POLICY:
2087 hci_cc_read_link_policy(hdev, skb);
2090 case HCI_OP_WRITE_LINK_POLICY:
2091 hci_cc_write_link_policy(hdev, skb);
2094 case HCI_OP_READ_DEF_LINK_POLICY:
2095 hci_cc_read_def_link_policy(hdev, skb);
2098 case HCI_OP_WRITE_DEF_LINK_POLICY:
2099 hci_cc_write_def_link_policy(hdev, skb);
2103 hci_cc_reset(hdev, skb);
2106 case HCI_OP_WRITE_LOCAL_NAME:
2107 hci_cc_write_local_name(hdev, skb);
2110 case HCI_OP_READ_LOCAL_NAME:
2111 hci_cc_read_local_name(hdev, skb);
2114 case HCI_OP_WRITE_AUTH_ENABLE:
2115 hci_cc_write_auth_enable(hdev, skb);
2118 case HCI_OP_WRITE_ENCRYPT_MODE:
2119 hci_cc_write_encrypt_mode(hdev, skb);
2122 case HCI_OP_WRITE_SCAN_ENABLE:
2123 hci_cc_write_scan_enable(hdev, skb);
2126 case HCI_OP_READ_CLASS_OF_DEV:
2127 hci_cc_read_class_of_dev(hdev, skb);
2130 case HCI_OP_WRITE_CLASS_OF_DEV:
2131 hci_cc_write_class_of_dev(hdev, skb);
2134 case HCI_OP_READ_VOICE_SETTING:
2135 hci_cc_read_voice_setting(hdev, skb);
2138 case HCI_OP_WRITE_VOICE_SETTING:
2139 hci_cc_write_voice_setting(hdev, skb);
2142 case HCI_OP_HOST_BUFFER_SIZE:
2143 hci_cc_host_buffer_size(hdev, skb);
2146 case HCI_OP_READ_SSP_MODE:
2147 hci_cc_read_ssp_mode(hdev, skb);
2150 case HCI_OP_WRITE_SSP_MODE:
2151 hci_cc_write_ssp_mode(hdev, skb);
2154 case HCI_OP_READ_LOCAL_VERSION:
2155 hci_cc_read_local_version(hdev, skb);
2158 case HCI_OP_READ_LOCAL_COMMANDS:
2159 hci_cc_read_local_commands(hdev, skb);
2162 case HCI_OP_READ_LOCAL_FEATURES:
2163 hci_cc_read_local_features(hdev, skb);
2166 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2167 hci_cc_read_local_ext_features(hdev, skb);
2170 case HCI_OP_READ_BUFFER_SIZE:
2171 hci_cc_read_buffer_size(hdev, skb);
2174 case HCI_OP_READ_BD_ADDR:
2175 hci_cc_read_bd_addr(hdev, skb);
2178 case HCI_OP_READ_DATA_BLOCK_SIZE:
2179 hci_cc_read_data_block_size(hdev, skb);
2182 case HCI_OP_WRITE_CA_TIMEOUT:
2183 hci_cc_write_ca_timeout(hdev, skb);
2186 case HCI_OP_READ_FLOW_CONTROL_MODE:
2187 hci_cc_read_flow_control_mode(hdev, skb);
2190 case HCI_OP_READ_LOCAL_AMP_INFO:
2191 hci_cc_read_local_amp_info(hdev, skb);
2194 case HCI_OP_DELETE_STORED_LINK_KEY:
2195 hci_cc_delete_stored_link_key(hdev, skb);
2198 case HCI_OP_SET_EVENT_MASK:
2199 hci_cc_set_event_mask(hdev, skb);
2202 case HCI_OP_WRITE_INQUIRY_MODE:
2203 hci_cc_write_inquiry_mode(hdev, skb);
2206 case HCI_OP_READ_INQ_RSP_TX_POWER:
2207 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2210 case HCI_OP_SET_EVENT_FLT:
2211 hci_cc_set_event_flt(hdev, skb);
2214 case HCI_OP_PIN_CODE_REPLY:
2215 hci_cc_pin_code_reply(hdev, skb);
2218 case HCI_OP_PIN_CODE_NEG_REPLY:
2219 hci_cc_pin_code_neg_reply(hdev, skb);
2222 case HCI_OP_READ_LOCAL_OOB_DATA:
2223 hci_cc_read_local_oob_data_reply(hdev, skb);
2226 case HCI_OP_LE_READ_BUFFER_SIZE:
2227 hci_cc_le_read_buffer_size(hdev, skb);
2230 case HCI_OP_USER_CONFIRM_REPLY:
2231 hci_cc_user_confirm_reply(hdev, skb);
2234 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2235 hci_cc_user_confirm_neg_reply(hdev, skb);
2238 case HCI_OP_USER_PASSKEY_REPLY:
2239 hci_cc_user_passkey_reply(hdev, skb);
2242 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2243 hci_cc_user_passkey_neg_reply(hdev, skb);
2245 case HCI_OP_LE_SET_SCAN_PARAM:
2246 hci_cc_le_set_scan_param(hdev, skb);
2249 case HCI_OP_LE_SET_SCAN_ENABLE:
2250 hci_cc_le_set_scan_enable(hdev, skb);
2253 case HCI_OP_LE_LTK_REPLY:
2254 hci_cc_le_ltk_reply(hdev, skb);
2257 case HCI_OP_LE_LTK_NEG_REPLY:
2258 hci_cc_le_ltk_neg_reply(hdev, skb);
2261 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2262 hci_cc_write_le_host_supported(hdev, skb);
2266 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2270 if (ev->opcode != HCI_OP_NOP)
2271 del_timer(&hdev->cmd_timer);
2274 atomic_set(&hdev->cmd_cnt, 1);
2275 if (!skb_queue_empty(&hdev->cmd_q))
2276 queue_work(hdev->workqueue, &hdev->cmd_work);
2280 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2282 struct hci_ev_cmd_status *ev = (void *) skb->data;
2285 skb_pull(skb, sizeof(*ev));
2287 opcode = __le16_to_cpu(ev->opcode);
2290 case HCI_OP_INQUIRY:
2291 hci_cs_inquiry(hdev, ev->status);
2294 case HCI_OP_CREATE_CONN:
2295 hci_cs_create_conn(hdev, ev->status);
2298 case HCI_OP_ADD_SCO:
2299 hci_cs_add_sco(hdev, ev->status);
2302 case HCI_OP_AUTH_REQUESTED:
2303 hci_cs_auth_requested(hdev, ev->status);
2306 case HCI_OP_SET_CONN_ENCRYPT:
2307 hci_cs_set_conn_encrypt(hdev, ev->status);
2310 case HCI_OP_REMOTE_NAME_REQ:
2311 hci_cs_remote_name_req(hdev, ev->status);
2314 case HCI_OP_READ_REMOTE_FEATURES:
2315 hci_cs_read_remote_features(hdev, ev->status);
2318 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2319 hci_cs_read_remote_ext_features(hdev, ev->status);
2322 case HCI_OP_SETUP_SYNC_CONN:
2323 hci_cs_setup_sync_conn(hdev, ev->status);
2326 case HCI_OP_SNIFF_MODE:
2327 hci_cs_sniff_mode(hdev, ev->status);
2330 case HCI_OP_EXIT_SNIFF_MODE:
2331 hci_cs_exit_sniff_mode(hdev, ev->status);
2334 case HCI_OP_DISCONNECT:
2335 if (ev->status != 0)
2336 mgmt_disconnect_failed(hdev, NULL, ev->status);
2339 case HCI_OP_LE_CREATE_CONN:
2340 hci_cs_le_create_conn(hdev, ev->status);
2343 case HCI_OP_LE_START_ENC:
2344 hci_cs_le_start_enc(hdev, ev->status);
2348 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2352 if (ev->opcode != HCI_OP_NOP)
2353 del_timer(&hdev->cmd_timer);
2355 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2356 atomic_set(&hdev->cmd_cnt, 1);
2357 if (!skb_queue_empty(&hdev->cmd_q))
2358 queue_work(hdev->workqueue, &hdev->cmd_work);
2362 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2364 struct hci_ev_role_change *ev = (void *) skb->data;
2365 struct hci_conn *conn;
2367 BT_DBG("%s status %d", hdev->name, ev->status);
2371 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2375 conn->link_mode &= ~HCI_LM_MASTER;
2377 conn->link_mode |= HCI_LM_MASTER;
2380 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2382 hci_role_switch_cfm(conn, ev->status, ev->role);
2385 hci_dev_unlock(hdev);
2388 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2390 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2393 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2394 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2398 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2399 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2400 BT_DBG("%s bad parameters", hdev->name);
2404 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2406 for (i = 0; i < ev->num_hndl; i++) {
2407 struct hci_comp_pkts_info *info = &ev->handles[i];
2408 struct hci_conn *conn;
2409 __u16 handle, count;
2411 handle = __le16_to_cpu(info->handle);
2412 count = __le16_to_cpu(info->count);
2414 conn = hci_conn_hash_lookup_handle(hdev, handle);
2418 conn->sent -= count;
2420 switch (conn->type) {
2422 hdev->acl_cnt += count;
2423 if (hdev->acl_cnt > hdev->acl_pkts)
2424 hdev->acl_cnt = hdev->acl_pkts;
2428 if (hdev->le_pkts) {
2429 hdev->le_cnt += count;
2430 if (hdev->le_cnt > hdev->le_pkts)
2431 hdev->le_cnt = hdev->le_pkts;
2433 hdev->acl_cnt += count;
2434 if (hdev->acl_cnt > hdev->acl_pkts)
2435 hdev->acl_cnt = hdev->acl_pkts;
2440 hdev->sco_cnt += count;
2441 if (hdev->sco_cnt > hdev->sco_pkts)
2442 hdev->sco_cnt = hdev->sco_pkts;
2446 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2451 queue_work(hdev->workqueue, &hdev->tx_work);
2454 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2455 struct sk_buff *skb)
2457 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2460 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2461 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2465 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2466 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2467 BT_DBG("%s bad parameters", hdev->name);
2471 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2474 for (i = 0; i < ev->num_hndl; i++) {
2475 struct hci_comp_blocks_info *info = &ev->handles[i];
2476 struct hci_conn *conn;
2477 __u16 handle, block_count;
2479 handle = __le16_to_cpu(info->handle);
2480 block_count = __le16_to_cpu(info->blocks);
2482 conn = hci_conn_hash_lookup_handle(hdev, handle);
2486 conn->sent -= block_count;
2488 switch (conn->type) {
2490 hdev->block_cnt += block_count;
2491 if (hdev->block_cnt > hdev->num_blocks)
2492 hdev->block_cnt = hdev->num_blocks;
2496 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2501 queue_work(hdev->workqueue, &hdev->tx_work);
2504 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2506 struct hci_ev_mode_change *ev = (void *) skb->data;
2507 struct hci_conn *conn;
2509 BT_DBG("%s status %d", hdev->name, ev->status);
2513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2515 conn->mode = ev->mode;
2516 conn->interval = __le16_to_cpu(ev->interval);
2518 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2519 if (conn->mode == HCI_CM_ACTIVE)
2520 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2522 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2525 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2526 hci_sco_setup(conn, ev->status);
2529 hci_dev_unlock(hdev);
2532 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2534 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2535 struct hci_conn *conn;
2537 BT_DBG("%s", hdev->name);
2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2545 if (conn->state == BT_CONNECTED) {
2546 hci_conn_hold(conn);
2547 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2551 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2552 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2553 sizeof(ev->bdaddr), &ev->bdaddr);
2554 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2557 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2562 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2566 hci_dev_unlock(hdev);
2569 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2571 struct hci_ev_link_key_req *ev = (void *) skb->data;
2572 struct hci_cp_link_key_reply cp;
2573 struct hci_conn *conn;
2574 struct link_key *key;
2576 BT_DBG("%s", hdev->name);
2578 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2583 key = hci_find_link_key(hdev, &ev->bdaddr);
2585 BT_DBG("%s link key not found for %s", hdev->name,
2586 batostr(&ev->bdaddr));
2590 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2591 batostr(&ev->bdaddr));
2593 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2594 key->type == HCI_LK_DEBUG_COMBINATION) {
2595 BT_DBG("%s ignoring debug key", hdev->name);
2599 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2601 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2602 conn->auth_type != 0xff &&
2603 (conn->auth_type & 0x01)) {
2604 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2608 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2609 conn->pending_sec_level == BT_SECURITY_HIGH) {
2610 BT_DBG("%s ignoring key unauthenticated for high \
2611 security", hdev->name);
2615 conn->key_type = key->type;
2616 conn->pin_length = key->pin_len;
2619 bacpy(&cp.bdaddr, &ev->bdaddr);
2620 memcpy(cp.link_key, key->val, 16);
2622 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2624 hci_dev_unlock(hdev);
2629 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2630 hci_dev_unlock(hdev);
2633 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2635 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2636 struct hci_conn *conn;
2639 BT_DBG("%s", hdev->name);
2643 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2645 hci_conn_hold(conn);
2646 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2647 pin_len = conn->pin_length;
2649 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2650 conn->key_type = ev->key_type;
2655 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2656 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2657 ev->key_type, pin_len);
2659 hci_dev_unlock(hdev);
2662 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2664 struct hci_ev_clock_offset *ev = (void *) skb->data;
2665 struct hci_conn *conn;
2667 BT_DBG("%s status %d", hdev->name, ev->status);
2671 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2672 if (conn && !ev->status) {
2673 struct inquiry_entry *ie;
2675 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2677 ie->data.clock_offset = ev->clock_offset;
2678 ie->timestamp = jiffies;
2682 hci_dev_unlock(hdev);
2685 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2687 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2688 struct hci_conn *conn;
2690 BT_DBG("%s status %d", hdev->name, ev->status);
2694 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2695 if (conn && !ev->status)
2696 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2698 hci_dev_unlock(hdev);
2701 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2703 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2704 struct inquiry_entry *ie;
2706 BT_DBG("%s", hdev->name);
2710 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2712 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2713 ie->timestamp = jiffies;
2716 hci_dev_unlock(hdev);
2719 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 struct inquiry_data data;
2722 int num_rsp = *((__u8 *) skb->data);
2725 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2732 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2733 struct inquiry_info_with_rssi_and_pscan_mode *info;
2734 info = (void *) (skb->data + 1);
2736 for (; num_rsp; num_rsp--, info++) {
2737 bacpy(&data.bdaddr, &info->bdaddr);
2738 data.pscan_rep_mode = info->pscan_rep_mode;
2739 data.pscan_period_mode = info->pscan_period_mode;
2740 data.pscan_mode = info->pscan_mode;
2741 memcpy(data.dev_class, info->dev_class, 3);
2742 data.clock_offset = info->clock_offset;
2743 data.rssi = info->rssi;
2744 data.ssp_mode = 0x00;
2746 name_known = hci_inquiry_cache_update(hdev, &data,
2748 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2749 info->dev_class, info->rssi,
2750 !name_known, NULL, 0);
2753 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2755 for (; num_rsp; num_rsp--, info++) {
2756 bacpy(&data.bdaddr, &info->bdaddr);
2757 data.pscan_rep_mode = info->pscan_rep_mode;
2758 data.pscan_period_mode = info->pscan_period_mode;
2759 data.pscan_mode = 0x00;
2760 memcpy(data.dev_class, info->dev_class, 3);
2761 data.clock_offset = info->clock_offset;
2762 data.rssi = info->rssi;
2763 data.ssp_mode = 0x00;
2764 name_known = hci_inquiry_cache_update(hdev, &data,
2766 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2767 info->dev_class, info->rssi,
2768 !name_known, NULL, 0);
2772 hci_dev_unlock(hdev);
2775 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2777 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2778 struct hci_conn *conn;
2780 BT_DBG("%s", hdev->name);
2784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2788 if (!ev->status && ev->page == 0x01) {
2789 struct inquiry_entry *ie;
2791 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2793 ie->data.ssp_mode = (ev->features[0] & 0x01);
2795 if (ev->features[0] & 0x01)
2796 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2799 if (conn->state != BT_CONFIG)
2803 struct hci_cp_remote_name_req cp;
2804 memset(&cp, 0, sizeof(cp));
2805 bacpy(&cp.bdaddr, &conn->dst);
2806 cp.pscan_rep_mode = 0x02;
2807 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2808 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2809 mgmt_device_connected(hdev, &conn->dst, conn->type,
2810 conn->dst_type, NULL, 0,
2813 if (!hci_outgoing_auth_needed(hdev, conn)) {
2814 conn->state = BT_CONNECTED;
2815 hci_proto_connect_cfm(conn, ev->status);
2820 hci_dev_unlock(hdev);
2823 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2825 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2826 struct hci_conn *conn;
2828 BT_DBG("%s status %d", hdev->name, ev->status);
2832 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2834 if (ev->link_type == ESCO_LINK)
2837 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2841 conn->type = SCO_LINK;
2844 switch (ev->status) {
2846 conn->handle = __le16_to_cpu(ev->handle);
2847 conn->state = BT_CONNECTED;
2849 hci_conn_hold_device(conn);
2850 hci_conn_add_sysfs(conn);
2853 case 0x11: /* Unsupported Feature or Parameter Value */
2854 case 0x1c: /* SCO interval rejected */
2855 case 0x1a: /* Unsupported Remote Feature */
2856 case 0x1f: /* Unspecified error */
2857 if (conn->out && conn->attempt < 2) {
2858 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2859 (hdev->esco_type & EDR_ESCO_MASK);
2860 hci_setup_sync(conn, conn->link->handle);
2866 conn->state = BT_CLOSED;
2870 hci_proto_connect_cfm(conn, ev->status);
2875 hci_dev_unlock(hdev);
2878 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2880 BT_DBG("%s", hdev->name);
2883 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2885 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2887 BT_DBG("%s status %d", hdev->name, ev->status);
2890 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2892 struct inquiry_data data;
2893 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2894 int num_rsp = *((__u8 *) skb->data);
2896 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2903 for (; num_rsp; num_rsp--, info++) {
2906 bacpy(&data.bdaddr, &info->bdaddr);
2907 data.pscan_rep_mode = info->pscan_rep_mode;
2908 data.pscan_period_mode = info->pscan_period_mode;
2909 data.pscan_mode = 0x00;
2910 memcpy(data.dev_class, info->dev_class, 3);
2911 data.clock_offset = info->clock_offset;
2912 data.rssi = info->rssi;
2913 data.ssp_mode = 0x01;
2915 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2916 name_known = eir_has_data_type(info->data,
2922 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2923 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2924 info->dev_class, info->rssi,
2925 !name_known, info->data,
2926 sizeof(info->data));
2929 hci_dev_unlock(hdev);
2932 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2934 /* If remote requests dedicated bonding follow that lead */
2935 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2936 /* If both remote and local IO capabilities allow MITM
2937 * protection then require it, otherwise don't */
2938 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2944 /* If remote requests no-bonding follow that lead */
2945 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2946 return conn->remote_auth | (conn->auth_type & 0x01);
2948 return conn->auth_type;
2951 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2953 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2954 struct hci_conn *conn;
2956 BT_DBG("%s", hdev->name);
2960 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2964 hci_conn_hold(conn);
2966 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2969 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2970 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2971 struct hci_cp_io_capability_reply cp;
2973 bacpy(&cp.bdaddr, &ev->bdaddr);
2974 /* Change the IO capability from KeyboardDisplay
2975 * to DisplayYesNo as it is not supported by BT spec. */
2976 cp.capability = (conn->io_capability == 0x04) ?
2977 0x01 : conn->io_capability;
2978 conn->auth_type = hci_get_auth_req(conn);
2979 cp.authentication = conn->auth_type;
2981 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
2982 hci_find_remote_oob_data(hdev, &conn->dst))
2987 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2990 struct hci_cp_io_capability_neg_reply cp;
2992 bacpy(&cp.bdaddr, &ev->bdaddr);
2993 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2995 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3000 hci_dev_unlock(hdev);
3003 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3005 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3006 struct hci_conn *conn;
3008 BT_DBG("%s", hdev->name);
3012 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3016 conn->remote_cap = ev->capability;
3017 conn->remote_auth = ev->authentication;
3019 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3022 hci_dev_unlock(hdev);
3025 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3026 struct sk_buff *skb)
3028 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3029 int loc_mitm, rem_mitm, confirm_hint = 0;
3030 struct hci_conn *conn;
3032 BT_DBG("%s", hdev->name);
3036 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3039 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3043 loc_mitm = (conn->auth_type & 0x01);
3044 rem_mitm = (conn->remote_auth & 0x01);
3046 /* If we require MITM but the remote device can't provide that
3047 * (it has NoInputNoOutput) then reject the confirmation
3048 * request. The only exception is when we're dedicated bonding
3049 * initiators (connect_cfm_cb set) since then we always have the MITM
3051 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3052 BT_DBG("Rejecting request: remote device can't provide MITM");
3053 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3054 sizeof(ev->bdaddr), &ev->bdaddr);
3058 /* If no side requires MITM protection; auto-accept */
3059 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3060 (!rem_mitm || conn->io_capability == 0x03)) {
3062 /* If we're not the initiators request authorization to
3063 * proceed from user space (mgmt_user_confirm with
3064 * confirm_hint set to 1). */
3065 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3066 BT_DBG("Confirming auto-accept as acceptor");
3071 BT_DBG("Auto-accept of user confirmation with %ums delay",
3072 hdev->auto_accept_delay);
3074 if (hdev->auto_accept_delay > 0) {
3075 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3076 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3080 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3081 sizeof(ev->bdaddr), &ev->bdaddr);
3086 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
3090 hci_dev_unlock(hdev);
3093 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3094 struct sk_buff *skb)
3096 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3098 BT_DBG("%s", hdev->name);
3102 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3103 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3105 hci_dev_unlock(hdev);
3108 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3110 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3111 struct hci_conn *conn;
3113 BT_DBG("%s", hdev->name);
3117 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3121 /* To avoid duplicate auth_failed events to user space we check
3122 * the HCI_CONN_AUTH_PEND flag which will be set if we
3123 * initiated the authentication. A traditional auth_complete
3124 * event gets always produced as initiator and is also mapped to
3125 * the mgmt_auth_failed event */
3126 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3127 mgmt_auth_failed(hdev, &conn->dst, ev->status);
3132 hci_dev_unlock(hdev);
3135 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3137 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3138 struct inquiry_entry *ie;
3140 BT_DBG("%s", hdev->name);
3144 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3146 ie->data.ssp_mode = (ev->features[0] & 0x01);
3148 hci_dev_unlock(hdev);
3151 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3152 struct sk_buff *skb)
3154 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3155 struct oob_data *data;
3157 BT_DBG("%s", hdev->name);
3161 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3164 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3166 struct hci_cp_remote_oob_data_reply cp;
3168 bacpy(&cp.bdaddr, &ev->bdaddr);
3169 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3170 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3172 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3175 struct hci_cp_remote_oob_data_neg_reply cp;
3177 bacpy(&cp.bdaddr, &ev->bdaddr);
3178 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3183 hci_dev_unlock(hdev);
3186 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3188 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3189 struct hci_conn *conn;
3191 BT_DBG("%s status %d", hdev->name, ev->status);
3195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3197 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3199 BT_ERR("No memory for new connection");
3200 hci_dev_unlock(hdev);
3204 conn->dst_type = ev->bdaddr_type;
3208 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3209 conn->dst_type, ev->status);
3210 hci_proto_connect_cfm(conn, ev->status);
3211 conn->state = BT_CLOSED;
3216 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3217 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3218 conn->dst_type, NULL, 0, 0);
3220 conn->sec_level = BT_SECURITY_LOW;
3221 conn->handle = __le16_to_cpu(ev->handle);
3222 conn->state = BT_CONNECTED;
3224 hci_conn_hold_device(conn);
3225 hci_conn_add_sysfs(conn);
3227 hci_proto_connect_cfm(conn, ev->status);
3230 hci_dev_unlock(hdev);
3233 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3234 struct sk_buff *skb)
3236 u8 num_reports = skb->data[0];
3237 void *ptr = &skb->data[1];
3242 while (num_reports--) {
3243 struct hci_ev_le_advertising_info *ev = ptr;
3245 hci_add_adv_entry(hdev, ev);
3247 rssi = ev->data[ev->length];
3248 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3249 NULL, rssi, 0, ev->data, ev->length);
3251 ptr += sizeof(*ev) + ev->length + 1;
3254 hci_dev_unlock(hdev);
3257 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3258 struct sk_buff *skb)
3260 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3261 struct hci_cp_le_ltk_reply cp;
3262 struct hci_cp_le_ltk_neg_reply neg;
3263 struct hci_conn *conn;
3264 struct smp_ltk *ltk;
3266 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3274 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3278 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3279 cp.handle = cpu_to_le16(conn->handle);
3281 if (ltk->authenticated)
3282 conn->sec_level = BT_SECURITY_HIGH;
3284 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3286 if (ltk->type & HCI_SMP_STK) {
3287 list_del(<k->list);
3291 hci_dev_unlock(hdev);
3296 neg.handle = ev->handle;
3297 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3298 hci_dev_unlock(hdev);
3301 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3303 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3305 skb_pull(skb, sizeof(*le_ev));
3307 switch (le_ev->subevent) {
3308 case HCI_EV_LE_CONN_COMPLETE:
3309 hci_le_conn_complete_evt(hdev, skb);
3312 case HCI_EV_LE_ADVERTISING_REPORT:
3313 hci_le_adv_report_evt(hdev, skb);
3316 case HCI_EV_LE_LTK_REQ:
3317 hci_le_ltk_request_evt(hdev, skb);
3325 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3327 struct hci_event_hdr *hdr = (void *) skb->data;
3328 __u8 event = hdr->evt;
3330 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3333 case HCI_EV_INQUIRY_COMPLETE:
3334 hci_inquiry_complete_evt(hdev, skb);
3337 case HCI_EV_INQUIRY_RESULT:
3338 hci_inquiry_result_evt(hdev, skb);
3341 case HCI_EV_CONN_COMPLETE:
3342 hci_conn_complete_evt(hdev, skb);
3345 case HCI_EV_CONN_REQUEST:
3346 hci_conn_request_evt(hdev, skb);
3349 case HCI_EV_DISCONN_COMPLETE:
3350 hci_disconn_complete_evt(hdev, skb);
3353 case HCI_EV_AUTH_COMPLETE:
3354 hci_auth_complete_evt(hdev, skb);
3357 case HCI_EV_REMOTE_NAME:
3358 hci_remote_name_evt(hdev, skb);
3361 case HCI_EV_ENCRYPT_CHANGE:
3362 hci_encrypt_change_evt(hdev, skb);
3365 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3366 hci_change_link_key_complete_evt(hdev, skb);
3369 case HCI_EV_REMOTE_FEATURES:
3370 hci_remote_features_evt(hdev, skb);
3373 case HCI_EV_REMOTE_VERSION:
3374 hci_remote_version_evt(hdev, skb);
3377 case HCI_EV_QOS_SETUP_COMPLETE:
3378 hci_qos_setup_complete_evt(hdev, skb);
3381 case HCI_EV_CMD_COMPLETE:
3382 hci_cmd_complete_evt(hdev, skb);
3385 case HCI_EV_CMD_STATUS:
3386 hci_cmd_status_evt(hdev, skb);
3389 case HCI_EV_ROLE_CHANGE:
3390 hci_role_change_evt(hdev, skb);
3393 case HCI_EV_NUM_COMP_PKTS:
3394 hci_num_comp_pkts_evt(hdev, skb);
3397 case HCI_EV_MODE_CHANGE:
3398 hci_mode_change_evt(hdev, skb);
3401 case HCI_EV_PIN_CODE_REQ:
3402 hci_pin_code_request_evt(hdev, skb);
3405 case HCI_EV_LINK_KEY_REQ:
3406 hci_link_key_request_evt(hdev, skb);
3409 case HCI_EV_LINK_KEY_NOTIFY:
3410 hci_link_key_notify_evt(hdev, skb);
3413 case HCI_EV_CLOCK_OFFSET:
3414 hci_clock_offset_evt(hdev, skb);
3417 case HCI_EV_PKT_TYPE_CHANGE:
3418 hci_pkt_type_change_evt(hdev, skb);
3421 case HCI_EV_PSCAN_REP_MODE:
3422 hci_pscan_rep_mode_evt(hdev, skb);
3425 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3426 hci_inquiry_result_with_rssi_evt(hdev, skb);
3429 case HCI_EV_REMOTE_EXT_FEATURES:
3430 hci_remote_ext_features_evt(hdev, skb);
3433 case HCI_EV_SYNC_CONN_COMPLETE:
3434 hci_sync_conn_complete_evt(hdev, skb);
3437 case HCI_EV_SYNC_CONN_CHANGED:
3438 hci_sync_conn_changed_evt(hdev, skb);
3441 case HCI_EV_SNIFF_SUBRATE:
3442 hci_sniff_subrate_evt(hdev, skb);
3445 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3446 hci_extended_inquiry_result_evt(hdev, skb);
3449 case HCI_EV_IO_CAPA_REQUEST:
3450 hci_io_capa_request_evt(hdev, skb);
3453 case HCI_EV_IO_CAPA_REPLY:
3454 hci_io_capa_reply_evt(hdev, skb);
3457 case HCI_EV_USER_CONFIRM_REQUEST:
3458 hci_user_confirm_request_evt(hdev, skb);
3461 case HCI_EV_USER_PASSKEY_REQUEST:
3462 hci_user_passkey_request_evt(hdev, skb);
3465 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3466 hci_simple_pair_complete_evt(hdev, skb);
3469 case HCI_EV_REMOTE_HOST_FEATURES:
3470 hci_remote_host_features_evt(hdev, skb);
3473 case HCI_EV_LE_META:
3474 hci_le_meta_evt(hdev, skb);
3477 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3478 hci_remote_oob_data_request_evt(hdev, skb);
3481 case HCI_EV_NUM_COMP_BLOCKS:
3482 hci_num_comp_blocks_evt(hdev, skb);
3486 BT_DBG("%s event 0x%x", hdev->name, event);
3491 hdev->stat.evt_rx++;
3494 /* Generate internal stack event */
3495 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3497 struct hci_event_hdr *hdr;
3498 struct hci_ev_stack_internal *ev;
3499 struct sk_buff *skb;
3501 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3505 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3506 hdr->evt = HCI_EV_STACK_INTERNAL;
3507 hdr->plen = sizeof(*ev) + dlen;
3509 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3511 memcpy(ev->data, data, dlen);
3513 bt_cb(skb)->incoming = 1;
3514 __net_timestamp(skb);
3516 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3517 skb->dev = (void *) hdev;
3518 hci_send_to_sock(hdev, skb, NULL);
3522 module_param(enable_le, bool, 0644);
3523 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob