2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->ssp_debug_mode = 0;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
241 __u8 status = *((__u8 *) skb->data);
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 __u8 param = *((__u8 *) sent);
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
256 clear_bit(HCI_AUTH, &hdev->flags);
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
431 hdev->num_iac = rp->num_iac;
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->features[1][0] |= LMP_HOST_SSP;
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
466 struct hci_rp_read_local_version *rp = (void *) skb->data;
468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
474 hdev->hci_ver = rp->hci_ver;
475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
476 hdev->lmp_ver = rp->lmp_ver;
477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
482 static void hci_cc_read_local_commands(struct hci_dev *hdev,
485 struct hci_rp_read_local_commands *rp = (void *) skb->data;
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
492 if (test_bit(HCI_SETUP, &hdev->dev_flags))
493 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
496 static void hci_cc_read_local_features(struct hci_dev *hdev,
499 struct hci_rp_read_local_features *rp = (void *) skb->data;
501 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
506 memcpy(hdev->features, rp->features, 8);
508 /* Adjust default settings according to features
509 * supported by device. */
511 if (hdev->features[0][0] & LMP_3SLOT)
512 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
514 if (hdev->features[0][0] & LMP_5SLOT)
515 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
517 if (hdev->features[0][1] & LMP_HV2) {
518 hdev->pkt_type |= (HCI_HV2);
519 hdev->esco_type |= (ESCO_HV2);
522 if (hdev->features[0][1] & LMP_HV3) {
523 hdev->pkt_type |= (HCI_HV3);
524 hdev->esco_type |= (ESCO_HV3);
527 if (lmp_esco_capable(hdev))
528 hdev->esco_type |= (ESCO_EV3);
530 if (hdev->features[0][4] & LMP_EV4)
531 hdev->esco_type |= (ESCO_EV4);
533 if (hdev->features[0][4] & LMP_EV5)
534 hdev->esco_type |= (ESCO_EV5);
536 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
537 hdev->esco_type |= (ESCO_2EV3);
539 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
540 hdev->esco_type |= (ESCO_3EV3);
542 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
543 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
546 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
549 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
551 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
556 if (hdev->max_page < rp->max_page)
557 hdev->max_page = rp->max_page;
559 if (rp->page < HCI_MAX_PAGES)
560 memcpy(hdev->features[rp->page], rp->features, 8);
563 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
566 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
568 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
571 hdev->flow_ctl_mode = rp->mode;
574 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
576 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
578 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
583 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
584 hdev->sco_mtu = rp->sco_mtu;
585 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
586 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
588 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
593 hdev->acl_cnt = hdev->acl_pkts;
594 hdev->sco_cnt = hdev->sco_pkts;
596 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
597 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
600 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
602 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
604 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607 bacpy(&hdev->bdaddr, &rp->bdaddr);
610 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
613 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
615 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
617 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
618 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
619 hdev->page_scan_window = __le16_to_cpu(rp->window);
623 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
626 u8 status = *((u8 *) skb->data);
627 struct hci_cp_write_page_scan_activity *sent;
629 BT_DBG("%s status 0x%2.2x", hdev->name, status);
634 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
638 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
639 hdev->page_scan_window = __le16_to_cpu(sent->window);
642 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
645 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
649 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
650 hdev->page_scan_type = rp->type;
653 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
656 u8 status = *((u8 *) skb->data);
659 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
666 hdev->page_scan_type = *type;
669 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
672 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
674 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
680 hdev->block_len = __le16_to_cpu(rp->block_len);
681 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
683 hdev->block_cnt = hdev->num_blocks;
685 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
686 hdev->block_cnt, hdev->block_len);
689 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
692 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
694 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
699 hdev->amp_status = rp->amp_status;
700 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
701 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
702 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
703 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
704 hdev->amp_type = rp->amp_type;
705 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
706 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
707 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
708 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
711 a2mp_send_getinfo_rsp(hdev);
714 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
717 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
718 struct amp_assoc *assoc = &hdev->loc_assoc;
719 size_t rem_len, frag_len;
721 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
726 frag_len = skb->len - sizeof(*rp);
727 rem_len = __le16_to_cpu(rp->rem_len);
729 if (rem_len > frag_len) {
730 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
732 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
733 assoc->offset += frag_len;
735 /* Read other fragments */
736 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
741 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
742 assoc->len = assoc->offset + rem_len;
746 /* Send A2MP Rsp when all fragments are received */
747 a2mp_send_getampassoc_rsp(hdev, rp->status);
748 a2mp_send_create_phy_link_req(hdev, rp->status);
751 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
754 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
759 hdev->inq_tx_power = rp->tx_power;
762 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
764 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
765 struct hci_cp_pin_code_reply *cp;
766 struct hci_conn *conn;
768 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
772 if (test_bit(HCI_MGMT, &hdev->dev_flags))
773 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
778 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
784 conn->pin_length = cp->pin_len;
787 hci_dev_unlock(hdev);
790 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
792 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
794 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
798 if (test_bit(HCI_MGMT, &hdev->dev_flags))
799 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
802 hci_dev_unlock(hdev);
805 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
808 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
816 hdev->le_pkts = rp->le_max_pkt;
818 hdev->le_cnt = hdev->le_pkts;
820 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
823 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
826 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
831 memcpy(hdev->le_features, rp->features, 8);
834 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
837 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 hdev->adv_tx_power = rp->tx_power;
845 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
847 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
849 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853 if (test_bit(HCI_MGMT, &hdev->dev_flags))
854 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
857 hci_dev_unlock(hdev);
860 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
863 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869 if (test_bit(HCI_MGMT, &hdev->dev_flags))
870 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
871 ACL_LINK, 0, rp->status);
873 hci_dev_unlock(hdev);
876 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
878 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
884 if (test_bit(HCI_MGMT, &hdev->dev_flags))
885 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
888 hci_dev_unlock(hdev);
891 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
894 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
896 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
900 if (test_bit(HCI_MGMT, &hdev->dev_flags))
901 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
902 ACL_LINK, 0, rp->status);
904 hci_dev_unlock(hdev);
907 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
910 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
915 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
916 rp->randomizer, rp->status);
917 hci_dev_unlock(hdev);
920 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
922 __u8 *sent, status = *((__u8 *) skb->data);
924 BT_DBG("%s status 0x%2.2x", hdev->name, status);
926 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
934 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
936 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
939 hci_dev_unlock(hdev);
942 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
945 struct hci_cp_le_set_scan_enable *cp;
946 __u8 status = *((__u8 *) skb->data);
948 BT_DBG("%s status 0x%2.2x", hdev->name, status);
950 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
957 switch (cp->enable) {
959 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
962 case LE_SCAN_DISABLE:
963 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
967 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
972 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
975 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
977 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
980 hdev->le_white_list_size = rp->size;
983 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
986 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
988 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
991 memcpy(hdev->le_states, rp->le_states, 8);
994 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
997 struct hci_cp_write_le_host_supported *sent;
998 __u8 status = *((__u8 *) skb->data);
1000 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1002 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1008 hdev->features[1][0] |= LMP_HOST_LE;
1009 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1011 hdev->features[1][0] &= ~LMP_HOST_LE;
1012 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1013 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1017 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1019 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1023 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1024 struct sk_buff *skb)
1026 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1028 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1029 hdev->name, rp->status, rp->phy_handle);
1034 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1037 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1039 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1042 hci_conn_check_pending(hdev);
1046 set_bit(HCI_INQUIRY, &hdev->flags);
1049 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1051 struct hci_cp_create_conn *cp;
1052 struct hci_conn *conn;
1054 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1056 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1064 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1067 if (conn && conn->state == BT_CONNECT) {
1068 if (status != 0x0c || conn->attempt > 2) {
1069 conn->state = BT_CLOSED;
1070 hci_proto_connect_cfm(conn, status);
1073 conn->state = BT_CONNECT2;
1077 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1080 conn->link_mode |= HCI_LM_MASTER;
1082 BT_ERR("No memory for new connection");
1086 hci_dev_unlock(hdev);
1089 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1091 struct hci_cp_add_sco *cp;
1092 struct hci_conn *acl, *sco;
1095 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1100 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1104 handle = __le16_to_cpu(cp->handle);
1106 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1110 acl = hci_conn_hash_lookup_handle(hdev, handle);
1114 sco->state = BT_CLOSED;
1116 hci_proto_connect_cfm(sco, status);
1121 hci_dev_unlock(hdev);
1124 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1126 struct hci_cp_auth_requested *cp;
1127 struct hci_conn *conn;
1129 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1140 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1142 if (conn->state == BT_CONFIG) {
1143 hci_proto_connect_cfm(conn, status);
1144 hci_conn_drop(conn);
1148 hci_dev_unlock(hdev);
1151 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1153 struct hci_cp_set_conn_encrypt *cp;
1154 struct hci_conn *conn;
1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1161 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1167 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1169 if (conn->state == BT_CONFIG) {
1170 hci_proto_connect_cfm(conn, status);
1171 hci_conn_drop(conn);
1175 hci_dev_unlock(hdev);
1178 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1179 struct hci_conn *conn)
1181 if (conn->state != BT_CONFIG || !conn->out)
1184 if (conn->pending_sec_level == BT_SECURITY_SDP)
1187 /* Only request authentication for SSP connections or non-SSP
1188 * devices with sec_level MEDIUM or HIGH or if MITM protection
1191 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1192 conn->pending_sec_level != BT_SECURITY_HIGH &&
1193 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1199 static int hci_resolve_name(struct hci_dev *hdev,
1200 struct inquiry_entry *e)
1202 struct hci_cp_remote_name_req cp;
1204 memset(&cp, 0, sizeof(cp));
1206 bacpy(&cp.bdaddr, &e->data.bdaddr);
1207 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1208 cp.pscan_mode = e->data.pscan_mode;
1209 cp.clock_offset = e->data.clock_offset;
1211 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1214 static bool hci_resolve_next_name(struct hci_dev *hdev)
1216 struct discovery_state *discov = &hdev->discovery;
1217 struct inquiry_entry *e;
1219 if (list_empty(&discov->resolve))
1222 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1226 if (hci_resolve_name(hdev, e) == 0) {
1227 e->name_state = NAME_PENDING;
1234 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1235 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1237 struct discovery_state *discov = &hdev->discovery;
1238 struct inquiry_entry *e;
1240 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1241 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1242 name_len, conn->dev_class);
1244 if (discov->state == DISCOVERY_STOPPED)
1247 if (discov->state == DISCOVERY_STOPPING)
1248 goto discov_complete;
1250 if (discov->state != DISCOVERY_RESOLVING)
1253 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1254 /* If the device was not found in a list of found devices names of which
1255 * are pending. there is no need to continue resolving a next name as it
1256 * will be done upon receiving another Remote Name Request Complete
1263 e->name_state = NAME_KNOWN;
1264 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1265 e->data.rssi, name, name_len);
1267 e->name_state = NAME_NOT_KNOWN;
1270 if (hci_resolve_next_name(hdev))
1274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1277 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1279 struct hci_cp_remote_name_req *cp;
1280 struct hci_conn *conn;
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1284 /* If successful wait for the name req complete event before
1285 * checking for the need to do authentication */
1289 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1297 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1298 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1303 if (!hci_outgoing_auth_needed(hdev, conn))
1306 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1307 struct hci_cp_auth_requested auth_cp;
1309 auth_cp.handle = __cpu_to_le16(conn->handle);
1310 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1311 sizeof(auth_cp), &auth_cp);
1315 hci_dev_unlock(hdev);
1318 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1320 struct hci_cp_read_remote_features *cp;
1321 struct hci_conn *conn;
1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1328 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1334 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1336 if (conn->state == BT_CONFIG) {
1337 hci_proto_connect_cfm(conn, status);
1338 hci_conn_drop(conn);
1342 hci_dev_unlock(hdev);
1345 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1347 struct hci_cp_read_remote_ext_features *cp;
1348 struct hci_conn *conn;
1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1355 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1363 if (conn->state == BT_CONFIG) {
1364 hci_proto_connect_cfm(conn, status);
1365 hci_conn_drop(conn);
1369 hci_dev_unlock(hdev);
1372 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1374 struct hci_cp_setup_sync_conn *cp;
1375 struct hci_conn *acl, *sco;
1378 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1383 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1387 handle = __le16_to_cpu(cp->handle);
1389 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1393 acl = hci_conn_hash_lookup_handle(hdev, handle);
1397 sco->state = BT_CLOSED;
1399 hci_proto_connect_cfm(sco, status);
1404 hci_dev_unlock(hdev);
1407 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1409 struct hci_cp_sniff_mode *cp;
1410 struct hci_conn *conn;
1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1417 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1425 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1427 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1428 hci_sco_setup(conn, status);
1431 hci_dev_unlock(hdev);
1434 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1436 struct hci_cp_exit_sniff_mode *cp;
1437 struct hci_conn *conn;
1439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1444 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1452 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1454 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1455 hci_sco_setup(conn, status);
1458 hci_dev_unlock(hdev);
1461 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1463 struct hci_cp_disconnect *cp;
1464 struct hci_conn *conn;
1469 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1475 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1477 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1478 conn->dst_type, status);
1480 hci_dev_unlock(hdev);
1483 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1485 struct hci_cp_create_phy_link *cp;
1487 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1489 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1496 struct hci_conn *hcon;
1498 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1502 amp_write_remote_assoc(hdev, cp->phy_handle);
1505 hci_dev_unlock(hdev);
1508 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1510 struct hci_cp_accept_phy_link *cp;
1512 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1517 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1521 amp_write_remote_assoc(hdev, cp->phy_handle);
1524 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1526 __u8 status = *((__u8 *) skb->data);
1527 struct discovery_state *discov = &hdev->discovery;
1528 struct inquiry_entry *e;
1530 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1532 hci_conn_check_pending(hdev);
1534 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1537 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1538 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1540 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1545 if (discov->state != DISCOVERY_FINDING)
1548 if (list_empty(&discov->resolve)) {
1549 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1553 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1554 if (e && hci_resolve_name(hdev, e) == 0) {
1555 e->name_state = NAME_PENDING;
1556 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1558 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562 hci_dev_unlock(hdev);
1565 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1567 struct inquiry_data data;
1568 struct inquiry_info *info = (void *) (skb->data + 1);
1569 int num_rsp = *((__u8 *) skb->data);
1571 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1576 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1581 for (; num_rsp; num_rsp--, info++) {
1582 bool name_known, ssp;
1584 bacpy(&data.bdaddr, &info->bdaddr);
1585 data.pscan_rep_mode = info->pscan_rep_mode;
1586 data.pscan_period_mode = info->pscan_period_mode;
1587 data.pscan_mode = info->pscan_mode;
1588 memcpy(data.dev_class, info->dev_class, 3);
1589 data.clock_offset = info->clock_offset;
1591 data.ssp_mode = 0x00;
1593 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1594 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1595 info->dev_class, 0, !name_known, ssp, NULL,
1599 hci_dev_unlock(hdev);
1602 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1604 struct hci_ev_conn_complete *ev = (void *) skb->data;
1605 struct hci_conn *conn;
1607 BT_DBG("%s", hdev->name);
1611 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1613 if (ev->link_type != SCO_LINK)
1616 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1620 conn->type = SCO_LINK;
1624 conn->handle = __le16_to_cpu(ev->handle);
1626 if (conn->type == ACL_LINK) {
1627 conn->state = BT_CONFIG;
1628 hci_conn_hold(conn);
1630 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1631 !hci_find_link_key(hdev, &ev->bdaddr))
1632 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1634 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1636 conn->state = BT_CONNECTED;
1638 hci_conn_add_sysfs(conn);
1640 if (test_bit(HCI_AUTH, &hdev->flags))
1641 conn->link_mode |= HCI_LM_AUTH;
1643 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1644 conn->link_mode |= HCI_LM_ENCRYPT;
1646 /* Get remote features */
1647 if (conn->type == ACL_LINK) {
1648 struct hci_cp_read_remote_features cp;
1649 cp.handle = ev->handle;
1650 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1654 /* Set packet type for incoming connection */
1655 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1656 struct hci_cp_change_conn_ptype cp;
1657 cp.handle = ev->handle;
1658 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1659 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1663 conn->state = BT_CLOSED;
1664 if (conn->type == ACL_LINK)
1665 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1666 conn->dst_type, ev->status);
1669 if (conn->type == ACL_LINK)
1670 hci_sco_setup(conn, ev->status);
1673 hci_proto_connect_cfm(conn, ev->status);
1675 } else if (ev->link_type != ACL_LINK)
1676 hci_proto_connect_cfm(conn, ev->status);
1679 hci_dev_unlock(hdev);
1681 hci_conn_check_pending(hdev);
1684 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686 struct hci_ev_conn_request *ev = (void *) skb->data;
1687 int mask = hdev->link_mode;
1690 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1693 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1696 if ((mask & HCI_LM_ACCEPT) &&
1697 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1698 /* Connection accepted */
1699 struct inquiry_entry *ie;
1700 struct hci_conn *conn;
1704 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1706 memcpy(ie->data.dev_class, ev->dev_class, 3);
1708 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1711 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1713 BT_ERR("No memory for new connection");
1714 hci_dev_unlock(hdev);
1719 memcpy(conn->dev_class, ev->dev_class, 3);
1721 hci_dev_unlock(hdev);
1723 if (ev->link_type == ACL_LINK ||
1724 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1725 struct hci_cp_accept_conn_req cp;
1726 conn->state = BT_CONNECT;
1728 bacpy(&cp.bdaddr, &ev->bdaddr);
1730 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1731 cp.role = 0x00; /* Become master */
1733 cp.role = 0x01; /* Remain slave */
1735 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1737 } else if (!(flags & HCI_PROTO_DEFER)) {
1738 struct hci_cp_accept_sync_conn_req cp;
1739 conn->state = BT_CONNECT;
1741 bacpy(&cp.bdaddr, &ev->bdaddr);
1742 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1744 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1745 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1746 cp.max_latency = __constant_cpu_to_le16(0xffff);
1747 cp.content_format = cpu_to_le16(hdev->voice_setting);
1748 cp.retrans_effort = 0xff;
1750 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1753 conn->state = BT_CONNECT2;
1754 hci_proto_connect_cfm(conn, 0);
1757 /* Connection rejected */
1758 struct hci_cp_reject_conn_req cp;
1760 bacpy(&cp.bdaddr, &ev->bdaddr);
1761 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1762 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1766 static u8 hci_to_mgmt_reason(u8 err)
1769 case HCI_ERROR_CONNECTION_TIMEOUT:
1770 return MGMT_DEV_DISCONN_TIMEOUT;
1771 case HCI_ERROR_REMOTE_USER_TERM:
1772 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1773 case HCI_ERROR_REMOTE_POWER_OFF:
1774 return MGMT_DEV_DISCONN_REMOTE;
1775 case HCI_ERROR_LOCAL_HOST_TERM:
1776 return MGMT_DEV_DISCONN_LOCAL_HOST;
1778 return MGMT_DEV_DISCONN_UNKNOWN;
1782 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1784 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1785 u8 reason = hci_to_mgmt_reason(ev->reason);
1786 struct hci_conn *conn;
1789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1793 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1798 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1799 conn->dst_type, ev->status);
1803 conn->state = BT_CLOSED;
1805 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1806 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1807 conn->dst_type, reason);
1809 if (conn->type == ACL_LINK && conn->flush_key)
1810 hci_remove_link_key(hdev, &conn->dst);
1814 hci_proto_disconn_cfm(conn, ev->reason);
1817 /* Re-enable advertising if necessary, since it might
1818 * have been disabled by the connection. From the
1819 * HCI_LE_Set_Advertise_Enable command description in
1820 * the core specification (v4.0):
1821 * "The Controller shall continue advertising until the Host
1822 * issues an LE_Set_Advertise_Enable command with
1823 * Advertising_Enable set to 0x00 (Advertising is disabled)
1824 * or until a connection is created or until the Advertising
1825 * is timed out due to Directed Advertising."
1827 if (type == LE_LINK)
1828 mgmt_reenable_advertising(hdev);
1831 hci_dev_unlock(hdev);
1834 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1836 struct hci_ev_auth_complete *ev = (void *) skb->data;
1837 struct hci_conn *conn;
1839 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1843 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1848 if (!hci_conn_ssp_enabled(conn) &&
1849 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1850 BT_INFO("re-auth of legacy device is not possible.");
1852 conn->link_mode |= HCI_LM_AUTH;
1853 conn->sec_level = conn->pending_sec_level;
1856 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1860 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1861 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1863 if (conn->state == BT_CONFIG) {
1864 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1865 struct hci_cp_set_conn_encrypt cp;
1866 cp.handle = ev->handle;
1868 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1871 conn->state = BT_CONNECTED;
1872 hci_proto_connect_cfm(conn, ev->status);
1873 hci_conn_drop(conn);
1876 hci_auth_cfm(conn, ev->status);
1878 hci_conn_hold(conn);
1879 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1880 hci_conn_drop(conn);
1883 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1885 struct hci_cp_set_conn_encrypt cp;
1886 cp.handle = ev->handle;
1888 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1891 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1892 hci_encrypt_cfm(conn, ev->status, 0x00);
1897 hci_dev_unlock(hdev);
1900 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1902 struct hci_ev_remote_name *ev = (void *) skb->data;
1903 struct hci_conn *conn;
1905 BT_DBG("%s", hdev->name);
1907 hci_conn_check_pending(hdev);
1911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1913 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1916 if (ev->status == 0)
1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1918 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1920 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1926 if (!hci_outgoing_auth_needed(hdev, conn))
1929 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1930 struct hci_cp_auth_requested cp;
1931 cp.handle = __cpu_to_le16(conn->handle);
1932 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1936 hci_dev_unlock(hdev);
1939 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1941 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1942 struct hci_conn *conn;
1944 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1948 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1952 /* Encryption implies authentication */
1953 conn->link_mode |= HCI_LM_AUTH;
1954 conn->link_mode |= HCI_LM_ENCRYPT;
1955 conn->sec_level = conn->pending_sec_level;
1957 conn->link_mode &= ~HCI_LM_ENCRYPT;
1960 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1962 if (ev->status && conn->state == BT_CONNECTED) {
1963 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1964 hci_conn_drop(conn);
1968 if (conn->state == BT_CONFIG) {
1970 conn->state = BT_CONNECTED;
1972 hci_proto_connect_cfm(conn, ev->status);
1973 hci_conn_drop(conn);
1975 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1979 hci_dev_unlock(hdev);
1982 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1983 struct sk_buff *skb)
1985 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1986 struct hci_conn *conn;
1988 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1992 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1995 conn->link_mode |= HCI_LM_SECURE;
1997 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1999 hci_key_change_cfm(conn, ev->status);
2002 hci_dev_unlock(hdev);
2005 static void hci_remote_features_evt(struct hci_dev *hdev,
2006 struct sk_buff *skb)
2008 struct hci_ev_remote_features *ev = (void *) skb->data;
2009 struct hci_conn *conn;
2011 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2015 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2020 memcpy(conn->features[0], ev->features, 8);
2022 if (conn->state != BT_CONFIG)
2025 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2026 struct hci_cp_read_remote_ext_features cp;
2027 cp.handle = ev->handle;
2029 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2034 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2035 struct hci_cp_remote_name_req cp;
2036 memset(&cp, 0, sizeof(cp));
2037 bacpy(&cp.bdaddr, &conn->dst);
2038 cp.pscan_rep_mode = 0x02;
2039 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2040 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2041 mgmt_device_connected(hdev, &conn->dst, conn->type,
2042 conn->dst_type, 0, NULL, 0,
2045 if (!hci_outgoing_auth_needed(hdev, conn)) {
2046 conn->state = BT_CONNECTED;
2047 hci_proto_connect_cfm(conn, ev->status);
2048 hci_conn_drop(conn);
2052 hci_dev_unlock(hdev);
2055 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2058 u8 status = skb->data[sizeof(*ev)];
2061 skb_pull(skb, sizeof(*ev));
2063 opcode = __le16_to_cpu(ev->opcode);
2066 case HCI_OP_INQUIRY_CANCEL:
2067 hci_cc_inquiry_cancel(hdev, skb);
2070 case HCI_OP_PERIODIC_INQ:
2071 hci_cc_periodic_inq(hdev, skb);
2074 case HCI_OP_EXIT_PERIODIC_INQ:
2075 hci_cc_exit_periodic_inq(hdev, skb);
2078 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2079 hci_cc_remote_name_req_cancel(hdev, skb);
2082 case HCI_OP_ROLE_DISCOVERY:
2083 hci_cc_role_discovery(hdev, skb);
2086 case HCI_OP_READ_LINK_POLICY:
2087 hci_cc_read_link_policy(hdev, skb);
2090 case HCI_OP_WRITE_LINK_POLICY:
2091 hci_cc_write_link_policy(hdev, skb);
2094 case HCI_OP_READ_DEF_LINK_POLICY:
2095 hci_cc_read_def_link_policy(hdev, skb);
2098 case HCI_OP_WRITE_DEF_LINK_POLICY:
2099 hci_cc_write_def_link_policy(hdev, skb);
2103 hci_cc_reset(hdev, skb);
2106 case HCI_OP_WRITE_LOCAL_NAME:
2107 hci_cc_write_local_name(hdev, skb);
2110 case HCI_OP_READ_LOCAL_NAME:
2111 hci_cc_read_local_name(hdev, skb);
2114 case HCI_OP_WRITE_AUTH_ENABLE:
2115 hci_cc_write_auth_enable(hdev, skb);
2118 case HCI_OP_WRITE_ENCRYPT_MODE:
2119 hci_cc_write_encrypt_mode(hdev, skb);
2122 case HCI_OP_WRITE_SCAN_ENABLE:
2123 hci_cc_write_scan_enable(hdev, skb);
2126 case HCI_OP_READ_CLASS_OF_DEV:
2127 hci_cc_read_class_of_dev(hdev, skb);
2130 case HCI_OP_WRITE_CLASS_OF_DEV:
2131 hci_cc_write_class_of_dev(hdev, skb);
2134 case HCI_OP_READ_VOICE_SETTING:
2135 hci_cc_read_voice_setting(hdev, skb);
2138 case HCI_OP_WRITE_VOICE_SETTING:
2139 hci_cc_write_voice_setting(hdev, skb);
2142 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2143 hci_cc_read_num_supported_iac(hdev, skb);
2146 case HCI_OP_WRITE_SSP_MODE:
2147 hci_cc_write_ssp_mode(hdev, skb);
2150 case HCI_OP_READ_LOCAL_VERSION:
2151 hci_cc_read_local_version(hdev, skb);
2154 case HCI_OP_READ_LOCAL_COMMANDS:
2155 hci_cc_read_local_commands(hdev, skb);
2158 case HCI_OP_READ_LOCAL_FEATURES:
2159 hci_cc_read_local_features(hdev, skb);
2162 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2163 hci_cc_read_local_ext_features(hdev, skb);
2166 case HCI_OP_READ_BUFFER_SIZE:
2167 hci_cc_read_buffer_size(hdev, skb);
2170 case HCI_OP_READ_BD_ADDR:
2171 hci_cc_read_bd_addr(hdev, skb);
2174 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2175 hci_cc_read_page_scan_activity(hdev, skb);
2178 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2179 hci_cc_write_page_scan_activity(hdev, skb);
2182 case HCI_OP_READ_PAGE_SCAN_TYPE:
2183 hci_cc_read_page_scan_type(hdev, skb);
2186 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2187 hci_cc_write_page_scan_type(hdev, skb);
2190 case HCI_OP_READ_DATA_BLOCK_SIZE:
2191 hci_cc_read_data_block_size(hdev, skb);
2194 case HCI_OP_READ_FLOW_CONTROL_MODE:
2195 hci_cc_read_flow_control_mode(hdev, skb);
2198 case HCI_OP_READ_LOCAL_AMP_INFO:
2199 hci_cc_read_local_amp_info(hdev, skb);
2202 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2203 hci_cc_read_local_amp_assoc(hdev, skb);
2206 case HCI_OP_READ_INQ_RSP_TX_POWER:
2207 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2210 case HCI_OP_PIN_CODE_REPLY:
2211 hci_cc_pin_code_reply(hdev, skb);
2214 case HCI_OP_PIN_CODE_NEG_REPLY:
2215 hci_cc_pin_code_neg_reply(hdev, skb);
2218 case HCI_OP_READ_LOCAL_OOB_DATA:
2219 hci_cc_read_local_oob_data_reply(hdev, skb);
2222 case HCI_OP_LE_READ_BUFFER_SIZE:
2223 hci_cc_le_read_buffer_size(hdev, skb);
2226 case HCI_OP_LE_READ_LOCAL_FEATURES:
2227 hci_cc_le_read_local_features(hdev, skb);
2230 case HCI_OP_LE_READ_ADV_TX_POWER:
2231 hci_cc_le_read_adv_tx_power(hdev, skb);
2234 case HCI_OP_USER_CONFIRM_REPLY:
2235 hci_cc_user_confirm_reply(hdev, skb);
2238 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2239 hci_cc_user_confirm_neg_reply(hdev, skb);
2242 case HCI_OP_USER_PASSKEY_REPLY:
2243 hci_cc_user_passkey_reply(hdev, skb);
2246 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2247 hci_cc_user_passkey_neg_reply(hdev, skb);
2250 case HCI_OP_LE_SET_ADV_ENABLE:
2251 hci_cc_le_set_adv_enable(hdev, skb);
2254 case HCI_OP_LE_SET_SCAN_ENABLE:
2255 hci_cc_le_set_scan_enable(hdev, skb);
2258 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2259 hci_cc_le_read_white_list_size(hdev, skb);
2262 case HCI_OP_LE_READ_SUPPORTED_STATES:
2263 hci_cc_le_read_supported_states(hdev, skb);
2266 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2267 hci_cc_write_le_host_supported(hdev, skb);
2270 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2271 hci_cc_write_remote_amp_assoc(hdev, skb);
2275 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2279 if (opcode != HCI_OP_NOP)
2280 del_timer(&hdev->cmd_timer);
2282 hci_req_cmd_complete(hdev, opcode, status);
2284 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2285 atomic_set(&hdev->cmd_cnt, 1);
2286 if (!skb_queue_empty(&hdev->cmd_q))
2287 queue_work(hdev->workqueue, &hdev->cmd_work);
2291 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2293 struct hci_ev_cmd_status *ev = (void *) skb->data;
2296 skb_pull(skb, sizeof(*ev));
2298 opcode = __le16_to_cpu(ev->opcode);
2301 case HCI_OP_INQUIRY:
2302 hci_cs_inquiry(hdev, ev->status);
2305 case HCI_OP_CREATE_CONN:
2306 hci_cs_create_conn(hdev, ev->status);
2309 case HCI_OP_ADD_SCO:
2310 hci_cs_add_sco(hdev, ev->status);
2313 case HCI_OP_AUTH_REQUESTED:
2314 hci_cs_auth_requested(hdev, ev->status);
2317 case HCI_OP_SET_CONN_ENCRYPT:
2318 hci_cs_set_conn_encrypt(hdev, ev->status);
2321 case HCI_OP_REMOTE_NAME_REQ:
2322 hci_cs_remote_name_req(hdev, ev->status);
2325 case HCI_OP_READ_REMOTE_FEATURES:
2326 hci_cs_read_remote_features(hdev, ev->status);
2329 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2330 hci_cs_read_remote_ext_features(hdev, ev->status);
2333 case HCI_OP_SETUP_SYNC_CONN:
2334 hci_cs_setup_sync_conn(hdev, ev->status);
2337 case HCI_OP_SNIFF_MODE:
2338 hci_cs_sniff_mode(hdev, ev->status);
2341 case HCI_OP_EXIT_SNIFF_MODE:
2342 hci_cs_exit_sniff_mode(hdev, ev->status);
2345 case HCI_OP_DISCONNECT:
2346 hci_cs_disconnect(hdev, ev->status);
2349 case HCI_OP_CREATE_PHY_LINK:
2350 hci_cs_create_phylink(hdev, ev->status);
2353 case HCI_OP_ACCEPT_PHY_LINK:
2354 hci_cs_accept_phylink(hdev, ev->status);
2358 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2362 if (opcode != HCI_OP_NOP)
2363 del_timer(&hdev->cmd_timer);
2366 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2367 hci_req_cmd_complete(hdev, opcode, ev->status);
2369 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2370 atomic_set(&hdev->cmd_cnt, 1);
2371 if (!skb_queue_empty(&hdev->cmd_q))
2372 queue_work(hdev->workqueue, &hdev->cmd_work);
2376 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2378 struct hci_ev_role_change *ev = (void *) skb->data;
2379 struct hci_conn *conn;
2381 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2385 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2389 conn->link_mode &= ~HCI_LM_MASTER;
2391 conn->link_mode |= HCI_LM_MASTER;
2394 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2396 hci_role_switch_cfm(conn, ev->status, ev->role);
2399 hci_dev_unlock(hdev);
2402 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2404 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2407 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2408 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2412 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2413 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2414 BT_DBG("%s bad parameters", hdev->name);
2418 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2420 for (i = 0; i < ev->num_hndl; i++) {
2421 struct hci_comp_pkts_info *info = &ev->handles[i];
2422 struct hci_conn *conn;
2423 __u16 handle, count;
2425 handle = __le16_to_cpu(info->handle);
2426 count = __le16_to_cpu(info->count);
2428 conn = hci_conn_hash_lookup_handle(hdev, handle);
2432 conn->sent -= count;
2434 switch (conn->type) {
2436 hdev->acl_cnt += count;
2437 if (hdev->acl_cnt > hdev->acl_pkts)
2438 hdev->acl_cnt = hdev->acl_pkts;
2442 if (hdev->le_pkts) {
2443 hdev->le_cnt += count;
2444 if (hdev->le_cnt > hdev->le_pkts)
2445 hdev->le_cnt = hdev->le_pkts;
2447 hdev->acl_cnt += count;
2448 if (hdev->acl_cnt > hdev->acl_pkts)
2449 hdev->acl_cnt = hdev->acl_pkts;
2454 hdev->sco_cnt += count;
2455 if (hdev->sco_cnt > hdev->sco_pkts)
2456 hdev->sco_cnt = hdev->sco_pkts;
2460 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2465 queue_work(hdev->workqueue, &hdev->tx_work);
2468 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2471 struct hci_chan *chan;
2473 switch (hdev->dev_type) {
2475 return hci_conn_hash_lookup_handle(hdev, handle);
2477 chan = hci_chan_lookup_handle(hdev, handle);
2482 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2489 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2491 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2494 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2495 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2499 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2500 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2501 BT_DBG("%s bad parameters", hdev->name);
2505 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2508 for (i = 0; i < ev->num_hndl; i++) {
2509 struct hci_comp_blocks_info *info = &ev->handles[i];
2510 struct hci_conn *conn = NULL;
2511 __u16 handle, block_count;
2513 handle = __le16_to_cpu(info->handle);
2514 block_count = __le16_to_cpu(info->blocks);
2516 conn = __hci_conn_lookup_handle(hdev, handle);
2520 conn->sent -= block_count;
2522 switch (conn->type) {
2525 hdev->block_cnt += block_count;
2526 if (hdev->block_cnt > hdev->num_blocks)
2527 hdev->block_cnt = hdev->num_blocks;
2531 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2536 queue_work(hdev->workqueue, &hdev->tx_work);
2539 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2541 struct hci_ev_mode_change *ev = (void *) skb->data;
2542 struct hci_conn *conn;
2544 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2550 conn->mode = ev->mode;
2552 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2554 if (conn->mode == HCI_CM_ACTIVE)
2555 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2557 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2560 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2561 hci_sco_setup(conn, ev->status);
2564 hci_dev_unlock(hdev);
2567 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2569 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2570 struct hci_conn *conn;
2572 BT_DBG("%s", hdev->name);
2576 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2580 if (conn->state == BT_CONNECTED) {
2581 hci_conn_hold(conn);
2582 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2583 hci_conn_drop(conn);
2586 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2587 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2588 sizeof(ev->bdaddr), &ev->bdaddr);
2589 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2592 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2597 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2601 hci_dev_unlock(hdev);
2604 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2606 struct hci_ev_link_key_req *ev = (void *) skb->data;
2607 struct hci_cp_link_key_reply cp;
2608 struct hci_conn *conn;
2609 struct link_key *key;
2611 BT_DBG("%s", hdev->name);
2613 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2618 key = hci_find_link_key(hdev, &ev->bdaddr);
2620 BT_DBG("%s link key not found for %pMR", hdev->name,
2625 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2628 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2629 key->type == HCI_LK_DEBUG_COMBINATION) {
2630 BT_DBG("%s ignoring debug key", hdev->name);
2634 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2636 if (key->type == HCI_LK_UNAUTH_COMBINATION_P192 &&
2637 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2638 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2642 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2643 conn->pending_sec_level == BT_SECURITY_HIGH) {
2644 BT_DBG("%s ignoring key unauthenticated for high security",
2649 conn->key_type = key->type;
2650 conn->pin_length = key->pin_len;
2653 bacpy(&cp.bdaddr, &ev->bdaddr);
2654 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2656 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2658 hci_dev_unlock(hdev);
2663 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2664 hci_dev_unlock(hdev);
2667 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2669 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2670 struct hci_conn *conn;
2673 BT_DBG("%s", hdev->name);
2677 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2679 hci_conn_hold(conn);
2680 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2681 pin_len = conn->pin_length;
2683 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2684 conn->key_type = ev->key_type;
2686 hci_conn_drop(conn);
2689 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2690 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2691 ev->key_type, pin_len);
2693 hci_dev_unlock(hdev);
2696 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2698 struct hci_ev_clock_offset *ev = (void *) skb->data;
2699 struct hci_conn *conn;
2701 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2705 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2706 if (conn && !ev->status) {
2707 struct inquiry_entry *ie;
2709 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2711 ie->data.clock_offset = ev->clock_offset;
2712 ie->timestamp = jiffies;
2716 hci_dev_unlock(hdev);
2719 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2722 struct hci_conn *conn;
2724 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2729 if (conn && !ev->status)
2730 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2732 hci_dev_unlock(hdev);
2735 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2738 struct inquiry_entry *ie;
2740 BT_DBG("%s", hdev->name);
2744 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2746 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2747 ie->timestamp = jiffies;
2750 hci_dev_unlock(hdev);
2753 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2754 struct sk_buff *skb)
2756 struct inquiry_data data;
2757 int num_rsp = *((__u8 *) skb->data);
2758 bool name_known, ssp;
2760 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2765 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2770 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2771 struct inquiry_info_with_rssi_and_pscan_mode *info;
2772 info = (void *) (skb->data + 1);
2774 for (; num_rsp; num_rsp--, info++) {
2775 bacpy(&data.bdaddr, &info->bdaddr);
2776 data.pscan_rep_mode = info->pscan_rep_mode;
2777 data.pscan_period_mode = info->pscan_period_mode;
2778 data.pscan_mode = info->pscan_mode;
2779 memcpy(data.dev_class, info->dev_class, 3);
2780 data.clock_offset = info->clock_offset;
2781 data.rssi = info->rssi;
2782 data.ssp_mode = 0x00;
2784 name_known = hci_inquiry_cache_update(hdev, &data,
2786 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2787 info->dev_class, info->rssi,
2788 !name_known, ssp, NULL, 0);
2791 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2793 for (; num_rsp; num_rsp--, info++) {
2794 bacpy(&data.bdaddr, &info->bdaddr);
2795 data.pscan_rep_mode = info->pscan_rep_mode;
2796 data.pscan_period_mode = info->pscan_period_mode;
2797 data.pscan_mode = 0x00;
2798 memcpy(data.dev_class, info->dev_class, 3);
2799 data.clock_offset = info->clock_offset;
2800 data.rssi = info->rssi;
2801 data.ssp_mode = 0x00;
2802 name_known = hci_inquiry_cache_update(hdev, &data,
2804 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2805 info->dev_class, info->rssi,
2806 !name_known, ssp, NULL, 0);
2810 hci_dev_unlock(hdev);
2813 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2814 struct sk_buff *skb)
2816 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2817 struct hci_conn *conn;
2819 BT_DBG("%s", hdev->name);
2823 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2827 if (ev->page < HCI_MAX_PAGES)
2828 memcpy(conn->features[ev->page], ev->features, 8);
2830 if (!ev->status && ev->page == 0x01) {
2831 struct inquiry_entry *ie;
2833 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2835 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2837 if (ev->features[0] & LMP_HOST_SSP) {
2838 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2840 /* It is mandatory by the Bluetooth specification that
2841 * Extended Inquiry Results are only used when Secure
2842 * Simple Pairing is enabled, but some devices violate
2845 * To make these devices work, the internal SSP
2846 * enabled flag needs to be cleared if the remote host
2847 * features do not indicate SSP support */
2848 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2852 if (conn->state != BT_CONFIG)
2855 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2856 struct hci_cp_remote_name_req cp;
2857 memset(&cp, 0, sizeof(cp));
2858 bacpy(&cp.bdaddr, &conn->dst);
2859 cp.pscan_rep_mode = 0x02;
2860 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2861 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2862 mgmt_device_connected(hdev, &conn->dst, conn->type,
2863 conn->dst_type, 0, NULL, 0,
2866 if (!hci_outgoing_auth_needed(hdev, conn)) {
2867 conn->state = BT_CONNECTED;
2868 hci_proto_connect_cfm(conn, ev->status);
2869 hci_conn_drop(conn);
2873 hci_dev_unlock(hdev);
2876 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2877 struct sk_buff *skb)
2879 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2880 struct hci_conn *conn;
2882 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2886 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2888 if (ev->link_type == ESCO_LINK)
2891 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2895 conn->type = SCO_LINK;
2898 switch (ev->status) {
2900 conn->handle = __le16_to_cpu(ev->handle);
2901 conn->state = BT_CONNECTED;
2903 hci_conn_add_sysfs(conn);
2906 case 0x0d: /* Connection Rejected due to Limited Resources */
2907 case 0x11: /* Unsupported Feature or Parameter Value */
2908 case 0x1c: /* SCO interval rejected */
2909 case 0x1a: /* Unsupported Remote Feature */
2910 case 0x1f: /* Unspecified error */
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK);
2914 if (hci_setup_sync(conn, conn->link->handle))
2920 conn->state = BT_CLOSED;
2924 hci_proto_connect_cfm(conn, ev->status);
2929 hci_dev_unlock(hdev);
2932 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2936 while (parsed < eir_len) {
2937 u8 field_len = eir[0];
2942 parsed += field_len + 1;
2943 eir += field_len + 1;
2949 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2950 struct sk_buff *skb)
2952 struct inquiry_data data;
2953 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2954 int num_rsp = *((__u8 *) skb->data);
2957 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2962 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2967 for (; num_rsp; num_rsp--, info++) {
2968 bool name_known, ssp;
2970 bacpy(&data.bdaddr, &info->bdaddr);
2971 data.pscan_rep_mode = info->pscan_rep_mode;
2972 data.pscan_period_mode = info->pscan_period_mode;
2973 data.pscan_mode = 0x00;
2974 memcpy(data.dev_class, info->dev_class, 3);
2975 data.clock_offset = info->clock_offset;
2976 data.rssi = info->rssi;
2977 data.ssp_mode = 0x01;
2979 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2980 name_known = eir_has_data_type(info->data,
2986 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2988 eir_len = eir_get_length(info->data, sizeof(info->data));
2989 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2990 info->dev_class, info->rssi, !name_known,
2991 ssp, info->data, eir_len);
2994 hci_dev_unlock(hdev);
2997 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2998 struct sk_buff *skb)
3000 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3001 struct hci_conn *conn;
3003 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3004 __le16_to_cpu(ev->handle));
3008 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3013 conn->sec_level = conn->pending_sec_level;
3015 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3017 if (ev->status && conn->state == BT_CONNECTED) {
3018 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3019 hci_conn_drop(conn);
3023 if (conn->state == BT_CONFIG) {
3025 conn->state = BT_CONNECTED;
3027 hci_proto_connect_cfm(conn, ev->status);
3028 hci_conn_drop(conn);
3030 hci_auth_cfm(conn, ev->status);
3032 hci_conn_hold(conn);
3033 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3034 hci_conn_drop(conn);
3038 hci_dev_unlock(hdev);
3041 static u8 hci_get_auth_req(struct hci_conn *conn)
3043 /* If remote requests dedicated bonding follow that lead */
3044 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3045 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3046 /* If both remote and local IO capabilities allow MITM
3047 * protection then require it, otherwise don't */
3048 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3049 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3050 return HCI_AT_DEDICATED_BONDING;
3052 return HCI_AT_DEDICATED_BONDING_MITM;
3055 /* If remote requests no-bonding follow that lead */
3056 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3057 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3058 return conn->remote_auth | (conn->auth_type & 0x01);
3060 return conn->auth_type;
3063 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3065 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3066 struct hci_conn *conn;
3068 BT_DBG("%s", hdev->name);
3072 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3076 hci_conn_hold(conn);
3078 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3081 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3082 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3083 struct hci_cp_io_capability_reply cp;
3085 bacpy(&cp.bdaddr, &ev->bdaddr);
3086 /* Change the IO capability from KeyboardDisplay
3087 * to DisplayYesNo as it is not supported by BT spec. */
3088 cp.capability = (conn->io_capability == 0x04) ?
3089 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3090 conn->auth_type = hci_get_auth_req(conn);
3091 cp.authentication = conn->auth_type;
3093 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3094 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3099 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3102 struct hci_cp_io_capability_neg_reply cp;
3104 bacpy(&cp.bdaddr, &ev->bdaddr);
3105 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3107 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3112 hci_dev_unlock(hdev);
3115 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3117 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3118 struct hci_conn *conn;
3120 BT_DBG("%s", hdev->name);
3124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3128 conn->remote_cap = ev->capability;
3129 conn->remote_auth = ev->authentication;
3131 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3134 hci_dev_unlock(hdev);
3137 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3138 struct sk_buff *skb)
3140 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3141 int loc_mitm, rem_mitm, confirm_hint = 0;
3142 struct hci_conn *conn;
3144 BT_DBG("%s", hdev->name);
3148 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3151 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3155 loc_mitm = (conn->auth_type & 0x01);
3156 rem_mitm = (conn->remote_auth & 0x01);
3158 /* If we require MITM but the remote device can't provide that
3159 * (it has NoInputNoOutput) then reject the confirmation
3160 * request. The only exception is when we're dedicated bonding
3161 * initiators (connect_cfm_cb set) since then we always have the MITM
3163 if (!conn->connect_cfm_cb && loc_mitm &&
3164 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3165 BT_DBG("Rejecting request: remote device can't provide MITM");
3166 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3167 sizeof(ev->bdaddr), &ev->bdaddr);
3171 /* If no side requires MITM protection; auto-accept */
3172 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3173 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3175 /* If we're not the initiators request authorization to
3176 * proceed from user space (mgmt_user_confirm with
3177 * confirm_hint set to 1). */
3178 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3179 BT_DBG("Confirming auto-accept as acceptor");
3184 BT_DBG("Auto-accept of user confirmation with %ums delay",
3185 hdev->auto_accept_delay);
3187 if (hdev->auto_accept_delay > 0) {
3188 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3189 queue_delayed_work(conn->hdev->workqueue,
3190 &conn->auto_accept_work, delay);
3194 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3195 sizeof(ev->bdaddr), &ev->bdaddr);
3200 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3204 hci_dev_unlock(hdev);
3207 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3208 struct sk_buff *skb)
3210 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3212 BT_DBG("%s", hdev->name);
3214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3215 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3218 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3219 struct sk_buff *skb)
3221 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3222 struct hci_conn *conn;
3224 BT_DBG("%s", hdev->name);
3226 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3230 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3231 conn->passkey_entered = 0;
3233 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3234 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3235 conn->dst_type, conn->passkey_notify,
3236 conn->passkey_entered);
3239 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3241 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3242 struct hci_conn *conn;
3244 BT_DBG("%s", hdev->name);
3246 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3251 case HCI_KEYPRESS_STARTED:
3252 conn->passkey_entered = 0;
3255 case HCI_KEYPRESS_ENTERED:
3256 conn->passkey_entered++;
3259 case HCI_KEYPRESS_ERASED:
3260 conn->passkey_entered--;
3263 case HCI_KEYPRESS_CLEARED:
3264 conn->passkey_entered = 0;
3267 case HCI_KEYPRESS_COMPLETED:
3271 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3272 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3273 conn->dst_type, conn->passkey_notify,
3274 conn->passkey_entered);
3277 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3278 struct sk_buff *skb)
3280 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3281 struct hci_conn *conn;
3283 BT_DBG("%s", hdev->name);
3287 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3291 /* To avoid duplicate auth_failed events to user space we check
3292 * the HCI_CONN_AUTH_PEND flag which will be set if we
3293 * initiated the authentication. A traditional auth_complete
3294 * event gets always produced as initiator and is also mapped to
3295 * the mgmt_auth_failed event */
3296 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3297 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3300 hci_conn_drop(conn);
3303 hci_dev_unlock(hdev);
3306 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3307 struct sk_buff *skb)
3309 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3310 struct inquiry_entry *ie;
3311 struct hci_conn *conn;
3313 BT_DBG("%s", hdev->name);
3317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3319 memcpy(conn->features[1], ev->features, 8);
3321 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3323 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3325 hci_dev_unlock(hdev);
3328 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3329 struct sk_buff *skb)
3331 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3332 struct oob_data *data;
3334 BT_DBG("%s", hdev->name);
3338 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3341 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3343 struct hci_cp_remote_oob_data_reply cp;
3345 bacpy(&cp.bdaddr, &ev->bdaddr);
3346 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3347 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3349 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3352 struct hci_cp_remote_oob_data_neg_reply cp;
3354 bacpy(&cp.bdaddr, &ev->bdaddr);
3355 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3360 hci_dev_unlock(hdev);
3363 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3364 struct sk_buff *skb)
3366 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3367 struct hci_conn *hcon, *bredr_hcon;
3369 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3374 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3376 hci_dev_unlock(hdev);
3382 hci_dev_unlock(hdev);
3386 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3388 hcon->state = BT_CONNECTED;
3389 bacpy(&hcon->dst, &bredr_hcon->dst);
3391 hci_conn_hold(hcon);
3392 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3393 hci_conn_drop(hcon);
3395 hci_conn_add_sysfs(hcon);
3397 amp_physical_cfm(bredr_hcon, hcon);
3399 hci_dev_unlock(hdev);
3402 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3404 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3405 struct hci_conn *hcon;
3406 struct hci_chan *hchan;
3407 struct amp_mgr *mgr;
3409 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3410 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3413 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3417 /* Create AMP hchan */
3418 hchan = hci_chan_create(hcon);
3422 hchan->handle = le16_to_cpu(ev->handle);
3424 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3426 mgr = hcon->amp_mgr;
3427 if (mgr && mgr->bredr_chan) {
3428 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3430 l2cap_chan_lock(bredr_chan);
3432 bredr_chan->conn->mtu = hdev->block_mtu;
3433 l2cap_logical_cfm(bredr_chan, hchan, 0);
3434 hci_conn_hold(hcon);
3436 l2cap_chan_unlock(bredr_chan);
3440 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3441 struct sk_buff *skb)
3443 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3444 struct hci_chan *hchan;
3446 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3447 le16_to_cpu(ev->handle), ev->status);
3454 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3458 amp_destroy_logical_link(hchan, ev->reason);
3461 hci_dev_unlock(hdev);
3464 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3465 struct sk_buff *skb)
3467 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3468 struct hci_conn *hcon;
3470 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3477 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3479 hcon->state = BT_CLOSED;
3483 hci_dev_unlock(hdev);
3486 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3488 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3489 struct hci_conn *conn;
3491 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3495 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3497 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3499 BT_ERR("No memory for new connection");
3503 conn->dst_type = ev->bdaddr_type;
3505 /* The advertising parameters for own address type
3506 * define which source address and source address
3507 * type this connections has.
3509 if (bacmp(&conn->src, BDADDR_ANY)) {
3510 conn->src_type = ADDR_LE_DEV_PUBLIC;
3512 bacpy(&conn->src, &hdev->static_addr);
3513 conn->src_type = ADDR_LE_DEV_RANDOM;
3516 if (ev->role == LE_CONN_ROLE_MASTER) {
3518 conn->link_mode |= HCI_LM_MASTER;
3523 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3524 conn->dst_type, ev->status);
3525 hci_proto_connect_cfm(conn, ev->status);
3526 conn->state = BT_CLOSED;
3531 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3532 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3533 conn->dst_type, 0, NULL, 0, NULL);
3535 conn->sec_level = BT_SECURITY_LOW;
3536 conn->handle = __le16_to_cpu(ev->handle);
3537 conn->state = BT_CONNECTED;
3539 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
3540 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
3542 hci_conn_add_sysfs(conn);
3544 hci_proto_connect_cfm(conn, ev->status);
3547 hci_dev_unlock(hdev);
3550 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3552 u8 num_reports = skb->data[0];
3553 void *ptr = &skb->data[1];
3556 while (num_reports--) {
3557 struct hci_ev_le_advertising_info *ev = ptr;
3559 rssi = ev->data[ev->length];
3560 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3561 NULL, rssi, 0, 1, ev->data, ev->length);
3563 ptr += sizeof(*ev) + ev->length + 1;
3567 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3569 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3570 struct hci_cp_le_ltk_reply cp;
3571 struct hci_cp_le_ltk_neg_reply neg;
3572 struct hci_conn *conn;
3573 struct smp_ltk *ltk;
3575 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3579 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3583 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3587 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3588 cp.handle = cpu_to_le16(conn->handle);
3590 if (ltk->authenticated)
3591 conn->pending_sec_level = BT_SECURITY_HIGH;
3593 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3595 conn->enc_key_size = ltk->enc_size;
3597 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3599 if (ltk->type & HCI_SMP_STK) {
3600 list_del(<k->list);
3604 hci_dev_unlock(hdev);
3609 neg.handle = ev->handle;
3610 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3611 hci_dev_unlock(hdev);
3614 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3616 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3618 skb_pull(skb, sizeof(*le_ev));
3620 switch (le_ev->subevent) {
3621 case HCI_EV_LE_CONN_COMPLETE:
3622 hci_le_conn_complete_evt(hdev, skb);
3625 case HCI_EV_LE_ADVERTISING_REPORT:
3626 hci_le_adv_report_evt(hdev, skb);
3629 case HCI_EV_LE_LTK_REQ:
3630 hci_le_ltk_request_evt(hdev, skb);
3638 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3640 struct hci_ev_channel_selected *ev = (void *) skb->data;
3641 struct hci_conn *hcon;
3643 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3645 skb_pull(skb, sizeof(*ev));
3647 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3651 amp_read_loc_assoc_final_data(hdev, hcon);
3654 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3656 struct hci_event_hdr *hdr = (void *) skb->data;
3657 __u8 event = hdr->evt;
3661 /* Received events are (currently) only needed when a request is
3662 * ongoing so avoid unnecessary memory allocation.
3664 if (hdev->req_status == HCI_REQ_PEND) {
3665 kfree_skb(hdev->recv_evt);
3666 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3669 hci_dev_unlock(hdev);
3671 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3673 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3674 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3675 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3677 hci_req_cmd_complete(hdev, opcode, 0);
3681 case HCI_EV_INQUIRY_COMPLETE:
3682 hci_inquiry_complete_evt(hdev, skb);
3685 case HCI_EV_INQUIRY_RESULT:
3686 hci_inquiry_result_evt(hdev, skb);
3689 case HCI_EV_CONN_COMPLETE:
3690 hci_conn_complete_evt(hdev, skb);
3693 case HCI_EV_CONN_REQUEST:
3694 hci_conn_request_evt(hdev, skb);
3697 case HCI_EV_DISCONN_COMPLETE:
3698 hci_disconn_complete_evt(hdev, skb);
3701 case HCI_EV_AUTH_COMPLETE:
3702 hci_auth_complete_evt(hdev, skb);
3705 case HCI_EV_REMOTE_NAME:
3706 hci_remote_name_evt(hdev, skb);
3709 case HCI_EV_ENCRYPT_CHANGE:
3710 hci_encrypt_change_evt(hdev, skb);
3713 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3714 hci_change_link_key_complete_evt(hdev, skb);
3717 case HCI_EV_REMOTE_FEATURES:
3718 hci_remote_features_evt(hdev, skb);
3721 case HCI_EV_CMD_COMPLETE:
3722 hci_cmd_complete_evt(hdev, skb);
3725 case HCI_EV_CMD_STATUS:
3726 hci_cmd_status_evt(hdev, skb);
3729 case HCI_EV_ROLE_CHANGE:
3730 hci_role_change_evt(hdev, skb);
3733 case HCI_EV_NUM_COMP_PKTS:
3734 hci_num_comp_pkts_evt(hdev, skb);
3737 case HCI_EV_MODE_CHANGE:
3738 hci_mode_change_evt(hdev, skb);
3741 case HCI_EV_PIN_CODE_REQ:
3742 hci_pin_code_request_evt(hdev, skb);
3745 case HCI_EV_LINK_KEY_REQ:
3746 hci_link_key_request_evt(hdev, skb);
3749 case HCI_EV_LINK_KEY_NOTIFY:
3750 hci_link_key_notify_evt(hdev, skb);
3753 case HCI_EV_CLOCK_OFFSET:
3754 hci_clock_offset_evt(hdev, skb);
3757 case HCI_EV_PKT_TYPE_CHANGE:
3758 hci_pkt_type_change_evt(hdev, skb);
3761 case HCI_EV_PSCAN_REP_MODE:
3762 hci_pscan_rep_mode_evt(hdev, skb);
3765 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3766 hci_inquiry_result_with_rssi_evt(hdev, skb);
3769 case HCI_EV_REMOTE_EXT_FEATURES:
3770 hci_remote_ext_features_evt(hdev, skb);
3773 case HCI_EV_SYNC_CONN_COMPLETE:
3774 hci_sync_conn_complete_evt(hdev, skb);
3777 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3778 hci_extended_inquiry_result_evt(hdev, skb);
3781 case HCI_EV_KEY_REFRESH_COMPLETE:
3782 hci_key_refresh_complete_evt(hdev, skb);
3785 case HCI_EV_IO_CAPA_REQUEST:
3786 hci_io_capa_request_evt(hdev, skb);
3789 case HCI_EV_IO_CAPA_REPLY:
3790 hci_io_capa_reply_evt(hdev, skb);
3793 case HCI_EV_USER_CONFIRM_REQUEST:
3794 hci_user_confirm_request_evt(hdev, skb);
3797 case HCI_EV_USER_PASSKEY_REQUEST:
3798 hci_user_passkey_request_evt(hdev, skb);
3801 case HCI_EV_USER_PASSKEY_NOTIFY:
3802 hci_user_passkey_notify_evt(hdev, skb);
3805 case HCI_EV_KEYPRESS_NOTIFY:
3806 hci_keypress_notify_evt(hdev, skb);
3809 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3810 hci_simple_pair_complete_evt(hdev, skb);
3813 case HCI_EV_REMOTE_HOST_FEATURES:
3814 hci_remote_host_features_evt(hdev, skb);
3817 case HCI_EV_LE_META:
3818 hci_le_meta_evt(hdev, skb);
3821 case HCI_EV_CHANNEL_SELECTED:
3822 hci_chan_selected_evt(hdev, skb);
3825 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3826 hci_remote_oob_data_request_evt(hdev, skb);
3829 case HCI_EV_PHY_LINK_COMPLETE:
3830 hci_phy_link_complete_evt(hdev, skb);
3833 case HCI_EV_LOGICAL_LINK_COMPLETE:
3834 hci_loglink_complete_evt(hdev, skb);
3837 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3838 hci_disconn_loglink_complete_evt(hdev, skb);
3841 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3842 hci_disconn_phylink_complete_evt(hdev, skb);
3845 case HCI_EV_NUM_COMP_BLOCKS:
3846 hci_num_comp_blocks_evt(hdev, skb);
3850 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3855 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob