2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
63 mgmt_discovering(hdev, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 hci_conn_check_pending(hdev);
82 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
84 BT_DBG("%s", hdev->name);
87 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 conn->link_mode &= ~HCI_LM_MASTER;
104 conn->link_mode |= HCI_LM_MASTER;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
184 __u8 status = *((__u8 *) skb->data);
186 BT_DBG("%s status 0x%x", hdev->name, status);
188 clear_bit(HCI_RESET, &hdev->flags);
190 hci_req_complete(hdev, HCI_OP_RESET, status);
193 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
195 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%x", hdev->name, status);
200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev, sent, status);
210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
227 __u8 status = *((__u8 *) skb->data);
230 BT_DBG("%s status 0x%x", hdev->name, status);
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 __u8 param = *((__u8 *) sent);
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
242 clear_bit(HCI_AUTH, &hdev->flags);
245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
250 __u8 status = *((__u8 *) skb->data);
253 BT_DBG("%s status 0x%x", hdev->name, status);
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 __u8 param = *((__u8 *) sent);
263 set_bit(HCI_ENCRYPT, &hdev->flags);
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
277 BT_DBG("%s status 0x%x", hdev->name, status);
279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
283 param = *((__u8 *) sent);
286 mgmt_write_scan_failed(hdev, param, status);
287 hdev->discov_timeout = 0;
291 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
292 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
294 if (param & SCAN_INQUIRY) {
295 set_bit(HCI_ISCAN, &hdev->flags);
297 mgmt_discoverable(hdev, 1);
298 if (hdev->discov_timeout > 0) {
299 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
300 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
303 } else if (old_iscan)
304 mgmt_discoverable(hdev, 0);
306 if (param & SCAN_PAGE) {
307 set_bit(HCI_PSCAN, &hdev->flags);
309 mgmt_connectable(hdev, 1);
310 } else if (old_pscan)
311 mgmt_connectable(hdev, 0);
314 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
317 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
319 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
321 BT_DBG("%s status 0x%x", hdev->name, rp->status);
326 memcpy(hdev->dev_class, rp->dev_class, 3);
328 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
329 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
332 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 __u8 status = *((__u8 *) skb->data);
337 BT_DBG("%s status 0x%x", hdev->name, status);
342 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
346 memcpy(hdev->dev_class, sent, 3);
349 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
351 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
354 BT_DBG("%s status 0x%x", hdev->name, rp->status);
359 setting = __le16_to_cpu(rp->voice_setting);
361 if (hdev->voice_setting == setting)
364 hdev->voice_setting = setting;
366 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
369 tasklet_disable(&hdev->tx_task);
370 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
371 tasklet_enable(&hdev->tx_task);
375 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377 __u8 status = *((__u8 *) skb->data);
381 BT_DBG("%s status 0x%x", hdev->name, status);
386 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
390 setting = get_unaligned_le16(sent);
392 if (hdev->voice_setting == setting)
395 hdev->voice_setting = setting;
397 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
400 tasklet_disable(&hdev->tx_task);
401 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 tasklet_enable(&hdev->tx_task);
406 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
408 __u8 status = *((__u8 *) skb->data);
410 BT_DBG("%s status 0x%x", hdev->name, status);
412 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
415 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
417 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
419 BT_DBG("%s status 0x%x", hdev->name, rp->status);
424 hdev->ssp_mode = rp->mode;
427 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429 __u8 status = *((__u8 *) skb->data);
432 BT_DBG("%s status 0x%x", hdev->name, status);
437 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
441 hdev->ssp_mode = *((__u8 *) sent);
444 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
446 if (hdev->features[6] & LMP_EXT_INQ)
449 if (hdev->features[3] & LMP_RSSI_INQ)
452 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
453 hdev->lmp_subver == 0x0757)
456 if (hdev->manufacturer == 15) {
457 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
459 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
461 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
465 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
466 hdev->lmp_subver == 0x1805)
472 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
476 mode = hci_get_inquiry_mode(hdev);
478 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
481 static void hci_setup_event_mask(struct hci_dev *hdev)
483 /* The second byte is 0xff instead of 0x9f (two reserved bits
484 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
485 * command otherwise */
486 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
488 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
489 * any event mask for pre 1.2 devices */
490 if (hdev->lmp_ver <= 1)
493 events[4] |= 0x01; /* Flow Specification Complete */
494 events[4] |= 0x02; /* Inquiry Result with RSSI */
495 events[4] |= 0x04; /* Read Remote Extended Features Complete */
496 events[5] |= 0x08; /* Synchronous Connection Complete */
497 events[5] |= 0x10; /* Synchronous Connection Changed */
499 if (hdev->features[3] & LMP_RSSI_INQ)
500 events[4] |= 0x04; /* Inquiry Result with RSSI */
502 if (hdev->features[5] & LMP_SNIFF_SUBR)
503 events[5] |= 0x20; /* Sniff Subrating */
505 if (hdev->features[5] & LMP_PAUSE_ENC)
506 events[5] |= 0x80; /* Encryption Key Refresh Complete */
508 if (hdev->features[6] & LMP_EXT_INQ)
509 events[5] |= 0x40; /* Extended Inquiry Result */
511 if (hdev->features[6] & LMP_NO_FLUSH)
512 events[7] |= 0x01; /* Enhanced Flush Complete */
514 if (hdev->features[7] & LMP_LSTO)
515 events[6] |= 0x80; /* Link Supervision Timeout Changed */
517 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
518 events[6] |= 0x01; /* IO Capability Request */
519 events[6] |= 0x02; /* IO Capability Response */
520 events[6] |= 0x04; /* User Confirmation Request */
521 events[6] |= 0x08; /* User Passkey Request */
522 events[6] |= 0x10; /* Remote OOB Data Request */
523 events[6] |= 0x20; /* Simple Pairing Complete */
524 events[7] |= 0x04; /* User Passkey Notification */
525 events[7] |= 0x08; /* Keypress Notification */
526 events[7] |= 0x10; /* Remote Host Supported
527 * Features Notification */
530 if (hdev->features[4] & LMP_LE)
531 events[7] |= 0x20; /* LE Meta-Event */
533 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
536 static void hci_set_le_support(struct hci_dev *hdev)
538 struct hci_cp_write_le_host_supported cp;
540 memset(&cp, 0, sizeof(cp));
544 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
547 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
550 static void hci_setup(struct hci_dev *hdev)
552 hci_setup_event_mask(hdev);
554 if (hdev->lmp_ver > 1)
555 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
557 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
559 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
562 if (hdev->features[3] & LMP_RSSI_INQ)
563 hci_setup_inquiry_mode(hdev);
565 if (hdev->features[7] & LMP_INQ_TX_PWR)
566 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
568 if (hdev->features[7] & LMP_EXTFEATURES) {
569 struct hci_cp_read_local_ext_features cp;
572 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
576 if (hdev->features[4] & LMP_LE)
577 hci_set_le_support(hdev);
580 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
582 struct hci_rp_read_local_version *rp = (void *) skb->data;
584 BT_DBG("%s status 0x%x", hdev->name, rp->status);
589 hdev->hci_ver = rp->hci_ver;
590 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
591 hdev->lmp_ver = rp->lmp_ver;
592 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
593 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
595 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
597 hdev->hci_ver, hdev->hci_rev);
599 if (test_bit(HCI_INIT, &hdev->flags))
603 static void hci_setup_link_policy(struct hci_dev *hdev)
607 if (hdev->features[0] & LMP_RSWITCH)
608 link_policy |= HCI_LP_RSWITCH;
609 if (hdev->features[0] & LMP_HOLD)
610 link_policy |= HCI_LP_HOLD;
611 if (hdev->features[0] & LMP_SNIFF)
612 link_policy |= HCI_LP_SNIFF;
613 if (hdev->features[1] & LMP_PARK)
614 link_policy |= HCI_LP_PARK;
616 link_policy = cpu_to_le16(link_policy);
617 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
618 sizeof(link_policy), &link_policy);
621 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
623 struct hci_rp_read_local_commands *rp = (void *) skb->data;
625 BT_DBG("%s status 0x%x", hdev->name, rp->status);
630 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
632 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
633 hci_setup_link_policy(hdev);
636 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
639 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
641 struct hci_rp_read_local_features *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
648 memcpy(hdev->features, rp->features, 8);
650 /* Adjust default settings according to features
651 * supported by device. */
653 if (hdev->features[0] & LMP_3SLOT)
654 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
656 if (hdev->features[0] & LMP_5SLOT)
657 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
659 if (hdev->features[1] & LMP_HV2) {
660 hdev->pkt_type |= (HCI_HV2);
661 hdev->esco_type |= (ESCO_HV2);
664 if (hdev->features[1] & LMP_HV3) {
665 hdev->pkt_type |= (HCI_HV3);
666 hdev->esco_type |= (ESCO_HV3);
669 if (hdev->features[3] & LMP_ESCO)
670 hdev->esco_type |= (ESCO_EV3);
672 if (hdev->features[4] & LMP_EV4)
673 hdev->esco_type |= (ESCO_EV4);
675 if (hdev->features[4] & LMP_EV5)
676 hdev->esco_type |= (ESCO_EV5);
678 if (hdev->features[5] & LMP_EDR_ESCO_2M)
679 hdev->esco_type |= (ESCO_2EV3);
681 if (hdev->features[5] & LMP_EDR_ESCO_3M)
682 hdev->esco_type |= (ESCO_3EV3);
684 if (hdev->features[5] & LMP_EDR_3S_ESCO)
685 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
687 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
688 hdev->features[0], hdev->features[1],
689 hdev->features[2], hdev->features[3],
690 hdev->features[4], hdev->features[5],
691 hdev->features[6], hdev->features[7]);
694 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
697 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
699 BT_DBG("%s status 0x%x", hdev->name, rp->status);
704 memcpy(hdev->extfeatures, rp->features, 8);
706 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
709 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
711 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
713 BT_DBG("%s status 0x%x", hdev->name, rp->status);
718 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
719 hdev->sco_mtu = rp->sco_mtu;
720 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
721 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
723 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
728 hdev->acl_cnt = hdev->acl_pkts;
729 hdev->sco_cnt = hdev->sco_pkts;
731 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
732 hdev->acl_mtu, hdev->acl_pkts,
733 hdev->sco_mtu, hdev->sco_pkts);
736 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
738 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
740 BT_DBG("%s status 0x%x", hdev->name, rp->status);
743 bacpy(&hdev->bdaddr, &rp->bdaddr);
745 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
748 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
750 __u8 status = *((__u8 *) skb->data);
752 BT_DBG("%s status 0x%x", hdev->name, status);
754 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
757 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
760 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
767 hdev->amp_status = rp->amp_status;
768 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
769 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
770 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
771 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
772 hdev->amp_type = rp->amp_type;
773 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
774 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
775 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
776 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
778 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
781 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
784 __u8 status = *((__u8 *) skb->data);
786 BT_DBG("%s status 0x%x", hdev->name, status);
788 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
791 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
793 __u8 status = *((__u8 *) skb->data);
795 BT_DBG("%s status 0x%x", hdev->name, status);
797 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
800 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
803 __u8 status = *((__u8 *) skb->data);
805 BT_DBG("%s status 0x%x", hdev->name, status);
807 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
810 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
813 __u8 status = *((__u8 *) skb->data);
815 BT_DBG("%s status 0x%x", hdev->name, status);
817 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
820 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
822 __u8 status = *((__u8 *) skb->data);
824 BT_DBG("%s status 0x%x", hdev->name, status);
826 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
829 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
831 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
832 struct hci_cp_pin_code_reply *cp;
833 struct hci_conn *conn;
835 BT_DBG("%s status 0x%x", hdev->name, rp->status);
837 if (test_bit(HCI_MGMT, &hdev->flags))
838 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
843 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
849 conn->pin_length = cp->pin_len;
852 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
854 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
856 BT_DBG("%s status 0x%x", hdev->name, rp->status);
858 if (test_bit(HCI_MGMT, &hdev->flags))
859 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
862 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
865 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%x", hdev->name, rp->status);
872 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
873 hdev->le_pkts = rp->le_max_pkt;
875 hdev->le_cnt = hdev->le_pkts;
877 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
879 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
882 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
884 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
886 BT_DBG("%s status 0x%x", hdev->name, rp->status);
888 if (test_bit(HCI_MGMT, &hdev->flags))
889 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
893 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
896 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%x", hdev->name, rp->status);
900 if (test_bit(HCI_MGMT, &hdev->flags))
901 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
905 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
908 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
910 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
913 rp->randomizer, rp->status);
916 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
919 struct hci_cp_le_set_scan_enable *cp;
920 __u8 status = *((__u8 *) skb->data);
922 BT_DBG("%s status 0x%x", hdev->name, status);
927 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
931 if (cp->enable == 0x01) {
932 del_timer(&hdev->adv_timer);
935 hci_adv_entries_clear(hdev);
936 hci_dev_unlock(hdev);
937 } else if (cp->enable == 0x00) {
938 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
942 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
944 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%x", hdev->name, rp->status);
951 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
954 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
956 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
963 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
966 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
969 struct hci_cp_read_local_ext_features cp;
970 __u8 status = *((__u8 *) skb->data);
972 BT_DBG("%s status 0x%x", hdev->name, status);
978 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
981 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
983 BT_DBG("%s status 0x%x", hdev->name, status);
986 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
987 hci_conn_check_pending(hdev);
988 if (test_bit(HCI_MGMT, &hdev->flags))
989 mgmt_inquiry_failed(hdev, status);
993 set_bit(HCI_INQUIRY, &hdev->flags);
995 mgmt_discovering(hdev, 1);
998 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1000 struct hci_cp_create_conn *cp;
1001 struct hci_conn *conn;
1003 BT_DBG("%s status 0x%x", hdev->name, status);
1005 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1011 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1013 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1016 if (conn && conn->state == BT_CONNECT) {
1017 if (status != 0x0c || conn->attempt > 2) {
1018 conn->state = BT_CLOSED;
1019 hci_proto_connect_cfm(conn, status);
1022 conn->state = BT_CONNECT2;
1026 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1029 conn->link_mode |= HCI_LM_MASTER;
1031 BT_ERR("No memory for new connection");
1035 hci_dev_unlock(hdev);
1038 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1040 struct hci_cp_add_sco *cp;
1041 struct hci_conn *acl, *sco;
1044 BT_DBG("%s status 0x%x", hdev->name, status);
1049 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1053 handle = __le16_to_cpu(cp->handle);
1055 BT_DBG("%s handle %d", hdev->name, handle);
1059 acl = hci_conn_hash_lookup_handle(hdev, handle);
1063 sco->state = BT_CLOSED;
1065 hci_proto_connect_cfm(sco, status);
1070 hci_dev_unlock(hdev);
1073 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1075 struct hci_cp_auth_requested *cp;
1076 struct hci_conn *conn;
1078 BT_DBG("%s status 0x%x", hdev->name, status);
1083 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1089 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1091 if (conn->state == BT_CONFIG) {
1092 hci_proto_connect_cfm(conn, status);
1097 hci_dev_unlock(hdev);
1100 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1102 struct hci_cp_set_conn_encrypt *cp;
1103 struct hci_conn *conn;
1105 BT_DBG("%s status 0x%x", hdev->name, status);
1110 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1118 if (conn->state == BT_CONFIG) {
1119 hci_proto_connect_cfm(conn, status);
1124 hci_dev_unlock(hdev);
1127 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1128 struct hci_conn *conn)
1130 if (conn->state != BT_CONFIG || !conn->out)
1133 if (conn->pending_sec_level == BT_SECURITY_SDP)
1136 /* Only request authentication for SSP connections or non-SSP
1137 * devices with sec_level HIGH or if MITM protection is requested */
1138 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1139 conn->pending_sec_level != BT_SECURITY_HIGH &&
1140 !(conn->auth_type & 0x01))
1146 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1148 struct hci_cp_remote_name_req *cp;
1149 struct hci_conn *conn;
1151 BT_DBG("%s status 0x%x", hdev->name, status);
1153 /* If successful wait for the name req complete event before
1154 * checking for the need to do authentication */
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1164 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1168 if (!hci_outgoing_auth_needed(hdev, conn))
1171 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1172 struct hci_cp_auth_requested cp;
1173 cp.handle = __cpu_to_le16(conn->handle);
1174 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1178 hci_dev_unlock(hdev);
1181 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1183 struct hci_cp_read_remote_features *cp;
1184 struct hci_conn *conn;
1186 BT_DBG("%s status 0x%x", hdev->name, status);
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1199 if (conn->state == BT_CONFIG) {
1200 hci_proto_connect_cfm(conn, status);
1205 hci_dev_unlock(hdev);
1208 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1210 struct hci_cp_read_remote_ext_features *cp;
1211 struct hci_conn *conn;
1213 BT_DBG("%s status 0x%x", hdev->name, status);
1218 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1224 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1226 if (conn->state == BT_CONFIG) {
1227 hci_proto_connect_cfm(conn, status);
1232 hci_dev_unlock(hdev);
1235 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1237 struct hci_cp_setup_sync_conn *cp;
1238 struct hci_conn *acl, *sco;
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1246 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1250 handle = __le16_to_cpu(cp->handle);
1252 BT_DBG("%s handle %d", hdev->name, handle);
1256 acl = hci_conn_hash_lookup_handle(hdev, handle);
1260 sco->state = BT_CLOSED;
1262 hci_proto_connect_cfm(sco, status);
1267 hci_dev_unlock(hdev);
1270 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1272 struct hci_cp_sniff_mode *cp;
1273 struct hci_conn *conn;
1275 BT_DBG("%s status 0x%x", hdev->name, status);
1280 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1286 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1288 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1290 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1291 hci_sco_setup(conn, status);
1294 hci_dev_unlock(hdev);
1297 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1299 struct hci_cp_exit_sniff_mode *cp;
1300 struct hci_conn *conn;
1302 BT_DBG("%s status 0x%x", hdev->name, status);
1307 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1313 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1315 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1317 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1318 hci_sco_setup(conn, status);
1321 hci_dev_unlock(hdev);
