2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
205 __u8 status = *((__u8 *) skb->data);
208 BT_DBG("%s status 0x%2.2x", hdev->name, status);
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
221 hci_dev_unlock(hdev);
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
228 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%2.2x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
261 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
263 __u8 status = *((__u8 *) skb->data);
266 BT_DBG("%s status 0x%2.2x", hdev->name, status);
268 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
273 __u8 param = *((__u8 *) sent);
276 set_bit(HCI_ENCRYPT, &hdev->flags);
278 clear_bit(HCI_ENCRYPT, &hdev->flags);
282 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
288 BT_DBG("%s status 0x%2.2x", hdev->name, status);
290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
294 param = *((__u8 *) sent);
299 mgmt_write_scan_failed(hdev, param, status);
300 hdev->discov_timeout = 0;
304 /* We need to ensure that we set this back on if someone changed
305 * the scan mode through a raw HCI socket.
307 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
309 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
310 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
312 if (param & SCAN_INQUIRY) {
313 set_bit(HCI_ISCAN, &hdev->flags);
315 mgmt_discoverable(hdev, 1);
316 } else if (old_iscan)
317 mgmt_discoverable(hdev, 0);
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
322 mgmt_connectable(hdev, 1);
323 } else if (old_pscan)
324 mgmt_connectable(hdev, 0);
327 hci_dev_unlock(hdev);
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
334 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
339 memcpy(hdev->dev_class, rp->dev_class, 3);
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347 __u8 status = *((__u8 *) skb->data);
350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
352 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
359 memcpy(hdev->dev_class, sent, 3);
361 if (test_bit(HCI_MGMT, &hdev->dev_flags))
362 mgmt_set_class_of_dev_complete(hdev, sent, status);
364 hci_dev_unlock(hdev);
367 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
372 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
377 setting = __le16_to_cpu(rp->voice_setting);
379 if (hdev->voice_setting == setting)
382 hdev->voice_setting = setting;
384 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
387 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
390 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
393 __u8 status = *((__u8 *) skb->data);
397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
402 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
406 setting = get_unaligned_le16(sent);
408 if (hdev->voice_setting == setting)
411 hdev->voice_setting = setting;
413 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
416 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
419 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
424 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
429 hdev->num_iac = rp->num_iac;
431 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
437 struct hci_cp_write_ssp_mode *sent;
439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
441 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 hdev->features[1][0] |= LMP_HOST_SSP;
449 hdev->features[1][0] &= ~LMP_HOST_SSP;
452 if (test_bit(HCI_MGMT, &hdev->dev_flags))
453 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
464 struct hci_rp_read_local_version *rp = (void *) skb->data;
466 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
471 hdev->hci_ver = rp->hci_ver;
472 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
473 hdev->lmp_ver = rp->lmp_ver;
474 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
475 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
477 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
478 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
481 static void hci_cc_read_local_commands(struct hci_dev *hdev,
484 struct hci_rp_read_local_commands *rp = (void *) skb->data;
486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
489 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
492 static void hci_cc_read_local_features(struct hci_dev *hdev,
495 struct hci_rp_read_local_features *rp = (void *) skb->data;
497 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
502 memcpy(hdev->features, rp->features, 8);
504 /* Adjust default settings according to features
505 * supported by device. */
507 if (hdev->features[0][0] & LMP_3SLOT)
508 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
510 if (hdev->features[0][0] & LMP_5SLOT)
511 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
513 if (hdev->features[0][1] & LMP_HV2) {
514 hdev->pkt_type |= (HCI_HV2);
515 hdev->esco_type |= (ESCO_HV2);
518 if (hdev->features[0][1] & LMP_HV3) {
519 hdev->pkt_type |= (HCI_HV3);
520 hdev->esco_type |= (ESCO_HV3);
523 if (lmp_esco_capable(hdev))
524 hdev->esco_type |= (ESCO_EV3);
526 if (hdev->features[0][4] & LMP_EV4)
527 hdev->esco_type |= (ESCO_EV4);
529 if (hdev->features[0][4] & LMP_EV5)
530 hdev->esco_type |= (ESCO_EV5);
532 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
533 hdev->esco_type |= (ESCO_2EV3);
535 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
536 hdev->esco_type |= (ESCO_3EV3);
538 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
539 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
541 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
542 hdev->features[0][0], hdev->features[0][1],
543 hdev->features[0][2], hdev->features[0][3],
544 hdev->features[0][4], hdev->features[0][5],
545 hdev->features[0][6], hdev->features[0][7]);
548 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
551 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
553 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
558 if (hdev->max_page < rp->max_page)
559 hdev->max_page = rp->max_page;
561 if (rp->page < HCI_MAX_PAGES)
562 memcpy(hdev->features[rp->page], rp->features, 8);
565 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
568 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
570 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
573 hdev->flow_ctl_mode = rp->mode;
576 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
578 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
580 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
585 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
586 hdev->sco_mtu = rp->sco_mtu;
587 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
588 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
590 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
595 hdev->acl_cnt = hdev->acl_pkts;
596 hdev->sco_cnt = hdev->sco_pkts;
598 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
599 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
602 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
604 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
606 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
609 bacpy(&hdev->bdaddr, &rp->bdaddr);
612 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
615 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
617 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
619 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
620 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
621 hdev->page_scan_window = __le16_to_cpu(rp->window);
625 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
628 u8 status = *((u8 *) skb->data);
629 struct hci_cp_write_page_scan_activity *sent;
631 BT_DBG("%s status 0x%2.2x", hdev->name, status);
636 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
640 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
641 hdev->page_scan_window = __le16_to_cpu(sent->window);
644 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
647 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
649 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
651 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
652 hdev->page_scan_type = rp->type;
655 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
658 u8 status = *((u8 *) skb->data);
661 BT_DBG("%s status 0x%2.2x", hdev->name, status);
666 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
668 hdev->page_scan_type = *type;
671 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
674 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
676 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
681 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
682 hdev->block_len = __le16_to_cpu(rp->block_len);
683 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
685 hdev->block_cnt = hdev->num_blocks;
687 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
688 hdev->block_cnt, hdev->block_len);
691 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
694 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
696 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
701 hdev->amp_status = rp->amp_status;
702 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
703 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
704 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
705 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
706 hdev->amp_type = rp->amp_type;
707 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
708 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
709 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
710 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
713 a2mp_send_getinfo_rsp(hdev);
716 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
719 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
720 struct amp_assoc *assoc = &hdev->loc_assoc;
721 size_t rem_len, frag_len;
723 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
728 frag_len = skb->len - sizeof(*rp);
729 rem_len = __le16_to_cpu(rp->rem_len);
731 if (rem_len > frag_len) {
732 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
734 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
735 assoc->offset += frag_len;
737 /* Read other fragments */
738 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
743 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
744 assoc->len = assoc->offset + rem_len;
748 /* Send A2MP Rsp when all fragments are received */
749 a2mp_send_getampassoc_rsp(hdev, rp->status);
750 a2mp_send_create_phy_link_req(hdev, rp->status);
753 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
756 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
758 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
761 hdev->inq_tx_power = rp->tx_power;
764 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
766 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
767 struct hci_cp_pin_code_reply *cp;
768 struct hci_conn *conn;
770 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
774 if (test_bit(HCI_MGMT, &hdev->dev_flags))
775 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
780 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
784 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
786 conn->pin_length = cp->pin_len;
789 hci_dev_unlock(hdev);
792 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
794 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
800 if (test_bit(HCI_MGMT, &hdev->dev_flags))
801 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
804 hci_dev_unlock(hdev);
807 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
810 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
812 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
817 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
818 hdev->le_pkts = rp->le_max_pkt;
820 hdev->le_cnt = hdev->le_pkts;
822 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
825 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
828 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
830 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
833 memcpy(hdev->le_features, rp->features, 8);
836 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
839 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
841 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
844 hdev->adv_tx_power = rp->tx_power;
847 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
849 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
851 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
855 if (test_bit(HCI_MGMT, &hdev->dev_flags))
856 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
859 hci_dev_unlock(hdev);
862 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
865 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
867 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
871 if (test_bit(HCI_MGMT, &hdev->dev_flags))
872 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
873 ACL_LINK, 0, rp->status);
875 hci_dev_unlock(hdev);
878 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
880 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
886 if (test_bit(HCI_MGMT, &hdev->dev_flags))
887 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
890 hci_dev_unlock(hdev);
893 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
896 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
902 if (test_bit(HCI_MGMT, &hdev->dev_flags))
903 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
904 ACL_LINK, 0, rp->status);
906 hci_dev_unlock(hdev);
909 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
912 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
914 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
917 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
918 rp->randomizer, rp->status);
919 hci_dev_unlock(hdev);
922 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
924 __u8 *sent, status = *((__u8 *) skb->data);
926 BT_DBG("%s status 0x%2.2x", hdev->name, status);
928 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
936 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
938 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
941 hci_dev_unlock(hdev);
944 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
947 struct hci_cp_le_set_scan_enable *cp;
948 __u8 status = *((__u8 *) skb->data);
950 BT_DBG("%s status 0x%2.2x", hdev->name, status);
952 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
959 switch (cp->enable) {
961 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
964 case LE_SCAN_DISABLE:
965 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
969 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
974 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
977 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
979 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
982 hdev->le_white_list_size = rp->size;
985 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
988 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
993 memcpy(hdev->le_states, rp->le_states, 8);
996 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
999 struct hci_cp_write_le_host_supported *sent;
1000 __u8 status = *((__u8 *) skb->data);
1002 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1004 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1010 hdev->features[1][0] |= LMP_HOST_LE;
1011 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1013 hdev->features[1][0] &= ~LMP_HOST_LE;
1014 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1015 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1019 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1021 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1025 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1026 struct sk_buff *skb)
1028 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1030 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1031 hdev->name, rp->status, rp->phy_handle);
1036 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1039 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1041 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1044 hci_conn_check_pending(hdev);
1048 set_bit(HCI_INQUIRY, &hdev->flags);
1051 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1053 struct hci_cp_create_conn *cp;
1054 struct hci_conn *conn;
1056 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1058 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1064 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1066 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1069 if (conn && conn->state == BT_CONNECT) {
1070 if (status != 0x0c || conn->attempt > 2) {
1071 conn->state = BT_CLOSED;
1072 hci_proto_connect_cfm(conn, status);
1075 conn->state = BT_CONNECT2;
1079 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1082 conn->link_mode |= HCI_LM_MASTER;
1084 BT_ERR("No memory for new connection");
1088 hci_dev_unlock(hdev);
1091 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1093 struct hci_cp_add_sco *cp;
1094 struct hci_conn *acl, *sco;
1097 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1102 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1106 handle = __le16_to_cpu(cp->handle);
1108 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1112 acl = hci_conn_hash_lookup_handle(hdev, handle);
1116 sco->state = BT_CLOSED;
1118 hci_proto_connect_cfm(sco, status);
1123 hci_dev_unlock(hdev);
1126 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1128 struct hci_cp_auth_requested *cp;
1129 struct hci_conn *conn;
1131 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1142 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1144 if (conn->state == BT_CONFIG) {
1145 hci_proto_connect_cfm(conn, status);
1146 hci_conn_drop(conn);
1150 hci_dev_unlock(hdev);
1153 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1155 struct hci_cp_set_conn_encrypt *cp;
1156 struct hci_conn *conn;
1158 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1163 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1169 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1171 if (conn->state == BT_CONFIG) {
1172 hci_proto_connect_cfm(conn, status);
1173 hci_conn_drop(conn);
1177 hci_dev_unlock(hdev);
1180 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1181 struct hci_conn *conn)
1183 if (conn->state != BT_CONFIG || !conn->out)
1186 if (conn->pending_sec_level == BT_SECURITY_SDP)
1189 /* Only request authentication for SSP connections or non-SSP
1190 * devices with sec_level HIGH or if MITM protection is requested */
1191 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1192 conn->pending_sec_level != BT_SECURITY_HIGH)
1198 static int hci_resolve_name(struct hci_dev *hdev,
1199 struct inquiry_entry *e)
1201 struct hci_cp_remote_name_req cp;
1203 memset(&cp, 0, sizeof(cp));
1205 bacpy(&cp.bdaddr, &e->data.bdaddr);
1206 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1207 cp.pscan_mode = e->data.pscan_mode;
1208 cp.clock_offset = e->data.clock_offset;
1210 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1213 static bool hci_resolve_next_name(struct hci_dev *hdev)
1215 struct discovery_state *discov = &hdev->discovery;
1216 struct inquiry_entry *e;
1218 if (list_empty(&discov->resolve))
1221 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1225 if (hci_resolve_name(hdev, e) == 0) {
1226 e->name_state = NAME_PENDING;
1233 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1234 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1236 struct discovery_state *discov = &hdev->discovery;
1237 struct inquiry_entry *e;
1239 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1240 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1241 name_len, conn->dev_class);
1243 if (discov->state == DISCOVERY_STOPPED)
1246 if (discov->state == DISCOVERY_STOPPING)
1247 goto discov_complete;
1249 if (discov->state != DISCOVERY_RESOLVING)
1252 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1253 /* If the device was not found in a list of found devices names of which
1254 * are pending. there is no need to continue resolving a next name as it
1255 * will be done upon receiving another Remote Name Request Complete
1262 e->name_state = NAME_KNOWN;
1263 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1264 e->data.rssi, name, name_len);
1266 e->name_state = NAME_NOT_KNOWN;
1269 if (hci_resolve_next_name(hdev))
1273 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1276 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1278 struct hci_cp_remote_name_req *cp;
1279 struct hci_conn *conn;
1281 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1283 /* If successful wait for the name req complete event before
1284 * checking for the need to do authentication */
1288 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1294 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1296 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1297 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1302 if (!hci_outgoing_auth_needed(hdev, conn))
1305 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1306 struct hci_cp_auth_requested auth_cp;
1308 auth_cp.handle = __cpu_to_le16(conn->handle);
1309 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1310 sizeof(auth_cp), &auth_cp);
1314 hci_dev_unlock(hdev);
1317 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1319 struct hci_cp_read_remote_features *cp;
1320 struct hci_conn *conn;
1322 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1327 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1333 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1335 if (conn->state == BT_CONFIG) {
1336 hci_proto_connect_cfm(conn, status);
1337 hci_conn_drop(conn);
1341 hci_dev_unlock(hdev);
1344 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1346 struct hci_cp_read_remote_ext_features *cp;
1347 struct hci_conn *conn;
1349 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1354 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1360 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1362 if (conn->state == BT_CONFIG) {
1363 hci_proto_connect_cfm(conn, status);
1364 hci_conn_drop(conn);
1368 hci_dev_unlock(hdev);
1371 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1373 struct hci_cp_setup_sync_conn *cp;
1374 struct hci_conn *acl, *sco;
1377 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1382 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1386 handle = __le16_to_cpu(cp->handle);
1388 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1392 acl = hci_conn_hash_lookup_handle(hdev, handle);
1396 sco->state = BT_CLOSED;
1398 hci_proto_connect_cfm(sco, status);
1403 hci_dev_unlock(hdev);
1406 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1408 struct hci_cp_sniff_mode *cp;
1409 struct hci_conn *conn;
1411 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1416 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1422 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1424 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1426 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1427 hci_sco_setup(conn, status);
1430 hci_dev_unlock(hdev);
1433 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1435 struct hci_cp_exit_sniff_mode *cp;
1436 struct hci_conn *conn;
1438 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1443 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1449 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1451 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1453 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1454 hci_sco_setup(conn, status);
1457 hci_dev_unlock(hdev);
1460 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1462 struct hci_cp_disconnect *cp;
1463 struct hci_conn *conn;
1468 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1474 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1476 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1477 conn->dst_type, status);
1479 hci_dev_unlock(hdev);
1482 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1484 struct hci_cp_create_phy_link *cp;
1486 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1488 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1495 struct hci_conn *hcon;
1497 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1501 amp_write_remote_assoc(hdev, cp->phy_handle);
1504 hci_dev_unlock(hdev);
1507 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1509 struct hci_cp_accept_phy_link *cp;
1511 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1516 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1520 amp_write_remote_assoc(hdev, cp->phy_handle);
1523 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1525 __u8 status = *((__u8 *) skb->data);
1526 struct discovery_state *discov = &hdev->discovery;
1527 struct inquiry_entry *e;
1529 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1531 hci_conn_check_pending(hdev);
1533 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1536 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1537 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1539 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1544 if (discov->state != DISCOVERY_FINDING)
1547 if (list_empty(&discov->resolve)) {
1548 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1552 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1553 if (e && hci_resolve_name(hdev, e) == 0) {
1554 e->name_state = NAME_PENDING;
1555 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1557 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1561 hci_dev_unlock(hdev);
1564 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1566 struct inquiry_data data;
1567 struct inquiry_info *info = (void *) (skb->data + 1);
1568 int num_rsp = *((__u8 *) skb->data);
1570 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1575 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1580 for (; num_rsp; num_rsp--, info++) {
1581 bool name_known, ssp;
1583 bacpy(&data.bdaddr, &info->bdaddr);
1584 data.pscan_rep_mode = info->pscan_rep_mode;
1585 data.pscan_period_mode = info->pscan_period_mode;
1586 data.pscan_mode = info->pscan_mode;
1587 memcpy(data.dev_class, info->dev_class, 3);
1588 data.clock_offset = info->clock_offset;
1590 data.ssp_mode = 0x00;
1592 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1593 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1594 info->dev_class, 0, !name_known, ssp, NULL,
1598 hci_dev_unlock(hdev);
1601 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1603 struct hci_ev_conn_complete *ev = (void *) skb->data;
1604 struct hci_conn *conn;
1606 BT_DBG("%s", hdev->name);
1610 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1612 if (ev->link_type != SCO_LINK)
1615 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1619 conn->type = SCO_LINK;
1623 conn->handle = __le16_to_cpu(ev->handle);
1625 if (conn->type == ACL_LINK) {
1626 conn->state = BT_CONFIG;
1627 hci_conn_hold(conn);
1629 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1630 !hci_find_link_key(hdev, &ev->bdaddr))
1631 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1633 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1635 conn->state = BT_CONNECTED;
1637 hci_conn_add_sysfs(conn);
1639 if (test_bit(HCI_AUTH, &hdev->flags))
1640 conn->link_mode |= HCI_LM_AUTH;
1642 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1643 conn->link_mode |= HCI_LM_ENCRYPT;
1645 /* Get remote features */
1646 if (conn->type == ACL_LINK) {
1647 struct hci_cp_read_remote_features cp;
1648 cp.handle = ev->handle;
1649 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1653 /* Set packet type for incoming connection */
1654 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1655 struct hci_cp_change_conn_ptype cp;
1656 cp.handle = ev->handle;
1657 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1658 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1662 conn->state = BT_CLOSED;
1663 if (conn->type == ACL_LINK)
1664 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1665 conn->dst_type, ev->status);
1668 if (conn->type == ACL_LINK)
1669 hci_sco_setup(conn, ev->status);
1672 hci_proto_connect_cfm(conn, ev->status);
1674 } else if (ev->link_type != ACL_LINK)
1675 hci_proto_connect_cfm(conn, ev->status);
1678 hci_dev_unlock(hdev);
1680 hci_conn_check_pending(hdev);
1683 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1685 struct hci_ev_conn_request *ev = (void *) skb->data;
1686 int mask = hdev->link_mode;
1689 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1692 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1695 if ((mask & HCI_LM_ACCEPT) &&
1696 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1697 /* Connection accepted */
1698 struct inquiry_entry *ie;
1699 struct hci_conn *conn;
1703 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1705 memcpy(ie->data.dev_class, ev->dev_class, 3);
1707 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1710 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1712 BT_ERR("No memory for new connection");
1713 hci_dev_unlock(hdev);
1718 memcpy(conn->dev_class, ev->dev_class, 3);
1720 hci_dev_unlock(hdev);
1722 if (ev->link_type == ACL_LINK ||
1723 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1724 struct hci_cp_accept_conn_req cp;
1725 conn->state = BT_CONNECT;
1727 bacpy(&cp.bdaddr, &ev->bdaddr);
1729 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1730 cp.role = 0x00; /* Become master */
1732 cp.role = 0x01; /* Remain slave */
1734 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1736 } else if (!(flags & HCI_PROTO_DEFER)) {
1737 struct hci_cp_accept_sync_conn_req cp;
1738 conn->state = BT_CONNECT;
1740 bacpy(&cp.bdaddr, &ev->bdaddr);
1741 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1743 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1744 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1745 cp.max_latency = __constant_cpu_to_le16(0xffff);
1746 cp.content_format = cpu_to_le16(hdev->voice_setting);
1747 cp.retrans_effort = 0xff;
1749 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1752 conn->state = BT_CONNECT2;
1753 hci_proto_connect_cfm(conn, 0);
1756 /* Connection rejected */
1757 struct hci_cp_reject_conn_req cp;
1759 bacpy(&cp.bdaddr, &ev->bdaddr);
1760 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1761 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1765 static u8 hci_to_mgmt_reason(u8 err)
1768 case HCI_ERROR_CONNECTION_TIMEOUT:
1769 return MGMT_DEV_DISCONN_TIMEOUT;
1770 case HCI_ERROR_REMOTE_USER_TERM:
1771 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1772 case HCI_ERROR_REMOTE_POWER_OFF:
1773 return MGMT_DEV_DISCONN_REMOTE;
1774 case HCI_ERROR_LOCAL_HOST_TERM:
1775 return MGMT_DEV_DISCONN_LOCAL_HOST;
1777 return MGMT_DEV_DISCONN_UNKNOWN;
1781 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1783 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1784 struct hci_conn *conn;
1786 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1790 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1794 if (ev->status == 0)
1795 conn->state = BT_CLOSED;
1797 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1798 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1800 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1801 conn->dst_type, ev->status);
1803 u8 reason = hci_to_mgmt_reason(ev->reason);
1805 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1806 conn->dst_type, reason);
1810 if (ev->status == 0) {
1811 u8 type = conn->type;
1813 if (type == ACL_LINK && conn->flush_key)
1814 hci_remove_link_key(hdev, &conn->dst);
1815 hci_proto_disconn_cfm(conn, ev->reason);
1818 /* Re-enable advertising if necessary, since it might
1819 * have been disabled by the connection. From the
1820 * HCI_LE_Set_Advertise_Enable command description in
1821 * the core specification (v4.0):
1822 * "The Controller shall continue advertising until the Host
1823 * issues an LE_Set_Advertise_Enable command with
1824 * Advertising_Enable set to 0x00 (Advertising is disabled)
1825 * or until a connection is created or until the Advertising
1826 * is timed out due to Directed Advertising."
1828 if (type == LE_LINK)
1829 mgmt_reenable_advertising(hdev);
1833 hci_dev_unlock(hdev);
1836 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1838 struct hci_ev_auth_complete *ev = (void *) skb->data;
1839 struct hci_conn *conn;
1841 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1845 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1850 if (!hci_conn_ssp_enabled(conn) &&
1851 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1852 BT_INFO("re-auth of legacy device is not possible.");
1854 conn->link_mode |= HCI_LM_AUTH;
1855 conn->sec_level = conn->pending_sec_level;
1858 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1862 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1863 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1865 if (conn->state == BT_CONFIG) {
1866 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1867 struct hci_cp_set_conn_encrypt cp;
1868 cp.handle = ev->handle;
1870 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1873 conn->state = BT_CONNECTED;
1874 hci_proto_connect_cfm(conn, ev->status);
1875 hci_conn_drop(conn);
1878 hci_auth_cfm(conn, ev->status);
1880 hci_conn_hold(conn);
1881 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1882 hci_conn_drop(conn);
1885 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1887 struct hci_cp_set_conn_encrypt cp;
1888 cp.handle = ev->handle;
1890 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1893 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1894 hci_encrypt_cfm(conn, ev->status, 0x00);
1899 hci_dev_unlock(hdev);
1902 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1904 struct hci_ev_remote_name *ev = (void *) skb->data;
1905 struct hci_conn *conn;
1907 BT_DBG("%s", hdev->name);
1909 hci_conn_check_pending(hdev);
1913 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1915 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1918 if (ev->status == 0)
1919 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1920 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1922 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1928 if (!hci_outgoing_auth_needed(hdev, conn))
1931 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1932 struct hci_cp_auth_requested cp;
1933 cp.handle = __cpu_to_le16(conn->handle);
1934 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1938 hci_dev_unlock(hdev);
1941 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1943 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1944 struct hci_conn *conn;
1946 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1954 /* Encryption implies authentication */
1955 conn->link_mode |= HCI_LM_AUTH;
1956 conn->link_mode |= HCI_LM_ENCRYPT;
1957 conn->sec_level = conn->pending_sec_level;
1959 conn->link_mode &= ~HCI_LM_ENCRYPT;
1962 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1964 if (ev->status && conn->state == BT_CONNECTED) {
1965 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1966 hci_conn_drop(conn);
1970 if (conn->state == BT_CONFIG) {
1972 conn->state = BT_CONNECTED;
1974 hci_proto_connect_cfm(conn, ev->status);
1975 hci_conn_drop(conn);
1977 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1981 hci_dev_unlock(hdev);
1984 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1985 struct sk_buff *skb)
1987 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1988 struct hci_conn *conn;
1990 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1994 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1997 conn->link_mode |= HCI_LM_SECURE;
1999 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2001 hci_key_change_cfm(conn, ev->status);
2004 hci_dev_unlock(hdev);
2007 static void hci_remote_features_evt(struct hci_dev *hdev,
2008 struct sk_buff *skb)
2010 struct hci_ev_remote_features *ev = (void *) skb->data;
2011 struct hci_conn *conn;
2013 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2017 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2022 memcpy(conn->features[0], ev->features, 8);
2024 if (conn->state != BT_CONFIG)
2027 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2028 struct hci_cp_read_remote_ext_features cp;
2029 cp.handle = ev->handle;
2031 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2036 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2037 struct hci_cp_remote_name_req cp;
2038 memset(&cp, 0, sizeof(cp));
2039 bacpy(&cp.bdaddr, &conn->dst);
2040 cp.pscan_rep_mode = 0x02;
2041 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2042 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2043 mgmt_device_connected(hdev, &conn->dst, conn->type,
2044 conn->dst_type, 0, NULL, 0,
2047 if (!hci_outgoing_auth_needed(hdev, conn)) {
2048 conn->state = BT_CONNECTED;
2049 hci_proto_connect_cfm(conn, ev->status);
2050 hci_conn_drop(conn);
2054 hci_dev_unlock(hdev);
2057 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2059 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2060 u8 status = skb->data[sizeof(*ev)];
2063 skb_pull(skb, sizeof(*ev));
2065 opcode = __le16_to_cpu(ev->opcode);
2068 case HCI_OP_INQUIRY_CANCEL:
2069 hci_cc_inquiry_cancel(hdev, skb);
2072 case HCI_OP_PERIODIC_INQ:
2073 hci_cc_periodic_inq(hdev, skb);
2076 case HCI_OP_EXIT_PERIODIC_INQ:
2077 hci_cc_exit_periodic_inq(hdev, skb);
2080 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2081 hci_cc_remote_name_req_cancel(hdev, skb);
2084 case HCI_OP_ROLE_DISCOVERY:
2085 hci_cc_role_discovery(hdev, skb);
2088 case HCI_OP_READ_LINK_POLICY:
2089 hci_cc_read_link_policy(hdev, skb);
2092 case HCI_OP_WRITE_LINK_POLICY:
2093 hci_cc_write_link_policy(hdev, skb);
2096 case HCI_OP_READ_DEF_LINK_POLICY:
2097 hci_cc_read_def_link_policy(hdev, skb);
2100 case HCI_OP_WRITE_DEF_LINK_POLICY:
2101 hci_cc_write_def_link_policy(hdev, skb);
2105 hci_cc_reset(hdev, skb);
2108 case HCI_OP_WRITE_LOCAL_NAME:
2109 hci_cc_write_local_name(hdev, skb);
2112 case HCI_OP_READ_LOCAL_NAME:
2113 hci_cc_read_local_name(hdev, skb);
2116 case HCI_OP_WRITE_AUTH_ENABLE:
2117 hci_cc_write_auth_enable(hdev, skb);
2120 case HCI_OP_WRITE_ENCRYPT_MODE:
2121 hci_cc_write_encrypt_mode(hdev, skb);
2124 case HCI_OP_WRITE_SCAN_ENABLE:
2125 hci_cc_write_scan_enable(hdev, skb);
2128 case HCI_OP_READ_CLASS_OF_DEV:
2129 hci_cc_read_class_of_dev(hdev, skb);
2132 case HCI_OP_WRITE_CLASS_OF_DEV:
2133 hci_cc_write_class_of_dev(hdev, skb);
2136 case HCI_OP_READ_VOICE_SETTING:
2137 hci_cc_read_voice_setting(hdev, skb);
2140 case HCI_OP_WRITE_VOICE_SETTING:
2141 hci_cc_write_voice_setting(hdev, skb);
2144 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2145 hci_cc_read_num_supported_iac(hdev, skb);
2148 case HCI_OP_WRITE_SSP_MODE:
2149 hci_cc_write_ssp_mode(hdev, skb);
2152 case HCI_OP_READ_LOCAL_VERSION:
2153 hci_cc_read_local_version(hdev, skb);
2156 case HCI_OP_READ_LOCAL_COMMANDS:
2157 hci_cc_read_local_commands(hdev, skb);
2160 case HCI_OP_READ_LOCAL_FEATURES:
2161 hci_cc_read_local_features(hdev, skb);
2164 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2165 hci_cc_read_local_ext_features(hdev, skb);
2168 case HCI_OP_READ_BUFFER_SIZE:
2169 hci_cc_read_buffer_size(hdev, skb);
2172 case HCI_OP_READ_BD_ADDR:
2173 hci_cc_read_bd_addr(hdev, skb);
2176 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2177 hci_cc_read_page_scan_activity(hdev, skb);
2180 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2181 hci_cc_write_page_scan_activity(hdev, skb);
2184 case HCI_OP_READ_PAGE_SCAN_TYPE:
2185 hci_cc_read_page_scan_type(hdev, skb);
2188 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2189 hci_cc_write_page_scan_type(hdev, skb);
2192 case HCI_OP_READ_DATA_BLOCK_SIZE:
2193 hci_cc_read_data_block_size(hdev, skb);
2196 case HCI_OP_READ_FLOW_CONTROL_MODE:
2197 hci_cc_read_flow_control_mode(hdev, skb);
2200 case HCI_OP_READ_LOCAL_AMP_INFO:
2201 hci_cc_read_local_amp_info(hdev, skb);
2204 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2205 hci_cc_read_local_amp_assoc(hdev, skb);
2208 case HCI_OP_READ_INQ_RSP_TX_POWER:
2209 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2212 case HCI_OP_PIN_CODE_REPLY:
2213 hci_cc_pin_code_reply(hdev, skb);
2216 case HCI_OP_PIN_CODE_NEG_REPLY:
2217 hci_cc_pin_code_neg_reply(hdev, skb);
2220 case HCI_OP_READ_LOCAL_OOB_DATA:
2221 hci_cc_read_local_oob_data_reply(hdev, skb);
2224 case HCI_OP_LE_READ_BUFFER_SIZE:
2225 hci_cc_le_read_buffer_size(hdev, skb);
2228 case HCI_OP_LE_READ_LOCAL_FEATURES:
2229 hci_cc_le_read_local_features(hdev, skb);
2232 case HCI_OP_LE_READ_ADV_TX_POWER:
2233 hci_cc_le_read_adv_tx_power(hdev, skb);
2236 case HCI_OP_USER_CONFIRM_REPLY:
2237 hci_cc_user_confirm_reply(hdev, skb);
2240 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2241 hci_cc_user_confirm_neg_reply(hdev, skb);
2244 case HCI_OP_USER_PASSKEY_REPLY:
2245 hci_cc_user_passkey_reply(hdev, skb);
2248 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2249 hci_cc_user_passkey_neg_reply(hdev, skb);
2252 case HCI_OP_LE_SET_ADV_ENABLE:
2253 hci_cc_le_set_adv_enable(hdev, skb);
2256 case HCI_OP_LE_SET_SCAN_ENABLE:
2257 hci_cc_le_set_scan_enable(hdev, skb);
2260 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2261 hci_cc_le_read_white_list_size(hdev, skb);
2264 case HCI_OP_LE_READ_SUPPORTED_STATES:
2265 hci_cc_le_read_supported_states(hdev, skb);
2268 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2269 hci_cc_write_le_host_supported(hdev, skb);
2272 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2273 hci_cc_write_remote_amp_assoc(hdev, skb);
2277 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2281 if (opcode != HCI_OP_NOP)
2282 del_timer(&hdev->cmd_timer);
2284 hci_req_cmd_complete(hdev, opcode, status);
2286 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2287 atomic_set(&hdev->cmd_cnt, 1);
2288 if (!skb_queue_empty(&hdev->cmd_q))
2289 queue_work(hdev->workqueue, &hdev->cmd_work);
2293 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2295 struct hci_ev_cmd_status *ev = (void *) skb->data;
2298 skb_pull(skb, sizeof(*ev));
2300 opcode = __le16_to_cpu(ev->opcode);
2303 case HCI_OP_INQUIRY:
2304 hci_cs_inquiry(hdev, ev->status);
2307 case HCI_OP_CREATE_CONN:
2308 hci_cs_create_conn(hdev, ev->status);
2311 case HCI_OP_ADD_SCO:
2312 hci_cs_add_sco(hdev, ev->status);
2315 case HCI_OP_AUTH_REQUESTED:
2316 hci_cs_auth_requested(hdev, ev->status);
2319 case HCI_OP_SET_CONN_ENCRYPT:
2320 hci_cs_set_conn_encrypt(hdev, ev->status);
2323 case HCI_OP_REMOTE_NAME_REQ:
2324 hci_cs_remote_name_req(hdev, ev->status);
2327 case HCI_OP_READ_REMOTE_FEATURES:
2328 hci_cs_read_remote_features(hdev, ev->status);
2331 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2332 hci_cs_read_remote_ext_features(hdev, ev->status);
2335 case HCI_OP_SETUP_SYNC_CONN:
2336 hci_cs_setup_sync_conn(hdev, ev->status);
2339 case HCI_OP_SNIFF_MODE:
2340 hci_cs_sniff_mode(hdev, ev->status);
2343 case HCI_OP_EXIT_SNIFF_MODE:
2344 hci_cs_exit_sniff_mode(hdev, ev->status);
2347 case HCI_OP_DISCONNECT:
2348 hci_cs_disconnect(hdev, ev->status);
2351 case HCI_OP_CREATE_PHY_LINK:
2352 hci_cs_create_phylink(hdev, ev->status);
2355 case HCI_OP_ACCEPT_PHY_LINK:
2356 hci_cs_accept_phylink(hdev, ev->status);
2360 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2364 if (opcode != HCI_OP_NOP)
2365 del_timer(&hdev->cmd_timer);
2368 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2369 hci_req_cmd_complete(hdev, opcode, ev->status);
2371 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2372 atomic_set(&hdev->cmd_cnt, 1);
2373 if (!skb_queue_empty(&hdev->cmd_q))
2374 queue_work(hdev->workqueue, &hdev->cmd_work);
2378 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2380 struct hci_ev_role_change *ev = (void *) skb->data;
2381 struct hci_conn *conn;
2383 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2387 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2391 conn->link_mode &= ~HCI_LM_MASTER;
2393 conn->link_mode |= HCI_LM_MASTER;
2396 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2398 hci_role_switch_cfm(conn, ev->status, ev->role);
2401 hci_dev_unlock(hdev);
2404 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2406 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2409 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2410 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2414 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2415 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2416 BT_DBG("%s bad parameters", hdev->name);
2420 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2422 for (i = 0; i < ev->num_hndl; i++) {
2423 struct hci_comp_pkts_info *info = &ev->handles[i];
2424 struct hci_conn *conn;
2425 __u16 handle, count;
2427 handle = __le16_to_cpu(info->handle);
2428 count = __le16_to_cpu(info->count);
2430 conn = hci_conn_hash_lookup_handle(hdev, handle);
2434 conn->sent -= count;
2436 switch (conn->type) {
2438 hdev->acl_cnt += count;
2439 if (hdev->acl_cnt > hdev->acl_pkts)
2440 hdev->acl_cnt = hdev->acl_pkts;
2444 if (hdev->le_pkts) {
2445 hdev->le_cnt += count;
2446 if (hdev->le_cnt > hdev->le_pkts)
2447 hdev->le_cnt = hdev->le_pkts;
2449 hdev->acl_cnt += count;
2450 if (hdev->acl_cnt > hdev->acl_pkts)
2451 hdev->acl_cnt = hdev->acl_pkts;
2456 hdev->sco_cnt += count;
2457 if (hdev->sco_cnt > hdev->sco_pkts)
2458 hdev->sco_cnt = hdev->sco_pkts;
2462 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2467 queue_work(hdev->workqueue, &hdev->tx_work);
2470 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2473 struct hci_chan *chan;
2475 switch (hdev->dev_type) {
2477 return hci_conn_hash_lookup_handle(hdev, handle);
2479 chan = hci_chan_lookup_handle(hdev, handle);
2484 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2491 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2493 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2496 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2497 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2501 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2502 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2503 BT_DBG("%s bad parameters", hdev->name);
2507 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2510 for (i = 0; i < ev->num_hndl; i++) {
2511 struct hci_comp_blocks_info *info = &ev->handles[i];
2512 struct hci_conn *conn = NULL;
2513 __u16 handle, block_count;
2515 handle = __le16_to_cpu(info->handle);
2516 block_count = __le16_to_cpu(info->blocks);
2518 conn = __hci_conn_lookup_handle(hdev, handle);
2522 conn->sent -= block_count;
2524 switch (conn->type) {
2527 hdev->block_cnt += block_count;
2528 if (hdev->block_cnt > hdev->num_blocks)
2529 hdev->block_cnt = hdev->num_blocks;
2533 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2538 queue_work(hdev->workqueue, &hdev->tx_work);
2541 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2543 struct hci_ev_mode_change *ev = (void *) skb->data;
2544 struct hci_conn *conn;
2546 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2550 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2552 conn->mode = ev->mode;
2553 conn->interval = __le16_to_cpu(ev->interval);
2555 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2557 if (conn->mode == HCI_CM_ACTIVE)
2558 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2560 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2563 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2564 hci_sco_setup(conn, ev->status);
2567 hci_dev_unlock(hdev);
2570 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2572 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2573 struct hci_conn *conn;
2575 BT_DBG("%s", hdev->name);
2579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2583 if (conn->state == BT_CONNECTED) {
2584 hci_conn_hold(conn);
2585 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2586 hci_conn_drop(conn);
2589 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2590 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2591 sizeof(ev->bdaddr), &ev->bdaddr);
2592 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2595 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2600 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2604 hci_dev_unlock(hdev);
2607 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609 struct hci_ev_link_key_req *ev = (void *) skb->data;
2610 struct hci_cp_link_key_reply cp;
2611 struct hci_conn *conn;
2612 struct link_key *key;
2614 BT_DBG("%s", hdev->name);
2616 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2621 key = hci_find_link_key(hdev, &ev->bdaddr);
2623 BT_DBG("%s link key not found for %pMR", hdev->name,
2628 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2631 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2632 key->type == HCI_LK_DEBUG_COMBINATION) {
2633 BT_DBG("%s ignoring debug key", hdev->name);
2637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2639 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2640 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2641 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2645 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2646 conn->pending_sec_level == BT_SECURITY_HIGH) {
2647 BT_DBG("%s ignoring key unauthenticated for high security",
2652 conn->key_type = key->type;
2653 conn->pin_length = key->pin_len;
2656 bacpy(&cp.bdaddr, &ev->bdaddr);
2657 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2659 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2661 hci_dev_unlock(hdev);
2666 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2667 hci_dev_unlock(hdev);
2670 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2672 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2673 struct hci_conn *conn;
2676 BT_DBG("%s", hdev->name);
2680 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2682 hci_conn_hold(conn);
2683 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2684 pin_len = conn->pin_length;
2686 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2687 conn->key_type = ev->key_type;
2689 hci_conn_drop(conn);
2692 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2693 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2694 ev->key_type, pin_len);
2696 hci_dev_unlock(hdev);
2699 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2701 struct hci_ev_clock_offset *ev = (void *) skb->data;
2702 struct hci_conn *conn;
2704 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2709 if (conn && !ev->status) {
2710 struct inquiry_entry *ie;
2712 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2714 ie->data.clock_offset = ev->clock_offset;
2715 ie->timestamp = jiffies;
2719 hci_dev_unlock(hdev);
2722 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2727 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 if (conn && !ev->status)
2733 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2735 hci_dev_unlock(hdev);
2738 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2740 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2741 struct inquiry_entry *ie;
2743 BT_DBG("%s", hdev->name);
2747 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2749 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2750 ie->timestamp = jiffies;
2753 hci_dev_unlock(hdev);
2756 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2757 struct sk_buff *skb)
2759 struct inquiry_data data;
2760 int num_rsp = *((__u8 *) skb->data);
2761 bool name_known, ssp;
2763 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2768 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2773 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2774 struct inquiry_info_with_rssi_and_pscan_mode *info;
2775 info = (void *) (skb->data + 1);
2777 for (; num_rsp; num_rsp--, info++) {
2778 bacpy(&data.bdaddr, &info->bdaddr);
2779 data.pscan_rep_mode = info->pscan_rep_mode;
2780 data.pscan_period_mode = info->pscan_period_mode;
2781 data.pscan_mode = info->pscan_mode;
2782 memcpy(data.dev_class, info->dev_class, 3);
2783 data.clock_offset = info->clock_offset;
2784 data.rssi = info->rssi;
2785 data.ssp_mode = 0x00;
2787 name_known = hci_inquiry_cache_update(hdev, &data,
2789 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2790 info->dev_class, info->rssi,
2791 !name_known, ssp, NULL, 0);
2794 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2796 for (; num_rsp; num_rsp--, info++) {
2797 bacpy(&data.bdaddr, &info->bdaddr);
2798 data.pscan_rep_mode = info->pscan_rep_mode;
2799 data.pscan_period_mode = info->pscan_period_mode;
2800 data.pscan_mode = 0x00;
2801 memcpy(data.dev_class, info->dev_class, 3);
2802 data.clock_offset = info->clock_offset;
2803 data.rssi = info->rssi;
2804 data.ssp_mode = 0x00;
2805 name_known = hci_inquiry_cache_update(hdev, &data,
2807 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2808 info->dev_class, info->rssi,
2809 !name_known, ssp, NULL, 0);
2813 hci_dev_unlock(hdev);
2816 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2817 struct sk_buff *skb)
2819 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2820 struct hci_conn *conn;
2822 BT_DBG("%s", hdev->name);
2826 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2830 if (ev->page < HCI_MAX_PAGES)
2831 memcpy(conn->features[ev->page], ev->features, 8);
2833 if (!ev->status && ev->page == 0x01) {
2834 struct inquiry_entry *ie;
2836 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2838 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2840 if (ev->features[0] & LMP_HOST_SSP) {
2841 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2843 /* It is mandatory by the Bluetooth specification that
2844 * Extended Inquiry Results are only used when Secure
2845 * Simple Pairing is enabled, but some devices violate
2848 * To make these devices work, the internal SSP
2849 * enabled flag needs to be cleared if the remote host
2850 * features do not indicate SSP support */
2851 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2855 if (conn->state != BT_CONFIG)
2858 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2859 struct hci_cp_remote_name_req cp;
2860 memset(&cp, 0, sizeof(cp));
2861 bacpy(&cp.bdaddr, &conn->dst);
2862 cp.pscan_rep_mode = 0x02;
2863 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2864 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2865 mgmt_device_connected(hdev, &conn->dst, conn->type,
2866 conn->dst_type, 0, NULL, 0,
2869 if (!hci_outgoing_auth_needed(hdev, conn)) {
2870 conn->state = BT_CONNECTED;
2871 hci_proto_connect_cfm(conn, ev->status);
2872 hci_conn_drop(conn);
2876 hci_dev_unlock(hdev);
2879 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2880 struct sk_buff *skb)
2882 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2883 struct hci_conn *conn;
2885 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2889 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2891 if (ev->link_type == ESCO_LINK)
2894 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2898 conn->type = SCO_LINK;
2901 switch (ev->status) {
2903 conn->handle = __le16_to_cpu(ev->handle);
2904 conn->state = BT_CONNECTED;
2906 hci_conn_add_sysfs(conn);
2909 case 0x0d: /* Connection Rejected due to Limited Resources */
2910 case 0x11: /* Unsupported Feature or Parameter Value */
2911 case 0x1c: /* SCO interval rejected */
2912 case 0x1a: /* Unsupported Remote Feature */
2913 case 0x1f: /* Unspecified error */
2915 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2916 (hdev->esco_type & EDR_ESCO_MASK);
2917 if (hci_setup_sync(conn, conn->link->handle))
2923 conn->state = BT_CLOSED;
2927 hci_proto_connect_cfm(conn, ev->status);
2932 hci_dev_unlock(hdev);
2935 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2939 while (parsed < eir_len) {
2940 u8 field_len = eir[0];
2945 parsed += field_len + 1;
2946 eir += field_len + 1;
2952 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2953 struct sk_buff *skb)
2955 struct inquiry_data data;
2956 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2957 int num_rsp = *((__u8 *) skb->data);
2960 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2965 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2970 for (; num_rsp; num_rsp--, info++) {
2971 bool name_known, ssp;
2973 bacpy(&data.bdaddr, &info->bdaddr);
2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
2977 memcpy(data.dev_class, info->dev_class, 3);
2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
2980 data.ssp_mode = 0x01;
2982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2983 name_known = eir_has_data_type(info->data,
2989 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2991 eir_len = eir_get_length(info->data, sizeof(info->data));
2992 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2993 info->dev_class, info->rssi, !name_known,
2994 ssp, info->data, eir_len);
2997 hci_dev_unlock(hdev);
3000 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3001 struct sk_buff *skb)
3003 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3004 struct hci_conn *conn;
3006 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3007 __le16_to_cpu(ev->handle));
3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3016 conn->sec_level = conn->pending_sec_level;
3018 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3020 if (ev->status && conn->state == BT_CONNECTED) {
3021 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3022 hci_conn_drop(conn);
3026 if (conn->state == BT_CONFIG) {
3028 conn->state = BT_CONNECTED;
3030 hci_proto_connect_cfm(conn, ev->status);
3031 hci_conn_drop(conn);
3033 hci_auth_cfm(conn, ev->status);
3035 hci_conn_hold(conn);
3036 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3037 hci_conn_drop(conn);
3041 hci_dev_unlock(hdev);
3044 static u8 hci_get_auth_req(struct hci_conn *conn)
3046 /* If remote requests dedicated bonding follow that lead */
3047 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3048 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3049 /* If both remote and local IO capabilities allow MITM
3050 * protection then require it, otherwise don't */
3051 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3052 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3053 return HCI_AT_DEDICATED_BONDING;
3055 return HCI_AT_DEDICATED_BONDING_MITM;
3058 /* If remote requests no-bonding follow that lead */
3059 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3060 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3061 return conn->remote_auth | (conn->auth_type & 0x01);
3063 return conn->auth_type;
3066 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3068 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3069 struct hci_conn *conn;
3071 BT_DBG("%s", hdev->name);
3075 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3079 hci_conn_hold(conn);
3081 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3084 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3085 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3086 struct hci_cp_io_capability_reply cp;
3088 bacpy(&cp.bdaddr, &ev->bdaddr);
3089 /* Change the IO capability from KeyboardDisplay
3090 * to DisplayYesNo as it is not supported by BT spec. */
3091 cp.capability = (conn->io_capability == 0x04) ?
3092 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3093 conn->auth_type = hci_get_auth_req(conn);
3094 cp.authentication = conn->auth_type;
3096 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3097 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3102 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3105 struct hci_cp_io_capability_neg_reply cp;
3107 bacpy(&cp.bdaddr, &ev->bdaddr);
3108 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3110 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3115 hci_dev_unlock(hdev);
3118 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3120 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3121 struct hci_conn *conn;
3123 BT_DBG("%s", hdev->name);
3127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3131 conn->remote_cap = ev->capability;
3132 conn->remote_auth = ev->authentication;
3134 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3137 hci_dev_unlock(hdev);
3140 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3141 struct sk_buff *skb)
3143 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3144 int loc_mitm, rem_mitm, confirm_hint = 0;
3145 struct hci_conn *conn;
3147 BT_DBG("%s", hdev->name);
3151 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 loc_mitm = (conn->auth_type & 0x01);
3159 rem_mitm = (conn->remote_auth & 0x01);
3161 /* If we require MITM but the remote device can't provide that
3162 * (it has NoInputNoOutput) then reject the confirmation
3163 * request. The only exception is when we're dedicated bonding
3164 * initiators (connect_cfm_cb set) since then we always have the MITM
3166 if (!conn->connect_cfm_cb && loc_mitm &&
3167 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3168 BT_DBG("Rejecting request: remote device can't provide MITM");
3169 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3170 sizeof(ev->bdaddr), &ev->bdaddr);
3174 /* If no side requires MITM protection; auto-accept */
3175 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3176 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3178 /* If we're not the initiators request authorization to
3179 * proceed from user space (mgmt_user_confirm with
3180 * confirm_hint set to 1). */
3181 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3182 BT_DBG("Confirming auto-accept as acceptor");
3187 BT_DBG("Auto-accept of user confirmation with %ums delay",
3188 hdev->auto_accept_delay);
3190 if (hdev->auto_accept_delay > 0) {
3191 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3192 queue_delayed_work(conn->hdev->workqueue,
3193 &conn->auto_accept_work, delay);
3197 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3198 sizeof(ev->bdaddr), &ev->bdaddr);
3203 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3207 hci_dev_unlock(hdev);
3210 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3211 struct sk_buff *skb)
3213 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3215 BT_DBG("%s", hdev->name);
3217 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3218 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3221 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3222 struct sk_buff *skb)
3224 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3225 struct hci_conn *conn;
3227 BT_DBG("%s", hdev->name);
3229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3233 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3234 conn->passkey_entered = 0;
3236 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3237 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3238 conn->dst_type, conn->passkey_notify,
3239 conn->passkey_entered);
3242 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3244 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3245 struct hci_conn *conn;
3247 BT_DBG("%s", hdev->name);
3249 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3254 case HCI_KEYPRESS_STARTED:
3255 conn->passkey_entered = 0;
3258 case HCI_KEYPRESS_ENTERED:
3259 conn->passkey_entered++;
3262 case HCI_KEYPRESS_ERASED:
3263 conn->passkey_entered--;
3266 case HCI_KEYPRESS_CLEARED:
3267 conn->passkey_entered = 0;
3270 case HCI_KEYPRESS_COMPLETED:
3274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3275 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3276 conn->dst_type, conn->passkey_notify,
3277 conn->passkey_entered);
3280 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3281 struct sk_buff *skb)
3283 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3284 struct hci_conn *conn;
3286 BT_DBG("%s", hdev->name);
3290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3294 /* To avoid duplicate auth_failed events to user space we check
3295 * the HCI_CONN_AUTH_PEND flag which will be set if we
3296 * initiated the authentication. A traditional auth_complete
3297 * event gets always produced as initiator and is also mapped to
3298 * the mgmt_auth_failed event */
3299 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3300 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3303 hci_conn_drop(conn);
3306 hci_dev_unlock(hdev);
3309 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3310 struct sk_buff *skb)
3312 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3313 struct inquiry_entry *ie;
3314 struct hci_conn *conn;
3316 BT_DBG("%s", hdev->name);
3320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3322 memcpy(conn->features[1], ev->features, 8);
3324 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3326 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3328 hci_dev_unlock(hdev);
3331 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3332 struct sk_buff *skb)
3334 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3335 struct oob_data *data;
3337 BT_DBG("%s", hdev->name);
3341 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3344 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3346 struct hci_cp_remote_oob_data_reply cp;
3348 bacpy(&cp.bdaddr, &ev->bdaddr);
3349 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3350 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3355 struct hci_cp_remote_oob_data_neg_reply cp;
3357 bacpy(&cp.bdaddr, &ev->bdaddr);
3358 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3363 hci_dev_unlock(hdev);
3366 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3367 struct sk_buff *skb)
3369 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3370 struct hci_conn *hcon, *bredr_hcon;
3372 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3377 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3379 hci_dev_unlock(hdev);
3385 hci_dev_unlock(hdev);
3389 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3391 hcon->state = BT_CONNECTED;
3392 bacpy(&hcon->dst, &bredr_hcon->dst);
3394 hci_conn_hold(hcon);
3395 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3396 hci_conn_drop(hcon);
3398 hci_conn_add_sysfs(hcon);
3400 amp_physical_cfm(bredr_hcon, hcon);
3402 hci_dev_unlock(hdev);
3405 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3407 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3408 struct hci_conn *hcon;
3409 struct hci_chan *hchan;
3410 struct amp_mgr *mgr;
3412 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3413 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3416 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3420 /* Create AMP hchan */
3421 hchan = hci_chan_create(hcon);
3425 hchan->handle = le16_to_cpu(ev->handle);
3427 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3429 mgr = hcon->amp_mgr;
3430 if (mgr && mgr->bredr_chan) {
3431 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3433 l2cap_chan_lock(bredr_chan);
3435 bredr_chan->conn->mtu = hdev->block_mtu;
3436 l2cap_logical_cfm(bredr_chan, hchan, 0);
3437 hci_conn_hold(hcon);
3439 l2cap_chan_unlock(bredr_chan);
3443 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3444 struct sk_buff *skb)
3446 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3447 struct hci_chan *hchan;
3449 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3450 le16_to_cpu(ev->handle), ev->status);
3457 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3461 amp_destroy_logical_link(hchan, ev->reason);
3464 hci_dev_unlock(hdev);
3467 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3468 struct sk_buff *skb)
3470 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3471 struct hci_conn *hcon;
3473 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3480 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3482 hcon->state = BT_CLOSED;
3486 hci_dev_unlock(hdev);
3489 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3491 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3492 struct hci_conn *conn;
3494 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3498 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3500 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3502 BT_ERR("No memory for new connection");
3506 conn->dst_type = ev->bdaddr_type;
3508 /* The advertising parameters for own address type
3509 * define which source address and source address
3510 * type this connections has.
3512 if (bacmp(&conn->src, BDADDR_ANY)) {
3513 conn->src_type = ADDR_LE_DEV_PUBLIC;
3515 bacpy(&conn->src, &hdev->static_addr);
3516 conn->src_type = ADDR_LE_DEV_RANDOM;
3519 if (ev->role == LE_CONN_ROLE_MASTER) {
3521 conn->link_mode |= HCI_LM_MASTER;
3526 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3527 conn->dst_type, ev->status);
3528 hci_proto_connect_cfm(conn, ev->status);
3529 conn->state = BT_CLOSED;
3534 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3535 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3536 conn->dst_type, 0, NULL, 0, NULL);
3538 conn->sec_level = BT_SECURITY_LOW;
3539 conn->handle = __le16_to_cpu(ev->handle);
3540 conn->state = BT_CONNECTED;
3542 hci_conn_add_sysfs(conn);
3544 hci_proto_connect_cfm(conn, ev->status);
3547 hci_dev_unlock(hdev);
3550 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3552 u8 num_reports = skb->data[0];
3553 void *ptr = &skb->data[1];
3556 while (num_reports--) {
3557 struct hci_ev_le_advertising_info *ev = ptr;
3559 rssi = ev->data[ev->length];
3560 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3561 NULL, rssi, 0, 1, ev->data, ev->length);
3563 ptr += sizeof(*ev) + ev->length + 1;
3567 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3569 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3570 struct hci_cp_le_ltk_reply cp;
3571 struct hci_cp_le_ltk_neg_reply neg;
3572 struct hci_conn *conn;
3573 struct smp_ltk *ltk;
3575 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3579 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3583 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3587 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3588 cp.handle = cpu_to_le16(conn->handle);
3590 if (ltk->authenticated)
3591 conn->pending_sec_level = BT_SECURITY_HIGH;
3593 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3595 conn->enc_key_size = ltk->enc_size;
3597 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3599 if (ltk->type & HCI_SMP_STK) {
3600 list_del(<k->list);
3604 hci_dev_unlock(hdev);
3609 neg.handle = ev->handle;
3610 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3611 hci_dev_unlock(hdev);
3614 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3616 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3618 skb_pull(skb, sizeof(*le_ev));
3620 switch (le_ev->subevent) {
3621 case HCI_EV_LE_CONN_COMPLETE:
3622 hci_le_conn_complete_evt(hdev, skb);
3625 case HCI_EV_LE_ADVERTISING_REPORT:
3626 hci_le_adv_report_evt(hdev, skb);
3629 case HCI_EV_LE_LTK_REQ:
3630 hci_le_ltk_request_evt(hdev, skb);
3638 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3640 struct hci_ev_channel_selected *ev = (void *) skb->data;
3641 struct hci_conn *hcon;
3643 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3645 skb_pull(skb, sizeof(*ev));
3647 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3651 amp_read_loc_assoc_final_data(hdev, hcon);
3654 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3656 struct hci_event_hdr *hdr = (void *) skb->data;
3657 __u8 event = hdr->evt;
3661 /* Received events are (currently) only needed when a request is
3662 * ongoing so avoid unnecessary memory allocation.
3664 if (hdev->req_status == HCI_REQ_PEND) {
3665 kfree_skb(hdev->recv_evt);
3666 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3669 hci_dev_unlock(hdev);
3671 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3673 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3674 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3675 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3677 hci_req_cmd_complete(hdev, opcode, 0);
3681 case HCI_EV_INQUIRY_COMPLETE:
3682 hci_inquiry_complete_evt(hdev, skb);
3685 case HCI_EV_INQUIRY_RESULT:
3686 hci_inquiry_result_evt(hdev, skb);
3689 case HCI_EV_CONN_COMPLETE:
3690 hci_conn_complete_evt(hdev, skb);
3693 case HCI_EV_CONN_REQUEST:
3694 hci_conn_request_evt(hdev, skb);
3697 case HCI_EV_DISCONN_COMPLETE:
3698 hci_disconn_complete_evt(hdev, skb);
3701 case HCI_EV_AUTH_COMPLETE:
3702 hci_auth_complete_evt(hdev, skb);
3705 case HCI_EV_REMOTE_NAME:
3706 hci_remote_name_evt(hdev, skb);
3709 case HCI_EV_ENCRYPT_CHANGE:
3710 hci_encrypt_change_evt(hdev, skb);
3713 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3714 hci_change_link_key_complete_evt(hdev, skb);
3717 case HCI_EV_REMOTE_FEATURES:
3718 hci_remote_features_evt(hdev, skb);
3721 case HCI_EV_CMD_COMPLETE:
3722 hci_cmd_complete_evt(hdev, skb);
3725 case HCI_EV_CMD_STATUS:
3726 hci_cmd_status_evt(hdev, skb);
3729 case HCI_EV_ROLE_CHANGE:
3730 hci_role_change_evt(hdev, skb);
3733 case HCI_EV_NUM_COMP_PKTS:
3734 hci_num_comp_pkts_evt(hdev, skb);
3737 case HCI_EV_MODE_CHANGE:
3738 hci_mode_change_evt(hdev, skb);
3741 case HCI_EV_PIN_CODE_REQ:
3742 hci_pin_code_request_evt(hdev, skb);
3745 case HCI_EV_LINK_KEY_REQ:
3746 hci_link_key_request_evt(hdev, skb);
3749 case HCI_EV_LINK_KEY_NOTIFY:
3750 hci_link_key_notify_evt(hdev, skb);
3753 case HCI_EV_CLOCK_OFFSET:
3754 hci_clock_offset_evt(hdev, skb);
3757 case HCI_EV_PKT_TYPE_CHANGE:
3758 hci_pkt_type_change_evt(hdev, skb);
3761 case HCI_EV_PSCAN_REP_MODE:
3762 hci_pscan_rep_mode_evt(hdev, skb);
3765 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3766 hci_inquiry_result_with_rssi_evt(hdev, skb);
3769 case HCI_EV_REMOTE_EXT_FEATURES:
3770 hci_remote_ext_features_evt(hdev, skb);
3773 case HCI_EV_SYNC_CONN_COMPLETE:
3774 hci_sync_conn_complete_evt(hdev, skb);
3777 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3778 hci_extended_inquiry_result_evt(hdev, skb);
3781 case HCI_EV_KEY_REFRESH_COMPLETE:
3782 hci_key_refresh_complete_evt(hdev, skb);
3785 case HCI_EV_IO_CAPA_REQUEST:
3786 hci_io_capa_request_evt(hdev, skb);
3789 case HCI_EV_IO_CAPA_REPLY:
3790 hci_io_capa_reply_evt(hdev, skb);
3793 case HCI_EV_USER_CONFIRM_REQUEST:
3794 hci_user_confirm_request_evt(hdev, skb);
3797 case HCI_EV_USER_PASSKEY_REQUEST:
3798 hci_user_passkey_request_evt(hdev, skb);
3801 case HCI_EV_USER_PASSKEY_NOTIFY:
3802 hci_user_passkey_notify_evt(hdev, skb);
3805 case HCI_EV_KEYPRESS_NOTIFY:
3806 hci_keypress_notify_evt(hdev, skb);
3809 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3810 hci_simple_pair_complete_evt(hdev, skb);
3813 case HCI_EV_REMOTE_HOST_FEATURES:
3814 hci_remote_host_features_evt(hdev, skb);
3817 case HCI_EV_LE_META:
3818 hci_le_meta_evt(hdev, skb);
3821 case HCI_EV_CHANNEL_SELECTED:
3822 hci_chan_selected_evt(hdev, skb);
3825 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3826 hci_remote_oob_data_request_evt(hdev, skb);
3829 case HCI_EV_PHY_LINK_COMPLETE:
3830 hci_phy_link_complete_evt(hdev, skb);
3833 case HCI_EV_LOGICAL_LINK_COMPLETE:
3834 hci_loglink_complete_evt(hdev, skb);
3837 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3838 hci_disconn_loglink_complete_evt(hdev, skb);
3841 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3842 hci_disconn_phylink_complete_evt(hdev, skb);
3845 case HCI_EV_NUM_COMP_BLOCKS:
3846 hci_num_comp_blocks_evt(hdev, skb);
3850 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3855 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob