2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
62 test_bit(HCI_MGMT, &hdev->flags))
63 mgmt_discovering(hdev->id, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
80 test_bit(HCI_MGMT, &hdev->flags))
81 mgmt_discovering(hdev->id, 0);
83 hci_conn_check_pending(hdev);
86 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 conn->link_mode &= ~HCI_LM_MASTER;
108 conn->link_mode |= HCI_LM_MASTER;
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161 BT_DBG("%s status 0x%x", hdev->name, rp->status);
166 hdev->link_policy = __le16_to_cpu(rp->policy);
169 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
171 __u8 status = *((__u8 *) skb->data);
174 BT_DBG("%s status 0x%x", hdev->name, status);
176 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 hdev->link_policy = get_unaligned_le16(sent);
183 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 hci_req_complete(hdev, HCI_OP_RESET, status);
197 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
199 __u8 status = *((__u8 *) skb->data);
202 BT_DBG("%s status 0x%x", hdev->name, status);
204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
208 if (test_bit(HCI_MGMT, &hdev->flags))
209 mgmt_set_local_name_complete(hdev->id, sent, status);
214 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
217 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
219 struct hci_rp_read_local_name *rp = (void *) skb->data;
221 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
229 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
231 __u8 status = *((__u8 *) skb->data);
234 BT_DBG("%s status 0x%x", hdev->name, status);
236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 __u8 param = *((__u8 *) sent);
243 if (param == AUTH_ENABLED)
244 set_bit(HCI_AUTH, &hdev->flags);
246 clear_bit(HCI_AUTH, &hdev->flags);
249 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
252 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
254 __u8 status = *((__u8 *) skb->data);
257 BT_DBG("%s status 0x%x", hdev->name, status);
259 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
264 __u8 param = *((__u8 *) sent);
267 set_bit(HCI_ENCRYPT, &hdev->flags);
269 clear_bit(HCI_ENCRYPT, &hdev->flags);
272 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
275 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
277 __u8 status = *((__u8 *) skb->data);
280 BT_DBG("%s status 0x%x", hdev->name, status);
282 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
287 __u8 param = *((__u8 *) sent);
288 int old_pscan, old_iscan;
290 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
291 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
293 if (param & SCAN_INQUIRY) {
294 set_bit(HCI_ISCAN, &hdev->flags);
296 mgmt_discoverable(hdev->id, 1);
297 } else if (old_iscan)
298 mgmt_discoverable(hdev->id, 0);
300 if (param & SCAN_PAGE) {
301 set_bit(HCI_PSCAN, &hdev->flags);
303 mgmt_connectable(hdev->id, 1);
304 } else if (old_pscan)
305 mgmt_connectable(hdev->id, 0);
308 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
311 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
313 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
315 BT_DBG("%s status 0x%x", hdev->name, rp->status);
320 memcpy(hdev->dev_class, rp->dev_class, 3);
322 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
323 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
326 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
328 __u8 status = *((__u8 *) skb->data);
331 BT_DBG("%s status 0x%x", hdev->name, status);
336 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
340 memcpy(hdev->dev_class, sent, 3);
343 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
345 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
348 BT_DBG("%s status 0x%x", hdev->name, rp->status);
353 setting = __le16_to_cpu(rp->voice_setting);
355 if (hdev->voice_setting == setting)
358 hdev->voice_setting = setting;
360 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
363 tasklet_disable(&hdev->tx_task);
364 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
365 tasklet_enable(&hdev->tx_task);
369 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 __u8 status = *((__u8 *) skb->data);
375 BT_DBG("%s status 0x%x", hdev->name, status);
380 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
384 setting = get_unaligned_le16(sent);
386 if (hdev->voice_setting == setting)
389 hdev->voice_setting = setting;
391 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
394 tasklet_disable(&hdev->tx_task);
395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
396 tasklet_enable(&hdev->tx_task);
400 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
402 __u8 status = *((__u8 *) skb->data);
404 BT_DBG("%s status 0x%x", hdev->name, status);
406 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
409 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
411 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
413 BT_DBG("%s status 0x%x", hdev->name, rp->status);
418 hdev->ssp_mode = rp->mode;
421 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423 __u8 status = *((__u8 *) skb->data);
426 BT_DBG("%s status 0x%x", hdev->name, status);
431 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
435 hdev->ssp_mode = *((__u8 *) sent);
438 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
440 if (hdev->features[6] & LMP_EXT_INQ)
443 if (hdev->features[3] & LMP_RSSI_INQ)
446 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
447 hdev->lmp_subver == 0x0757)
450 if (hdev->manufacturer == 15) {
451 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
455 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
459 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
460 hdev->lmp_subver == 0x1805)
466 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
470 mode = hci_get_inquiry_mode(hdev);
472 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
475 static void hci_setup_event_mask(struct hci_dev *hdev)
477 /* The second byte is 0xff instead of 0x9f (two reserved bits
478 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
479 * command otherwise */
480 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
482 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
483 * any event mask for pre 1.2 devices */
484 if (hdev->lmp_ver <= 1)
487 events[4] |= 0x01; /* Flow Specification Complete */
488 events[4] |= 0x02; /* Inquiry Result with RSSI */
489 events[4] |= 0x04; /* Read Remote Extended Features Complete */
490 events[5] |= 0x08; /* Synchronous Connection Complete */
491 events[5] |= 0x10; /* Synchronous Connection Changed */
493 if (hdev->features[3] & LMP_RSSI_INQ)
494 events[4] |= 0x04; /* Inquiry Result with RSSI */
496 if (hdev->features[5] & LMP_SNIFF_SUBR)
497 events[5] |= 0x20; /* Sniff Subrating */
499 if (hdev->features[5] & LMP_PAUSE_ENC)
500 events[5] |= 0x80; /* Encryption Key Refresh Complete */
502 if (hdev->features[6] & LMP_EXT_INQ)
503 events[5] |= 0x40; /* Extended Inquiry Result */
505 if (hdev->features[6] & LMP_NO_FLUSH)
506 events[7] |= 0x01; /* Enhanced Flush Complete */
508 if (hdev->features[7] & LMP_LSTO)
509 events[6] |= 0x80; /* Link Supervision Timeout Changed */
511 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
512 events[6] |= 0x01; /* IO Capability Request */
513 events[6] |= 0x02; /* IO Capability Response */
514 events[6] |= 0x04; /* User Confirmation Request */
515 events[6] |= 0x08; /* User Passkey Request */
516 events[6] |= 0x10; /* Remote OOB Data Request */
517 events[6] |= 0x20; /* Simple Pairing Complete */
518 events[7] |= 0x04; /* User Passkey Notification */
519 events[7] |= 0x08; /* Keypress Notification */
520 events[7] |= 0x10; /* Remote Host Supported
521 * Features Notification */
524 if (hdev->features[4] & LMP_LE)
525 events[7] |= 0x20; /* LE Meta-Event */
527 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
530 static void hci_set_le_support(struct hci_dev *hdev)
532 struct hci_cp_write_le_host_supported cp;
534 memset(&cp, 0, sizeof(cp));
538 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
541 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
544 static void hci_setup(struct hci_dev *hdev)
546 hci_setup_event_mask(hdev);
548 if (hdev->hci_ver > 1)
549 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
551 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
553 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
556 if (hdev->features[3] & LMP_RSSI_INQ)
557 hci_setup_inquiry_mode(hdev);
559 if (hdev->features[7] & LMP_INQ_TX_PWR)
560 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
562 if (hdev->features[7] & LMP_EXTFEATURES) {
563 struct hci_cp_read_local_ext_features cp;
566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
570 if (hdev->features[4] & LMP_LE)
571 hci_set_le_support(hdev);
574 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
576 struct hci_rp_read_local_version *rp = (void *) skb->data;
578 BT_DBG("%s status 0x%x", hdev->name, rp->status);
583 hdev->hci_ver = rp->hci_ver;
584 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
585 hdev->lmp_ver = rp->lmp_ver;
586 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
587 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
589 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
591 hdev->hci_ver, hdev->hci_rev);
593 if (test_bit(HCI_INIT, &hdev->flags))
597 static void hci_setup_link_policy(struct hci_dev *hdev)
601 if (hdev->features[0] & LMP_RSWITCH)
602 link_policy |= HCI_LP_RSWITCH;
603 if (hdev->features[0] & LMP_HOLD)
604 link_policy |= HCI_LP_HOLD;
605 if (hdev->features[0] & LMP_SNIFF)
606 link_policy |= HCI_LP_SNIFF;
607 if (hdev->features[1] & LMP_PARK)
608 link_policy |= HCI_LP_PARK;
610 link_policy = cpu_to_le16(link_policy);
611 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
612 sizeof(link_policy), &link_policy);
615 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
617 struct hci_rp_read_local_commands *rp = (void *) skb->data;
619 BT_DBG("%s status 0x%x", hdev->name, rp->status);
624 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
626 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
627 hci_setup_link_policy(hdev);
630 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
633 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
635 struct hci_rp_read_local_features *rp = (void *) skb->data;
637 BT_DBG("%s status 0x%x", hdev->name, rp->status);
642 memcpy(hdev->features, rp->features, 8);
644 /* Adjust default settings according to features
645 * supported by device. */
647 if (hdev->features[0] & LMP_3SLOT)
648 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
650 if (hdev->features[0] & LMP_5SLOT)
651 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
653 if (hdev->features[1] & LMP_HV2) {
654 hdev->pkt_type |= (HCI_HV2);
655 hdev->esco_type |= (ESCO_HV2);
658 if (hdev->features[1] & LMP_HV3) {
659 hdev->pkt_type |= (HCI_HV3);
660 hdev->esco_type |= (ESCO_HV3);
663 if (hdev->features[3] & LMP_ESCO)
664 hdev->esco_type |= (ESCO_EV3);
666 if (hdev->features[4] & LMP_EV4)
667 hdev->esco_type |= (ESCO_EV4);
669 if (hdev->features[4] & LMP_EV5)
670 hdev->esco_type |= (ESCO_EV5);
672 if (hdev->features[5] & LMP_EDR_ESCO_2M)
673 hdev->esco_type |= (ESCO_2EV3);
675 if (hdev->features[5] & LMP_EDR_ESCO_3M)
676 hdev->esco_type |= (ESCO_3EV3);
678 if (hdev->features[5] & LMP_EDR_3S_ESCO)
679 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
681 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
682 hdev->features[0], hdev->features[1],
683 hdev->features[2], hdev->features[3],
684 hdev->features[4], hdev->features[5],
685 hdev->features[6], hdev->features[7]);
688 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
691 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
693 BT_DBG("%s status 0x%x", hdev->name, rp->status);
698 memcpy(hdev->extfeatures, rp->features, 8);
700 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
703 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
705 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
707 BT_DBG("%s status 0x%x", hdev->name, rp->status);
712 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
713 hdev->sco_mtu = rp->sco_mtu;
714 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
715 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
717 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
722 hdev->acl_cnt = hdev->acl_pkts;
723 hdev->sco_cnt = hdev->sco_pkts;
725 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
726 hdev->acl_mtu, hdev->acl_pkts,
727 hdev->sco_mtu, hdev->sco_pkts);
730 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
732 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
734 BT_DBG("%s status 0x%x", hdev->name, rp->status);
737 bacpy(&hdev->bdaddr, &rp->bdaddr);
739 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
742 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
744 __u8 status = *((__u8 *) skb->data);
746 BT_DBG("%s status 0x%x", hdev->name, status);
748 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
751 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
754 __u8 status = *((__u8 *) skb->data);
756 BT_DBG("%s status 0x%x", hdev->name, status);
758 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
761 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
763 __u8 status = *((__u8 *) skb->data);
765 BT_DBG("%s status 0x%x", hdev->name, status);
767 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
770 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
773 __u8 status = *((__u8 *) skb->data);
775 BT_DBG("%s status 0x%x", hdev->name, status);
777 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
780 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
783 __u8 status = *((__u8 *) skb->data);
785 BT_DBG("%s status 0x%x", hdev->name, status);
787 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
790 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
792 __u8 status = *((__u8 *) skb->data);
794 BT_DBG("%s status 0x%x", hdev->name, status);
796 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
799 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
801 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
802 struct hci_cp_pin_code_reply *cp;
803 struct hci_conn *conn;
805 BT_DBG("%s status 0x%x", hdev->name, rp->status);
807 if (test_bit(HCI_MGMT, &hdev->flags))
808 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
813 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
819 conn->pin_length = cp->pin_len;
822 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
824 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
832 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
835 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
837 BT_DBG("%s status 0x%x", hdev->name, rp->status);
842 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
843 hdev->le_pkts = rp->le_max_pkt;
845 hdev->le_cnt = hdev->le_pkts;
847 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
849 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
852 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
854 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
856 BT_DBG("%s status 0x%x", hdev->name, rp->status);
858 if (test_bit(HCI_MGMT, &hdev->flags))
859 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
863 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
866 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
868 BT_DBG("%s status 0x%x", hdev->name, rp->status);
870 if (test_bit(HCI_MGMT, &hdev->flags))
871 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
875 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
878 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%x", hdev->name, rp->status);
882 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
883 rp->randomizer, rp->status);
886 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
889 struct hci_cp_le_set_scan_enable *cp;
890 __u8 status = *((__u8 *) skb->data);
892 BT_DBG("%s status 0x%x", hdev->name, status);
897 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
901 if (cp->enable == 0x01) {
902 del_timer(&hdev->adv_timer);
905 hci_adv_entries_clear(hdev);
906 hci_dev_unlock(hdev);
907 } else if (cp->enable == 0x00) {
908 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
912 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
914 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
916 BT_DBG("%s status 0x%x", hdev->name, rp->status);
921 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
924 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
926 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
928 BT_DBG("%s status 0x%x", hdev->name, rp->status);
933 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
936 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
939 struct hci_cp_read_local_ext_features cp;
940 __u8 status = *((__u8 *) skb->data);
942 BT_DBG("%s status 0x%x", hdev->name, status);
948 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
951 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
953 BT_DBG("%s status 0x%x", hdev->name, status);
956 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
957 hci_conn_check_pending(hdev);
961 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
962 test_bit(HCI_MGMT, &hdev->flags))
963 mgmt_discovering(hdev->id, 1);
966 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
968 struct hci_cp_create_conn *cp;
969 struct hci_conn *conn;
971 BT_DBG("%s status 0x%x", hdev->name, status);
973 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
979 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
981 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
984 if (conn && conn->state == BT_CONNECT) {
985 if (status != 0x0c || conn->attempt > 2) {
986 conn->state = BT_CLOSED;
987 hci_proto_connect_cfm(conn, status);
990 conn->state = BT_CONNECT2;
994 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
997 conn->link_mode |= HCI_LM_MASTER;
999 BT_ERR("No memory for new connection");
1003 hci_dev_unlock(hdev);
1006 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1008 struct hci_cp_add_sco *cp;
1009 struct hci_conn *acl, *sco;
1012 BT_DBG("%s status 0x%x", hdev->name, status);
1017 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1021 handle = __le16_to_cpu(cp->handle);
1023 BT_DBG("%s handle %d", hdev->name, handle);
1027 acl = hci_conn_hash_lookup_handle(hdev, handle);
1031 sco->state = BT_CLOSED;
1033 hci_proto_connect_cfm(sco, status);
1038 hci_dev_unlock(hdev);
1041 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1043 struct hci_cp_auth_requested *cp;
1044 struct hci_conn *conn;
1046 BT_DBG("%s status 0x%x", hdev->name, status);
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1059 if (conn->state == BT_CONFIG) {
1060 hci_proto_connect_cfm(conn, status);
1065 hci_dev_unlock(hdev);
1068 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1070 struct hci_cp_set_conn_encrypt *cp;
1071 struct hci_conn *conn;
1073 BT_DBG("%s status 0x%x", hdev->name, status);
1078 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1086 if (conn->state == BT_CONFIG) {
1087 hci_proto_connect_cfm(conn, status);
1092 hci_dev_unlock(hdev);
1095 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1096 struct hci_conn *conn)
1098 if (conn->state != BT_CONFIG || !conn->out)
1101 if (conn->pending_sec_level == BT_SECURITY_SDP)
1104 /* Only request authentication for SSP connections or non-SSP
1105 * devices with sec_level HIGH or if MITM protection is requested */
1106 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1107 conn->pending_sec_level != BT_SECURITY_HIGH &&
1108 !(conn->auth_type & 0x01))
1114 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1116 struct hci_cp_remote_name_req *cp;
1117 struct hci_conn *conn;
1119 BT_DBG("%s status 0x%x", hdev->name, status);
1121 /* If successful wait for the name req complete event before
1122 * checking for the need to do authentication */
1126 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1132 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1136 if (!hci_outgoing_auth_needed(hdev, conn))
1139 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1140 struct hci_cp_auth_requested cp;
1141 cp.handle = __cpu_to_le16(conn->handle);
1142 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1146 hci_dev_unlock(hdev);
1149 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1151 struct hci_cp_read_remote_features *cp;
1152 struct hci_conn *conn;
1154 BT_DBG("%s status 0x%x", hdev->name, status);
1159 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1167 if (conn->state == BT_CONFIG) {
1168 hci_proto_connect_cfm(conn, status);
1173 hci_dev_unlock(hdev);
1176 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1178 struct hci_cp_read_remote_ext_features *cp;
1179 struct hci_conn *conn;
1181 BT_DBG("%s status 0x%x", hdev->name, status);
1186 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1192 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1194 if (conn->state == BT_CONFIG) {
1195 hci_proto_connect_cfm(conn, status);
1200 hci_dev_unlock(hdev);
1203 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1205 struct hci_cp_setup_sync_conn *cp;
1206 struct hci_conn *acl, *sco;
1209 BT_DBG("%s status 0x%x", hdev->name, status);
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1218 handle = __le16_to_cpu(cp->handle);
1220 BT_DBG("%s handle %d", hdev->name, handle);
1224 acl = hci_conn_hash_lookup_handle(hdev, handle);
1228 sco->state = BT_CLOSED;
1230 hci_proto_connect_cfm(sco, status);
1235 hci_dev_unlock(hdev);
1238 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1240 struct hci_cp_sniff_mode *cp;
1241 struct hci_conn *conn;
1243 BT_DBG("%s status 0x%x", hdev->name, status);
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1254 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1256 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1258 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1259 hci_sco_setup(conn, status);
1262 hci_dev_unlock(hdev);
1265 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1267 struct hci_cp_exit_sniff_mode *cp;
1268 struct hci_conn *conn;
1270 BT_DBG("%s status 0x%x", hdev->name, status);
1275 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1281 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1283 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1285 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1286 hci_sco_setup(conn, status);
1289 hci_dev_unlock(hdev);
1292 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1294 struct hci_cp_le_create_conn *cp;
1295 struct hci_conn *conn;
1297 BT_DBG("%s status 0x%x", hdev->name, status);
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1305 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1307 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1311 if (conn && conn->state == BT_CONNECT) {
1312 conn->state = BT_CLOSED;
1313 hci_proto_connect_cfm(conn, status);
1318 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1320 conn->dst_type = cp->peer_addr_type;
1323 BT_ERR("No memory for new connection");
1328 hci_dev_unlock(hdev);
1331 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1333 BT_DBG("%s status 0x%x", hdev->name, status);
1336 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1338 __u8 status = *((__u8 *) skb->data);
1340 BT_DBG("%s status %d", hdev->name, status);
1342 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1343 test_bit(HCI_MGMT, &hdev->flags))
1344 mgmt_discovering(hdev->id, 0);
1346 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1348 hci_conn_check_pending(hdev);
1351 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1353 struct inquiry_data data;
1354 struct inquiry_info *info = (void *) (skb->data + 1);
1355 int num_rsp = *((__u8 *) skb->data);
1357 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1364 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1366 if (test_bit(HCI_MGMT, &hdev->flags))
1367 mgmt_discovering(hdev->id, 1);
1370 for (; num_rsp; num_rsp--, info++) {
1371 bacpy(&data.bdaddr, &info->bdaddr);
1372 data.pscan_rep_mode = info->pscan_rep_mode;
1373 data.pscan_period_mode = info->pscan_period_mode;
1374 data.pscan_mode = info->pscan_mode;
1375 memcpy(data.dev_class, info->dev_class, 3);
1376 data.clock_offset = info->clock_offset;
1378 data.ssp_mode = 0x00;
1379 hci_inquiry_cache_update(hdev, &data);
1380 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1384 hci_dev_unlock(hdev);
1387 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1389 struct hci_ev_conn_complete *ev = (void *) skb->data;
1390 struct hci_conn *conn;
1392 BT_DBG("%s", hdev->name);
1396 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1398 if (ev->link_type != SCO_LINK)
1401 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1405 conn->type = SCO_LINK;
1409 conn->handle = __le16_to_cpu(ev->handle);
1411 if (conn->type == ACL_LINK) {
1412 conn->state = BT_CONFIG;
1413 hci_conn_hold(conn);
1416 !(conn->ssp_mode && conn->hdev->ssp_mode) &&
1417 !hci_find_link_key(hdev, &ev->bdaddr))
1418 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1420 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1421 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
1423 conn->state = BT_CONNECTED;
1425 hci_conn_hold_device(conn);
1426 hci_conn_add_sysfs(conn);
1428 if (test_bit(HCI_AUTH, &hdev->flags))
1429 conn->link_mode |= HCI_LM_AUTH;
1431 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1432 conn->link_mode |= HCI_LM_ENCRYPT;
1434 /* Get remote features */
1435 if (conn->type == ACL_LINK) {
1436 struct hci_cp_read_remote_features cp;
1437 cp.handle = ev->handle;
1438 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1442 /* Set packet type for incoming connection */
1443 if (!conn->out && hdev->hci_ver < 3) {
1444 struct hci_cp_change_conn_ptype cp;
1445 cp.handle = ev->handle;
1446 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1447 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1451 conn->state = BT_CLOSED;
1452 if (conn->type == ACL_LINK)
1453 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1456 if (conn->type == ACL_LINK)
1457 hci_sco_setup(conn, ev->status);
1460 hci_proto_connect_cfm(conn, ev->status);
1462 } else if (ev->link_type != ACL_LINK)
1463 hci_proto_connect_cfm(conn, ev->status);
1466 hci_dev_unlock(hdev);
1468 hci_conn_check_pending(hdev);
1471 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1473 struct hci_ev_conn_request *ev = (void *) skb->data;
1474 int mask = hdev->link_mode;
1476 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1477 batostr(&ev->bdaddr), ev->link_type);
1479 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1481 if ((mask & HCI_LM_ACCEPT) &&
1482 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1483 /* Connection accepted */
1484 struct inquiry_entry *ie;
1485 struct hci_conn *conn;
1489 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1491 memcpy(ie->data.dev_class, ev->dev_class, 3);
1493 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1495 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1497 BT_ERR("No memory for new connection");
1498 hci_dev_unlock(hdev);
1503 memcpy(conn->dev_class, ev->dev_class, 3);
1504 conn->state = BT_CONNECT;
1506 hci_dev_unlock(hdev);
1508 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1509 struct hci_cp_accept_conn_req cp;
1511 bacpy(&cp.bdaddr, &ev->bdaddr);
1513 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1514 cp.role = 0x00; /* Become master */
1516 cp.role = 0x01; /* Remain slave */
1518 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1521 struct hci_cp_accept_sync_conn_req cp;
1523 bacpy(&cp.bdaddr, &ev->bdaddr);
1524 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1526 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1527 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1528 cp.max_latency = cpu_to_le16(0xffff);
1529 cp.content_format = cpu_to_le16(hdev->voice_setting);
1530 cp.retrans_effort = 0xff;
1532 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1536 /* Connection rejected */
1537 struct hci_cp_reject_conn_req cp;
1539 bacpy(&cp.bdaddr, &ev->bdaddr);
1541 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1545 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1547 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1548 struct hci_conn *conn;
1550 BT_DBG("%s status %d", hdev->name, ev->status);
1553 mgmt_disconnect_failed(hdev->id);
1559 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1563 conn->state = BT_CLOSED;
1565 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1566 mgmt_disconnected(hdev->id, &conn->dst);
1568 hci_proto_disconn_cfm(conn, ev->reason);
1572 hci_dev_unlock(hdev);
1575 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1577 struct hci_ev_auth_complete *ev = (void *) skb->data;
1578 struct hci_conn *conn;
1580 BT_DBG("%s status %d", hdev->name, ev->status);
1584 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1589 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1590 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1591 BT_INFO("re-auth of legacy device is not possible.");
1593 conn->link_mode |= HCI_LM_AUTH;
1594 conn->sec_level = conn->pending_sec_level;
1597 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1600 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1601 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1603 if (conn->state == BT_CONFIG) {
1604 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1605 struct hci_cp_set_conn_encrypt cp;
1606 cp.handle = ev->handle;
1608 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1611 conn->state = BT_CONNECTED;
1612 hci_proto_connect_cfm(conn, ev->status);
1616 hci_auth_cfm(conn, ev->status);
1618 hci_conn_hold(conn);
1619 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1623 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1625 struct hci_cp_set_conn_encrypt cp;
1626 cp.handle = ev->handle;
1628 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1631 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1632 hci_encrypt_cfm(conn, ev->status, 0x00);
1637 hci_dev_unlock(hdev);
1640 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1642 struct hci_ev_remote_name *ev = (void *) skb->data;
1643 struct hci_conn *conn;
1645 BT_DBG("%s", hdev->name);
1647 hci_conn_check_pending(hdev);
1651 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1652 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1654 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1658 if (!hci_outgoing_auth_needed(hdev, conn))
1661 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1662 struct hci_cp_auth_requested cp;
1663 cp.handle = __cpu_to_le16(conn->handle);
1664 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1668 hci_dev_unlock(hdev);
1671 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1673 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1674 struct hci_conn *conn;
1676 BT_DBG("%s status %d", hdev->name, ev->status);
1680 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1684 /* Encryption implies authentication */
1685 conn->link_mode |= HCI_LM_AUTH;
1686 conn->link_mode |= HCI_LM_ENCRYPT;
1687 conn->sec_level = conn->pending_sec_level;
1689 conn->link_mode &= ~HCI_LM_ENCRYPT;
1692 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1694 if (conn->state == BT_CONFIG) {
1696 conn->state = BT_CONNECTED;
1698 hci_proto_connect_cfm(conn, ev->status);
1701 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1704 hci_dev_unlock(hdev);
1707 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1709 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1710 struct hci_conn *conn;
1712 BT_DBG("%s status %d", hdev->name, ev->status);
1716 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1719 conn->link_mode |= HCI_LM_SECURE;
1721 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1723 hci_key_change_cfm(conn, ev->status);
1726 hci_dev_unlock(hdev);
1729 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731 struct hci_ev_remote_features *ev = (void *) skb->data;
1732 struct hci_conn *conn;
1734 BT_DBG("%s status %d", hdev->name, ev->status);
1738 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1743 memcpy(conn->features, ev->features, 8);
1745 if (conn->state != BT_CONFIG)
1748 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1749 struct hci_cp_read_remote_ext_features cp;
1750 cp.handle = ev->handle;
1752 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1758 struct hci_cp_remote_name_req cp;
1759 memset(&cp, 0, sizeof(cp));
1760 bacpy(&cp.bdaddr, &conn->dst);
1761 cp.pscan_rep_mode = 0x02;
1762 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1765 if (!hci_outgoing_auth_needed(hdev, conn)) {
1766 conn->state = BT_CONNECTED;
1767 hci_proto_connect_cfm(conn, ev->status);
1772 hci_dev_unlock(hdev);
1775 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1777 BT_DBG("%s", hdev->name);
1780 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1782 BT_DBG("%s", hdev->name);
1785 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1787 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1790 skb_pull(skb, sizeof(*ev));
1792 opcode = __le16_to_cpu(ev->opcode);
1795 case HCI_OP_INQUIRY_CANCEL:
1796 hci_cc_inquiry_cancel(hdev, skb);
1799 case HCI_OP_EXIT_PERIODIC_INQ:
1800 hci_cc_exit_periodic_inq(hdev, skb);
1803 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1804 hci_cc_remote_name_req_cancel(hdev, skb);
1807 case HCI_OP_ROLE_DISCOVERY:
1808 hci_cc_role_discovery(hdev, skb);
1811 case HCI_OP_READ_LINK_POLICY:
1812 hci_cc_read_link_policy(hdev, skb);
1815 case HCI_OP_WRITE_LINK_POLICY:
1816 hci_cc_write_link_policy(hdev, skb);
1819 case HCI_OP_READ_DEF_LINK_POLICY:
1820 hci_cc_read_def_link_policy(hdev, skb);
1823 case HCI_OP_WRITE_DEF_LINK_POLICY:
1824 hci_cc_write_def_link_policy(hdev, skb);
1828 hci_cc_reset(hdev, skb);
1831 case HCI_OP_WRITE_LOCAL_NAME:
1832 hci_cc_write_local_name(hdev, skb);
1835 case HCI_OP_READ_LOCAL_NAME:
1836 hci_cc_read_local_name(hdev, skb);
1839 case HCI_OP_WRITE_AUTH_ENABLE:
1840 hci_cc_write_auth_enable(hdev, skb);
1843 case HCI_OP_WRITE_ENCRYPT_MODE:
1844 hci_cc_write_encrypt_mode(hdev, skb);
1847 case HCI_OP_WRITE_SCAN_ENABLE:
1848 hci_cc_write_scan_enable(hdev, skb);
1851 case HCI_OP_READ_CLASS_OF_DEV:
1852 hci_cc_read_class_of_dev(hdev, skb);
1855 case HCI_OP_WRITE_CLASS_OF_DEV:
1856 hci_cc_write_class_of_dev(hdev, skb);
1859 case HCI_OP_READ_VOICE_SETTING:
1860 hci_cc_read_voice_setting(hdev, skb);
1863 case HCI_OP_WRITE_VOICE_SETTING:
1864 hci_cc_write_voice_setting(hdev, skb);
1867 case HCI_OP_HOST_BUFFER_SIZE:
1868 hci_cc_host_buffer_size(hdev, skb);
1871 case HCI_OP_READ_SSP_MODE:
1872 hci_cc_read_ssp_mode(hdev, skb);
1875 case HCI_OP_WRITE_SSP_MODE:
1876 hci_cc_write_ssp_mode(hdev, skb);
1879 case HCI_OP_READ_LOCAL_VERSION:
1880 hci_cc_read_local_version(hdev, skb);
1883 case HCI_OP_READ_LOCAL_COMMANDS:
1884 hci_cc_read_local_commands(hdev, skb);
1887 case HCI_OP_READ_LOCAL_FEATURES:
1888 hci_cc_read_local_features(hdev, skb);
1891 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1892 hci_cc_read_local_ext_features(hdev, skb);
1895 case HCI_OP_READ_BUFFER_SIZE:
1896 hci_cc_read_buffer_size(hdev, skb);
1899 case HCI_OP_READ_BD_ADDR:
1900 hci_cc_read_bd_addr(hdev, skb);
1903 case HCI_OP_WRITE_CA_TIMEOUT:
1904 hci_cc_write_ca_timeout(hdev, skb);
1907 case HCI_OP_DELETE_STORED_LINK_KEY:
1908 hci_cc_delete_stored_link_key(hdev, skb);
1911 case HCI_OP_SET_EVENT_MASK:
1912 hci_cc_set_event_mask(hdev, skb);
1915 case HCI_OP_WRITE_INQUIRY_MODE:
1916 hci_cc_write_inquiry_mode(hdev, skb);
1919 case HCI_OP_READ_INQ_RSP_TX_POWER:
1920 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1923 case HCI_OP_SET_EVENT_FLT:
1924 hci_cc_set_event_flt(hdev, skb);
1927 case HCI_OP_PIN_CODE_REPLY:
1928 hci_cc_pin_code_reply(hdev, skb);
1931 case HCI_OP_PIN_CODE_NEG_REPLY:
1932 hci_cc_pin_code_neg_reply(hdev, skb);
1935 case HCI_OP_READ_LOCAL_OOB_DATA:
1936 hci_cc_read_local_oob_data_reply(hdev, skb);
1939 case HCI_OP_LE_READ_BUFFER_SIZE:
1940 hci_cc_le_read_buffer_size(hdev, skb);
1943 case HCI_OP_USER_CONFIRM_REPLY:
1944 hci_cc_user_confirm_reply(hdev, skb);
1947 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1948 hci_cc_user_confirm_neg_reply(hdev, skb);
1951 case HCI_OP_LE_SET_SCAN_ENABLE:
1952 hci_cc_le_set_scan_enable(hdev, skb);
1955 case HCI_OP_LE_LTK_REPLY:
1956 hci_cc_le_ltk_reply(hdev, skb);
1959 case HCI_OP_LE_LTK_NEG_REPLY:
1960 hci_cc_le_ltk_neg_reply(hdev, skb);
1963 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1964 hci_cc_write_le_host_supported(hdev, skb);
1968 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1972 if (ev->opcode != HCI_OP_NOP)
1973 del_timer(&hdev->cmd_timer);
1976 atomic_set(&hdev->cmd_cnt, 1);
1977 if (!skb_queue_empty(&hdev->cmd_q))
1978 tasklet_schedule(&hdev->cmd_task);
1982 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1984 struct hci_ev_cmd_status *ev = (void *) skb->data;
1987 skb_pull(skb, sizeof(*ev));
1989 opcode = __le16_to_cpu(ev->opcode);
1992 case HCI_OP_INQUIRY:
1993 hci_cs_inquiry(hdev, ev->status);
1996 case HCI_OP_CREATE_CONN:
1997 hci_cs_create_conn(hdev, ev->status);
2000 case HCI_OP_ADD_SCO:
2001 hci_cs_add_sco(hdev, ev->status);
2004 case HCI_OP_AUTH_REQUESTED:
2005 hci_cs_auth_requested(hdev, ev->status);
2008 case HCI_OP_SET_CONN_ENCRYPT:
2009 hci_cs_set_conn_encrypt(hdev, ev->status);
2012 case HCI_OP_REMOTE_NAME_REQ:
2013 hci_cs_remote_name_req(hdev, ev->status);
2016 case HCI_OP_READ_REMOTE_FEATURES:
2017 hci_cs_read_remote_features(hdev, ev->status);
2020 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2021 hci_cs_read_remote_ext_features(hdev, ev->status);
2024 case HCI_OP_SETUP_SYNC_CONN:
2025 hci_cs_setup_sync_conn(hdev, ev->status);
2028 case HCI_OP_SNIFF_MODE:
2029 hci_cs_sniff_mode(hdev, ev->status);
2032 case HCI_OP_EXIT_SNIFF_MODE:
2033 hci_cs_exit_sniff_mode(hdev, ev->status);
2036 case HCI_OP_DISCONNECT:
2037 if (ev->status != 0)
2038 mgmt_disconnect_failed(hdev->id);
2041 case HCI_OP_LE_CREATE_CONN:
2042 hci_cs_le_create_conn(hdev, ev->status);
2045 case HCI_OP_LE_START_ENC:
2046 hci_cs_le_start_enc(hdev, ev->status);
2050 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2054 if (ev->opcode != HCI_OP_NOP)
2055 del_timer(&hdev->cmd_timer);
2057 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2058 atomic_set(&hdev->cmd_cnt, 1);
2059 if (!skb_queue_empty(&hdev->cmd_q))
2060 tasklet_schedule(&hdev->cmd_task);
2064 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2066 struct hci_ev_role_change *ev = (void *) skb->data;
2067 struct hci_conn *conn;
2069 BT_DBG("%s status %d", hdev->name, ev->status);
2073 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2077 conn->link_mode &= ~HCI_LM_MASTER;
2079 conn->link_mode |= HCI_LM_MASTER;
2082 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2084 hci_role_switch_cfm(conn, ev->status, ev->role);
2087 hci_dev_unlock(hdev);
2090 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2092 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2096 skb_pull(skb, sizeof(*ev));
2098 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2100 if (skb->len < ev->num_hndl * 4) {
2101 BT_DBG("%s bad parameters", hdev->name);
2105 tasklet_disable(&hdev->tx_task);
2107 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2108 struct hci_conn *conn;
2109 __u16 handle, count;
2111 handle = get_unaligned_le16(ptr++);
2112 count = get_unaligned_le16(ptr++);
2114 conn = hci_conn_hash_lookup_handle(hdev, handle);
2116 conn->sent -= count;
2118 if (conn->type == ACL_LINK) {
2119 hdev->acl_cnt += count;
2120 if (hdev->acl_cnt > hdev->acl_pkts)
2121 hdev->acl_cnt = hdev->acl_pkts;
2122 } else if (conn->type == LE_LINK) {
2123 if (hdev->le_pkts) {
2124 hdev->le_cnt += count;
2125 if (hdev->le_cnt > hdev->le_pkts)
2126 hdev->le_cnt = hdev->le_pkts;
2128 hdev->acl_cnt += count;
2129 if (hdev->acl_cnt > hdev->acl_pkts)
2130 hdev->acl_cnt = hdev->acl_pkts;
2133 hdev->sco_cnt += count;
2134 if (hdev->sco_cnt > hdev->sco_pkts)
2135 hdev->sco_cnt = hdev->sco_pkts;
2140 tasklet_schedule(&hdev->tx_task);
2142 tasklet_enable(&hdev->tx_task);
2145 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2147 struct hci_ev_mode_change *ev = (void *) skb->data;
2148 struct hci_conn *conn;
2150 BT_DBG("%s status %d", hdev->name, ev->status);
2154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2156 conn->mode = ev->mode;
2157 conn->interval = __le16_to_cpu(ev->interval);
2159 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2160 if (conn->mode == HCI_CM_ACTIVE)
2161 conn->power_save = 1;
2163 conn->power_save = 0;
2166 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2167 hci_sco_setup(conn, ev->status);
2170 hci_dev_unlock(hdev);
2173 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2175 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2176 struct hci_conn *conn;
2178 BT_DBG("%s", hdev->name);
2182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2186 if (conn->state == BT_CONNECTED) {
2187 hci_conn_hold(conn);
2188 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2192 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2193 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2194 sizeof(ev->bdaddr), &ev->bdaddr);
2195 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2198 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2203 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2207 hci_dev_unlock(hdev);
2210 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2212 struct hci_ev_link_key_req *ev = (void *) skb->data;
2213 struct hci_cp_link_key_reply cp;
2214 struct hci_conn *conn;
2215 struct link_key *key;
2217 BT_DBG("%s", hdev->name);
2219 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2224 key = hci_find_link_key(hdev, &ev->bdaddr);
2226 BT_DBG("%s link key not found for %s", hdev->name,
2227 batostr(&ev->bdaddr));
2231 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2232 batostr(&ev->bdaddr));
2234 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2235 key->type == HCI_LK_DEBUG_COMBINATION) {
2236 BT_DBG("%s ignoring debug key", hdev->name);
2240 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2242 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2243 conn->auth_type != 0xff &&
2244 (conn->auth_type & 0x01)) {
2245 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2249 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2250 conn->pending_sec_level == BT_SECURITY_HIGH) {
2251 BT_DBG("%s ignoring key unauthenticated for high \
2252 security", hdev->name);
2256 conn->key_type = key->type;
2257 conn->pin_length = key->pin_len;
2260 bacpy(&cp.bdaddr, &ev->bdaddr);
2261 memcpy(cp.link_key, key->val, 16);
2263 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2265 hci_dev_unlock(hdev);
2270 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2271 hci_dev_unlock(hdev);
2274 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2276 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2277 struct hci_conn *conn;
2280 BT_DBG("%s", hdev->name);
2284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2286 hci_conn_hold(conn);
2287 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2288 pin_len = conn->pin_length;
2290 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2291 conn->key_type = ev->key_type;
2296 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2297 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2298 ev->key_type, pin_len);
2300 hci_dev_unlock(hdev);
2303 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2305 struct hci_ev_clock_offset *ev = (void *) skb->data;
2306 struct hci_conn *conn;
2308 BT_DBG("%s status %d", hdev->name, ev->status);
2312 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2313 if (conn && !ev->status) {
2314 struct inquiry_entry *ie;
2316 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2318 ie->data.clock_offset = ev->clock_offset;
2319 ie->timestamp = jiffies;
2323 hci_dev_unlock(hdev);
2326 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2328 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2329 struct hci_conn *conn;
2331 BT_DBG("%s status %d", hdev->name, ev->status);
2335 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2336 if (conn && !ev->status)
2337 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2339 hci_dev_unlock(hdev);
2342 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2344 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2345 struct inquiry_entry *ie;
2347 BT_DBG("%s", hdev->name);
2351 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2353 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2354 ie->timestamp = jiffies;
2357 hci_dev_unlock(hdev);
2360 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2362 struct inquiry_data data;
2363 int num_rsp = *((__u8 *) skb->data);
2365 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2372 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2374 if (test_bit(HCI_MGMT, &hdev->flags))
2375 mgmt_discovering(hdev->id, 1);
2378 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2379 struct inquiry_info_with_rssi_and_pscan_mode *info;
2380 info = (void *) (skb->data + 1);
2382 for (; num_rsp; num_rsp--, info++) {
2383 bacpy(&data.bdaddr, &info->bdaddr);
2384 data.pscan_rep_mode = info->pscan_rep_mode;
2385 data.pscan_period_mode = info->pscan_period_mode;
2386 data.pscan_mode = info->pscan_mode;
2387 memcpy(data.dev_class, info->dev_class, 3);
2388 data.clock_offset = info->clock_offset;
2389 data.rssi = info->rssi;
2390 data.ssp_mode = 0x00;
2391 hci_inquiry_cache_update(hdev, &data);
2392 mgmt_device_found(hdev->id, &info->bdaddr,
2393 info->dev_class, info->rssi,
2397 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2399 for (; num_rsp; num_rsp--, info++) {
2400 bacpy(&data.bdaddr, &info->bdaddr);
2401 data.pscan_rep_mode = info->pscan_rep_mode;
2402 data.pscan_period_mode = info->pscan_period_mode;
2403 data.pscan_mode = 0x00;
2404 memcpy(data.dev_class, info->dev_class, 3);
2405 data.clock_offset = info->clock_offset;
2406 data.rssi = info->rssi;
2407 data.ssp_mode = 0x00;
2408 hci_inquiry_cache_update(hdev, &data);
2409 mgmt_device_found(hdev->id, &info->bdaddr,
2410 info->dev_class, info->rssi,
2415 hci_dev_unlock(hdev);
2418 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2420 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2421 struct hci_conn *conn;
2423 BT_DBG("%s", hdev->name);
2427 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2431 if (!ev->status && ev->page == 0x01) {
2432 struct inquiry_entry *ie;
2434 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2436 ie->data.ssp_mode = (ev->features[0] & 0x01);
2438 conn->ssp_mode = (ev->features[0] & 0x01);
2441 if (conn->state != BT_CONFIG)
2445 struct hci_cp_remote_name_req cp;
2446 memset(&cp, 0, sizeof(cp));
2447 bacpy(&cp.bdaddr, &conn->dst);
2448 cp.pscan_rep_mode = 0x02;
2449 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2452 if (!hci_outgoing_auth_needed(hdev, conn)) {
2453 conn->state = BT_CONNECTED;
2454 hci_proto_connect_cfm(conn, ev->status);
2459 hci_dev_unlock(hdev);
2462 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2464 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2465 struct hci_conn *conn;
2467 BT_DBG("%s status %d", hdev->name, ev->status);
2471 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2473 if (ev->link_type == ESCO_LINK)
2476 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2480 conn->type = SCO_LINK;
2483 switch (ev->status) {
2485 conn->handle = __le16_to_cpu(ev->handle);
2486 conn->state = BT_CONNECTED;
2488 hci_conn_hold_device(conn);
2489 hci_conn_add_sysfs(conn);
2492 case 0x11: /* Unsupported Feature or Parameter Value */
2493 case 0x1c: /* SCO interval rejected */
2494 case 0x1a: /* Unsupported Remote Feature */
2495 case 0x1f: /* Unspecified error */
2496 if (conn->out && conn->attempt < 2) {
2497 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2498 (hdev->esco_type & EDR_ESCO_MASK);
2499 hci_setup_sync(conn, conn->link->handle);
2505 conn->state = BT_CLOSED;
2509 hci_proto_connect_cfm(conn, ev->status);
2514 hci_dev_unlock(hdev);
2517 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2519 BT_DBG("%s", hdev->name);
2522 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2524 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2526 BT_DBG("%s status %d", hdev->name, ev->status);
2529 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2531 struct inquiry_data data;
2532 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2533 int num_rsp = *((__u8 *) skb->data);
2535 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2540 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2542 if (test_bit(HCI_MGMT, &hdev->flags))
2543 mgmt_discovering(hdev->id, 1);
2548 for (; num_rsp; num_rsp--, info++) {
2549 bacpy(&data.bdaddr, &info->bdaddr);
2550 data.pscan_rep_mode = info->pscan_rep_mode;
2551 data.pscan_period_mode = info->pscan_period_mode;
2552 data.pscan_mode = 0x00;
2553 memcpy(data.dev_class, info->dev_class, 3);
2554 data.clock_offset = info->clock_offset;
2555 data.rssi = info->rssi;
2556 data.ssp_mode = 0x01;
2557 hci_inquiry_cache_update(hdev, &data);
2558 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2559 info->rssi, info->data);
2562 hci_dev_unlock(hdev);
2565 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2567 /* If remote requests dedicated bonding follow that lead */
2568 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2569 /* If both remote and local IO capabilities allow MITM
2570 * protection then require it, otherwise don't */
2571 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2577 /* If remote requests no-bonding follow that lead */
2578 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2579 return conn->remote_auth | (conn->auth_type & 0x01);
2581 return conn->auth_type;
2584 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2586 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2587 struct hci_conn *conn;
2589 BT_DBG("%s", hdev->name);
2593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2597 hci_conn_hold(conn);
2599 if (!test_bit(HCI_MGMT, &hdev->flags))
2602 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2603 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2604 struct hci_cp_io_capability_reply cp;
2606 bacpy(&cp.bdaddr, &ev->bdaddr);
2607 cp.capability = conn->io_capability;
2608 conn->auth_type = hci_get_auth_req(conn);
2609 cp.authentication = conn->auth_type;
2611 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2612 hci_find_remote_oob_data(hdev, &conn->dst))
2617 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2620 struct hci_cp_io_capability_neg_reply cp;
2622 bacpy(&cp.bdaddr, &ev->bdaddr);
2623 cp.reason = 0x18; /* Pairing not allowed */
2625 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2630 hci_dev_unlock(hdev);
2633 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2635 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2636 struct hci_conn *conn;
2638 BT_DBG("%s", hdev->name);
2642 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2646 conn->remote_cap = ev->capability;
2647 conn->remote_oob = ev->oob_data;
2648 conn->remote_auth = ev->authentication;
2651 hci_dev_unlock(hdev);
2654 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2655 struct sk_buff *skb)
2657 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2658 int loc_mitm, rem_mitm, confirm_hint = 0;
2659 struct hci_conn *conn;
2661 BT_DBG("%s", hdev->name);
2665 if (!test_bit(HCI_MGMT, &hdev->flags))
2668 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2672 loc_mitm = (conn->auth_type & 0x01);
2673 rem_mitm = (conn->remote_auth & 0x01);
2675 /* If we require MITM but the remote device can't provide that
2676 * (it has NoInputNoOutput) then reject the confirmation
2677 * request. The only exception is when we're dedicated bonding
2678 * initiators (connect_cfm_cb set) since then we always have the MITM
2680 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2681 BT_DBG("Rejecting request: remote device can't provide MITM");
2682 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2683 sizeof(ev->bdaddr), &ev->bdaddr);
2687 /* If no side requires MITM protection; auto-accept */
2688 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2689 (!rem_mitm || conn->io_capability == 0x03)) {
2691 /* If we're not the initiators request authorization to
2692 * proceed from user space (mgmt_user_confirm with
2693 * confirm_hint set to 1). */
2694 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2695 BT_DBG("Confirming auto-accept as acceptor");
2700 BT_DBG("Auto-accept of user confirmation with %ums delay",
2701 hdev->auto_accept_delay);
2703 if (hdev->auto_accept_delay > 0) {
2704 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2705 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2709 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2710 sizeof(ev->bdaddr), &ev->bdaddr);
2715 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2719 hci_dev_unlock(hdev);
2722 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2727 BT_DBG("%s", hdev->name);
2731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2735 /* To avoid duplicate auth_failed events to user space we check
2736 * the HCI_CONN_AUTH_PEND flag which will be set if we
2737 * initiated the authentication. A traditional auth_complete
2738 * event gets always produced as initiator and is also mapped to
2739 * the mgmt_auth_failed event */
2740 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2741 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2746 hci_dev_unlock(hdev);
2749 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2751 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2752 struct inquiry_entry *ie;
2754 BT_DBG("%s", hdev->name);
2758 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2760 ie->data.ssp_mode = (ev->features[0] & 0x01);
2762 hci_dev_unlock(hdev);
2765 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2766 struct sk_buff *skb)
2768 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2769 struct oob_data *data;
2771 BT_DBG("%s", hdev->name);
2775 if (!test_bit(HCI_MGMT, &hdev->flags))
2778 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2780 struct hci_cp_remote_oob_data_reply cp;
2782 bacpy(&cp.bdaddr, &ev->bdaddr);
2783 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2784 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2786 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2789 struct hci_cp_remote_oob_data_neg_reply cp;
2791 bacpy(&cp.bdaddr, &ev->bdaddr);
2792 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2797 hci_dev_unlock(hdev);
2800 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2802 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2803 struct hci_conn *conn;
2805 BT_DBG("%s status %d", hdev->name, ev->status);
2809 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2811 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2813 BT_ERR("No memory for new connection");
2814 hci_dev_unlock(hdev);
2818 conn->dst_type = ev->bdaddr_type;
2822 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2823 hci_proto_connect_cfm(conn, ev->status);
2824 conn->state = BT_CLOSED;
2829 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
2831 conn->sec_level = BT_SECURITY_LOW;
2832 conn->handle = __le16_to_cpu(ev->handle);
2833 conn->state = BT_CONNECTED;
2835 hci_conn_hold_device(conn);
2836 hci_conn_add_sysfs(conn);
2838 hci_proto_connect_cfm(conn, ev->status);
2841 hci_dev_unlock(hdev);
2844 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2845 struct sk_buff *skb)
2847 u8 num_reports = skb->data[0];
2848 void *ptr = &skb->data[1];
2852 while (num_reports--) {
2853 struct hci_ev_le_advertising_info *ev = ptr;
2855 hci_add_adv_entry(hdev, ev);
2857 ptr += sizeof(*ev) + ev->length + 1;
2860 hci_dev_unlock(hdev);
2863 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2864 struct sk_buff *skb)
2866 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2867 struct hci_cp_le_ltk_reply cp;
2868 struct hci_cp_le_ltk_neg_reply neg;
2869 struct hci_conn *conn;
2870 struct link_key *ltk;
2872 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2876 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2880 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2884 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2885 cp.handle = cpu_to_le16(conn->handle);
2886 conn->pin_length = ltk->pin_len;
2888 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2890 hci_dev_unlock(hdev);
2895 neg.handle = ev->handle;
2896 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2897 hci_dev_unlock(hdev);
2900 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2902 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2904 skb_pull(skb, sizeof(*le_ev));
2906 switch (le_ev->subevent) {
2907 case HCI_EV_LE_CONN_COMPLETE:
2908 hci_le_conn_complete_evt(hdev, skb);
2911 case HCI_EV_LE_ADVERTISING_REPORT:
2912 hci_le_adv_report_evt(hdev, skb);
2915 case HCI_EV_LE_LTK_REQ:
2916 hci_le_ltk_request_evt(hdev, skb);
2924 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2926 struct hci_event_hdr *hdr = (void *) skb->data;
2927 __u8 event = hdr->evt;
2929 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2932 case HCI_EV_INQUIRY_COMPLETE:
2933 hci_inquiry_complete_evt(hdev, skb);
2936 case HCI_EV_INQUIRY_RESULT:
2937 hci_inquiry_result_evt(hdev, skb);
2940 case HCI_EV_CONN_COMPLETE:
2941 hci_conn_complete_evt(hdev, skb);
2944 case HCI_EV_CONN_REQUEST:
2945 hci_conn_request_evt(hdev, skb);
2948 case HCI_EV_DISCONN_COMPLETE:
2949 hci_disconn_complete_evt(hdev, skb);
2952 case HCI_EV_AUTH_COMPLETE:
2953 hci_auth_complete_evt(hdev, skb);
2956 case HCI_EV_REMOTE_NAME:
2957 hci_remote_name_evt(hdev, skb);
2960 case HCI_EV_ENCRYPT_CHANGE:
2961 hci_encrypt_change_evt(hdev, skb);
2964 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2965 hci_change_link_key_complete_evt(hdev, skb);
2968 case HCI_EV_REMOTE_FEATURES:
2969 hci_remote_features_evt(hdev, skb);
2972 case HCI_EV_REMOTE_VERSION:
2973 hci_remote_version_evt(hdev, skb);
2976 case HCI_EV_QOS_SETUP_COMPLETE:
2977 hci_qos_setup_complete_evt(hdev, skb);
2980 case HCI_EV_CMD_COMPLETE:
2981 hci_cmd_complete_evt(hdev, skb);
2984 case HCI_EV_CMD_STATUS:
2985 hci_cmd_status_evt(hdev, skb);
2988 case HCI_EV_ROLE_CHANGE:
2989 hci_role_change_evt(hdev, skb);
2992 case HCI_EV_NUM_COMP_PKTS:
2993 hci_num_comp_pkts_evt(hdev, skb);
2996 case HCI_EV_MODE_CHANGE:
2997 hci_mode_change_evt(hdev, skb);
3000 case HCI_EV_PIN_CODE_REQ:
3001 hci_pin_code_request_evt(hdev, skb);
3004 case HCI_EV_LINK_KEY_REQ:
3005 hci_link_key_request_evt(hdev, skb);
3008 case HCI_EV_LINK_KEY_NOTIFY:
3009 hci_link_key_notify_evt(hdev, skb);
3012 case HCI_EV_CLOCK_OFFSET:
3013 hci_clock_offset_evt(hdev, skb);
3016 case HCI_EV_PKT_TYPE_CHANGE:
3017 hci_pkt_type_change_evt(hdev, skb);
3020 case HCI_EV_PSCAN_REP_MODE:
3021 hci_pscan_rep_mode_evt(hdev, skb);
3024 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3025 hci_inquiry_result_with_rssi_evt(hdev, skb);
3028 case HCI_EV_REMOTE_EXT_FEATURES:
3029 hci_remote_ext_features_evt(hdev, skb);
3032 case HCI_EV_SYNC_CONN_COMPLETE:
3033 hci_sync_conn_complete_evt(hdev, skb);
3036 case HCI_EV_SYNC_CONN_CHANGED:
3037 hci_sync_conn_changed_evt(hdev, skb);
3040 case HCI_EV_SNIFF_SUBRATE:
3041 hci_sniff_subrate_evt(hdev, skb);
3044 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3045 hci_extended_inquiry_result_evt(hdev, skb);
3048 case HCI_EV_IO_CAPA_REQUEST:
3049 hci_io_capa_request_evt(hdev, skb);
3052 case HCI_EV_IO_CAPA_REPLY:
3053 hci_io_capa_reply_evt(hdev, skb);
3056 case HCI_EV_USER_CONFIRM_REQUEST:
3057 hci_user_confirm_request_evt(hdev, skb);
3060 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3061 hci_simple_pair_complete_evt(hdev, skb);
3064 case HCI_EV_REMOTE_HOST_FEATURES:
3065 hci_remote_host_features_evt(hdev, skb);
3068 case HCI_EV_LE_META:
3069 hci_le_meta_evt(hdev, skb);
3072 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3073 hci_remote_oob_data_request_evt(hdev, skb);
3077 BT_DBG("%s event 0x%x", hdev->name, event);
3082 hdev->stat.evt_rx++;
3085 /* Generate internal stack event */
3086 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3088 struct hci_event_hdr *hdr;
3089 struct hci_ev_stack_internal *ev;
3090 struct sk_buff *skb;
3092 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3096 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3097 hdr->evt = HCI_EV_STACK_INTERNAL;
3098 hdr->plen = sizeof(*ev) + dlen;
3100 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3102 memcpy(ev->data, data, dlen);
3104 bt_cb(skb)->incoming = 1;
3105 __net_timestamp(skb);
3107 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3108 skb->dev = (void *) hdev;
3109 hci_send_to_sock(hdev, skb, NULL);
3113 module_param(enable_le, bool, 0444);
3114 MODULE_PARM_DESC(enable_le, "Enable LE support");