2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
200 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
202 __u8 status = *((__u8 *) skb->data);
205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
207 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (test_bit(HCI_MGMT, &hdev->dev_flags))
214 mgmt_set_local_name_complete(hdev, sent, status);
216 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
218 hci_dev_unlock(hdev);
221 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
223 struct hci_rp_read_local_name *rp = (void *) skb->data;
225 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
230 if (test_bit(HCI_SETUP, &hdev->dev_flags))
231 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
234 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
236 __u8 status = *((__u8 *) skb->data);
239 BT_DBG("%s status 0x%2.2x", hdev->name, status);
241 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
246 __u8 param = *((__u8 *) sent);
248 if (param == AUTH_ENABLED)
249 set_bit(HCI_AUTH, &hdev->flags);
251 clear_bit(HCI_AUTH, &hdev->flags);
254 if (test_bit(HCI_MGMT, &hdev->dev_flags))
255 mgmt_auth_enable_complete(hdev, status);
258 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
260 __u8 status = *((__u8 *) skb->data);
263 BT_DBG("%s status 0x%2.2x", hdev->name, status);
265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 __u8 param = *((__u8 *) sent);
273 set_bit(HCI_ENCRYPT, &hdev->flags);
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
279 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
281 __u8 param, status = *((__u8 *) skb->data);
282 int old_pscan, old_iscan;
285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
291 param = *((__u8 *) sent);
296 mgmt_write_scan_failed(hdev, param, status);
297 hdev->discov_timeout = 0;
301 /* We need to ensure that we set this back on if someone changed
302 * the scan mode through a raw HCI socket.
304 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
306 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
307 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
309 if (param & SCAN_INQUIRY) {
310 set_bit(HCI_ISCAN, &hdev->flags);
312 mgmt_discoverable(hdev, 1);
313 if (hdev->discov_timeout > 0) {
314 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
315 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423 __u8 status = *((__u8 *) skb->data);
424 struct hci_cp_write_ssp_mode *sent;
426 BT_DBG("%s status 0x%2.2x", hdev->name, status);
428 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
434 hdev->features[1][0] |= LMP_HOST_SSP;
436 hdev->features[1][0] &= ~LMP_HOST_SSP;
439 if (test_bit(HCI_MGMT, &hdev->dev_flags))
440 mgmt_ssp_enable_complete(hdev, sent->mode, status);
443 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
445 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
449 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
451 struct hci_rp_read_local_version *rp = (void *) skb->data;
453 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
458 hdev->hci_ver = rp->hci_ver;
459 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
460 hdev->lmp_ver = rp->lmp_ver;
461 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
462 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
464 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
465 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
468 static void hci_cc_read_local_commands(struct hci_dev *hdev,
471 struct hci_rp_read_local_commands *rp = (void *) skb->data;
473 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
476 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
479 static void hci_cc_read_local_features(struct hci_dev *hdev,
482 struct hci_rp_read_local_features *rp = (void *) skb->data;
484 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
489 memcpy(hdev->features, rp->features, 8);
491 /* Adjust default settings according to features
492 * supported by device. */
494 if (hdev->features[0][0] & LMP_3SLOT)
495 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
497 if (hdev->features[0][0] & LMP_5SLOT)
498 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
500 if (hdev->features[0][1] & LMP_HV2) {
501 hdev->pkt_type |= (HCI_HV2);
502 hdev->esco_type |= (ESCO_HV2);
505 if (hdev->features[0][1] & LMP_HV3) {
506 hdev->pkt_type |= (HCI_HV3);
507 hdev->esco_type |= (ESCO_HV3);
510 if (lmp_esco_capable(hdev))
511 hdev->esco_type |= (ESCO_EV3);
513 if (hdev->features[0][4] & LMP_EV4)
514 hdev->esco_type |= (ESCO_EV4);
516 if (hdev->features[0][4] & LMP_EV5)
517 hdev->esco_type |= (ESCO_EV5);
519 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
520 hdev->esco_type |= (ESCO_2EV3);
522 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
523 hdev->esco_type |= (ESCO_3EV3);
525 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
526 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
528 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
529 hdev->features[0][0], hdev->features[0][1],
530 hdev->features[0][2], hdev->features[0][3],
531 hdev->features[0][4], hdev->features[0][5],
532 hdev->features[0][6], hdev->features[0][7]);
535 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
538 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
540 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
545 hdev->max_page = rp->max_page;
547 if (rp->page < HCI_MAX_PAGES)
548 memcpy(hdev->features[rp->page], rp->features, 8);
551 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
554 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
556 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
559 hdev->flow_ctl_mode = rp->mode;
562 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
564 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
566 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
571 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
572 hdev->sco_mtu = rp->sco_mtu;
573 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
574 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
576 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
581 hdev->acl_cnt = hdev->acl_pkts;
582 hdev->sco_cnt = hdev->sco_pkts;
584 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
585 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
588 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
590 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
592 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
595 bacpy(&hdev->bdaddr, &rp->bdaddr);
598 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
601 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
606 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
607 hdev->page_scan_window = __le16_to_cpu(rp->window);
611 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
614 u8 status = *((u8 *) skb->data);
615 struct hci_cp_write_page_scan_activity *sent;
617 BT_DBG("%s status 0x%2.2x", hdev->name, status);
622 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
626 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
627 hdev->page_scan_window = __le16_to_cpu(sent->window);
630 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
633 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
635 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
637 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
638 hdev->page_scan_type = rp->type;
641 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
644 u8 status = *((u8 *) skb->data);
647 BT_DBG("%s status 0x%2.2x", hdev->name, status);
652 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
654 hdev->page_scan_type = *type;
657 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
660 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
662 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
667 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
668 hdev->block_len = __le16_to_cpu(rp->block_len);
669 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
671 hdev->block_cnt = hdev->num_blocks;
673 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
674 hdev->block_cnt, hdev->block_len);
677 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
680 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
687 hdev->amp_status = rp->amp_status;
688 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
689 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
690 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
691 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
692 hdev->amp_type = rp->amp_type;
693 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
694 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
695 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
696 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
699 a2mp_send_getinfo_rsp(hdev);
702 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
705 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
706 struct amp_assoc *assoc = &hdev->loc_assoc;
707 size_t rem_len, frag_len;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 frag_len = skb->len - sizeof(*rp);
715 rem_len = __le16_to_cpu(rp->rem_len);
717 if (rem_len > frag_len) {
718 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
720 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
721 assoc->offset += frag_len;
723 /* Read other fragments */
724 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
729 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
730 assoc->len = assoc->offset + rem_len;
734 /* Send A2MP Rsp when all fragments are received */
735 a2mp_send_getampassoc_rsp(hdev, rp->status);
736 a2mp_send_create_phy_link_req(hdev, rp->status);
739 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
742 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
744 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
747 hdev->inq_tx_power = rp->tx_power;
750 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
752 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
753 struct hci_cp_pin_code_reply *cp;
754 struct hci_conn *conn;
756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
760 if (test_bit(HCI_MGMT, &hdev->dev_flags))
761 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
766 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
770 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
772 conn->pin_length = cp->pin_len;
775 hci_dev_unlock(hdev);
778 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
782 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
786 if (test_bit(HCI_MGMT, &hdev->dev_flags))
787 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
790 hci_dev_unlock(hdev);
793 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
796 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
803 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
804 hdev->le_pkts = rp->le_max_pkt;
806 hdev->le_cnt = hdev->le_pkts;
808 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
811 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
814 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
816 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
819 memcpy(hdev->le_features, rp->features, 8);
822 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
825 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
827 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
830 hdev->adv_tx_power = rp->tx_power;
833 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
835 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
837 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
841 if (test_bit(HCI_MGMT, &hdev->dev_flags))
842 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
845 hci_dev_unlock(hdev);
848 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
851 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
853 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857 if (test_bit(HCI_MGMT, &hdev->dev_flags))
858 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
859 ACL_LINK, 0, rp->status);
861 hci_dev_unlock(hdev);
864 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
866 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
872 if (test_bit(HCI_MGMT, &hdev->dev_flags))
873 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
876 hci_dev_unlock(hdev);
879 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
882 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
884 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
888 if (test_bit(HCI_MGMT, &hdev->dev_flags))
889 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
890 ACL_LINK, 0, rp->status);
892 hci_dev_unlock(hdev);
895 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
898 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
900 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
904 rp->randomizer, rp->status);
905 hci_dev_unlock(hdev);
908 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
910 __u8 *sent, status = *((__u8 *) skb->data);
912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
914 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
922 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
924 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
927 if (!test_bit(HCI_INIT, &hdev->flags)) {
928 struct hci_request req;
930 hci_req_init(&req, hdev);
932 hci_req_run(&req, NULL);
935 hci_dev_unlock(hdev);
938 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
941 struct hci_cp_le_set_scan_enable *cp;
942 __u8 status = *((__u8 *) skb->data);
944 BT_DBG("%s status 0x%2.2x", hdev->name, status);
946 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
953 switch (cp->enable) {
955 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
958 case LE_SCAN_DISABLE:
959 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
963 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
968 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
971 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
973 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
976 hdev->le_white_list_size = rp->size;
979 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
982 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
984 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
987 memcpy(hdev->le_states, rp->le_states, 8);
990 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
993 struct hci_cp_write_le_host_supported *sent;
994 __u8 status = *((__u8 *) skb->data);
996 BT_DBG("%s status 0x%2.2x", hdev->name, status);
998 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1004 hdev->features[1][0] |= LMP_HOST_LE;
1005 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1007 hdev->features[1][0] &= ~LMP_HOST_LE;
1008 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1009 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1013 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1015 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1019 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1020 struct sk_buff *skb)
1022 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1024 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1025 hdev->name, rp->status, rp->phy_handle);
1030 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1033 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1035 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1038 hci_conn_check_pending(hdev);
1042 set_bit(HCI_INQUIRY, &hdev->flags);
1045 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1047 struct hci_cp_create_conn *cp;
1048 struct hci_conn *conn;
1050 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1052 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1058 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1060 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1063 if (conn && conn->state == BT_CONNECT) {
1064 if (status != 0x0c || conn->attempt > 2) {
1065 conn->state = BT_CLOSED;
1066 hci_proto_connect_cfm(conn, status);
1069 conn->state = BT_CONNECT2;
1073 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1076 conn->link_mode |= HCI_LM_MASTER;
1078 BT_ERR("No memory for new connection");
1082 hci_dev_unlock(hdev);
1085 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1087 struct hci_cp_add_sco *cp;
1088 struct hci_conn *acl, *sco;
1091 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1096 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1100 handle = __le16_to_cpu(cp->handle);
1102 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1106 acl = hci_conn_hash_lookup_handle(hdev, handle);
1110 sco->state = BT_CLOSED;
1112 hci_proto_connect_cfm(sco, status);
1117 hci_dev_unlock(hdev);
1120 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1122 struct hci_cp_auth_requested *cp;
1123 struct hci_conn *conn;
1125 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1130 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1136 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1138 if (conn->state == BT_CONFIG) {
1139 hci_proto_connect_cfm(conn, status);
1140 hci_conn_drop(conn);
1144 hci_dev_unlock(hdev);
1147 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1149 struct hci_cp_set_conn_encrypt *cp;
1150 struct hci_conn *conn;
1152 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1165 if (conn->state == BT_CONFIG) {
1166 hci_proto_connect_cfm(conn, status);
1167 hci_conn_drop(conn);
1171 hci_dev_unlock(hdev);
1174 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1175 struct hci_conn *conn)
1177 if (conn->state != BT_CONFIG || !conn->out)
1180 if (conn->pending_sec_level == BT_SECURITY_SDP)
1183 /* Only request authentication for SSP connections or non-SSP
1184 * devices with sec_level HIGH or if MITM protection is requested */
1185 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1186 conn->pending_sec_level != BT_SECURITY_HIGH)
1192 static int hci_resolve_name(struct hci_dev *hdev,
1193 struct inquiry_entry *e)
1195 struct hci_cp_remote_name_req cp;
1197 memset(&cp, 0, sizeof(cp));
1199 bacpy(&cp.bdaddr, &e->data.bdaddr);
1200 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1201 cp.pscan_mode = e->data.pscan_mode;
1202 cp.clock_offset = e->data.clock_offset;
1204 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1207 static bool hci_resolve_next_name(struct hci_dev *hdev)
1209 struct discovery_state *discov = &hdev->discovery;
1210 struct inquiry_entry *e;
1212 if (list_empty(&discov->resolve))
1215 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1219 if (hci_resolve_name(hdev, e) == 0) {
1220 e->name_state = NAME_PENDING;
1227 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1228 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1230 struct discovery_state *discov = &hdev->discovery;
1231 struct inquiry_entry *e;
1233 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1234 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1235 name_len, conn->dev_class);
1237 if (discov->state == DISCOVERY_STOPPED)
1240 if (discov->state == DISCOVERY_STOPPING)
1241 goto discov_complete;
1243 if (discov->state != DISCOVERY_RESOLVING)
1246 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1247 /* If the device was not found in a list of found devices names of which
1248 * are pending. there is no need to continue resolving a next name as it
1249 * will be done upon receiving another Remote Name Request Complete
1256 e->name_state = NAME_KNOWN;
1257 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1258 e->data.rssi, name, name_len);
1260 e->name_state = NAME_NOT_KNOWN;
1263 if (hci_resolve_next_name(hdev))
1267 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1270 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1272 struct hci_cp_remote_name_req *cp;
1273 struct hci_conn *conn;
1275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1277 /* If successful wait for the name req complete event before
1278 * checking for the need to do authentication */
1282 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1288 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1290 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1291 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1296 if (!hci_outgoing_auth_needed(hdev, conn))
1299 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1300 struct hci_cp_auth_requested auth_cp;
1302 auth_cp.handle = __cpu_to_le16(conn->handle);
1303 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1304 sizeof(auth_cp), &auth_cp);
1308 hci_dev_unlock(hdev);
1311 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1313 struct hci_cp_read_remote_features *cp;
1314 struct hci_conn *conn;
1316 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1321 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1327 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1329 if (conn->state == BT_CONFIG) {
1330 hci_proto_connect_cfm(conn, status);
1331 hci_conn_drop(conn);
1335 hci_dev_unlock(hdev);
1338 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1340 struct hci_cp_read_remote_ext_features *cp;
1341 struct hci_conn *conn;
1343 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1348 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1354 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1356 if (conn->state == BT_CONFIG) {
1357 hci_proto_connect_cfm(conn, status);
1358 hci_conn_drop(conn);
1362 hci_dev_unlock(hdev);
1365 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1367 struct hci_cp_setup_sync_conn *cp;
1368 struct hci_conn *acl, *sco;
1371 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1376 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1380 handle = __le16_to_cpu(cp->handle);
1382 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1386 acl = hci_conn_hash_lookup_handle(hdev, handle);
1390 sco->state = BT_CLOSED;
1392 hci_proto_connect_cfm(sco, status);
1397 hci_dev_unlock(hdev);
1400 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1402 struct hci_cp_sniff_mode *cp;
1403 struct hci_conn *conn;
1405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1410 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1416 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1418 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1420 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1421 hci_sco_setup(conn, status);
1424 hci_dev_unlock(hdev);
1427 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1429 struct hci_cp_exit_sniff_mode *cp;
1430 struct hci_conn *conn;
1432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1437 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1443 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1445 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1447 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1448 hci_sco_setup(conn, status);
1451 hci_dev_unlock(hdev);
1454 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1456 struct hci_cp_disconnect *cp;
1457 struct hci_conn *conn;
1462 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1468 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1470 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1471 conn->dst_type, status);
1473 hci_dev_unlock(hdev);
1476 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1478 struct hci_cp_create_phy_link *cp;
1480 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1482 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1489 struct hci_conn *hcon;
1491 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1495 amp_write_remote_assoc(hdev, cp->phy_handle);
1498 hci_dev_unlock(hdev);
1501 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1503 struct hci_cp_accept_phy_link *cp;
1505 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1510 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1514 amp_write_remote_assoc(hdev, cp->phy_handle);
1517 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1519 __u8 status = *((__u8 *) skb->data);
1520 struct discovery_state *discov = &hdev->discovery;
1521 struct inquiry_entry *e;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525 hci_conn_check_pending(hdev);
1527 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1530 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1531 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1533 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1538 if (discov->state != DISCOVERY_FINDING)
1541 if (list_empty(&discov->resolve)) {
1542 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1546 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1547 if (e && hci_resolve_name(hdev, e) == 0) {
1548 e->name_state = NAME_PENDING;
1549 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1551 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1555 hci_dev_unlock(hdev);
1558 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1560 struct inquiry_data data;
1561 struct inquiry_info *info = (void *) (skb->data + 1);
1562 int num_rsp = *((__u8 *) skb->data);
1564 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1569 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1574 for (; num_rsp; num_rsp--, info++) {
1575 bool name_known, ssp;
1577 bacpy(&data.bdaddr, &info->bdaddr);
1578 data.pscan_rep_mode = info->pscan_rep_mode;
1579 data.pscan_period_mode = info->pscan_period_mode;
1580 data.pscan_mode = info->pscan_mode;
1581 memcpy(data.dev_class, info->dev_class, 3);
1582 data.clock_offset = info->clock_offset;
1584 data.ssp_mode = 0x00;
1586 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1587 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1588 info->dev_class, 0, !name_known, ssp, NULL,
1592 hci_dev_unlock(hdev);
1595 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1597 struct hci_ev_conn_complete *ev = (void *) skb->data;
1598 struct hci_conn *conn;
1600 BT_DBG("%s", hdev->name);
1604 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1606 if (ev->link_type != SCO_LINK)
1609 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1613 conn->type = SCO_LINK;
1617 conn->handle = __le16_to_cpu(ev->handle);
1619 if (conn->type == ACL_LINK) {
1620 conn->state = BT_CONFIG;
1621 hci_conn_hold(conn);
1623 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1624 !hci_find_link_key(hdev, &ev->bdaddr))
1625 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1627 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1629 conn->state = BT_CONNECTED;
1631 hci_conn_add_sysfs(conn);
1633 if (test_bit(HCI_AUTH, &hdev->flags))
1634 conn->link_mode |= HCI_LM_AUTH;
1636 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1637 conn->link_mode |= HCI_LM_ENCRYPT;
1639 /* Get remote features */
1640 if (conn->type == ACL_LINK) {
1641 struct hci_cp_read_remote_features cp;
1642 cp.handle = ev->handle;
1643 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1647 /* Set packet type for incoming connection */
1648 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1649 struct hci_cp_change_conn_ptype cp;
1650 cp.handle = ev->handle;
1651 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1652 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1656 conn->state = BT_CLOSED;
1657 if (conn->type == ACL_LINK)
1658 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1659 conn->dst_type, ev->status);
1662 if (conn->type == ACL_LINK)
1663 hci_sco_setup(conn, ev->status);
1666 hci_proto_connect_cfm(conn, ev->status);
1668 } else if (ev->link_type != ACL_LINK)
1669 hci_proto_connect_cfm(conn, ev->status);
1672 hci_dev_unlock(hdev);
1674 hci_conn_check_pending(hdev);
1677 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1679 struct hci_ev_conn_request *ev = (void *) skb->data;
1680 int mask = hdev->link_mode;
1683 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1686 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1689 if ((mask & HCI_LM_ACCEPT) &&
1690 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1691 /* Connection accepted */
1692 struct inquiry_entry *ie;
1693 struct hci_conn *conn;
1697 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1699 memcpy(ie->data.dev_class, ev->dev_class, 3);
1701 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1704 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1706 BT_ERR("No memory for new connection");
1707 hci_dev_unlock(hdev);
1712 memcpy(conn->dev_class, ev->dev_class, 3);
1714 hci_dev_unlock(hdev);
1716 if (ev->link_type == ACL_LINK ||
1717 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1718 struct hci_cp_accept_conn_req cp;
1719 conn->state = BT_CONNECT;
1721 bacpy(&cp.bdaddr, &ev->bdaddr);
1723 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1724 cp.role = 0x00; /* Become master */
1726 cp.role = 0x01; /* Remain slave */
1728 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1730 } else if (!(flags & HCI_PROTO_DEFER)) {
1731 struct hci_cp_accept_sync_conn_req cp;
1732 conn->state = BT_CONNECT;
1734 bacpy(&cp.bdaddr, &ev->bdaddr);
1735 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1737 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1738 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1739 cp.max_latency = __constant_cpu_to_le16(0xffff);
1740 cp.content_format = cpu_to_le16(hdev->voice_setting);
1741 cp.retrans_effort = 0xff;
1743 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1746 conn->state = BT_CONNECT2;
1747 hci_proto_connect_cfm(conn, 0);
1750 /* Connection rejected */
1751 struct hci_cp_reject_conn_req cp;
1753 bacpy(&cp.bdaddr, &ev->bdaddr);
1754 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1755 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1759 static u8 hci_to_mgmt_reason(u8 err)
1762 case HCI_ERROR_CONNECTION_TIMEOUT:
1763 return MGMT_DEV_DISCONN_TIMEOUT;
1764 case HCI_ERROR_REMOTE_USER_TERM:
1765 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1766 case HCI_ERROR_REMOTE_POWER_OFF:
1767 return MGMT_DEV_DISCONN_REMOTE;
1768 case HCI_ERROR_LOCAL_HOST_TERM:
1769 return MGMT_DEV_DISCONN_LOCAL_HOST;
1771 return MGMT_DEV_DISCONN_UNKNOWN;
1775 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1777 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1778 struct hci_conn *conn;
1780 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1788 if (ev->status == 0)
1789 conn->state = BT_CLOSED;
1791 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1792 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1794 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1795 conn->dst_type, ev->status);
1797 u8 reason = hci_to_mgmt_reason(ev->reason);
1799 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1800 conn->dst_type, reason);
1804 if (ev->status == 0) {
1805 u8 type = conn->type;
1807 if (type == ACL_LINK && conn->flush_key)
1808 hci_remove_link_key(hdev, &conn->dst);
1809 hci_proto_disconn_cfm(conn, ev->reason);
1812 /* Re-enable advertising if necessary, since it might
1813 * have been disabled by the connection. From the
1814 * HCI_LE_Set_Advertise_Enable command description in
1815 * the core specification (v4.0):
1816 * "The Controller shall continue advertising until the Host
1817 * issues an LE_Set_Advertise_Enable command with
1818 * Advertising_Enable set to 0x00 (Advertising is disabled)
1819 * or until a connection is created or until the Advertising
1820 * is timed out due to Directed Advertising."
1822 if (type == LE_LINK)
1823 mgmt_reenable_advertising(hdev);
1827 hci_dev_unlock(hdev);
1830 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1832 struct hci_ev_auth_complete *ev = (void *) skb->data;
1833 struct hci_conn *conn;
1835 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1839 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1844 if (!hci_conn_ssp_enabled(conn) &&
1845 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1846 BT_INFO("re-auth of legacy device is not possible.");
1848 conn->link_mode |= HCI_LM_AUTH;
1849 conn->sec_level = conn->pending_sec_level;
1852 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1856 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1857 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1859 if (conn->state == BT_CONFIG) {
1860 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1861 struct hci_cp_set_conn_encrypt cp;
1862 cp.handle = ev->handle;
1864 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1867 conn->state = BT_CONNECTED;
1868 hci_proto_connect_cfm(conn, ev->status);
1869 hci_conn_drop(conn);
1872 hci_auth_cfm(conn, ev->status);
1874 hci_conn_hold(conn);
1875 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1876 hci_conn_drop(conn);
1879 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1881 struct hci_cp_set_conn_encrypt cp;
1882 cp.handle = ev->handle;
1884 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1887 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1888 hci_encrypt_cfm(conn, ev->status, 0x00);
1893 hci_dev_unlock(hdev);
1896 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1898 struct hci_ev_remote_name *ev = (void *) skb->data;
1899 struct hci_conn *conn;
1901 BT_DBG("%s", hdev->name);
1903 hci_conn_check_pending(hdev);
1907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1909 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1912 if (ev->status == 0)
1913 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1914 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1916 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1922 if (!hci_outgoing_auth_needed(hdev, conn))
1925 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1926 struct hci_cp_auth_requested cp;
1927 cp.handle = __cpu_to_le16(conn->handle);
1928 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1932 hci_dev_unlock(hdev);
1935 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1937 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1938 struct hci_conn *conn;
1940 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1944 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1948 /* Encryption implies authentication */
1949 conn->link_mode |= HCI_LM_AUTH;
1950 conn->link_mode |= HCI_LM_ENCRYPT;
1951 conn->sec_level = conn->pending_sec_level;
1953 conn->link_mode &= ~HCI_LM_ENCRYPT;
1956 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1958 if (ev->status && conn->state == BT_CONNECTED) {
1959 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1960 hci_conn_drop(conn);
1964 if (conn->state == BT_CONFIG) {
1966 conn->state = BT_CONNECTED;
1968 hci_proto_connect_cfm(conn, ev->status);
1969 hci_conn_drop(conn);
1971 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1975 hci_dev_unlock(hdev);
1978 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1979 struct sk_buff *skb)
1981 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1982 struct hci_conn *conn;
1984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1988 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1991 conn->link_mode |= HCI_LM_SECURE;
1993 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1995 hci_key_change_cfm(conn, ev->status);
1998 hci_dev_unlock(hdev);
2001 static void hci_remote_features_evt(struct hci_dev *hdev,
2002 struct sk_buff *skb)
2004 struct hci_ev_remote_features *ev = (void *) skb->data;
2005 struct hci_conn *conn;
2007 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2016 memcpy(conn->features[0], ev->features, 8);
2018 if (conn->state != BT_CONFIG)
2021 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2022 struct hci_cp_read_remote_ext_features cp;
2023 cp.handle = ev->handle;
2025 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2030 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2031 struct hci_cp_remote_name_req cp;
2032 memset(&cp, 0, sizeof(cp));
2033 bacpy(&cp.bdaddr, &conn->dst);
2034 cp.pscan_rep_mode = 0x02;
2035 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2036 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2037 mgmt_device_connected(hdev, &conn->dst, conn->type,
2038 conn->dst_type, 0, NULL, 0,
2041 if (!hci_outgoing_auth_needed(hdev, conn)) {
2042 conn->state = BT_CONNECTED;
2043 hci_proto_connect_cfm(conn, ev->status);
2044 hci_conn_drop(conn);
2048 hci_dev_unlock(hdev);
2051 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2053 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2054 u8 status = skb->data[sizeof(*ev)];
2057 skb_pull(skb, sizeof(*ev));
2059 opcode = __le16_to_cpu(ev->opcode);
2062 case HCI_OP_INQUIRY_CANCEL:
2063 hci_cc_inquiry_cancel(hdev, skb);
2066 case HCI_OP_PERIODIC_INQ:
2067 hci_cc_periodic_inq(hdev, skb);
2070 case HCI_OP_EXIT_PERIODIC_INQ:
2071 hci_cc_exit_periodic_inq(hdev, skb);
2074 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2075 hci_cc_remote_name_req_cancel(hdev, skb);
2078 case HCI_OP_ROLE_DISCOVERY:
2079 hci_cc_role_discovery(hdev, skb);
2082 case HCI_OP_READ_LINK_POLICY:
2083 hci_cc_read_link_policy(hdev, skb);
2086 case HCI_OP_WRITE_LINK_POLICY:
2087 hci_cc_write_link_policy(hdev, skb);
2090 case HCI_OP_READ_DEF_LINK_POLICY:
2091 hci_cc_read_def_link_policy(hdev, skb);
2094 case HCI_OP_WRITE_DEF_LINK_POLICY:
2095 hci_cc_write_def_link_policy(hdev, skb);
2099 hci_cc_reset(hdev, skb);
2102 case HCI_OP_WRITE_LOCAL_NAME:
2103 hci_cc_write_local_name(hdev, skb);
2106 case HCI_OP_READ_LOCAL_NAME:
2107 hci_cc_read_local_name(hdev, skb);
2110 case HCI_OP_WRITE_AUTH_ENABLE:
2111 hci_cc_write_auth_enable(hdev, skb);
2114 case HCI_OP_WRITE_ENCRYPT_MODE:
2115 hci_cc_write_encrypt_mode(hdev, skb);
2118 case HCI_OP_WRITE_SCAN_ENABLE:
2119 hci_cc_write_scan_enable(hdev, skb);
2122 case HCI_OP_READ_CLASS_OF_DEV:
2123 hci_cc_read_class_of_dev(hdev, skb);
2126 case HCI_OP_WRITE_CLASS_OF_DEV:
2127 hci_cc_write_class_of_dev(hdev, skb);
2130 case HCI_OP_READ_VOICE_SETTING:
2131 hci_cc_read_voice_setting(hdev, skb);
2134 case HCI_OP_WRITE_VOICE_SETTING:
2135 hci_cc_write_voice_setting(hdev, skb);
2138 case HCI_OP_WRITE_SSP_MODE:
2139 hci_cc_write_ssp_mode(hdev, skb);
2142 case HCI_OP_READ_LOCAL_VERSION:
2143 hci_cc_read_local_version(hdev, skb);
2146 case HCI_OP_READ_LOCAL_COMMANDS:
2147 hci_cc_read_local_commands(hdev, skb);
2150 case HCI_OP_READ_LOCAL_FEATURES:
2151 hci_cc_read_local_features(hdev, skb);
2154 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2155 hci_cc_read_local_ext_features(hdev, skb);
2158 case HCI_OP_READ_BUFFER_SIZE:
2159 hci_cc_read_buffer_size(hdev, skb);
2162 case HCI_OP_READ_BD_ADDR:
2163 hci_cc_read_bd_addr(hdev, skb);
2166 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2167 hci_cc_read_page_scan_activity(hdev, skb);
2170 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2171 hci_cc_write_page_scan_activity(hdev, skb);
2174 case HCI_OP_READ_PAGE_SCAN_TYPE:
2175 hci_cc_read_page_scan_type(hdev, skb);
2178 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2179 hci_cc_write_page_scan_type(hdev, skb);
2182 case HCI_OP_READ_DATA_BLOCK_SIZE:
2183 hci_cc_read_data_block_size(hdev, skb);
2186 case HCI_OP_READ_FLOW_CONTROL_MODE:
2187 hci_cc_read_flow_control_mode(hdev, skb);
2190 case HCI_OP_READ_LOCAL_AMP_INFO:
2191 hci_cc_read_local_amp_info(hdev, skb);
2194 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2195 hci_cc_read_local_amp_assoc(hdev, skb);
2198 case HCI_OP_READ_INQ_RSP_TX_POWER:
2199 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2202 case HCI_OP_PIN_CODE_REPLY:
2203 hci_cc_pin_code_reply(hdev, skb);
2206 case HCI_OP_PIN_CODE_NEG_REPLY:
2207 hci_cc_pin_code_neg_reply(hdev, skb);
2210 case HCI_OP_READ_LOCAL_OOB_DATA:
2211 hci_cc_read_local_oob_data_reply(hdev, skb);
2214 case HCI_OP_LE_READ_BUFFER_SIZE:
2215 hci_cc_le_read_buffer_size(hdev, skb);
2218 case HCI_OP_LE_READ_LOCAL_FEATURES:
2219 hci_cc_le_read_local_features(hdev, skb);
2222 case HCI_OP_LE_READ_ADV_TX_POWER:
2223 hci_cc_le_read_adv_tx_power(hdev, skb);
2226 case HCI_OP_USER_CONFIRM_REPLY:
2227 hci_cc_user_confirm_reply(hdev, skb);
2230 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2231 hci_cc_user_confirm_neg_reply(hdev, skb);
2234 case HCI_OP_USER_PASSKEY_REPLY:
2235 hci_cc_user_passkey_reply(hdev, skb);
2238 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2239 hci_cc_user_passkey_neg_reply(hdev, skb);
2242 case HCI_OP_LE_SET_ADV_ENABLE:
2243 hci_cc_le_set_adv_enable(hdev, skb);
2246 case HCI_OP_LE_SET_SCAN_ENABLE:
2247 hci_cc_le_set_scan_enable(hdev, skb);
2250 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2251 hci_cc_le_read_white_list_size(hdev, skb);
2254 case HCI_OP_LE_READ_SUPPORTED_STATES:
2255 hci_cc_le_read_supported_states(hdev, skb);
2258 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2259 hci_cc_write_le_host_supported(hdev, skb);
2262 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2263 hci_cc_write_remote_amp_assoc(hdev, skb);
2267 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2271 if (opcode != HCI_OP_NOP)
2272 del_timer(&hdev->cmd_timer);
2274 hci_req_cmd_complete(hdev, opcode, status);
2276 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2277 atomic_set(&hdev->cmd_cnt, 1);
2278 if (!skb_queue_empty(&hdev->cmd_q))
2279 queue_work(hdev->workqueue, &hdev->cmd_work);
2283 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2285 struct hci_ev_cmd_status *ev = (void *) skb->data;
2288 skb_pull(skb, sizeof(*ev));
2290 opcode = __le16_to_cpu(ev->opcode);
2293 case HCI_OP_INQUIRY:
2294 hci_cs_inquiry(hdev, ev->status);
2297 case HCI_OP_CREATE_CONN:
2298 hci_cs_create_conn(hdev, ev->status);
2301 case HCI_OP_ADD_SCO:
2302 hci_cs_add_sco(hdev, ev->status);
2305 case HCI_OP_AUTH_REQUESTED:
2306 hci_cs_auth_requested(hdev, ev->status);
2309 case HCI_OP_SET_CONN_ENCRYPT:
2310 hci_cs_set_conn_encrypt(hdev, ev->status);
2313 case HCI_OP_REMOTE_NAME_REQ:
2314 hci_cs_remote_name_req(hdev, ev->status);
2317 case HCI_OP_READ_REMOTE_FEATURES:
2318 hci_cs_read_remote_features(hdev, ev->status);
2321 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2322 hci_cs_read_remote_ext_features(hdev, ev->status);
2325 case HCI_OP_SETUP_SYNC_CONN:
2326 hci_cs_setup_sync_conn(hdev, ev->status);
2329 case HCI_OP_SNIFF_MODE:
2330 hci_cs_sniff_mode(hdev, ev->status);
2333 case HCI_OP_EXIT_SNIFF_MODE:
2334 hci_cs_exit_sniff_mode(hdev, ev->status);
2337 case HCI_OP_DISCONNECT:
2338 hci_cs_disconnect(hdev, ev->status);
2341 case HCI_OP_CREATE_PHY_LINK:
2342 hci_cs_create_phylink(hdev, ev->status);
2345 case HCI_OP_ACCEPT_PHY_LINK:
2346 hci_cs_accept_phylink(hdev, ev->status);
2350 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2354 if (opcode != HCI_OP_NOP)
2355 del_timer(&hdev->cmd_timer);
2358 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2359 hci_req_cmd_complete(hdev, opcode, ev->status);
2361 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2362 atomic_set(&hdev->cmd_cnt, 1);
2363 if (!skb_queue_empty(&hdev->cmd_q))
2364 queue_work(hdev->workqueue, &hdev->cmd_work);
2368 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2370 struct hci_ev_role_change *ev = (void *) skb->data;
2371 struct hci_conn *conn;
2373 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2377 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2381 conn->link_mode &= ~HCI_LM_MASTER;
2383 conn->link_mode |= HCI_LM_MASTER;
2386 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2388 hci_role_switch_cfm(conn, ev->status, ev->role);
2391 hci_dev_unlock(hdev);
2394 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2396 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2399 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2400 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2404 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2405 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2406 BT_DBG("%s bad parameters", hdev->name);
2410 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2412 for (i = 0; i < ev->num_hndl; i++) {
2413 struct hci_comp_pkts_info *info = &ev->handles[i];
2414 struct hci_conn *conn;
2415 __u16 handle, count;
2417 handle = __le16_to_cpu(info->handle);
2418 count = __le16_to_cpu(info->count);
2420 conn = hci_conn_hash_lookup_handle(hdev, handle);
2424 conn->sent -= count;
2426 switch (conn->type) {
2428 hdev->acl_cnt += count;
2429 if (hdev->acl_cnt > hdev->acl_pkts)
2430 hdev->acl_cnt = hdev->acl_pkts;
2434 if (hdev->le_pkts) {
2435 hdev->le_cnt += count;
2436 if (hdev->le_cnt > hdev->le_pkts)
2437 hdev->le_cnt = hdev->le_pkts;
2439 hdev->acl_cnt += count;
2440 if (hdev->acl_cnt > hdev->acl_pkts)
2441 hdev->acl_cnt = hdev->acl_pkts;
2446 hdev->sco_cnt += count;
2447 if (hdev->sco_cnt > hdev->sco_pkts)
2448 hdev->sco_cnt = hdev->sco_pkts;
2452 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2457 queue_work(hdev->workqueue, &hdev->tx_work);
2460 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2463 struct hci_chan *chan;
2465 switch (hdev->dev_type) {
2467 return hci_conn_hash_lookup_handle(hdev, handle);
2469 chan = hci_chan_lookup_handle(hdev, handle);
2474 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2481 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2483 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2486 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2487 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2491 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2492 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2493 BT_DBG("%s bad parameters", hdev->name);
2497 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2500 for (i = 0; i < ev->num_hndl; i++) {
2501 struct hci_comp_blocks_info *info = &ev->handles[i];
2502 struct hci_conn *conn = NULL;
2503 __u16 handle, block_count;
2505 handle = __le16_to_cpu(info->handle);
2506 block_count = __le16_to_cpu(info->blocks);
2508 conn = __hci_conn_lookup_handle(hdev, handle);
2512 conn->sent -= block_count;
2514 switch (conn->type) {
2517 hdev->block_cnt += block_count;
2518 if (hdev->block_cnt > hdev->num_blocks)
2519 hdev->block_cnt = hdev->num_blocks;
2523 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2528 queue_work(hdev->workqueue, &hdev->tx_work);
2531 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2533 struct hci_ev_mode_change *ev = (void *) skb->data;
2534 struct hci_conn *conn;
2536 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2540 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2542 conn->mode = ev->mode;
2543 conn->interval = __le16_to_cpu(ev->interval);
2545 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2547 if (conn->mode == HCI_CM_ACTIVE)
2548 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2550 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2553 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2554 hci_sco_setup(conn, ev->status);
2557 hci_dev_unlock(hdev);
2560 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2562 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2563 struct hci_conn *conn;
2565 BT_DBG("%s", hdev->name);
2569 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2573 if (conn->state == BT_CONNECTED) {
2574 hci_conn_hold(conn);
2575 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2576 hci_conn_drop(conn);
2579 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2580 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2581 sizeof(ev->bdaddr), &ev->bdaddr);
2582 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2585 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2590 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2594 hci_dev_unlock(hdev);
2597 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2599 struct hci_ev_link_key_req *ev = (void *) skb->data;
2600 struct hci_cp_link_key_reply cp;
2601 struct hci_conn *conn;
2602 struct link_key *key;
2604 BT_DBG("%s", hdev->name);
2606 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2611 key = hci_find_link_key(hdev, &ev->bdaddr);
2613 BT_DBG("%s link key not found for %pMR", hdev->name,
2618 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2621 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2622 key->type == HCI_LK_DEBUG_COMBINATION) {
2623 BT_DBG("%s ignoring debug key", hdev->name);
2627 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2629 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2630 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2631 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2635 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2636 conn->pending_sec_level == BT_SECURITY_HIGH) {
2637 BT_DBG("%s ignoring key unauthenticated for high security",
2642 conn->key_type = key->type;
2643 conn->pin_length = key->pin_len;
2646 bacpy(&cp.bdaddr, &ev->bdaddr);
2647 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2649 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2651 hci_dev_unlock(hdev);
2656 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2657 hci_dev_unlock(hdev);
2660 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2662 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2663 struct hci_conn *conn;
2666 BT_DBG("%s", hdev->name);
2670 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2672 hci_conn_hold(conn);
2673 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2674 pin_len = conn->pin_length;
2676 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2677 conn->key_type = ev->key_type;
2679 hci_conn_drop(conn);
2682 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2683 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2684 ev->key_type, pin_len);
2686 hci_dev_unlock(hdev);
2689 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2691 struct hci_ev_clock_offset *ev = (void *) skb->data;
2692 struct hci_conn *conn;
2694 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2698 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2699 if (conn && !ev->status) {
2700 struct inquiry_entry *ie;
2702 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2704 ie->data.clock_offset = ev->clock_offset;
2705 ie->timestamp = jiffies;
2709 hci_dev_unlock(hdev);
2712 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2714 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2715 struct hci_conn *conn;
2717 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2721 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2722 if (conn && !ev->status)
2723 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2725 hci_dev_unlock(hdev);
2728 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2730 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2731 struct inquiry_entry *ie;
2733 BT_DBG("%s", hdev->name);
2737 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2739 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2740 ie->timestamp = jiffies;
2743 hci_dev_unlock(hdev);
2746 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2747 struct sk_buff *skb)
2749 struct inquiry_data data;
2750 int num_rsp = *((__u8 *) skb->data);
2751 bool name_known, ssp;
2753 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2758 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2763 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2764 struct inquiry_info_with_rssi_and_pscan_mode *info;
2765 info = (void *) (skb->data + 1);
2767 for (; num_rsp; num_rsp--, info++) {
2768 bacpy(&data.bdaddr, &info->bdaddr);
2769 data.pscan_rep_mode = info->pscan_rep_mode;
2770 data.pscan_period_mode = info->pscan_period_mode;
2771 data.pscan_mode = info->pscan_mode;
2772 memcpy(data.dev_class, info->dev_class, 3);
2773 data.clock_offset = info->clock_offset;
2774 data.rssi = info->rssi;
2775 data.ssp_mode = 0x00;
2777 name_known = hci_inquiry_cache_update(hdev, &data,
2779 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2780 info->dev_class, info->rssi,
2781 !name_known, ssp, NULL, 0);
2784 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2786 for (; num_rsp; num_rsp--, info++) {
2787 bacpy(&data.bdaddr, &info->bdaddr);
2788 data.pscan_rep_mode = info->pscan_rep_mode;
2789 data.pscan_period_mode = info->pscan_period_mode;
2790 data.pscan_mode = 0x00;
2791 memcpy(data.dev_class, info->dev_class, 3);
2792 data.clock_offset = info->clock_offset;
2793 data.rssi = info->rssi;
2794 data.ssp_mode = 0x00;
2795 name_known = hci_inquiry_cache_update(hdev, &data,
2797 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2798 info->dev_class, info->rssi,
2799 !name_known, ssp, NULL, 0);
2803 hci_dev_unlock(hdev);
2806 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2807 struct sk_buff *skb)
2809 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2810 struct hci_conn *conn;
2812 BT_DBG("%s", hdev->name);
2816 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2820 if (ev->page < HCI_MAX_PAGES)
2821 memcpy(conn->features[ev->page], ev->features, 8);
2823 if (!ev->status && ev->page == 0x01) {
2824 struct inquiry_entry *ie;
2826 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2828 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2830 if (ev->features[0] & LMP_HOST_SSP) {
2831 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2833 /* It is mandatory by the Bluetooth specification that
2834 * Extended Inquiry Results are only used when Secure
2835 * Simple Pairing is enabled, but some devices violate
2838 * To make these devices work, the internal SSP
2839 * enabled flag needs to be cleared if the remote host
2840 * features do not indicate SSP support */
2841 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2845 if (conn->state != BT_CONFIG)
2848 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2849 struct hci_cp_remote_name_req cp;
2850 memset(&cp, 0, sizeof(cp));
2851 bacpy(&cp.bdaddr, &conn->dst);
2852 cp.pscan_rep_mode = 0x02;
2853 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2854 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2855 mgmt_device_connected(hdev, &conn->dst, conn->type,
2856 conn->dst_type, 0, NULL, 0,
2859 if (!hci_outgoing_auth_needed(hdev, conn)) {
2860 conn->state = BT_CONNECTED;
2861 hci_proto_connect_cfm(conn, ev->status);
2862 hci_conn_drop(conn);
2866 hci_dev_unlock(hdev);
2869 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2870 struct sk_buff *skb)
2872 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2873 struct hci_conn *conn;
2875 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2879 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2881 if (ev->link_type == ESCO_LINK)
2884 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2888 conn->type = SCO_LINK;
2891 switch (ev->status) {
2893 conn->handle = __le16_to_cpu(ev->handle);
2894 conn->state = BT_CONNECTED;
2896 hci_conn_add_sysfs(conn);
2899 case 0x0d: /* Connection Rejected due to Limited Resources */
2900 case 0x11: /* Unsupported Feature or Parameter Value */
2901 case 0x1c: /* SCO interval rejected */
2902 case 0x1a: /* Unsupported Remote Feature */
2903 case 0x1f: /* Unspecified error */
2905 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2906 (hdev->esco_type & EDR_ESCO_MASK);
2907 if (hci_setup_sync(conn, conn->link->handle))
2913 conn->state = BT_CLOSED;
2917 hci_proto_connect_cfm(conn, ev->status);
2922 hci_dev_unlock(hdev);
2925 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2926 struct sk_buff *skb)
2928 struct inquiry_data data;
2929 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2930 int num_rsp = *((__u8 *) skb->data);
2933 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2938 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2943 for (; num_rsp; num_rsp--, info++) {
2944 bool name_known, ssp;
2946 bacpy(&data.bdaddr, &info->bdaddr);
2947 data.pscan_rep_mode = info->pscan_rep_mode;
2948 data.pscan_period_mode = info->pscan_period_mode;
2949 data.pscan_mode = 0x00;
2950 memcpy(data.dev_class, info->dev_class, 3);
2951 data.clock_offset = info->clock_offset;
2952 data.rssi = info->rssi;
2953 data.ssp_mode = 0x01;
2955 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2956 name_known = eir_has_data_type(info->data,
2962 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2964 eir_len = eir_get_length(info->data, sizeof(info->data));
2965 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2966 info->dev_class, info->rssi, !name_known,
2967 ssp, info->data, eir_len);
2970 hci_dev_unlock(hdev);
2973 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2974 struct sk_buff *skb)
2976 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2977 struct hci_conn *conn;
2979 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2980 __le16_to_cpu(ev->handle));
2984 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2989 conn->sec_level = conn->pending_sec_level;
2991 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2993 if (ev->status && conn->state == BT_CONNECTED) {
2994 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2995 hci_conn_drop(conn);
2999 if (conn->state == BT_CONFIG) {
3001 conn->state = BT_CONNECTED;
3003 hci_proto_connect_cfm(conn, ev->status);
3004 hci_conn_drop(conn);
3006 hci_auth_cfm(conn, ev->status);
3008 hci_conn_hold(conn);
3009 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3010 hci_conn_drop(conn);
3014 hci_dev_unlock(hdev);
3017 static u8 hci_get_auth_req(struct hci_conn *conn)
3019 /* If remote requests dedicated bonding follow that lead */
3020 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3021 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3022 /* If both remote and local IO capabilities allow MITM
3023 * protection then require it, otherwise don't */
3024 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3025 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3026 return HCI_AT_DEDICATED_BONDING;
3028 return HCI_AT_DEDICATED_BONDING_MITM;
3031 /* If remote requests no-bonding follow that lead */
3032 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3033 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3034 return conn->remote_auth | (conn->auth_type & 0x01);
3036 return conn->auth_type;
3039 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3041 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3042 struct hci_conn *conn;
3044 BT_DBG("%s", hdev->name);
3048 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3052 hci_conn_hold(conn);
3054 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3057 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3058 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3059 struct hci_cp_io_capability_reply cp;
3061 bacpy(&cp.bdaddr, &ev->bdaddr);
3062 /* Change the IO capability from KeyboardDisplay
3063 * to DisplayYesNo as it is not supported by BT spec. */
3064 cp.capability = (conn->io_capability == 0x04) ?
3065 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3066 conn->auth_type = hci_get_auth_req(conn);
3067 cp.authentication = conn->auth_type;
3069 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3070 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3075 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3078 struct hci_cp_io_capability_neg_reply cp;
3080 bacpy(&cp.bdaddr, &ev->bdaddr);
3081 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3083 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3088 hci_dev_unlock(hdev);
3091 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3093 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3094 struct hci_conn *conn;
3096 BT_DBG("%s", hdev->name);
3100 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3104 conn->remote_cap = ev->capability;
3105 conn->remote_auth = ev->authentication;
3107 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3110 hci_dev_unlock(hdev);
3113 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3114 struct sk_buff *skb)
3116 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3117 int loc_mitm, rem_mitm, confirm_hint = 0;
3118 struct hci_conn *conn;
3120 BT_DBG("%s", hdev->name);
3124 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3131 loc_mitm = (conn->auth_type & 0x01);
3132 rem_mitm = (conn->remote_auth & 0x01);
3134 /* If we require MITM but the remote device can't provide that
3135 * (it has NoInputNoOutput) then reject the confirmation
3136 * request. The only exception is when we're dedicated bonding
3137 * initiators (connect_cfm_cb set) since then we always have the MITM
3139 if (!conn->connect_cfm_cb && loc_mitm &&
3140 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3141 BT_DBG("Rejecting request: remote device can't provide MITM");
3142 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3143 sizeof(ev->bdaddr), &ev->bdaddr);
3147 /* If no side requires MITM protection; auto-accept */
3148 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3149 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3151 /* If we're not the initiators request authorization to
3152 * proceed from user space (mgmt_user_confirm with
3153 * confirm_hint set to 1). */
3154 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3155 BT_DBG("Confirming auto-accept as acceptor");
3160 BT_DBG("Auto-accept of user confirmation with %ums delay",
3161 hdev->auto_accept_delay);
3163 if (hdev->auto_accept_delay > 0) {
3164 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3165 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3169 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3170 sizeof(ev->bdaddr), &ev->bdaddr);
3175 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3179 hci_dev_unlock(hdev);
3182 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3183 struct sk_buff *skb)
3185 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3187 BT_DBG("%s", hdev->name);
3189 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3190 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3193 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3194 struct sk_buff *skb)
3196 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3197 struct hci_conn *conn;
3199 BT_DBG("%s", hdev->name);
3201 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3205 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3206 conn->passkey_entered = 0;
3208 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3209 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3210 conn->dst_type, conn->passkey_notify,
3211 conn->passkey_entered);
3214 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3216 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3217 struct hci_conn *conn;
3219 BT_DBG("%s", hdev->name);
3221 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3226 case HCI_KEYPRESS_STARTED:
3227 conn->passkey_entered = 0;
3230 case HCI_KEYPRESS_ENTERED:
3231 conn->passkey_entered++;
3234 case HCI_KEYPRESS_ERASED:
3235 conn->passkey_entered--;
3238 case HCI_KEYPRESS_CLEARED:
3239 conn->passkey_entered = 0;
3242 case HCI_KEYPRESS_COMPLETED:
3246 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3247 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3248 conn->dst_type, conn->passkey_notify,
3249 conn->passkey_entered);
3252 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3253 struct sk_buff *skb)
3255 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3256 struct hci_conn *conn;
3258 BT_DBG("%s", hdev->name);
3262 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3266 /* To avoid duplicate auth_failed events to user space we check
3267 * the HCI_CONN_AUTH_PEND flag which will be set if we
3268 * initiated the authentication. A traditional auth_complete
3269 * event gets always produced as initiator and is also mapped to
3270 * the mgmt_auth_failed event */
3271 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3272 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3275 hci_conn_drop(conn);
3278 hci_dev_unlock(hdev);
3281 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3282 struct sk_buff *skb)
3284 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3285 struct inquiry_entry *ie;
3286 struct hci_conn *conn;
3288 BT_DBG("%s", hdev->name);
3292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3294 memcpy(conn->features[1], ev->features, 8);
3296 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3298 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3300 hci_dev_unlock(hdev);
3303 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3304 struct sk_buff *skb)
3306 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3307 struct oob_data *data;
3309 BT_DBG("%s", hdev->name);
3313 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3316 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3318 struct hci_cp_remote_oob_data_reply cp;
3320 bacpy(&cp.bdaddr, &ev->bdaddr);
3321 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3322 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3324 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3327 struct hci_cp_remote_oob_data_neg_reply cp;
3329 bacpy(&cp.bdaddr, &ev->bdaddr);
3330 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3335 hci_dev_unlock(hdev);
3338 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3339 struct sk_buff *skb)
3341 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3342 struct hci_conn *hcon, *bredr_hcon;
3344 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3349 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3351 hci_dev_unlock(hdev);
3357 hci_dev_unlock(hdev);
3361 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3363 hcon->state = BT_CONNECTED;
3364 bacpy(&hcon->dst, &bredr_hcon->dst);
3366 hci_conn_hold(hcon);
3367 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3368 hci_conn_drop(hcon);
3370 hci_conn_add_sysfs(hcon);
3372 amp_physical_cfm(bredr_hcon, hcon);
3374 hci_dev_unlock(hdev);
3377 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3379 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3380 struct hci_conn *hcon;
3381 struct hci_chan *hchan;
3382 struct amp_mgr *mgr;
3384 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3385 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3388 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3392 /* Create AMP hchan */
3393 hchan = hci_chan_create(hcon);
3397 hchan->handle = le16_to_cpu(ev->handle);
3399 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3401 mgr = hcon->amp_mgr;
3402 if (mgr && mgr->bredr_chan) {
3403 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3405 l2cap_chan_lock(bredr_chan);
3407 bredr_chan->conn->mtu = hdev->block_mtu;
3408 l2cap_logical_cfm(bredr_chan, hchan, 0);
3409 hci_conn_hold(hcon);
3411 l2cap_chan_unlock(bredr_chan);
3415 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3416 struct sk_buff *skb)
3418 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3419 struct hci_chan *hchan;
3421 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3422 le16_to_cpu(ev->handle), ev->status);
3429 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3433 amp_destroy_logical_link(hchan, ev->reason);
3436 hci_dev_unlock(hdev);
3439 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3440 struct sk_buff *skb)
3442 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3443 struct hci_conn *hcon;
3445 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3452 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3454 hcon->state = BT_CLOSED;
3458 hci_dev_unlock(hdev);
3461 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3463 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3464 struct hci_conn *conn;
3466 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3470 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3472 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3474 BT_ERR("No memory for new connection");
3478 conn->dst_type = ev->bdaddr_type;
3480 if (ev->role == LE_CONN_ROLE_MASTER) {
3482 conn->link_mode |= HCI_LM_MASTER;
3487 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3488 conn->dst_type, ev->status);
3489 hci_proto_connect_cfm(conn, ev->status);
3490 conn->state = BT_CLOSED;
3495 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3496 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3497 conn->dst_type, 0, NULL, 0, NULL);
3499 conn->sec_level = BT_SECURITY_LOW;
3500 conn->handle = __le16_to_cpu(ev->handle);
3501 conn->state = BT_CONNECTED;
3503 hci_conn_add_sysfs(conn);
3505 hci_proto_connect_cfm(conn, ev->status);
3508 hci_dev_unlock(hdev);
3511 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3513 u8 num_reports = skb->data[0];
3514 void *ptr = &skb->data[1];
3517 while (num_reports--) {
3518 struct hci_ev_le_advertising_info *ev = ptr;
3520 rssi = ev->data[ev->length];
3521 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3522 NULL, rssi, 0, 1, ev->data, ev->length);
3524 ptr += sizeof(*ev) + ev->length + 1;
3528 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3530 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3531 struct hci_cp_le_ltk_reply cp;
3532 struct hci_cp_le_ltk_neg_reply neg;
3533 struct hci_conn *conn;
3534 struct smp_ltk *ltk;
3536 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3540 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3544 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3548 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3549 cp.handle = cpu_to_le16(conn->handle);
3551 if (ltk->authenticated)
3552 conn->pending_sec_level = BT_SECURITY_HIGH;
3554 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3556 conn->enc_key_size = ltk->enc_size;
3558 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3560 if (ltk->type & HCI_SMP_STK) {
3561 list_del(<k->list);
3565 hci_dev_unlock(hdev);
3570 neg.handle = ev->handle;
3571 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3572 hci_dev_unlock(hdev);
3575 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3577 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3579 skb_pull(skb, sizeof(*le_ev));
3581 switch (le_ev->subevent) {
3582 case HCI_EV_LE_CONN_COMPLETE:
3583 hci_le_conn_complete_evt(hdev, skb);
3586 case HCI_EV_LE_ADVERTISING_REPORT:
3587 hci_le_adv_report_evt(hdev, skb);
3590 case HCI_EV_LE_LTK_REQ:
3591 hci_le_ltk_request_evt(hdev, skb);
3599 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3601 struct hci_ev_channel_selected *ev = (void *) skb->data;
3602 struct hci_conn *hcon;
3604 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3606 skb_pull(skb, sizeof(*ev));
3608 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3612 amp_read_loc_assoc_final_data(hdev, hcon);
3615 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3617 struct hci_event_hdr *hdr = (void *) skb->data;
3618 __u8 event = hdr->evt;
3622 /* Received events are (currently) only needed when a request is
3623 * ongoing so avoid unnecessary memory allocation.
3625 if (hdev->req_status == HCI_REQ_PEND) {
3626 kfree_skb(hdev->recv_evt);
3627 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3630 hci_dev_unlock(hdev);
3632 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3634 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3635 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3636 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3638 hci_req_cmd_complete(hdev, opcode, 0);
3642 case HCI_EV_INQUIRY_COMPLETE:
3643 hci_inquiry_complete_evt(hdev, skb);
3646 case HCI_EV_INQUIRY_RESULT:
3647 hci_inquiry_result_evt(hdev, skb);
3650 case HCI_EV_CONN_COMPLETE:
3651 hci_conn_complete_evt(hdev, skb);
3654 case HCI_EV_CONN_REQUEST:
3655 hci_conn_request_evt(hdev, skb);
3658 case HCI_EV_DISCONN_COMPLETE:
3659 hci_disconn_complete_evt(hdev, skb);
3662 case HCI_EV_AUTH_COMPLETE:
3663 hci_auth_complete_evt(hdev, skb);
3666 case HCI_EV_REMOTE_NAME:
3667 hci_remote_name_evt(hdev, skb);
3670 case HCI_EV_ENCRYPT_CHANGE:
3671 hci_encrypt_change_evt(hdev, skb);
3674 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3675 hci_change_link_key_complete_evt(hdev, skb);
3678 case HCI_EV_REMOTE_FEATURES:
3679 hci_remote_features_evt(hdev, skb);
3682 case HCI_EV_CMD_COMPLETE:
3683 hci_cmd_complete_evt(hdev, skb);
3686 case HCI_EV_CMD_STATUS:
3687 hci_cmd_status_evt(hdev, skb);
3690 case HCI_EV_ROLE_CHANGE:
3691 hci_role_change_evt(hdev, skb);
3694 case HCI_EV_NUM_COMP_PKTS:
3695 hci_num_comp_pkts_evt(hdev, skb);
3698 case HCI_EV_MODE_CHANGE:
3699 hci_mode_change_evt(hdev, skb);
3702 case HCI_EV_PIN_CODE_REQ:
3703 hci_pin_code_request_evt(hdev, skb);
3706 case HCI_EV_LINK_KEY_REQ:
3707 hci_link_key_request_evt(hdev, skb);
3710 case HCI_EV_LINK_KEY_NOTIFY:
3711 hci_link_key_notify_evt(hdev, skb);
3714 case HCI_EV_CLOCK_OFFSET:
3715 hci_clock_offset_evt(hdev, skb);
3718 case HCI_EV_PKT_TYPE_CHANGE:
3719 hci_pkt_type_change_evt(hdev, skb);
3722 case HCI_EV_PSCAN_REP_MODE:
3723 hci_pscan_rep_mode_evt(hdev, skb);
3726 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3727 hci_inquiry_result_with_rssi_evt(hdev, skb);
3730 case HCI_EV_REMOTE_EXT_FEATURES:
3731 hci_remote_ext_features_evt(hdev, skb);
3734 case HCI_EV_SYNC_CONN_COMPLETE:
3735 hci_sync_conn_complete_evt(hdev, skb);
3738 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3739 hci_extended_inquiry_result_evt(hdev, skb);
3742 case HCI_EV_KEY_REFRESH_COMPLETE:
3743 hci_key_refresh_complete_evt(hdev, skb);
3746 case HCI_EV_IO_CAPA_REQUEST:
3747 hci_io_capa_request_evt(hdev, skb);
3750 case HCI_EV_IO_CAPA_REPLY:
3751 hci_io_capa_reply_evt(hdev, skb);
3754 case HCI_EV_USER_CONFIRM_REQUEST:
3755 hci_user_confirm_request_evt(hdev, skb);
3758 case HCI_EV_USER_PASSKEY_REQUEST:
3759 hci_user_passkey_request_evt(hdev, skb);
3762 case HCI_EV_USER_PASSKEY_NOTIFY:
3763 hci_user_passkey_notify_evt(hdev, skb);
3766 case HCI_EV_KEYPRESS_NOTIFY:
3767 hci_keypress_notify_evt(hdev, skb);
3770 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3771 hci_simple_pair_complete_evt(hdev, skb);
3774 case HCI_EV_REMOTE_HOST_FEATURES:
3775 hci_remote_host_features_evt(hdev, skb);
3778 case HCI_EV_LE_META:
3779 hci_le_meta_evt(hdev, skb);
3782 case HCI_EV_CHANNEL_SELECTED:
3783 hci_chan_selected_evt(hdev, skb);
3786 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3787 hci_remote_oob_data_request_evt(hdev, skb);
3790 case HCI_EV_PHY_LINK_COMPLETE:
3791 hci_phy_link_complete_evt(hdev, skb);
3794 case HCI_EV_LOGICAL_LINK_COMPLETE:
3795 hci_loglink_complete_evt(hdev, skb);
3798 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3799 hci_disconn_loglink_complete_evt(hdev, skb);
3802 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3803 hci_disconn_phylink_complete_evt(hdev, skb);
3806 case HCI_EV_NUM_COMP_BLOCKS:
3807 hci_num_comp_blocks_evt(hdev, skb);
3811 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3816 hdev->stat.evt_rx++;
projects / cascardo / linux.git / blob