2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->ssp_debug_mode = 0;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
241 __u8 status = *((__u8 *) skb->data);
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 __u8 param = *((__u8 *) sent);
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
256 clear_bit(HCI_AUTH, &hdev->flags);
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
431 hdev->num_iac = rp->num_iac;
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->features[1][0] |= LMP_HOST_SSP;
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
466 struct hci_rp_read_local_version *rp = (void *) skb->data;
468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
474 hdev->hci_ver = rp->hci_ver;
475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
476 hdev->lmp_ver = rp->lmp_ver;
477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
482 static void hci_cc_read_local_commands(struct hci_dev *hdev,
485 struct hci_rp_read_local_commands *rp = (void *) skb->data;
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
490 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
493 static void hci_cc_read_local_features(struct hci_dev *hdev,
496 struct hci_rp_read_local_features *rp = (void *) skb->data;
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503 memcpy(hdev->features, rp->features, 8);
505 /* Adjust default settings according to features
506 * supported by device. */
508 if (hdev->features[0][0] & LMP_3SLOT)
509 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
511 if (hdev->features[0][0] & LMP_5SLOT)
512 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
514 if (hdev->features[0][1] & LMP_HV2) {
515 hdev->pkt_type |= (HCI_HV2);
516 hdev->esco_type |= (ESCO_HV2);
519 if (hdev->features[0][1] & LMP_HV3) {
520 hdev->pkt_type |= (HCI_HV3);
521 hdev->esco_type |= (ESCO_HV3);
524 if (lmp_esco_capable(hdev))
525 hdev->esco_type |= (ESCO_EV3);
527 if (hdev->features[0][4] & LMP_EV4)
528 hdev->esco_type |= (ESCO_EV4);
530 if (hdev->features[0][4] & LMP_EV5)
531 hdev->esco_type |= (ESCO_EV5);
533 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
534 hdev->esco_type |= (ESCO_2EV3);
536 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
537 hdev->esco_type |= (ESCO_3EV3);
539 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
540 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
543 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
546 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
548 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
553 if (hdev->max_page < rp->max_page)
554 hdev->max_page = rp->max_page;
556 if (rp->page < HCI_MAX_PAGES)
557 memcpy(hdev->features[rp->page], rp->features, 8);
560 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
563 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
565 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
568 hdev->flow_ctl_mode = rp->mode;
571 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
573 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
575 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
580 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
581 hdev->sco_mtu = rp->sco_mtu;
582 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
583 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
585 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
590 hdev->acl_cnt = hdev->acl_pkts;
591 hdev->sco_cnt = hdev->sco_pkts;
593 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
594 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
597 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
599 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
601 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
604 bacpy(&hdev->bdaddr, &rp->bdaddr);
607 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
610 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
612 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
614 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
615 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
616 hdev->page_scan_window = __le16_to_cpu(rp->window);
620 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
623 u8 status = *((u8 *) skb->data);
624 struct hci_cp_write_page_scan_activity *sent;
626 BT_DBG("%s status 0x%2.2x", hdev->name, status);
631 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
635 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
636 hdev->page_scan_window = __le16_to_cpu(sent->window);
639 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
642 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
646 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
647 hdev->page_scan_type = rp->type;
650 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
653 u8 status = *((u8 *) skb->data);
656 BT_DBG("%s status 0x%2.2x", hdev->name, status);
661 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
663 hdev->page_scan_type = *type;
666 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
669 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
671 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
676 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
677 hdev->block_len = __le16_to_cpu(rp->block_len);
678 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
680 hdev->block_cnt = hdev->num_blocks;
682 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
683 hdev->block_cnt, hdev->block_len);
686 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
689 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
691 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
696 hdev->amp_status = rp->amp_status;
697 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
698 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
699 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
700 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
701 hdev->amp_type = rp->amp_type;
702 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
703 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
704 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
705 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
708 a2mp_send_getinfo_rsp(hdev);
711 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
714 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
715 struct amp_assoc *assoc = &hdev->loc_assoc;
716 size_t rem_len, frag_len;
718 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
723 frag_len = skb->len - sizeof(*rp);
724 rem_len = __le16_to_cpu(rp->rem_len);
726 if (rem_len > frag_len) {
727 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
729 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
730 assoc->offset += frag_len;
732 /* Read other fragments */
733 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
738 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
739 assoc->len = assoc->offset + rem_len;
743 /* Send A2MP Rsp when all fragments are received */
744 a2mp_send_getampassoc_rsp(hdev, rp->status);
745 a2mp_send_create_phy_link_req(hdev, rp->status);
748 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
751 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
753 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756 hdev->inq_tx_power = rp->tx_power;
759 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
761 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
762 struct hci_cp_pin_code_reply *cp;
763 struct hci_conn *conn;
765 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 if (test_bit(HCI_MGMT, &hdev->dev_flags))
770 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
775 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
779 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
781 conn->pin_length = cp->pin_len;
784 hci_dev_unlock(hdev);
787 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
789 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
795 if (test_bit(HCI_MGMT, &hdev->dev_flags))
796 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
799 hci_dev_unlock(hdev);
802 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
805 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
807 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
812 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
813 hdev->le_pkts = rp->le_max_pkt;
815 hdev->le_cnt = hdev->le_pkts;
817 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
820 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
823 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
825 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 memcpy(hdev->le_features, rp->features, 8);
831 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
834 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
839 hdev->adv_tx_power = rp->tx_power;
842 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
844 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
850 if (test_bit(HCI_MGMT, &hdev->dev_flags))
851 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
854 hci_dev_unlock(hdev);
857 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
860 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
866 if (test_bit(HCI_MGMT, &hdev->dev_flags))
867 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
868 ACL_LINK, 0, rp->status);
870 hci_dev_unlock(hdev);
873 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
875 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
881 if (test_bit(HCI_MGMT, &hdev->dev_flags))
882 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
885 hci_dev_unlock(hdev);
888 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
891 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
893 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
897 if (test_bit(HCI_MGMT, &hdev->dev_flags))
898 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
899 ACL_LINK, 0, rp->status);
901 hci_dev_unlock(hdev);
904 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
907 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
913 rp->randomizer, rp->status);
914 hci_dev_unlock(hdev);
917 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
919 __u8 *sent, status = *((__u8 *) skb->data);
921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
923 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
931 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
933 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
936 hci_dev_unlock(hdev);
939 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
942 struct hci_cp_le_set_scan_enable *cp;
943 __u8 status = *((__u8 *) skb->data);
945 BT_DBG("%s status 0x%2.2x", hdev->name, status);
947 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
954 switch (cp->enable) {
956 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
959 case LE_SCAN_DISABLE:
960 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
964 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
969 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
972 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
977 hdev->le_white_list_size = rp->size;
980 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
983 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
985 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
988 memcpy(hdev->le_states, rp->le_states, 8);
991 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
994 struct hci_cp_write_le_host_supported *sent;
995 __u8 status = *((__u8 *) skb->data);
997 BT_DBG("%s status 0x%2.2x", hdev->name, status);
999 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1005 hdev->features[1][0] |= LMP_HOST_LE;
1006 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1008 hdev->features[1][0] &= ~LMP_HOST_LE;
1009 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1010 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1014 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1016 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1020 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1021 struct sk_buff *skb)
1023 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1025 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1026 hdev->name, rp->status, rp->phy_handle);
1031 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1034 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1036 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1039 hci_conn_check_pending(hdev);
1043 set_bit(HCI_INQUIRY, &hdev->flags);
1046 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1048 struct hci_cp_create_conn *cp;
1049 struct hci_conn *conn;
1051 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1053 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1059 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1061 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1064 if (conn && conn->state == BT_CONNECT) {
1065 if (status != 0x0c || conn->attempt > 2) {
1066 conn->state = BT_CLOSED;
1067 hci_proto_connect_cfm(conn, status);
1070 conn->state = BT_CONNECT2;
1074 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1077 conn->link_mode |= HCI_LM_MASTER;
1079 BT_ERR("No memory for new connection");
1083 hci_dev_unlock(hdev);
1086 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1088 struct hci_cp_add_sco *cp;
1089 struct hci_conn *acl, *sco;
1092 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1097 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1101 handle = __le16_to_cpu(cp->handle);
1103 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1107 acl = hci_conn_hash_lookup_handle(hdev, handle);
1111 sco->state = BT_CLOSED;
1113 hci_proto_connect_cfm(sco, status);
1118 hci_dev_unlock(hdev);
1121 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1123 struct hci_cp_auth_requested *cp;
1124 struct hci_conn *conn;
1126 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1131 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1137 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1139 if (conn->state == BT_CONFIG) {
1140 hci_proto_connect_cfm(conn, status);
1141 hci_conn_drop(conn);
1145 hci_dev_unlock(hdev);
1148 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1150 struct hci_cp_set_conn_encrypt *cp;
1151 struct hci_conn *conn;
1153 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1158 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1164 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1166 if (conn->state == BT_CONFIG) {
1167 hci_proto_connect_cfm(conn, status);
1168 hci_conn_drop(conn);
1172 hci_dev_unlock(hdev);
1175 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1176 struct hci_conn *conn)
1178 if (conn->state != BT_CONFIG || !conn->out)
1181 if (conn->pending_sec_level == BT_SECURITY_SDP)
1184 /* Only request authentication for SSP connections or non-SSP
1185 * devices with sec_level HIGH or if MITM protection is requested */
1186 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1187 conn->pending_sec_level != BT_SECURITY_HIGH)
1193 static int hci_resolve_name(struct hci_dev *hdev,
1194 struct inquiry_entry *e)
1196 struct hci_cp_remote_name_req cp;
1198 memset(&cp, 0, sizeof(cp));
1200 bacpy(&cp.bdaddr, &e->data.bdaddr);
1201 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1202 cp.pscan_mode = e->data.pscan_mode;
1203 cp.clock_offset = e->data.clock_offset;
1205 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1208 static bool hci_resolve_next_name(struct hci_dev *hdev)
1210 struct discovery_state *discov = &hdev->discovery;
1211 struct inquiry_entry *e;
1213 if (list_empty(&discov->resolve))
1216 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1220 if (hci_resolve_name(hdev, e) == 0) {
1221 e->name_state = NAME_PENDING;
1228 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1229 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1231 struct discovery_state *discov = &hdev->discovery;
1232 struct inquiry_entry *e;
1234 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1235 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1236 name_len, conn->dev_class);
1238 if (discov->state == DISCOVERY_STOPPED)
1241 if (discov->state == DISCOVERY_STOPPING)
1242 goto discov_complete;
1244 if (discov->state != DISCOVERY_RESOLVING)
1247 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1248 /* If the device was not found in a list of found devices names of which
1249 * are pending. there is no need to continue resolving a next name as it
1250 * will be done upon receiving another Remote Name Request Complete
1257 e->name_state = NAME_KNOWN;
1258 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1259 e->data.rssi, name, name_len);
1261 e->name_state = NAME_NOT_KNOWN;
1264 if (hci_resolve_next_name(hdev))
1268 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1271 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1273 struct hci_cp_remote_name_req *cp;
1274 struct hci_conn *conn;
1276 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1278 /* If successful wait for the name req complete event before
1279 * checking for the need to do authentication */
1283 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1291 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1292 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1297 if (!hci_outgoing_auth_needed(hdev, conn))
1300 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1301 struct hci_cp_auth_requested auth_cp;
1303 auth_cp.handle = __cpu_to_le16(conn->handle);
1304 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1305 sizeof(auth_cp), &auth_cp);
1309 hci_dev_unlock(hdev);
1312 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1314 struct hci_cp_read_remote_features *cp;
1315 struct hci_conn *conn;
1317 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1322 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1328 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1330 if (conn->state == BT_CONFIG) {
1331 hci_proto_connect_cfm(conn, status);
1332 hci_conn_drop(conn);
1336 hci_dev_unlock(hdev);
1339 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1341 struct hci_cp_read_remote_ext_features *cp;
1342 struct hci_conn *conn;
1344 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1349 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1355 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1357 if (conn->state == BT_CONFIG) {
1358 hci_proto_connect_cfm(conn, status);
1359 hci_conn_drop(conn);
1363 hci_dev_unlock(hdev);
1366 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1368 struct hci_cp_setup_sync_conn *cp;
1369 struct hci_conn *acl, *sco;
1372 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1377 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1381 handle = __le16_to_cpu(cp->handle);
1383 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1387 acl = hci_conn_hash_lookup_handle(hdev, handle);
1391 sco->state = BT_CLOSED;
1393 hci_proto_connect_cfm(sco, status);
1398 hci_dev_unlock(hdev);
1401 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1403 struct hci_cp_sniff_mode *cp;
1404 struct hci_conn *conn;
1406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1411 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1417 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1419 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1421 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1422 hci_sco_setup(conn, status);
1425 hci_dev_unlock(hdev);
1428 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1430 struct hci_cp_exit_sniff_mode *cp;
1431 struct hci_conn *conn;
1433 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1438 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1444 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1446 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1448 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1449 hci_sco_setup(conn, status);
1452 hci_dev_unlock(hdev);
1455 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1457 struct hci_cp_disconnect *cp;
1458 struct hci_conn *conn;
1463 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1469 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1471 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1472 conn->dst_type, status);
1474 hci_dev_unlock(hdev);
1477 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1479 struct hci_cp_create_phy_link *cp;
1481 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1483 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1490 struct hci_conn *hcon;
1492 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1496 amp_write_remote_assoc(hdev, cp->phy_handle);
1499 hci_dev_unlock(hdev);
1502 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1504 struct hci_cp_accept_phy_link *cp;
1506 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1515 amp_write_remote_assoc(hdev, cp->phy_handle);
1518 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1520 __u8 status = *((__u8 *) skb->data);
1521 struct discovery_state *discov = &hdev->discovery;
1522 struct inquiry_entry *e;
1524 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1526 hci_conn_check_pending(hdev);
1528 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1531 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1532 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1534 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1539 if (discov->state != DISCOVERY_FINDING)
1542 if (list_empty(&discov->resolve)) {
1543 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1547 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1548 if (e && hci_resolve_name(hdev, e) == 0) {
1549 e->name_state = NAME_PENDING;
1550 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1552 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1556 hci_dev_unlock(hdev);
1559 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1561 struct inquiry_data data;
1562 struct inquiry_info *info = (void *) (skb->data + 1);
1563 int num_rsp = *((__u8 *) skb->data);
1565 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1570 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1575 for (; num_rsp; num_rsp--, info++) {
1576 bool name_known, ssp;
1578 bacpy(&data.bdaddr, &info->bdaddr);
1579 data.pscan_rep_mode = info->pscan_rep_mode;
1580 data.pscan_period_mode = info->pscan_period_mode;
1581 data.pscan_mode = info->pscan_mode;
1582 memcpy(data.dev_class, info->dev_class, 3);
1583 data.clock_offset = info->clock_offset;
1585 data.ssp_mode = 0x00;
1587 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1588 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1589 info->dev_class, 0, !name_known, ssp, NULL,
1593 hci_dev_unlock(hdev);
1596 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1598 struct hci_ev_conn_complete *ev = (void *) skb->data;
1599 struct hci_conn *conn;
1601 BT_DBG("%s", hdev->name);
1605 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1607 if (ev->link_type != SCO_LINK)
1610 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1614 conn->type = SCO_LINK;
1618 conn->handle = __le16_to_cpu(ev->handle);
1620 if (conn->type == ACL_LINK) {
1621 conn->state = BT_CONFIG;
1622 hci_conn_hold(conn);
1624 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1625 !hci_find_link_key(hdev, &ev->bdaddr))
1626 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1628 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1630 conn->state = BT_CONNECTED;
1632 hci_conn_add_sysfs(conn);
1634 if (test_bit(HCI_AUTH, &hdev->flags))
1635 conn->link_mode |= HCI_LM_AUTH;
1637 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1638 conn->link_mode |= HCI_LM_ENCRYPT;
1640 /* Get remote features */
1641 if (conn->type == ACL_LINK) {
1642 struct hci_cp_read_remote_features cp;
1643 cp.handle = ev->handle;
1644 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1648 /* Set packet type for incoming connection */
1649 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1650 struct hci_cp_change_conn_ptype cp;
1651 cp.handle = ev->handle;
1652 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1653 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1657 conn->state = BT_CLOSED;
1658 if (conn->type == ACL_LINK)
1659 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1660 conn->dst_type, ev->status);
1663 if (conn->type == ACL_LINK)
1664 hci_sco_setup(conn, ev->status);
1667 hci_proto_connect_cfm(conn, ev->status);
1669 } else if (ev->link_type != ACL_LINK)
1670 hci_proto_connect_cfm(conn, ev->status);
1673 hci_dev_unlock(hdev);
1675 hci_conn_check_pending(hdev);
1678 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1680 struct hci_ev_conn_request *ev = (void *) skb->data;
1681 int mask = hdev->link_mode;
1684 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1687 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1690 if ((mask & HCI_LM_ACCEPT) &&
1691 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1692 /* Connection accepted */
1693 struct inquiry_entry *ie;
1694 struct hci_conn *conn;
1698 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1700 memcpy(ie->data.dev_class, ev->dev_class, 3);
1702 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1705 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1707 BT_ERR("No memory for new connection");
1708 hci_dev_unlock(hdev);
1713 memcpy(conn->dev_class, ev->dev_class, 3);
1715 hci_dev_unlock(hdev);
1717 if (ev->link_type == ACL_LINK ||
1718 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1719 struct hci_cp_accept_conn_req cp;
1720 conn->state = BT_CONNECT;
1722 bacpy(&cp.bdaddr, &ev->bdaddr);
1724 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1725 cp.role = 0x00; /* Become master */
1727 cp.role = 0x01; /* Remain slave */
1729 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1731 } else if (!(flags & HCI_PROTO_DEFER)) {
1732 struct hci_cp_accept_sync_conn_req cp;
1733 conn->state = BT_CONNECT;
1735 bacpy(&cp.bdaddr, &ev->bdaddr);
1736 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1738 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1739 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1740 cp.max_latency = __constant_cpu_to_le16(0xffff);
1741 cp.content_format = cpu_to_le16(hdev->voice_setting);
1742 cp.retrans_effort = 0xff;
1744 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1747 conn->state = BT_CONNECT2;
1748 hci_proto_connect_cfm(conn, 0);
1751 /* Connection rejected */
1752 struct hci_cp_reject_conn_req cp;
1754 bacpy(&cp.bdaddr, &ev->bdaddr);
1755 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1756 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1760 static u8 hci_to_mgmt_reason(u8 err)
1763 case HCI_ERROR_CONNECTION_TIMEOUT:
1764 return MGMT_DEV_DISCONN_TIMEOUT;
1765 case HCI_ERROR_REMOTE_USER_TERM:
1766 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1767 case HCI_ERROR_REMOTE_POWER_OFF:
1768 return MGMT_DEV_DISCONN_REMOTE;
1769 case HCI_ERROR_LOCAL_HOST_TERM:
1770 return MGMT_DEV_DISCONN_LOCAL_HOST;
1772 return MGMT_DEV_DISCONN_UNKNOWN;
1776 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1778 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1779 struct hci_conn *conn;
1781 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1785 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1789 if (ev->status == 0)
1790 conn->state = BT_CLOSED;
1792 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1793 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1795 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1796 conn->dst_type, ev->status);
1798 u8 reason = hci_to_mgmt_reason(ev->reason);
1800 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1801 conn->dst_type, reason);
1805 if (ev->status == 0) {
1806 u8 type = conn->type;
1808 if (type == ACL_LINK && conn->flush_key)
1809 hci_remove_link_key(hdev, &conn->dst);
1810 hci_proto_disconn_cfm(conn, ev->reason);
1813 /* Re-enable advertising if necessary, since it might
1814 * have been disabled by the connection. From the
1815 * HCI_LE_Set_Advertise_Enable command description in
1816 * the core specification (v4.0):
1817 * "The Controller shall continue advertising until the Host
1818 * issues an LE_Set_Advertise_Enable command with
1819 * Advertising_Enable set to 0x00 (Advertising is disabled)
1820 * or until a connection is created or until the Advertising
1821 * is timed out due to Directed Advertising."
1823 if (type == LE_LINK)
1824 mgmt_reenable_advertising(hdev);
1828 hci_dev_unlock(hdev);
1831 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1833 struct hci_ev_auth_complete *ev = (void *) skb->data;
1834 struct hci_conn *conn;
1836 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1840 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1845 if (!hci_conn_ssp_enabled(conn) &&
1846 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1847 BT_INFO("re-auth of legacy device is not possible.");
1849 conn->link_mode |= HCI_LM_AUTH;
1850 conn->sec_level = conn->pending_sec_level;
1853 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1857 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1858 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1860 if (conn->state == BT_CONFIG) {
1861 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1862 struct hci_cp_set_conn_encrypt cp;
1863 cp.handle = ev->handle;
1865 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1868 conn->state = BT_CONNECTED;
1869 hci_proto_connect_cfm(conn, ev->status);
1870 hci_conn_drop(conn);
1873 hci_auth_cfm(conn, ev->status);
1875 hci_conn_hold(conn);
1876 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1877 hci_conn_drop(conn);
1880 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1882 struct hci_cp_set_conn_encrypt cp;
1883 cp.handle = ev->handle;
1885 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1888 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1889 hci_encrypt_cfm(conn, ev->status, 0x00);
1894 hci_dev_unlock(hdev);
1897 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1899 struct hci_ev_remote_name *ev = (void *) skb->data;
1900 struct hci_conn *conn;
1902 BT_DBG("%s", hdev->name);
1904 hci_conn_check_pending(hdev);
1908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1910 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1913 if (ev->status == 0)
1914 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1915 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1923 if (!hci_outgoing_auth_needed(hdev, conn))
1926 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1927 struct hci_cp_auth_requested cp;
1928 cp.handle = __cpu_to_le16(conn->handle);
1929 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1933 hci_dev_unlock(hdev);
1936 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1938 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1939 struct hci_conn *conn;
1941 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1945 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1949 /* Encryption implies authentication */
1950 conn->link_mode |= HCI_LM_AUTH;
1951 conn->link_mode |= HCI_LM_ENCRYPT;
1952 conn->sec_level = conn->pending_sec_level;
1954 conn->link_mode &= ~HCI_LM_ENCRYPT;
1957 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1959 if (ev->status && conn->state == BT_CONNECTED) {
1960 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1961 hci_conn_drop(conn);
1965 if (conn->state == BT_CONFIG) {
1967 conn->state = BT_CONNECTED;
1969 hci_proto_connect_cfm(conn, ev->status);
1970 hci_conn_drop(conn);
1972 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1976 hci_dev_unlock(hdev);
1979 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1980 struct sk_buff *skb)
1982 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1983 struct hci_conn *conn;
1985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1992 conn->link_mode |= HCI_LM_SECURE;
1994 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1996 hci_key_change_cfm(conn, ev->status);
1999 hci_dev_unlock(hdev);
2002 static void hci_remote_features_evt(struct hci_dev *hdev,
2003 struct sk_buff *skb)
2005 struct hci_ev_remote_features *ev = (void *) skb->data;
2006 struct hci_conn *conn;
2008 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2012 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2017 memcpy(conn->features[0], ev->features, 8);
2019 if (conn->state != BT_CONFIG)
2022 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2023 struct hci_cp_read_remote_ext_features cp;
2024 cp.handle = ev->handle;
2026 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2031 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2032 struct hci_cp_remote_name_req cp;
2033 memset(&cp, 0, sizeof(cp));
2034 bacpy(&cp.bdaddr, &conn->dst);
2035 cp.pscan_rep_mode = 0x02;
2036 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2037 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2038 mgmt_device_connected(hdev, &conn->dst, conn->type,
2039 conn->dst_type, 0, NULL, 0,
2042 if (!hci_outgoing_auth_needed(hdev, conn)) {
2043 conn->state = BT_CONNECTED;
2044 hci_proto_connect_cfm(conn, ev->status);
2045 hci_conn_drop(conn);
2049 hci_dev_unlock(hdev);
2052 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2054 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2055 u8 status = skb->data[sizeof(*ev)];
2058 skb_pull(skb, sizeof(*ev));
2060 opcode = __le16_to_cpu(ev->opcode);
2063 case HCI_OP_INQUIRY_CANCEL:
2064 hci_cc_inquiry_cancel(hdev, skb);
2067 case HCI_OP_PERIODIC_INQ:
2068 hci_cc_periodic_inq(hdev, skb);
2071 case HCI_OP_EXIT_PERIODIC_INQ:
2072 hci_cc_exit_periodic_inq(hdev, skb);
2075 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2076 hci_cc_remote_name_req_cancel(hdev, skb);
2079 case HCI_OP_ROLE_DISCOVERY:
2080 hci_cc_role_discovery(hdev, skb);
2083 case HCI_OP_READ_LINK_POLICY:
2084 hci_cc_read_link_policy(hdev, skb);
2087 case HCI_OP_WRITE_LINK_POLICY:
2088 hci_cc_write_link_policy(hdev, skb);
2091 case HCI_OP_READ_DEF_LINK_POLICY:
2092 hci_cc_read_def_link_policy(hdev, skb);
2095 case HCI_OP_WRITE_DEF_LINK_POLICY:
2096 hci_cc_write_def_link_policy(hdev, skb);
2100 hci_cc_reset(hdev, skb);
2103 case HCI_OP_WRITE_LOCAL_NAME:
2104 hci_cc_write_local_name(hdev, skb);
2107 case HCI_OP_READ_LOCAL_NAME:
2108 hci_cc_read_local_name(hdev, skb);
2111 case HCI_OP_WRITE_AUTH_ENABLE:
2112 hci_cc_write_auth_enable(hdev, skb);
2115 case HCI_OP_WRITE_ENCRYPT_MODE:
2116 hci_cc_write_encrypt_mode(hdev, skb);
2119 case HCI_OP_WRITE_SCAN_ENABLE:
2120 hci_cc_write_scan_enable(hdev, skb);
2123 case HCI_OP_READ_CLASS_OF_DEV:
2124 hci_cc_read_class_of_dev(hdev, skb);
2127 case HCI_OP_WRITE_CLASS_OF_DEV:
2128 hci_cc_write_class_of_dev(hdev, skb);
2131 case HCI_OP_READ_VOICE_SETTING:
2132 hci_cc_read_voice_setting(hdev, skb);
2135 case HCI_OP_WRITE_VOICE_SETTING:
2136 hci_cc_write_voice_setting(hdev, skb);
2139 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2140 hci_cc_read_num_supported_iac(hdev, skb);
2143 case HCI_OP_WRITE_SSP_MODE:
2144 hci_cc_write_ssp_mode(hdev, skb);
2147 case HCI_OP_READ_LOCAL_VERSION:
2148 hci_cc_read_local_version(hdev, skb);
2151 case HCI_OP_READ_LOCAL_COMMANDS:
2152 hci_cc_read_local_commands(hdev, skb);
2155 case HCI_OP_READ_LOCAL_FEATURES:
2156 hci_cc_read_local_features(hdev, skb);
2159 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2160 hci_cc_read_local_ext_features(hdev, skb);
2163 case HCI_OP_READ_BUFFER_SIZE:
2164 hci_cc_read_buffer_size(hdev, skb);
2167 case HCI_OP_READ_BD_ADDR:
2168 hci_cc_read_bd_addr(hdev, skb);
2171 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2172 hci_cc_read_page_scan_activity(hdev, skb);
2175 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2176 hci_cc_write_page_scan_activity(hdev, skb);
2179 case HCI_OP_READ_PAGE_SCAN_TYPE:
2180 hci_cc_read_page_scan_type(hdev, skb);
2183 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2184 hci_cc_write_page_scan_type(hdev, skb);
2187 case HCI_OP_READ_DATA_BLOCK_SIZE:
2188 hci_cc_read_data_block_size(hdev, skb);
2191 case HCI_OP_READ_FLOW_CONTROL_MODE:
2192 hci_cc_read_flow_control_mode(hdev, skb);
2195 case HCI_OP_READ_LOCAL_AMP_INFO:
2196 hci_cc_read_local_amp_info(hdev, skb);
2199 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2200 hci_cc_read_local_amp_assoc(hdev, skb);
2203 case HCI_OP_READ_INQ_RSP_TX_POWER:
2204 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2207 case HCI_OP_PIN_CODE_REPLY:
2208 hci_cc_pin_code_reply(hdev, skb);
2211 case HCI_OP_PIN_CODE_NEG_REPLY:
2212 hci_cc_pin_code_neg_reply(hdev, skb);
2215 case HCI_OP_READ_LOCAL_OOB_DATA:
2216 hci_cc_read_local_oob_data_reply(hdev, skb);
2219 case HCI_OP_LE_READ_BUFFER_SIZE:
2220 hci_cc_le_read_buffer_size(hdev, skb);
2223 case HCI_OP_LE_READ_LOCAL_FEATURES:
2224 hci_cc_le_read_local_features(hdev, skb);
2227 case HCI_OP_LE_READ_ADV_TX_POWER:
2228 hci_cc_le_read_adv_tx_power(hdev, skb);
2231 case HCI_OP_USER_CONFIRM_REPLY:
2232 hci_cc_user_confirm_reply(hdev, skb);
2235 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2236 hci_cc_user_confirm_neg_reply(hdev, skb);
2239 case HCI_OP_USER_PASSKEY_REPLY:
2240 hci_cc_user_passkey_reply(hdev, skb);
2243 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2244 hci_cc_user_passkey_neg_reply(hdev, skb);
2247 case HCI_OP_LE_SET_ADV_ENABLE:
2248 hci_cc_le_set_adv_enable(hdev, skb);
2251 case HCI_OP_LE_SET_SCAN_ENABLE:
2252 hci_cc_le_set_scan_enable(hdev, skb);
2255 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2256 hci_cc_le_read_white_list_size(hdev, skb);
2259 case HCI_OP_LE_READ_SUPPORTED_STATES:
2260 hci_cc_le_read_supported_states(hdev, skb);
2263 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2264 hci_cc_write_le_host_supported(hdev, skb);
2267 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2268 hci_cc_write_remote_amp_assoc(hdev, skb);
2272 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2276 if (opcode != HCI_OP_NOP)
2277 del_timer(&hdev->cmd_timer);
2279 hci_req_cmd_complete(hdev, opcode, status);
2281 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2282 atomic_set(&hdev->cmd_cnt, 1);
2283 if (!skb_queue_empty(&hdev->cmd_q))
2284 queue_work(hdev->workqueue, &hdev->cmd_work);
2288 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2290 struct hci_ev_cmd_status *ev = (void *) skb->data;
2293 skb_pull(skb, sizeof(*ev));
2295 opcode = __le16_to_cpu(ev->opcode);
2298 case HCI_OP_INQUIRY:
2299 hci_cs_inquiry(hdev, ev->status);
2302 case HCI_OP_CREATE_CONN:
2303 hci_cs_create_conn(hdev, ev->status);
2306 case HCI_OP_ADD_SCO:
2307 hci_cs_add_sco(hdev, ev->status);
2310 case HCI_OP_AUTH_REQUESTED:
2311 hci_cs_auth_requested(hdev, ev->status);
2314 case HCI_OP_SET_CONN_ENCRYPT:
2315 hci_cs_set_conn_encrypt(hdev, ev->status);
2318 case HCI_OP_REMOTE_NAME_REQ:
2319 hci_cs_remote_name_req(hdev, ev->status);
2322 case HCI_OP_READ_REMOTE_FEATURES:
2323 hci_cs_read_remote_features(hdev, ev->status);
2326 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2327 hci_cs_read_remote_ext_features(hdev, ev->status);
2330 case HCI_OP_SETUP_SYNC_CONN:
2331 hci_cs_setup_sync_conn(hdev, ev->status);
2334 case HCI_OP_SNIFF_MODE:
2335 hci_cs_sniff_mode(hdev, ev->status);
2338 case HCI_OP_EXIT_SNIFF_MODE:
2339 hci_cs_exit_sniff_mode(hdev, ev->status);
2342 case HCI_OP_DISCONNECT:
2343 hci_cs_disconnect(hdev, ev->status);
2346 case HCI_OP_CREATE_PHY_LINK:
2347 hci_cs_create_phylink(hdev, ev->status);
2350 case HCI_OP_ACCEPT_PHY_LINK:
2351 hci_cs_accept_phylink(hdev, ev->status);
2355 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2359 if (opcode != HCI_OP_NOP)
2360 del_timer(&hdev->cmd_timer);
2363 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2364 hci_req_cmd_complete(hdev, opcode, ev->status);
2366 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2367 atomic_set(&hdev->cmd_cnt, 1);
2368 if (!skb_queue_empty(&hdev->cmd_q))
2369 queue_work(hdev->workqueue, &hdev->cmd_work);
2373 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2375 struct hci_ev_role_change *ev = (void *) skb->data;
2376 struct hci_conn *conn;
2378 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2382 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2386 conn->link_mode &= ~HCI_LM_MASTER;
2388 conn->link_mode |= HCI_LM_MASTER;
2391 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2393 hci_role_switch_cfm(conn, ev->status, ev->role);
2396 hci_dev_unlock(hdev);
2399 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2401 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2404 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2405 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2409 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2410 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2411 BT_DBG("%s bad parameters", hdev->name);
2415 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2417 for (i = 0; i < ev->num_hndl; i++) {
2418 struct hci_comp_pkts_info *info = &ev->handles[i];
2419 struct hci_conn *conn;
2420 __u16 handle, count;
2422 handle = __le16_to_cpu(info->handle);
2423 count = __le16_to_cpu(info->count);
2425 conn = hci_conn_hash_lookup_handle(hdev, handle);
2429 conn->sent -= count;
2431 switch (conn->type) {
2433 hdev->acl_cnt += count;
2434 if (hdev->acl_cnt > hdev->acl_pkts)
2435 hdev->acl_cnt = hdev->acl_pkts;
2439 if (hdev->le_pkts) {
2440 hdev->le_cnt += count;
2441 if (hdev->le_cnt > hdev->le_pkts)
2442 hdev->le_cnt = hdev->le_pkts;
2444 hdev->acl_cnt += count;
2445 if (hdev->acl_cnt > hdev->acl_pkts)
2446 hdev->acl_cnt = hdev->acl_pkts;
2451 hdev->sco_cnt += count;
2452 if (hdev->sco_cnt > hdev->sco_pkts)
2453 hdev->sco_cnt = hdev->sco_pkts;
2457 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2462 queue_work(hdev->workqueue, &hdev->tx_work);
2465 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2468 struct hci_chan *chan;
2470 switch (hdev->dev_type) {
2472 return hci_conn_hash_lookup_handle(hdev, handle);
2474 chan = hci_chan_lookup_handle(hdev, handle);
2479 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2486 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2488 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2491 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2492 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2496 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2497 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2498 BT_DBG("%s bad parameters", hdev->name);
2502 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2505 for (i = 0; i < ev->num_hndl; i++) {
2506 struct hci_comp_blocks_info *info = &ev->handles[i];
2507 struct hci_conn *conn = NULL;
2508 __u16 handle, block_count;
2510 handle = __le16_to_cpu(info->handle);
2511 block_count = __le16_to_cpu(info->blocks);
2513 conn = __hci_conn_lookup_handle(hdev, handle);
2517 conn->sent -= block_count;
2519 switch (conn->type) {
2522 hdev->block_cnt += block_count;
2523 if (hdev->block_cnt > hdev->num_blocks)
2524 hdev->block_cnt = hdev->num_blocks;
2528 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2533 queue_work(hdev->workqueue, &hdev->tx_work);
2536 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2538 struct hci_ev_mode_change *ev = (void *) skb->data;
2539 struct hci_conn *conn;
2541 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2545 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2547 conn->mode = ev->mode;
2549 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2551 if (conn->mode == HCI_CM_ACTIVE)
2552 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2554 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2557 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2558 hci_sco_setup(conn, ev->status);
2561 hci_dev_unlock(hdev);
2564 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2566 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2567 struct hci_conn *conn;
2569 BT_DBG("%s", hdev->name);
2573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2577 if (conn->state == BT_CONNECTED) {
2578 hci_conn_hold(conn);
2579 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2580 hci_conn_drop(conn);
2583 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2584 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2585 sizeof(ev->bdaddr), &ev->bdaddr);
2586 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2589 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2594 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2598 hci_dev_unlock(hdev);
2601 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2603 struct hci_ev_link_key_req *ev = (void *) skb->data;
2604 struct hci_cp_link_key_reply cp;
2605 struct hci_conn *conn;
2606 struct link_key *key;
2608 BT_DBG("%s", hdev->name);
2610 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2615 key = hci_find_link_key(hdev, &ev->bdaddr);
2617 BT_DBG("%s link key not found for %pMR", hdev->name,
2622 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2625 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2626 key->type == HCI_LK_DEBUG_COMBINATION) {
2627 BT_DBG("%s ignoring debug key", hdev->name);
2631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2633 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2634 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2635 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2639 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2640 conn->pending_sec_level == BT_SECURITY_HIGH) {
2641 BT_DBG("%s ignoring key unauthenticated for high security",
2646 conn->key_type = key->type;
2647 conn->pin_length = key->pin_len;
2650 bacpy(&cp.bdaddr, &ev->bdaddr);
2651 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2653 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2655 hci_dev_unlock(hdev);
2660 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2661 hci_dev_unlock(hdev);
2664 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2666 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2667 struct hci_conn *conn;
2670 BT_DBG("%s", hdev->name);
2674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2676 hci_conn_hold(conn);
2677 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2678 pin_len = conn->pin_length;
2680 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2681 conn->key_type = ev->key_type;
2683 hci_conn_drop(conn);
2686 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2687 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2688 ev->key_type, pin_len);
2690 hci_dev_unlock(hdev);
2693 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2695 struct hci_ev_clock_offset *ev = (void *) skb->data;
2696 struct hci_conn *conn;
2698 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2703 if (conn && !ev->status) {
2704 struct inquiry_entry *ie;
2706 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2708 ie->data.clock_offset = ev->clock_offset;
2709 ie->timestamp = jiffies;
2713 hci_dev_unlock(hdev);
2716 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2718 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2719 struct hci_conn *conn;
2721 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2725 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2726 if (conn && !ev->status)
2727 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2729 hci_dev_unlock(hdev);
2732 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2734 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2735 struct inquiry_entry *ie;
2737 BT_DBG("%s", hdev->name);
2741 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2743 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2744 ie->timestamp = jiffies;
2747 hci_dev_unlock(hdev);
2750 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2751 struct sk_buff *skb)
2753 struct inquiry_data data;
2754 int num_rsp = *((__u8 *) skb->data);
2755 bool name_known, ssp;
2757 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2762 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2767 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2768 struct inquiry_info_with_rssi_and_pscan_mode *info;
2769 info = (void *) (skb->data + 1);
2771 for (; num_rsp; num_rsp--, info++) {
2772 bacpy(&data.bdaddr, &info->bdaddr);
2773 data.pscan_rep_mode = info->pscan_rep_mode;
2774 data.pscan_period_mode = info->pscan_period_mode;
2775 data.pscan_mode = info->pscan_mode;
2776 memcpy(data.dev_class, info->dev_class, 3);
2777 data.clock_offset = info->clock_offset;
2778 data.rssi = info->rssi;
2779 data.ssp_mode = 0x00;
2781 name_known = hci_inquiry_cache_update(hdev, &data,
2783 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2784 info->dev_class, info->rssi,
2785 !name_known, ssp, NULL, 0);
2788 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2790 for (; num_rsp; num_rsp--, info++) {
2791 bacpy(&data.bdaddr, &info->bdaddr);
2792 data.pscan_rep_mode = info->pscan_rep_mode;
2793 data.pscan_period_mode = info->pscan_period_mode;
2794 data.pscan_mode = 0x00;
2795 memcpy(data.dev_class, info->dev_class, 3);
2796 data.clock_offset = info->clock_offset;
2797 data.rssi = info->rssi;
2798 data.ssp_mode = 0x00;
2799 name_known = hci_inquiry_cache_update(hdev, &data,
2801 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2802 info->dev_class, info->rssi,
2803 !name_known, ssp, NULL, 0);
2807 hci_dev_unlock(hdev);
2810 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2811 struct sk_buff *skb)
2813 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2814 struct hci_conn *conn;
2816 BT_DBG("%s", hdev->name);
2820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2824 if (ev->page < HCI_MAX_PAGES)
2825 memcpy(conn->features[ev->page], ev->features, 8);
2827 if (!ev->status && ev->page == 0x01) {
2828 struct inquiry_entry *ie;
2830 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2832 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2834 if (ev->features[0] & LMP_HOST_SSP) {
2835 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2837 /* It is mandatory by the Bluetooth specification that
2838 * Extended Inquiry Results are only used when Secure
2839 * Simple Pairing is enabled, but some devices violate
2842 * To make these devices work, the internal SSP
2843 * enabled flag needs to be cleared if the remote host
2844 * features do not indicate SSP support */
2845 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2849 if (conn->state != BT_CONFIG)
2852 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2853 struct hci_cp_remote_name_req cp;
2854 memset(&cp, 0, sizeof(cp));
2855 bacpy(&cp.bdaddr, &conn->dst);
2856 cp.pscan_rep_mode = 0x02;
2857 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2858 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2859 mgmt_device_connected(hdev, &conn->dst, conn->type,
2860 conn->dst_type, 0, NULL, 0,
2863 if (!hci_outgoing_auth_needed(hdev, conn)) {
2864 conn->state = BT_CONNECTED;
2865 hci_proto_connect_cfm(conn, ev->status);
2866 hci_conn_drop(conn);
2870 hci_dev_unlock(hdev);
2873 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2874 struct sk_buff *skb)
2876 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2877 struct hci_conn *conn;
2879 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2883 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2885 if (ev->link_type == ESCO_LINK)
2888 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2892 conn->type = SCO_LINK;
2895 switch (ev->status) {
2897 conn->handle = __le16_to_cpu(ev->handle);
2898 conn->state = BT_CONNECTED;
2900 hci_conn_add_sysfs(conn);
2903 case 0x0d: /* Connection Rejected due to Limited Resources */
2904 case 0x11: /* Unsupported Feature or Parameter Value */
2905 case 0x1c: /* SCO interval rejected */
2906 case 0x1a: /* Unsupported Remote Feature */
2907 case 0x1f: /* Unspecified error */
2909 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2910 (hdev->esco_type & EDR_ESCO_MASK);
2911 if (hci_setup_sync(conn, conn->link->handle))
2917 conn->state = BT_CLOSED;
2921 hci_proto_connect_cfm(conn, ev->status);
2926 hci_dev_unlock(hdev);
2929 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2933 while (parsed < eir_len) {
2934 u8 field_len = eir[0];
2939 parsed += field_len + 1;
2940 eir += field_len + 1;
2946 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2947 struct sk_buff *skb)
2949 struct inquiry_data data;
2950 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2951 int num_rsp = *((__u8 *) skb->data);
2954 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2959 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2964 for (; num_rsp; num_rsp--, info++) {
2965 bool name_known, ssp;
2967 bacpy(&data.bdaddr, &info->bdaddr);
2968 data.pscan_rep_mode = info->pscan_rep_mode;
2969 data.pscan_period_mode = info->pscan_period_mode;
2970 data.pscan_mode = 0x00;
2971 memcpy(data.dev_class, info->dev_class, 3);
2972 data.clock_offset = info->clock_offset;
2973 data.rssi = info->rssi;
2974 data.ssp_mode = 0x01;
2976 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2977 name_known = eir_has_data_type(info->data,
2983 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2985 eir_len = eir_get_length(info->data, sizeof(info->data));
2986 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2987 info->dev_class, info->rssi, !name_known,
2988 ssp, info->data, eir_len);
2991 hci_dev_unlock(hdev);
2994 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2995 struct sk_buff *skb)
2997 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2998 struct hci_conn *conn;
3000 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3001 __le16_to_cpu(ev->handle));
3005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3010 conn->sec_level = conn->pending_sec_level;
3012 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3014 if (ev->status && conn->state == BT_CONNECTED) {
3015 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3016 hci_conn_drop(conn);
3020 if (conn->state == BT_CONFIG) {
3022 conn->state = BT_CONNECTED;
3024 hci_proto_connect_cfm(conn, ev->status);
3025 hci_conn_drop(conn);
3027 hci_auth_cfm(conn, ev->status);
3029 hci_conn_hold(conn);
3030 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3031 hci_conn_drop(conn);
3035 hci_dev_unlock(hdev);
3038 static u8 hci_get_auth_req(struct hci_conn *conn)
3040 /* If remote requests dedicated bonding follow that lead */
3041 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3042 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3043 /* If both remote and local IO capabilities allow MITM
3044 * protection then require it, otherwise don't */
3045 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3046 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3047 return HCI_AT_DEDICATED_BONDING;
3049 return HCI_AT_DEDICATED_BONDING_MITM;
3052 /* If remote requests no-bonding follow that lead */
3053 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3054 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3055 return conn->remote_auth | (conn->auth_type & 0x01);
3057 return conn->auth_type;
3060 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3062 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3063 struct hci_conn *conn;
3065 BT_DBG("%s", hdev->name);
3069 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3073 hci_conn_hold(conn);
3075 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3078 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3079 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3080 struct hci_cp_io_capability_reply cp;
3082 bacpy(&cp.bdaddr, &ev->bdaddr);
3083 /* Change the IO capability from KeyboardDisplay
3084 * to DisplayYesNo as it is not supported by BT spec. */
3085 cp.capability = (conn->io_capability == 0x04) ?
3086 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3087 conn->auth_type = hci_get_auth_req(conn);
3088 cp.authentication = conn->auth_type;
3090 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3091 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3096 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3099 struct hci_cp_io_capability_neg_reply cp;
3101 bacpy(&cp.bdaddr, &ev->bdaddr);
3102 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3104 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3109 hci_dev_unlock(hdev);
3112 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3114 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3115 struct hci_conn *conn;
3117 BT_DBG("%s", hdev->name);
3121 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3125 conn->remote_cap = ev->capability;
3126 conn->remote_auth = ev->authentication;
3128 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3131 hci_dev_unlock(hdev);
3134 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3135 struct sk_buff *skb)
3137 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3138 int loc_mitm, rem_mitm, confirm_hint = 0;
3139 struct hci_conn *conn;
3141 BT_DBG("%s", hdev->name);
3145 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3152 loc_mitm = (conn->auth_type & 0x01);
3153 rem_mitm = (conn->remote_auth & 0x01);
3155 /* If we require MITM but the remote device can't provide that
3156 * (it has NoInputNoOutput) then reject the confirmation
3157 * request. The only exception is when we're dedicated bonding
3158 * initiators (connect_cfm_cb set) since then we always have the MITM
3160 if (!conn->connect_cfm_cb && loc_mitm &&
3161 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3162 BT_DBG("Rejecting request: remote device can't provide MITM");
3163 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3164 sizeof(ev->bdaddr), &ev->bdaddr);
3168 /* If no side requires MITM protection; auto-accept */
3169 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3170 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3172 /* If we're not the initiators request authorization to
3173 * proceed from user space (mgmt_user_confirm with
3174 * confirm_hint set to 1). */
3175 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3176 BT_DBG("Confirming auto-accept as acceptor");
3181 BT_DBG("Auto-accept of user confirmation with %ums delay",
3182 hdev->auto_accept_delay);
3184 if (hdev->auto_accept_delay > 0) {
3185 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3186 queue_delayed_work(conn->hdev->workqueue,
3187 &conn->auto_accept_work, delay);
3191 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3192 sizeof(ev->bdaddr), &ev->bdaddr);
3197 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3201 hci_dev_unlock(hdev);
3204 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3205 struct sk_buff *skb)
3207 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3209 BT_DBG("%s", hdev->name);
3211 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3212 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3215 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3216 struct sk_buff *skb)
3218 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3219 struct hci_conn *conn;
3221 BT_DBG("%s", hdev->name);
3223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3227 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3228 conn->passkey_entered = 0;
3230 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3231 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3232 conn->dst_type, conn->passkey_notify,
3233 conn->passkey_entered);
3236 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3238 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3239 struct hci_conn *conn;
3241 BT_DBG("%s", hdev->name);
3243 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3248 case HCI_KEYPRESS_STARTED:
3249 conn->passkey_entered = 0;
3252 case HCI_KEYPRESS_ENTERED:
3253 conn->passkey_entered++;
3256 case HCI_KEYPRESS_ERASED:
3257 conn->passkey_entered--;
3260 case HCI_KEYPRESS_CLEARED:
3261 conn->passkey_entered = 0;
3264 case HCI_KEYPRESS_COMPLETED:
3268 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3269 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3270 conn->dst_type, conn->passkey_notify,
3271 conn->passkey_entered);
3274 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3275 struct sk_buff *skb)
3277 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3278 struct hci_conn *conn;
3280 BT_DBG("%s", hdev->name);
3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3288 /* To avoid duplicate auth_failed events to user space we check
3289 * the HCI_CONN_AUTH_PEND flag which will be set if we
3290 * initiated the authentication. A traditional auth_complete
3291 * event gets always produced as initiator and is also mapped to
3292 * the mgmt_auth_failed event */
3293 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3294 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3297 hci_conn_drop(conn);
3300 hci_dev_unlock(hdev);
3303 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3304 struct sk_buff *skb)
3306 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3307 struct inquiry_entry *ie;
3308 struct hci_conn *conn;
3310 BT_DBG("%s", hdev->name);
3314 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3316 memcpy(conn->features[1], ev->features, 8);
3318 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3320 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3322 hci_dev_unlock(hdev);
3325 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3326 struct sk_buff *skb)
3328 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3329 struct oob_data *data;
3331 BT_DBG("%s", hdev->name);
3335 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3338 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3340 struct hci_cp_remote_oob_data_reply cp;
3342 bacpy(&cp.bdaddr, &ev->bdaddr);
3343 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3344 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3346 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3349 struct hci_cp_remote_oob_data_neg_reply cp;
3351 bacpy(&cp.bdaddr, &ev->bdaddr);
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3357 hci_dev_unlock(hdev);
3360 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3361 struct sk_buff *skb)
3363 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3364 struct hci_conn *hcon, *bredr_hcon;
3366 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3371 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3373 hci_dev_unlock(hdev);
3379 hci_dev_unlock(hdev);
3383 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3385 hcon->state = BT_CONNECTED;
3386 bacpy(&hcon->dst, &bredr_hcon->dst);
3388 hci_conn_hold(hcon);
3389 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3390 hci_conn_drop(hcon);
3392 hci_conn_add_sysfs(hcon);
3394 amp_physical_cfm(bredr_hcon, hcon);
3396 hci_dev_unlock(hdev);
3399 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3401 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3402 struct hci_conn *hcon;
3403 struct hci_chan *hchan;
3404 struct amp_mgr *mgr;
3406 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3407 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3410 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3414 /* Create AMP hchan */
3415 hchan = hci_chan_create(hcon);
3419 hchan->handle = le16_to_cpu(ev->handle);
3421 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3423 mgr = hcon->amp_mgr;
3424 if (mgr && mgr->bredr_chan) {
3425 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3427 l2cap_chan_lock(bredr_chan);
3429 bredr_chan->conn->mtu = hdev->block_mtu;
3430 l2cap_logical_cfm(bredr_chan, hchan, 0);
3431 hci_conn_hold(hcon);
3433 l2cap_chan_unlock(bredr_chan);
3437 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3438 struct sk_buff *skb)
3440 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3441 struct hci_chan *hchan;
3443 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3444 le16_to_cpu(ev->handle), ev->status);
3451 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3455 amp_destroy_logical_link(hchan, ev->reason);
3458 hci_dev_unlock(hdev);
3461 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3462 struct sk_buff *skb)
3464 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3465 struct hci_conn *hcon;
3467 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3474 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3476 hcon->state = BT_CLOSED;
3480 hci_dev_unlock(hdev);
3483 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3485 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3486 struct hci_conn *conn;
3488 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3492 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3494 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3496 BT_ERR("No memory for new connection");
3500 conn->dst_type = ev->bdaddr_type;
3502 /* The advertising parameters for own address type
3503 * define which source address and source address
3504 * type this connections has.
3506 if (bacmp(&conn->src, BDADDR_ANY)) {
3507 conn->src_type = ADDR_LE_DEV_PUBLIC;
3509 bacpy(&conn->src, &hdev->static_addr);
3510 conn->src_type = ADDR_LE_DEV_RANDOM;
3513 if (ev->role == LE_CONN_ROLE_MASTER) {
3515 conn->link_mode |= HCI_LM_MASTER;
3520 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3521 conn->dst_type, ev->status);
3522 hci_proto_connect_cfm(conn, ev->status);
3523 conn->state = BT_CLOSED;
3528 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3529 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3530 conn->dst_type, 0, NULL, 0, NULL);
3532 conn->sec_level = BT_SECURITY_LOW;
3533 conn->handle = __le16_to_cpu(ev->handle);
3534 conn->state = BT_CONNECTED;
3536 hci_conn_add_sysfs(conn);
3538 hci_proto_connect_cfm(conn, ev->status);
3541 hci_dev_unlock(hdev);
3544 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3546 u8 num_reports = skb->data[0];
3547 void *ptr = &skb->data[1];
3550 while (num_reports--) {
3551 struct hci_ev_le_advertising_info *ev = ptr;
3553 rssi = ev->data[ev->length];
3554 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3555 NULL, rssi, 0, 1, ev->data, ev->length);
3557 ptr += sizeof(*ev) + ev->length + 1;
3561 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3563 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3564 struct hci_cp_le_ltk_reply cp;
3565 struct hci_cp_le_ltk_neg_reply neg;
3566 struct hci_conn *conn;
3567 struct smp_ltk *ltk;
3569 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3573 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3577 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3581 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3582 cp.handle = cpu_to_le16(conn->handle);
3584 if (ltk->authenticated)
3585 conn->pending_sec_level = BT_SECURITY_HIGH;
3587 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3589 conn->enc_key_size = ltk->enc_size;
3591 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3593 if (ltk->type & HCI_SMP_STK) {
3594 list_del(<k->list);
3598 hci_dev_unlock(hdev);
3603 neg.handle = ev->handle;
3604 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3605 hci_dev_unlock(hdev);
3608 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3610 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3612 skb_pull(skb, sizeof(*le_ev));
3614 switch (le_ev->subevent) {
3615 case HCI_EV_LE_CONN_COMPLETE:
3616 hci_le_conn_complete_evt(hdev, skb);
3619 case HCI_EV_LE_ADVERTISING_REPORT:
3620 hci_le_adv_report_evt(hdev, skb);
3623 case HCI_EV_LE_LTK_REQ:
3624 hci_le_ltk_request_evt(hdev, skb);
3632 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3634 struct hci_ev_channel_selected *ev = (void *) skb->data;
3635 struct hci_conn *hcon;
3637 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3639 skb_pull(skb, sizeof(*ev));
3641 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3645 amp_read_loc_assoc_final_data(hdev, hcon);
3648 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3650 struct hci_event_hdr *hdr = (void *) skb->data;
3651 __u8 event = hdr->evt;
3655 /* Received events are (currently) only needed when a request is
3656 * ongoing so avoid unnecessary memory allocation.
3658 if (hdev->req_status == HCI_REQ_PEND) {
3659 kfree_skb(hdev->recv_evt);
3660 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3663 hci_dev_unlock(hdev);
3665 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3667 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3668 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3669 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3671 hci_req_cmd_complete(hdev, opcode, 0);
3675 case HCI_EV_INQUIRY_COMPLETE:
3676 hci_inquiry_complete_evt(hdev, skb);
3679 case HCI_EV_INQUIRY_RESULT:
3680 hci_inquiry_result_evt(hdev, skb);
3683 case HCI_EV_CONN_COMPLETE:
3684 hci_conn_complete_evt(hdev, skb);
3687 case HCI_EV_CONN_REQUEST:
3688 hci_conn_request_evt(hdev, skb);
3691 case HCI_EV_DISCONN_COMPLETE:
3692 hci_disconn_complete_evt(hdev, skb);
3695 case HCI_EV_AUTH_COMPLETE:
3696 hci_auth_complete_evt(hdev, skb);
3699 case HCI_EV_REMOTE_NAME:
3700 hci_remote_name_evt(hdev, skb);
3703 case HCI_EV_ENCRYPT_CHANGE:
3704 hci_encrypt_change_evt(hdev, skb);
3707 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3708 hci_change_link_key_complete_evt(hdev, skb);
3711 case HCI_EV_REMOTE_FEATURES:
3712 hci_remote_features_evt(hdev, skb);
3715 case HCI_EV_CMD_COMPLETE:
3716 hci_cmd_complete_evt(hdev, skb);
3719 case HCI_EV_CMD_STATUS:
3720 hci_cmd_status_evt(hdev, skb);
3723 case HCI_EV_ROLE_CHANGE:
3724 hci_role_change_evt(hdev, skb);
3727 case HCI_EV_NUM_COMP_PKTS:
3728 hci_num_comp_pkts_evt(hdev, skb);
3731 case HCI_EV_MODE_CHANGE:
3732 hci_mode_change_evt(hdev, skb);
3735 case HCI_EV_PIN_CODE_REQ:
3736 hci_pin_code_request_evt(hdev, skb);
3739 case HCI_EV_LINK_KEY_REQ:
3740 hci_link_key_request_evt(hdev, skb);
3743 case HCI_EV_LINK_KEY_NOTIFY:
3744 hci_link_key_notify_evt(hdev, skb);
3747 case HCI_EV_CLOCK_OFFSET:
3748 hci_clock_offset_evt(hdev, skb);
3751 case HCI_EV_PKT_TYPE_CHANGE:
3752 hci_pkt_type_change_evt(hdev, skb);
3755 case HCI_EV_PSCAN_REP_MODE:
3756 hci_pscan_rep_mode_evt(hdev, skb);
3759 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3760 hci_inquiry_result_with_rssi_evt(hdev, skb);
3763 case HCI_EV_REMOTE_EXT_FEATURES:
3764 hci_remote_ext_features_evt(hdev, skb);
3767 case HCI_EV_SYNC_CONN_COMPLETE:
3768 hci_sync_conn_complete_evt(hdev, skb);
3771 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3772 hci_extended_inquiry_result_evt(hdev, skb);
3775 case HCI_EV_KEY_REFRESH_COMPLETE:
3776 hci_key_refresh_complete_evt(hdev, skb);
3779 case HCI_EV_IO_CAPA_REQUEST:
3780 hci_io_capa_request_evt(hdev, skb);
3783 case HCI_EV_IO_CAPA_REPLY:
3784 hci_io_capa_reply_evt(hdev, skb);
3787 case HCI_EV_USER_CONFIRM_REQUEST:
3788 hci_user_confirm_request_evt(hdev, skb);
3791 case HCI_EV_USER_PASSKEY_REQUEST:
3792 hci_user_passkey_request_evt(hdev, skb);
3795 case HCI_EV_USER_PASSKEY_NOTIFY:
3796 hci_user_passkey_notify_evt(hdev, skb);
3799 case HCI_EV_KEYPRESS_NOTIFY:
3800 hci_keypress_notify_evt(hdev, skb);
3803 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3804 hci_simple_pair_complete_evt(hdev, skb);
3807 case HCI_EV_REMOTE_HOST_FEATURES:
3808 hci_remote_host_features_evt(hdev, skb);
3811 case HCI_EV_LE_META:
3812 hci_le_meta_evt(hdev, skb);
3815 case HCI_EV_CHANNEL_SELECTED:
3816 hci_chan_selected_evt(hdev, skb);
3819 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3820 hci_remote_oob_data_request_evt(hdev, skb);
3823 case HCI_EV_PHY_LINK_COMPLETE:
3824 hci_phy_link_complete_evt(hdev, skb);
3827 case HCI_EV_LOGICAL_LINK_COMPLETE:
3828 hci_loglink_complete_evt(hdev, skb);
3831 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3832 hci_disconn_loglink_complete_evt(hdev, skb);
3835 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3836 hci_disconn_phylink_complete_evt(hdev, skb);
3839 case HCI_EV_NUM_COMP_BLOCKS:
3840 hci_num_comp_blocks_evt(hdev, skb);
3844 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3849 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob