2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/a2mp.h>
34 #include <net/bluetooth/amp.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 mgmt_stop_discovery_failed(hdev, status);
51 clear_bit(HCI_INQUIRY, &hdev->flags);
54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
59 hci_conn_check_pending(hdev);
62 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
64 __u8 status = *((__u8 *) skb->data);
66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
74 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
76 __u8 status = *((__u8 *) skb->data);
78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
91 BT_DBG("%s", hdev->name);
94 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
109 conn->link_mode &= ~HCI_LM_MASTER;
111 conn->link_mode |= HCI_LM_MASTER;
114 hci_dev_unlock(hdev);
117 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 conn->link_policy = __le16_to_cpu(rp->policy);
133 hci_dev_unlock(hdev);
136 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
155 conn->link_policy = get_unaligned_le16(sent + 2);
157 hci_dev_unlock(hdev);
160 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
170 hdev->link_policy = __le16_to_cpu(rp->policy);
173 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
176 __u8 status = *((__u8 *) skb->data);
179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
191 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
193 __u8 status = *((__u8 *) skb->data);
195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
197 clear_bit(HCI_RESET, &hdev->flags);
199 hci_req_complete(hdev, HCI_OP_RESET, status);
201 /* Reset all non-persistent flags */
202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
205 hdev->discovery.state = DISCOVERY_STOPPED;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 __u8 param = *((__u8 *) sent);
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
261 clear_bit(HCI_AUTH, &hdev->flags);
264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
293 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 param = *((__u8 *) sent);
310 mgmt_write_scan_failed(hdev, param, status);
311 hdev->discov_timeout = 0;
315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
321 mgmt_discoverable(hdev, 1);
322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
327 } else if (old_iscan)
328 mgmt_discoverable(hdev, 0);
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
333 mgmt_connectable(hdev, 1);
334 } else if (old_pscan)
335 mgmt_connectable(hdev, 0);
338 hci_dev_unlock(hdev);
339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
342 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
351 memcpy(hdev->dev_class, rp->dev_class, 3);
353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
357 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
359 __u8 status = *((__u8 *) skb->data);
362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
371 memcpy(hdev->dev_class, sent, 3);
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
376 hci_dev_unlock(hdev);
379 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
389 setting = __le16_to_cpu(rp->voice_setting);
391 if (hdev->voice_setting == setting)
394 hdev->voice_setting = setting;
396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 __u8 status = *((__u8 *) skb->data);
409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
418 setting = get_unaligned_le16(sent);
420 if (hdev->voice_setting == setting)
423 hdev->voice_setting = setting;
425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
431 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
433 __u8 status = *((__u8 *) skb->data);
435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
440 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
442 __u8 status = *((__u8 *) skb->data);
445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
463 if (hdev->features[6] & LMP_EXT_INQ)
466 if (hdev->features[3] & LMP_RSSI_INQ)
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
470 hdev->lmp_subver == 0x0757)
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
483 hdev->lmp_subver == 0x1805)
489 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
493 mode = hci_get_inquiry_mode(hdev);
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
498 static void hci_setup_event_mask(struct hci_dev *hdev)
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
510 events[4] |= 0x01; /* Flow Specification Complete */
511 events[4] |= 0x02; /* Inquiry Result with RSSI */
512 events[4] |= 0x04; /* Read Remote Extended Features Complete */
513 events[5] |= 0x08; /* Synchronous Connection Complete */
514 events[5] |= 0x10; /* Synchronous Connection Changed */
516 if (hdev->features[3] & LMP_RSSI_INQ)
517 events[4] |= 0x02; /* Inquiry Result with RSSI */
519 if (lmp_sniffsubr_capable(hdev))
520 events[5] |= 0x20; /* Sniff Subrating */
522 if (hdev->features[5] & LMP_PAUSE_ENC)
523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
525 if (hdev->features[6] & LMP_EXT_INQ)
526 events[5] |= 0x40; /* Extended Inquiry Result */
528 if (lmp_no_flush_capable(hdev))
529 events[7] |= 0x01; /* Enhanced Flush Complete */
531 if (hdev->features[7] & LMP_LSTO)
532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
534 if (lmp_ssp_capable(hdev)) {
535 events[6] |= 0x01; /* IO Capability Request */
536 events[6] |= 0x02; /* IO Capability Response */
537 events[6] |= 0x04; /* User Confirmation Request */
538 events[6] |= 0x08; /* User Passkey Request */
539 events[6] |= 0x10; /* Remote OOB Data Request */
540 events[6] |= 0x20; /* Simple Pairing Complete */
541 events[7] |= 0x04; /* User Passkey Notification */
542 events[7] |= 0x08; /* Keypress Notification */
543 events[7] |= 0x10; /* Remote Host Supported
544 * Features Notification */
547 if (lmp_le_capable(hdev))
548 events[7] |= 0x20; /* LE Meta-Event */
550 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
553 static void hci_setup(struct hci_dev *hdev)
555 if (hdev->dev_type != HCI_BREDR)
558 hci_setup_event_mask(hdev);
560 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
561 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
563 if (lmp_ssp_capable(hdev)) {
564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
567 sizeof(mode), &mode);
569 struct hci_cp_write_eir cp;
571 memset(hdev->eir, 0, sizeof(hdev->eir));
572 memset(&cp, 0, sizeof(cp));
574 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
578 if (hdev->features[3] & LMP_RSSI_INQ)
579 hci_setup_inquiry_mode(hdev);
581 if (hdev->features[7] & LMP_INQ_TX_PWR)
582 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
584 if (hdev->features[7] & LMP_EXTFEATURES) {
585 struct hci_cp_read_local_ext_features cp;
588 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
592 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
594 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
599 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
601 struct hci_rp_read_local_version *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
608 hdev->hci_ver = rp->hci_ver;
609 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
610 hdev->lmp_ver = rp->lmp_ver;
611 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
612 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
614 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
615 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
617 if (test_bit(HCI_INIT, &hdev->flags))
621 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
624 static void hci_setup_link_policy(struct hci_dev *hdev)
626 struct hci_cp_write_def_link_policy cp;
629 if (lmp_rswitch_capable(hdev))
630 link_policy |= HCI_LP_RSWITCH;
631 if (hdev->features[0] & LMP_HOLD)
632 link_policy |= HCI_LP_HOLD;
633 if (lmp_sniff_capable(hdev))
634 link_policy |= HCI_LP_SNIFF;
635 if (hdev->features[1] & LMP_PARK)
636 link_policy |= HCI_LP_PARK;
638 cp.policy = cpu_to_le16(link_policy);
639 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
642 static void hci_cc_read_local_commands(struct hci_dev *hdev,
645 struct hci_rp_read_local_commands *rp = (void *) skb->data;
647 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
654 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
655 hci_setup_link_policy(hdev);
658 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
661 static void hci_cc_read_local_features(struct hci_dev *hdev,
664 struct hci_rp_read_local_features *rp = (void *) skb->data;
666 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
671 memcpy(hdev->features, rp->features, 8);
673 /* Adjust default settings according to features
674 * supported by device. */
676 if (hdev->features[0] & LMP_3SLOT)
677 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
679 if (hdev->features[0] & LMP_5SLOT)
680 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
682 if (hdev->features[1] & LMP_HV2) {
683 hdev->pkt_type |= (HCI_HV2);
684 hdev->esco_type |= (ESCO_HV2);
687 if (hdev->features[1] & LMP_HV3) {
688 hdev->pkt_type |= (HCI_HV3);
689 hdev->esco_type |= (ESCO_HV3);
692 if (lmp_esco_capable(hdev))
693 hdev->esco_type |= (ESCO_EV3);
695 if (hdev->features[4] & LMP_EV4)
696 hdev->esco_type |= (ESCO_EV4);
698 if (hdev->features[4] & LMP_EV5)
699 hdev->esco_type |= (ESCO_EV5);
701 if (hdev->features[5] & LMP_EDR_ESCO_2M)
702 hdev->esco_type |= (ESCO_2EV3);
704 if (hdev->features[5] & LMP_EDR_ESCO_3M)
705 hdev->esco_type |= (ESCO_3EV3);
707 if (hdev->features[5] & LMP_EDR_3S_ESCO)
708 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
710 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
711 hdev->features[0], hdev->features[1],
712 hdev->features[2], hdev->features[3],
713 hdev->features[4], hdev->features[5],
714 hdev->features[6], hdev->features[7]);
717 static void hci_set_le_support(struct hci_dev *hdev)
719 struct hci_cp_write_le_host_supported cp;
721 memset(&cp, 0, sizeof(cp));
723 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
725 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
728 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
729 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
733 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
736 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
745 memcpy(hdev->features, rp->features, 8);
748 memcpy(hdev->host_features, rp->features, 8);
752 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
753 hci_set_le_support(hdev);
756 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
759 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
762 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 hdev->flow_ctl_mode = rp->mode;
771 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
774 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
776 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
778 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
783 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
784 hdev->sco_mtu = rp->sco_mtu;
785 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
786 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
788 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
793 hdev->acl_cnt = hdev->acl_pkts;
794 hdev->sco_cnt = hdev->sco_pkts;
796 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
797 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
800 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
802 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
804 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
807 bacpy(&hdev->bdaddr, &rp->bdaddr);
809 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
812 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
815 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
817 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
822 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
823 hdev->block_len = __le16_to_cpu(rp->block_len);
824 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
826 hdev->block_cnt = hdev->num_blocks;
828 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
829 hdev->block_cnt, hdev->block_len);
831 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
834 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
836 __u8 status = *((__u8 *) skb->data);
838 BT_DBG("%s status 0x%2.2x", hdev->name, status);
840 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
843 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
846 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
853 hdev->amp_status = rp->amp_status;
854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
855 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
856 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
857 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
858 hdev->amp_type = rp->amp_type;
859 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
860 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
861 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
867 a2mp_send_getinfo_rsp(hdev);
870 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
885 if (rem_len > frag_len) {
886 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
904 a2mp_send_create_phy_link_req(hdev, rp->status);
907 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
910 __u8 status = *((__u8 *) skb->data);
912 BT_DBG("%s status 0x%2.2x", hdev->name, status);
914 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
917 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
919 __u8 status = *((__u8 *) skb->data);
921 BT_DBG("%s status 0x%2.2x", hdev->name, status);
923 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
926 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
929 __u8 status = *((__u8 *) skb->data);
931 BT_DBG("%s status 0x%2.2x", hdev->name, status);
933 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
936 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
939 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
944 hdev->inq_tx_power = rp->tx_power;
946 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
949 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
951 __u8 status = *((__u8 *) skb->data);
953 BT_DBG("%s status 0x%2.2x", hdev->name, status);
955 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
958 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
960 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
961 struct hci_cp_pin_code_reply *cp;
962 struct hci_conn *conn;
964 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
968 if (test_bit(HCI_MGMT, &hdev->dev_flags))
969 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
974 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
980 conn->pin_length = cp->pin_len;
983 hci_dev_unlock(hdev);
986 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
988 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
995 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
998 hci_dev_unlock(hdev);
1001 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1004 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1006 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1011 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1012 hdev->le_pkts = rp->le_max_pkt;
1014 hdev->le_cnt = hdev->le_pkts;
1016 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1018 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1021 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1025 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1029 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1030 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1033 hci_dev_unlock(hdev);
1036 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1041 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1045 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1046 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1047 ACL_LINK, 0, rp->status);
1049 hci_dev_unlock(hdev);
1052 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1054 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1056 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1060 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1061 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1064 hci_dev_unlock(hdev);
1067 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1070 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1072 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1076 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1077 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1078 ACL_LINK, 0, rp->status);
1080 hci_dev_unlock(hdev);
1083 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1084 struct sk_buff *skb)
1086 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1088 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1092 rp->randomizer, rp->status);
1093 hci_dev_unlock(hdev);
1096 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1098 __u8 status = *((__u8 *) skb->data);
1100 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1102 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1106 mgmt_start_discovery_failed(hdev, status);
1107 hci_dev_unlock(hdev);
1112 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1113 struct sk_buff *skb)
1115 struct hci_cp_le_set_scan_enable *cp;
1116 __u8 status = *((__u8 *) skb->data);
1118 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1120 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1124 switch (cp->enable) {
1125 case LE_SCANNING_ENABLED:
1126 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1130 mgmt_start_discovery_failed(hdev, status);
1131 hci_dev_unlock(hdev);
1135 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1138 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1139 hci_dev_unlock(hdev);
1142 case LE_SCANNING_DISABLED:
1145 mgmt_stop_discovery_failed(hdev, status);
1146 hci_dev_unlock(hdev);
1150 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1152 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1153 hdev->discovery.state == DISCOVERY_FINDING) {
1154 mgmt_interleaved_discovery(hdev);
1157 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1158 hci_dev_unlock(hdev);
1164 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1169 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1171 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1173 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1178 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1181 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1183 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1190 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1193 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1194 struct sk_buff *skb)
1196 struct hci_cp_write_le_host_supported *sent;
1197 __u8 status = *((__u8 *) skb->data);
1199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1201 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1207 hdev->host_features[0] |= LMP_HOST_LE;
1209 hdev->host_features[0] &= ~LMP_HOST_LE;
1212 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1213 !test_bit(HCI_INIT, &hdev->flags))
1214 mgmt_le_enable_complete(hdev, sent->le, status);
1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1219 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1233 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1238 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1239 hci_conn_check_pending(hdev);
1241 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1242 mgmt_start_discovery_failed(hdev, status);
1243 hci_dev_unlock(hdev);
1247 set_bit(HCI_INQUIRY, &hdev->flags);
1250 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1251 hci_dev_unlock(hdev);
1254 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1256 struct hci_cp_create_conn *cp;
1257 struct hci_conn *conn;
1259 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1261 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1269 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1272 if (conn && conn->state == BT_CONNECT) {
1273 if (status != 0x0c || conn->attempt > 2) {
1274 conn->state = BT_CLOSED;
1275 hci_proto_connect_cfm(conn, status);
1278 conn->state = BT_CONNECT2;
1282 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1285 conn->link_mode |= HCI_LM_MASTER;
1287 BT_ERR("No memory for new connection");
1291 hci_dev_unlock(hdev);
1294 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1296 struct hci_cp_add_sco *cp;
1297 struct hci_conn *acl, *sco;
1300 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1309 handle = __le16_to_cpu(cp->handle);
1311 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1315 acl = hci_conn_hash_lookup_handle(hdev, handle);
1319 sco->state = BT_CLOSED;
1321 hci_proto_connect_cfm(sco, status);
1326 hci_dev_unlock(hdev);
1329 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1331 struct hci_cp_auth_requested *cp;
1332 struct hci_conn *conn;
1334 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1339 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347 if (conn->state == BT_CONFIG) {
1348 hci_proto_connect_cfm(conn, status);
1353 hci_dev_unlock(hdev);
1356 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1358 struct hci_cp_set_conn_encrypt *cp;
1359 struct hci_conn *conn;
1361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1366 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1372 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1374 if (conn->state == BT_CONFIG) {
1375 hci_proto_connect_cfm(conn, status);
1380 hci_dev_unlock(hdev);
1383 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1384 struct hci_conn *conn)
1386 if (conn->state != BT_CONFIG || !conn->out)
1389 if (conn->pending_sec_level == BT_SECURITY_SDP)
1392 /* Only request authentication for SSP connections or non-SSP
1393 * devices with sec_level HIGH or if MITM protection is requested */
1394 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1395 conn->pending_sec_level != BT_SECURITY_HIGH)
1401 static int hci_resolve_name(struct hci_dev *hdev,
1402 struct inquiry_entry *e)
1404 struct hci_cp_remote_name_req cp;
1406 memset(&cp, 0, sizeof(cp));
1408 bacpy(&cp.bdaddr, &e->data.bdaddr);
1409 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1410 cp.pscan_mode = e->data.pscan_mode;
1411 cp.clock_offset = e->data.clock_offset;
1413 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1416 static bool hci_resolve_next_name(struct hci_dev *hdev)
1418 struct discovery_state *discov = &hdev->discovery;
1419 struct inquiry_entry *e;
1421 if (list_empty(&discov->resolve))
1424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1428 if (hci_resolve_name(hdev, e) == 0) {
1429 e->name_state = NAME_PENDING;
1436 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1437 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1439 struct discovery_state *discov = &hdev->discovery;
1440 struct inquiry_entry *e;
1442 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1443 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1444 name_len, conn->dev_class);
1446 if (discov->state == DISCOVERY_STOPPED)
1449 if (discov->state == DISCOVERY_STOPPING)
1450 goto discov_complete;
1452 if (discov->state != DISCOVERY_RESOLVING)
1455 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1456 /* If the device was not found in a list of found devices names of which
1457 * are pending. there is no need to continue resolving a next name as it
1458 * will be done upon receiving another Remote Name Request Complete
1465 e->name_state = NAME_KNOWN;
1466 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1467 e->data.rssi, name, name_len);
1469 e->name_state = NAME_NOT_KNOWN;
1472 if (hci_resolve_next_name(hdev))
1476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1479 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1481 struct hci_cp_remote_name_req *cp;
1482 struct hci_conn *conn;
1484 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1486 /* If successful wait for the name req complete event before
1487 * checking for the need to do authentication */
1491 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1497 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1499 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1500 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1505 if (!hci_outgoing_auth_needed(hdev, conn))
1508 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1509 struct hci_cp_auth_requested cp;
1510 cp.handle = __cpu_to_le16(conn->handle);
1511 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1515 hci_dev_unlock(hdev);
1518 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1520 struct hci_cp_read_remote_features *cp;
1521 struct hci_conn *conn;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1536 if (conn->state == BT_CONFIG) {
1537 hci_proto_connect_cfm(conn, status);
1542 hci_dev_unlock(hdev);
1545 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1547 struct hci_cp_read_remote_ext_features *cp;
1548 struct hci_conn *conn;
1550 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1555 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1561 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1563 if (conn->state == BT_CONFIG) {
1564 hci_proto_connect_cfm(conn, status);
1569 hci_dev_unlock(hdev);
1572 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1574 struct hci_cp_setup_sync_conn *cp;
1575 struct hci_conn *acl, *sco;
1578 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1583 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1587 handle = __le16_to_cpu(cp->handle);
1589 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1593 acl = hci_conn_hash_lookup_handle(hdev, handle);
1597 sco->state = BT_CLOSED;
1599 hci_proto_connect_cfm(sco, status);
1604 hci_dev_unlock(hdev);
1607 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1609 struct hci_cp_sniff_mode *cp;
1610 struct hci_conn *conn;
1612 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1617 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1623 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1625 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1627 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1628 hci_sco_setup(conn, status);
1631 hci_dev_unlock(hdev);
1634 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1636 struct hci_cp_exit_sniff_mode *cp;
1637 struct hci_conn *conn;
1639 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1644 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1650 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1652 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1654 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1655 hci_sco_setup(conn, status);
1658 hci_dev_unlock(hdev);
1661 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1663 struct hci_cp_disconnect *cp;
1664 struct hci_conn *conn;
1669 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1675 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1677 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1678 conn->dst_type, status);
1680 hci_dev_unlock(hdev);
1683 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1685 struct hci_conn *conn;
1687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1692 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1694 hci_dev_unlock(hdev);
1698 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1700 conn->state = BT_CLOSED;
1701 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1702 conn->dst_type, status);
1703 hci_proto_connect_cfm(conn, status);
1706 hci_dev_unlock(hdev);
1710 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1712 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1715 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1717 struct hci_cp_create_phy_link *cp;
1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1728 amp_write_remote_assoc(hdev, cp->phy_handle);
1731 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1733 struct hci_cp_accept_phy_link *cp;
1735 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1744 amp_write_remote_assoc(hdev, cp->phy_handle);
1747 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1749 __u8 status = *((__u8 *) skb->data);
1750 struct discovery_state *discov = &hdev->discovery;
1751 struct inquiry_entry *e;
1753 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1755 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1757 hci_conn_check_pending(hdev);
1759 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1762 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1767 if (discov->state != DISCOVERY_FINDING)
1770 if (list_empty(&discov->resolve)) {
1771 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1775 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1776 if (e && hci_resolve_name(hdev, e) == 0) {
1777 e->name_state = NAME_PENDING;
1778 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1780 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1784 hci_dev_unlock(hdev);
1787 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1789 struct inquiry_data data;
1790 struct inquiry_info *info = (void *) (skb->data + 1);
1791 int num_rsp = *((__u8 *) skb->data);
1793 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1798 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1803 for (; num_rsp; num_rsp--, info++) {
1804 bool name_known, ssp;
1806 bacpy(&data.bdaddr, &info->bdaddr);
1807 data.pscan_rep_mode = info->pscan_rep_mode;
1808 data.pscan_period_mode = info->pscan_period_mode;
1809 data.pscan_mode = info->pscan_mode;
1810 memcpy(data.dev_class, info->dev_class, 3);
1811 data.clock_offset = info->clock_offset;
1813 data.ssp_mode = 0x00;
1815 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1816 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1817 info->dev_class, 0, !name_known, ssp, NULL,
1821 hci_dev_unlock(hdev);
1824 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1826 struct hci_ev_conn_complete *ev = (void *) skb->data;
1827 struct hci_conn *conn;
1829 BT_DBG("%s", hdev->name);
1833 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1835 if (ev->link_type != SCO_LINK)
1838 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1842 conn->type = SCO_LINK;
1846 conn->handle = __le16_to_cpu(ev->handle);
1848 if (conn->type == ACL_LINK) {
1849 conn->state = BT_CONFIG;
1850 hci_conn_hold(conn);
1852 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1853 !hci_find_link_key(hdev, &ev->bdaddr))
1854 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1856 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1858 conn->state = BT_CONNECTED;
1860 hci_conn_hold_device(conn);
1861 hci_conn_add_sysfs(conn);
1863 if (test_bit(HCI_AUTH, &hdev->flags))
1864 conn->link_mode |= HCI_LM_AUTH;
1866 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1867 conn->link_mode |= HCI_LM_ENCRYPT;
1869 /* Get remote features */
1870 if (conn->type == ACL_LINK) {
1871 struct hci_cp_read_remote_features cp;
1872 cp.handle = ev->handle;
1873 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1877 /* Set packet type for incoming connection */
1878 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1879 struct hci_cp_change_conn_ptype cp;
1880 cp.handle = ev->handle;
1881 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1882 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1886 conn->state = BT_CLOSED;
1887 if (conn->type == ACL_LINK)
1888 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1889 conn->dst_type, ev->status);
1892 if (conn->type == ACL_LINK)
1893 hci_sco_setup(conn, ev->status);
1896 hci_proto_connect_cfm(conn, ev->status);
1898 } else if (ev->link_type != ACL_LINK)
1899 hci_proto_connect_cfm(conn, ev->status);
1902 hci_dev_unlock(hdev);
1904 hci_conn_check_pending(hdev);
1907 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1909 struct hci_ev_conn_request *ev = (void *) skb->data;
1910 int mask = hdev->link_mode;
1912 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1915 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1917 if ((mask & HCI_LM_ACCEPT) &&
1918 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1919 /* Connection accepted */
1920 struct inquiry_entry *ie;
1921 struct hci_conn *conn;
1925 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1927 memcpy(ie->data.dev_class, ev->dev_class, 3);
1929 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1932 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1934 BT_ERR("No memory for new connection");
1935 hci_dev_unlock(hdev);
1940 memcpy(conn->dev_class, ev->dev_class, 3);
1941 conn->state = BT_CONNECT;
1943 hci_dev_unlock(hdev);
1945 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1946 struct hci_cp_accept_conn_req cp;
1948 bacpy(&cp.bdaddr, &ev->bdaddr);
1950 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1951 cp.role = 0x00; /* Become master */
1953 cp.role = 0x01; /* Remain slave */
1955 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1958 struct hci_cp_accept_sync_conn_req cp;
1960 bacpy(&cp.bdaddr, &ev->bdaddr);
1961 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1963 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1964 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1965 cp.max_latency = __constant_cpu_to_le16(0xffff);
1966 cp.content_format = cpu_to_le16(hdev->voice_setting);
1967 cp.retrans_effort = 0xff;
1969 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1973 /* Connection rejected */
1974 struct hci_cp_reject_conn_req cp;
1976 bacpy(&cp.bdaddr, &ev->bdaddr);
1977 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1978 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1982 static u8 hci_to_mgmt_reason(u8 err)
1985 case HCI_ERROR_CONNECTION_TIMEOUT:
1986 return MGMT_DEV_DISCONN_TIMEOUT;
1987 case HCI_ERROR_REMOTE_USER_TERM:
1988 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1989 case HCI_ERROR_REMOTE_POWER_OFF:
1990 return MGMT_DEV_DISCONN_REMOTE;
1991 case HCI_ERROR_LOCAL_HOST_TERM:
1992 return MGMT_DEV_DISCONN_LOCAL_HOST;
1994 return MGMT_DEV_DISCONN_UNKNOWN;
1998 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2000 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2001 struct hci_conn *conn;
2003 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2007 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2011 if (ev->status == 0)
2012 conn->state = BT_CLOSED;
2014 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2015 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2017 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2018 conn->dst_type, ev->status);
2020 u8 reason = hci_to_mgmt_reason(ev->reason);
2022 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2023 conn->dst_type, reason);
2027 if (ev->status == 0) {
2028 if (conn->type == ACL_LINK && conn->flush_key)
2029 hci_remove_link_key(hdev, &conn->dst);
2030 hci_proto_disconn_cfm(conn, ev->reason);
2035 hci_dev_unlock(hdev);
2038 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2040 struct hci_ev_auth_complete *ev = (void *) skb->data;
2041 struct hci_conn *conn;
2043 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2047 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2052 if (!hci_conn_ssp_enabled(conn) &&
2053 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2054 BT_INFO("re-auth of legacy device is not possible.");
2056 conn->link_mode |= HCI_LM_AUTH;
2057 conn->sec_level = conn->pending_sec_level;
2060 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2064 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2065 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2067 if (conn->state == BT_CONFIG) {
2068 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2069 struct hci_cp_set_conn_encrypt cp;
2070 cp.handle = ev->handle;
2072 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2075 conn->state = BT_CONNECTED;
2076 hci_proto_connect_cfm(conn, ev->status);
2080 hci_auth_cfm(conn, ev->status);
2082 hci_conn_hold(conn);
2083 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2087 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2089 struct hci_cp_set_conn_encrypt cp;
2090 cp.handle = ev->handle;
2092 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2095 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2096 hci_encrypt_cfm(conn, ev->status, 0x00);
2101 hci_dev_unlock(hdev);
2104 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2106 struct hci_ev_remote_name *ev = (void *) skb->data;
2107 struct hci_conn *conn;
2109 BT_DBG("%s", hdev->name);
2111 hci_conn_check_pending(hdev);
2115 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2117 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2120 if (ev->status == 0)
2121 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2122 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2124 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2130 if (!hci_outgoing_auth_needed(hdev, conn))
2133 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2134 struct hci_cp_auth_requested cp;
2135 cp.handle = __cpu_to_le16(conn->handle);
2136 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2140 hci_dev_unlock(hdev);
2143 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2145 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2146 struct hci_conn *conn;
2148 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2156 /* Encryption implies authentication */
2157 conn->link_mode |= HCI_LM_AUTH;
2158 conn->link_mode |= HCI_LM_ENCRYPT;
2159 conn->sec_level = conn->pending_sec_level;
2161 conn->link_mode &= ~HCI_LM_ENCRYPT;
2164 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2166 if (ev->status && conn->state == BT_CONNECTED) {
2167 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2172 if (conn->state == BT_CONFIG) {
2174 conn->state = BT_CONNECTED;
2176 hci_proto_connect_cfm(conn, ev->status);
2179 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2183 hci_dev_unlock(hdev);
2186 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2187 struct sk_buff *skb)
2189 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2190 struct hci_conn *conn;
2192 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2196 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2199 conn->link_mode |= HCI_LM_SECURE;
2201 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2203 hci_key_change_cfm(conn, ev->status);
2206 hci_dev_unlock(hdev);
2209 static void hci_remote_features_evt(struct hci_dev *hdev,
2210 struct sk_buff *skb)
2212 struct hci_ev_remote_features *ev = (void *) skb->data;
2213 struct hci_conn *conn;
2215 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2219 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2224 memcpy(conn->features, ev->features, 8);
2226 if (conn->state != BT_CONFIG)
2229 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2230 struct hci_cp_read_remote_ext_features cp;
2231 cp.handle = ev->handle;
2233 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2238 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2239 struct hci_cp_remote_name_req cp;
2240 memset(&cp, 0, sizeof(cp));
2241 bacpy(&cp.bdaddr, &conn->dst);
2242 cp.pscan_rep_mode = 0x02;
2243 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2244 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2245 mgmt_device_connected(hdev, &conn->dst, conn->type,
2246 conn->dst_type, 0, NULL, 0,
2249 if (!hci_outgoing_auth_needed(hdev, conn)) {
2250 conn->state = BT_CONNECTED;
2251 hci_proto_connect_cfm(conn, ev->status);
2256 hci_dev_unlock(hdev);
2259 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2261 BT_DBG("%s", hdev->name);
2264 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2265 struct sk_buff *skb)
2267 BT_DBG("%s", hdev->name);
2270 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2272 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2275 skb_pull(skb, sizeof(*ev));
2277 opcode = __le16_to_cpu(ev->opcode);
2280 case HCI_OP_INQUIRY_CANCEL:
2281 hci_cc_inquiry_cancel(hdev, skb);
2284 case HCI_OP_PERIODIC_INQ:
2285 hci_cc_periodic_inq(hdev, skb);
2288 case HCI_OP_EXIT_PERIODIC_INQ:
2289 hci_cc_exit_periodic_inq(hdev, skb);
2292 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2293 hci_cc_remote_name_req_cancel(hdev, skb);
2296 case HCI_OP_ROLE_DISCOVERY:
2297 hci_cc_role_discovery(hdev, skb);
2300 case HCI_OP_READ_LINK_POLICY:
2301 hci_cc_read_link_policy(hdev, skb);
2304 case HCI_OP_WRITE_LINK_POLICY:
2305 hci_cc_write_link_policy(hdev, skb);
2308 case HCI_OP_READ_DEF_LINK_POLICY:
2309 hci_cc_read_def_link_policy(hdev, skb);
2312 case HCI_OP_WRITE_DEF_LINK_POLICY:
2313 hci_cc_write_def_link_policy(hdev, skb);
2317 hci_cc_reset(hdev, skb);
2320 case HCI_OP_WRITE_LOCAL_NAME:
2321 hci_cc_write_local_name(hdev, skb);
2324 case HCI_OP_READ_LOCAL_NAME:
2325 hci_cc_read_local_name(hdev, skb);
2328 case HCI_OP_WRITE_AUTH_ENABLE:
2329 hci_cc_write_auth_enable(hdev, skb);
2332 case HCI_OP_WRITE_ENCRYPT_MODE:
2333 hci_cc_write_encrypt_mode(hdev, skb);
2336 case HCI_OP_WRITE_SCAN_ENABLE:
2337 hci_cc_write_scan_enable(hdev, skb);
2340 case HCI_OP_READ_CLASS_OF_DEV:
2341 hci_cc_read_class_of_dev(hdev, skb);
2344 case HCI_OP_WRITE_CLASS_OF_DEV:
2345 hci_cc_write_class_of_dev(hdev, skb);
2348 case HCI_OP_READ_VOICE_SETTING:
2349 hci_cc_read_voice_setting(hdev, skb);
2352 case HCI_OP_WRITE_VOICE_SETTING:
2353 hci_cc_write_voice_setting(hdev, skb);
2356 case HCI_OP_HOST_BUFFER_SIZE:
2357 hci_cc_host_buffer_size(hdev, skb);
2360 case HCI_OP_WRITE_SSP_MODE:
2361 hci_cc_write_ssp_mode(hdev, skb);
2364 case HCI_OP_READ_LOCAL_VERSION:
2365 hci_cc_read_local_version(hdev, skb);
2368 case HCI_OP_READ_LOCAL_COMMANDS:
2369 hci_cc_read_local_commands(hdev, skb);
2372 case HCI_OP_READ_LOCAL_FEATURES:
2373 hci_cc_read_local_features(hdev, skb);
2376 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2377 hci_cc_read_local_ext_features(hdev, skb);
2380 case HCI_OP_READ_BUFFER_SIZE:
2381 hci_cc_read_buffer_size(hdev, skb);
2384 case HCI_OP_READ_BD_ADDR:
2385 hci_cc_read_bd_addr(hdev, skb);
2388 case HCI_OP_READ_DATA_BLOCK_SIZE:
2389 hci_cc_read_data_block_size(hdev, skb);
2392 case HCI_OP_WRITE_CA_TIMEOUT:
2393 hci_cc_write_ca_timeout(hdev, skb);
2396 case HCI_OP_READ_FLOW_CONTROL_MODE:
2397 hci_cc_read_flow_control_mode(hdev, skb);
2400 case HCI_OP_READ_LOCAL_AMP_INFO:
2401 hci_cc_read_local_amp_info(hdev, skb);
2404 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2405 hci_cc_read_local_amp_assoc(hdev, skb);
2408 case HCI_OP_DELETE_STORED_LINK_KEY:
2409 hci_cc_delete_stored_link_key(hdev, skb);
2412 case HCI_OP_SET_EVENT_MASK:
2413 hci_cc_set_event_mask(hdev, skb);
2416 case HCI_OP_WRITE_INQUIRY_MODE:
2417 hci_cc_write_inquiry_mode(hdev, skb);
2420 case HCI_OP_READ_INQ_RSP_TX_POWER:
2421 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2424 case HCI_OP_SET_EVENT_FLT:
2425 hci_cc_set_event_flt(hdev, skb);
2428 case HCI_OP_PIN_CODE_REPLY:
2429 hci_cc_pin_code_reply(hdev, skb);
2432 case HCI_OP_PIN_CODE_NEG_REPLY:
2433 hci_cc_pin_code_neg_reply(hdev, skb);
2436 case HCI_OP_READ_LOCAL_OOB_DATA:
2437 hci_cc_read_local_oob_data_reply(hdev, skb);
2440 case HCI_OP_LE_READ_BUFFER_SIZE:
2441 hci_cc_le_read_buffer_size(hdev, skb);
2444 case HCI_OP_USER_CONFIRM_REPLY:
2445 hci_cc_user_confirm_reply(hdev, skb);
2448 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2449 hci_cc_user_confirm_neg_reply(hdev, skb);
2452 case HCI_OP_USER_PASSKEY_REPLY:
2453 hci_cc_user_passkey_reply(hdev, skb);
2456 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2457 hci_cc_user_passkey_neg_reply(hdev, skb);
2460 case HCI_OP_LE_SET_SCAN_PARAM:
2461 hci_cc_le_set_scan_param(hdev, skb);
2464 case HCI_OP_LE_SET_SCAN_ENABLE:
2465 hci_cc_le_set_scan_enable(hdev, skb);
2468 case HCI_OP_LE_LTK_REPLY:
2469 hci_cc_le_ltk_reply(hdev, skb);
2472 case HCI_OP_LE_LTK_NEG_REPLY:
2473 hci_cc_le_ltk_neg_reply(hdev, skb);
2476 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2477 hci_cc_write_le_host_supported(hdev, skb);
2480 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2481 hci_cc_write_remote_amp_assoc(hdev, skb);
2485 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2489 if (ev->opcode != HCI_OP_NOP)
2490 del_timer(&hdev->cmd_timer);
2493 atomic_set(&hdev->cmd_cnt, 1);
2494 if (!skb_queue_empty(&hdev->cmd_q))
2495 queue_work(hdev->workqueue, &hdev->cmd_work);
2499 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2501 struct hci_ev_cmd_status *ev = (void *) skb->data;
2504 skb_pull(skb, sizeof(*ev));
2506 opcode = __le16_to_cpu(ev->opcode);
2509 case HCI_OP_INQUIRY:
2510 hci_cs_inquiry(hdev, ev->status);
2513 case HCI_OP_CREATE_CONN:
2514 hci_cs_create_conn(hdev, ev->status);
2517 case HCI_OP_ADD_SCO:
2518 hci_cs_add_sco(hdev, ev->status);
2521 case HCI_OP_AUTH_REQUESTED:
2522 hci_cs_auth_requested(hdev, ev->status);
2525 case HCI_OP_SET_CONN_ENCRYPT:
2526 hci_cs_set_conn_encrypt(hdev, ev->status);
2529 case HCI_OP_REMOTE_NAME_REQ:
2530 hci_cs_remote_name_req(hdev, ev->status);
2533 case HCI_OP_READ_REMOTE_FEATURES:
2534 hci_cs_read_remote_features(hdev, ev->status);
2537 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2538 hci_cs_read_remote_ext_features(hdev, ev->status);
2541 case HCI_OP_SETUP_SYNC_CONN:
2542 hci_cs_setup_sync_conn(hdev, ev->status);
2545 case HCI_OP_SNIFF_MODE:
2546 hci_cs_sniff_mode(hdev, ev->status);
2549 case HCI_OP_EXIT_SNIFF_MODE:
2550 hci_cs_exit_sniff_mode(hdev, ev->status);
2553 case HCI_OP_DISCONNECT:
2554 hci_cs_disconnect(hdev, ev->status);
2557 case HCI_OP_LE_CREATE_CONN:
2558 hci_cs_le_create_conn(hdev, ev->status);
2561 case HCI_OP_LE_START_ENC:
2562 hci_cs_le_start_enc(hdev, ev->status);
2565 case HCI_OP_CREATE_PHY_LINK:
2566 hci_cs_create_phylink(hdev, ev->status);
2569 case HCI_OP_ACCEPT_PHY_LINK:
2570 hci_cs_accept_phylink(hdev, ev->status);
2574 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2578 if (ev->opcode != HCI_OP_NOP)
2579 del_timer(&hdev->cmd_timer);
2581 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2582 atomic_set(&hdev->cmd_cnt, 1);
2583 if (!skb_queue_empty(&hdev->cmd_q))
2584 queue_work(hdev->workqueue, &hdev->cmd_work);
2588 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2590 struct hci_ev_role_change *ev = (void *) skb->data;
2591 struct hci_conn *conn;
2593 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2601 conn->link_mode &= ~HCI_LM_MASTER;
2603 conn->link_mode |= HCI_LM_MASTER;
2606 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2608 hci_role_switch_cfm(conn, ev->status, ev->role);
2611 hci_dev_unlock(hdev);
2614 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2616 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2619 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2620 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2624 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2625 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2626 BT_DBG("%s bad parameters", hdev->name);
2630 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2632 for (i = 0; i < ev->num_hndl; i++) {
2633 struct hci_comp_pkts_info *info = &ev->handles[i];
2634 struct hci_conn *conn;
2635 __u16 handle, count;
2637 handle = __le16_to_cpu(info->handle);
2638 count = __le16_to_cpu(info->count);
2640 conn = hci_conn_hash_lookup_handle(hdev, handle);
2644 conn->sent -= count;
2646 switch (conn->type) {
2648 hdev->acl_cnt += count;
2649 if (hdev->acl_cnt > hdev->acl_pkts)
2650 hdev->acl_cnt = hdev->acl_pkts;
2654 if (hdev->le_pkts) {
2655 hdev->le_cnt += count;
2656 if (hdev->le_cnt > hdev->le_pkts)
2657 hdev->le_cnt = hdev->le_pkts;
2659 hdev->acl_cnt += count;
2660 if (hdev->acl_cnt > hdev->acl_pkts)
2661 hdev->acl_cnt = hdev->acl_pkts;
2666 hdev->sco_cnt += count;
2667 if (hdev->sco_cnt > hdev->sco_pkts)
2668 hdev->sco_cnt = hdev->sco_pkts;
2672 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2677 queue_work(hdev->workqueue, &hdev->tx_work);
2680 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2683 struct hci_chan *chan;
2685 switch (hdev->dev_type) {
2687 return hci_conn_hash_lookup_handle(hdev, handle);
2689 chan = hci_chan_lookup_handle(hdev, handle);
2694 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2701 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2703 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2706 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2707 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2711 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2712 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2713 BT_DBG("%s bad parameters", hdev->name);
2717 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2720 for (i = 0; i < ev->num_hndl; i++) {
2721 struct hci_comp_blocks_info *info = &ev->handles[i];
2722 struct hci_conn *conn = NULL;
2723 __u16 handle, block_count;
2725 handle = __le16_to_cpu(info->handle);
2726 block_count = __le16_to_cpu(info->blocks);
2728 conn = __hci_conn_lookup_handle(hdev, handle);
2732 conn->sent -= block_count;
2734 switch (conn->type) {
2737 hdev->block_cnt += block_count;
2738 if (hdev->block_cnt > hdev->num_blocks)
2739 hdev->block_cnt = hdev->num_blocks;
2743 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2748 queue_work(hdev->workqueue, &hdev->tx_work);
2751 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2753 struct hci_ev_mode_change *ev = (void *) skb->data;
2754 struct hci_conn *conn;
2756 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2760 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2762 conn->mode = ev->mode;
2763 conn->interval = __le16_to_cpu(ev->interval);
2765 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2767 if (conn->mode == HCI_CM_ACTIVE)
2768 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2770 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2773 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2774 hci_sco_setup(conn, ev->status);
2777 hci_dev_unlock(hdev);
2780 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2783 struct hci_conn *conn;
2785 BT_DBG("%s", hdev->name);
2789 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2793 if (conn->state == BT_CONNECTED) {
2794 hci_conn_hold(conn);
2795 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2799 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2800 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2801 sizeof(ev->bdaddr), &ev->bdaddr);
2802 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2805 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2810 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2814 hci_dev_unlock(hdev);
2817 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2819 struct hci_ev_link_key_req *ev = (void *) skb->data;
2820 struct hci_cp_link_key_reply cp;
2821 struct hci_conn *conn;
2822 struct link_key *key;
2824 BT_DBG("%s", hdev->name);
2826 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2831 key = hci_find_link_key(hdev, &ev->bdaddr);
2833 BT_DBG("%s link key not found for %pMR", hdev->name,
2838 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2841 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2842 key->type == HCI_LK_DEBUG_COMBINATION) {
2843 BT_DBG("%s ignoring debug key", hdev->name);
2847 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2849 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2850 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2851 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2855 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2856 conn->pending_sec_level == BT_SECURITY_HIGH) {
2857 BT_DBG("%s ignoring key unauthenticated for high security",
2862 conn->key_type = key->type;
2863 conn->pin_length = key->pin_len;
2866 bacpy(&cp.bdaddr, &ev->bdaddr);
2867 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2869 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2871 hci_dev_unlock(hdev);
2876 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2877 hci_dev_unlock(hdev);
2880 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2882 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2883 struct hci_conn *conn;
2886 BT_DBG("%s", hdev->name);
2890 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2892 hci_conn_hold(conn);
2893 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2894 pin_len = conn->pin_length;
2896 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2897 conn->key_type = ev->key_type;
2902 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2903 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2904 ev->key_type, pin_len);
2906 hci_dev_unlock(hdev);
2909 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2911 struct hci_ev_clock_offset *ev = (void *) skb->data;
2912 struct hci_conn *conn;
2914 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2918 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2919 if (conn && !ev->status) {
2920 struct inquiry_entry *ie;
2922 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2924 ie->data.clock_offset = ev->clock_offset;
2925 ie->timestamp = jiffies;
2929 hci_dev_unlock(hdev);
2932 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2934 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2935 struct hci_conn *conn;
2937 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2941 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2942 if (conn && !ev->status)
2943 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2945 hci_dev_unlock(hdev);
2948 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2950 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2951 struct inquiry_entry *ie;
2953 BT_DBG("%s", hdev->name);
2957 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2959 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2960 ie->timestamp = jiffies;
2963 hci_dev_unlock(hdev);
2966 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2967 struct sk_buff *skb)
2969 struct inquiry_data data;
2970 int num_rsp = *((__u8 *) skb->data);
2971 bool name_known, ssp;
2973 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2978 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2983 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2984 struct inquiry_info_with_rssi_and_pscan_mode *info;
2985 info = (void *) (skb->data + 1);
2987 for (; num_rsp; num_rsp--, info++) {
2988 bacpy(&data.bdaddr, &info->bdaddr);
2989 data.pscan_rep_mode = info->pscan_rep_mode;
2990 data.pscan_period_mode = info->pscan_period_mode;
2991 data.pscan_mode = info->pscan_mode;
2992 memcpy(data.dev_class, info->dev_class, 3);
2993 data.clock_offset = info->clock_offset;
2994 data.rssi = info->rssi;
2995 data.ssp_mode = 0x00;
2997 name_known = hci_inquiry_cache_update(hdev, &data,
2999 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3000 info->dev_class, info->rssi,
3001 !name_known, ssp, NULL, 0);
3004 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3006 for (; num_rsp; num_rsp--, info++) {
3007 bacpy(&data.bdaddr, &info->bdaddr);
3008 data.pscan_rep_mode = info->pscan_rep_mode;
3009 data.pscan_period_mode = info->pscan_period_mode;
3010 data.pscan_mode = 0x00;
3011 memcpy(data.dev_class, info->dev_class, 3);
3012 data.clock_offset = info->clock_offset;
3013 data.rssi = info->rssi;
3014 data.ssp_mode = 0x00;
3015 name_known = hci_inquiry_cache_update(hdev, &data,
3017 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3018 info->dev_class, info->rssi,
3019 !name_known, ssp, NULL, 0);
3023 hci_dev_unlock(hdev);
3026 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3027 struct sk_buff *skb)
3029 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3030 struct hci_conn *conn;
3032 BT_DBG("%s", hdev->name);
3036 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3040 if (!ev->status && ev->page == 0x01) {
3041 struct inquiry_entry *ie;
3043 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3045 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3047 if (ev->features[0] & LMP_HOST_SSP)
3048 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3051 if (conn->state != BT_CONFIG)
3054 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3055 struct hci_cp_remote_name_req cp;
3056 memset(&cp, 0, sizeof(cp));
3057 bacpy(&cp.bdaddr, &conn->dst);
3058 cp.pscan_rep_mode = 0x02;
3059 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3060 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3061 mgmt_device_connected(hdev, &conn->dst, conn->type,
3062 conn->dst_type, 0, NULL, 0,
3065 if (!hci_outgoing_auth_needed(hdev, conn)) {
3066 conn->state = BT_CONNECTED;
3067 hci_proto_connect_cfm(conn, ev->status);
3072 hci_dev_unlock(hdev);
3075 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3076 struct sk_buff *skb)
3078 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3079 struct hci_conn *conn;
3081 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3085 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3087 if (ev->link_type == ESCO_LINK)
3090 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3094 conn->type = SCO_LINK;
3097 switch (ev->status) {
3099 conn->handle = __le16_to_cpu(ev->handle);
3100 conn->state = BT_CONNECTED;
3102 hci_conn_hold_device(conn);
3103 hci_conn_add_sysfs(conn);
3106 case 0x11: /* Unsupported Feature or Parameter Value */
3107 case 0x1c: /* SCO interval rejected */
3108 case 0x1a: /* Unsupported Remote Feature */
3109 case 0x1f: /* Unspecified error */
3110 if (conn->out && conn->attempt < 2) {
3111 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3112 (hdev->esco_type & EDR_ESCO_MASK);
3113 hci_setup_sync(conn, conn->link->handle);
3119 conn->state = BT_CLOSED;
3123 hci_proto_connect_cfm(conn, ev->status);
3128 hci_dev_unlock(hdev);
3131 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3133 BT_DBG("%s", hdev->name);
3136 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3138 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3140 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3143 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3144 struct sk_buff *skb)
3146 struct inquiry_data data;
3147 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3148 int num_rsp = *((__u8 *) skb->data);
3151 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3156 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3161 for (; num_rsp; num_rsp--, info++) {
3162 bool name_known, ssp;
3164 bacpy(&data.bdaddr, &info->bdaddr);
3165 data.pscan_rep_mode = info->pscan_rep_mode;
3166 data.pscan_period_mode = info->pscan_period_mode;
3167 data.pscan_mode = 0x00;
3168 memcpy(data.dev_class, info->dev_class, 3);
3169 data.clock_offset = info->clock_offset;
3170 data.rssi = info->rssi;
3171 data.ssp_mode = 0x01;
3173 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3174 name_known = eir_has_data_type(info->data,
3180 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3182 eir_len = eir_get_length(info->data, sizeof(info->data));
3183 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3184 info->dev_class, info->rssi, !name_known,
3185 ssp, info->data, eir_len);
3188 hci_dev_unlock(hdev);
3191 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3192 struct sk_buff *skb)
3194 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3195 struct hci_conn *conn;
3197 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3198 __le16_to_cpu(ev->handle));
3202 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3207 conn->sec_level = conn->pending_sec_level;
3209 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3211 if (ev->status && conn->state == BT_CONNECTED) {
3212 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3217 if (conn->state == BT_CONFIG) {
3219 conn->state = BT_CONNECTED;
3221 hci_proto_connect_cfm(conn, ev->status);
3224 hci_auth_cfm(conn, ev->status);
3226 hci_conn_hold(conn);
3227 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3232 hci_dev_unlock(hdev);
3235 static u8 hci_get_auth_req(struct hci_conn *conn)
3237 /* If remote requests dedicated bonding follow that lead */
3238 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3239 /* If both remote and local IO capabilities allow MITM
3240 * protection then require it, otherwise don't */
3241 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3247 /* If remote requests no-bonding follow that lead */
3248 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3249 return conn->remote_auth | (conn->auth_type & 0x01);
3251 return conn->auth_type;
3254 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3256 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3257 struct hci_conn *conn;
3259 BT_DBG("%s", hdev->name);
3263 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3267 hci_conn_hold(conn);
3269 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3272 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3273 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3274 struct hci_cp_io_capability_reply cp;
3276 bacpy(&cp.bdaddr, &ev->bdaddr);
3277 /* Change the IO capability from KeyboardDisplay
3278 * to DisplayYesNo as it is not supported by BT spec. */
3279 cp.capability = (conn->io_capability == 0x04) ?
3280 0x01 : conn->io_capability;
3281 conn->auth_type = hci_get_auth_req(conn);
3282 cp.authentication = conn->auth_type;
3284 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3285 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3290 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3293 struct hci_cp_io_capability_neg_reply cp;
3295 bacpy(&cp.bdaddr, &ev->bdaddr);
3296 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3298 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3303 hci_dev_unlock(hdev);
3306 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3308 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3309 struct hci_conn *conn;
3311 BT_DBG("%s", hdev->name);
3315 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3319 conn->remote_cap = ev->capability;
3320 conn->remote_auth = ev->authentication;
3322 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3325 hci_dev_unlock(hdev);
3328 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3329 struct sk_buff *skb)
3331 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3332 int loc_mitm, rem_mitm, confirm_hint = 0;
3333 struct hci_conn *conn;
3335 BT_DBG("%s", hdev->name);
3339 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3342 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3346 loc_mitm = (conn->auth_type & 0x01);
3347 rem_mitm = (conn->remote_auth & 0x01);
3349 /* If we require MITM but the remote device can't provide that
3350 * (it has NoInputNoOutput) then reject the confirmation
3351 * request. The only exception is when we're dedicated bonding
3352 * initiators (connect_cfm_cb set) since then we always have the MITM
3354 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3355 BT_DBG("Rejecting request: remote device can't provide MITM");
3356 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3357 sizeof(ev->bdaddr), &ev->bdaddr);
3361 /* If no side requires MITM protection; auto-accept */
3362 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3363 (!rem_mitm || conn->io_capability == 0x03)) {
3365 /* If we're not the initiators request authorization to
3366 * proceed from user space (mgmt_user_confirm with
3367 * confirm_hint set to 1). */
3368 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3369 BT_DBG("Confirming auto-accept as acceptor");
3374 BT_DBG("Auto-accept of user confirmation with %ums delay",
3375 hdev->auto_accept_delay);
3377 if (hdev->auto_accept_delay > 0) {
3378 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3379 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3383 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3384 sizeof(ev->bdaddr), &ev->bdaddr);
3389 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3393 hci_dev_unlock(hdev);
3396 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3397 struct sk_buff *skb)
3399 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3401 BT_DBG("%s", hdev->name);
3403 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3404 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3407 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3408 struct sk_buff *skb)
3410 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3411 struct hci_conn *conn;
3413 BT_DBG("%s", hdev->name);
3415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3419 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3420 conn->passkey_entered = 0;
3422 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3423 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3424 conn->dst_type, conn->passkey_notify,
3425 conn->passkey_entered);
3428 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3430 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3431 struct hci_conn *conn;
3433 BT_DBG("%s", hdev->name);
3435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3440 case HCI_KEYPRESS_STARTED:
3441 conn->passkey_entered = 0;
3444 case HCI_KEYPRESS_ENTERED:
3445 conn->passkey_entered++;
3448 case HCI_KEYPRESS_ERASED:
3449 conn->passkey_entered--;
3452 case HCI_KEYPRESS_CLEARED:
3453 conn->passkey_entered = 0;
3456 case HCI_KEYPRESS_COMPLETED:
3460 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3461 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3462 conn->dst_type, conn->passkey_notify,
3463 conn->passkey_entered);
3466 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3467 struct sk_buff *skb)
3469 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3470 struct hci_conn *conn;
3472 BT_DBG("%s", hdev->name);
3476 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3480 /* To avoid duplicate auth_failed events to user space we check
3481 * the HCI_CONN_AUTH_PEND flag which will be set if we
3482 * initiated the authentication. A traditional auth_complete
3483 * event gets always produced as initiator and is also mapped to
3484 * the mgmt_auth_failed event */
3485 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3486 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3492 hci_dev_unlock(hdev);
3495 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3496 struct sk_buff *skb)
3498 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3499 struct inquiry_entry *ie;
3501 BT_DBG("%s", hdev->name);
3505 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3507 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3509 hci_dev_unlock(hdev);
3512 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3513 struct sk_buff *skb)
3515 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3516 struct oob_data *data;
3518 BT_DBG("%s", hdev->name);
3522 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3525 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3527 struct hci_cp_remote_oob_data_reply cp;
3529 bacpy(&cp.bdaddr, &ev->bdaddr);
3530 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3531 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3533 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3536 struct hci_cp_remote_oob_data_neg_reply cp;
3538 bacpy(&cp.bdaddr, &ev->bdaddr);
3539 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3544 hci_dev_unlock(hdev);
3547 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3549 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3550 struct hci_conn *conn;
3552 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3556 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3558 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3560 BT_ERR("No memory for new connection");
3564 conn->dst_type = ev->bdaddr_type;
3566 if (ev->role == LE_CONN_ROLE_MASTER) {
3568 conn->link_mode |= HCI_LM_MASTER;
3573 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3574 conn->dst_type, ev->status);
3575 hci_proto_connect_cfm(conn, ev->status);
3576 conn->state = BT_CLOSED;
3581 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3582 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3583 conn->dst_type, 0, NULL, 0, NULL);
3585 conn->sec_level = BT_SECURITY_LOW;
3586 conn->handle = __le16_to_cpu(ev->handle);
3587 conn->state = BT_CONNECTED;
3589 hci_conn_hold_device(conn);
3590 hci_conn_add_sysfs(conn);
3592 hci_proto_connect_cfm(conn, ev->status);
3595 hci_dev_unlock(hdev);
3598 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3600 u8 num_reports = skb->data[0];
3601 void *ptr = &skb->data[1];
3606 while (num_reports--) {
3607 struct hci_ev_le_advertising_info *ev = ptr;
3609 rssi = ev->data[ev->length];
3610 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3611 NULL, rssi, 0, 1, ev->data, ev->length);
3613 ptr += sizeof(*ev) + ev->length + 1;
3616 hci_dev_unlock(hdev);
3619 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3621 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3622 struct hci_cp_le_ltk_reply cp;
3623 struct hci_cp_le_ltk_neg_reply neg;
3624 struct hci_conn *conn;
3625 struct smp_ltk *ltk;
3627 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3631 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3635 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3639 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3640 cp.handle = cpu_to_le16(conn->handle);
3642 if (ltk->authenticated)
3643 conn->sec_level = BT_SECURITY_HIGH;
3645 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3647 if (ltk->type & HCI_SMP_STK) {
3648 list_del(<k->list);
3652 hci_dev_unlock(hdev);
3657 neg.handle = ev->handle;
3658 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3659 hci_dev_unlock(hdev);
3662 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3664 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3666 skb_pull(skb, sizeof(*le_ev));
3668 switch (le_ev->subevent) {
3669 case HCI_EV_LE_CONN_COMPLETE:
3670 hci_le_conn_complete_evt(hdev, skb);
3673 case HCI_EV_LE_ADVERTISING_REPORT:
3674 hci_le_adv_report_evt(hdev, skb);
3677 case HCI_EV_LE_LTK_REQ:
3678 hci_le_ltk_request_evt(hdev, skb);
3686 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3688 struct hci_ev_channel_selected *ev = (void *) skb->data;
3689 struct hci_conn *hcon;
3691 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3693 skb_pull(skb, sizeof(*ev));
3695 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3699 amp_read_loc_assoc_final_data(hdev, hcon);
3702 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3704 struct hci_event_hdr *hdr = (void *) skb->data;
3705 __u8 event = hdr->evt;
3707 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3710 case HCI_EV_INQUIRY_COMPLETE:
3711 hci_inquiry_complete_evt(hdev, skb);
3714 case HCI_EV_INQUIRY_RESULT:
3715 hci_inquiry_result_evt(hdev, skb);
3718 case HCI_EV_CONN_COMPLETE:
3719 hci_conn_complete_evt(hdev, skb);
3722 case HCI_EV_CONN_REQUEST:
3723 hci_conn_request_evt(hdev, skb);
3726 case HCI_EV_DISCONN_COMPLETE:
3727 hci_disconn_complete_evt(hdev, skb);
3730 case HCI_EV_AUTH_COMPLETE:
3731 hci_auth_complete_evt(hdev, skb);
3734 case HCI_EV_REMOTE_NAME:
3735 hci_remote_name_evt(hdev, skb);
3738 case HCI_EV_ENCRYPT_CHANGE:
3739 hci_encrypt_change_evt(hdev, skb);
3742 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3743 hci_change_link_key_complete_evt(hdev, skb);
3746 case HCI_EV_REMOTE_FEATURES:
3747 hci_remote_features_evt(hdev, skb);
3750 case HCI_EV_REMOTE_VERSION:
3751 hci_remote_version_evt(hdev, skb);
3754 case HCI_EV_QOS_SETUP_COMPLETE:
3755 hci_qos_setup_complete_evt(hdev, skb);
3758 case HCI_EV_CMD_COMPLETE:
3759 hci_cmd_complete_evt(hdev, skb);
3762 case HCI_EV_CMD_STATUS:
3763 hci_cmd_status_evt(hdev, skb);
3766 case HCI_EV_ROLE_CHANGE:
3767 hci_role_change_evt(hdev, skb);
3770 case HCI_EV_NUM_COMP_PKTS:
3771 hci_num_comp_pkts_evt(hdev, skb);
3774 case HCI_EV_MODE_CHANGE:
3775 hci_mode_change_evt(hdev, skb);
3778 case HCI_EV_PIN_CODE_REQ:
3779 hci_pin_code_request_evt(hdev, skb);
3782 case HCI_EV_LINK_KEY_REQ:
3783 hci_link_key_request_evt(hdev, skb);
3786 case HCI_EV_LINK_KEY_NOTIFY:
3787 hci_link_key_notify_evt(hdev, skb);
3790 case HCI_EV_CLOCK_OFFSET:
3791 hci_clock_offset_evt(hdev, skb);
3794 case HCI_EV_PKT_TYPE_CHANGE:
3795 hci_pkt_type_change_evt(hdev, skb);
3798 case HCI_EV_PSCAN_REP_MODE:
3799 hci_pscan_rep_mode_evt(hdev, skb);
3802 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3803 hci_inquiry_result_with_rssi_evt(hdev, skb);
3806 case HCI_EV_REMOTE_EXT_FEATURES:
3807 hci_remote_ext_features_evt(hdev, skb);
3810 case HCI_EV_SYNC_CONN_COMPLETE:
3811 hci_sync_conn_complete_evt(hdev, skb);
3814 case HCI_EV_SYNC_CONN_CHANGED:
3815 hci_sync_conn_changed_evt(hdev, skb);
3818 case HCI_EV_SNIFF_SUBRATE:
3819 hci_sniff_subrate_evt(hdev, skb);
3822 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3823 hci_extended_inquiry_result_evt(hdev, skb);
3826 case HCI_EV_KEY_REFRESH_COMPLETE:
3827 hci_key_refresh_complete_evt(hdev, skb);
3830 case HCI_EV_IO_CAPA_REQUEST:
3831 hci_io_capa_request_evt(hdev, skb);
3834 case HCI_EV_IO_CAPA_REPLY:
3835 hci_io_capa_reply_evt(hdev, skb);
3838 case HCI_EV_USER_CONFIRM_REQUEST:
3839 hci_user_confirm_request_evt(hdev, skb);
3842 case HCI_EV_USER_PASSKEY_REQUEST:
3843 hci_user_passkey_request_evt(hdev, skb);
3846 case HCI_EV_USER_PASSKEY_NOTIFY:
3847 hci_user_passkey_notify_evt(hdev, skb);
3850 case HCI_EV_KEYPRESS_NOTIFY:
3851 hci_keypress_notify_evt(hdev, skb);
3854 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3855 hci_simple_pair_complete_evt(hdev, skb);
3858 case HCI_EV_REMOTE_HOST_FEATURES:
3859 hci_remote_host_features_evt(hdev, skb);
3862 case HCI_EV_LE_META:
3863 hci_le_meta_evt(hdev, skb);
3866 case HCI_EV_CHANNEL_SELECTED:
3867 hci_chan_selected_evt(hdev, skb);
3870 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3871 hci_remote_oob_data_request_evt(hdev, skb);
3874 case HCI_EV_NUM_COMP_BLOCKS:
3875 hci_num_comp_blocks_evt(hdev, skb);
3879 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3884 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob