2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
62 test_bit(HCI_MGMT, &hdev->flags))
63 mgmt_discovering(hdev->id, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
80 test_bit(HCI_MGMT, &hdev->flags))
81 mgmt_discovering(hdev->id, 0);
83 hci_conn_check_pending(hdev);
86 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 conn->link_mode &= ~HCI_LM_MASTER;
108 conn->link_mode |= HCI_LM_MASTER;
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161 BT_DBG("%s status 0x%x", hdev->name, rp->status);
166 hdev->link_policy = __le16_to_cpu(rp->policy);
169 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
171 __u8 status = *((__u8 *) skb->data);
174 BT_DBG("%s status 0x%x", hdev->name, status);
176 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 hdev->link_policy = get_unaligned_le16(sent);
183 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 hci_req_complete(hdev, HCI_OP_RESET, status);
197 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
199 __u8 status = *((__u8 *) skb->data);
202 BT_DBG("%s status 0x%x", hdev->name, status);
204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
208 if (test_bit(HCI_MGMT, &hdev->flags))
209 mgmt_set_local_name_complete(hdev->id, sent, status);
214 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
217 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
219 struct hci_rp_read_local_name *rp = (void *) skb->data;
221 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
229 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
231 __u8 status = *((__u8 *) skb->data);
234 BT_DBG("%s status 0x%x", hdev->name, status);
236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 __u8 param = *((__u8 *) sent);
243 if (param == AUTH_ENABLED)
244 set_bit(HCI_AUTH, &hdev->flags);
246 clear_bit(HCI_AUTH, &hdev->flags);
249 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
252 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
254 __u8 status = *((__u8 *) skb->data);
257 BT_DBG("%s status 0x%x", hdev->name, status);
259 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
264 __u8 param = *((__u8 *) sent);
267 set_bit(HCI_ENCRYPT, &hdev->flags);
269 clear_bit(HCI_ENCRYPT, &hdev->flags);
272 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
275 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
277 __u8 param, status = *((__u8 *) skb->data);
278 int old_pscan, old_iscan;
281 BT_DBG("%s status 0x%x", hdev->name, status);
283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 param = *((__u8 *) sent);
292 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
293 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
295 if (param & SCAN_INQUIRY) {
296 set_bit(HCI_ISCAN, &hdev->flags);
298 mgmt_discoverable(hdev->id, 1);
299 } else if (old_iscan)
300 mgmt_discoverable(hdev->id, 0);
302 if (param & SCAN_PAGE) {
303 set_bit(HCI_PSCAN, &hdev->flags);
305 mgmt_connectable(hdev->id, 1);
306 } else if (old_pscan)
307 mgmt_connectable(hdev->id, 0);
310 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
313 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
315 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
317 BT_DBG("%s status 0x%x", hdev->name, rp->status);
322 memcpy(hdev->dev_class, rp->dev_class, 3);
324 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
325 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
328 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
330 __u8 status = *((__u8 *) skb->data);
333 BT_DBG("%s status 0x%x", hdev->name, status);
338 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
342 memcpy(hdev->dev_class, sent, 3);
345 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
347 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
350 BT_DBG("%s status 0x%x", hdev->name, rp->status);
355 setting = __le16_to_cpu(rp->voice_setting);
357 if (hdev->voice_setting == setting)
360 hdev->voice_setting = setting;
362 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
365 tasklet_disable(&hdev->tx_task);
366 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
367 tasklet_enable(&hdev->tx_task);
371 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 __u8 status = *((__u8 *) skb->data);
377 BT_DBG("%s status 0x%x", hdev->name, status);
382 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
386 setting = get_unaligned_le16(sent);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
396 tasklet_disable(&hdev->tx_task);
397 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
398 tasklet_enable(&hdev->tx_task);
402 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
404 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%x", hdev->name, status);
408 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
411 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
413 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
415 BT_DBG("%s status 0x%x", hdev->name, rp->status);
420 hdev->ssp_mode = rp->mode;
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425 __u8 status = *((__u8 *) skb->data);
428 BT_DBG("%s status 0x%x", hdev->name, status);
433 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
437 hdev->ssp_mode = *((__u8 *) sent);
440 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
442 if (hdev->features[6] & LMP_EXT_INQ)
445 if (hdev->features[3] & LMP_RSSI_INQ)
448 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
449 hdev->lmp_subver == 0x0757)
452 if (hdev->manufacturer == 15) {
453 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
455 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
457 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
461 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
462 hdev->lmp_subver == 0x1805)
468 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
472 mode = hci_get_inquiry_mode(hdev);
474 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
477 static void hci_setup_event_mask(struct hci_dev *hdev)
479 /* The second byte is 0xff instead of 0x9f (two reserved bits
480 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
481 * command otherwise */
482 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
484 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
485 * any event mask for pre 1.2 devices */
486 if (hdev->lmp_ver <= 1)
489 events[4] |= 0x01; /* Flow Specification Complete */
490 events[4] |= 0x02; /* Inquiry Result with RSSI */
491 events[4] |= 0x04; /* Read Remote Extended Features Complete */
492 events[5] |= 0x08; /* Synchronous Connection Complete */
493 events[5] |= 0x10; /* Synchronous Connection Changed */
495 if (hdev->features[3] & LMP_RSSI_INQ)
496 events[4] |= 0x04; /* Inquiry Result with RSSI */
498 if (hdev->features[5] & LMP_SNIFF_SUBR)
499 events[5] |= 0x20; /* Sniff Subrating */
501 if (hdev->features[5] & LMP_PAUSE_ENC)
502 events[5] |= 0x80; /* Encryption Key Refresh Complete */
504 if (hdev->features[6] & LMP_EXT_INQ)
505 events[5] |= 0x40; /* Extended Inquiry Result */
507 if (hdev->features[6] & LMP_NO_FLUSH)
508 events[7] |= 0x01; /* Enhanced Flush Complete */
510 if (hdev->features[7] & LMP_LSTO)
511 events[6] |= 0x80; /* Link Supervision Timeout Changed */
513 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
514 events[6] |= 0x01; /* IO Capability Request */
515 events[6] |= 0x02; /* IO Capability Response */
516 events[6] |= 0x04; /* User Confirmation Request */
517 events[6] |= 0x08; /* User Passkey Request */
518 events[6] |= 0x10; /* Remote OOB Data Request */
519 events[6] |= 0x20; /* Simple Pairing Complete */
520 events[7] |= 0x04; /* User Passkey Notification */
521 events[7] |= 0x08; /* Keypress Notification */
522 events[7] |= 0x10; /* Remote Host Supported
523 * Features Notification */
526 if (hdev->features[4] & LMP_LE)
527 events[7] |= 0x20; /* LE Meta-Event */
529 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
532 static void hci_set_le_support(struct hci_dev *hdev)
534 struct hci_cp_write_le_host_supported cp;
536 memset(&cp, 0, sizeof(cp));
540 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
543 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
546 static void hci_setup(struct hci_dev *hdev)
548 hci_setup_event_mask(hdev);
550 if (hdev->lmp_ver > 1)
551 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
553 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
555 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
558 if (hdev->features[3] & LMP_RSSI_INQ)
559 hci_setup_inquiry_mode(hdev);
561 if (hdev->features[7] & LMP_INQ_TX_PWR)
562 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
564 if (hdev->features[7] & LMP_EXTFEATURES) {
565 struct hci_cp_read_local_ext_features cp;
568 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
572 if (hdev->features[4] & LMP_LE)
573 hci_set_le_support(hdev);
576 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
578 struct hci_rp_read_local_version *rp = (void *) skb->data;
580 BT_DBG("%s status 0x%x", hdev->name, rp->status);
585 hdev->hci_ver = rp->hci_ver;
586 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
587 hdev->lmp_ver = rp->lmp_ver;
588 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
589 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
591 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
593 hdev->hci_ver, hdev->hci_rev);
595 if (test_bit(HCI_INIT, &hdev->flags))
599 static void hci_setup_link_policy(struct hci_dev *hdev)
603 if (hdev->features[0] & LMP_RSWITCH)
604 link_policy |= HCI_LP_RSWITCH;
605 if (hdev->features[0] & LMP_HOLD)
606 link_policy |= HCI_LP_HOLD;
607 if (hdev->features[0] & LMP_SNIFF)
608 link_policy |= HCI_LP_SNIFF;
609 if (hdev->features[1] & LMP_PARK)
610 link_policy |= HCI_LP_PARK;
612 link_policy = cpu_to_le16(link_policy);
613 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
614 sizeof(link_policy), &link_policy);
617 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
619 struct hci_rp_read_local_commands *rp = (void *) skb->data;
621 BT_DBG("%s status 0x%x", hdev->name, rp->status);
626 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
628 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
629 hci_setup_link_policy(hdev);
632 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
635 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
637 struct hci_rp_read_local_features *rp = (void *) skb->data;
639 BT_DBG("%s status 0x%x", hdev->name, rp->status);
644 memcpy(hdev->features, rp->features, 8);
646 /* Adjust default settings according to features
647 * supported by device. */
649 if (hdev->features[0] & LMP_3SLOT)
650 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
652 if (hdev->features[0] & LMP_5SLOT)
653 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
655 if (hdev->features[1] & LMP_HV2) {
656 hdev->pkt_type |= (HCI_HV2);
657 hdev->esco_type |= (ESCO_HV2);
660 if (hdev->features[1] & LMP_HV3) {
661 hdev->pkt_type |= (HCI_HV3);
662 hdev->esco_type |= (ESCO_HV3);
665 if (hdev->features[3] & LMP_ESCO)
666 hdev->esco_type |= (ESCO_EV3);
668 if (hdev->features[4] & LMP_EV4)
669 hdev->esco_type |= (ESCO_EV4);
671 if (hdev->features[4] & LMP_EV5)
672 hdev->esco_type |= (ESCO_EV5);
674 if (hdev->features[5] & LMP_EDR_ESCO_2M)
675 hdev->esco_type |= (ESCO_2EV3);
677 if (hdev->features[5] & LMP_EDR_ESCO_3M)
678 hdev->esco_type |= (ESCO_3EV3);
680 if (hdev->features[5] & LMP_EDR_3S_ESCO)
681 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
683 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
684 hdev->features[0], hdev->features[1],
685 hdev->features[2], hdev->features[3],
686 hdev->features[4], hdev->features[5],
687 hdev->features[6], hdev->features[7]);
690 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
693 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
695 BT_DBG("%s status 0x%x", hdev->name, rp->status);
700 memcpy(hdev->extfeatures, rp->features, 8);
702 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
705 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
707 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
714 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
715 hdev->sco_mtu = rp->sco_mtu;
716 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
717 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
719 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
724 hdev->acl_cnt = hdev->acl_pkts;
725 hdev->sco_cnt = hdev->sco_pkts;
727 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
728 hdev->acl_mtu, hdev->acl_pkts,
729 hdev->sco_mtu, hdev->sco_pkts);
732 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
734 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
736 BT_DBG("%s status 0x%x", hdev->name, rp->status);
739 bacpy(&hdev->bdaddr, &rp->bdaddr);
741 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
744 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
746 __u8 status = *((__u8 *) skb->data);
748 BT_DBG("%s status 0x%x", hdev->name, status);
750 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
753 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
756 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
758 BT_DBG("%s status 0x%x", hdev->name, rp->status);
763 hdev->amp_status = rp->amp_status;
764 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
765 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
766 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
767 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
768 hdev->amp_type = rp->amp_type;
769 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
770 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
771 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
772 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
774 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
777 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
780 __u8 status = *((__u8 *) skb->data);
782 BT_DBG("%s status 0x%x", hdev->name, status);
784 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
787 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
789 __u8 status = *((__u8 *) skb->data);
791 BT_DBG("%s status 0x%x", hdev->name, status);
793 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
796 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
799 __u8 status = *((__u8 *) skb->data);
801 BT_DBG("%s status 0x%x", hdev->name, status);
803 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
806 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
809 __u8 status = *((__u8 *) skb->data);
811 BT_DBG("%s status 0x%x", hdev->name, status);
813 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
816 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
818 __u8 status = *((__u8 *) skb->data);
820 BT_DBG("%s status 0x%x", hdev->name, status);
822 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
825 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
827 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
828 struct hci_cp_pin_code_reply *cp;
829 struct hci_conn *conn;
831 BT_DBG("%s status 0x%x", hdev->name, rp->status);
833 if (test_bit(HCI_MGMT, &hdev->flags))
834 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
839 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
843 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
845 conn->pin_length = cp->pin_len;
848 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
850 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
852 BT_DBG("%s status 0x%x", hdev->name, rp->status);
854 if (test_bit(HCI_MGMT, &hdev->flags))
855 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
858 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
861 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
863 BT_DBG("%s status 0x%x", hdev->name, rp->status);
868 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
869 hdev->le_pkts = rp->le_max_pkt;
871 hdev->le_cnt = hdev->le_pkts;
873 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
875 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
878 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
880 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882 BT_DBG("%s status 0x%x", hdev->name, rp->status);
884 if (test_bit(HCI_MGMT, &hdev->flags))
885 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
889 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
892 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
894 BT_DBG("%s status 0x%x", hdev->name, rp->status);
896 if (test_bit(HCI_MGMT, &hdev->flags))
897 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
901 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
904 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
906 BT_DBG("%s status 0x%x", hdev->name, rp->status);
908 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
909 rp->randomizer, rp->status);
912 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
915 struct hci_cp_le_set_scan_enable *cp;
916 __u8 status = *((__u8 *) skb->data);
918 BT_DBG("%s status 0x%x", hdev->name, status);
923 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
927 if (cp->enable == 0x01) {
928 del_timer(&hdev->adv_timer);
931 hci_adv_entries_clear(hdev);
932 hci_dev_unlock(hdev);
933 } else if (cp->enable == 0x00) {
934 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
938 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
940 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
942 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
950 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
952 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
954 BT_DBG("%s status 0x%x", hdev->name, rp->status);
959 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
962 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
965 struct hci_cp_read_local_ext_features cp;
966 __u8 status = *((__u8 *) skb->data);
968 BT_DBG("%s status 0x%x", hdev->name, status);
974 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
977 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
979 BT_DBG("%s status 0x%x", hdev->name, status);
982 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
983 hci_conn_check_pending(hdev);
984 if (test_bit(HCI_MGMT, &hdev->flags))
985 mgmt_inquiry_failed(hdev->id, status);
989 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
990 test_bit(HCI_MGMT, &hdev->flags))
991 mgmt_discovering(hdev->id, 1);
994 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
996 struct hci_cp_create_conn *cp;
997 struct hci_conn *conn;
999 BT_DBG("%s status 0x%x", hdev->name, status);
1001 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1009 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1012 if (conn && conn->state == BT_CONNECT) {
1013 if (status != 0x0c || conn->attempt > 2) {
1014 conn->state = BT_CLOSED;
1015 hci_proto_connect_cfm(conn, status);
1018 conn->state = BT_CONNECT2;
1022 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1025 conn->link_mode |= HCI_LM_MASTER;
1027 BT_ERR("No memory for new connection");
1031 hci_dev_unlock(hdev);
1034 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1036 struct hci_cp_add_sco *cp;
1037 struct hci_conn *acl, *sco;
1040 BT_DBG("%s status 0x%x", hdev->name, status);
1045 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1049 handle = __le16_to_cpu(cp->handle);
1051 BT_DBG("%s handle %d", hdev->name, handle);
1055 acl = hci_conn_hash_lookup_handle(hdev, handle);
1059 sco->state = BT_CLOSED;
1061 hci_proto_connect_cfm(sco, status);
1066 hci_dev_unlock(hdev);
1069 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1071 struct hci_cp_auth_requested *cp;
1072 struct hci_conn *conn;
1074 BT_DBG("%s status 0x%x", hdev->name, status);
1079 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1085 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1087 if (conn->state == BT_CONFIG) {
1088 hci_proto_connect_cfm(conn, status);
1093 hci_dev_unlock(hdev);
1096 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1098 struct hci_cp_set_conn_encrypt *cp;
1099 struct hci_conn *conn;
1101 BT_DBG("%s status 0x%x", hdev->name, status);
1106 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1114 if (conn->state == BT_CONFIG) {
1115 hci_proto_connect_cfm(conn, status);
1120 hci_dev_unlock(hdev);
1123 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1124 struct hci_conn *conn)
1126 if (conn->state != BT_CONFIG || !conn->out)
1129 if (conn->pending_sec_level == BT_SECURITY_SDP)
1132 /* Only request authentication for SSP connections or non-SSP
1133 * devices with sec_level HIGH or if MITM protection is requested */
1134 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1135 conn->pending_sec_level != BT_SECURITY_HIGH &&
1136 !(conn->auth_type & 0x01))
1142 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1144 struct hci_cp_remote_name_req *cp;
1145 struct hci_conn *conn;
1147 BT_DBG("%s status 0x%x", hdev->name, status);
1149 /* If successful wait for the name req complete event before
1150 * checking for the need to do authentication */
1154 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1164 if (!hci_outgoing_auth_needed(hdev, conn))
1167 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1168 struct hci_cp_auth_requested cp;
1169 cp.handle = __cpu_to_le16(conn->handle);
1170 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1174 hci_dev_unlock(hdev);
1177 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1179 struct hci_cp_read_remote_features *cp;
1180 struct hci_conn *conn;
1182 BT_DBG("%s status 0x%x", hdev->name, status);
1187 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1193 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1195 if (conn->state == BT_CONFIG) {
1196 hci_proto_connect_cfm(conn, status);
1201 hci_dev_unlock(hdev);
1204 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1206 struct hci_cp_read_remote_ext_features *cp;
1207 struct hci_conn *conn;
1209 BT_DBG("%s status 0x%x", hdev->name, status);
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1220 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1222 if (conn->state == BT_CONFIG) {
1223 hci_proto_connect_cfm(conn, status);
1228 hci_dev_unlock(hdev);
1231 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1233 struct hci_cp_setup_sync_conn *cp;
1234 struct hci_conn *acl, *sco;
1237 BT_DBG("%s status 0x%x", hdev->name, status);
1242 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1246 handle = __le16_to_cpu(cp->handle);
1248 BT_DBG("%s handle %d", hdev->name, handle);
1252 acl = hci_conn_hash_lookup_handle(hdev, handle);
1256 sco->state = BT_CLOSED;
1258 hci_proto_connect_cfm(sco, status);
1263 hci_dev_unlock(hdev);
1266 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1268 struct hci_cp_sniff_mode *cp;
1269 struct hci_conn *conn;
1271 BT_DBG("%s status 0x%x", hdev->name, status);
1276 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1282 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1284 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1286 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1287 hci_sco_setup(conn, status);
1290 hci_dev_unlock(hdev);
1293 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1295 struct hci_cp_exit_sniff_mode *cp;
1296 struct hci_conn *conn;
1298 BT_DBG("%s status 0x%x", hdev->name, status);
1303 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1309 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1311 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1313 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1314 hci_sco_setup(conn, status);
1317 hci_dev_unlock(hdev);
1320 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1322 struct hci_cp_le_create_conn *cp;
1323 struct hci_conn *conn;
1325 BT_DBG("%s status 0x%x", hdev->name, status);
1327 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1333 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1335 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1339 if (conn && conn->state == BT_CONNECT) {
1340 conn->state = BT_CLOSED;
1341 hci_proto_connect_cfm(conn, status);
1346 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1348 conn->dst_type = cp->peer_addr_type;
1351 BT_ERR("No memory for new connection");
1356 hci_dev_unlock(hdev);
1359 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1361 BT_DBG("%s status 0x%x", hdev->name, status);
1364 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1366 __u8 status = *((__u8 *) skb->data);
1368 BT_DBG("%s status %d", hdev->name, status);
1370 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1371 test_bit(HCI_MGMT, &hdev->flags))
1372 mgmt_discovering(hdev->id, 0);
1374 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1376 hci_conn_check_pending(hdev);
1379 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1381 struct inquiry_data data;
1382 struct inquiry_info *info = (void *) (skb->data + 1);
1383 int num_rsp = *((__u8 *) skb->data);
1385 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1392 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1394 if (test_bit(HCI_MGMT, &hdev->flags))
1395 mgmt_discovering(hdev->id, 1);
1398 for (; num_rsp; num_rsp--, info++) {
1399 bacpy(&data.bdaddr, &info->bdaddr);
1400 data.pscan_rep_mode = info->pscan_rep_mode;
1401 data.pscan_period_mode = info->pscan_period_mode;
1402 data.pscan_mode = info->pscan_mode;
1403 memcpy(data.dev_class, info->dev_class, 3);
1404 data.clock_offset = info->clock_offset;
1406 data.ssp_mode = 0x00;
1407 hci_inquiry_cache_update(hdev, &data);
1408 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1412 hci_dev_unlock(hdev);
1415 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1417 struct hci_ev_conn_complete *ev = (void *) skb->data;
1418 struct hci_conn *conn;
1420 BT_DBG("%s", hdev->name);
1424 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1426 if (ev->link_type != SCO_LINK)
1429 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1433 conn->type = SCO_LINK;
1437 conn->handle = __le16_to_cpu(ev->handle);
1439 if (conn->type == ACL_LINK) {
1440 conn->state = BT_CONFIG;
1441 hci_conn_hold(conn);
1442 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1443 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
1445 conn->state = BT_CONNECTED;
1447 hci_conn_hold_device(conn);
1448 hci_conn_add_sysfs(conn);
1450 if (test_bit(HCI_AUTH, &hdev->flags))
1451 conn->link_mode |= HCI_LM_AUTH;
1453 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1454 conn->link_mode |= HCI_LM_ENCRYPT;
1456 /* Get remote features */
1457 if (conn->type == ACL_LINK) {
1458 struct hci_cp_read_remote_features cp;
1459 cp.handle = ev->handle;
1460 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1464 /* Set packet type for incoming connection */
1465 if (!conn->out && hdev->hci_ver < 3) {
1466 struct hci_cp_change_conn_ptype cp;
1467 cp.handle = ev->handle;
1468 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1469 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1473 conn->state = BT_CLOSED;
1474 if (conn->type == ACL_LINK)
1475 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1478 if (conn->type == ACL_LINK)
1479 hci_sco_setup(conn, ev->status);
1482 hci_proto_connect_cfm(conn, ev->status);
1484 } else if (ev->link_type != ACL_LINK)
1485 hci_proto_connect_cfm(conn, ev->status);
1488 hci_dev_unlock(hdev);
1490 hci_conn_check_pending(hdev);
1493 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1495 struct hci_ev_conn_request *ev = (void *) skb->data;
1496 int mask = hdev->link_mode;
1498 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1499 batostr(&ev->bdaddr), ev->link_type);
1501 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1503 if ((mask & HCI_LM_ACCEPT) &&
1504 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1505 /* Connection accepted */
1506 struct inquiry_entry *ie;
1507 struct hci_conn *conn;
1511 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1513 memcpy(ie->data.dev_class, ev->dev_class, 3);
1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1517 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1519 BT_ERR("No memory for new connection");
1520 hci_dev_unlock(hdev);
1525 memcpy(conn->dev_class, ev->dev_class, 3);
1526 conn->state = BT_CONNECT;
1528 hci_dev_unlock(hdev);
1530 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1531 struct hci_cp_accept_conn_req cp;
1533 bacpy(&cp.bdaddr, &ev->bdaddr);
1535 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1536 cp.role = 0x00; /* Become master */
1538 cp.role = 0x01; /* Remain slave */
1540 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1543 struct hci_cp_accept_sync_conn_req cp;
1545 bacpy(&cp.bdaddr, &ev->bdaddr);
1546 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1548 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1549 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1550 cp.max_latency = cpu_to_le16(0xffff);
1551 cp.content_format = cpu_to_le16(hdev->voice_setting);
1552 cp.retrans_effort = 0xff;
1554 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1558 /* Connection rejected */
1559 struct hci_cp_reject_conn_req cp;
1561 bacpy(&cp.bdaddr, &ev->bdaddr);
1562 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1563 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1567 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1569 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1570 struct hci_conn *conn;
1572 BT_DBG("%s status %d", hdev->name, ev->status);
1575 mgmt_disconnect_failed(hdev->id);
1581 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1585 conn->state = BT_CLOSED;
1587 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1588 mgmt_disconnected(hdev->id, &conn->dst);
1590 hci_proto_disconn_cfm(conn, ev->reason);
1594 hci_dev_unlock(hdev);
1597 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1599 struct hci_ev_auth_complete *ev = (void *) skb->data;
1600 struct hci_conn *conn;
1602 BT_DBG("%s status %d", hdev->name, ev->status);
1606 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1611 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1612 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1613 BT_INFO("re-auth of legacy device is not possible.");
1615 conn->link_mode |= HCI_LM_AUTH;
1616 conn->sec_level = conn->pending_sec_level;
1619 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1622 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1623 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1625 if (conn->state == BT_CONFIG) {
1626 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1627 struct hci_cp_set_conn_encrypt cp;
1628 cp.handle = ev->handle;
1630 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1633 conn->state = BT_CONNECTED;
1634 hci_proto_connect_cfm(conn, ev->status);
1638 hci_auth_cfm(conn, ev->status);
1640 hci_conn_hold(conn);
1641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1645 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1647 struct hci_cp_set_conn_encrypt cp;
1648 cp.handle = ev->handle;
1650 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1653 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1654 hci_encrypt_cfm(conn, ev->status, 0x00);
1659 hci_dev_unlock(hdev);
1662 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1664 struct hci_ev_remote_name *ev = (void *) skb->data;
1665 struct hci_conn *conn;
1667 BT_DBG("%s", hdev->name);
1669 hci_conn_check_pending(hdev);
1673 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1674 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1680 if (!hci_outgoing_auth_needed(hdev, conn))
1683 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1684 struct hci_cp_auth_requested cp;
1685 cp.handle = __cpu_to_le16(conn->handle);
1686 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1690 hci_dev_unlock(hdev);
1693 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1695 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1696 struct hci_conn *conn;
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1706 /* Encryption implies authentication */
1707 conn->link_mode |= HCI_LM_AUTH;
1708 conn->link_mode |= HCI_LM_ENCRYPT;
1709 conn->sec_level = conn->pending_sec_level;
1711 conn->link_mode &= ~HCI_LM_ENCRYPT;
1714 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1716 if (conn->state == BT_CONFIG) {
1718 conn->state = BT_CONNECTED;
1720 hci_proto_connect_cfm(conn, ev->status);
1723 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1726 hci_dev_unlock(hdev);
1729 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1732 struct hci_conn *conn;
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1741 conn->link_mode |= HCI_LM_SECURE;
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1745 hci_key_change_cfm(conn, ev->status);
1748 hci_dev_unlock(hdev);
1751 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1753 struct hci_ev_remote_features *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1756 BT_DBG("%s status %d", hdev->name, ev->status);
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1765 memcpy(conn->features, ev->features, 8);
1767 if (conn->state != BT_CONFIG)
1770 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1771 struct hci_cp_read_remote_ext_features cp;
1772 cp.handle = ev->handle;
1774 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1780 struct hci_cp_remote_name_req cp;
1781 memset(&cp, 0, sizeof(cp));
1782 bacpy(&cp.bdaddr, &conn->dst);
1783 cp.pscan_rep_mode = 0x02;
1784 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1787 if (!hci_outgoing_auth_needed(hdev, conn)) {
1788 conn->state = BT_CONNECTED;
1789 hci_proto_connect_cfm(conn, ev->status);
1794 hci_dev_unlock(hdev);
1797 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1799 BT_DBG("%s", hdev->name);
1802 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1804 BT_DBG("%s", hdev->name);
1807 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1809 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1812 skb_pull(skb, sizeof(*ev));
1814 opcode = __le16_to_cpu(ev->opcode);
1817 case HCI_OP_INQUIRY_CANCEL:
1818 hci_cc_inquiry_cancel(hdev, skb);
1821 case HCI_OP_EXIT_PERIODIC_INQ:
1822 hci_cc_exit_periodic_inq(hdev, skb);
1825 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1826 hci_cc_remote_name_req_cancel(hdev, skb);
1829 case HCI_OP_ROLE_DISCOVERY:
1830 hci_cc_role_discovery(hdev, skb);
1833 case HCI_OP_READ_LINK_POLICY:
1834 hci_cc_read_link_policy(hdev, skb);
1837 case HCI_OP_WRITE_LINK_POLICY:
1838 hci_cc_write_link_policy(hdev, skb);
1841 case HCI_OP_READ_DEF_LINK_POLICY:
1842 hci_cc_read_def_link_policy(hdev, skb);
1845 case HCI_OP_WRITE_DEF_LINK_POLICY:
1846 hci_cc_write_def_link_policy(hdev, skb);
1850 hci_cc_reset(hdev, skb);
1853 case HCI_OP_WRITE_LOCAL_NAME:
1854 hci_cc_write_local_name(hdev, skb);
1857 case HCI_OP_READ_LOCAL_NAME:
1858 hci_cc_read_local_name(hdev, skb);
1861 case HCI_OP_WRITE_AUTH_ENABLE:
1862 hci_cc_write_auth_enable(hdev, skb);
1865 case HCI_OP_WRITE_ENCRYPT_MODE:
1866 hci_cc_write_encrypt_mode(hdev, skb);
1869 case HCI_OP_WRITE_SCAN_ENABLE:
1870 hci_cc_write_scan_enable(hdev, skb);
1873 case HCI_OP_READ_CLASS_OF_DEV:
1874 hci_cc_read_class_of_dev(hdev, skb);
1877 case HCI_OP_WRITE_CLASS_OF_DEV:
1878 hci_cc_write_class_of_dev(hdev, skb);
1881 case HCI_OP_READ_VOICE_SETTING:
1882 hci_cc_read_voice_setting(hdev, skb);
1885 case HCI_OP_WRITE_VOICE_SETTING:
1886 hci_cc_write_voice_setting(hdev, skb);
1889 case HCI_OP_HOST_BUFFER_SIZE:
1890 hci_cc_host_buffer_size(hdev, skb);
1893 case HCI_OP_READ_SSP_MODE:
1894 hci_cc_read_ssp_mode(hdev, skb);
1897 case HCI_OP_WRITE_SSP_MODE:
1898 hci_cc_write_ssp_mode(hdev, skb);
1901 case HCI_OP_READ_LOCAL_VERSION:
1902 hci_cc_read_local_version(hdev, skb);
1905 case HCI_OP_READ_LOCAL_COMMANDS:
1906 hci_cc_read_local_commands(hdev, skb);
1909 case HCI_OP_READ_LOCAL_FEATURES:
1910 hci_cc_read_local_features(hdev, skb);
1913 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1914 hci_cc_read_local_ext_features(hdev, skb);
1917 case HCI_OP_READ_BUFFER_SIZE:
1918 hci_cc_read_buffer_size(hdev, skb);
1921 case HCI_OP_READ_BD_ADDR:
1922 hci_cc_read_bd_addr(hdev, skb);
1925 case HCI_OP_WRITE_CA_TIMEOUT:
1926 hci_cc_write_ca_timeout(hdev, skb);
1929 case HCI_OP_READ_LOCAL_AMP_INFO:
1930 hci_cc_read_local_amp_info(hdev, skb);
1933 case HCI_OP_DELETE_STORED_LINK_KEY:
1934 hci_cc_delete_stored_link_key(hdev, skb);
1937 case HCI_OP_SET_EVENT_MASK:
1938 hci_cc_set_event_mask(hdev, skb);
1941 case HCI_OP_WRITE_INQUIRY_MODE:
1942 hci_cc_write_inquiry_mode(hdev, skb);
1945 case HCI_OP_READ_INQ_RSP_TX_POWER:
1946 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1949 case HCI_OP_SET_EVENT_FLT:
1950 hci_cc_set_event_flt(hdev, skb);
1953 case HCI_OP_PIN_CODE_REPLY:
1954 hci_cc_pin_code_reply(hdev, skb);
1957 case HCI_OP_PIN_CODE_NEG_REPLY:
1958 hci_cc_pin_code_neg_reply(hdev, skb);
1961 case HCI_OP_READ_LOCAL_OOB_DATA:
1962 hci_cc_read_local_oob_data_reply(hdev, skb);
1965 case HCI_OP_LE_READ_BUFFER_SIZE:
1966 hci_cc_le_read_buffer_size(hdev, skb);
1969 case HCI_OP_USER_CONFIRM_REPLY:
1970 hci_cc_user_confirm_reply(hdev, skb);
1973 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1974 hci_cc_user_confirm_neg_reply(hdev, skb);
1977 case HCI_OP_LE_SET_SCAN_ENABLE:
1978 hci_cc_le_set_scan_enable(hdev, skb);
1981 case HCI_OP_LE_LTK_REPLY:
1982 hci_cc_le_ltk_reply(hdev, skb);
1985 case HCI_OP_LE_LTK_NEG_REPLY:
1986 hci_cc_le_ltk_neg_reply(hdev, skb);
1989 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1990 hci_cc_write_le_host_supported(hdev, skb);
1994 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1998 if (ev->opcode != HCI_OP_NOP)
1999 del_timer(&hdev->cmd_timer);
2002 atomic_set(&hdev->cmd_cnt, 1);
2003 if (!skb_queue_empty(&hdev->cmd_q))
2004 tasklet_schedule(&hdev->cmd_task);
2008 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2010 struct hci_ev_cmd_status *ev = (void *) skb->data;
2013 skb_pull(skb, sizeof(*ev));
2015 opcode = __le16_to_cpu(ev->opcode);
2018 case HCI_OP_INQUIRY:
2019 hci_cs_inquiry(hdev, ev->status);
2022 case HCI_OP_CREATE_CONN:
2023 hci_cs_create_conn(hdev, ev->status);
2026 case HCI_OP_ADD_SCO:
2027 hci_cs_add_sco(hdev, ev->status);
2030 case HCI_OP_AUTH_REQUESTED:
2031 hci_cs_auth_requested(hdev, ev->status);
2034 case HCI_OP_SET_CONN_ENCRYPT:
2035 hci_cs_set_conn_encrypt(hdev, ev->status);
2038 case HCI_OP_REMOTE_NAME_REQ:
2039 hci_cs_remote_name_req(hdev, ev->status);
2042 case HCI_OP_READ_REMOTE_FEATURES:
2043 hci_cs_read_remote_features(hdev, ev->status);
2046 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2047 hci_cs_read_remote_ext_features(hdev, ev->status);
2050 case HCI_OP_SETUP_SYNC_CONN:
2051 hci_cs_setup_sync_conn(hdev, ev->status);
2054 case HCI_OP_SNIFF_MODE:
2055 hci_cs_sniff_mode(hdev, ev->status);
2058 case HCI_OP_EXIT_SNIFF_MODE:
2059 hci_cs_exit_sniff_mode(hdev, ev->status);
2062 case HCI_OP_DISCONNECT:
2063 if (ev->status != 0)
2064 mgmt_disconnect_failed(hdev->id);
2067 case HCI_OP_LE_CREATE_CONN:
2068 hci_cs_le_create_conn(hdev, ev->status);
2071 case HCI_OP_LE_START_ENC:
2072 hci_cs_le_start_enc(hdev, ev->status);
2076 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2080 if (ev->opcode != HCI_OP_NOP)
2081 del_timer(&hdev->cmd_timer);
2083 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2084 atomic_set(&hdev->cmd_cnt, 1);
2085 if (!skb_queue_empty(&hdev->cmd_q))
2086 tasklet_schedule(&hdev->cmd_task);
2090 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2092 struct hci_ev_role_change *ev = (void *) skb->data;
2093 struct hci_conn *conn;
2095 BT_DBG("%s status %d", hdev->name, ev->status);
2099 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2103 conn->link_mode &= ~HCI_LM_MASTER;
2105 conn->link_mode |= HCI_LM_MASTER;
2108 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2110 hci_role_switch_cfm(conn, ev->status, ev->role);
2113 hci_dev_unlock(hdev);
2116 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2118 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2122 skb_pull(skb, sizeof(*ev));
2124 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2126 if (skb->len < ev->num_hndl * 4) {
2127 BT_DBG("%s bad parameters", hdev->name);
2131 tasklet_disable(&hdev->tx_task);
2133 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2134 struct hci_conn *conn;
2135 __u16 handle, count;
2137 handle = get_unaligned_le16(ptr++);
2138 count = get_unaligned_le16(ptr++);
2140 conn = hci_conn_hash_lookup_handle(hdev, handle);
2142 conn->sent -= count;
2144 if (conn->type == ACL_LINK) {
2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
2147 hdev->acl_cnt = hdev->acl_pkts;
2148 } else if (conn->type == LE_LINK) {
2149 if (hdev->le_pkts) {
2150 hdev->le_cnt += count;
2151 if (hdev->le_cnt > hdev->le_pkts)
2152 hdev->le_cnt = hdev->le_pkts;
2154 hdev->acl_cnt += count;
2155 if (hdev->acl_cnt > hdev->acl_pkts)
2156 hdev->acl_cnt = hdev->acl_pkts;
2159 hdev->sco_cnt += count;
2160 if (hdev->sco_cnt > hdev->sco_pkts)
2161 hdev->sco_cnt = hdev->sco_pkts;
2166 tasklet_schedule(&hdev->tx_task);
2168 tasklet_enable(&hdev->tx_task);
2171 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2173 struct hci_ev_mode_change *ev = (void *) skb->data;
2174 struct hci_conn *conn;
2176 BT_DBG("%s status %d", hdev->name, ev->status);
2180 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2182 conn->mode = ev->mode;
2183 conn->interval = __le16_to_cpu(ev->interval);
2185 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2186 if (conn->mode == HCI_CM_ACTIVE)
2187 conn->power_save = 1;
2189 conn->power_save = 0;
2192 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2193 hci_sco_setup(conn, ev->status);
2196 hci_dev_unlock(hdev);
2199 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2201 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2202 struct hci_conn *conn;
2204 BT_DBG("%s", hdev->name);
2208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2212 if (conn->state == BT_CONNECTED) {
2213 hci_conn_hold(conn);
2214 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2218 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2219 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2220 sizeof(ev->bdaddr), &ev->bdaddr);
2221 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2224 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2229 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2233 hci_dev_unlock(hdev);
2236 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2238 struct hci_ev_link_key_req *ev = (void *) skb->data;
2239 struct hci_cp_link_key_reply cp;
2240 struct hci_conn *conn;
2241 struct link_key *key;
2243 BT_DBG("%s", hdev->name);
2245 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2250 key = hci_find_link_key(hdev, &ev->bdaddr);
2252 BT_DBG("%s link key not found for %s", hdev->name,
2253 batostr(&ev->bdaddr));
2257 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2258 batostr(&ev->bdaddr));
2260 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2261 key->type == HCI_LK_DEBUG_COMBINATION) {
2262 BT_DBG("%s ignoring debug key", hdev->name);
2266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2268 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2269 conn->auth_type != 0xff &&
2270 (conn->auth_type & 0x01)) {
2271 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2275 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2276 conn->pending_sec_level == BT_SECURITY_HIGH) {
2277 BT_DBG("%s ignoring key unauthenticated for high \
2278 security", hdev->name);
2282 conn->key_type = key->type;
2283 conn->pin_length = key->pin_len;
2286 bacpy(&cp.bdaddr, &ev->bdaddr);
2287 memcpy(cp.link_key, key->val, 16);
2289 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2291 hci_dev_unlock(hdev);
2296 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2297 hci_dev_unlock(hdev);
2300 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2302 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2303 struct hci_conn *conn;
2306 BT_DBG("%s", hdev->name);
2310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2312 hci_conn_hold(conn);
2313 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2314 pin_len = conn->pin_length;
2316 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2317 conn->key_type = ev->key_type;
2322 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2323 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2324 ev->key_type, pin_len);
2326 hci_dev_unlock(hdev);
2329 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2331 struct hci_ev_clock_offset *ev = (void *) skb->data;
2332 struct hci_conn *conn;
2334 BT_DBG("%s status %d", hdev->name, ev->status);
2338 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2339 if (conn && !ev->status) {
2340 struct inquiry_entry *ie;
2342 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2344 ie->data.clock_offset = ev->clock_offset;
2345 ie->timestamp = jiffies;
2349 hci_dev_unlock(hdev);
2352 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2354 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2355 struct hci_conn *conn;
2357 BT_DBG("%s status %d", hdev->name, ev->status);
2361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2362 if (conn && !ev->status)
2363 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2365 hci_dev_unlock(hdev);
2368 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2370 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2371 struct inquiry_entry *ie;
2373 BT_DBG("%s", hdev->name);
2377 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2379 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2380 ie->timestamp = jiffies;
2383 hci_dev_unlock(hdev);
2386 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2388 struct inquiry_data data;
2389 int num_rsp = *((__u8 *) skb->data);
2391 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2398 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2400 if (test_bit(HCI_MGMT, &hdev->flags))
2401 mgmt_discovering(hdev->id, 1);
2404 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2405 struct inquiry_info_with_rssi_and_pscan_mode *info;
2406 info = (void *) (skb->data + 1);
2408 for (; num_rsp; num_rsp--, info++) {
2409 bacpy(&data.bdaddr, &info->bdaddr);
2410 data.pscan_rep_mode = info->pscan_rep_mode;
2411 data.pscan_period_mode = info->pscan_period_mode;
2412 data.pscan_mode = info->pscan_mode;
2413 memcpy(data.dev_class, info->dev_class, 3);
2414 data.clock_offset = info->clock_offset;
2415 data.rssi = info->rssi;
2416 data.ssp_mode = 0x00;
2417 hci_inquiry_cache_update(hdev, &data);
2418 mgmt_device_found(hdev->id, &info->bdaddr,
2419 info->dev_class, info->rssi,
2423 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2425 for (; num_rsp; num_rsp--, info++) {
2426 bacpy(&data.bdaddr, &info->bdaddr);
2427 data.pscan_rep_mode = info->pscan_rep_mode;
2428 data.pscan_period_mode = info->pscan_period_mode;
2429 data.pscan_mode = 0x00;
2430 memcpy(data.dev_class, info->dev_class, 3);
2431 data.clock_offset = info->clock_offset;
2432 data.rssi = info->rssi;
2433 data.ssp_mode = 0x00;
2434 hci_inquiry_cache_update(hdev, &data);
2435 mgmt_device_found(hdev->id, &info->bdaddr,
2436 info->dev_class, info->rssi,
2441 hci_dev_unlock(hdev);
2444 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2446 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2447 struct hci_conn *conn;
2449 BT_DBG("%s", hdev->name);
2453 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2457 if (!ev->status && ev->page == 0x01) {
2458 struct inquiry_entry *ie;
2460 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2462 ie->data.ssp_mode = (ev->features[0] & 0x01);
2464 conn->ssp_mode = (ev->features[0] & 0x01);
2467 if (conn->state != BT_CONFIG)
2471 struct hci_cp_remote_name_req cp;
2472 memset(&cp, 0, sizeof(cp));
2473 bacpy(&cp.bdaddr, &conn->dst);
2474 cp.pscan_rep_mode = 0x02;
2475 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2478 if (!hci_outgoing_auth_needed(hdev, conn)) {
2479 conn->state = BT_CONNECTED;
2480 hci_proto_connect_cfm(conn, ev->status);
2485 hci_dev_unlock(hdev);
2488 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2490 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2491 struct hci_conn *conn;
2493 BT_DBG("%s status %d", hdev->name, ev->status);
2497 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2499 if (ev->link_type == ESCO_LINK)
2502 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2506 conn->type = SCO_LINK;
2509 switch (ev->status) {
2511 conn->handle = __le16_to_cpu(ev->handle);
2512 conn->state = BT_CONNECTED;
2514 hci_conn_hold_device(conn);
2515 hci_conn_add_sysfs(conn);
2518 case 0x11: /* Unsupported Feature or Parameter Value */
2519 case 0x1c: /* SCO interval rejected */
2520 case 0x1a: /* Unsupported Remote Feature */
2521 case 0x1f: /* Unspecified error */
2522 if (conn->out && conn->attempt < 2) {
2523 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2524 (hdev->esco_type & EDR_ESCO_MASK);
2525 hci_setup_sync(conn, conn->link->handle);
2531 conn->state = BT_CLOSED;
2535 hci_proto_connect_cfm(conn, ev->status);
2540 hci_dev_unlock(hdev);
2543 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2545 BT_DBG("%s", hdev->name);
2548 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2550 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2552 BT_DBG("%s status %d", hdev->name, ev->status);
2555 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2557 struct inquiry_data data;
2558 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2559 int num_rsp = *((__u8 *) skb->data);
2561 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2566 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2568 if (test_bit(HCI_MGMT, &hdev->flags))
2569 mgmt_discovering(hdev->id, 1);
2574 for (; num_rsp; num_rsp--, info++) {
2575 bacpy(&data.bdaddr, &info->bdaddr);
2576 data.pscan_rep_mode = info->pscan_rep_mode;
2577 data.pscan_period_mode = info->pscan_period_mode;
2578 data.pscan_mode = 0x00;
2579 memcpy(data.dev_class, info->dev_class, 3);
2580 data.clock_offset = info->clock_offset;
2581 data.rssi = info->rssi;
2582 data.ssp_mode = 0x01;
2583 hci_inquiry_cache_update(hdev, &data);
2584 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2585 info->rssi, info->data);
2588 hci_dev_unlock(hdev);
2591 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2593 /* If remote requests dedicated bonding follow that lead */
2594 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2595 /* If both remote and local IO capabilities allow MITM
2596 * protection then require it, otherwise don't */
2597 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2603 /* If remote requests no-bonding follow that lead */
2604 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2605 return conn->remote_auth | (conn->auth_type & 0x01);
2607 return conn->auth_type;
2610 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2612 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2613 struct hci_conn *conn;
2615 BT_DBG("%s", hdev->name);
2619 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2623 hci_conn_hold(conn);
2625 if (!test_bit(HCI_MGMT, &hdev->flags))
2628 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2629 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2630 struct hci_cp_io_capability_reply cp;
2632 bacpy(&cp.bdaddr, &ev->bdaddr);
2633 cp.capability = conn->io_capability;
2634 conn->auth_type = hci_get_auth_req(conn);
2635 cp.authentication = conn->auth_type;
2637 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2638 hci_find_remote_oob_data(hdev, &conn->dst))
2643 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2646 struct hci_cp_io_capability_neg_reply cp;
2648 bacpy(&cp.bdaddr, &ev->bdaddr);
2649 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2651 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2656 hci_dev_unlock(hdev);
2659 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2661 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2662 struct hci_conn *conn;
2664 BT_DBG("%s", hdev->name);
2668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2672 conn->remote_cap = ev->capability;
2673 conn->remote_oob = ev->oob_data;
2674 conn->remote_auth = ev->authentication;
2677 hci_dev_unlock(hdev);
2680 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2681 struct sk_buff *skb)
2683 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2684 int loc_mitm, rem_mitm, confirm_hint = 0;
2685 struct hci_conn *conn;
2687 BT_DBG("%s", hdev->name);
2691 if (!test_bit(HCI_MGMT, &hdev->flags))
2694 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2698 loc_mitm = (conn->auth_type & 0x01);
2699 rem_mitm = (conn->remote_auth & 0x01);
2701 /* If we require MITM but the remote device can't provide that
2702 * (it has NoInputNoOutput) then reject the confirmation
2703 * request. The only exception is when we're dedicated bonding
2704 * initiators (connect_cfm_cb set) since then we always have the MITM
2706 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2707 BT_DBG("Rejecting request: remote device can't provide MITM");
2708 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2709 sizeof(ev->bdaddr), &ev->bdaddr);
2713 /* If no side requires MITM protection; auto-accept */
2714 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2715 (!rem_mitm || conn->io_capability == 0x03)) {
2717 /* If we're not the initiators request authorization to
2718 * proceed from user space (mgmt_user_confirm with
2719 * confirm_hint set to 1). */
2720 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2721 BT_DBG("Confirming auto-accept as acceptor");
2726 BT_DBG("Auto-accept of user confirmation with %ums delay",
2727 hdev->auto_accept_delay);
2729 if (hdev->auto_accept_delay > 0) {
2730 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2731 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2735 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2736 sizeof(ev->bdaddr), &ev->bdaddr);
2741 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2745 hci_dev_unlock(hdev);
2748 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2750 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2751 struct hci_conn *conn;
2753 BT_DBG("%s", hdev->name);
2757 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2761 /* To avoid duplicate auth_failed events to user space we check
2762 * the HCI_CONN_AUTH_PEND flag which will be set if we
2763 * initiated the authentication. A traditional auth_complete
2764 * event gets always produced as initiator and is also mapped to
2765 * the mgmt_auth_failed event */
2766 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2767 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2772 hci_dev_unlock(hdev);
2775 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2777 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2778 struct inquiry_entry *ie;
2780 BT_DBG("%s", hdev->name);
2784 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2786 ie->data.ssp_mode = (ev->features[0] & 0x01);
2788 hci_dev_unlock(hdev);
2791 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2792 struct sk_buff *skb)
2794 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2795 struct oob_data *data;
2797 BT_DBG("%s", hdev->name);
2801 if (!test_bit(HCI_MGMT, &hdev->flags))
2804 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2806 struct hci_cp_remote_oob_data_reply cp;
2808 bacpy(&cp.bdaddr, &ev->bdaddr);
2809 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2810 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2812 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2815 struct hci_cp_remote_oob_data_neg_reply cp;
2817 bacpy(&cp.bdaddr, &ev->bdaddr);
2818 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2823 hci_dev_unlock(hdev);
2826 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2828 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2829 struct hci_conn *conn;
2831 BT_DBG("%s status %d", hdev->name, ev->status);
2835 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2837 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2839 BT_ERR("No memory for new connection");
2840 hci_dev_unlock(hdev);
2844 conn->dst_type = ev->bdaddr_type;
2848 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2849 hci_proto_connect_cfm(conn, ev->status);
2850 conn->state = BT_CLOSED;
2855 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
2857 conn->sec_level = BT_SECURITY_LOW;
2858 conn->handle = __le16_to_cpu(ev->handle);
2859 conn->state = BT_CONNECTED;
2861 hci_conn_hold_device(conn);
2862 hci_conn_add_sysfs(conn);
2864 hci_proto_connect_cfm(conn, ev->status);
2867 hci_dev_unlock(hdev);
2870 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2871 struct sk_buff *skb)
2873 u8 num_reports = skb->data[0];
2874 void *ptr = &skb->data[1];
2878 while (num_reports--) {
2879 struct hci_ev_le_advertising_info *ev = ptr;
2881 hci_add_adv_entry(hdev, ev);
2883 ptr += sizeof(*ev) + ev->length + 1;
2886 hci_dev_unlock(hdev);
2889 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2890 struct sk_buff *skb)
2892 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2893 struct hci_cp_le_ltk_reply cp;
2894 struct hci_cp_le_ltk_neg_reply neg;
2895 struct hci_conn *conn;
2896 struct link_key *ltk;
2898 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2902 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2906 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2910 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2911 cp.handle = cpu_to_le16(conn->handle);
2912 conn->pin_length = ltk->pin_len;
2914 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2916 hci_dev_unlock(hdev);
2921 neg.handle = ev->handle;
2922 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2923 hci_dev_unlock(hdev);
2926 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2928 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2930 skb_pull(skb, sizeof(*le_ev));
2932 switch (le_ev->subevent) {
2933 case HCI_EV_LE_CONN_COMPLETE:
2934 hci_le_conn_complete_evt(hdev, skb);
2937 case HCI_EV_LE_ADVERTISING_REPORT:
2938 hci_le_adv_report_evt(hdev, skb);
2941 case HCI_EV_LE_LTK_REQ:
2942 hci_le_ltk_request_evt(hdev, skb);
2950 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2952 struct hci_event_hdr *hdr = (void *) skb->data;
2953 __u8 event = hdr->evt;
2955 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2958 case HCI_EV_INQUIRY_COMPLETE:
2959 hci_inquiry_complete_evt(hdev, skb);
2962 case HCI_EV_INQUIRY_RESULT:
2963 hci_inquiry_result_evt(hdev, skb);
2966 case HCI_EV_CONN_COMPLETE:
2967 hci_conn_complete_evt(hdev, skb);
2970 case HCI_EV_CONN_REQUEST:
2971 hci_conn_request_evt(hdev, skb);
2974 case HCI_EV_DISCONN_COMPLETE:
2975 hci_disconn_complete_evt(hdev, skb);
2978 case HCI_EV_AUTH_COMPLETE:
2979 hci_auth_complete_evt(hdev, skb);
2982 case HCI_EV_REMOTE_NAME:
2983 hci_remote_name_evt(hdev, skb);
2986 case HCI_EV_ENCRYPT_CHANGE:
2987 hci_encrypt_change_evt(hdev, skb);
2990 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2991 hci_change_link_key_complete_evt(hdev, skb);
2994 case HCI_EV_REMOTE_FEATURES:
2995 hci_remote_features_evt(hdev, skb);
2998 case HCI_EV_REMOTE_VERSION:
2999 hci_remote_version_evt(hdev, skb);
3002 case HCI_EV_QOS_SETUP_COMPLETE:
3003 hci_qos_setup_complete_evt(hdev, skb);
3006 case HCI_EV_CMD_COMPLETE:
3007 hci_cmd_complete_evt(hdev, skb);
3010 case HCI_EV_CMD_STATUS:
3011 hci_cmd_status_evt(hdev, skb);
3014 case HCI_EV_ROLE_CHANGE:
3015 hci_role_change_evt(hdev, skb);
3018 case HCI_EV_NUM_COMP_PKTS:
3019 hci_num_comp_pkts_evt(hdev, skb);
3022 case HCI_EV_MODE_CHANGE:
3023 hci_mode_change_evt(hdev, skb);
3026 case HCI_EV_PIN_CODE_REQ:
3027 hci_pin_code_request_evt(hdev, skb);
3030 case HCI_EV_LINK_KEY_REQ:
3031 hci_link_key_request_evt(hdev, skb);
3034 case HCI_EV_LINK_KEY_NOTIFY:
3035 hci_link_key_notify_evt(hdev, skb);
3038 case HCI_EV_CLOCK_OFFSET:
3039 hci_clock_offset_evt(hdev, skb);
3042 case HCI_EV_PKT_TYPE_CHANGE:
3043 hci_pkt_type_change_evt(hdev, skb);
3046 case HCI_EV_PSCAN_REP_MODE:
3047 hci_pscan_rep_mode_evt(hdev, skb);
3050 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3051 hci_inquiry_result_with_rssi_evt(hdev, skb);
3054 case HCI_EV_REMOTE_EXT_FEATURES:
3055 hci_remote_ext_features_evt(hdev, skb);
3058 case HCI_EV_SYNC_CONN_COMPLETE:
3059 hci_sync_conn_complete_evt(hdev, skb);
3062 case HCI_EV_SYNC_CONN_CHANGED:
3063 hci_sync_conn_changed_evt(hdev, skb);
3066 case HCI_EV_SNIFF_SUBRATE:
3067 hci_sniff_subrate_evt(hdev, skb);
3070 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3071 hci_extended_inquiry_result_evt(hdev, skb);
3074 case HCI_EV_IO_CAPA_REQUEST:
3075 hci_io_capa_request_evt(hdev, skb);
3078 case HCI_EV_IO_CAPA_REPLY:
3079 hci_io_capa_reply_evt(hdev, skb);
3082 case HCI_EV_USER_CONFIRM_REQUEST:
3083 hci_user_confirm_request_evt(hdev, skb);
3086 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3087 hci_simple_pair_complete_evt(hdev, skb);
3090 case HCI_EV_REMOTE_HOST_FEATURES:
3091 hci_remote_host_features_evt(hdev, skb);
3094 case HCI_EV_LE_META:
3095 hci_le_meta_evt(hdev, skb);
3098 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3099 hci_remote_oob_data_request_evt(hdev, skb);
3103 BT_DBG("%s event 0x%x", hdev->name, event);
3108 hdev->stat.evt_rx++;
3111 /* Generate internal stack event */
3112 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3114 struct hci_event_hdr *hdr;
3115 struct hci_ev_stack_internal *ev;
3116 struct sk_buff *skb;
3118 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3122 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3123 hdr->evt = HCI_EV_STACK_INTERNAL;
3124 hdr->plen = sizeof(*ev) + dlen;
3126 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3128 memcpy(ev->data, data, dlen);
3130 bt_cb(skb)->incoming = 1;
3131 __net_timestamp(skb);
3133 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3134 skb->dev = (void *) hdev;
3135 hci_send_to_sock(hdev, skb, NULL);
3139 module_param(enable_le, bool, 0644);
3140 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / karo-tx-linux.git / blob