2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/a2mp.h>
34 #include <net/bluetooth/amp.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 mgmt_stop_discovery_failed(hdev, status);
51 clear_bit(HCI_INQUIRY, &hdev->flags);
54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
59 hci_conn_check_pending(hdev);
62 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
64 __u8 status = *((__u8 *) skb->data);
66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
74 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
76 __u8 status = *((__u8 *) skb->data);
78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
91 BT_DBG("%s", hdev->name);
94 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
109 conn->link_mode &= ~HCI_LM_MASTER;
111 conn->link_mode |= HCI_LM_MASTER;
114 hci_dev_unlock(hdev);
117 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 conn->link_policy = __le16_to_cpu(rp->policy);
133 hci_dev_unlock(hdev);
136 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
155 conn->link_policy = get_unaligned_le16(sent + 2);
157 hci_dev_unlock(hdev);
160 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
170 hdev->link_policy = __le16_to_cpu(rp->policy);
173 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
176 __u8 status = *((__u8 *) skb->data);
179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
191 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
193 __u8 status = *((__u8 *) skb->data);
195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
197 clear_bit(HCI_RESET, &hdev->flags);
199 hci_req_complete(hdev, HCI_OP_RESET, status);
201 /* Reset all non-persistent flags */
202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
205 hdev->discovery.state = DISCOVERY_STOPPED;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 __u8 param = *((__u8 *) sent);
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
261 clear_bit(HCI_AUTH, &hdev->flags);
264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
293 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 param = *((__u8 *) sent);
310 mgmt_write_scan_failed(hdev, param, status);
311 hdev->discov_timeout = 0;
315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
321 mgmt_discoverable(hdev, 1);
322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
327 } else if (old_iscan)
328 mgmt_discoverable(hdev, 0);
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
333 mgmt_connectable(hdev, 1);
334 } else if (old_pscan)
335 mgmt_connectable(hdev, 0);
338 hci_dev_unlock(hdev);
339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
342 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
351 memcpy(hdev->dev_class, rp->dev_class, 3);
353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
357 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
359 __u8 status = *((__u8 *) skb->data);
362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
371 memcpy(hdev->dev_class, sent, 3);
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
376 hci_dev_unlock(hdev);
379 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
389 setting = __le16_to_cpu(rp->voice_setting);
391 if (hdev->voice_setting == setting)
394 hdev->voice_setting = setting;
396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 __u8 status = *((__u8 *) skb->data);
409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
418 setting = get_unaligned_le16(sent);
420 if (hdev->voice_setting == setting)
423 hdev->voice_setting = setting;
425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
431 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
433 __u8 status = *((__u8 *) skb->data);
435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
440 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
442 __u8 status = *((__u8 *) skb->data);
445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
463 if (hdev->features[6] & LMP_EXT_INQ)
466 if (hdev->features[3] & LMP_RSSI_INQ)
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
470 hdev->lmp_subver == 0x0757)
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
483 hdev->lmp_subver == 0x1805)
489 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
493 mode = hci_get_inquiry_mode(hdev);
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
498 static void hci_setup_event_mask(struct hci_dev *hdev)
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
510 events[4] |= 0x01; /* Flow Specification Complete */
511 events[4] |= 0x02; /* Inquiry Result with RSSI */
512 events[4] |= 0x04; /* Read Remote Extended Features Complete */
513 events[5] |= 0x08; /* Synchronous Connection Complete */
514 events[5] |= 0x10; /* Synchronous Connection Changed */
516 if (hdev->features[3] & LMP_RSSI_INQ)
517 events[4] |= 0x02; /* Inquiry Result with RSSI */
519 if (lmp_sniffsubr_capable(hdev))
520 events[5] |= 0x20; /* Sniff Subrating */
522 if (hdev->features[5] & LMP_PAUSE_ENC)
523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
525 if (hdev->features[6] & LMP_EXT_INQ)
526 events[5] |= 0x40; /* Extended Inquiry Result */
528 if (lmp_no_flush_capable(hdev))
529 events[7] |= 0x01; /* Enhanced Flush Complete */
531 if (hdev->features[7] & LMP_LSTO)
532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
534 if (lmp_ssp_capable(hdev)) {
535 events[6] |= 0x01; /* IO Capability Request */
536 events[6] |= 0x02; /* IO Capability Response */
537 events[6] |= 0x04; /* User Confirmation Request */
538 events[6] |= 0x08; /* User Passkey Request */
539 events[6] |= 0x10; /* Remote OOB Data Request */
540 events[6] |= 0x20; /* Simple Pairing Complete */
541 events[7] |= 0x04; /* User Passkey Notification */
542 events[7] |= 0x08; /* Keypress Notification */
543 events[7] |= 0x10; /* Remote Host Supported
544 * Features Notification */
547 if (lmp_le_capable(hdev))
548 events[7] |= 0x20; /* LE Meta-Event */
550 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
553 static void hci_setup(struct hci_dev *hdev)
555 if (hdev->dev_type != HCI_BREDR)
558 hci_setup_event_mask(hdev);
560 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
561 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
563 if (lmp_ssp_capable(hdev)) {
564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
567 sizeof(mode), &mode);
569 struct hci_cp_write_eir cp;
571 memset(hdev->eir, 0, sizeof(hdev->eir));
572 memset(&cp, 0, sizeof(cp));
574 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
578 if (hdev->features[3] & LMP_RSSI_INQ)
579 hci_setup_inquiry_mode(hdev);
581 if (hdev->features[7] & LMP_INQ_TX_PWR)
582 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
584 if (hdev->features[7] & LMP_EXTFEATURES) {
585 struct hci_cp_read_local_ext_features cp;
588 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
592 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
594 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
599 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
608 hdev->hci_ver = rp->hci_ver;
609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
610 hdev->lmp_ver = rp->lmp_ver;
611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
614 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
615 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
617 if (test_bit(HCI_INIT, &hdev->flags))
621 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
624 static void hci_setup_link_policy(struct hci_dev *hdev)
626 struct hci_cp_write_def_link_policy cp;
629 if (lmp_rswitch_capable(hdev))
630 link_policy |= HCI_LP_RSWITCH;
631 if (hdev->features[0] & LMP_HOLD)
632 link_policy |= HCI_LP_HOLD;
633 if (lmp_sniff_capable(hdev))
634 link_policy |= HCI_LP_SNIFF;
635 if (hdev->features[1] & LMP_PARK)
636 link_policy |= HCI_LP_PARK;
638 cp.policy = cpu_to_le16(link_policy);
639 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
642 static void hci_cc_read_local_commands(struct hci_dev *hdev,
645 struct hci_rp_read_local_commands *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
654 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
655 hci_setup_link_policy(hdev);
658 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
661 static void hci_cc_read_local_features(struct hci_dev *hdev,
664 struct hci_rp_read_local_features *rp = (void *) skb->data;
666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
671 memcpy(hdev->features, rp->features, 8);
673 /* Adjust default settings according to features
674 * supported by device. */
676 if (hdev->features[0] & LMP_3SLOT)
677 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
679 if (hdev->features[0] & LMP_5SLOT)
680 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
682 if (hdev->features[1] & LMP_HV2) {
683 hdev->pkt_type |= (HCI_HV2);
684 hdev->esco_type |= (ESCO_HV2);
687 if (hdev->features[1] & LMP_HV3) {
688 hdev->pkt_type |= (HCI_HV3);
689 hdev->esco_type |= (ESCO_HV3);
692 if (lmp_esco_capable(hdev))
693 hdev->esco_type |= (ESCO_EV3);
695 if (hdev->features[4] & LMP_EV4)
696 hdev->esco_type |= (ESCO_EV4);
698 if (hdev->features[4] & LMP_EV5)
699 hdev->esco_type |= (ESCO_EV5);
701 if (hdev->features[5] & LMP_EDR_ESCO_2M)
702 hdev->esco_type |= (ESCO_2EV3);
704 if (hdev->features[5] & LMP_EDR_ESCO_3M)
705 hdev->esco_type |= (ESCO_3EV3);
707 if (hdev->features[5] & LMP_EDR_3S_ESCO)
708 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
710 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
711 hdev->features[0], hdev->features[1],
712 hdev->features[2], hdev->features[3],
713 hdev->features[4], hdev->features[5],
714 hdev->features[6], hdev->features[7]);
717 static void hci_set_le_support(struct hci_dev *hdev)
719 struct hci_cp_write_le_host_supported cp;
721 memset(&cp, 0, sizeof(cp));
723 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
725 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
728 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
729 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
733 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
736 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
745 memcpy(hdev->features, rp->features, 8);
748 memcpy(hdev->host_features, rp->features, 8);
752 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
753 hci_set_le_support(hdev);
756 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
759 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
762 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 hdev->flow_ctl_mode = rp->mode;
771 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
774 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
776 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
778 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
783 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
784 hdev->sco_mtu = rp->sco_mtu;
785 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
786 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
788 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
793 hdev->acl_cnt = hdev->acl_pkts;
794 hdev->sco_cnt = hdev->sco_pkts;
796 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
797 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
800 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
802 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
804 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
807 bacpy(&hdev->bdaddr, &rp->bdaddr);
809 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
812 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
815 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
817 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
822 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
823 hdev->block_len = __le16_to_cpu(rp->block_len);
824 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
826 hdev->block_cnt = hdev->num_blocks;
828 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
829 hdev->block_cnt, hdev->block_len);
831 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
834 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
836 __u8 status = *((__u8 *) skb->data);
838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
840 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
843 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
846 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853 hdev->amp_status = rp->amp_status;
854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
855 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
856 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
857 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
858 hdev->amp_type = rp->amp_type;
859 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
860 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
861 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
867 a2mp_send_getinfo_rsp(hdev);
870 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
885 if (rem_len > frag_len) {
886 BT_DBG("frag_len %ld rem_len %ld", frag_len, rem_len);
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
904 a2mp_send_create_phy_link_req(hdev, rp->status);
907 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
910 __u8 status = *((__u8 *) skb->data);
912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
914 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
917 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
919 __u8 status = *((__u8 *) skb->data);
921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
923 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
926 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
929 __u8 status = *((__u8 *) skb->data);
931 BT_DBG("%s status 0x%2.2x", hdev->name, status);
933 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
936 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
939 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
944 hdev->inq_tx_power = rp->tx_power;
946 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
949 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
951 __u8 status = *((__u8 *) skb->data);
953 BT_DBG("%s status 0x%2.2x", hdev->name, status);
955 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
958 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
960 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
961 struct hci_cp_pin_code_reply *cp;
962 struct hci_conn *conn;
964 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
969 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
974 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
980 conn->pin_length = cp->pin_len;
983 hci_dev_unlock(hdev);
986 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
988 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
995 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
998 hci_dev_unlock(hdev);
1001 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1004 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1006 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1011 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1012 hdev->le_pkts = rp->le_max_pkt;
1014 hdev->le_cnt = hdev->le_pkts;
1016 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1018 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1021 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1029 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1030 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1033 hci_dev_unlock(hdev);
1036 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1041 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1045 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1046 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1047 ACL_LINK, 0, rp->status);
1049 hci_dev_unlock(hdev);
1052 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1054 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1060 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1061 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1064 hci_dev_unlock(hdev);
1067 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1070 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1072 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1076 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1077 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1078 ACL_LINK, 0, rp->status);
1080 hci_dev_unlock(hdev);
1083 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1084 struct sk_buff *skb)
1086 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1088 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1092 rp->randomizer, rp->status);
1093 hci_dev_unlock(hdev);
1096 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1098 __u8 status = *((__u8 *) skb->data);
1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1102 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1106 mgmt_start_discovery_failed(hdev, status);
1107 hci_dev_unlock(hdev);
1112 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1113 struct sk_buff *skb)
1115 struct hci_cp_le_set_scan_enable *cp;
1116 __u8 status = *((__u8 *) skb->data);
1118 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1120 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1124 switch (cp->enable) {
1125 case LE_SCANNING_ENABLED:
1126 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1130 mgmt_start_discovery_failed(hdev, status);
1131 hci_dev_unlock(hdev);
1135 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1138 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1139 hci_dev_unlock(hdev);
1142 case LE_SCANNING_DISABLED:
1145 mgmt_stop_discovery_failed(hdev, status);
1146 hci_dev_unlock(hdev);
1150 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1152 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1153 hdev->discovery.state == DISCOVERY_FINDING) {
1154 mgmt_interleaved_discovery(hdev);
1157 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1158 hci_dev_unlock(hdev);
1164 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1169 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1171 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1173 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1178 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1181 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1183 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1190 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1193 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1194 struct sk_buff *skb)
1196 struct hci_cp_write_le_host_supported *sent;
1197 __u8 status = *((__u8 *) skb->data);
1199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1201 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1207 hdev->host_features[0] |= LMP_HOST_LE;
1209 hdev->host_features[0] &= ~LMP_HOST_LE;
1212 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1213 !test_bit(HCI_INIT, &hdev->flags))
1214 mgmt_le_enable_complete(hdev, sent->le, status);
1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1219 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1233 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1238 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1239 hci_conn_check_pending(hdev);
1241 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1242 mgmt_start_discovery_failed(hdev, status);
1243 hci_dev_unlock(hdev);
1247 set_bit(HCI_INQUIRY, &hdev->flags);
1250 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1251 hci_dev_unlock(hdev);
1254 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1256 struct hci_cp_create_conn *cp;
1257 struct hci_conn *conn;
1259 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1261 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1269 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1272 if (conn && conn->state == BT_CONNECT) {
1273 if (status != 0x0c || conn->attempt > 2) {
1274 conn->state = BT_CLOSED;
1275 hci_proto_connect_cfm(conn, status);
1278 conn->state = BT_CONNECT2;
1282 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1285 conn->link_mode |= HCI_LM_MASTER;
1287 BT_ERR("No memory for new connection");
1291 hci_dev_unlock(hdev);
1294 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1296 struct hci_cp_add_sco *cp;
1297 struct hci_conn *acl, *sco;
1300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1309 handle = __le16_to_cpu(cp->handle);
1311 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1315 acl = hci_conn_hash_lookup_handle(hdev, handle);
1319 sco->state = BT_CLOSED;
1321 hci_proto_connect_cfm(sco, status);
1326 hci_dev_unlock(hdev);
1329 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1331 struct hci_cp_auth_requested *cp;
1332 struct hci_conn *conn;
1334 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1339 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347 if (conn->state == BT_CONFIG) {
1348 hci_proto_connect_cfm(conn, status);
1353 hci_dev_unlock(hdev);
1356 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1358 struct hci_cp_set_conn_encrypt *cp;
1359 struct hci_conn *conn;
1361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1366 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1374 if (conn->state == BT_CONFIG) {
1375 hci_proto_connect_cfm(conn, status);
1380 hci_dev_unlock(hdev);
1383 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1384 struct hci_conn *conn)
1386 if (conn->state != BT_CONFIG || !conn->out)
1389 if (conn->pending_sec_level == BT_SECURITY_SDP)
1392 /* Only request authentication for SSP connections or non-SSP
1393 * devices with sec_level HIGH or if MITM protection is requested */
1394 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1395 conn->pending_sec_level != BT_SECURITY_HIGH)
1401 static int hci_resolve_name(struct hci_dev *hdev,
1402 struct inquiry_entry *e)
1404 struct hci_cp_remote_name_req cp;
1406 memset(&cp, 0, sizeof(cp));
1408 bacpy(&cp.bdaddr, &e->data.bdaddr);
1409 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1410 cp.pscan_mode = e->data.pscan_mode;
1411 cp.clock_offset = e->data.clock_offset;
1413 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1416 static bool hci_resolve_next_name(struct hci_dev *hdev)
1418 struct discovery_state *discov = &hdev->discovery;
1419 struct inquiry_entry *e;
1421 if (list_empty(&discov->resolve))
1424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1428 if (hci_resolve_name(hdev, e) == 0) {
1429 e->name_state = NAME_PENDING;
1436 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1437 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1439 struct discovery_state *discov = &hdev->discovery;
1440 struct inquiry_entry *e;
1442 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1443 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1444 name_len, conn->dev_class);
1446 if (discov->state == DISCOVERY_STOPPED)
1449 if (discov->state == DISCOVERY_STOPPING)
1450 goto discov_complete;
1452 if (discov->state != DISCOVERY_RESOLVING)
1455 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1456 /* If the device was not found in a list of found devices names of which
1457 * are pending. there is no need to continue resolving a next name as it
1458 * will be done upon receiving another Remote Name Request Complete
1465 e->name_state = NAME_KNOWN;
1466 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1467 e->data.rssi, name, name_len);
1469 e->name_state = NAME_NOT_KNOWN;
1472 if (hci_resolve_next_name(hdev))
1476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1479 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1481 struct hci_cp_remote_name_req *cp;
1482 struct hci_conn *conn;
1484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1486 /* If successful wait for the name req complete event before
1487 * checking for the need to do authentication */
1491 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1499 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1500 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1505 if (!hci_outgoing_auth_needed(hdev, conn))
1508 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1509 struct hci_cp_auth_requested cp;
1510 cp.handle = __cpu_to_le16(conn->handle);
1511 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1515 hci_dev_unlock(hdev);
1518 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1520 struct hci_cp_read_remote_features *cp;
1521 struct hci_conn *conn;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1536 if (conn->state == BT_CONFIG) {
1537 hci_proto_connect_cfm(conn, status);
1542 hci_dev_unlock(hdev);
1545 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1547 struct hci_cp_read_remote_ext_features *cp;
1548 struct hci_conn *conn;
1550 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1563 if (conn->state == BT_CONFIG) {
1564 hci_proto_connect_cfm(conn, status);
1569 hci_dev_unlock(hdev);
1572 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1574 struct hci_cp_setup_sync_conn *cp;
1575 struct hci_conn *acl, *sco;
1578 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1587 handle = __le16_to_cpu(cp->handle);
1589 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1593 acl = hci_conn_hash_lookup_handle(hdev, handle);
1597 sco->state = BT_CLOSED;
1599 hci_proto_connect_cfm(sco, status);
1604 hci_dev_unlock(hdev);
1607 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1609 struct hci_cp_sniff_mode *cp;
1610 struct hci_conn *conn;
1612 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1617 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1625 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1627 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1628 hci_sco_setup(conn, status);
1631 hci_dev_unlock(hdev);
1634 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1636 struct hci_cp_exit_sniff_mode *cp;
1637 struct hci_conn *conn;
1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1644 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1650 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1652 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1654 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1655 hci_sco_setup(conn, status);
1658 hci_dev_unlock(hdev);
1661 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1663 struct hci_cp_disconnect *cp;
1664 struct hci_conn *conn;
1669 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1677 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1678 conn->dst_type, status);
1680 hci_dev_unlock(hdev);
1683 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1685 struct hci_conn *conn;
1687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1692 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1694 hci_dev_unlock(hdev);
1698 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
1701 conn->state = BT_CLOSED;
1702 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1703 conn->dst_type, status);
1704 hci_proto_connect_cfm(conn, status);
1707 hci_dev_unlock(hdev);
1711 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1713 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1716 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1718 struct hci_cp_create_phy_link *cp;
1720 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1725 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1729 amp_write_remote_assoc(hdev, cp->phy_handle);
1732 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1734 struct hci_cp_accept_phy_link *cp;
1736 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1741 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1745 amp_write_remote_assoc(hdev, cp->phy_handle);
1748 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1750 __u8 status = *((__u8 *) skb->data);
1751 struct discovery_state *discov = &hdev->discovery;
1752 struct inquiry_entry *e;
1754 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1756 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1758 hci_conn_check_pending(hdev);
1760 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1763 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1768 if (discov->state != DISCOVERY_FINDING)
1771 if (list_empty(&discov->resolve)) {
1772 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1776 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1777 if (e && hci_resolve_name(hdev, e) == 0) {
1778 e->name_state = NAME_PENDING;
1779 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1781 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1785 hci_dev_unlock(hdev);
1788 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1790 struct inquiry_data data;
1791 struct inquiry_info *info = (void *) (skb->data + 1);
1792 int num_rsp = *((__u8 *) skb->data);
1794 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1799 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1804 for (; num_rsp; num_rsp--, info++) {
1805 bool name_known, ssp;
1807 bacpy(&data.bdaddr, &info->bdaddr);
1808 data.pscan_rep_mode = info->pscan_rep_mode;
1809 data.pscan_period_mode = info->pscan_period_mode;
1810 data.pscan_mode = info->pscan_mode;
1811 memcpy(data.dev_class, info->dev_class, 3);
1812 data.clock_offset = info->clock_offset;
1814 data.ssp_mode = 0x00;
1816 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1817 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1818 info->dev_class, 0, !name_known, ssp, NULL,
1822 hci_dev_unlock(hdev);
1825 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1827 struct hci_ev_conn_complete *ev = (void *) skb->data;
1828 struct hci_conn *conn;
1830 BT_DBG("%s", hdev->name);
1834 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1836 if (ev->link_type != SCO_LINK)
1839 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1843 conn->type = SCO_LINK;
1847 conn->handle = __le16_to_cpu(ev->handle);
1849 if (conn->type == ACL_LINK) {
1850 conn->state = BT_CONFIG;
1851 hci_conn_hold(conn);
1853 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1854 !hci_find_link_key(hdev, &ev->bdaddr))
1855 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1857 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1859 conn->state = BT_CONNECTED;
1861 hci_conn_hold_device(conn);
1862 hci_conn_add_sysfs(conn);
1864 if (test_bit(HCI_AUTH, &hdev->flags))
1865 conn->link_mode |= HCI_LM_AUTH;
1867 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1868 conn->link_mode |= HCI_LM_ENCRYPT;
1870 /* Get remote features */
1871 if (conn->type == ACL_LINK) {
1872 struct hci_cp_read_remote_features cp;
1873 cp.handle = ev->handle;
1874 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1878 /* Set packet type for incoming connection */
1879 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1880 struct hci_cp_change_conn_ptype cp;
1881 cp.handle = ev->handle;
1882 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1883 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1887 conn->state = BT_CLOSED;
1888 if (conn->type == ACL_LINK)
1889 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1890 conn->dst_type, ev->status);
1893 if (conn->type == ACL_LINK)
1894 hci_sco_setup(conn, ev->status);
1897 hci_proto_connect_cfm(conn, ev->status);
1899 } else if (ev->link_type != ACL_LINK)
1900 hci_proto_connect_cfm(conn, ev->status);
1903 hci_dev_unlock(hdev);
1905 hci_conn_check_pending(hdev);
1908 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1910 struct hci_ev_conn_request *ev = (void *) skb->data;
1911 int mask = hdev->link_mode;
1913 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1916 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1918 if ((mask & HCI_LM_ACCEPT) &&
1919 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1920 /* Connection accepted */
1921 struct inquiry_entry *ie;
1922 struct hci_conn *conn;
1926 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1928 memcpy(ie->data.dev_class, ev->dev_class, 3);
1930 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1933 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1935 BT_ERR("No memory for new connection");
1936 hci_dev_unlock(hdev);
1941 memcpy(conn->dev_class, ev->dev_class, 3);
1942 conn->state = BT_CONNECT;
1944 hci_dev_unlock(hdev);
1946 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1947 struct hci_cp_accept_conn_req cp;
1949 bacpy(&cp.bdaddr, &ev->bdaddr);
1951 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1952 cp.role = 0x00; /* Become master */
1954 cp.role = 0x01; /* Remain slave */
1956 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1959 struct hci_cp_accept_sync_conn_req cp;
1961 bacpy(&cp.bdaddr, &ev->bdaddr);
1962 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1964 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1965 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1966 cp.max_latency = __constant_cpu_to_le16(0xffff);
1967 cp.content_format = cpu_to_le16(hdev->voice_setting);
1968 cp.retrans_effort = 0xff;
1970 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1974 /* Connection rejected */
1975 struct hci_cp_reject_conn_req cp;
1977 bacpy(&cp.bdaddr, &ev->bdaddr);
1978 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1979 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1983 static u8 hci_to_mgmt_reason(u8 err)
1986 case HCI_ERROR_CONNECTION_TIMEOUT:
1987 return MGMT_DEV_DISCONN_TIMEOUT;
1988 case HCI_ERROR_REMOTE_USER_TERM:
1989 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1990 case HCI_ERROR_REMOTE_POWER_OFF:
1991 return MGMT_DEV_DISCONN_REMOTE;
1992 case HCI_ERROR_LOCAL_HOST_TERM:
1993 return MGMT_DEV_DISCONN_LOCAL_HOST;
1995 return MGMT_DEV_DISCONN_UNKNOWN;
1999 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2001 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2002 struct hci_conn *conn;
2004 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2008 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2012 if (ev->status == 0)
2013 conn->state = BT_CLOSED;
2015 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2016 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2018 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2019 conn->dst_type, ev->status);
2021 u8 reason = hci_to_mgmt_reason(ev->reason);
2023 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2024 conn->dst_type, reason);
2028 if (ev->status == 0) {
2029 if (conn->type == ACL_LINK && conn->flush_key)
2030 hci_remove_link_key(hdev, &conn->dst);
2031 hci_proto_disconn_cfm(conn, ev->reason);
2036 hci_dev_unlock(hdev);
2039 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2041 struct hci_ev_auth_complete *ev = (void *) skb->data;
2042 struct hci_conn *conn;
2044 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2048 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2053 if (!hci_conn_ssp_enabled(conn) &&
2054 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2055 BT_INFO("re-auth of legacy device is not possible.");
2057 conn->link_mode |= HCI_LM_AUTH;
2058 conn->sec_level = conn->pending_sec_level;
2061 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2065 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2066 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2068 if (conn->state == BT_CONFIG) {
2069 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2070 struct hci_cp_set_conn_encrypt cp;
2071 cp.handle = ev->handle;
2073 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2076 conn->state = BT_CONNECTED;
2077 hci_proto_connect_cfm(conn, ev->status);
2081 hci_auth_cfm(conn, ev->status);
2083 hci_conn_hold(conn);
2084 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2088 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2090 struct hci_cp_set_conn_encrypt cp;
2091 cp.handle = ev->handle;
2093 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2096 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2097 hci_encrypt_cfm(conn, ev->status, 0x00);
2102 hci_dev_unlock(hdev);
2105 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2107 struct hci_ev_remote_name *ev = (void *) skb->data;
2108 struct hci_conn *conn;
2110 BT_DBG("%s", hdev->name);
2112 hci_conn_check_pending(hdev);
2116 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2118 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2121 if (ev->status == 0)
2122 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2123 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2125 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2131 if (!hci_outgoing_auth_needed(hdev, conn))
2134 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2135 struct hci_cp_auth_requested cp;
2136 cp.handle = __cpu_to_le16(conn->handle);
2137 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2141 hci_dev_unlock(hdev);
2144 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2146 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2147 struct hci_conn *conn;
2149 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2157 /* Encryption implies authentication */
2158 conn->link_mode |= HCI_LM_AUTH;
2159 conn->link_mode |= HCI_LM_ENCRYPT;
2160 conn->sec_level = conn->pending_sec_level;
2162 conn->link_mode &= ~HCI_LM_ENCRYPT;
2165 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2167 if (ev->status && conn->state == BT_CONNECTED) {
2168 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2173 if (conn->state == BT_CONFIG) {
2175 conn->state = BT_CONNECTED;
2177 hci_proto_connect_cfm(conn, ev->status);
2180 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2184 hci_dev_unlock(hdev);
2187 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2188 struct sk_buff *skb)
2190 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2191 struct hci_conn *conn;
2193 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2197 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2200 conn->link_mode |= HCI_LM_SECURE;
2202 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2204 hci_key_change_cfm(conn, ev->status);
2207 hci_dev_unlock(hdev);
2210 static void hci_remote_features_evt(struct hci_dev *hdev,
2211 struct sk_buff *skb)
2213 struct hci_ev_remote_features *ev = (void *) skb->data;
2214 struct hci_conn *conn;
2216 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2220 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2225 memcpy(conn->features, ev->features, 8);
2227 if (conn->state != BT_CONFIG)
2230 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2231 struct hci_cp_read_remote_ext_features cp;
2232 cp.handle = ev->handle;
2234 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2239 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2240 struct hci_cp_remote_name_req cp;
2241 memset(&cp, 0, sizeof(cp));
2242 bacpy(&cp.bdaddr, &conn->dst);
2243 cp.pscan_rep_mode = 0x02;
2244 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2245 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2246 mgmt_device_connected(hdev, &conn->dst, conn->type,
2247 conn->dst_type, 0, NULL, 0,
2250 if (!hci_outgoing_auth_needed(hdev, conn)) {
2251 conn->state = BT_CONNECTED;
2252 hci_proto_connect_cfm(conn, ev->status);
2257 hci_dev_unlock(hdev);
2260 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2262 BT_DBG("%s", hdev->name);
2265 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2266 struct sk_buff *skb)
2268 BT_DBG("%s", hdev->name);
2271 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2273 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2276 skb_pull(skb, sizeof(*ev));
2278 opcode = __le16_to_cpu(ev->opcode);
2281 case HCI_OP_INQUIRY_CANCEL:
2282 hci_cc_inquiry_cancel(hdev, skb);
2285 case HCI_OP_PERIODIC_INQ:
2286 hci_cc_periodic_inq(hdev, skb);
2289 case HCI_OP_EXIT_PERIODIC_INQ:
2290 hci_cc_exit_periodic_inq(hdev, skb);
2293 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2294 hci_cc_remote_name_req_cancel(hdev, skb);
2297 case HCI_OP_ROLE_DISCOVERY:
2298 hci_cc_role_discovery(hdev, skb);
2301 case HCI_OP_READ_LINK_POLICY:
2302 hci_cc_read_link_policy(hdev, skb);
2305 case HCI_OP_WRITE_LINK_POLICY:
2306 hci_cc_write_link_policy(hdev, skb);
2309 case HCI_OP_READ_DEF_LINK_POLICY:
2310 hci_cc_read_def_link_policy(hdev, skb);
2313 case HCI_OP_WRITE_DEF_LINK_POLICY:
2314 hci_cc_write_def_link_policy(hdev, skb);
2318 hci_cc_reset(hdev, skb);
2321 case HCI_OP_WRITE_LOCAL_NAME:
2322 hci_cc_write_local_name(hdev, skb);
2325 case HCI_OP_READ_LOCAL_NAME:
2326 hci_cc_read_local_name(hdev, skb);
2329 case HCI_OP_WRITE_AUTH_ENABLE:
2330 hci_cc_write_auth_enable(hdev, skb);
2333 case HCI_OP_WRITE_ENCRYPT_MODE:
2334 hci_cc_write_encrypt_mode(hdev, skb);
2337 case HCI_OP_WRITE_SCAN_ENABLE:
2338 hci_cc_write_scan_enable(hdev, skb);
2341 case HCI_OP_READ_CLASS_OF_DEV:
2342 hci_cc_read_class_of_dev(hdev, skb);
2345 case HCI_OP_WRITE_CLASS_OF_DEV:
2346 hci_cc_write_class_of_dev(hdev, skb);
2349 case HCI_OP_READ_VOICE_SETTING:
2350 hci_cc_read_voice_setting(hdev, skb);
2353 case HCI_OP_WRITE_VOICE_SETTING:
2354 hci_cc_write_voice_setting(hdev, skb);
2357 case HCI_OP_HOST_BUFFER_SIZE:
2358 hci_cc_host_buffer_size(hdev, skb);
2361 case HCI_OP_WRITE_SSP_MODE:
2362 hci_cc_write_ssp_mode(hdev, skb);
2365 case HCI_OP_READ_LOCAL_VERSION:
2366 hci_cc_read_local_version(hdev, skb);
2369 case HCI_OP_READ_LOCAL_COMMANDS:
2370 hci_cc_read_local_commands(hdev, skb);
2373 case HCI_OP_READ_LOCAL_FEATURES:
2374 hci_cc_read_local_features(hdev, skb);
2377 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2378 hci_cc_read_local_ext_features(hdev, skb);
2381 case HCI_OP_READ_BUFFER_SIZE:
2382 hci_cc_read_buffer_size(hdev, skb);
2385 case HCI_OP_READ_BD_ADDR:
2386 hci_cc_read_bd_addr(hdev, skb);
2389 case HCI_OP_READ_DATA_BLOCK_SIZE:
2390 hci_cc_read_data_block_size(hdev, skb);
2393 case HCI_OP_WRITE_CA_TIMEOUT:
2394 hci_cc_write_ca_timeout(hdev, skb);
2397 case HCI_OP_READ_FLOW_CONTROL_MODE:
2398 hci_cc_read_flow_control_mode(hdev, skb);
2401 case HCI_OP_READ_LOCAL_AMP_INFO:
2402 hci_cc_read_local_amp_info(hdev, skb);
2405 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2406 hci_cc_read_local_amp_assoc(hdev, skb);
2409 case HCI_OP_DELETE_STORED_LINK_KEY:
2410 hci_cc_delete_stored_link_key(hdev, skb);
2413 case HCI_OP_SET_EVENT_MASK:
2414 hci_cc_set_event_mask(hdev, skb);
2417 case HCI_OP_WRITE_INQUIRY_MODE:
2418 hci_cc_write_inquiry_mode(hdev, skb);
2421 case HCI_OP_READ_INQ_RSP_TX_POWER:
2422 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2425 case HCI_OP_SET_EVENT_FLT:
2426 hci_cc_set_event_flt(hdev, skb);
2429 case HCI_OP_PIN_CODE_REPLY:
2430 hci_cc_pin_code_reply(hdev, skb);
2433 case HCI_OP_PIN_CODE_NEG_REPLY:
2434 hci_cc_pin_code_neg_reply(hdev, skb);
2437 case HCI_OP_READ_LOCAL_OOB_DATA:
2438 hci_cc_read_local_oob_data_reply(hdev, skb);
2441 case HCI_OP_LE_READ_BUFFER_SIZE:
2442 hci_cc_le_read_buffer_size(hdev, skb);
2445 case HCI_OP_USER_CONFIRM_REPLY:
2446 hci_cc_user_confirm_reply(hdev, skb);
2449 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2450 hci_cc_user_confirm_neg_reply(hdev, skb);
2453 case HCI_OP_USER_PASSKEY_REPLY:
2454 hci_cc_user_passkey_reply(hdev, skb);
2457 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2458 hci_cc_user_passkey_neg_reply(hdev, skb);
2461 case HCI_OP_LE_SET_SCAN_PARAM:
2462 hci_cc_le_set_scan_param(hdev, skb);
2465 case HCI_OP_LE_SET_SCAN_ENABLE:
2466 hci_cc_le_set_scan_enable(hdev, skb);
2469 case HCI_OP_LE_LTK_REPLY:
2470 hci_cc_le_ltk_reply(hdev, skb);
2473 case HCI_OP_LE_LTK_NEG_REPLY:
2474 hci_cc_le_ltk_neg_reply(hdev, skb);
2477 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2478 hci_cc_write_le_host_supported(hdev, skb);
2481 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2482 hci_cc_write_remote_amp_assoc(hdev, skb);
2486 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2490 if (ev->opcode != HCI_OP_NOP)
2491 del_timer(&hdev->cmd_timer);
2494 atomic_set(&hdev->cmd_cnt, 1);
2495 if (!skb_queue_empty(&hdev->cmd_q))
2496 queue_work(hdev->workqueue, &hdev->cmd_work);
2500 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2502 struct hci_ev_cmd_status *ev = (void *) skb->data;
2505 skb_pull(skb, sizeof(*ev));
2507 opcode = __le16_to_cpu(ev->opcode);
2510 case HCI_OP_INQUIRY:
2511 hci_cs_inquiry(hdev, ev->status);
2514 case HCI_OP_CREATE_CONN:
2515 hci_cs_create_conn(hdev, ev->status);
2518 case HCI_OP_ADD_SCO:
2519 hci_cs_add_sco(hdev, ev->status);
2522 case HCI_OP_AUTH_REQUESTED:
2523 hci_cs_auth_requested(hdev, ev->status);
2526 case HCI_OP_SET_CONN_ENCRYPT:
2527 hci_cs_set_conn_encrypt(hdev, ev->status);
2530 case HCI_OP_REMOTE_NAME_REQ:
2531 hci_cs_remote_name_req(hdev, ev->status);
2534 case HCI_OP_READ_REMOTE_FEATURES:
2535 hci_cs_read_remote_features(hdev, ev->status);
2538 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2539 hci_cs_read_remote_ext_features(hdev, ev->status);
2542 case HCI_OP_SETUP_SYNC_CONN:
2543 hci_cs_setup_sync_conn(hdev, ev->status);
2546 case HCI_OP_SNIFF_MODE:
2547 hci_cs_sniff_mode(hdev, ev->status);
2550 case HCI_OP_EXIT_SNIFF_MODE:
2551 hci_cs_exit_sniff_mode(hdev, ev->status);
2554 case HCI_OP_DISCONNECT:
2555 hci_cs_disconnect(hdev, ev->status);
2558 case HCI_OP_LE_CREATE_CONN:
2559 hci_cs_le_create_conn(hdev, ev->status);
2562 case HCI_OP_LE_START_ENC:
2563 hci_cs_le_start_enc(hdev, ev->status);
2566 case HCI_OP_CREATE_PHY_LINK:
2567 hci_cs_create_phylink(hdev, ev->status);
2570 case HCI_OP_ACCEPT_PHY_LINK:
2571 hci_cs_accept_phylink(hdev, ev->status);
2575 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2579 if (ev->opcode != HCI_OP_NOP)
2580 del_timer(&hdev->cmd_timer);
2582 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2583 atomic_set(&hdev->cmd_cnt, 1);
2584 if (!skb_queue_empty(&hdev->cmd_q))
2585 queue_work(hdev->workqueue, &hdev->cmd_work);
2589 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2591 struct hci_ev_role_change *ev = (void *) skb->data;
2592 struct hci_conn *conn;
2594 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2602 conn->link_mode &= ~HCI_LM_MASTER;
2604 conn->link_mode |= HCI_LM_MASTER;
2607 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2609 hci_role_switch_cfm(conn, ev->status, ev->role);
2612 hci_dev_unlock(hdev);
2615 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2617 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2620 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2621 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2625 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2626 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2627 BT_DBG("%s bad parameters", hdev->name);
2631 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2633 for (i = 0; i < ev->num_hndl; i++) {
2634 struct hci_comp_pkts_info *info = &ev->handles[i];
2635 struct hci_conn *conn;
2636 __u16 handle, count;
2638 handle = __le16_to_cpu(info->handle);
2639 count = __le16_to_cpu(info->count);
2641 conn = hci_conn_hash_lookup_handle(hdev, handle);
2645 conn->sent -= count;
2647 switch (conn->type) {
2649 hdev->acl_cnt += count;
2650 if (hdev->acl_cnt > hdev->acl_pkts)
2651 hdev->acl_cnt = hdev->acl_pkts;
2655 if (hdev->le_pkts) {
2656 hdev->le_cnt += count;
2657 if (hdev->le_cnt > hdev->le_pkts)
2658 hdev->le_cnt = hdev->le_pkts;
2660 hdev->acl_cnt += count;
2661 if (hdev->acl_cnt > hdev->acl_pkts)
2662 hdev->acl_cnt = hdev->acl_pkts;
2667 hdev->sco_cnt += count;
2668 if (hdev->sco_cnt > hdev->sco_pkts)
2669 hdev->sco_cnt = hdev->sco_pkts;
2673 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2678 queue_work(hdev->workqueue, &hdev->tx_work);
2681 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2683 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2686 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2687 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2691 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2692 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2693 BT_DBG("%s bad parameters", hdev->name);
2697 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2700 for (i = 0; i < ev->num_hndl; i++) {
2701 struct hci_comp_blocks_info *info = &ev->handles[i];
2702 struct hci_conn *conn;
2703 __u16 handle, block_count;
2705 handle = __le16_to_cpu(info->handle);
2706 block_count = __le16_to_cpu(info->blocks);
2708 conn = hci_conn_hash_lookup_handle(hdev, handle);
2712 conn->sent -= block_count;
2714 switch (conn->type) {
2716 hdev->block_cnt += block_count;
2717 if (hdev->block_cnt > hdev->num_blocks)
2718 hdev->block_cnt = hdev->num_blocks;
2722 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2727 queue_work(hdev->workqueue, &hdev->tx_work);
2730 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2732 struct hci_ev_mode_change *ev = (void *) skb->data;
2733 struct hci_conn *conn;
2735 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2739 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2741 conn->mode = ev->mode;
2742 conn->interval = __le16_to_cpu(ev->interval);
2744 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2746 if (conn->mode == HCI_CM_ACTIVE)
2747 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2749 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2752 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2753 hci_sco_setup(conn, ev->status);
2756 hci_dev_unlock(hdev);
2759 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2761 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2762 struct hci_conn *conn;
2764 BT_DBG("%s", hdev->name);
2768 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2772 if (conn->state == BT_CONNECTED) {
2773 hci_conn_hold(conn);
2774 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2778 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2779 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2780 sizeof(ev->bdaddr), &ev->bdaddr);
2781 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2784 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2789 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2793 hci_dev_unlock(hdev);
2796 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2798 struct hci_ev_link_key_req *ev = (void *) skb->data;
2799 struct hci_cp_link_key_reply cp;
2800 struct hci_conn *conn;
2801 struct link_key *key;
2803 BT_DBG("%s", hdev->name);
2805 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2810 key = hci_find_link_key(hdev, &ev->bdaddr);
2812 BT_DBG("%s link key not found for %s", hdev->name,
2813 batostr(&ev->bdaddr));
2817 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2818 batostr(&ev->bdaddr));
2820 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2821 key->type == HCI_LK_DEBUG_COMBINATION) {
2822 BT_DBG("%s ignoring debug key", hdev->name);
2826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2828 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2829 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2830 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2834 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2835 conn->pending_sec_level == BT_SECURITY_HIGH) {
2836 BT_DBG("%s ignoring key unauthenticated for high security",
2841 conn->key_type = key->type;
2842 conn->pin_length = key->pin_len;
2845 bacpy(&cp.bdaddr, &ev->bdaddr);
2846 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2848 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2850 hci_dev_unlock(hdev);
2855 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2856 hci_dev_unlock(hdev);
2859 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2861 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2862 struct hci_conn *conn;
2865 BT_DBG("%s", hdev->name);
2869 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2871 hci_conn_hold(conn);
2872 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2873 pin_len = conn->pin_length;
2875 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2876 conn->key_type = ev->key_type;
2881 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2882 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2883 ev->key_type, pin_len);
2885 hci_dev_unlock(hdev);
2888 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2890 struct hci_ev_clock_offset *ev = (void *) skb->data;
2891 struct hci_conn *conn;
2893 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2897 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2898 if (conn && !ev->status) {
2899 struct inquiry_entry *ie;
2901 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2903 ie->data.clock_offset = ev->clock_offset;
2904 ie->timestamp = jiffies;
2908 hci_dev_unlock(hdev);
2911 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2913 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2914 struct hci_conn *conn;
2916 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2920 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2921 if (conn && !ev->status)
2922 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2924 hci_dev_unlock(hdev);
2927 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2929 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2930 struct inquiry_entry *ie;
2932 BT_DBG("%s", hdev->name);
2936 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2938 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2939 ie->timestamp = jiffies;
2942 hci_dev_unlock(hdev);
2945 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2946 struct sk_buff *skb)
2948 struct inquiry_data data;
2949 int num_rsp = *((__u8 *) skb->data);
2950 bool name_known, ssp;
2952 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2957 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2962 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2963 struct inquiry_info_with_rssi_and_pscan_mode *info;
2964 info = (void *) (skb->data + 1);
2966 for (; num_rsp; num_rsp--, info++) {
2967 bacpy(&data.bdaddr, &info->bdaddr);
2968 data.pscan_rep_mode = info->pscan_rep_mode;
2969 data.pscan_period_mode = info->pscan_period_mode;
2970 data.pscan_mode = info->pscan_mode;
2971 memcpy(data.dev_class, info->dev_class, 3);
2972 data.clock_offset = info->clock_offset;
2973 data.rssi = info->rssi;
2974 data.ssp_mode = 0x00;
2976 name_known = hci_inquiry_cache_update(hdev, &data,
2978 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2979 info->dev_class, info->rssi,
2980 !name_known, ssp, NULL, 0);
2983 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2985 for (; num_rsp; num_rsp--, info++) {
2986 bacpy(&data.bdaddr, &info->bdaddr);
2987 data.pscan_rep_mode = info->pscan_rep_mode;
2988 data.pscan_period_mode = info->pscan_period_mode;
2989 data.pscan_mode = 0x00;
2990 memcpy(data.dev_class, info->dev_class, 3);
2991 data.clock_offset = info->clock_offset;
2992 data.rssi = info->rssi;
2993 data.ssp_mode = 0x00;
2994 name_known = hci_inquiry_cache_update(hdev, &data,
2996 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2997 info->dev_class, info->rssi,
2998 !name_known, ssp, NULL, 0);
3002 hci_dev_unlock(hdev);
3005 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3006 struct sk_buff *skb)
3008 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3009 struct hci_conn *conn;
3011 BT_DBG("%s", hdev->name);
3015 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3019 if (!ev->status && ev->page == 0x01) {
3020 struct inquiry_entry *ie;
3022 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3024 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3026 if (ev->features[0] & LMP_HOST_SSP)
3027 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3030 if (conn->state != BT_CONFIG)
3033 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3034 struct hci_cp_remote_name_req cp;
3035 memset(&cp, 0, sizeof(cp));
3036 bacpy(&cp.bdaddr, &conn->dst);
3037 cp.pscan_rep_mode = 0x02;
3038 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3039 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3040 mgmt_device_connected(hdev, &conn->dst, conn->type,
3041 conn->dst_type, 0, NULL, 0,
3044 if (!hci_outgoing_auth_needed(hdev, conn)) {
3045 conn->state = BT_CONNECTED;
3046 hci_proto_connect_cfm(conn, ev->status);
3051 hci_dev_unlock(hdev);
3054 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3055 struct sk_buff *skb)
3057 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3058 struct hci_conn *conn;
3060 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3064 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3066 if (ev->link_type == ESCO_LINK)
3069 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3073 conn->type = SCO_LINK;
3076 switch (ev->status) {
3078 conn->handle = __le16_to_cpu(ev->handle);
3079 conn->state = BT_CONNECTED;
3081 hci_conn_hold_device(conn);
3082 hci_conn_add_sysfs(conn);
3085 case 0x11: /* Unsupported Feature or Parameter Value */
3086 case 0x1c: /* SCO interval rejected */
3087 case 0x1a: /* Unsupported Remote Feature */
3088 case 0x1f: /* Unspecified error */
3089 if (conn->out && conn->attempt < 2) {
3090 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3091 (hdev->esco_type & EDR_ESCO_MASK);
3092 hci_setup_sync(conn, conn->link->handle);
3098 conn->state = BT_CLOSED;
3102 hci_proto_connect_cfm(conn, ev->status);
3107 hci_dev_unlock(hdev);
3110 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3112 BT_DBG("%s", hdev->name);
3115 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3117 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3119 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3122 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3123 struct sk_buff *skb)
3125 struct inquiry_data data;
3126 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3127 int num_rsp = *((__u8 *) skb->data);
3130 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3135 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3140 for (; num_rsp; num_rsp--, info++) {
3141 bool name_known, ssp;
3143 bacpy(&data.bdaddr, &info->bdaddr);
3144 data.pscan_rep_mode = info->pscan_rep_mode;
3145 data.pscan_period_mode = info->pscan_period_mode;
3146 data.pscan_mode = 0x00;
3147 memcpy(data.dev_class, info->dev_class, 3);
3148 data.clock_offset = info->clock_offset;
3149 data.rssi = info->rssi;
3150 data.ssp_mode = 0x01;
3152 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3153 name_known = eir_has_data_type(info->data,
3159 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3161 eir_len = eir_get_length(info->data, sizeof(info->data));
3162 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3163 info->dev_class, info->rssi, !name_known,
3164 ssp, info->data, eir_len);
3167 hci_dev_unlock(hdev);
3170 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3171 struct sk_buff *skb)
3173 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3174 struct hci_conn *conn;
3176 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3177 __le16_to_cpu(ev->handle));
3181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3186 conn->sec_level = conn->pending_sec_level;
3188 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3190 if (ev->status && conn->state == BT_CONNECTED) {
3191 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3196 if (conn->state == BT_CONFIG) {
3198 conn->state = BT_CONNECTED;
3200 hci_proto_connect_cfm(conn, ev->status);
3203 hci_auth_cfm(conn, ev->status);
3205 hci_conn_hold(conn);
3206 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3211 hci_dev_unlock(hdev);
3214 static u8 hci_get_auth_req(struct hci_conn *conn)
3216 /* If remote requests dedicated bonding follow that lead */
3217 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3218 /* If both remote and local IO capabilities allow MITM
3219 * protection then require it, otherwise don't */
3220 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3226 /* If remote requests no-bonding follow that lead */
3227 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3228 return conn->remote_auth | (conn->auth_type & 0x01);
3230 return conn->auth_type;
3233 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3235 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3236 struct hci_conn *conn;
3238 BT_DBG("%s", hdev->name);
3242 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3246 hci_conn_hold(conn);
3248 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3251 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3252 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3253 struct hci_cp_io_capability_reply cp;
3255 bacpy(&cp.bdaddr, &ev->bdaddr);
3256 /* Change the IO capability from KeyboardDisplay
3257 * to DisplayYesNo as it is not supported by BT spec. */
3258 cp.capability = (conn->io_capability == 0x04) ?
3259 0x01 : conn->io_capability;
3260 conn->auth_type = hci_get_auth_req(conn);
3261 cp.authentication = conn->auth_type;
3263 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3264 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3269 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3272 struct hci_cp_io_capability_neg_reply cp;
3274 bacpy(&cp.bdaddr, &ev->bdaddr);
3275 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3277 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3282 hci_dev_unlock(hdev);
3285 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3287 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3288 struct hci_conn *conn;
3290 BT_DBG("%s", hdev->name);
3294 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3298 conn->remote_cap = ev->capability;
3299 conn->remote_auth = ev->authentication;
3301 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3304 hci_dev_unlock(hdev);
3307 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3308 struct sk_buff *skb)
3310 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3311 int loc_mitm, rem_mitm, confirm_hint = 0;
3312 struct hci_conn *conn;
3314 BT_DBG("%s", hdev->name);
3318 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3321 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3325 loc_mitm = (conn->auth_type & 0x01);
3326 rem_mitm = (conn->remote_auth & 0x01);
3328 /* If we require MITM but the remote device can't provide that
3329 * (it has NoInputNoOutput) then reject the confirmation
3330 * request. The only exception is when we're dedicated bonding
3331 * initiators (connect_cfm_cb set) since then we always have the MITM
3333 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3334 BT_DBG("Rejecting request: remote device can't provide MITM");
3335 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3336 sizeof(ev->bdaddr), &ev->bdaddr);
3340 /* If no side requires MITM protection; auto-accept */
3341 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3342 (!rem_mitm || conn->io_capability == 0x03)) {
3344 /* If we're not the initiators request authorization to
3345 * proceed from user space (mgmt_user_confirm with
3346 * confirm_hint set to 1). */
3347 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3348 BT_DBG("Confirming auto-accept as acceptor");
3353 BT_DBG("Auto-accept of user confirmation with %ums delay",
3354 hdev->auto_accept_delay);
3356 if (hdev->auto_accept_delay > 0) {
3357 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3358 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3362 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3363 sizeof(ev->bdaddr), &ev->bdaddr);
3368 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3372 hci_dev_unlock(hdev);
3375 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3376 struct sk_buff *skb)
3378 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3380 BT_DBG("%s", hdev->name);
3382 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3383 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3386 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3387 struct sk_buff *skb)
3389 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3390 struct hci_conn *conn;
3392 BT_DBG("%s", hdev->name);
3394 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3398 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3399 conn->passkey_entered = 0;
3401 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3402 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3403 conn->dst_type, conn->passkey_notify,
3404 conn->passkey_entered);
3407 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3409 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3410 struct hci_conn *conn;
3412 BT_DBG("%s", hdev->name);
3414 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3419 case HCI_KEYPRESS_STARTED:
3420 conn->passkey_entered = 0;
3423 case HCI_KEYPRESS_ENTERED:
3424 conn->passkey_entered++;
3427 case HCI_KEYPRESS_ERASED:
3428 conn->passkey_entered--;
3431 case HCI_KEYPRESS_CLEARED:
3432 conn->passkey_entered = 0;
3435 case HCI_KEYPRESS_COMPLETED:
3439 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3440 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3441 conn->dst_type, conn->passkey_notify,
3442 conn->passkey_entered);
3445 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3446 struct sk_buff *skb)
3448 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3449 struct hci_conn *conn;
3451 BT_DBG("%s", hdev->name);
3455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3459 /* To avoid duplicate auth_failed events to user space we check
3460 * the HCI_CONN_AUTH_PEND flag which will be set if we
3461 * initiated the authentication. A traditional auth_complete
3462 * event gets always produced as initiator and is also mapped to
3463 * the mgmt_auth_failed event */
3464 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3465 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3471 hci_dev_unlock(hdev);
3474 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3475 struct sk_buff *skb)
3477 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3478 struct inquiry_entry *ie;
3480 BT_DBG("%s", hdev->name);
3484 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3486 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3488 hci_dev_unlock(hdev);
3491 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3492 struct sk_buff *skb)
3494 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3495 struct oob_data *data;
3497 BT_DBG("%s", hdev->name);
3501 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3504 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3506 struct hci_cp_remote_oob_data_reply cp;
3508 bacpy(&cp.bdaddr, &ev->bdaddr);
3509 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3510 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3512 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3515 struct hci_cp_remote_oob_data_neg_reply cp;
3517 bacpy(&cp.bdaddr, &ev->bdaddr);
3518 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3523 hci_dev_unlock(hdev);
3526 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3528 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3529 struct hci_conn *conn;
3531 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3535 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3537 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3539 BT_ERR("No memory for new connection");
3543 conn->dst_type = ev->bdaddr_type;
3545 if (ev->role == LE_CONN_ROLE_MASTER) {
3547 conn->link_mode |= HCI_LM_MASTER;
3552 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3553 conn->dst_type, ev->status);
3554 hci_proto_connect_cfm(conn, ev->status);
3555 conn->state = BT_CLOSED;
3560 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3561 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3562 conn->dst_type, 0, NULL, 0, NULL);
3564 conn->sec_level = BT_SECURITY_LOW;
3565 conn->handle = __le16_to_cpu(ev->handle);
3566 conn->state = BT_CONNECTED;
3568 hci_conn_hold_device(conn);
3569 hci_conn_add_sysfs(conn);
3571 hci_proto_connect_cfm(conn, ev->status);
3574 hci_dev_unlock(hdev);
3577 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3579 u8 num_reports = skb->data[0];
3580 void *ptr = &skb->data[1];
3585 while (num_reports--) {
3586 struct hci_ev_le_advertising_info *ev = ptr;
3588 rssi = ev->data[ev->length];
3589 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3590 NULL, rssi, 0, 1, ev->data, ev->length);
3592 ptr += sizeof(*ev) + ev->length + 1;
3595 hci_dev_unlock(hdev);
3598 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3600 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3601 struct hci_cp_le_ltk_reply cp;
3602 struct hci_cp_le_ltk_neg_reply neg;
3603 struct hci_conn *conn;
3604 struct smp_ltk *ltk;
3606 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3614 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3618 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3619 cp.handle = cpu_to_le16(conn->handle);
3621 if (ltk->authenticated)
3622 conn->sec_level = BT_SECURITY_HIGH;
3624 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3626 if (ltk->type & HCI_SMP_STK) {
3627 list_del(<k->list);
3631 hci_dev_unlock(hdev);
3636 neg.handle = ev->handle;
3637 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3638 hci_dev_unlock(hdev);
3641 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3643 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3645 skb_pull(skb, sizeof(*le_ev));
3647 switch (le_ev->subevent) {
3648 case HCI_EV_LE_CONN_COMPLETE:
3649 hci_le_conn_complete_evt(hdev, skb);
3652 case HCI_EV_LE_ADVERTISING_REPORT:
3653 hci_le_adv_report_evt(hdev, skb);
3656 case HCI_EV_LE_LTK_REQ:
3657 hci_le_ltk_request_evt(hdev, skb);
3665 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3667 struct hci_ev_channel_selected *ev = (void *) skb->data;
3668 struct hci_conn *hcon;
3670 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3672 skb_pull(skb, sizeof(*ev));
3674 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3678 amp_read_loc_assoc_final_data(hdev, hcon);
3681 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3683 struct hci_event_hdr *hdr = (void *) skb->data;
3684 __u8 event = hdr->evt;
3686 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3689 case HCI_EV_INQUIRY_COMPLETE:
3690 hci_inquiry_complete_evt(hdev, skb);
3693 case HCI_EV_INQUIRY_RESULT:
3694 hci_inquiry_result_evt(hdev, skb);
3697 case HCI_EV_CONN_COMPLETE:
3698 hci_conn_complete_evt(hdev, skb);
3701 case HCI_EV_CONN_REQUEST:
3702 hci_conn_request_evt(hdev, skb);
3705 case HCI_EV_DISCONN_COMPLETE:
3706 hci_disconn_complete_evt(hdev, skb);
3709 case HCI_EV_AUTH_COMPLETE:
3710 hci_auth_complete_evt(hdev, skb);
3713 case HCI_EV_REMOTE_NAME:
3714 hci_remote_name_evt(hdev, skb);
3717 case HCI_EV_ENCRYPT_CHANGE:
3718 hci_encrypt_change_evt(hdev, skb);
3721 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3722 hci_change_link_key_complete_evt(hdev, skb);
3725 case HCI_EV_REMOTE_FEATURES:
3726 hci_remote_features_evt(hdev, skb);
3729 case HCI_EV_REMOTE_VERSION:
3730 hci_remote_version_evt(hdev, skb);
3733 case HCI_EV_QOS_SETUP_COMPLETE:
3734 hci_qos_setup_complete_evt(hdev, skb);
3737 case HCI_EV_CMD_COMPLETE:
3738 hci_cmd_complete_evt(hdev, skb);
3741 case HCI_EV_CMD_STATUS:
3742 hci_cmd_status_evt(hdev, skb);
3745 case HCI_EV_ROLE_CHANGE:
3746 hci_role_change_evt(hdev, skb);
3749 case HCI_EV_NUM_COMP_PKTS:
3750 hci_num_comp_pkts_evt(hdev, skb);
3753 case HCI_EV_MODE_CHANGE:
3754 hci_mode_change_evt(hdev, skb);
3757 case HCI_EV_PIN_CODE_REQ:
3758 hci_pin_code_request_evt(hdev, skb);
3761 case HCI_EV_LINK_KEY_REQ:
3762 hci_link_key_request_evt(hdev, skb);
3765 case HCI_EV_LINK_KEY_NOTIFY:
3766 hci_link_key_notify_evt(hdev, skb);
3769 case HCI_EV_CLOCK_OFFSET:
3770 hci_clock_offset_evt(hdev, skb);
3773 case HCI_EV_PKT_TYPE_CHANGE:
3774 hci_pkt_type_change_evt(hdev, skb);
3777 case HCI_EV_PSCAN_REP_MODE:
3778 hci_pscan_rep_mode_evt(hdev, skb);
3781 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3782 hci_inquiry_result_with_rssi_evt(hdev, skb);
3785 case HCI_EV_REMOTE_EXT_FEATURES:
3786 hci_remote_ext_features_evt(hdev, skb);
3789 case HCI_EV_SYNC_CONN_COMPLETE:
3790 hci_sync_conn_complete_evt(hdev, skb);
3793 case HCI_EV_SYNC_CONN_CHANGED:
3794 hci_sync_conn_changed_evt(hdev, skb);
3797 case HCI_EV_SNIFF_SUBRATE:
3798 hci_sniff_subrate_evt(hdev, skb);
3801 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3802 hci_extended_inquiry_result_evt(hdev, skb);
3805 case HCI_EV_KEY_REFRESH_COMPLETE:
3806 hci_key_refresh_complete_evt(hdev, skb);
3809 case HCI_EV_IO_CAPA_REQUEST:
3810 hci_io_capa_request_evt(hdev, skb);
3813 case HCI_EV_IO_CAPA_REPLY:
3814 hci_io_capa_reply_evt(hdev, skb);
3817 case HCI_EV_USER_CONFIRM_REQUEST:
3818 hci_user_confirm_request_evt(hdev, skb);
3821 case HCI_EV_USER_PASSKEY_REQUEST:
3822 hci_user_passkey_request_evt(hdev, skb);
3825 case HCI_EV_USER_PASSKEY_NOTIFY:
3826 hci_user_passkey_notify_evt(hdev, skb);
3829 case HCI_EV_KEYPRESS_NOTIFY:
3830 hci_keypress_notify_evt(hdev, skb);
3833 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3834 hci_simple_pair_complete_evt(hdev, skb);
3837 case HCI_EV_REMOTE_HOST_FEATURES:
3838 hci_remote_host_features_evt(hdev, skb);
3841 case HCI_EV_LE_META:
3842 hci_le_meta_evt(hdev, skb);
3845 case HCI_EV_CHANNEL_SELECTED:
3846 hci_chan_selected_evt(hdev, skb);
3849 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3850 hci_remote_oob_data_request_evt(hdev, skb);
3853 case HCI_EV_NUM_COMP_BLOCKS:
3854 hci_num_comp_blocks_evt(hdev, skb);
3858 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3863 hdev->stat.evt_rx++;
projects / ~andy / linux / blob