2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/a2mp.h>
34 #include <net/bluetooth/amp.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 mgmt_stop_discovery_failed(hdev, status);
51 clear_bit(HCI_INQUIRY, &hdev->flags);
54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
59 hci_conn_check_pending(hdev);
62 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
64 __u8 status = *((__u8 *) skb->data);
66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
74 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
76 __u8 status = *((__u8 *) skb->data);
78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
91 BT_DBG("%s", hdev->name);
94 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
109 conn->link_mode &= ~HCI_LM_MASTER;
111 conn->link_mode |= HCI_LM_MASTER;
114 hci_dev_unlock(hdev);
117 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 conn->link_policy = __le16_to_cpu(rp->policy);
133 hci_dev_unlock(hdev);
136 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
155 conn->link_policy = get_unaligned_le16(sent + 2);
157 hci_dev_unlock(hdev);
160 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
170 hdev->link_policy = __le16_to_cpu(rp->policy);
173 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
176 __u8 status = *((__u8 *) skb->data);
179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
191 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
193 __u8 status = *((__u8 *) skb->data);
195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
197 clear_bit(HCI_RESET, &hdev->flags);
199 hci_req_complete(hdev, HCI_OP_RESET, status);
201 /* Reset all non-persistent flags */
202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
205 hdev->discovery.state = DISCOVERY_STOPPED;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 __u8 param = *((__u8 *) sent);
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
261 clear_bit(HCI_AUTH, &hdev->flags);
264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
293 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 param = *((__u8 *) sent);
310 mgmt_write_scan_failed(hdev, param, status);
311 hdev->discov_timeout = 0;
315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
321 mgmt_discoverable(hdev, 1);
322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
327 } else if (old_iscan)
328 mgmt_discoverable(hdev, 0);
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
333 mgmt_connectable(hdev, 1);
334 } else if (old_pscan)
335 mgmt_connectable(hdev, 0);
338 hci_dev_unlock(hdev);
339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
342 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
351 memcpy(hdev->dev_class, rp->dev_class, 3);
353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
357 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
359 __u8 status = *((__u8 *) skb->data);
362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
371 memcpy(hdev->dev_class, sent, 3);
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
376 hci_dev_unlock(hdev);
379 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
389 setting = __le16_to_cpu(rp->voice_setting);
391 if (hdev->voice_setting == setting)
394 hdev->voice_setting = setting;
396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 __u8 status = *((__u8 *) skb->data);
409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
418 setting = get_unaligned_le16(sent);
420 if (hdev->voice_setting == setting)
423 hdev->voice_setting = setting;
425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
431 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
433 __u8 status = *((__u8 *) skb->data);
435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
440 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
442 __u8 status = *((__u8 *) skb->data);
445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
463 if (lmp_ext_inq_capable(hdev))
466 if (lmp_inq_rssi_capable(hdev))
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
470 hdev->lmp_subver == 0x0757)
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
483 hdev->lmp_subver == 0x1805)
489 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
493 mode = hci_get_inquiry_mode(hdev);
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
498 static void hci_setup_event_mask(struct hci_dev *hdev)
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
510 if (lmp_bredr_capable(hdev)) {
511 events[4] |= 0x01; /* Flow Specification Complete */
512 events[4] |= 0x02; /* Inquiry Result with RSSI */
513 events[4] |= 0x04; /* Read Remote Extended Features Complete */
514 events[5] |= 0x08; /* Synchronous Connection Complete */
515 events[5] |= 0x10; /* Synchronous Connection Changed */
518 if (lmp_inq_rssi_capable(hdev))
519 events[4] |= 0x02; /* Inquiry Result with RSSI */
521 if (lmp_sniffsubr_capable(hdev))
522 events[5] |= 0x20; /* Sniff Subrating */
524 if (lmp_pause_enc_capable(hdev))
525 events[5] |= 0x80; /* Encryption Key Refresh Complete */
527 if (lmp_ext_inq_capable(hdev))
528 events[5] |= 0x40; /* Extended Inquiry Result */
530 if (lmp_no_flush_capable(hdev))
531 events[7] |= 0x01; /* Enhanced Flush Complete */
533 if (lmp_lsto_capable(hdev))
534 events[6] |= 0x80; /* Link Supervision Timeout Changed */
536 if (lmp_ssp_capable(hdev)) {
537 events[6] |= 0x01; /* IO Capability Request */
538 events[6] |= 0x02; /* IO Capability Response */
539 events[6] |= 0x04; /* User Confirmation Request */
540 events[6] |= 0x08; /* User Passkey Request */
541 events[6] |= 0x10; /* Remote OOB Data Request */
542 events[6] |= 0x20; /* Simple Pairing Complete */
543 events[7] |= 0x04; /* User Passkey Notification */
544 events[7] |= 0x08; /* Keypress Notification */
545 events[7] |= 0x10; /* Remote Host Supported
546 * Features Notification */
549 if (lmp_le_capable(hdev))
550 events[7] |= 0x20; /* LE Meta-Event */
552 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
554 if (lmp_le_capable(hdev)) {
555 memset(events, 0, sizeof(events));
557 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
558 sizeof(events), events);
562 static void bredr_setup(struct hci_dev *hdev)
564 struct hci_cp_delete_stored_link_key cp;
568 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
569 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
571 /* Read Class of Device */
572 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
574 /* Read Local Name */
575 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
577 /* Read Voice Setting */
578 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
580 /* Clear Event Filters */
581 flt_type = HCI_FLT_CLEAR_ALL;
582 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
584 /* Connection accept timeout ~20 secs */
585 param = __constant_cpu_to_le16(0x7d00);
586 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
588 bacpy(&cp.bdaddr, BDADDR_ANY);
590 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
593 static void le_setup(struct hci_dev *hdev)
595 /* Read LE Buffer Size */
596 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
598 /* Read LE Advertising Channel TX Power */
599 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
602 static void hci_setup(struct hci_dev *hdev)
604 if (hdev->dev_type != HCI_BREDR)
607 /* Read BD Address */
608 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
610 if (lmp_bredr_capable(hdev))
613 if (lmp_le_capable(hdev))
616 hci_setup_event_mask(hdev);
618 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
619 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
621 if (lmp_ssp_capable(hdev)) {
622 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
624 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
625 sizeof(mode), &mode);
627 struct hci_cp_write_eir cp;
629 memset(hdev->eir, 0, sizeof(hdev->eir));
630 memset(&cp, 0, sizeof(cp));
632 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
636 if (lmp_inq_rssi_capable(hdev))
637 hci_setup_inquiry_mode(hdev);
639 if (lmp_inq_tx_pwr_capable(hdev))
640 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
642 if (lmp_ext_feat_capable(hdev)) {
643 struct hci_cp_read_local_ext_features cp;
646 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
650 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
652 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
657 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
659 struct hci_rp_read_local_version *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
666 hdev->hci_ver = rp->hci_ver;
667 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
668 hdev->lmp_ver = rp->lmp_ver;
669 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
670 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
672 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
673 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
675 if (test_bit(HCI_INIT, &hdev->flags))
679 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
682 static void hci_setup_link_policy(struct hci_dev *hdev)
684 struct hci_cp_write_def_link_policy cp;
687 if (lmp_rswitch_capable(hdev))
688 link_policy |= HCI_LP_RSWITCH;
689 if (lmp_hold_capable(hdev))
690 link_policy |= HCI_LP_HOLD;
691 if (lmp_sniff_capable(hdev))
692 link_policy |= HCI_LP_SNIFF;
693 if (lmp_park_capable(hdev))
694 link_policy |= HCI_LP_PARK;
696 cp.policy = cpu_to_le16(link_policy);
697 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
700 static void hci_cc_read_local_commands(struct hci_dev *hdev,
703 struct hci_rp_read_local_commands *rp = (void *) skb->data;
705 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
710 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
712 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
713 hci_setup_link_policy(hdev);
716 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
719 static void hci_cc_read_local_features(struct hci_dev *hdev,
722 struct hci_rp_read_local_features *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 memcpy(hdev->features, rp->features, 8);
731 /* Adjust default settings according to features
732 * supported by device. */
734 if (hdev->features[0] & LMP_3SLOT)
735 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
737 if (hdev->features[0] & LMP_5SLOT)
738 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
740 if (hdev->features[1] & LMP_HV2) {
741 hdev->pkt_type |= (HCI_HV2);
742 hdev->esco_type |= (ESCO_HV2);
745 if (hdev->features[1] & LMP_HV3) {
746 hdev->pkt_type |= (HCI_HV3);
747 hdev->esco_type |= (ESCO_HV3);
750 if (lmp_esco_capable(hdev))
751 hdev->esco_type |= (ESCO_EV3);
753 if (hdev->features[4] & LMP_EV4)
754 hdev->esco_type |= (ESCO_EV4);
756 if (hdev->features[4] & LMP_EV5)
757 hdev->esco_type |= (ESCO_EV5);
759 if (hdev->features[5] & LMP_EDR_ESCO_2M)
760 hdev->esco_type |= (ESCO_2EV3);
762 if (hdev->features[5] & LMP_EDR_ESCO_3M)
763 hdev->esco_type |= (ESCO_3EV3);
765 if (hdev->features[5] & LMP_EDR_3S_ESCO)
766 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
768 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
769 hdev->features[0], hdev->features[1],
770 hdev->features[2], hdev->features[3],
771 hdev->features[4], hdev->features[5],
772 hdev->features[6], hdev->features[7]);
775 static void hci_set_le_support(struct hci_dev *hdev)
777 struct hci_cp_write_le_host_supported cp;
779 memset(&cp, 0, sizeof(cp));
781 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
783 cp.simul = !!lmp_le_br_capable(hdev);
786 if (cp.le != !!lmp_host_le_capable(hdev))
787 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
791 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
794 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
796 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
803 memcpy(hdev->features, rp->features, 8);
806 memcpy(hdev->host_features, rp->features, 8);
810 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
811 hci_set_le_support(hdev);
814 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
817 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
820 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
827 hdev->flow_ctl_mode = rp->mode;
829 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
832 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
834 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
836 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
841 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
842 hdev->sco_mtu = rp->sco_mtu;
843 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
844 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
846 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
851 hdev->acl_cnt = hdev->acl_pkts;
852 hdev->sco_cnt = hdev->sco_pkts;
854 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
855 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
858 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
860 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
865 bacpy(&hdev->bdaddr, &rp->bdaddr);
867 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
870 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
873 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
875 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
880 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
881 hdev->block_len = __le16_to_cpu(rp->block_len);
882 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
884 hdev->block_cnt = hdev->num_blocks;
886 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
887 hdev->block_cnt, hdev->block_len);
889 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
892 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
894 __u8 status = *((__u8 *) skb->data);
896 BT_DBG("%s status 0x%2.2x", hdev->name, status);
898 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
901 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
904 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
911 hdev->amp_status = rp->amp_status;
912 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
913 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
914 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
915 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
916 hdev->amp_type = rp->amp_type;
917 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
918 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
919 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
920 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
922 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
925 a2mp_send_getinfo_rsp(hdev);
928 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
931 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
932 struct amp_assoc *assoc = &hdev->loc_assoc;
933 size_t rem_len, frag_len;
935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
940 frag_len = skb->len - sizeof(*rp);
941 rem_len = __le16_to_cpu(rp->rem_len);
943 if (rem_len > frag_len) {
944 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
946 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
947 assoc->offset += frag_len;
949 /* Read other fragments */
950 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
955 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
956 assoc->len = assoc->offset + rem_len;
960 /* Send A2MP Rsp when all fragments are received */
961 a2mp_send_getampassoc_rsp(hdev, rp->status);
962 a2mp_send_create_phy_link_req(hdev, rp->status);
965 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
968 __u8 status = *((__u8 *) skb->data);
970 BT_DBG("%s status 0x%2.2x", hdev->name, status);
972 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
975 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
977 __u8 status = *((__u8 *) skb->data);
979 BT_DBG("%s status 0x%2.2x", hdev->name, status);
981 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
984 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
987 __u8 status = *((__u8 *) skb->data);
989 BT_DBG("%s status 0x%2.2x", hdev->name, status);
991 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
994 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
997 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
999 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1002 hdev->inq_tx_power = rp->tx_power;
1004 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
1007 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1009 __u8 status = *((__u8 *) skb->data);
1011 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1013 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1016 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1018 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1019 struct hci_cp_pin_code_reply *cp;
1020 struct hci_conn *conn;
1022 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1026 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1027 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
1032 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1036 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1038 conn->pin_length = cp->pin_len;
1041 hci_dev_unlock(hdev);
1044 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1046 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1048 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1052 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1053 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1056 hci_dev_unlock(hdev);
1059 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1060 struct sk_buff *skb)
1062 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1064 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1069 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1070 hdev->le_pkts = rp->le_max_pkt;
1072 hdev->le_cnt = hdev->le_pkts;
1074 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1076 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1079 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1080 struct sk_buff *skb)
1082 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1084 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1087 hdev->adv_tx_power = rp->tx_power;
1089 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1092 static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1094 __u8 status = *((__u8 *) skb->data);
1096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1098 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1101 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1103 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1105 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1109 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1110 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1113 hci_dev_unlock(hdev);
1116 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1117 struct sk_buff *skb)
1119 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1125 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1126 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1127 ACL_LINK, 0, rp->status);
1129 hci_dev_unlock(hdev);
1132 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1134 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1136 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1140 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1141 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1144 hci_dev_unlock(hdev);
1147 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1148 struct sk_buff *skb)
1150 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1152 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1156 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1157 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1158 ACL_LINK, 0, rp->status);
1160 hci_dev_unlock(hdev);
1163 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1164 struct sk_buff *skb)
1166 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1168 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1171 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1172 rp->randomizer, rp->status);
1173 hci_dev_unlock(hdev);
1176 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1178 __u8 status = *((__u8 *) skb->data);
1180 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1182 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1186 mgmt_start_discovery_failed(hdev, status);
1187 hci_dev_unlock(hdev);
1192 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1193 struct sk_buff *skb)
1195 struct hci_cp_le_set_scan_enable *cp;
1196 __u8 status = *((__u8 *) skb->data);
1198 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1200 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1204 switch (cp->enable) {
1205 case LE_SCANNING_ENABLED:
1206 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1210 mgmt_start_discovery_failed(hdev, status);
1211 hci_dev_unlock(hdev);
1215 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1218 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1219 hci_dev_unlock(hdev);
1222 case LE_SCANNING_DISABLED:
1225 mgmt_stop_discovery_failed(hdev, status);
1226 hci_dev_unlock(hdev);
1230 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1232 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1233 hdev->discovery.state == DISCOVERY_FINDING) {
1234 mgmt_interleaved_discovery(hdev);
1237 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1238 hci_dev_unlock(hdev);
1244 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1249 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1251 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1253 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1258 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1261 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1263 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1265 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1270 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1273 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1274 struct sk_buff *skb)
1276 struct hci_cp_write_le_host_supported *sent;
1277 __u8 status = *((__u8 *) skb->data);
1279 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1281 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1287 hdev->host_features[0] |= LMP_HOST_LE;
1289 hdev->host_features[0] &= ~LMP_HOST_LE;
1292 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1294 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1297 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1298 !test_bit(HCI_INIT, &hdev->flags))
1299 mgmt_le_enable_complete(hdev, sent->le, status);
1301 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1304 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1305 struct sk_buff *skb)
1307 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1309 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1310 hdev->name, rp->status, rp->phy_handle);
1315 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1318 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1320 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1323 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1324 hci_conn_check_pending(hdev);
1326 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1327 mgmt_start_discovery_failed(hdev, status);
1328 hci_dev_unlock(hdev);
1332 set_bit(HCI_INQUIRY, &hdev->flags);
1335 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1336 hci_dev_unlock(hdev);
1339 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1341 struct hci_cp_create_conn *cp;
1342 struct hci_conn *conn;
1344 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1346 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1354 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1357 if (conn && conn->state == BT_CONNECT) {
1358 if (status != 0x0c || conn->attempt > 2) {
1359 conn->state = BT_CLOSED;
1360 hci_proto_connect_cfm(conn, status);
1363 conn->state = BT_CONNECT2;
1367 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1370 conn->link_mode |= HCI_LM_MASTER;
1372 BT_ERR("No memory for new connection");
1376 hci_dev_unlock(hdev);
1379 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1381 struct hci_cp_add_sco *cp;
1382 struct hci_conn *acl, *sco;
1385 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1390 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1394 handle = __le16_to_cpu(cp->handle);
1396 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1400 acl = hci_conn_hash_lookup_handle(hdev, handle);
1404 sco->state = BT_CLOSED;
1406 hci_proto_connect_cfm(sco, status);
1411 hci_dev_unlock(hdev);
1414 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1416 struct hci_cp_auth_requested *cp;
1417 struct hci_conn *conn;
1419 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1424 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1432 if (conn->state == BT_CONFIG) {
1433 hci_proto_connect_cfm(conn, status);
1438 hci_dev_unlock(hdev);
1441 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1443 struct hci_cp_set_conn_encrypt *cp;
1444 struct hci_conn *conn;
1446 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1451 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1457 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1459 if (conn->state == BT_CONFIG) {
1460 hci_proto_connect_cfm(conn, status);
1465 hci_dev_unlock(hdev);
1468 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1469 struct hci_conn *conn)
1471 if (conn->state != BT_CONFIG || !conn->out)
1474 if (conn->pending_sec_level == BT_SECURITY_SDP)
1477 /* Only request authentication for SSP connections or non-SSP
1478 * devices with sec_level HIGH or if MITM protection is requested */
1479 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1480 conn->pending_sec_level != BT_SECURITY_HIGH)
1486 static int hci_resolve_name(struct hci_dev *hdev,
1487 struct inquiry_entry *e)
1489 struct hci_cp_remote_name_req cp;
1491 memset(&cp, 0, sizeof(cp));
1493 bacpy(&cp.bdaddr, &e->data.bdaddr);
1494 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1495 cp.pscan_mode = e->data.pscan_mode;
1496 cp.clock_offset = e->data.clock_offset;
1498 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1501 static bool hci_resolve_next_name(struct hci_dev *hdev)
1503 struct discovery_state *discov = &hdev->discovery;
1504 struct inquiry_entry *e;
1506 if (list_empty(&discov->resolve))
1509 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1513 if (hci_resolve_name(hdev, e) == 0) {
1514 e->name_state = NAME_PENDING;
1521 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1522 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1524 struct discovery_state *discov = &hdev->discovery;
1525 struct inquiry_entry *e;
1527 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1528 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1529 name_len, conn->dev_class);
1531 if (discov->state == DISCOVERY_STOPPED)
1534 if (discov->state == DISCOVERY_STOPPING)
1535 goto discov_complete;
1537 if (discov->state != DISCOVERY_RESOLVING)
1540 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1541 /* If the device was not found in a list of found devices names of which
1542 * are pending. there is no need to continue resolving a next name as it
1543 * will be done upon receiving another Remote Name Request Complete
1550 e->name_state = NAME_KNOWN;
1551 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1552 e->data.rssi, name, name_len);
1554 e->name_state = NAME_NOT_KNOWN;
1557 if (hci_resolve_next_name(hdev))
1561 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1564 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1566 struct hci_cp_remote_name_req *cp;
1567 struct hci_conn *conn;
1569 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1571 /* If successful wait for the name req complete event before
1572 * checking for the need to do authentication */
1576 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1582 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1584 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1585 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1590 if (!hci_outgoing_auth_needed(hdev, conn))
1593 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1594 struct hci_cp_auth_requested cp;
1595 cp.handle = __cpu_to_le16(conn->handle);
1596 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1600 hci_dev_unlock(hdev);
1603 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1605 struct hci_cp_read_remote_features *cp;
1606 struct hci_conn *conn;
1608 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1613 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1619 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1621 if (conn->state == BT_CONFIG) {
1622 hci_proto_connect_cfm(conn, status);
1627 hci_dev_unlock(hdev);
1630 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1632 struct hci_cp_read_remote_ext_features *cp;
1633 struct hci_conn *conn;
1635 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1640 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1646 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1648 if (conn->state == BT_CONFIG) {
1649 hci_proto_connect_cfm(conn, status);
1654 hci_dev_unlock(hdev);
1657 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1659 struct hci_cp_setup_sync_conn *cp;
1660 struct hci_conn *acl, *sco;
1663 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1668 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1672 handle = __le16_to_cpu(cp->handle);
1674 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1678 acl = hci_conn_hash_lookup_handle(hdev, handle);
1682 sco->state = BT_CLOSED;
1684 hci_proto_connect_cfm(sco, status);
1689 hci_dev_unlock(hdev);
1692 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1694 struct hci_cp_sniff_mode *cp;
1695 struct hci_conn *conn;
1697 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1702 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1710 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1712 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1713 hci_sco_setup(conn, status);
1716 hci_dev_unlock(hdev);
1719 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1721 struct hci_cp_exit_sniff_mode *cp;
1722 struct hci_conn *conn;
1724 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1729 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1735 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1737 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1739 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1740 hci_sco_setup(conn, status);
1743 hci_dev_unlock(hdev);
1746 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1748 struct hci_cp_disconnect *cp;
1749 struct hci_conn *conn;
1754 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1762 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1763 conn->dst_type, status);
1765 hci_dev_unlock(hdev);
1768 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1770 struct hci_conn *conn;
1772 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1777 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1779 hci_dev_unlock(hdev);
1783 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1785 conn->state = BT_CLOSED;
1786 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1787 conn->dst_type, status);
1788 hci_proto_connect_cfm(conn, status);
1791 hci_dev_unlock(hdev);
1795 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1797 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1800 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1802 struct hci_cp_create_phy_link *cp;
1804 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1809 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1813 amp_write_remote_assoc(hdev, cp->phy_handle);
1816 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1818 struct hci_cp_accept_phy_link *cp;
1820 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1825 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1829 amp_write_remote_assoc(hdev, cp->phy_handle);
1832 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1834 __u8 status = *((__u8 *) skb->data);
1835 struct discovery_state *discov = &hdev->discovery;
1836 struct inquiry_entry *e;
1838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1840 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1842 hci_conn_check_pending(hdev);
1844 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1847 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1852 if (discov->state != DISCOVERY_FINDING)
1855 if (list_empty(&discov->resolve)) {
1856 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1860 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1861 if (e && hci_resolve_name(hdev, e) == 0) {
1862 e->name_state = NAME_PENDING;
1863 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1865 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1869 hci_dev_unlock(hdev);
1872 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1874 struct inquiry_data data;
1875 struct inquiry_info *info = (void *) (skb->data + 1);
1876 int num_rsp = *((__u8 *) skb->data);
1878 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1883 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1888 for (; num_rsp; num_rsp--, info++) {
1889 bool name_known, ssp;
1891 bacpy(&data.bdaddr, &info->bdaddr);
1892 data.pscan_rep_mode = info->pscan_rep_mode;
1893 data.pscan_period_mode = info->pscan_period_mode;
1894 data.pscan_mode = info->pscan_mode;
1895 memcpy(data.dev_class, info->dev_class, 3);
1896 data.clock_offset = info->clock_offset;
1898 data.ssp_mode = 0x00;
1900 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1901 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1902 info->dev_class, 0, !name_known, ssp, NULL,
1906 hci_dev_unlock(hdev);
1909 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1911 struct hci_ev_conn_complete *ev = (void *) skb->data;
1912 struct hci_conn *conn;
1914 BT_DBG("%s", hdev->name);
1918 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1920 if (ev->link_type != SCO_LINK)
1923 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1927 conn->type = SCO_LINK;
1931 conn->handle = __le16_to_cpu(ev->handle);
1933 if (conn->type == ACL_LINK) {
1934 conn->state = BT_CONFIG;
1935 hci_conn_hold(conn);
1937 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1938 !hci_find_link_key(hdev, &ev->bdaddr))
1939 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1941 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1943 conn->state = BT_CONNECTED;
1945 hci_conn_hold_device(conn);
1946 hci_conn_add_sysfs(conn);
1948 if (test_bit(HCI_AUTH, &hdev->flags))
1949 conn->link_mode |= HCI_LM_AUTH;
1951 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1952 conn->link_mode |= HCI_LM_ENCRYPT;
1954 /* Get remote features */
1955 if (conn->type == ACL_LINK) {
1956 struct hci_cp_read_remote_features cp;
1957 cp.handle = ev->handle;
1958 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1962 /* Set packet type for incoming connection */
1963 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1964 struct hci_cp_change_conn_ptype cp;
1965 cp.handle = ev->handle;
1966 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1967 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1971 conn->state = BT_CLOSED;
1972 if (conn->type == ACL_LINK)
1973 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1974 conn->dst_type, ev->status);
1977 if (conn->type == ACL_LINK)
1978 hci_sco_setup(conn, ev->status);
1981 hci_proto_connect_cfm(conn, ev->status);
1983 } else if (ev->link_type != ACL_LINK)
1984 hci_proto_connect_cfm(conn, ev->status);
1987 hci_dev_unlock(hdev);
1989 hci_conn_check_pending(hdev);
1992 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1994 struct hci_ev_conn_request *ev = (void *) skb->data;
1995 int mask = hdev->link_mode;
1997 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2000 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
2002 if ((mask & HCI_LM_ACCEPT) &&
2003 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
2004 /* Connection accepted */
2005 struct inquiry_entry *ie;
2006 struct hci_conn *conn;
2010 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2012 memcpy(ie->data.dev_class, ev->dev_class, 3);
2014 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2017 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2019 BT_ERR("No memory for new connection");
2020 hci_dev_unlock(hdev);
2025 memcpy(conn->dev_class, ev->dev_class, 3);
2026 conn->state = BT_CONNECT;
2028 hci_dev_unlock(hdev);
2030 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2031 struct hci_cp_accept_conn_req cp;
2033 bacpy(&cp.bdaddr, &ev->bdaddr);
2035 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2036 cp.role = 0x00; /* Become master */
2038 cp.role = 0x01; /* Remain slave */
2040 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2043 struct hci_cp_accept_sync_conn_req cp;
2045 bacpy(&cp.bdaddr, &ev->bdaddr);
2046 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2048 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2049 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2050 cp.max_latency = __constant_cpu_to_le16(0xffff);
2051 cp.content_format = cpu_to_le16(hdev->voice_setting);
2052 cp.retrans_effort = 0xff;
2054 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2058 /* Connection rejected */
2059 struct hci_cp_reject_conn_req cp;
2061 bacpy(&cp.bdaddr, &ev->bdaddr);
2062 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2063 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2067 static u8 hci_to_mgmt_reason(u8 err)
2070 case HCI_ERROR_CONNECTION_TIMEOUT:
2071 return MGMT_DEV_DISCONN_TIMEOUT;
2072 case HCI_ERROR_REMOTE_USER_TERM:
2073 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2074 case HCI_ERROR_REMOTE_POWER_OFF:
2075 return MGMT_DEV_DISCONN_REMOTE;
2076 case HCI_ERROR_LOCAL_HOST_TERM:
2077 return MGMT_DEV_DISCONN_LOCAL_HOST;
2079 return MGMT_DEV_DISCONN_UNKNOWN;
2083 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2085 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2086 struct hci_conn *conn;
2088 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2092 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2096 if (ev->status == 0)
2097 conn->state = BT_CLOSED;
2099 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2100 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2102 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2103 conn->dst_type, ev->status);
2105 u8 reason = hci_to_mgmt_reason(ev->reason);
2107 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2108 conn->dst_type, reason);
2112 if (ev->status == 0) {
2113 if (conn->type == ACL_LINK && conn->flush_key)
2114 hci_remove_link_key(hdev, &conn->dst);
2115 hci_proto_disconn_cfm(conn, ev->reason);
2120 hci_dev_unlock(hdev);
2123 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2125 struct hci_ev_auth_complete *ev = (void *) skb->data;
2126 struct hci_conn *conn;
2128 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2137 if (!hci_conn_ssp_enabled(conn) &&
2138 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2139 BT_INFO("re-auth of legacy device is not possible.");
2141 conn->link_mode |= HCI_LM_AUTH;
2142 conn->sec_level = conn->pending_sec_level;
2145 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2149 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2150 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2152 if (conn->state == BT_CONFIG) {
2153 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2154 struct hci_cp_set_conn_encrypt cp;
2155 cp.handle = ev->handle;
2157 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2160 conn->state = BT_CONNECTED;
2161 hci_proto_connect_cfm(conn, ev->status);
2165 hci_auth_cfm(conn, ev->status);
2167 hci_conn_hold(conn);
2168 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2172 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2174 struct hci_cp_set_conn_encrypt cp;
2175 cp.handle = ev->handle;
2177 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2180 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2181 hci_encrypt_cfm(conn, ev->status, 0x00);
2186 hci_dev_unlock(hdev);
2189 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2191 struct hci_ev_remote_name *ev = (void *) skb->data;
2192 struct hci_conn *conn;
2194 BT_DBG("%s", hdev->name);
2196 hci_conn_check_pending(hdev);
2200 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2202 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2205 if (ev->status == 0)
2206 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2207 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2209 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2215 if (!hci_outgoing_auth_needed(hdev, conn))
2218 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2219 struct hci_cp_auth_requested cp;
2220 cp.handle = __cpu_to_le16(conn->handle);
2221 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2225 hci_dev_unlock(hdev);
2228 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2230 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2231 struct hci_conn *conn;
2233 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2237 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2241 /* Encryption implies authentication */
2242 conn->link_mode |= HCI_LM_AUTH;
2243 conn->link_mode |= HCI_LM_ENCRYPT;
2244 conn->sec_level = conn->pending_sec_level;
2246 conn->link_mode &= ~HCI_LM_ENCRYPT;
2249 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2251 if (ev->status && conn->state == BT_CONNECTED) {
2252 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2257 if (conn->state == BT_CONFIG) {
2259 conn->state = BT_CONNECTED;
2261 hci_proto_connect_cfm(conn, ev->status);
2264 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2268 hci_dev_unlock(hdev);
2271 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2272 struct sk_buff *skb)
2274 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2275 struct hci_conn *conn;
2277 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2281 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2284 conn->link_mode |= HCI_LM_SECURE;
2286 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2288 hci_key_change_cfm(conn, ev->status);
2291 hci_dev_unlock(hdev);
2294 static void hci_remote_features_evt(struct hci_dev *hdev,
2295 struct sk_buff *skb)
2297 struct hci_ev_remote_features *ev = (void *) skb->data;
2298 struct hci_conn *conn;
2300 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2304 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2309 memcpy(conn->features, ev->features, 8);
2311 if (conn->state != BT_CONFIG)
2314 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2315 struct hci_cp_read_remote_ext_features cp;
2316 cp.handle = ev->handle;
2318 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2323 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2324 struct hci_cp_remote_name_req cp;
2325 memset(&cp, 0, sizeof(cp));
2326 bacpy(&cp.bdaddr, &conn->dst);
2327 cp.pscan_rep_mode = 0x02;
2328 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2329 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2330 mgmt_device_connected(hdev, &conn->dst, conn->type,
2331 conn->dst_type, 0, NULL, 0,
2334 if (!hci_outgoing_auth_needed(hdev, conn)) {
2335 conn->state = BT_CONNECTED;
2336 hci_proto_connect_cfm(conn, ev->status);
2341 hci_dev_unlock(hdev);
2344 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2346 BT_DBG("%s", hdev->name);
2349 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2350 struct sk_buff *skb)
2352 BT_DBG("%s", hdev->name);
2355 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2357 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2360 skb_pull(skb, sizeof(*ev));
2362 opcode = __le16_to_cpu(ev->opcode);
2365 case HCI_OP_INQUIRY_CANCEL:
2366 hci_cc_inquiry_cancel(hdev, skb);
2369 case HCI_OP_PERIODIC_INQ:
2370 hci_cc_periodic_inq(hdev, skb);
2373 case HCI_OP_EXIT_PERIODIC_INQ:
2374 hci_cc_exit_periodic_inq(hdev, skb);
2377 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2378 hci_cc_remote_name_req_cancel(hdev, skb);
2381 case HCI_OP_ROLE_DISCOVERY:
2382 hci_cc_role_discovery(hdev, skb);
2385 case HCI_OP_READ_LINK_POLICY:
2386 hci_cc_read_link_policy(hdev, skb);
2389 case HCI_OP_WRITE_LINK_POLICY:
2390 hci_cc_write_link_policy(hdev, skb);
2393 case HCI_OP_READ_DEF_LINK_POLICY:
2394 hci_cc_read_def_link_policy(hdev, skb);
2397 case HCI_OP_WRITE_DEF_LINK_POLICY:
2398 hci_cc_write_def_link_policy(hdev, skb);
2402 hci_cc_reset(hdev, skb);
2405 case HCI_OP_WRITE_LOCAL_NAME:
2406 hci_cc_write_local_name(hdev, skb);
2409 case HCI_OP_READ_LOCAL_NAME:
2410 hci_cc_read_local_name(hdev, skb);
2413 case HCI_OP_WRITE_AUTH_ENABLE:
2414 hci_cc_write_auth_enable(hdev, skb);
2417 case HCI_OP_WRITE_ENCRYPT_MODE:
2418 hci_cc_write_encrypt_mode(hdev, skb);
2421 case HCI_OP_WRITE_SCAN_ENABLE:
2422 hci_cc_write_scan_enable(hdev, skb);
2425 case HCI_OP_READ_CLASS_OF_DEV:
2426 hci_cc_read_class_of_dev(hdev, skb);
2429 case HCI_OP_WRITE_CLASS_OF_DEV:
2430 hci_cc_write_class_of_dev(hdev, skb);
2433 case HCI_OP_READ_VOICE_SETTING:
2434 hci_cc_read_voice_setting(hdev, skb);
2437 case HCI_OP_WRITE_VOICE_SETTING:
2438 hci_cc_write_voice_setting(hdev, skb);
2441 case HCI_OP_HOST_BUFFER_SIZE:
2442 hci_cc_host_buffer_size(hdev, skb);
2445 case HCI_OP_WRITE_SSP_MODE:
2446 hci_cc_write_ssp_mode(hdev, skb);
2449 case HCI_OP_READ_LOCAL_VERSION:
2450 hci_cc_read_local_version(hdev, skb);
2453 case HCI_OP_READ_LOCAL_COMMANDS:
2454 hci_cc_read_local_commands(hdev, skb);
2457 case HCI_OP_READ_LOCAL_FEATURES:
2458 hci_cc_read_local_features(hdev, skb);
2461 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2462 hci_cc_read_local_ext_features(hdev, skb);
2465 case HCI_OP_READ_BUFFER_SIZE:
2466 hci_cc_read_buffer_size(hdev, skb);
2469 case HCI_OP_READ_BD_ADDR:
2470 hci_cc_read_bd_addr(hdev, skb);
2473 case HCI_OP_READ_DATA_BLOCK_SIZE:
2474 hci_cc_read_data_block_size(hdev, skb);
2477 case HCI_OP_WRITE_CA_TIMEOUT:
2478 hci_cc_write_ca_timeout(hdev, skb);
2481 case HCI_OP_READ_FLOW_CONTROL_MODE:
2482 hci_cc_read_flow_control_mode(hdev, skb);
2485 case HCI_OP_READ_LOCAL_AMP_INFO:
2486 hci_cc_read_local_amp_info(hdev, skb);
2489 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2490 hci_cc_read_local_amp_assoc(hdev, skb);
2493 case HCI_OP_DELETE_STORED_LINK_KEY:
2494 hci_cc_delete_stored_link_key(hdev, skb);
2497 case HCI_OP_SET_EVENT_MASK:
2498 hci_cc_set_event_mask(hdev, skb);
2501 case HCI_OP_WRITE_INQUIRY_MODE:
2502 hci_cc_write_inquiry_mode(hdev, skb);
2505 case HCI_OP_READ_INQ_RSP_TX_POWER:
2506 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2509 case HCI_OP_SET_EVENT_FLT:
2510 hci_cc_set_event_flt(hdev, skb);
2513 case HCI_OP_PIN_CODE_REPLY:
2514 hci_cc_pin_code_reply(hdev, skb);
2517 case HCI_OP_PIN_CODE_NEG_REPLY:
2518 hci_cc_pin_code_neg_reply(hdev, skb);
2521 case HCI_OP_READ_LOCAL_OOB_DATA:
2522 hci_cc_read_local_oob_data_reply(hdev, skb);
2525 case HCI_OP_LE_READ_BUFFER_SIZE:
2526 hci_cc_le_read_buffer_size(hdev, skb);
2529 case HCI_OP_LE_READ_ADV_TX_POWER:
2530 hci_cc_le_read_adv_tx_power(hdev, skb);
2533 case HCI_OP_LE_SET_EVENT_MASK:
2534 hci_cc_le_set_event_mask(hdev, skb);
2537 case HCI_OP_USER_CONFIRM_REPLY:
2538 hci_cc_user_confirm_reply(hdev, skb);
2541 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2542 hci_cc_user_confirm_neg_reply(hdev, skb);
2545 case HCI_OP_USER_PASSKEY_REPLY:
2546 hci_cc_user_passkey_reply(hdev, skb);
2549 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2550 hci_cc_user_passkey_neg_reply(hdev, skb);
2553 case HCI_OP_LE_SET_SCAN_PARAM:
2554 hci_cc_le_set_scan_param(hdev, skb);
2557 case HCI_OP_LE_SET_SCAN_ENABLE:
2558 hci_cc_le_set_scan_enable(hdev, skb);
2561 case HCI_OP_LE_LTK_REPLY:
2562 hci_cc_le_ltk_reply(hdev, skb);
2565 case HCI_OP_LE_LTK_NEG_REPLY:
2566 hci_cc_le_ltk_neg_reply(hdev, skb);
2569 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2570 hci_cc_write_le_host_supported(hdev, skb);
2573 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2574 hci_cc_write_remote_amp_assoc(hdev, skb);
2578 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2582 if (ev->opcode != HCI_OP_NOP)
2583 del_timer(&hdev->cmd_timer);
2586 atomic_set(&hdev->cmd_cnt, 1);
2587 if (!skb_queue_empty(&hdev->cmd_q))
2588 queue_work(hdev->workqueue, &hdev->cmd_work);
2592 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2594 struct hci_ev_cmd_status *ev = (void *) skb->data;
2597 skb_pull(skb, sizeof(*ev));
2599 opcode = __le16_to_cpu(ev->opcode);
2602 case HCI_OP_INQUIRY:
2603 hci_cs_inquiry(hdev, ev->status);
2606 case HCI_OP_CREATE_CONN:
2607 hci_cs_create_conn(hdev, ev->status);
2610 case HCI_OP_ADD_SCO:
2611 hci_cs_add_sco(hdev, ev->status);
2614 case HCI_OP_AUTH_REQUESTED:
2615 hci_cs_auth_requested(hdev, ev->status);
2618 case HCI_OP_SET_CONN_ENCRYPT:
2619 hci_cs_set_conn_encrypt(hdev, ev->status);
2622 case HCI_OP_REMOTE_NAME_REQ:
2623 hci_cs_remote_name_req(hdev, ev->status);
2626 case HCI_OP_READ_REMOTE_FEATURES:
2627 hci_cs_read_remote_features(hdev, ev->status);
2630 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2631 hci_cs_read_remote_ext_features(hdev, ev->status);
2634 case HCI_OP_SETUP_SYNC_CONN:
2635 hci_cs_setup_sync_conn(hdev, ev->status);
2638 case HCI_OP_SNIFF_MODE:
2639 hci_cs_sniff_mode(hdev, ev->status);
2642 case HCI_OP_EXIT_SNIFF_MODE:
2643 hci_cs_exit_sniff_mode(hdev, ev->status);
2646 case HCI_OP_DISCONNECT:
2647 hci_cs_disconnect(hdev, ev->status);
2650 case HCI_OP_LE_CREATE_CONN:
2651 hci_cs_le_create_conn(hdev, ev->status);
2654 case HCI_OP_LE_START_ENC:
2655 hci_cs_le_start_enc(hdev, ev->status);
2658 case HCI_OP_CREATE_PHY_LINK:
2659 hci_cs_create_phylink(hdev, ev->status);
2662 case HCI_OP_ACCEPT_PHY_LINK:
2663 hci_cs_accept_phylink(hdev, ev->status);
2667 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2671 if (ev->opcode != HCI_OP_NOP)
2672 del_timer(&hdev->cmd_timer);
2674 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2675 atomic_set(&hdev->cmd_cnt, 1);
2676 if (!skb_queue_empty(&hdev->cmd_q))
2677 queue_work(hdev->workqueue, &hdev->cmd_work);
2681 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2683 struct hci_ev_role_change *ev = (void *) skb->data;
2684 struct hci_conn *conn;
2686 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2694 conn->link_mode &= ~HCI_LM_MASTER;
2696 conn->link_mode |= HCI_LM_MASTER;
2699 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2701 hci_role_switch_cfm(conn, ev->status, ev->role);
2704 hci_dev_unlock(hdev);
2707 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2709 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2712 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2713 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2717 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2718 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2719 BT_DBG("%s bad parameters", hdev->name);
2723 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2725 for (i = 0; i < ev->num_hndl; i++) {
2726 struct hci_comp_pkts_info *info = &ev->handles[i];
2727 struct hci_conn *conn;
2728 __u16 handle, count;
2730 handle = __le16_to_cpu(info->handle);
2731 count = __le16_to_cpu(info->count);
2733 conn = hci_conn_hash_lookup_handle(hdev, handle);
2737 conn->sent -= count;
2739 switch (conn->type) {
2741 hdev->acl_cnt += count;
2742 if (hdev->acl_cnt > hdev->acl_pkts)
2743 hdev->acl_cnt = hdev->acl_pkts;
2747 if (hdev->le_pkts) {
2748 hdev->le_cnt += count;
2749 if (hdev->le_cnt > hdev->le_pkts)
2750 hdev->le_cnt = hdev->le_pkts;
2752 hdev->acl_cnt += count;
2753 if (hdev->acl_cnt > hdev->acl_pkts)
2754 hdev->acl_cnt = hdev->acl_pkts;
2759 hdev->sco_cnt += count;
2760 if (hdev->sco_cnt > hdev->sco_pkts)
2761 hdev->sco_cnt = hdev->sco_pkts;
2765 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2770 queue_work(hdev->workqueue, &hdev->tx_work);
2773 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2776 struct hci_chan *chan;
2778 switch (hdev->dev_type) {
2780 return hci_conn_hash_lookup_handle(hdev, handle);
2782 chan = hci_chan_lookup_handle(hdev, handle);
2787 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2794 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2796 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2799 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2800 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2804 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2805 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2806 BT_DBG("%s bad parameters", hdev->name);
2810 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2813 for (i = 0; i < ev->num_hndl; i++) {
2814 struct hci_comp_blocks_info *info = &ev->handles[i];
2815 struct hci_conn *conn = NULL;
2816 __u16 handle, block_count;
2818 handle = __le16_to_cpu(info->handle);
2819 block_count = __le16_to_cpu(info->blocks);
2821 conn = __hci_conn_lookup_handle(hdev, handle);
2825 conn->sent -= block_count;
2827 switch (conn->type) {
2830 hdev->block_cnt += block_count;
2831 if (hdev->block_cnt > hdev->num_blocks)
2832 hdev->block_cnt = hdev->num_blocks;
2836 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2841 queue_work(hdev->workqueue, &hdev->tx_work);
2844 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2846 struct hci_ev_mode_change *ev = (void *) skb->data;
2847 struct hci_conn *conn;
2849 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2853 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2855 conn->mode = ev->mode;
2856 conn->interval = __le16_to_cpu(ev->interval);
2858 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2860 if (conn->mode == HCI_CM_ACTIVE)
2861 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2863 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2866 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2867 hci_sco_setup(conn, ev->status);
2870 hci_dev_unlock(hdev);
2873 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2875 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2876 struct hci_conn *conn;
2878 BT_DBG("%s", hdev->name);
2882 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2886 if (conn->state == BT_CONNECTED) {
2887 hci_conn_hold(conn);
2888 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2892 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2893 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2894 sizeof(ev->bdaddr), &ev->bdaddr);
2895 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2898 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2903 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2907 hci_dev_unlock(hdev);
2910 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2912 struct hci_ev_link_key_req *ev = (void *) skb->data;
2913 struct hci_cp_link_key_reply cp;
2914 struct hci_conn *conn;
2915 struct link_key *key;
2917 BT_DBG("%s", hdev->name);
2919 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2924 key = hci_find_link_key(hdev, &ev->bdaddr);
2926 BT_DBG("%s link key not found for %pMR", hdev->name,
2931 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2934 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2935 key->type == HCI_LK_DEBUG_COMBINATION) {
2936 BT_DBG("%s ignoring debug key", hdev->name);
2940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2942 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2943 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2944 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2948 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2949 conn->pending_sec_level == BT_SECURITY_HIGH) {
2950 BT_DBG("%s ignoring key unauthenticated for high security",
2955 conn->key_type = key->type;
2956 conn->pin_length = key->pin_len;
2959 bacpy(&cp.bdaddr, &ev->bdaddr);
2960 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2962 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2964 hci_dev_unlock(hdev);
2969 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2970 hci_dev_unlock(hdev);
2973 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2975 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2976 struct hci_conn *conn;
2979 BT_DBG("%s", hdev->name);
2983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2985 hci_conn_hold(conn);
2986 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2987 pin_len = conn->pin_length;
2989 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2990 conn->key_type = ev->key_type;
2995 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2996 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2997 ev->key_type, pin_len);
2999 hci_dev_unlock(hdev);
3002 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3004 struct hci_ev_clock_offset *ev = (void *) skb->data;
3005 struct hci_conn *conn;
3007 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3012 if (conn && !ev->status) {
3013 struct inquiry_entry *ie;
3015 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3017 ie->data.clock_offset = ev->clock_offset;
3018 ie->timestamp = jiffies;
3022 hci_dev_unlock(hdev);
3025 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3027 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3028 struct hci_conn *conn;
3030 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3034 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3035 if (conn && !ev->status)
3036 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3038 hci_dev_unlock(hdev);
3041 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3043 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3044 struct inquiry_entry *ie;
3046 BT_DBG("%s", hdev->name);
3050 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3052 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3053 ie->timestamp = jiffies;
3056 hci_dev_unlock(hdev);
3059 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3060 struct sk_buff *skb)
3062 struct inquiry_data data;
3063 int num_rsp = *((__u8 *) skb->data);
3064 bool name_known, ssp;
3066 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3071 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3076 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3077 struct inquiry_info_with_rssi_and_pscan_mode *info;
3078 info = (void *) (skb->data + 1);
3080 for (; num_rsp; num_rsp--, info++) {
3081 bacpy(&data.bdaddr, &info->bdaddr);
3082 data.pscan_rep_mode = info->pscan_rep_mode;
3083 data.pscan_period_mode = info->pscan_period_mode;
3084 data.pscan_mode = info->pscan_mode;
3085 memcpy(data.dev_class, info->dev_class, 3);
3086 data.clock_offset = info->clock_offset;
3087 data.rssi = info->rssi;
3088 data.ssp_mode = 0x00;
3090 name_known = hci_inquiry_cache_update(hdev, &data,
3092 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3093 info->dev_class, info->rssi,
3094 !name_known, ssp, NULL, 0);
3097 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3099 for (; num_rsp; num_rsp--, info++) {
3100 bacpy(&data.bdaddr, &info->bdaddr);
3101 data.pscan_rep_mode = info->pscan_rep_mode;
3102 data.pscan_period_mode = info->pscan_period_mode;
3103 data.pscan_mode = 0x00;
3104 memcpy(data.dev_class, info->dev_class, 3);
3105 data.clock_offset = info->clock_offset;
3106 data.rssi = info->rssi;
3107 data.ssp_mode = 0x00;
3108 name_known = hci_inquiry_cache_update(hdev, &data,
3110 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3111 info->dev_class, info->rssi,
3112 !name_known, ssp, NULL, 0);
3116 hci_dev_unlock(hdev);
3119 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3120 struct sk_buff *skb)
3122 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3123 struct hci_conn *conn;
3125 BT_DBG("%s", hdev->name);
3129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3133 if (!ev->status && ev->page == 0x01) {
3134 struct inquiry_entry *ie;
3136 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3138 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3140 if (ev->features[0] & LMP_HOST_SSP)
3141 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3144 if (conn->state != BT_CONFIG)
3147 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3148 struct hci_cp_remote_name_req cp;
3149 memset(&cp, 0, sizeof(cp));
3150 bacpy(&cp.bdaddr, &conn->dst);
3151 cp.pscan_rep_mode = 0x02;
3152 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3153 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3154 mgmt_device_connected(hdev, &conn->dst, conn->type,
3155 conn->dst_type, 0, NULL, 0,
3158 if (!hci_outgoing_auth_needed(hdev, conn)) {
3159 conn->state = BT_CONNECTED;
3160 hci_proto_connect_cfm(conn, ev->status);
3165 hci_dev_unlock(hdev);
3168 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3169 struct sk_buff *skb)
3171 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3172 struct hci_conn *conn;
3174 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3178 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3180 if (ev->link_type == ESCO_LINK)
3183 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3187 conn->type = SCO_LINK;
3190 switch (ev->status) {
3192 conn->handle = __le16_to_cpu(ev->handle);
3193 conn->state = BT_CONNECTED;
3195 hci_conn_hold_device(conn);
3196 hci_conn_add_sysfs(conn);
3199 case 0x11: /* Unsupported Feature or Parameter Value */
3200 case 0x1c: /* SCO interval rejected */
3201 case 0x1a: /* Unsupported Remote Feature */
3202 case 0x1f: /* Unspecified error */
3203 if (conn->out && conn->attempt < 2) {
3204 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3205 (hdev->esco_type & EDR_ESCO_MASK);
3206 hci_setup_sync(conn, conn->link->handle);
3212 conn->state = BT_CLOSED;
3216 hci_proto_connect_cfm(conn, ev->status);
3221 hci_dev_unlock(hdev);
3224 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3226 BT_DBG("%s", hdev->name);
3229 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3231 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3233 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3236 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3237 struct sk_buff *skb)
3239 struct inquiry_data data;
3240 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3241 int num_rsp = *((__u8 *) skb->data);
3244 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3249 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3254 for (; num_rsp; num_rsp--, info++) {
3255 bool name_known, ssp;
3257 bacpy(&data.bdaddr, &info->bdaddr);
3258 data.pscan_rep_mode = info->pscan_rep_mode;
3259 data.pscan_period_mode = info->pscan_period_mode;
3260 data.pscan_mode = 0x00;
3261 memcpy(data.dev_class, info->dev_class, 3);
3262 data.clock_offset = info->clock_offset;
3263 data.rssi = info->rssi;
3264 data.ssp_mode = 0x01;
3266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3267 name_known = eir_has_data_type(info->data,
3273 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3275 eir_len = eir_get_length(info->data, sizeof(info->data));
3276 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3277 info->dev_class, info->rssi, !name_known,
3278 ssp, info->data, eir_len);
3281 hci_dev_unlock(hdev);
3284 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3285 struct sk_buff *skb)
3287 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3288 struct hci_conn *conn;
3290 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3291 __le16_to_cpu(ev->handle));
3295 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3300 conn->sec_level = conn->pending_sec_level;
3302 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3304 if (ev->status && conn->state == BT_CONNECTED) {
3305 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3310 if (conn->state == BT_CONFIG) {
3312 conn->state = BT_CONNECTED;
3314 hci_proto_connect_cfm(conn, ev->status);
3317 hci_auth_cfm(conn, ev->status);
3319 hci_conn_hold(conn);
3320 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3325 hci_dev_unlock(hdev);
3328 static u8 hci_get_auth_req(struct hci_conn *conn)
3330 /* If remote requests dedicated bonding follow that lead */
3331 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3332 /* If both remote and local IO capabilities allow MITM
3333 * protection then require it, otherwise don't */
3334 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3340 /* If remote requests no-bonding follow that lead */
3341 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3342 return conn->remote_auth | (conn->auth_type & 0x01);
3344 return conn->auth_type;
3347 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3349 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3350 struct hci_conn *conn;
3352 BT_DBG("%s", hdev->name);
3356 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3360 hci_conn_hold(conn);
3362 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3365 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3366 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3367 struct hci_cp_io_capability_reply cp;
3369 bacpy(&cp.bdaddr, &ev->bdaddr);
3370 /* Change the IO capability from KeyboardDisplay
3371 * to DisplayYesNo as it is not supported by BT spec. */
3372 cp.capability = (conn->io_capability == 0x04) ?
3373 0x01 : conn->io_capability;
3374 conn->auth_type = hci_get_auth_req(conn);
3375 cp.authentication = conn->auth_type;
3377 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3378 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3383 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3386 struct hci_cp_io_capability_neg_reply cp;
3388 bacpy(&cp.bdaddr, &ev->bdaddr);
3389 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3391 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3396 hci_dev_unlock(hdev);
3399 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3401 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3402 struct hci_conn *conn;
3404 BT_DBG("%s", hdev->name);
3408 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3412 conn->remote_cap = ev->capability;
3413 conn->remote_auth = ev->authentication;
3415 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3418 hci_dev_unlock(hdev);
3421 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3422 struct sk_buff *skb)
3424 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3425 int loc_mitm, rem_mitm, confirm_hint = 0;
3426 struct hci_conn *conn;
3428 BT_DBG("%s", hdev->name);
3432 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3439 loc_mitm = (conn->auth_type & 0x01);
3440 rem_mitm = (conn->remote_auth & 0x01);
3442 /* If we require MITM but the remote device can't provide that
3443 * (it has NoInputNoOutput) then reject the confirmation
3444 * request. The only exception is when we're dedicated bonding
3445 * initiators (connect_cfm_cb set) since then we always have the MITM
3447 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3448 BT_DBG("Rejecting request: remote device can't provide MITM");
3449 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3450 sizeof(ev->bdaddr), &ev->bdaddr);
3454 /* If no side requires MITM protection; auto-accept */
3455 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3456 (!rem_mitm || conn->io_capability == 0x03)) {
3458 /* If we're not the initiators request authorization to
3459 * proceed from user space (mgmt_user_confirm with
3460 * confirm_hint set to 1). */
3461 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3462 BT_DBG("Confirming auto-accept as acceptor");
3467 BT_DBG("Auto-accept of user confirmation with %ums delay",
3468 hdev->auto_accept_delay);
3470 if (hdev->auto_accept_delay > 0) {
3471 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3472 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3476 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3477 sizeof(ev->bdaddr), &ev->bdaddr);
3482 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3486 hci_dev_unlock(hdev);
3489 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3490 struct sk_buff *skb)
3492 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3494 BT_DBG("%s", hdev->name);
3496 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3497 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3500 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3501 struct sk_buff *skb)
3503 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3504 struct hci_conn *conn;
3506 BT_DBG("%s", hdev->name);
3508 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3512 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3513 conn->passkey_entered = 0;
3515 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3516 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3517 conn->dst_type, conn->passkey_notify,
3518 conn->passkey_entered);
3521 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3523 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3524 struct hci_conn *conn;
3526 BT_DBG("%s", hdev->name);
3528 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3533 case HCI_KEYPRESS_STARTED:
3534 conn->passkey_entered = 0;
3537 case HCI_KEYPRESS_ENTERED:
3538 conn->passkey_entered++;
3541 case HCI_KEYPRESS_ERASED:
3542 conn->passkey_entered--;
3545 case HCI_KEYPRESS_CLEARED:
3546 conn->passkey_entered = 0;
3549 case HCI_KEYPRESS_COMPLETED:
3553 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3554 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3555 conn->dst_type, conn->passkey_notify,
3556 conn->passkey_entered);
3559 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3560 struct sk_buff *skb)
3562 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3563 struct hci_conn *conn;
3565 BT_DBG("%s", hdev->name);
3569 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3573 /* To avoid duplicate auth_failed events to user space we check
3574 * the HCI_CONN_AUTH_PEND flag which will be set if we
3575 * initiated the authentication. A traditional auth_complete
3576 * event gets always produced as initiator and is also mapped to
3577 * the mgmt_auth_failed event */
3578 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3579 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3585 hci_dev_unlock(hdev);
3588 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3589 struct sk_buff *skb)
3591 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3592 struct inquiry_entry *ie;
3594 BT_DBG("%s", hdev->name);
3598 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3600 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3602 hci_dev_unlock(hdev);
3605 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3606 struct sk_buff *skb)
3608 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3609 struct oob_data *data;
3611 BT_DBG("%s", hdev->name);
3615 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3618 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3620 struct hci_cp_remote_oob_data_reply cp;
3622 bacpy(&cp.bdaddr, &ev->bdaddr);
3623 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3624 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3626 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3629 struct hci_cp_remote_oob_data_neg_reply cp;
3631 bacpy(&cp.bdaddr, &ev->bdaddr);
3632 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3637 hci_dev_unlock(hdev);
3640 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3642 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3643 struct hci_conn *conn;
3645 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3649 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3651 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3653 BT_ERR("No memory for new connection");
3657 conn->dst_type = ev->bdaddr_type;
3659 if (ev->role == LE_CONN_ROLE_MASTER) {
3661 conn->link_mode |= HCI_LM_MASTER;
3666 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3667 conn->dst_type, ev->status);
3668 hci_proto_connect_cfm(conn, ev->status);
3669 conn->state = BT_CLOSED;
3674 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3675 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3676 conn->dst_type, 0, NULL, 0, NULL);
3678 conn->sec_level = BT_SECURITY_LOW;
3679 conn->handle = __le16_to_cpu(ev->handle);
3680 conn->state = BT_CONNECTED;
3682 hci_conn_hold_device(conn);
3683 hci_conn_add_sysfs(conn);
3685 hci_proto_connect_cfm(conn, ev->status);
3688 hci_dev_unlock(hdev);
3691 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3693 u8 num_reports = skb->data[0];
3694 void *ptr = &skb->data[1];
3699 while (num_reports--) {
3700 struct hci_ev_le_advertising_info *ev = ptr;
3702 rssi = ev->data[ev->length];
3703 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3704 NULL, rssi, 0, 1, ev->data, ev->length);
3706 ptr += sizeof(*ev) + ev->length + 1;
3709 hci_dev_unlock(hdev);
3712 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3714 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3715 struct hci_cp_le_ltk_reply cp;
3716 struct hci_cp_le_ltk_neg_reply neg;
3717 struct hci_conn *conn;
3718 struct smp_ltk *ltk;
3720 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3728 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3732 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3733 cp.handle = cpu_to_le16(conn->handle);
3735 if (ltk->authenticated)
3736 conn->sec_level = BT_SECURITY_HIGH;
3738 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3740 if (ltk->type & HCI_SMP_STK) {
3741 list_del(<k->list);
3745 hci_dev_unlock(hdev);
3750 neg.handle = ev->handle;
3751 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3752 hci_dev_unlock(hdev);
3755 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3757 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3759 skb_pull(skb, sizeof(*le_ev));
3761 switch (le_ev->subevent) {
3762 case HCI_EV_LE_CONN_COMPLETE:
3763 hci_le_conn_complete_evt(hdev, skb);
3766 case HCI_EV_LE_ADVERTISING_REPORT:
3767 hci_le_adv_report_evt(hdev, skb);
3770 case HCI_EV_LE_LTK_REQ:
3771 hci_le_ltk_request_evt(hdev, skb);
3779 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3781 struct hci_ev_channel_selected *ev = (void *) skb->data;
3782 struct hci_conn *hcon;
3784 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3786 skb_pull(skb, sizeof(*ev));
3788 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3792 amp_read_loc_assoc_final_data(hdev, hcon);
3795 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3797 struct hci_event_hdr *hdr = (void *) skb->data;
3798 __u8 event = hdr->evt;
3800 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3803 case HCI_EV_INQUIRY_COMPLETE:
3804 hci_inquiry_complete_evt(hdev, skb);
3807 case HCI_EV_INQUIRY_RESULT:
3808 hci_inquiry_result_evt(hdev, skb);
3811 case HCI_EV_CONN_COMPLETE:
3812 hci_conn_complete_evt(hdev, skb);
3815 case HCI_EV_CONN_REQUEST:
3816 hci_conn_request_evt(hdev, skb);
3819 case HCI_EV_DISCONN_COMPLETE:
3820 hci_disconn_complete_evt(hdev, skb);
3823 case HCI_EV_AUTH_COMPLETE:
3824 hci_auth_complete_evt(hdev, skb);
3827 case HCI_EV_REMOTE_NAME:
3828 hci_remote_name_evt(hdev, skb);
3831 case HCI_EV_ENCRYPT_CHANGE:
3832 hci_encrypt_change_evt(hdev, skb);
3835 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3836 hci_change_link_key_complete_evt(hdev, skb);
3839 case HCI_EV_REMOTE_FEATURES:
3840 hci_remote_features_evt(hdev, skb);
3843 case HCI_EV_REMOTE_VERSION:
3844 hci_remote_version_evt(hdev, skb);
3847 case HCI_EV_QOS_SETUP_COMPLETE:
3848 hci_qos_setup_complete_evt(hdev, skb);
3851 case HCI_EV_CMD_COMPLETE:
3852 hci_cmd_complete_evt(hdev, skb);
3855 case HCI_EV_CMD_STATUS:
3856 hci_cmd_status_evt(hdev, skb);
3859 case HCI_EV_ROLE_CHANGE:
3860 hci_role_change_evt(hdev, skb);
3863 case HCI_EV_NUM_COMP_PKTS:
3864 hci_num_comp_pkts_evt(hdev, skb);
3867 case HCI_EV_MODE_CHANGE:
3868 hci_mode_change_evt(hdev, skb);
3871 case HCI_EV_PIN_CODE_REQ:
3872 hci_pin_code_request_evt(hdev, skb);
3875 case HCI_EV_LINK_KEY_REQ:
3876 hci_link_key_request_evt(hdev, skb);
3879 case HCI_EV_LINK_KEY_NOTIFY:
3880 hci_link_key_notify_evt(hdev, skb);
3883 case HCI_EV_CLOCK_OFFSET:
3884 hci_clock_offset_evt(hdev, skb);
3887 case HCI_EV_PKT_TYPE_CHANGE:
3888 hci_pkt_type_change_evt(hdev, skb);
3891 case HCI_EV_PSCAN_REP_MODE:
3892 hci_pscan_rep_mode_evt(hdev, skb);
3895 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3896 hci_inquiry_result_with_rssi_evt(hdev, skb);
3899 case HCI_EV_REMOTE_EXT_FEATURES:
3900 hci_remote_ext_features_evt(hdev, skb);
3903 case HCI_EV_SYNC_CONN_COMPLETE:
3904 hci_sync_conn_complete_evt(hdev, skb);
3907 case HCI_EV_SYNC_CONN_CHANGED:
3908 hci_sync_conn_changed_evt(hdev, skb);
3911 case HCI_EV_SNIFF_SUBRATE:
3912 hci_sniff_subrate_evt(hdev, skb);
3915 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3916 hci_extended_inquiry_result_evt(hdev, skb);
3919 case HCI_EV_KEY_REFRESH_COMPLETE:
3920 hci_key_refresh_complete_evt(hdev, skb);
3923 case HCI_EV_IO_CAPA_REQUEST:
3924 hci_io_capa_request_evt(hdev, skb);
3927 case HCI_EV_IO_CAPA_REPLY:
3928 hci_io_capa_reply_evt(hdev, skb);
3931 case HCI_EV_USER_CONFIRM_REQUEST:
3932 hci_user_confirm_request_evt(hdev, skb);
3935 case HCI_EV_USER_PASSKEY_REQUEST:
3936 hci_user_passkey_request_evt(hdev, skb);
3939 case HCI_EV_USER_PASSKEY_NOTIFY:
3940 hci_user_passkey_notify_evt(hdev, skb);
3943 case HCI_EV_KEYPRESS_NOTIFY:
3944 hci_keypress_notify_evt(hdev, skb);
3947 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3948 hci_simple_pair_complete_evt(hdev, skb);
3951 case HCI_EV_REMOTE_HOST_FEATURES:
3952 hci_remote_host_features_evt(hdev, skb);
3955 case HCI_EV_LE_META:
3956 hci_le_meta_evt(hdev, skb);
3959 case HCI_EV_CHANNEL_SELECTED:
3960 hci_chan_selected_evt(hdev, skb);
3963 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3964 hci_remote_oob_data_request_evt(hdev, skb);
3967 case HCI_EV_NUM_COMP_BLOCKS:
3968 hci_num_comp_blocks_evt(hdev, skb);
3972 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3977 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob