2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
45 mgmt_stop_discovery_failed(hdev, status);
50 clear_bit(HCI_INQUIRY, &hdev->flags);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
58 hci_conn_check_pending(hdev);
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63 __u8 status = *((__u8 *) skb->data);
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 hci_conn_check_pending(hdev);
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
169 hdev->link_policy = __le16_to_cpu(rp->policy);
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
175 __u8 status = *((__u8 *) skb->data);
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
185 hdev->link_policy = get_unaligned_le16(sent);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 /* Reset all non-persistent flags */
197 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
198 BIT(HCI_PERIODIC_INQ));
200 hdev->discovery.state = DISCOVERY_STOPPED;
201 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
202 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
204 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
205 hdev->adv_data_len = 0;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 if (!status && !test_bit(HCI_INIT, &hdev->flags))
232 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
234 struct hci_rp_read_local_name *rp = (void *) skb->data;
236 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
241 if (test_bit(HCI_SETUP, &hdev->dev_flags))
242 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
245 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
247 __u8 status = *((__u8 *) skb->data);
250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
252 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
257 __u8 param = *((__u8 *) sent);
259 if (param == AUTH_ENABLED)
260 set_bit(HCI_AUTH, &hdev->flags);
262 clear_bit(HCI_AUTH, &hdev->flags);
265 if (test_bit(HCI_MGMT, &hdev->dev_flags))
266 mgmt_auth_enable_complete(hdev, status);
269 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
271 __u8 status = *((__u8 *) skb->data);
274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
281 __u8 param = *((__u8 *) sent);
284 set_bit(HCI_ENCRYPT, &hdev->flags);
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
302 param = *((__u8 *) sent);
307 mgmt_write_scan_failed(hdev, param, status);
308 hdev->discov_timeout = 0;
312 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
313 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
315 if (param & SCAN_INQUIRY) {
316 set_bit(HCI_ISCAN, &hdev->flags);
318 mgmt_discoverable(hdev, 1);
319 if (hdev->discov_timeout > 0) {
320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
321 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 } else if (old_iscan)
325 mgmt_discoverable(hdev, 0);
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
330 mgmt_connectable(hdev, 1);
331 } else if (old_pscan)
332 mgmt_connectable(hdev, 0);
335 hci_dev_unlock(hdev);
338 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
347 memcpy(hdev->dev_class, rp->dev_class, 3);
349 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
350 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
353 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
355 __u8 status = *((__u8 *) skb->data);
358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
367 memcpy(hdev->dev_class, sent, 3);
369 if (test_bit(HCI_MGMT, &hdev->dev_flags))
370 mgmt_set_class_of_dev_complete(hdev, sent, status);
372 hci_dev_unlock(hdev);
375 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
377 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
380 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
385 setting = __le16_to_cpu(rp->voice_setting);
387 if (hdev->voice_setting == setting)
390 hdev->voice_setting = setting;
392 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
398 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
401 __u8 status = *((__u8 *) skb->data);
405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
410 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 setting = get_unaligned_le16(sent);
416 if (hdev->voice_setting == setting)
419 hdev->voice_setting = setting;
421 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
424 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
427 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
429 __u8 status = *((__u8 *) skb->data);
430 struct hci_cp_write_ssp_mode *sent;
432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
434 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
440 hdev->host_features[0] |= LMP_HOST_SSP;
442 hdev->host_features[0] &= ~LMP_HOST_SSP;
445 if (test_bit(HCI_MGMT, &hdev->dev_flags))
446 mgmt_ssp_enable_complete(hdev, sent->mode, status);
449 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
451 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
455 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
457 struct hci_rp_read_local_version *rp = (void *) skb->data;
459 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
464 hdev->hci_ver = rp->hci_ver;
465 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
466 hdev->lmp_ver = rp->lmp_ver;
467 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
468 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
470 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
471 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
474 static void hci_cc_read_local_commands(struct hci_dev *hdev,
477 struct hci_rp_read_local_commands *rp = (void *) skb->data;
479 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
482 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
485 static void hci_cc_read_local_features(struct hci_dev *hdev,
488 struct hci_rp_read_local_features *rp = (void *) skb->data;
490 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
495 memcpy(hdev->features, rp->features, 8);
497 /* Adjust default settings according to features
498 * supported by device. */
500 if (hdev->features[0] & LMP_3SLOT)
501 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
503 if (hdev->features[0] & LMP_5SLOT)
504 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
506 if (hdev->features[1] & LMP_HV2) {
507 hdev->pkt_type |= (HCI_HV2);
508 hdev->esco_type |= (ESCO_HV2);
511 if (hdev->features[1] & LMP_HV3) {
512 hdev->pkt_type |= (HCI_HV3);
513 hdev->esco_type |= (ESCO_HV3);
516 if (lmp_esco_capable(hdev))
517 hdev->esco_type |= (ESCO_EV3);
519 if (hdev->features[4] & LMP_EV4)
520 hdev->esco_type |= (ESCO_EV4);
522 if (hdev->features[4] & LMP_EV5)
523 hdev->esco_type |= (ESCO_EV5);
525 if (hdev->features[5] & LMP_EDR_ESCO_2M)
526 hdev->esco_type |= (ESCO_2EV3);
528 if (hdev->features[5] & LMP_EDR_ESCO_3M)
529 hdev->esco_type |= (ESCO_3EV3);
531 if (hdev->features[5] & LMP_EDR_3S_ESCO)
532 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
534 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
535 hdev->features[0], hdev->features[1],
536 hdev->features[2], hdev->features[3],
537 hdev->features[4], hdev->features[5],
538 hdev->features[6], hdev->features[7]);
541 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
544 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
546 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
553 memcpy(hdev->features, rp->features, 8);
556 memcpy(hdev->host_features, rp->features, 8);
561 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
564 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
566 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
569 hdev->flow_ctl_mode = rp->mode;
572 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
574 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
576 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
581 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
582 hdev->sco_mtu = rp->sco_mtu;
583 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
584 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
586 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
591 hdev->acl_cnt = hdev->acl_pkts;
592 hdev->sco_cnt = hdev->sco_pkts;
594 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
595 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
598 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
600 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
605 bacpy(&hdev->bdaddr, &rp->bdaddr);
608 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
611 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
618 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
619 hdev->block_len = __le16_to_cpu(rp->block_len);
620 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
622 hdev->block_cnt = hdev->num_blocks;
624 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
625 hdev->block_cnt, hdev->block_len);
628 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
631 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
633 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638 hdev->amp_status = rp->amp_status;
639 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
640 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
641 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
642 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
643 hdev->amp_type = rp->amp_type;
644 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
645 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
646 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
647 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
650 a2mp_send_getinfo_rsp(hdev);
653 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
656 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
657 struct amp_assoc *assoc = &hdev->loc_assoc;
658 size_t rem_len, frag_len;
660 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
665 frag_len = skb->len - sizeof(*rp);
666 rem_len = __le16_to_cpu(rp->rem_len);
668 if (rem_len > frag_len) {
669 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
671 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
672 assoc->offset += frag_len;
674 /* Read other fragments */
675 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
680 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
681 assoc->len = assoc->offset + rem_len;
685 /* Send A2MP Rsp when all fragments are received */
686 a2mp_send_getampassoc_rsp(hdev, rp->status);
687 a2mp_send_create_phy_link_req(hdev, rp->status);
690 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
693 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
695 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
698 hdev->inq_tx_power = rp->tx_power;
701 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
703 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
704 struct hci_cp_pin_code_reply *cp;
705 struct hci_conn *conn;
707 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
711 if (test_bit(HCI_MGMT, &hdev->dev_flags))
712 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
717 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
721 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
723 conn->pin_length = cp->pin_len;
726 hci_dev_unlock(hdev);
729 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
731 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
733 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
737 if (test_bit(HCI_MGMT, &hdev->dev_flags))
738 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
741 hci_dev_unlock(hdev);
744 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
747 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
749 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
754 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
755 hdev->le_pkts = rp->le_max_pkt;
757 hdev->le_cnt = hdev->le_pkts;
759 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
762 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
765 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
767 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
770 memcpy(hdev->le_features, rp->features, 8);
773 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
776 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
778 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
781 hdev->adv_tx_power = rp->tx_power;
782 if (!test_bit(HCI_INIT, &hdev->flags))
787 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
789 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
795 if (test_bit(HCI_MGMT, &hdev->dev_flags))
796 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
799 hci_dev_unlock(hdev);
802 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
805 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
807 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
811 if (test_bit(HCI_MGMT, &hdev->dev_flags))
812 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
813 ACL_LINK, 0, rp->status);
815 hci_dev_unlock(hdev);
818 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
820 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
822 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
826 if (test_bit(HCI_MGMT, &hdev->dev_flags))
827 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
830 hci_dev_unlock(hdev);
833 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
836 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
843 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
844 ACL_LINK, 0, rp->status);
846 hci_dev_unlock(hdev);
849 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
852 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
854 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
857 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
858 rp->randomizer, rp->status);
859 hci_dev_unlock(hdev);
862 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
864 __u8 *sent, status = *((__u8 *) skb->data);
866 BT_DBG("%s status 0x%2.2x", hdev->name, status);
868 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
876 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
878 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
881 hci_dev_unlock(hdev);
883 if (!test_bit(HCI_INIT, &hdev->flags))
887 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
889 __u8 status = *((__u8 *) skb->data);
891 BT_DBG("%s status 0x%2.2x", hdev->name, status);
895 mgmt_start_discovery_failed(hdev, status);
896 hci_dev_unlock(hdev);
901 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
904 struct hci_cp_le_set_scan_enable *cp;
905 __u8 status = *((__u8 *) skb->data);
907 BT_DBG("%s status 0x%2.2x", hdev->name, status);
909 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
913 switch (cp->enable) {
914 case LE_SCANNING_ENABLED:
917 mgmt_start_discovery_failed(hdev, status);
918 hci_dev_unlock(hdev);
922 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
925 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
926 hci_dev_unlock(hdev);
929 case LE_SCANNING_DISABLED:
932 mgmt_stop_discovery_failed(hdev, status);
933 hci_dev_unlock(hdev);
937 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
939 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
940 hdev->discovery.state == DISCOVERY_FINDING) {
941 mgmt_interleaved_discovery(hdev);
944 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
945 hci_dev_unlock(hdev);
951 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
956 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
959 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
961 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
964 hdev->le_white_list_size = rp->size;
967 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
970 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
972 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
975 memcpy(hdev->le_states, rp->le_states, 8);
978 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
981 struct hci_cp_write_le_host_supported *sent;
982 __u8 status = *((__u8 *) skb->data);
984 BT_DBG("%s status 0x%2.2x", hdev->name, status);
986 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
992 hdev->host_features[0] |= LMP_HOST_LE;
994 hdev->host_features[0] &= ~LMP_HOST_LE;
997 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
999 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1002 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1003 !test_bit(HCI_INIT, &hdev->flags))
1004 mgmt_le_enable_complete(hdev, sent->le, status);
1007 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1008 struct sk_buff *skb)
1010 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1012 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1013 hdev->name, rp->status, rp->phy_handle);
1018 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1021 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1023 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1026 hci_conn_check_pending(hdev);
1028 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1029 mgmt_start_discovery_failed(hdev, status);
1030 hci_dev_unlock(hdev);
1034 set_bit(HCI_INQUIRY, &hdev->flags);
1037 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1038 hci_dev_unlock(hdev);
1041 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1043 struct hci_cp_create_conn *cp;
1044 struct hci_conn *conn;
1046 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1048 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1054 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1056 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1059 if (conn && conn->state == BT_CONNECT) {
1060 if (status != 0x0c || conn->attempt > 2) {
1061 conn->state = BT_CLOSED;
1062 hci_proto_connect_cfm(conn, status);
1065 conn->state = BT_CONNECT2;
1069 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1072 conn->link_mode |= HCI_LM_MASTER;
1074 BT_ERR("No memory for new connection");
1078 hci_dev_unlock(hdev);
1081 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1083 struct hci_cp_add_sco *cp;
1084 struct hci_conn *acl, *sco;
1087 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1092 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1096 handle = __le16_to_cpu(cp->handle);
1098 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1102 acl = hci_conn_hash_lookup_handle(hdev, handle);
1106 sco->state = BT_CLOSED;
1108 hci_proto_connect_cfm(sco, status);
1113 hci_dev_unlock(hdev);
1116 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1118 struct hci_cp_auth_requested *cp;
1119 struct hci_conn *conn;
1121 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1126 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1132 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1134 if (conn->state == BT_CONFIG) {
1135 hci_proto_connect_cfm(conn, status);
1140 hci_dev_unlock(hdev);
1143 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1145 struct hci_cp_set_conn_encrypt *cp;
1146 struct hci_conn *conn;
1148 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1153 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1159 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1161 if (conn->state == BT_CONFIG) {
1162 hci_proto_connect_cfm(conn, status);
1167 hci_dev_unlock(hdev);
1170 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1171 struct hci_conn *conn)
1173 if (conn->state != BT_CONFIG || !conn->out)
1176 if (conn->pending_sec_level == BT_SECURITY_SDP)
1179 /* Only request authentication for SSP connections or non-SSP
1180 * devices with sec_level HIGH or if MITM protection is requested */
1181 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1182 conn->pending_sec_level != BT_SECURITY_HIGH)
1188 static int hci_resolve_name(struct hci_dev *hdev,
1189 struct inquiry_entry *e)
1191 struct hci_cp_remote_name_req cp;
1193 memset(&cp, 0, sizeof(cp));
1195 bacpy(&cp.bdaddr, &e->data.bdaddr);
1196 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1197 cp.pscan_mode = e->data.pscan_mode;
1198 cp.clock_offset = e->data.clock_offset;
1200 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1203 static bool hci_resolve_next_name(struct hci_dev *hdev)
1205 struct discovery_state *discov = &hdev->discovery;
1206 struct inquiry_entry *e;
1208 if (list_empty(&discov->resolve))
1211 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1215 if (hci_resolve_name(hdev, e) == 0) {
1216 e->name_state = NAME_PENDING;
1223 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1224 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1226 struct discovery_state *discov = &hdev->discovery;
1227 struct inquiry_entry *e;
1229 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1230 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1231 name_len, conn->dev_class);
1233 if (discov->state == DISCOVERY_STOPPED)
1236 if (discov->state == DISCOVERY_STOPPING)
1237 goto discov_complete;
1239 if (discov->state != DISCOVERY_RESOLVING)
1242 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1243 /* If the device was not found in a list of found devices names of which
1244 * are pending. there is no need to continue resolving a next name as it
1245 * will be done upon receiving another Remote Name Request Complete
1252 e->name_state = NAME_KNOWN;
1253 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1254 e->data.rssi, name, name_len);
1256 e->name_state = NAME_NOT_KNOWN;
1259 if (hci_resolve_next_name(hdev))
1263 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1266 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1268 struct hci_cp_remote_name_req *cp;
1269 struct hci_conn *conn;
1271 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1273 /* If successful wait for the name req complete event before
1274 * checking for the need to do authentication */
1278 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1286 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1287 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1292 if (!hci_outgoing_auth_needed(hdev, conn))
1295 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1296 struct hci_cp_auth_requested cp;
1297 cp.handle = __cpu_to_le16(conn->handle);
1298 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1302 hci_dev_unlock(hdev);
1305 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1307 struct hci_cp_read_remote_features *cp;
1308 struct hci_conn *conn;
1310 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1315 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1321 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1323 if (conn->state == BT_CONFIG) {
1324 hci_proto_connect_cfm(conn, status);
1329 hci_dev_unlock(hdev);
1332 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1334 struct hci_cp_read_remote_ext_features *cp;
1335 struct hci_conn *conn;
1337 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1342 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1348 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1350 if (conn->state == BT_CONFIG) {
1351 hci_proto_connect_cfm(conn, status);
1356 hci_dev_unlock(hdev);
1359 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1361 struct hci_cp_setup_sync_conn *cp;
1362 struct hci_conn *acl, *sco;
1365 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1370 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1374 handle = __le16_to_cpu(cp->handle);
1376 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1380 acl = hci_conn_hash_lookup_handle(hdev, handle);
1384 sco->state = BT_CLOSED;
1386 hci_proto_connect_cfm(sco, status);
1391 hci_dev_unlock(hdev);
1394 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1396 struct hci_cp_sniff_mode *cp;
1397 struct hci_conn *conn;
1399 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1404 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1410 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1412 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1414 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1415 hci_sco_setup(conn, status);
1418 hci_dev_unlock(hdev);
1421 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1423 struct hci_cp_exit_sniff_mode *cp;
1424 struct hci_conn *conn;
1426 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1431 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1437 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1439 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1441 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1442 hci_sco_setup(conn, status);
1445 hci_dev_unlock(hdev);
1448 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1450 struct hci_cp_disconnect *cp;
1451 struct hci_conn *conn;
1456 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1462 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1465 conn->dst_type, status);
1467 hci_dev_unlock(hdev);
1470 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1472 struct hci_conn *conn;
1474 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1479 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1481 hci_dev_unlock(hdev);
1485 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1487 conn->state = BT_CLOSED;
1488 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1489 conn->dst_type, status);
1490 hci_proto_connect_cfm(conn, status);
1493 hci_dev_unlock(hdev);
1497 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1499 struct hci_cp_create_phy_link *cp;
1501 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1503 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1510 struct hci_conn *hcon;
1512 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1516 amp_write_remote_assoc(hdev, cp->phy_handle);
1519 hci_dev_unlock(hdev);
1522 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1524 struct hci_cp_accept_phy_link *cp;
1526 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1531 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1535 amp_write_remote_assoc(hdev, cp->phy_handle);
1538 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1540 __u8 status = *((__u8 *) skb->data);
1541 struct discovery_state *discov = &hdev->discovery;
1542 struct inquiry_entry *e;
1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1546 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1548 hci_conn_check_pending(hdev);
1550 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1553 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1558 if (discov->state != DISCOVERY_FINDING)
1561 if (list_empty(&discov->resolve)) {
1562 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1566 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1567 if (e && hci_resolve_name(hdev, e) == 0) {
1568 e->name_state = NAME_PENDING;
1569 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1571 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1575 hci_dev_unlock(hdev);
1578 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1580 struct inquiry_data data;
1581 struct inquiry_info *info = (void *) (skb->data + 1);
1582 int num_rsp = *((__u8 *) skb->data);
1584 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1589 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1594 for (; num_rsp; num_rsp--, info++) {
1595 bool name_known, ssp;
1597 bacpy(&data.bdaddr, &info->bdaddr);
1598 data.pscan_rep_mode = info->pscan_rep_mode;
1599 data.pscan_period_mode = info->pscan_period_mode;
1600 data.pscan_mode = info->pscan_mode;
1601 memcpy(data.dev_class, info->dev_class, 3);
1602 data.clock_offset = info->clock_offset;
1604 data.ssp_mode = 0x00;
1606 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1607 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1608 info->dev_class, 0, !name_known, ssp, NULL,
1612 hci_dev_unlock(hdev);
1615 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1617 struct hci_ev_conn_complete *ev = (void *) skb->data;
1618 struct hci_conn *conn;
1620 BT_DBG("%s", hdev->name);
1624 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1626 if (ev->link_type != SCO_LINK)
1629 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1633 conn->type = SCO_LINK;
1637 conn->handle = __le16_to_cpu(ev->handle);
1639 if (conn->type == ACL_LINK) {
1640 conn->state = BT_CONFIG;
1641 hci_conn_hold(conn);
1643 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1644 !hci_find_link_key(hdev, &ev->bdaddr))
1645 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1647 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1649 conn->state = BT_CONNECTED;
1651 hci_conn_hold_device(conn);
1652 hci_conn_add_sysfs(conn);
1654 if (test_bit(HCI_AUTH, &hdev->flags))
1655 conn->link_mode |= HCI_LM_AUTH;
1657 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1658 conn->link_mode |= HCI_LM_ENCRYPT;
1660 /* Get remote features */
1661 if (conn->type == ACL_LINK) {
1662 struct hci_cp_read_remote_features cp;
1663 cp.handle = ev->handle;
1664 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1668 /* Set packet type for incoming connection */
1669 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1670 struct hci_cp_change_conn_ptype cp;
1671 cp.handle = ev->handle;
1672 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1673 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1677 conn->state = BT_CLOSED;
1678 if (conn->type == ACL_LINK)
1679 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1680 conn->dst_type, ev->status);
1683 if (conn->type == ACL_LINK)
1684 hci_sco_setup(conn, ev->status);
1687 hci_proto_connect_cfm(conn, ev->status);
1689 } else if (ev->link_type != ACL_LINK)
1690 hci_proto_connect_cfm(conn, ev->status);
1693 hci_dev_unlock(hdev);
1695 hci_conn_check_pending(hdev);
1698 void hci_conn_accept(struct hci_conn *conn, int mask)
1700 struct hci_dev *hdev = conn->hdev;
1702 BT_DBG("conn %p", conn);
1704 conn->state = BT_CONFIG;
1706 if (!lmp_esco_capable(hdev)) {
1707 struct hci_cp_accept_conn_req cp;
1709 bacpy(&cp.bdaddr, &conn->dst);
1711 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1712 cp.role = 0x00; /* Become master */
1714 cp.role = 0x01; /* Remain slave */
1716 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1717 } else /* lmp_esco_capable(hdev)) */ {
1718 struct hci_cp_accept_sync_conn_req cp;
1720 bacpy(&cp.bdaddr, &conn->dst);
1721 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1723 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1724 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1725 cp.max_latency = __constant_cpu_to_le16(0xffff);
1726 cp.content_format = cpu_to_le16(hdev->voice_setting);
1727 cp.retrans_effort = 0xff;
1729 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1734 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1736 struct hci_ev_conn_request *ev = (void *) skb->data;
1737 int mask = hdev->link_mode;
1740 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1743 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1746 if ((mask & HCI_LM_ACCEPT) &&
1747 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1748 /* Connection accepted */
1749 struct inquiry_entry *ie;
1750 struct hci_conn *conn;
1754 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1756 memcpy(ie->data.dev_class, ev->dev_class, 3);
1758 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1761 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1763 BT_ERR("No memory for new connection");
1764 hci_dev_unlock(hdev);
1769 memcpy(conn->dev_class, ev->dev_class, 3);
1771 hci_dev_unlock(hdev);
1773 if (ev->link_type == ACL_LINK ||
1774 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1775 struct hci_cp_accept_conn_req cp;
1776 conn->state = BT_CONNECT;
1778 bacpy(&cp.bdaddr, &ev->bdaddr);
1780 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1781 cp.role = 0x00; /* Become master */
1783 cp.role = 0x01; /* Remain slave */
1785 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1787 } else if (!(flags & HCI_PROTO_DEFER)) {
1788 struct hci_cp_accept_sync_conn_req cp;
1789 conn->state = BT_CONNECT;
1791 bacpy(&cp.bdaddr, &ev->bdaddr);
1792 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1794 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1795 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1796 cp.max_latency = __constant_cpu_to_le16(0xffff);
1797 cp.content_format = cpu_to_le16(hdev->voice_setting);
1798 cp.retrans_effort = 0xff;
1800 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1803 conn->state = BT_CONNECT2;
1804 hci_proto_connect_cfm(conn, 0);
1808 /* Connection rejected */
1809 struct hci_cp_reject_conn_req cp;
1811 bacpy(&cp.bdaddr, &ev->bdaddr);
1812 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1813 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1817 static u8 hci_to_mgmt_reason(u8 err)
1820 case HCI_ERROR_CONNECTION_TIMEOUT:
1821 return MGMT_DEV_DISCONN_TIMEOUT;
1822 case HCI_ERROR_REMOTE_USER_TERM:
1823 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1824 case HCI_ERROR_REMOTE_POWER_OFF:
1825 return MGMT_DEV_DISCONN_REMOTE;
1826 case HCI_ERROR_LOCAL_HOST_TERM:
1827 return MGMT_DEV_DISCONN_LOCAL_HOST;
1829 return MGMT_DEV_DISCONN_UNKNOWN;
1833 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1835 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1836 struct hci_conn *conn;
1838 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1842 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1846 if (ev->status == 0)
1847 conn->state = BT_CLOSED;
1849 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1850 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1852 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1853 conn->dst_type, ev->status);
1855 u8 reason = hci_to_mgmt_reason(ev->reason);
1857 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1858 conn->dst_type, reason);
1862 if (ev->status == 0) {
1863 if (conn->type == ACL_LINK && conn->flush_key)
1864 hci_remove_link_key(hdev, &conn->dst);
1865 hci_proto_disconn_cfm(conn, ev->reason);
1870 hci_dev_unlock(hdev);
1873 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1875 struct hci_ev_auth_complete *ev = (void *) skb->data;
1876 struct hci_conn *conn;
1878 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1882 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1887 if (!hci_conn_ssp_enabled(conn) &&
1888 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1889 BT_INFO("re-auth of legacy device is not possible.");
1891 conn->link_mode |= HCI_LM_AUTH;
1892 conn->sec_level = conn->pending_sec_level;
1895 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1899 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1900 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1902 if (conn->state == BT_CONFIG) {
1903 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1904 struct hci_cp_set_conn_encrypt cp;
1905 cp.handle = ev->handle;
1907 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1910 conn->state = BT_CONNECTED;
1911 hci_proto_connect_cfm(conn, ev->status);
1915 hci_auth_cfm(conn, ev->status);
1917 hci_conn_hold(conn);
1918 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1922 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1924 struct hci_cp_set_conn_encrypt cp;
1925 cp.handle = ev->handle;
1927 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1930 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1931 hci_encrypt_cfm(conn, ev->status, 0x00);
1936 hci_dev_unlock(hdev);
1939 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1941 struct hci_ev_remote_name *ev = (void *) skb->data;
1942 struct hci_conn *conn;
1944 BT_DBG("%s", hdev->name);
1946 hci_conn_check_pending(hdev);
1950 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1952 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1955 if (ev->status == 0)
1956 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1957 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1959 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1965 if (!hci_outgoing_auth_needed(hdev, conn))
1968 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1969 struct hci_cp_auth_requested cp;
1970 cp.handle = __cpu_to_le16(conn->handle);
1971 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1975 hci_dev_unlock(hdev);
1978 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1980 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1981 struct hci_conn *conn;
1983 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1987 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1991 /* Encryption implies authentication */
1992 conn->link_mode |= HCI_LM_AUTH;
1993 conn->link_mode |= HCI_LM_ENCRYPT;
1994 conn->sec_level = conn->pending_sec_level;
1996 conn->link_mode &= ~HCI_LM_ENCRYPT;
1999 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2001 if (ev->status && conn->state == BT_CONNECTED) {
2002 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2007 if (conn->state == BT_CONFIG) {
2009 conn->state = BT_CONNECTED;
2011 hci_proto_connect_cfm(conn, ev->status);
2014 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2018 hci_dev_unlock(hdev);
2021 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2022 struct sk_buff *skb)
2024 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2025 struct hci_conn *conn;
2027 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2031 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2034 conn->link_mode |= HCI_LM_SECURE;
2036 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2038 hci_key_change_cfm(conn, ev->status);
2041 hci_dev_unlock(hdev);
2044 static void hci_remote_features_evt(struct hci_dev *hdev,
2045 struct sk_buff *skb)
2047 struct hci_ev_remote_features *ev = (void *) skb->data;
2048 struct hci_conn *conn;
2050 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2054 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2059 memcpy(conn->features, ev->features, 8);
2061 if (conn->state != BT_CONFIG)
2064 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2065 struct hci_cp_read_remote_ext_features cp;
2066 cp.handle = ev->handle;
2068 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2073 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2074 struct hci_cp_remote_name_req cp;
2075 memset(&cp, 0, sizeof(cp));
2076 bacpy(&cp.bdaddr, &conn->dst);
2077 cp.pscan_rep_mode = 0x02;
2078 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2079 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2080 mgmt_device_connected(hdev, &conn->dst, conn->type,
2081 conn->dst_type, 0, NULL, 0,
2084 if (!hci_outgoing_auth_needed(hdev, conn)) {
2085 conn->state = BT_CONNECTED;
2086 hci_proto_connect_cfm(conn, ev->status);
2091 hci_dev_unlock(hdev);
2094 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2096 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2097 u8 status = skb->data[sizeof(*ev)];
2100 skb_pull(skb, sizeof(*ev));
2102 opcode = __le16_to_cpu(ev->opcode);
2105 case HCI_OP_INQUIRY_CANCEL:
2106 hci_cc_inquiry_cancel(hdev, skb);
2109 case HCI_OP_PERIODIC_INQ:
2110 hci_cc_periodic_inq(hdev, skb);
2113 case HCI_OP_EXIT_PERIODIC_INQ:
2114 hci_cc_exit_periodic_inq(hdev, skb);
2117 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2118 hci_cc_remote_name_req_cancel(hdev, skb);
2121 case HCI_OP_ROLE_DISCOVERY:
2122 hci_cc_role_discovery(hdev, skb);
2125 case HCI_OP_READ_LINK_POLICY:
2126 hci_cc_read_link_policy(hdev, skb);
2129 case HCI_OP_WRITE_LINK_POLICY:
2130 hci_cc_write_link_policy(hdev, skb);
2133 case HCI_OP_READ_DEF_LINK_POLICY:
2134 hci_cc_read_def_link_policy(hdev, skb);
2137 case HCI_OP_WRITE_DEF_LINK_POLICY:
2138 hci_cc_write_def_link_policy(hdev, skb);
2142 hci_cc_reset(hdev, skb);
2145 case HCI_OP_WRITE_LOCAL_NAME:
2146 hci_cc_write_local_name(hdev, skb);
2149 case HCI_OP_READ_LOCAL_NAME:
2150 hci_cc_read_local_name(hdev, skb);
2153 case HCI_OP_WRITE_AUTH_ENABLE:
2154 hci_cc_write_auth_enable(hdev, skb);
2157 case HCI_OP_WRITE_ENCRYPT_MODE:
2158 hci_cc_write_encrypt_mode(hdev, skb);
2161 case HCI_OP_WRITE_SCAN_ENABLE:
2162 hci_cc_write_scan_enable(hdev, skb);
2165 case HCI_OP_READ_CLASS_OF_DEV:
2166 hci_cc_read_class_of_dev(hdev, skb);
2169 case HCI_OP_WRITE_CLASS_OF_DEV:
2170 hci_cc_write_class_of_dev(hdev, skb);
2173 case HCI_OP_READ_VOICE_SETTING:
2174 hci_cc_read_voice_setting(hdev, skb);
2177 case HCI_OP_WRITE_VOICE_SETTING:
2178 hci_cc_write_voice_setting(hdev, skb);
2181 case HCI_OP_WRITE_SSP_MODE:
2182 hci_cc_write_ssp_mode(hdev, skb);
2185 case HCI_OP_READ_LOCAL_VERSION:
2186 hci_cc_read_local_version(hdev, skb);
2189 case HCI_OP_READ_LOCAL_COMMANDS:
2190 hci_cc_read_local_commands(hdev, skb);
2193 case HCI_OP_READ_LOCAL_FEATURES:
2194 hci_cc_read_local_features(hdev, skb);
2197 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2198 hci_cc_read_local_ext_features(hdev, skb);
2201 case HCI_OP_READ_BUFFER_SIZE:
2202 hci_cc_read_buffer_size(hdev, skb);
2205 case HCI_OP_READ_BD_ADDR:
2206 hci_cc_read_bd_addr(hdev, skb);
2209 case HCI_OP_READ_DATA_BLOCK_SIZE:
2210 hci_cc_read_data_block_size(hdev, skb);
2213 case HCI_OP_READ_FLOW_CONTROL_MODE:
2214 hci_cc_read_flow_control_mode(hdev, skb);
2217 case HCI_OP_READ_LOCAL_AMP_INFO:
2218 hci_cc_read_local_amp_info(hdev, skb);
2221 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2222 hci_cc_read_local_amp_assoc(hdev, skb);
2225 case HCI_OP_READ_INQ_RSP_TX_POWER:
2226 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2229 case HCI_OP_PIN_CODE_REPLY:
2230 hci_cc_pin_code_reply(hdev, skb);
2233 case HCI_OP_PIN_CODE_NEG_REPLY:
2234 hci_cc_pin_code_neg_reply(hdev, skb);
2237 case HCI_OP_READ_LOCAL_OOB_DATA:
2238 hci_cc_read_local_oob_data_reply(hdev, skb);
2241 case HCI_OP_LE_READ_BUFFER_SIZE:
2242 hci_cc_le_read_buffer_size(hdev, skb);
2245 case HCI_OP_LE_READ_LOCAL_FEATURES:
2246 hci_cc_le_read_local_features(hdev, skb);
2249 case HCI_OP_LE_READ_ADV_TX_POWER:
2250 hci_cc_le_read_adv_tx_power(hdev, skb);
2253 case HCI_OP_USER_CONFIRM_REPLY:
2254 hci_cc_user_confirm_reply(hdev, skb);
2257 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2258 hci_cc_user_confirm_neg_reply(hdev, skb);
2261 case HCI_OP_USER_PASSKEY_REPLY:
2262 hci_cc_user_passkey_reply(hdev, skb);
2265 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2266 hci_cc_user_passkey_neg_reply(hdev, skb);
2269 case HCI_OP_LE_SET_SCAN_PARAM:
2270 hci_cc_le_set_scan_param(hdev, skb);
2273 case HCI_OP_LE_SET_ADV_ENABLE:
2274 hci_cc_le_set_adv_enable(hdev, skb);
2277 case HCI_OP_LE_SET_SCAN_ENABLE:
2278 hci_cc_le_set_scan_enable(hdev, skb);
2281 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2282 hci_cc_le_read_white_list_size(hdev, skb);
2285 case HCI_OP_LE_READ_SUPPORTED_STATES:
2286 hci_cc_le_read_supported_states(hdev, skb);
2289 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2290 hci_cc_write_le_host_supported(hdev, skb);
2293 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2294 hci_cc_write_remote_amp_assoc(hdev, skb);
2298 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2302 if (ev->opcode != HCI_OP_NOP)
2303 del_timer(&hdev->cmd_timer);
2305 hci_req_cmd_complete(hdev, ev->opcode, status);
2307 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2308 atomic_set(&hdev->cmd_cnt, 1);
2309 if (!skb_queue_empty(&hdev->cmd_q))
2310 queue_work(hdev->workqueue, &hdev->cmd_work);
2314 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2316 struct hci_ev_cmd_status *ev = (void *) skb->data;
2319 skb_pull(skb, sizeof(*ev));
2321 opcode = __le16_to_cpu(ev->opcode);
2324 case HCI_OP_INQUIRY:
2325 hci_cs_inquiry(hdev, ev->status);
2328 case HCI_OP_CREATE_CONN:
2329 hci_cs_create_conn(hdev, ev->status);
2332 case HCI_OP_ADD_SCO:
2333 hci_cs_add_sco(hdev, ev->status);
2336 case HCI_OP_AUTH_REQUESTED:
2337 hci_cs_auth_requested(hdev, ev->status);
2340 case HCI_OP_SET_CONN_ENCRYPT:
2341 hci_cs_set_conn_encrypt(hdev, ev->status);
2344 case HCI_OP_REMOTE_NAME_REQ:
2345 hci_cs_remote_name_req(hdev, ev->status);
2348 case HCI_OP_READ_REMOTE_FEATURES:
2349 hci_cs_read_remote_features(hdev, ev->status);
2352 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2353 hci_cs_read_remote_ext_features(hdev, ev->status);
2356 case HCI_OP_SETUP_SYNC_CONN:
2357 hci_cs_setup_sync_conn(hdev, ev->status);
2360 case HCI_OP_SNIFF_MODE:
2361 hci_cs_sniff_mode(hdev, ev->status);
2364 case HCI_OP_EXIT_SNIFF_MODE:
2365 hci_cs_exit_sniff_mode(hdev, ev->status);
2368 case HCI_OP_DISCONNECT:
2369 hci_cs_disconnect(hdev, ev->status);
2372 case HCI_OP_LE_CREATE_CONN:
2373 hci_cs_le_create_conn(hdev, ev->status);
2376 case HCI_OP_CREATE_PHY_LINK:
2377 hci_cs_create_phylink(hdev, ev->status);
2380 case HCI_OP_ACCEPT_PHY_LINK:
2381 hci_cs_accept_phylink(hdev, ev->status);
2385 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2389 if (ev->opcode != HCI_OP_NOP)
2390 del_timer(&hdev->cmd_timer);
2392 hci_req_cmd_status(hdev, ev->opcode, ev->status);
2394 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2395 atomic_set(&hdev->cmd_cnt, 1);
2396 if (!skb_queue_empty(&hdev->cmd_q))
2397 queue_work(hdev->workqueue, &hdev->cmd_work);
2401 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2403 struct hci_ev_role_change *ev = (void *) skb->data;
2404 struct hci_conn *conn;
2406 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2414 conn->link_mode &= ~HCI_LM_MASTER;
2416 conn->link_mode |= HCI_LM_MASTER;
2419 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2421 hci_role_switch_cfm(conn, ev->status, ev->role);
2424 hci_dev_unlock(hdev);
2427 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2432 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2433 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2437 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2438 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2439 BT_DBG("%s bad parameters", hdev->name);
2443 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2445 for (i = 0; i < ev->num_hndl; i++) {
2446 struct hci_comp_pkts_info *info = &ev->handles[i];
2447 struct hci_conn *conn;
2448 __u16 handle, count;
2450 handle = __le16_to_cpu(info->handle);
2451 count = __le16_to_cpu(info->count);
2453 conn = hci_conn_hash_lookup_handle(hdev, handle);
2457 conn->sent -= count;
2459 switch (conn->type) {
2461 hdev->acl_cnt += count;
2462 if (hdev->acl_cnt > hdev->acl_pkts)
2463 hdev->acl_cnt = hdev->acl_pkts;
2467 if (hdev->le_pkts) {
2468 hdev->le_cnt += count;
2469 if (hdev->le_cnt > hdev->le_pkts)
2470 hdev->le_cnt = hdev->le_pkts;
2472 hdev->acl_cnt += count;
2473 if (hdev->acl_cnt > hdev->acl_pkts)
2474 hdev->acl_cnt = hdev->acl_pkts;
2479 hdev->sco_cnt += count;
2480 if (hdev->sco_cnt > hdev->sco_pkts)
2481 hdev->sco_cnt = hdev->sco_pkts;
2485 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2490 queue_work(hdev->workqueue, &hdev->tx_work);
2493 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2496 struct hci_chan *chan;
2498 switch (hdev->dev_type) {
2500 return hci_conn_hash_lookup_handle(hdev, handle);
2502 chan = hci_chan_lookup_handle(hdev, handle);
2507 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2514 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2516 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2519 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2520 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2524 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2525 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2526 BT_DBG("%s bad parameters", hdev->name);
2530 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2533 for (i = 0; i < ev->num_hndl; i++) {
2534 struct hci_comp_blocks_info *info = &ev->handles[i];
2535 struct hci_conn *conn = NULL;
2536 __u16 handle, block_count;
2538 handle = __le16_to_cpu(info->handle);
2539 block_count = __le16_to_cpu(info->blocks);
2541 conn = __hci_conn_lookup_handle(hdev, handle);
2545 conn->sent -= block_count;
2547 switch (conn->type) {
2550 hdev->block_cnt += block_count;
2551 if (hdev->block_cnt > hdev->num_blocks)
2552 hdev->block_cnt = hdev->num_blocks;
2556 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2561 queue_work(hdev->workqueue, &hdev->tx_work);
2564 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2566 struct hci_ev_mode_change *ev = (void *) skb->data;
2567 struct hci_conn *conn;
2569 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2573 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2575 conn->mode = ev->mode;
2576 conn->interval = __le16_to_cpu(ev->interval);
2578 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2580 if (conn->mode == HCI_CM_ACTIVE)
2581 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2583 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2586 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2587 hci_sco_setup(conn, ev->status);
2590 hci_dev_unlock(hdev);
2593 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2596 struct hci_conn *conn;
2598 BT_DBG("%s", hdev->name);
2602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2606 if (conn->state == BT_CONNECTED) {
2607 hci_conn_hold(conn);
2608 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2612 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2613 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2614 sizeof(ev->bdaddr), &ev->bdaddr);
2615 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2618 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2623 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2627 hci_dev_unlock(hdev);
2630 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2632 struct hci_ev_link_key_req *ev = (void *) skb->data;
2633 struct hci_cp_link_key_reply cp;
2634 struct hci_conn *conn;
2635 struct link_key *key;
2637 BT_DBG("%s", hdev->name);
2639 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2644 key = hci_find_link_key(hdev, &ev->bdaddr);
2646 BT_DBG("%s link key not found for %pMR", hdev->name,
2651 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2654 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2655 key->type == HCI_LK_DEBUG_COMBINATION) {
2656 BT_DBG("%s ignoring debug key", hdev->name);
2660 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2662 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2663 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2664 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2668 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2669 conn->pending_sec_level == BT_SECURITY_HIGH) {
2670 BT_DBG("%s ignoring key unauthenticated for high security",
2675 conn->key_type = key->type;
2676 conn->pin_length = key->pin_len;
2679 bacpy(&cp.bdaddr, &ev->bdaddr);
2680 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2682 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2684 hci_dev_unlock(hdev);
2689 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2690 hci_dev_unlock(hdev);
2693 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2695 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2696 struct hci_conn *conn;
2699 BT_DBG("%s", hdev->name);
2703 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2705 hci_conn_hold(conn);
2706 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2707 pin_len = conn->pin_length;
2709 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2710 conn->key_type = ev->key_type;
2715 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2716 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2717 ev->key_type, pin_len);
2719 hci_dev_unlock(hdev);
2722 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 struct hci_ev_clock_offset *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2727 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2732 if (conn && !ev->status) {
2733 struct inquiry_entry *ie;
2735 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2737 ie->data.clock_offset = ev->clock_offset;
2738 ie->timestamp = jiffies;
2742 hci_dev_unlock(hdev);
2745 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2747 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2748 struct hci_conn *conn;
2750 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2754 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2755 if (conn && !ev->status)
2756 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2758 hci_dev_unlock(hdev);
2761 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2763 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2764 struct inquiry_entry *ie;
2766 BT_DBG("%s", hdev->name);
2770 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2772 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2773 ie->timestamp = jiffies;
2776 hci_dev_unlock(hdev);
2779 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2780 struct sk_buff *skb)
2782 struct inquiry_data data;
2783 int num_rsp = *((__u8 *) skb->data);
2784 bool name_known, ssp;
2786 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2791 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2796 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2797 struct inquiry_info_with_rssi_and_pscan_mode *info;
2798 info = (void *) (skb->data + 1);
2800 for (; num_rsp; num_rsp--, info++) {
2801 bacpy(&data.bdaddr, &info->bdaddr);
2802 data.pscan_rep_mode = info->pscan_rep_mode;
2803 data.pscan_period_mode = info->pscan_period_mode;
2804 data.pscan_mode = info->pscan_mode;
2805 memcpy(data.dev_class, info->dev_class, 3);
2806 data.clock_offset = info->clock_offset;
2807 data.rssi = info->rssi;
2808 data.ssp_mode = 0x00;
2810 name_known = hci_inquiry_cache_update(hdev, &data,
2812 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2813 info->dev_class, info->rssi,
2814 !name_known, ssp, NULL, 0);
2817 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2819 for (; num_rsp; num_rsp--, info++) {
2820 bacpy(&data.bdaddr, &info->bdaddr);
2821 data.pscan_rep_mode = info->pscan_rep_mode;
2822 data.pscan_period_mode = info->pscan_period_mode;
2823 data.pscan_mode = 0x00;
2824 memcpy(data.dev_class, info->dev_class, 3);
2825 data.clock_offset = info->clock_offset;
2826 data.rssi = info->rssi;
2827 data.ssp_mode = 0x00;
2828 name_known = hci_inquiry_cache_update(hdev, &data,
2830 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2831 info->dev_class, info->rssi,
2832 !name_known, ssp, NULL, 0);
2836 hci_dev_unlock(hdev);
2839 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2840 struct sk_buff *skb)
2842 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2843 struct hci_conn *conn;
2845 BT_DBG("%s", hdev->name);
2849 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2853 if (!ev->status && ev->page == 0x01) {
2854 struct inquiry_entry *ie;
2856 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2858 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2860 if (ev->features[0] & LMP_HOST_SSP)
2861 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2864 if (conn->state != BT_CONFIG)
2867 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2868 struct hci_cp_remote_name_req cp;
2869 memset(&cp, 0, sizeof(cp));
2870 bacpy(&cp.bdaddr, &conn->dst);
2871 cp.pscan_rep_mode = 0x02;
2872 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2873 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2874 mgmt_device_connected(hdev, &conn->dst, conn->type,
2875 conn->dst_type, 0, NULL, 0,
2878 if (!hci_outgoing_auth_needed(hdev, conn)) {
2879 conn->state = BT_CONNECTED;
2880 hci_proto_connect_cfm(conn, ev->status);
2885 hci_dev_unlock(hdev);
2888 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2889 struct sk_buff *skb)
2891 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2892 struct hci_conn *conn;
2894 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2898 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2900 if (ev->link_type == ESCO_LINK)
2903 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2907 conn->type = SCO_LINK;
2910 switch (ev->status) {
2912 conn->handle = __le16_to_cpu(ev->handle);
2913 conn->state = BT_CONNECTED;
2915 hci_conn_hold_device(conn);
2916 hci_conn_add_sysfs(conn);
2919 case 0x11: /* Unsupported Feature or Parameter Value */
2920 case 0x1c: /* SCO interval rejected */
2921 case 0x1a: /* Unsupported Remote Feature */
2922 case 0x1f: /* Unspecified error */
2923 if (conn->out && conn->attempt < 2) {
2924 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2925 (hdev->esco_type & EDR_ESCO_MASK);
2926 hci_setup_sync(conn, conn->link->handle);
2932 conn->state = BT_CLOSED;
2936 hci_proto_connect_cfm(conn, ev->status);
2941 hci_dev_unlock(hdev);
2944 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2945 struct sk_buff *skb)
2947 struct inquiry_data data;
2948 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2949 int num_rsp = *((__u8 *) skb->data);
2952 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2957 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2962 for (; num_rsp; num_rsp--, info++) {
2963 bool name_known, ssp;
2965 bacpy(&data.bdaddr, &info->bdaddr);
2966 data.pscan_rep_mode = info->pscan_rep_mode;
2967 data.pscan_period_mode = info->pscan_period_mode;
2968 data.pscan_mode = 0x00;
2969 memcpy(data.dev_class, info->dev_class, 3);
2970 data.clock_offset = info->clock_offset;
2971 data.rssi = info->rssi;
2972 data.ssp_mode = 0x01;
2974 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2975 name_known = eir_has_data_type(info->data,
2981 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2983 eir_len = eir_get_length(info->data, sizeof(info->data));
2984 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2985 info->dev_class, info->rssi, !name_known,
2986 ssp, info->data, eir_len);
2989 hci_dev_unlock(hdev);
2992 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2993 struct sk_buff *skb)
2995 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2996 struct hci_conn *conn;
2998 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2999 __le16_to_cpu(ev->handle));
3003 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3008 conn->sec_level = conn->pending_sec_level;
3010 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3012 if (ev->status && conn->state == BT_CONNECTED) {
3013 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3018 if (conn->state == BT_CONFIG) {
3020 conn->state = BT_CONNECTED;
3022 hci_proto_connect_cfm(conn, ev->status);
3025 hci_auth_cfm(conn, ev->status);
3027 hci_conn_hold(conn);
3028 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3033 hci_dev_unlock(hdev);
3036 static u8 hci_get_auth_req(struct hci_conn *conn)
3038 /* If remote requests dedicated bonding follow that lead */
3039 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3040 /* If both remote and local IO capabilities allow MITM
3041 * protection then require it, otherwise don't */
3042 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3048 /* If remote requests no-bonding follow that lead */
3049 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3050 return conn->remote_auth | (conn->auth_type & 0x01);
3052 return conn->auth_type;
3055 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3057 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3058 struct hci_conn *conn;
3060 BT_DBG("%s", hdev->name);
3064 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3068 hci_conn_hold(conn);
3070 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3073 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3074 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3075 struct hci_cp_io_capability_reply cp;
3077 bacpy(&cp.bdaddr, &ev->bdaddr);
3078 /* Change the IO capability from KeyboardDisplay
3079 * to DisplayYesNo as it is not supported by BT spec. */
3080 cp.capability = (conn->io_capability == 0x04) ?
3081 0x01 : conn->io_capability;
3082 conn->auth_type = hci_get_auth_req(conn);
3083 cp.authentication = conn->auth_type;
3085 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3086 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3091 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3094 struct hci_cp_io_capability_neg_reply cp;
3096 bacpy(&cp.bdaddr, &ev->bdaddr);
3097 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3099 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3104 hci_dev_unlock(hdev);
3107 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3109 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3110 struct hci_conn *conn;
3112 BT_DBG("%s", hdev->name);
3116 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3120 conn->remote_cap = ev->capability;
3121 conn->remote_auth = ev->authentication;
3123 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3126 hci_dev_unlock(hdev);
3129 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3130 struct sk_buff *skb)
3132 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3133 int loc_mitm, rem_mitm, confirm_hint = 0;
3134 struct hci_conn *conn;
3136 BT_DBG("%s", hdev->name);
3140 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3143 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3147 loc_mitm = (conn->auth_type & 0x01);
3148 rem_mitm = (conn->remote_auth & 0x01);
3150 /* If we require MITM but the remote device can't provide that
3151 * (it has NoInputNoOutput) then reject the confirmation
3152 * request. The only exception is when we're dedicated bonding
3153 * initiators (connect_cfm_cb set) since then we always have the MITM
3155 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3156 BT_DBG("Rejecting request: remote device can't provide MITM");
3157 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3158 sizeof(ev->bdaddr), &ev->bdaddr);
3162 /* If no side requires MITM protection; auto-accept */
3163 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3164 (!rem_mitm || conn->io_capability == 0x03)) {
3166 /* If we're not the initiators request authorization to
3167 * proceed from user space (mgmt_user_confirm with
3168 * confirm_hint set to 1). */
3169 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3170 BT_DBG("Confirming auto-accept as acceptor");
3175 BT_DBG("Auto-accept of user confirmation with %ums delay",
3176 hdev->auto_accept_delay);
3178 if (hdev->auto_accept_delay > 0) {
3179 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3180 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3184 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3185 sizeof(ev->bdaddr), &ev->bdaddr);
3190 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3194 hci_dev_unlock(hdev);
3197 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3198 struct sk_buff *skb)
3200 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3202 BT_DBG("%s", hdev->name);
3204 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3205 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3208 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3209 struct sk_buff *skb)
3211 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3212 struct hci_conn *conn;
3214 BT_DBG("%s", hdev->name);
3216 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3220 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3221 conn->passkey_entered = 0;
3223 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3224 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3225 conn->dst_type, conn->passkey_notify,
3226 conn->passkey_entered);
3229 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3231 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3232 struct hci_conn *conn;
3234 BT_DBG("%s", hdev->name);
3236 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3241 case HCI_KEYPRESS_STARTED:
3242 conn->passkey_entered = 0;
3245 case HCI_KEYPRESS_ENTERED:
3246 conn->passkey_entered++;
3249 case HCI_KEYPRESS_ERASED:
3250 conn->passkey_entered--;
3253 case HCI_KEYPRESS_CLEARED:
3254 conn->passkey_entered = 0;
3257 case HCI_KEYPRESS_COMPLETED:
3261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3262 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3263 conn->dst_type, conn->passkey_notify,
3264 conn->passkey_entered);
3267 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3268 struct sk_buff *skb)
3270 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3271 struct hci_conn *conn;
3273 BT_DBG("%s", hdev->name);
3277 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3281 /* To avoid duplicate auth_failed events to user space we check
3282 * the HCI_CONN_AUTH_PEND flag which will be set if we
3283 * initiated the authentication. A traditional auth_complete
3284 * event gets always produced as initiator and is also mapped to
3285 * the mgmt_auth_failed event */
3286 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3287 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3293 hci_dev_unlock(hdev);
3296 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3297 struct sk_buff *skb)
3299 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3300 struct inquiry_entry *ie;
3302 BT_DBG("%s", hdev->name);
3306 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3308 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3310 hci_dev_unlock(hdev);
3313 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3314 struct sk_buff *skb)
3316 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3317 struct oob_data *data;
3319 BT_DBG("%s", hdev->name);
3323 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3326 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3328 struct hci_cp_remote_oob_data_reply cp;
3330 bacpy(&cp.bdaddr, &ev->bdaddr);
3331 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3332 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3334 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3337 struct hci_cp_remote_oob_data_neg_reply cp;
3339 bacpy(&cp.bdaddr, &ev->bdaddr);
3340 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3345 hci_dev_unlock(hdev);
3348 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3349 struct sk_buff *skb)
3351 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3352 struct hci_conn *hcon, *bredr_hcon;
3354 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3359 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3361 hci_dev_unlock(hdev);
3367 hci_dev_unlock(hdev);
3371 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3373 hcon->state = BT_CONNECTED;
3374 bacpy(&hcon->dst, &bredr_hcon->dst);
3376 hci_conn_hold(hcon);
3377 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3380 hci_conn_hold_device(hcon);
3381 hci_conn_add_sysfs(hcon);
3383 amp_physical_cfm(bredr_hcon, hcon);
3385 hci_dev_unlock(hdev);
3388 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3390 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3391 struct hci_conn *hcon;
3392 struct hci_chan *hchan;
3393 struct amp_mgr *mgr;
3395 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3396 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3399 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3403 /* Create AMP hchan */
3404 hchan = hci_chan_create(hcon);
3408 hchan->handle = le16_to_cpu(ev->handle);
3410 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3412 mgr = hcon->amp_mgr;
3413 if (mgr && mgr->bredr_chan) {
3414 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3416 l2cap_chan_lock(bredr_chan);
3418 bredr_chan->conn->mtu = hdev->block_mtu;
3419 l2cap_logical_cfm(bredr_chan, hchan, 0);
3420 hci_conn_hold(hcon);
3422 l2cap_chan_unlock(bredr_chan);
3426 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3427 struct sk_buff *skb)
3429 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3430 struct hci_chan *hchan;
3432 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3433 le16_to_cpu(ev->handle), ev->status);
3440 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3444 amp_destroy_logical_link(hchan, ev->reason);
3447 hci_dev_unlock(hdev);
3450 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3451 struct sk_buff *skb)
3453 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3454 struct hci_conn *hcon;
3456 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3463 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3465 hcon->state = BT_CLOSED;
3469 hci_dev_unlock(hdev);
3472 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3474 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3475 struct hci_conn *conn;
3477 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3481 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3483 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3485 BT_ERR("No memory for new connection");
3489 conn->dst_type = ev->bdaddr_type;
3491 if (ev->role == LE_CONN_ROLE_MASTER) {
3493 conn->link_mode |= HCI_LM_MASTER;
3498 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3499 conn->dst_type, ev->status);
3500 hci_proto_connect_cfm(conn, ev->status);
3501 conn->state = BT_CLOSED;
3506 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3507 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3508 conn->dst_type, 0, NULL, 0, NULL);
3510 conn->sec_level = BT_SECURITY_LOW;
3511 conn->handle = __le16_to_cpu(ev->handle);
3512 conn->state = BT_CONNECTED;
3514 hci_conn_hold_device(conn);
3515 hci_conn_add_sysfs(conn);
3517 hci_proto_connect_cfm(conn, ev->status);
3520 hci_dev_unlock(hdev);
3523 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3525 u8 num_reports = skb->data[0];
3526 void *ptr = &skb->data[1];
3529 while (num_reports--) {
3530 struct hci_ev_le_advertising_info *ev = ptr;
3532 rssi = ev->data[ev->length];
3533 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3534 NULL, rssi, 0, 1, ev->data, ev->length);
3536 ptr += sizeof(*ev) + ev->length + 1;
3540 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3542 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3543 struct hci_cp_le_ltk_reply cp;
3544 struct hci_cp_le_ltk_neg_reply neg;
3545 struct hci_conn *conn;
3546 struct smp_ltk *ltk;
3548 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3556 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3560 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3561 cp.handle = cpu_to_le16(conn->handle);
3563 if (ltk->authenticated)
3564 conn->sec_level = BT_SECURITY_HIGH;
3566 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3568 if (ltk->type & HCI_SMP_STK) {
3569 list_del(<k->list);
3573 hci_dev_unlock(hdev);
3578 neg.handle = ev->handle;
3579 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3580 hci_dev_unlock(hdev);
3583 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3585 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3587 skb_pull(skb, sizeof(*le_ev));
3589 switch (le_ev->subevent) {
3590 case HCI_EV_LE_CONN_COMPLETE:
3591 hci_le_conn_complete_evt(hdev, skb);
3594 case HCI_EV_LE_ADVERTISING_REPORT:
3595 hci_le_adv_report_evt(hdev, skb);
3598 case HCI_EV_LE_LTK_REQ:
3599 hci_le_ltk_request_evt(hdev, skb);
3607 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3609 struct hci_ev_channel_selected *ev = (void *) skb->data;
3610 struct hci_conn *hcon;
3612 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3614 skb_pull(skb, sizeof(*ev));
3616 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3620 amp_read_loc_assoc_final_data(hdev, hcon);
3623 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3625 struct hci_event_hdr *hdr = (void *) skb->data;
3626 __u8 event = hdr->evt;
3628 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3631 case HCI_EV_INQUIRY_COMPLETE:
3632 hci_inquiry_complete_evt(hdev, skb);
3635 case HCI_EV_INQUIRY_RESULT:
3636 hci_inquiry_result_evt(hdev, skb);
3639 case HCI_EV_CONN_COMPLETE:
3640 hci_conn_complete_evt(hdev, skb);
3643 case HCI_EV_CONN_REQUEST:
3644 hci_conn_request_evt(hdev, skb);
3647 case HCI_EV_DISCONN_COMPLETE:
3648 hci_disconn_complete_evt(hdev, skb);
3651 case HCI_EV_AUTH_COMPLETE:
3652 hci_auth_complete_evt(hdev, skb);
3655 case HCI_EV_REMOTE_NAME:
3656 hci_remote_name_evt(hdev, skb);
3659 case HCI_EV_ENCRYPT_CHANGE:
3660 hci_encrypt_change_evt(hdev, skb);
3663 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3664 hci_change_link_key_complete_evt(hdev, skb);
3667 case HCI_EV_REMOTE_FEATURES:
3668 hci_remote_features_evt(hdev, skb);
3671 case HCI_EV_CMD_COMPLETE:
3672 hci_cmd_complete_evt(hdev, skb);
3675 case HCI_EV_CMD_STATUS:
3676 hci_cmd_status_evt(hdev, skb);
3679 case HCI_EV_ROLE_CHANGE:
3680 hci_role_change_evt(hdev, skb);
3683 case HCI_EV_NUM_COMP_PKTS:
3684 hci_num_comp_pkts_evt(hdev, skb);
3687 case HCI_EV_MODE_CHANGE:
3688 hci_mode_change_evt(hdev, skb);
3691 case HCI_EV_PIN_CODE_REQ:
3692 hci_pin_code_request_evt(hdev, skb);
3695 case HCI_EV_LINK_KEY_REQ:
3696 hci_link_key_request_evt(hdev, skb);
3699 case HCI_EV_LINK_KEY_NOTIFY:
3700 hci_link_key_notify_evt(hdev, skb);
3703 case HCI_EV_CLOCK_OFFSET:
3704 hci_clock_offset_evt(hdev, skb);
3707 case HCI_EV_PKT_TYPE_CHANGE:
3708 hci_pkt_type_change_evt(hdev, skb);
3711 case HCI_EV_PSCAN_REP_MODE:
3712 hci_pscan_rep_mode_evt(hdev, skb);
3715 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3716 hci_inquiry_result_with_rssi_evt(hdev, skb);
3719 case HCI_EV_REMOTE_EXT_FEATURES:
3720 hci_remote_ext_features_evt(hdev, skb);
3723 case HCI_EV_SYNC_CONN_COMPLETE:
3724 hci_sync_conn_complete_evt(hdev, skb);
3727 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3728 hci_extended_inquiry_result_evt(hdev, skb);
3731 case HCI_EV_KEY_REFRESH_COMPLETE:
3732 hci_key_refresh_complete_evt(hdev, skb);
3735 case HCI_EV_IO_CAPA_REQUEST:
3736 hci_io_capa_request_evt(hdev, skb);
3739 case HCI_EV_IO_CAPA_REPLY:
3740 hci_io_capa_reply_evt(hdev, skb);
3743 case HCI_EV_USER_CONFIRM_REQUEST:
3744 hci_user_confirm_request_evt(hdev, skb);
3747 case HCI_EV_USER_PASSKEY_REQUEST:
3748 hci_user_passkey_request_evt(hdev, skb);
3751 case HCI_EV_USER_PASSKEY_NOTIFY:
3752 hci_user_passkey_notify_evt(hdev, skb);
3755 case HCI_EV_KEYPRESS_NOTIFY:
3756 hci_keypress_notify_evt(hdev, skb);
3759 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3760 hci_simple_pair_complete_evt(hdev, skb);
3763 case HCI_EV_REMOTE_HOST_FEATURES:
3764 hci_remote_host_features_evt(hdev, skb);
3767 case HCI_EV_LE_META:
3768 hci_le_meta_evt(hdev, skb);
3771 case HCI_EV_CHANNEL_SELECTED:
3772 hci_chan_selected_evt(hdev, skb);
3775 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3776 hci_remote_oob_data_request_evt(hdev, skb);
3779 case HCI_EV_PHY_LINK_COMPLETE:
3780 hci_phy_link_complete_evt(hdev, skb);
3783 case HCI_EV_LOGICAL_LINK_COMPLETE:
3784 hci_loglink_complete_evt(hdev, skb);
3787 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3788 hci_disconn_loglink_complete_evt(hdev, skb);
3791 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3792 hci_disconn_phylink_complete_evt(hdev, skb);
3795 case HCI_EV_NUM_COMP_BLOCKS:
3796 hci_num_comp_blocks_evt(hdev, skb);
3800 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3805 hdev->stat.evt_rx++;