2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->ssp_debug_mode = 0;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
241 __u8 status = *((__u8 *) skb->data);
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 __u8 param = *((__u8 *) sent);
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
256 clear_bit(HCI_AUTH, &hdev->flags);
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
431 hdev->num_iac = rp->num_iac;
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->features[1][0] |= LMP_HOST_SSP;
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
466 struct hci_rp_read_local_version *rp = (void *) skb->data;
468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
474 hdev->hci_ver = rp->hci_ver;
475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
476 hdev->lmp_ver = rp->lmp_ver;
477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
482 static void hci_cc_read_local_commands(struct hci_dev *hdev,
485 struct hci_rp_read_local_commands *rp = (void *) skb->data;
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
492 if (test_bit(HCI_SETUP, &hdev->dev_flags))
493 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
496 static void hci_cc_read_local_features(struct hci_dev *hdev,
499 struct hci_rp_read_local_features *rp = (void *) skb->data;
501 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
506 memcpy(hdev->features, rp->features, 8);
508 /* Adjust default settings according to features
509 * supported by device. */
511 if (hdev->features[0][0] & LMP_3SLOT)
512 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
514 if (hdev->features[0][0] & LMP_5SLOT)
515 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
517 if (hdev->features[0][1] & LMP_HV2) {
518 hdev->pkt_type |= (HCI_HV2);
519 hdev->esco_type |= (ESCO_HV2);
522 if (hdev->features[0][1] & LMP_HV3) {
523 hdev->pkt_type |= (HCI_HV3);
524 hdev->esco_type |= (ESCO_HV3);
527 if (lmp_esco_capable(hdev))
528 hdev->esco_type |= (ESCO_EV3);
530 if (hdev->features[0][4] & LMP_EV4)
531 hdev->esco_type |= (ESCO_EV4);
533 if (hdev->features[0][4] & LMP_EV5)
534 hdev->esco_type |= (ESCO_EV5);
536 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
537 hdev->esco_type |= (ESCO_2EV3);
539 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
540 hdev->esco_type |= (ESCO_3EV3);
542 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
543 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
546 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
549 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
556 if (hdev->max_page < rp->max_page)
557 hdev->max_page = rp->max_page;
559 if (rp->page < HCI_MAX_PAGES)
560 memcpy(hdev->features[rp->page], rp->features, 8);
563 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
566 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
571 hdev->flow_ctl_mode = rp->mode;
574 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
576 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
578 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
583 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
584 hdev->sco_mtu = rp->sco_mtu;
585 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
586 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
588 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
593 hdev->acl_cnt = hdev->acl_pkts;
594 hdev->sco_cnt = hdev->sco_pkts;
596 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
597 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
600 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
602 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607 bacpy(&hdev->bdaddr, &rp->bdaddr);
610 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
613 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
615 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
617 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
618 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
619 hdev->page_scan_window = __le16_to_cpu(rp->window);
623 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
626 u8 status = *((u8 *) skb->data);
627 struct hci_cp_write_page_scan_activity *sent;
629 BT_DBG("%s status 0x%2.2x", hdev->name, status);
634 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
638 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
639 hdev->page_scan_window = __le16_to_cpu(sent->window);
642 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
645 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
650 hdev->page_scan_type = rp->type;
653 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
656 u8 status = *((u8 *) skb->data);
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
666 hdev->page_scan_type = *type;
669 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
672 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
674 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
680 hdev->block_len = __le16_to_cpu(rp->block_len);
681 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
683 hdev->block_cnt = hdev->num_blocks;
685 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
686 hdev->block_cnt, hdev->block_len);
689 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
692 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
694 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699 hdev->amp_status = rp->amp_status;
700 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
701 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
702 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
703 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
704 hdev->amp_type = rp->amp_type;
705 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
706 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
707 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
708 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
711 a2mp_send_getinfo_rsp(hdev);
714 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
717 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
718 struct amp_assoc *assoc = &hdev->loc_assoc;
719 size_t rem_len, frag_len;
721 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
726 frag_len = skb->len - sizeof(*rp);
727 rem_len = __le16_to_cpu(rp->rem_len);
729 if (rem_len > frag_len) {
730 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
732 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
733 assoc->offset += frag_len;
735 /* Read other fragments */
736 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
741 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
742 assoc->len = assoc->offset + rem_len;
746 /* Send A2MP Rsp when all fragments are received */
747 a2mp_send_getampassoc_rsp(hdev, rp->status);
748 a2mp_send_create_phy_link_req(hdev, rp->status);
751 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
754 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759 hdev->inq_tx_power = rp->tx_power;
762 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
764 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
765 struct hci_cp_pin_code_reply *cp;
766 struct hci_conn *conn;
768 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
772 if (test_bit(HCI_MGMT, &hdev->dev_flags))
773 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
778 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
784 conn->pin_length = cp->pin_len;
787 hci_dev_unlock(hdev);
790 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
792 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
794 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
798 if (test_bit(HCI_MGMT, &hdev->dev_flags))
799 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
802 hci_dev_unlock(hdev);
805 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
808 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
816 hdev->le_pkts = rp->le_max_pkt;
818 hdev->le_cnt = hdev->le_pkts;
820 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
823 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
826 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
831 memcpy(hdev->le_features, rp->features, 8);
834 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
837 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 hdev->adv_tx_power = rp->tx_power;
845 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
847 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
849 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853 if (test_bit(HCI_MGMT, &hdev->dev_flags))
854 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
857 hci_dev_unlock(hdev);
860 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
863 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869 if (test_bit(HCI_MGMT, &hdev->dev_flags))
870 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
871 ACL_LINK, 0, rp->status);
873 hci_dev_unlock(hdev);
876 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
878 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
884 if (test_bit(HCI_MGMT, &hdev->dev_flags))
885 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
888 hci_dev_unlock(hdev);
891 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
894 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
896 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
900 if (test_bit(HCI_MGMT, &hdev->dev_flags))
901 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
902 ACL_LINK, 0, rp->status);
904 hci_dev_unlock(hdev);
907 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
910 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
915 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
916 rp->randomizer, rp->status);
917 hci_dev_unlock(hdev);
920 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
922 __u8 *sent, status = *((__u8 *) skb->data);
924 BT_DBG("%s status 0x%2.2x", hdev->name, status);
926 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
934 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
936 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
939 hci_dev_unlock(hdev);
942 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
945 struct hci_cp_le_set_scan_enable *cp;
946 __u8 status = *((__u8 *) skb->data);
948 BT_DBG("%s status 0x%2.2x", hdev->name, status);
950 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
957 switch (cp->enable) {
959 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
962 case LE_SCAN_DISABLE:
963 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
967 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
972 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
975 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
977 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
980 hdev->le_white_list_size = rp->size;
983 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
986 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
988 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
991 memcpy(hdev->le_states, rp->le_states, 8);
994 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
997 struct hci_cp_write_le_host_supported *sent;
998 __u8 status = *((__u8 *) skb->data);
1000 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1002 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1008 hdev->features[1][0] |= LMP_HOST_LE;
1009 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1011 hdev->features[1][0] &= ~LMP_HOST_LE;
1012 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1013 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1017 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1019 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1023 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1024 struct sk_buff *skb)
1026 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1028 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1029 hdev->name, rp->status, rp->phy_handle);
1034 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1037 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1039 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1042 hci_conn_check_pending(hdev);
1046 set_bit(HCI_INQUIRY, &hdev->flags);
1049 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1051 struct hci_cp_create_conn *cp;
1052 struct hci_conn *conn;
1054 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1056 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1064 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1067 if (conn && conn->state == BT_CONNECT) {
1068 if (status != 0x0c || conn->attempt > 2) {
1069 conn->state = BT_CLOSED;
1070 hci_proto_connect_cfm(conn, status);
1073 conn->state = BT_CONNECT2;
1077 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1080 conn->link_mode |= HCI_LM_MASTER;
1082 BT_ERR("No memory for new connection");
1086 hci_dev_unlock(hdev);
1089 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1091 struct hci_cp_add_sco *cp;
1092 struct hci_conn *acl, *sco;
1095 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1104 handle = __le16_to_cpu(cp->handle);
1106 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1110 acl = hci_conn_hash_lookup_handle(hdev, handle);
1114 sco->state = BT_CLOSED;
1116 hci_proto_connect_cfm(sco, status);
1121 hci_dev_unlock(hdev);
1124 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1126 struct hci_cp_auth_requested *cp;
1127 struct hci_conn *conn;
1129 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1142 if (conn->state == BT_CONFIG) {
1143 hci_proto_connect_cfm(conn, status);
1144 hci_conn_drop(conn);
1148 hci_dev_unlock(hdev);
1151 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1153 struct hci_cp_set_conn_encrypt *cp;
1154 struct hci_conn *conn;
1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1161 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1167 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1169 if (conn->state == BT_CONFIG) {
1170 hci_proto_connect_cfm(conn, status);
1171 hci_conn_drop(conn);
1175 hci_dev_unlock(hdev);
1178 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1179 struct hci_conn *conn)
1181 if (conn->state != BT_CONFIG || !conn->out)
1184 if (conn->pending_sec_level == BT_SECURITY_SDP)
1187 /* Only request authentication for SSP connections or non-SSP
1188 * devices with sec_level HIGH or if MITM protection is requested */
1189 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1190 conn->pending_sec_level != BT_SECURITY_HIGH)
1196 static int hci_resolve_name(struct hci_dev *hdev,
1197 struct inquiry_entry *e)
1199 struct hci_cp_remote_name_req cp;
1201 memset(&cp, 0, sizeof(cp));
1203 bacpy(&cp.bdaddr, &e->data.bdaddr);
1204 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1205 cp.pscan_mode = e->data.pscan_mode;
1206 cp.clock_offset = e->data.clock_offset;
1208 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1211 static bool hci_resolve_next_name(struct hci_dev *hdev)
1213 struct discovery_state *discov = &hdev->discovery;
1214 struct inquiry_entry *e;
1216 if (list_empty(&discov->resolve))
1219 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1223 if (hci_resolve_name(hdev, e) == 0) {
1224 e->name_state = NAME_PENDING;
1231 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1232 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1234 struct discovery_state *discov = &hdev->discovery;
1235 struct inquiry_entry *e;
1237 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1238 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1239 name_len, conn->dev_class);
1241 if (discov->state == DISCOVERY_STOPPED)
1244 if (discov->state == DISCOVERY_STOPPING)
1245 goto discov_complete;
1247 if (discov->state != DISCOVERY_RESOLVING)
1250 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1251 /* If the device was not found in a list of found devices names of which
1252 * are pending. there is no need to continue resolving a next name as it
1253 * will be done upon receiving another Remote Name Request Complete
1260 e->name_state = NAME_KNOWN;
1261 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1262 e->data.rssi, name, name_len);
1264 e->name_state = NAME_NOT_KNOWN;
1267 if (hci_resolve_next_name(hdev))
1271 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1274 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1276 struct hci_cp_remote_name_req *cp;
1277 struct hci_conn *conn;
1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1281 /* If successful wait for the name req complete event before
1282 * checking for the need to do authentication */
1286 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1294 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1295 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1300 if (!hci_outgoing_auth_needed(hdev, conn))
1303 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1304 struct hci_cp_auth_requested auth_cp;
1306 auth_cp.handle = __cpu_to_le16(conn->handle);
1307 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1308 sizeof(auth_cp), &auth_cp);
1312 hci_dev_unlock(hdev);
1315 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1317 struct hci_cp_read_remote_features *cp;
1318 struct hci_conn *conn;
1320 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1331 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1333 if (conn->state == BT_CONFIG) {
1334 hci_proto_connect_cfm(conn, status);
1335 hci_conn_drop(conn);
1339 hci_dev_unlock(hdev);
1342 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1344 struct hci_cp_read_remote_ext_features *cp;
1345 struct hci_conn *conn;
1347 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1352 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1358 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1360 if (conn->state == BT_CONFIG) {
1361 hci_proto_connect_cfm(conn, status);
1362 hci_conn_drop(conn);
1366 hci_dev_unlock(hdev);
1369 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1371 struct hci_cp_setup_sync_conn *cp;
1372 struct hci_conn *acl, *sco;
1375 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1380 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1384 handle = __le16_to_cpu(cp->handle);
1386 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1390 acl = hci_conn_hash_lookup_handle(hdev, handle);
1394 sco->state = BT_CLOSED;
1396 hci_proto_connect_cfm(sco, status);
1401 hci_dev_unlock(hdev);
1404 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1406 struct hci_cp_sniff_mode *cp;
1407 struct hci_conn *conn;
1409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1414 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1420 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1422 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1424 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1425 hci_sco_setup(conn, status);
1428 hci_dev_unlock(hdev);
1431 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1433 struct hci_cp_exit_sniff_mode *cp;
1434 struct hci_conn *conn;
1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1441 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1447 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1449 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1451 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1452 hci_sco_setup(conn, status);
1455 hci_dev_unlock(hdev);
1458 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1460 struct hci_cp_disconnect *cp;
1461 struct hci_conn *conn;
1466 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1474 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1475 conn->dst_type, status);
1477 hci_dev_unlock(hdev);
1480 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1482 struct hci_cp_create_phy_link *cp;
1484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1486 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1493 struct hci_conn *hcon;
1495 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1499 amp_write_remote_assoc(hdev, cp->phy_handle);
1502 hci_dev_unlock(hdev);
1505 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1507 struct hci_cp_accept_phy_link *cp;
1509 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1514 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1518 amp_write_remote_assoc(hdev, cp->phy_handle);
1521 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1523 __u8 status = *((__u8 *) skb->data);
1524 struct discovery_state *discov = &hdev->discovery;
1525 struct inquiry_entry *e;
1527 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1529 hci_conn_check_pending(hdev);
1531 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1534 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1535 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1537 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1542 if (discov->state != DISCOVERY_FINDING)
1545 if (list_empty(&discov->resolve)) {
1546 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1550 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1551 if (e && hci_resolve_name(hdev, e) == 0) {
1552 e->name_state = NAME_PENDING;
1553 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1555 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1559 hci_dev_unlock(hdev);
1562 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1564 struct inquiry_data data;
1565 struct inquiry_info *info = (void *) (skb->data + 1);
1566 int num_rsp = *((__u8 *) skb->data);
1568 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1573 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1578 for (; num_rsp; num_rsp--, info++) {
1579 bool name_known, ssp;
1581 bacpy(&data.bdaddr, &info->bdaddr);
1582 data.pscan_rep_mode = info->pscan_rep_mode;
1583 data.pscan_period_mode = info->pscan_period_mode;
1584 data.pscan_mode = info->pscan_mode;
1585 memcpy(data.dev_class, info->dev_class, 3);
1586 data.clock_offset = info->clock_offset;
1588 data.ssp_mode = 0x00;
1590 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1591 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1592 info->dev_class, 0, !name_known, ssp, NULL,
1596 hci_dev_unlock(hdev);
1599 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1601 struct hci_ev_conn_complete *ev = (void *) skb->data;
1602 struct hci_conn *conn;
1604 BT_DBG("%s", hdev->name);
1608 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1610 if (ev->link_type != SCO_LINK)
1613 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1617 conn->type = SCO_LINK;
1621 conn->handle = __le16_to_cpu(ev->handle);
1623 if (conn->type == ACL_LINK) {
1624 conn->state = BT_CONFIG;
1625 hci_conn_hold(conn);
1627 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1628 !hci_find_link_key(hdev, &ev->bdaddr))
1629 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1631 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1633 conn->state = BT_CONNECTED;
1635 hci_conn_add_sysfs(conn);
1637 if (test_bit(HCI_AUTH, &hdev->flags))
1638 conn->link_mode |= HCI_LM_AUTH;
1640 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1641 conn->link_mode |= HCI_LM_ENCRYPT;
1643 /* Get remote features */
1644 if (conn->type == ACL_LINK) {
1645 struct hci_cp_read_remote_features cp;
1646 cp.handle = ev->handle;
1647 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1651 /* Set packet type for incoming connection */
1652 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1653 struct hci_cp_change_conn_ptype cp;
1654 cp.handle = ev->handle;
1655 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1656 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1660 conn->state = BT_CLOSED;
1661 if (conn->type == ACL_LINK)
1662 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1663 conn->dst_type, ev->status);
1666 if (conn->type == ACL_LINK)
1667 hci_sco_setup(conn, ev->status);
1670 hci_proto_connect_cfm(conn, ev->status);
1672 } else if (ev->link_type != ACL_LINK)
1673 hci_proto_connect_cfm(conn, ev->status);
1676 hci_dev_unlock(hdev);
1678 hci_conn_check_pending(hdev);
1681 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1683 struct hci_ev_conn_request *ev = (void *) skb->data;
1684 int mask = hdev->link_mode;
1687 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1690 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1693 if ((mask & HCI_LM_ACCEPT) &&
1694 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1695 /* Connection accepted */
1696 struct inquiry_entry *ie;
1697 struct hci_conn *conn;
1701 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1703 memcpy(ie->data.dev_class, ev->dev_class, 3);
1705 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1708 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1710 BT_ERR("No memory for new connection");
1711 hci_dev_unlock(hdev);
1716 memcpy(conn->dev_class, ev->dev_class, 3);
1718 hci_dev_unlock(hdev);
1720 if (ev->link_type == ACL_LINK ||
1721 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1722 struct hci_cp_accept_conn_req cp;
1723 conn->state = BT_CONNECT;
1725 bacpy(&cp.bdaddr, &ev->bdaddr);
1727 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1728 cp.role = 0x00; /* Become master */
1730 cp.role = 0x01; /* Remain slave */
1732 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1734 } else if (!(flags & HCI_PROTO_DEFER)) {
1735 struct hci_cp_accept_sync_conn_req cp;
1736 conn->state = BT_CONNECT;
1738 bacpy(&cp.bdaddr, &ev->bdaddr);
1739 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1741 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1742 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1743 cp.max_latency = __constant_cpu_to_le16(0xffff);
1744 cp.content_format = cpu_to_le16(hdev->voice_setting);
1745 cp.retrans_effort = 0xff;
1747 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1750 conn->state = BT_CONNECT2;
1751 hci_proto_connect_cfm(conn, 0);
1754 /* Connection rejected */
1755 struct hci_cp_reject_conn_req cp;
1757 bacpy(&cp.bdaddr, &ev->bdaddr);
1758 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1759 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1763 static u8 hci_to_mgmt_reason(u8 err)
1766 case HCI_ERROR_CONNECTION_TIMEOUT:
1767 return MGMT_DEV_DISCONN_TIMEOUT;
1768 case HCI_ERROR_REMOTE_USER_TERM:
1769 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1770 case HCI_ERROR_REMOTE_POWER_OFF:
1771 return MGMT_DEV_DISCONN_REMOTE;
1772 case HCI_ERROR_LOCAL_HOST_TERM:
1773 return MGMT_DEV_DISCONN_LOCAL_HOST;
1775 return MGMT_DEV_DISCONN_UNKNOWN;
1779 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1781 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1782 u8 reason = hci_to_mgmt_reason(ev->reason);
1783 struct hci_conn *conn;
1786 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1790 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1795 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1796 conn->dst_type, ev->status);
1800 conn->state = BT_CLOSED;
1802 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1803 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1804 conn->dst_type, reason);
1806 if (conn->type == ACL_LINK && conn->flush_key)
1807 hci_remove_link_key(hdev, &conn->dst);
1811 hci_proto_disconn_cfm(conn, ev->reason);
1814 /* Re-enable advertising if necessary, since it might
1815 * have been disabled by the connection. From the
1816 * HCI_LE_Set_Advertise_Enable command description in
1817 * the core specification (v4.0):
1818 * "The Controller shall continue advertising until the Host
1819 * issues an LE_Set_Advertise_Enable command with
1820 * Advertising_Enable set to 0x00 (Advertising is disabled)
1821 * or until a connection is created or until the Advertising
1822 * is timed out due to Directed Advertising."
1824 if (type == LE_LINK)
1825 mgmt_reenable_advertising(hdev);
1828 hci_dev_unlock(hdev);
1831 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1833 struct hci_ev_auth_complete *ev = (void *) skb->data;
1834 struct hci_conn *conn;
1836 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1845 if (!hci_conn_ssp_enabled(conn) &&
1846 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1847 BT_INFO("re-auth of legacy device is not possible.");
1849 conn->link_mode |= HCI_LM_AUTH;
1850 conn->sec_level = conn->pending_sec_level;
1853 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1857 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1858 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1860 if (conn->state == BT_CONFIG) {
1861 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1862 struct hci_cp_set_conn_encrypt cp;
1863 cp.handle = ev->handle;
1865 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1868 conn->state = BT_CONNECTED;
1869 hci_proto_connect_cfm(conn, ev->status);
1870 hci_conn_drop(conn);
1873 hci_auth_cfm(conn, ev->status);
1875 hci_conn_hold(conn);
1876 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1877 hci_conn_drop(conn);
1880 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1882 struct hci_cp_set_conn_encrypt cp;
1883 cp.handle = ev->handle;
1885 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1888 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1889 hci_encrypt_cfm(conn, ev->status, 0x00);
1894 hci_dev_unlock(hdev);
1897 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1899 struct hci_ev_remote_name *ev = (void *) skb->data;
1900 struct hci_conn *conn;
1902 BT_DBG("%s", hdev->name);
1904 hci_conn_check_pending(hdev);
1908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1910 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1913 if (ev->status == 0)
1914 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1915 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1923 if (!hci_outgoing_auth_needed(hdev, conn))
1926 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1927 struct hci_cp_auth_requested cp;
1928 cp.handle = __cpu_to_le16(conn->handle);
1929 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1933 hci_dev_unlock(hdev);
1936 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1939 struct hci_conn *conn;
1941 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1945 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1949 /* Encryption implies authentication */
1950 conn->link_mode |= HCI_LM_AUTH;
1951 conn->link_mode |= HCI_LM_ENCRYPT;
1952 conn->sec_level = conn->pending_sec_level;
1954 conn->link_mode &= ~HCI_LM_ENCRYPT;
1957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1959 if (ev->status && conn->state == BT_CONNECTED) {
1960 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1961 hci_conn_drop(conn);
1965 if (conn->state == BT_CONFIG) {
1967 conn->state = BT_CONNECTED;
1969 hci_proto_connect_cfm(conn, ev->status);
1970 hci_conn_drop(conn);
1972 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1976 hci_dev_unlock(hdev);
1979 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1980 struct sk_buff *skb)
1982 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1983 struct hci_conn *conn;
1985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1992 conn->link_mode |= HCI_LM_SECURE;
1994 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1996 hci_key_change_cfm(conn, ev->status);
1999 hci_dev_unlock(hdev);
2002 static void hci_remote_features_evt(struct hci_dev *hdev,
2003 struct sk_buff *skb)
2005 struct hci_ev_remote_features *ev = (void *) skb->data;
2006 struct hci_conn *conn;
2008 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2012 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2017 memcpy(conn->features[0], ev->features, 8);
2019 if (conn->state != BT_CONFIG)
2022 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2023 struct hci_cp_read_remote_ext_features cp;
2024 cp.handle = ev->handle;
2026 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2031 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2032 struct hci_cp_remote_name_req cp;
2033 memset(&cp, 0, sizeof(cp));
2034 bacpy(&cp.bdaddr, &conn->dst);
2035 cp.pscan_rep_mode = 0x02;
2036 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2037 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2038 mgmt_device_connected(hdev, &conn->dst, conn->type,
2039 conn->dst_type, 0, NULL, 0,
2042 if (!hci_outgoing_auth_needed(hdev, conn)) {
2043 conn->state = BT_CONNECTED;
2044 hci_proto_connect_cfm(conn, ev->status);
2045 hci_conn_drop(conn);
2049 hci_dev_unlock(hdev);
2052 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2054 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2055 u8 status = skb->data[sizeof(*ev)];
2058 skb_pull(skb, sizeof(*ev));
2060 opcode = __le16_to_cpu(ev->opcode);
2063 case HCI_OP_INQUIRY_CANCEL:
2064 hci_cc_inquiry_cancel(hdev, skb);
2067 case HCI_OP_PERIODIC_INQ:
2068 hci_cc_periodic_inq(hdev, skb);
2071 case HCI_OP_EXIT_PERIODIC_INQ:
2072 hci_cc_exit_periodic_inq(hdev, skb);
2075 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2076 hci_cc_remote_name_req_cancel(hdev, skb);
2079 case HCI_OP_ROLE_DISCOVERY:
2080 hci_cc_role_discovery(hdev, skb);
2083 case HCI_OP_READ_LINK_POLICY:
2084 hci_cc_read_link_policy(hdev, skb);
2087 case HCI_OP_WRITE_LINK_POLICY:
2088 hci_cc_write_link_policy(hdev, skb);
2091 case HCI_OP_READ_DEF_LINK_POLICY:
2092 hci_cc_read_def_link_policy(hdev, skb);
2095 case HCI_OP_WRITE_DEF_LINK_POLICY:
2096 hci_cc_write_def_link_policy(hdev, skb);
2100 hci_cc_reset(hdev, skb);
2103 case HCI_OP_WRITE_LOCAL_NAME:
2104 hci_cc_write_local_name(hdev, skb);
2107 case HCI_OP_READ_LOCAL_NAME:
2108 hci_cc_read_local_name(hdev, skb);
2111 case HCI_OP_WRITE_AUTH_ENABLE:
2112 hci_cc_write_auth_enable(hdev, skb);
2115 case HCI_OP_WRITE_ENCRYPT_MODE:
2116 hci_cc_write_encrypt_mode(hdev, skb);
2119 case HCI_OP_WRITE_SCAN_ENABLE:
2120 hci_cc_write_scan_enable(hdev, skb);
2123 case HCI_OP_READ_CLASS_OF_DEV:
2124 hci_cc_read_class_of_dev(hdev, skb);
2127 case HCI_OP_WRITE_CLASS_OF_DEV:
2128 hci_cc_write_class_of_dev(hdev, skb);
2131 case HCI_OP_READ_VOICE_SETTING:
2132 hci_cc_read_voice_setting(hdev, skb);
2135 case HCI_OP_WRITE_VOICE_SETTING:
2136 hci_cc_write_voice_setting(hdev, skb);
2139 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2140 hci_cc_read_num_supported_iac(hdev, skb);
2143 case HCI_OP_WRITE_SSP_MODE:
2144 hci_cc_write_ssp_mode(hdev, skb);
2147 case HCI_OP_READ_LOCAL_VERSION:
2148 hci_cc_read_local_version(hdev, skb);
2151 case HCI_OP_READ_LOCAL_COMMANDS:
2152 hci_cc_read_local_commands(hdev, skb);
2155 case HCI_OP_READ_LOCAL_FEATURES:
2156 hci_cc_read_local_features(hdev, skb);
2159 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2160 hci_cc_read_local_ext_features(hdev, skb);
2163 case HCI_OP_READ_BUFFER_SIZE:
2164 hci_cc_read_buffer_size(hdev, skb);
2167 case HCI_OP_READ_BD_ADDR:
2168 hci_cc_read_bd_addr(hdev, skb);
2171 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2172 hci_cc_read_page_scan_activity(hdev, skb);
2175 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2176 hci_cc_write_page_scan_activity(hdev, skb);
2179 case HCI_OP_READ_PAGE_SCAN_TYPE:
2180 hci_cc_read_page_scan_type(hdev, skb);
2183 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2184 hci_cc_write_page_scan_type(hdev, skb);
2187 case HCI_OP_READ_DATA_BLOCK_SIZE:
2188 hci_cc_read_data_block_size(hdev, skb);
2191 case HCI_OP_READ_FLOW_CONTROL_MODE:
2192 hci_cc_read_flow_control_mode(hdev, skb);
2195 case HCI_OP_READ_LOCAL_AMP_INFO:
2196 hci_cc_read_local_amp_info(hdev, skb);
2199 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2200 hci_cc_read_local_amp_assoc(hdev, skb);
2203 case HCI_OP_READ_INQ_RSP_TX_POWER:
2204 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2207 case HCI_OP_PIN_CODE_REPLY:
2208 hci_cc_pin_code_reply(hdev, skb);
2211 case HCI_OP_PIN_CODE_NEG_REPLY:
2212 hci_cc_pin_code_neg_reply(hdev, skb);
2215 case HCI_OP_READ_LOCAL_OOB_DATA:
2216 hci_cc_read_local_oob_data_reply(hdev, skb);
2219 case HCI_OP_LE_READ_BUFFER_SIZE:
2220 hci_cc_le_read_buffer_size(hdev, skb);
2223 case HCI_OP_LE_READ_LOCAL_FEATURES:
2224 hci_cc_le_read_local_features(hdev, skb);
2227 case HCI_OP_LE_READ_ADV_TX_POWER:
2228 hci_cc_le_read_adv_tx_power(hdev, skb);
2231 case HCI_OP_USER_CONFIRM_REPLY:
2232 hci_cc_user_confirm_reply(hdev, skb);
2235 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2236 hci_cc_user_confirm_neg_reply(hdev, skb);
2239 case HCI_OP_USER_PASSKEY_REPLY:
2240 hci_cc_user_passkey_reply(hdev, skb);
2243 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2244 hci_cc_user_passkey_neg_reply(hdev, skb);
2247 case HCI_OP_LE_SET_ADV_ENABLE:
2248 hci_cc_le_set_adv_enable(hdev, skb);
2251 case HCI_OP_LE_SET_SCAN_ENABLE:
2252 hci_cc_le_set_scan_enable(hdev, skb);
2255 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2256 hci_cc_le_read_white_list_size(hdev, skb);
2259 case HCI_OP_LE_READ_SUPPORTED_STATES:
2260 hci_cc_le_read_supported_states(hdev, skb);
2263 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2264 hci_cc_write_le_host_supported(hdev, skb);
2267 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2268 hci_cc_write_remote_amp_assoc(hdev, skb);
2272 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2276 if (opcode != HCI_OP_NOP)
2277 del_timer(&hdev->cmd_timer);
2279 hci_req_cmd_complete(hdev, opcode, status);
2281 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2282 atomic_set(&hdev->cmd_cnt, 1);
2283 if (!skb_queue_empty(&hdev->cmd_q))
2284 queue_work(hdev->workqueue, &hdev->cmd_work);
2288 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2290 struct hci_ev_cmd_status *ev = (void *) skb->data;
2293 skb_pull(skb, sizeof(*ev));
2295 opcode = __le16_to_cpu(ev->opcode);
2298 case HCI_OP_INQUIRY:
2299 hci_cs_inquiry(hdev, ev->status);
2302 case HCI_OP_CREATE_CONN:
2303 hci_cs_create_conn(hdev, ev->status);
2306 case HCI_OP_ADD_SCO:
2307 hci_cs_add_sco(hdev, ev->status);
2310 case HCI_OP_AUTH_REQUESTED:
2311 hci_cs_auth_requested(hdev, ev->status);
2314 case HCI_OP_SET_CONN_ENCRYPT:
2315 hci_cs_set_conn_encrypt(hdev, ev->status);
2318 case HCI_OP_REMOTE_NAME_REQ:
2319 hci_cs_remote_name_req(hdev, ev->status);
2322 case HCI_OP_READ_REMOTE_FEATURES:
2323 hci_cs_read_remote_features(hdev, ev->status);
2326 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2327 hci_cs_read_remote_ext_features(hdev, ev->status);
2330 case HCI_OP_SETUP_SYNC_CONN:
2331 hci_cs_setup_sync_conn(hdev, ev->status);
2334 case HCI_OP_SNIFF_MODE:
2335 hci_cs_sniff_mode(hdev, ev->status);
2338 case HCI_OP_EXIT_SNIFF_MODE:
2339 hci_cs_exit_sniff_mode(hdev, ev->status);
2342 case HCI_OP_DISCONNECT:
2343 hci_cs_disconnect(hdev, ev->status);
2346 case HCI_OP_CREATE_PHY_LINK:
2347 hci_cs_create_phylink(hdev, ev->status);
2350 case HCI_OP_ACCEPT_PHY_LINK:
2351 hci_cs_accept_phylink(hdev, ev->status);
2355 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2359 if (opcode != HCI_OP_NOP)
2360 del_timer(&hdev->cmd_timer);
2363 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2364 hci_req_cmd_complete(hdev, opcode, ev->status);
2366 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2367 atomic_set(&hdev->cmd_cnt, 1);
2368 if (!skb_queue_empty(&hdev->cmd_q))
2369 queue_work(hdev->workqueue, &hdev->cmd_work);
2373 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2375 struct hci_ev_role_change *ev = (void *) skb->data;
2376 struct hci_conn *conn;
2378 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2382 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2386 conn->link_mode &= ~HCI_LM_MASTER;
2388 conn->link_mode |= HCI_LM_MASTER;
2391 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2393 hci_role_switch_cfm(conn, ev->status, ev->role);
2396 hci_dev_unlock(hdev);
2399 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2401 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2404 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2405 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2409 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2410 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2411 BT_DBG("%s bad parameters", hdev->name);
2415 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2417 for (i = 0; i < ev->num_hndl; i++) {
2418 struct hci_comp_pkts_info *info = &ev->handles[i];
2419 struct hci_conn *conn;
2420 __u16 handle, count;
2422 handle = __le16_to_cpu(info->handle);
2423 count = __le16_to_cpu(info->count);
2425 conn = hci_conn_hash_lookup_handle(hdev, handle);
2429 conn->sent -= count;
2431 switch (conn->type) {
2433 hdev->acl_cnt += count;
2434 if (hdev->acl_cnt > hdev->acl_pkts)
2435 hdev->acl_cnt = hdev->acl_pkts;
2439 if (hdev->le_pkts) {
2440 hdev->le_cnt += count;
2441 if (hdev->le_cnt > hdev->le_pkts)
2442 hdev->le_cnt = hdev->le_pkts;
2444 hdev->acl_cnt += count;
2445 if (hdev->acl_cnt > hdev->acl_pkts)
2446 hdev->acl_cnt = hdev->acl_pkts;
2451 hdev->sco_cnt += count;
2452 if (hdev->sco_cnt > hdev->sco_pkts)
2453 hdev->sco_cnt = hdev->sco_pkts;
2457 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2462 queue_work(hdev->workqueue, &hdev->tx_work);
2465 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2468 struct hci_chan *chan;
2470 switch (hdev->dev_type) {
2472 return hci_conn_hash_lookup_handle(hdev, handle);
2474 chan = hci_chan_lookup_handle(hdev, handle);
2479 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2486 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2488 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2491 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2492 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2496 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2497 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2498 BT_DBG("%s bad parameters", hdev->name);
2502 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2505 for (i = 0; i < ev->num_hndl; i++) {
2506 struct hci_comp_blocks_info *info = &ev->handles[i];
2507 struct hci_conn *conn = NULL;
2508 __u16 handle, block_count;
2510 handle = __le16_to_cpu(info->handle);
2511 block_count = __le16_to_cpu(info->blocks);
2513 conn = __hci_conn_lookup_handle(hdev, handle);
2517 conn->sent -= block_count;
2519 switch (conn->type) {
2522 hdev->block_cnt += block_count;
2523 if (hdev->block_cnt > hdev->num_blocks)
2524 hdev->block_cnt = hdev->num_blocks;
2528 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2533 queue_work(hdev->workqueue, &hdev->tx_work);
2536 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2538 struct hci_ev_mode_change *ev = (void *) skb->data;
2539 struct hci_conn *conn;
2541 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2547 conn->mode = ev->mode;
2549 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2551 if (conn->mode == HCI_CM_ACTIVE)
2552 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2554 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2557 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2558 hci_sco_setup(conn, ev->status);
2561 hci_dev_unlock(hdev);
2564 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2566 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2567 struct hci_conn *conn;
2569 BT_DBG("%s", hdev->name);
2573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2577 if (conn->state == BT_CONNECTED) {
2578 hci_conn_hold(conn);
2579 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2580 hci_conn_drop(conn);
2583 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2584 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2585 sizeof(ev->bdaddr), &ev->bdaddr);
2586 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2589 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2594 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2598 hci_dev_unlock(hdev);
2601 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2603 struct hci_ev_link_key_req *ev = (void *) skb->data;
2604 struct hci_cp_link_key_reply cp;
2605 struct hci_conn *conn;
2606 struct link_key *key;
2608 BT_DBG("%s", hdev->name);
2610 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2615 key = hci_find_link_key(hdev, &ev->bdaddr);
2617 BT_DBG("%s link key not found for %pMR", hdev->name,
2622 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2625 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2626 key->type == HCI_LK_DEBUG_COMBINATION) {
2627 BT_DBG("%s ignoring debug key", hdev->name);
2631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2633 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2634 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2635 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2639 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2640 conn->pending_sec_level == BT_SECURITY_HIGH) {
2641 BT_DBG("%s ignoring key unauthenticated for high security",
2646 conn->key_type = key->type;
2647 conn->pin_length = key->pin_len;
2650 bacpy(&cp.bdaddr, &ev->bdaddr);
2651 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2653 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2655 hci_dev_unlock(hdev);
2660 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2661 hci_dev_unlock(hdev);
2664 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2666 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2667 struct hci_conn *conn;
2670 BT_DBG("%s", hdev->name);
2674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2676 hci_conn_hold(conn);
2677 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2678 pin_len = conn->pin_length;
2680 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2681 conn->key_type = ev->key_type;
2683 hci_conn_drop(conn);
2686 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2687 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2688 ev->key_type, pin_len);
2690 hci_dev_unlock(hdev);
2693 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2695 struct hci_ev_clock_offset *ev = (void *) skb->data;
2696 struct hci_conn *conn;
2698 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2703 if (conn && !ev->status) {
2704 struct inquiry_entry *ie;
2706 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2708 ie->data.clock_offset = ev->clock_offset;
2709 ie->timestamp = jiffies;
2713 hci_dev_unlock(hdev);
2716 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2718 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2719 struct hci_conn *conn;
2721 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2726 if (conn && !ev->status)
2727 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2729 hci_dev_unlock(hdev);
2732 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2734 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2735 struct inquiry_entry *ie;
2737 BT_DBG("%s", hdev->name);
2741 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2743 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2744 ie->timestamp = jiffies;
2747 hci_dev_unlock(hdev);
2750 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2751 struct sk_buff *skb)
2753 struct inquiry_data data;
2754 int num_rsp = *((__u8 *) skb->data);
2755 bool name_known, ssp;
2757 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2762 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2767 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2768 struct inquiry_info_with_rssi_and_pscan_mode *info;
2769 info = (void *) (skb->data + 1);
2771 for (; num_rsp; num_rsp--, info++) {
2772 bacpy(&data.bdaddr, &info->bdaddr);
2773 data.pscan_rep_mode = info->pscan_rep_mode;
2774 data.pscan_period_mode = info->pscan_period_mode;
2775 data.pscan_mode = info->pscan_mode;
2776 memcpy(data.dev_class, info->dev_class, 3);
2777 data.clock_offset = info->clock_offset;
2778 data.rssi = info->rssi;
2779 data.ssp_mode = 0x00;
2781 name_known = hci_inquiry_cache_update(hdev, &data,
2783 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2784 info->dev_class, info->rssi,
2785 !name_known, ssp, NULL, 0);
2788 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2790 for (; num_rsp; num_rsp--, info++) {
2791 bacpy(&data.bdaddr, &info->bdaddr);
2792 data.pscan_rep_mode = info->pscan_rep_mode;
2793 data.pscan_period_mode = info->pscan_period_mode;
2794 data.pscan_mode = 0x00;
2795 memcpy(data.dev_class, info->dev_class, 3);
2796 data.clock_offset = info->clock_offset;
2797 data.rssi = info->rssi;
2798 data.ssp_mode = 0x00;
2799 name_known = hci_inquiry_cache_update(hdev, &data,
2801 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2802 info->dev_class, info->rssi,
2803 !name_known, ssp, NULL, 0);
2807 hci_dev_unlock(hdev);
2810 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2811 struct sk_buff *skb)
2813 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2814 struct hci_conn *conn;
2816 BT_DBG("%s", hdev->name);
2820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2824 if (ev->page < HCI_MAX_PAGES)
2825 memcpy(conn->features[ev->page], ev->features, 8);
2827 if (!ev->status && ev->page == 0x01) {
2828 struct inquiry_entry *ie;
2830 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2832 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2834 if (ev->features[0] & LMP_HOST_SSP) {
2835 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2837 /* It is mandatory by the Bluetooth specification that
2838 * Extended Inquiry Results are only used when Secure
2839 * Simple Pairing is enabled, but some devices violate
2842 * To make these devices work, the internal SSP
2843 * enabled flag needs to be cleared if the remote host
2844 * features do not indicate SSP support */
2845 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2849 if (conn->state != BT_CONFIG)
2852 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2853 struct hci_cp_remote_name_req cp;
2854 memset(&cp, 0, sizeof(cp));
2855 bacpy(&cp.bdaddr, &conn->dst);
2856 cp.pscan_rep_mode = 0x02;
2857 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2858 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2859 mgmt_device_connected(hdev, &conn->dst, conn->type,
2860 conn->dst_type, 0, NULL, 0,
2863 if (!hci_outgoing_auth_needed(hdev, conn)) {
2864 conn->state = BT_CONNECTED;
2865 hci_proto_connect_cfm(conn, ev->status);
2866 hci_conn_drop(conn);
2870 hci_dev_unlock(hdev);
2873 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2874 struct sk_buff *skb)
2876 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2877 struct hci_conn *conn;
2879 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2883 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2885 if (ev->link_type == ESCO_LINK)
2888 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2892 conn->type = SCO_LINK;
2895 switch (ev->status) {
2897 conn->handle = __le16_to_cpu(ev->handle);
2898 conn->state = BT_CONNECTED;
2900 hci_conn_add_sysfs(conn);
2903 case 0x0d: /* Connection Rejected due to Limited Resources */
2904 case 0x11: /* Unsupported Feature or Parameter Value */
2905 case 0x1c: /* SCO interval rejected */
2906 case 0x1a: /* Unsupported Remote Feature */
2907 case 0x1f: /* Unspecified error */
2909 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2910 (hdev->esco_type & EDR_ESCO_MASK);
2911 if (hci_setup_sync(conn, conn->link->handle))
2917 conn->state = BT_CLOSED;
2921 hci_proto_connect_cfm(conn, ev->status);
2926 hci_dev_unlock(hdev);
2929 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2933 while (parsed < eir_len) {
2934 u8 field_len = eir[0];
2939 parsed += field_len + 1;
2940 eir += field_len + 1;
2946 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2947 struct sk_buff *skb)
2949 struct inquiry_data data;
2950 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2951 int num_rsp = *((__u8 *) skb->data);
2954 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2959 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2964 for (; num_rsp; num_rsp--, info++) {
2965 bool name_known, ssp;
2967 bacpy(&data.bdaddr, &info->bdaddr);
2968 data.pscan_rep_mode = info->pscan_rep_mode;
2969 data.pscan_period_mode = info->pscan_period_mode;
2970 data.pscan_mode = 0x00;
2971 memcpy(data.dev_class, info->dev_class, 3);
2972 data.clock_offset = info->clock_offset;
2973 data.rssi = info->rssi;
2974 data.ssp_mode = 0x01;
2976 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2977 name_known = eir_has_data_type(info->data,
2983 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2985 eir_len = eir_get_length(info->data, sizeof(info->data));
2986 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2987 info->dev_class, info->rssi, !name_known,
2988 ssp, info->data, eir_len);
2991 hci_dev_unlock(hdev);
2994 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2995 struct sk_buff *skb)
2997 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2998 struct hci_conn *conn;
3000 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3001 __le16_to_cpu(ev->handle));
3005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3010 conn->sec_level = conn->pending_sec_level;
3012 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3014 if (ev->status && conn->state == BT_CONNECTED) {
3015 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3016 hci_conn_drop(conn);
3020 if (conn->state == BT_CONFIG) {
3022 conn->state = BT_CONNECTED;
3024 hci_proto_connect_cfm(conn, ev->status);
3025 hci_conn_drop(conn);
3027 hci_auth_cfm(conn, ev->status);
3029 hci_conn_hold(conn);
3030 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3031 hci_conn_drop(conn);
3035 hci_dev_unlock(hdev);
3038 static u8 hci_get_auth_req(struct hci_conn *conn)
3040 /* If remote requests dedicated bonding follow that lead */
3041 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3042 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3043 /* If both remote and local IO capabilities allow MITM
3044 * protection then require it, otherwise don't */
3045 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3046 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3047 return HCI_AT_DEDICATED_BONDING;
3049 return HCI_AT_DEDICATED_BONDING_MITM;
3052 /* If remote requests no-bonding follow that lead */
3053 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3054 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3055 return conn->remote_auth | (conn->auth_type & 0x01);
3057 return conn->auth_type;
3060 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3062 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3065 BT_DBG("%s", hdev->name);
3069 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3073 hci_conn_hold(conn);
3075 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3078 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3079 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3080 struct hci_cp_io_capability_reply cp;
3082 bacpy(&cp.bdaddr, &ev->bdaddr);
3083 /* Change the IO capability from KeyboardDisplay
3084 * to DisplayYesNo as it is not supported by BT spec. */
3085 cp.capability = (conn->io_capability == 0x04) ?
3086 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3087 conn->auth_type = hci_get_auth_req(conn);
3088 cp.authentication = conn->auth_type;
3090 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3091 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3096 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3099 struct hci_cp_io_capability_neg_reply cp;
3101 bacpy(&cp.bdaddr, &ev->bdaddr);
3102 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3104 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3109 hci_dev_unlock(hdev);
3112 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3114 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3115 struct hci_conn *conn;
3117 BT_DBG("%s", hdev->name);
3121 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3125 conn->remote_cap = ev->capability;
3126 conn->remote_auth = ev->authentication;
3128 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3131 hci_dev_unlock(hdev);
3134 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3135 struct sk_buff *skb)
3137 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3138 int loc_mitm, rem_mitm, confirm_hint = 0;
3139 struct hci_conn *conn;
3141 BT_DBG("%s", hdev->name);
3145 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3152 loc_mitm = (conn->auth_type & 0x01);
3153 rem_mitm = (conn->remote_auth & 0x01);
3155 /* If we require MITM but the remote device can't provide that
3156 * (it has NoInputNoOutput) then reject the confirmation
3157 * request. The only exception is when we're dedicated bonding
3158 * initiators (connect_cfm_cb set) since then we always have the MITM
3160 if (!conn->connect_cfm_cb && loc_mitm &&
3161 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3162 BT_DBG("Rejecting request: remote device can't provide MITM");
3163 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3164 sizeof(ev->bdaddr), &ev->bdaddr);
3168 /* If no side requires MITM protection; auto-accept */
3169 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3170 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3172 /* If we're not the initiators request authorization to
3173 * proceed from user space (mgmt_user_confirm with
3174 * confirm_hint set to 1). */
3175 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3176 BT_DBG("Confirming auto-accept as acceptor");
3181 BT_DBG("Auto-accept of user confirmation with %ums delay",
3182 hdev->auto_accept_delay);
3184 if (hdev->auto_accept_delay > 0) {
3185 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3186 queue_delayed_work(conn->hdev->workqueue,
3187 &conn->auto_accept_work, delay);
3191 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3192 sizeof(ev->bdaddr), &ev->bdaddr);
3197 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3201 hci_dev_unlock(hdev);
3204 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3205 struct sk_buff *skb)
3207 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3209 BT_DBG("%s", hdev->name);
3211 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3212 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3215 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3216 struct sk_buff *skb)
3218 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3219 struct hci_conn *conn;
3221 BT_DBG("%s", hdev->name);
3223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3227 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3228 conn->passkey_entered = 0;
3230 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3231 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3232 conn->dst_type, conn->passkey_notify,
3233 conn->passkey_entered);
3236 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3238 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3239 struct hci_conn *conn;
3241 BT_DBG("%s", hdev->name);
3243 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3248 case HCI_KEYPRESS_STARTED:
3249 conn->passkey_entered = 0;
3252 case HCI_KEYPRESS_ENTERED:
3253 conn->passkey_entered++;
3256 case HCI_KEYPRESS_ERASED:
3257 conn->passkey_entered--;
3260 case HCI_KEYPRESS_CLEARED:
3261 conn->passkey_entered = 0;
3264 case HCI_KEYPRESS_COMPLETED:
3268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3269 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3270 conn->dst_type, conn->passkey_notify,
3271 conn->passkey_entered);
3274 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3275 struct sk_buff *skb)
3277 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3278 struct hci_conn *conn;
3280 BT_DBG("%s", hdev->name);
3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3288 /* To avoid duplicate auth_failed events to user space we check
3289 * the HCI_CONN_AUTH_PEND flag which will be set if we
3290 * initiated the authentication. A traditional auth_complete
3291 * event gets always produced as initiator and is also mapped to
3292 * the mgmt_auth_failed event */
3293 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3294 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3297 hci_conn_drop(conn);
3300 hci_dev_unlock(hdev);
3303 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3304 struct sk_buff *skb)
3306 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3307 struct inquiry_entry *ie;
3308 struct hci_conn *conn;
3310 BT_DBG("%s", hdev->name);
3314 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3316 memcpy(conn->features[1], ev->features, 8);
3318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3320 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3322 hci_dev_unlock(hdev);
3325 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
3328 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3329 struct oob_data *data;
3331 BT_DBG("%s", hdev->name);
3335 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3338 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3340 struct hci_cp_remote_oob_data_reply cp;
3342 bacpy(&cp.bdaddr, &ev->bdaddr);
3343 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3344 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3346 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3349 struct hci_cp_remote_oob_data_neg_reply cp;
3351 bacpy(&cp.bdaddr, &ev->bdaddr);
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3357 hci_dev_unlock(hdev);
3360 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3361 struct sk_buff *skb)
3363 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3364 struct hci_conn *hcon, *bredr_hcon;
3366 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3371 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3373 hci_dev_unlock(hdev);
3379 hci_dev_unlock(hdev);
3383 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3385 hcon->state = BT_CONNECTED;
3386 bacpy(&hcon->dst, &bredr_hcon->dst);
3388 hci_conn_hold(hcon);
3389 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3390 hci_conn_drop(hcon);
3392 hci_conn_add_sysfs(hcon);
3394 amp_physical_cfm(bredr_hcon, hcon);
3396 hci_dev_unlock(hdev);
3399 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3401 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3402 struct hci_conn *hcon;
3403 struct hci_chan *hchan;
3404 struct amp_mgr *mgr;
3406 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3407 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3410 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3414 /* Create AMP hchan */
3415 hchan = hci_chan_create(hcon);
3419 hchan->handle = le16_to_cpu(ev->handle);
3421 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3423 mgr = hcon->amp_mgr;
3424 if (mgr && mgr->bredr_chan) {
3425 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3427 l2cap_chan_lock(bredr_chan);
3429 bredr_chan->conn->mtu = hdev->block_mtu;
3430 l2cap_logical_cfm(bredr_chan, hchan, 0);
3431 hci_conn_hold(hcon);
3433 l2cap_chan_unlock(bredr_chan);
3437 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3438 struct sk_buff *skb)
3440 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3441 struct hci_chan *hchan;
3443 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3444 le16_to_cpu(ev->handle), ev->status);
3451 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3455 amp_destroy_logical_link(hchan, ev->reason);
3458 hci_dev_unlock(hdev);
3461 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3462 struct sk_buff *skb)
3464 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3465 struct hci_conn *hcon;
3467 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3474 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3476 hcon->state = BT_CLOSED;
3480 hci_dev_unlock(hdev);
3483 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3485 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3486 struct hci_conn *conn;
3488 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3492 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3494 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3496 BT_ERR("No memory for new connection");
3500 conn->dst_type = ev->bdaddr_type;
3502 /* The advertising parameters for own address type
3503 * define which source address and source address
3504 * type this connections has.
3506 if (bacmp(&conn->src, BDADDR_ANY)) {
3507 conn->src_type = ADDR_LE_DEV_PUBLIC;
3509 bacpy(&conn->src, &hdev->static_addr);
3510 conn->src_type = ADDR_LE_DEV_RANDOM;
3513 if (ev->role == LE_CONN_ROLE_MASTER) {
3515 conn->link_mode |= HCI_LM_MASTER;
3520 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3521 conn->dst_type, ev->status);
3522 hci_proto_connect_cfm(conn, ev->status);
3523 conn->state = BT_CLOSED;
3528 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3529 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3530 conn->dst_type, 0, NULL, 0, NULL);
3532 conn->sec_level = BT_SECURITY_LOW;
3533 conn->handle = __le16_to_cpu(ev->handle);
3534 conn->state = BT_CONNECTED;
3536 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3537 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3539 hci_conn_add_sysfs(conn);
3541 hci_proto_connect_cfm(conn, ev->status);
3544 hci_dev_unlock(hdev);
3547 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3549 u8 num_reports = skb->data[0];
3550 void *ptr = &skb->data[1];
3553 while (num_reports--) {
3554 struct hci_ev_le_advertising_info *ev = ptr;
3556 rssi = ev->data[ev->length];
3557 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3558 NULL, rssi, 0, 1, ev->data, ev->length);
3560 ptr += sizeof(*ev) + ev->length + 1;
3564 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3566 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3567 struct hci_cp_le_ltk_reply cp;
3568 struct hci_cp_le_ltk_neg_reply neg;
3569 struct hci_conn *conn;
3570 struct smp_ltk *ltk;
3572 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3576 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3580 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3584 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3585 cp.handle = cpu_to_le16(conn->handle);
3587 if (ltk->authenticated)
3588 conn->pending_sec_level = BT_SECURITY_HIGH;
3590 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3592 conn->enc_key_size = ltk->enc_size;
3594 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3596 if (ltk->type & HCI_SMP_STK) {
3597 list_del(<k->list);
3601 hci_dev_unlock(hdev);
3606 neg.handle = ev->handle;
3607 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3608 hci_dev_unlock(hdev);
3611 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3613 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3615 skb_pull(skb, sizeof(*le_ev));
3617 switch (le_ev->subevent) {
3618 case HCI_EV_LE_CONN_COMPLETE:
3619 hci_le_conn_complete_evt(hdev, skb);
3622 case HCI_EV_LE_ADVERTISING_REPORT:
3623 hci_le_adv_report_evt(hdev, skb);
3626 case HCI_EV_LE_LTK_REQ:
3627 hci_le_ltk_request_evt(hdev, skb);
3635 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3637 struct hci_ev_channel_selected *ev = (void *) skb->data;
3638 struct hci_conn *hcon;
3640 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3642 skb_pull(skb, sizeof(*ev));
3644 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3648 amp_read_loc_assoc_final_data(hdev, hcon);
3651 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3653 struct hci_event_hdr *hdr = (void *) skb->data;
3654 __u8 event = hdr->evt;
3658 /* Received events are (currently) only needed when a request is
3659 * ongoing so avoid unnecessary memory allocation.
3661 if (hdev->req_status == HCI_REQ_PEND) {
3662 kfree_skb(hdev->recv_evt);
3663 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3666 hci_dev_unlock(hdev);
3668 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3670 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3671 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3672 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3674 hci_req_cmd_complete(hdev, opcode, 0);
3678 case HCI_EV_INQUIRY_COMPLETE:
3679 hci_inquiry_complete_evt(hdev, skb);
3682 case HCI_EV_INQUIRY_RESULT:
3683 hci_inquiry_result_evt(hdev, skb);
3686 case HCI_EV_CONN_COMPLETE:
3687 hci_conn_complete_evt(hdev, skb);
3690 case HCI_EV_CONN_REQUEST:
3691 hci_conn_request_evt(hdev, skb);
3694 case HCI_EV_DISCONN_COMPLETE:
3695 hci_disconn_complete_evt(hdev, skb);
3698 case HCI_EV_AUTH_COMPLETE:
3699 hci_auth_complete_evt(hdev, skb);
3702 case HCI_EV_REMOTE_NAME:
3703 hci_remote_name_evt(hdev, skb);
3706 case HCI_EV_ENCRYPT_CHANGE:
3707 hci_encrypt_change_evt(hdev, skb);
3710 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3711 hci_change_link_key_complete_evt(hdev, skb);
3714 case HCI_EV_REMOTE_FEATURES:
3715 hci_remote_features_evt(hdev, skb);
3718 case HCI_EV_CMD_COMPLETE:
3719 hci_cmd_complete_evt(hdev, skb);
3722 case HCI_EV_CMD_STATUS:
3723 hci_cmd_status_evt(hdev, skb);
3726 case HCI_EV_ROLE_CHANGE:
3727 hci_role_change_evt(hdev, skb);
3730 case HCI_EV_NUM_COMP_PKTS:
3731 hci_num_comp_pkts_evt(hdev, skb);
3734 case HCI_EV_MODE_CHANGE:
3735 hci_mode_change_evt(hdev, skb);
3738 case HCI_EV_PIN_CODE_REQ:
3739 hci_pin_code_request_evt(hdev, skb);
3742 case HCI_EV_LINK_KEY_REQ:
3743 hci_link_key_request_evt(hdev, skb);
3746 case HCI_EV_LINK_KEY_NOTIFY:
3747 hci_link_key_notify_evt(hdev, skb);
3750 case HCI_EV_CLOCK_OFFSET:
3751 hci_clock_offset_evt(hdev, skb);
3754 case HCI_EV_PKT_TYPE_CHANGE:
3755 hci_pkt_type_change_evt(hdev, skb);
3758 case HCI_EV_PSCAN_REP_MODE:
3759 hci_pscan_rep_mode_evt(hdev, skb);
3762 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3763 hci_inquiry_result_with_rssi_evt(hdev, skb);
3766 case HCI_EV_REMOTE_EXT_FEATURES:
3767 hci_remote_ext_features_evt(hdev, skb);
3770 case HCI_EV_SYNC_CONN_COMPLETE:
3771 hci_sync_conn_complete_evt(hdev, skb);
3774 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3775 hci_extended_inquiry_result_evt(hdev, skb);
3778 case HCI_EV_KEY_REFRESH_COMPLETE:
3779 hci_key_refresh_complete_evt(hdev, skb);
3782 case HCI_EV_IO_CAPA_REQUEST:
3783 hci_io_capa_request_evt(hdev, skb);
3786 case HCI_EV_IO_CAPA_REPLY:
3787 hci_io_capa_reply_evt(hdev, skb);
3790 case HCI_EV_USER_CONFIRM_REQUEST:
3791 hci_user_confirm_request_evt(hdev, skb);
3794 case HCI_EV_USER_PASSKEY_REQUEST:
3795 hci_user_passkey_request_evt(hdev, skb);
3798 case HCI_EV_USER_PASSKEY_NOTIFY:
3799 hci_user_passkey_notify_evt(hdev, skb);
3802 case HCI_EV_KEYPRESS_NOTIFY:
3803 hci_keypress_notify_evt(hdev, skb);
3806 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3807 hci_simple_pair_complete_evt(hdev, skb);
3810 case HCI_EV_REMOTE_HOST_FEATURES:
3811 hci_remote_host_features_evt(hdev, skb);
3814 case HCI_EV_LE_META:
3815 hci_le_meta_evt(hdev, skb);
3818 case HCI_EV_CHANNEL_SELECTED:
3819 hci_chan_selected_evt(hdev, skb);
3822 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3823 hci_remote_oob_data_request_evt(hdev, skb);
3826 case HCI_EV_PHY_LINK_COMPLETE:
3827 hci_phy_link_complete_evt(hdev, skb);
3830 case HCI_EV_LOGICAL_LINK_COMPLETE:
3831 hci_loglink_complete_evt(hdev, skb);
3834 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3835 hci_disconn_loglink_complete_evt(hdev, skb);
3838 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3839 hci_disconn_phylink_complete_evt(hdev, skb);
3842 case HCI_EV_NUM_COMP_BLOCKS:
3843 hci_num_comp_blocks_evt(hdev, skb);
3847 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3852 hdev->stat.evt_rx++;
projects / ~andy / linux / blob