2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 /* Handle HCI Event packets */
49 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 __u8 status = *((__u8 *) skb->data);
53 BT_DBG("%s status 0x%x", hdev->name, status);
57 mgmt_stop_discovery_failed(hdev, status);
62 clear_bit(HCI_INQUIRY, &hdev->flags);
65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
70 hci_conn_check_pending(hdev);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%x", hdev->name, status);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87 BT_DBG("%s", hdev->name);
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->link_mode &= ~HCI_LM_MASTER;
107 conn->link_mode |= HCI_LM_MASTER;
110 hci_dev_unlock(hdev);
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 conn->link_policy = __le16_to_cpu(rp->policy);
129 hci_dev_unlock(hdev);
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
135 struct hci_conn *conn;
138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 conn->link_policy = get_unaligned_le16(sent + 2);
153 hci_dev_unlock(hdev);
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
165 hdev->link_policy = __le16_to_cpu(rp->policy);
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170 __u8 status = *((__u8 *) skb->data);
173 BT_DBG("%s status 0x%x", hdev->name, status);
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 hdev->link_policy = get_unaligned_le16(sent);
182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%x", hdev->name, status);
191 clear_bit(HCI_RESET, &hdev->flags);
193 hci_req_complete(hdev, HCI_OP_RESET, status);
195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
199 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201 __u8 status = *((__u8 *) skb->data);
204 BT_DBG("%s status 0x%x", hdev->name, status);
206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
216 mgmt_set_local_name_complete(hdev, sent, status);
218 hci_dev_unlock(hdev);
221 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
223 struct hci_rp_read_local_name *rp = (void *) skb->data;
225 BT_DBG("%s status 0x%x", hdev->name, rp->status);
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
233 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235 __u8 status = *((__u8 *) skb->data);
238 BT_DBG("%s status 0x%x", hdev->name, status);
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 __u8 param = *((__u8 *) sent);
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
250 clear_bit(HCI_AUTH, &hdev->flags);
253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
256 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
259 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
261 __u8 status = *((__u8 *) skb->data);
264 BT_DBG("%s status 0x%x", hdev->name, status);
266 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 __u8 param = *((__u8 *) sent);
274 set_bit(HCI_ENCRYPT, &hdev->flags);
276 clear_bit(HCI_ENCRYPT, &hdev->flags);
279 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
282 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
288 BT_DBG("%s status 0x%x", hdev->name, status);
290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
294 param = *((__u8 *) sent);
299 mgmt_write_scan_failed(hdev, param, status);
300 hdev->discov_timeout = 0;
304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
310 mgmt_discoverable(hdev, 1);
311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
316 } else if (old_iscan)
317 mgmt_discoverable(hdev, 0);
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
322 mgmt_connectable(hdev, 1);
323 } else if (old_pscan)
324 mgmt_connectable(hdev, 0);
327 hci_dev_unlock(hdev);
328 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
331 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335 BT_DBG("%s status 0x%x", hdev->name, rp->status);
340 memcpy(hdev->dev_class, rp->dev_class, 3);
342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
346 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 __u8 status = *((__u8 *) skb->data);
351 BT_DBG("%s status 0x%x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360 memcpy(hdev->dev_class, sent, 3);
363 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
368 BT_DBG("%s status 0x%x", hdev->name, rp->status);
373 setting = __le16_to_cpu(rp->voice_setting);
375 if (hdev->voice_setting == setting)
378 hdev->voice_setting = setting;
380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
386 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
388 __u8 status = *((__u8 *) skb->data);
392 BT_DBG("%s status 0x%x", hdev->name, status);
397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
401 setting = get_unaligned_le16(sent);
403 if (hdev->voice_setting == setting)
406 hdev->voice_setting = setting;
408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
411 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
414 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
416 __u8 status = *((__u8 *) skb->data);
418 BT_DBG("%s status 0x%x", hdev->name, status);
420 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425 __u8 status = *((__u8 *) skb->data);
428 BT_DBG("%s status 0x%x", hdev->name, status);
430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
434 if (test_bit(HCI_MGMT, &hdev->dev_flags))
435 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
438 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
440 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
444 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
446 if (hdev->features[6] & LMP_EXT_INQ)
449 if (hdev->features[3] & LMP_RSSI_INQ)
452 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
453 hdev->lmp_subver == 0x0757)
456 if (hdev->manufacturer == 15) {
457 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
459 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
461 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
465 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
466 hdev->lmp_subver == 0x1805)
472 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
476 mode = hci_get_inquiry_mode(hdev);
478 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
481 static void hci_setup_event_mask(struct hci_dev *hdev)
483 /* The second byte is 0xff instead of 0x9f (two reserved bits
484 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
485 * command otherwise */
486 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
488 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
489 * any event mask for pre 1.2 devices */
490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
493 events[4] |= 0x01; /* Flow Specification Complete */
494 events[4] |= 0x02; /* Inquiry Result with RSSI */
495 events[4] |= 0x04; /* Read Remote Extended Features Complete */
496 events[5] |= 0x08; /* Synchronous Connection Complete */
497 events[5] |= 0x10; /* Synchronous Connection Changed */
499 if (hdev->features[3] & LMP_RSSI_INQ)
500 events[4] |= 0x04; /* Inquiry Result with RSSI */
502 if (hdev->features[5] & LMP_SNIFF_SUBR)
503 events[5] |= 0x20; /* Sniff Subrating */
505 if (hdev->features[5] & LMP_PAUSE_ENC)
506 events[5] |= 0x80; /* Encryption Key Refresh Complete */
508 if (hdev->features[6] & LMP_EXT_INQ)
509 events[5] |= 0x40; /* Extended Inquiry Result */
511 if (hdev->features[6] & LMP_NO_FLUSH)
512 events[7] |= 0x01; /* Enhanced Flush Complete */
514 if (hdev->features[7] & LMP_LSTO)
515 events[6] |= 0x80; /* Link Supervision Timeout Changed */
517 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
518 events[6] |= 0x01; /* IO Capability Request */
519 events[6] |= 0x02; /* IO Capability Response */
520 events[6] |= 0x04; /* User Confirmation Request */
521 events[6] |= 0x08; /* User Passkey Request */
522 events[6] |= 0x10; /* Remote OOB Data Request */
523 events[6] |= 0x20; /* Simple Pairing Complete */
524 events[7] |= 0x04; /* User Passkey Notification */
525 events[7] |= 0x08; /* Keypress Notification */
526 events[7] |= 0x10; /* Remote Host Supported
527 * Features Notification */
530 if (hdev->features[4] & LMP_LE)
531 events[7] |= 0x20; /* LE Meta-Event */
533 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
536 static void hci_set_le_support(struct hci_dev *hdev)
538 struct hci_cp_write_le_host_supported cp;
540 memset(&cp, 0, sizeof(cp));
542 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
544 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
547 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
550 static void hci_setup(struct hci_dev *hdev)
552 if (hdev->dev_type != HCI_BREDR)
555 hci_setup_event_mask(hdev);
557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
560 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
564 sizeof(mode), &mode);
566 struct hci_cp_write_eir cp;
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
592 sizeof(enable), &enable);
595 if (hdev->features[4] & LMP_LE)
596 hci_set_le_support(hdev);
599 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%x", hdev->name, rp->status);
608 hdev->hci_ver = rp->hci_ver;
609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
610 hdev->lmp_ver = rp->lmp_ver;
611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
614 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
616 hdev->hci_ver, hdev->hci_rev);
618 if (test_bit(HCI_INIT, &hdev->flags))
622 static void hci_setup_link_policy(struct hci_dev *hdev)
626 if (hdev->features[0] & LMP_RSWITCH)
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (hdev->features[0] & LMP_SNIFF)
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
635 link_policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
637 sizeof(link_policy), &link_policy);
640 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
644 BT_DBG("%s status 0x%x", hdev->name, rp->status);
649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
658 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
660 struct hci_rp_read_local_features *rp = (void *) skb->data;
662 BT_DBG("%s status 0x%x", hdev->name, rp->status);
667 memcpy(hdev->features, rp->features, 8);
669 /* Adjust default settings according to features
670 * supported by device. */
672 if (hdev->features[0] & LMP_3SLOT)
673 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
675 if (hdev->features[0] & LMP_5SLOT)
676 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
678 if (hdev->features[1] & LMP_HV2) {
679 hdev->pkt_type |= (HCI_HV2);
680 hdev->esco_type |= (ESCO_HV2);
683 if (hdev->features[1] & LMP_HV3) {
684 hdev->pkt_type |= (HCI_HV3);
685 hdev->esco_type |= (ESCO_HV3);
688 if (hdev->features[3] & LMP_ESCO)
689 hdev->esco_type |= (ESCO_EV3);
691 if (hdev->features[4] & LMP_EV4)
692 hdev->esco_type |= (ESCO_EV4);
694 if (hdev->features[4] & LMP_EV5)
695 hdev->esco_type |= (ESCO_EV5);
697 if (hdev->features[5] & LMP_EDR_ESCO_2M)
698 hdev->esco_type |= (ESCO_2EV3);
700 if (hdev->features[5] & LMP_EDR_ESCO_3M)
701 hdev->esco_type |= (ESCO_3EV3);
703 if (hdev->features[5] & LMP_EDR_3S_ESCO)
704 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
706 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
707 hdev->features[0], hdev->features[1],
708 hdev->features[2], hdev->features[3],
709 hdev->features[4], hdev->features[5],
710 hdev->features[6], hdev->features[7]);
713 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
716 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
718 BT_DBG("%s status 0x%x", hdev->name, rp->status);
725 memcpy(hdev->features, rp->features, 8);
728 memcpy(hdev->host_features, rp->features, 8);
732 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
735 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
738 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
740 BT_DBG("%s status 0x%x", hdev->name, rp->status);
745 hdev->flow_ctl_mode = rp->mode;
747 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
750 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
752 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
759 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
760 hdev->sco_mtu = rp->sco_mtu;
761 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
762 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
764 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
769 hdev->acl_cnt = hdev->acl_pkts;
770 hdev->sco_cnt = hdev->sco_pkts;
772 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
773 hdev->acl_mtu, hdev->acl_pkts,
774 hdev->sco_mtu, hdev->sco_pkts);
777 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
779 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
781 BT_DBG("%s status 0x%x", hdev->name, rp->status);
784 bacpy(&hdev->bdaddr, &rp->bdaddr);
786 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
789 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
792 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
794 BT_DBG("%s status 0x%x", hdev->name, rp->status);
799 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
800 hdev->block_len = __le16_to_cpu(rp->block_len);
801 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
803 hdev->block_cnt = hdev->num_blocks;
805 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
806 hdev->block_cnt, hdev->block_len);
808 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
811 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
813 __u8 status = *((__u8 *) skb->data);
815 BT_DBG("%s status 0x%x", hdev->name, status);
817 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
820 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
823 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
825 BT_DBG("%s status 0x%x", hdev->name, rp->status);
830 hdev->amp_status = rp->amp_status;
831 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
832 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
833 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
834 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
835 hdev->amp_type = rp->amp_type;
836 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
837 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
838 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
839 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
841 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
844 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
847 __u8 status = *((__u8 *) skb->data);
849 BT_DBG("%s status 0x%x", hdev->name, status);
851 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
854 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
856 __u8 status = *((__u8 *) skb->data);
858 BT_DBG("%s status 0x%x", hdev->name, status);
860 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
863 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
866 __u8 status = *((__u8 *) skb->data);
868 BT_DBG("%s status 0x%x", hdev->name, status);
870 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
873 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
876 __u8 status = *((__u8 *) skb->data);
878 BT_DBG("%s status 0x%x", hdev->name, status);
880 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
883 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
885 __u8 status = *((__u8 *) skb->data);
887 BT_DBG("%s status 0x%x", hdev->name, status);
889 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
892 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
894 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
895 struct hci_cp_pin_code_reply *cp;
896 struct hci_conn *conn;
898 BT_DBG("%s status 0x%x", hdev->name, rp->status);
902 if (test_bit(HCI_MGMT, &hdev->dev_flags))
903 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
908 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
914 conn->pin_length = cp->pin_len;
917 hci_dev_unlock(hdev);
920 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
922 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
928 if (test_bit(HCI_MGMT, &hdev->dev_flags))
929 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
932 hci_dev_unlock(hdev);
935 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
938 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
940 BT_DBG("%s status 0x%x", hdev->name, rp->status);
945 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
946 hdev->le_pkts = rp->le_max_pkt;
948 hdev->le_cnt = hdev->le_pkts;
950 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
952 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
955 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
957 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959 BT_DBG("%s status 0x%x", hdev->name, rp->status);
963 if (test_bit(HCI_MGMT, &hdev->dev_flags))
964 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
967 hci_dev_unlock(hdev);
970 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
973 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
975 BT_DBG("%s status 0x%x", hdev->name, rp->status);
979 if (test_bit(HCI_MGMT, &hdev->dev_flags))
980 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
984 hci_dev_unlock(hdev);
987 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
991 BT_DBG("%s status 0x%x", hdev->name, rp->status);
995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
996 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
999 hci_dev_unlock(hdev);
1002 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1005 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1007 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1011 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1012 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1016 hci_dev_unlock(hdev);
1019 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1020 struct sk_buff *skb)
1022 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1024 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1027 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1028 rp->randomizer, rp->status);
1029 hci_dev_unlock(hdev);
1032 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1034 __u8 status = *((__u8 *) skb->data);
1036 BT_DBG("%s status 0x%x", hdev->name, status);
1038 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1042 mgmt_start_discovery_failed(hdev, status);
1043 hci_dev_unlock(hdev);
1048 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1049 struct sk_buff *skb)
1051 struct hci_cp_le_set_scan_enable *cp;
1052 __u8 status = *((__u8 *) skb->data);
1054 BT_DBG("%s status 0x%x", hdev->name, status);
1056 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1060 switch (cp->enable) {
1061 case LE_SCANNING_ENABLED:
1062 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1066 mgmt_start_discovery_failed(hdev, status);
1067 hci_dev_unlock(hdev);
1071 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1073 cancel_delayed_work_sync(&hdev->adv_work);
1076 hci_adv_entries_clear(hdev);
1077 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1078 hci_dev_unlock(hdev);
1081 case LE_SCANNING_DISABLED:
1085 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1087 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1089 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1090 mgmt_interleaved_discovery(hdev);
1093 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1094 hci_dev_unlock(hdev);
1100 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1105 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1107 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1109 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1114 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1117 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1119 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1126 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1129 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1130 struct sk_buff *skb)
1132 struct hci_cp_read_local_ext_features cp;
1133 struct hci_cp_write_le_host_supported *sent;
1134 __u8 status = *((__u8 *) skb->data);
1136 BT_DBG("%s status 0x%x", hdev->name, status);
1138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1139 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1140 mgmt_le_enable_complete(hdev, sent->le, status);
1146 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1149 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1151 BT_DBG("%s status 0x%x", hdev->name, status);
1154 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1155 hci_conn_check_pending(hdev);
1157 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1158 mgmt_start_discovery_failed(hdev, status);
1159 hci_dev_unlock(hdev);
1163 set_bit(HCI_INQUIRY, &hdev->flags);
1166 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1167 hci_dev_unlock(hdev);
1170 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1172 struct hci_cp_create_conn *cp;
1173 struct hci_conn *conn;
1175 BT_DBG("%s status 0x%x", hdev->name, status);
1177 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1185 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1188 if (conn && conn->state == BT_CONNECT) {
1189 if (status != 0x0c || conn->attempt > 2) {
1190 conn->state = BT_CLOSED;
1191 hci_proto_connect_cfm(conn, status);
1194 conn->state = BT_CONNECT2;
1198 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1201 conn->link_mode |= HCI_LM_MASTER;
1203 BT_ERR("No memory for new connection");
1207 hci_dev_unlock(hdev);
1210 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1212 struct hci_cp_add_sco *cp;
1213 struct hci_conn *acl, *sco;
1216 BT_DBG("%s status 0x%x", hdev->name, status);
1221 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1225 handle = __le16_to_cpu(cp->handle);
1227 BT_DBG("%s handle %d", hdev->name, handle);
1231 acl = hci_conn_hash_lookup_handle(hdev, handle);
1235 sco->state = BT_CLOSED;
1237 hci_proto_connect_cfm(sco, status);
1242 hci_dev_unlock(hdev);
1245 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1247 struct hci_cp_auth_requested *cp;
1248 struct hci_conn *conn;
1250 BT_DBG("%s status 0x%x", hdev->name, status);
1255 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1261 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1263 if (conn->state == BT_CONFIG) {
1264 hci_proto_connect_cfm(conn, status);
1269 hci_dev_unlock(hdev);
1272 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_set_conn_encrypt *cp;
1275 struct hci_conn *conn;
1277 BT_DBG("%s status 0x%x", hdev->name, status);
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1296 hci_dev_unlock(hdev);
1299 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1300 struct hci_conn *conn)
1302 if (conn->state != BT_CONFIG || !conn->out)
1305 if (conn->pending_sec_level == BT_SECURITY_SDP)
1308 /* Only request authentication for SSP connections or non-SSP
1309 * devices with sec_level HIGH or if MITM protection is requested */
1310 if (!hci_conn_ssp_enabled(conn) &&
1311 conn->pending_sec_level != BT_SECURITY_HIGH &&
1312 !(conn->auth_type & 0x01))
1318 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1320 struct hci_cp_remote_name_req cp;
1322 memset(&cp, 0, sizeof(cp));
1324 bacpy(&cp.bdaddr, &e->data.bdaddr);
1325 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1326 cp.pscan_mode = e->data.pscan_mode;
1327 cp.clock_offset = e->data.clock_offset;
1329 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1332 static bool hci_resolve_next_name(struct hci_dev *hdev)
1334 struct discovery_state *discov = &hdev->discovery;
1335 struct inquiry_entry *e;
1337 if (list_empty(&discov->resolve))
1340 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1341 if (hci_resolve_name(hdev, e) == 0) {
1342 e->name_state = NAME_PENDING;
1349 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1350 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1352 struct discovery_state *discov = &hdev->discovery;
1353 struct inquiry_entry *e;
1355 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1356 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1357 name, name_len, conn->dev_class);
1359 if (discov->state == DISCOVERY_STOPPED)
1362 if (discov->state == DISCOVERY_STOPPING)
1363 goto discov_complete;
1365 if (discov->state != DISCOVERY_RESOLVING)
1368 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1370 e->name_state = NAME_KNOWN;
1373 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1374 e->data.rssi, name, name_len);
1377 if (hci_resolve_next_name(hdev))
1381 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1384 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1386 struct hci_cp_remote_name_req *cp;
1387 struct hci_conn *conn;
1389 BT_DBG("%s status 0x%x", hdev->name, status);
1391 /* If successful wait for the name req complete event before
1392 * checking for the need to do authentication */
1396 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1404 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1405 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1410 if (!hci_outgoing_auth_needed(hdev, conn))
1413 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1414 struct hci_cp_auth_requested cp;
1415 cp.handle = __cpu_to_le16(conn->handle);
1416 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1420 hci_dev_unlock(hdev);
1423 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1425 struct hci_cp_read_remote_features *cp;
1426 struct hci_conn *conn;
1428 BT_DBG("%s status 0x%x", hdev->name, status);
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1439 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1441 if (conn->state == BT_CONFIG) {
1442 hci_proto_connect_cfm(conn, status);
1447 hci_dev_unlock(hdev);
1450 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1452 struct hci_cp_read_remote_ext_features *cp;
1453 struct hci_conn *conn;
1455 BT_DBG("%s status 0x%x", hdev->name, status);
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1468 if (conn->state == BT_CONFIG) {
1469 hci_proto_connect_cfm(conn, status);
1474 hci_dev_unlock(hdev);
1477 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1479 struct hci_cp_setup_sync_conn *cp;
1480 struct hci_conn *acl, *sco;
1483 BT_DBG("%s status 0x%x", hdev->name, status);
1488 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1492 handle = __le16_to_cpu(cp->handle);
1494 BT_DBG("%s handle %d", hdev->name, handle);
1498 acl = hci_conn_hash_lookup_handle(hdev, handle);
1502 sco->state = BT_CLOSED;
1504 hci_proto_connect_cfm(sco, status);
1509 hci_dev_unlock(hdev);
1512 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1514 struct hci_cp_sniff_mode *cp;
1515 struct hci_conn *conn;
1517 BT_DBG("%s status 0x%x", hdev->name, status);
1522 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1528 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1530 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1532 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1533 hci_sco_setup(conn, status);
1536 hci_dev_unlock(hdev);
1539 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1541 struct hci_cp_exit_sniff_mode *cp;
1542 struct hci_conn *conn;
1544 BT_DBG("%s status 0x%x", hdev->name, status);
1549 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1560 hci_sco_setup(conn, status);
1563 hci_dev_unlock(hdev);
1566 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1568 struct hci_cp_disconnect *cp;
1569 struct hci_conn *conn;
1574 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1580 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1582 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1583 conn->dst_type, status);
1585 hci_dev_unlock(hdev);
1588 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1590 struct hci_cp_le_create_conn *cp;
1591 struct hci_conn *conn;
1593 BT_DBG("%s status 0x%x", hdev->name, status);
1595 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1601 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1603 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1607 if (conn && conn->state == BT_CONNECT) {
1608 conn->state = BT_CLOSED;
1609 hci_proto_connect_cfm(conn, status);
1614 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1616 conn->dst_type = cp->peer_addr_type;
1619 BT_ERR("No memory for new connection");
1624 hci_dev_unlock(hdev);
1627 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1629 BT_DBG("%s status 0x%x", hdev->name, status);
1632 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1634 __u8 status = *((__u8 *) skb->data);
1635 struct discovery_state *discov = &hdev->discovery;
1636 struct inquiry_entry *e;
1638 BT_DBG("%s status %d", hdev->name, status);
1640 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1642 hci_conn_check_pending(hdev);
1644 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1647 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1652 if (discov->state != DISCOVERY_FINDING)
1655 if (list_empty(&discov->resolve)) {
1656 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1660 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1661 if (e && hci_resolve_name(hdev, e) == 0) {
1662 e->name_state = NAME_PENDING;
1663 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1665 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1669 hci_dev_unlock(hdev);
1672 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1674 struct inquiry_data data;
1675 struct inquiry_info *info = (void *) (skb->data + 1);
1676 int num_rsp = *((__u8 *) skb->data);
1678 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1685 for (; num_rsp; num_rsp--, info++) {
1688 bacpy(&data.bdaddr, &info->bdaddr);
1689 data.pscan_rep_mode = info->pscan_rep_mode;
1690 data.pscan_period_mode = info->pscan_period_mode;
1691 data.pscan_mode = info->pscan_mode;
1692 memcpy(data.dev_class, info->dev_class, 3);
1693 data.clock_offset = info->clock_offset;
1695 data.ssp_mode = 0x00;
1697 name_known = hci_inquiry_cache_update(hdev, &data, false);
1698 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1699 info->dev_class, 0, !name_known,
1703 hci_dev_unlock(hdev);
1706 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1708 struct hci_ev_conn_complete *ev = (void *) skb->data;
1709 struct hci_conn *conn;
1711 BT_DBG("%s", hdev->name);
1715 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1717 if (ev->link_type != SCO_LINK)
1720 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1724 conn->type = SCO_LINK;
1728 conn->handle = __le16_to_cpu(ev->handle);
1730 if (conn->type == ACL_LINK) {
1731 conn->state = BT_CONFIG;
1732 hci_conn_hold(conn);
1733 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1735 conn->state = BT_CONNECTED;
1737 hci_conn_hold_device(conn);
1738 hci_conn_add_sysfs(conn);
1740 if (test_bit(HCI_AUTH, &hdev->flags))
1741 conn->link_mode |= HCI_LM_AUTH;
1743 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1744 conn->link_mode |= HCI_LM_ENCRYPT;
1746 /* Get remote features */
1747 if (conn->type == ACL_LINK) {
1748 struct hci_cp_read_remote_features cp;
1749 cp.handle = ev->handle;
1750 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1754 /* Set packet type for incoming connection */
1755 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1756 struct hci_cp_change_conn_ptype cp;
1757 cp.handle = ev->handle;
1758 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1759 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1763 conn->state = BT_CLOSED;
1764 if (conn->type == ACL_LINK)
1765 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1766 conn->dst_type, ev->status);
1769 if (conn->type == ACL_LINK)
1770 hci_sco_setup(conn, ev->status);
1773 hci_proto_connect_cfm(conn, ev->status);
1775 } else if (ev->link_type != ACL_LINK)
1776 hci_proto_connect_cfm(conn, ev->status);
1779 hci_dev_unlock(hdev);
1781 hci_conn_check_pending(hdev);
1784 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1786 struct hci_ev_conn_request *ev = (void *) skb->data;
1787 int mask = hdev->link_mode;
1789 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1790 batostr(&ev->bdaddr), ev->link_type);
1792 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1794 if ((mask & HCI_LM_ACCEPT) &&
1795 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1796 /* Connection accepted */
1797 struct inquiry_entry *ie;
1798 struct hci_conn *conn;
1802 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1804 memcpy(ie->data.dev_class, ev->dev_class, 3);
1806 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1808 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1810 BT_ERR("No memory for new connection");
1811 hci_dev_unlock(hdev);
1816 memcpy(conn->dev_class, ev->dev_class, 3);
1817 conn->state = BT_CONNECT;
1819 hci_dev_unlock(hdev);
1821 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1822 struct hci_cp_accept_conn_req cp;
1824 bacpy(&cp.bdaddr, &ev->bdaddr);
1826 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1827 cp.role = 0x00; /* Become master */
1829 cp.role = 0x01; /* Remain slave */
1831 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1834 struct hci_cp_accept_sync_conn_req cp;
1836 bacpy(&cp.bdaddr, &ev->bdaddr);
1837 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1839 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1840 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1841 cp.max_latency = cpu_to_le16(0xffff);
1842 cp.content_format = cpu_to_le16(hdev->voice_setting);
1843 cp.retrans_effort = 0xff;
1845 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1849 /* Connection rejected */
1850 struct hci_cp_reject_conn_req cp;
1852 bacpy(&cp.bdaddr, &ev->bdaddr);
1853 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1854 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1858 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1860 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1861 struct hci_conn *conn;
1863 BT_DBG("%s status %d", hdev->name, ev->status);
1867 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1871 if (ev->status == 0)
1872 conn->state = BT_CLOSED;
1874 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1875 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1876 if (ev->status != 0)
1877 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1878 conn->dst_type, ev->status);
1880 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1884 if (ev->status == 0) {
1885 hci_proto_disconn_cfm(conn, ev->reason);
1890 hci_dev_unlock(hdev);
1893 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1895 struct hci_ev_auth_complete *ev = (void *) skb->data;
1896 struct hci_conn *conn;
1898 BT_DBG("%s status %d", hdev->name, ev->status);
1902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1907 if (!hci_conn_ssp_enabled(conn) &&
1908 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1909 BT_INFO("re-auth of legacy device is not possible.");
1911 conn->link_mode |= HCI_LM_AUTH;
1912 conn->sec_level = conn->pending_sec_level;
1915 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1919 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1920 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1922 if (conn->state == BT_CONFIG) {
1923 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1924 struct hci_cp_set_conn_encrypt cp;
1925 cp.handle = ev->handle;
1927 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1930 conn->state = BT_CONNECTED;
1931 hci_proto_connect_cfm(conn, ev->status);
1935 hci_auth_cfm(conn, ev->status);
1937 hci_conn_hold(conn);
1938 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1942 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1944 struct hci_cp_set_conn_encrypt cp;
1945 cp.handle = ev->handle;
1947 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1950 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1951 hci_encrypt_cfm(conn, ev->status, 0x00);
1956 hci_dev_unlock(hdev);
1959 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1961 struct hci_ev_remote_name *ev = (void *) skb->data;
1962 struct hci_conn *conn;
1964 BT_DBG("%s", hdev->name);
1966 hci_conn_check_pending(hdev);
1970 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1972 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1975 if (ev->status == 0)
1976 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1977 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1979 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1985 if (!hci_outgoing_auth_needed(hdev, conn))
1988 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1989 struct hci_cp_auth_requested cp;
1990 cp.handle = __cpu_to_le16(conn->handle);
1991 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1995 hci_dev_unlock(hdev);
1998 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2000 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2001 struct hci_conn *conn;
2003 BT_DBG("%s status %d", hdev->name, ev->status);
2007 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2011 /* Encryption implies authentication */
2012 conn->link_mode |= HCI_LM_AUTH;
2013 conn->link_mode |= HCI_LM_ENCRYPT;
2014 conn->sec_level = conn->pending_sec_level;
2016 conn->link_mode &= ~HCI_LM_ENCRYPT;
2019 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2021 if (conn->state == BT_CONFIG) {
2023 conn->state = BT_CONNECTED;
2025 hci_proto_connect_cfm(conn, ev->status);
2028 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2031 hci_dev_unlock(hdev);
2034 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2036 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2037 struct hci_conn *conn;
2039 BT_DBG("%s status %d", hdev->name, ev->status);
2043 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2046 conn->link_mode |= HCI_LM_SECURE;
2048 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2050 hci_key_change_cfm(conn, ev->status);
2053 hci_dev_unlock(hdev);
2056 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2058 struct hci_ev_remote_features *ev = (void *) skb->data;
2059 struct hci_conn *conn;
2061 BT_DBG("%s status %d", hdev->name, ev->status);
2065 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2070 memcpy(conn->features, ev->features, 8);
2072 if (conn->state != BT_CONFIG)
2075 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2076 struct hci_cp_read_remote_ext_features cp;
2077 cp.handle = ev->handle;
2079 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2085 struct hci_cp_remote_name_req cp;
2086 memset(&cp, 0, sizeof(cp));
2087 bacpy(&cp.bdaddr, &conn->dst);
2088 cp.pscan_rep_mode = 0x02;
2089 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2090 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2091 mgmt_device_connected(hdev, &conn->dst, conn->type,
2092 conn->dst_type, NULL, 0,
2095 if (!hci_outgoing_auth_needed(hdev, conn)) {
2096 conn->state = BT_CONNECTED;
2097 hci_proto_connect_cfm(conn, ev->status);
2102 hci_dev_unlock(hdev);
2105 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2107 BT_DBG("%s", hdev->name);
2110 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2112 BT_DBG("%s", hdev->name);
2115 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2117 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2120 skb_pull(skb, sizeof(*ev));
2122 opcode = __le16_to_cpu(ev->opcode);
2125 case HCI_OP_INQUIRY_CANCEL:
2126 hci_cc_inquiry_cancel(hdev, skb);
2129 case HCI_OP_EXIT_PERIODIC_INQ:
2130 hci_cc_exit_periodic_inq(hdev, skb);
2133 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2134 hci_cc_remote_name_req_cancel(hdev, skb);
2137 case HCI_OP_ROLE_DISCOVERY:
2138 hci_cc_role_discovery(hdev, skb);
2141 case HCI_OP_READ_LINK_POLICY:
2142 hci_cc_read_link_policy(hdev, skb);
2145 case HCI_OP_WRITE_LINK_POLICY:
2146 hci_cc_write_link_policy(hdev, skb);
2149 case HCI_OP_READ_DEF_LINK_POLICY:
2150 hci_cc_read_def_link_policy(hdev, skb);
2153 case HCI_OP_WRITE_DEF_LINK_POLICY:
2154 hci_cc_write_def_link_policy(hdev, skb);
2158 hci_cc_reset(hdev, skb);
2161 case HCI_OP_WRITE_LOCAL_NAME:
2162 hci_cc_write_local_name(hdev, skb);
2165 case HCI_OP_READ_LOCAL_NAME:
2166 hci_cc_read_local_name(hdev, skb);
2169 case HCI_OP_WRITE_AUTH_ENABLE:
2170 hci_cc_write_auth_enable(hdev, skb);
2173 case HCI_OP_WRITE_ENCRYPT_MODE:
2174 hci_cc_write_encrypt_mode(hdev, skb);
2177 case HCI_OP_WRITE_SCAN_ENABLE:
2178 hci_cc_write_scan_enable(hdev, skb);
2181 case HCI_OP_READ_CLASS_OF_DEV:
2182 hci_cc_read_class_of_dev(hdev, skb);
2185 case HCI_OP_WRITE_CLASS_OF_DEV:
2186 hci_cc_write_class_of_dev(hdev, skb);
2189 case HCI_OP_READ_VOICE_SETTING:
2190 hci_cc_read_voice_setting(hdev, skb);
2193 case HCI_OP_WRITE_VOICE_SETTING:
2194 hci_cc_write_voice_setting(hdev, skb);
2197 case HCI_OP_HOST_BUFFER_SIZE:
2198 hci_cc_host_buffer_size(hdev, skb);
2201 case HCI_OP_WRITE_SSP_MODE:
2202 hci_cc_write_ssp_mode(hdev, skb);
2205 case HCI_OP_READ_LOCAL_VERSION:
2206 hci_cc_read_local_version(hdev, skb);
2209 case HCI_OP_READ_LOCAL_COMMANDS:
2210 hci_cc_read_local_commands(hdev, skb);
2213 case HCI_OP_READ_LOCAL_FEATURES:
2214 hci_cc_read_local_features(hdev, skb);
2217 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2218 hci_cc_read_local_ext_features(hdev, skb);
2221 case HCI_OP_READ_BUFFER_SIZE:
2222 hci_cc_read_buffer_size(hdev, skb);
2225 case HCI_OP_READ_BD_ADDR:
2226 hci_cc_read_bd_addr(hdev, skb);
2229 case HCI_OP_READ_DATA_BLOCK_SIZE:
2230 hci_cc_read_data_block_size(hdev, skb);
2233 case HCI_OP_WRITE_CA_TIMEOUT:
2234 hci_cc_write_ca_timeout(hdev, skb);
2237 case HCI_OP_READ_FLOW_CONTROL_MODE:
2238 hci_cc_read_flow_control_mode(hdev, skb);
2241 case HCI_OP_READ_LOCAL_AMP_INFO:
2242 hci_cc_read_local_amp_info(hdev, skb);
2245 case HCI_OP_DELETE_STORED_LINK_KEY:
2246 hci_cc_delete_stored_link_key(hdev, skb);
2249 case HCI_OP_SET_EVENT_MASK:
2250 hci_cc_set_event_mask(hdev, skb);
2253 case HCI_OP_WRITE_INQUIRY_MODE:
2254 hci_cc_write_inquiry_mode(hdev, skb);
2257 case HCI_OP_READ_INQ_RSP_TX_POWER:
2258 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2261 case HCI_OP_SET_EVENT_FLT:
2262 hci_cc_set_event_flt(hdev, skb);
2265 case HCI_OP_PIN_CODE_REPLY:
2266 hci_cc_pin_code_reply(hdev, skb);
2269 case HCI_OP_PIN_CODE_NEG_REPLY:
2270 hci_cc_pin_code_neg_reply(hdev, skb);
2273 case HCI_OP_READ_LOCAL_OOB_DATA:
2274 hci_cc_read_local_oob_data_reply(hdev, skb);
2277 case HCI_OP_LE_READ_BUFFER_SIZE:
2278 hci_cc_le_read_buffer_size(hdev, skb);
2281 case HCI_OP_USER_CONFIRM_REPLY:
2282 hci_cc_user_confirm_reply(hdev, skb);
2285 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2286 hci_cc_user_confirm_neg_reply(hdev, skb);
2289 case HCI_OP_USER_PASSKEY_REPLY:
2290 hci_cc_user_passkey_reply(hdev, skb);
2293 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2294 hci_cc_user_passkey_neg_reply(hdev, skb);
2296 case HCI_OP_LE_SET_SCAN_PARAM:
2297 hci_cc_le_set_scan_param(hdev, skb);
2300 case HCI_OP_LE_SET_SCAN_ENABLE:
2301 hci_cc_le_set_scan_enable(hdev, skb);
2304 case HCI_OP_LE_LTK_REPLY:
2305 hci_cc_le_ltk_reply(hdev, skb);
2308 case HCI_OP_LE_LTK_NEG_REPLY:
2309 hci_cc_le_ltk_neg_reply(hdev, skb);
2312 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2313 hci_cc_write_le_host_supported(hdev, skb);
2317 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2321 if (ev->opcode != HCI_OP_NOP)
2322 del_timer(&hdev->cmd_timer);
2325 atomic_set(&hdev->cmd_cnt, 1);
2326 if (!skb_queue_empty(&hdev->cmd_q))
2327 queue_work(hdev->workqueue, &hdev->cmd_work);
2331 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2333 struct hci_ev_cmd_status *ev = (void *) skb->data;
2336 skb_pull(skb, sizeof(*ev));
2338 opcode = __le16_to_cpu(ev->opcode);
2341 case HCI_OP_INQUIRY:
2342 hci_cs_inquiry(hdev, ev->status);
2345 case HCI_OP_CREATE_CONN:
2346 hci_cs_create_conn(hdev, ev->status);
2349 case HCI_OP_ADD_SCO:
2350 hci_cs_add_sco(hdev, ev->status);
2353 case HCI_OP_AUTH_REQUESTED:
2354 hci_cs_auth_requested(hdev, ev->status);
2357 case HCI_OP_SET_CONN_ENCRYPT:
2358 hci_cs_set_conn_encrypt(hdev, ev->status);
2361 case HCI_OP_REMOTE_NAME_REQ:
2362 hci_cs_remote_name_req(hdev, ev->status);
2365 case HCI_OP_READ_REMOTE_FEATURES:
2366 hci_cs_read_remote_features(hdev, ev->status);
2369 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2370 hci_cs_read_remote_ext_features(hdev, ev->status);
2373 case HCI_OP_SETUP_SYNC_CONN:
2374 hci_cs_setup_sync_conn(hdev, ev->status);
2377 case HCI_OP_SNIFF_MODE:
2378 hci_cs_sniff_mode(hdev, ev->status);
2381 case HCI_OP_EXIT_SNIFF_MODE:
2382 hci_cs_exit_sniff_mode(hdev, ev->status);
2385 case HCI_OP_DISCONNECT:
2386 hci_cs_disconnect(hdev, ev->status);
2389 case HCI_OP_LE_CREATE_CONN:
2390 hci_cs_le_create_conn(hdev, ev->status);
2393 case HCI_OP_LE_START_ENC:
2394 hci_cs_le_start_enc(hdev, ev->status);
2398 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2402 if (ev->opcode != HCI_OP_NOP)
2403 del_timer(&hdev->cmd_timer);
2405 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2406 atomic_set(&hdev->cmd_cnt, 1);
2407 if (!skb_queue_empty(&hdev->cmd_q))
2408 queue_work(hdev->workqueue, &hdev->cmd_work);
2412 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2414 struct hci_ev_role_change *ev = (void *) skb->data;
2415 struct hci_conn *conn;
2417 BT_DBG("%s status %d", hdev->name, ev->status);
2421 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2425 conn->link_mode &= ~HCI_LM_MASTER;
2427 conn->link_mode |= HCI_LM_MASTER;
2430 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2432 hci_role_switch_cfm(conn, ev->status, ev->role);
2435 hci_dev_unlock(hdev);
2438 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2440 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2443 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2444 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2448 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2449 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2450 BT_DBG("%s bad parameters", hdev->name);
2454 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2456 for (i = 0; i < ev->num_hndl; i++) {
2457 struct hci_comp_pkts_info *info = &ev->handles[i];
2458 struct hci_conn *conn;
2459 __u16 handle, count;
2461 handle = __le16_to_cpu(info->handle);
2462 count = __le16_to_cpu(info->count);
2464 conn = hci_conn_hash_lookup_handle(hdev, handle);
2468 conn->sent -= count;
2470 switch (conn->type) {
2472 hdev->acl_cnt += count;
2473 if (hdev->acl_cnt > hdev->acl_pkts)
2474 hdev->acl_cnt = hdev->acl_pkts;
2478 if (hdev->le_pkts) {
2479 hdev->le_cnt += count;
2480 if (hdev->le_cnt > hdev->le_pkts)
2481 hdev->le_cnt = hdev->le_pkts;
2483 hdev->acl_cnt += count;
2484 if (hdev->acl_cnt > hdev->acl_pkts)
2485 hdev->acl_cnt = hdev->acl_pkts;
2490 hdev->sco_cnt += count;
2491 if (hdev->sco_cnt > hdev->sco_pkts)
2492 hdev->sco_cnt = hdev->sco_pkts;
2496 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2501 queue_work(hdev->workqueue, &hdev->tx_work);
2504 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2505 struct sk_buff *skb)
2507 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2510 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2511 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2515 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2516 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2517 BT_DBG("%s bad parameters", hdev->name);
2521 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2524 for (i = 0; i < ev->num_hndl; i++) {
2525 struct hci_comp_blocks_info *info = &ev->handles[i];
2526 struct hci_conn *conn;
2527 __u16 handle, block_count;
2529 handle = __le16_to_cpu(info->handle);
2530 block_count = __le16_to_cpu(info->blocks);
2532 conn = hci_conn_hash_lookup_handle(hdev, handle);
2536 conn->sent -= block_count;
2538 switch (conn->type) {
2540 hdev->block_cnt += block_count;
2541 if (hdev->block_cnt > hdev->num_blocks)
2542 hdev->block_cnt = hdev->num_blocks;
2546 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2551 queue_work(hdev->workqueue, &hdev->tx_work);
2554 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2556 struct hci_ev_mode_change *ev = (void *) skb->data;
2557 struct hci_conn *conn;
2559 BT_DBG("%s status %d", hdev->name, ev->status);
2563 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2565 conn->mode = ev->mode;
2566 conn->interval = __le16_to_cpu(ev->interval);
2568 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2569 if (conn->mode == HCI_CM_ACTIVE)
2570 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2572 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2575 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2576 hci_sco_setup(conn, ev->status);
2579 hci_dev_unlock(hdev);
2582 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2584 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2585 struct hci_conn *conn;
2587 BT_DBG("%s", hdev->name);
2591 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2595 if (conn->state == BT_CONNECTED) {
2596 hci_conn_hold(conn);
2597 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2601 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2602 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2603 sizeof(ev->bdaddr), &ev->bdaddr);
2604 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2607 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2612 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2616 hci_dev_unlock(hdev);
2619 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2621 struct hci_ev_link_key_req *ev = (void *) skb->data;
2622 struct hci_cp_link_key_reply cp;
2623 struct hci_conn *conn;
2624 struct link_key *key;
2626 BT_DBG("%s", hdev->name);
2628 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2633 key = hci_find_link_key(hdev, &ev->bdaddr);
2635 BT_DBG("%s link key not found for %s", hdev->name,
2636 batostr(&ev->bdaddr));
2640 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2641 batostr(&ev->bdaddr));
2643 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2644 key->type == HCI_LK_DEBUG_COMBINATION) {
2645 BT_DBG("%s ignoring debug key", hdev->name);
2649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2651 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2652 conn->auth_type != 0xff &&
2653 (conn->auth_type & 0x01)) {
2654 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2658 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2659 conn->pending_sec_level == BT_SECURITY_HIGH) {
2660 BT_DBG("%s ignoring key unauthenticated for high \
2661 security", hdev->name);
2665 conn->key_type = key->type;
2666 conn->pin_length = key->pin_len;
2669 bacpy(&cp.bdaddr, &ev->bdaddr);
2670 memcpy(cp.link_key, key->val, 16);
2672 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2674 hci_dev_unlock(hdev);
2679 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2680 hci_dev_unlock(hdev);
2683 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2685 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2686 struct hci_conn *conn;
2689 BT_DBG("%s", hdev->name);
2693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2695 hci_conn_hold(conn);
2696 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2697 pin_len = conn->pin_length;
2699 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2700 conn->key_type = ev->key_type;
2705 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2706 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2707 ev->key_type, pin_len);
2709 hci_dev_unlock(hdev);
2712 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2714 struct hci_ev_clock_offset *ev = (void *) skb->data;
2715 struct hci_conn *conn;
2717 BT_DBG("%s status %d", hdev->name, ev->status);
2721 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2722 if (conn && !ev->status) {
2723 struct inquiry_entry *ie;
2725 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2727 ie->data.clock_offset = ev->clock_offset;
2728 ie->timestamp = jiffies;
2732 hci_dev_unlock(hdev);
2735 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2738 struct hci_conn *conn;
2740 BT_DBG("%s status %d", hdev->name, ev->status);
2744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2745 if (conn && !ev->status)
2746 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2748 hci_dev_unlock(hdev);
2751 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2753 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2754 struct inquiry_entry *ie;
2756 BT_DBG("%s", hdev->name);
2760 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2762 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2763 ie->timestamp = jiffies;
2766 hci_dev_unlock(hdev);
2769 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2771 struct inquiry_data data;
2772 int num_rsp = *((__u8 *) skb->data);
2775 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2782 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2783 struct inquiry_info_with_rssi_and_pscan_mode *info;
2784 info = (void *) (skb->data + 1);
2786 for (; num_rsp; num_rsp--, info++) {
2787 bacpy(&data.bdaddr, &info->bdaddr);
2788 data.pscan_rep_mode = info->pscan_rep_mode;
2789 data.pscan_period_mode = info->pscan_period_mode;
2790 data.pscan_mode = info->pscan_mode;
2791 memcpy(data.dev_class, info->dev_class, 3);
2792 data.clock_offset = info->clock_offset;
2793 data.rssi = info->rssi;
2794 data.ssp_mode = 0x00;
2796 name_known = hci_inquiry_cache_update(hdev, &data,
2798 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2799 info->dev_class, info->rssi,
2800 !name_known, NULL, 0);
2803 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2805 for (; num_rsp; num_rsp--, info++) {
2806 bacpy(&data.bdaddr, &info->bdaddr);
2807 data.pscan_rep_mode = info->pscan_rep_mode;
2808 data.pscan_period_mode = info->pscan_period_mode;
2809 data.pscan_mode = 0x00;
2810 memcpy(data.dev_class, info->dev_class, 3);
2811 data.clock_offset = info->clock_offset;
2812 data.rssi = info->rssi;
2813 data.ssp_mode = 0x00;
2814 name_known = hci_inquiry_cache_update(hdev, &data,
2816 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2817 info->dev_class, info->rssi,
2818 !name_known, NULL, 0);
2822 hci_dev_unlock(hdev);
2825 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2827 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2828 struct hci_conn *conn;
2830 BT_DBG("%s", hdev->name);
2834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2838 if (!ev->status && ev->page == 0x01) {
2839 struct inquiry_entry *ie;
2841 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2843 ie->data.ssp_mode = (ev->features[0] & 0x01);
2845 if (ev->features[0] & 0x01)
2846 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2849 if (conn->state != BT_CONFIG)
2853 struct hci_cp_remote_name_req cp;
2854 memset(&cp, 0, sizeof(cp));
2855 bacpy(&cp.bdaddr, &conn->dst);
2856 cp.pscan_rep_mode = 0x02;
2857 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2858 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2859 mgmt_device_connected(hdev, &conn->dst, conn->type,
2860 conn->dst_type, NULL, 0,
2863 if (!hci_outgoing_auth_needed(hdev, conn)) {
2864 conn->state = BT_CONNECTED;
2865 hci_proto_connect_cfm(conn, ev->status);
2870 hci_dev_unlock(hdev);
2873 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2875 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2876 struct hci_conn *conn;
2878 BT_DBG("%s status %d", hdev->name, ev->status);
2882 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2884 if (ev->link_type == ESCO_LINK)
2887 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2891 conn->type = SCO_LINK;
2894 switch (ev->status) {
2896 conn->handle = __le16_to_cpu(ev->handle);
2897 conn->state = BT_CONNECTED;
2899 hci_conn_hold_device(conn);
2900 hci_conn_add_sysfs(conn);
2903 case 0x11: /* Unsupported Feature or Parameter Value */
2904 case 0x1c: /* SCO interval rejected */
2905 case 0x1a: /* Unsupported Remote Feature */
2906 case 0x1f: /* Unspecified error */
2907 if (conn->out && conn->attempt < 2) {
2908 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2909 (hdev->esco_type & EDR_ESCO_MASK);
2910 hci_setup_sync(conn, conn->link->handle);
2916 conn->state = BT_CLOSED;
2920 hci_proto_connect_cfm(conn, ev->status);
2925 hci_dev_unlock(hdev);
2928 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2930 BT_DBG("%s", hdev->name);
2933 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2935 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2937 BT_DBG("%s status %d", hdev->name, ev->status);
2940 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2942 struct inquiry_data data;
2943 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2944 int num_rsp = *((__u8 *) skb->data);
2946 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2953 for (; num_rsp; num_rsp--, info++) {
2956 bacpy(&data.bdaddr, &info->bdaddr);
2957 data.pscan_rep_mode = info->pscan_rep_mode;
2958 data.pscan_period_mode = info->pscan_period_mode;
2959 data.pscan_mode = 0x00;
2960 memcpy(data.dev_class, info->dev_class, 3);
2961 data.clock_offset = info->clock_offset;
2962 data.rssi = info->rssi;
2963 data.ssp_mode = 0x01;
2965 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2966 name_known = eir_has_data_type(info->data,
2972 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2973 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2974 info->dev_class, info->rssi,
2975 !name_known, info->data,
2976 sizeof(info->data));
2979 hci_dev_unlock(hdev);
2982 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2984 /* If remote requests dedicated bonding follow that lead */
2985 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2986 /* If both remote and local IO capabilities allow MITM
2987 * protection then require it, otherwise don't */
2988 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2994 /* If remote requests no-bonding follow that lead */
2995 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2996 return conn->remote_auth | (conn->auth_type & 0x01);
2998 return conn->auth_type;
3001 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3003 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3004 struct hci_conn *conn;
3006 BT_DBG("%s", hdev->name);
3010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3014 hci_conn_hold(conn);
3016 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3019 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3020 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3021 struct hci_cp_io_capability_reply cp;
3023 bacpy(&cp.bdaddr, &ev->bdaddr);
3024 /* Change the IO capability from KeyboardDisplay
3025 * to DisplayYesNo as it is not supported by BT spec. */
3026 cp.capability = (conn->io_capability == 0x04) ?
3027 0x01 : conn->io_capability;
3028 conn->auth_type = hci_get_auth_req(conn);
3029 cp.authentication = conn->auth_type;
3031 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3032 hci_find_remote_oob_data(hdev, &conn->dst))
3037 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3040 struct hci_cp_io_capability_neg_reply cp;
3042 bacpy(&cp.bdaddr, &ev->bdaddr);
3043 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3045 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3050 hci_dev_unlock(hdev);
3053 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3055 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3056 struct hci_conn *conn;
3058 BT_DBG("%s", hdev->name);
3062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3066 conn->remote_cap = ev->capability;
3067 conn->remote_auth = ev->authentication;
3069 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3072 hci_dev_unlock(hdev);
3075 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3076 struct sk_buff *skb)
3078 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3079 int loc_mitm, rem_mitm, confirm_hint = 0;
3080 struct hci_conn *conn;
3082 BT_DBG("%s", hdev->name);
3086 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3089 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3093 loc_mitm = (conn->auth_type & 0x01);
3094 rem_mitm = (conn->remote_auth & 0x01);
3096 /* If we require MITM but the remote device can't provide that
3097 * (it has NoInputNoOutput) then reject the confirmation
3098 * request. The only exception is when we're dedicated bonding
3099 * initiators (connect_cfm_cb set) since then we always have the MITM
3101 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3102 BT_DBG("Rejecting request: remote device can't provide MITM");
3103 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3104 sizeof(ev->bdaddr), &ev->bdaddr);
3108 /* If no side requires MITM protection; auto-accept */
3109 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3110 (!rem_mitm || conn->io_capability == 0x03)) {
3112 /* If we're not the initiators request authorization to
3113 * proceed from user space (mgmt_user_confirm with
3114 * confirm_hint set to 1). */
3115 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3116 BT_DBG("Confirming auto-accept as acceptor");
3121 BT_DBG("Auto-accept of user confirmation with %ums delay",
3122 hdev->auto_accept_delay);
3124 if (hdev->auto_accept_delay > 0) {
3125 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3126 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3130 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3131 sizeof(ev->bdaddr), &ev->bdaddr);
3136 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3140 hci_dev_unlock(hdev);
3143 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3144 struct sk_buff *skb)
3146 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3148 BT_DBG("%s", hdev->name);
3152 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3153 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3155 hci_dev_unlock(hdev);
3158 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3160 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3161 struct hci_conn *conn;
3163 BT_DBG("%s", hdev->name);
3167 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3171 /* To avoid duplicate auth_failed events to user space we check
3172 * the HCI_CONN_AUTH_PEND flag which will be set if we
3173 * initiated the authentication. A traditional auth_complete
3174 * event gets always produced as initiator and is also mapped to
3175 * the mgmt_auth_failed event */
3176 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3177 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3183 hci_dev_unlock(hdev);
3186 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3188 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3189 struct inquiry_entry *ie;
3191 BT_DBG("%s", hdev->name);
3195 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3197 ie->data.ssp_mode = (ev->features[0] & 0x01);
3199 hci_dev_unlock(hdev);
3202 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3203 struct sk_buff *skb)
3205 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3206 struct oob_data *data;
3208 BT_DBG("%s", hdev->name);
3212 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3215 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3217 struct hci_cp_remote_oob_data_reply cp;
3219 bacpy(&cp.bdaddr, &ev->bdaddr);
3220 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3221 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3223 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3226 struct hci_cp_remote_oob_data_neg_reply cp;
3228 bacpy(&cp.bdaddr, &ev->bdaddr);
3229 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3234 hci_dev_unlock(hdev);
3237 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3239 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3240 struct hci_conn *conn;
3242 BT_DBG("%s status %d", hdev->name, ev->status);
3246 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3248 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3250 BT_ERR("No memory for new connection");
3251 hci_dev_unlock(hdev);
3255 conn->dst_type = ev->bdaddr_type;
3259 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3260 conn->dst_type, ev->status);
3261 hci_proto_connect_cfm(conn, ev->status);
3262 conn->state = BT_CLOSED;
3267 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3268 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3269 conn->dst_type, NULL, 0, 0);
3271 conn->sec_level = BT_SECURITY_LOW;
3272 conn->handle = __le16_to_cpu(ev->handle);
3273 conn->state = BT_CONNECTED;
3275 hci_conn_hold_device(conn);
3276 hci_conn_add_sysfs(conn);
3278 hci_proto_connect_cfm(conn, ev->status);
3281 hci_dev_unlock(hdev);
3284 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3287 u8 num_reports = skb->data[0];
3288 void *ptr = &skb->data[1];
3293 while (num_reports--) {
3294 struct hci_ev_le_advertising_info *ev = ptr;
3296 hci_add_adv_entry(hdev, ev);
3298 rssi = ev->data[ev->length];
3299 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3300 NULL, rssi, 0, ev->data, ev->length);
3302 ptr += sizeof(*ev) + ev->length + 1;
3305 hci_dev_unlock(hdev);
3308 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3311 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3312 struct hci_cp_le_ltk_reply cp;
3313 struct hci_cp_le_ltk_neg_reply neg;
3314 struct hci_conn *conn;
3315 struct smp_ltk *ltk;
3317 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3321 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3325 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3329 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3330 cp.handle = cpu_to_le16(conn->handle);
3332 if (ltk->authenticated)
3333 conn->sec_level = BT_SECURITY_HIGH;
3335 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3337 if (ltk->type & HCI_SMP_STK) {
3338 list_del(<k->list);
3342 hci_dev_unlock(hdev);
3347 neg.handle = ev->handle;
3348 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3349 hci_dev_unlock(hdev);
3352 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3354 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3356 skb_pull(skb, sizeof(*le_ev));
3358 switch (le_ev->subevent) {
3359 case HCI_EV_LE_CONN_COMPLETE:
3360 hci_le_conn_complete_evt(hdev, skb);
3363 case HCI_EV_LE_ADVERTISING_REPORT:
3364 hci_le_adv_report_evt(hdev, skb);
3367 case HCI_EV_LE_LTK_REQ:
3368 hci_le_ltk_request_evt(hdev, skb);
3376 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3378 struct hci_event_hdr *hdr = (void *) skb->data;
3379 __u8 event = hdr->evt;
3381 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3384 case HCI_EV_INQUIRY_COMPLETE:
3385 hci_inquiry_complete_evt(hdev, skb);
3388 case HCI_EV_INQUIRY_RESULT:
3389 hci_inquiry_result_evt(hdev, skb);
3392 case HCI_EV_CONN_COMPLETE:
3393 hci_conn_complete_evt(hdev, skb);
3396 case HCI_EV_CONN_REQUEST:
3397 hci_conn_request_evt(hdev, skb);
3400 case HCI_EV_DISCONN_COMPLETE:
3401 hci_disconn_complete_evt(hdev, skb);
3404 case HCI_EV_AUTH_COMPLETE:
3405 hci_auth_complete_evt(hdev, skb);
3408 case HCI_EV_REMOTE_NAME:
3409 hci_remote_name_evt(hdev, skb);
3412 case HCI_EV_ENCRYPT_CHANGE:
3413 hci_encrypt_change_evt(hdev, skb);
3416 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3417 hci_change_link_key_complete_evt(hdev, skb);
3420 case HCI_EV_REMOTE_FEATURES:
3421 hci_remote_features_evt(hdev, skb);
3424 case HCI_EV_REMOTE_VERSION:
3425 hci_remote_version_evt(hdev, skb);
3428 case HCI_EV_QOS_SETUP_COMPLETE:
3429 hci_qos_setup_complete_evt(hdev, skb);
3432 case HCI_EV_CMD_COMPLETE:
3433 hci_cmd_complete_evt(hdev, skb);
3436 case HCI_EV_CMD_STATUS:
3437 hci_cmd_status_evt(hdev, skb);
3440 case HCI_EV_ROLE_CHANGE:
3441 hci_role_change_evt(hdev, skb);
3444 case HCI_EV_NUM_COMP_PKTS:
3445 hci_num_comp_pkts_evt(hdev, skb);
3448 case HCI_EV_MODE_CHANGE:
3449 hci_mode_change_evt(hdev, skb);
3452 case HCI_EV_PIN_CODE_REQ:
3453 hci_pin_code_request_evt(hdev, skb);
3456 case HCI_EV_LINK_KEY_REQ:
3457 hci_link_key_request_evt(hdev, skb);
3460 case HCI_EV_LINK_KEY_NOTIFY:
3461 hci_link_key_notify_evt(hdev, skb);
3464 case HCI_EV_CLOCK_OFFSET:
3465 hci_clock_offset_evt(hdev, skb);
3468 case HCI_EV_PKT_TYPE_CHANGE:
3469 hci_pkt_type_change_evt(hdev, skb);
3472 case HCI_EV_PSCAN_REP_MODE:
3473 hci_pscan_rep_mode_evt(hdev, skb);
3476 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3477 hci_inquiry_result_with_rssi_evt(hdev, skb);
3480 case HCI_EV_REMOTE_EXT_FEATURES:
3481 hci_remote_ext_features_evt(hdev, skb);
3484 case HCI_EV_SYNC_CONN_COMPLETE:
3485 hci_sync_conn_complete_evt(hdev, skb);
3488 case HCI_EV_SYNC_CONN_CHANGED:
3489 hci_sync_conn_changed_evt(hdev, skb);
3492 case HCI_EV_SNIFF_SUBRATE:
3493 hci_sniff_subrate_evt(hdev, skb);
3496 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3497 hci_extended_inquiry_result_evt(hdev, skb);
3500 case HCI_EV_IO_CAPA_REQUEST:
3501 hci_io_capa_request_evt(hdev, skb);
3504 case HCI_EV_IO_CAPA_REPLY:
3505 hci_io_capa_reply_evt(hdev, skb);
3508 case HCI_EV_USER_CONFIRM_REQUEST:
3509 hci_user_confirm_request_evt(hdev, skb);
3512 case HCI_EV_USER_PASSKEY_REQUEST:
3513 hci_user_passkey_request_evt(hdev, skb);
3516 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3517 hci_simple_pair_complete_evt(hdev, skb);
3520 case HCI_EV_REMOTE_HOST_FEATURES:
3521 hci_remote_host_features_evt(hdev, skb);
3524 case HCI_EV_LE_META:
3525 hci_le_meta_evt(hdev, skb);
3528 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3529 hci_remote_oob_data_request_evt(hdev, skb);
3532 case HCI_EV_NUM_COMP_BLOCKS:
3533 hci_num_comp_blocks_evt(hdev, skb);
3537 BT_DBG("%s event 0x%x", hdev->name, event);
3542 hdev->stat.evt_rx++;