2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <linux/uaccess.h>
41 #include <asm/unaligned.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
46 /* Handle HCI Event packets */
48 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
50 __u8 status = *((__u8 *) skb->data);
52 BT_DBG("%s status 0x%x", hdev->name, status);
56 mgmt_stop_discovery_failed(hdev, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
69 hci_conn_check_pending(hdev);
72 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 __u8 status = *((__u8 *) skb->data);
76 BT_DBG("%s status 0x%x", hdev->name, status);
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86 __u8 status = *((__u8 *) skb->data);
88 BT_DBG("%s status 0x%x", hdev->name, status);
93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
95 hci_conn_check_pending(hdev);
98 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
100 BT_DBG("%s", hdev->name);
103 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
105 struct hci_rp_role_discovery *rp = (void *) skb->data;
106 struct hci_conn *conn;
108 BT_DBG("%s status 0x%x", hdev->name, rp->status);
115 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
118 conn->link_mode &= ~HCI_LM_MASTER;
120 conn->link_mode |= HCI_LM_MASTER;
123 hci_dev_unlock(hdev);
126 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128 struct hci_rp_read_link_policy *rp = (void *) skb->data;
129 struct hci_conn *conn;
131 BT_DBG("%s status 0x%x", hdev->name, rp->status);
138 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
140 conn->link_policy = __le16_to_cpu(rp->policy);
142 hci_dev_unlock(hdev);
145 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
147 struct hci_rp_write_link_policy *rp = (void *) skb->data;
148 struct hci_conn *conn;
151 BT_DBG("%s status 0x%x", hdev->name, rp->status);
156 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
162 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
164 conn->link_policy = get_unaligned_le16(sent + 2);
166 hci_dev_unlock(hdev);
169 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
171 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
173 BT_DBG("%s status 0x%x", hdev->name, rp->status);
178 hdev->link_policy = __le16_to_cpu(rp->policy);
181 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
186 BT_DBG("%s status 0x%x", hdev->name, status);
188 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
193 hdev->link_policy = get_unaligned_le16(sent);
195 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
198 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
200 __u8 status = *((__u8 *) skb->data);
202 BT_DBG("%s status 0x%x", hdev->name, status);
204 clear_bit(HCI_RESET, &hdev->flags);
206 hci_req_complete(hdev, HCI_OP_RESET, status);
208 /* Reset all non-persistent flags */
209 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
210 BIT(HCI_PERIODIC_INQ));
212 hdev->discovery.state = DISCOVERY_STOPPED;
215 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 __u8 status = *((__u8 *) skb->data);
220 BT_DBG("%s status 0x%x", hdev->name, status);
222 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
228 if (test_bit(HCI_MGMT, &hdev->dev_flags))
229 mgmt_set_local_name_complete(hdev, sent, status);
231 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
233 hci_dev_unlock(hdev);
235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
238 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
240 struct hci_rp_read_local_name *rp = (void *) skb->data;
242 BT_DBG("%s status 0x%x", hdev->name, rp->status);
247 if (test_bit(HCI_SETUP, &hdev->dev_flags))
248 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
251 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
253 __u8 status = *((__u8 *) skb->data);
256 BT_DBG("%s status 0x%x", hdev->name, status);
258 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
263 __u8 param = *((__u8 *) sent);
265 if (param == AUTH_ENABLED)
266 set_bit(HCI_AUTH, &hdev->flags);
268 clear_bit(HCI_AUTH, &hdev->flags);
271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272 mgmt_auth_enable_complete(hdev, status);
274 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
277 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
279 __u8 status = *((__u8 *) skb->data);
282 BT_DBG("%s status 0x%x", hdev->name, status);
284 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
289 __u8 param = *((__u8 *) sent);
292 set_bit(HCI_ENCRYPT, &hdev->flags);
294 clear_bit(HCI_ENCRYPT, &hdev->flags);
297 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
300 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
302 __u8 param, status = *((__u8 *) skb->data);
303 int old_pscan, old_iscan;
306 BT_DBG("%s status 0x%x", hdev->name, status);
308 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
312 param = *((__u8 *) sent);
317 mgmt_write_scan_failed(hdev, param, status);
318 hdev->discov_timeout = 0;
322 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
323 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
325 if (param & SCAN_INQUIRY) {
326 set_bit(HCI_ISCAN, &hdev->flags);
328 mgmt_discoverable(hdev, 1);
329 if (hdev->discov_timeout > 0) {
330 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
331 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
334 } else if (old_iscan)
335 mgmt_discoverable(hdev, 0);
337 if (param & SCAN_PAGE) {
338 set_bit(HCI_PSCAN, &hdev->flags);
340 mgmt_connectable(hdev, 1);
341 } else if (old_pscan)
342 mgmt_connectable(hdev, 0);
345 hci_dev_unlock(hdev);
346 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
349 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
353 BT_DBG("%s status 0x%x", hdev->name, rp->status);
358 memcpy(hdev->dev_class, rp->dev_class, 3);
360 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
361 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
364 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
366 __u8 status = *((__u8 *) skb->data);
369 BT_DBG("%s status 0x%x", hdev->name, status);
371 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
378 memcpy(hdev->dev_class, sent, 3);
380 if (test_bit(HCI_MGMT, &hdev->dev_flags))
381 mgmt_set_class_of_dev_complete(hdev, sent, status);
383 hci_dev_unlock(hdev);
386 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
388 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
391 BT_DBG("%s status 0x%x", hdev->name, rp->status);
396 setting = __le16_to_cpu(rp->voice_setting);
398 if (hdev->voice_setting == setting)
401 hdev->voice_setting = setting;
403 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
406 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
409 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
411 __u8 status = *((__u8 *) skb->data);
415 BT_DBG("%s status 0x%x", hdev->name, status);
420 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
424 setting = get_unaligned_le16(sent);
426 if (hdev->voice_setting == setting)
429 hdev->voice_setting = setting;
431 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
434 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
437 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
439 __u8 status = *((__u8 *) skb->data);
441 BT_DBG("%s status 0x%x", hdev->name, status);
443 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
446 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
448 __u8 status = *((__u8 *) skb->data);
451 BT_DBG("%s status 0x%x", hdev->name, status);
453 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
457 if (test_bit(HCI_MGMT, &hdev->dev_flags))
458 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
461 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
463 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
469 if (hdev->features[6] & LMP_EXT_INQ)
472 if (hdev->features[3] & LMP_RSSI_INQ)
475 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
476 hdev->lmp_subver == 0x0757)
479 if (hdev->manufacturer == 15) {
480 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
482 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
484 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
488 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
489 hdev->lmp_subver == 0x1805)
495 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
499 mode = hci_get_inquiry_mode(hdev);
501 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
504 static void hci_setup_event_mask(struct hci_dev *hdev)
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
513 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
516 events[4] |= 0x01; /* Flow Specification Complete */
517 events[4] |= 0x02; /* Inquiry Result with RSSI */
518 events[4] |= 0x04; /* Read Remote Extended Features Complete */
519 events[5] |= 0x08; /* Synchronous Connection Complete */
520 events[5] |= 0x10; /* Synchronous Connection Changed */
522 if (hdev->features[3] & LMP_RSSI_INQ)
523 events[4] |= 0x02; /* Inquiry Result with RSSI */
525 if (hdev->features[5] & LMP_SNIFF_SUBR)
526 events[5] |= 0x20; /* Sniff Subrating */
528 if (hdev->features[5] & LMP_PAUSE_ENC)
529 events[5] |= 0x80; /* Encryption Key Refresh Complete */
531 if (hdev->features[6] & LMP_EXT_INQ)
532 events[5] |= 0x40; /* Extended Inquiry Result */
534 if (hdev->features[6] & LMP_NO_FLUSH)
535 events[7] |= 0x01; /* Enhanced Flush Complete */
537 if (hdev->features[7] & LMP_LSTO)
538 events[6] |= 0x80; /* Link Supervision Timeout Changed */
540 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
541 events[6] |= 0x01; /* IO Capability Request */
542 events[6] |= 0x02; /* IO Capability Response */
543 events[6] |= 0x04; /* User Confirmation Request */
544 events[6] |= 0x08; /* User Passkey Request */
545 events[6] |= 0x10; /* Remote OOB Data Request */
546 events[6] |= 0x20; /* Simple Pairing Complete */
547 events[7] |= 0x04; /* User Passkey Notification */
548 events[7] |= 0x08; /* Keypress Notification */
549 events[7] |= 0x10; /* Remote Host Supported
550 * Features Notification */
553 if (hdev->features[4] & LMP_LE)
554 events[7] |= 0x20; /* LE Meta-Event */
556 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
559 static void hci_setup(struct hci_dev *hdev)
561 if (hdev->dev_type != HCI_BREDR)
564 hci_setup_event_mask(hdev);
566 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
567 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
569 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
570 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
572 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
573 sizeof(mode), &mode);
575 struct hci_cp_write_eir cp;
577 memset(hdev->eir, 0, sizeof(hdev->eir));
578 memset(&cp, 0, sizeof(cp));
580 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
584 if (hdev->features[3] & LMP_RSSI_INQ)
585 hci_setup_inquiry_mode(hdev);
587 if (hdev->features[7] & LMP_INQ_TX_PWR)
588 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
590 if (hdev->features[7] & LMP_EXTFEATURES) {
591 struct hci_cp_read_local_ext_features cp;
594 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
598 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
600 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
605 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
607 struct hci_rp_read_local_version *rp = (void *) skb->data;
609 BT_DBG("%s status 0x%x", hdev->name, rp->status);
614 hdev->hci_ver = rp->hci_ver;
615 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
616 hdev->lmp_ver = rp->lmp_ver;
617 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
618 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
620 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
622 hdev->hci_ver, hdev->hci_rev);
624 if (test_bit(HCI_INIT, &hdev->flags))
628 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
631 static void hci_setup_link_policy(struct hci_dev *hdev)
633 struct hci_cp_write_def_link_policy cp;
636 if (hdev->features[0] & LMP_RSWITCH)
637 link_policy |= HCI_LP_RSWITCH;
638 if (hdev->features[0] & LMP_HOLD)
639 link_policy |= HCI_LP_HOLD;
640 if (hdev->features[0] & LMP_SNIFF)
641 link_policy |= HCI_LP_SNIFF;
642 if (hdev->features[1] & LMP_PARK)
643 link_policy |= HCI_LP_PARK;
645 cp.policy = cpu_to_le16(link_policy);
646 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
649 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
651 struct hci_rp_read_local_commands *rp = (void *) skb->data;
653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
658 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
660 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
661 hci_setup_link_policy(hdev);
664 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
667 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
669 struct hci_rp_read_local_features *rp = (void *) skb->data;
671 BT_DBG("%s status 0x%x", hdev->name, rp->status);
676 memcpy(hdev->features, rp->features, 8);
678 /* Adjust default settings according to features
679 * supported by device. */
681 if (hdev->features[0] & LMP_3SLOT)
682 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
684 if (hdev->features[0] & LMP_5SLOT)
685 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
687 if (hdev->features[1] & LMP_HV2) {
688 hdev->pkt_type |= (HCI_HV2);
689 hdev->esco_type |= (ESCO_HV2);
692 if (hdev->features[1] & LMP_HV3) {
693 hdev->pkt_type |= (HCI_HV3);
694 hdev->esco_type |= (ESCO_HV3);
697 if (hdev->features[3] & LMP_ESCO)
698 hdev->esco_type |= (ESCO_EV3);
700 if (hdev->features[4] & LMP_EV4)
701 hdev->esco_type |= (ESCO_EV4);
703 if (hdev->features[4] & LMP_EV5)
704 hdev->esco_type |= (ESCO_EV5);
706 if (hdev->features[5] & LMP_EDR_ESCO_2M)
707 hdev->esco_type |= (ESCO_2EV3);
709 if (hdev->features[5] & LMP_EDR_ESCO_3M)
710 hdev->esco_type |= (ESCO_3EV3);
712 if (hdev->features[5] & LMP_EDR_3S_ESCO)
713 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
715 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
716 hdev->features[0], hdev->features[1],
717 hdev->features[2], hdev->features[3],
718 hdev->features[4], hdev->features[5],
719 hdev->features[6], hdev->features[7]);
722 static void hci_set_le_support(struct hci_dev *hdev)
724 struct hci_cp_write_le_host_supported cp;
726 memset(&cp, 0, sizeof(cp));
728 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
730 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
733 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
734 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
738 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
741 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
743 BT_DBG("%s status 0x%x", hdev->name, rp->status);
750 memcpy(hdev->features, rp->features, 8);
753 memcpy(hdev->host_features, rp->features, 8);
757 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
758 hci_set_le_support(hdev);
761 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
764 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
767 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
769 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774 hdev->flow_ctl_mode = rp->mode;
776 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
779 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
781 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
783 BT_DBG("%s status 0x%x", hdev->name, rp->status);
788 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
789 hdev->sco_mtu = rp->sco_mtu;
790 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
791 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
793 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
798 hdev->acl_cnt = hdev->acl_pkts;
799 hdev->sco_cnt = hdev->sco_pkts;
801 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
802 hdev->acl_mtu, hdev->acl_pkts,
803 hdev->sco_mtu, hdev->sco_pkts);
806 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
808 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
810 BT_DBG("%s status 0x%x", hdev->name, rp->status);
813 bacpy(&hdev->bdaddr, &rp->bdaddr);
815 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
818 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
821 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
823 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
829 hdev->block_len = __le16_to_cpu(rp->block_len);
830 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
832 hdev->block_cnt = hdev->num_blocks;
834 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
835 hdev->block_cnt, hdev->block_len);
837 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
840 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
842 __u8 status = *((__u8 *) skb->data);
844 BT_DBG("%s status 0x%x", hdev->name, status);
846 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
849 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
852 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
854 BT_DBG("%s status 0x%x", hdev->name, rp->status);
859 hdev->amp_status = rp->amp_status;
860 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
861 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
862 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
863 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
864 hdev->amp_type = rp->amp_type;
865 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
866 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
867 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
868 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
870 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
873 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
876 __u8 status = *((__u8 *) skb->data);
878 BT_DBG("%s status 0x%x", hdev->name, status);
880 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
883 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
885 __u8 status = *((__u8 *) skb->data);
887 BT_DBG("%s status 0x%x", hdev->name, status);
889 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
892 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
895 __u8 status = *((__u8 *) skb->data);
897 BT_DBG("%s status 0x%x", hdev->name, status);
899 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
902 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
905 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
907 BT_DBG("%s status 0x%x", hdev->name, rp->status);
910 hdev->inq_tx_power = rp->tx_power;
912 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
915 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
917 __u8 status = *((__u8 *) skb->data);
919 BT_DBG("%s status 0x%x", hdev->name, status);
921 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
924 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
926 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
927 struct hci_cp_pin_code_reply *cp;
928 struct hci_conn *conn;
930 BT_DBG("%s status 0x%x", hdev->name, rp->status);
934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
935 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
940 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
944 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
946 conn->pin_length = cp->pin_len;
949 hci_dev_unlock(hdev);
952 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
954 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
956 BT_DBG("%s status 0x%x", hdev->name, rp->status);
960 if (test_bit(HCI_MGMT, &hdev->dev_flags))
961 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
964 hci_dev_unlock(hdev);
967 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
970 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
972 BT_DBG("%s status 0x%x", hdev->name, rp->status);
977 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
978 hdev->le_pkts = rp->le_max_pkt;
980 hdev->le_cnt = hdev->le_pkts;
982 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
984 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
987 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
989 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
991 BT_DBG("%s status 0x%x", hdev->name, rp->status);
995 if (test_bit(HCI_MGMT, &hdev->dev_flags))
996 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
999 hci_dev_unlock(hdev);
1002 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1003 struct sk_buff *skb)
1005 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1007 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1011 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1012 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1013 ACL_LINK, 0, rp->status);
1015 hci_dev_unlock(hdev);
1018 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1020 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1022 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1027 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1030 hci_dev_unlock(hdev);
1033 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1034 struct sk_buff *skb)
1036 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1038 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1042 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1043 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1044 ACL_LINK, 0, rp->status);
1046 hci_dev_unlock(hdev);
1049 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1050 struct sk_buff *skb)
1052 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1054 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1057 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1058 rp->randomizer, rp->status);
1059 hci_dev_unlock(hdev);
1062 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1064 __u8 status = *((__u8 *) skb->data);
1066 BT_DBG("%s status 0x%x", hdev->name, status);
1068 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1072 mgmt_start_discovery_failed(hdev, status);
1073 hci_dev_unlock(hdev);
1078 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1079 struct sk_buff *skb)
1081 struct hci_cp_le_set_scan_enable *cp;
1082 __u8 status = *((__u8 *) skb->data);
1084 BT_DBG("%s status 0x%x", hdev->name, status);
1086 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1090 switch (cp->enable) {
1091 case LE_SCANNING_ENABLED:
1092 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1096 mgmt_start_discovery_failed(hdev, status);
1097 hci_dev_unlock(hdev);
1101 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1104 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1105 hci_dev_unlock(hdev);
1108 case LE_SCANNING_DISABLED:
1111 mgmt_stop_discovery_failed(hdev, status);
1112 hci_dev_unlock(hdev);
1116 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1118 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1119 hdev->discovery.state == DISCOVERY_FINDING) {
1120 mgmt_interleaved_discovery(hdev);
1123 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1124 hci_dev_unlock(hdev);
1130 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1135 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1137 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1144 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1147 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1149 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1151 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1156 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1159 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1160 struct sk_buff *skb)
1162 struct hci_cp_write_le_host_supported *sent;
1163 __u8 status = *((__u8 *) skb->data);
1165 BT_DBG("%s status 0x%x", hdev->name, status);
1167 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1173 hdev->host_features[0] |= LMP_HOST_LE;
1175 hdev->host_features[0] &= ~LMP_HOST_LE;
1178 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1179 !test_bit(HCI_INIT, &hdev->flags))
1180 mgmt_le_enable_complete(hdev, sent->le, status);
1182 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1185 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1187 BT_DBG("%s status 0x%x", hdev->name, status);
1190 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1191 hci_conn_check_pending(hdev);
1193 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1194 mgmt_start_discovery_failed(hdev, status);
1195 hci_dev_unlock(hdev);
1199 set_bit(HCI_INQUIRY, &hdev->flags);
1202 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1203 hci_dev_unlock(hdev);
1206 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1208 struct hci_cp_create_conn *cp;
1209 struct hci_conn *conn;
1211 BT_DBG("%s status 0x%x", hdev->name, status);
1213 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1219 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1221 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1224 if (conn && conn->state == BT_CONNECT) {
1225 if (status != 0x0c || conn->attempt > 2) {
1226 conn->state = BT_CLOSED;
1227 hci_proto_connect_cfm(conn, status);
1230 conn->state = BT_CONNECT2;
1234 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1237 conn->link_mode |= HCI_LM_MASTER;
1239 BT_ERR("No memory for new connection");
1243 hci_dev_unlock(hdev);
1246 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1248 struct hci_cp_add_sco *cp;
1249 struct hci_conn *acl, *sco;
1252 BT_DBG("%s status 0x%x", hdev->name, status);
1257 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1261 handle = __le16_to_cpu(cp->handle);
1263 BT_DBG("%s handle %d", hdev->name, handle);
1267 acl = hci_conn_hash_lookup_handle(hdev, handle);
1271 sco->state = BT_CLOSED;
1273 hci_proto_connect_cfm(sco, status);
1278 hci_dev_unlock(hdev);
1281 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1283 struct hci_cp_auth_requested *cp;
1284 struct hci_conn *conn;
1286 BT_DBG("%s status 0x%x", hdev->name, status);
1291 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1297 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1299 if (conn->state == BT_CONFIG) {
1300 hci_proto_connect_cfm(conn, status);
1305 hci_dev_unlock(hdev);
1308 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1310 struct hci_cp_set_conn_encrypt *cp;
1311 struct hci_conn *conn;
1313 BT_DBG("%s status 0x%x", hdev->name, status);
1318 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1326 if (conn->state == BT_CONFIG) {
1327 hci_proto_connect_cfm(conn, status);
1332 hci_dev_unlock(hdev);
1335 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1336 struct hci_conn *conn)
1338 if (conn->state != BT_CONFIG || !conn->out)
1341 if (conn->pending_sec_level == BT_SECURITY_SDP)
1344 /* Only request authentication for SSP connections or non-SSP
1345 * devices with sec_level HIGH or if MITM protection is requested */
1346 if (!hci_conn_ssp_enabled(conn) &&
1347 conn->pending_sec_level != BT_SECURITY_HIGH &&
1348 !(conn->auth_type & 0x01))
1354 static inline int hci_resolve_name(struct hci_dev *hdev,
1355 struct inquiry_entry *e)
1357 struct hci_cp_remote_name_req cp;
1359 memset(&cp, 0, sizeof(cp));
1361 bacpy(&cp.bdaddr, &e->data.bdaddr);
1362 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1363 cp.pscan_mode = e->data.pscan_mode;
1364 cp.clock_offset = e->data.clock_offset;
1366 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1369 static bool hci_resolve_next_name(struct hci_dev *hdev)
1371 struct discovery_state *discov = &hdev->discovery;
1372 struct inquiry_entry *e;
1374 if (list_empty(&discov->resolve))
1377 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1378 if (hci_resolve_name(hdev, e) == 0) {
1379 e->name_state = NAME_PENDING;
1386 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1387 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1389 struct discovery_state *discov = &hdev->discovery;
1390 struct inquiry_entry *e;
1392 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1393 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1394 name_len, conn->dev_class);
1396 if (discov->state == DISCOVERY_STOPPED)
1399 if (discov->state == DISCOVERY_STOPPING)
1400 goto discov_complete;
1402 if (discov->state != DISCOVERY_RESOLVING)
1405 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1407 e->name_state = NAME_KNOWN;
1410 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1411 e->data.rssi, name, name_len);
1414 if (hci_resolve_next_name(hdev))
1418 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1421 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1423 struct hci_cp_remote_name_req *cp;
1424 struct hci_conn *conn;
1426 BT_DBG("%s status 0x%x", hdev->name, status);
1428 /* If successful wait for the name req complete event before
1429 * checking for the need to do authentication */
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1439 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1442 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1447 if (!hci_outgoing_auth_needed(hdev, conn))
1450 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1451 struct hci_cp_auth_requested cp;
1452 cp.handle = __cpu_to_le16(conn->handle);
1453 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1457 hci_dev_unlock(hdev);
1460 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1462 struct hci_cp_read_remote_features *cp;
1463 struct hci_conn *conn;
1465 BT_DBG("%s status 0x%x", hdev->name, status);
1470 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1478 if (conn->state == BT_CONFIG) {
1479 hci_proto_connect_cfm(conn, status);
1484 hci_dev_unlock(hdev);
1487 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1489 struct hci_cp_read_remote_ext_features *cp;
1490 struct hci_conn *conn;
1492 BT_DBG("%s status 0x%x", hdev->name, status);
1497 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1503 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1505 if (conn->state == BT_CONFIG) {
1506 hci_proto_connect_cfm(conn, status);
1511 hci_dev_unlock(hdev);
1514 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1516 struct hci_cp_setup_sync_conn *cp;
1517 struct hci_conn *acl, *sco;
1520 BT_DBG("%s status 0x%x", hdev->name, status);
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1529 handle = __le16_to_cpu(cp->handle);
1531 BT_DBG("%s handle %d", hdev->name, handle);
1535 acl = hci_conn_hash_lookup_handle(hdev, handle);
1539 sco->state = BT_CLOSED;
1541 hci_proto_connect_cfm(sco, status);
1546 hci_dev_unlock(hdev);
1549 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1551 struct hci_cp_sniff_mode *cp;
1552 struct hci_conn *conn;
1554 BT_DBG("%s status 0x%x", hdev->name, status);
1559 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1565 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1567 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1569 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1570 hci_sco_setup(conn, status);
1573 hci_dev_unlock(hdev);
1576 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1578 struct hci_cp_exit_sniff_mode *cp;
1579 struct hci_conn *conn;
1581 BT_DBG("%s status 0x%x", hdev->name, status);
1586 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1594 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1596 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1597 hci_sco_setup(conn, status);
1600 hci_dev_unlock(hdev);
1603 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1605 struct hci_cp_disconnect *cp;
1606 struct hci_conn *conn;
1611 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1617 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1619 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1620 conn->dst_type, status);
1622 hci_dev_unlock(hdev);
1625 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1627 struct hci_cp_le_create_conn *cp;
1628 struct hci_conn *conn;
1630 BT_DBG("%s status 0x%x", hdev->name, status);
1632 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1640 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1644 if (conn && conn->state == BT_CONNECT) {
1645 conn->state = BT_CLOSED;
1646 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1647 conn->dst_type, status);
1648 hci_proto_connect_cfm(conn, status);
1653 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1655 conn->dst_type = cp->peer_addr_type;
1658 BT_ERR("No memory for new connection");
1663 hci_dev_unlock(hdev);
1666 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1668 BT_DBG("%s status 0x%x", hdev->name, status);
1671 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1673 __u8 status = *((__u8 *) skb->data);
1674 struct discovery_state *discov = &hdev->discovery;
1675 struct inquiry_entry *e;
1677 BT_DBG("%s status %d", hdev->name, status);
1679 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1681 hci_conn_check_pending(hdev);
1683 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1686 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1691 if (discov->state != DISCOVERY_FINDING)
1694 if (list_empty(&discov->resolve)) {
1695 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1699 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1700 if (e && hci_resolve_name(hdev, e) == 0) {
1701 e->name_state = NAME_PENDING;
1702 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1704 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1708 hci_dev_unlock(hdev);
1711 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1713 struct inquiry_data data;
1714 struct inquiry_info *info = (void *) (skb->data + 1);
1715 int num_rsp = *((__u8 *) skb->data);
1717 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1722 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1727 for (; num_rsp; num_rsp--, info++) {
1728 bool name_known, ssp;
1730 bacpy(&data.bdaddr, &info->bdaddr);
1731 data.pscan_rep_mode = info->pscan_rep_mode;
1732 data.pscan_period_mode = info->pscan_period_mode;
1733 data.pscan_mode = info->pscan_mode;
1734 memcpy(data.dev_class, info->dev_class, 3);
1735 data.clock_offset = info->clock_offset;
1737 data.ssp_mode = 0x00;
1739 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1740 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1741 info->dev_class, 0, !name_known, ssp, NULL,
1745 hci_dev_unlock(hdev);
1748 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1750 struct hci_ev_conn_complete *ev = (void *) skb->data;
1751 struct hci_conn *conn;
1753 BT_DBG("%s", hdev->name);
1757 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1759 if (ev->link_type != SCO_LINK)
1762 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1766 conn->type = SCO_LINK;
1770 conn->handle = __le16_to_cpu(ev->handle);
1772 if (conn->type == ACL_LINK) {
1773 conn->state = BT_CONFIG;
1774 hci_conn_hold(conn);
1775 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1777 conn->state = BT_CONNECTED;
1779 hci_conn_hold_device(conn);
1780 hci_conn_add_sysfs(conn);
1782 if (test_bit(HCI_AUTH, &hdev->flags))
1783 conn->link_mode |= HCI_LM_AUTH;
1785 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1786 conn->link_mode |= HCI_LM_ENCRYPT;
1788 /* Get remote features */
1789 if (conn->type == ACL_LINK) {
1790 struct hci_cp_read_remote_features cp;
1791 cp.handle = ev->handle;
1792 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1796 /* Set packet type for incoming connection */
1797 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1798 struct hci_cp_change_conn_ptype cp;
1799 cp.handle = ev->handle;
1800 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1801 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1805 conn->state = BT_CLOSED;
1806 if (conn->type == ACL_LINK)
1807 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1808 conn->dst_type, ev->status);
1811 if (conn->type == ACL_LINK)
1812 hci_sco_setup(conn, ev->status);
1815 hci_proto_connect_cfm(conn, ev->status);
1817 } else if (ev->link_type != ACL_LINK)
1818 hci_proto_connect_cfm(conn, ev->status);
1821 hci_dev_unlock(hdev);
1823 hci_conn_check_pending(hdev);
1826 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1828 struct hci_ev_conn_request *ev = (void *) skb->data;
1829 int mask = hdev->link_mode;
1831 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1832 batostr(&ev->bdaddr), ev->link_type);
1834 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1836 if ((mask & HCI_LM_ACCEPT) &&
1837 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1838 /* Connection accepted */
1839 struct inquiry_entry *ie;
1840 struct hci_conn *conn;
1844 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1846 memcpy(ie->data.dev_class, ev->dev_class, 3);
1848 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1850 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1852 BT_ERR("No memory for new connection");
1853 hci_dev_unlock(hdev);
1858 memcpy(conn->dev_class, ev->dev_class, 3);
1859 conn->state = BT_CONNECT;
1861 hci_dev_unlock(hdev);
1863 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1864 struct hci_cp_accept_conn_req cp;
1866 bacpy(&cp.bdaddr, &ev->bdaddr);
1868 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1869 cp.role = 0x00; /* Become master */
1871 cp.role = 0x01; /* Remain slave */
1873 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1876 struct hci_cp_accept_sync_conn_req cp;
1878 bacpy(&cp.bdaddr, &ev->bdaddr);
1879 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1881 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1882 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1883 cp.max_latency = cpu_to_le16(0xffff);
1884 cp.content_format = cpu_to_le16(hdev->voice_setting);
1885 cp.retrans_effort = 0xff;
1887 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1891 /* Connection rejected */
1892 struct hci_cp_reject_conn_req cp;
1894 bacpy(&cp.bdaddr, &ev->bdaddr);
1895 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1896 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1900 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1902 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1903 struct hci_conn *conn;
1905 BT_DBG("%s status %d", hdev->name, ev->status);
1909 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1913 if (ev->status == 0)
1914 conn->state = BT_CLOSED;
1916 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1917 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1918 if (ev->status != 0)
1919 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1920 conn->dst_type, ev->status);
1922 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1926 if (ev->status == 0) {
1927 if (conn->type == ACL_LINK && conn->flush_key)
1928 hci_remove_link_key(hdev, &conn->dst);
1929 hci_proto_disconn_cfm(conn, ev->reason);
1934 hci_dev_unlock(hdev);
1937 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 struct hci_ev_auth_complete *ev = (void *) skb->data;
1940 struct hci_conn *conn;
1942 BT_DBG("%s status %d", hdev->name, ev->status);
1946 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1951 if (!hci_conn_ssp_enabled(conn) &&
1952 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1953 BT_INFO("re-auth of legacy device is not possible.");
1955 conn->link_mode |= HCI_LM_AUTH;
1956 conn->sec_level = conn->pending_sec_level;
1959 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1963 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1964 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1966 if (conn->state == BT_CONFIG) {
1967 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1968 struct hci_cp_set_conn_encrypt cp;
1969 cp.handle = ev->handle;
1971 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1974 conn->state = BT_CONNECTED;
1975 hci_proto_connect_cfm(conn, ev->status);
1979 hci_auth_cfm(conn, ev->status);
1981 hci_conn_hold(conn);
1982 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1986 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1988 struct hci_cp_set_conn_encrypt cp;
1989 cp.handle = ev->handle;
1991 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1994 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1995 hci_encrypt_cfm(conn, ev->status, 0x00);
2000 hci_dev_unlock(hdev);
2003 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2005 struct hci_ev_remote_name *ev = (void *) skb->data;
2006 struct hci_conn *conn;
2008 BT_DBG("%s", hdev->name);
2010 hci_conn_check_pending(hdev);
2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2016 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2019 if (ev->status == 0)
2020 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2021 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2023 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2029 if (!hci_outgoing_auth_needed(hdev, conn))
2032 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2033 struct hci_cp_auth_requested cp;
2034 cp.handle = __cpu_to_le16(conn->handle);
2035 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2039 hci_dev_unlock(hdev);
2042 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2044 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2045 struct hci_conn *conn;
2047 BT_DBG("%s status %d", hdev->name, ev->status);
2051 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2055 /* Encryption implies authentication */
2056 conn->link_mode |= HCI_LM_AUTH;
2057 conn->link_mode |= HCI_LM_ENCRYPT;
2058 conn->sec_level = conn->pending_sec_level;
2060 conn->link_mode &= ~HCI_LM_ENCRYPT;
2063 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2065 if (ev->status && conn->state == BT_CONNECTED) {
2066 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2071 if (conn->state == BT_CONFIG) {
2073 conn->state = BT_CONNECTED;
2075 hci_proto_connect_cfm(conn, ev->status);
2078 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2082 hci_dev_unlock(hdev);
2085 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2087 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2088 struct hci_conn *conn;
2090 BT_DBG("%s status %d", hdev->name, ev->status);
2094 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2097 conn->link_mode |= HCI_LM_SECURE;
2099 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2101 hci_key_change_cfm(conn, ev->status);
2104 hci_dev_unlock(hdev);
2107 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2109 struct hci_ev_remote_features *ev = (void *) skb->data;
2110 struct hci_conn *conn;
2112 BT_DBG("%s status %d", hdev->name, ev->status);
2116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2121 memcpy(conn->features, ev->features, 8);
2123 if (conn->state != BT_CONFIG)
2126 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2127 struct hci_cp_read_remote_ext_features cp;
2128 cp.handle = ev->handle;
2130 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2135 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2136 struct hci_cp_remote_name_req cp;
2137 memset(&cp, 0, sizeof(cp));
2138 bacpy(&cp.bdaddr, &conn->dst);
2139 cp.pscan_rep_mode = 0x02;
2140 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2141 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2142 mgmt_device_connected(hdev, &conn->dst, conn->type,
2143 conn->dst_type, 0, NULL, 0,
2146 if (!hci_outgoing_auth_needed(hdev, conn)) {
2147 conn->state = BT_CONNECTED;
2148 hci_proto_connect_cfm(conn, ev->status);
2153 hci_dev_unlock(hdev);
2156 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2158 BT_DBG("%s", hdev->name);
2161 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2163 BT_DBG("%s", hdev->name);
2166 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2168 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2171 skb_pull(skb, sizeof(*ev));
2173 opcode = __le16_to_cpu(ev->opcode);
2176 case HCI_OP_INQUIRY_CANCEL:
2177 hci_cc_inquiry_cancel(hdev, skb);
2180 case HCI_OP_PERIODIC_INQ:
2181 hci_cc_periodic_inq(hdev, skb);
2184 case HCI_OP_EXIT_PERIODIC_INQ:
2185 hci_cc_exit_periodic_inq(hdev, skb);
2188 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2189 hci_cc_remote_name_req_cancel(hdev, skb);
2192 case HCI_OP_ROLE_DISCOVERY:
2193 hci_cc_role_discovery(hdev, skb);
2196 case HCI_OP_READ_LINK_POLICY:
2197 hci_cc_read_link_policy(hdev, skb);
2200 case HCI_OP_WRITE_LINK_POLICY:
2201 hci_cc_write_link_policy(hdev, skb);
2204 case HCI_OP_READ_DEF_LINK_POLICY:
2205 hci_cc_read_def_link_policy(hdev, skb);
2208 case HCI_OP_WRITE_DEF_LINK_POLICY:
2209 hci_cc_write_def_link_policy(hdev, skb);
2213 hci_cc_reset(hdev, skb);
2216 case HCI_OP_WRITE_LOCAL_NAME:
2217 hci_cc_write_local_name(hdev, skb);
2220 case HCI_OP_READ_LOCAL_NAME:
2221 hci_cc_read_local_name(hdev, skb);
2224 case HCI_OP_WRITE_AUTH_ENABLE:
2225 hci_cc_write_auth_enable(hdev, skb);
2228 case HCI_OP_WRITE_ENCRYPT_MODE:
2229 hci_cc_write_encrypt_mode(hdev, skb);
2232 case HCI_OP_WRITE_SCAN_ENABLE:
2233 hci_cc_write_scan_enable(hdev, skb);
2236 case HCI_OP_READ_CLASS_OF_DEV:
2237 hci_cc_read_class_of_dev(hdev, skb);
2240 case HCI_OP_WRITE_CLASS_OF_DEV:
2241 hci_cc_write_class_of_dev(hdev, skb);
2244 case HCI_OP_READ_VOICE_SETTING:
2245 hci_cc_read_voice_setting(hdev, skb);
2248 case HCI_OP_WRITE_VOICE_SETTING:
2249 hci_cc_write_voice_setting(hdev, skb);
2252 case HCI_OP_HOST_BUFFER_SIZE:
2253 hci_cc_host_buffer_size(hdev, skb);
2256 case HCI_OP_WRITE_SSP_MODE:
2257 hci_cc_write_ssp_mode(hdev, skb);
2260 case HCI_OP_READ_LOCAL_VERSION:
2261 hci_cc_read_local_version(hdev, skb);
2264 case HCI_OP_READ_LOCAL_COMMANDS:
2265 hci_cc_read_local_commands(hdev, skb);
2268 case HCI_OP_READ_LOCAL_FEATURES:
2269 hci_cc_read_local_features(hdev, skb);
2272 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2273 hci_cc_read_local_ext_features(hdev, skb);
2276 case HCI_OP_READ_BUFFER_SIZE:
2277 hci_cc_read_buffer_size(hdev, skb);
2280 case HCI_OP_READ_BD_ADDR:
2281 hci_cc_read_bd_addr(hdev, skb);
2284 case HCI_OP_READ_DATA_BLOCK_SIZE:
2285 hci_cc_read_data_block_size(hdev, skb);
2288 case HCI_OP_WRITE_CA_TIMEOUT:
2289 hci_cc_write_ca_timeout(hdev, skb);
2292 case HCI_OP_READ_FLOW_CONTROL_MODE:
2293 hci_cc_read_flow_control_mode(hdev, skb);
2296 case HCI_OP_READ_LOCAL_AMP_INFO:
2297 hci_cc_read_local_amp_info(hdev, skb);
2300 case HCI_OP_DELETE_STORED_LINK_KEY:
2301 hci_cc_delete_stored_link_key(hdev, skb);
2304 case HCI_OP_SET_EVENT_MASK:
2305 hci_cc_set_event_mask(hdev, skb);
2308 case HCI_OP_WRITE_INQUIRY_MODE:
2309 hci_cc_write_inquiry_mode(hdev, skb);
2312 case HCI_OP_READ_INQ_RSP_TX_POWER:
2313 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2316 case HCI_OP_SET_EVENT_FLT:
2317 hci_cc_set_event_flt(hdev, skb);
2320 case HCI_OP_PIN_CODE_REPLY:
2321 hci_cc_pin_code_reply(hdev, skb);
2324 case HCI_OP_PIN_CODE_NEG_REPLY:
2325 hci_cc_pin_code_neg_reply(hdev, skb);
2328 case HCI_OP_READ_LOCAL_OOB_DATA:
2329 hci_cc_read_local_oob_data_reply(hdev, skb);
2332 case HCI_OP_LE_READ_BUFFER_SIZE:
2333 hci_cc_le_read_buffer_size(hdev, skb);
2336 case HCI_OP_USER_CONFIRM_REPLY:
2337 hci_cc_user_confirm_reply(hdev, skb);
2340 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2341 hci_cc_user_confirm_neg_reply(hdev, skb);
2344 case HCI_OP_USER_PASSKEY_REPLY:
2345 hci_cc_user_passkey_reply(hdev, skb);
2348 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2349 hci_cc_user_passkey_neg_reply(hdev, skb);
2352 case HCI_OP_LE_SET_SCAN_PARAM:
2353 hci_cc_le_set_scan_param(hdev, skb);
2356 case HCI_OP_LE_SET_SCAN_ENABLE:
2357 hci_cc_le_set_scan_enable(hdev, skb);
2360 case HCI_OP_LE_LTK_REPLY:
2361 hci_cc_le_ltk_reply(hdev, skb);
2364 case HCI_OP_LE_LTK_NEG_REPLY:
2365 hci_cc_le_ltk_neg_reply(hdev, skb);
2368 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2369 hci_cc_write_le_host_supported(hdev, skb);
2373 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2377 if (ev->opcode != HCI_OP_NOP)
2378 del_timer(&hdev->cmd_timer);
2381 atomic_set(&hdev->cmd_cnt, 1);
2382 if (!skb_queue_empty(&hdev->cmd_q))
2383 queue_work(hdev->workqueue, &hdev->cmd_work);
2387 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2389 struct hci_ev_cmd_status *ev = (void *) skb->data;
2392 skb_pull(skb, sizeof(*ev));
2394 opcode = __le16_to_cpu(ev->opcode);
2397 case HCI_OP_INQUIRY:
2398 hci_cs_inquiry(hdev, ev->status);
2401 case HCI_OP_CREATE_CONN:
2402 hci_cs_create_conn(hdev, ev->status);
2405 case HCI_OP_ADD_SCO:
2406 hci_cs_add_sco(hdev, ev->status);
2409 case HCI_OP_AUTH_REQUESTED:
2410 hci_cs_auth_requested(hdev, ev->status);
2413 case HCI_OP_SET_CONN_ENCRYPT:
2414 hci_cs_set_conn_encrypt(hdev, ev->status);
2417 case HCI_OP_REMOTE_NAME_REQ:
2418 hci_cs_remote_name_req(hdev, ev->status);
2421 case HCI_OP_READ_REMOTE_FEATURES:
2422 hci_cs_read_remote_features(hdev, ev->status);
2425 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2426 hci_cs_read_remote_ext_features(hdev, ev->status);
2429 case HCI_OP_SETUP_SYNC_CONN:
2430 hci_cs_setup_sync_conn(hdev, ev->status);
2433 case HCI_OP_SNIFF_MODE:
2434 hci_cs_sniff_mode(hdev, ev->status);
2437 case HCI_OP_EXIT_SNIFF_MODE:
2438 hci_cs_exit_sniff_mode(hdev, ev->status);
2441 case HCI_OP_DISCONNECT:
2442 hci_cs_disconnect(hdev, ev->status);
2445 case HCI_OP_LE_CREATE_CONN:
2446 hci_cs_le_create_conn(hdev, ev->status);
2449 case HCI_OP_LE_START_ENC:
2450 hci_cs_le_start_enc(hdev, ev->status);
2454 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2458 if (ev->opcode != HCI_OP_NOP)
2459 del_timer(&hdev->cmd_timer);
2461 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2462 atomic_set(&hdev->cmd_cnt, 1);
2463 if (!skb_queue_empty(&hdev->cmd_q))
2464 queue_work(hdev->workqueue, &hdev->cmd_work);
2468 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2470 struct hci_ev_role_change *ev = (void *) skb->data;
2471 struct hci_conn *conn;
2473 BT_DBG("%s status %d", hdev->name, ev->status);
2477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2481 conn->link_mode &= ~HCI_LM_MASTER;
2483 conn->link_mode |= HCI_LM_MASTER;
2486 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2488 hci_role_switch_cfm(conn, ev->status, ev->role);
2491 hci_dev_unlock(hdev);
2494 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2496 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2499 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2500 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2504 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2505 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2506 BT_DBG("%s bad parameters", hdev->name);
2510 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2512 for (i = 0; i < ev->num_hndl; i++) {
2513 struct hci_comp_pkts_info *info = &ev->handles[i];
2514 struct hci_conn *conn;
2515 __u16 handle, count;
2517 handle = __le16_to_cpu(info->handle);
2518 count = __le16_to_cpu(info->count);
2520 conn = hci_conn_hash_lookup_handle(hdev, handle);
2524 conn->sent -= count;
2526 switch (conn->type) {
2528 hdev->acl_cnt += count;
2529 if (hdev->acl_cnt > hdev->acl_pkts)
2530 hdev->acl_cnt = hdev->acl_pkts;
2534 if (hdev->le_pkts) {
2535 hdev->le_cnt += count;
2536 if (hdev->le_cnt > hdev->le_pkts)
2537 hdev->le_cnt = hdev->le_pkts;
2539 hdev->acl_cnt += count;
2540 if (hdev->acl_cnt > hdev->acl_pkts)
2541 hdev->acl_cnt = hdev->acl_pkts;
2546 hdev->sco_cnt += count;
2547 if (hdev->sco_cnt > hdev->sco_pkts)
2548 hdev->sco_cnt = hdev->sco_pkts;
2552 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2557 queue_work(hdev->workqueue, &hdev->tx_work);
2560 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2561 struct sk_buff *skb)
2563 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2566 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2567 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2571 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2572 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2573 BT_DBG("%s bad parameters", hdev->name);
2577 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2580 for (i = 0; i < ev->num_hndl; i++) {
2581 struct hci_comp_blocks_info *info = &ev->handles[i];
2582 struct hci_conn *conn;
2583 __u16 handle, block_count;
2585 handle = __le16_to_cpu(info->handle);
2586 block_count = __le16_to_cpu(info->blocks);
2588 conn = hci_conn_hash_lookup_handle(hdev, handle);
2592 conn->sent -= block_count;
2594 switch (conn->type) {
2596 hdev->block_cnt += block_count;
2597 if (hdev->block_cnt > hdev->num_blocks)
2598 hdev->block_cnt = hdev->num_blocks;
2602 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2607 queue_work(hdev->workqueue, &hdev->tx_work);
2610 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2612 struct hci_ev_mode_change *ev = (void *) skb->data;
2613 struct hci_conn *conn;
2615 BT_DBG("%s status %d", hdev->name, ev->status);
2619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2621 conn->mode = ev->mode;
2622 conn->interval = __le16_to_cpu(ev->interval);
2624 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2625 if (conn->mode == HCI_CM_ACTIVE)
2626 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2628 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2631 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2632 hci_sco_setup(conn, ev->status);
2635 hci_dev_unlock(hdev);
2638 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2640 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2643 BT_DBG("%s", hdev->name);
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2651 if (conn->state == BT_CONNECTED) {
2652 hci_conn_hold(conn);
2653 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2657 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2658 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(ev->bdaddr), &ev->bdaddr);
2660 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2663 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2668 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2672 hci_dev_unlock(hdev);
2675 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2677 struct hci_ev_link_key_req *ev = (void *) skb->data;
2678 struct hci_cp_link_key_reply cp;
2679 struct hci_conn *conn;
2680 struct link_key *key;
2682 BT_DBG("%s", hdev->name);
2684 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2689 key = hci_find_link_key(hdev, &ev->bdaddr);
2691 BT_DBG("%s link key not found for %s", hdev->name,
2692 batostr(&ev->bdaddr));
2696 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2697 batostr(&ev->bdaddr));
2699 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2700 key->type == HCI_LK_DEBUG_COMBINATION) {
2701 BT_DBG("%s ignoring debug key", hdev->name);
2705 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2707 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2708 conn->auth_type != 0xff &&
2709 (conn->auth_type & 0x01)) {
2710 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2714 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2715 conn->pending_sec_level == BT_SECURITY_HIGH) {
2716 BT_DBG("%s ignoring key unauthenticated for high \
2717 security", hdev->name);
2721 conn->key_type = key->type;
2722 conn->pin_length = key->pin_len;
2725 bacpy(&cp.bdaddr, &ev->bdaddr);
2726 memcpy(cp.link_key, key->val, 16);
2728 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2730 hci_dev_unlock(hdev);
2735 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2736 hci_dev_unlock(hdev);
2739 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2741 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2742 struct hci_conn *conn;
2745 BT_DBG("%s", hdev->name);
2749 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2751 hci_conn_hold(conn);
2752 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2753 pin_len = conn->pin_length;
2755 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2756 conn->key_type = ev->key_type;
2761 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2762 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2763 ev->key_type, pin_len);
2765 hci_dev_unlock(hdev);
2768 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2770 struct hci_ev_clock_offset *ev = (void *) skb->data;
2771 struct hci_conn *conn;
2773 BT_DBG("%s status %d", hdev->name, ev->status);
2777 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2778 if (conn && !ev->status) {
2779 struct inquiry_entry *ie;
2781 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2783 ie->data.clock_offset = ev->clock_offset;
2784 ie->timestamp = jiffies;
2788 hci_dev_unlock(hdev);
2791 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2793 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2794 struct hci_conn *conn;
2796 BT_DBG("%s status %d", hdev->name, ev->status);
2800 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2801 if (conn && !ev->status)
2802 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2804 hci_dev_unlock(hdev);
2807 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2809 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2810 struct inquiry_entry *ie;
2812 BT_DBG("%s", hdev->name);
2816 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2818 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2819 ie->timestamp = jiffies;
2822 hci_dev_unlock(hdev);
2825 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2827 struct inquiry_data data;
2828 int num_rsp = *((__u8 *) skb->data);
2829 bool name_known, ssp;
2831 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2836 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2841 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2842 struct inquiry_info_with_rssi_and_pscan_mode *info;
2843 info = (void *) (skb->data + 1);
2845 for (; num_rsp; num_rsp--, info++) {
2846 bacpy(&data.bdaddr, &info->bdaddr);
2847 data.pscan_rep_mode = info->pscan_rep_mode;
2848 data.pscan_period_mode = info->pscan_period_mode;
2849 data.pscan_mode = info->pscan_mode;
2850 memcpy(data.dev_class, info->dev_class, 3);
2851 data.clock_offset = info->clock_offset;
2852 data.rssi = info->rssi;
2853 data.ssp_mode = 0x00;
2855 name_known = hci_inquiry_cache_update(hdev, &data,
2857 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2858 info->dev_class, info->rssi,
2859 !name_known, ssp, NULL, 0);
2862 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2864 for (; num_rsp; num_rsp--, info++) {
2865 bacpy(&data.bdaddr, &info->bdaddr);
2866 data.pscan_rep_mode = info->pscan_rep_mode;
2867 data.pscan_period_mode = info->pscan_period_mode;
2868 data.pscan_mode = 0x00;
2869 memcpy(data.dev_class, info->dev_class, 3);
2870 data.clock_offset = info->clock_offset;
2871 data.rssi = info->rssi;
2872 data.ssp_mode = 0x00;
2873 name_known = hci_inquiry_cache_update(hdev, &data,
2875 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2876 info->dev_class, info->rssi,
2877 !name_known, ssp, NULL, 0);
2881 hci_dev_unlock(hdev);
2884 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2886 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2887 struct hci_conn *conn;
2889 BT_DBG("%s", hdev->name);
2893 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2897 if (!ev->status && ev->page == 0x01) {
2898 struct inquiry_entry *ie;
2900 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2902 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2904 if (ev->features[0] & LMP_HOST_SSP)
2905 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2908 if (conn->state != BT_CONFIG)
2911 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2912 struct hci_cp_remote_name_req cp;
2913 memset(&cp, 0, sizeof(cp));
2914 bacpy(&cp.bdaddr, &conn->dst);
2915 cp.pscan_rep_mode = 0x02;
2916 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2917 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2918 mgmt_device_connected(hdev, &conn->dst, conn->type,
2919 conn->dst_type, 0, NULL, 0,
2922 if (!hci_outgoing_auth_needed(hdev, conn)) {
2923 conn->state = BT_CONNECTED;
2924 hci_proto_connect_cfm(conn, ev->status);
2929 hci_dev_unlock(hdev);
2932 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2934 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2935 struct hci_conn *conn;
2937 BT_DBG("%s status %d", hdev->name, ev->status);
2941 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2943 if (ev->link_type == ESCO_LINK)
2946 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2950 conn->type = SCO_LINK;
2953 switch (ev->status) {
2955 conn->handle = __le16_to_cpu(ev->handle);
2956 conn->state = BT_CONNECTED;
2958 hci_conn_hold_device(conn);
2959 hci_conn_add_sysfs(conn);
2962 case 0x11: /* Unsupported Feature or Parameter Value */
2963 case 0x1c: /* SCO interval rejected */
2964 case 0x1a: /* Unsupported Remote Feature */
2965 case 0x1f: /* Unspecified error */
2966 if (conn->out && conn->attempt < 2) {
2967 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2968 (hdev->esco_type & EDR_ESCO_MASK);
2969 hci_setup_sync(conn, conn->link->handle);
2975 conn->state = BT_CLOSED;
2979 hci_proto_connect_cfm(conn, ev->status);
2984 hci_dev_unlock(hdev);
2987 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2989 BT_DBG("%s", hdev->name);
2992 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2994 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2996 BT_DBG("%s status %d", hdev->name, ev->status);
2999 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
3001 struct inquiry_data data;
3002 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3003 int num_rsp = *((__u8 *) skb->data);
3006 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3011 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3016 for (; num_rsp; num_rsp--, info++) {
3017 bool name_known, ssp;
3019 bacpy(&data.bdaddr, &info->bdaddr);
3020 data.pscan_rep_mode = info->pscan_rep_mode;
3021 data.pscan_period_mode = info->pscan_period_mode;
3022 data.pscan_mode = 0x00;
3023 memcpy(data.dev_class, info->dev_class, 3);
3024 data.clock_offset = info->clock_offset;
3025 data.rssi = info->rssi;
3026 data.ssp_mode = 0x01;
3028 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3029 name_known = eir_has_data_type(info->data,
3035 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3037 eir_len = eir_get_length(info->data, sizeof(info->data));
3038 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3039 info->dev_class, info->rssi, !name_known,
3040 ssp, info->data, eir_len);
3043 hci_dev_unlock(hdev);
3046 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3047 struct sk_buff *skb)
3049 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3050 struct hci_conn *conn;
3052 BT_DBG("%s status %u handle %u", hdev->name, ev->status,
3053 __le16_to_cpu(ev->handle));
3057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3062 conn->sec_level = conn->pending_sec_level;
3064 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3066 if (ev->status && conn->state == BT_CONNECTED) {
3067 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3072 if (conn->state == BT_CONFIG) {
3074 conn->state = BT_CONNECTED;
3076 hci_proto_connect_cfm(conn, ev->status);
3079 hci_auth_cfm(conn, ev->status);
3081 hci_conn_hold(conn);
3082 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3087 hci_dev_unlock(hdev);
3090 static inline u8 hci_get_auth_req(struct hci_conn *conn)
3092 /* If remote requests dedicated bonding follow that lead */
3093 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3094 /* If both remote and local IO capabilities allow MITM
3095 * protection then require it, otherwise don't */
3096 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3102 /* If remote requests no-bonding follow that lead */
3103 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3104 return conn->remote_auth | (conn->auth_type & 0x01);
3106 return conn->auth_type;
3109 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3111 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3112 struct hci_conn *conn;
3114 BT_DBG("%s", hdev->name);
3118 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3122 hci_conn_hold(conn);
3124 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3127 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3128 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3129 struct hci_cp_io_capability_reply cp;
3131 bacpy(&cp.bdaddr, &ev->bdaddr);
3132 /* Change the IO capability from KeyboardDisplay
3133 * to DisplayYesNo as it is not supported by BT spec. */
3134 cp.capability = (conn->io_capability == 0x04) ?
3135 0x01 : conn->io_capability;
3136 conn->auth_type = hci_get_auth_req(conn);
3137 cp.authentication = conn->auth_type;
3139 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3140 hci_find_remote_oob_data(hdev, &conn->dst))
3145 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3148 struct hci_cp_io_capability_neg_reply cp;
3150 bacpy(&cp.bdaddr, &ev->bdaddr);
3151 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3153 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3158 hci_dev_unlock(hdev);
3161 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3163 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3164 struct hci_conn *conn;
3166 BT_DBG("%s", hdev->name);
3170 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3174 conn->remote_cap = ev->capability;
3175 conn->remote_auth = ev->authentication;
3177 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3180 hci_dev_unlock(hdev);
3183 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3184 struct sk_buff *skb)
3186 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3187 int loc_mitm, rem_mitm, confirm_hint = 0;
3188 struct hci_conn *conn;
3190 BT_DBG("%s", hdev->name);
3194 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3197 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3201 loc_mitm = (conn->auth_type & 0x01);
3202 rem_mitm = (conn->remote_auth & 0x01);
3204 /* If we require MITM but the remote device can't provide that
3205 * (it has NoInputNoOutput) then reject the confirmation
3206 * request. The only exception is when we're dedicated bonding
3207 * initiators (connect_cfm_cb set) since then we always have the MITM
3209 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3210 BT_DBG("Rejecting request: remote device can't provide MITM");
3211 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3212 sizeof(ev->bdaddr), &ev->bdaddr);
3216 /* If no side requires MITM protection; auto-accept */
3217 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3218 (!rem_mitm || conn->io_capability == 0x03)) {
3220 /* If we're not the initiators request authorization to
3221 * proceed from user space (mgmt_user_confirm with
3222 * confirm_hint set to 1). */
3223 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3224 BT_DBG("Confirming auto-accept as acceptor");
3229 BT_DBG("Auto-accept of user confirmation with %ums delay",
3230 hdev->auto_accept_delay);
3232 if (hdev->auto_accept_delay > 0) {
3233 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3234 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3238 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3239 sizeof(ev->bdaddr), &ev->bdaddr);
3244 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3248 hci_dev_unlock(hdev);
3251 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
3254 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3256 BT_DBG("%s", hdev->name);
3260 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3261 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3263 hci_dev_unlock(hdev);
3266 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3268 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3269 struct hci_conn *conn;
3271 BT_DBG("%s", hdev->name);
3275 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3279 /* To avoid duplicate auth_failed events to user space we check
3280 * the HCI_CONN_AUTH_PEND flag which will be set if we
3281 * initiated the authentication. A traditional auth_complete
3282 * event gets always produced as initiator and is also mapped to
3283 * the mgmt_auth_failed event */
3284 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3285 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3291 hci_dev_unlock(hdev);
3294 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3296 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3297 struct inquiry_entry *ie;
3299 BT_DBG("%s", hdev->name);
3303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3305 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3307 hci_dev_unlock(hdev);
3310 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3311 struct sk_buff *skb)
3313 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3314 struct oob_data *data;
3316 BT_DBG("%s", hdev->name);
3320 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3323 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3325 struct hci_cp_remote_oob_data_reply cp;
3327 bacpy(&cp.bdaddr, &ev->bdaddr);
3328 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3329 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3331 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3334 struct hci_cp_remote_oob_data_neg_reply cp;
3336 bacpy(&cp.bdaddr, &ev->bdaddr);
3337 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3342 hci_dev_unlock(hdev);
3345 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3347 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3348 struct hci_conn *conn;
3350 BT_DBG("%s status %d", hdev->name, ev->status);
3354 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3356 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3358 BT_ERR("No memory for new connection");
3359 hci_dev_unlock(hdev);
3363 conn->dst_type = ev->bdaddr_type;
3367 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3368 conn->dst_type, ev->status);
3369 hci_proto_connect_cfm(conn, ev->status);
3370 conn->state = BT_CLOSED;
3375 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3376 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3377 conn->dst_type, 0, NULL, 0, NULL);
3379 conn->sec_level = BT_SECURITY_LOW;
3380 conn->handle = __le16_to_cpu(ev->handle);
3381 conn->state = BT_CONNECTED;
3383 hci_conn_hold_device(conn);
3384 hci_conn_add_sysfs(conn);
3386 hci_proto_connect_cfm(conn, ev->status);
3389 hci_dev_unlock(hdev);
3392 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3393 struct sk_buff *skb)
3395 u8 num_reports = skb->data[0];
3396 void *ptr = &skb->data[1];
3401 while (num_reports--) {
3402 struct hci_ev_le_advertising_info *ev = ptr;
3404 rssi = ev->data[ev->length];
3405 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3406 NULL, rssi, 0, 1, ev->data, ev->length);
3408 ptr += sizeof(*ev) + ev->length + 1;
3411 hci_dev_unlock(hdev);
3414 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3415 struct sk_buff *skb)
3417 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3418 struct hci_cp_le_ltk_reply cp;
3419 struct hci_cp_le_ltk_neg_reply neg;
3420 struct hci_conn *conn;
3421 struct smp_ltk *ltk;
3423 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
3427 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3431 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3435 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3436 cp.handle = cpu_to_le16(conn->handle);
3438 if (ltk->authenticated)
3439 conn->sec_level = BT_SECURITY_HIGH;
3441 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3443 if (ltk->type & HCI_SMP_STK) {
3444 list_del(<k->list);
3448 hci_dev_unlock(hdev);
3453 neg.handle = ev->handle;
3454 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3455 hci_dev_unlock(hdev);
3458 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3460 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3462 skb_pull(skb, sizeof(*le_ev));
3464 switch (le_ev->subevent) {
3465 case HCI_EV_LE_CONN_COMPLETE:
3466 hci_le_conn_complete_evt(hdev, skb);
3469 case HCI_EV_LE_ADVERTISING_REPORT:
3470 hci_le_adv_report_evt(hdev, skb);
3473 case HCI_EV_LE_LTK_REQ:
3474 hci_le_ltk_request_evt(hdev, skb);
3482 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3484 struct hci_event_hdr *hdr = (void *) skb->data;
3485 __u8 event = hdr->evt;
3487 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3490 case HCI_EV_INQUIRY_COMPLETE:
3491 hci_inquiry_complete_evt(hdev, skb);
3494 case HCI_EV_INQUIRY_RESULT:
3495 hci_inquiry_result_evt(hdev, skb);
3498 case HCI_EV_CONN_COMPLETE:
3499 hci_conn_complete_evt(hdev, skb);
3502 case HCI_EV_CONN_REQUEST:
3503 hci_conn_request_evt(hdev, skb);
3506 case HCI_EV_DISCONN_COMPLETE:
3507 hci_disconn_complete_evt(hdev, skb);
3510 case HCI_EV_AUTH_COMPLETE:
3511 hci_auth_complete_evt(hdev, skb);
3514 case HCI_EV_REMOTE_NAME:
3515 hci_remote_name_evt(hdev, skb);
3518 case HCI_EV_ENCRYPT_CHANGE:
3519 hci_encrypt_change_evt(hdev, skb);
3522 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3523 hci_change_link_key_complete_evt(hdev, skb);
3526 case HCI_EV_REMOTE_FEATURES:
3527 hci_remote_features_evt(hdev, skb);
3530 case HCI_EV_REMOTE_VERSION:
3531 hci_remote_version_evt(hdev, skb);
3534 case HCI_EV_QOS_SETUP_COMPLETE:
3535 hci_qos_setup_complete_evt(hdev, skb);
3538 case HCI_EV_CMD_COMPLETE:
3539 hci_cmd_complete_evt(hdev, skb);
3542 case HCI_EV_CMD_STATUS:
3543 hci_cmd_status_evt(hdev, skb);
3546 case HCI_EV_ROLE_CHANGE:
3547 hci_role_change_evt(hdev, skb);
3550 case HCI_EV_NUM_COMP_PKTS:
3551 hci_num_comp_pkts_evt(hdev, skb);
3554 case HCI_EV_MODE_CHANGE:
3555 hci_mode_change_evt(hdev, skb);
3558 case HCI_EV_PIN_CODE_REQ:
3559 hci_pin_code_request_evt(hdev, skb);
3562 case HCI_EV_LINK_KEY_REQ:
3563 hci_link_key_request_evt(hdev, skb);
3566 case HCI_EV_LINK_KEY_NOTIFY:
3567 hci_link_key_notify_evt(hdev, skb);
3570 case HCI_EV_CLOCK_OFFSET:
3571 hci_clock_offset_evt(hdev, skb);
3574 case HCI_EV_PKT_TYPE_CHANGE:
3575 hci_pkt_type_change_evt(hdev, skb);
3578 case HCI_EV_PSCAN_REP_MODE:
3579 hci_pscan_rep_mode_evt(hdev, skb);
3582 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3583 hci_inquiry_result_with_rssi_evt(hdev, skb);
3586 case HCI_EV_REMOTE_EXT_FEATURES:
3587 hci_remote_ext_features_evt(hdev, skb);
3590 case HCI_EV_SYNC_CONN_COMPLETE:
3591 hci_sync_conn_complete_evt(hdev, skb);
3594 case HCI_EV_SYNC_CONN_CHANGED:
3595 hci_sync_conn_changed_evt(hdev, skb);
3598 case HCI_EV_SNIFF_SUBRATE:
3599 hci_sniff_subrate_evt(hdev, skb);
3602 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3603 hci_extended_inquiry_result_evt(hdev, skb);
3606 case HCI_EV_KEY_REFRESH_COMPLETE:
3607 hci_key_refresh_complete_evt(hdev, skb);
3610 case HCI_EV_IO_CAPA_REQUEST:
3611 hci_io_capa_request_evt(hdev, skb);
3614 case HCI_EV_IO_CAPA_REPLY:
3615 hci_io_capa_reply_evt(hdev, skb);
3618 case HCI_EV_USER_CONFIRM_REQUEST:
3619 hci_user_confirm_request_evt(hdev, skb);
3622 case HCI_EV_USER_PASSKEY_REQUEST:
3623 hci_user_passkey_request_evt(hdev, skb);
3626 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3627 hci_simple_pair_complete_evt(hdev, skb);
3630 case HCI_EV_REMOTE_HOST_FEATURES:
3631 hci_remote_host_features_evt(hdev, skb);
3634 case HCI_EV_LE_META:
3635 hci_le_meta_evt(hdev, skb);
3638 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3639 hci_remote_oob_data_request_evt(hdev, skb);
3642 case HCI_EV_NUM_COMP_BLOCKS:
3643 hci_num_comp_blocks_evt(hdev, skb);
3647 BT_DBG("%s event 0x%x", hdev->name, event);
3652 hdev->stat.evt_rx++;