2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 clear_bit(HCI_INQUIRY, &hdev->flags);
47 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
48 wake_up_bit(&hdev->flags, HCI_INQUIRY);
50 hci_conn_check_pending(hdev);
53 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 __u8 status = *((__u8 *) skb->data);
57 BT_DBG("%s status 0x%2.2x", hdev->name, status);
62 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
65 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 __u8 status = *((__u8 *) skb->data);
69 BT_DBG("%s status 0x%2.2x", hdev->name, status);
74 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76 hci_conn_check_pending(hdev);
79 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
82 BT_DBG("%s", hdev->name);
85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
90 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 conn->link_mode &= ~HCI_LM_MASTER;
102 conn->link_mode |= HCI_LM_MASTER;
105 hci_dev_unlock(hdev);
108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 conn->link_policy = __le16_to_cpu(rp->policy);
124 hci_dev_unlock(hdev);
127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
133 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146 conn->link_policy = get_unaligned_le16(sent + 2);
148 hci_dev_unlock(hdev);
151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
154 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
161 hdev->link_policy = __le16_to_cpu(rp->policy);
164 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 __u8 status = *((__u8 *) skb->data);
184 BT_DBG("%s status 0x%2.2x", hdev->name, status);
186 clear_bit(HCI_RESET, &hdev->flags);
188 /* Reset all non-persistent flags */
189 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191 hdev->discovery.state = DISCOVERY_STOPPED;
192 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
193 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
196 hdev->adv_data_len = 0;
199 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201 __u8 status = *((__u8 *) skb->data);
204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
212 if (test_bit(HCI_MGMT, &hdev->dev_flags))
213 mgmt_set_local_name_complete(hdev, sent, status);
215 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
217 hci_dev_unlock(hdev);
220 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222 struct hci_rp_read_local_name *rp = (void *) skb->data;
224 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
229 if (test_bit(HCI_SETUP, &hdev->dev_flags))
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
233 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235 __u8 status = *((__u8 *) skb->data);
238 BT_DBG("%s status 0x%2.2x", hdev->name, status);
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 __u8 param = *((__u8 *) sent);
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
250 clear_bit(HCI_AUTH, &hdev->flags);
253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
257 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
259 __u8 status = *((__u8 *) skb->data);
262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
264 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
269 __u8 param = *((__u8 *) sent);
272 set_bit(HCI_ENCRYPT, &hdev->flags);
274 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
280 __u8 param, status = *((__u8 *) skb->data);
281 int old_pscan, old_iscan;
284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
286 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 param = *((__u8 *) sent);
295 mgmt_write_scan_failed(hdev, param, status);
296 hdev->discov_timeout = 0;
300 /* We need to ensure that we set this back on if someone changed
301 * the scan mode through a raw HCI socket.
303 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
311 mgmt_discoverable(hdev, 1);
312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 } else if (old_iscan)
318 mgmt_discoverable(hdev, 0);
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
323 mgmt_connectable(hdev, 1);
324 } else if (old_pscan)
325 mgmt_connectable(hdev, 0);
328 hci_dev_unlock(hdev);
331 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
340 memcpy(hdev->dev_class, rp->dev_class, 3);
342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
346 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 __u8 status = *((__u8 *) skb->data);
351 BT_DBG("%s status 0x%2.2x", hdev->name, status);
353 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360 memcpy(hdev->dev_class, sent, 3);
362 if (test_bit(HCI_MGMT, &hdev->dev_flags))
363 mgmt_set_class_of_dev_complete(hdev, sent, status);
365 hci_dev_unlock(hdev);
368 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
370 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
373 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
378 setting = __le16_to_cpu(rp->voice_setting);
380 if (hdev->voice_setting == setting)
383 hdev->voice_setting = setting;
385 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
388 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
391 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
394 __u8 status = *((__u8 *) skb->data);
398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
403 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
407 setting = get_unaligned_le16(sent);
409 if (hdev->voice_setting == setting)
412 hdev->voice_setting = setting;
414 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
417 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
420 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
422 __u8 status = *((__u8 *) skb->data);
423 struct hci_cp_write_ssp_mode *sent;
425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
427 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->features[1][0] |= LMP_HOST_SSP;
435 hdev->features[1][0] &= ~LMP_HOST_SSP;
438 if (test_bit(HCI_MGMT, &hdev->dev_flags))
439 mgmt_ssp_enable_complete(hdev, sent->mode, status);
442 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
444 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
450 struct hci_rp_read_local_version *rp = (void *) skb->data;
452 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
457 hdev->hci_ver = rp->hci_ver;
458 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
459 hdev->lmp_ver = rp->lmp_ver;
460 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
461 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
463 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
464 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
467 static void hci_cc_read_local_commands(struct hci_dev *hdev,
470 struct hci_rp_read_local_commands *rp = (void *) skb->data;
472 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
475 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
478 static void hci_cc_read_local_features(struct hci_dev *hdev,
481 struct hci_rp_read_local_features *rp = (void *) skb->data;
483 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
488 memcpy(hdev->features, rp->features, 8);
490 /* Adjust default settings according to features
491 * supported by device. */
493 if (hdev->features[0][0] & LMP_3SLOT)
494 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
496 if (hdev->features[0][0] & LMP_5SLOT)
497 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
499 if (hdev->features[0][1] & LMP_HV2) {
500 hdev->pkt_type |= (HCI_HV2);
501 hdev->esco_type |= (ESCO_HV2);
504 if (hdev->features[0][1] & LMP_HV3) {
505 hdev->pkt_type |= (HCI_HV3);
506 hdev->esco_type |= (ESCO_HV3);
509 if (lmp_esco_capable(hdev))
510 hdev->esco_type |= (ESCO_EV3);
512 if (hdev->features[0][4] & LMP_EV4)
513 hdev->esco_type |= (ESCO_EV4);
515 if (hdev->features[0][4] & LMP_EV5)
516 hdev->esco_type |= (ESCO_EV5);
518 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
519 hdev->esco_type |= (ESCO_2EV3);
521 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
522 hdev->esco_type |= (ESCO_3EV3);
524 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
525 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
527 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
528 hdev->features[0][0], hdev->features[0][1],
529 hdev->features[0][2], hdev->features[0][3],
530 hdev->features[0][4], hdev->features[0][5],
531 hdev->features[0][6], hdev->features[0][7]);
534 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
537 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
539 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
544 hdev->max_page = rp->max_page;
546 if (rp->page < HCI_MAX_PAGES)
547 memcpy(hdev->features[rp->page], rp->features, 8);
550 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
553 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
555 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
558 hdev->flow_ctl_mode = rp->mode;
561 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
563 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
565 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
570 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
571 hdev->sco_mtu = rp->sco_mtu;
572 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
573 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
575 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
580 hdev->acl_cnt = hdev->acl_pkts;
581 hdev->sco_cnt = hdev->sco_pkts;
583 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
584 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
587 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
589 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
591 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
594 bacpy(&hdev->bdaddr, &rp->bdaddr);
597 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
600 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
604 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
605 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
606 hdev->page_scan_window = __le16_to_cpu(rp->window);
610 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
613 u8 status = *((u8 *) skb->data);
614 struct hci_cp_write_page_scan_activity *sent;
616 BT_DBG("%s status 0x%2.2x", hdev->name, status);
621 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
625 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
626 hdev->page_scan_window = __le16_to_cpu(sent->window);
629 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
632 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
634 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
636 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
637 hdev->page_scan_type = rp->type;
640 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
643 u8 status = *((u8 *) skb->data);
646 BT_DBG("%s status 0x%2.2x", hdev->name, status);
651 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
653 hdev->page_scan_type = *type;
656 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
659 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
666 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
667 hdev->block_len = __le16_to_cpu(rp->block_len);
668 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
670 hdev->block_cnt = hdev->num_blocks;
672 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
673 hdev->block_cnt, hdev->block_len);
676 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
679 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
686 hdev->amp_status = rp->amp_status;
687 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
688 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
689 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
690 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
691 hdev->amp_type = rp->amp_type;
692 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
693 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
694 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
695 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
698 a2mp_send_getinfo_rsp(hdev);
701 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
704 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
705 struct amp_assoc *assoc = &hdev->loc_assoc;
706 size_t rem_len, frag_len;
708 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
713 frag_len = skb->len - sizeof(*rp);
714 rem_len = __le16_to_cpu(rp->rem_len);
716 if (rem_len > frag_len) {
717 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
719 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
720 assoc->offset += frag_len;
722 /* Read other fragments */
723 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
728 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
729 assoc->len = assoc->offset + rem_len;
733 /* Send A2MP Rsp when all fragments are received */
734 a2mp_send_getampassoc_rsp(hdev, rp->status);
735 a2mp_send_create_phy_link_req(hdev, rp->status);
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
741 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
743 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
746 hdev->inq_tx_power = rp->tx_power;
749 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
752 struct hci_cp_pin_code_reply *cp;
753 struct hci_conn *conn;
755 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759 if (test_bit(HCI_MGMT, &hdev->dev_flags))
760 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
765 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
769 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
771 conn->pin_length = cp->pin_len;
774 hci_dev_unlock(hdev);
777 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
779 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
781 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
785 if (test_bit(HCI_MGMT, &hdev->dev_flags))
786 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
789 hci_dev_unlock(hdev);
792 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
795 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
797 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
803 hdev->le_pkts = rp->le_max_pkt;
805 hdev->le_cnt = hdev->le_pkts;
807 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
810 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
813 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
815 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
818 memcpy(hdev->le_features, rp->features, 8);
821 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
824 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829 hdev->adv_tx_power = rp->tx_power;
832 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
834 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
840 if (test_bit(HCI_MGMT, &hdev->dev_flags))
841 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
844 hci_dev_unlock(hdev);
847 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
850 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856 if (test_bit(HCI_MGMT, &hdev->dev_flags))
857 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
858 ACL_LINK, 0, rp->status);
860 hci_dev_unlock(hdev);
863 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
865 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871 if (test_bit(HCI_MGMT, &hdev->dev_flags))
872 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
875 hci_dev_unlock(hdev);
878 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887 if (test_bit(HCI_MGMT, &hdev->dev_flags))
888 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
889 ACL_LINK, 0, rp->status);
891 hci_dev_unlock(hdev);
894 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
897 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
902 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
903 rp->randomizer, rp->status);
904 hci_dev_unlock(hdev);
907 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
909 __u8 *sent, status = *((__u8 *) skb->data);
911 BT_DBG("%s status 0x%2.2x", hdev->name, status);
913 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
921 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
923 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
926 if (!test_bit(HCI_INIT, &hdev->flags)) {
927 struct hci_request req;
929 hci_req_init(&req, hdev);
931 hci_req_run(&req, NULL);
934 hci_dev_unlock(hdev);
937 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
940 struct hci_cp_le_set_scan_enable *cp;
941 __u8 status = *((__u8 *) skb->data);
943 BT_DBG("%s status 0x%2.2x", hdev->name, status);
945 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
952 switch (cp->enable) {
954 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
957 case LE_SCAN_DISABLE:
958 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
962 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
967 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
970 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
972 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
975 hdev->le_white_list_size = rp->size;
978 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
981 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
983 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
986 memcpy(hdev->le_states, rp->le_states, 8);
989 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
992 struct hci_cp_write_le_host_supported *sent;
993 __u8 status = *((__u8 *) skb->data);
995 BT_DBG("%s status 0x%2.2x", hdev->name, status);
997 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1003 hdev->features[1][0] |= LMP_HOST_LE;
1004 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1006 hdev->features[1][0] &= ~LMP_HOST_LE;
1007 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1008 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1012 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1014 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1018 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1019 struct sk_buff *skb)
1021 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1023 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1024 hdev->name, rp->status, rp->phy_handle);
1029 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1032 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1034 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1037 hci_conn_check_pending(hdev);
1041 set_bit(HCI_INQUIRY, &hdev->flags);
1044 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1046 struct hci_cp_create_conn *cp;
1047 struct hci_conn *conn;
1049 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1059 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1062 if (conn && conn->state == BT_CONNECT) {
1063 if (status != 0x0c || conn->attempt > 2) {
1064 conn->state = BT_CLOSED;
1065 hci_proto_connect_cfm(conn, status);
1068 conn->state = BT_CONNECT2;
1072 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1075 conn->link_mode |= HCI_LM_MASTER;
1077 BT_ERR("No memory for new connection");
1081 hci_dev_unlock(hdev);
1084 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1086 struct hci_cp_add_sco *cp;
1087 struct hci_conn *acl, *sco;
1090 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1095 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1099 handle = __le16_to_cpu(cp->handle);
1101 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1105 acl = hci_conn_hash_lookup_handle(hdev, handle);
1109 sco->state = BT_CLOSED;
1111 hci_proto_connect_cfm(sco, status);
1116 hci_dev_unlock(hdev);
1119 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1121 struct hci_cp_auth_requested *cp;
1122 struct hci_conn *conn;
1124 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1129 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1135 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1137 if (conn->state == BT_CONFIG) {
1138 hci_proto_connect_cfm(conn, status);
1139 hci_conn_drop(conn);
1143 hci_dev_unlock(hdev);
1146 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1148 struct hci_cp_set_conn_encrypt *cp;
1149 struct hci_conn *conn;
1151 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1156 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1162 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1164 if (conn->state == BT_CONFIG) {
1165 hci_proto_connect_cfm(conn, status);
1166 hci_conn_drop(conn);
1170 hci_dev_unlock(hdev);
1173 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1174 struct hci_conn *conn)
1176 if (conn->state != BT_CONFIG || !conn->out)
1179 if (conn->pending_sec_level == BT_SECURITY_SDP)
1182 /* Only request authentication for SSP connections or non-SSP
1183 * devices with sec_level HIGH or if MITM protection is requested */
1184 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1185 conn->pending_sec_level != BT_SECURITY_HIGH)
1191 static int hci_resolve_name(struct hci_dev *hdev,
1192 struct inquiry_entry *e)
1194 struct hci_cp_remote_name_req cp;
1196 memset(&cp, 0, sizeof(cp));
1198 bacpy(&cp.bdaddr, &e->data.bdaddr);
1199 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1200 cp.pscan_mode = e->data.pscan_mode;
1201 cp.clock_offset = e->data.clock_offset;
1203 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1206 static bool hci_resolve_next_name(struct hci_dev *hdev)
1208 struct discovery_state *discov = &hdev->discovery;
1209 struct inquiry_entry *e;
1211 if (list_empty(&discov->resolve))
1214 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1218 if (hci_resolve_name(hdev, e) == 0) {
1219 e->name_state = NAME_PENDING;
1226 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1227 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1229 struct discovery_state *discov = &hdev->discovery;
1230 struct inquiry_entry *e;
1232 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1233 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1234 name_len, conn->dev_class);
1236 if (discov->state == DISCOVERY_STOPPED)
1239 if (discov->state == DISCOVERY_STOPPING)
1240 goto discov_complete;
1242 if (discov->state != DISCOVERY_RESOLVING)
1245 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1246 /* If the device was not found in a list of found devices names of which
1247 * are pending. there is no need to continue resolving a next name as it
1248 * will be done upon receiving another Remote Name Request Complete
1255 e->name_state = NAME_KNOWN;
1256 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1257 e->data.rssi, name, name_len);
1259 e->name_state = NAME_NOT_KNOWN;
1262 if (hci_resolve_next_name(hdev))
1266 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1269 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1271 struct hci_cp_remote_name_req *cp;
1272 struct hci_conn *conn;
1274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1276 /* If successful wait for the name req complete event before
1277 * checking for the need to do authentication */
1281 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1289 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1290 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1295 if (!hci_outgoing_auth_needed(hdev, conn))
1298 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1299 struct hci_cp_auth_requested cp;
1300 cp.handle = __cpu_to_le16(conn->handle);
1301 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1305 hci_dev_unlock(hdev);
1308 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1310 struct hci_cp_read_remote_features *cp;
1311 struct hci_conn *conn;
1313 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1318 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1326 if (conn->state == BT_CONFIG) {
1327 hci_proto_connect_cfm(conn, status);
1328 hci_conn_drop(conn);
1332 hci_dev_unlock(hdev);
1335 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1337 struct hci_cp_read_remote_ext_features *cp;
1338 struct hci_conn *conn;
1340 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1345 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1351 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1353 if (conn->state == BT_CONFIG) {
1354 hci_proto_connect_cfm(conn, status);
1355 hci_conn_drop(conn);
1359 hci_dev_unlock(hdev);
1362 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1364 struct hci_cp_setup_sync_conn *cp;
1365 struct hci_conn *acl, *sco;
1368 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1373 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1377 handle = __le16_to_cpu(cp->handle);
1379 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1383 acl = hci_conn_hash_lookup_handle(hdev, handle);
1387 sco->state = BT_CLOSED;
1389 hci_proto_connect_cfm(sco, status);
1394 hci_dev_unlock(hdev);
1397 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1399 struct hci_cp_sniff_mode *cp;
1400 struct hci_conn *conn;
1402 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1407 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1413 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1415 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1417 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1418 hci_sco_setup(conn, status);
1421 hci_dev_unlock(hdev);
1424 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1426 struct hci_cp_exit_sniff_mode *cp;
1427 struct hci_conn *conn;
1429 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1434 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1440 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1442 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1444 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1445 hci_sco_setup(conn, status);
1448 hci_dev_unlock(hdev);
1451 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1453 struct hci_cp_disconnect *cp;
1454 struct hci_conn *conn;
1459 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1465 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1467 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1468 conn->dst_type, status);
1470 hci_dev_unlock(hdev);
1473 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1475 struct hci_conn *conn;
1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1482 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1484 hci_dev_unlock(hdev);
1488 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1490 conn->state = BT_CLOSED;
1491 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1492 conn->dst_type, status);
1493 hci_proto_connect_cfm(conn, status);
1496 hci_dev_unlock(hdev);
1500 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1502 struct hci_cp_create_phy_link *cp;
1504 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1506 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1513 struct hci_conn *hcon;
1515 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1519 amp_write_remote_assoc(hdev, cp->phy_handle);
1522 hci_dev_unlock(hdev);
1525 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1527 struct hci_cp_accept_phy_link *cp;
1529 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1534 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1538 amp_write_remote_assoc(hdev, cp->phy_handle);
1541 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1543 __u8 status = *((__u8 *) skb->data);
1544 struct discovery_state *discov = &hdev->discovery;
1545 struct inquiry_entry *e;
1547 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1549 hci_conn_check_pending(hdev);
1551 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1554 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1555 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1557 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1562 if (discov->state != DISCOVERY_FINDING)
1565 if (list_empty(&discov->resolve)) {
1566 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1570 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1571 if (e && hci_resolve_name(hdev, e) == 0) {
1572 e->name_state = NAME_PENDING;
1573 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1575 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1579 hci_dev_unlock(hdev);
1582 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1584 struct inquiry_data data;
1585 struct inquiry_info *info = (void *) (skb->data + 1);
1586 int num_rsp = *((__u8 *) skb->data);
1588 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1593 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1598 for (; num_rsp; num_rsp--, info++) {
1599 bool name_known, ssp;
1601 bacpy(&data.bdaddr, &info->bdaddr);
1602 data.pscan_rep_mode = info->pscan_rep_mode;
1603 data.pscan_period_mode = info->pscan_period_mode;
1604 data.pscan_mode = info->pscan_mode;
1605 memcpy(data.dev_class, info->dev_class, 3);
1606 data.clock_offset = info->clock_offset;
1608 data.ssp_mode = 0x00;
1610 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1611 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1612 info->dev_class, 0, !name_known, ssp, NULL,
1616 hci_dev_unlock(hdev);
1619 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1621 struct hci_ev_conn_complete *ev = (void *) skb->data;
1622 struct hci_conn *conn;
1624 BT_DBG("%s", hdev->name);
1628 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1630 if (ev->link_type != SCO_LINK)
1633 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1637 conn->type = SCO_LINK;
1641 conn->handle = __le16_to_cpu(ev->handle);
1643 if (conn->type == ACL_LINK) {
1644 conn->state = BT_CONFIG;
1645 hci_conn_hold(conn);
1647 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1648 !hci_find_link_key(hdev, &ev->bdaddr))
1649 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1651 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1653 conn->state = BT_CONNECTED;
1655 hci_conn_add_sysfs(conn);
1657 if (test_bit(HCI_AUTH, &hdev->flags))
1658 conn->link_mode |= HCI_LM_AUTH;
1660 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1661 conn->link_mode |= HCI_LM_ENCRYPT;
1663 /* Get remote features */
1664 if (conn->type == ACL_LINK) {
1665 struct hci_cp_read_remote_features cp;
1666 cp.handle = ev->handle;
1667 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1671 /* Set packet type for incoming connection */
1672 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1673 struct hci_cp_change_conn_ptype cp;
1674 cp.handle = ev->handle;
1675 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1676 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1680 conn->state = BT_CLOSED;
1681 if (conn->type == ACL_LINK)
1682 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1683 conn->dst_type, ev->status);
1686 if (conn->type == ACL_LINK)
1687 hci_sco_setup(conn, ev->status);
1690 hci_proto_connect_cfm(conn, ev->status);
1692 } else if (ev->link_type != ACL_LINK)
1693 hci_proto_connect_cfm(conn, ev->status);
1696 hci_dev_unlock(hdev);
1698 hci_conn_check_pending(hdev);
1701 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1703 struct hci_ev_conn_request *ev = (void *) skb->data;
1704 int mask = hdev->link_mode;
1707 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1710 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1713 if ((mask & HCI_LM_ACCEPT) &&
1714 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1715 /* Connection accepted */
1716 struct inquiry_entry *ie;
1717 struct hci_conn *conn;
1721 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1723 memcpy(ie->data.dev_class, ev->dev_class, 3);
1725 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1728 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1730 BT_ERR("No memory for new connection");
1731 hci_dev_unlock(hdev);
1736 memcpy(conn->dev_class, ev->dev_class, 3);
1738 hci_dev_unlock(hdev);
1740 if (ev->link_type == ACL_LINK ||
1741 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1742 struct hci_cp_accept_conn_req cp;
1743 conn->state = BT_CONNECT;
1745 bacpy(&cp.bdaddr, &ev->bdaddr);
1747 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1748 cp.role = 0x00; /* Become master */
1750 cp.role = 0x01; /* Remain slave */
1752 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1754 } else if (!(flags & HCI_PROTO_DEFER)) {
1755 struct hci_cp_accept_sync_conn_req cp;
1756 conn->state = BT_CONNECT;
1758 bacpy(&cp.bdaddr, &ev->bdaddr);
1759 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1761 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1762 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1763 cp.max_latency = __constant_cpu_to_le16(0xffff);
1764 cp.content_format = cpu_to_le16(hdev->voice_setting);
1765 cp.retrans_effort = 0xff;
1767 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1770 conn->state = BT_CONNECT2;
1771 hci_proto_connect_cfm(conn, 0);
1774 /* Connection rejected */
1775 struct hci_cp_reject_conn_req cp;
1777 bacpy(&cp.bdaddr, &ev->bdaddr);
1778 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1779 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1783 static u8 hci_to_mgmt_reason(u8 err)
1786 case HCI_ERROR_CONNECTION_TIMEOUT:
1787 return MGMT_DEV_DISCONN_TIMEOUT;
1788 case HCI_ERROR_REMOTE_USER_TERM:
1789 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1790 case HCI_ERROR_REMOTE_POWER_OFF:
1791 return MGMT_DEV_DISCONN_REMOTE;
1792 case HCI_ERROR_LOCAL_HOST_TERM:
1793 return MGMT_DEV_DISCONN_LOCAL_HOST;
1795 return MGMT_DEV_DISCONN_UNKNOWN;
1799 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1801 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1802 struct hci_conn *conn;
1804 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1808 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1812 if (ev->status == 0)
1813 conn->state = BT_CLOSED;
1815 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1816 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1818 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1819 conn->dst_type, ev->status);
1821 u8 reason = hci_to_mgmt_reason(ev->reason);
1823 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1824 conn->dst_type, reason);
1828 if (ev->status == 0) {
1829 if (conn->type == ACL_LINK && conn->flush_key)
1830 hci_remove_link_key(hdev, &conn->dst);
1831 hci_proto_disconn_cfm(conn, ev->reason);
1836 hci_dev_unlock(hdev);
1839 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1841 struct hci_ev_auth_complete *ev = (void *) skb->data;
1842 struct hci_conn *conn;
1844 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1848 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1853 if (!hci_conn_ssp_enabled(conn) &&
1854 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1855 BT_INFO("re-auth of legacy device is not possible.");
1857 conn->link_mode |= HCI_LM_AUTH;
1858 conn->sec_level = conn->pending_sec_level;
1861 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1865 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1866 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1868 if (conn->state == BT_CONFIG) {
1869 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1870 struct hci_cp_set_conn_encrypt cp;
1871 cp.handle = ev->handle;
1873 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1876 conn->state = BT_CONNECTED;
1877 hci_proto_connect_cfm(conn, ev->status);
1878 hci_conn_drop(conn);
1881 hci_auth_cfm(conn, ev->status);
1883 hci_conn_hold(conn);
1884 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1885 hci_conn_drop(conn);
1888 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1890 struct hci_cp_set_conn_encrypt cp;
1891 cp.handle = ev->handle;
1893 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1896 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1897 hci_encrypt_cfm(conn, ev->status, 0x00);
1902 hci_dev_unlock(hdev);
1905 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1907 struct hci_ev_remote_name *ev = (void *) skb->data;
1908 struct hci_conn *conn;
1910 BT_DBG("%s", hdev->name);
1912 hci_conn_check_pending(hdev);
1916 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1918 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1921 if (ev->status == 0)
1922 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1923 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1925 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1931 if (!hci_outgoing_auth_needed(hdev, conn))
1934 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1935 struct hci_cp_auth_requested cp;
1936 cp.handle = __cpu_to_le16(conn->handle);
1937 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1941 hci_dev_unlock(hdev);
1944 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1946 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1947 struct hci_conn *conn;
1949 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1953 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1957 /* Encryption implies authentication */
1958 conn->link_mode |= HCI_LM_AUTH;
1959 conn->link_mode |= HCI_LM_ENCRYPT;
1960 conn->sec_level = conn->pending_sec_level;
1962 conn->link_mode &= ~HCI_LM_ENCRYPT;
1965 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1967 if (ev->status && conn->state == BT_CONNECTED) {
1968 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1969 hci_conn_drop(conn);
1973 if (conn->state == BT_CONFIG) {
1975 conn->state = BT_CONNECTED;
1977 hci_proto_connect_cfm(conn, ev->status);
1978 hci_conn_drop(conn);
1980 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1984 hci_dev_unlock(hdev);
1987 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1988 struct sk_buff *skb)
1990 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1991 struct hci_conn *conn;
1993 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1997 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2000 conn->link_mode |= HCI_LM_SECURE;
2002 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2004 hci_key_change_cfm(conn, ev->status);
2007 hci_dev_unlock(hdev);
2010 static void hci_remote_features_evt(struct hci_dev *hdev,
2011 struct sk_buff *skb)
2013 struct hci_ev_remote_features *ev = (void *) skb->data;
2014 struct hci_conn *conn;
2016 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2020 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2025 memcpy(conn->features[0], ev->features, 8);
2027 if (conn->state != BT_CONFIG)
2030 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2031 struct hci_cp_read_remote_ext_features cp;
2032 cp.handle = ev->handle;
2034 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2039 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2040 struct hci_cp_remote_name_req cp;
2041 memset(&cp, 0, sizeof(cp));
2042 bacpy(&cp.bdaddr, &conn->dst);
2043 cp.pscan_rep_mode = 0x02;
2044 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2045 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2046 mgmt_device_connected(hdev, &conn->dst, conn->type,
2047 conn->dst_type, 0, NULL, 0,
2050 if (!hci_outgoing_auth_needed(hdev, conn)) {
2051 conn->state = BT_CONNECTED;
2052 hci_proto_connect_cfm(conn, ev->status);
2053 hci_conn_drop(conn);
2057 hci_dev_unlock(hdev);
2060 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2062 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2063 u8 status = skb->data[sizeof(*ev)];
2066 skb_pull(skb, sizeof(*ev));
2068 opcode = __le16_to_cpu(ev->opcode);
2071 case HCI_OP_INQUIRY_CANCEL:
2072 hci_cc_inquiry_cancel(hdev, skb);
2075 case HCI_OP_PERIODIC_INQ:
2076 hci_cc_periodic_inq(hdev, skb);
2079 case HCI_OP_EXIT_PERIODIC_INQ:
2080 hci_cc_exit_periodic_inq(hdev, skb);
2083 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2084 hci_cc_remote_name_req_cancel(hdev, skb);
2087 case HCI_OP_ROLE_DISCOVERY:
2088 hci_cc_role_discovery(hdev, skb);
2091 case HCI_OP_READ_LINK_POLICY:
2092 hci_cc_read_link_policy(hdev, skb);
2095 case HCI_OP_WRITE_LINK_POLICY:
2096 hci_cc_write_link_policy(hdev, skb);
2099 case HCI_OP_READ_DEF_LINK_POLICY:
2100 hci_cc_read_def_link_policy(hdev, skb);
2103 case HCI_OP_WRITE_DEF_LINK_POLICY:
2104 hci_cc_write_def_link_policy(hdev, skb);
2108 hci_cc_reset(hdev, skb);
2111 case HCI_OP_WRITE_LOCAL_NAME:
2112 hci_cc_write_local_name(hdev, skb);
2115 case HCI_OP_READ_LOCAL_NAME:
2116 hci_cc_read_local_name(hdev, skb);
2119 case HCI_OP_WRITE_AUTH_ENABLE:
2120 hci_cc_write_auth_enable(hdev, skb);
2123 case HCI_OP_WRITE_ENCRYPT_MODE:
2124 hci_cc_write_encrypt_mode(hdev, skb);
2127 case HCI_OP_WRITE_SCAN_ENABLE:
2128 hci_cc_write_scan_enable(hdev, skb);
2131 case HCI_OP_READ_CLASS_OF_DEV:
2132 hci_cc_read_class_of_dev(hdev, skb);
2135 case HCI_OP_WRITE_CLASS_OF_DEV:
2136 hci_cc_write_class_of_dev(hdev, skb);
2139 case HCI_OP_READ_VOICE_SETTING:
2140 hci_cc_read_voice_setting(hdev, skb);
2143 case HCI_OP_WRITE_VOICE_SETTING:
2144 hci_cc_write_voice_setting(hdev, skb);
2147 case HCI_OP_WRITE_SSP_MODE:
2148 hci_cc_write_ssp_mode(hdev, skb);
2151 case HCI_OP_READ_LOCAL_VERSION:
2152 hci_cc_read_local_version(hdev, skb);
2155 case HCI_OP_READ_LOCAL_COMMANDS:
2156 hci_cc_read_local_commands(hdev, skb);
2159 case HCI_OP_READ_LOCAL_FEATURES:
2160 hci_cc_read_local_features(hdev, skb);
2163 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2164 hci_cc_read_local_ext_features(hdev, skb);
2167 case HCI_OP_READ_BUFFER_SIZE:
2168 hci_cc_read_buffer_size(hdev, skb);
2171 case HCI_OP_READ_BD_ADDR:
2172 hci_cc_read_bd_addr(hdev, skb);
2175 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2176 hci_cc_read_page_scan_activity(hdev, skb);
2179 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2180 hci_cc_write_page_scan_activity(hdev, skb);
2183 case HCI_OP_READ_PAGE_SCAN_TYPE:
2184 hci_cc_read_page_scan_type(hdev, skb);
2187 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2188 hci_cc_write_page_scan_type(hdev, skb);
2191 case HCI_OP_READ_DATA_BLOCK_SIZE:
2192 hci_cc_read_data_block_size(hdev, skb);
2195 case HCI_OP_READ_FLOW_CONTROL_MODE:
2196 hci_cc_read_flow_control_mode(hdev, skb);
2199 case HCI_OP_READ_LOCAL_AMP_INFO:
2200 hci_cc_read_local_amp_info(hdev, skb);
2203 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2204 hci_cc_read_local_amp_assoc(hdev, skb);
2207 case HCI_OP_READ_INQ_RSP_TX_POWER:
2208 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2211 case HCI_OP_PIN_CODE_REPLY:
2212 hci_cc_pin_code_reply(hdev, skb);
2215 case HCI_OP_PIN_CODE_NEG_REPLY:
2216 hci_cc_pin_code_neg_reply(hdev, skb);
2219 case HCI_OP_READ_LOCAL_OOB_DATA:
2220 hci_cc_read_local_oob_data_reply(hdev, skb);
2223 case HCI_OP_LE_READ_BUFFER_SIZE:
2224 hci_cc_le_read_buffer_size(hdev, skb);
2227 case HCI_OP_LE_READ_LOCAL_FEATURES:
2228 hci_cc_le_read_local_features(hdev, skb);
2231 case HCI_OP_LE_READ_ADV_TX_POWER:
2232 hci_cc_le_read_adv_tx_power(hdev, skb);
2235 case HCI_OP_USER_CONFIRM_REPLY:
2236 hci_cc_user_confirm_reply(hdev, skb);
2239 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2240 hci_cc_user_confirm_neg_reply(hdev, skb);
2243 case HCI_OP_USER_PASSKEY_REPLY:
2244 hci_cc_user_passkey_reply(hdev, skb);
2247 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2248 hci_cc_user_passkey_neg_reply(hdev, skb);
2251 case HCI_OP_LE_SET_ADV_ENABLE:
2252 hci_cc_le_set_adv_enable(hdev, skb);
2255 case HCI_OP_LE_SET_SCAN_ENABLE:
2256 hci_cc_le_set_scan_enable(hdev, skb);
2259 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2260 hci_cc_le_read_white_list_size(hdev, skb);
2263 case HCI_OP_LE_READ_SUPPORTED_STATES:
2264 hci_cc_le_read_supported_states(hdev, skb);
2267 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2268 hci_cc_write_le_host_supported(hdev, skb);
2271 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2272 hci_cc_write_remote_amp_assoc(hdev, skb);
2276 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2280 if (opcode != HCI_OP_NOP)
2281 del_timer(&hdev->cmd_timer);
2283 hci_req_cmd_complete(hdev, opcode, status);
2285 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2286 atomic_set(&hdev->cmd_cnt, 1);
2287 if (!skb_queue_empty(&hdev->cmd_q))
2288 queue_work(hdev->workqueue, &hdev->cmd_work);
2292 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2294 struct hci_ev_cmd_status *ev = (void *) skb->data;
2297 skb_pull(skb, sizeof(*ev));
2299 opcode = __le16_to_cpu(ev->opcode);
2302 case HCI_OP_INQUIRY:
2303 hci_cs_inquiry(hdev, ev->status);
2306 case HCI_OP_CREATE_CONN:
2307 hci_cs_create_conn(hdev, ev->status);
2310 case HCI_OP_ADD_SCO:
2311 hci_cs_add_sco(hdev, ev->status);
2314 case HCI_OP_AUTH_REQUESTED:
2315 hci_cs_auth_requested(hdev, ev->status);
2318 case HCI_OP_SET_CONN_ENCRYPT:
2319 hci_cs_set_conn_encrypt(hdev, ev->status);
2322 case HCI_OP_REMOTE_NAME_REQ:
2323 hci_cs_remote_name_req(hdev, ev->status);
2326 case HCI_OP_READ_REMOTE_FEATURES:
2327 hci_cs_read_remote_features(hdev, ev->status);
2330 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2331 hci_cs_read_remote_ext_features(hdev, ev->status);
2334 case HCI_OP_SETUP_SYNC_CONN:
2335 hci_cs_setup_sync_conn(hdev, ev->status);
2338 case HCI_OP_SNIFF_MODE:
2339 hci_cs_sniff_mode(hdev, ev->status);
2342 case HCI_OP_EXIT_SNIFF_MODE:
2343 hci_cs_exit_sniff_mode(hdev, ev->status);
2346 case HCI_OP_DISCONNECT:
2347 hci_cs_disconnect(hdev, ev->status);
2350 case HCI_OP_LE_CREATE_CONN:
2351 hci_cs_le_create_conn(hdev, ev->status);
2354 case HCI_OP_CREATE_PHY_LINK:
2355 hci_cs_create_phylink(hdev, ev->status);
2358 case HCI_OP_ACCEPT_PHY_LINK:
2359 hci_cs_accept_phylink(hdev, ev->status);
2363 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2367 if (opcode != HCI_OP_NOP)
2368 del_timer(&hdev->cmd_timer);
2371 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2372 hci_req_cmd_complete(hdev, opcode, ev->status);
2374 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2375 atomic_set(&hdev->cmd_cnt, 1);
2376 if (!skb_queue_empty(&hdev->cmd_q))
2377 queue_work(hdev->workqueue, &hdev->cmd_work);
2381 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2383 struct hci_ev_role_change *ev = (void *) skb->data;
2384 struct hci_conn *conn;
2386 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2390 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2394 conn->link_mode &= ~HCI_LM_MASTER;
2396 conn->link_mode |= HCI_LM_MASTER;
2399 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2401 hci_role_switch_cfm(conn, ev->status, ev->role);
2404 hci_dev_unlock(hdev);
2407 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2409 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2412 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2413 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2417 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2418 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2419 BT_DBG("%s bad parameters", hdev->name);
2423 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2425 for (i = 0; i < ev->num_hndl; i++) {
2426 struct hci_comp_pkts_info *info = &ev->handles[i];
2427 struct hci_conn *conn;
2428 __u16 handle, count;
2430 handle = __le16_to_cpu(info->handle);
2431 count = __le16_to_cpu(info->count);
2433 conn = hci_conn_hash_lookup_handle(hdev, handle);
2437 conn->sent -= count;
2439 switch (conn->type) {
2441 hdev->acl_cnt += count;
2442 if (hdev->acl_cnt > hdev->acl_pkts)
2443 hdev->acl_cnt = hdev->acl_pkts;
2447 if (hdev->le_pkts) {
2448 hdev->le_cnt += count;
2449 if (hdev->le_cnt > hdev->le_pkts)
2450 hdev->le_cnt = hdev->le_pkts;
2452 hdev->acl_cnt += count;
2453 if (hdev->acl_cnt > hdev->acl_pkts)
2454 hdev->acl_cnt = hdev->acl_pkts;
2459 hdev->sco_cnt += count;
2460 if (hdev->sco_cnt > hdev->sco_pkts)
2461 hdev->sco_cnt = hdev->sco_pkts;
2465 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2470 queue_work(hdev->workqueue, &hdev->tx_work);
2473 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2476 struct hci_chan *chan;
2478 switch (hdev->dev_type) {
2480 return hci_conn_hash_lookup_handle(hdev, handle);
2482 chan = hci_chan_lookup_handle(hdev, handle);
2487 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2494 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2496 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2499 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2500 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2504 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2505 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2506 BT_DBG("%s bad parameters", hdev->name);
2510 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2513 for (i = 0; i < ev->num_hndl; i++) {
2514 struct hci_comp_blocks_info *info = &ev->handles[i];
2515 struct hci_conn *conn = NULL;
2516 __u16 handle, block_count;
2518 handle = __le16_to_cpu(info->handle);
2519 block_count = __le16_to_cpu(info->blocks);
2521 conn = __hci_conn_lookup_handle(hdev, handle);
2525 conn->sent -= block_count;
2527 switch (conn->type) {
2530 hdev->block_cnt += block_count;
2531 if (hdev->block_cnt > hdev->num_blocks)
2532 hdev->block_cnt = hdev->num_blocks;
2536 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2541 queue_work(hdev->workqueue, &hdev->tx_work);
2544 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2546 struct hci_ev_mode_change *ev = (void *) skb->data;
2547 struct hci_conn *conn;
2549 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2553 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2555 conn->mode = ev->mode;
2556 conn->interval = __le16_to_cpu(ev->interval);
2558 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2560 if (conn->mode == HCI_CM_ACTIVE)
2561 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2563 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2566 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2567 hci_sco_setup(conn, ev->status);
2570 hci_dev_unlock(hdev);
2573 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2575 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2576 struct hci_conn *conn;
2578 BT_DBG("%s", hdev->name);
2582 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2586 if (conn->state == BT_CONNECTED) {
2587 hci_conn_hold(conn);
2588 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2589 hci_conn_drop(conn);
2592 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2593 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2594 sizeof(ev->bdaddr), &ev->bdaddr);
2595 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2598 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2603 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2607 hci_dev_unlock(hdev);
2610 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2612 struct hci_ev_link_key_req *ev = (void *) skb->data;
2613 struct hci_cp_link_key_reply cp;
2614 struct hci_conn *conn;
2615 struct link_key *key;
2617 BT_DBG("%s", hdev->name);
2619 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2624 key = hci_find_link_key(hdev, &ev->bdaddr);
2626 BT_DBG("%s link key not found for %pMR", hdev->name,
2631 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2634 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2635 key->type == HCI_LK_DEBUG_COMBINATION) {
2636 BT_DBG("%s ignoring debug key", hdev->name);
2640 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2642 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2643 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2644 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2648 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2649 conn->pending_sec_level == BT_SECURITY_HIGH) {
2650 BT_DBG("%s ignoring key unauthenticated for high security",
2655 conn->key_type = key->type;
2656 conn->pin_length = key->pin_len;
2659 bacpy(&cp.bdaddr, &ev->bdaddr);
2660 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2662 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2664 hci_dev_unlock(hdev);
2669 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2670 hci_dev_unlock(hdev);
2673 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2675 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2676 struct hci_conn *conn;
2679 BT_DBG("%s", hdev->name);
2683 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2685 hci_conn_hold(conn);
2686 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2687 pin_len = conn->pin_length;
2689 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2690 conn->key_type = ev->key_type;
2692 hci_conn_drop(conn);
2695 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2696 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2697 ev->key_type, pin_len);
2699 hci_dev_unlock(hdev);
2702 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2704 struct hci_ev_clock_offset *ev = (void *) skb->data;
2705 struct hci_conn *conn;
2707 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2711 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2712 if (conn && !ev->status) {
2713 struct inquiry_entry *ie;
2715 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2717 ie->data.clock_offset = ev->clock_offset;
2718 ie->timestamp = jiffies;
2722 hci_dev_unlock(hdev);
2725 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2727 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2728 struct hci_conn *conn;
2730 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2734 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2735 if (conn && !ev->status)
2736 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2738 hci_dev_unlock(hdev);
2741 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2743 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2744 struct inquiry_entry *ie;
2746 BT_DBG("%s", hdev->name);
2750 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2752 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2753 ie->timestamp = jiffies;
2756 hci_dev_unlock(hdev);
2759 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2760 struct sk_buff *skb)
2762 struct inquiry_data data;
2763 int num_rsp = *((__u8 *) skb->data);
2764 bool name_known, ssp;
2766 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2771 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2776 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2777 struct inquiry_info_with_rssi_and_pscan_mode *info;
2778 info = (void *) (skb->data + 1);
2780 for (; num_rsp; num_rsp--, info++) {
2781 bacpy(&data.bdaddr, &info->bdaddr);
2782 data.pscan_rep_mode = info->pscan_rep_mode;
2783 data.pscan_period_mode = info->pscan_period_mode;
2784 data.pscan_mode = info->pscan_mode;
2785 memcpy(data.dev_class, info->dev_class, 3);
2786 data.clock_offset = info->clock_offset;
2787 data.rssi = info->rssi;
2788 data.ssp_mode = 0x00;
2790 name_known = hci_inquiry_cache_update(hdev, &data,
2792 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2793 info->dev_class, info->rssi,
2794 !name_known, ssp, NULL, 0);
2797 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2799 for (; num_rsp; num_rsp--, info++) {
2800 bacpy(&data.bdaddr, &info->bdaddr);
2801 data.pscan_rep_mode = info->pscan_rep_mode;
2802 data.pscan_period_mode = info->pscan_period_mode;
2803 data.pscan_mode = 0x00;
2804 memcpy(data.dev_class, info->dev_class, 3);
2805 data.clock_offset = info->clock_offset;
2806 data.rssi = info->rssi;
2807 data.ssp_mode = 0x00;
2808 name_known = hci_inquiry_cache_update(hdev, &data,
2810 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2811 info->dev_class, info->rssi,
2812 !name_known, ssp, NULL, 0);
2816 hci_dev_unlock(hdev);
2819 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2820 struct sk_buff *skb)
2822 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2823 struct hci_conn *conn;
2825 BT_DBG("%s", hdev->name);
2829 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2833 if (ev->page < HCI_MAX_PAGES)
2834 memcpy(conn->features[ev->page], ev->features, 8);
2836 if (!ev->status && ev->page == 0x01) {
2837 struct inquiry_entry *ie;
2839 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2841 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2843 if (ev->features[0] & LMP_HOST_SSP) {
2844 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2846 /* It is mandatory by the Bluetooth specification that
2847 * Extended Inquiry Results are only used when Secure
2848 * Simple Pairing is enabled, but some devices violate
2851 * To make these devices work, the internal SSP
2852 * enabled flag needs to be cleared if the remote host
2853 * features do not indicate SSP support */
2854 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2858 if (conn->state != BT_CONFIG)
2861 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2862 struct hci_cp_remote_name_req cp;
2863 memset(&cp, 0, sizeof(cp));
2864 bacpy(&cp.bdaddr, &conn->dst);
2865 cp.pscan_rep_mode = 0x02;
2866 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2867 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2868 mgmt_device_connected(hdev, &conn->dst, conn->type,
2869 conn->dst_type, 0, NULL, 0,
2872 if (!hci_outgoing_auth_needed(hdev, conn)) {
2873 conn->state = BT_CONNECTED;
2874 hci_proto_connect_cfm(conn, ev->status);
2875 hci_conn_drop(conn);
2879 hci_dev_unlock(hdev);
2882 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2883 struct sk_buff *skb)
2885 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2886 struct hci_conn *conn;
2888 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2892 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2894 if (ev->link_type == ESCO_LINK)
2897 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2901 conn->type = SCO_LINK;
2904 switch (ev->status) {
2906 conn->handle = __le16_to_cpu(ev->handle);
2907 conn->state = BT_CONNECTED;
2909 hci_conn_add_sysfs(conn);
2912 case 0x0d: /* Connection Rejected due to Limited Resources */
2913 case 0x11: /* Unsupported Feature or Parameter Value */
2914 case 0x1c: /* SCO interval rejected */
2915 case 0x1a: /* Unsupported Remote Feature */
2916 case 0x1f: /* Unspecified error */
2918 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2919 (hdev->esco_type & EDR_ESCO_MASK);
2920 if (hci_setup_sync(conn, conn->link->handle))
2926 conn->state = BT_CLOSED;
2930 hci_proto_connect_cfm(conn, ev->status);
2935 hci_dev_unlock(hdev);
2938 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2939 struct sk_buff *skb)
2941 struct inquiry_data data;
2942 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2943 int num_rsp = *((__u8 *) skb->data);
2946 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2951 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2956 for (; num_rsp; num_rsp--, info++) {
2957 bool name_known, ssp;
2959 bacpy(&data.bdaddr, &info->bdaddr);
2960 data.pscan_rep_mode = info->pscan_rep_mode;
2961 data.pscan_period_mode = info->pscan_period_mode;
2962 data.pscan_mode = 0x00;
2963 memcpy(data.dev_class, info->dev_class, 3);
2964 data.clock_offset = info->clock_offset;
2965 data.rssi = info->rssi;
2966 data.ssp_mode = 0x01;
2968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2969 name_known = eir_has_data_type(info->data,
2975 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2977 eir_len = eir_get_length(info->data, sizeof(info->data));
2978 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2979 info->dev_class, info->rssi, !name_known,
2980 ssp, info->data, eir_len);
2983 hci_dev_unlock(hdev);
2986 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2987 struct sk_buff *skb)
2989 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2990 struct hci_conn *conn;
2992 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2993 __le16_to_cpu(ev->handle));
2997 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3002 conn->sec_level = conn->pending_sec_level;
3004 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3006 if (ev->status && conn->state == BT_CONNECTED) {
3007 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3008 hci_conn_drop(conn);
3012 if (conn->state == BT_CONFIG) {
3014 conn->state = BT_CONNECTED;
3016 hci_proto_connect_cfm(conn, ev->status);
3017 hci_conn_drop(conn);
3019 hci_auth_cfm(conn, ev->status);
3021 hci_conn_hold(conn);
3022 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3023 hci_conn_drop(conn);
3027 hci_dev_unlock(hdev);
3030 static u8 hci_get_auth_req(struct hci_conn *conn)
3032 /* If remote requests dedicated bonding follow that lead */
3033 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3034 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3035 /* If both remote and local IO capabilities allow MITM
3036 * protection then require it, otherwise don't */
3037 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3038 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3039 return HCI_AT_DEDICATED_BONDING;
3041 return HCI_AT_DEDICATED_BONDING_MITM;
3044 /* If remote requests no-bonding follow that lead */
3045 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3046 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3047 return conn->remote_auth | (conn->auth_type & 0x01);
3049 return conn->auth_type;
3052 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3054 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3055 struct hci_conn *conn;
3057 BT_DBG("%s", hdev->name);
3061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3065 hci_conn_hold(conn);
3067 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3070 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3071 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3072 struct hci_cp_io_capability_reply cp;
3074 bacpy(&cp.bdaddr, &ev->bdaddr);
3075 /* Change the IO capability from KeyboardDisplay
3076 * to DisplayYesNo as it is not supported by BT spec. */
3077 cp.capability = (conn->io_capability == 0x04) ?
3078 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3079 conn->auth_type = hci_get_auth_req(conn);
3080 cp.authentication = conn->auth_type;
3082 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3083 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3088 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3091 struct hci_cp_io_capability_neg_reply cp;
3093 bacpy(&cp.bdaddr, &ev->bdaddr);
3094 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3096 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3101 hci_dev_unlock(hdev);
3104 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3106 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3107 struct hci_conn *conn;
3109 BT_DBG("%s", hdev->name);
3113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3117 conn->remote_cap = ev->capability;
3118 conn->remote_auth = ev->authentication;
3120 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3123 hci_dev_unlock(hdev);
3126 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3127 struct sk_buff *skb)
3129 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3130 int loc_mitm, rem_mitm, confirm_hint = 0;
3131 struct hci_conn *conn;
3133 BT_DBG("%s", hdev->name);
3137 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3144 loc_mitm = (conn->auth_type & 0x01);
3145 rem_mitm = (conn->remote_auth & 0x01);
3147 /* If we require MITM but the remote device can't provide that
3148 * (it has NoInputNoOutput) then reject the confirmation
3149 * request. The only exception is when we're dedicated bonding
3150 * initiators (connect_cfm_cb set) since then we always have the MITM
3152 if (!conn->connect_cfm_cb && loc_mitm &&
3153 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3154 BT_DBG("Rejecting request: remote device can't provide MITM");
3155 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3156 sizeof(ev->bdaddr), &ev->bdaddr);
3160 /* If no side requires MITM protection; auto-accept */
3161 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3162 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3164 /* If we're not the initiators request authorization to
3165 * proceed from user space (mgmt_user_confirm with
3166 * confirm_hint set to 1). */
3167 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3168 BT_DBG("Confirming auto-accept as acceptor");
3173 BT_DBG("Auto-accept of user confirmation with %ums delay",
3174 hdev->auto_accept_delay);
3176 if (hdev->auto_accept_delay > 0) {
3177 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3178 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3182 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3183 sizeof(ev->bdaddr), &ev->bdaddr);
3188 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3192 hci_dev_unlock(hdev);
3195 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3196 struct sk_buff *skb)
3198 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3200 BT_DBG("%s", hdev->name);
3202 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3203 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3206 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3207 struct sk_buff *skb)
3209 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3210 struct hci_conn *conn;
3212 BT_DBG("%s", hdev->name);
3214 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3218 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3219 conn->passkey_entered = 0;
3221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3222 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3223 conn->dst_type, conn->passkey_notify,
3224 conn->passkey_entered);
3227 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3229 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3230 struct hci_conn *conn;
3232 BT_DBG("%s", hdev->name);
3234 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3239 case HCI_KEYPRESS_STARTED:
3240 conn->passkey_entered = 0;
3243 case HCI_KEYPRESS_ENTERED:
3244 conn->passkey_entered++;
3247 case HCI_KEYPRESS_ERASED:
3248 conn->passkey_entered--;
3251 case HCI_KEYPRESS_CLEARED:
3252 conn->passkey_entered = 0;
3255 case HCI_KEYPRESS_COMPLETED:
3259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3260 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3261 conn->dst_type, conn->passkey_notify,
3262 conn->passkey_entered);
3265 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3266 struct sk_buff *skb)
3268 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3269 struct hci_conn *conn;
3271 BT_DBG("%s", hdev->name);
3275 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3279 /* To avoid duplicate auth_failed events to user space we check
3280 * the HCI_CONN_AUTH_PEND flag which will be set if we
3281 * initiated the authentication. A traditional auth_complete
3282 * event gets always produced as initiator and is also mapped to
3283 * the mgmt_auth_failed event */
3284 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3285 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3288 hci_conn_drop(conn);
3291 hci_dev_unlock(hdev);
3294 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3295 struct sk_buff *skb)
3297 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3298 struct inquiry_entry *ie;
3299 struct hci_conn *conn;
3301 BT_DBG("%s", hdev->name);
3305 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3307 memcpy(conn->features[1], ev->features, 8);
3309 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3311 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3313 hci_dev_unlock(hdev);
3316 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3317 struct sk_buff *skb)
3319 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3320 struct oob_data *data;
3322 BT_DBG("%s", hdev->name);
3326 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3329 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3331 struct hci_cp_remote_oob_data_reply cp;
3333 bacpy(&cp.bdaddr, &ev->bdaddr);
3334 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3335 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3337 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3340 struct hci_cp_remote_oob_data_neg_reply cp;
3342 bacpy(&cp.bdaddr, &ev->bdaddr);
3343 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3348 hci_dev_unlock(hdev);
3351 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3352 struct sk_buff *skb)
3354 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3355 struct hci_conn *hcon, *bredr_hcon;
3357 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3362 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3364 hci_dev_unlock(hdev);
3370 hci_dev_unlock(hdev);
3374 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3376 hcon->state = BT_CONNECTED;
3377 bacpy(&hcon->dst, &bredr_hcon->dst);
3379 hci_conn_hold(hcon);
3380 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3381 hci_conn_drop(hcon);
3383 hci_conn_add_sysfs(hcon);
3385 amp_physical_cfm(bredr_hcon, hcon);
3387 hci_dev_unlock(hdev);
3390 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3392 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3393 struct hci_conn *hcon;
3394 struct hci_chan *hchan;
3395 struct amp_mgr *mgr;
3397 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3398 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3401 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3405 /* Create AMP hchan */
3406 hchan = hci_chan_create(hcon);
3410 hchan->handle = le16_to_cpu(ev->handle);
3412 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3414 mgr = hcon->amp_mgr;
3415 if (mgr && mgr->bredr_chan) {
3416 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3418 l2cap_chan_lock(bredr_chan);
3420 bredr_chan->conn->mtu = hdev->block_mtu;
3421 l2cap_logical_cfm(bredr_chan, hchan, 0);
3422 hci_conn_hold(hcon);
3424 l2cap_chan_unlock(bredr_chan);
3428 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3429 struct sk_buff *skb)
3431 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3432 struct hci_chan *hchan;
3434 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3435 le16_to_cpu(ev->handle), ev->status);
3442 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3446 amp_destroy_logical_link(hchan, ev->reason);
3449 hci_dev_unlock(hdev);
3452 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3453 struct sk_buff *skb)
3455 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3456 struct hci_conn *hcon;
3458 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3465 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3467 hcon->state = BT_CLOSED;
3471 hci_dev_unlock(hdev);
3474 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3476 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3477 struct hci_conn *conn;
3479 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3483 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3485 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3487 BT_ERR("No memory for new connection");
3491 conn->dst_type = ev->bdaddr_type;
3493 if (ev->role == LE_CONN_ROLE_MASTER) {
3495 conn->link_mode |= HCI_LM_MASTER;
3500 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3501 conn->dst_type, ev->status);
3502 hci_proto_connect_cfm(conn, ev->status);
3503 conn->state = BT_CLOSED;
3508 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3509 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3510 conn->dst_type, 0, NULL, 0, NULL);
3512 conn->sec_level = BT_SECURITY_LOW;
3513 conn->handle = __le16_to_cpu(ev->handle);
3514 conn->state = BT_CONNECTED;
3516 hci_conn_add_sysfs(conn);
3518 hci_proto_connect_cfm(conn, ev->status);
3521 hci_dev_unlock(hdev);
3524 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3526 u8 num_reports = skb->data[0];
3527 void *ptr = &skb->data[1];
3530 while (num_reports--) {
3531 struct hci_ev_le_advertising_info *ev = ptr;
3533 rssi = ev->data[ev->length];
3534 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3535 NULL, rssi, 0, 1, ev->data, ev->length);
3537 ptr += sizeof(*ev) + ev->length + 1;
3541 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3543 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3544 struct hci_cp_le_ltk_reply cp;
3545 struct hci_cp_le_ltk_neg_reply neg;
3546 struct hci_conn *conn;
3547 struct smp_ltk *ltk;
3549 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3553 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3557 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3561 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3562 cp.handle = cpu_to_le16(conn->handle);
3564 if (ltk->authenticated)
3565 conn->pending_sec_level = BT_SECURITY_HIGH;
3567 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3569 conn->enc_key_size = ltk->enc_size;
3571 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3573 if (ltk->type & HCI_SMP_STK) {
3574 list_del(<k->list);
3578 hci_dev_unlock(hdev);
3583 neg.handle = ev->handle;
3584 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3585 hci_dev_unlock(hdev);
3588 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3590 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3592 skb_pull(skb, sizeof(*le_ev));
3594 switch (le_ev->subevent) {
3595 case HCI_EV_LE_CONN_COMPLETE:
3596 hci_le_conn_complete_evt(hdev, skb);
3599 case HCI_EV_LE_ADVERTISING_REPORT:
3600 hci_le_adv_report_evt(hdev, skb);
3603 case HCI_EV_LE_LTK_REQ:
3604 hci_le_ltk_request_evt(hdev, skb);
3612 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3614 struct hci_ev_channel_selected *ev = (void *) skb->data;
3615 struct hci_conn *hcon;
3617 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3619 skb_pull(skb, sizeof(*ev));
3621 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3625 amp_read_loc_assoc_final_data(hdev, hcon);
3628 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3630 struct hci_event_hdr *hdr = (void *) skb->data;
3631 __u8 event = hdr->evt;
3635 /* Received events are (currently) only needed when a request is
3636 * ongoing so avoid unnecessary memory allocation.
3638 if (hdev->req_status == HCI_REQ_PEND) {
3639 kfree_skb(hdev->recv_evt);
3640 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3643 hci_dev_unlock(hdev);
3645 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3647 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3648 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3649 u16 opcode = __le16_to_cpu(hdr->opcode);
3651 hci_req_cmd_complete(hdev, opcode, 0);
3655 case HCI_EV_INQUIRY_COMPLETE:
3656 hci_inquiry_complete_evt(hdev, skb);
3659 case HCI_EV_INQUIRY_RESULT:
3660 hci_inquiry_result_evt(hdev, skb);
3663 case HCI_EV_CONN_COMPLETE:
3664 hci_conn_complete_evt(hdev, skb);
3667 case HCI_EV_CONN_REQUEST:
3668 hci_conn_request_evt(hdev, skb);
3671 case HCI_EV_DISCONN_COMPLETE:
3672 hci_disconn_complete_evt(hdev, skb);
3675 case HCI_EV_AUTH_COMPLETE:
3676 hci_auth_complete_evt(hdev, skb);
3679 case HCI_EV_REMOTE_NAME:
3680 hci_remote_name_evt(hdev, skb);
3683 case HCI_EV_ENCRYPT_CHANGE:
3684 hci_encrypt_change_evt(hdev, skb);
3687 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3688 hci_change_link_key_complete_evt(hdev, skb);
3691 case HCI_EV_REMOTE_FEATURES:
3692 hci_remote_features_evt(hdev, skb);
3695 case HCI_EV_CMD_COMPLETE:
3696 hci_cmd_complete_evt(hdev, skb);
3699 case HCI_EV_CMD_STATUS:
3700 hci_cmd_status_evt(hdev, skb);
3703 case HCI_EV_ROLE_CHANGE:
3704 hci_role_change_evt(hdev, skb);
3707 case HCI_EV_NUM_COMP_PKTS:
3708 hci_num_comp_pkts_evt(hdev, skb);
3711 case HCI_EV_MODE_CHANGE:
3712 hci_mode_change_evt(hdev, skb);
3715 case HCI_EV_PIN_CODE_REQ:
3716 hci_pin_code_request_evt(hdev, skb);
3719 case HCI_EV_LINK_KEY_REQ:
3720 hci_link_key_request_evt(hdev, skb);
3723 case HCI_EV_LINK_KEY_NOTIFY:
3724 hci_link_key_notify_evt(hdev, skb);
3727 case HCI_EV_CLOCK_OFFSET:
3728 hci_clock_offset_evt(hdev, skb);
3731 case HCI_EV_PKT_TYPE_CHANGE:
3732 hci_pkt_type_change_evt(hdev, skb);
3735 case HCI_EV_PSCAN_REP_MODE:
3736 hci_pscan_rep_mode_evt(hdev, skb);
3739 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3740 hci_inquiry_result_with_rssi_evt(hdev, skb);
3743 case HCI_EV_REMOTE_EXT_FEATURES:
3744 hci_remote_ext_features_evt(hdev, skb);
3747 case HCI_EV_SYNC_CONN_COMPLETE:
3748 hci_sync_conn_complete_evt(hdev, skb);
3751 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3752 hci_extended_inquiry_result_evt(hdev, skb);
3755 case HCI_EV_KEY_REFRESH_COMPLETE:
3756 hci_key_refresh_complete_evt(hdev, skb);
3759 case HCI_EV_IO_CAPA_REQUEST:
3760 hci_io_capa_request_evt(hdev, skb);
3763 case HCI_EV_IO_CAPA_REPLY:
3764 hci_io_capa_reply_evt(hdev, skb);
3767 case HCI_EV_USER_CONFIRM_REQUEST:
3768 hci_user_confirm_request_evt(hdev, skb);
3771 case HCI_EV_USER_PASSKEY_REQUEST:
3772 hci_user_passkey_request_evt(hdev, skb);
3775 case HCI_EV_USER_PASSKEY_NOTIFY:
3776 hci_user_passkey_notify_evt(hdev, skb);
3779 case HCI_EV_KEYPRESS_NOTIFY:
3780 hci_keypress_notify_evt(hdev, skb);
3783 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3784 hci_simple_pair_complete_evt(hdev, skb);
3787 case HCI_EV_REMOTE_HOST_FEATURES:
3788 hci_remote_host_features_evt(hdev, skb);
3791 case HCI_EV_LE_META:
3792 hci_le_meta_evt(hdev, skb);
3795 case HCI_EV_CHANNEL_SELECTED:
3796 hci_chan_selected_evt(hdev, skb);
3799 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3800 hci_remote_oob_data_request_evt(hdev, skb);
3803 case HCI_EV_PHY_LINK_COMPLETE:
3804 hci_phy_link_complete_evt(hdev, skb);
3807 case HCI_EV_LOGICAL_LINK_COMPLETE:
3808 hci_loglink_complete_evt(hdev, skb);
3811 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3812 hci_disconn_loglink_complete_evt(hdev, skb);
3815 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3816 hci_disconn_phylink_complete_evt(hdev, skb);
3819 case HCI_EV_NUM_COMP_BLOCKS:
3820 hci_num_comp_blocks_evt(hdev, skb);
3824 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3829 hdev->stat.evt_rx++;
projects / karo-tx-linux.git / blob