2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
45 mgmt_stop_discovery_failed(hdev, status);
50 clear_bit(HCI_INQUIRY, &hdev->flags);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
58 hci_conn_check_pending(hdev);
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63 __u8 status = *((__u8 *) skb->data);
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 hci_conn_check_pending(hdev);
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
169 hdev->link_policy = __le16_to_cpu(rp->policy);
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
175 __u8 status = *((__u8 *) skb->data);
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
185 hdev->link_policy = get_unaligned_le16(sent);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 /* Reset all non-persistent flags */
197 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
198 BIT(HCI_PERIODIC_INQ));
200 hdev->discovery.state = DISCOVERY_STOPPED;
201 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
202 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
204 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
205 hdev->adv_data_len = 0;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 if (!status && !test_bit(HCI_INIT, &hdev->flags))
232 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234 struct hci_rp_read_local_name *rp = (void *) skb->data;
236 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
241 if (test_bit(HCI_SETUP, &hdev->dev_flags))
242 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
245 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247 __u8 status = *((__u8 *) skb->data);
250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
252 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
257 __u8 param = *((__u8 *) sent);
259 if (param == AUTH_ENABLED)
260 set_bit(HCI_AUTH, &hdev->flags);
262 clear_bit(HCI_AUTH, &hdev->flags);
265 if (test_bit(HCI_MGMT, &hdev->dev_flags))
266 mgmt_auth_enable_complete(hdev, status);
269 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
271 __u8 status = *((__u8 *) skb->data);
274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
281 __u8 param = *((__u8 *) sent);
284 set_bit(HCI_ENCRYPT, &hdev->flags);
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 param = *((__u8 *) sent);
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
318 mgmt_discoverable(hdev, 1);
319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
335 hci_dev_unlock(hdev);
338 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
347 memcpy(hdev->dev_class, rp->dev_class, 3);
349 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
350 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
353 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355 __u8 status = *((__u8 *) skb->data);
358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 memcpy(hdev->dev_class, sent, 3);
369 if (test_bit(HCI_MGMT, &hdev->dev_flags))
370 mgmt_set_class_of_dev_complete(hdev, sent, status);
372 hci_dev_unlock(hdev);
375 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
380 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
385 setting = __le16_to_cpu(rp->voice_setting);
387 if (hdev->voice_setting == setting)
390 hdev->voice_setting = setting;
392 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
398 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
401 __u8 status = *((__u8 *) skb->data);
405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
410 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 setting = get_unaligned_le16(sent);
416 if (hdev->voice_setting == setting)
419 hdev->voice_setting = setting;
421 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
424 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
427 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
429 __u8 status = *((__u8 *) skb->data);
431 BT_DBG("%s status 0x%2.2x", hdev->name, status);
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
437 struct hci_cp_write_ssp_mode *sent;
439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
441 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 hdev->host_features[0] |= LMP_HOST_SSP;
449 hdev->host_features[0] &= ~LMP_HOST_SSP;
452 if (test_bit(HCI_MGMT, &hdev->dev_flags))
453 mgmt_ssp_enable_complete(hdev, sent->mode, status);
456 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
458 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
464 struct hci_rp_read_local_version *rp = (void *) skb->data;
466 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
471 hdev->hci_ver = rp->hci_ver;
472 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
473 hdev->lmp_ver = rp->lmp_ver;
474 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
475 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
477 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
478 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
481 static void hci_cc_read_local_commands(struct hci_dev *hdev,
484 struct hci_rp_read_local_commands *rp = (void *) skb->data;
486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
489 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
492 static void hci_cc_read_local_features(struct hci_dev *hdev,
495 struct hci_rp_read_local_features *rp = (void *) skb->data;
497 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
502 memcpy(hdev->features, rp->features, 8);
504 /* Adjust default settings according to features
505 * supported by device. */
507 if (hdev->features[0] & LMP_3SLOT)
508 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
510 if (hdev->features[0] & LMP_5SLOT)
511 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
513 if (hdev->features[1] & LMP_HV2) {
514 hdev->pkt_type |= (HCI_HV2);
515 hdev->esco_type |= (ESCO_HV2);
518 if (hdev->features[1] & LMP_HV3) {
519 hdev->pkt_type |= (HCI_HV3);
520 hdev->esco_type |= (ESCO_HV3);
523 if (lmp_esco_capable(hdev))
524 hdev->esco_type |= (ESCO_EV3);
526 if (hdev->features[4] & LMP_EV4)
527 hdev->esco_type |= (ESCO_EV4);
529 if (hdev->features[4] & LMP_EV5)
530 hdev->esco_type |= (ESCO_EV5);
532 if (hdev->features[5] & LMP_EDR_ESCO_2M)
533 hdev->esco_type |= (ESCO_2EV3);
535 if (hdev->features[5] & LMP_EDR_ESCO_3M)
536 hdev->esco_type |= (ESCO_3EV3);
538 if (hdev->features[5] & LMP_EDR_3S_ESCO)
539 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
541 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
542 hdev->features[0], hdev->features[1],
543 hdev->features[2], hdev->features[3],
544 hdev->features[4], hdev->features[5],
545 hdev->features[6], hdev->features[7]);
548 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
551 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
553 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
560 memcpy(hdev->features, rp->features, 8);
563 memcpy(hdev->host_features, rp->features, 8);
568 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
571 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
573 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
576 hdev->flow_ctl_mode = rp->mode;
579 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
581 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
583 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
588 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
589 hdev->sco_mtu = rp->sco_mtu;
590 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
591 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
593 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
598 hdev->acl_cnt = hdev->acl_pkts;
599 hdev->sco_cnt = hdev->sco_pkts;
601 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
602 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
605 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
607 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
609 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
612 bacpy(&hdev->bdaddr, &rp->bdaddr);
615 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
618 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
620 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
625 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
626 hdev->block_len = __le16_to_cpu(rp->block_len);
627 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
629 hdev->block_cnt = hdev->num_blocks;
631 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
632 hdev->block_cnt, hdev->block_len);
635 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
637 __u8 status = *((__u8 *) skb->data);
639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
642 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
645 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 hdev->amp_status = rp->amp_status;
653 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
654 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
655 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
656 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
657 hdev->amp_type = rp->amp_type;
658 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
659 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
660 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
661 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
664 a2mp_send_getinfo_rsp(hdev);
667 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
670 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
671 struct amp_assoc *assoc = &hdev->loc_assoc;
672 size_t rem_len, frag_len;
674 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
679 frag_len = skb->len - sizeof(*rp);
680 rem_len = __le16_to_cpu(rp->rem_len);
682 if (rem_len > frag_len) {
683 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
685 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
686 assoc->offset += frag_len;
688 /* Read other fragments */
689 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
694 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
695 assoc->len = assoc->offset + rem_len;
699 /* Send A2MP Rsp when all fragments are received */
700 a2mp_send_getampassoc_rsp(hdev, rp->status);
701 a2mp_send_create_phy_link_req(hdev, rp->status);
704 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
707 __u8 status = *((__u8 *) skb->data);
709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
712 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
714 __u8 status = *((__u8 *) skb->data);
716 BT_DBG("%s status 0x%2.2x", hdev->name, status);
719 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
722 __u8 status = *((__u8 *) skb->data);
724 BT_DBG("%s status 0x%2.2x", hdev->name, status);
727 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
730 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
732 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
735 hdev->inq_tx_power = rp->tx_power;
738 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
740 __u8 status = *((__u8 *) skb->data);
742 BT_DBG("%s status 0x%2.2x", hdev->name, status);
745 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
747 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
748 struct hci_cp_pin_code_reply *cp;
749 struct hci_conn *conn;
751 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
755 if (test_bit(HCI_MGMT, &hdev->dev_flags))
756 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
761 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
767 conn->pin_length = cp->pin_len;
770 hci_dev_unlock(hdev);
773 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
775 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
777 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
781 if (test_bit(HCI_MGMT, &hdev->dev_flags))
782 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
785 hci_dev_unlock(hdev);
788 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
799 hdev->le_pkts = rp->le_max_pkt;
801 hdev->le_cnt = hdev->le_pkts;
803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
806 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
809 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
811 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
814 memcpy(hdev->le_features, rp->features, 8);
817 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
820 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
825 hdev->adv_tx_power = rp->tx_power;
826 if (!test_bit(HCI_INIT, &hdev->flags))
831 static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
833 __u8 status = *((__u8 *) skb->data);
835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
838 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
840 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846 if (test_bit(HCI_MGMT, &hdev->dev_flags))
847 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
850 hci_dev_unlock(hdev);
853 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
856 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
858 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
862 if (test_bit(HCI_MGMT, &hdev->dev_flags))
863 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
864 ACL_LINK, 0, rp->status);
866 hci_dev_unlock(hdev);
869 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
871 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
873 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
877 if (test_bit(HCI_MGMT, &hdev->dev_flags))
878 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
881 hci_dev_unlock(hdev);
884 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
887 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
889 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
893 if (test_bit(HCI_MGMT, &hdev->dev_flags))
894 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
895 ACL_LINK, 0, rp->status);
897 hci_dev_unlock(hdev);
900 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
903 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
905 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
908 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
909 rp->randomizer, rp->status);
910 hci_dev_unlock(hdev);
913 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
915 __u8 *sent, status = *((__u8 *) skb->data);
917 BT_DBG("%s status 0x%2.2x", hdev->name, status);
919 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
927 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
929 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
932 hci_dev_unlock(hdev);
934 if (!test_bit(HCI_INIT, &hdev->flags))
938 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
940 __u8 status = *((__u8 *) skb->data);
942 BT_DBG("%s status 0x%2.2x", hdev->name, status);
946 mgmt_start_discovery_failed(hdev, status);
947 hci_dev_unlock(hdev);
952 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
955 struct hci_cp_le_set_scan_enable *cp;
956 __u8 status = *((__u8 *) skb->data);
958 BT_DBG("%s status 0x%2.2x", hdev->name, status);
960 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
964 switch (cp->enable) {
965 case LE_SCANNING_ENABLED:
968 mgmt_start_discovery_failed(hdev, status);
969 hci_dev_unlock(hdev);
973 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
976 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
977 hci_dev_unlock(hdev);
980 case LE_SCANNING_DISABLED:
983 mgmt_stop_discovery_failed(hdev, status);
984 hci_dev_unlock(hdev);
988 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
990 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
991 hdev->discovery.state == DISCOVERY_FINDING) {
992 mgmt_interleaved_discovery(hdev);
995 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
996 hci_dev_unlock(hdev);
1002 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1007 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1008 struct sk_buff *skb)
1010 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1012 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1015 hdev->le_white_list_size = rp->size;
1018 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1020 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1022 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1028 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1030 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1032 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1038 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1039 struct sk_buff *skb)
1041 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1043 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046 memcpy(hdev->le_states, rp->le_states, 8);
1049 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1050 struct sk_buff *skb)
1052 struct hci_cp_write_le_host_supported *sent;
1053 __u8 status = *((__u8 *) skb->data);
1055 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1057 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1063 hdev->host_features[0] |= LMP_HOST_LE;
1065 hdev->host_features[0] &= ~LMP_HOST_LE;
1068 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1070 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1073 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1074 !test_bit(HCI_INIT, &hdev->flags))
1075 mgmt_le_enable_complete(hdev, sent->le, status);
1078 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1079 struct sk_buff *skb)
1081 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1083 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1084 hdev->name, rp->status, rp->phy_handle);
1089 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1092 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1094 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1097 hci_conn_check_pending(hdev);
1099 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1100 mgmt_start_discovery_failed(hdev, status);
1101 hci_dev_unlock(hdev);
1105 set_bit(HCI_INQUIRY, &hdev->flags);
1108 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1109 hci_dev_unlock(hdev);
1112 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1114 struct hci_cp_create_conn *cp;
1115 struct hci_conn *conn;
1117 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1119 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1125 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1127 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1130 if (conn && conn->state == BT_CONNECT) {
1131 if (status != 0x0c || conn->attempt > 2) {
1132 conn->state = BT_CLOSED;
1133 hci_proto_connect_cfm(conn, status);
1136 conn->state = BT_CONNECT2;
1140 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1143 conn->link_mode |= HCI_LM_MASTER;
1145 BT_ERR("No memory for new connection");
1149 hci_dev_unlock(hdev);
1152 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1154 struct hci_cp_add_sco *cp;
1155 struct hci_conn *acl, *sco;
1158 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1163 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1167 handle = __le16_to_cpu(cp->handle);
1169 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1173 acl = hci_conn_hash_lookup_handle(hdev, handle);
1177 sco->state = BT_CLOSED;
1179 hci_proto_connect_cfm(sco, status);
1184 hci_dev_unlock(hdev);
1187 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1189 struct hci_cp_auth_requested *cp;
1190 struct hci_conn *conn;
1192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1197 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1203 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1205 if (conn->state == BT_CONFIG) {
1206 hci_proto_connect_cfm(conn, status);
1211 hci_dev_unlock(hdev);
1214 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1216 struct hci_cp_set_conn_encrypt *cp;
1217 struct hci_conn *conn;
1219 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1224 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1230 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1232 if (conn->state == BT_CONFIG) {
1233 hci_proto_connect_cfm(conn, status);
1238 hci_dev_unlock(hdev);
1241 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1242 struct hci_conn *conn)
1244 if (conn->state != BT_CONFIG || !conn->out)
1247 if (conn->pending_sec_level == BT_SECURITY_SDP)
1250 /* Only request authentication for SSP connections or non-SSP
1251 * devices with sec_level HIGH or if MITM protection is requested */
1252 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1253 conn->pending_sec_level != BT_SECURITY_HIGH)
1259 static int hci_resolve_name(struct hci_dev *hdev,
1260 struct inquiry_entry *e)
1262 struct hci_cp_remote_name_req cp;
1264 memset(&cp, 0, sizeof(cp));
1266 bacpy(&cp.bdaddr, &e->data.bdaddr);
1267 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1268 cp.pscan_mode = e->data.pscan_mode;
1269 cp.clock_offset = e->data.clock_offset;
1271 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1274 static bool hci_resolve_next_name(struct hci_dev *hdev)
1276 struct discovery_state *discov = &hdev->discovery;
1277 struct inquiry_entry *e;
1279 if (list_empty(&discov->resolve))
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1286 if (hci_resolve_name(hdev, e) == 0) {
1287 e->name_state = NAME_PENDING;
1294 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1295 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1297 struct discovery_state *discov = &hdev->discovery;
1298 struct inquiry_entry *e;
1300 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1301 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1302 name_len, conn->dev_class);
1304 if (discov->state == DISCOVERY_STOPPED)
1307 if (discov->state == DISCOVERY_STOPPING)
1308 goto discov_complete;
1310 if (discov->state != DISCOVERY_RESOLVING)
1313 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1314 /* If the device was not found in a list of found devices names of which
1315 * are pending. there is no need to continue resolving a next name as it
1316 * will be done upon receiving another Remote Name Request Complete
1323 e->name_state = NAME_KNOWN;
1324 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1325 e->data.rssi, name, name_len);
1327 e->name_state = NAME_NOT_KNOWN;
1330 if (hci_resolve_next_name(hdev))
1334 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1337 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1339 struct hci_cp_remote_name_req *cp;
1340 struct hci_conn *conn;
1342 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1344 /* If successful wait for the name req complete event before
1345 * checking for the need to do authentication */
1349 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1355 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1357 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1358 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1363 if (!hci_outgoing_auth_needed(hdev, conn))
1366 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1367 struct hci_cp_auth_requested cp;
1368 cp.handle = __cpu_to_le16(conn->handle);
1369 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1373 hci_dev_unlock(hdev);
1376 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1378 struct hci_cp_read_remote_features *cp;
1379 struct hci_conn *conn;
1381 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1386 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1392 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1394 if (conn->state == BT_CONFIG) {
1395 hci_proto_connect_cfm(conn, status);
1400 hci_dev_unlock(hdev);
1403 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1405 struct hci_cp_read_remote_ext_features *cp;
1406 struct hci_conn *conn;
1408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1413 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1419 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1421 if (conn->state == BT_CONFIG) {
1422 hci_proto_connect_cfm(conn, status);
1427 hci_dev_unlock(hdev);
1430 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1432 struct hci_cp_setup_sync_conn *cp;
1433 struct hci_conn *acl, *sco;
1436 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1441 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1445 handle = __le16_to_cpu(cp->handle);
1447 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1451 acl = hci_conn_hash_lookup_handle(hdev, handle);
1455 sco->state = BT_CLOSED;
1457 hci_proto_connect_cfm(sco, status);
1462 hci_dev_unlock(hdev);
1465 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1467 struct hci_cp_sniff_mode *cp;
1468 struct hci_conn *conn;
1470 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1481 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1483 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1485 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1486 hci_sco_setup(conn, status);
1489 hci_dev_unlock(hdev);
1492 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1494 struct hci_cp_exit_sniff_mode *cp;
1495 struct hci_conn *conn;
1497 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1502 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1510 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1512 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1513 hci_sco_setup(conn, status);
1516 hci_dev_unlock(hdev);
1519 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1521 struct hci_cp_disconnect *cp;
1522 struct hci_conn *conn;
1527 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1533 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1535 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1536 conn->dst_type, status);
1538 hci_dev_unlock(hdev);
1541 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1543 struct hci_conn *conn;
1545 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1550 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1552 hci_dev_unlock(hdev);
1556 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1558 conn->state = BT_CLOSED;
1559 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1560 conn->dst_type, status);
1561 hci_proto_connect_cfm(conn, status);
1564 hci_dev_unlock(hdev);
1568 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1570 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1573 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1575 struct hci_cp_create_phy_link *cp;
1577 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1579 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1586 struct hci_conn *hcon;
1588 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1592 amp_write_remote_assoc(hdev, cp->phy_handle);
1595 hci_dev_unlock(hdev);
1598 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1600 struct hci_cp_accept_phy_link *cp;
1602 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1607 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1611 amp_write_remote_assoc(hdev, cp->phy_handle);
1614 static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1616 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1619 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1621 __u8 status = *((__u8 *) skb->data);
1622 struct discovery_state *discov = &hdev->discovery;
1623 struct inquiry_entry *e;
1625 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1627 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1629 hci_conn_check_pending(hdev);
1631 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1634 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1639 if (discov->state != DISCOVERY_FINDING)
1642 if (list_empty(&discov->resolve)) {
1643 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1647 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1648 if (e && hci_resolve_name(hdev, e) == 0) {
1649 e->name_state = NAME_PENDING;
1650 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1652 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1656 hci_dev_unlock(hdev);
1659 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1661 struct inquiry_data data;
1662 struct inquiry_info *info = (void *) (skb->data + 1);
1663 int num_rsp = *((__u8 *) skb->data);
1665 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1670 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1675 for (; num_rsp; num_rsp--, info++) {
1676 bool name_known, ssp;
1678 bacpy(&data.bdaddr, &info->bdaddr);
1679 data.pscan_rep_mode = info->pscan_rep_mode;
1680 data.pscan_period_mode = info->pscan_period_mode;
1681 data.pscan_mode = info->pscan_mode;
1682 memcpy(data.dev_class, info->dev_class, 3);
1683 data.clock_offset = info->clock_offset;
1685 data.ssp_mode = 0x00;
1687 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1688 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1689 info->dev_class, 0, !name_known, ssp, NULL,
1693 hci_dev_unlock(hdev);
1696 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1698 struct hci_ev_conn_complete *ev = (void *) skb->data;
1699 struct hci_conn *conn;
1701 BT_DBG("%s", hdev->name);
1705 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1707 if (ev->link_type != SCO_LINK)
1710 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1714 conn->type = SCO_LINK;
1718 conn->handle = __le16_to_cpu(ev->handle);
1720 if (conn->type == ACL_LINK) {
1721 conn->state = BT_CONFIG;
1722 hci_conn_hold(conn);
1724 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1725 !hci_find_link_key(hdev, &ev->bdaddr))
1726 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1728 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1730 conn->state = BT_CONNECTED;
1732 hci_conn_hold_device(conn);
1733 hci_conn_add_sysfs(conn);
1735 if (test_bit(HCI_AUTH, &hdev->flags))
1736 conn->link_mode |= HCI_LM_AUTH;
1738 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1739 conn->link_mode |= HCI_LM_ENCRYPT;
1741 /* Get remote features */
1742 if (conn->type == ACL_LINK) {
1743 struct hci_cp_read_remote_features cp;
1744 cp.handle = ev->handle;
1745 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1749 /* Set packet type for incoming connection */
1750 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1751 struct hci_cp_change_conn_ptype cp;
1752 cp.handle = ev->handle;
1753 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1754 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1758 conn->state = BT_CLOSED;
1759 if (conn->type == ACL_LINK)
1760 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1761 conn->dst_type, ev->status);
1764 if (conn->type == ACL_LINK)
1765 hci_sco_setup(conn, ev->status);
1768 hci_proto_connect_cfm(conn, ev->status);
1770 } else if (ev->link_type != ACL_LINK)
1771 hci_proto_connect_cfm(conn, ev->status);
1774 hci_dev_unlock(hdev);
1776 hci_conn_check_pending(hdev);
1779 void hci_conn_accept(struct hci_conn *conn, int mask)
1781 struct hci_dev *hdev = conn->hdev;
1783 BT_DBG("conn %p", conn);
1785 conn->state = BT_CONFIG;
1787 if (!lmp_esco_capable(hdev)) {
1788 struct hci_cp_accept_conn_req cp;
1790 bacpy(&cp.bdaddr, &conn->dst);
1792 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1793 cp.role = 0x00; /* Become master */
1795 cp.role = 0x01; /* Remain slave */
1797 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1798 } else /* lmp_esco_capable(hdev)) */ {
1799 struct hci_cp_accept_sync_conn_req cp;
1801 bacpy(&cp.bdaddr, &conn->dst);
1802 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1804 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1805 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1806 cp.max_latency = __constant_cpu_to_le16(0xffff);
1807 cp.content_format = cpu_to_le16(hdev->voice_setting);
1808 cp.retrans_effort = 0xff;
1810 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1815 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1817 struct hci_ev_conn_request *ev = (void *) skb->data;
1818 int mask = hdev->link_mode;
1821 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1824 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1827 if ((mask & HCI_LM_ACCEPT) &&
1828 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1829 /* Connection accepted */
1830 struct inquiry_entry *ie;
1831 struct hci_conn *conn;
1835 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1837 memcpy(ie->data.dev_class, ev->dev_class, 3);
1839 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1842 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1844 BT_ERR("No memory for new connection");
1845 hci_dev_unlock(hdev);
1850 memcpy(conn->dev_class, ev->dev_class, 3);
1852 hci_dev_unlock(hdev);
1854 if (ev->link_type == ACL_LINK ||
1855 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1856 struct hci_cp_accept_conn_req cp;
1857 conn->state = BT_CONNECT;
1859 bacpy(&cp.bdaddr, &ev->bdaddr);
1861 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1862 cp.role = 0x00; /* Become master */
1864 cp.role = 0x01; /* Remain slave */
1866 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1868 } else if (!(flags & HCI_PROTO_DEFER)) {
1869 struct hci_cp_accept_sync_conn_req cp;
1870 conn->state = BT_CONNECT;
1872 bacpy(&cp.bdaddr, &ev->bdaddr);
1873 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1875 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1876 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1877 cp.max_latency = __constant_cpu_to_le16(0xffff);
1878 cp.content_format = cpu_to_le16(hdev->voice_setting);
1879 cp.retrans_effort = 0xff;
1881 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1884 conn->state = BT_CONNECT2;
1885 hci_proto_connect_cfm(conn, 0);
1889 /* Connection rejected */
1890 struct hci_cp_reject_conn_req cp;
1892 bacpy(&cp.bdaddr, &ev->bdaddr);
1893 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1894 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1898 static u8 hci_to_mgmt_reason(u8 err)
1901 case HCI_ERROR_CONNECTION_TIMEOUT:
1902 return MGMT_DEV_DISCONN_TIMEOUT;
1903 case HCI_ERROR_REMOTE_USER_TERM:
1904 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1905 case HCI_ERROR_REMOTE_POWER_OFF:
1906 return MGMT_DEV_DISCONN_REMOTE;
1907 case HCI_ERROR_LOCAL_HOST_TERM:
1908 return MGMT_DEV_DISCONN_LOCAL_HOST;
1910 return MGMT_DEV_DISCONN_UNKNOWN;
1914 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1916 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1917 struct hci_conn *conn;
1919 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1923 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1927 if (ev->status == 0)
1928 conn->state = BT_CLOSED;
1930 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1931 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1933 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1934 conn->dst_type, ev->status);
1936 u8 reason = hci_to_mgmt_reason(ev->reason);
1938 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1939 conn->dst_type, reason);
1943 if (ev->status == 0) {
1944 if (conn->type == ACL_LINK && conn->flush_key)
1945 hci_remove_link_key(hdev, &conn->dst);
1946 hci_proto_disconn_cfm(conn, ev->reason);
1951 hci_dev_unlock(hdev);
1954 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1956 struct hci_ev_auth_complete *ev = (void *) skb->data;
1957 struct hci_conn *conn;
1959 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1963 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1968 if (!hci_conn_ssp_enabled(conn) &&
1969 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1970 BT_INFO("re-auth of legacy device is not possible.");
1972 conn->link_mode |= HCI_LM_AUTH;
1973 conn->sec_level = conn->pending_sec_level;
1976 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1980 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1981 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1983 if (conn->state == BT_CONFIG) {
1984 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1985 struct hci_cp_set_conn_encrypt cp;
1986 cp.handle = ev->handle;
1988 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1991 conn->state = BT_CONNECTED;
1992 hci_proto_connect_cfm(conn, ev->status);
1996 hci_auth_cfm(conn, ev->status);
1998 hci_conn_hold(conn);
1999 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2003 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2005 struct hci_cp_set_conn_encrypt cp;
2006 cp.handle = ev->handle;
2008 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2011 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2012 hci_encrypt_cfm(conn, ev->status, 0x00);
2017 hci_dev_unlock(hdev);
2020 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2022 struct hci_ev_remote_name *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2025 BT_DBG("%s", hdev->name);
2027 hci_conn_check_pending(hdev);
2031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2033 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2036 if (ev->status == 0)
2037 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2038 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2040 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2046 if (!hci_outgoing_auth_needed(hdev, conn))
2049 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2050 struct hci_cp_auth_requested cp;
2051 cp.handle = __cpu_to_le16(conn->handle);
2052 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2056 hci_dev_unlock(hdev);
2059 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2061 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2062 struct hci_conn *conn;
2064 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2068 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2072 /* Encryption implies authentication */
2073 conn->link_mode |= HCI_LM_AUTH;
2074 conn->link_mode |= HCI_LM_ENCRYPT;
2075 conn->sec_level = conn->pending_sec_level;
2077 conn->link_mode &= ~HCI_LM_ENCRYPT;
2080 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2082 if (ev->status && conn->state == BT_CONNECTED) {
2083 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2088 if (conn->state == BT_CONFIG) {
2090 conn->state = BT_CONNECTED;
2092 hci_proto_connect_cfm(conn, ev->status);
2095 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2099 hci_dev_unlock(hdev);
2102 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2103 struct sk_buff *skb)
2105 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2106 struct hci_conn *conn;
2108 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2115 conn->link_mode |= HCI_LM_SECURE;
2117 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2119 hci_key_change_cfm(conn, ev->status);
2122 hci_dev_unlock(hdev);
2125 static void hci_remote_features_evt(struct hci_dev *hdev,
2126 struct sk_buff *skb)
2128 struct hci_ev_remote_features *ev = (void *) skb->data;
2129 struct hci_conn *conn;
2131 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2135 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2140 memcpy(conn->features, ev->features, 8);
2142 if (conn->state != BT_CONFIG)
2145 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2146 struct hci_cp_read_remote_ext_features cp;
2147 cp.handle = ev->handle;
2149 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2154 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2155 struct hci_cp_remote_name_req cp;
2156 memset(&cp, 0, sizeof(cp));
2157 bacpy(&cp.bdaddr, &conn->dst);
2158 cp.pscan_rep_mode = 0x02;
2159 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2160 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2161 mgmt_device_connected(hdev, &conn->dst, conn->type,
2162 conn->dst_type, 0, NULL, 0,
2165 if (!hci_outgoing_auth_needed(hdev, conn)) {
2166 conn->state = BT_CONNECTED;
2167 hci_proto_connect_cfm(conn, ev->status);
2172 hci_dev_unlock(hdev);
2175 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2177 BT_DBG("%s", hdev->name);
2180 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2181 struct sk_buff *skb)
2183 BT_DBG("%s", hdev->name);
2186 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2188 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2189 u8 status = skb->data[sizeof(*ev)];
2192 skb_pull(skb, sizeof(*ev));
2194 opcode = __le16_to_cpu(ev->opcode);
2197 case HCI_OP_INQUIRY_CANCEL:
2198 hci_cc_inquiry_cancel(hdev, skb);
2201 case HCI_OP_PERIODIC_INQ:
2202 hci_cc_periodic_inq(hdev, skb);
2205 case HCI_OP_EXIT_PERIODIC_INQ:
2206 hci_cc_exit_periodic_inq(hdev, skb);
2209 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2210 hci_cc_remote_name_req_cancel(hdev, skb);
2213 case HCI_OP_ROLE_DISCOVERY:
2214 hci_cc_role_discovery(hdev, skb);
2217 case HCI_OP_READ_LINK_POLICY:
2218 hci_cc_read_link_policy(hdev, skb);
2221 case HCI_OP_WRITE_LINK_POLICY:
2222 hci_cc_write_link_policy(hdev, skb);
2225 case HCI_OP_READ_DEF_LINK_POLICY:
2226 hci_cc_read_def_link_policy(hdev, skb);
2229 case HCI_OP_WRITE_DEF_LINK_POLICY:
2230 hci_cc_write_def_link_policy(hdev, skb);
2234 hci_cc_reset(hdev, skb);
2237 case HCI_OP_WRITE_LOCAL_NAME:
2238 hci_cc_write_local_name(hdev, skb);
2241 case HCI_OP_READ_LOCAL_NAME:
2242 hci_cc_read_local_name(hdev, skb);
2245 case HCI_OP_WRITE_AUTH_ENABLE:
2246 hci_cc_write_auth_enable(hdev, skb);
2249 case HCI_OP_WRITE_ENCRYPT_MODE:
2250 hci_cc_write_encrypt_mode(hdev, skb);
2253 case HCI_OP_WRITE_SCAN_ENABLE:
2254 hci_cc_write_scan_enable(hdev, skb);
2257 case HCI_OP_READ_CLASS_OF_DEV:
2258 hci_cc_read_class_of_dev(hdev, skb);
2261 case HCI_OP_WRITE_CLASS_OF_DEV:
2262 hci_cc_write_class_of_dev(hdev, skb);
2265 case HCI_OP_READ_VOICE_SETTING:
2266 hci_cc_read_voice_setting(hdev, skb);
2269 case HCI_OP_WRITE_VOICE_SETTING:
2270 hci_cc_write_voice_setting(hdev, skb);
2273 case HCI_OP_HOST_BUFFER_SIZE:
2274 hci_cc_host_buffer_size(hdev, skb);
2277 case HCI_OP_WRITE_SSP_MODE:
2278 hci_cc_write_ssp_mode(hdev, skb);
2281 case HCI_OP_READ_LOCAL_VERSION:
2282 hci_cc_read_local_version(hdev, skb);
2285 case HCI_OP_READ_LOCAL_COMMANDS:
2286 hci_cc_read_local_commands(hdev, skb);
2289 case HCI_OP_READ_LOCAL_FEATURES:
2290 hci_cc_read_local_features(hdev, skb);
2293 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2294 hci_cc_read_local_ext_features(hdev, skb);
2297 case HCI_OP_READ_BUFFER_SIZE:
2298 hci_cc_read_buffer_size(hdev, skb);
2301 case HCI_OP_READ_BD_ADDR:
2302 hci_cc_read_bd_addr(hdev, skb);
2305 case HCI_OP_READ_DATA_BLOCK_SIZE:
2306 hci_cc_read_data_block_size(hdev, skb);
2309 case HCI_OP_WRITE_CA_TIMEOUT:
2310 hci_cc_write_ca_timeout(hdev, skb);
2313 case HCI_OP_READ_FLOW_CONTROL_MODE:
2314 hci_cc_read_flow_control_mode(hdev, skb);
2317 case HCI_OP_READ_LOCAL_AMP_INFO:
2318 hci_cc_read_local_amp_info(hdev, skb);
2321 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2322 hci_cc_read_local_amp_assoc(hdev, skb);
2325 case HCI_OP_DELETE_STORED_LINK_KEY:
2326 hci_cc_delete_stored_link_key(hdev, skb);
2329 case HCI_OP_SET_EVENT_MASK:
2330 hci_cc_set_event_mask(hdev, skb);
2333 case HCI_OP_WRITE_INQUIRY_MODE:
2334 hci_cc_write_inquiry_mode(hdev, skb);
2337 case HCI_OP_READ_INQ_RSP_TX_POWER:
2338 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2341 case HCI_OP_SET_EVENT_FLT:
2342 hci_cc_set_event_flt(hdev, skb);
2345 case HCI_OP_PIN_CODE_REPLY:
2346 hci_cc_pin_code_reply(hdev, skb);
2349 case HCI_OP_PIN_CODE_NEG_REPLY:
2350 hci_cc_pin_code_neg_reply(hdev, skb);
2353 case HCI_OP_READ_LOCAL_OOB_DATA:
2354 hci_cc_read_local_oob_data_reply(hdev, skb);
2357 case HCI_OP_LE_READ_BUFFER_SIZE:
2358 hci_cc_le_read_buffer_size(hdev, skb);
2361 case HCI_OP_LE_READ_LOCAL_FEATURES:
2362 hci_cc_le_read_local_features(hdev, skb);
2365 case HCI_OP_LE_READ_ADV_TX_POWER:
2366 hci_cc_le_read_adv_tx_power(hdev, skb);
2369 case HCI_OP_LE_SET_EVENT_MASK:
2370 hci_cc_le_set_event_mask(hdev, skb);
2373 case HCI_OP_USER_CONFIRM_REPLY:
2374 hci_cc_user_confirm_reply(hdev, skb);
2377 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2378 hci_cc_user_confirm_neg_reply(hdev, skb);
2381 case HCI_OP_USER_PASSKEY_REPLY:
2382 hci_cc_user_passkey_reply(hdev, skb);
2385 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2386 hci_cc_user_passkey_neg_reply(hdev, skb);
2389 case HCI_OP_LE_SET_SCAN_PARAM:
2390 hci_cc_le_set_scan_param(hdev, skb);
2393 case HCI_OP_LE_SET_ADV_ENABLE:
2394 hci_cc_le_set_adv_enable(hdev, skb);
2397 case HCI_OP_LE_SET_SCAN_ENABLE:
2398 hci_cc_le_set_scan_enable(hdev, skb);
2401 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2402 hci_cc_le_read_white_list_size(hdev, skb);
2405 case HCI_OP_LE_LTK_REPLY:
2406 hci_cc_le_ltk_reply(hdev, skb);
2409 case HCI_OP_LE_LTK_NEG_REPLY:
2410 hci_cc_le_ltk_neg_reply(hdev, skb);
2413 case HCI_OP_LE_READ_SUPPORTED_STATES:
2414 hci_cc_le_read_supported_states(hdev, skb);
2417 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2418 hci_cc_write_le_host_supported(hdev, skb);
2421 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2422 hci_cc_write_remote_amp_assoc(hdev, skb);
2426 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2430 if (ev->opcode != HCI_OP_NOP)
2431 del_timer(&hdev->cmd_timer);
2433 hci_req_cmd_complete(hdev, ev->opcode, status);
2435 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2436 atomic_set(&hdev->cmd_cnt, 1);
2437 if (!skb_queue_empty(&hdev->cmd_q))
2438 queue_work(hdev->workqueue, &hdev->cmd_work);
2442 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2444 struct hci_ev_cmd_status *ev = (void *) skb->data;
2447 skb_pull(skb, sizeof(*ev));
2449 opcode = __le16_to_cpu(ev->opcode);
2452 case HCI_OP_INQUIRY:
2453 hci_cs_inquiry(hdev, ev->status);
2456 case HCI_OP_CREATE_CONN:
2457 hci_cs_create_conn(hdev, ev->status);
2460 case HCI_OP_ADD_SCO:
2461 hci_cs_add_sco(hdev, ev->status);
2464 case HCI_OP_AUTH_REQUESTED:
2465 hci_cs_auth_requested(hdev, ev->status);
2468 case HCI_OP_SET_CONN_ENCRYPT:
2469 hci_cs_set_conn_encrypt(hdev, ev->status);
2472 case HCI_OP_REMOTE_NAME_REQ:
2473 hci_cs_remote_name_req(hdev, ev->status);
2476 case HCI_OP_READ_REMOTE_FEATURES:
2477 hci_cs_read_remote_features(hdev, ev->status);
2480 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2481 hci_cs_read_remote_ext_features(hdev, ev->status);
2484 case HCI_OP_SETUP_SYNC_CONN:
2485 hci_cs_setup_sync_conn(hdev, ev->status);
2488 case HCI_OP_SNIFF_MODE:
2489 hci_cs_sniff_mode(hdev, ev->status);
2492 case HCI_OP_EXIT_SNIFF_MODE:
2493 hci_cs_exit_sniff_mode(hdev, ev->status);
2496 case HCI_OP_DISCONNECT:
2497 hci_cs_disconnect(hdev, ev->status);
2500 case HCI_OP_LE_CREATE_CONN:
2501 hci_cs_le_create_conn(hdev, ev->status);
2504 case HCI_OP_LE_START_ENC:
2505 hci_cs_le_start_enc(hdev, ev->status);
2508 case HCI_OP_CREATE_PHY_LINK:
2509 hci_cs_create_phylink(hdev, ev->status);
2512 case HCI_OP_ACCEPT_PHY_LINK:
2513 hci_cs_accept_phylink(hdev, ev->status);
2516 case HCI_OP_CREATE_LOGICAL_LINK:
2517 hci_cs_create_logical_link(hdev, ev->status);
2521 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2525 if (ev->opcode != HCI_OP_NOP)
2526 del_timer(&hdev->cmd_timer);
2528 hci_req_cmd_status(hdev, ev->opcode, ev->status);
2530 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2531 atomic_set(&hdev->cmd_cnt, 1);
2532 if (!skb_queue_empty(&hdev->cmd_q))
2533 queue_work(hdev->workqueue, &hdev->cmd_work);
2537 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2539 struct hci_ev_role_change *ev = (void *) skb->data;
2540 struct hci_conn *conn;
2542 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2550 conn->link_mode &= ~HCI_LM_MASTER;
2552 conn->link_mode |= HCI_LM_MASTER;
2555 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2557 hci_role_switch_cfm(conn, ev->status, ev->role);
2560 hci_dev_unlock(hdev);
2563 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2565 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2568 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2569 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2573 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2574 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2575 BT_DBG("%s bad parameters", hdev->name);
2579 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2581 for (i = 0; i < ev->num_hndl; i++) {
2582 struct hci_comp_pkts_info *info = &ev->handles[i];
2583 struct hci_conn *conn;
2584 __u16 handle, count;
2586 handle = __le16_to_cpu(info->handle);
2587 count = __le16_to_cpu(info->count);
2589 conn = hci_conn_hash_lookup_handle(hdev, handle);
2593 conn->sent -= count;
2595 switch (conn->type) {
2597 hdev->acl_cnt += count;
2598 if (hdev->acl_cnt > hdev->acl_pkts)
2599 hdev->acl_cnt = hdev->acl_pkts;
2603 if (hdev->le_pkts) {
2604 hdev->le_cnt += count;
2605 if (hdev->le_cnt > hdev->le_pkts)
2606 hdev->le_cnt = hdev->le_pkts;
2608 hdev->acl_cnt += count;
2609 if (hdev->acl_cnt > hdev->acl_pkts)
2610 hdev->acl_cnt = hdev->acl_pkts;
2615 hdev->sco_cnt += count;
2616 if (hdev->sco_cnt > hdev->sco_pkts)
2617 hdev->sco_cnt = hdev->sco_pkts;
2621 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2626 queue_work(hdev->workqueue, &hdev->tx_work);
2629 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2632 struct hci_chan *chan;
2634 switch (hdev->dev_type) {
2636 return hci_conn_hash_lookup_handle(hdev, handle);
2638 chan = hci_chan_lookup_handle(hdev, handle);
2643 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2650 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2652 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2655 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2656 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2660 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2661 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2662 BT_DBG("%s bad parameters", hdev->name);
2666 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2669 for (i = 0; i < ev->num_hndl; i++) {
2670 struct hci_comp_blocks_info *info = &ev->handles[i];
2671 struct hci_conn *conn = NULL;
2672 __u16 handle, block_count;
2674 handle = __le16_to_cpu(info->handle);
2675 block_count = __le16_to_cpu(info->blocks);
2677 conn = __hci_conn_lookup_handle(hdev, handle);
2681 conn->sent -= block_count;
2683 switch (conn->type) {
2686 hdev->block_cnt += block_count;
2687 if (hdev->block_cnt > hdev->num_blocks)
2688 hdev->block_cnt = hdev->num_blocks;
2692 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2697 queue_work(hdev->workqueue, &hdev->tx_work);
2700 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2702 struct hci_ev_mode_change *ev = (void *) skb->data;
2703 struct hci_conn *conn;
2705 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2709 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2711 conn->mode = ev->mode;
2712 conn->interval = __le16_to_cpu(ev->interval);
2714 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2716 if (conn->mode == HCI_CM_ACTIVE)
2717 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2719 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2722 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2723 hci_sco_setup(conn, ev->status);
2726 hci_dev_unlock(hdev);
2729 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2731 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2732 struct hci_conn *conn;
2734 BT_DBG("%s", hdev->name);
2738 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2742 if (conn->state == BT_CONNECTED) {
2743 hci_conn_hold(conn);
2744 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2748 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2749 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2750 sizeof(ev->bdaddr), &ev->bdaddr);
2751 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2754 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2759 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2763 hci_dev_unlock(hdev);
2766 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2768 struct hci_ev_link_key_req *ev = (void *) skb->data;
2769 struct hci_cp_link_key_reply cp;
2770 struct hci_conn *conn;
2771 struct link_key *key;
2773 BT_DBG("%s", hdev->name);
2775 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2780 key = hci_find_link_key(hdev, &ev->bdaddr);
2782 BT_DBG("%s link key not found for %pMR", hdev->name,
2787 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2790 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2791 key->type == HCI_LK_DEBUG_COMBINATION) {
2792 BT_DBG("%s ignoring debug key", hdev->name);
2796 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2798 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2799 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2800 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2804 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2805 conn->pending_sec_level == BT_SECURITY_HIGH) {
2806 BT_DBG("%s ignoring key unauthenticated for high security",
2811 conn->key_type = key->type;
2812 conn->pin_length = key->pin_len;
2815 bacpy(&cp.bdaddr, &ev->bdaddr);
2816 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2818 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2820 hci_dev_unlock(hdev);
2825 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2826 hci_dev_unlock(hdev);
2829 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2831 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2832 struct hci_conn *conn;
2835 BT_DBG("%s", hdev->name);
2839 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2841 hci_conn_hold(conn);
2842 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2843 pin_len = conn->pin_length;
2845 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2846 conn->key_type = ev->key_type;
2851 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2852 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2853 ev->key_type, pin_len);
2855 hci_dev_unlock(hdev);
2858 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2860 struct hci_ev_clock_offset *ev = (void *) skb->data;
2861 struct hci_conn *conn;
2863 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2867 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2868 if (conn && !ev->status) {
2869 struct inquiry_entry *ie;
2871 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2873 ie->data.clock_offset = ev->clock_offset;
2874 ie->timestamp = jiffies;
2878 hci_dev_unlock(hdev);
2881 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2883 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2884 struct hci_conn *conn;
2886 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2890 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2891 if (conn && !ev->status)
2892 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2894 hci_dev_unlock(hdev);
2897 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2899 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2900 struct inquiry_entry *ie;
2902 BT_DBG("%s", hdev->name);
2906 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2908 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2909 ie->timestamp = jiffies;
2912 hci_dev_unlock(hdev);
2915 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2916 struct sk_buff *skb)
2918 struct inquiry_data data;
2919 int num_rsp = *((__u8 *) skb->data);
2920 bool name_known, ssp;
2922 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2927 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2932 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2933 struct inquiry_info_with_rssi_and_pscan_mode *info;
2934 info = (void *) (skb->data + 1);
2936 for (; num_rsp; num_rsp--, info++) {
2937 bacpy(&data.bdaddr, &info->bdaddr);
2938 data.pscan_rep_mode = info->pscan_rep_mode;
2939 data.pscan_period_mode = info->pscan_period_mode;
2940 data.pscan_mode = info->pscan_mode;
2941 memcpy(data.dev_class, info->dev_class, 3);
2942 data.clock_offset = info->clock_offset;
2943 data.rssi = info->rssi;
2944 data.ssp_mode = 0x00;
2946 name_known = hci_inquiry_cache_update(hdev, &data,
2948 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2949 info->dev_class, info->rssi,
2950 !name_known, ssp, NULL, 0);
2953 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2955 for (; num_rsp; num_rsp--, info++) {
2956 bacpy(&data.bdaddr, &info->bdaddr);
2957 data.pscan_rep_mode = info->pscan_rep_mode;
2958 data.pscan_period_mode = info->pscan_period_mode;
2959 data.pscan_mode = 0x00;
2960 memcpy(data.dev_class, info->dev_class, 3);
2961 data.clock_offset = info->clock_offset;
2962 data.rssi = info->rssi;
2963 data.ssp_mode = 0x00;
2964 name_known = hci_inquiry_cache_update(hdev, &data,
2966 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2967 info->dev_class, info->rssi,
2968 !name_known, ssp, NULL, 0);
2972 hci_dev_unlock(hdev);
2975 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2976 struct sk_buff *skb)
2978 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2979 struct hci_conn *conn;
2981 BT_DBG("%s", hdev->name);
2985 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2989 if (!ev->status && ev->page == 0x01) {
2990 struct inquiry_entry *ie;
2992 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2994 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2996 if (ev->features[0] & LMP_HOST_SSP)
2997 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3000 if (conn->state != BT_CONFIG)
3003 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3004 struct hci_cp_remote_name_req cp;
3005 memset(&cp, 0, sizeof(cp));
3006 bacpy(&cp.bdaddr, &conn->dst);
3007 cp.pscan_rep_mode = 0x02;
3008 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3009 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3010 mgmt_device_connected(hdev, &conn->dst, conn->type,
3011 conn->dst_type, 0, NULL, 0,
3014 if (!hci_outgoing_auth_needed(hdev, conn)) {
3015 conn->state = BT_CONNECTED;
3016 hci_proto_connect_cfm(conn, ev->status);
3021 hci_dev_unlock(hdev);
3024 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3025 struct sk_buff *skb)
3027 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3028 struct hci_conn *conn;
3030 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3034 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3036 if (ev->link_type == ESCO_LINK)
3039 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3043 conn->type = SCO_LINK;
3046 switch (ev->status) {
3048 conn->handle = __le16_to_cpu(ev->handle);
3049 conn->state = BT_CONNECTED;
3051 hci_conn_hold_device(conn);
3052 hci_conn_add_sysfs(conn);
3055 case 0x11: /* Unsupported Feature or Parameter Value */
3056 case 0x1c: /* SCO interval rejected */
3057 case 0x1a: /* Unsupported Remote Feature */
3058 case 0x1f: /* Unspecified error */
3059 if (conn->out && conn->attempt < 2) {
3060 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3061 (hdev->esco_type & EDR_ESCO_MASK);
3062 hci_setup_sync(conn, conn->link->handle);
3068 conn->state = BT_CLOSED;
3072 hci_proto_connect_cfm(conn, ev->status);
3077 hci_dev_unlock(hdev);
3080 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3082 BT_DBG("%s", hdev->name);
3085 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3087 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3089 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3092 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3093 struct sk_buff *skb)
3095 struct inquiry_data data;
3096 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3097 int num_rsp = *((__u8 *) skb->data);
3100 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3105 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3110 for (; num_rsp; num_rsp--, info++) {
3111 bool name_known, ssp;
3113 bacpy(&data.bdaddr, &info->bdaddr);
3114 data.pscan_rep_mode = info->pscan_rep_mode;
3115 data.pscan_period_mode = info->pscan_period_mode;
3116 data.pscan_mode = 0x00;
3117 memcpy(data.dev_class, info->dev_class, 3);
3118 data.clock_offset = info->clock_offset;
3119 data.rssi = info->rssi;
3120 data.ssp_mode = 0x01;
3122 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3123 name_known = eir_has_data_type(info->data,
3129 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3131 eir_len = eir_get_length(info->data, sizeof(info->data));
3132 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3133 info->dev_class, info->rssi, !name_known,
3134 ssp, info->data, eir_len);
3137 hci_dev_unlock(hdev);
3140 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3141 struct sk_buff *skb)
3143 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3144 struct hci_conn *conn;
3146 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3147 __le16_to_cpu(ev->handle));
3151 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3156 conn->sec_level = conn->pending_sec_level;
3158 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3160 if (ev->status && conn->state == BT_CONNECTED) {
3161 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3166 if (conn->state == BT_CONFIG) {
3168 conn->state = BT_CONNECTED;
3170 hci_proto_connect_cfm(conn, ev->status);
3173 hci_auth_cfm(conn, ev->status);
3175 hci_conn_hold(conn);
3176 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3181 hci_dev_unlock(hdev);
3184 static u8 hci_get_auth_req(struct hci_conn *conn)
3186 /* If remote requests dedicated bonding follow that lead */
3187 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3188 /* If both remote and local IO capabilities allow MITM
3189 * protection then require it, otherwise don't */
3190 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3196 /* If remote requests no-bonding follow that lead */
3197 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3198 return conn->remote_auth | (conn->auth_type & 0x01);
3200 return conn->auth_type;
3203 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3205 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3206 struct hci_conn *conn;
3208 BT_DBG("%s", hdev->name);
3212 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3216 hci_conn_hold(conn);
3218 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3221 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3222 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3223 struct hci_cp_io_capability_reply cp;
3225 bacpy(&cp.bdaddr, &ev->bdaddr);
3226 /* Change the IO capability from KeyboardDisplay
3227 * to DisplayYesNo as it is not supported by BT spec. */
3228 cp.capability = (conn->io_capability == 0x04) ?
3229 0x01 : conn->io_capability;
3230 conn->auth_type = hci_get_auth_req(conn);
3231 cp.authentication = conn->auth_type;
3233 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3234 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3239 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3242 struct hci_cp_io_capability_neg_reply cp;
3244 bacpy(&cp.bdaddr, &ev->bdaddr);
3245 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3247 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3252 hci_dev_unlock(hdev);
3255 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3257 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3258 struct hci_conn *conn;
3260 BT_DBG("%s", hdev->name);
3264 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3268 conn->remote_cap = ev->capability;
3269 conn->remote_auth = ev->authentication;
3271 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3274 hci_dev_unlock(hdev);
3277 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3278 struct sk_buff *skb)
3280 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3281 int loc_mitm, rem_mitm, confirm_hint = 0;
3282 struct hci_conn *conn;
3284 BT_DBG("%s", hdev->name);
3288 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3291 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3295 loc_mitm = (conn->auth_type & 0x01);
3296 rem_mitm = (conn->remote_auth & 0x01);
3298 /* If we require MITM but the remote device can't provide that
3299 * (it has NoInputNoOutput) then reject the confirmation
3300 * request. The only exception is when we're dedicated bonding
3301 * initiators (connect_cfm_cb set) since then we always have the MITM
3303 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3304 BT_DBG("Rejecting request: remote device can't provide MITM");
3305 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3306 sizeof(ev->bdaddr), &ev->bdaddr);
3310 /* If no side requires MITM protection; auto-accept */
3311 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3312 (!rem_mitm || conn->io_capability == 0x03)) {
3314 /* If we're not the initiators request authorization to
3315 * proceed from user space (mgmt_user_confirm with
3316 * confirm_hint set to 1). */
3317 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3318 BT_DBG("Confirming auto-accept as acceptor");
3323 BT_DBG("Auto-accept of user confirmation with %ums delay",
3324 hdev->auto_accept_delay);
3326 if (hdev->auto_accept_delay > 0) {
3327 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3328 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3332 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3333 sizeof(ev->bdaddr), &ev->bdaddr);
3338 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3342 hci_dev_unlock(hdev);
3345 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3346 struct sk_buff *skb)
3348 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3350 BT_DBG("%s", hdev->name);
3352 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3353 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3356 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3357 struct sk_buff *skb)
3359 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3360 struct hci_conn *conn;
3362 BT_DBG("%s", hdev->name);
3364 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3368 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3369 conn->passkey_entered = 0;
3371 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3372 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3373 conn->dst_type, conn->passkey_notify,
3374 conn->passkey_entered);
3377 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3379 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3380 struct hci_conn *conn;
3382 BT_DBG("%s", hdev->name);
3384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3389 case HCI_KEYPRESS_STARTED:
3390 conn->passkey_entered = 0;
3393 case HCI_KEYPRESS_ENTERED:
3394 conn->passkey_entered++;
3397 case HCI_KEYPRESS_ERASED:
3398 conn->passkey_entered--;
3401 case HCI_KEYPRESS_CLEARED:
3402 conn->passkey_entered = 0;
3405 case HCI_KEYPRESS_COMPLETED:
3409 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3410 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3411 conn->dst_type, conn->passkey_notify,
3412 conn->passkey_entered);
3415 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3416 struct sk_buff *skb)
3418 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3419 struct hci_conn *conn;
3421 BT_DBG("%s", hdev->name);
3425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3429 /* To avoid duplicate auth_failed events to user space we check
3430 * the HCI_CONN_AUTH_PEND flag which will be set if we
3431 * initiated the authentication. A traditional auth_complete
3432 * event gets always produced as initiator and is also mapped to
3433 * the mgmt_auth_failed event */
3434 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3435 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3441 hci_dev_unlock(hdev);
3444 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3445 struct sk_buff *skb)
3447 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3448 struct inquiry_entry *ie;
3450 BT_DBG("%s", hdev->name);
3454 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3456 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3458 hci_dev_unlock(hdev);
3461 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3462 struct sk_buff *skb)
3464 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3465 struct oob_data *data;
3467 BT_DBG("%s", hdev->name);
3471 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3474 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3476 struct hci_cp_remote_oob_data_reply cp;
3478 bacpy(&cp.bdaddr, &ev->bdaddr);
3479 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3480 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3482 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3485 struct hci_cp_remote_oob_data_neg_reply cp;
3487 bacpy(&cp.bdaddr, &ev->bdaddr);
3488 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3493 hci_dev_unlock(hdev);
3496 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3497 struct sk_buff *skb)
3499 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3500 struct hci_conn *hcon, *bredr_hcon;
3502 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3507 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3509 hci_dev_unlock(hdev);
3515 hci_dev_unlock(hdev);
3519 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3521 hcon->state = BT_CONNECTED;
3522 bacpy(&hcon->dst, &bredr_hcon->dst);
3524 hci_conn_hold(hcon);
3525 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3528 hci_conn_hold_device(hcon);
3529 hci_conn_add_sysfs(hcon);
3531 amp_physical_cfm(bredr_hcon, hcon);
3533 hci_dev_unlock(hdev);
3536 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3538 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3539 struct hci_conn *hcon;
3540 struct hci_chan *hchan;
3541 struct amp_mgr *mgr;
3543 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3544 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3547 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3551 /* Create AMP hchan */
3552 hchan = hci_chan_create(hcon);
3556 hchan->handle = le16_to_cpu(ev->handle);
3558 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3560 mgr = hcon->amp_mgr;
3561 if (mgr && mgr->bredr_chan) {
3562 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3564 l2cap_chan_lock(bredr_chan);
3566 bredr_chan->conn->mtu = hdev->block_mtu;
3567 l2cap_logical_cfm(bredr_chan, hchan, 0);
3568 hci_conn_hold(hcon);
3570 l2cap_chan_unlock(bredr_chan);
3574 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3575 struct sk_buff *skb)
3577 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3578 struct hci_chan *hchan;
3580 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3581 le16_to_cpu(ev->handle), ev->status);
3588 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3592 amp_destroy_logical_link(hchan, ev->reason);
3595 hci_dev_unlock(hdev);
3598 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3599 struct sk_buff *skb)
3601 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3602 struct hci_conn *hcon;
3604 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3611 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3613 hcon->state = BT_CLOSED;
3617 hci_dev_unlock(hdev);
3620 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3622 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3623 struct hci_conn *conn;
3625 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3629 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3631 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3633 BT_ERR("No memory for new connection");
3637 conn->dst_type = ev->bdaddr_type;
3639 if (ev->role == LE_CONN_ROLE_MASTER) {
3641 conn->link_mode |= HCI_LM_MASTER;
3646 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3647 conn->dst_type, ev->status);
3648 hci_proto_connect_cfm(conn, ev->status);
3649 conn->state = BT_CLOSED;
3654 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3655 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3656 conn->dst_type, 0, NULL, 0, NULL);
3658 conn->sec_level = BT_SECURITY_LOW;
3659 conn->handle = __le16_to_cpu(ev->handle);
3660 conn->state = BT_CONNECTED;
3662 hci_conn_hold_device(conn);
3663 hci_conn_add_sysfs(conn);
3665 hci_proto_connect_cfm(conn, ev->status);
3668 hci_dev_unlock(hdev);
3671 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3673 u8 num_reports = skb->data[0];
3674 void *ptr = &skb->data[1];
3677 while (num_reports--) {
3678 struct hci_ev_le_advertising_info *ev = ptr;
3680 rssi = ev->data[ev->length];
3681 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3682 NULL, rssi, 0, 1, ev->data, ev->length);
3684 ptr += sizeof(*ev) + ev->length + 1;
3688 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3690 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3691 struct hci_cp_le_ltk_reply cp;
3692 struct hci_cp_le_ltk_neg_reply neg;
3693 struct hci_conn *conn;
3694 struct smp_ltk *ltk;
3696 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3700 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3704 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3708 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3709 cp.handle = cpu_to_le16(conn->handle);
3711 if (ltk->authenticated)
3712 conn->sec_level = BT_SECURITY_HIGH;
3714 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3716 if (ltk->type & HCI_SMP_STK) {
3717 list_del(<k->list);
3721 hci_dev_unlock(hdev);
3726 neg.handle = ev->handle;
3727 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3728 hci_dev_unlock(hdev);
3731 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3733 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3735 skb_pull(skb, sizeof(*le_ev));
3737 switch (le_ev->subevent) {
3738 case HCI_EV_LE_CONN_COMPLETE:
3739 hci_le_conn_complete_evt(hdev, skb);
3742 case HCI_EV_LE_ADVERTISING_REPORT:
3743 hci_le_adv_report_evt(hdev, skb);
3746 case HCI_EV_LE_LTK_REQ:
3747 hci_le_ltk_request_evt(hdev, skb);
3755 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3757 struct hci_ev_channel_selected *ev = (void *) skb->data;
3758 struct hci_conn *hcon;
3760 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3762 skb_pull(skb, sizeof(*ev));
3764 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3768 amp_read_loc_assoc_final_data(hdev, hcon);
3771 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3773 struct hci_event_hdr *hdr = (void *) skb->data;
3774 __u8 event = hdr->evt;
3776 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3779 case HCI_EV_INQUIRY_COMPLETE:
3780 hci_inquiry_complete_evt(hdev, skb);
3783 case HCI_EV_INQUIRY_RESULT:
3784 hci_inquiry_result_evt(hdev, skb);
3787 case HCI_EV_CONN_COMPLETE:
3788 hci_conn_complete_evt(hdev, skb);
3791 case HCI_EV_CONN_REQUEST:
3792 hci_conn_request_evt(hdev, skb);
3795 case HCI_EV_DISCONN_COMPLETE:
3796 hci_disconn_complete_evt(hdev, skb);
3799 case HCI_EV_AUTH_COMPLETE:
3800 hci_auth_complete_evt(hdev, skb);
3803 case HCI_EV_REMOTE_NAME:
3804 hci_remote_name_evt(hdev, skb);
3807 case HCI_EV_ENCRYPT_CHANGE:
3808 hci_encrypt_change_evt(hdev, skb);
3811 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3812 hci_change_link_key_complete_evt(hdev, skb);
3815 case HCI_EV_REMOTE_FEATURES:
3816 hci_remote_features_evt(hdev, skb);
3819 case HCI_EV_REMOTE_VERSION:
3820 hci_remote_version_evt(hdev, skb);
3823 case HCI_EV_QOS_SETUP_COMPLETE:
3824 hci_qos_setup_complete_evt(hdev, skb);
3827 case HCI_EV_CMD_COMPLETE:
3828 hci_cmd_complete_evt(hdev, skb);
3831 case HCI_EV_CMD_STATUS:
3832 hci_cmd_status_evt(hdev, skb);
3835 case HCI_EV_ROLE_CHANGE:
3836 hci_role_change_evt(hdev, skb);
3839 case HCI_EV_NUM_COMP_PKTS:
3840 hci_num_comp_pkts_evt(hdev, skb);
3843 case HCI_EV_MODE_CHANGE:
3844 hci_mode_change_evt(hdev, skb);
3847 case HCI_EV_PIN_CODE_REQ:
3848 hci_pin_code_request_evt(hdev, skb);
3851 case HCI_EV_LINK_KEY_REQ:
3852 hci_link_key_request_evt(hdev, skb);
3855 case HCI_EV_LINK_KEY_NOTIFY:
3856 hci_link_key_notify_evt(hdev, skb);
3859 case HCI_EV_CLOCK_OFFSET:
3860 hci_clock_offset_evt(hdev, skb);
3863 case HCI_EV_PKT_TYPE_CHANGE:
3864 hci_pkt_type_change_evt(hdev, skb);
3867 case HCI_EV_PSCAN_REP_MODE:
3868 hci_pscan_rep_mode_evt(hdev, skb);
3871 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3872 hci_inquiry_result_with_rssi_evt(hdev, skb);
3875 case HCI_EV_REMOTE_EXT_FEATURES:
3876 hci_remote_ext_features_evt(hdev, skb);
3879 case HCI_EV_SYNC_CONN_COMPLETE:
3880 hci_sync_conn_complete_evt(hdev, skb);
3883 case HCI_EV_SYNC_CONN_CHANGED:
3884 hci_sync_conn_changed_evt(hdev, skb);
3887 case HCI_EV_SNIFF_SUBRATE:
3888 hci_sniff_subrate_evt(hdev, skb);
3891 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3892 hci_extended_inquiry_result_evt(hdev, skb);
3895 case HCI_EV_KEY_REFRESH_COMPLETE:
3896 hci_key_refresh_complete_evt(hdev, skb);
3899 case HCI_EV_IO_CAPA_REQUEST:
3900 hci_io_capa_request_evt(hdev, skb);
3903 case HCI_EV_IO_CAPA_REPLY:
3904 hci_io_capa_reply_evt(hdev, skb);
3907 case HCI_EV_USER_CONFIRM_REQUEST:
3908 hci_user_confirm_request_evt(hdev, skb);
3911 case HCI_EV_USER_PASSKEY_REQUEST:
3912 hci_user_passkey_request_evt(hdev, skb);
3915 case HCI_EV_USER_PASSKEY_NOTIFY:
3916 hci_user_passkey_notify_evt(hdev, skb);
3919 case HCI_EV_KEYPRESS_NOTIFY:
3920 hci_keypress_notify_evt(hdev, skb);
3923 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3924 hci_simple_pair_complete_evt(hdev, skb);
3927 case HCI_EV_REMOTE_HOST_FEATURES:
3928 hci_remote_host_features_evt(hdev, skb);
3931 case HCI_EV_LE_META:
3932 hci_le_meta_evt(hdev, skb);
3935 case HCI_EV_CHANNEL_SELECTED:
3936 hci_chan_selected_evt(hdev, skb);
3939 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3940 hci_remote_oob_data_request_evt(hdev, skb);
3943 case HCI_EV_PHY_LINK_COMPLETE:
3944 hci_phy_link_complete_evt(hdev, skb);
3947 case HCI_EV_LOGICAL_LINK_COMPLETE:
3948 hci_loglink_complete_evt(hdev, skb);
3951 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3952 hci_disconn_loglink_complete_evt(hdev, skb);
3955 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3956 hci_disconn_phylink_complete_evt(hdev, skb);
3959 case HCI_EV_NUM_COMP_BLOCKS:
3960 hci_num_comp_blocks_evt(hdev, skb);
3964 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3969 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob