2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
47 clear_bit(HCI_INQUIRY, &hdev->flags);
48 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 hci_conn_check_pending(hdev);
54 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
56 __u8 status = *((__u8 *) skb->data);
58 BT_DBG("%s status 0x%2.2x", hdev->name, status);
63 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
66 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
68 __u8 status = *((__u8 *) skb->data);
70 BT_DBG("%s status 0x%2.2x", hdev->name, status);
75 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
77 hci_conn_check_pending(hdev);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
83 BT_DBG("%s", hdev->name);
86 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
88 struct hci_rp_role_discovery *rp = (void *) skb->data;
89 struct hci_conn *conn;
91 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
98 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
101 conn->link_mode &= ~HCI_LM_MASTER;
103 conn->link_mode |= HCI_LM_MASTER;
106 hci_dev_unlock(hdev);
109 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
111 struct hci_rp_read_link_policy *rp = (void *) skb->data;
112 struct hci_conn *conn;
114 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
123 conn->link_policy = __le16_to_cpu(rp->policy);
125 hci_dev_unlock(hdev);
128 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
130 struct hci_rp_write_link_policy *rp = (void *) skb->data;
131 struct hci_conn *conn;
134 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
139 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
147 conn->link_policy = get_unaligned_le16(sent + 2);
149 hci_dev_unlock(hdev);
152 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
168 __u8 status = *((__u8 *) skb->data);
171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
173 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 hdev->link_policy = get_unaligned_le16(sent);
181 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
183 __u8 status = *((__u8 *) skb->data);
185 BT_DBG("%s status 0x%2.2x", hdev->name, status);
187 clear_bit(HCI_RESET, &hdev->flags);
189 /* Reset all non-persistent flags */
190 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
192 hdev->discovery.state = DISCOVERY_STOPPED;
193 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
194 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
196 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
197 hdev->adv_data_len = 0;
199 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
200 hdev->scan_rsp_data_len = 0;
202 hdev->ssp_debug_mode = 0;
205 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data);
210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
218 if (test_bit(HCI_MGMT, &hdev->dev_flags))
219 mgmt_set_local_name_complete(hdev, sent, status);
221 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
223 hci_dev_unlock(hdev);
226 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
228 struct hci_rp_read_local_name *rp = (void *) skb->data;
230 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235 if (test_bit(HCI_SETUP, &hdev->dev_flags))
236 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
239 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
241 __u8 status = *((__u8 *) skb->data);
244 BT_DBG("%s status 0x%2.2x", hdev->name, status);
246 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 __u8 param = *((__u8 *) sent);
253 if (param == AUTH_ENABLED)
254 set_bit(HCI_AUTH, &hdev->flags);
256 clear_bit(HCI_AUTH, &hdev->flags);
259 if (test_bit(HCI_MGMT, &hdev->dev_flags))
260 mgmt_auth_enable_complete(hdev, status);
263 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
265 __u8 status = *((__u8 *) skb->data);
268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
270 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 __u8 param = *((__u8 *) sent);
278 set_bit(HCI_ENCRYPT, &hdev->flags);
280 clear_bit(HCI_ENCRYPT, &hdev->flags);
284 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
286 __u8 param, status = *((__u8 *) skb->data);
287 int old_pscan, old_iscan;
290 BT_DBG("%s status 0x%2.2x", hdev->name, status);
292 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
296 param = *((__u8 *) sent);
301 mgmt_write_scan_failed(hdev, param, status);
302 hdev->discov_timeout = 0;
306 /* We need to ensure that we set this back on if someone changed
307 * the scan mode through a raw HCI socket.
309 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
311 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
312 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
314 if (param & SCAN_INQUIRY) {
315 set_bit(HCI_ISCAN, &hdev->flags);
317 mgmt_discoverable(hdev, 1);
318 } else if (old_iscan)
319 mgmt_discoverable(hdev, 0);
321 if (param & SCAN_PAGE) {
322 set_bit(HCI_PSCAN, &hdev->flags);
324 mgmt_connectable(hdev, 1);
325 } else if (old_pscan)
326 mgmt_connectable(hdev, 0);
329 hci_dev_unlock(hdev);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%2.2x", hdev->name, status);
354 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
363 if (test_bit(HCI_MGMT, &hdev->dev_flags))
364 mgmt_set_class_of_dev_complete(hdev, sent, status);
366 hci_dev_unlock(hdev);
369 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
371 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
374 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
379 setting = __le16_to_cpu(rp->voice_setting);
381 if (hdev->voice_setting == setting)
384 hdev->voice_setting = setting;
386 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
389 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
392 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
395 __u8 status = *((__u8 *) skb->data);
399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
404 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
408 setting = get_unaligned_le16(sent);
410 if (hdev->voice_setting == setting)
413 hdev->voice_setting = setting;
415 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
421 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
431 hdev->num_iac = rp->num_iac;
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
436 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 __u8 status = *((__u8 *) skb->data);
439 struct hci_cp_write_ssp_mode *sent;
441 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->features[1][0] |= LMP_HOST_SSP;
451 hdev->features[1][0] &= ~LMP_HOST_SSP;
454 if (test_bit(HCI_MGMT, &hdev->dev_flags))
455 mgmt_ssp_enable_complete(hdev, sent->mode, status);
458 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
460 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
466 struct hci_rp_read_local_version *rp = (void *) skb->data;
468 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
473 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
474 hdev->hci_ver = rp->hci_ver;
475 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
476 hdev->lmp_ver = rp->lmp_ver;
477 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
478 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
482 static void hci_cc_read_local_commands(struct hci_dev *hdev,
485 struct hci_rp_read_local_commands *rp = (void *) skb->data;
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
490 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
493 static void hci_cc_read_local_features(struct hci_dev *hdev,
496 struct hci_rp_read_local_features *rp = (void *) skb->data;
498 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
503 memcpy(hdev->features, rp->features, 8);
505 /* Adjust default settings according to features
506 * supported by device. */
508 if (hdev->features[0][0] & LMP_3SLOT)
509 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
511 if (hdev->features[0][0] & LMP_5SLOT)
512 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
514 if (hdev->features[0][1] & LMP_HV2) {
515 hdev->pkt_type |= (HCI_HV2);
516 hdev->esco_type |= (ESCO_HV2);
519 if (hdev->features[0][1] & LMP_HV3) {
520 hdev->pkt_type |= (HCI_HV3);
521 hdev->esco_type |= (ESCO_HV3);
524 if (lmp_esco_capable(hdev))
525 hdev->esco_type |= (ESCO_EV3);
527 if (hdev->features[0][4] & LMP_EV4)
528 hdev->esco_type |= (ESCO_EV4);
530 if (hdev->features[0][4] & LMP_EV5)
531 hdev->esco_type |= (ESCO_EV5);
533 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
534 hdev->esco_type |= (ESCO_2EV3);
536 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
537 hdev->esco_type |= (ESCO_3EV3);
539 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
540 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
542 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
543 hdev->features[0][0], hdev->features[0][1],
544 hdev->features[0][2], hdev->features[0][3],
545 hdev->features[0][4], hdev->features[0][5],
546 hdev->features[0][6], hdev->features[0][7]);
549 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
552 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
554 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
559 if (hdev->max_page < rp->max_page)
560 hdev->max_page = rp->max_page;
562 if (rp->page < HCI_MAX_PAGES)
563 memcpy(hdev->features[rp->page], rp->features, 8);
566 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
569 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
571 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
574 hdev->flow_ctl_mode = rp->mode;
577 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
579 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
581 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
586 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
587 hdev->sco_mtu = rp->sco_mtu;
588 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
589 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
591 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
596 hdev->acl_cnt = hdev->acl_pkts;
597 hdev->sco_cnt = hdev->sco_pkts;
599 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
600 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
603 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
605 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
607 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
610 bacpy(&hdev->bdaddr, &rp->bdaddr);
613 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
616 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
618 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
620 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
621 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
622 hdev->page_scan_window = __le16_to_cpu(rp->window);
626 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
629 u8 status = *((u8 *) skb->data);
630 struct hci_cp_write_page_scan_activity *sent;
632 BT_DBG("%s status 0x%2.2x", hdev->name, status);
637 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
641 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
642 hdev->page_scan_window = __le16_to_cpu(sent->window);
645 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
653 hdev->page_scan_type = rp->type;
656 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
659 u8 status = *((u8 *) skb->data);
662 BT_DBG("%s status 0x%2.2x", hdev->name, status);
667 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
669 hdev->page_scan_type = *type;
672 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
675 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
677 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
682 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
683 hdev->block_len = __le16_to_cpu(rp->block_len);
684 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
686 hdev->block_cnt = hdev->num_blocks;
688 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
689 hdev->block_cnt, hdev->block_len);
692 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
695 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
697 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
702 hdev->amp_status = rp->amp_status;
703 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
704 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
705 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
706 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
707 hdev->amp_type = rp->amp_type;
708 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
709 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
710 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
711 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
714 a2mp_send_getinfo_rsp(hdev);
717 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
720 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
721 struct amp_assoc *assoc = &hdev->loc_assoc;
722 size_t rem_len, frag_len;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 frag_len = skb->len - sizeof(*rp);
730 rem_len = __le16_to_cpu(rp->rem_len);
732 if (rem_len > frag_len) {
733 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
735 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
736 assoc->offset += frag_len;
738 /* Read other fragments */
739 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
744 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
745 assoc->len = assoc->offset + rem_len;
749 /* Send A2MP Rsp when all fragments are received */
750 a2mp_send_getampassoc_rsp(hdev, rp->status);
751 a2mp_send_create_phy_link_req(hdev, rp->status);
754 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
757 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
759 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
762 hdev->inq_tx_power = rp->tx_power;
765 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
767 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
768 struct hci_cp_pin_code_reply *cp;
769 struct hci_conn *conn;
771 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
775 if (test_bit(HCI_MGMT, &hdev->dev_flags))
776 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
781 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
785 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
787 conn->pin_length = cp->pin_len;
790 hci_dev_unlock(hdev);
793 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
795 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
797 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801 if (test_bit(HCI_MGMT, &hdev->dev_flags))
802 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
805 hci_dev_unlock(hdev);
808 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
811 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
813 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
818 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
819 hdev->le_pkts = rp->le_max_pkt;
821 hdev->le_cnt = hdev->le_pkts;
823 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
826 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
829 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
834 memcpy(hdev->le_features, rp->features, 8);
837 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
840 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
845 hdev->adv_tx_power = rp->tx_power;
848 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
850 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
856 if (test_bit(HCI_MGMT, &hdev->dev_flags))
857 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
860 hci_dev_unlock(hdev);
863 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
866 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
872 if (test_bit(HCI_MGMT, &hdev->dev_flags))
873 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
874 ACL_LINK, 0, rp->status);
876 hci_dev_unlock(hdev);
879 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
887 if (test_bit(HCI_MGMT, &hdev->dev_flags))
888 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
891 hci_dev_unlock(hdev);
894 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
897 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
903 if (test_bit(HCI_MGMT, &hdev->dev_flags))
904 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
905 ACL_LINK, 0, rp->status);
907 hci_dev_unlock(hdev);
910 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
913 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
915 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
918 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
919 rp->randomizer, rp->status);
920 hci_dev_unlock(hdev);
923 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
925 __u8 *sent, status = *((__u8 *) skb->data);
927 BT_DBG("%s status 0x%2.2x", hdev->name, status);
929 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
937 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
939 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
942 hci_dev_unlock(hdev);
945 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
948 struct hci_cp_le_set_scan_enable *cp;
949 __u8 status = *((__u8 *) skb->data);
951 BT_DBG("%s status 0x%2.2x", hdev->name, status);
953 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
960 switch (cp->enable) {
962 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
965 case LE_SCAN_DISABLE:
966 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
970 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
975 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
978 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
980 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
983 hdev->le_white_list_size = rp->size;
986 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
989 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
991 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
994 memcpy(hdev->le_states, rp->le_states, 8);
997 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1000 struct hci_cp_write_le_host_supported *sent;
1001 __u8 status = *((__u8 *) skb->data);
1003 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1005 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1011 hdev->features[1][0] |= LMP_HOST_LE;
1012 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1014 hdev->features[1][0] &= ~LMP_HOST_LE;
1015 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1016 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1020 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1022 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1026 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1027 struct sk_buff *skb)
1029 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1031 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1032 hdev->name, rp->status, rp->phy_handle);
1037 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1040 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1042 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1045 hci_conn_check_pending(hdev);
1049 set_bit(HCI_INQUIRY, &hdev->flags);
1052 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1054 struct hci_cp_create_conn *cp;
1055 struct hci_conn *conn;
1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1059 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1065 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1067 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1070 if (conn && conn->state == BT_CONNECT) {
1071 if (status != 0x0c || conn->attempt > 2) {
1072 conn->state = BT_CLOSED;
1073 hci_proto_connect_cfm(conn, status);
1076 conn->state = BT_CONNECT2;
1080 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1083 conn->link_mode |= HCI_LM_MASTER;
1085 BT_ERR("No memory for new connection");
1089 hci_dev_unlock(hdev);
1092 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1094 struct hci_cp_add_sco *cp;
1095 struct hci_conn *acl, *sco;
1098 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1103 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1107 handle = __le16_to_cpu(cp->handle);
1109 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1113 acl = hci_conn_hash_lookup_handle(hdev, handle);
1117 sco->state = BT_CLOSED;
1119 hci_proto_connect_cfm(sco, status);
1124 hci_dev_unlock(hdev);
1127 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1129 struct hci_cp_auth_requested *cp;
1130 struct hci_conn *conn;
1132 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1137 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1143 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1145 if (conn->state == BT_CONFIG) {
1146 hci_proto_connect_cfm(conn, status);
1147 hci_conn_drop(conn);
1151 hci_dev_unlock(hdev);
1154 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1156 struct hci_cp_set_conn_encrypt *cp;
1157 struct hci_conn *conn;
1159 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1170 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1172 if (conn->state == BT_CONFIG) {
1173 hci_proto_connect_cfm(conn, status);
1174 hci_conn_drop(conn);
1178 hci_dev_unlock(hdev);
1181 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1182 struct hci_conn *conn)
1184 if (conn->state != BT_CONFIG || !conn->out)
1187 if (conn->pending_sec_level == BT_SECURITY_SDP)
1190 /* Only request authentication for SSP connections or non-SSP
1191 * devices with sec_level HIGH or if MITM protection is requested */
1192 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1193 conn->pending_sec_level != BT_SECURITY_HIGH)
1199 static int hci_resolve_name(struct hci_dev *hdev,
1200 struct inquiry_entry *e)
1202 struct hci_cp_remote_name_req cp;
1204 memset(&cp, 0, sizeof(cp));
1206 bacpy(&cp.bdaddr, &e->data.bdaddr);
1207 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1208 cp.pscan_mode = e->data.pscan_mode;
1209 cp.clock_offset = e->data.clock_offset;
1211 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1214 static bool hci_resolve_next_name(struct hci_dev *hdev)
1216 struct discovery_state *discov = &hdev->discovery;
1217 struct inquiry_entry *e;
1219 if (list_empty(&discov->resolve))
1222 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1226 if (hci_resolve_name(hdev, e) == 0) {
1227 e->name_state = NAME_PENDING;
1234 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1235 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1237 struct discovery_state *discov = &hdev->discovery;
1238 struct inquiry_entry *e;
1240 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1241 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1242 name_len, conn->dev_class);
1244 if (discov->state == DISCOVERY_STOPPED)
1247 if (discov->state == DISCOVERY_STOPPING)
1248 goto discov_complete;
1250 if (discov->state != DISCOVERY_RESOLVING)
1253 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1254 /* If the device was not found in a list of found devices names of which
1255 * are pending. there is no need to continue resolving a next name as it
1256 * will be done upon receiving another Remote Name Request Complete
1263 e->name_state = NAME_KNOWN;
1264 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1265 e->data.rssi, name, name_len);
1267 e->name_state = NAME_NOT_KNOWN;
1270 if (hci_resolve_next_name(hdev))
1274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1277 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1279 struct hci_cp_remote_name_req *cp;
1280 struct hci_conn *conn;
1282 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1284 /* If successful wait for the name req complete event before
1285 * checking for the need to do authentication */
1289 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1297 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1298 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1303 if (!hci_outgoing_auth_needed(hdev, conn))
1306 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1307 struct hci_cp_auth_requested auth_cp;
1309 auth_cp.handle = __cpu_to_le16(conn->handle);
1310 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1311 sizeof(auth_cp), &auth_cp);
1315 hci_dev_unlock(hdev);
1318 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1320 struct hci_cp_read_remote_features *cp;
1321 struct hci_conn *conn;
1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1328 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1334 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1336 if (conn->state == BT_CONFIG) {
1337 hci_proto_connect_cfm(conn, status);
1338 hci_conn_drop(conn);
1342 hci_dev_unlock(hdev);
1345 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1347 struct hci_cp_read_remote_ext_features *cp;
1348 struct hci_conn *conn;
1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1355 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1361 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1363 if (conn->state == BT_CONFIG) {
1364 hci_proto_connect_cfm(conn, status);
1365 hci_conn_drop(conn);
1369 hci_dev_unlock(hdev);
1372 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1374 struct hci_cp_setup_sync_conn *cp;
1375 struct hci_conn *acl, *sco;
1378 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1383 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1387 handle = __le16_to_cpu(cp->handle);
1389 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1393 acl = hci_conn_hash_lookup_handle(hdev, handle);
1397 sco->state = BT_CLOSED;
1399 hci_proto_connect_cfm(sco, status);
1404 hci_dev_unlock(hdev);
1407 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1409 struct hci_cp_sniff_mode *cp;
1410 struct hci_conn *conn;
1412 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1417 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1425 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1427 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1428 hci_sco_setup(conn, status);
1431 hci_dev_unlock(hdev);
1434 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1436 struct hci_cp_exit_sniff_mode *cp;
1437 struct hci_conn *conn;
1439 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1444 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1450 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1452 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1454 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1455 hci_sco_setup(conn, status);
1458 hci_dev_unlock(hdev);
1461 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1463 struct hci_cp_disconnect *cp;
1464 struct hci_conn *conn;
1469 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1475 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1477 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1478 conn->dst_type, status);
1480 hci_dev_unlock(hdev);
1483 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1485 struct hci_cp_create_phy_link *cp;
1487 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1489 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1496 struct hci_conn *hcon;
1498 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1502 amp_write_remote_assoc(hdev, cp->phy_handle);
1505 hci_dev_unlock(hdev);
1508 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1510 struct hci_cp_accept_phy_link *cp;
1512 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1517 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1521 amp_write_remote_assoc(hdev, cp->phy_handle);
1524 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1526 __u8 status = *((__u8 *) skb->data);
1527 struct discovery_state *discov = &hdev->discovery;
1528 struct inquiry_entry *e;
1530 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1532 hci_conn_check_pending(hdev);
1534 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1537 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1538 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1540 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1545 if (discov->state != DISCOVERY_FINDING)
1548 if (list_empty(&discov->resolve)) {
1549 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1553 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1554 if (e && hci_resolve_name(hdev, e) == 0) {
1555 e->name_state = NAME_PENDING;
1556 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1558 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1562 hci_dev_unlock(hdev);
1565 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1567 struct inquiry_data data;
1568 struct inquiry_info *info = (void *) (skb->data + 1);
1569 int num_rsp = *((__u8 *) skb->data);
1571 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1576 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1581 for (; num_rsp; num_rsp--, info++) {
1582 bool name_known, ssp;
1584 bacpy(&data.bdaddr, &info->bdaddr);
1585 data.pscan_rep_mode = info->pscan_rep_mode;
1586 data.pscan_period_mode = info->pscan_period_mode;
1587 data.pscan_mode = info->pscan_mode;
1588 memcpy(data.dev_class, info->dev_class, 3);
1589 data.clock_offset = info->clock_offset;
1591 data.ssp_mode = 0x00;
1593 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1594 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1595 info->dev_class, 0, !name_known, ssp, NULL,
1599 hci_dev_unlock(hdev);
1602 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1604 struct hci_ev_conn_complete *ev = (void *) skb->data;
1605 struct hci_conn *conn;
1607 BT_DBG("%s", hdev->name);
1611 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1613 if (ev->link_type != SCO_LINK)
1616 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1620 conn->type = SCO_LINK;
1624 conn->handle = __le16_to_cpu(ev->handle);
1626 if (conn->type == ACL_LINK) {
1627 conn->state = BT_CONFIG;
1628 hci_conn_hold(conn);
1630 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1631 !hci_find_link_key(hdev, &ev->bdaddr))
1632 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1634 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1636 conn->state = BT_CONNECTED;
1638 hci_conn_add_sysfs(conn);
1640 if (test_bit(HCI_AUTH, &hdev->flags))
1641 conn->link_mode |= HCI_LM_AUTH;
1643 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1644 conn->link_mode |= HCI_LM_ENCRYPT;
1646 /* Get remote features */
1647 if (conn->type == ACL_LINK) {
1648 struct hci_cp_read_remote_features cp;
1649 cp.handle = ev->handle;
1650 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1654 /* Set packet type for incoming connection */
1655 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1656 struct hci_cp_change_conn_ptype cp;
1657 cp.handle = ev->handle;
1658 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1659 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1663 conn->state = BT_CLOSED;
1664 if (conn->type == ACL_LINK)
1665 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1666 conn->dst_type, ev->status);
1669 if (conn->type == ACL_LINK)
1670 hci_sco_setup(conn, ev->status);
1673 hci_proto_connect_cfm(conn, ev->status);
1675 } else if (ev->link_type != ACL_LINK)
1676 hci_proto_connect_cfm(conn, ev->status);
1679 hci_dev_unlock(hdev);
1681 hci_conn_check_pending(hdev);
1684 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686 struct hci_ev_conn_request *ev = (void *) skb->data;
1687 int mask = hdev->link_mode;
1690 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1693 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1696 if ((mask & HCI_LM_ACCEPT) &&
1697 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
1698 /* Connection accepted */
1699 struct inquiry_entry *ie;
1700 struct hci_conn *conn;
1704 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1706 memcpy(ie->data.dev_class, ev->dev_class, 3);
1708 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1711 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1713 BT_ERR("No memory for new connection");
1714 hci_dev_unlock(hdev);
1719 memcpy(conn->dev_class, ev->dev_class, 3);
1721 hci_dev_unlock(hdev);
1723 if (ev->link_type == ACL_LINK ||
1724 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1725 struct hci_cp_accept_conn_req cp;
1726 conn->state = BT_CONNECT;
1728 bacpy(&cp.bdaddr, &ev->bdaddr);
1730 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1731 cp.role = 0x00; /* Become master */
1733 cp.role = 0x01; /* Remain slave */
1735 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1737 } else if (!(flags & HCI_PROTO_DEFER)) {
1738 struct hci_cp_accept_sync_conn_req cp;
1739 conn->state = BT_CONNECT;
1741 bacpy(&cp.bdaddr, &ev->bdaddr);
1742 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1744 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1745 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1746 cp.max_latency = __constant_cpu_to_le16(0xffff);
1747 cp.content_format = cpu_to_le16(hdev->voice_setting);
1748 cp.retrans_effort = 0xff;
1750 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1753 conn->state = BT_CONNECT2;
1754 hci_proto_connect_cfm(conn, 0);
1757 /* Connection rejected */
1758 struct hci_cp_reject_conn_req cp;
1760 bacpy(&cp.bdaddr, &ev->bdaddr);
1761 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1762 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1766 static u8 hci_to_mgmt_reason(u8 err)
1769 case HCI_ERROR_CONNECTION_TIMEOUT:
1770 return MGMT_DEV_DISCONN_TIMEOUT;
1771 case HCI_ERROR_REMOTE_USER_TERM:
1772 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1773 case HCI_ERROR_REMOTE_POWER_OFF:
1774 return MGMT_DEV_DISCONN_REMOTE;
1775 case HCI_ERROR_LOCAL_HOST_TERM:
1776 return MGMT_DEV_DISCONN_LOCAL_HOST;
1778 return MGMT_DEV_DISCONN_UNKNOWN;
1782 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1784 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1785 struct hci_conn *conn;
1787 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1791 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1795 if (ev->status == 0)
1796 conn->state = BT_CLOSED;
1798 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1799 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1801 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1802 conn->dst_type, ev->status);
1804 u8 reason = hci_to_mgmt_reason(ev->reason);
1806 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1807 conn->dst_type, reason);
1811 if (ev->status == 0) {
1812 u8 type = conn->type;
1814 if (type == ACL_LINK && conn->flush_key)
1815 hci_remove_link_key(hdev, &conn->dst);
1816 hci_proto_disconn_cfm(conn, ev->reason);
1819 /* Re-enable advertising if necessary, since it might
1820 * have been disabled by the connection. From the
1821 * HCI_LE_Set_Advertise_Enable command description in
1822 * the core specification (v4.0):
1823 * "The Controller shall continue advertising until the Host
1824 * issues an LE_Set_Advertise_Enable command with
1825 * Advertising_Enable set to 0x00 (Advertising is disabled)
1826 * or until a connection is created or until the Advertising
1827 * is timed out due to Directed Advertising."
1829 if (type == LE_LINK)
1830 mgmt_reenable_advertising(hdev);
1834 hci_dev_unlock(hdev);
1837 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1839 struct hci_ev_auth_complete *ev = (void *) skb->data;
1840 struct hci_conn *conn;
1842 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1846 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1851 if (!hci_conn_ssp_enabled(conn) &&
1852 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1853 BT_INFO("re-auth of legacy device is not possible.");
1855 conn->link_mode |= HCI_LM_AUTH;
1856 conn->sec_level = conn->pending_sec_level;
1859 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1863 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1864 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1866 if (conn->state == BT_CONFIG) {
1867 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1868 struct hci_cp_set_conn_encrypt cp;
1869 cp.handle = ev->handle;
1871 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1874 conn->state = BT_CONNECTED;
1875 hci_proto_connect_cfm(conn, ev->status);
1876 hci_conn_drop(conn);
1879 hci_auth_cfm(conn, ev->status);
1881 hci_conn_hold(conn);
1882 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1883 hci_conn_drop(conn);
1886 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1888 struct hci_cp_set_conn_encrypt cp;
1889 cp.handle = ev->handle;
1891 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1894 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1895 hci_encrypt_cfm(conn, ev->status, 0x00);
1900 hci_dev_unlock(hdev);
1903 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1905 struct hci_ev_remote_name *ev = (void *) skb->data;
1906 struct hci_conn *conn;
1908 BT_DBG("%s", hdev->name);
1910 hci_conn_check_pending(hdev);
1914 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1916 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1919 if (ev->status == 0)
1920 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1921 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1923 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1929 if (!hci_outgoing_auth_needed(hdev, conn))
1932 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1933 struct hci_cp_auth_requested cp;
1934 cp.handle = __cpu_to_le16(conn->handle);
1935 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1939 hci_dev_unlock(hdev);
1942 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1944 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1945 struct hci_conn *conn;
1947 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1951 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1955 /* Encryption implies authentication */
1956 conn->link_mode |= HCI_LM_AUTH;
1957 conn->link_mode |= HCI_LM_ENCRYPT;
1958 conn->sec_level = conn->pending_sec_level;
1960 conn->link_mode &= ~HCI_LM_ENCRYPT;
1963 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1965 if (ev->status && conn->state == BT_CONNECTED) {
1966 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1967 hci_conn_drop(conn);
1971 if (conn->state == BT_CONFIG) {
1973 conn->state = BT_CONNECTED;
1975 hci_proto_connect_cfm(conn, ev->status);
1976 hci_conn_drop(conn);
1978 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1982 hci_dev_unlock(hdev);
1985 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1986 struct sk_buff *skb)
1988 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1989 struct hci_conn *conn;
1991 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1995 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1998 conn->link_mode |= HCI_LM_SECURE;
2000 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2002 hci_key_change_cfm(conn, ev->status);
2005 hci_dev_unlock(hdev);
2008 static void hci_remote_features_evt(struct hci_dev *hdev,
2009 struct sk_buff *skb)
2011 struct hci_ev_remote_features *ev = (void *) skb->data;
2012 struct hci_conn *conn;
2014 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2018 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2023 memcpy(conn->features[0], ev->features, 8);
2025 if (conn->state != BT_CONFIG)
2028 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2029 struct hci_cp_read_remote_ext_features cp;
2030 cp.handle = ev->handle;
2032 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2037 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2038 struct hci_cp_remote_name_req cp;
2039 memset(&cp, 0, sizeof(cp));
2040 bacpy(&cp.bdaddr, &conn->dst);
2041 cp.pscan_rep_mode = 0x02;
2042 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2043 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2044 mgmt_device_connected(hdev, &conn->dst, conn->type,
2045 conn->dst_type, 0, NULL, 0,
2048 if (!hci_outgoing_auth_needed(hdev, conn)) {
2049 conn->state = BT_CONNECTED;
2050 hci_proto_connect_cfm(conn, ev->status);
2051 hci_conn_drop(conn);
2055 hci_dev_unlock(hdev);
2058 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2060 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2061 u8 status = skb->data[sizeof(*ev)];
2064 skb_pull(skb, sizeof(*ev));
2066 opcode = __le16_to_cpu(ev->opcode);
2069 case HCI_OP_INQUIRY_CANCEL:
2070 hci_cc_inquiry_cancel(hdev, skb);
2073 case HCI_OP_PERIODIC_INQ:
2074 hci_cc_periodic_inq(hdev, skb);
2077 case HCI_OP_EXIT_PERIODIC_INQ:
2078 hci_cc_exit_periodic_inq(hdev, skb);
2081 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2082 hci_cc_remote_name_req_cancel(hdev, skb);
2085 case HCI_OP_ROLE_DISCOVERY:
2086 hci_cc_role_discovery(hdev, skb);
2089 case HCI_OP_READ_LINK_POLICY:
2090 hci_cc_read_link_policy(hdev, skb);
2093 case HCI_OP_WRITE_LINK_POLICY:
2094 hci_cc_write_link_policy(hdev, skb);
2097 case HCI_OP_READ_DEF_LINK_POLICY:
2098 hci_cc_read_def_link_policy(hdev, skb);
2101 case HCI_OP_WRITE_DEF_LINK_POLICY:
2102 hci_cc_write_def_link_policy(hdev, skb);
2106 hci_cc_reset(hdev, skb);
2109 case HCI_OP_WRITE_LOCAL_NAME:
2110 hci_cc_write_local_name(hdev, skb);
2113 case HCI_OP_READ_LOCAL_NAME:
2114 hci_cc_read_local_name(hdev, skb);
2117 case HCI_OP_WRITE_AUTH_ENABLE:
2118 hci_cc_write_auth_enable(hdev, skb);
2121 case HCI_OP_WRITE_ENCRYPT_MODE:
2122 hci_cc_write_encrypt_mode(hdev, skb);
2125 case HCI_OP_WRITE_SCAN_ENABLE:
2126 hci_cc_write_scan_enable(hdev, skb);
2129 case HCI_OP_READ_CLASS_OF_DEV:
2130 hci_cc_read_class_of_dev(hdev, skb);
2133 case HCI_OP_WRITE_CLASS_OF_DEV:
2134 hci_cc_write_class_of_dev(hdev, skb);
2137 case HCI_OP_READ_VOICE_SETTING:
2138 hci_cc_read_voice_setting(hdev, skb);
2141 case HCI_OP_WRITE_VOICE_SETTING:
2142 hci_cc_write_voice_setting(hdev, skb);
2145 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2146 hci_cc_read_num_supported_iac(hdev, skb);
2149 case HCI_OP_WRITE_SSP_MODE:
2150 hci_cc_write_ssp_mode(hdev, skb);
2153 case HCI_OP_READ_LOCAL_VERSION:
2154 hci_cc_read_local_version(hdev, skb);
2157 case HCI_OP_READ_LOCAL_COMMANDS:
2158 hci_cc_read_local_commands(hdev, skb);
2161 case HCI_OP_READ_LOCAL_FEATURES:
2162 hci_cc_read_local_features(hdev, skb);
2165 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2166 hci_cc_read_local_ext_features(hdev, skb);
2169 case HCI_OP_READ_BUFFER_SIZE:
2170 hci_cc_read_buffer_size(hdev, skb);
2173 case HCI_OP_READ_BD_ADDR:
2174 hci_cc_read_bd_addr(hdev, skb);
2177 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2178 hci_cc_read_page_scan_activity(hdev, skb);
2181 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2182 hci_cc_write_page_scan_activity(hdev, skb);
2185 case HCI_OP_READ_PAGE_SCAN_TYPE:
2186 hci_cc_read_page_scan_type(hdev, skb);
2189 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2190 hci_cc_write_page_scan_type(hdev, skb);
2193 case HCI_OP_READ_DATA_BLOCK_SIZE:
2194 hci_cc_read_data_block_size(hdev, skb);
2197 case HCI_OP_READ_FLOW_CONTROL_MODE:
2198 hci_cc_read_flow_control_mode(hdev, skb);
2201 case HCI_OP_READ_LOCAL_AMP_INFO:
2202 hci_cc_read_local_amp_info(hdev, skb);
2205 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2206 hci_cc_read_local_amp_assoc(hdev, skb);
2209 case HCI_OP_READ_INQ_RSP_TX_POWER:
2210 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2213 case HCI_OP_PIN_CODE_REPLY:
2214 hci_cc_pin_code_reply(hdev, skb);
2217 case HCI_OP_PIN_CODE_NEG_REPLY:
2218 hci_cc_pin_code_neg_reply(hdev, skb);
2221 case HCI_OP_READ_LOCAL_OOB_DATA:
2222 hci_cc_read_local_oob_data_reply(hdev, skb);
2225 case HCI_OP_LE_READ_BUFFER_SIZE:
2226 hci_cc_le_read_buffer_size(hdev, skb);
2229 case HCI_OP_LE_READ_LOCAL_FEATURES:
2230 hci_cc_le_read_local_features(hdev, skb);
2233 case HCI_OP_LE_READ_ADV_TX_POWER:
2234 hci_cc_le_read_adv_tx_power(hdev, skb);
2237 case HCI_OP_USER_CONFIRM_REPLY:
2238 hci_cc_user_confirm_reply(hdev, skb);
2241 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2242 hci_cc_user_confirm_neg_reply(hdev, skb);
2245 case HCI_OP_USER_PASSKEY_REPLY:
2246 hci_cc_user_passkey_reply(hdev, skb);
2249 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2250 hci_cc_user_passkey_neg_reply(hdev, skb);
2253 case HCI_OP_LE_SET_ADV_ENABLE:
2254 hci_cc_le_set_adv_enable(hdev, skb);
2257 case HCI_OP_LE_SET_SCAN_ENABLE:
2258 hci_cc_le_set_scan_enable(hdev, skb);
2261 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2262 hci_cc_le_read_white_list_size(hdev, skb);
2265 case HCI_OP_LE_READ_SUPPORTED_STATES:
2266 hci_cc_le_read_supported_states(hdev, skb);
2269 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2270 hci_cc_write_le_host_supported(hdev, skb);
2273 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2274 hci_cc_write_remote_amp_assoc(hdev, skb);
2278 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2282 if (opcode != HCI_OP_NOP)
2283 del_timer(&hdev->cmd_timer);
2285 hci_req_cmd_complete(hdev, opcode, status);
2287 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2288 atomic_set(&hdev->cmd_cnt, 1);
2289 if (!skb_queue_empty(&hdev->cmd_q))
2290 queue_work(hdev->workqueue, &hdev->cmd_work);
2294 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2296 struct hci_ev_cmd_status *ev = (void *) skb->data;
2299 skb_pull(skb, sizeof(*ev));
2301 opcode = __le16_to_cpu(ev->opcode);
2304 case HCI_OP_INQUIRY:
2305 hci_cs_inquiry(hdev, ev->status);
2308 case HCI_OP_CREATE_CONN:
2309 hci_cs_create_conn(hdev, ev->status);
2312 case HCI_OP_ADD_SCO:
2313 hci_cs_add_sco(hdev, ev->status);
2316 case HCI_OP_AUTH_REQUESTED:
2317 hci_cs_auth_requested(hdev, ev->status);
2320 case HCI_OP_SET_CONN_ENCRYPT:
2321 hci_cs_set_conn_encrypt(hdev, ev->status);
2324 case HCI_OP_REMOTE_NAME_REQ:
2325 hci_cs_remote_name_req(hdev, ev->status);
2328 case HCI_OP_READ_REMOTE_FEATURES:
2329 hci_cs_read_remote_features(hdev, ev->status);
2332 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2333 hci_cs_read_remote_ext_features(hdev, ev->status);
2336 case HCI_OP_SETUP_SYNC_CONN:
2337 hci_cs_setup_sync_conn(hdev, ev->status);
2340 case HCI_OP_SNIFF_MODE:
2341 hci_cs_sniff_mode(hdev, ev->status);
2344 case HCI_OP_EXIT_SNIFF_MODE:
2345 hci_cs_exit_sniff_mode(hdev, ev->status);
2348 case HCI_OP_DISCONNECT:
2349 hci_cs_disconnect(hdev, ev->status);
2352 case HCI_OP_CREATE_PHY_LINK:
2353 hci_cs_create_phylink(hdev, ev->status);
2356 case HCI_OP_ACCEPT_PHY_LINK:
2357 hci_cs_accept_phylink(hdev, ev->status);
2361 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2365 if (opcode != HCI_OP_NOP)
2366 del_timer(&hdev->cmd_timer);
2369 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2370 hci_req_cmd_complete(hdev, opcode, ev->status);
2372 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2373 atomic_set(&hdev->cmd_cnt, 1);
2374 if (!skb_queue_empty(&hdev->cmd_q))
2375 queue_work(hdev->workqueue, &hdev->cmd_work);
2379 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2381 struct hci_ev_role_change *ev = (void *) skb->data;
2382 struct hci_conn *conn;
2384 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2392 conn->link_mode &= ~HCI_LM_MASTER;
2394 conn->link_mode |= HCI_LM_MASTER;
2397 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2399 hci_role_switch_cfm(conn, ev->status, ev->role);
2402 hci_dev_unlock(hdev);
2405 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2407 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2410 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2411 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2415 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2416 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2417 BT_DBG("%s bad parameters", hdev->name);
2421 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2423 for (i = 0; i < ev->num_hndl; i++) {
2424 struct hci_comp_pkts_info *info = &ev->handles[i];
2425 struct hci_conn *conn;
2426 __u16 handle, count;
2428 handle = __le16_to_cpu(info->handle);
2429 count = __le16_to_cpu(info->count);
2431 conn = hci_conn_hash_lookup_handle(hdev, handle);
2435 conn->sent -= count;
2437 switch (conn->type) {
2439 hdev->acl_cnt += count;
2440 if (hdev->acl_cnt > hdev->acl_pkts)
2441 hdev->acl_cnt = hdev->acl_pkts;
2445 if (hdev->le_pkts) {
2446 hdev->le_cnt += count;
2447 if (hdev->le_cnt > hdev->le_pkts)
2448 hdev->le_cnt = hdev->le_pkts;
2450 hdev->acl_cnt += count;
2451 if (hdev->acl_cnt > hdev->acl_pkts)
2452 hdev->acl_cnt = hdev->acl_pkts;
2457 hdev->sco_cnt += count;
2458 if (hdev->sco_cnt > hdev->sco_pkts)
2459 hdev->sco_cnt = hdev->sco_pkts;
2463 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2468 queue_work(hdev->workqueue, &hdev->tx_work);
2471 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2474 struct hci_chan *chan;
2476 switch (hdev->dev_type) {
2478 return hci_conn_hash_lookup_handle(hdev, handle);
2480 chan = hci_chan_lookup_handle(hdev, handle);
2485 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2492 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2494 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2497 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2498 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2502 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2503 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2504 BT_DBG("%s bad parameters", hdev->name);
2508 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2511 for (i = 0; i < ev->num_hndl; i++) {
2512 struct hci_comp_blocks_info *info = &ev->handles[i];
2513 struct hci_conn *conn = NULL;
2514 __u16 handle, block_count;
2516 handle = __le16_to_cpu(info->handle);
2517 block_count = __le16_to_cpu(info->blocks);
2519 conn = __hci_conn_lookup_handle(hdev, handle);
2523 conn->sent -= block_count;
2525 switch (conn->type) {
2528 hdev->block_cnt += block_count;
2529 if (hdev->block_cnt > hdev->num_blocks)
2530 hdev->block_cnt = hdev->num_blocks;
2534 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2539 queue_work(hdev->workqueue, &hdev->tx_work);
2542 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2544 struct hci_ev_mode_change *ev = (void *) skb->data;
2545 struct hci_conn *conn;
2547 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2551 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2553 conn->mode = ev->mode;
2555 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2557 if (conn->mode == HCI_CM_ACTIVE)
2558 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2560 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2563 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2564 hci_sco_setup(conn, ev->status);
2567 hci_dev_unlock(hdev);
2570 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2572 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2573 struct hci_conn *conn;
2575 BT_DBG("%s", hdev->name);
2579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2583 if (conn->state == BT_CONNECTED) {
2584 hci_conn_hold(conn);
2585 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2586 hci_conn_drop(conn);
2589 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2590 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2591 sizeof(ev->bdaddr), &ev->bdaddr);
2592 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2595 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2600 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2604 hci_dev_unlock(hdev);
2607 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609 struct hci_ev_link_key_req *ev = (void *) skb->data;
2610 struct hci_cp_link_key_reply cp;
2611 struct hci_conn *conn;
2612 struct link_key *key;
2614 BT_DBG("%s", hdev->name);
2616 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2621 key = hci_find_link_key(hdev, &ev->bdaddr);
2623 BT_DBG("%s link key not found for %pMR", hdev->name,
2628 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2631 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2632 key->type == HCI_LK_DEBUG_COMBINATION) {
2633 BT_DBG("%s ignoring debug key", hdev->name);
2637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2639 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2640 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2641 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2645 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2646 conn->pending_sec_level == BT_SECURITY_HIGH) {
2647 BT_DBG("%s ignoring key unauthenticated for high security",
2652 conn->key_type = key->type;
2653 conn->pin_length = key->pin_len;
2656 bacpy(&cp.bdaddr, &ev->bdaddr);
2657 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2659 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2661 hci_dev_unlock(hdev);
2666 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2667 hci_dev_unlock(hdev);
2670 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2672 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2673 struct hci_conn *conn;
2676 BT_DBG("%s", hdev->name);
2680 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2682 hci_conn_hold(conn);
2683 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2684 pin_len = conn->pin_length;
2686 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2687 conn->key_type = ev->key_type;
2689 hci_conn_drop(conn);
2692 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2693 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2694 ev->key_type, pin_len);
2696 hci_dev_unlock(hdev);
2699 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2701 struct hci_ev_clock_offset *ev = (void *) skb->data;
2702 struct hci_conn *conn;
2704 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2708 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2709 if (conn && !ev->status) {
2710 struct inquiry_entry *ie;
2712 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2714 ie->data.clock_offset = ev->clock_offset;
2715 ie->timestamp = jiffies;
2719 hci_dev_unlock(hdev);
2722 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2727 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 if (conn && !ev->status)
2733 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2735 hci_dev_unlock(hdev);
2738 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2740 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2741 struct inquiry_entry *ie;
2743 BT_DBG("%s", hdev->name);
2747 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2749 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2750 ie->timestamp = jiffies;
2753 hci_dev_unlock(hdev);
2756 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2757 struct sk_buff *skb)
2759 struct inquiry_data data;
2760 int num_rsp = *((__u8 *) skb->data);
2761 bool name_known, ssp;
2763 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2768 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2773 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2774 struct inquiry_info_with_rssi_and_pscan_mode *info;
2775 info = (void *) (skb->data + 1);
2777 for (; num_rsp; num_rsp--, info++) {
2778 bacpy(&data.bdaddr, &info->bdaddr);
2779 data.pscan_rep_mode = info->pscan_rep_mode;
2780 data.pscan_period_mode = info->pscan_period_mode;
2781 data.pscan_mode = info->pscan_mode;
2782 memcpy(data.dev_class, info->dev_class, 3);
2783 data.clock_offset = info->clock_offset;
2784 data.rssi = info->rssi;
2785 data.ssp_mode = 0x00;
2787 name_known = hci_inquiry_cache_update(hdev, &data,
2789 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2790 info->dev_class, info->rssi,
2791 !name_known, ssp, NULL, 0);
2794 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2796 for (; num_rsp; num_rsp--, info++) {
2797 bacpy(&data.bdaddr, &info->bdaddr);
2798 data.pscan_rep_mode = info->pscan_rep_mode;
2799 data.pscan_period_mode = info->pscan_period_mode;
2800 data.pscan_mode = 0x00;
2801 memcpy(data.dev_class, info->dev_class, 3);
2802 data.clock_offset = info->clock_offset;
2803 data.rssi = info->rssi;
2804 data.ssp_mode = 0x00;
2805 name_known = hci_inquiry_cache_update(hdev, &data,
2807 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2808 info->dev_class, info->rssi,
2809 !name_known, ssp, NULL, 0);
2813 hci_dev_unlock(hdev);
2816 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2817 struct sk_buff *skb)
2819 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2820 struct hci_conn *conn;
2822 BT_DBG("%s", hdev->name);
2826 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2830 if (ev->page < HCI_MAX_PAGES)
2831 memcpy(conn->features[ev->page], ev->features, 8);
2833 if (!ev->status && ev->page == 0x01) {
2834 struct inquiry_entry *ie;
2836 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2838 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2840 if (ev->features[0] & LMP_HOST_SSP) {
2841 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2843 /* It is mandatory by the Bluetooth specification that
2844 * Extended Inquiry Results are only used when Secure
2845 * Simple Pairing is enabled, but some devices violate
2848 * To make these devices work, the internal SSP
2849 * enabled flag needs to be cleared if the remote host
2850 * features do not indicate SSP support */
2851 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2855 if (conn->state != BT_CONFIG)
2858 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2859 struct hci_cp_remote_name_req cp;
2860 memset(&cp, 0, sizeof(cp));
2861 bacpy(&cp.bdaddr, &conn->dst);
2862 cp.pscan_rep_mode = 0x02;
2863 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2864 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2865 mgmt_device_connected(hdev, &conn->dst, conn->type,
2866 conn->dst_type, 0, NULL, 0,
2869 if (!hci_outgoing_auth_needed(hdev, conn)) {
2870 conn->state = BT_CONNECTED;
2871 hci_proto_connect_cfm(conn, ev->status);
2872 hci_conn_drop(conn);
2876 hci_dev_unlock(hdev);
2879 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2880 struct sk_buff *skb)
2882 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2883 struct hci_conn *conn;
2885 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2889 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2891 if (ev->link_type == ESCO_LINK)
2894 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2898 conn->type = SCO_LINK;
2901 switch (ev->status) {
2903 conn->handle = __le16_to_cpu(ev->handle);
2904 conn->state = BT_CONNECTED;
2906 hci_conn_add_sysfs(conn);
2909 case 0x0d: /* Connection Rejected due to Limited Resources */
2910 case 0x11: /* Unsupported Feature or Parameter Value */
2911 case 0x1c: /* SCO interval rejected */
2912 case 0x1a: /* Unsupported Remote Feature */
2913 case 0x1f: /* Unspecified error */
2915 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2916 (hdev->esco_type & EDR_ESCO_MASK);
2917 if (hci_setup_sync(conn, conn->link->handle))
2923 conn->state = BT_CLOSED;
2927 hci_proto_connect_cfm(conn, ev->status);
2932 hci_dev_unlock(hdev);
2935 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
2939 while (parsed < eir_len) {
2940 u8 field_len = eir[0];
2945 parsed += field_len + 1;
2946 eir += field_len + 1;
2952 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2953 struct sk_buff *skb)
2955 struct inquiry_data data;
2956 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2957 int num_rsp = *((__u8 *) skb->data);
2960 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2965 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2970 for (; num_rsp; num_rsp--, info++) {
2971 bool name_known, ssp;
2973 bacpy(&data.bdaddr, &info->bdaddr);
2974 data.pscan_rep_mode = info->pscan_rep_mode;
2975 data.pscan_period_mode = info->pscan_period_mode;
2976 data.pscan_mode = 0x00;
2977 memcpy(data.dev_class, info->dev_class, 3);
2978 data.clock_offset = info->clock_offset;
2979 data.rssi = info->rssi;
2980 data.ssp_mode = 0x01;
2982 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2983 name_known = eir_has_data_type(info->data,
2989 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2991 eir_len = eir_get_length(info->data, sizeof(info->data));
2992 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2993 info->dev_class, info->rssi, !name_known,
2994 ssp, info->data, eir_len);
2997 hci_dev_unlock(hdev);
3000 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3001 struct sk_buff *skb)
3003 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3004 struct hci_conn *conn;
3006 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3007 __le16_to_cpu(ev->handle));
3011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3016 conn->sec_level = conn->pending_sec_level;
3018 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3020 if (ev->status && conn->state == BT_CONNECTED) {
3021 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3022 hci_conn_drop(conn);
3026 if (conn->state == BT_CONFIG) {
3028 conn->state = BT_CONNECTED;
3030 hci_proto_connect_cfm(conn, ev->status);
3031 hci_conn_drop(conn);
3033 hci_auth_cfm(conn, ev->status);
3035 hci_conn_hold(conn);
3036 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3037 hci_conn_drop(conn);
3041 hci_dev_unlock(hdev);
3044 static u8 hci_get_auth_req(struct hci_conn *conn)
3046 /* If remote requests dedicated bonding follow that lead */
3047 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3048 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3049 /* If both remote and local IO capabilities allow MITM
3050 * protection then require it, otherwise don't */
3051 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3052 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3053 return HCI_AT_DEDICATED_BONDING;
3055 return HCI_AT_DEDICATED_BONDING_MITM;
3058 /* If remote requests no-bonding follow that lead */
3059 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3060 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3061 return conn->remote_auth | (conn->auth_type & 0x01);
3063 return conn->auth_type;
3066 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3068 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3069 struct hci_conn *conn;
3071 BT_DBG("%s", hdev->name);
3075 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3079 hci_conn_hold(conn);
3081 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3084 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3085 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3086 struct hci_cp_io_capability_reply cp;
3088 bacpy(&cp.bdaddr, &ev->bdaddr);
3089 /* Change the IO capability from KeyboardDisplay
3090 * to DisplayYesNo as it is not supported by BT spec. */
3091 cp.capability = (conn->io_capability == 0x04) ?
3092 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3093 conn->auth_type = hci_get_auth_req(conn);
3094 cp.authentication = conn->auth_type;
3096 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3097 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3102 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3105 struct hci_cp_io_capability_neg_reply cp;
3107 bacpy(&cp.bdaddr, &ev->bdaddr);
3108 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3110 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3115 hci_dev_unlock(hdev);
3118 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3120 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3121 struct hci_conn *conn;
3123 BT_DBG("%s", hdev->name);
3127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3131 conn->remote_cap = ev->capability;
3132 conn->remote_auth = ev->authentication;
3134 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3137 hci_dev_unlock(hdev);
3140 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3141 struct sk_buff *skb)
3143 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3144 int loc_mitm, rem_mitm, confirm_hint = 0;
3145 struct hci_conn *conn;
3147 BT_DBG("%s", hdev->name);
3151 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 loc_mitm = (conn->auth_type & 0x01);
3159 rem_mitm = (conn->remote_auth & 0x01);
3161 /* If we require MITM but the remote device can't provide that
3162 * (it has NoInputNoOutput) then reject the confirmation
3163 * request. The only exception is when we're dedicated bonding
3164 * initiators (connect_cfm_cb set) since then we always have the MITM
3166 if (!conn->connect_cfm_cb && loc_mitm &&
3167 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3168 BT_DBG("Rejecting request: remote device can't provide MITM");
3169 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3170 sizeof(ev->bdaddr), &ev->bdaddr);
3174 /* If no side requires MITM protection; auto-accept */
3175 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3176 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3178 /* If we're not the initiators request authorization to
3179 * proceed from user space (mgmt_user_confirm with
3180 * confirm_hint set to 1). */
3181 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3182 BT_DBG("Confirming auto-accept as acceptor");
3187 BT_DBG("Auto-accept of user confirmation with %ums delay",
3188 hdev->auto_accept_delay);
3190 if (hdev->auto_accept_delay > 0) {
3191 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3192 queue_delayed_work(conn->hdev->workqueue,
3193 &conn->auto_accept_work, delay);
3197 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3198 sizeof(ev->bdaddr), &ev->bdaddr);
3203 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3207 hci_dev_unlock(hdev);
3210 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3211 struct sk_buff *skb)
3213 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3215 BT_DBG("%s", hdev->name);
3217 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3218 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3221 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3222 struct sk_buff *skb)
3224 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3225 struct hci_conn *conn;
3227 BT_DBG("%s", hdev->name);
3229 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3233 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3234 conn->passkey_entered = 0;
3236 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3237 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3238 conn->dst_type, conn->passkey_notify,
3239 conn->passkey_entered);
3242 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3244 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3245 struct hci_conn *conn;
3247 BT_DBG("%s", hdev->name);
3249 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3254 case HCI_KEYPRESS_STARTED:
3255 conn->passkey_entered = 0;
3258 case HCI_KEYPRESS_ENTERED:
3259 conn->passkey_entered++;
3262 case HCI_KEYPRESS_ERASED:
3263 conn->passkey_entered--;
3266 case HCI_KEYPRESS_CLEARED:
3267 conn->passkey_entered = 0;
3270 case HCI_KEYPRESS_COMPLETED:
3274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3275 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3276 conn->dst_type, conn->passkey_notify,
3277 conn->passkey_entered);
3280 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3281 struct sk_buff *skb)
3283 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3284 struct hci_conn *conn;
3286 BT_DBG("%s", hdev->name);
3290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3294 /* To avoid duplicate auth_failed events to user space we check
3295 * the HCI_CONN_AUTH_PEND flag which will be set if we
3296 * initiated the authentication. A traditional auth_complete
3297 * event gets always produced as initiator and is also mapped to
3298 * the mgmt_auth_failed event */
3299 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3300 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3303 hci_conn_drop(conn);
3306 hci_dev_unlock(hdev);
3309 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3310 struct sk_buff *skb)
3312 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3313 struct inquiry_entry *ie;
3314 struct hci_conn *conn;
3316 BT_DBG("%s", hdev->name);
3320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3322 memcpy(conn->features[1], ev->features, 8);
3324 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3326 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3328 hci_dev_unlock(hdev);
3331 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3332 struct sk_buff *skb)
3334 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3335 struct oob_data *data;
3337 BT_DBG("%s", hdev->name);
3341 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3344 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3346 struct hci_cp_remote_oob_data_reply cp;
3348 bacpy(&cp.bdaddr, &ev->bdaddr);
3349 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3350 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3352 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3355 struct hci_cp_remote_oob_data_neg_reply cp;
3357 bacpy(&cp.bdaddr, &ev->bdaddr);
3358 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3363 hci_dev_unlock(hdev);
3366 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3367 struct sk_buff *skb)
3369 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3370 struct hci_conn *hcon, *bredr_hcon;
3372 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3377 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3379 hci_dev_unlock(hdev);
3385 hci_dev_unlock(hdev);
3389 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3391 hcon->state = BT_CONNECTED;
3392 bacpy(&hcon->dst, &bredr_hcon->dst);
3394 hci_conn_hold(hcon);
3395 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3396 hci_conn_drop(hcon);
3398 hci_conn_add_sysfs(hcon);
3400 amp_physical_cfm(bredr_hcon, hcon);
3402 hci_dev_unlock(hdev);
3405 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3407 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3408 struct hci_conn *hcon;
3409 struct hci_chan *hchan;
3410 struct amp_mgr *mgr;
3412 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3413 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3416 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3420 /* Create AMP hchan */
3421 hchan = hci_chan_create(hcon);
3425 hchan->handle = le16_to_cpu(ev->handle);
3427 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3429 mgr = hcon->amp_mgr;
3430 if (mgr && mgr->bredr_chan) {
3431 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3433 l2cap_chan_lock(bredr_chan);
3435 bredr_chan->conn->mtu = hdev->block_mtu;
3436 l2cap_logical_cfm(bredr_chan, hchan, 0);
3437 hci_conn_hold(hcon);
3439 l2cap_chan_unlock(bredr_chan);
3443 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3444 struct sk_buff *skb)
3446 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3447 struct hci_chan *hchan;
3449 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3450 le16_to_cpu(ev->handle), ev->status);
3457 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3461 amp_destroy_logical_link(hchan, ev->reason);
3464 hci_dev_unlock(hdev);
3467 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3468 struct sk_buff *skb)
3470 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3471 struct hci_conn *hcon;
3473 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3480 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3482 hcon->state = BT_CLOSED;
3486 hci_dev_unlock(hdev);
3489 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3491 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3492 struct hci_conn *conn;
3494 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3498 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3500 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3502 BT_ERR("No memory for new connection");
3506 conn->dst_type = ev->bdaddr_type;
3508 /* The advertising parameters for own address type
3509 * define which source address and source address
3510 * type this connections has.
3512 if (bacmp(&conn->src, BDADDR_ANY)) {
3513 conn->src_type = ADDR_LE_DEV_PUBLIC;
3515 bacpy(&conn->src, &hdev->static_addr);
3516 conn->src_type = ADDR_LE_DEV_RANDOM;
3519 if (ev->role == LE_CONN_ROLE_MASTER) {
3521 conn->link_mode |= HCI_LM_MASTER;
3526 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3527 conn->dst_type, ev->status);
3528 hci_proto_connect_cfm(conn, ev->status);
3529 conn->state = BT_CLOSED;
3534 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3535 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3536 conn->dst_type, 0, NULL, 0, NULL);
3538 conn->sec_level = BT_SECURITY_LOW;
3539 conn->handle = __le16_to_cpu(ev->handle);
3540 conn->state = BT_CONNECTED;
3542 hci_conn_add_sysfs(conn);
3544 hci_proto_connect_cfm(conn, ev->status);
3547 hci_dev_unlock(hdev);
3550 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3552 u8 num_reports = skb->data[0];
3553 void *ptr = &skb->data[1];
3556 while (num_reports--) {
3557 struct hci_ev_le_advertising_info *ev = ptr;
3559 rssi = ev->data[ev->length];
3560 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3561 NULL, rssi, 0, 1, ev->data, ev->length);
3563 ptr += sizeof(*ev) + ev->length + 1;
3567 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3569 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3570 struct hci_cp_le_ltk_reply cp;
3571 struct hci_cp_le_ltk_neg_reply neg;
3572 struct hci_conn *conn;
3573 struct smp_ltk *ltk;
3575 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3579 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3583 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3587 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3588 cp.handle = cpu_to_le16(conn->handle);
3590 if (ltk->authenticated)
3591 conn->pending_sec_level = BT_SECURITY_HIGH;
3593 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3595 conn->enc_key_size = ltk->enc_size;
3597 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3599 if (ltk->type & HCI_SMP_STK) {
3600 list_del(<k->list);
3604 hci_dev_unlock(hdev);
3609 neg.handle = ev->handle;
3610 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3611 hci_dev_unlock(hdev);
3614 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3616 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3618 skb_pull(skb, sizeof(*le_ev));
3620 switch (le_ev->subevent) {
3621 case HCI_EV_LE_CONN_COMPLETE:
3622 hci_le_conn_complete_evt(hdev, skb);
3625 case HCI_EV_LE_ADVERTISING_REPORT:
3626 hci_le_adv_report_evt(hdev, skb);
3629 case HCI_EV_LE_LTK_REQ:
3630 hci_le_ltk_request_evt(hdev, skb);
3638 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3640 struct hci_ev_channel_selected *ev = (void *) skb->data;
3641 struct hci_conn *hcon;
3643 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3645 skb_pull(skb, sizeof(*ev));
3647 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3651 amp_read_loc_assoc_final_data(hdev, hcon);
3654 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3656 struct hci_event_hdr *hdr = (void *) skb->data;
3657 __u8 event = hdr->evt;
3661 /* Received events are (currently) only needed when a request is
3662 * ongoing so avoid unnecessary memory allocation.
3664 if (hdev->req_status == HCI_REQ_PEND) {
3665 kfree_skb(hdev->recv_evt);
3666 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3669 hci_dev_unlock(hdev);
3671 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3673 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3674 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3675 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3677 hci_req_cmd_complete(hdev, opcode, 0);
3681 case HCI_EV_INQUIRY_COMPLETE:
3682 hci_inquiry_complete_evt(hdev, skb);
3685 case HCI_EV_INQUIRY_RESULT:
3686 hci_inquiry_result_evt(hdev, skb);
3689 case HCI_EV_CONN_COMPLETE:
3690 hci_conn_complete_evt(hdev, skb);
3693 case HCI_EV_CONN_REQUEST:
3694 hci_conn_request_evt(hdev, skb);
3697 case HCI_EV_DISCONN_COMPLETE:
3698 hci_disconn_complete_evt(hdev, skb);
3701 case HCI_EV_AUTH_COMPLETE:
3702 hci_auth_complete_evt(hdev, skb);
3705 case HCI_EV_REMOTE_NAME:
3706 hci_remote_name_evt(hdev, skb);
3709 case HCI_EV_ENCRYPT_CHANGE:
3710 hci_encrypt_change_evt(hdev, skb);
3713 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3714 hci_change_link_key_complete_evt(hdev, skb);
3717 case HCI_EV_REMOTE_FEATURES:
3718 hci_remote_features_evt(hdev, skb);
3721 case HCI_EV_CMD_COMPLETE:
3722 hci_cmd_complete_evt(hdev, skb);
3725 case HCI_EV_CMD_STATUS:
3726 hci_cmd_status_evt(hdev, skb);
3729 case HCI_EV_ROLE_CHANGE:
3730 hci_role_change_evt(hdev, skb);
3733 case HCI_EV_NUM_COMP_PKTS:
3734 hci_num_comp_pkts_evt(hdev, skb);
3737 case HCI_EV_MODE_CHANGE:
3738 hci_mode_change_evt(hdev, skb);
3741 case HCI_EV_PIN_CODE_REQ:
3742 hci_pin_code_request_evt(hdev, skb);
3745 case HCI_EV_LINK_KEY_REQ:
3746 hci_link_key_request_evt(hdev, skb);
3749 case HCI_EV_LINK_KEY_NOTIFY:
3750 hci_link_key_notify_evt(hdev, skb);
3753 case HCI_EV_CLOCK_OFFSET:
3754 hci_clock_offset_evt(hdev, skb);
3757 case HCI_EV_PKT_TYPE_CHANGE:
3758 hci_pkt_type_change_evt(hdev, skb);
3761 case HCI_EV_PSCAN_REP_MODE:
3762 hci_pscan_rep_mode_evt(hdev, skb);
3765 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3766 hci_inquiry_result_with_rssi_evt(hdev, skb);
3769 case HCI_EV_REMOTE_EXT_FEATURES:
3770 hci_remote_ext_features_evt(hdev, skb);
3773 case HCI_EV_SYNC_CONN_COMPLETE:
3774 hci_sync_conn_complete_evt(hdev, skb);
3777 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3778 hci_extended_inquiry_result_evt(hdev, skb);
3781 case HCI_EV_KEY_REFRESH_COMPLETE:
3782 hci_key_refresh_complete_evt(hdev, skb);
3785 case HCI_EV_IO_CAPA_REQUEST:
3786 hci_io_capa_request_evt(hdev, skb);
3789 case HCI_EV_IO_CAPA_REPLY:
3790 hci_io_capa_reply_evt(hdev, skb);
3793 case HCI_EV_USER_CONFIRM_REQUEST:
3794 hci_user_confirm_request_evt(hdev, skb);
3797 case HCI_EV_USER_PASSKEY_REQUEST:
3798 hci_user_passkey_request_evt(hdev, skb);
3801 case HCI_EV_USER_PASSKEY_NOTIFY:
3802 hci_user_passkey_notify_evt(hdev, skb);
3805 case HCI_EV_KEYPRESS_NOTIFY:
3806 hci_keypress_notify_evt(hdev, skb);
3809 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3810 hci_simple_pair_complete_evt(hdev, skb);
3813 case HCI_EV_REMOTE_HOST_FEATURES:
3814 hci_remote_host_features_evt(hdev, skb);
3817 case HCI_EV_LE_META:
3818 hci_le_meta_evt(hdev, skb);
3821 case HCI_EV_CHANNEL_SELECTED:
3822 hci_chan_selected_evt(hdev, skb);
3825 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3826 hci_remote_oob_data_request_evt(hdev, skb);
3829 case HCI_EV_PHY_LINK_COMPLETE:
3830 hci_phy_link_complete_evt(hdev, skb);
3833 case HCI_EV_LOGICAL_LINK_COMPLETE:
3834 hci_loglink_complete_evt(hdev, skb);
3837 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3838 hci_disconn_loglink_complete_evt(hdev, skb);
3841 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3842 hci_disconn_phylink_complete_evt(hdev, skb);
3845 case HCI_EV_NUM_COMP_BLOCKS:
3846 hci_num_comp_blocks_evt(hdev, skb);
3850 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3855 hdev->stat.evt_rx++;