1324 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1326 struct hci_cp_le_create_conn *cp;
1327 struct hci_conn *conn;
1329 BT_DBG("%s status 0x%x", hdev->name, status);
1331 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1337 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1339 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1343 if (conn && conn->state == BT_CONNECT) {
1344 conn->state = BT_CLOSED;
1345 hci_proto_connect_cfm(conn, status);
1350 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1352 conn->dst_type = cp->peer_addr_type;
1355 BT_ERR("No memory for new connection");
1360 hci_dev_unlock(hdev);
1363 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1365 BT_DBG("%s status 0x%x", hdev->name, status);
1368 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1370 __u8 status = *((__u8 *) skb->data);
1372 BT_DBG("%s status %d", hdev->name, status);
1374 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1376 hci_conn_check_pending(hdev);
1378 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1381 mgmt_discovering(hdev, 0);
1384 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1386 struct inquiry_data data;
1387 struct inquiry_info *info = (void *) (skb->data + 1);
1388 int num_rsp = *((__u8 *) skb->data);
1390 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1397 for (; num_rsp; num_rsp--, info++) {
1398 bacpy(&data.bdaddr, &info->bdaddr);
1399 data.pscan_rep_mode = info->pscan_rep_mode;
1400 data.pscan_period_mode = info->pscan_period_mode;
1401 data.pscan_mode = info->pscan_mode;
1402 memcpy(data.dev_class, info->dev_class, 3);
1403 data.clock_offset = info->clock_offset;
1405 data.ssp_mode = 0x00;
1406 hci_inquiry_cache_update(hdev, &data);
1407 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
1408 info->dev_class, 0, NULL);
1411 hci_dev_unlock(hdev);
1414 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1416 struct hci_ev_conn_complete *ev = (void *) skb->data;
1417 struct hci_conn *conn;
1419 BT_DBG("%s", hdev->name);
1423 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1425 if (ev->link_type != SCO_LINK)
1428 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1432 conn->type = SCO_LINK;
1436 conn->handle = __le16_to_cpu(ev->handle);
1438 if (conn->type == ACL_LINK) {
1439 conn->state = BT_CONFIG;
1440 hci_conn_hold(conn);
1441 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1442 mgmt_connected(hdev, &ev->bdaddr, conn->type);
1444 conn->state = BT_CONNECTED;
1446 hci_conn_hold_device(conn);
1447 hci_conn_add_sysfs(conn);
1449 if (test_bit(HCI_AUTH, &hdev->flags))
1450 conn->link_mode |= HCI_LM_AUTH;
1452 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1453 conn->link_mode |= HCI_LM_ENCRYPT;
1455 /* Get remote features */
1456 if (conn->type == ACL_LINK) {
1457 struct hci_cp_read_remote_features cp;
1458 cp.handle = ev->handle;
1459 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1463 /* Set packet type for incoming connection */
1464 if (!conn->out && hdev->hci_ver < 3) {
1465 struct hci_cp_change_conn_ptype cp;
1466 cp.handle = ev->handle;
1467 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1468 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1472 conn->state = BT_CLOSED;
1473 if (conn->type == ACL_LINK)
1474 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1478 if (conn->type == ACL_LINK)
1479 hci_sco_setup(conn, ev->status);
1482 hci_proto_connect_cfm(conn, ev->status);
1484 } else if (ev->link_type != ACL_LINK)
1485 hci_proto_connect_cfm(conn, ev->status);
1488 hci_dev_unlock(hdev);
1490 hci_conn_check_pending(hdev);
1493 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1495 struct hci_ev_conn_request *ev = (void *) skb->data;
1496 int mask = hdev->link_mode;
1498 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1499 batostr(&ev->bdaddr), ev->link_type);
1501 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1503 if ((mask & HCI_LM_ACCEPT) &&
1504 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1505 /* Connection accepted */
1506 struct inquiry_entry *ie;
1507 struct hci_conn *conn;
1511 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1513 memcpy(ie->data.dev_class, ev->dev_class, 3);
1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1517 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1519 BT_ERR("No memory for new connection");
1520 hci_dev_unlock(hdev);
1525 memcpy(conn->dev_class, ev->dev_class, 3);
1526 conn->state = BT_CONNECT;
1528 hci_dev_unlock(hdev);
1530 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1531 struct hci_cp_accept_conn_req cp;
1533 bacpy(&cp.bdaddr, &ev->bdaddr);
1535 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1536 cp.role = 0x00; /* Become master */
1538 cp.role = 0x01; /* Remain slave */
1540 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1543 struct hci_cp_accept_sync_conn_req cp;
1545 bacpy(&cp.bdaddr, &ev->bdaddr);
1546 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1548 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1549 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1550 cp.max_latency = cpu_to_le16(0xffff);
1551 cp.content_format = cpu_to_le16(hdev->voice_setting);
1552 cp.retrans_effort = 0xff;
1554 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1558 /* Connection rejected */
1559 struct hci_cp_reject_conn_req cp;
1561 bacpy(&cp.bdaddr, &ev->bdaddr);
1562 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1563 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1567 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1569 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1570 struct hci_conn *conn;
1572 BT_DBG("%s status %d", hdev->name, ev->status);
1575 mgmt_disconnect_failed(hdev);
1581 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1585 conn->state = BT_CLOSED;
1587 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1588 mgmt_disconnected(hdev, &conn->dst, conn->type);
1590 hci_proto_disconn_cfm(conn, ev->reason);
1594 hci_dev_unlock(hdev);
1597 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1599 struct hci_ev_auth_complete *ev = (void *) skb->data;
1600 struct hci_conn *conn;
1602 BT_DBG("%s status %d", hdev->name, ev->status);
1606 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1611 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1612 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1613 BT_INFO("re-auth of legacy device is not possible.");
1615 conn->link_mode |= HCI_LM_AUTH;
1616 conn->sec_level = conn->pending_sec_level;
1619 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1622 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1623 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1625 if (conn->state == BT_CONFIG) {
1626 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1627 struct hci_cp_set_conn_encrypt cp;
1628 cp.handle = ev->handle;
1630 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1633 conn->state = BT_CONNECTED;
1634 hci_proto_connect_cfm(conn, ev->status);
1638 hci_auth_cfm(conn, ev->status);
1640 hci_conn_hold(conn);
1641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1645 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1647 struct hci_cp_set_conn_encrypt cp;
1648 cp.handle = ev->handle;
1650 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1653 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1654 hci_encrypt_cfm(conn, ev->status, 0x00);
1659 hci_dev_unlock(hdev);
1662 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1664 struct hci_ev_remote_name *ev = (void *) skb->data;
1665 struct hci_conn *conn;
1667 BT_DBG("%s", hdev->name);
1669 hci_conn_check_pending(hdev);
1673 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1674 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1680 if (!hci_outgoing_auth_needed(hdev, conn))
1683 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1684 struct hci_cp_auth_requested cp;
1685 cp.handle = __cpu_to_le16(conn->handle);
1686 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1690 hci_dev_unlock(hdev);
1693 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1695 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1696 struct hci_conn *conn;
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1706 /* Encryption implies authentication */
1707 conn->link_mode |= HCI_LM_AUTH;
1708 conn->link_mode |= HCI_LM_ENCRYPT;
1709 conn->sec_level = conn->pending_sec_level;
1711 conn->link_mode &= ~HCI_LM_ENCRYPT;
1714 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1716 if (conn->state == BT_CONFIG) {
1718 conn->state = BT_CONNECTED;
1720 hci_proto_connect_cfm(conn, ev->status);
1723 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1726 hci_dev_unlock(hdev);
1729 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1732 struct hci_conn *conn;
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1741 conn->link_mode |= HCI_LM_SECURE;
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1745 hci_key_change_cfm(conn, ev->status);
1748 hci_dev_unlock(hdev);
1751 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1753 struct hci_ev_remote_features *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1756 BT_DBG("%s status %d", hdev->name, ev->status);
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1765 memcpy(conn->features, ev->features, 8);
1767 if (conn->state != BT_CONFIG)
1770 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1771 struct hci_cp_read_remote_ext_features cp;
1772 cp.handle = ev->handle;
1774 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1780 struct hci_cp_remote_name_req cp;
1781 memset(&cp, 0, sizeof(cp));
1782 bacpy(&cp.bdaddr, &conn->dst);
1783 cp.pscan_rep_mode = 0x02;
1784 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1787 if (!hci_outgoing_auth_needed(hdev, conn)) {
1788 conn->state = BT_CONNECTED;
1789 hci_proto_connect_cfm(conn, ev->status);
1794 hci_dev_unlock(hdev);
1797 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1799 BT_DBG("%s", hdev->name);
1802 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1804 BT_DBG("%s", hdev->name);
1807 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1809 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1812 skb_pull(skb, sizeof(*ev));
1814 opcode = __le16_to_cpu(ev->opcode);
1817 case HCI_OP_INQUIRY_CANCEL:
1818 hci_cc_inquiry_cancel(hdev, skb);
1821 case HCI_OP_EXIT_PERIODIC_INQ:
1822 hci_cc_exit_periodic_inq(hdev, skb);
1825 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1826 hci_cc_remote_name_req_cancel(hdev, skb);
1829 case HCI_OP_ROLE_DISCOVERY:
1830 hci_cc_role_discovery(hdev, skb);
1833 case HCI_OP_READ_LINK_POLICY:
1834 hci_cc_read_link_policy(hdev, skb);
1837 case HCI_OP_WRITE_LINK_POLICY:
1838 hci_cc_write_link_policy(hdev, skb);
1841 case HCI_OP_READ_DEF_LINK_POLICY:
1842 hci_cc_read_def_link_policy(hdev, skb);
1845 case HCI_OP_WRITE_DEF_LINK_POLICY:
1846 hci_cc_write_def_link_policy(hdev, skb);
1850 hci_cc_reset(hdev, skb);
1853 case HCI_OP_WRITE_LOCAL_NAME:
1854 hci_cc_write_local_name(hdev, skb);
1857 case HCI_OP_READ_LOCAL_NAME:
1858 hci_cc_read_local_name(hdev, skb);
1861 case HCI_OP_WRITE_AUTH_ENABLE:
1862 hci_cc_write_auth_enable(hdev, skb);
1865 case HCI_OP_WRITE_ENCRYPT_MODE:
1866 hci_cc_write_encrypt_mode(hdev, skb);
1869 case HCI_OP_WRITE_SCAN_ENABLE:
1870 hci_cc_write_scan_enable(hdev, skb);
1873 case HCI_OP_READ_CLASS_OF_DEV:
1874 hci_cc_read_class_of_dev(hdev, skb);
1877 case HCI_OP_WRITE_CLASS_OF_DEV:
1878 hci_cc_write_class_of_dev(hdev, skb);
1881 case HCI_OP_READ_VOICE_SETTING:
1882 hci_cc_read_voice_setting(hdev, skb);
1885 case HCI_OP_WRITE_VOICE_SETTING:
1886 hci_cc_write_voice_setting(hdev, skb);
1889 case HCI_OP_HOST_BUFFER_SIZE:
1890 hci_cc_host_buffer_size(hdev, skb);
1893 case HCI_OP_READ_SSP_MODE:
1894 hci_cc_read_ssp_mode(hdev, skb);
1897 case HCI_OP_WRITE_SSP_MODE:
1898 hci_cc_write_ssp_mode(hdev, skb);
1901 case HCI_OP_READ_LOCAL_VERSION:
1902 hci_cc_read_local_version(hdev, skb);
1905 case HCI_OP_READ_LOCAL_COMMANDS:
1906 hci_cc_read_local_commands(hdev, skb);
1909 case HCI_OP_READ_LOCAL_FEATURES:
1910 hci_cc_read_local_features(hdev, skb);
1913 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1914 hci_cc_read_local_ext_features(hdev, skb);
1917 case HCI_OP_READ_BUFFER_SIZE:
1918 hci_cc_read_buffer_size(hdev, skb);
1921 case HCI_OP_READ_BD_ADDR:
1922 hci_cc_read_bd_addr(hdev, skb);
1925 case HCI_OP_WRITE_CA_TIMEOUT:
1926 hci_cc_write_ca_timeout(hdev, skb);
1929 case HCI_OP_READ_LOCAL_AMP_INFO:
1930 hci_cc_read_local_amp_info(hdev, skb);
1933 case HCI_OP_DELETE_STORED_LINK_KEY:
1934 hci_cc_delete_stored_link_key(hdev, skb);
1937 case HCI_OP_SET_EVENT_MASK:
1938 hci_cc_set_event_mask(hdev, skb);
1941 case HCI_OP_WRITE_INQUIRY_MODE:
1942 hci_cc_write_inquiry_mode(hdev, skb);
1945 case HCI_OP_READ_INQ_RSP_TX_POWER:
1946 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1949 case HCI_OP_SET_EVENT_FLT:
1950 hci_cc_set_event_flt(hdev, skb);
1953 case HCI_OP_PIN_CODE_REPLY:
1954 hci_cc_pin_code_reply(hdev, skb);
1957 case HCI_OP_PIN_CODE_NEG_REPLY:
1958 hci_cc_pin_code_neg_reply(hdev, skb);
1961 case HCI_OP_READ_LOCAL_OOB_DATA:
1962 hci_cc_read_local_oob_data_reply(hdev, skb);
1965 case HCI_OP_LE_READ_BUFFER_SIZE:
1966 hci_cc_le_read_buffer_size(hdev, skb);
1969 case HCI_OP_USER_CONFIRM_REPLY:
1970 hci_cc_user_confirm_reply(hdev, skb);
1973 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1974 hci_cc_user_confirm_neg_reply(hdev, skb);
1977 case HCI_OP_LE_SET_SCAN_ENABLE:
1978 hci_cc_le_set_scan_enable(hdev, skb);
1981 case HCI_OP_LE_LTK_REPLY:
1982 hci_cc_le_ltk_reply(hdev, skb);
1985 case HCI_OP_LE_LTK_NEG_REPLY:
1986 hci_cc_le_ltk_neg_reply(hdev, skb);
1989 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1990 hci_cc_write_le_host_supported(hdev, skb);
1994 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1998 if (ev->opcode != HCI_OP_NOP)
1999 del_timer(&hdev->cmd_timer);
2002 atomic_set(&hdev->cmd_cnt, 1);
2003 if (!skb_queue_empty(&hdev->cmd_q))
2004 tasklet_schedule(&hdev->cmd_task);
2008 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2010 struct hci_ev_cmd_status *ev = (void *) skb->data;
2013 skb_pull(skb, sizeof(*ev));
2015 opcode = __le16_to_cpu(ev->opcode);
2018 case HCI_OP_INQUIRY:
2019 hci_cs_inquiry(hdev, ev->status);
2022 case HCI_OP_CREATE_CONN:
2023 hci_cs_create_conn(hdev, ev->status);
2026 case HCI_OP_ADD_SCO:
2027 hci_cs_add_sco(hdev, ev->status);
2030 case HCI_OP_AUTH_REQUESTED:
2031 hci_cs_auth_requested(hdev, ev->status);
2034 case HCI_OP_SET_CONN_ENCRYPT:
2035 hci_cs_set_conn_encrypt(hdev, ev->status);
2038 case HCI_OP_REMOTE_NAME_REQ:
2039 hci_cs_remote_name_req(hdev, ev->status);
2042 case HCI_OP_READ_REMOTE_FEATURES:
2043 hci_cs_read_remote_features(hdev, ev->status);
2046 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2047 hci_cs_read_remote_ext_features(hdev, ev->status);
2050 case HCI_OP_SETUP_SYNC_CONN:
2051 hci_cs_setup_sync_conn(hdev, ev->status);
2054 case HCI_OP_SNIFF_MODE:
2055 hci_cs_sniff_mode(hdev, ev->status);
2058 case HCI_OP_EXIT_SNIFF_MODE:
2059 hci_cs_exit_sniff_mode(hdev, ev->status);
2062 case HCI_OP_DISCONNECT:
2063 if (ev->status != 0)
2064 mgmt_disconnect_failed(hdev);
2067 case HCI_OP_LE_CREATE_CONN:
2068 hci_cs_le_create_conn(hdev, ev->status);
2071 case HCI_OP_LE_START_ENC:
2072 hci_cs_le_start_enc(hdev, ev->status);
2076 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2080 if (ev->opcode != HCI_OP_NOP)
2081 del_timer(&hdev->cmd_timer);
2083 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2084 atomic_set(&hdev->cmd_cnt, 1);
2085 if (!skb_queue_empty(&hdev->cmd_q))
2086 tasklet_schedule(&hdev->cmd_task);
2090 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2092 struct hci_ev_role_change *ev = (void *) skb->data;
2093 struct hci_conn *conn;
2095 BT_DBG("%s status %d", hdev->name, ev->status);
2099 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2103 conn->link_mode &= ~HCI_LM_MASTER;
2105 conn->link_mode |= HCI_LM_MASTER;
2108 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2110 hci_role_switch_cfm(conn, ev->status, ev->role);
2113 hci_dev_unlock(hdev);
2116 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2118 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2122 skb_pull(skb, sizeof(*ev));
2124 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2126 if (skb->len < ev->num_hndl * 4) {
2127 BT_DBG("%s bad parameters", hdev->name);
2131 tasklet_disable(&hdev->tx_task);
2133 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2134 struct hci_conn *conn;
2135 __u16 handle, count;
2137 handle = get_unaligned_le16(ptr++);
2138 count = get_unaligned_le16(ptr++);
2140 conn = hci_conn_hash_lookup_handle(hdev, handle);
2142 conn->sent -= count;
2144 if (conn->type == ACL_LINK) {
2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
2147 hdev->acl_cnt = hdev->acl_pkts;
2148 } else if (conn->type == LE_LINK) {
2149 if (hdev->le_pkts) {
2150 hdev->le_cnt += count;
2151 if (hdev->le_cnt > hdev->le_pkts)
2152 hdev->le_cnt = hdev->le_pkts;
2154 hdev->acl_cnt += count;
2155 if (hdev->acl_cnt > hdev->acl_pkts)
2156 hdev->acl_cnt = hdev->acl_pkts;
2159 hdev->sco_cnt += count;
2160 if (hdev->sco_cnt > hdev->sco_pkts)
2161 hdev->sco_cnt = hdev->sco_pkts;
2166 tasklet_schedule(&hdev->tx_task);
2168 tasklet_enable(&hdev->tx_task);
2171 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2173 struct hci_ev_mode_change *ev = (void *) skb->data;
2174 struct hci_conn *conn;
2176 BT_DBG("%s status %d", hdev->name, ev->status);
2180 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2182 conn->mode = ev->mode;
2183 conn->interval = __le16_to_cpu(ev->interval);
2185 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2186 if (conn->mode == HCI_CM_ACTIVE)
2187 conn->power_save = 1;
2189 conn->power_save = 0;
2192 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2193 hci_sco_setup(conn, ev->status);
2196 hci_dev_unlock(hdev);
2199 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2201 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2202 struct hci_conn *conn;
2204 BT_DBG("%s", hdev->name);
2208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2212 if (conn->state == BT_CONNECTED) {
2213 hci_conn_hold(conn);
2214 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2218 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2219 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2220 sizeof(ev->bdaddr), &ev->bdaddr);
2221 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2224 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2229 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2233 hci_dev_unlock(hdev);
2236 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2238 struct hci_ev_link_key_req *ev = (void *) skb->data;
2239 struct hci_cp_link_key_reply cp;
2240 struct hci_conn *conn;
2241 struct link_key *key;
2243 BT_DBG("%s", hdev->name);
2245 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2250 key = hci_find_link_key(hdev, &ev->bdaddr);
2252 BT_DBG("%s link key not found for %s", hdev->name,
2253 batostr(&ev->bdaddr));
2257 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2258 batostr(&ev->bdaddr));
2260 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2261 key->type == HCI_LK_DEBUG_COMBINATION) {
2262 BT_DBG("%s ignoring debug key", hdev->name);
2266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2268 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2269 conn->auth_type != 0xff &&
2270 (conn->auth_type & 0x01)) {
2271 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2275 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2276 conn->pending_sec_level == BT_SECURITY_HIGH) {
2277 BT_DBG("%s ignoring key unauthenticated for high \
2278 security", hdev->name);
2282 conn->key_type = key->type;
2283 conn->pin_length = key->pin_len;
2286 bacpy(&cp.bdaddr, &ev->bdaddr);
2287 memcpy(cp.link_key, key->val, 16);
2289 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2291 hci_dev_unlock(hdev);
2296 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2297 hci_dev_unlock(hdev);
2300 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2302 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2303 struct hci_conn *conn;
2306 BT_DBG("%s", hdev->name);
2310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2312 hci_conn_hold(conn);
2313 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2314 pin_len = conn->pin_length;
2316 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2317 conn->key_type = ev->key_type;
2322 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2323 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2324 ev->key_type, pin_len);
2326 hci_dev_unlock(hdev);
2329 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2331 struct hci_ev_clock_offset *ev = (void *) skb->data;
2332 struct hci_conn *conn;
2334 BT_DBG("%s status %d", hdev->name, ev->status);
2338 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2339 if (conn && !ev->status) {
2340 struct inquiry_entry *ie;
2342 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2344 ie->data.clock_offset = ev->clock_offset;
2345 ie->timestamp = jiffies;
2349 hci_dev_unlock(hdev);
2352 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2355 struct hci_conn *conn;
2357 BT_DBG("%s status %d", hdev->name, ev->status);
2361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2362 if (conn && !ev->status)
2363 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2365 hci_dev_unlock(hdev);
2368 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2370 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2371 struct inquiry_entry *ie;
2373 BT_DBG("%s", hdev->name);
2377 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2379 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2380 ie->timestamp = jiffies;
2383 hci_dev_unlock(hdev);
2386 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2388 struct inquiry_data data;
2389 int num_rsp = *((__u8 *) skb->data);
2391 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2398 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2399 struct inquiry_info_with_rssi_and_pscan_mode *info;
2400 info = (void *) (skb->data + 1);
2402 for (; num_rsp; num_rsp--, info++) {
2403 bacpy(&data.bdaddr, &info->bdaddr);
2404 data.pscan_rep_mode = info->pscan_rep_mode;
2405 data.pscan_period_mode = info->pscan_period_mode;
2406 data.pscan_mode = info->pscan_mode;
2407 memcpy(data.dev_class, info->dev_class, 3);
2408 data.clock_offset = info->clock_offset;
2409 data.rssi = info->rssi;
2410 data.ssp_mode = 0x00;
2411 hci_inquiry_cache_update(hdev, &data);
2412 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
2413 info->dev_class, info->rssi,
2417 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2419 for (; num_rsp; num_rsp--, info++) {
2420 bacpy(&data.bdaddr, &info->bdaddr);
2421 data.pscan_rep_mode = info->pscan_rep_mode;
2422 data.pscan_period_mode = info->pscan_period_mode;
2423 data.pscan_mode = 0x00;
2424 memcpy(data.dev_class, info->dev_class, 3);
2425 data.clock_offset = info->clock_offset;
2426 data.rssi = info->rssi;
2427 data.ssp_mode = 0x00;
2428 hci_inquiry_cache_update(hdev, &data);
2429 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
2430 info->dev_class, info->rssi,
2435 hci_dev_unlock(hdev);
2438 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2440 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2441 struct hci_conn *conn;
2443 BT_DBG("%s", hdev->name);
2447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2451 if (!ev->status && ev->page == 0x01) {
2452 struct inquiry_entry *ie;
2454 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2456 ie->data.ssp_mode = (ev->features[0] & 0x01);
2458 conn->ssp_mode = (ev->features[0] & 0x01);
2461 if (conn->state != BT_CONFIG)
2465 struct hci_cp_remote_name_req cp;
2466 memset(&cp, 0, sizeof(cp));
2467 bacpy(&cp.bdaddr, &conn->dst);
2468 cp.pscan_rep_mode = 0x02;
2469 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2472 if (!hci_outgoing_auth_needed(hdev, conn)) {
2473 conn->state = BT_CONNECTED;
2474 hci_proto_connect_cfm(conn, ev->status);
2479 hci_dev_unlock(hdev);
2482 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2484 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2485 struct hci_conn *conn;
2487 BT_DBG("%s status %d", hdev->name, ev->status);
2491 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2493 if (ev->link_type == ESCO_LINK)
2496 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2500 conn->type = SCO_LINK;
2503 switch (ev->status) {
2505 conn->handle = __le16_to_cpu(ev->handle);
2506 conn->state = BT_CONNECTED;
2508 hci_conn_hold_device(conn);
2509 hci_conn_add_sysfs(conn);
2512 case 0x11: /* Unsupported Feature or Parameter Value */
2513 case 0x1c: /* SCO interval rejected */
2514 case 0x1a: /* Unsupported Remote Feature */
2515 case 0x1f: /* Unspecified error */
2516 if (conn->out && conn->attempt < 2) {
2517 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2518 (hdev->esco_type & EDR_ESCO_MASK);
2519 hci_setup_sync(conn, conn->link->handle);
2525 conn->state = BT_CLOSED;
2529 hci_proto_connect_cfm(conn, ev->status);
2534 hci_dev_unlock(hdev);
2537 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2539 BT_DBG("%s", hdev->name);
2542 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2544 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2546 BT_DBG("%s status %d", hdev->name, ev->status);
2549 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2551 struct inquiry_data data;
2552 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2553 int num_rsp = *((__u8 *) skb->data);
2555 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2562 for (; num_rsp; num_rsp--, info++) {
2563 bacpy(&data.bdaddr, &info->bdaddr);
2564 data.pscan_rep_mode = info->pscan_rep_mode;
2565 data.pscan_period_mode = info->pscan_period_mode;
2566 data.pscan_mode = 0x00;
2567 memcpy(data.dev_class, info->dev_class, 3);
2568 data.clock_offset = info->clock_offset;
2569 data.rssi = info->rssi;
2570 data.ssp_mode = 0x01;
2571 hci_inquiry_cache_update(hdev, &data);
2572 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK,
2573 info->dev_class, info->rssi, info->data);
2576 hci_dev_unlock(hdev);
2579 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2581 /* If remote requests dedicated bonding follow that lead */
2582 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2583 /* If both remote and local IO capabilities allow MITM
2584 * protection then require it, otherwise don't */
2585 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2591 /* If remote requests no-bonding follow that lead */
2592 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2593 return conn->remote_auth | (conn->auth_type & 0x01);
2595 return conn->auth_type;
2598 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2600 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2601 struct hci_conn *conn;
2603 BT_DBG("%s", hdev->name);
2607 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2611 hci_conn_hold(conn);
2613 if (!test_bit(HCI_MGMT, &hdev->flags))
2616 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2617 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2618 struct hci_cp_io_capability_reply cp;
2620 bacpy(&cp.bdaddr, &ev->bdaddr);
2621 cp.capability = conn->io_capability;
2622 conn->auth_type = hci_get_auth_req(conn);
2623 cp.authentication = conn->auth_type;
2625 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2626 hci_find_remote_oob_data(hdev, &conn->dst))
2631 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2634 struct hci_cp_io_capability_neg_reply cp;
2636 bacpy(&cp.bdaddr, &ev->bdaddr);
2637 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2639 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2644 hci_dev_unlock(hdev);
2647 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2649 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2650 struct hci_conn *conn;
2652 BT_DBG("%s", hdev->name);
2656 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2660 conn->remote_cap = ev->capability;
2661 conn->remote_oob = ev->oob_data;
2662 conn->remote_auth = ev->authentication;
2665 hci_dev_unlock(hdev);
2668 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2669 struct sk_buff *skb)
2671 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2672 int loc_mitm, rem_mitm, confirm_hint = 0;
2673 struct hci_conn *conn;
2675 BT_DBG("%s", hdev->name);
2679 if (!test_bit(HCI_MGMT, &hdev->flags))
2682 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2686 loc_mitm = (conn->auth_type & 0x01);
2687 rem_mitm = (conn->remote_auth & 0x01);
2689 /* If we require MITM but the remote device can't provide that
2690 * (it has NoInputNoOutput) then reject the confirmation
2691 * request. The only exception is when we're dedicated bonding
2692 * initiators (connect_cfm_cb set) since then we always have the MITM
2694 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2695 BT_DBG("Rejecting request: remote device can't provide MITM");
2696 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2697 sizeof(ev->bdaddr), &ev->bdaddr);
2701 /* If no side requires MITM protection; auto-accept */
2702 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2703 (!rem_mitm || conn->io_capability == 0x03)) {
2705 /* If we're not the initiators request authorization to
2706 * proceed from user space (mgmt_user_confirm with
2707 * confirm_hint set to 1). */
2708 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2709 BT_DBG("Confirming auto-accept as acceptor");
2714 BT_DBG("Auto-accept of user confirmation with %ums delay",
2715 hdev->auto_accept_delay);
2717 if (hdev->auto_accept_delay > 0) {
2718 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2719 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2723 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2724 sizeof(ev->bdaddr), &ev->bdaddr);
2729 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2733 hci_dev_unlock(hdev);
2736 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2738 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2739 struct hci_conn *conn;
2741 BT_DBG("%s", hdev->name);
2745 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2749 /* To avoid duplicate auth_failed events to user space we check
2750 * the HCI_CONN_AUTH_PEND flag which will be set if we
2751 * initiated the authentication. A traditional auth_complete
2752 * event gets always produced as initiator and is also mapped to
2753 * the mgmt_auth_failed event */
2754 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2755 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2760 hci_dev_unlock(hdev);
2763 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2766 struct inquiry_entry *ie;
2768 BT_DBG("%s", hdev->name);
2772 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2774 ie->data.ssp_mode = (ev->features[0] & 0x01);
2776 hci_dev_unlock(hdev);
2779 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2780 struct sk_buff *skb)
2782 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2783 struct oob_data *data;
2785 BT_DBG("%s", hdev->name);
2789 if (!test_bit(HCI_MGMT, &hdev->flags))
2792 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2794 struct hci_cp_remote_oob_data_reply cp;
2796 bacpy(&cp.bdaddr, &ev->bdaddr);
2797 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2798 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2800 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2803 struct hci_cp_remote_oob_data_neg_reply cp;
2805 bacpy(&cp.bdaddr, &ev->bdaddr);
2806 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2811 hci_dev_unlock(hdev);
2814 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2816 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2817 struct hci_conn *conn;
2819 BT_DBG("%s status %d", hdev->name, ev->status);
2823 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2825 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2827 BT_ERR("No memory for new connection");
2828 hci_dev_unlock(hdev);
2832 conn->dst_type = ev->bdaddr_type;
2836 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, ev->status);
2837 hci_proto_connect_cfm(conn, ev->status);
2838 conn->state = BT_CLOSED;
2843 mgmt_connected(hdev, &ev->bdaddr, conn->type);
2845 conn->sec_level = BT_SECURITY_LOW;
2846 conn->handle = __le16_to_cpu(ev->handle);
2847 conn->state = BT_CONNECTED;
2849 hci_conn_hold_device(conn);
2850 hci_conn_add_sysfs(conn);
2852 hci_proto_connect_cfm(conn, ev->status);
2855 hci_dev_unlock(hdev);
2858 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2859 struct sk_buff *skb)
2861 u8 num_reports = skb->data[0];
2862 void *ptr = &skb->data[1];
2866 while (num_reports--) {
2867 struct hci_ev_le_advertising_info *ev = ptr;
2869 hci_add_adv_entry(hdev, ev);
2871 ptr += sizeof(*ev) + ev->length + 1;
2874 hci_dev_unlock(hdev);
2877 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2878 struct sk_buff *skb)
2880 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2881 struct hci_cp_le_ltk_reply cp;
2882 struct hci_cp_le_ltk_neg_reply neg;
2883 struct hci_conn *conn;
2884 struct link_key *ltk;
2886 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2890 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2894 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2898 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2899 cp.handle = cpu_to_le16(conn->handle);
2900 conn->pin_length = ltk->pin_len;
2902 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2904 hci_dev_unlock(hdev);
2909 neg.handle = ev->handle;
2910 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2911 hci_dev_unlock(hdev);
2914 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2918 skb_pull(skb, sizeof(*le_ev));
2920 switch (le_ev->subevent) {
2921 case HCI_EV_LE_CONN_COMPLETE:
2922 hci_le_conn_complete_evt(hdev, skb);
2925 case HCI_EV_LE_ADVERTISING_REPORT:
2926 hci_le_adv_report_evt(hdev, skb);
2929 case HCI_EV_LE_LTK_REQ:
2930 hci_le_ltk_request_evt(hdev, skb);
2938 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2940 struct hci_event_hdr *hdr = (void *) skb->data;
2941 __u8 event = hdr->evt;
2943 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2946 case HCI_EV_INQUIRY_COMPLETE:
2947 hci_inquiry_complete_evt(hdev, skb);
2950 case HCI_EV_INQUIRY_RESULT:
2951 hci_inquiry_result_evt(hdev, skb);
2954 case HCI_EV_CONN_COMPLETE:
2955 hci_conn_complete_evt(hdev, skb);
2958 case HCI_EV_CONN_REQUEST:
2959 hci_conn_request_evt(hdev, skb);
2962 case HCI_EV_DISCONN_COMPLETE:
2963 hci_disconn_complete_evt(hdev, skb);
2966 case HCI_EV_AUTH_COMPLETE:
2967 hci_auth_complete_evt(hdev, skb);
2970 case HCI_EV_REMOTE_NAME:
2971 hci_remote_name_evt(hdev, skb);
2974 case HCI_EV_ENCRYPT_CHANGE:
2975 hci_encrypt_change_evt(hdev, skb);
2978 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2979 hci_change_link_key_complete_evt(hdev, skb);
2982 case HCI_EV_REMOTE_FEATURES:
2983 hci_remote_features_evt(hdev, skb);
2986 case HCI_EV_REMOTE_VERSION:
2987 hci_remote_version_evt(hdev, skb);
2990 case HCI_EV_QOS_SETUP_COMPLETE:
2991 hci_qos_setup_complete_evt(hdev, skb);
2994 case HCI_EV_CMD_COMPLETE:
2995 hci_cmd_complete_evt(hdev, skb);
2998 case HCI_EV_CMD_STATUS:
2999 hci_cmd_status_evt(hdev, skb);
3002 case HCI_EV_ROLE_CHANGE:
3003 hci_role_change_evt(hdev, skb);
3006 case HCI_EV_NUM_COMP_PKTS:
3007 hci_num_comp_pkts_evt(hdev, skb);
3010 case HCI_EV_MODE_CHANGE:
3011 hci_mode_change_evt(hdev, skb);
3014 case HCI_EV_PIN_CODE_REQ:
3015 hci_pin_code_request_evt(hdev, skb);
3018 case HCI_EV_LINK_KEY_REQ:
3019 hci_link_key_request_evt(hdev, skb);
3022 case HCI_EV_LINK_KEY_NOTIFY:
3023 hci_link_key_notify_evt(hdev, skb);
3026 case HCI_EV_CLOCK_OFFSET:
3027 hci_clock_offset_evt(hdev, skb);
3030 case HCI_EV_PKT_TYPE_CHANGE:
3031 hci_pkt_type_change_evt(hdev, skb);
3034 case HCI_EV_PSCAN_REP_MODE:
3035 hci_pscan_rep_mode_evt(hdev, skb);
3038 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3039 hci_inquiry_result_with_rssi_evt(hdev, skb);
3042 case HCI_EV_REMOTE_EXT_FEATURES:
3043 hci_remote_ext_features_evt(hdev, skb);
3046 case HCI_EV_SYNC_CONN_COMPLETE:
3047 hci_sync_conn_complete_evt(hdev, skb);
3050 case HCI_EV_SYNC_CONN_CHANGED:
3051 hci_sync_conn_changed_evt(hdev, skb);
3054 case HCI_EV_SNIFF_SUBRATE:
3055 hci_sniff_subrate_evt(hdev, skb);
3058 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3059 hci_extended_inquiry_result_evt(hdev, skb);
3062 case HCI_EV_IO_CAPA_REQUEST:
3063 hci_io_capa_request_evt(hdev, skb);
3066 case HCI_EV_IO_CAPA_REPLY:
3067 hci_io_capa_reply_evt(hdev, skb);
3070 case HCI_EV_USER_CONFIRM_REQUEST:
3071 hci_user_confirm_request_evt(hdev, skb);
3074 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3075 hci_simple_pair_complete_evt(hdev, skb);
3078 case HCI_EV_REMOTE_HOST_FEATURES:
3079 hci_remote_host_features_evt(hdev, skb);
3082 case HCI_EV_LE_META:
3083 hci_le_meta_evt(hdev, skb);
3086 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3087 hci_remote_oob_data_request_evt(hdev, skb);
3091 BT_DBG("%s event 0x%x", hdev->name, event);
3096 hdev->stat.evt_rx++;
3099 /* Generate internal stack event */
3100 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3102 struct hci_event_hdr *hdr;
3103 struct hci_ev_stack_internal *ev;
3104 struct sk_buff *skb;
3106 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3110 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3111 hdr->evt = HCI_EV_STACK_INTERNAL;
3112 hdr->plen = sizeof(*ev) + dlen;
3114 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3116 memcpy(ev->data, data, dlen);
3118 bt_cb(skb)->incoming = 1;
3119 __net_timestamp(skb);
3121 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3122 skb->dev = (void *) hdev;
3123 hci_send_to_sock(hdev, skb, NULL);
3127 module_param(enable_le, bool, 0644);
3128 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / mv-sheeva.git / blob