2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
33 /* Handle HCI Event packets */
35 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
37 __u8 status = *((__u8 *) skb->data);
39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
43 mgmt_stop_discovery_failed(hdev, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 conn->link_mode &= ~HCI_LM_MASTER;
108 conn->link_mode |= HCI_LM_MASTER;
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all non-persistent flags */
199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
202 hdev->discovery.state = DISCOVERY_STOPPED;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
267 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
269 __u8 status = *((__u8 *) skb->data);
272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
279 __u8 param = *((__u8 *) sent);
282 set_bit(HCI_ENCRYPT, &hdev->flags);
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 param = *((__u8 *) sent);
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
318 mgmt_discoverable(hdev, 1);
319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
335 hci_dev_unlock(hdev);
336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
430 __u8 status = *((__u8 *) skb->data);
432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
437 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439 __u8 status = *((__u8 *) skb->data);
442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460 if (hdev->features[6] & LMP_EXT_INQ)
463 if (hdev->features[3] & LMP_RSSI_INQ)
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
467 hdev->lmp_subver == 0x0757)
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
480 hdev->lmp_subver == 0x1805)
486 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
490 mode = hci_get_inquiry_mode(hdev);
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
495 static void hci_setup_event_mask(struct hci_dev *hdev)
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
513 if (hdev->features[3] & LMP_RSSI_INQ)
514 events[4] |= 0x02; /* Inquiry Result with RSSI */
516 if (lmp_sniffsubr_capable(hdev))
517 events[5] |= 0x20; /* Sniff Subrating */
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
525 if (lmp_no_flush_capable(hdev))
526 events[7] |= 0x01; /* Enhanced Flush Complete */
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531 if (lmp_ssp_capable(hdev)) {
532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
544 if (lmp_le_capable(hdev))
545 events[7] |= 0x20; /* LE Meta-Event */
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
550 static void hci_setup(struct hci_dev *hdev)
552 if (hdev->dev_type != HCI_BREDR)
555 hci_setup_event_mask(hdev);
557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
560 if (lmp_ssp_capable(hdev)) {
561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
564 sizeof(mode), &mode);
566 struct hci_cp_write_eir cp;
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
596 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605 hdev->hci_ver = rp->hci_ver;
606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
607 hdev->lmp_ver = rp->lmp_ver;
608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
614 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
621 static void hci_setup_link_policy(struct hci_dev *hdev)
623 struct hci_cp_write_def_link_policy cp;
626 if (lmp_rswitch_capable(hdev))
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (lmp_sniff_capable(hdev))
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
639 static void hci_cc_read_local_commands(struct hci_dev *hdev,
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
658 static void hci_cc_read_local_features(struct hci_dev *hdev,
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
668 memcpy(hdev->features, rp->features, 8);
670 /* Adjust default settings according to features
671 * supported by device. */
673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
689 if (lmp_esco_capable(hdev))
690 hdev->esco_type |= (ESCO_EV3);
692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
714 static void hci_set_le_support(struct hci_dev *hdev)
716 struct hci_cp_write_le_host_supported cp;
718 memset(&cp, 0, sizeof(cp));
720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
730 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
742 memcpy(hdev->features, rp->features, 8);
745 memcpy(hdev->host_features, rp->features, 8);
749 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
750 hci_set_le_support(hdev);
753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
756 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
766 hdev->flow_ctl_mode = rp->mode;
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
771 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
797 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
809 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
823 hdev->block_cnt = hdev->num_blocks;
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
826 hdev->block_cnt, hdev->block_len);
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
831 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
833 __u8 status = *((__u8 *) skb->data);
835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
840 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
864 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
867 __u8 status = *((__u8 *) skb->data);
869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
874 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
876 __u8 status = *((__u8 *) skb->data);
878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
883 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
886 __u8 status = *((__u8 *) skb->data);
888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
893 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 hdev->inq_tx_power = rp->tx_power;
903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
906 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
908 __u8 status = *((__u8 *) skb->data);
910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
915 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
937 conn->pin_length = cp->pin_len;
940 hci_dev_unlock(hdev);
943 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
955 hci_dev_unlock(hdev);
958 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
971 hdev->le_cnt = hdev->le_pkts;
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
978 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
990 hci_dev_unlock(hdev);
993 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1004 ACL_LINK, 0, rp->status);
1006 hci_dev_unlock(hdev);
1009 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1025 struct sk_buff *skb)
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1035 ACL_LINK, 0, rp->status);
1037 hci_dev_unlock(hdev);
1040 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1041 struct sk_buff *skb)
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1049 rp->randomizer, rp->status);
1050 hci_dev_unlock(hdev);
1053 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1055 __u8 status = *((__u8 *) skb->data);
1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1069 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1070 struct sk_buff *skb)
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1096 hci_dev_unlock(hdev);
1099 case LE_SCANNING_DISABLED:
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
1111 mgmt_interleaved_discovery(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1126 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1138 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1150 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
1153 struct hci_cp_write_le_host_supported *sent;
1154 __u8 status = *((__u8 *) skb->data);
1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1164 hdev->host_features[0] |= LMP_HOST_LE;
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1170 !test_bit(HCI_INIT, &hdev->flags))
1171 mgmt_le_enable_complete(hdev, sent->le, status);
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1176 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1182 hci_conn_check_pending(hdev);
1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1185 mgmt_start_discovery_failed(hdev, status);
1186 hci_dev_unlock(hdev);
1190 set_bit(HCI_INQUIRY, &hdev->flags);
1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1194 hci_dev_unlock(hdev);
1197 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1199 struct hci_cp_create_conn *cp;
1200 struct hci_conn *conn;
1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1215 if (conn && conn->state == BT_CONNECT) {
1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1221 conn->state = BT_CONNECT2;
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1228 conn->link_mode |= HCI_LM_MASTER;
1230 BT_ERR("No memory for new connection");
1234 hci_dev_unlock(hdev);
1237 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1252 handle = __le16_to_cpu(cp->handle);
1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
1262 sco->state = BT_CLOSED;
1264 hci_proto_connect_cfm(sco, status);
1269 hci_dev_unlock(hdev);
1272 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1296 hci_dev_unlock(hdev);
1299 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1323 hci_dev_unlock(hdev);
1326 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1327 struct hci_conn *conn)
1329 if (conn->state != BT_CONFIG || !conn->out)
1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
1335 /* Only request authentication for SSP connections or non-SSP
1336 * devices with sec_level HIGH or if MITM protection is requested */
1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
1344 static int hci_resolve_name(struct hci_dev *hdev,
1345 struct inquiry_entry *e)
1347 struct hci_cp_remote_name_req cp;
1349 memset(&cp, 0, sizeof(cp));
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1359 static bool hci_resolve_next_name(struct hci_dev *hdev)
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1364 if (list_empty(&discov->resolve))
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1368 if (hci_resolve_name(hdev, e) == 0) {
1369 e->name_state = NAME_PENDING;
1376 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1377 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1379 struct discovery_state *discov = &hdev->discovery;
1380 struct inquiry_entry *e;
1382 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1383 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1384 name_len, conn->dev_class);
1386 if (discov->state == DISCOVERY_STOPPED)
1389 if (discov->state == DISCOVERY_STOPPING)
1390 goto discov_complete;
1392 if (discov->state != DISCOVERY_RESOLVING)
1395 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1397 e->name_state = NAME_KNOWN;
1400 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1401 e->data.rssi, name, name_len);
1404 if (hci_resolve_next_name(hdev))
1408 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1411 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn;
1416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */
1423 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1431 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1432 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1437 if (!hci_outgoing_auth_needed(hdev, conn))
1440 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1441 struct hci_cp_auth_requested cp;
1442 cp.handle = __cpu_to_le16(conn->handle);
1443 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1447 hci_dev_unlock(hdev);
1450 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn;
1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1460 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1466 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1468 if (conn->state == BT_CONFIG) {
1469 hci_proto_connect_cfm(conn, status);
1474 hci_dev_unlock(hdev);
1477 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn;
1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1493 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1495 if (conn->state == BT_CONFIG) {
1496 hci_proto_connect_cfm(conn, status);
1501 hci_dev_unlock(hdev);
1504 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1506 struct hci_cp_setup_sync_conn *cp;
1507 struct hci_conn *acl, *sco;
1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1515 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1519 handle = __le16_to_cpu(cp->handle);
1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1525 acl = hci_conn_hash_lookup_handle(hdev, handle);
1529 sco->state = BT_CLOSED;
1531 hci_proto_connect_cfm(sco, status);
1536 hci_dev_unlock(hdev);
1539 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn;
1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1549 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1555 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1557 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1559 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1560 hci_sco_setup(conn, status);
1563 hci_dev_unlock(hdev);
1566 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn;
1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1584 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1587 hci_sco_setup(conn, status);
1590 hci_dev_unlock(hdev);
1593 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1595 struct hci_cp_disconnect *cp;
1596 struct hci_conn *conn;
1601 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1607 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1609 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1610 conn->dst_type, status);
1612 hci_dev_unlock(hdev);
1615 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1617 struct hci_conn *conn;
1619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1624 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1626 hci_dev_unlock(hdev);
1630 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
1633 conn->state = BT_CLOSED;
1634 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1635 conn->dst_type, status);
1636 hci_proto_connect_cfm(conn, status);
1639 hci_dev_unlock(hdev);
1643 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1645 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1648 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1650 __u8 status = *((__u8 *) skb->data);
1651 struct discovery_state *discov = &hdev->discovery;
1652 struct inquiry_entry *e;
1654 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1656 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1658 hci_conn_check_pending(hdev);
1660 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1663 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1668 if (discov->state != DISCOVERY_FINDING)
1671 if (list_empty(&discov->resolve)) {
1672 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1676 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1677 if (e && hci_resolve_name(hdev, e) == 0) {
1678 e->name_state = NAME_PENDING;
1679 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1681 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1685 hci_dev_unlock(hdev);
1688 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1690 struct inquiry_data data;
1691 struct inquiry_info *info = (void *) (skb->data + 1);
1692 int num_rsp = *((__u8 *) skb->data);
1694 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1699 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1704 for (; num_rsp; num_rsp--, info++) {
1705 bool name_known, ssp;
1707 bacpy(&data.bdaddr, &info->bdaddr);
1708 data.pscan_rep_mode = info->pscan_rep_mode;
1709 data.pscan_period_mode = info->pscan_period_mode;
1710 data.pscan_mode = info->pscan_mode;
1711 memcpy(data.dev_class, info->dev_class, 3);
1712 data.clock_offset = info->clock_offset;
1714 data.ssp_mode = 0x00;
1716 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1717 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1718 info->dev_class, 0, !name_known, ssp, NULL,
1722 hci_dev_unlock(hdev);
1725 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1727 struct hci_ev_conn_complete *ev = (void *) skb->data;
1728 struct hci_conn *conn;
1730 BT_DBG("%s", hdev->name);
1734 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1736 if (ev->link_type != SCO_LINK)
1739 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1743 conn->type = SCO_LINK;
1747 conn->handle = __le16_to_cpu(ev->handle);
1749 if (conn->type == ACL_LINK) {
1750 conn->state = BT_CONFIG;
1751 hci_conn_hold(conn);
1752 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1754 conn->state = BT_CONNECTED;
1756 hci_conn_hold_device(conn);
1757 hci_conn_add_sysfs(conn);
1759 if (test_bit(HCI_AUTH, &hdev->flags))
1760 conn->link_mode |= HCI_LM_AUTH;
1762 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1763 conn->link_mode |= HCI_LM_ENCRYPT;
1765 /* Get remote features */
1766 if (conn->type == ACL_LINK) {
1767 struct hci_cp_read_remote_features cp;
1768 cp.handle = ev->handle;
1769 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1773 /* Set packet type for incoming connection */
1774 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1775 struct hci_cp_change_conn_ptype cp;
1776 cp.handle = ev->handle;
1777 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1778 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1782 conn->state = BT_CLOSED;
1783 if (conn->type == ACL_LINK)
1784 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1785 conn->dst_type, ev->status);
1788 if (conn->type == ACL_LINK)
1789 hci_sco_setup(conn, ev->status);
1792 hci_proto_connect_cfm(conn, ev->status);
1794 } else if (ev->link_type != ACL_LINK)
1795 hci_proto_connect_cfm(conn, ev->status);
1798 hci_dev_unlock(hdev);
1800 hci_conn_check_pending(hdev);
1803 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1805 struct hci_ev_conn_request *ev = (void *) skb->data;
1806 int mask = hdev->link_mode;
1808 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1811 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1813 if ((mask & HCI_LM_ACCEPT) &&
1814 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1815 /* Connection accepted */
1816 struct inquiry_entry *ie;
1817 struct hci_conn *conn;
1821 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1823 memcpy(ie->data.dev_class, ev->dev_class, 3);
1825 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1828 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1830 BT_ERR("No memory for new connection");
1831 hci_dev_unlock(hdev);
1836 memcpy(conn->dev_class, ev->dev_class, 3);
1837 conn->state = BT_CONNECT;
1839 hci_dev_unlock(hdev);
1841 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1842 struct hci_cp_accept_conn_req cp;
1844 bacpy(&cp.bdaddr, &ev->bdaddr);
1846 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1847 cp.role = 0x00; /* Become master */
1849 cp.role = 0x01; /* Remain slave */
1851 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1854 struct hci_cp_accept_sync_conn_req cp;
1856 bacpy(&cp.bdaddr, &ev->bdaddr);
1857 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1859 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1860 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1861 cp.max_latency = __constant_cpu_to_le16(0xffff);
1862 cp.content_format = cpu_to_le16(hdev->voice_setting);
1863 cp.retrans_effort = 0xff;
1865 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1869 /* Connection rejected */
1870 struct hci_cp_reject_conn_req cp;
1872 bacpy(&cp.bdaddr, &ev->bdaddr);
1873 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1874 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1878 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1880 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1881 struct hci_conn *conn;
1883 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1887 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1891 if (ev->status == 0)
1892 conn->state = BT_CLOSED;
1894 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1895 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1896 if (ev->status != 0)
1897 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1898 conn->dst_type, ev->status);
1900 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1904 if (ev->status == 0) {
1905 if (conn->type == ACL_LINK && conn->flush_key)
1906 hci_remove_link_key(hdev, &conn->dst);
1907 hci_proto_disconn_cfm(conn, ev->reason);
1912 hci_dev_unlock(hdev);
1915 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1917 struct hci_ev_auth_complete *ev = (void *) skb->data;
1918 struct hci_conn *conn;
1920 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1924 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1929 if (!hci_conn_ssp_enabled(conn) &&
1930 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1931 BT_INFO("re-auth of legacy device is not possible.");
1933 conn->link_mode |= HCI_LM_AUTH;
1934 conn->sec_level = conn->pending_sec_level;
1937 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1941 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1942 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1944 if (conn->state == BT_CONFIG) {
1945 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1946 struct hci_cp_set_conn_encrypt cp;
1947 cp.handle = ev->handle;
1949 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1952 conn->state = BT_CONNECTED;
1953 hci_proto_connect_cfm(conn, ev->status);
1957 hci_auth_cfm(conn, ev->status);
1959 hci_conn_hold(conn);
1960 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1964 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1966 struct hci_cp_set_conn_encrypt cp;
1967 cp.handle = ev->handle;
1969 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1972 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1973 hci_encrypt_cfm(conn, ev->status, 0x00);
1978 hci_dev_unlock(hdev);
1981 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1983 struct hci_ev_remote_name *ev = (void *) skb->data;
1984 struct hci_conn *conn;
1986 BT_DBG("%s", hdev->name);
1988 hci_conn_check_pending(hdev);
1992 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1994 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1997 if (ev->status == 0)
1998 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1999 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2001 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2007 if (!hci_outgoing_auth_needed(hdev, conn))
2010 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2011 struct hci_cp_auth_requested cp;
2012 cp.handle = __cpu_to_le16(conn->handle);
2013 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2017 hci_dev_unlock(hdev);
2020 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2022 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2025 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2029 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2033 /* Encryption implies authentication */
2034 conn->link_mode |= HCI_LM_AUTH;
2035 conn->link_mode |= HCI_LM_ENCRYPT;
2036 conn->sec_level = conn->pending_sec_level;
2038 conn->link_mode &= ~HCI_LM_ENCRYPT;
2041 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2043 if (ev->status && conn->state == BT_CONNECTED) {
2044 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2049 if (conn->state == BT_CONFIG) {
2051 conn->state = BT_CONNECTED;
2053 hci_proto_connect_cfm(conn, ev->status);
2056 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2060 hci_dev_unlock(hdev);
2063 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2064 struct sk_buff *skb)
2066 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2067 struct hci_conn *conn;
2069 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2073 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2076 conn->link_mode |= HCI_LM_SECURE;
2078 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2080 hci_key_change_cfm(conn, ev->status);
2083 hci_dev_unlock(hdev);
2086 static void hci_remote_features_evt(struct hci_dev *hdev,
2087 struct sk_buff *skb)
2089 struct hci_ev_remote_features *ev = (void *) skb->data;
2090 struct hci_conn *conn;
2092 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2101 memcpy(conn->features, ev->features, 8);
2103 if (conn->state != BT_CONFIG)
2106 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2107 struct hci_cp_read_remote_ext_features cp;
2108 cp.handle = ev->handle;
2110 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2115 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2116 struct hci_cp_remote_name_req cp;
2117 memset(&cp, 0, sizeof(cp));
2118 bacpy(&cp.bdaddr, &conn->dst);
2119 cp.pscan_rep_mode = 0x02;
2120 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2121 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2122 mgmt_device_connected(hdev, &conn->dst, conn->type,
2123 conn->dst_type, 0, NULL, 0,
2126 if (!hci_outgoing_auth_needed(hdev, conn)) {
2127 conn->state = BT_CONNECTED;
2128 hci_proto_connect_cfm(conn, ev->status);
2133 hci_dev_unlock(hdev);
2136 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2138 BT_DBG("%s", hdev->name);
2141 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2142 struct sk_buff *skb)
2144 BT_DBG("%s", hdev->name);
2147 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2149 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2152 skb_pull(skb, sizeof(*ev));
2154 opcode = __le16_to_cpu(ev->opcode);
2157 case HCI_OP_INQUIRY_CANCEL:
2158 hci_cc_inquiry_cancel(hdev, skb);
2161 case HCI_OP_PERIODIC_INQ:
2162 hci_cc_periodic_inq(hdev, skb);
2165 case HCI_OP_EXIT_PERIODIC_INQ:
2166 hci_cc_exit_periodic_inq(hdev, skb);
2169 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2170 hci_cc_remote_name_req_cancel(hdev, skb);
2173 case HCI_OP_ROLE_DISCOVERY:
2174 hci_cc_role_discovery(hdev, skb);
2177 case HCI_OP_READ_LINK_POLICY:
2178 hci_cc_read_link_policy(hdev, skb);
2181 case HCI_OP_WRITE_LINK_POLICY:
2182 hci_cc_write_link_policy(hdev, skb);
2185 case HCI_OP_READ_DEF_LINK_POLICY:
2186 hci_cc_read_def_link_policy(hdev, skb);
2189 case HCI_OP_WRITE_DEF_LINK_POLICY:
2190 hci_cc_write_def_link_policy(hdev, skb);
2194 hci_cc_reset(hdev, skb);
2197 case HCI_OP_WRITE_LOCAL_NAME:
2198 hci_cc_write_local_name(hdev, skb);
2201 case HCI_OP_READ_LOCAL_NAME:
2202 hci_cc_read_local_name(hdev, skb);
2205 case HCI_OP_WRITE_AUTH_ENABLE:
2206 hci_cc_write_auth_enable(hdev, skb);
2209 case HCI_OP_WRITE_ENCRYPT_MODE:
2210 hci_cc_write_encrypt_mode(hdev, skb);
2213 case HCI_OP_WRITE_SCAN_ENABLE:
2214 hci_cc_write_scan_enable(hdev, skb);
2217 case HCI_OP_READ_CLASS_OF_DEV:
2218 hci_cc_read_class_of_dev(hdev, skb);
2221 case HCI_OP_WRITE_CLASS_OF_DEV:
2222 hci_cc_write_class_of_dev(hdev, skb);
2225 case HCI_OP_READ_VOICE_SETTING:
2226 hci_cc_read_voice_setting(hdev, skb);
2229 case HCI_OP_WRITE_VOICE_SETTING:
2230 hci_cc_write_voice_setting(hdev, skb);
2233 case HCI_OP_HOST_BUFFER_SIZE:
2234 hci_cc_host_buffer_size(hdev, skb);
2237 case HCI_OP_WRITE_SSP_MODE:
2238 hci_cc_write_ssp_mode(hdev, skb);
2241 case HCI_OP_READ_LOCAL_VERSION:
2242 hci_cc_read_local_version(hdev, skb);
2245 case HCI_OP_READ_LOCAL_COMMANDS:
2246 hci_cc_read_local_commands(hdev, skb);
2249 case HCI_OP_READ_LOCAL_FEATURES:
2250 hci_cc_read_local_features(hdev, skb);
2253 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2254 hci_cc_read_local_ext_features(hdev, skb);
2257 case HCI_OP_READ_BUFFER_SIZE:
2258 hci_cc_read_buffer_size(hdev, skb);
2261 case HCI_OP_READ_BD_ADDR:
2262 hci_cc_read_bd_addr(hdev, skb);
2265 case HCI_OP_READ_DATA_BLOCK_SIZE:
2266 hci_cc_read_data_block_size(hdev, skb);
2269 case HCI_OP_WRITE_CA_TIMEOUT:
2270 hci_cc_write_ca_timeout(hdev, skb);
2273 case HCI_OP_READ_FLOW_CONTROL_MODE:
2274 hci_cc_read_flow_control_mode(hdev, skb);
2277 case HCI_OP_READ_LOCAL_AMP_INFO:
2278 hci_cc_read_local_amp_info(hdev, skb);
2281 case HCI_OP_DELETE_STORED_LINK_KEY:
2282 hci_cc_delete_stored_link_key(hdev, skb);
2285 case HCI_OP_SET_EVENT_MASK:
2286 hci_cc_set_event_mask(hdev, skb);
2289 case HCI_OP_WRITE_INQUIRY_MODE:
2290 hci_cc_write_inquiry_mode(hdev, skb);
2293 case HCI_OP_READ_INQ_RSP_TX_POWER:
2294 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2297 case HCI_OP_SET_EVENT_FLT:
2298 hci_cc_set_event_flt(hdev, skb);
2301 case HCI_OP_PIN_CODE_REPLY:
2302 hci_cc_pin_code_reply(hdev, skb);
2305 case HCI_OP_PIN_CODE_NEG_REPLY:
2306 hci_cc_pin_code_neg_reply(hdev, skb);
2309 case HCI_OP_READ_LOCAL_OOB_DATA:
2310 hci_cc_read_local_oob_data_reply(hdev, skb);
2313 case HCI_OP_LE_READ_BUFFER_SIZE:
2314 hci_cc_le_read_buffer_size(hdev, skb);
2317 case HCI_OP_USER_CONFIRM_REPLY:
2318 hci_cc_user_confirm_reply(hdev, skb);
2321 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2322 hci_cc_user_confirm_neg_reply(hdev, skb);
2325 case HCI_OP_USER_PASSKEY_REPLY:
2326 hci_cc_user_passkey_reply(hdev, skb);
2329 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2330 hci_cc_user_passkey_neg_reply(hdev, skb);
2333 case HCI_OP_LE_SET_SCAN_PARAM:
2334 hci_cc_le_set_scan_param(hdev, skb);
2337 case HCI_OP_LE_SET_SCAN_ENABLE:
2338 hci_cc_le_set_scan_enable(hdev, skb);
2341 case HCI_OP_LE_LTK_REPLY:
2342 hci_cc_le_ltk_reply(hdev, skb);
2345 case HCI_OP_LE_LTK_NEG_REPLY:
2346 hci_cc_le_ltk_neg_reply(hdev, skb);
2349 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2350 hci_cc_write_le_host_supported(hdev, skb);
2354 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2358 if (ev->opcode != HCI_OP_NOP)
2359 del_timer(&hdev->cmd_timer);
2362 atomic_set(&hdev->cmd_cnt, 1);
2363 if (!skb_queue_empty(&hdev->cmd_q))
2364 queue_work(hdev->workqueue, &hdev->cmd_work);
2368 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2370 struct hci_ev_cmd_status *ev = (void *) skb->data;
2373 skb_pull(skb, sizeof(*ev));
2375 opcode = __le16_to_cpu(ev->opcode);
2378 case HCI_OP_INQUIRY:
2379 hci_cs_inquiry(hdev, ev->status);
2382 case HCI_OP_CREATE_CONN:
2383 hci_cs_create_conn(hdev, ev->status);
2386 case HCI_OP_ADD_SCO:
2387 hci_cs_add_sco(hdev, ev->status);
2390 case HCI_OP_AUTH_REQUESTED:
2391 hci_cs_auth_requested(hdev, ev->status);
2394 case HCI_OP_SET_CONN_ENCRYPT:
2395 hci_cs_set_conn_encrypt(hdev, ev->status);
2398 case HCI_OP_REMOTE_NAME_REQ:
2399 hci_cs_remote_name_req(hdev, ev->status);
2402 case HCI_OP_READ_REMOTE_FEATURES:
2403 hci_cs_read_remote_features(hdev, ev->status);
2406 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2407 hci_cs_read_remote_ext_features(hdev, ev->status);
2410 case HCI_OP_SETUP_SYNC_CONN:
2411 hci_cs_setup_sync_conn(hdev, ev->status);
2414 case HCI_OP_SNIFF_MODE:
2415 hci_cs_sniff_mode(hdev, ev->status);
2418 case HCI_OP_EXIT_SNIFF_MODE:
2419 hci_cs_exit_sniff_mode(hdev, ev->status);
2422 case HCI_OP_DISCONNECT:
2423 hci_cs_disconnect(hdev, ev->status);
2426 case HCI_OP_LE_CREATE_CONN:
2427 hci_cs_le_create_conn(hdev, ev->status);
2430 case HCI_OP_LE_START_ENC:
2431 hci_cs_le_start_enc(hdev, ev->status);
2435 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2439 if (ev->opcode != HCI_OP_NOP)
2440 del_timer(&hdev->cmd_timer);
2442 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2443 atomic_set(&hdev->cmd_cnt, 1);
2444 if (!skb_queue_empty(&hdev->cmd_q))
2445 queue_work(hdev->workqueue, &hdev->cmd_work);
2449 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2451 struct hci_ev_role_change *ev = (void *) skb->data;
2452 struct hci_conn *conn;
2454 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2458 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2462 conn->link_mode &= ~HCI_LM_MASTER;
2464 conn->link_mode |= HCI_LM_MASTER;
2467 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2469 hci_role_switch_cfm(conn, ev->status, ev->role);
2472 hci_dev_unlock(hdev);
2475 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2477 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2480 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2481 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2485 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2486 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2487 BT_DBG("%s bad parameters", hdev->name);
2491 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2493 for (i = 0; i < ev->num_hndl; i++) {
2494 struct hci_comp_pkts_info *info = &ev->handles[i];
2495 struct hci_conn *conn;
2496 __u16 handle, count;
2498 handle = __le16_to_cpu(info->handle);
2499 count = __le16_to_cpu(info->count);
2501 conn = hci_conn_hash_lookup_handle(hdev, handle);
2505 conn->sent -= count;
2507 switch (conn->type) {
2509 hdev->acl_cnt += count;
2510 if (hdev->acl_cnt > hdev->acl_pkts)
2511 hdev->acl_cnt = hdev->acl_pkts;
2515 if (hdev->le_pkts) {
2516 hdev->le_cnt += count;
2517 if (hdev->le_cnt > hdev->le_pkts)
2518 hdev->le_cnt = hdev->le_pkts;
2520 hdev->acl_cnt += count;
2521 if (hdev->acl_cnt > hdev->acl_pkts)
2522 hdev->acl_cnt = hdev->acl_pkts;
2527 hdev->sco_cnt += count;
2528 if (hdev->sco_cnt > hdev->sco_pkts)
2529 hdev->sco_cnt = hdev->sco_pkts;
2533 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2538 queue_work(hdev->workqueue, &hdev->tx_work);
2541 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2543 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2546 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2547 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2551 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2552 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2553 BT_DBG("%s bad parameters", hdev->name);
2557 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2560 for (i = 0; i < ev->num_hndl; i++) {
2561 struct hci_comp_blocks_info *info = &ev->handles[i];
2562 struct hci_conn *conn;
2563 __u16 handle, block_count;
2565 handle = __le16_to_cpu(info->handle);
2566 block_count = __le16_to_cpu(info->blocks);
2568 conn = hci_conn_hash_lookup_handle(hdev, handle);
2572 conn->sent -= block_count;
2574 switch (conn->type) {
2576 hdev->block_cnt += block_count;
2577 if (hdev->block_cnt > hdev->num_blocks)
2578 hdev->block_cnt = hdev->num_blocks;
2582 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2587 queue_work(hdev->workqueue, &hdev->tx_work);
2590 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2592 struct hci_ev_mode_change *ev = (void *) skb->data;
2593 struct hci_conn *conn;
2595 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2599 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2601 conn->mode = ev->mode;
2602 conn->interval = __le16_to_cpu(ev->interval);
2604 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2606 if (conn->mode == HCI_CM_ACTIVE)
2607 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2609 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2612 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2613 hci_sco_setup(conn, ev->status);
2616 hci_dev_unlock(hdev);
2619 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2621 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2622 struct hci_conn *conn;
2624 BT_DBG("%s", hdev->name);
2628 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2632 if (conn->state == BT_CONNECTED) {
2633 hci_conn_hold(conn);
2634 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2638 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2639 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2640 sizeof(ev->bdaddr), &ev->bdaddr);
2641 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2644 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2649 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2653 hci_dev_unlock(hdev);
2656 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2658 struct hci_ev_link_key_req *ev = (void *) skb->data;
2659 struct hci_cp_link_key_reply cp;
2660 struct hci_conn *conn;
2661 struct link_key *key;
2663 BT_DBG("%s", hdev->name);
2665 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2670 key = hci_find_link_key(hdev, &ev->bdaddr);
2672 BT_DBG("%s link key not found for %s", hdev->name,
2673 batostr(&ev->bdaddr));
2677 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2678 batostr(&ev->bdaddr));
2680 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2681 key->type == HCI_LK_DEBUG_COMBINATION) {
2682 BT_DBG("%s ignoring debug key", hdev->name);
2686 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2688 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2689 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2690 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2694 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2695 conn->pending_sec_level == BT_SECURITY_HIGH) {
2696 BT_DBG("%s ignoring key unauthenticated for high security",
2701 conn->key_type = key->type;
2702 conn->pin_length = key->pin_len;
2705 bacpy(&cp.bdaddr, &ev->bdaddr);
2706 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2708 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2710 hci_dev_unlock(hdev);
2715 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2716 hci_dev_unlock(hdev);
2719 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2722 struct hci_conn *conn;
2725 BT_DBG("%s", hdev->name);
2729 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2731 hci_conn_hold(conn);
2732 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2733 pin_len = conn->pin_length;
2735 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2736 conn->key_type = ev->key_type;
2741 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2742 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2743 ev->key_type, pin_len);
2745 hci_dev_unlock(hdev);
2748 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2750 struct hci_ev_clock_offset *ev = (void *) skb->data;
2751 struct hci_conn *conn;
2753 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2757 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2758 if (conn && !ev->status) {
2759 struct inquiry_entry *ie;
2761 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2763 ie->data.clock_offset = ev->clock_offset;
2764 ie->timestamp = jiffies;
2768 hci_dev_unlock(hdev);
2771 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2773 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2774 struct hci_conn *conn;
2776 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2780 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2781 if (conn && !ev->status)
2782 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2784 hci_dev_unlock(hdev);
2787 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2789 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2790 struct inquiry_entry *ie;
2792 BT_DBG("%s", hdev->name);
2796 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2798 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2799 ie->timestamp = jiffies;
2802 hci_dev_unlock(hdev);
2805 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2806 struct sk_buff *skb)
2808 struct inquiry_data data;
2809 int num_rsp = *((__u8 *) skb->data);
2810 bool name_known, ssp;
2812 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2817 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2822 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2823 struct inquiry_info_with_rssi_and_pscan_mode *info;
2824 info = (void *) (skb->data + 1);
2826 for (; num_rsp; num_rsp--, info++) {
2827 bacpy(&data.bdaddr, &info->bdaddr);
2828 data.pscan_rep_mode = info->pscan_rep_mode;
2829 data.pscan_period_mode = info->pscan_period_mode;
2830 data.pscan_mode = info->pscan_mode;
2831 memcpy(data.dev_class, info->dev_class, 3);
2832 data.clock_offset = info->clock_offset;
2833 data.rssi = info->rssi;
2834 data.ssp_mode = 0x00;
2836 name_known = hci_inquiry_cache_update(hdev, &data,
2838 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2839 info->dev_class, info->rssi,
2840 !name_known, ssp, NULL, 0);
2843 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2845 for (; num_rsp; num_rsp--, info++) {
2846 bacpy(&data.bdaddr, &info->bdaddr);
2847 data.pscan_rep_mode = info->pscan_rep_mode;
2848 data.pscan_period_mode = info->pscan_period_mode;
2849 data.pscan_mode = 0x00;
2850 memcpy(data.dev_class, info->dev_class, 3);
2851 data.clock_offset = info->clock_offset;
2852 data.rssi = info->rssi;
2853 data.ssp_mode = 0x00;
2854 name_known = hci_inquiry_cache_update(hdev, &data,
2856 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2857 info->dev_class, info->rssi,
2858 !name_known, ssp, NULL, 0);
2862 hci_dev_unlock(hdev);
2865 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2866 struct sk_buff *skb)
2868 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2869 struct hci_conn *conn;
2871 BT_DBG("%s", hdev->name);
2875 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2879 if (!ev->status && ev->page == 0x01) {
2880 struct inquiry_entry *ie;
2882 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2884 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2886 if (ev->features[0] & LMP_HOST_SSP)
2887 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2890 if (conn->state != BT_CONFIG)
2893 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2894 struct hci_cp_remote_name_req cp;
2895 memset(&cp, 0, sizeof(cp));
2896 bacpy(&cp.bdaddr, &conn->dst);
2897 cp.pscan_rep_mode = 0x02;
2898 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2899 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2900 mgmt_device_connected(hdev, &conn->dst, conn->type,
2901 conn->dst_type, 0, NULL, 0,
2904 if (!hci_outgoing_auth_needed(hdev, conn)) {
2905 conn->state = BT_CONNECTED;
2906 hci_proto_connect_cfm(conn, ev->status);
2911 hci_dev_unlock(hdev);
2914 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2915 struct sk_buff *skb)
2917 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2918 struct hci_conn *conn;
2920 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2924 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2926 if (ev->link_type == ESCO_LINK)
2929 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2933 conn->type = SCO_LINK;
2936 switch (ev->status) {
2938 conn->handle = __le16_to_cpu(ev->handle);
2939 conn->state = BT_CONNECTED;
2941 hci_conn_hold_device(conn);
2942 hci_conn_add_sysfs(conn);
2945 case 0x11: /* Unsupported Feature or Parameter Value */
2946 case 0x1c: /* SCO interval rejected */
2947 case 0x1a: /* Unsupported Remote Feature */
2948 case 0x1f: /* Unspecified error */
2949 if (conn->out && conn->attempt < 2) {
2950 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2951 (hdev->esco_type & EDR_ESCO_MASK);
2952 hci_setup_sync(conn, conn->link->handle);
2958 conn->state = BT_CLOSED;
2962 hci_proto_connect_cfm(conn, ev->status);
2967 hci_dev_unlock(hdev);
2970 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2972 BT_DBG("%s", hdev->name);
2975 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2977 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2979 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2982 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2983 struct sk_buff *skb)
2985 struct inquiry_data data;
2986 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2987 int num_rsp = *((__u8 *) skb->data);
2990 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2995 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3000 for (; num_rsp; num_rsp--, info++) {
3001 bool name_known, ssp;
3003 bacpy(&data.bdaddr, &info->bdaddr);
3004 data.pscan_rep_mode = info->pscan_rep_mode;
3005 data.pscan_period_mode = info->pscan_period_mode;
3006 data.pscan_mode = 0x00;
3007 memcpy(data.dev_class, info->dev_class, 3);
3008 data.clock_offset = info->clock_offset;
3009 data.rssi = info->rssi;
3010 data.ssp_mode = 0x01;
3012 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3013 name_known = eir_has_data_type(info->data,
3019 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3021 eir_len = eir_get_length(info->data, sizeof(info->data));
3022 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3023 info->dev_class, info->rssi, !name_known,
3024 ssp, info->data, eir_len);
3027 hci_dev_unlock(hdev);
3030 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3031 struct sk_buff *skb)
3033 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3034 struct hci_conn *conn;
3036 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3037 __le16_to_cpu(ev->handle));
3041 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3046 conn->sec_level = conn->pending_sec_level;
3048 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3050 if (ev->status && conn->state == BT_CONNECTED) {
3051 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3056 if (conn->state == BT_CONFIG) {
3058 conn->state = BT_CONNECTED;
3060 hci_proto_connect_cfm(conn, ev->status);
3063 hci_auth_cfm(conn, ev->status);
3065 hci_conn_hold(conn);
3066 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3071 hci_dev_unlock(hdev);
3074 static u8 hci_get_auth_req(struct hci_conn *conn)
3076 /* If remote requests dedicated bonding follow that lead */
3077 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3078 /* If both remote and local IO capabilities allow MITM
3079 * protection then require it, otherwise don't */
3080 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3086 /* If remote requests no-bonding follow that lead */
3087 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3088 return conn->remote_auth | (conn->auth_type & 0x01);
3090 return conn->auth_type;
3093 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3095 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3096 struct hci_conn *conn;
3098 BT_DBG("%s", hdev->name);
3102 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3106 hci_conn_hold(conn);
3108 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3111 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3112 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3113 struct hci_cp_io_capability_reply cp;
3115 bacpy(&cp.bdaddr, &ev->bdaddr);
3116 /* Change the IO capability from KeyboardDisplay
3117 * to DisplayYesNo as it is not supported by BT spec. */
3118 cp.capability = (conn->io_capability == 0x04) ?
3119 0x01 : conn->io_capability;
3120 conn->auth_type = hci_get_auth_req(conn);
3121 cp.authentication = conn->auth_type;
3123 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3124 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3129 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3132 struct hci_cp_io_capability_neg_reply cp;
3134 bacpy(&cp.bdaddr, &ev->bdaddr);
3135 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3137 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3142 hci_dev_unlock(hdev);
3145 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3147 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3148 struct hci_conn *conn;
3150 BT_DBG("%s", hdev->name);
3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 conn->remote_cap = ev->capability;
3159 conn->remote_auth = ev->authentication;
3161 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3164 hci_dev_unlock(hdev);
3167 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3168 struct sk_buff *skb)
3170 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3171 int loc_mitm, rem_mitm, confirm_hint = 0;
3172 struct hci_conn *conn;
3174 BT_DBG("%s", hdev->name);
3178 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3185 loc_mitm = (conn->auth_type & 0x01);
3186 rem_mitm = (conn->remote_auth & 0x01);
3188 /* If we require MITM but the remote device can't provide that
3189 * (it has NoInputNoOutput) then reject the confirmation
3190 * request. The only exception is when we're dedicated bonding
3191 * initiators (connect_cfm_cb set) since then we always have the MITM
3193 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3194 BT_DBG("Rejecting request: remote device can't provide MITM");
3195 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3196 sizeof(ev->bdaddr), &ev->bdaddr);
3200 /* If no side requires MITM protection; auto-accept */
3201 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3202 (!rem_mitm || conn->io_capability == 0x03)) {
3204 /* If we're not the initiators request authorization to
3205 * proceed from user space (mgmt_user_confirm with
3206 * confirm_hint set to 1). */
3207 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3208 BT_DBG("Confirming auto-accept as acceptor");
3213 BT_DBG("Auto-accept of user confirmation with %ums delay",
3214 hdev->auto_accept_delay);
3216 if (hdev->auto_accept_delay > 0) {
3217 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3218 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3222 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3223 sizeof(ev->bdaddr), &ev->bdaddr);
3228 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3232 hci_dev_unlock(hdev);
3235 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3236 struct sk_buff *skb)
3238 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3240 BT_DBG("%s", hdev->name);
3242 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3243 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3246 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3247 struct sk_buff *skb)
3249 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3250 struct hci_conn *conn;
3252 BT_DBG("%s", hdev->name);
3256 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3260 /* To avoid duplicate auth_failed events to user space we check
3261 * the HCI_CONN_AUTH_PEND flag which will be set if we
3262 * initiated the authentication. A traditional auth_complete
3263 * event gets always produced as initiator and is also mapped to
3264 * the mgmt_auth_failed event */
3265 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3266 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3272 hci_dev_unlock(hdev);
3275 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3276 struct sk_buff *skb)
3278 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3279 struct inquiry_entry *ie;
3281 BT_DBG("%s", hdev->name);
3285 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3287 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3289 hci_dev_unlock(hdev);
3292 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3293 struct sk_buff *skb)
3295 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3296 struct oob_data *data;
3298 BT_DBG("%s", hdev->name);
3302 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3305 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3307 struct hci_cp_remote_oob_data_reply cp;
3309 bacpy(&cp.bdaddr, &ev->bdaddr);
3310 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3311 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3313 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3316 struct hci_cp_remote_oob_data_neg_reply cp;
3318 bacpy(&cp.bdaddr, &ev->bdaddr);
3319 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3324 hci_dev_unlock(hdev);
3327 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3329 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3330 struct hci_conn *conn;
3332 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3337 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3341 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3342 conn->dst_type, ev->status);
3343 hci_proto_connect_cfm(conn, ev->status);
3344 conn->state = BT_CLOSED;
3349 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3351 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3353 BT_ERR("No memory for new connection");
3357 conn->dst_type = ev->bdaddr_type;
3359 if (ev->role == LE_CONN_ROLE_MASTER) {
3361 conn->link_mode |= HCI_LM_MASTER;
3365 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3366 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3367 conn->dst_type, 0, NULL, 0, NULL);
3369 conn->sec_level = BT_SECURITY_LOW;
3370 conn->handle = __le16_to_cpu(ev->handle);
3371 conn->state = BT_CONNECTED;
3373 hci_conn_hold_device(conn);
3374 hci_conn_add_sysfs(conn);
3376 hci_proto_connect_cfm(conn, ev->status);
3379 hci_dev_unlock(hdev);
3382 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3384 u8 num_reports = skb->data[0];
3385 void *ptr = &skb->data[1];
3390 while (num_reports--) {
3391 struct hci_ev_le_advertising_info *ev = ptr;
3393 rssi = ev->data[ev->length];
3394 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3395 NULL, rssi, 0, 1, ev->data, ev->length);
3397 ptr += sizeof(*ev) + ev->length + 1;
3400 hci_dev_unlock(hdev);
3403 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3405 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3406 struct hci_cp_le_ltk_reply cp;
3407 struct hci_cp_le_ltk_neg_reply neg;
3408 struct hci_conn *conn;
3409 struct smp_ltk *ltk;
3411 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3415 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3419 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3423 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3424 cp.handle = cpu_to_le16(conn->handle);
3426 if (ltk->authenticated)
3427 conn->sec_level = BT_SECURITY_HIGH;
3429 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3431 if (ltk->type & HCI_SMP_STK) {
3432 list_del(<k->list);
3436 hci_dev_unlock(hdev);
3441 neg.handle = ev->handle;
3442 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3443 hci_dev_unlock(hdev);
3446 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3448 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3450 skb_pull(skb, sizeof(*le_ev));
3452 switch (le_ev->subevent) {
3453 case HCI_EV_LE_CONN_COMPLETE:
3454 hci_le_conn_complete_evt(hdev, skb);
3457 case HCI_EV_LE_ADVERTISING_REPORT:
3458 hci_le_adv_report_evt(hdev, skb);
3461 case HCI_EV_LE_LTK_REQ:
3462 hci_le_ltk_request_evt(hdev, skb);
3470 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3472 struct hci_event_hdr *hdr = (void *) skb->data;
3473 __u8 event = hdr->evt;
3475 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3478 case HCI_EV_INQUIRY_COMPLETE:
3479 hci_inquiry_complete_evt(hdev, skb);
3482 case HCI_EV_INQUIRY_RESULT:
3483 hci_inquiry_result_evt(hdev, skb);
3486 case HCI_EV_CONN_COMPLETE:
3487 hci_conn_complete_evt(hdev, skb);
3490 case HCI_EV_CONN_REQUEST:
3491 hci_conn_request_evt(hdev, skb);
3494 case HCI_EV_DISCONN_COMPLETE:
3495 hci_disconn_complete_evt(hdev, skb);
3498 case HCI_EV_AUTH_COMPLETE:
3499 hci_auth_complete_evt(hdev, skb);
3502 case HCI_EV_REMOTE_NAME:
3503 hci_remote_name_evt(hdev, skb);
3506 case HCI_EV_ENCRYPT_CHANGE:
3507 hci_encrypt_change_evt(hdev, skb);
3510 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3511 hci_change_link_key_complete_evt(hdev, skb);
3514 case HCI_EV_REMOTE_FEATURES:
3515 hci_remote_features_evt(hdev, skb);
3518 case HCI_EV_REMOTE_VERSION:
3519 hci_remote_version_evt(hdev, skb);
3522 case HCI_EV_QOS_SETUP_COMPLETE:
3523 hci_qos_setup_complete_evt(hdev, skb);
3526 case HCI_EV_CMD_COMPLETE:
3527 hci_cmd_complete_evt(hdev, skb);
3530 case HCI_EV_CMD_STATUS:
3531 hci_cmd_status_evt(hdev, skb);
3534 case HCI_EV_ROLE_CHANGE:
3535 hci_role_change_evt(hdev, skb);
3538 case HCI_EV_NUM_COMP_PKTS:
3539 hci_num_comp_pkts_evt(hdev, skb);
3542 case HCI_EV_MODE_CHANGE:
3543 hci_mode_change_evt(hdev, skb);
3546 case HCI_EV_PIN_CODE_REQ:
3547 hci_pin_code_request_evt(hdev, skb);
3550 case HCI_EV_LINK_KEY_REQ:
3551 hci_link_key_request_evt(hdev, skb);
3554 case HCI_EV_LINK_KEY_NOTIFY:
3555 hci_link_key_notify_evt(hdev, skb);
3558 case HCI_EV_CLOCK_OFFSET:
3559 hci_clock_offset_evt(hdev, skb);
3562 case HCI_EV_PKT_TYPE_CHANGE:
3563 hci_pkt_type_change_evt(hdev, skb);
3566 case HCI_EV_PSCAN_REP_MODE:
3567 hci_pscan_rep_mode_evt(hdev, skb);
3570 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3571 hci_inquiry_result_with_rssi_evt(hdev, skb);
3574 case HCI_EV_REMOTE_EXT_FEATURES:
3575 hci_remote_ext_features_evt(hdev, skb);
3578 case HCI_EV_SYNC_CONN_COMPLETE:
3579 hci_sync_conn_complete_evt(hdev, skb);
3582 case HCI_EV_SYNC_CONN_CHANGED:
3583 hci_sync_conn_changed_evt(hdev, skb);
3586 case HCI_EV_SNIFF_SUBRATE:
3587 hci_sniff_subrate_evt(hdev, skb);
3590 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3591 hci_extended_inquiry_result_evt(hdev, skb);
3594 case HCI_EV_KEY_REFRESH_COMPLETE:
3595 hci_key_refresh_complete_evt(hdev, skb);
3598 case HCI_EV_IO_CAPA_REQUEST:
3599 hci_io_capa_request_evt(hdev, skb);
3602 case HCI_EV_IO_CAPA_REPLY:
3603 hci_io_capa_reply_evt(hdev, skb);
3606 case HCI_EV_USER_CONFIRM_REQUEST:
3607 hci_user_confirm_request_evt(hdev, skb);
3610 case HCI_EV_USER_PASSKEY_REQUEST:
3611 hci_user_passkey_request_evt(hdev, skb);
3614 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3615 hci_simple_pair_complete_evt(hdev, skb);
3618 case HCI_EV_REMOTE_HOST_FEATURES:
3619 hci_remote_host_features_evt(hdev, skb);
3622 case HCI_EV_LE_META:
3623 hci_le_meta_evt(hdev, skb);
3626 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3627 hci_remote_oob_data_request_evt(hdev, skb);
3630 case HCI_EV_NUM_COMP_BLOCKS:
3631 hci_num_comp_blocks_evt(hdev, skb);
3635 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3640 hdev->stat.evt_rx++;
projects / karo-tx-linux.git / blob