2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <asm/system.h>
41 #include <linux/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
47 /* Handle HCI Event packets */
49 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
51 __u8 status = *((__u8 *) skb->data);
53 BT_DBG("%s status 0x%x", hdev->name, status);
57 mgmt_stop_discovery_failed(hdev, status);
62 clear_bit(HCI_INQUIRY, &hdev->flags);
65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
70 hci_conn_check_pending(hdev);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%x", hdev->name, status);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
87 BT_DBG("%s", hdev->name);
90 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
95 BT_DBG("%s status 0x%x", hdev->name, rp->status);
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
105 conn->link_mode &= ~HCI_LM_MASTER;
107 conn->link_mode |= HCI_LM_MASTER;
110 hci_dev_unlock(hdev);
113 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
127 conn->link_policy = __le16_to_cpu(rp->policy);
129 hci_dev_unlock(hdev);
132 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
135 struct hci_conn *conn;
138 BT_DBG("%s status 0x%x", hdev->name, rp->status);
143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
151 conn->link_policy = get_unaligned_le16(sent + 2);
153 hci_dev_unlock(hdev);
156 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
165 hdev->link_policy = __le16_to_cpu(rp->policy);
168 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
170 __u8 status = *((__u8 *) skb->data);
173 BT_DBG("%s status 0x%x", hdev->name, status);
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
180 hdev->link_policy = get_unaligned_le16(sent);
182 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
185 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
187 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%x", hdev->name, status);
191 clear_bit(HCI_RESET, &hdev->flags);
193 hci_req_complete(hdev, HCI_OP_RESET, status);
195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN));
198 hdev->discovery.state = DISCOVERY_STOPPED;
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
219 hci_dev_unlock(hdev);
222 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
224 struct hci_rp_read_local_name *rp = (void *) skb->data;
226 BT_DBG("%s status 0x%x", hdev->name, rp->status);
231 if (test_bit(HCI_SETUP, &hdev->dev_flags))
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237 __u8 status = *((__u8 *) skb->data);
240 BT_DBG("%s status 0x%x", hdev->name, status);
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 __u8 param = *((__u8 *) sent);
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
252 clear_bit(HCI_AUTH, &hdev->flags);
255 if (test_bit(HCI_MGMT, &hdev->dev_flags))
256 mgmt_auth_enable_complete(hdev, status);
258 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
261 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
263 __u8 status = *((__u8 *) skb->data);
266 BT_DBG("%s status 0x%x", hdev->name, status);
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 __u8 param = *((__u8 *) sent);
276 set_bit(HCI_ENCRYPT, &hdev->flags);
278 clear_bit(HCI_ENCRYPT, &hdev->flags);
281 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
307 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
309 if (param & SCAN_INQUIRY) {
310 set_bit(HCI_ISCAN, &hdev->flags);
312 mgmt_discoverable(hdev, 1);
313 if (hdev->discov_timeout > 0) {
314 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
315 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
330 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
333 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
335 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
337 BT_DBG("%s status 0x%x", hdev->name, rp->status);
342 memcpy(hdev->dev_class, rp->dev_class, 3);
344 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
345 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
348 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
350 __u8 status = *((__u8 *) skb->data);
353 BT_DBG("%s status 0x%x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 memcpy(hdev->dev_class, sent, 3);
364 if (test_bit(HCI_MGMT, &hdev->dev_flags))
365 mgmt_set_class_of_dev_complete(hdev, sent, status);
367 hci_dev_unlock(hdev);
370 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
372 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
375 BT_DBG("%s status 0x%x", hdev->name, rp->status);
380 setting = __le16_to_cpu(rp->voice_setting);
382 if (hdev->voice_setting == setting)
385 hdev->voice_setting = setting;
387 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
390 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
393 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
423 __u8 status = *((__u8 *) skb->data);
425 BT_DBG("%s status 0x%x", hdev->name, status);
427 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
430 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
432 __u8 status = *((__u8 *) skb->data);
435 BT_DBG("%s status 0x%x", hdev->name, status);
437 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
442 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
549 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 if (hdev->dev_type != HCI_BREDR)
562 hci_setup_event_mask(hdev);
564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
568 test_bit(HCI_MGMT, &hdev->dev_flags)) {
569 struct hci_cp_write_local_name cp;
571 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
572 hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
576 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
578 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
579 sizeof(mode), &mode);
581 struct hci_cp_write_eir cp;
583 memset(hdev->eir, 0, sizeof(hdev->eir));
584 memset(&cp, 0, sizeof(cp));
586 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 if (hdev->features[3] & LMP_RSSI_INQ)
591 hci_setup_inquiry_mode(hdev);
593 if (hdev->features[7] & LMP_INQ_TX_PWR)
594 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
596 if (hdev->features[7] & LMP_EXTFEATURES) {
597 struct hci_cp_read_local_ext_features cp;
600 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
604 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
606 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
607 sizeof(enable), &enable);
610 if (hdev->features[4] & LMP_LE)
611 hci_set_le_support(hdev);
614 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
616 struct hci_rp_read_local_version *rp = (void *) skb->data;
618 BT_DBG("%s status 0x%x", hdev->name, rp->status);
623 hdev->hci_ver = rp->hci_ver;
624 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
625 hdev->lmp_ver = rp->lmp_ver;
626 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
627 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
629 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
631 hdev->hci_ver, hdev->hci_rev);
633 if (test_bit(HCI_INIT, &hdev->flags))
637 static void hci_setup_link_policy(struct hci_dev *hdev)
641 if (hdev->features[0] & LMP_RSWITCH)
642 link_policy |= HCI_LP_RSWITCH;
643 if (hdev->features[0] & LMP_HOLD)
644 link_policy |= HCI_LP_HOLD;
645 if (hdev->features[0] & LMP_SNIFF)
646 link_policy |= HCI_LP_SNIFF;
647 if (hdev->features[1] & LMP_PARK)
648 link_policy |= HCI_LP_PARK;
650 link_policy = cpu_to_le16(link_policy);
651 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
652 sizeof(link_policy), &link_policy);
655 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
657 struct hci_rp_read_local_commands *rp = (void *) skb->data;
659 BT_DBG("%s status 0x%x", hdev->name, rp->status);
664 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
666 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
667 hci_setup_link_policy(hdev);
670 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
673 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
675 struct hci_rp_read_local_features *rp = (void *) skb->data;
677 BT_DBG("%s status 0x%x", hdev->name, rp->status);
682 memcpy(hdev->features, rp->features, 8);
684 /* Adjust default settings according to features
685 * supported by device. */
687 if (hdev->features[0] & LMP_3SLOT)
688 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
690 if (hdev->features[0] & LMP_5SLOT)
691 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
693 if (hdev->features[1] & LMP_HV2) {
694 hdev->pkt_type |= (HCI_HV2);
695 hdev->esco_type |= (ESCO_HV2);
698 if (hdev->features[1] & LMP_HV3) {
699 hdev->pkt_type |= (HCI_HV3);
700 hdev->esco_type |= (ESCO_HV3);
703 if (hdev->features[3] & LMP_ESCO)
704 hdev->esco_type |= (ESCO_EV3);
706 if (hdev->features[4] & LMP_EV4)
707 hdev->esco_type |= (ESCO_EV4);
709 if (hdev->features[4] & LMP_EV5)
710 hdev->esco_type |= (ESCO_EV5);
712 if (hdev->features[5] & LMP_EDR_ESCO_2M)
713 hdev->esco_type |= (ESCO_2EV3);
715 if (hdev->features[5] & LMP_EDR_ESCO_3M)
716 hdev->esco_type |= (ESCO_3EV3);
718 if (hdev->features[5] & LMP_EDR_3S_ESCO)
719 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
721 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
722 hdev->features[0], hdev->features[1],
723 hdev->features[2], hdev->features[3],
724 hdev->features[4], hdev->features[5],
725 hdev->features[6], hdev->features[7]);
728 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
731 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
733 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740 memcpy(hdev->features, rp->features, 8);
743 memcpy(hdev->host_features, rp->features, 8);
747 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
750 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
753 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
755 BT_DBG("%s status 0x%x", hdev->name, rp->status);
760 hdev->flow_ctl_mode = rp->mode;
762 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
765 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
767 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
769 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
775 hdev->sco_mtu = rp->sco_mtu;
776 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
777 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
779 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
784 hdev->acl_cnt = hdev->acl_pkts;
785 hdev->sco_cnt = hdev->sco_pkts;
787 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
788 hdev->acl_mtu, hdev->acl_pkts,
789 hdev->sco_mtu, hdev->sco_pkts);
792 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
794 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
796 BT_DBG("%s status 0x%x", hdev->name, rp->status);
799 bacpy(&hdev->bdaddr, &rp->bdaddr);
801 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
804 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
809 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
815 hdev->block_len = __le16_to_cpu(rp->block_len);
816 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
818 hdev->block_cnt = hdev->num_blocks;
820 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
821 hdev->block_cnt, hdev->block_len);
823 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
826 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
828 __u8 status = *((__u8 *) skb->data);
830 BT_DBG("%s status 0x%x", hdev->name, status);
832 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
835 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
838 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
840 BT_DBG("%s status 0x%x", hdev->name, rp->status);
845 hdev->amp_status = rp->amp_status;
846 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
847 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
848 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
849 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
850 hdev->amp_type = rp->amp_type;
851 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
852 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
853 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
854 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
856 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
859 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
862 __u8 status = *((__u8 *) skb->data);
864 BT_DBG("%s status 0x%x", hdev->name, status);
866 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
869 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
871 __u8 status = *((__u8 *) skb->data);
873 BT_DBG("%s status 0x%x", hdev->name, status);
875 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
878 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
881 __u8 status = *((__u8 *) skb->data);
883 BT_DBG("%s status 0x%x", hdev->name, status);
885 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
888 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
891 __u8 status = *((__u8 *) skb->data);
893 BT_DBG("%s status 0x%x", hdev->name, status);
895 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
898 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
900 __u8 status = *((__u8 *) skb->data);
902 BT_DBG("%s status 0x%x", hdev->name, status);
904 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
907 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
909 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
910 struct hci_cp_pin_code_reply *cp;
911 struct hci_conn *conn;
913 BT_DBG("%s status 0x%x", hdev->name, rp->status);
917 if (test_bit(HCI_MGMT, &hdev->dev_flags))
918 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
923 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
927 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
929 conn->pin_length = cp->pin_len;
932 hci_dev_unlock(hdev);
935 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
937 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
943 if (test_bit(HCI_MGMT, &hdev->dev_flags))
944 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
947 hci_dev_unlock(hdev);
950 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
953 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
955 BT_DBG("%s status 0x%x", hdev->name, rp->status);
960 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
961 hdev->le_pkts = rp->le_max_pkt;
963 hdev->le_cnt = hdev->le_pkts;
965 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
967 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
970 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
979 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
988 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%x", hdev->name, rp->status);
994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
995 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
999 hci_dev_unlock(hdev);
1002 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1004 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1006 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1010 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1011 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1014 hci_dev_unlock(hdev);
1017 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1018 struct sk_buff *skb)
1020 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1022 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1027 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1031 hci_dev_unlock(hdev);
1034 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1035 struct sk_buff *skb)
1037 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1039 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1042 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1043 rp->randomizer, rp->status);
1044 hci_dev_unlock(hdev);
1047 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1049 __u8 status = *((__u8 *) skb->data);
1051 BT_DBG("%s status 0x%x", hdev->name, status);
1053 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1057 mgmt_start_discovery_failed(hdev, status);
1058 hci_dev_unlock(hdev);
1063 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_cp_le_set_scan_enable *cp;
1067 __u8 status = *((__u8 *) skb->data);
1069 BT_DBG("%s status 0x%x", hdev->name, status);
1071 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1075 switch (cp->enable) {
1076 case LE_SCANNING_ENABLED:
1077 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1081 mgmt_start_discovery_failed(hdev, status);
1082 hci_dev_unlock(hdev);
1086 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1088 cancel_delayed_work_sync(&hdev->adv_work);
1091 hci_adv_entries_clear(hdev);
1092 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1093 hci_dev_unlock(hdev);
1096 case LE_SCANNING_DISABLED:
1100 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1102 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1104 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1105 mgmt_interleaved_discovery(hdev);
1108 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1109 hci_dev_unlock(hdev);
1115 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1120 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1122 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1124 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1129 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1132 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1134 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1136 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1141 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1144 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1145 struct sk_buff *skb)
1147 struct hci_cp_read_local_ext_features cp;
1148 struct hci_cp_write_le_host_supported *sent;
1149 __u8 status = *((__u8 *) skb->data);
1151 BT_DBG("%s status 0x%x", hdev->name, status);
1153 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1154 if (sent && test_bit(HCI_MGMT, &hdev->dev_flags))
1155 mgmt_le_enable_complete(hdev, sent->le, status);
1161 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1164 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1166 BT_DBG("%s status 0x%x", hdev->name, status);
1169 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1170 hci_conn_check_pending(hdev);
1172 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1173 mgmt_start_discovery_failed(hdev, status);
1174 hci_dev_unlock(hdev);
1178 set_bit(HCI_INQUIRY, &hdev->flags);
1181 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1182 hci_dev_unlock(hdev);
1185 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1187 struct hci_cp_create_conn *cp;
1188 struct hci_conn *conn;
1190 BT_DBG("%s status 0x%x", hdev->name, status);
1192 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1198 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1200 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1203 if (conn && conn->state == BT_CONNECT) {
1204 if (status != 0x0c || conn->attempt > 2) {
1205 conn->state = BT_CLOSED;
1206 hci_proto_connect_cfm(conn, status);
1209 conn->state = BT_CONNECT2;
1213 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1216 conn->link_mode |= HCI_LM_MASTER;
1218 BT_ERR("No memory for new connection");
1222 hci_dev_unlock(hdev);
1225 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1227 struct hci_cp_add_sco *cp;
1228 struct hci_conn *acl, *sco;
1231 BT_DBG("%s status 0x%x", hdev->name, status);
1236 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1240 handle = __le16_to_cpu(cp->handle);
1242 BT_DBG("%s handle %d", hdev->name, handle);
1246 acl = hci_conn_hash_lookup_handle(hdev, handle);
1250 sco->state = BT_CLOSED;
1252 hci_proto_connect_cfm(sco, status);
1257 hci_dev_unlock(hdev);
1260 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1262 struct hci_cp_auth_requested *cp;
1263 struct hci_conn *conn;
1265 BT_DBG("%s status 0x%x", hdev->name, status);
1270 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1276 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1278 if (conn->state == BT_CONFIG) {
1279 hci_proto_connect_cfm(conn, status);
1284 hci_dev_unlock(hdev);
1287 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1289 struct hci_cp_set_conn_encrypt *cp;
1290 struct hci_conn *conn;
1292 BT_DBG("%s status 0x%x", hdev->name, status);
1297 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1303 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1305 if (conn->state == BT_CONFIG) {
1306 hci_proto_connect_cfm(conn, status);
1311 hci_dev_unlock(hdev);
1314 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1315 struct hci_conn *conn)
1317 if (conn->state != BT_CONFIG || !conn->out)
1320 if (conn->pending_sec_level == BT_SECURITY_SDP)
1323 /* Only request authentication for SSP connections or non-SSP
1324 * devices with sec_level HIGH or if MITM protection is requested */
1325 if (!hci_conn_ssp_enabled(conn) &&
1326 conn->pending_sec_level != BT_SECURITY_HIGH &&
1327 !(conn->auth_type & 0x01))
1333 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1335 struct hci_cp_remote_name_req cp;
1337 memset(&cp, 0, sizeof(cp));
1339 bacpy(&cp.bdaddr, &e->data.bdaddr);
1340 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1341 cp.pscan_mode = e->data.pscan_mode;
1342 cp.clock_offset = e->data.clock_offset;
1344 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1347 static bool hci_resolve_next_name(struct hci_dev *hdev)
1349 struct discovery_state *discov = &hdev->discovery;
1350 struct inquiry_entry *e;
1352 if (list_empty(&discov->resolve))
1355 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1356 if (hci_resolve_name(hdev, e) == 0) {
1357 e->name_state = NAME_PENDING;
1364 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1365 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1367 struct discovery_state *discov = &hdev->discovery;
1368 struct inquiry_entry *e;
1370 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1371 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0,
1372 name, name_len, conn->dev_class);
1374 if (discov->state == DISCOVERY_STOPPED)
1377 if (discov->state == DISCOVERY_STOPPING)
1378 goto discov_complete;
1380 if (discov->state != DISCOVERY_RESOLVING)
1383 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1385 e->name_state = NAME_KNOWN;
1388 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1389 e->data.rssi, name, name_len);
1392 if (hci_resolve_next_name(hdev))
1396 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1399 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1401 struct hci_cp_remote_name_req *cp;
1402 struct hci_conn *conn;
1404 BT_DBG("%s status 0x%x", hdev->name, status);
1406 /* If successful wait for the name req complete event before
1407 * checking for the need to do authentication */
1411 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1419 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1420 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1425 if (!hci_outgoing_auth_needed(hdev, conn))
1428 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1429 struct hci_cp_auth_requested cp;
1430 cp.handle = __cpu_to_le16(conn->handle);
1431 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1435 hci_dev_unlock(hdev);
1438 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1440 struct hci_cp_read_remote_features *cp;
1441 struct hci_conn *conn;
1443 BT_DBG("%s status 0x%x", hdev->name, status);
1448 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1454 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1456 if (conn->state == BT_CONFIG) {
1457 hci_proto_connect_cfm(conn, status);
1462 hci_dev_unlock(hdev);
1465 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1467 struct hci_cp_read_remote_ext_features *cp;
1468 struct hci_conn *conn;
1470 BT_DBG("%s status 0x%x", hdev->name, status);
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1481 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1483 if (conn->state == BT_CONFIG) {
1484 hci_proto_connect_cfm(conn, status);
1489 hci_dev_unlock(hdev);
1492 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1494 struct hci_cp_setup_sync_conn *cp;
1495 struct hci_conn *acl, *sco;
1498 BT_DBG("%s status 0x%x", hdev->name, status);
1503 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1507 handle = __le16_to_cpu(cp->handle);
1509 BT_DBG("%s handle %d", hdev->name, handle);
1513 acl = hci_conn_hash_lookup_handle(hdev, handle);
1517 sco->state = BT_CLOSED;
1519 hci_proto_connect_cfm(sco, status);
1524 hci_dev_unlock(hdev);
1527 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1529 struct hci_cp_sniff_mode *cp;
1530 struct hci_conn *conn;
1532 BT_DBG("%s status 0x%x", hdev->name, status);
1537 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1543 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1545 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1547 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1548 hci_sco_setup(conn, status);
1551 hci_dev_unlock(hdev);
1554 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1556 struct hci_cp_exit_sniff_mode *cp;
1557 struct hci_conn *conn;
1559 BT_DBG("%s status 0x%x", hdev->name, status);
1564 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1570 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1572 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1574 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1575 hci_sco_setup(conn, status);
1578 hci_dev_unlock(hdev);
1581 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1583 struct hci_cp_disconnect *cp;
1584 struct hci_conn *conn;
1589 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1597 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1598 conn->dst_type, status);
1600 hci_dev_unlock(hdev);
1603 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1605 struct hci_cp_le_create_conn *cp;
1606 struct hci_conn *conn;
1608 BT_DBG("%s status 0x%x", hdev->name, status);
1610 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1616 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1618 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1622 if (conn && conn->state == BT_CONNECT) {
1623 conn->state = BT_CLOSED;
1624 hci_proto_connect_cfm(conn, status);
1629 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1631 conn->dst_type = cp->peer_addr_type;
1634 BT_ERR("No memory for new connection");
1639 hci_dev_unlock(hdev);
1642 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1644 BT_DBG("%s status 0x%x", hdev->name, status);
1647 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1649 __u8 status = *((__u8 *) skb->data);
1650 struct discovery_state *discov = &hdev->discovery;
1651 struct inquiry_entry *e;
1653 BT_DBG("%s status %d", hdev->name, status);
1655 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1657 hci_conn_check_pending(hdev);
1659 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1662 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1667 if (discov->state != DISCOVERY_FINDING)
1670 if (list_empty(&discov->resolve)) {
1671 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1675 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1676 if (e && hci_resolve_name(hdev, e) == 0) {
1677 e->name_state = NAME_PENDING;
1678 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1680 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1684 hci_dev_unlock(hdev);
1687 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1689 struct inquiry_data data;
1690 struct inquiry_info *info = (void *) (skb->data + 1);
1691 int num_rsp = *((__u8 *) skb->data);
1693 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1700 for (; num_rsp; num_rsp--, info++) {
1701 bool name_known, ssp;
1703 bacpy(&data.bdaddr, &info->bdaddr);
1704 data.pscan_rep_mode = info->pscan_rep_mode;
1705 data.pscan_period_mode = info->pscan_period_mode;
1706 data.pscan_mode = info->pscan_mode;
1707 memcpy(data.dev_class, info->dev_class, 3);
1708 data.clock_offset = info->clock_offset;
1710 data.ssp_mode = 0x00;
1712 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1713 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1714 info->dev_class, 0, !name_known, ssp,
1718 hci_dev_unlock(hdev);
1721 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1723 struct hci_ev_conn_complete *ev = (void *) skb->data;
1724 struct hci_conn *conn;
1726 BT_DBG("%s", hdev->name);
1730 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1732 if (ev->link_type != SCO_LINK)
1735 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1739 conn->type = SCO_LINK;
1743 conn->handle = __le16_to_cpu(ev->handle);
1745 if (conn->type == ACL_LINK) {
1746 conn->state = BT_CONFIG;
1747 hci_conn_hold(conn);
1748 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1750 conn->state = BT_CONNECTED;
1752 hci_conn_hold_device(conn);
1753 hci_conn_add_sysfs(conn);
1755 if (test_bit(HCI_AUTH, &hdev->flags))
1756 conn->link_mode |= HCI_LM_AUTH;
1758 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1759 conn->link_mode |= HCI_LM_ENCRYPT;
1761 /* Get remote features */
1762 if (conn->type == ACL_LINK) {
1763 struct hci_cp_read_remote_features cp;
1764 cp.handle = ev->handle;
1765 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1769 /* Set packet type for incoming connection */
1770 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1771 struct hci_cp_change_conn_ptype cp;
1772 cp.handle = ev->handle;
1773 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1774 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1778 conn->state = BT_CLOSED;
1779 if (conn->type == ACL_LINK)
1780 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1781 conn->dst_type, ev->status);
1784 if (conn->type == ACL_LINK)
1785 hci_sco_setup(conn, ev->status);
1788 hci_proto_connect_cfm(conn, ev->status);
1790 } else if (ev->link_type != ACL_LINK)
1791 hci_proto_connect_cfm(conn, ev->status);
1794 hci_dev_unlock(hdev);
1796 hci_conn_check_pending(hdev);
1799 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1801 struct hci_ev_conn_request *ev = (void *) skb->data;
1802 int mask = hdev->link_mode;
1804 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1805 batostr(&ev->bdaddr), ev->link_type);
1807 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1809 if ((mask & HCI_LM_ACCEPT) &&
1810 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1811 /* Connection accepted */
1812 struct inquiry_entry *ie;
1813 struct hci_conn *conn;
1817 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1819 memcpy(ie->data.dev_class, ev->dev_class, 3);
1821 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1823 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1825 BT_ERR("No memory for new connection");
1826 hci_dev_unlock(hdev);
1831 memcpy(conn->dev_class, ev->dev_class, 3);
1832 conn->state = BT_CONNECT;
1834 hci_dev_unlock(hdev);
1836 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1837 struct hci_cp_accept_conn_req cp;
1839 bacpy(&cp.bdaddr, &ev->bdaddr);
1841 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1842 cp.role = 0x00; /* Become master */
1844 cp.role = 0x01; /* Remain slave */
1846 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1849 struct hci_cp_accept_sync_conn_req cp;
1851 bacpy(&cp.bdaddr, &ev->bdaddr);
1852 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1854 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1855 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1856 cp.max_latency = cpu_to_le16(0xffff);
1857 cp.content_format = cpu_to_le16(hdev->voice_setting);
1858 cp.retrans_effort = 0xff;
1860 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1864 /* Connection rejected */
1865 struct hci_cp_reject_conn_req cp;
1867 bacpy(&cp.bdaddr, &ev->bdaddr);
1868 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1869 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1873 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1875 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1876 struct hci_conn *conn;
1878 BT_DBG("%s status %d", hdev->name, ev->status);
1882 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1886 if (ev->status == 0)
1887 conn->state = BT_CLOSED;
1889 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1890 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1891 if (ev->status != 0)
1892 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1893 conn->dst_type, ev->status);
1895 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1899 if (ev->status == 0) {
1900 hci_proto_disconn_cfm(conn, ev->reason);
1905 hci_dev_unlock(hdev);
1908 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1910 struct hci_ev_auth_complete *ev = (void *) skb->data;
1911 struct hci_conn *conn;
1913 BT_DBG("%s status %d", hdev->name, ev->status);
1917 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1922 if (!hci_conn_ssp_enabled(conn) &&
1923 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1924 BT_INFO("re-auth of legacy device is not possible.");
1926 conn->link_mode |= HCI_LM_AUTH;
1927 conn->sec_level = conn->pending_sec_level;
1930 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1934 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1935 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1937 if (conn->state == BT_CONFIG) {
1938 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1939 struct hci_cp_set_conn_encrypt cp;
1940 cp.handle = ev->handle;
1942 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1945 conn->state = BT_CONNECTED;
1946 hci_proto_connect_cfm(conn, ev->status);
1950 hci_auth_cfm(conn, ev->status);
1952 hci_conn_hold(conn);
1953 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1957 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1959 struct hci_cp_set_conn_encrypt cp;
1960 cp.handle = ev->handle;
1962 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1965 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1966 hci_encrypt_cfm(conn, ev->status, 0x00);
1971 hci_dev_unlock(hdev);
1974 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1976 struct hci_ev_remote_name *ev = (void *) skb->data;
1977 struct hci_conn *conn;
1979 BT_DBG("%s", hdev->name);
1981 hci_conn_check_pending(hdev);
1985 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1987 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1990 if (ev->status == 0)
1991 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1992 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1994 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2000 if (!hci_outgoing_auth_needed(hdev, conn))
2003 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2004 struct hci_cp_auth_requested cp;
2005 cp.handle = __cpu_to_le16(conn->handle);
2006 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2010 hci_dev_unlock(hdev);
2013 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2015 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2016 struct hci_conn *conn;
2018 BT_DBG("%s status %d", hdev->name, ev->status);
2022 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2026 /* Encryption implies authentication */
2027 conn->link_mode |= HCI_LM_AUTH;
2028 conn->link_mode |= HCI_LM_ENCRYPT;
2029 conn->sec_level = conn->pending_sec_level;
2031 conn->link_mode &= ~HCI_LM_ENCRYPT;
2034 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2036 if (conn->state == BT_CONFIG) {
2038 conn->state = BT_CONNECTED;
2040 hci_proto_connect_cfm(conn, ev->status);
2043 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2046 hci_dev_unlock(hdev);
2049 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2051 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2052 struct hci_conn *conn;
2054 BT_DBG("%s status %d", hdev->name, ev->status);
2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2061 conn->link_mode |= HCI_LM_SECURE;
2063 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2065 hci_key_change_cfm(conn, ev->status);
2068 hci_dev_unlock(hdev);
2071 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2073 struct hci_ev_remote_features *ev = (void *) skb->data;
2074 struct hci_conn *conn;
2076 BT_DBG("%s status %d", hdev->name, ev->status);
2080 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2085 memcpy(conn->features, ev->features, 8);
2087 if (conn->state != BT_CONFIG)
2090 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2091 struct hci_cp_read_remote_ext_features cp;
2092 cp.handle = ev->handle;
2094 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2100 struct hci_cp_remote_name_req cp;
2101 memset(&cp, 0, sizeof(cp));
2102 bacpy(&cp.bdaddr, &conn->dst);
2103 cp.pscan_rep_mode = 0x02;
2104 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2105 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2106 mgmt_device_connected(hdev, &conn->dst, conn->type,
2107 conn->dst_type, 0, NULL, 0,
2110 if (!hci_outgoing_auth_needed(hdev, conn)) {
2111 conn->state = BT_CONNECTED;
2112 hci_proto_connect_cfm(conn, ev->status);
2117 hci_dev_unlock(hdev);
2120 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2122 BT_DBG("%s", hdev->name);
2125 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2127 BT_DBG("%s", hdev->name);
2130 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2132 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2135 skb_pull(skb, sizeof(*ev));
2137 opcode = __le16_to_cpu(ev->opcode);
2140 case HCI_OP_INQUIRY_CANCEL:
2141 hci_cc_inquiry_cancel(hdev, skb);
2144 case HCI_OP_EXIT_PERIODIC_INQ:
2145 hci_cc_exit_periodic_inq(hdev, skb);
2148 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2149 hci_cc_remote_name_req_cancel(hdev, skb);
2152 case HCI_OP_ROLE_DISCOVERY:
2153 hci_cc_role_discovery(hdev, skb);
2156 case HCI_OP_READ_LINK_POLICY:
2157 hci_cc_read_link_policy(hdev, skb);
2160 case HCI_OP_WRITE_LINK_POLICY:
2161 hci_cc_write_link_policy(hdev, skb);
2164 case HCI_OP_READ_DEF_LINK_POLICY:
2165 hci_cc_read_def_link_policy(hdev, skb);
2168 case HCI_OP_WRITE_DEF_LINK_POLICY:
2169 hci_cc_write_def_link_policy(hdev, skb);
2173 hci_cc_reset(hdev, skb);
2176 case HCI_OP_WRITE_LOCAL_NAME:
2177 hci_cc_write_local_name(hdev, skb);
2180 case HCI_OP_READ_LOCAL_NAME:
2181 hci_cc_read_local_name(hdev, skb);
2184 case HCI_OP_WRITE_AUTH_ENABLE:
2185 hci_cc_write_auth_enable(hdev, skb);
2188 case HCI_OP_WRITE_ENCRYPT_MODE:
2189 hci_cc_write_encrypt_mode(hdev, skb);
2192 case HCI_OP_WRITE_SCAN_ENABLE:
2193 hci_cc_write_scan_enable(hdev, skb);
2196 case HCI_OP_READ_CLASS_OF_DEV:
2197 hci_cc_read_class_of_dev(hdev, skb);
2200 case HCI_OP_WRITE_CLASS_OF_DEV:
2201 hci_cc_write_class_of_dev(hdev, skb);
2204 case HCI_OP_READ_VOICE_SETTING:
2205 hci_cc_read_voice_setting(hdev, skb);
2208 case HCI_OP_WRITE_VOICE_SETTING:
2209 hci_cc_write_voice_setting(hdev, skb);
2212 case HCI_OP_HOST_BUFFER_SIZE:
2213 hci_cc_host_buffer_size(hdev, skb);
2216 case HCI_OP_WRITE_SSP_MODE:
2217 hci_cc_write_ssp_mode(hdev, skb);
2220 case HCI_OP_READ_LOCAL_VERSION:
2221 hci_cc_read_local_version(hdev, skb);
2224 case HCI_OP_READ_LOCAL_COMMANDS:
2225 hci_cc_read_local_commands(hdev, skb);
2228 case HCI_OP_READ_LOCAL_FEATURES:
2229 hci_cc_read_local_features(hdev, skb);
2232 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2233 hci_cc_read_local_ext_features(hdev, skb);
2236 case HCI_OP_READ_BUFFER_SIZE:
2237 hci_cc_read_buffer_size(hdev, skb);
2240 case HCI_OP_READ_BD_ADDR:
2241 hci_cc_read_bd_addr(hdev, skb);
2244 case HCI_OP_READ_DATA_BLOCK_SIZE:
2245 hci_cc_read_data_block_size(hdev, skb);
2248 case HCI_OP_WRITE_CA_TIMEOUT:
2249 hci_cc_write_ca_timeout(hdev, skb);
2252 case HCI_OP_READ_FLOW_CONTROL_MODE:
2253 hci_cc_read_flow_control_mode(hdev, skb);
2256 case HCI_OP_READ_LOCAL_AMP_INFO:
2257 hci_cc_read_local_amp_info(hdev, skb);
2260 case HCI_OP_DELETE_STORED_LINK_KEY:
2261 hci_cc_delete_stored_link_key(hdev, skb);
2264 case HCI_OP_SET_EVENT_MASK:
2265 hci_cc_set_event_mask(hdev, skb);
2268 case HCI_OP_WRITE_INQUIRY_MODE:
2269 hci_cc_write_inquiry_mode(hdev, skb);
2272 case HCI_OP_READ_INQ_RSP_TX_POWER:
2273 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2276 case HCI_OP_SET_EVENT_FLT:
2277 hci_cc_set_event_flt(hdev, skb);
2280 case HCI_OP_PIN_CODE_REPLY:
2281 hci_cc_pin_code_reply(hdev, skb);
2284 case HCI_OP_PIN_CODE_NEG_REPLY:
2285 hci_cc_pin_code_neg_reply(hdev, skb);
2288 case HCI_OP_READ_LOCAL_OOB_DATA:
2289 hci_cc_read_local_oob_data_reply(hdev, skb);
2292 case HCI_OP_LE_READ_BUFFER_SIZE:
2293 hci_cc_le_read_buffer_size(hdev, skb);
2296 case HCI_OP_USER_CONFIRM_REPLY:
2297 hci_cc_user_confirm_reply(hdev, skb);
2300 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2301 hci_cc_user_confirm_neg_reply(hdev, skb);
2304 case HCI_OP_USER_PASSKEY_REPLY:
2305 hci_cc_user_passkey_reply(hdev, skb);
2308 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2309 hci_cc_user_passkey_neg_reply(hdev, skb);
2311 case HCI_OP_LE_SET_SCAN_PARAM:
2312 hci_cc_le_set_scan_param(hdev, skb);
2315 case HCI_OP_LE_SET_SCAN_ENABLE:
2316 hci_cc_le_set_scan_enable(hdev, skb);
2319 case HCI_OP_LE_LTK_REPLY:
2320 hci_cc_le_ltk_reply(hdev, skb);
2323 case HCI_OP_LE_LTK_NEG_REPLY:
2324 hci_cc_le_ltk_neg_reply(hdev, skb);
2327 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2328 hci_cc_write_le_host_supported(hdev, skb);
2332 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2336 if (ev->opcode != HCI_OP_NOP)
2337 del_timer(&hdev->cmd_timer);
2340 atomic_set(&hdev->cmd_cnt, 1);
2341 if (!skb_queue_empty(&hdev->cmd_q))
2342 queue_work(hdev->workqueue, &hdev->cmd_work);
2346 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2348 struct hci_ev_cmd_status *ev = (void *) skb->data;
2351 skb_pull(skb, sizeof(*ev));
2353 opcode = __le16_to_cpu(ev->opcode);
2356 case HCI_OP_INQUIRY:
2357 hci_cs_inquiry(hdev, ev->status);
2360 case HCI_OP_CREATE_CONN:
2361 hci_cs_create_conn(hdev, ev->status);
2364 case HCI_OP_ADD_SCO:
2365 hci_cs_add_sco(hdev, ev->status);
2368 case HCI_OP_AUTH_REQUESTED:
2369 hci_cs_auth_requested(hdev, ev->status);
2372 case HCI_OP_SET_CONN_ENCRYPT:
2373 hci_cs_set_conn_encrypt(hdev, ev->status);
2376 case HCI_OP_REMOTE_NAME_REQ:
2377 hci_cs_remote_name_req(hdev, ev->status);
2380 case HCI_OP_READ_REMOTE_FEATURES:
2381 hci_cs_read_remote_features(hdev, ev->status);
2384 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2385 hci_cs_read_remote_ext_features(hdev, ev->status);
2388 case HCI_OP_SETUP_SYNC_CONN:
2389 hci_cs_setup_sync_conn(hdev, ev->status);
2392 case HCI_OP_SNIFF_MODE:
2393 hci_cs_sniff_mode(hdev, ev->status);
2396 case HCI_OP_EXIT_SNIFF_MODE:
2397 hci_cs_exit_sniff_mode(hdev, ev->status);
2400 case HCI_OP_DISCONNECT:
2401 hci_cs_disconnect(hdev, ev->status);
2404 case HCI_OP_LE_CREATE_CONN:
2405 hci_cs_le_create_conn(hdev, ev->status);
2408 case HCI_OP_LE_START_ENC:
2409 hci_cs_le_start_enc(hdev, ev->status);
2413 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2417 if (ev->opcode != HCI_OP_NOP)
2418 del_timer(&hdev->cmd_timer);
2420 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2421 atomic_set(&hdev->cmd_cnt, 1);
2422 if (!skb_queue_empty(&hdev->cmd_q))
2423 queue_work(hdev->workqueue, &hdev->cmd_work);
2427 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429 struct hci_ev_role_change *ev = (void *) skb->data;
2430 struct hci_conn *conn;
2432 BT_DBG("%s status %d", hdev->name, ev->status);
2436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2440 conn->link_mode &= ~HCI_LM_MASTER;
2442 conn->link_mode |= HCI_LM_MASTER;
2445 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2447 hci_role_switch_cfm(conn, ev->status, ev->role);
2450 hci_dev_unlock(hdev);
2453 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2455 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2458 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2459 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2463 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2464 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2465 BT_DBG("%s bad parameters", hdev->name);
2469 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2471 for (i = 0; i < ev->num_hndl; i++) {
2472 struct hci_comp_pkts_info *info = &ev->handles[i];
2473 struct hci_conn *conn;
2474 __u16 handle, count;
2476 handle = __le16_to_cpu(info->handle);
2477 count = __le16_to_cpu(info->count);
2479 conn = hci_conn_hash_lookup_handle(hdev, handle);
2483 conn->sent -= count;
2485 switch (conn->type) {
2487 hdev->acl_cnt += count;
2488 if (hdev->acl_cnt > hdev->acl_pkts)
2489 hdev->acl_cnt = hdev->acl_pkts;
2493 if (hdev->le_pkts) {
2494 hdev->le_cnt += count;
2495 if (hdev->le_cnt > hdev->le_pkts)
2496 hdev->le_cnt = hdev->le_pkts;
2498 hdev->acl_cnt += count;
2499 if (hdev->acl_cnt > hdev->acl_pkts)
2500 hdev->acl_cnt = hdev->acl_pkts;
2505 hdev->sco_cnt += count;
2506 if (hdev->sco_cnt > hdev->sco_pkts)
2507 hdev->sco_cnt = hdev->sco_pkts;
2511 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2516 queue_work(hdev->workqueue, &hdev->tx_work);
2519 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2520 struct sk_buff *skb)
2522 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2525 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2526 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2530 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2531 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2532 BT_DBG("%s bad parameters", hdev->name);
2536 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2539 for (i = 0; i < ev->num_hndl; i++) {
2540 struct hci_comp_blocks_info *info = &ev->handles[i];
2541 struct hci_conn *conn;
2542 __u16 handle, block_count;
2544 handle = __le16_to_cpu(info->handle);
2545 block_count = __le16_to_cpu(info->blocks);
2547 conn = hci_conn_hash_lookup_handle(hdev, handle);
2551 conn->sent -= block_count;
2553 switch (conn->type) {
2555 hdev->block_cnt += block_count;
2556 if (hdev->block_cnt > hdev->num_blocks)
2557 hdev->block_cnt = hdev->num_blocks;
2561 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2566 queue_work(hdev->workqueue, &hdev->tx_work);
2569 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2571 struct hci_ev_mode_change *ev = (void *) skb->data;
2572 struct hci_conn *conn;
2574 BT_DBG("%s status %d", hdev->name, ev->status);
2578 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2580 conn->mode = ev->mode;
2581 conn->interval = __le16_to_cpu(ev->interval);
2583 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2584 if (conn->mode == HCI_CM_ACTIVE)
2585 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2587 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2590 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2591 hci_sco_setup(conn, ev->status);
2594 hci_dev_unlock(hdev);
2597 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2600 struct hci_conn *conn;
2602 BT_DBG("%s", hdev->name);
2606 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2610 if (conn->state == BT_CONNECTED) {
2611 hci_conn_hold(conn);
2612 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2616 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2617 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2618 sizeof(ev->bdaddr), &ev->bdaddr);
2619 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2622 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2627 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2631 hci_dev_unlock(hdev);
2634 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2636 struct hci_ev_link_key_req *ev = (void *) skb->data;
2637 struct hci_cp_link_key_reply cp;
2638 struct hci_conn *conn;
2639 struct link_key *key;
2641 BT_DBG("%s", hdev->name);
2643 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2648 key = hci_find_link_key(hdev, &ev->bdaddr);
2650 BT_DBG("%s link key not found for %s", hdev->name,
2651 batostr(&ev->bdaddr));
2655 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2656 batostr(&ev->bdaddr));
2658 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2659 key->type == HCI_LK_DEBUG_COMBINATION) {
2660 BT_DBG("%s ignoring debug key", hdev->name);
2664 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2666 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2667 conn->auth_type != 0xff &&
2668 (conn->auth_type & 0x01)) {
2669 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2673 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2674 conn->pending_sec_level == BT_SECURITY_HIGH) {
2675 BT_DBG("%s ignoring key unauthenticated for high \
2676 security", hdev->name);
2680 conn->key_type = key->type;
2681 conn->pin_length = key->pin_len;
2684 bacpy(&cp.bdaddr, &ev->bdaddr);
2685 memcpy(cp.link_key, key->val, 16);
2687 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2689 hci_dev_unlock(hdev);
2694 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2695 hci_dev_unlock(hdev);
2698 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2700 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2701 struct hci_conn *conn;
2704 BT_DBG("%s", hdev->name);
2708 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2710 hci_conn_hold(conn);
2711 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2712 pin_len = conn->pin_length;
2714 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2715 conn->key_type = ev->key_type;
2720 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2721 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2722 ev->key_type, pin_len);
2724 hci_dev_unlock(hdev);
2727 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2729 struct hci_ev_clock_offset *ev = (void *) skb->data;
2730 struct hci_conn *conn;
2732 BT_DBG("%s status %d", hdev->name, ev->status);
2736 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2737 if (conn && !ev->status) {
2738 struct inquiry_entry *ie;
2740 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2742 ie->data.clock_offset = ev->clock_offset;
2743 ie->timestamp = jiffies;
2747 hci_dev_unlock(hdev);
2750 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2752 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2753 struct hci_conn *conn;
2755 BT_DBG("%s status %d", hdev->name, ev->status);
2759 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2760 if (conn && !ev->status)
2761 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2763 hci_dev_unlock(hdev);
2766 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2768 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2769 struct inquiry_entry *ie;
2771 BT_DBG("%s", hdev->name);
2775 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2777 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2778 ie->timestamp = jiffies;
2781 hci_dev_unlock(hdev);
2784 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2786 struct inquiry_data data;
2787 int num_rsp = *((__u8 *) skb->data);
2788 bool name_known, ssp;
2790 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2797 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2798 struct inquiry_info_with_rssi_and_pscan_mode *info;
2799 info = (void *) (skb->data + 1);
2801 for (; num_rsp; num_rsp--, info++) {
2802 bacpy(&data.bdaddr, &info->bdaddr);
2803 data.pscan_rep_mode = info->pscan_rep_mode;
2804 data.pscan_period_mode = info->pscan_period_mode;
2805 data.pscan_mode = info->pscan_mode;
2806 memcpy(data.dev_class, info->dev_class, 3);
2807 data.clock_offset = info->clock_offset;
2808 data.rssi = info->rssi;
2809 data.ssp_mode = 0x00;
2811 name_known = hci_inquiry_cache_update(hdev, &data,
2813 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2814 info->dev_class, info->rssi,
2815 !name_known, ssp, NULL, 0);
2818 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2820 for (; num_rsp; num_rsp--, info++) {
2821 bacpy(&data.bdaddr, &info->bdaddr);
2822 data.pscan_rep_mode = info->pscan_rep_mode;
2823 data.pscan_period_mode = info->pscan_period_mode;
2824 data.pscan_mode = 0x00;
2825 memcpy(data.dev_class, info->dev_class, 3);
2826 data.clock_offset = info->clock_offset;
2827 data.rssi = info->rssi;
2828 data.ssp_mode = 0x00;
2829 name_known = hci_inquiry_cache_update(hdev, &data,
2831 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2832 info->dev_class, info->rssi,
2833 !name_known, ssp, NULL, 0);
2837 hci_dev_unlock(hdev);
2840 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2842 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2843 struct hci_conn *conn;
2845 BT_DBG("%s", hdev->name);
2849 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2853 if (!ev->status && ev->page == 0x01) {
2854 struct inquiry_entry *ie;
2856 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2858 ie->data.ssp_mode = (ev->features[0] & 0x01);
2860 if (ev->features[0] & 0x01)
2861 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2864 if (conn->state != BT_CONFIG)
2868 struct hci_cp_remote_name_req cp;
2869 memset(&cp, 0, sizeof(cp));
2870 bacpy(&cp.bdaddr, &conn->dst);
2871 cp.pscan_rep_mode = 0x02;
2872 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2873 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2874 mgmt_device_connected(hdev, &conn->dst, conn->type,
2875 conn->dst_type, 0, NULL, 0,
2878 if (!hci_outgoing_auth_needed(hdev, conn)) {
2879 conn->state = BT_CONNECTED;
2880 hci_proto_connect_cfm(conn, ev->status);
2885 hci_dev_unlock(hdev);
2888 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2890 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2891 struct hci_conn *conn;
2893 BT_DBG("%s status %d", hdev->name, ev->status);
2897 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2899 if (ev->link_type == ESCO_LINK)
2902 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2906 conn->type = SCO_LINK;
2909 switch (ev->status) {
2911 conn->handle = __le16_to_cpu(ev->handle);
2912 conn->state = BT_CONNECTED;
2914 hci_conn_hold_device(conn);
2915 hci_conn_add_sysfs(conn);
2918 case 0x11: /* Unsupported Feature or Parameter Value */
2919 case 0x1c: /* SCO interval rejected */
2920 case 0x1a: /* Unsupported Remote Feature */
2921 case 0x1f: /* Unspecified error */
2922 if (conn->out && conn->attempt < 2) {
2923 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2924 (hdev->esco_type & EDR_ESCO_MASK);
2925 hci_setup_sync(conn, conn->link->handle);
2931 conn->state = BT_CLOSED;
2935 hci_proto_connect_cfm(conn, ev->status);
2940 hci_dev_unlock(hdev);
2943 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2945 BT_DBG("%s", hdev->name);
2948 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2950 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2952 BT_DBG("%s status %d", hdev->name, ev->status);
2955 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2957 struct inquiry_data data;
2958 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2959 int num_rsp = *((__u8 *) skb->data);
2961 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2968 for (; num_rsp; num_rsp--, info++) {
2969 bool name_known, ssp;
2971 bacpy(&data.bdaddr, &info->bdaddr);
2972 data.pscan_rep_mode = info->pscan_rep_mode;
2973 data.pscan_period_mode = info->pscan_period_mode;
2974 data.pscan_mode = 0x00;
2975 memcpy(data.dev_class, info->dev_class, 3);
2976 data.clock_offset = info->clock_offset;
2977 data.rssi = info->rssi;
2978 data.ssp_mode = 0x01;
2980 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2981 name_known = eir_has_data_type(info->data,
2987 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2989 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2990 info->dev_class, info->rssi,
2991 !name_known, ssp, info->data,
2992 sizeof(info->data));
2995 hci_dev_unlock(hdev);
2998 static inline u8 hci_get_auth_req(struct hci_conn *conn)
3000 /* If remote requests dedicated bonding follow that lead */
3001 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3002 /* If both remote and local IO capabilities allow MITM
3003 * protection then require it, otherwise don't */
3004 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3010 /* If remote requests no-bonding follow that lead */
3011 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3012 return conn->remote_auth | (conn->auth_type & 0x01);
3014 return conn->auth_type;
3017 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3019 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3020 struct hci_conn *conn;
3022 BT_DBG("%s", hdev->name);
3026 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3030 hci_conn_hold(conn);
3032 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3035 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3036 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3037 struct hci_cp_io_capability_reply cp;
3039 bacpy(&cp.bdaddr, &ev->bdaddr);
3040 /* Change the IO capability from KeyboardDisplay
3041 * to DisplayYesNo as it is not supported by BT spec. */
3042 cp.capability = (conn->io_capability == 0x04) ?
3043 0x01 : conn->io_capability;
3044 conn->auth_type = hci_get_auth_req(conn);
3045 cp.authentication = conn->auth_type;
3047 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3048 hci_find_remote_oob_data(hdev, &conn->dst))
3053 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3056 struct hci_cp_io_capability_neg_reply cp;
3058 bacpy(&cp.bdaddr, &ev->bdaddr);
3059 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3061 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3066 hci_dev_unlock(hdev);
3069 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3071 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3072 struct hci_conn *conn;
3074 BT_DBG("%s", hdev->name);
3078 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3082 conn->remote_cap = ev->capability;
3083 conn->remote_auth = ev->authentication;
3085 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3088 hci_dev_unlock(hdev);
3091 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3092 struct sk_buff *skb)
3094 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3095 int loc_mitm, rem_mitm, confirm_hint = 0;
3096 struct hci_conn *conn;
3098 BT_DBG("%s", hdev->name);
3102 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3109 loc_mitm = (conn->auth_type & 0x01);
3110 rem_mitm = (conn->remote_auth & 0x01);
3112 /* If we require MITM but the remote device can't provide that
3113 * (it has NoInputNoOutput) then reject the confirmation
3114 * request. The only exception is when we're dedicated bonding
3115 * initiators (connect_cfm_cb set) since then we always have the MITM
3117 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3118 BT_DBG("Rejecting request: remote device can't provide MITM");
3119 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3120 sizeof(ev->bdaddr), &ev->bdaddr);
3124 /* If no side requires MITM protection; auto-accept */
3125 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3126 (!rem_mitm || conn->io_capability == 0x03)) {
3128 /* If we're not the initiators request authorization to
3129 * proceed from user space (mgmt_user_confirm with
3130 * confirm_hint set to 1). */
3131 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3132 BT_DBG("Confirming auto-accept as acceptor");
3137 BT_DBG("Auto-accept of user confirmation with %ums delay",
3138 hdev->auto_accept_delay);
3140 if (hdev->auto_accept_delay > 0) {
3141 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3142 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3146 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3147 sizeof(ev->bdaddr), &ev->bdaddr);
3152 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3156 hci_dev_unlock(hdev);
3159 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3160 struct sk_buff *skb)
3162 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3164 BT_DBG("%s", hdev->name);
3168 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3169 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3171 hci_dev_unlock(hdev);
3174 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3176 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3177 struct hci_conn *conn;
3179 BT_DBG("%s", hdev->name);
3183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3187 /* To avoid duplicate auth_failed events to user space we check
3188 * the HCI_CONN_AUTH_PEND flag which will be set if we
3189 * initiated the authentication. A traditional auth_complete
3190 * event gets always produced as initiator and is also mapped to
3191 * the mgmt_auth_failed event */
3192 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3193 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3199 hci_dev_unlock(hdev);
3202 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3204 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3205 struct inquiry_entry *ie;
3207 BT_DBG("%s", hdev->name);
3211 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3213 ie->data.ssp_mode = (ev->features[0] & 0x01);
3215 hci_dev_unlock(hdev);
3218 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3219 struct sk_buff *skb)
3221 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3222 struct oob_data *data;
3224 BT_DBG("%s", hdev->name);
3228 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3231 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3233 struct hci_cp_remote_oob_data_reply cp;
3235 bacpy(&cp.bdaddr, &ev->bdaddr);
3236 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3237 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3239 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3242 struct hci_cp_remote_oob_data_neg_reply cp;
3244 bacpy(&cp.bdaddr, &ev->bdaddr);
3245 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3250 hci_dev_unlock(hdev);
3253 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3255 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3256 struct hci_conn *conn;
3258 BT_DBG("%s status %d", hdev->name, ev->status);
3262 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3264 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3266 BT_ERR("No memory for new connection");
3267 hci_dev_unlock(hdev);
3271 conn->dst_type = ev->bdaddr_type;
3275 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3276 conn->dst_type, ev->status);
3277 hci_proto_connect_cfm(conn, ev->status);
3278 conn->state = BT_CLOSED;
3283 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3284 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3285 conn->dst_type, 0, NULL, 0, 0);
3287 conn->sec_level = BT_SECURITY_LOW;
3288 conn->handle = __le16_to_cpu(ev->handle);
3289 conn->state = BT_CONNECTED;
3291 hci_conn_hold_device(conn);
3292 hci_conn_add_sysfs(conn);
3294 hci_proto_connect_cfm(conn, ev->status);
3297 hci_dev_unlock(hdev);
3300 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3301 struct sk_buff *skb)
3303 u8 num_reports = skb->data[0];
3304 void *ptr = &skb->data[1];
3309 while (num_reports--) {
3310 struct hci_ev_le_advertising_info *ev = ptr;
3312 hci_add_adv_entry(hdev, ev);
3314 rssi = ev->data[ev->length];
3315 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3316 NULL, rssi, 0, 1, ev->data,
3319 ptr += sizeof(*ev) + ev->length + 1;
3322 hci_dev_unlock(hdev);
3325 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
3328 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3329 struct hci_cp_le_ltk_reply cp;
3330 struct hci_cp_le_ltk_neg_reply neg;
3331 struct hci_conn *conn;
3332 struct smp_ltk *ltk;
3334 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3338 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3342 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3346 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3347 cp.handle = cpu_to_le16(conn->handle);
3349 if (ltk->authenticated)
3350 conn->sec_level = BT_SECURITY_HIGH;
3352 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3354 if (ltk->type & HCI_SMP_STK) {
3355 list_del(<k->list);
3359 hci_dev_unlock(hdev);
3364 neg.handle = ev->handle;
3365 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3366 hci_dev_unlock(hdev);
3369 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3371 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3373 skb_pull(skb, sizeof(*le_ev));
3375 switch (le_ev->subevent) {
3376 case HCI_EV_LE_CONN_COMPLETE:
3377 hci_le_conn_complete_evt(hdev, skb);
3380 case HCI_EV_LE_ADVERTISING_REPORT:
3381 hci_le_adv_report_evt(hdev, skb);
3384 case HCI_EV_LE_LTK_REQ:
3385 hci_le_ltk_request_evt(hdev, skb);
3393 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3395 struct hci_event_hdr *hdr = (void *) skb->data;
3396 __u8 event = hdr->evt;
3398 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3401 case HCI_EV_INQUIRY_COMPLETE:
3402 hci_inquiry_complete_evt(hdev, skb);
3405 case HCI_EV_INQUIRY_RESULT:
3406 hci_inquiry_result_evt(hdev, skb);
3409 case HCI_EV_CONN_COMPLETE:
3410 hci_conn_complete_evt(hdev, skb);
3413 case HCI_EV_CONN_REQUEST:
3414 hci_conn_request_evt(hdev, skb);
3417 case HCI_EV_DISCONN_COMPLETE:
3418 hci_disconn_complete_evt(hdev, skb);
3421 case HCI_EV_AUTH_COMPLETE:
3422 hci_auth_complete_evt(hdev, skb);
3425 case HCI_EV_REMOTE_NAME:
3426 hci_remote_name_evt(hdev, skb);
3429 case HCI_EV_ENCRYPT_CHANGE:
3430 hci_encrypt_change_evt(hdev, skb);
3433 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3434 hci_change_link_key_complete_evt(hdev, skb);
3437 case HCI_EV_REMOTE_FEATURES:
3438 hci_remote_features_evt(hdev, skb);
3441 case HCI_EV_REMOTE_VERSION:
3442 hci_remote_version_evt(hdev, skb);
3445 case HCI_EV_QOS_SETUP_COMPLETE:
3446 hci_qos_setup_complete_evt(hdev, skb);
3449 case HCI_EV_CMD_COMPLETE:
3450 hci_cmd_complete_evt(hdev, skb);
3453 case HCI_EV_CMD_STATUS:
3454 hci_cmd_status_evt(hdev, skb);
3457 case HCI_EV_ROLE_CHANGE:
3458 hci_role_change_evt(hdev, skb);
3461 case HCI_EV_NUM_COMP_PKTS:
3462 hci_num_comp_pkts_evt(hdev, skb);
3465 case HCI_EV_MODE_CHANGE:
3466 hci_mode_change_evt(hdev, skb);
3469 case HCI_EV_PIN_CODE_REQ:
3470 hci_pin_code_request_evt(hdev, skb);
3473 case HCI_EV_LINK_KEY_REQ:
3474 hci_link_key_request_evt(hdev, skb);
3477 case HCI_EV_LINK_KEY_NOTIFY:
3478 hci_link_key_notify_evt(hdev, skb);
3481 case HCI_EV_CLOCK_OFFSET:
3482 hci_clock_offset_evt(hdev, skb);
3485 case HCI_EV_PKT_TYPE_CHANGE:
3486 hci_pkt_type_change_evt(hdev, skb);
3489 case HCI_EV_PSCAN_REP_MODE:
3490 hci_pscan_rep_mode_evt(hdev, skb);
3493 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3494 hci_inquiry_result_with_rssi_evt(hdev, skb);
3497 case HCI_EV_REMOTE_EXT_FEATURES:
3498 hci_remote_ext_features_evt(hdev, skb);
3501 case HCI_EV_SYNC_CONN_COMPLETE:
3502 hci_sync_conn_complete_evt(hdev, skb);
3505 case HCI_EV_SYNC_CONN_CHANGED:
3506 hci_sync_conn_changed_evt(hdev, skb);
3509 case HCI_EV_SNIFF_SUBRATE:
3510 hci_sniff_subrate_evt(hdev, skb);
3513 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3514 hci_extended_inquiry_result_evt(hdev, skb);
3517 case HCI_EV_IO_CAPA_REQUEST:
3518 hci_io_capa_request_evt(hdev, skb);
3521 case HCI_EV_IO_CAPA_REPLY:
3522 hci_io_capa_reply_evt(hdev, skb);
3525 case HCI_EV_USER_CONFIRM_REQUEST:
3526 hci_user_confirm_request_evt(hdev, skb);
3529 case HCI_EV_USER_PASSKEY_REQUEST:
3530 hci_user_passkey_request_evt(hdev, skb);
3533 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3534 hci_simple_pair_complete_evt(hdev, skb);
3537 case HCI_EV_REMOTE_HOST_FEATURES:
3538 hci_remote_host_features_evt(hdev, skb);
3541 case HCI_EV_LE_META:
3542 hci_le_meta_evt(hdev, skb);
3545 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3546 hci_remote_oob_data_request_evt(hdev, skb);
3549 case HCI_EV_NUM_COMP_BLOCKS:
3550 hci_num_comp_blocks_evt(hdev, skb);
3554 BT_DBG("%s event 0x%x", hdev->name, event);
3559 hdev->stat.evt_rx++;
projects / mv-sheeva.git / blob