2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
33 /* Handle HCI Event packets */
35 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
37 __u8 status = *((__u8 *) skb->data);
39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
43 mgmt_stop_discovery_failed(hdev, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
51 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 conn->link_mode &= ~HCI_LM_MASTER;
108 conn->link_mode |= HCI_LM_MASTER;
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all non-persistent flags */
199 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
200 BIT(HCI_PERIODIC_INQ));
202 hdev->discovery.state = DISCOVERY_STOPPED;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
225 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
264 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
267 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
269 __u8 status = *((__u8 *) skb->data);
272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
279 __u8 param = *((__u8 *) sent);
282 set_bit(HCI_ENCRYPT, &hdev->flags);
284 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 param = *((__u8 *) sent);
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
318 mgmt_discoverable(hdev, 1);
319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
335 hci_dev_unlock(hdev);
336 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
430 __u8 status = *((__u8 *) skb->data);
432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
437 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439 __u8 status = *((__u8 *) skb->data);
442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 if (test_bit(HCI_MGMT, &hdev->dev_flags))
449 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
452 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460 if (hdev->features[6] & LMP_EXT_INQ)
463 if (hdev->features[3] & LMP_RSSI_INQ)
466 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
467 hdev->lmp_subver == 0x0757)
470 if (hdev->manufacturer == 15) {
471 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
473 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
475 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
479 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
480 hdev->lmp_subver == 0x1805)
486 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
490 mode = hci_get_inquiry_mode(hdev);
492 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
495 static void hci_setup_event_mask(struct hci_dev *hdev)
497 /* The second byte is 0xff instead of 0x9f (two reserved bits
498 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
499 * command otherwise */
500 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
502 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
503 * any event mask for pre 1.2 devices */
504 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
507 events[4] |= 0x01; /* Flow Specification Complete */
508 events[4] |= 0x02; /* Inquiry Result with RSSI */
509 events[4] |= 0x04; /* Read Remote Extended Features Complete */
510 events[5] |= 0x08; /* Synchronous Connection Complete */
511 events[5] |= 0x10; /* Synchronous Connection Changed */
513 if (hdev->features[3] & LMP_RSSI_INQ)
514 events[4] |= 0x02; /* Inquiry Result with RSSI */
516 if (lmp_sniffsubr_capable(hdev))
517 events[5] |= 0x20; /* Sniff Subrating */
519 if (hdev->features[5] & LMP_PAUSE_ENC)
520 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522 if (hdev->features[6] & LMP_EXT_INQ)
523 events[5] |= 0x40; /* Extended Inquiry Result */
525 if (lmp_no_flush_capable(hdev))
526 events[7] |= 0x01; /* Enhanced Flush Complete */
528 if (hdev->features[7] & LMP_LSTO)
529 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531 if (lmp_ssp_capable(hdev)) {
532 events[6] |= 0x01; /* IO Capability Request */
533 events[6] |= 0x02; /* IO Capability Response */
534 events[6] |= 0x04; /* User Confirmation Request */
535 events[6] |= 0x08; /* User Passkey Request */
536 events[6] |= 0x10; /* Remote OOB Data Request */
537 events[6] |= 0x20; /* Simple Pairing Complete */
538 events[7] |= 0x04; /* User Passkey Notification */
539 events[7] |= 0x08; /* Keypress Notification */
540 events[7] |= 0x10; /* Remote Host Supported
541 * Features Notification */
544 if (lmp_le_capable(hdev))
545 events[7] |= 0x20; /* LE Meta-Event */
547 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
550 static void hci_setup(struct hci_dev *hdev)
552 if (hdev->dev_type != HCI_BREDR)
555 hci_setup_event_mask(hdev);
557 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
558 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
560 if (lmp_ssp_capable(hdev)) {
561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
564 sizeof(mode), &mode);
566 struct hci_cp_write_eir cp;
568 memset(hdev->eir, 0, sizeof(hdev->eir));
569 memset(&cp, 0, sizeof(cp));
571 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
575 if (hdev->features[3] & LMP_RSSI_INQ)
576 hci_setup_inquiry_mode(hdev);
578 if (hdev->features[7] & LMP_INQ_TX_PWR)
579 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
581 if (hdev->features[7] & LMP_EXTFEATURES) {
582 struct hci_cp_read_local_ext_features cp;
585 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
589 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
591 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
596 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
598 struct hci_rp_read_local_version *rp = (void *) skb->data;
600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605 hdev->hci_ver = rp->hci_ver;
606 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
607 hdev->lmp_ver = rp->lmp_ver;
608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
614 if (test_bit(HCI_INIT, &hdev->flags))
618 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
621 static void hci_setup_link_policy(struct hci_dev *hdev)
623 struct hci_cp_write_def_link_policy cp;
626 if (lmp_rswitch_capable(hdev))
627 link_policy |= HCI_LP_RSWITCH;
628 if (hdev->features[0] & LMP_HOLD)
629 link_policy |= HCI_LP_HOLD;
630 if (lmp_sniff_capable(hdev))
631 link_policy |= HCI_LP_SNIFF;
632 if (hdev->features[1] & LMP_PARK)
633 link_policy |= HCI_LP_PARK;
635 cp.policy = cpu_to_le16(link_policy);
636 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
639 static void hci_cc_read_local_commands(struct hci_dev *hdev,
642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
651 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
652 hci_setup_link_policy(hdev);
655 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
658 static void hci_cc_read_local_features(struct hci_dev *hdev,
661 struct hci_rp_read_local_features *rp = (void *) skb->data;
663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
668 memcpy(hdev->features, rp->features, 8);
670 /* Adjust default settings according to features
671 * supported by device. */
673 if (hdev->features[0] & LMP_3SLOT)
674 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
676 if (hdev->features[0] & LMP_5SLOT)
677 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
679 if (hdev->features[1] & LMP_HV2) {
680 hdev->pkt_type |= (HCI_HV2);
681 hdev->esco_type |= (ESCO_HV2);
684 if (hdev->features[1] & LMP_HV3) {
685 hdev->pkt_type |= (HCI_HV3);
686 hdev->esco_type |= (ESCO_HV3);
689 if (lmp_esco_capable(hdev))
690 hdev->esco_type |= (ESCO_EV3);
692 if (hdev->features[4] & LMP_EV4)
693 hdev->esco_type |= (ESCO_EV4);
695 if (hdev->features[4] & LMP_EV5)
696 hdev->esco_type |= (ESCO_EV5);
698 if (hdev->features[5] & LMP_EDR_ESCO_2M)
699 hdev->esco_type |= (ESCO_2EV3);
701 if (hdev->features[5] & LMP_EDR_ESCO_3M)
702 hdev->esco_type |= (ESCO_3EV3);
704 if (hdev->features[5] & LMP_EDR_3S_ESCO)
705 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
707 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
708 hdev->features[0], hdev->features[1],
709 hdev->features[2], hdev->features[3],
710 hdev->features[4], hdev->features[5],
711 hdev->features[6], hdev->features[7]);
714 static void hci_set_le_support(struct hci_dev *hdev)
716 struct hci_cp_write_le_host_supported cp;
718 memset(&cp, 0, sizeof(cp));
720 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
722 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
725 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
726 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
730 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
742 memcpy(hdev->features, rp->features, 8);
745 memcpy(hdev->host_features, rp->features, 8);
749 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
750 hci_set_le_support(hdev);
753 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
756 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
766 hdev->flow_ctl_mode = rp->mode;
768 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
771 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
780 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
781 hdev->sco_mtu = rp->sco_mtu;
782 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
783 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
785 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
790 hdev->acl_cnt = hdev->acl_pkts;
791 hdev->sco_cnt = hdev->sco_pkts;
793 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
794 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
797 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
804 bacpy(&hdev->bdaddr, &rp->bdaddr);
806 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
809 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
820 hdev->block_len = __le16_to_cpu(rp->block_len);
821 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
823 hdev->block_cnt = hdev->num_blocks;
825 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
826 hdev->block_cnt, hdev->block_len);
828 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
831 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
833 __u8 status = *((__u8 *) skb->data);
835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
840 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
850 hdev->amp_status = rp->amp_status;
851 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
852 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
853 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
854 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
855 hdev->amp_type = rp->amp_type;
856 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
857 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
858 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
859 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
864 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
867 __u8 status = *((__u8 *) skb->data);
869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
874 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
876 __u8 status = *((__u8 *) skb->data);
878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
883 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
886 __u8 status = *((__u8 *) skb->data);
888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
893 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 hdev->inq_tx_power = rp->tx_power;
903 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
906 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
908 __u8 status = *((__u8 *) skb->data);
910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
915 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
917 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn;
921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
925 if (test_bit(HCI_MGMT, &hdev->dev_flags))
926 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
931 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
935 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
937 conn->pin_length = cp->pin_len;
940 hci_dev_unlock(hdev);
943 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
951 if (test_bit(HCI_MGMT, &hdev->dev_flags))
952 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
955 hci_dev_unlock(hdev);
958 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
968 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
969 hdev->le_pkts = rp->le_max_pkt;
971 hdev->le_cnt = hdev->le_pkts;
973 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
978 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
987 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
990 hci_dev_unlock(hdev);
993 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1003 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1004 ACL_LINK, 0, rp->status);
1006 hci_dev_unlock(hdev);
1009 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1017 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1018 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1025 struct sk_buff *skb)
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1033 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1034 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1035 ACL_LINK, 0, rp->status);
1037 hci_dev_unlock(hdev);
1040 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1041 struct sk_buff *skb)
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1049 rp->randomizer, rp->status);
1050 hci_dev_unlock(hdev);
1053 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1055 __u8 status = *((__u8 *) skb->data);
1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1063 mgmt_start_discovery_failed(hdev, status);
1064 hci_dev_unlock(hdev);
1069 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1070 struct sk_buff *skb)
1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data);
1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1081 switch (cp->enable) {
1082 case LE_SCANNING_ENABLED:
1083 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1087 mgmt_start_discovery_failed(hdev, status);
1088 hci_dev_unlock(hdev);
1092 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1095 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1096 hci_dev_unlock(hdev);
1099 case LE_SCANNING_DISABLED:
1102 mgmt_stop_discovery_failed(hdev, status);
1103 hci_dev_unlock(hdev);
1107 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1109 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1110 hdev->discovery.state == DISCOVERY_FINDING) {
1111 mgmt_interleaved_discovery(hdev);
1114 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1115 hci_dev_unlock(hdev);
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1126 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1135 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1138 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1147 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1150 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1151 struct sk_buff *skb)
1153 struct hci_cp_write_le_host_supported *sent;
1154 __u8 status = *((__u8 *) skb->data);
1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1164 hdev->host_features[0] |= LMP_HOST_LE;
1166 hdev->host_features[0] &= ~LMP_HOST_LE;
1169 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1170 !test_bit(HCI_INIT, &hdev->flags))
1171 mgmt_le_enable_complete(hdev, sent->le, status);
1173 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1176 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1182 hci_conn_check_pending(hdev);
1184 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1185 mgmt_start_discovery_failed(hdev, status);
1186 hci_dev_unlock(hdev);
1190 set_bit(HCI_INQUIRY, &hdev->flags);
1193 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1194 hci_dev_unlock(hdev);
1197 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1199 struct hci_cp_create_conn *cp;
1200 struct hci_conn *conn;
1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1215 if (conn && conn->state == BT_CONNECT) {
1216 if (status != 0x0c || conn->attempt > 2) {
1217 conn->state = BT_CLOSED;
1218 hci_proto_connect_cfm(conn, status);
1221 conn->state = BT_CONNECT2;
1225 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1228 conn->link_mode |= HCI_LM_MASTER;
1230 BT_ERR("No memory for new connection");
1234 hci_dev_unlock(hdev);
1237 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1239 struct hci_cp_add_sco *cp;
1240 struct hci_conn *acl, *sco;
1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1252 handle = __le16_to_cpu(cp->handle);
1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1258 acl = hci_conn_hash_lookup_handle(hdev, handle);
1262 sco->state = BT_CLOSED;
1264 hci_proto_connect_cfm(sco, status);
1269 hci_dev_unlock(hdev);
1272 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn;
1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1290 if (conn->state == BT_CONFIG) {
1291 hci_proto_connect_cfm(conn, status);
1296 hci_dev_unlock(hdev);
1299 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn;
1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1315 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1317 if (conn->state == BT_CONFIG) {
1318 hci_proto_connect_cfm(conn, status);
1323 hci_dev_unlock(hdev);
1326 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1327 struct hci_conn *conn)
1329 if (conn->state != BT_CONFIG || !conn->out)
1332 if (conn->pending_sec_level == BT_SECURITY_SDP)
1335 /* Only request authentication for SSP connections or non-SSP
1336 * devices with sec_level HIGH or if MITM protection is requested */
1337 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1338 conn->pending_sec_level != BT_SECURITY_HIGH)
1344 static int hci_resolve_name(struct hci_dev *hdev,
1345 struct inquiry_entry *e)
1347 struct hci_cp_remote_name_req cp;
1349 memset(&cp, 0, sizeof(cp));
1351 bacpy(&cp.bdaddr, &e->data.bdaddr);
1352 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1353 cp.pscan_mode = e->data.pscan_mode;
1354 cp.clock_offset = e->data.clock_offset;
1356 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1359 static bool hci_resolve_next_name(struct hci_dev *hdev)
1361 struct discovery_state *discov = &hdev->discovery;
1362 struct inquiry_entry *e;
1364 if (list_empty(&discov->resolve))
1367 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1371 if (hci_resolve_name(hdev, e) == 0) {
1372 e->name_state = NAME_PENDING;
1379 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1380 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1382 struct discovery_state *discov = &hdev->discovery;
1383 struct inquiry_entry *e;
1385 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1386 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1387 name_len, conn->dev_class);
1389 if (discov->state == DISCOVERY_STOPPED)
1392 if (discov->state == DISCOVERY_STOPPING)
1393 goto discov_complete;
1395 if (discov->state != DISCOVERY_RESOLVING)
1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1399 /* If the device was not found in a list of found devices names of which
1400 * are pending. there is no need to continue resolving a next name as it
1401 * will be done upon receiving another Remote Name Request Complete
1408 e->name_state = NAME_KNOWN;
1409 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1410 e->data.rssi, name, name_len);
1412 e->name_state = NAME_NOT_KNOWN;
1415 if (hci_resolve_next_name(hdev))
1419 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1422 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1424 struct hci_cp_remote_name_req *cp;
1425 struct hci_conn *conn;
1427 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1429 /* If successful wait for the name req complete event before
1430 * checking for the need to do authentication */
1434 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1440 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1442 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1443 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1448 if (!hci_outgoing_auth_needed(hdev, conn))
1451 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1452 struct hci_cp_auth_requested cp;
1453 cp.handle = __cpu_to_le16(conn->handle);
1454 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1458 hci_dev_unlock(hdev);
1461 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1463 struct hci_cp_read_remote_features *cp;
1464 struct hci_conn *conn;
1466 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1471 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1477 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1479 if (conn->state == BT_CONFIG) {
1480 hci_proto_connect_cfm(conn, status);
1485 hci_dev_unlock(hdev);
1488 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1490 struct hci_cp_read_remote_ext_features *cp;
1491 struct hci_conn *conn;
1493 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1498 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1504 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1506 if (conn->state == BT_CONFIG) {
1507 hci_proto_connect_cfm(conn, status);
1512 hci_dev_unlock(hdev);
1515 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1517 struct hci_cp_setup_sync_conn *cp;
1518 struct hci_conn *acl, *sco;
1521 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1526 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1530 handle = __le16_to_cpu(cp->handle);
1532 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1536 acl = hci_conn_hash_lookup_handle(hdev, handle);
1540 sco->state = BT_CLOSED;
1542 hci_proto_connect_cfm(sco, status);
1547 hci_dev_unlock(hdev);
1550 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1552 struct hci_cp_sniff_mode *cp;
1553 struct hci_conn *conn;
1555 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1560 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1566 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1568 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1570 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1571 hci_sco_setup(conn, status);
1574 hci_dev_unlock(hdev);
1577 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1579 struct hci_cp_exit_sniff_mode *cp;
1580 struct hci_conn *conn;
1582 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1587 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1593 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1595 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1597 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1598 hci_sco_setup(conn, status);
1601 hci_dev_unlock(hdev);
1604 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1606 struct hci_cp_disconnect *cp;
1607 struct hci_conn *conn;
1612 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1618 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1620 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1621 conn->dst_type, status);
1623 hci_dev_unlock(hdev);
1626 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1628 struct hci_conn *conn;
1630 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1635 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1637 hci_dev_unlock(hdev);
1641 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst),
1644 conn->state = BT_CLOSED;
1645 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1646 conn->dst_type, status);
1647 hci_proto_connect_cfm(conn, status);
1650 hci_dev_unlock(hdev);
1654 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1656 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1659 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1661 __u8 status = *((__u8 *) skb->data);
1662 struct discovery_state *discov = &hdev->discovery;
1663 struct inquiry_entry *e;
1665 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1667 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1669 hci_conn_check_pending(hdev);
1671 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1674 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1679 if (discov->state != DISCOVERY_FINDING)
1682 if (list_empty(&discov->resolve)) {
1683 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1687 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1688 if (e && hci_resolve_name(hdev, e) == 0) {
1689 e->name_state = NAME_PENDING;
1690 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1692 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1696 hci_dev_unlock(hdev);
1699 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1701 struct inquiry_data data;
1702 struct inquiry_info *info = (void *) (skb->data + 1);
1703 int num_rsp = *((__u8 *) skb->data);
1705 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1710 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1715 for (; num_rsp; num_rsp--, info++) {
1716 bool name_known, ssp;
1718 bacpy(&data.bdaddr, &info->bdaddr);
1719 data.pscan_rep_mode = info->pscan_rep_mode;
1720 data.pscan_period_mode = info->pscan_period_mode;
1721 data.pscan_mode = info->pscan_mode;
1722 memcpy(data.dev_class, info->dev_class, 3);
1723 data.clock_offset = info->clock_offset;
1725 data.ssp_mode = 0x00;
1727 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1728 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1729 info->dev_class, 0, !name_known, ssp, NULL,
1733 hci_dev_unlock(hdev);
1736 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1738 struct hci_ev_conn_complete *ev = (void *) skb->data;
1739 struct hci_conn *conn;
1741 BT_DBG("%s", hdev->name);
1745 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1747 if (ev->link_type != SCO_LINK)
1750 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1754 conn->type = SCO_LINK;
1758 conn->handle = __le16_to_cpu(ev->handle);
1760 if (conn->type == ACL_LINK) {
1761 conn->state = BT_CONFIG;
1762 hci_conn_hold(conn);
1764 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1765 !hci_find_link_key(hdev, &ev->bdaddr))
1766 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1768 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1770 conn->state = BT_CONNECTED;
1772 hci_conn_hold_device(conn);
1773 hci_conn_add_sysfs(conn);
1775 if (test_bit(HCI_AUTH, &hdev->flags))
1776 conn->link_mode |= HCI_LM_AUTH;
1778 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1779 conn->link_mode |= HCI_LM_ENCRYPT;
1781 /* Get remote features */
1782 if (conn->type == ACL_LINK) {
1783 struct hci_cp_read_remote_features cp;
1784 cp.handle = ev->handle;
1785 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1789 /* Set packet type for incoming connection */
1790 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1791 struct hci_cp_change_conn_ptype cp;
1792 cp.handle = ev->handle;
1793 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1794 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1798 conn->state = BT_CLOSED;
1799 if (conn->type == ACL_LINK)
1800 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1801 conn->dst_type, ev->status);
1804 if (conn->type == ACL_LINK)
1805 hci_sco_setup(conn, ev->status);
1808 hci_proto_connect_cfm(conn, ev->status);
1810 } else if (ev->link_type != ACL_LINK)
1811 hci_proto_connect_cfm(conn, ev->status);
1814 hci_dev_unlock(hdev);
1816 hci_conn_check_pending(hdev);
1819 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1821 struct hci_ev_conn_request *ev = (void *) skb->data;
1822 int mask = hdev->link_mode;
1824 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1827 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1829 if ((mask & HCI_LM_ACCEPT) &&
1830 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1831 /* Connection accepted */
1832 struct inquiry_entry *ie;
1833 struct hci_conn *conn;
1837 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1839 memcpy(ie->data.dev_class, ev->dev_class, 3);
1841 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1844 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1846 BT_ERR("No memory for new connection");
1847 hci_dev_unlock(hdev);
1852 memcpy(conn->dev_class, ev->dev_class, 3);
1853 conn->state = BT_CONNECT;
1855 hci_dev_unlock(hdev);
1857 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1858 struct hci_cp_accept_conn_req cp;
1860 bacpy(&cp.bdaddr, &ev->bdaddr);
1862 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1863 cp.role = 0x00; /* Become master */
1865 cp.role = 0x01; /* Remain slave */
1867 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1870 struct hci_cp_accept_sync_conn_req cp;
1872 bacpy(&cp.bdaddr, &ev->bdaddr);
1873 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1875 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1876 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1877 cp.max_latency = __constant_cpu_to_le16(0xffff);
1878 cp.content_format = cpu_to_le16(hdev->voice_setting);
1879 cp.retrans_effort = 0xff;
1881 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1885 /* Connection rejected */
1886 struct hci_cp_reject_conn_req cp;
1888 bacpy(&cp.bdaddr, &ev->bdaddr);
1889 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1890 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1894 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1896 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1897 struct hci_conn *conn;
1899 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1903 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1907 if (ev->status == 0)
1908 conn->state = BT_CLOSED;
1910 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1911 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1912 if (ev->status != 0)
1913 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1914 conn->dst_type, ev->status);
1916 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1920 if (ev->status == 0) {
1921 if (conn->type == ACL_LINK && conn->flush_key)
1922 hci_remove_link_key(hdev, &conn->dst);
1923 hci_proto_disconn_cfm(conn, ev->reason);
1928 hci_dev_unlock(hdev);
1931 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1933 struct hci_ev_auth_complete *ev = (void *) skb->data;
1934 struct hci_conn *conn;
1936 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1940 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1945 if (!hci_conn_ssp_enabled(conn) &&
1946 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1947 BT_INFO("re-auth of legacy device is not possible.");
1949 conn->link_mode |= HCI_LM_AUTH;
1950 conn->sec_level = conn->pending_sec_level;
1953 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1957 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1958 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1960 if (conn->state == BT_CONFIG) {
1961 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1962 struct hci_cp_set_conn_encrypt cp;
1963 cp.handle = ev->handle;
1965 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1968 conn->state = BT_CONNECTED;
1969 hci_proto_connect_cfm(conn, ev->status);
1973 hci_auth_cfm(conn, ev->status);
1975 hci_conn_hold(conn);
1976 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1980 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1982 struct hci_cp_set_conn_encrypt cp;
1983 cp.handle = ev->handle;
1985 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1988 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1989 hci_encrypt_cfm(conn, ev->status, 0x00);
1994 hci_dev_unlock(hdev);
1997 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1999 struct hci_ev_remote_name *ev = (void *) skb->data;
2000 struct hci_conn *conn;
2002 BT_DBG("%s", hdev->name);
2004 hci_conn_check_pending(hdev);
2008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2010 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2013 if (ev->status == 0)
2014 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2015 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2017 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2023 if (!hci_outgoing_auth_needed(hdev, conn))
2026 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2027 struct hci_cp_auth_requested cp;
2028 cp.handle = __cpu_to_le16(conn->handle);
2029 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2033 hci_dev_unlock(hdev);
2036 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2038 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2039 struct hci_conn *conn;
2041 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2045 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2049 /* Encryption implies authentication */
2050 conn->link_mode |= HCI_LM_AUTH;
2051 conn->link_mode |= HCI_LM_ENCRYPT;
2052 conn->sec_level = conn->pending_sec_level;
2054 conn->link_mode &= ~HCI_LM_ENCRYPT;
2057 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2059 if (ev->status && conn->state == BT_CONNECTED) {
2060 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2065 if (conn->state == BT_CONFIG) {
2067 conn->state = BT_CONNECTED;
2069 hci_proto_connect_cfm(conn, ev->status);
2072 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2076 hci_dev_unlock(hdev);
2079 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2080 struct sk_buff *skb)
2082 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2083 struct hci_conn *conn;
2085 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2089 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2092 conn->link_mode |= HCI_LM_SECURE;
2094 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2096 hci_key_change_cfm(conn, ev->status);
2099 hci_dev_unlock(hdev);
2102 static void hci_remote_features_evt(struct hci_dev *hdev,
2103 struct sk_buff *skb)
2105 struct hci_ev_remote_features *ev = (void *) skb->data;
2106 struct hci_conn *conn;
2108 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2117 memcpy(conn->features, ev->features, 8);
2119 if (conn->state != BT_CONFIG)
2122 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2123 struct hci_cp_read_remote_ext_features cp;
2124 cp.handle = ev->handle;
2126 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2131 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2132 struct hci_cp_remote_name_req cp;
2133 memset(&cp, 0, sizeof(cp));
2134 bacpy(&cp.bdaddr, &conn->dst);
2135 cp.pscan_rep_mode = 0x02;
2136 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2137 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2138 mgmt_device_connected(hdev, &conn->dst, conn->type,
2139 conn->dst_type, 0, NULL, 0,
2142 if (!hci_outgoing_auth_needed(hdev, conn)) {
2143 conn->state = BT_CONNECTED;
2144 hci_proto_connect_cfm(conn, ev->status);
2149 hci_dev_unlock(hdev);
2152 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2154 BT_DBG("%s", hdev->name);
2157 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2158 struct sk_buff *skb)
2160 BT_DBG("%s", hdev->name);
2163 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2165 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2168 skb_pull(skb, sizeof(*ev));
2170 opcode = __le16_to_cpu(ev->opcode);
2173 case HCI_OP_INQUIRY_CANCEL:
2174 hci_cc_inquiry_cancel(hdev, skb);
2177 case HCI_OP_PERIODIC_INQ:
2178 hci_cc_periodic_inq(hdev, skb);
2181 case HCI_OP_EXIT_PERIODIC_INQ:
2182 hci_cc_exit_periodic_inq(hdev, skb);
2185 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2186 hci_cc_remote_name_req_cancel(hdev, skb);
2189 case HCI_OP_ROLE_DISCOVERY:
2190 hci_cc_role_discovery(hdev, skb);
2193 case HCI_OP_READ_LINK_POLICY:
2194 hci_cc_read_link_policy(hdev, skb);
2197 case HCI_OP_WRITE_LINK_POLICY:
2198 hci_cc_write_link_policy(hdev, skb);
2201 case HCI_OP_READ_DEF_LINK_POLICY:
2202 hci_cc_read_def_link_policy(hdev, skb);
2205 case HCI_OP_WRITE_DEF_LINK_POLICY:
2206 hci_cc_write_def_link_policy(hdev, skb);
2210 hci_cc_reset(hdev, skb);
2213 case HCI_OP_WRITE_LOCAL_NAME:
2214 hci_cc_write_local_name(hdev, skb);
2217 case HCI_OP_READ_LOCAL_NAME:
2218 hci_cc_read_local_name(hdev, skb);
2221 case HCI_OP_WRITE_AUTH_ENABLE:
2222 hci_cc_write_auth_enable(hdev, skb);
2225 case HCI_OP_WRITE_ENCRYPT_MODE:
2226 hci_cc_write_encrypt_mode(hdev, skb);
2229 case HCI_OP_WRITE_SCAN_ENABLE:
2230 hci_cc_write_scan_enable(hdev, skb);
2233 case HCI_OP_READ_CLASS_OF_DEV:
2234 hci_cc_read_class_of_dev(hdev, skb);
2237 case HCI_OP_WRITE_CLASS_OF_DEV:
2238 hci_cc_write_class_of_dev(hdev, skb);
2241 case HCI_OP_READ_VOICE_SETTING:
2242 hci_cc_read_voice_setting(hdev, skb);
2245 case HCI_OP_WRITE_VOICE_SETTING:
2246 hci_cc_write_voice_setting(hdev, skb);
2249 case HCI_OP_HOST_BUFFER_SIZE:
2250 hci_cc_host_buffer_size(hdev, skb);
2253 case HCI_OP_WRITE_SSP_MODE:
2254 hci_cc_write_ssp_mode(hdev, skb);
2257 case HCI_OP_READ_LOCAL_VERSION:
2258 hci_cc_read_local_version(hdev, skb);
2261 case HCI_OP_READ_LOCAL_COMMANDS:
2262 hci_cc_read_local_commands(hdev, skb);
2265 case HCI_OP_READ_LOCAL_FEATURES:
2266 hci_cc_read_local_features(hdev, skb);
2269 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2270 hci_cc_read_local_ext_features(hdev, skb);
2273 case HCI_OP_READ_BUFFER_SIZE:
2274 hci_cc_read_buffer_size(hdev, skb);
2277 case HCI_OP_READ_BD_ADDR:
2278 hci_cc_read_bd_addr(hdev, skb);
2281 case HCI_OP_READ_DATA_BLOCK_SIZE:
2282 hci_cc_read_data_block_size(hdev, skb);
2285 case HCI_OP_WRITE_CA_TIMEOUT:
2286 hci_cc_write_ca_timeout(hdev, skb);
2289 case HCI_OP_READ_FLOW_CONTROL_MODE:
2290 hci_cc_read_flow_control_mode(hdev, skb);
2293 case HCI_OP_READ_LOCAL_AMP_INFO:
2294 hci_cc_read_local_amp_info(hdev, skb);
2297 case HCI_OP_DELETE_STORED_LINK_KEY:
2298 hci_cc_delete_stored_link_key(hdev, skb);
2301 case HCI_OP_SET_EVENT_MASK:
2302 hci_cc_set_event_mask(hdev, skb);
2305 case HCI_OP_WRITE_INQUIRY_MODE:
2306 hci_cc_write_inquiry_mode(hdev, skb);
2309 case HCI_OP_READ_INQ_RSP_TX_POWER:
2310 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2313 case HCI_OP_SET_EVENT_FLT:
2314 hci_cc_set_event_flt(hdev, skb);
2317 case HCI_OP_PIN_CODE_REPLY:
2318 hci_cc_pin_code_reply(hdev, skb);
2321 case HCI_OP_PIN_CODE_NEG_REPLY:
2322 hci_cc_pin_code_neg_reply(hdev, skb);
2325 case HCI_OP_READ_LOCAL_OOB_DATA:
2326 hci_cc_read_local_oob_data_reply(hdev, skb);
2329 case HCI_OP_LE_READ_BUFFER_SIZE:
2330 hci_cc_le_read_buffer_size(hdev, skb);
2333 case HCI_OP_USER_CONFIRM_REPLY:
2334 hci_cc_user_confirm_reply(hdev, skb);
2337 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2338 hci_cc_user_confirm_neg_reply(hdev, skb);
2341 case HCI_OP_USER_PASSKEY_REPLY:
2342 hci_cc_user_passkey_reply(hdev, skb);
2345 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2346 hci_cc_user_passkey_neg_reply(hdev, skb);
2349 case HCI_OP_LE_SET_SCAN_PARAM:
2350 hci_cc_le_set_scan_param(hdev, skb);
2353 case HCI_OP_LE_SET_SCAN_ENABLE:
2354 hci_cc_le_set_scan_enable(hdev, skb);
2357 case HCI_OP_LE_LTK_REPLY:
2358 hci_cc_le_ltk_reply(hdev, skb);
2361 case HCI_OP_LE_LTK_NEG_REPLY:
2362 hci_cc_le_ltk_neg_reply(hdev, skb);
2365 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2366 hci_cc_write_le_host_supported(hdev, skb);
2370 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2374 if (ev->opcode != HCI_OP_NOP)
2375 del_timer(&hdev->cmd_timer);
2378 atomic_set(&hdev->cmd_cnt, 1);
2379 if (!skb_queue_empty(&hdev->cmd_q))
2380 queue_work(hdev->workqueue, &hdev->cmd_work);
2384 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2386 struct hci_ev_cmd_status *ev = (void *) skb->data;
2389 skb_pull(skb, sizeof(*ev));
2391 opcode = __le16_to_cpu(ev->opcode);
2394 case HCI_OP_INQUIRY:
2395 hci_cs_inquiry(hdev, ev->status);
2398 case HCI_OP_CREATE_CONN:
2399 hci_cs_create_conn(hdev, ev->status);
2402 case HCI_OP_ADD_SCO:
2403 hci_cs_add_sco(hdev, ev->status);
2406 case HCI_OP_AUTH_REQUESTED:
2407 hci_cs_auth_requested(hdev, ev->status);
2410 case HCI_OP_SET_CONN_ENCRYPT:
2411 hci_cs_set_conn_encrypt(hdev, ev->status);
2414 case HCI_OP_REMOTE_NAME_REQ:
2415 hci_cs_remote_name_req(hdev, ev->status);
2418 case HCI_OP_READ_REMOTE_FEATURES:
2419 hci_cs_read_remote_features(hdev, ev->status);
2422 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2423 hci_cs_read_remote_ext_features(hdev, ev->status);
2426 case HCI_OP_SETUP_SYNC_CONN:
2427 hci_cs_setup_sync_conn(hdev, ev->status);
2430 case HCI_OP_SNIFF_MODE:
2431 hci_cs_sniff_mode(hdev, ev->status);
2434 case HCI_OP_EXIT_SNIFF_MODE:
2435 hci_cs_exit_sniff_mode(hdev, ev->status);
2438 case HCI_OP_DISCONNECT:
2439 hci_cs_disconnect(hdev, ev->status);
2442 case HCI_OP_LE_CREATE_CONN:
2443 hci_cs_le_create_conn(hdev, ev->status);
2446 case HCI_OP_LE_START_ENC:
2447 hci_cs_le_start_enc(hdev, ev->status);
2451 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2455 if (ev->opcode != HCI_OP_NOP)
2456 del_timer(&hdev->cmd_timer);
2458 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2459 atomic_set(&hdev->cmd_cnt, 1);
2460 if (!skb_queue_empty(&hdev->cmd_q))
2461 queue_work(hdev->workqueue, &hdev->cmd_work);
2465 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2467 struct hci_ev_role_change *ev = (void *) skb->data;
2468 struct hci_conn *conn;
2470 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2474 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2478 conn->link_mode &= ~HCI_LM_MASTER;
2480 conn->link_mode |= HCI_LM_MASTER;
2483 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2485 hci_role_switch_cfm(conn, ev->status, ev->role);
2488 hci_dev_unlock(hdev);
2491 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2493 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2496 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2497 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2501 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2502 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2503 BT_DBG("%s bad parameters", hdev->name);
2507 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2509 for (i = 0; i < ev->num_hndl; i++) {
2510 struct hci_comp_pkts_info *info = &ev->handles[i];
2511 struct hci_conn *conn;
2512 __u16 handle, count;
2514 handle = __le16_to_cpu(info->handle);
2515 count = __le16_to_cpu(info->count);
2517 conn = hci_conn_hash_lookup_handle(hdev, handle);
2521 conn->sent -= count;
2523 switch (conn->type) {
2525 hdev->acl_cnt += count;
2526 if (hdev->acl_cnt > hdev->acl_pkts)
2527 hdev->acl_cnt = hdev->acl_pkts;
2531 if (hdev->le_pkts) {
2532 hdev->le_cnt += count;
2533 if (hdev->le_cnt > hdev->le_pkts)
2534 hdev->le_cnt = hdev->le_pkts;
2536 hdev->acl_cnt += count;
2537 if (hdev->acl_cnt > hdev->acl_pkts)
2538 hdev->acl_cnt = hdev->acl_pkts;
2543 hdev->sco_cnt += count;
2544 if (hdev->sco_cnt > hdev->sco_pkts)
2545 hdev->sco_cnt = hdev->sco_pkts;
2549 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2554 queue_work(hdev->workqueue, &hdev->tx_work);
2557 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2559 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2562 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2563 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2567 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2568 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2569 BT_DBG("%s bad parameters", hdev->name);
2573 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2576 for (i = 0; i < ev->num_hndl; i++) {
2577 struct hci_comp_blocks_info *info = &ev->handles[i];
2578 struct hci_conn *conn;
2579 __u16 handle, block_count;
2581 handle = __le16_to_cpu(info->handle);
2582 block_count = __le16_to_cpu(info->blocks);
2584 conn = hci_conn_hash_lookup_handle(hdev, handle);
2588 conn->sent -= block_count;
2590 switch (conn->type) {
2592 hdev->block_cnt += block_count;
2593 if (hdev->block_cnt > hdev->num_blocks)
2594 hdev->block_cnt = hdev->num_blocks;
2598 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2603 queue_work(hdev->workqueue, &hdev->tx_work);
2606 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2608 struct hci_ev_mode_change *ev = (void *) skb->data;
2609 struct hci_conn *conn;
2611 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2615 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2617 conn->mode = ev->mode;
2618 conn->interval = __le16_to_cpu(ev->interval);
2620 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2622 if (conn->mode == HCI_CM_ACTIVE)
2623 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2625 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2628 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2629 hci_sco_setup(conn, ev->status);
2632 hci_dev_unlock(hdev);
2635 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2637 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2638 struct hci_conn *conn;
2640 BT_DBG("%s", hdev->name);
2644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2648 if (conn->state == BT_CONNECTED) {
2649 hci_conn_hold(conn);
2650 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2654 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2655 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2656 sizeof(ev->bdaddr), &ev->bdaddr);
2657 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2660 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2665 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2669 hci_dev_unlock(hdev);
2672 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2674 struct hci_ev_link_key_req *ev = (void *) skb->data;
2675 struct hci_cp_link_key_reply cp;
2676 struct hci_conn *conn;
2677 struct link_key *key;
2679 BT_DBG("%s", hdev->name);
2681 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2686 key = hci_find_link_key(hdev, &ev->bdaddr);
2688 BT_DBG("%s link key not found for %s", hdev->name,
2689 batostr(&ev->bdaddr));
2693 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2694 batostr(&ev->bdaddr));
2696 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2697 key->type == HCI_LK_DEBUG_COMBINATION) {
2698 BT_DBG("%s ignoring debug key", hdev->name);
2702 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2704 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2705 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2706 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2710 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2711 conn->pending_sec_level == BT_SECURITY_HIGH) {
2712 BT_DBG("%s ignoring key unauthenticated for high security",
2717 conn->key_type = key->type;
2718 conn->pin_length = key->pin_len;
2721 bacpy(&cp.bdaddr, &ev->bdaddr);
2722 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2724 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2726 hci_dev_unlock(hdev);
2731 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2732 hci_dev_unlock(hdev);
2735 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2738 struct hci_conn *conn;
2741 BT_DBG("%s", hdev->name);
2745 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2747 hci_conn_hold(conn);
2748 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2749 pin_len = conn->pin_length;
2751 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2752 conn->key_type = ev->key_type;
2757 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2758 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2759 ev->key_type, pin_len);
2761 hci_dev_unlock(hdev);
2764 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2766 struct hci_ev_clock_offset *ev = (void *) skb->data;
2767 struct hci_conn *conn;
2769 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2773 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2774 if (conn && !ev->status) {
2775 struct inquiry_entry *ie;
2777 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2779 ie->data.clock_offset = ev->clock_offset;
2780 ie->timestamp = jiffies;
2784 hci_dev_unlock(hdev);
2787 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2789 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2790 struct hci_conn *conn;
2792 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2796 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2797 if (conn && !ev->status)
2798 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2800 hci_dev_unlock(hdev);
2803 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2805 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2806 struct inquiry_entry *ie;
2808 BT_DBG("%s", hdev->name);
2812 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2814 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2815 ie->timestamp = jiffies;
2818 hci_dev_unlock(hdev);
2821 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2822 struct sk_buff *skb)
2824 struct inquiry_data data;
2825 int num_rsp = *((__u8 *) skb->data);
2826 bool name_known, ssp;
2828 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2833 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2838 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2839 struct inquiry_info_with_rssi_and_pscan_mode *info;
2840 info = (void *) (skb->data + 1);
2842 for (; num_rsp; num_rsp--, info++) {
2843 bacpy(&data.bdaddr, &info->bdaddr);
2844 data.pscan_rep_mode = info->pscan_rep_mode;
2845 data.pscan_period_mode = info->pscan_period_mode;
2846 data.pscan_mode = info->pscan_mode;
2847 memcpy(data.dev_class, info->dev_class, 3);
2848 data.clock_offset = info->clock_offset;
2849 data.rssi = info->rssi;
2850 data.ssp_mode = 0x00;
2852 name_known = hci_inquiry_cache_update(hdev, &data,
2854 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2855 info->dev_class, info->rssi,
2856 !name_known, ssp, NULL, 0);
2859 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2861 for (; num_rsp; num_rsp--, info++) {
2862 bacpy(&data.bdaddr, &info->bdaddr);
2863 data.pscan_rep_mode = info->pscan_rep_mode;
2864 data.pscan_period_mode = info->pscan_period_mode;
2865 data.pscan_mode = 0x00;
2866 memcpy(data.dev_class, info->dev_class, 3);
2867 data.clock_offset = info->clock_offset;
2868 data.rssi = info->rssi;
2869 data.ssp_mode = 0x00;
2870 name_known = hci_inquiry_cache_update(hdev, &data,
2872 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2873 info->dev_class, info->rssi,
2874 !name_known, ssp, NULL, 0);
2878 hci_dev_unlock(hdev);
2881 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2882 struct sk_buff *skb)
2884 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2885 struct hci_conn *conn;
2887 BT_DBG("%s", hdev->name);
2891 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2895 if (!ev->status && ev->page == 0x01) {
2896 struct inquiry_entry *ie;
2898 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2900 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2902 if (ev->features[0] & LMP_HOST_SSP)
2903 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2906 if (conn->state != BT_CONFIG)
2909 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2910 struct hci_cp_remote_name_req cp;
2911 memset(&cp, 0, sizeof(cp));
2912 bacpy(&cp.bdaddr, &conn->dst);
2913 cp.pscan_rep_mode = 0x02;
2914 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2915 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2916 mgmt_device_connected(hdev, &conn->dst, conn->type,
2917 conn->dst_type, 0, NULL, 0,
2920 if (!hci_outgoing_auth_needed(hdev, conn)) {
2921 conn->state = BT_CONNECTED;
2922 hci_proto_connect_cfm(conn, ev->status);
2927 hci_dev_unlock(hdev);
2930 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2931 struct sk_buff *skb)
2933 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2934 struct hci_conn *conn;
2936 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2940 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2942 if (ev->link_type == ESCO_LINK)
2945 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2949 conn->type = SCO_LINK;
2952 switch (ev->status) {
2954 conn->handle = __le16_to_cpu(ev->handle);
2955 conn->state = BT_CONNECTED;
2957 hci_conn_hold_device(conn);
2958 hci_conn_add_sysfs(conn);
2961 case 0x11: /* Unsupported Feature or Parameter Value */
2962 case 0x1c: /* SCO interval rejected */
2963 case 0x1a: /* Unsupported Remote Feature */
2964 case 0x1f: /* Unspecified error */
2965 if (conn->out && conn->attempt < 2) {
2966 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2967 (hdev->esco_type & EDR_ESCO_MASK);
2968 hci_setup_sync(conn, conn->link->handle);
2974 conn->state = BT_CLOSED;
2978 hci_proto_connect_cfm(conn, ev->status);
2983 hci_dev_unlock(hdev);
2986 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2988 BT_DBG("%s", hdev->name);
2991 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2993 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2995 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2998 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2999 struct sk_buff *skb)
3001 struct inquiry_data data;
3002 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3003 int num_rsp = *((__u8 *) skb->data);
3006 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3011 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3016 for (; num_rsp; num_rsp--, info++) {
3017 bool name_known, ssp;
3019 bacpy(&data.bdaddr, &info->bdaddr);
3020 data.pscan_rep_mode = info->pscan_rep_mode;
3021 data.pscan_period_mode = info->pscan_period_mode;
3022 data.pscan_mode = 0x00;
3023 memcpy(data.dev_class, info->dev_class, 3);
3024 data.clock_offset = info->clock_offset;
3025 data.rssi = info->rssi;
3026 data.ssp_mode = 0x01;
3028 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3029 name_known = eir_has_data_type(info->data,
3035 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3037 eir_len = eir_get_length(info->data, sizeof(info->data));
3038 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3039 info->dev_class, info->rssi, !name_known,
3040 ssp, info->data, eir_len);
3043 hci_dev_unlock(hdev);
3046 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3047 struct sk_buff *skb)
3049 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3050 struct hci_conn *conn;
3052 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3053 __le16_to_cpu(ev->handle));
3057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3062 conn->sec_level = conn->pending_sec_level;
3064 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3066 if (ev->status && conn->state == BT_CONNECTED) {
3067 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3072 if (conn->state == BT_CONFIG) {
3074 conn->state = BT_CONNECTED;
3076 hci_proto_connect_cfm(conn, ev->status);
3079 hci_auth_cfm(conn, ev->status);
3081 hci_conn_hold(conn);
3082 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3087 hci_dev_unlock(hdev);
3090 static u8 hci_get_auth_req(struct hci_conn *conn)
3092 /* If remote requests dedicated bonding follow that lead */
3093 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3094 /* If both remote and local IO capabilities allow MITM
3095 * protection then require it, otherwise don't */
3096 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3102 /* If remote requests no-bonding follow that lead */
3103 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3104 return conn->remote_auth | (conn->auth_type & 0x01);
3106 return conn->auth_type;
3109 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3111 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3112 struct hci_conn *conn;
3114 BT_DBG("%s", hdev->name);
3118 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3122 hci_conn_hold(conn);
3124 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3127 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3128 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3129 struct hci_cp_io_capability_reply cp;
3131 bacpy(&cp.bdaddr, &ev->bdaddr);
3132 /* Change the IO capability from KeyboardDisplay
3133 * to DisplayYesNo as it is not supported by BT spec. */
3134 cp.capability = (conn->io_capability == 0x04) ?
3135 0x01 : conn->io_capability;
3136 conn->auth_type = hci_get_auth_req(conn);
3137 cp.authentication = conn->auth_type;
3139 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3140 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3145 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3148 struct hci_cp_io_capability_neg_reply cp;
3150 bacpy(&cp.bdaddr, &ev->bdaddr);
3151 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3153 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3158 hci_dev_unlock(hdev);
3161 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3163 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3164 struct hci_conn *conn;
3166 BT_DBG("%s", hdev->name);
3170 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3174 conn->remote_cap = ev->capability;
3175 conn->remote_auth = ev->authentication;
3177 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3180 hci_dev_unlock(hdev);
3183 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3184 struct sk_buff *skb)
3186 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3187 int loc_mitm, rem_mitm, confirm_hint = 0;
3188 struct hci_conn *conn;
3190 BT_DBG("%s", hdev->name);
3194 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3197 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3201 loc_mitm = (conn->auth_type & 0x01);
3202 rem_mitm = (conn->remote_auth & 0x01);
3204 /* If we require MITM but the remote device can't provide that
3205 * (it has NoInputNoOutput) then reject the confirmation
3206 * request. The only exception is when we're dedicated bonding
3207 * initiators (connect_cfm_cb set) since then we always have the MITM
3209 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3210 BT_DBG("Rejecting request: remote device can't provide MITM");
3211 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3212 sizeof(ev->bdaddr), &ev->bdaddr);
3216 /* If no side requires MITM protection; auto-accept */
3217 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3218 (!rem_mitm || conn->io_capability == 0x03)) {
3220 /* If we're not the initiators request authorization to
3221 * proceed from user space (mgmt_user_confirm with
3222 * confirm_hint set to 1). */
3223 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3224 BT_DBG("Confirming auto-accept as acceptor");
3229 BT_DBG("Auto-accept of user confirmation with %ums delay",
3230 hdev->auto_accept_delay);
3232 if (hdev->auto_accept_delay > 0) {
3233 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3234 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3238 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3239 sizeof(ev->bdaddr), &ev->bdaddr);
3244 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3248 hci_dev_unlock(hdev);
3251 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3252 struct sk_buff *skb)
3254 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3256 BT_DBG("%s", hdev->name);
3258 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3259 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3262 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3263 struct sk_buff *skb)
3265 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3266 struct hci_conn *conn;
3268 BT_DBG("%s", hdev->name);
3272 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3276 /* To avoid duplicate auth_failed events to user space we check
3277 * the HCI_CONN_AUTH_PEND flag which will be set if we
3278 * initiated the authentication. A traditional auth_complete
3279 * event gets always produced as initiator and is also mapped to
3280 * the mgmt_auth_failed event */
3281 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3282 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3288 hci_dev_unlock(hdev);
3291 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3292 struct sk_buff *skb)
3294 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3295 struct inquiry_entry *ie;
3297 BT_DBG("%s", hdev->name);
3301 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3303 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3305 hci_dev_unlock(hdev);
3308 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3311 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3312 struct oob_data *data;
3314 BT_DBG("%s", hdev->name);
3318 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3321 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3323 struct hci_cp_remote_oob_data_reply cp;
3325 bacpy(&cp.bdaddr, &ev->bdaddr);
3326 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3327 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3329 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3332 struct hci_cp_remote_oob_data_neg_reply cp;
3334 bacpy(&cp.bdaddr, &ev->bdaddr);
3335 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3340 hci_dev_unlock(hdev);
3343 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3345 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3346 struct hci_conn *conn;
3348 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3352 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3354 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3356 BT_ERR("No memory for new connection");
3360 conn->dst_type = ev->bdaddr_type;
3362 if (ev->role == LE_CONN_ROLE_MASTER) {
3364 conn->link_mode |= HCI_LM_MASTER;
3369 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3370 conn->dst_type, ev->status);
3371 hci_proto_connect_cfm(conn, ev->status);
3372 conn->state = BT_CLOSED;
3377 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3378 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3379 conn->dst_type, 0, NULL, 0, NULL);
3381 conn->sec_level = BT_SECURITY_LOW;
3382 conn->handle = __le16_to_cpu(ev->handle);
3383 conn->state = BT_CONNECTED;
3385 hci_conn_hold_device(conn);
3386 hci_conn_add_sysfs(conn);
3388 hci_proto_connect_cfm(conn, ev->status);
3391 hci_dev_unlock(hdev);
3394 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3396 u8 num_reports = skb->data[0];
3397 void *ptr = &skb->data[1];
3402 while (num_reports--) {
3403 struct hci_ev_le_advertising_info *ev = ptr;
3405 rssi = ev->data[ev->length];
3406 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3407 NULL, rssi, 0, 1, ev->data, ev->length);
3409 ptr += sizeof(*ev) + ev->length + 1;
3412 hci_dev_unlock(hdev);
3415 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3417 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3418 struct hci_cp_le_ltk_reply cp;
3419 struct hci_cp_le_ltk_neg_reply neg;
3420 struct hci_conn *conn;
3421 struct smp_ltk *ltk;
3423 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3427 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3431 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3435 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3436 cp.handle = cpu_to_le16(conn->handle);
3438 if (ltk->authenticated)
3439 conn->sec_level = BT_SECURITY_HIGH;
3441 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3443 if (ltk->type & HCI_SMP_STK) {
3444 list_del(<k->list);
3448 hci_dev_unlock(hdev);
3453 neg.handle = ev->handle;
3454 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3455 hci_dev_unlock(hdev);
3458 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3460 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3462 skb_pull(skb, sizeof(*le_ev));
3464 switch (le_ev->subevent) {
3465 case HCI_EV_LE_CONN_COMPLETE:
3466 hci_le_conn_complete_evt(hdev, skb);
3469 case HCI_EV_LE_ADVERTISING_REPORT:
3470 hci_le_adv_report_evt(hdev, skb);
3473 case HCI_EV_LE_LTK_REQ:
3474 hci_le_ltk_request_evt(hdev, skb);
3482 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3484 struct hci_event_hdr *hdr = (void *) skb->data;
3485 __u8 event = hdr->evt;
3487 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3490 case HCI_EV_INQUIRY_COMPLETE:
3491 hci_inquiry_complete_evt(hdev, skb);
3494 case HCI_EV_INQUIRY_RESULT:
3495 hci_inquiry_result_evt(hdev, skb);
3498 case HCI_EV_CONN_COMPLETE:
3499 hci_conn_complete_evt(hdev, skb);
3502 case HCI_EV_CONN_REQUEST:
3503 hci_conn_request_evt(hdev, skb);
3506 case HCI_EV_DISCONN_COMPLETE:
3507 hci_disconn_complete_evt(hdev, skb);
3510 case HCI_EV_AUTH_COMPLETE:
3511 hci_auth_complete_evt(hdev, skb);
3514 case HCI_EV_REMOTE_NAME:
3515 hci_remote_name_evt(hdev, skb);
3518 case HCI_EV_ENCRYPT_CHANGE:
3519 hci_encrypt_change_evt(hdev, skb);
3522 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3523 hci_change_link_key_complete_evt(hdev, skb);
3526 case HCI_EV_REMOTE_FEATURES:
3527 hci_remote_features_evt(hdev, skb);
3530 case HCI_EV_REMOTE_VERSION:
3531 hci_remote_version_evt(hdev, skb);
3534 case HCI_EV_QOS_SETUP_COMPLETE:
3535 hci_qos_setup_complete_evt(hdev, skb);
3538 case HCI_EV_CMD_COMPLETE:
3539 hci_cmd_complete_evt(hdev, skb);
3542 case HCI_EV_CMD_STATUS:
3543 hci_cmd_status_evt(hdev, skb);
3546 case HCI_EV_ROLE_CHANGE:
3547 hci_role_change_evt(hdev, skb);
3550 case HCI_EV_NUM_COMP_PKTS:
3551 hci_num_comp_pkts_evt(hdev, skb);
3554 case HCI_EV_MODE_CHANGE:
3555 hci_mode_change_evt(hdev, skb);
3558 case HCI_EV_PIN_CODE_REQ:
3559 hci_pin_code_request_evt(hdev, skb);
3562 case HCI_EV_LINK_KEY_REQ:
3563 hci_link_key_request_evt(hdev, skb);
3566 case HCI_EV_LINK_KEY_NOTIFY:
3567 hci_link_key_notify_evt(hdev, skb);
3570 case HCI_EV_CLOCK_OFFSET:
3571 hci_clock_offset_evt(hdev, skb);
3574 case HCI_EV_PKT_TYPE_CHANGE:
3575 hci_pkt_type_change_evt(hdev, skb);
3578 case HCI_EV_PSCAN_REP_MODE:
3579 hci_pscan_rep_mode_evt(hdev, skb);
3582 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3583 hci_inquiry_result_with_rssi_evt(hdev, skb);
3586 case HCI_EV_REMOTE_EXT_FEATURES:
3587 hci_remote_ext_features_evt(hdev, skb);
3590 case HCI_EV_SYNC_CONN_COMPLETE:
3591 hci_sync_conn_complete_evt(hdev, skb);
3594 case HCI_EV_SYNC_CONN_CHANGED:
3595 hci_sync_conn_changed_evt(hdev, skb);
3598 case HCI_EV_SNIFF_SUBRATE:
3599 hci_sniff_subrate_evt(hdev, skb);
3602 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3603 hci_extended_inquiry_result_evt(hdev, skb);
3606 case HCI_EV_KEY_REFRESH_COMPLETE:
3607 hci_key_refresh_complete_evt(hdev, skb);
3610 case HCI_EV_IO_CAPA_REQUEST:
3611 hci_io_capa_request_evt(hdev, skb);
3614 case HCI_EV_IO_CAPA_REPLY:
3615 hci_io_capa_reply_evt(hdev, skb);
3618 case HCI_EV_USER_CONFIRM_REQUEST:
3619 hci_user_confirm_request_evt(hdev, skb);
3622 case HCI_EV_USER_PASSKEY_REQUEST:
3623 hci_user_passkey_request_evt(hdev, skb);
3626 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3627 hci_simple_pair_complete_evt(hdev, skb);
3630 case HCI_EV_REMOTE_HOST_FEATURES:
3631 hci_remote_host_features_evt(hdev, skb);
3634 case HCI_EV_LE_META:
3635 hci_le_meta_evt(hdev, skb);
3638 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3639 hci_remote_oob_data_request_evt(hdev, skb);
3642 case HCI_EV_NUM_COMP_BLOCKS:
3643 hci_num_comp_blocks_evt(hdev, skb);
3647 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3652 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob