2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 clear_bit(HCI_INQUIRY, &hdev->flags);
47 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
48 wake_up_bit(&hdev->flags, HCI_INQUIRY);
50 hci_conn_check_pending(hdev);
53 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 __u8 status = *((__u8 *) skb->data);
57 BT_DBG("%s status 0x%2.2x", hdev->name, status);
62 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
65 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 __u8 status = *((__u8 *) skb->data);
69 BT_DBG("%s status 0x%2.2x", hdev->name, status);
74 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76 hci_conn_check_pending(hdev);
79 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
82 BT_DBG("%s", hdev->name);
85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
90 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 conn->link_mode &= ~HCI_LM_MASTER;
102 conn->link_mode |= HCI_LM_MASTER;
105 hci_dev_unlock(hdev);
108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 conn->link_policy = __le16_to_cpu(rp->policy);
124 hci_dev_unlock(hdev);
127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
133 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146 conn->link_policy = get_unaligned_le16(sent + 2);
148 hci_dev_unlock(hdev);
151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
154 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
161 hdev->link_policy = __le16_to_cpu(rp->policy);
164 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 __u8 status = *((__u8 *) skb->data);
184 BT_DBG("%s status 0x%2.2x", hdev->name, status);
186 clear_bit(HCI_RESET, &hdev->flags);
188 /* Reset all non-persistent flags */
189 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191 hdev->discovery.state = DISCOVERY_STOPPED;
192 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
193 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
196 hdev->adv_data_len = 0;
199 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201 __u8 status = *((__u8 *) skb->data);
204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
212 if (test_bit(HCI_MGMT, &hdev->dev_flags))
213 mgmt_set_local_name_complete(hdev, sent, status);
215 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
217 hci_dev_unlock(hdev);
220 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222 struct hci_rp_read_local_name *rp = (void *) skb->data;
224 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
229 if (test_bit(HCI_SETUP, &hdev->dev_flags))
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
233 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235 __u8 status = *((__u8 *) skb->data);
238 BT_DBG("%s status 0x%2.2x", hdev->name, status);
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 __u8 param = *((__u8 *) sent);
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
250 clear_bit(HCI_AUTH, &hdev->flags);
253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
257 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
259 __u8 status = *((__u8 *) skb->data);
262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
264 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
269 __u8 param = *((__u8 *) sent);
272 set_bit(HCI_ENCRYPT, &hdev->flags);
274 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
280 __u8 param, status = *((__u8 *) skb->data);
281 int old_pscan, old_iscan;
284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
286 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 param = *((__u8 *) sent);
295 mgmt_write_scan_failed(hdev, param, status);
296 hdev->discov_timeout = 0;
300 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
301 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
303 if (param & SCAN_INQUIRY) {
304 set_bit(HCI_ISCAN, &hdev->flags);
306 mgmt_discoverable(hdev, 1);
307 if (hdev->discov_timeout > 0) {
308 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
309 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
312 } else if (old_iscan)
313 mgmt_discoverable(hdev, 0);
315 if (param & SCAN_PAGE) {
316 set_bit(HCI_PSCAN, &hdev->flags);
318 mgmt_connectable(hdev, 1);
319 } else if (old_pscan)
320 mgmt_connectable(hdev, 0);
323 hci_dev_unlock(hdev);
326 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
328 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
330 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
335 memcpy(hdev->dev_class, rp->dev_class, 3);
337 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
338 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
341 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343 __u8 status = *((__u8 *) skb->data);
346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
348 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 memcpy(hdev->dev_class, sent, 3);
357 if (test_bit(HCI_MGMT, &hdev->dev_flags))
358 mgmt_set_class_of_dev_complete(hdev, sent, status);
360 hci_dev_unlock(hdev);
363 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
368 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
373 setting = __le16_to_cpu(rp->voice_setting);
375 if (hdev->voice_setting == setting)
378 hdev->voice_setting = setting;
380 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
386 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
417 __u8 status = *((__u8 *) skb->data);
418 struct hci_cp_write_ssp_mode *sent;
420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
422 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
428 hdev->features[1][0] |= LMP_HOST_SSP;
430 hdev->features[1][0] &= ~LMP_HOST_SSP;
433 if (test_bit(HCI_MGMT, &hdev->dev_flags))
434 mgmt_ssp_enable_complete(hdev, sent->mode, status);
437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
443 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
445 struct hci_rp_read_local_version *rp = (void *) skb->data;
447 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
452 hdev->hci_ver = rp->hci_ver;
453 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
454 hdev->lmp_ver = rp->lmp_ver;
455 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
456 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
458 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
459 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
462 static void hci_cc_read_local_commands(struct hci_dev *hdev,
465 struct hci_rp_read_local_commands *rp = (void *) skb->data;
467 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
470 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
473 static void hci_cc_read_local_features(struct hci_dev *hdev,
476 struct hci_rp_read_local_features *rp = (void *) skb->data;
478 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
483 memcpy(hdev->features, rp->features, 8);
485 /* Adjust default settings according to features
486 * supported by device. */
488 if (hdev->features[0][0] & LMP_3SLOT)
489 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
491 if (hdev->features[0][0] & LMP_5SLOT)
492 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
494 if (hdev->features[0][1] & LMP_HV2) {
495 hdev->pkt_type |= (HCI_HV2);
496 hdev->esco_type |= (ESCO_HV2);
499 if (hdev->features[0][1] & LMP_HV3) {
500 hdev->pkt_type |= (HCI_HV3);
501 hdev->esco_type |= (ESCO_HV3);
504 if (lmp_esco_capable(hdev))
505 hdev->esco_type |= (ESCO_EV3);
507 if (hdev->features[0][4] & LMP_EV4)
508 hdev->esco_type |= (ESCO_EV4);
510 if (hdev->features[0][4] & LMP_EV5)
511 hdev->esco_type |= (ESCO_EV5);
513 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
514 hdev->esco_type |= (ESCO_2EV3);
516 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
517 hdev->esco_type |= (ESCO_3EV3);
519 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
520 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
522 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
523 hdev->features[0][0], hdev->features[0][1],
524 hdev->features[0][2], hdev->features[0][3],
525 hdev->features[0][4], hdev->features[0][5],
526 hdev->features[0][6], hdev->features[0][7]);
529 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
532 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
534 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
539 hdev->max_page = rp->max_page;
541 if (rp->page < HCI_MAX_PAGES)
542 memcpy(hdev->features[rp->page], rp->features, 8);
545 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
548 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
550 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
553 hdev->flow_ctl_mode = rp->mode;
556 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
558 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
560 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
565 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
566 hdev->sco_mtu = rp->sco_mtu;
567 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
568 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
570 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
575 hdev->acl_cnt = hdev->acl_pkts;
576 hdev->sco_cnt = hdev->sco_pkts;
578 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
579 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
582 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
584 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
589 bacpy(&hdev->bdaddr, &rp->bdaddr);
592 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
595 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
597 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
599 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
600 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
601 hdev->page_scan_window = __le16_to_cpu(rp->window);
605 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
608 u8 status = *((u8 *) skb->data);
609 struct hci_cp_write_page_scan_activity *sent;
611 BT_DBG("%s status 0x%2.2x", hdev->name, status);
616 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
620 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
621 hdev->page_scan_window = __le16_to_cpu(sent->window);
624 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
627 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
629 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
631 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
632 hdev->page_scan_type = rp->type;
635 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
638 u8 status = *((u8 *) skb->data);
641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
646 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
648 hdev->page_scan_type = *type;
651 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
654 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
656 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
661 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
662 hdev->block_len = __le16_to_cpu(rp->block_len);
663 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
665 hdev->block_cnt = hdev->num_blocks;
667 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
668 hdev->block_cnt, hdev->block_len);
671 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
674 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
676 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
681 hdev->amp_status = rp->amp_status;
682 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
683 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
684 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
685 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
686 hdev->amp_type = rp->amp_type;
687 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
688 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
689 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
690 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
693 a2mp_send_getinfo_rsp(hdev);
696 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
699 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
700 struct amp_assoc *assoc = &hdev->loc_assoc;
701 size_t rem_len, frag_len;
703 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
708 frag_len = skb->len - sizeof(*rp);
709 rem_len = __le16_to_cpu(rp->rem_len);
711 if (rem_len > frag_len) {
712 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
714 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
715 assoc->offset += frag_len;
717 /* Read other fragments */
718 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
723 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
724 assoc->len = assoc->offset + rem_len;
728 /* Send A2MP Rsp when all fragments are received */
729 a2mp_send_getampassoc_rsp(hdev, rp->status);
730 a2mp_send_create_phy_link_req(hdev, rp->status);
733 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
736 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
741 hdev->inq_tx_power = rp->tx_power;
744 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
746 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
747 struct hci_cp_pin_code_reply *cp;
748 struct hci_conn *conn;
750 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
754 if (test_bit(HCI_MGMT, &hdev->dev_flags))
755 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
760 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
764 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
766 conn->pin_length = cp->pin_len;
769 hci_dev_unlock(hdev);
772 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
774 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
776 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
780 if (test_bit(HCI_MGMT, &hdev->dev_flags))
781 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
784 hci_dev_unlock(hdev);
787 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
790 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
792 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
798 hdev->le_pkts = rp->le_max_pkt;
800 hdev->le_cnt = hdev->le_pkts;
802 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
805 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
808 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
813 memcpy(hdev->le_features, rp->features, 8);
816 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
819 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
821 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
824 hdev->adv_tx_power = rp->tx_power;
827 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
829 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
835 if (test_bit(HCI_MGMT, &hdev->dev_flags))
836 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
839 hci_dev_unlock(hdev);
842 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
845 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
847 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
851 if (test_bit(HCI_MGMT, &hdev->dev_flags))
852 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
853 ACL_LINK, 0, rp->status);
855 hci_dev_unlock(hdev);
858 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
860 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
866 if (test_bit(HCI_MGMT, &hdev->dev_flags))
867 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
870 hci_dev_unlock(hdev);
873 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
876 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
882 if (test_bit(HCI_MGMT, &hdev->dev_flags))
883 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
884 ACL_LINK, 0, rp->status);
886 hci_dev_unlock(hdev);
889 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
892 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
894 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
897 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
898 rp->randomizer, rp->status);
899 hci_dev_unlock(hdev);
902 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
904 __u8 *sent, status = *((__u8 *) skb->data);
906 BT_DBG("%s status 0x%2.2x", hdev->name, status);
908 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
916 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
918 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
921 if (!test_bit(HCI_INIT, &hdev->flags)) {
922 struct hci_request req;
924 hci_req_init(&req, hdev);
926 hci_req_run(&req, NULL);
929 hci_dev_unlock(hdev);
932 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
935 struct hci_cp_le_set_scan_enable *cp;
936 __u8 status = *((__u8 *) skb->data);
938 BT_DBG("%s status 0x%2.2x", hdev->name, status);
940 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
947 switch (cp->enable) {
949 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
952 case LE_SCAN_DISABLE:
953 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
957 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
962 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
965 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
967 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
970 hdev->le_white_list_size = rp->size;
973 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
976 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
978 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
981 memcpy(hdev->le_states, rp->le_states, 8);
984 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
987 struct hci_cp_write_le_host_supported *sent;
988 __u8 status = *((__u8 *) skb->data);
990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
992 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
998 hdev->features[1][0] |= LMP_HOST_LE;
1000 hdev->features[1][0] &= ~LMP_HOST_LE;
1003 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1005 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1008 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1009 !test_bit(HCI_INIT, &hdev->flags))
1010 mgmt_le_enable_complete(hdev, sent->le, status);
1013 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1014 struct sk_buff *skb)
1016 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1018 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1019 hdev->name, rp->status, rp->phy_handle);
1024 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1027 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1029 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1032 hci_conn_check_pending(hdev);
1036 set_bit(HCI_INQUIRY, &hdev->flags);
1039 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1041 struct hci_cp_create_conn *cp;
1042 struct hci_conn *conn;
1044 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1046 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1054 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1057 if (conn && conn->state == BT_CONNECT) {
1058 if (status != 0x0c || conn->attempt > 2) {
1059 conn->state = BT_CLOSED;
1060 hci_proto_connect_cfm(conn, status);
1063 conn->state = BT_CONNECT2;
1067 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1070 conn->link_mode |= HCI_LM_MASTER;
1072 BT_ERR("No memory for new connection");
1076 hci_dev_unlock(hdev);
1079 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1081 struct hci_cp_add_sco *cp;
1082 struct hci_conn *acl, *sco;
1085 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1090 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1094 handle = __le16_to_cpu(cp->handle);
1096 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1100 acl = hci_conn_hash_lookup_handle(hdev, handle);
1104 sco->state = BT_CLOSED;
1106 hci_proto_connect_cfm(sco, status);
1111 hci_dev_unlock(hdev);
1114 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1116 struct hci_cp_auth_requested *cp;
1117 struct hci_conn *conn;
1119 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1124 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1132 if (conn->state == BT_CONFIG) {
1133 hci_proto_connect_cfm(conn, status);
1134 hci_conn_drop(conn);
1138 hci_dev_unlock(hdev);
1141 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1143 struct hci_cp_set_conn_encrypt *cp;
1144 struct hci_conn *conn;
1146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1151 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1157 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1159 if (conn->state == BT_CONFIG) {
1160 hci_proto_connect_cfm(conn, status);
1161 hci_conn_drop(conn);
1165 hci_dev_unlock(hdev);
1168 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1169 struct hci_conn *conn)
1171 if (conn->state != BT_CONFIG || !conn->out)
1174 if (conn->pending_sec_level == BT_SECURITY_SDP)
1177 /* Only request authentication for SSP connections or non-SSP
1178 * devices with sec_level HIGH or if MITM protection is requested */
1179 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1180 conn->pending_sec_level != BT_SECURITY_HIGH)
1186 static int hci_resolve_name(struct hci_dev *hdev,
1187 struct inquiry_entry *e)
1189 struct hci_cp_remote_name_req cp;
1191 memset(&cp, 0, sizeof(cp));
1193 bacpy(&cp.bdaddr, &e->data.bdaddr);
1194 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1195 cp.pscan_mode = e->data.pscan_mode;
1196 cp.clock_offset = e->data.clock_offset;
1198 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1201 static bool hci_resolve_next_name(struct hci_dev *hdev)
1203 struct discovery_state *discov = &hdev->discovery;
1204 struct inquiry_entry *e;
1206 if (list_empty(&discov->resolve))
1209 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1213 if (hci_resolve_name(hdev, e) == 0) {
1214 e->name_state = NAME_PENDING;
1221 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1222 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1224 struct discovery_state *discov = &hdev->discovery;
1225 struct inquiry_entry *e;
1227 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1228 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1229 name_len, conn->dev_class);
1231 if (discov->state == DISCOVERY_STOPPED)
1234 if (discov->state == DISCOVERY_STOPPING)
1235 goto discov_complete;
1237 if (discov->state != DISCOVERY_RESOLVING)
1240 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1241 /* If the device was not found in a list of found devices names of which
1242 * are pending. there is no need to continue resolving a next name as it
1243 * will be done upon receiving another Remote Name Request Complete
1250 e->name_state = NAME_KNOWN;
1251 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1252 e->data.rssi, name, name_len);
1254 e->name_state = NAME_NOT_KNOWN;
1257 if (hci_resolve_next_name(hdev))
1261 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1264 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1266 struct hci_cp_remote_name_req *cp;
1267 struct hci_conn *conn;
1269 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1271 /* If successful wait for the name req complete event before
1272 * checking for the need to do authentication */
1276 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1282 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1284 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1285 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1290 if (!hci_outgoing_auth_needed(hdev, conn))
1293 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1294 struct hci_cp_auth_requested cp;
1295 cp.handle = __cpu_to_le16(conn->handle);
1296 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1300 hci_dev_unlock(hdev);
1303 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1305 struct hci_cp_read_remote_features *cp;
1306 struct hci_conn *conn;
1308 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1313 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1319 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1321 if (conn->state == BT_CONFIG) {
1322 hci_proto_connect_cfm(conn, status);
1323 hci_conn_drop(conn);
1327 hci_dev_unlock(hdev);
1330 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1332 struct hci_cp_read_remote_ext_features *cp;
1333 struct hci_conn *conn;
1335 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1340 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1346 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1348 if (conn->state == BT_CONFIG) {
1349 hci_proto_connect_cfm(conn, status);
1350 hci_conn_drop(conn);
1354 hci_dev_unlock(hdev);
1357 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1359 struct hci_cp_setup_sync_conn *cp;
1360 struct hci_conn *acl, *sco;
1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1368 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1372 handle = __le16_to_cpu(cp->handle);
1374 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1378 acl = hci_conn_hash_lookup_handle(hdev, handle);
1382 sco->state = BT_CLOSED;
1384 hci_proto_connect_cfm(sco, status);
1389 hci_dev_unlock(hdev);
1392 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1394 struct hci_cp_sniff_mode *cp;
1395 struct hci_conn *conn;
1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1402 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1410 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1412 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1413 hci_sco_setup(conn, status);
1416 hci_dev_unlock(hdev);
1419 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1421 struct hci_cp_exit_sniff_mode *cp;
1422 struct hci_conn *conn;
1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1429 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1439 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1440 hci_sco_setup(conn, status);
1443 hci_dev_unlock(hdev);
1446 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1448 struct hci_cp_disconnect *cp;
1449 struct hci_conn *conn;
1454 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1460 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1462 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1463 conn->dst_type, status);
1465 hci_dev_unlock(hdev);
1468 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1470 struct hci_conn *conn;
1472 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1477 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1479 hci_dev_unlock(hdev);
1483 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1485 conn->state = BT_CLOSED;
1486 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1487 conn->dst_type, status);
1488 hci_proto_connect_cfm(conn, status);
1491 hci_dev_unlock(hdev);
1495 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1497 struct hci_cp_create_phy_link *cp;
1499 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1501 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1508 struct hci_conn *hcon;
1510 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1514 amp_write_remote_assoc(hdev, cp->phy_handle);
1517 hci_dev_unlock(hdev);
1520 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1522 struct hci_cp_accept_phy_link *cp;
1524 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1529 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1533 amp_write_remote_assoc(hdev, cp->phy_handle);
1536 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1538 __u8 status = *((__u8 *) skb->data);
1539 struct discovery_state *discov = &hdev->discovery;
1540 struct inquiry_entry *e;
1542 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1544 hci_conn_check_pending(hdev);
1546 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1549 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1550 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1552 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1557 if (discov->state != DISCOVERY_FINDING)
1560 if (list_empty(&discov->resolve)) {
1561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1565 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1566 if (e && hci_resolve_name(hdev, e) == 0) {
1567 e->name_state = NAME_PENDING;
1568 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1570 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1574 hci_dev_unlock(hdev);
1577 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1579 struct inquiry_data data;
1580 struct inquiry_info *info = (void *) (skb->data + 1);
1581 int num_rsp = *((__u8 *) skb->data);
1583 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1588 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1593 for (; num_rsp; num_rsp--, info++) {
1594 bool name_known, ssp;
1596 bacpy(&data.bdaddr, &info->bdaddr);
1597 data.pscan_rep_mode = info->pscan_rep_mode;
1598 data.pscan_period_mode = info->pscan_period_mode;
1599 data.pscan_mode = info->pscan_mode;
1600 memcpy(data.dev_class, info->dev_class, 3);
1601 data.clock_offset = info->clock_offset;
1603 data.ssp_mode = 0x00;
1605 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1606 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1607 info->dev_class, 0, !name_known, ssp, NULL,
1611 hci_dev_unlock(hdev);
1614 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1616 struct hci_ev_conn_complete *ev = (void *) skb->data;
1617 struct hci_conn *conn;
1619 BT_DBG("%s", hdev->name);
1623 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1625 if (ev->link_type != SCO_LINK)
1628 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1632 conn->type = SCO_LINK;
1636 conn->handle = __le16_to_cpu(ev->handle);
1638 if (conn->type == ACL_LINK) {
1639 conn->state = BT_CONFIG;
1640 hci_conn_hold(conn);
1642 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1643 !hci_find_link_key(hdev, &ev->bdaddr))
1644 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1646 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1648 conn->state = BT_CONNECTED;
1650 hci_conn_add_sysfs(conn);
1652 if (test_bit(HCI_AUTH, &hdev->flags))
1653 conn->link_mode |= HCI_LM_AUTH;
1655 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1656 conn->link_mode |= HCI_LM_ENCRYPT;
1658 /* Get remote features */
1659 if (conn->type == ACL_LINK) {
1660 struct hci_cp_read_remote_features cp;
1661 cp.handle = ev->handle;
1662 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1666 /* Set packet type for incoming connection */
1667 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1668 struct hci_cp_change_conn_ptype cp;
1669 cp.handle = ev->handle;
1670 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1671 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1675 conn->state = BT_CLOSED;
1676 if (conn->type == ACL_LINK)
1677 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1678 conn->dst_type, ev->status);
1681 if (conn->type == ACL_LINK)
1682 hci_sco_setup(conn, ev->status);
1685 hci_proto_connect_cfm(conn, ev->status);
1687 } else if (ev->link_type != ACL_LINK)
1688 hci_proto_connect_cfm(conn, ev->status);
1691 hci_dev_unlock(hdev);
1693 hci_conn_check_pending(hdev);
1696 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1698 struct hci_ev_conn_request *ev = (void *) skb->data;
1699 int mask = hdev->link_mode;
1702 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1705 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1708 if ((mask & HCI_LM_ACCEPT) &&
1709 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1710 /* Connection accepted */
1711 struct inquiry_entry *ie;
1712 struct hci_conn *conn;
1716 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1718 memcpy(ie->data.dev_class, ev->dev_class, 3);
1720 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1723 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1725 BT_ERR("No memory for new connection");
1726 hci_dev_unlock(hdev);
1731 memcpy(conn->dev_class, ev->dev_class, 3);
1733 hci_dev_unlock(hdev);
1735 if (ev->link_type == ACL_LINK ||
1736 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1737 struct hci_cp_accept_conn_req cp;
1738 conn->state = BT_CONNECT;
1740 bacpy(&cp.bdaddr, &ev->bdaddr);
1742 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1743 cp.role = 0x00; /* Become master */
1745 cp.role = 0x01; /* Remain slave */
1747 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1749 } else if (!(flags & HCI_PROTO_DEFER)) {
1750 struct hci_cp_accept_sync_conn_req cp;
1751 conn->state = BT_CONNECT;
1753 bacpy(&cp.bdaddr, &ev->bdaddr);
1754 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1756 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1757 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1758 cp.max_latency = __constant_cpu_to_le16(0xffff);
1759 cp.content_format = cpu_to_le16(hdev->voice_setting);
1760 cp.retrans_effort = 0xff;
1762 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1765 conn->state = BT_CONNECT2;
1766 hci_proto_connect_cfm(conn, 0);
1769 /* Connection rejected */
1770 struct hci_cp_reject_conn_req cp;
1772 bacpy(&cp.bdaddr, &ev->bdaddr);
1773 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1774 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1778 static u8 hci_to_mgmt_reason(u8 err)
1781 case HCI_ERROR_CONNECTION_TIMEOUT:
1782 return MGMT_DEV_DISCONN_TIMEOUT;
1783 case HCI_ERROR_REMOTE_USER_TERM:
1784 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1785 case HCI_ERROR_REMOTE_POWER_OFF:
1786 return MGMT_DEV_DISCONN_REMOTE;
1787 case HCI_ERROR_LOCAL_HOST_TERM:
1788 return MGMT_DEV_DISCONN_LOCAL_HOST;
1790 return MGMT_DEV_DISCONN_UNKNOWN;
1794 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1796 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1797 struct hci_conn *conn;
1799 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1803 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1807 if (ev->status == 0)
1808 conn->state = BT_CLOSED;
1810 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1811 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1813 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1814 conn->dst_type, ev->status);
1816 u8 reason = hci_to_mgmt_reason(ev->reason);
1818 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1819 conn->dst_type, reason);
1823 if (ev->status == 0) {
1824 if (conn->type == ACL_LINK && conn->flush_key)
1825 hci_remove_link_key(hdev, &conn->dst);
1826 hci_proto_disconn_cfm(conn, ev->reason);
1831 hci_dev_unlock(hdev);
1834 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1836 struct hci_ev_auth_complete *ev = (void *) skb->data;
1837 struct hci_conn *conn;
1839 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1843 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1848 if (!hci_conn_ssp_enabled(conn) &&
1849 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1850 BT_INFO("re-auth of legacy device is not possible.");
1852 conn->link_mode |= HCI_LM_AUTH;
1853 conn->sec_level = conn->pending_sec_level;
1856 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1860 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1861 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1863 if (conn->state == BT_CONFIG) {
1864 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1865 struct hci_cp_set_conn_encrypt cp;
1866 cp.handle = ev->handle;
1868 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1871 conn->state = BT_CONNECTED;
1872 hci_proto_connect_cfm(conn, ev->status);
1873 hci_conn_drop(conn);
1876 hci_auth_cfm(conn, ev->status);
1878 hci_conn_hold(conn);
1879 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1880 hci_conn_drop(conn);
1883 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1885 struct hci_cp_set_conn_encrypt cp;
1886 cp.handle = ev->handle;
1888 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1891 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1892 hci_encrypt_cfm(conn, ev->status, 0x00);
1897 hci_dev_unlock(hdev);
1900 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1902 struct hci_ev_remote_name *ev = (void *) skb->data;
1903 struct hci_conn *conn;
1905 BT_DBG("%s", hdev->name);
1907 hci_conn_check_pending(hdev);
1911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1913 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1916 if (ev->status == 0)
1917 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1918 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1920 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1926 if (!hci_outgoing_auth_needed(hdev, conn))
1929 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1930 struct hci_cp_auth_requested cp;
1931 cp.handle = __cpu_to_le16(conn->handle);
1932 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1936 hci_dev_unlock(hdev);
1939 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1941 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1942 struct hci_conn *conn;
1944 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1948 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1952 /* Encryption implies authentication */
1953 conn->link_mode |= HCI_LM_AUTH;
1954 conn->link_mode |= HCI_LM_ENCRYPT;
1955 conn->sec_level = conn->pending_sec_level;
1957 conn->link_mode &= ~HCI_LM_ENCRYPT;
1960 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1962 if (ev->status && conn->state == BT_CONNECTED) {
1963 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1964 hci_conn_drop(conn);
1968 if (conn->state == BT_CONFIG) {
1970 conn->state = BT_CONNECTED;
1972 hci_proto_connect_cfm(conn, ev->status);
1973 hci_conn_drop(conn);
1975 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1979 hci_dev_unlock(hdev);
1982 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1983 struct sk_buff *skb)
1985 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1986 struct hci_conn *conn;
1988 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1992 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1995 conn->link_mode |= HCI_LM_SECURE;
1997 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1999 hci_key_change_cfm(conn, ev->status);
2002 hci_dev_unlock(hdev);
2005 static void hci_remote_features_evt(struct hci_dev *hdev,
2006 struct sk_buff *skb)
2008 struct hci_ev_remote_features *ev = (void *) skb->data;
2009 struct hci_conn *conn;
2011 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2015 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2020 memcpy(conn->features[0], ev->features, 8);
2022 if (conn->state != BT_CONFIG)
2025 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2026 struct hci_cp_read_remote_ext_features cp;
2027 cp.handle = ev->handle;
2029 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2034 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2035 struct hci_cp_remote_name_req cp;
2036 memset(&cp, 0, sizeof(cp));
2037 bacpy(&cp.bdaddr, &conn->dst);
2038 cp.pscan_rep_mode = 0x02;
2039 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2040 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2041 mgmt_device_connected(hdev, &conn->dst, conn->type,
2042 conn->dst_type, 0, NULL, 0,
2045 if (!hci_outgoing_auth_needed(hdev, conn)) {
2046 conn->state = BT_CONNECTED;
2047 hci_proto_connect_cfm(conn, ev->status);
2048 hci_conn_drop(conn);
2052 hci_dev_unlock(hdev);
2055 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2058 u8 status = skb->data[sizeof(*ev)];
2061 skb_pull(skb, sizeof(*ev));
2063 opcode = __le16_to_cpu(ev->opcode);
2066 case HCI_OP_INQUIRY_CANCEL:
2067 hci_cc_inquiry_cancel(hdev, skb);
2070 case HCI_OP_PERIODIC_INQ:
2071 hci_cc_periodic_inq(hdev, skb);
2074 case HCI_OP_EXIT_PERIODIC_INQ:
2075 hci_cc_exit_periodic_inq(hdev, skb);
2078 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2079 hci_cc_remote_name_req_cancel(hdev, skb);
2082 case HCI_OP_ROLE_DISCOVERY:
2083 hci_cc_role_discovery(hdev, skb);
2086 case HCI_OP_READ_LINK_POLICY:
2087 hci_cc_read_link_policy(hdev, skb);
2090 case HCI_OP_WRITE_LINK_POLICY:
2091 hci_cc_write_link_policy(hdev, skb);
2094 case HCI_OP_READ_DEF_LINK_POLICY:
2095 hci_cc_read_def_link_policy(hdev, skb);
2098 case HCI_OP_WRITE_DEF_LINK_POLICY:
2099 hci_cc_write_def_link_policy(hdev, skb);
2103 hci_cc_reset(hdev, skb);
2106 case HCI_OP_WRITE_LOCAL_NAME:
2107 hci_cc_write_local_name(hdev, skb);
2110 case HCI_OP_READ_LOCAL_NAME:
2111 hci_cc_read_local_name(hdev, skb);
2114 case HCI_OP_WRITE_AUTH_ENABLE:
2115 hci_cc_write_auth_enable(hdev, skb);
2118 case HCI_OP_WRITE_ENCRYPT_MODE:
2119 hci_cc_write_encrypt_mode(hdev, skb);
2122 case HCI_OP_WRITE_SCAN_ENABLE:
2123 hci_cc_write_scan_enable(hdev, skb);
2126 case HCI_OP_READ_CLASS_OF_DEV:
2127 hci_cc_read_class_of_dev(hdev, skb);
2130 case HCI_OP_WRITE_CLASS_OF_DEV:
2131 hci_cc_write_class_of_dev(hdev, skb);
2134 case HCI_OP_READ_VOICE_SETTING:
2135 hci_cc_read_voice_setting(hdev, skb);
2138 case HCI_OP_WRITE_VOICE_SETTING:
2139 hci_cc_write_voice_setting(hdev, skb);
2142 case HCI_OP_WRITE_SSP_MODE:
2143 hci_cc_write_ssp_mode(hdev, skb);
2146 case HCI_OP_READ_LOCAL_VERSION:
2147 hci_cc_read_local_version(hdev, skb);
2150 case HCI_OP_READ_LOCAL_COMMANDS:
2151 hci_cc_read_local_commands(hdev, skb);
2154 case HCI_OP_READ_LOCAL_FEATURES:
2155 hci_cc_read_local_features(hdev, skb);
2158 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2159 hci_cc_read_local_ext_features(hdev, skb);
2162 case HCI_OP_READ_BUFFER_SIZE:
2163 hci_cc_read_buffer_size(hdev, skb);
2166 case HCI_OP_READ_BD_ADDR:
2167 hci_cc_read_bd_addr(hdev, skb);
2170 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2171 hci_cc_read_page_scan_activity(hdev, skb);
2174 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2175 hci_cc_write_page_scan_activity(hdev, skb);
2178 case HCI_OP_READ_PAGE_SCAN_TYPE:
2179 hci_cc_read_page_scan_type(hdev, skb);
2182 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2183 hci_cc_write_page_scan_type(hdev, skb);
2186 case HCI_OP_READ_DATA_BLOCK_SIZE:
2187 hci_cc_read_data_block_size(hdev, skb);
2190 case HCI_OP_READ_FLOW_CONTROL_MODE:
2191 hci_cc_read_flow_control_mode(hdev, skb);
2194 case HCI_OP_READ_LOCAL_AMP_INFO:
2195 hci_cc_read_local_amp_info(hdev, skb);
2198 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2199 hci_cc_read_local_amp_assoc(hdev, skb);
2202 case HCI_OP_READ_INQ_RSP_TX_POWER:
2203 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2206 case HCI_OP_PIN_CODE_REPLY:
2207 hci_cc_pin_code_reply(hdev, skb);
2210 case HCI_OP_PIN_CODE_NEG_REPLY:
2211 hci_cc_pin_code_neg_reply(hdev, skb);
2214 case HCI_OP_READ_LOCAL_OOB_DATA:
2215 hci_cc_read_local_oob_data_reply(hdev, skb);
2218 case HCI_OP_LE_READ_BUFFER_SIZE:
2219 hci_cc_le_read_buffer_size(hdev, skb);
2222 case HCI_OP_LE_READ_LOCAL_FEATURES:
2223 hci_cc_le_read_local_features(hdev, skb);
2226 case HCI_OP_LE_READ_ADV_TX_POWER:
2227 hci_cc_le_read_adv_tx_power(hdev, skb);
2230 case HCI_OP_USER_CONFIRM_REPLY:
2231 hci_cc_user_confirm_reply(hdev, skb);
2234 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2235 hci_cc_user_confirm_neg_reply(hdev, skb);
2238 case HCI_OP_USER_PASSKEY_REPLY:
2239 hci_cc_user_passkey_reply(hdev, skb);
2242 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2243 hci_cc_user_passkey_neg_reply(hdev, skb);
2246 case HCI_OP_LE_SET_ADV_ENABLE:
2247 hci_cc_le_set_adv_enable(hdev, skb);
2250 case HCI_OP_LE_SET_SCAN_ENABLE:
2251 hci_cc_le_set_scan_enable(hdev, skb);
2254 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2255 hci_cc_le_read_white_list_size(hdev, skb);
2258 case HCI_OP_LE_READ_SUPPORTED_STATES:
2259 hci_cc_le_read_supported_states(hdev, skb);
2262 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2263 hci_cc_write_le_host_supported(hdev, skb);
2266 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2267 hci_cc_write_remote_amp_assoc(hdev, skb);
2271 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2275 if (opcode != HCI_OP_NOP)
2276 del_timer(&hdev->cmd_timer);
2278 hci_req_cmd_complete(hdev, opcode, status);
2280 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2281 atomic_set(&hdev->cmd_cnt, 1);
2282 if (!skb_queue_empty(&hdev->cmd_q))
2283 queue_work(hdev->workqueue, &hdev->cmd_work);
2287 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2289 struct hci_ev_cmd_status *ev = (void *) skb->data;
2292 skb_pull(skb, sizeof(*ev));
2294 opcode = __le16_to_cpu(ev->opcode);
2297 case HCI_OP_INQUIRY:
2298 hci_cs_inquiry(hdev, ev->status);
2301 case HCI_OP_CREATE_CONN:
2302 hci_cs_create_conn(hdev, ev->status);
2305 case HCI_OP_ADD_SCO:
2306 hci_cs_add_sco(hdev, ev->status);
2309 case HCI_OP_AUTH_REQUESTED:
2310 hci_cs_auth_requested(hdev, ev->status);
2313 case HCI_OP_SET_CONN_ENCRYPT:
2314 hci_cs_set_conn_encrypt(hdev, ev->status);
2317 case HCI_OP_REMOTE_NAME_REQ:
2318 hci_cs_remote_name_req(hdev, ev->status);
2321 case HCI_OP_READ_REMOTE_FEATURES:
2322 hci_cs_read_remote_features(hdev, ev->status);
2325 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2326 hci_cs_read_remote_ext_features(hdev, ev->status);
2329 case HCI_OP_SETUP_SYNC_CONN:
2330 hci_cs_setup_sync_conn(hdev, ev->status);
2333 case HCI_OP_SNIFF_MODE:
2334 hci_cs_sniff_mode(hdev, ev->status);
2337 case HCI_OP_EXIT_SNIFF_MODE:
2338 hci_cs_exit_sniff_mode(hdev, ev->status);
2341 case HCI_OP_DISCONNECT:
2342 hci_cs_disconnect(hdev, ev->status);
2345 case HCI_OP_LE_CREATE_CONN:
2346 hci_cs_le_create_conn(hdev, ev->status);
2349 case HCI_OP_CREATE_PHY_LINK:
2350 hci_cs_create_phylink(hdev, ev->status);
2353 case HCI_OP_ACCEPT_PHY_LINK:
2354 hci_cs_accept_phylink(hdev, ev->status);
2358 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2362 if (opcode != HCI_OP_NOP)
2363 del_timer(&hdev->cmd_timer);
2366 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2367 hci_req_cmd_complete(hdev, opcode, ev->status);
2369 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2370 atomic_set(&hdev->cmd_cnt, 1);
2371 if (!skb_queue_empty(&hdev->cmd_q))
2372 queue_work(hdev->workqueue, &hdev->cmd_work);
2376 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2378 struct hci_ev_role_change *ev = (void *) skb->data;
2379 struct hci_conn *conn;
2381 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2385 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2389 conn->link_mode &= ~HCI_LM_MASTER;
2391 conn->link_mode |= HCI_LM_MASTER;
2394 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2396 hci_role_switch_cfm(conn, ev->status, ev->role);
2399 hci_dev_unlock(hdev);
2402 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2404 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2407 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2408 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2412 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2413 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2414 BT_DBG("%s bad parameters", hdev->name);
2418 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2420 for (i = 0; i < ev->num_hndl; i++) {
2421 struct hci_comp_pkts_info *info = &ev->handles[i];
2422 struct hci_conn *conn;
2423 __u16 handle, count;
2425 handle = __le16_to_cpu(info->handle);
2426 count = __le16_to_cpu(info->count);
2428 conn = hci_conn_hash_lookup_handle(hdev, handle);
2432 conn->sent -= count;
2434 switch (conn->type) {
2436 hdev->acl_cnt += count;
2437 if (hdev->acl_cnt > hdev->acl_pkts)
2438 hdev->acl_cnt = hdev->acl_pkts;
2442 if (hdev->le_pkts) {
2443 hdev->le_cnt += count;
2444 if (hdev->le_cnt > hdev->le_pkts)
2445 hdev->le_cnt = hdev->le_pkts;
2447 hdev->acl_cnt += count;
2448 if (hdev->acl_cnt > hdev->acl_pkts)
2449 hdev->acl_cnt = hdev->acl_pkts;
2454 hdev->sco_cnt += count;
2455 if (hdev->sco_cnt > hdev->sco_pkts)
2456 hdev->sco_cnt = hdev->sco_pkts;
2460 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2465 queue_work(hdev->workqueue, &hdev->tx_work);
2468 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2471 struct hci_chan *chan;
2473 switch (hdev->dev_type) {
2475 return hci_conn_hash_lookup_handle(hdev, handle);
2477 chan = hci_chan_lookup_handle(hdev, handle);
2482 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2489 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2491 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2494 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2495 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2499 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2500 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2501 BT_DBG("%s bad parameters", hdev->name);
2505 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2508 for (i = 0; i < ev->num_hndl; i++) {
2509 struct hci_comp_blocks_info *info = &ev->handles[i];
2510 struct hci_conn *conn = NULL;
2511 __u16 handle, block_count;
2513 handle = __le16_to_cpu(info->handle);
2514 block_count = __le16_to_cpu(info->blocks);
2516 conn = __hci_conn_lookup_handle(hdev, handle);
2520 conn->sent -= block_count;
2522 switch (conn->type) {
2525 hdev->block_cnt += block_count;
2526 if (hdev->block_cnt > hdev->num_blocks)
2527 hdev->block_cnt = hdev->num_blocks;
2531 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2536 queue_work(hdev->workqueue, &hdev->tx_work);
2539 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2541 struct hci_ev_mode_change *ev = (void *) skb->data;
2542 struct hci_conn *conn;
2544 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2550 conn->mode = ev->mode;
2551 conn->interval = __le16_to_cpu(ev->interval);
2553 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2555 if (conn->mode == HCI_CM_ACTIVE)
2556 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2558 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2561 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2562 hci_sco_setup(conn, ev->status);
2565 hci_dev_unlock(hdev);
2568 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2571 struct hci_conn *conn;
2573 BT_DBG("%s", hdev->name);
2577 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2581 if (conn->state == BT_CONNECTED) {
2582 hci_conn_hold(conn);
2583 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2584 hci_conn_drop(conn);
2587 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2588 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2589 sizeof(ev->bdaddr), &ev->bdaddr);
2590 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2593 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2598 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2602 hci_dev_unlock(hdev);
2605 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2607 struct hci_ev_link_key_req *ev = (void *) skb->data;
2608 struct hci_cp_link_key_reply cp;
2609 struct hci_conn *conn;
2610 struct link_key *key;
2612 BT_DBG("%s", hdev->name);
2614 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2619 key = hci_find_link_key(hdev, &ev->bdaddr);
2621 BT_DBG("%s link key not found for %pMR", hdev->name,
2626 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2629 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2630 key->type == HCI_LK_DEBUG_COMBINATION) {
2631 BT_DBG("%s ignoring debug key", hdev->name);
2635 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2637 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2638 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2639 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2643 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2644 conn->pending_sec_level == BT_SECURITY_HIGH) {
2645 BT_DBG("%s ignoring key unauthenticated for high security",
2650 conn->key_type = key->type;
2651 conn->pin_length = key->pin_len;
2654 bacpy(&cp.bdaddr, &ev->bdaddr);
2655 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2657 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2659 hci_dev_unlock(hdev);
2664 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2665 hci_dev_unlock(hdev);
2668 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2670 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2671 struct hci_conn *conn;
2674 BT_DBG("%s", hdev->name);
2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2680 hci_conn_hold(conn);
2681 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2682 pin_len = conn->pin_length;
2684 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2685 conn->key_type = ev->key_type;
2687 hci_conn_drop(conn);
2690 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2691 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2692 ev->key_type, pin_len);
2694 hci_dev_unlock(hdev);
2697 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2699 struct hci_ev_clock_offset *ev = (void *) skb->data;
2700 struct hci_conn *conn;
2702 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2706 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2707 if (conn && !ev->status) {
2708 struct inquiry_entry *ie;
2710 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2712 ie->data.clock_offset = ev->clock_offset;
2713 ie->timestamp = jiffies;
2717 hci_dev_unlock(hdev);
2720 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2722 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2723 struct hci_conn *conn;
2725 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2730 if (conn && !ev->status)
2731 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2733 hci_dev_unlock(hdev);
2736 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2738 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2739 struct inquiry_entry *ie;
2741 BT_DBG("%s", hdev->name);
2745 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2747 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2748 ie->timestamp = jiffies;
2751 hci_dev_unlock(hdev);
2754 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2755 struct sk_buff *skb)
2757 struct inquiry_data data;
2758 int num_rsp = *((__u8 *) skb->data);
2759 bool name_known, ssp;
2761 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2766 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2771 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2772 struct inquiry_info_with_rssi_and_pscan_mode *info;
2773 info = (void *) (skb->data + 1);
2775 for (; num_rsp; num_rsp--, info++) {
2776 bacpy(&data.bdaddr, &info->bdaddr);
2777 data.pscan_rep_mode = info->pscan_rep_mode;
2778 data.pscan_period_mode = info->pscan_period_mode;
2779 data.pscan_mode = info->pscan_mode;
2780 memcpy(data.dev_class, info->dev_class, 3);
2781 data.clock_offset = info->clock_offset;
2782 data.rssi = info->rssi;
2783 data.ssp_mode = 0x00;
2785 name_known = hci_inquiry_cache_update(hdev, &data,
2787 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2788 info->dev_class, info->rssi,
2789 !name_known, ssp, NULL, 0);
2792 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2794 for (; num_rsp; num_rsp--, info++) {
2795 bacpy(&data.bdaddr, &info->bdaddr);
2796 data.pscan_rep_mode = info->pscan_rep_mode;
2797 data.pscan_period_mode = info->pscan_period_mode;
2798 data.pscan_mode = 0x00;
2799 memcpy(data.dev_class, info->dev_class, 3);
2800 data.clock_offset = info->clock_offset;
2801 data.rssi = info->rssi;
2802 data.ssp_mode = 0x00;
2803 name_known = hci_inquiry_cache_update(hdev, &data,
2805 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2806 info->dev_class, info->rssi,
2807 !name_known, ssp, NULL, 0);
2811 hci_dev_unlock(hdev);
2814 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2815 struct sk_buff *skb)
2817 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2818 struct hci_conn *conn;
2820 BT_DBG("%s", hdev->name);
2824 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2828 if (ev->page < HCI_MAX_PAGES)
2829 memcpy(conn->features[ev->page], ev->features, 8);
2831 if (!ev->status && ev->page == 0x01) {
2832 struct inquiry_entry *ie;
2834 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2836 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2838 if (ev->features[0] & LMP_HOST_SSP) {
2839 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2841 /* It is mandatory by the Bluetooth specification that
2842 * Extended Inquiry Results are only used when Secure
2843 * Simple Pairing is enabled, but some devices violate
2846 * To make these devices work, the internal SSP
2847 * enabled flag needs to be cleared if the remote host
2848 * features do not indicate SSP support */
2849 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2853 if (conn->state != BT_CONFIG)
2856 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2857 struct hci_cp_remote_name_req cp;
2858 memset(&cp, 0, sizeof(cp));
2859 bacpy(&cp.bdaddr, &conn->dst);
2860 cp.pscan_rep_mode = 0x02;
2861 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2862 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2863 mgmt_device_connected(hdev, &conn->dst, conn->type,
2864 conn->dst_type, 0, NULL, 0,
2867 if (!hci_outgoing_auth_needed(hdev, conn)) {
2868 conn->state = BT_CONNECTED;
2869 hci_proto_connect_cfm(conn, ev->status);
2870 hci_conn_drop(conn);
2874 hci_dev_unlock(hdev);
2877 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2878 struct sk_buff *skb)
2880 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2881 struct hci_conn *conn;
2883 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2887 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2889 if (ev->link_type == ESCO_LINK)
2892 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2896 conn->type = SCO_LINK;
2899 switch (ev->status) {
2901 conn->handle = __le16_to_cpu(ev->handle);
2902 conn->state = BT_CONNECTED;
2904 hci_conn_add_sysfs(conn);
2907 case 0x11: /* Unsupported Feature or Parameter Value */
2908 case 0x1c: /* SCO interval rejected */
2909 case 0x1a: /* Unsupported Remote Feature */
2910 case 0x1f: /* Unspecified error */
2911 if (conn->out && conn->attempt < 2) {
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK);
2914 hci_setup_sync(conn, conn->link->handle);
2920 conn->state = BT_CLOSED;
2924 hci_proto_connect_cfm(conn, ev->status);
2929 hci_dev_unlock(hdev);
2932 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2933 struct sk_buff *skb)
2935 struct inquiry_data data;
2936 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2937 int num_rsp = *((__u8 *) skb->data);
2940 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2945 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2950 for (; num_rsp; num_rsp--, info++) {
2951 bool name_known, ssp;
2953 bacpy(&data.bdaddr, &info->bdaddr);
2954 data.pscan_rep_mode = info->pscan_rep_mode;
2955 data.pscan_period_mode = info->pscan_period_mode;
2956 data.pscan_mode = 0x00;
2957 memcpy(data.dev_class, info->dev_class, 3);
2958 data.clock_offset = info->clock_offset;
2959 data.rssi = info->rssi;
2960 data.ssp_mode = 0x01;
2962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2963 name_known = eir_has_data_type(info->data,
2969 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2971 eir_len = eir_get_length(info->data, sizeof(info->data));
2972 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2973 info->dev_class, info->rssi, !name_known,
2974 ssp, info->data, eir_len);
2977 hci_dev_unlock(hdev);
2980 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2981 struct sk_buff *skb)
2983 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2986 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2987 __le16_to_cpu(ev->handle));
2991 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2996 conn->sec_level = conn->pending_sec_level;
2998 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3000 if (ev->status && conn->state == BT_CONNECTED) {
3001 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3002 hci_conn_drop(conn);
3006 if (conn->state == BT_CONFIG) {
3008 conn->state = BT_CONNECTED;
3010 hci_proto_connect_cfm(conn, ev->status);
3011 hci_conn_drop(conn);
3013 hci_auth_cfm(conn, ev->status);
3015 hci_conn_hold(conn);
3016 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3017 hci_conn_drop(conn);
3021 hci_dev_unlock(hdev);
3024 static u8 hci_get_auth_req(struct hci_conn *conn)
3026 /* If remote requests dedicated bonding follow that lead */
3027 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3028 /* If both remote and local IO capabilities allow MITM
3029 * protection then require it, otherwise don't */
3030 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3036 /* If remote requests no-bonding follow that lead */
3037 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3038 return conn->remote_auth | (conn->auth_type & 0x01);
3040 return conn->auth_type;
3043 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3045 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3046 struct hci_conn *conn;
3048 BT_DBG("%s", hdev->name);
3052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3056 hci_conn_hold(conn);
3058 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3061 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3062 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3063 struct hci_cp_io_capability_reply cp;
3065 bacpy(&cp.bdaddr, &ev->bdaddr);
3066 /* Change the IO capability from KeyboardDisplay
3067 * to DisplayYesNo as it is not supported by BT spec. */
3068 cp.capability = (conn->io_capability == 0x04) ?
3069 0x01 : conn->io_capability;
3070 conn->auth_type = hci_get_auth_req(conn);
3071 cp.authentication = conn->auth_type;
3073 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3074 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3079 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3082 struct hci_cp_io_capability_neg_reply cp;
3084 bacpy(&cp.bdaddr, &ev->bdaddr);
3085 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3087 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3092 hci_dev_unlock(hdev);
3095 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3097 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3098 struct hci_conn *conn;
3100 BT_DBG("%s", hdev->name);
3104 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3108 conn->remote_cap = ev->capability;
3109 conn->remote_auth = ev->authentication;
3111 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3114 hci_dev_unlock(hdev);
3117 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3118 struct sk_buff *skb)
3120 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3121 int loc_mitm, rem_mitm, confirm_hint = 0;
3122 struct hci_conn *conn;
3124 BT_DBG("%s", hdev->name);
3128 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3131 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3135 loc_mitm = (conn->auth_type & 0x01);
3136 rem_mitm = (conn->remote_auth & 0x01);
3138 /* If we require MITM but the remote device can't provide that
3139 * (it has NoInputNoOutput) then reject the confirmation
3140 * request. The only exception is when we're dedicated bonding
3141 * initiators (connect_cfm_cb set) since then we always have the MITM
3143 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3144 BT_DBG("Rejecting request: remote device can't provide MITM");
3145 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3146 sizeof(ev->bdaddr), &ev->bdaddr);
3150 /* If no side requires MITM protection; auto-accept */
3151 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3152 (!rem_mitm || conn->io_capability == 0x03)) {
3154 /* If we're not the initiators request authorization to
3155 * proceed from user space (mgmt_user_confirm with
3156 * confirm_hint set to 1). */
3157 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3158 BT_DBG("Confirming auto-accept as acceptor");
3163 BT_DBG("Auto-accept of user confirmation with %ums delay",
3164 hdev->auto_accept_delay);
3166 if (hdev->auto_accept_delay > 0) {
3167 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3168 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3172 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3173 sizeof(ev->bdaddr), &ev->bdaddr);
3178 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3182 hci_dev_unlock(hdev);
3185 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3186 struct sk_buff *skb)
3188 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3190 BT_DBG("%s", hdev->name);
3192 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3193 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3196 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3197 struct sk_buff *skb)
3199 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3200 struct hci_conn *conn;
3202 BT_DBG("%s", hdev->name);
3204 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3208 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3209 conn->passkey_entered = 0;
3211 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3212 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3213 conn->dst_type, conn->passkey_notify,
3214 conn->passkey_entered);
3217 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3219 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3220 struct hci_conn *conn;
3222 BT_DBG("%s", hdev->name);
3224 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3229 case HCI_KEYPRESS_STARTED:
3230 conn->passkey_entered = 0;
3233 case HCI_KEYPRESS_ENTERED:
3234 conn->passkey_entered++;
3237 case HCI_KEYPRESS_ERASED:
3238 conn->passkey_entered--;
3241 case HCI_KEYPRESS_CLEARED:
3242 conn->passkey_entered = 0;
3245 case HCI_KEYPRESS_COMPLETED:
3249 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3250 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3251 conn->dst_type, conn->passkey_notify,
3252 conn->passkey_entered);
3255 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
3258 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3259 struct hci_conn *conn;
3261 BT_DBG("%s", hdev->name);
3265 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3269 /* To avoid duplicate auth_failed events to user space we check
3270 * the HCI_CONN_AUTH_PEND flag which will be set if we
3271 * initiated the authentication. A traditional auth_complete
3272 * event gets always produced as initiator and is also mapped to
3273 * the mgmt_auth_failed event */
3274 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3275 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3278 hci_conn_drop(conn);
3281 hci_dev_unlock(hdev);
3284 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3287 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3288 struct inquiry_entry *ie;
3289 struct hci_conn *conn;
3291 BT_DBG("%s", hdev->name);
3295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3297 memcpy(conn->features[1], ev->features, 8);
3299 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3301 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3303 hci_dev_unlock(hdev);
3306 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3307 struct sk_buff *skb)
3309 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3310 struct oob_data *data;
3312 BT_DBG("%s", hdev->name);
3316 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3319 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3321 struct hci_cp_remote_oob_data_reply cp;
3323 bacpy(&cp.bdaddr, &ev->bdaddr);
3324 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3325 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3327 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3330 struct hci_cp_remote_oob_data_neg_reply cp;
3332 bacpy(&cp.bdaddr, &ev->bdaddr);
3333 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3338 hci_dev_unlock(hdev);
3341 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3342 struct sk_buff *skb)
3344 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3345 struct hci_conn *hcon, *bredr_hcon;
3347 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3352 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3354 hci_dev_unlock(hdev);
3360 hci_dev_unlock(hdev);
3364 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3366 hcon->state = BT_CONNECTED;
3367 bacpy(&hcon->dst, &bredr_hcon->dst);
3369 hci_conn_hold(hcon);
3370 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3371 hci_conn_drop(hcon);
3373 hci_conn_add_sysfs(hcon);
3375 amp_physical_cfm(bredr_hcon, hcon);
3377 hci_dev_unlock(hdev);
3380 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3382 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3383 struct hci_conn *hcon;
3384 struct hci_chan *hchan;
3385 struct amp_mgr *mgr;
3387 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3388 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3391 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3395 /* Create AMP hchan */
3396 hchan = hci_chan_create(hcon);
3400 hchan->handle = le16_to_cpu(ev->handle);
3402 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3404 mgr = hcon->amp_mgr;
3405 if (mgr && mgr->bredr_chan) {
3406 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3408 l2cap_chan_lock(bredr_chan);
3410 bredr_chan->conn->mtu = hdev->block_mtu;
3411 l2cap_logical_cfm(bredr_chan, hchan, 0);
3412 hci_conn_hold(hcon);
3414 l2cap_chan_unlock(bredr_chan);
3418 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3419 struct sk_buff *skb)
3421 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3422 struct hci_chan *hchan;
3424 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3425 le16_to_cpu(ev->handle), ev->status);
3432 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3436 amp_destroy_logical_link(hchan, ev->reason);
3439 hci_dev_unlock(hdev);
3442 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3443 struct sk_buff *skb)
3445 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3446 struct hci_conn *hcon;
3448 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3455 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3457 hcon->state = BT_CLOSED;
3461 hci_dev_unlock(hdev);
3464 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3466 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3467 struct hci_conn *conn;
3469 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3473 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3475 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3477 BT_ERR("No memory for new connection");
3481 conn->dst_type = ev->bdaddr_type;
3483 if (ev->role == LE_CONN_ROLE_MASTER) {
3485 conn->link_mode |= HCI_LM_MASTER;
3490 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3491 conn->dst_type, ev->status);
3492 hci_proto_connect_cfm(conn, ev->status);
3493 conn->state = BT_CLOSED;
3498 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3499 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3500 conn->dst_type, 0, NULL, 0, NULL);
3502 conn->sec_level = BT_SECURITY_LOW;
3503 conn->handle = __le16_to_cpu(ev->handle);
3504 conn->state = BT_CONNECTED;
3506 hci_conn_add_sysfs(conn);
3508 hci_proto_connect_cfm(conn, ev->status);
3511 hci_dev_unlock(hdev);
3514 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3516 u8 num_reports = skb->data[0];
3517 void *ptr = &skb->data[1];
3520 while (num_reports--) {
3521 struct hci_ev_le_advertising_info *ev = ptr;
3523 rssi = ev->data[ev->length];
3524 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3525 NULL, rssi, 0, 1, ev->data, ev->length);
3527 ptr += sizeof(*ev) + ev->length + 1;
3531 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3533 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3534 struct hci_cp_le_ltk_reply cp;
3535 struct hci_cp_le_ltk_neg_reply neg;
3536 struct hci_conn *conn;
3537 struct smp_ltk *ltk;
3539 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3543 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3547 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3551 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3552 cp.handle = cpu_to_le16(conn->handle);
3554 if (ltk->authenticated)
3555 conn->sec_level = BT_SECURITY_HIGH;
3557 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3559 if (ltk->type & HCI_SMP_STK) {
3560 list_del(<k->list);
3564 hci_dev_unlock(hdev);
3569 neg.handle = ev->handle;
3570 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3571 hci_dev_unlock(hdev);
3574 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3576 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3578 skb_pull(skb, sizeof(*le_ev));
3580 switch (le_ev->subevent) {
3581 case HCI_EV_LE_CONN_COMPLETE:
3582 hci_le_conn_complete_evt(hdev, skb);
3585 case HCI_EV_LE_ADVERTISING_REPORT:
3586 hci_le_adv_report_evt(hdev, skb);
3589 case HCI_EV_LE_LTK_REQ:
3590 hci_le_ltk_request_evt(hdev, skb);
3598 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3600 struct hci_ev_channel_selected *ev = (void *) skb->data;
3601 struct hci_conn *hcon;
3603 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3605 skb_pull(skb, sizeof(*ev));
3607 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3611 amp_read_loc_assoc_final_data(hdev, hcon);
3614 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3616 struct hci_event_hdr *hdr = (void *) skb->data;
3617 __u8 event = hdr->evt;
3621 /* Received events are (currently) only needed when a request is
3622 * ongoing so avoid unnecessary memory allocation.
3624 if (hdev->req_status == HCI_REQ_PEND) {
3625 kfree_skb(hdev->recv_evt);
3626 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3629 hci_dev_unlock(hdev);
3631 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3633 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3634 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3635 u16 opcode = __le16_to_cpu(hdr->opcode);
3637 hci_req_cmd_complete(hdev, opcode, 0);
3641 case HCI_EV_INQUIRY_COMPLETE:
3642 hci_inquiry_complete_evt(hdev, skb);
3645 case HCI_EV_INQUIRY_RESULT:
3646 hci_inquiry_result_evt(hdev, skb);
3649 case HCI_EV_CONN_COMPLETE:
3650 hci_conn_complete_evt(hdev, skb);
3653 case HCI_EV_CONN_REQUEST:
3654 hci_conn_request_evt(hdev, skb);
3657 case HCI_EV_DISCONN_COMPLETE:
3658 hci_disconn_complete_evt(hdev, skb);
3661 case HCI_EV_AUTH_COMPLETE:
3662 hci_auth_complete_evt(hdev, skb);
3665 case HCI_EV_REMOTE_NAME:
3666 hci_remote_name_evt(hdev, skb);
3669 case HCI_EV_ENCRYPT_CHANGE:
3670 hci_encrypt_change_evt(hdev, skb);
3673 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3674 hci_change_link_key_complete_evt(hdev, skb);
3677 case HCI_EV_REMOTE_FEATURES:
3678 hci_remote_features_evt(hdev, skb);
3681 case HCI_EV_CMD_COMPLETE:
3682 hci_cmd_complete_evt(hdev, skb);
3685 case HCI_EV_CMD_STATUS:
3686 hci_cmd_status_evt(hdev, skb);
3689 case HCI_EV_ROLE_CHANGE:
3690 hci_role_change_evt(hdev, skb);
3693 case HCI_EV_NUM_COMP_PKTS:
3694 hci_num_comp_pkts_evt(hdev, skb);
3697 case HCI_EV_MODE_CHANGE:
3698 hci_mode_change_evt(hdev, skb);
3701 case HCI_EV_PIN_CODE_REQ:
3702 hci_pin_code_request_evt(hdev, skb);
3705 case HCI_EV_LINK_KEY_REQ:
3706 hci_link_key_request_evt(hdev, skb);
3709 case HCI_EV_LINK_KEY_NOTIFY:
3710 hci_link_key_notify_evt(hdev, skb);
3713 case HCI_EV_CLOCK_OFFSET:
3714 hci_clock_offset_evt(hdev, skb);
3717 case HCI_EV_PKT_TYPE_CHANGE:
3718 hci_pkt_type_change_evt(hdev, skb);
3721 case HCI_EV_PSCAN_REP_MODE:
3722 hci_pscan_rep_mode_evt(hdev, skb);
3725 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3726 hci_inquiry_result_with_rssi_evt(hdev, skb);
3729 case HCI_EV_REMOTE_EXT_FEATURES:
3730 hci_remote_ext_features_evt(hdev, skb);
3733 case HCI_EV_SYNC_CONN_COMPLETE:
3734 hci_sync_conn_complete_evt(hdev, skb);
3737 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3738 hci_extended_inquiry_result_evt(hdev, skb);
3741 case HCI_EV_KEY_REFRESH_COMPLETE:
3742 hci_key_refresh_complete_evt(hdev, skb);
3745 case HCI_EV_IO_CAPA_REQUEST:
3746 hci_io_capa_request_evt(hdev, skb);
3749 case HCI_EV_IO_CAPA_REPLY:
3750 hci_io_capa_reply_evt(hdev, skb);
3753 case HCI_EV_USER_CONFIRM_REQUEST:
3754 hci_user_confirm_request_evt(hdev, skb);
3757 case HCI_EV_USER_PASSKEY_REQUEST:
3758 hci_user_passkey_request_evt(hdev, skb);
3761 case HCI_EV_USER_PASSKEY_NOTIFY:
3762 hci_user_passkey_notify_evt(hdev, skb);
3765 case HCI_EV_KEYPRESS_NOTIFY:
3766 hci_keypress_notify_evt(hdev, skb);
3769 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3770 hci_simple_pair_complete_evt(hdev, skb);
3773 case HCI_EV_REMOTE_HOST_FEATURES:
3774 hci_remote_host_features_evt(hdev, skb);
3777 case HCI_EV_LE_META:
3778 hci_le_meta_evt(hdev, skb);
3781 case HCI_EV_CHANNEL_SELECTED:
3782 hci_chan_selected_evt(hdev, skb);
3785 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3786 hci_remote_oob_data_request_evt(hdev, skb);
3789 case HCI_EV_PHY_LINK_COMPLETE:
3790 hci_phy_link_complete_evt(hdev, skb);
3793 case HCI_EV_LOGICAL_LINK_COMPLETE:
3794 hci_loglink_complete_evt(hdev, skb);
3797 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3798 hci_disconn_loglink_complete_evt(hdev, skb);
3801 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3802 hci_disconn_phylink_complete_evt(hdev, skb);
3805 case HCI_EV_NUM_COMP_BLOCKS:
3806 hci_num_comp_blocks_evt(hdev, skb);
3810 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3815 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob