2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/export.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/a2mp.h>
34 #include <net/bluetooth/amp.h>
36 /* Handle HCI Event packets */
38 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
40 __u8 status = *((__u8 *) skb->data);
42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 mgmt_stop_discovery_failed(hdev, status);
51 clear_bit(HCI_INQUIRY, &hdev->flags);
54 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
57 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
59 hci_conn_check_pending(hdev);
62 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
64 __u8 status = *((__u8 *) skb->data);
66 BT_DBG("%s status 0x%2.2x", hdev->name, status);
71 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
74 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
76 __u8 status = *((__u8 *) skb->data);
78 BT_DBG("%s status 0x%2.2x", hdev->name, status);
83 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
91 BT_DBG("%s", hdev->name);
94 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
96 struct hci_rp_role_discovery *rp = (void *) skb->data;
97 struct hci_conn *conn;
99 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
109 conn->link_mode &= ~HCI_LM_MASTER;
111 conn->link_mode |= HCI_LM_MASTER;
114 hci_dev_unlock(hdev);
117 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
119 struct hci_rp_read_link_policy *rp = (void *) skb->data;
120 struct hci_conn *conn;
122 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 conn->link_policy = __le16_to_cpu(rp->policy);
133 hci_dev_unlock(hdev);
136 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
138 struct hci_rp_write_link_policy *rp = (void *) skb->data;
139 struct hci_conn *conn;
142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
147 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
155 conn->link_policy = get_unaligned_le16(sent + 2);
157 hci_dev_unlock(hdev);
160 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
163 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
165 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
170 hdev->link_policy = __le16_to_cpu(rp->policy);
173 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
176 __u8 status = *((__u8 *) skb->data);
179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
181 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
186 hdev->link_policy = get_unaligned_le16(sent);
188 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
191 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
193 __u8 status = *((__u8 *) skb->data);
195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
197 clear_bit(HCI_RESET, &hdev->flags);
199 hci_req_complete(hdev, HCI_OP_RESET, status);
201 /* Reset all non-persistent flags */
202 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
203 BIT(HCI_PERIODIC_INQ));
205 hdev->discovery.state = DISCOVERY_STOPPED;
208 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
210 __u8 status = *((__u8 *) skb->data);
213 BT_DBG("%s status 0x%2.2x", hdev->name, status);
215 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
222 mgmt_set_local_name_complete(hdev, sent, status);
224 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
226 hci_dev_unlock(hdev);
228 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
231 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233 struct hci_rp_read_local_name *rp = (void *) skb->data;
235 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
240 if (test_bit(HCI_SETUP, &hdev->dev_flags))
241 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
244 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246 __u8 status = *((__u8 *) skb->data);
249 BT_DBG("%s status 0x%2.2x", hdev->name, status);
251 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
256 __u8 param = *((__u8 *) sent);
258 if (param == AUTH_ENABLED)
259 set_bit(HCI_AUTH, &hdev->flags);
261 clear_bit(HCI_AUTH, &hdev->flags);
264 if (test_bit(HCI_MGMT, &hdev->dev_flags))
265 mgmt_auth_enable_complete(hdev, status);
267 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
290 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
293 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
295 __u8 param, status = *((__u8 *) skb->data);
296 int old_pscan, old_iscan;
299 BT_DBG("%s status 0x%2.2x", hdev->name, status);
301 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
305 param = *((__u8 *) sent);
310 mgmt_write_scan_failed(hdev, param, status);
311 hdev->discov_timeout = 0;
315 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
316 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
318 if (param & SCAN_INQUIRY) {
319 set_bit(HCI_ISCAN, &hdev->flags);
321 mgmt_discoverable(hdev, 1);
322 if (hdev->discov_timeout > 0) {
323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
327 } else if (old_iscan)
328 mgmt_discoverable(hdev, 0);
330 if (param & SCAN_PAGE) {
331 set_bit(HCI_PSCAN, &hdev->flags);
333 mgmt_connectable(hdev, 1);
334 } else if (old_pscan)
335 mgmt_connectable(hdev, 0);
338 hci_dev_unlock(hdev);
339 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
342 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
344 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
351 memcpy(hdev->dev_class, rp->dev_class, 3);
353 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
354 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
357 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
359 __u8 status = *((__u8 *) skb->data);
362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
364 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
371 memcpy(hdev->dev_class, sent, 3);
373 if (test_bit(HCI_MGMT, &hdev->dev_flags))
374 mgmt_set_class_of_dev_complete(hdev, sent, status);
376 hci_dev_unlock(hdev);
379 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
381 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
384 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
389 setting = __le16_to_cpu(rp->voice_setting);
391 if (hdev->voice_setting == setting)
394 hdev->voice_setting = setting;
396 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
399 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
402 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
405 __u8 status = *((__u8 *) skb->data);
409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
414 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
418 setting = get_unaligned_le16(sent);
420 if (hdev->voice_setting == setting)
423 hdev->voice_setting = setting;
425 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
428 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
431 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
433 __u8 status = *((__u8 *) skb->data);
435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
437 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
440 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
442 __u8 status = *((__u8 *) skb->data);
445 BT_DBG("%s status 0x%2.2x", hdev->name, status);
447 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
452 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
455 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
457 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
461 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
463 if (hdev->features[6] & LMP_EXT_INQ)
466 if (hdev->features[3] & LMP_RSSI_INQ)
469 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
470 hdev->lmp_subver == 0x0757)
473 if (hdev->manufacturer == 15) {
474 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
478 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
482 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
483 hdev->lmp_subver == 0x1805)
489 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
493 mode = hci_get_inquiry_mode(hdev);
495 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
498 static void hci_setup_event_mask(struct hci_dev *hdev)
500 /* The second byte is 0xff instead of 0x9f (two reserved bits
501 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
502 * command otherwise */
503 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
505 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
506 * any event mask for pre 1.2 devices */
507 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
510 if (lmp_bredr_capable(hdev)) {
511 events[4] |= 0x01; /* Flow Specification Complete */
512 events[4] |= 0x02; /* Inquiry Result with RSSI */
513 events[4] |= 0x04; /* Read Remote Extended Features Complete */
514 events[5] |= 0x08; /* Synchronous Connection Complete */
515 events[5] |= 0x10; /* Synchronous Connection Changed */
518 if (hdev->features[3] & LMP_RSSI_INQ)
519 events[4] |= 0x02; /* Inquiry Result with RSSI */
521 if (lmp_sniffsubr_capable(hdev))
522 events[5] |= 0x20; /* Sniff Subrating */
524 if (hdev->features[5] & LMP_PAUSE_ENC)
525 events[5] |= 0x80; /* Encryption Key Refresh Complete */
527 if (hdev->features[6] & LMP_EXT_INQ)
528 events[5] |= 0x40; /* Extended Inquiry Result */
530 if (lmp_no_flush_capable(hdev))
531 events[7] |= 0x01; /* Enhanced Flush Complete */
533 if (hdev->features[7] & LMP_LSTO)
534 events[6] |= 0x80; /* Link Supervision Timeout Changed */
536 if (lmp_ssp_capable(hdev)) {
537 events[6] |= 0x01; /* IO Capability Request */
538 events[6] |= 0x02; /* IO Capability Response */
539 events[6] |= 0x04; /* User Confirmation Request */
540 events[6] |= 0x08; /* User Passkey Request */
541 events[6] |= 0x10; /* Remote OOB Data Request */
542 events[6] |= 0x20; /* Simple Pairing Complete */
543 events[7] |= 0x04; /* User Passkey Notification */
544 events[7] |= 0x08; /* Keypress Notification */
545 events[7] |= 0x10; /* Remote Host Supported
546 * Features Notification */
549 if (lmp_le_capable(hdev))
550 events[7] |= 0x20; /* LE Meta-Event */
552 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
555 static void bredr_init(struct hci_dev *hdev)
557 struct hci_cp_delete_stored_link_key cp;
561 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
562 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
564 /* Read Class of Device */
565 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
567 /* Read Local Name */
568 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
570 /* Read Voice Setting */
571 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
573 /* Clear Event Filters */
574 flt_type = HCI_FLT_CLEAR_ALL;
575 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
577 /* Connection accept timeout ~20 secs */
578 param = __constant_cpu_to_le16(0x7d00);
579 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
581 bacpy(&cp.bdaddr, BDADDR_ANY);
583 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
586 static void le_init(struct hci_dev *hdev)
588 /* Read LE Buffer Size */
589 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
592 static void hci_setup(struct hci_dev *hdev)
594 if (hdev->dev_type != HCI_BREDR)
597 /* Read BD Address */
598 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
600 if (lmp_bredr_capable(hdev))
603 if (lmp_le_capable(hdev))
606 hci_setup_event_mask(hdev);
608 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
609 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
611 if (lmp_ssp_capable(hdev)) {
612 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
614 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
615 sizeof(mode), &mode);
617 struct hci_cp_write_eir cp;
619 memset(hdev->eir, 0, sizeof(hdev->eir));
620 memset(&cp, 0, sizeof(cp));
622 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
626 if (hdev->features[3] & LMP_RSSI_INQ)
627 hci_setup_inquiry_mode(hdev);
629 if (hdev->features[7] & LMP_INQ_TX_PWR)
630 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
632 if (hdev->features[7] & LMP_EXTFEATURES) {
633 struct hci_cp_read_local_ext_features cp;
636 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
640 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
642 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
647 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
649 struct hci_rp_read_local_version *rp = (void *) skb->data;
651 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
656 hdev->hci_ver = rp->hci_ver;
657 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
658 hdev->lmp_ver = rp->lmp_ver;
659 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
660 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
662 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
663 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
665 if (test_bit(HCI_INIT, &hdev->flags))
669 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
672 static void hci_setup_link_policy(struct hci_dev *hdev)
674 struct hci_cp_write_def_link_policy cp;
677 if (lmp_rswitch_capable(hdev))
678 link_policy |= HCI_LP_RSWITCH;
679 if (hdev->features[0] & LMP_HOLD)
680 link_policy |= HCI_LP_HOLD;
681 if (lmp_sniff_capable(hdev))
682 link_policy |= HCI_LP_SNIFF;
683 if (hdev->features[1] & LMP_PARK)
684 link_policy |= HCI_LP_PARK;
686 cp.policy = cpu_to_le16(link_policy);
687 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
690 static void hci_cc_read_local_commands(struct hci_dev *hdev,
693 struct hci_rp_read_local_commands *rp = (void *) skb->data;
695 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
700 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
702 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
703 hci_setup_link_policy(hdev);
706 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
709 static void hci_cc_read_local_features(struct hci_dev *hdev,
712 struct hci_rp_read_local_features *rp = (void *) skb->data;
714 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
719 memcpy(hdev->features, rp->features, 8);
721 /* Adjust default settings according to features
722 * supported by device. */
724 if (hdev->features[0] & LMP_3SLOT)
725 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
727 if (hdev->features[0] & LMP_5SLOT)
728 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
730 if (hdev->features[1] & LMP_HV2) {
731 hdev->pkt_type |= (HCI_HV2);
732 hdev->esco_type |= (ESCO_HV2);
735 if (hdev->features[1] & LMP_HV3) {
736 hdev->pkt_type |= (HCI_HV3);
737 hdev->esco_type |= (ESCO_HV3);
740 if (lmp_esco_capable(hdev))
741 hdev->esco_type |= (ESCO_EV3);
743 if (hdev->features[4] & LMP_EV4)
744 hdev->esco_type |= (ESCO_EV4);
746 if (hdev->features[4] & LMP_EV5)
747 hdev->esco_type |= (ESCO_EV5);
749 if (hdev->features[5] & LMP_EDR_ESCO_2M)
750 hdev->esco_type |= (ESCO_2EV3);
752 if (hdev->features[5] & LMP_EDR_ESCO_3M)
753 hdev->esco_type |= (ESCO_3EV3);
755 if (hdev->features[5] & LMP_EDR_3S_ESCO)
756 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
758 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
759 hdev->features[0], hdev->features[1],
760 hdev->features[2], hdev->features[3],
761 hdev->features[4], hdev->features[5],
762 hdev->features[6], hdev->features[7]);
765 static void hci_set_le_support(struct hci_dev *hdev)
767 struct hci_cp_write_le_host_supported cp;
769 memset(&cp, 0, sizeof(cp));
771 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
773 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
776 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
777 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
781 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
784 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
793 memcpy(hdev->features, rp->features, 8);
796 memcpy(hdev->host_features, rp->features, 8);
800 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
801 hci_set_le_support(hdev);
804 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
807 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
810 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
812 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
817 hdev->flow_ctl_mode = rp->mode;
819 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
822 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
824 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
831 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
832 hdev->sco_mtu = rp->sco_mtu;
833 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
834 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
836 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
841 hdev->acl_cnt = hdev->acl_pkts;
842 hdev->sco_cnt = hdev->sco_pkts;
844 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
845 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
848 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
850 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
852 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
855 bacpy(&hdev->bdaddr, &rp->bdaddr);
857 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
860 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
863 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
865 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
870 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
871 hdev->block_len = __le16_to_cpu(rp->block_len);
872 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
874 hdev->block_cnt = hdev->num_blocks;
876 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
877 hdev->block_cnt, hdev->block_len);
879 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
882 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
884 __u8 status = *((__u8 *) skb->data);
886 BT_DBG("%s status 0x%2.2x", hdev->name, status);
888 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
891 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
894 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
896 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 hdev->amp_status = rp->amp_status;
902 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
903 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
904 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
905 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
906 hdev->amp_type = rp->amp_type;
907 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
908 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
909 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
910 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
912 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
915 a2mp_send_getinfo_rsp(hdev);
918 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
921 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
922 struct amp_assoc *assoc = &hdev->loc_assoc;
923 size_t rem_len, frag_len;
925 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
930 frag_len = skb->len - sizeof(*rp);
931 rem_len = __le16_to_cpu(rp->rem_len);
933 if (rem_len > frag_len) {
934 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
936 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
937 assoc->offset += frag_len;
939 /* Read other fragments */
940 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
945 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
946 assoc->len = assoc->offset + rem_len;
950 /* Send A2MP Rsp when all fragments are received */
951 a2mp_send_getampassoc_rsp(hdev, rp->status);
952 a2mp_send_create_phy_link_req(hdev, rp->status);
955 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
958 __u8 status = *((__u8 *) skb->data);
960 BT_DBG("%s status 0x%2.2x", hdev->name, status);
962 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
965 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
967 __u8 status = *((__u8 *) skb->data);
969 BT_DBG("%s status 0x%2.2x", hdev->name, status);
971 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
974 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
977 __u8 status = *((__u8 *) skb->data);
979 BT_DBG("%s status 0x%2.2x", hdev->name, status);
981 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
984 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
987 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
989 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
992 hdev->inq_tx_power = rp->tx_power;
994 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
997 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
999 __u8 status = *((__u8 *) skb->data);
1001 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1003 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1006 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1008 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1009 struct hci_cp_pin_code_reply *cp;
1010 struct hci_conn *conn;
1012 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1016 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1017 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
1022 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1026 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1028 conn->pin_length = cp->pin_len;
1031 hci_dev_unlock(hdev);
1034 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1036 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1038 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1042 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1043 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1046 hci_dev_unlock(hdev);
1049 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1050 struct sk_buff *skb)
1052 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1054 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1059 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1060 hdev->le_pkts = rp->le_max_pkt;
1062 hdev->le_cnt = hdev->le_pkts;
1064 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1066 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1069 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1071 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1073 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1077 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1078 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1081 hci_dev_unlock(hdev);
1084 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1085 struct sk_buff *skb)
1087 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1089 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1093 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1094 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1095 ACL_LINK, 0, rp->status);
1097 hci_dev_unlock(hdev);
1100 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1102 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1104 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1108 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1109 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1112 hci_dev_unlock(hdev);
1115 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1116 struct sk_buff *skb)
1118 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1120 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1124 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1125 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1126 ACL_LINK, 0, rp->status);
1128 hci_dev_unlock(hdev);
1131 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1132 struct sk_buff *skb)
1134 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1136 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1139 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1140 rp->randomizer, rp->status);
1141 hci_dev_unlock(hdev);
1144 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1146 __u8 status = *((__u8 *) skb->data);
1148 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1150 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1154 mgmt_start_discovery_failed(hdev, status);
1155 hci_dev_unlock(hdev);
1160 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1161 struct sk_buff *skb)
1163 struct hci_cp_le_set_scan_enable *cp;
1164 __u8 status = *((__u8 *) skb->data);
1166 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1168 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1172 switch (cp->enable) {
1173 case LE_SCANNING_ENABLED:
1174 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1178 mgmt_start_discovery_failed(hdev, status);
1179 hci_dev_unlock(hdev);
1183 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1186 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1187 hci_dev_unlock(hdev);
1190 case LE_SCANNING_DISABLED:
1193 mgmt_stop_discovery_failed(hdev, status);
1194 hci_dev_unlock(hdev);
1198 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1200 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1201 hdev->discovery.state == DISCOVERY_FINDING) {
1202 mgmt_interleaved_discovery(hdev);
1205 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1206 hci_dev_unlock(hdev);
1212 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1217 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1219 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1221 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1226 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1229 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1231 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1233 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1238 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1241 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1242 struct sk_buff *skb)
1244 struct hci_cp_write_le_host_supported *sent;
1245 __u8 status = *((__u8 *) skb->data);
1247 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1249 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1255 hdev->host_features[0] |= LMP_HOST_LE;
1257 hdev->host_features[0] &= ~LMP_HOST_LE;
1260 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1261 !test_bit(HCI_INIT, &hdev->flags))
1262 mgmt_le_enable_complete(hdev, sent->le, status);
1264 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1267 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1268 struct sk_buff *skb)
1270 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1272 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1273 hdev->name, rp->status, rp->phy_handle);
1278 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1281 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1283 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1286 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1287 hci_conn_check_pending(hdev);
1289 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1290 mgmt_start_discovery_failed(hdev, status);
1291 hci_dev_unlock(hdev);
1295 set_bit(HCI_INQUIRY, &hdev->flags);
1298 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1299 hci_dev_unlock(hdev);
1302 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1304 struct hci_cp_create_conn *cp;
1305 struct hci_conn *conn;
1307 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1309 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1315 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1317 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1320 if (conn && conn->state == BT_CONNECT) {
1321 if (status != 0x0c || conn->attempt > 2) {
1322 conn->state = BT_CLOSED;
1323 hci_proto_connect_cfm(conn, status);
1326 conn->state = BT_CONNECT2;
1330 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1333 conn->link_mode |= HCI_LM_MASTER;
1335 BT_ERR("No memory for new connection");
1339 hci_dev_unlock(hdev);
1342 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1344 struct hci_cp_add_sco *cp;
1345 struct hci_conn *acl, *sco;
1348 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1353 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1357 handle = __le16_to_cpu(cp->handle);
1359 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1363 acl = hci_conn_hash_lookup_handle(hdev, handle);
1367 sco->state = BT_CLOSED;
1369 hci_proto_connect_cfm(sco, status);
1374 hci_dev_unlock(hdev);
1377 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1379 struct hci_cp_auth_requested *cp;
1380 struct hci_conn *conn;
1382 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1387 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1393 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1395 if (conn->state == BT_CONFIG) {
1396 hci_proto_connect_cfm(conn, status);
1401 hci_dev_unlock(hdev);
1404 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1406 struct hci_cp_set_conn_encrypt *cp;
1407 struct hci_conn *conn;
1409 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1414 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1420 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1422 if (conn->state == BT_CONFIG) {
1423 hci_proto_connect_cfm(conn, status);
1428 hci_dev_unlock(hdev);
1431 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1432 struct hci_conn *conn)
1434 if (conn->state != BT_CONFIG || !conn->out)
1437 if (conn->pending_sec_level == BT_SECURITY_SDP)
1440 /* Only request authentication for SSP connections or non-SSP
1441 * devices with sec_level HIGH or if MITM protection is requested */
1442 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1443 conn->pending_sec_level != BT_SECURITY_HIGH)
1449 static int hci_resolve_name(struct hci_dev *hdev,
1450 struct inquiry_entry *e)
1452 struct hci_cp_remote_name_req cp;
1454 memset(&cp, 0, sizeof(cp));
1456 bacpy(&cp.bdaddr, &e->data.bdaddr);
1457 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1458 cp.pscan_mode = e->data.pscan_mode;
1459 cp.clock_offset = e->data.clock_offset;
1461 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1464 static bool hci_resolve_next_name(struct hci_dev *hdev)
1466 struct discovery_state *discov = &hdev->discovery;
1467 struct inquiry_entry *e;
1469 if (list_empty(&discov->resolve))
1472 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1476 if (hci_resolve_name(hdev, e) == 0) {
1477 e->name_state = NAME_PENDING;
1484 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1485 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1487 struct discovery_state *discov = &hdev->discovery;
1488 struct inquiry_entry *e;
1490 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1491 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1492 name_len, conn->dev_class);
1494 if (discov->state == DISCOVERY_STOPPED)
1497 if (discov->state == DISCOVERY_STOPPING)
1498 goto discov_complete;
1500 if (discov->state != DISCOVERY_RESOLVING)
1503 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1504 /* If the device was not found in a list of found devices names of which
1505 * are pending. there is no need to continue resolving a next name as it
1506 * will be done upon receiving another Remote Name Request Complete
1513 e->name_state = NAME_KNOWN;
1514 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1515 e->data.rssi, name, name_len);
1517 e->name_state = NAME_NOT_KNOWN;
1520 if (hci_resolve_next_name(hdev))
1524 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1527 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1529 struct hci_cp_remote_name_req *cp;
1530 struct hci_conn *conn;
1532 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1534 /* If successful wait for the name req complete event before
1535 * checking for the need to do authentication */
1539 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1545 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1547 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1548 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1553 if (!hci_outgoing_auth_needed(hdev, conn))
1556 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1557 struct hci_cp_auth_requested cp;
1558 cp.handle = __cpu_to_le16(conn->handle);
1559 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1563 hci_dev_unlock(hdev);
1566 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1568 struct hci_cp_read_remote_features *cp;
1569 struct hci_conn *conn;
1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1584 if (conn->state == BT_CONFIG) {
1585 hci_proto_connect_cfm(conn, status);
1590 hci_dev_unlock(hdev);
1593 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1595 struct hci_cp_read_remote_ext_features *cp;
1596 struct hci_conn *conn;
1598 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1603 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1611 if (conn->state == BT_CONFIG) {
1612 hci_proto_connect_cfm(conn, status);
1617 hci_dev_unlock(hdev);
1620 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1622 struct hci_cp_setup_sync_conn *cp;
1623 struct hci_conn *acl, *sco;
1626 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1631 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1635 handle = __le16_to_cpu(cp->handle);
1637 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1641 acl = hci_conn_hash_lookup_handle(hdev, handle);
1645 sco->state = BT_CLOSED;
1647 hci_proto_connect_cfm(sco, status);
1652 hci_dev_unlock(hdev);
1655 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1657 struct hci_cp_sniff_mode *cp;
1658 struct hci_conn *conn;
1660 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1665 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1671 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1673 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1675 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1676 hci_sco_setup(conn, status);
1679 hci_dev_unlock(hdev);
1682 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1684 struct hci_cp_exit_sniff_mode *cp;
1685 struct hci_conn *conn;
1687 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1692 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1698 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1700 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1702 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1703 hci_sco_setup(conn, status);
1706 hci_dev_unlock(hdev);
1709 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1711 struct hci_cp_disconnect *cp;
1712 struct hci_conn *conn;
1717 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1723 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1725 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1726 conn->dst_type, status);
1728 hci_dev_unlock(hdev);
1731 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1733 struct hci_conn *conn;
1735 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1740 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1742 hci_dev_unlock(hdev);
1746 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1748 conn->state = BT_CLOSED;
1749 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1750 conn->dst_type, status);
1751 hci_proto_connect_cfm(conn, status);
1754 hci_dev_unlock(hdev);
1758 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1760 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1763 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1765 struct hci_cp_create_phy_link *cp;
1767 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1772 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1776 amp_write_remote_assoc(hdev, cp->phy_handle);
1779 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1781 struct hci_cp_accept_phy_link *cp;
1783 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1788 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1792 amp_write_remote_assoc(hdev, cp->phy_handle);
1795 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1797 __u8 status = *((__u8 *) skb->data);
1798 struct discovery_state *discov = &hdev->discovery;
1799 struct inquiry_entry *e;
1801 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1803 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1805 hci_conn_check_pending(hdev);
1807 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1810 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1815 if (discov->state != DISCOVERY_FINDING)
1818 if (list_empty(&discov->resolve)) {
1819 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1823 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1824 if (e && hci_resolve_name(hdev, e) == 0) {
1825 e->name_state = NAME_PENDING;
1826 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1828 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1832 hci_dev_unlock(hdev);
1835 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1837 struct inquiry_data data;
1838 struct inquiry_info *info = (void *) (skb->data + 1);
1839 int num_rsp = *((__u8 *) skb->data);
1841 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1846 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1851 for (; num_rsp; num_rsp--, info++) {
1852 bool name_known, ssp;
1854 bacpy(&data.bdaddr, &info->bdaddr);
1855 data.pscan_rep_mode = info->pscan_rep_mode;
1856 data.pscan_period_mode = info->pscan_period_mode;
1857 data.pscan_mode = info->pscan_mode;
1858 memcpy(data.dev_class, info->dev_class, 3);
1859 data.clock_offset = info->clock_offset;
1861 data.ssp_mode = 0x00;
1863 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1864 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1865 info->dev_class, 0, !name_known, ssp, NULL,
1869 hci_dev_unlock(hdev);
1872 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1874 struct hci_ev_conn_complete *ev = (void *) skb->data;
1875 struct hci_conn *conn;
1877 BT_DBG("%s", hdev->name);
1881 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1883 if (ev->link_type != SCO_LINK)
1886 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1890 conn->type = SCO_LINK;
1894 conn->handle = __le16_to_cpu(ev->handle);
1896 if (conn->type == ACL_LINK) {
1897 conn->state = BT_CONFIG;
1898 hci_conn_hold(conn);
1900 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1901 !hci_find_link_key(hdev, &ev->bdaddr))
1902 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1904 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1906 conn->state = BT_CONNECTED;
1908 hci_conn_hold_device(conn);
1909 hci_conn_add_sysfs(conn);
1911 if (test_bit(HCI_AUTH, &hdev->flags))
1912 conn->link_mode |= HCI_LM_AUTH;
1914 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1915 conn->link_mode |= HCI_LM_ENCRYPT;
1917 /* Get remote features */
1918 if (conn->type == ACL_LINK) {
1919 struct hci_cp_read_remote_features cp;
1920 cp.handle = ev->handle;
1921 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1925 /* Set packet type for incoming connection */
1926 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1927 struct hci_cp_change_conn_ptype cp;
1928 cp.handle = ev->handle;
1929 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1930 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1934 conn->state = BT_CLOSED;
1935 if (conn->type == ACL_LINK)
1936 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1937 conn->dst_type, ev->status);
1940 if (conn->type == ACL_LINK)
1941 hci_sco_setup(conn, ev->status);
1944 hci_proto_connect_cfm(conn, ev->status);
1946 } else if (ev->link_type != ACL_LINK)
1947 hci_proto_connect_cfm(conn, ev->status);
1950 hci_dev_unlock(hdev);
1952 hci_conn_check_pending(hdev);
1955 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1957 struct hci_ev_conn_request *ev = (void *) skb->data;
1958 int mask = hdev->link_mode;
1960 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1963 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1965 if ((mask & HCI_LM_ACCEPT) &&
1966 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1967 /* Connection accepted */
1968 struct inquiry_entry *ie;
1969 struct hci_conn *conn;
1973 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1975 memcpy(ie->data.dev_class, ev->dev_class, 3);
1977 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1980 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1982 BT_ERR("No memory for new connection");
1983 hci_dev_unlock(hdev);
1988 memcpy(conn->dev_class, ev->dev_class, 3);
1989 conn->state = BT_CONNECT;
1991 hci_dev_unlock(hdev);
1993 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1994 struct hci_cp_accept_conn_req cp;
1996 bacpy(&cp.bdaddr, &ev->bdaddr);
1998 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1999 cp.role = 0x00; /* Become master */
2001 cp.role = 0x01; /* Remain slave */
2003 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2006 struct hci_cp_accept_sync_conn_req cp;
2008 bacpy(&cp.bdaddr, &ev->bdaddr);
2009 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2011 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2012 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2013 cp.max_latency = __constant_cpu_to_le16(0xffff);
2014 cp.content_format = cpu_to_le16(hdev->voice_setting);
2015 cp.retrans_effort = 0xff;
2017 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2021 /* Connection rejected */
2022 struct hci_cp_reject_conn_req cp;
2024 bacpy(&cp.bdaddr, &ev->bdaddr);
2025 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2026 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2030 static u8 hci_to_mgmt_reason(u8 err)
2033 case HCI_ERROR_CONNECTION_TIMEOUT:
2034 return MGMT_DEV_DISCONN_TIMEOUT;
2035 case HCI_ERROR_REMOTE_USER_TERM:
2036 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2037 case HCI_ERROR_REMOTE_POWER_OFF:
2038 return MGMT_DEV_DISCONN_REMOTE;
2039 case HCI_ERROR_LOCAL_HOST_TERM:
2040 return MGMT_DEV_DISCONN_LOCAL_HOST;
2042 return MGMT_DEV_DISCONN_UNKNOWN;
2046 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2048 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2049 struct hci_conn *conn;
2051 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2055 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2059 if (ev->status == 0)
2060 conn->state = BT_CLOSED;
2062 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2063 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2065 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2066 conn->dst_type, ev->status);
2068 u8 reason = hci_to_mgmt_reason(ev->reason);
2070 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2071 conn->dst_type, reason);
2075 if (ev->status == 0) {
2076 if (conn->type == ACL_LINK && conn->flush_key)
2077 hci_remove_link_key(hdev, &conn->dst);
2078 hci_proto_disconn_cfm(conn, ev->reason);
2083 hci_dev_unlock(hdev);
2086 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2088 struct hci_ev_auth_complete *ev = (void *) skb->data;
2089 struct hci_conn *conn;
2091 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2095 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2100 if (!hci_conn_ssp_enabled(conn) &&
2101 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2102 BT_INFO("re-auth of legacy device is not possible.");
2104 conn->link_mode |= HCI_LM_AUTH;
2105 conn->sec_level = conn->pending_sec_level;
2108 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2112 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2113 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2115 if (conn->state == BT_CONFIG) {
2116 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2117 struct hci_cp_set_conn_encrypt cp;
2118 cp.handle = ev->handle;
2120 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2123 conn->state = BT_CONNECTED;
2124 hci_proto_connect_cfm(conn, ev->status);
2128 hci_auth_cfm(conn, ev->status);
2130 hci_conn_hold(conn);
2131 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2135 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2137 struct hci_cp_set_conn_encrypt cp;
2138 cp.handle = ev->handle;
2140 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2143 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2144 hci_encrypt_cfm(conn, ev->status, 0x00);
2149 hci_dev_unlock(hdev);
2152 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2154 struct hci_ev_remote_name *ev = (void *) skb->data;
2155 struct hci_conn *conn;
2157 BT_DBG("%s", hdev->name);
2159 hci_conn_check_pending(hdev);
2163 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2165 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2168 if (ev->status == 0)
2169 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2170 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2172 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2178 if (!hci_outgoing_auth_needed(hdev, conn))
2181 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2182 struct hci_cp_auth_requested cp;
2183 cp.handle = __cpu_to_le16(conn->handle);
2184 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2188 hci_dev_unlock(hdev);
2191 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2193 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2194 struct hci_conn *conn;
2196 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2200 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2204 /* Encryption implies authentication */
2205 conn->link_mode |= HCI_LM_AUTH;
2206 conn->link_mode |= HCI_LM_ENCRYPT;
2207 conn->sec_level = conn->pending_sec_level;
2209 conn->link_mode &= ~HCI_LM_ENCRYPT;
2212 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2214 if (ev->status && conn->state == BT_CONNECTED) {
2215 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2220 if (conn->state == BT_CONFIG) {
2222 conn->state = BT_CONNECTED;
2224 hci_proto_connect_cfm(conn, ev->status);
2227 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2231 hci_dev_unlock(hdev);
2234 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2235 struct sk_buff *skb)
2237 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2238 struct hci_conn *conn;
2240 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2244 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2247 conn->link_mode |= HCI_LM_SECURE;
2249 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2251 hci_key_change_cfm(conn, ev->status);
2254 hci_dev_unlock(hdev);
2257 static void hci_remote_features_evt(struct hci_dev *hdev,
2258 struct sk_buff *skb)
2260 struct hci_ev_remote_features *ev = (void *) skb->data;
2261 struct hci_conn *conn;
2263 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2267 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2272 memcpy(conn->features, ev->features, 8);
2274 if (conn->state != BT_CONFIG)
2277 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2278 struct hci_cp_read_remote_ext_features cp;
2279 cp.handle = ev->handle;
2281 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2286 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2287 struct hci_cp_remote_name_req cp;
2288 memset(&cp, 0, sizeof(cp));
2289 bacpy(&cp.bdaddr, &conn->dst);
2290 cp.pscan_rep_mode = 0x02;
2291 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2292 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2293 mgmt_device_connected(hdev, &conn->dst, conn->type,
2294 conn->dst_type, 0, NULL, 0,
2297 if (!hci_outgoing_auth_needed(hdev, conn)) {
2298 conn->state = BT_CONNECTED;
2299 hci_proto_connect_cfm(conn, ev->status);
2304 hci_dev_unlock(hdev);
2307 static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2309 BT_DBG("%s", hdev->name);
2312 static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2313 struct sk_buff *skb)
2315 BT_DBG("%s", hdev->name);
2318 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2320 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2323 skb_pull(skb, sizeof(*ev));
2325 opcode = __le16_to_cpu(ev->opcode);
2328 case HCI_OP_INQUIRY_CANCEL:
2329 hci_cc_inquiry_cancel(hdev, skb);
2332 case HCI_OP_PERIODIC_INQ:
2333 hci_cc_periodic_inq(hdev, skb);
2336 case HCI_OP_EXIT_PERIODIC_INQ:
2337 hci_cc_exit_periodic_inq(hdev, skb);
2340 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2341 hci_cc_remote_name_req_cancel(hdev, skb);
2344 case HCI_OP_ROLE_DISCOVERY:
2345 hci_cc_role_discovery(hdev, skb);
2348 case HCI_OP_READ_LINK_POLICY:
2349 hci_cc_read_link_policy(hdev, skb);
2352 case HCI_OP_WRITE_LINK_POLICY:
2353 hci_cc_write_link_policy(hdev, skb);
2356 case HCI_OP_READ_DEF_LINK_POLICY:
2357 hci_cc_read_def_link_policy(hdev, skb);
2360 case HCI_OP_WRITE_DEF_LINK_POLICY:
2361 hci_cc_write_def_link_policy(hdev, skb);
2365 hci_cc_reset(hdev, skb);
2368 case HCI_OP_WRITE_LOCAL_NAME:
2369 hci_cc_write_local_name(hdev, skb);
2372 case HCI_OP_READ_LOCAL_NAME:
2373 hci_cc_read_local_name(hdev, skb);
2376 case HCI_OP_WRITE_AUTH_ENABLE:
2377 hci_cc_write_auth_enable(hdev, skb);
2380 case HCI_OP_WRITE_ENCRYPT_MODE:
2381 hci_cc_write_encrypt_mode(hdev, skb);
2384 case HCI_OP_WRITE_SCAN_ENABLE:
2385 hci_cc_write_scan_enable(hdev, skb);
2388 case HCI_OP_READ_CLASS_OF_DEV:
2389 hci_cc_read_class_of_dev(hdev, skb);
2392 case HCI_OP_WRITE_CLASS_OF_DEV:
2393 hci_cc_write_class_of_dev(hdev, skb);
2396 case HCI_OP_READ_VOICE_SETTING:
2397 hci_cc_read_voice_setting(hdev, skb);
2400 case HCI_OP_WRITE_VOICE_SETTING:
2401 hci_cc_write_voice_setting(hdev, skb);
2404 case HCI_OP_HOST_BUFFER_SIZE:
2405 hci_cc_host_buffer_size(hdev, skb);
2408 case HCI_OP_WRITE_SSP_MODE:
2409 hci_cc_write_ssp_mode(hdev, skb);
2412 case HCI_OP_READ_LOCAL_VERSION:
2413 hci_cc_read_local_version(hdev, skb);
2416 case HCI_OP_READ_LOCAL_COMMANDS:
2417 hci_cc_read_local_commands(hdev, skb);
2420 case HCI_OP_READ_LOCAL_FEATURES:
2421 hci_cc_read_local_features(hdev, skb);
2424 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2425 hci_cc_read_local_ext_features(hdev, skb);
2428 case HCI_OP_READ_BUFFER_SIZE:
2429 hci_cc_read_buffer_size(hdev, skb);
2432 case HCI_OP_READ_BD_ADDR:
2433 hci_cc_read_bd_addr(hdev, skb);
2436 case HCI_OP_READ_DATA_BLOCK_SIZE:
2437 hci_cc_read_data_block_size(hdev, skb);
2440 case HCI_OP_WRITE_CA_TIMEOUT:
2441 hci_cc_write_ca_timeout(hdev, skb);
2444 case HCI_OP_READ_FLOW_CONTROL_MODE:
2445 hci_cc_read_flow_control_mode(hdev, skb);
2448 case HCI_OP_READ_LOCAL_AMP_INFO:
2449 hci_cc_read_local_amp_info(hdev, skb);
2452 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2453 hci_cc_read_local_amp_assoc(hdev, skb);
2456 case HCI_OP_DELETE_STORED_LINK_KEY:
2457 hci_cc_delete_stored_link_key(hdev, skb);
2460 case HCI_OP_SET_EVENT_MASK:
2461 hci_cc_set_event_mask(hdev, skb);
2464 case HCI_OP_WRITE_INQUIRY_MODE:
2465 hci_cc_write_inquiry_mode(hdev, skb);
2468 case HCI_OP_READ_INQ_RSP_TX_POWER:
2469 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2472 case HCI_OP_SET_EVENT_FLT:
2473 hci_cc_set_event_flt(hdev, skb);
2476 case HCI_OP_PIN_CODE_REPLY:
2477 hci_cc_pin_code_reply(hdev, skb);
2480 case HCI_OP_PIN_CODE_NEG_REPLY:
2481 hci_cc_pin_code_neg_reply(hdev, skb);
2484 case HCI_OP_READ_LOCAL_OOB_DATA:
2485 hci_cc_read_local_oob_data_reply(hdev, skb);
2488 case HCI_OP_LE_READ_BUFFER_SIZE:
2489 hci_cc_le_read_buffer_size(hdev, skb);
2492 case HCI_OP_USER_CONFIRM_REPLY:
2493 hci_cc_user_confirm_reply(hdev, skb);
2496 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2497 hci_cc_user_confirm_neg_reply(hdev, skb);
2500 case HCI_OP_USER_PASSKEY_REPLY:
2501 hci_cc_user_passkey_reply(hdev, skb);
2504 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2505 hci_cc_user_passkey_neg_reply(hdev, skb);
2508 case HCI_OP_LE_SET_SCAN_PARAM:
2509 hci_cc_le_set_scan_param(hdev, skb);
2512 case HCI_OP_LE_SET_SCAN_ENABLE:
2513 hci_cc_le_set_scan_enable(hdev, skb);
2516 case HCI_OP_LE_LTK_REPLY:
2517 hci_cc_le_ltk_reply(hdev, skb);
2520 case HCI_OP_LE_LTK_NEG_REPLY:
2521 hci_cc_le_ltk_neg_reply(hdev, skb);
2524 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2525 hci_cc_write_le_host_supported(hdev, skb);
2528 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2529 hci_cc_write_remote_amp_assoc(hdev, skb);
2533 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2537 if (ev->opcode != HCI_OP_NOP)
2538 del_timer(&hdev->cmd_timer);
2541 atomic_set(&hdev->cmd_cnt, 1);
2542 if (!skb_queue_empty(&hdev->cmd_q))
2543 queue_work(hdev->workqueue, &hdev->cmd_work);
2547 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2549 struct hci_ev_cmd_status *ev = (void *) skb->data;
2552 skb_pull(skb, sizeof(*ev));
2554 opcode = __le16_to_cpu(ev->opcode);
2557 case HCI_OP_INQUIRY:
2558 hci_cs_inquiry(hdev, ev->status);
2561 case HCI_OP_CREATE_CONN:
2562 hci_cs_create_conn(hdev, ev->status);
2565 case HCI_OP_ADD_SCO:
2566 hci_cs_add_sco(hdev, ev->status);
2569 case HCI_OP_AUTH_REQUESTED:
2570 hci_cs_auth_requested(hdev, ev->status);
2573 case HCI_OP_SET_CONN_ENCRYPT:
2574 hci_cs_set_conn_encrypt(hdev, ev->status);
2577 case HCI_OP_REMOTE_NAME_REQ:
2578 hci_cs_remote_name_req(hdev, ev->status);
2581 case HCI_OP_READ_REMOTE_FEATURES:
2582 hci_cs_read_remote_features(hdev, ev->status);
2585 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2586 hci_cs_read_remote_ext_features(hdev, ev->status);
2589 case HCI_OP_SETUP_SYNC_CONN:
2590 hci_cs_setup_sync_conn(hdev, ev->status);
2593 case HCI_OP_SNIFF_MODE:
2594 hci_cs_sniff_mode(hdev, ev->status);
2597 case HCI_OP_EXIT_SNIFF_MODE:
2598 hci_cs_exit_sniff_mode(hdev, ev->status);
2601 case HCI_OP_DISCONNECT:
2602 hci_cs_disconnect(hdev, ev->status);
2605 case HCI_OP_LE_CREATE_CONN:
2606 hci_cs_le_create_conn(hdev, ev->status);
2609 case HCI_OP_LE_START_ENC:
2610 hci_cs_le_start_enc(hdev, ev->status);
2613 case HCI_OP_CREATE_PHY_LINK:
2614 hci_cs_create_phylink(hdev, ev->status);
2617 case HCI_OP_ACCEPT_PHY_LINK:
2618 hci_cs_accept_phylink(hdev, ev->status);
2622 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2626 if (ev->opcode != HCI_OP_NOP)
2627 del_timer(&hdev->cmd_timer);
2629 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2630 atomic_set(&hdev->cmd_cnt, 1);
2631 if (!skb_queue_empty(&hdev->cmd_q))
2632 queue_work(hdev->workqueue, &hdev->cmd_work);
2636 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2638 struct hci_ev_role_change *ev = (void *) skb->data;
2639 struct hci_conn *conn;
2641 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2645 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2649 conn->link_mode &= ~HCI_LM_MASTER;
2651 conn->link_mode |= HCI_LM_MASTER;
2654 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2656 hci_role_switch_cfm(conn, ev->status, ev->role);
2659 hci_dev_unlock(hdev);
2662 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2664 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2667 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2668 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2672 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2673 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2674 BT_DBG("%s bad parameters", hdev->name);
2678 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2680 for (i = 0; i < ev->num_hndl; i++) {
2681 struct hci_comp_pkts_info *info = &ev->handles[i];
2682 struct hci_conn *conn;
2683 __u16 handle, count;
2685 handle = __le16_to_cpu(info->handle);
2686 count = __le16_to_cpu(info->count);
2688 conn = hci_conn_hash_lookup_handle(hdev, handle);
2692 conn->sent -= count;
2694 switch (conn->type) {
2696 hdev->acl_cnt += count;
2697 if (hdev->acl_cnt > hdev->acl_pkts)
2698 hdev->acl_cnt = hdev->acl_pkts;
2702 if (hdev->le_pkts) {
2703 hdev->le_cnt += count;
2704 if (hdev->le_cnt > hdev->le_pkts)
2705 hdev->le_cnt = hdev->le_pkts;
2707 hdev->acl_cnt += count;
2708 if (hdev->acl_cnt > hdev->acl_pkts)
2709 hdev->acl_cnt = hdev->acl_pkts;
2714 hdev->sco_cnt += count;
2715 if (hdev->sco_cnt > hdev->sco_pkts)
2716 hdev->sco_cnt = hdev->sco_pkts;
2720 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2725 queue_work(hdev->workqueue, &hdev->tx_work);
2728 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2731 struct hci_chan *chan;
2733 switch (hdev->dev_type) {
2735 return hci_conn_hash_lookup_handle(hdev, handle);
2737 chan = hci_chan_lookup_handle(hdev, handle);
2742 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2749 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2751 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2754 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2755 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2759 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2760 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2761 BT_DBG("%s bad parameters", hdev->name);
2765 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2768 for (i = 0; i < ev->num_hndl; i++) {
2769 struct hci_comp_blocks_info *info = &ev->handles[i];
2770 struct hci_conn *conn = NULL;
2771 __u16 handle, block_count;
2773 handle = __le16_to_cpu(info->handle);
2774 block_count = __le16_to_cpu(info->blocks);
2776 conn = __hci_conn_lookup_handle(hdev, handle);
2780 conn->sent -= block_count;
2782 switch (conn->type) {
2785 hdev->block_cnt += block_count;
2786 if (hdev->block_cnt > hdev->num_blocks)
2787 hdev->block_cnt = hdev->num_blocks;
2791 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2796 queue_work(hdev->workqueue, &hdev->tx_work);
2799 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2801 struct hci_ev_mode_change *ev = (void *) skb->data;
2802 struct hci_conn *conn;
2804 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2808 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2810 conn->mode = ev->mode;
2811 conn->interval = __le16_to_cpu(ev->interval);
2813 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2815 if (conn->mode == HCI_CM_ACTIVE)
2816 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2818 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2821 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2822 hci_sco_setup(conn, ev->status);
2825 hci_dev_unlock(hdev);
2828 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2830 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2831 struct hci_conn *conn;
2833 BT_DBG("%s", hdev->name);
2837 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2841 if (conn->state == BT_CONNECTED) {
2842 hci_conn_hold(conn);
2843 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2847 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2848 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2849 sizeof(ev->bdaddr), &ev->bdaddr);
2850 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2853 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2858 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2862 hci_dev_unlock(hdev);
2865 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2867 struct hci_ev_link_key_req *ev = (void *) skb->data;
2868 struct hci_cp_link_key_reply cp;
2869 struct hci_conn *conn;
2870 struct link_key *key;
2872 BT_DBG("%s", hdev->name);
2874 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2879 key = hci_find_link_key(hdev, &ev->bdaddr);
2881 BT_DBG("%s link key not found for %pMR", hdev->name,
2886 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2889 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2890 key->type == HCI_LK_DEBUG_COMBINATION) {
2891 BT_DBG("%s ignoring debug key", hdev->name);
2895 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2897 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2898 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2899 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2903 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2904 conn->pending_sec_level == BT_SECURITY_HIGH) {
2905 BT_DBG("%s ignoring key unauthenticated for high security",
2910 conn->key_type = key->type;
2911 conn->pin_length = key->pin_len;
2914 bacpy(&cp.bdaddr, &ev->bdaddr);
2915 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2917 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2919 hci_dev_unlock(hdev);
2924 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2925 hci_dev_unlock(hdev);
2928 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2930 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2931 struct hci_conn *conn;
2934 BT_DBG("%s", hdev->name);
2938 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2940 hci_conn_hold(conn);
2941 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2942 pin_len = conn->pin_length;
2944 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2945 conn->key_type = ev->key_type;
2950 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2951 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2952 ev->key_type, pin_len);
2954 hci_dev_unlock(hdev);
2957 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2959 struct hci_ev_clock_offset *ev = (void *) skb->data;
2960 struct hci_conn *conn;
2962 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2966 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2967 if (conn && !ev->status) {
2968 struct inquiry_entry *ie;
2970 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2972 ie->data.clock_offset = ev->clock_offset;
2973 ie->timestamp = jiffies;
2977 hci_dev_unlock(hdev);
2980 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2982 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2983 struct hci_conn *conn;
2985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2990 if (conn && !ev->status)
2991 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2993 hci_dev_unlock(hdev);
2996 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2998 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2999 struct inquiry_entry *ie;
3001 BT_DBG("%s", hdev->name);
3005 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3007 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3008 ie->timestamp = jiffies;
3011 hci_dev_unlock(hdev);
3014 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3015 struct sk_buff *skb)
3017 struct inquiry_data data;
3018 int num_rsp = *((__u8 *) skb->data);
3019 bool name_known, ssp;
3021 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3026 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3031 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3032 struct inquiry_info_with_rssi_and_pscan_mode *info;
3033 info = (void *) (skb->data + 1);
3035 for (; num_rsp; num_rsp--, info++) {
3036 bacpy(&data.bdaddr, &info->bdaddr);
3037 data.pscan_rep_mode = info->pscan_rep_mode;
3038 data.pscan_period_mode = info->pscan_period_mode;
3039 data.pscan_mode = info->pscan_mode;
3040 memcpy(data.dev_class, info->dev_class, 3);
3041 data.clock_offset = info->clock_offset;
3042 data.rssi = info->rssi;
3043 data.ssp_mode = 0x00;
3045 name_known = hci_inquiry_cache_update(hdev, &data,
3047 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3048 info->dev_class, info->rssi,
3049 !name_known, ssp, NULL, 0);
3052 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3054 for (; num_rsp; num_rsp--, info++) {
3055 bacpy(&data.bdaddr, &info->bdaddr);
3056 data.pscan_rep_mode = info->pscan_rep_mode;
3057 data.pscan_period_mode = info->pscan_period_mode;
3058 data.pscan_mode = 0x00;
3059 memcpy(data.dev_class, info->dev_class, 3);
3060 data.clock_offset = info->clock_offset;
3061 data.rssi = info->rssi;
3062 data.ssp_mode = 0x00;
3063 name_known = hci_inquiry_cache_update(hdev, &data,
3065 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3066 info->dev_class, info->rssi,
3067 !name_known, ssp, NULL, 0);
3071 hci_dev_unlock(hdev);
3074 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3075 struct sk_buff *skb)
3077 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3078 struct hci_conn *conn;
3080 BT_DBG("%s", hdev->name);
3084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3088 if (!ev->status && ev->page == 0x01) {
3089 struct inquiry_entry *ie;
3091 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3093 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3095 if (ev->features[0] & LMP_HOST_SSP)
3096 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3099 if (conn->state != BT_CONFIG)
3102 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3103 struct hci_cp_remote_name_req cp;
3104 memset(&cp, 0, sizeof(cp));
3105 bacpy(&cp.bdaddr, &conn->dst);
3106 cp.pscan_rep_mode = 0x02;
3107 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3108 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3109 mgmt_device_connected(hdev, &conn->dst, conn->type,
3110 conn->dst_type, 0, NULL, 0,
3113 if (!hci_outgoing_auth_needed(hdev, conn)) {
3114 conn->state = BT_CONNECTED;
3115 hci_proto_connect_cfm(conn, ev->status);
3120 hci_dev_unlock(hdev);
3123 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3124 struct sk_buff *skb)
3126 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3127 struct hci_conn *conn;
3129 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3133 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3135 if (ev->link_type == ESCO_LINK)
3138 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3142 conn->type = SCO_LINK;
3145 switch (ev->status) {
3147 conn->handle = __le16_to_cpu(ev->handle);
3148 conn->state = BT_CONNECTED;
3150 hci_conn_hold_device(conn);
3151 hci_conn_add_sysfs(conn);
3154 case 0x11: /* Unsupported Feature or Parameter Value */
3155 case 0x1c: /* SCO interval rejected */
3156 case 0x1a: /* Unsupported Remote Feature */
3157 case 0x1f: /* Unspecified error */
3158 if (conn->out && conn->attempt < 2) {
3159 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3160 (hdev->esco_type & EDR_ESCO_MASK);
3161 hci_setup_sync(conn, conn->link->handle);
3167 conn->state = BT_CLOSED;
3171 hci_proto_connect_cfm(conn, ev->status);
3176 hci_dev_unlock(hdev);
3179 static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3181 BT_DBG("%s", hdev->name);
3184 static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3186 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3188 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3191 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3192 struct sk_buff *skb)
3194 struct inquiry_data data;
3195 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3196 int num_rsp = *((__u8 *) skb->data);
3199 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3204 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3209 for (; num_rsp; num_rsp--, info++) {
3210 bool name_known, ssp;
3212 bacpy(&data.bdaddr, &info->bdaddr);
3213 data.pscan_rep_mode = info->pscan_rep_mode;
3214 data.pscan_period_mode = info->pscan_period_mode;
3215 data.pscan_mode = 0x00;
3216 memcpy(data.dev_class, info->dev_class, 3);
3217 data.clock_offset = info->clock_offset;
3218 data.rssi = info->rssi;
3219 data.ssp_mode = 0x01;
3221 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3222 name_known = eir_has_data_type(info->data,
3228 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3230 eir_len = eir_get_length(info->data, sizeof(info->data));
3231 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3232 info->dev_class, info->rssi, !name_known,
3233 ssp, info->data, eir_len);
3236 hci_dev_unlock(hdev);
3239 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3240 struct sk_buff *skb)
3242 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3243 struct hci_conn *conn;
3245 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3246 __le16_to_cpu(ev->handle));
3250 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3255 conn->sec_level = conn->pending_sec_level;
3257 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3259 if (ev->status && conn->state == BT_CONNECTED) {
3260 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3265 if (conn->state == BT_CONFIG) {
3267 conn->state = BT_CONNECTED;
3269 hci_proto_connect_cfm(conn, ev->status);
3272 hci_auth_cfm(conn, ev->status);
3274 hci_conn_hold(conn);
3275 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3280 hci_dev_unlock(hdev);
3283 static u8 hci_get_auth_req(struct hci_conn *conn)
3285 /* If remote requests dedicated bonding follow that lead */
3286 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3287 /* If both remote and local IO capabilities allow MITM
3288 * protection then require it, otherwise don't */
3289 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3295 /* If remote requests no-bonding follow that lead */
3296 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3297 return conn->remote_auth | (conn->auth_type & 0x01);
3299 return conn->auth_type;
3302 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3304 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3305 struct hci_conn *conn;
3307 BT_DBG("%s", hdev->name);
3311 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3315 hci_conn_hold(conn);
3317 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3320 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3321 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3322 struct hci_cp_io_capability_reply cp;
3324 bacpy(&cp.bdaddr, &ev->bdaddr);
3325 /* Change the IO capability from KeyboardDisplay
3326 * to DisplayYesNo as it is not supported by BT spec. */
3327 cp.capability = (conn->io_capability == 0x04) ?
3328 0x01 : conn->io_capability;
3329 conn->auth_type = hci_get_auth_req(conn);
3330 cp.authentication = conn->auth_type;
3332 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3333 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3338 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3341 struct hci_cp_io_capability_neg_reply cp;
3343 bacpy(&cp.bdaddr, &ev->bdaddr);
3344 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3346 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3351 hci_dev_unlock(hdev);
3354 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3356 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3357 struct hci_conn *conn;
3359 BT_DBG("%s", hdev->name);
3363 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3367 conn->remote_cap = ev->capability;
3368 conn->remote_auth = ev->authentication;
3370 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3373 hci_dev_unlock(hdev);
3376 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3377 struct sk_buff *skb)
3379 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3380 int loc_mitm, rem_mitm, confirm_hint = 0;
3381 struct hci_conn *conn;
3383 BT_DBG("%s", hdev->name);
3387 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3390 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3394 loc_mitm = (conn->auth_type & 0x01);
3395 rem_mitm = (conn->remote_auth & 0x01);
3397 /* If we require MITM but the remote device can't provide that
3398 * (it has NoInputNoOutput) then reject the confirmation
3399 * request. The only exception is when we're dedicated bonding
3400 * initiators (connect_cfm_cb set) since then we always have the MITM
3402 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3403 BT_DBG("Rejecting request: remote device can't provide MITM");
3404 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3405 sizeof(ev->bdaddr), &ev->bdaddr);
3409 /* If no side requires MITM protection; auto-accept */
3410 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3411 (!rem_mitm || conn->io_capability == 0x03)) {
3413 /* If we're not the initiators request authorization to
3414 * proceed from user space (mgmt_user_confirm with
3415 * confirm_hint set to 1). */
3416 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3417 BT_DBG("Confirming auto-accept as acceptor");
3422 BT_DBG("Auto-accept of user confirmation with %ums delay",
3423 hdev->auto_accept_delay);
3425 if (hdev->auto_accept_delay > 0) {
3426 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3427 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3431 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3432 sizeof(ev->bdaddr), &ev->bdaddr);
3437 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3441 hci_dev_unlock(hdev);
3444 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3445 struct sk_buff *skb)
3447 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3449 BT_DBG("%s", hdev->name);
3451 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3452 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3455 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3456 struct sk_buff *skb)
3458 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3459 struct hci_conn *conn;
3461 BT_DBG("%s", hdev->name);
3463 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3467 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3468 conn->passkey_entered = 0;
3470 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3471 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3472 conn->dst_type, conn->passkey_notify,
3473 conn->passkey_entered);
3476 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3478 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3479 struct hci_conn *conn;
3481 BT_DBG("%s", hdev->name);
3483 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3488 case HCI_KEYPRESS_STARTED:
3489 conn->passkey_entered = 0;
3492 case HCI_KEYPRESS_ENTERED:
3493 conn->passkey_entered++;
3496 case HCI_KEYPRESS_ERASED:
3497 conn->passkey_entered--;
3500 case HCI_KEYPRESS_CLEARED:
3501 conn->passkey_entered = 0;
3504 case HCI_KEYPRESS_COMPLETED:
3508 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3509 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3510 conn->dst_type, conn->passkey_notify,
3511 conn->passkey_entered);
3514 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3515 struct sk_buff *skb)
3517 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3518 struct hci_conn *conn;
3520 BT_DBG("%s", hdev->name);
3524 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3528 /* To avoid duplicate auth_failed events to user space we check
3529 * the HCI_CONN_AUTH_PEND flag which will be set if we
3530 * initiated the authentication. A traditional auth_complete
3531 * event gets always produced as initiator and is also mapped to
3532 * the mgmt_auth_failed event */
3533 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3534 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3540 hci_dev_unlock(hdev);
3543 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3544 struct sk_buff *skb)
3546 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3547 struct inquiry_entry *ie;
3549 BT_DBG("%s", hdev->name);
3553 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3555 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3557 hci_dev_unlock(hdev);
3560 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3561 struct sk_buff *skb)
3563 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3564 struct oob_data *data;
3566 BT_DBG("%s", hdev->name);
3570 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3573 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3575 struct hci_cp_remote_oob_data_reply cp;
3577 bacpy(&cp.bdaddr, &ev->bdaddr);
3578 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3579 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3581 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3584 struct hci_cp_remote_oob_data_neg_reply cp;
3586 bacpy(&cp.bdaddr, &ev->bdaddr);
3587 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3592 hci_dev_unlock(hdev);
3595 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3597 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3598 struct hci_conn *conn;
3600 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3604 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3606 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3608 BT_ERR("No memory for new connection");
3612 conn->dst_type = ev->bdaddr_type;
3614 if (ev->role == LE_CONN_ROLE_MASTER) {
3616 conn->link_mode |= HCI_LM_MASTER;
3621 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3622 conn->dst_type, ev->status);
3623 hci_proto_connect_cfm(conn, ev->status);
3624 conn->state = BT_CLOSED;
3629 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3630 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3631 conn->dst_type, 0, NULL, 0, NULL);
3633 conn->sec_level = BT_SECURITY_LOW;
3634 conn->handle = __le16_to_cpu(ev->handle);
3635 conn->state = BT_CONNECTED;
3637 hci_conn_hold_device(conn);
3638 hci_conn_add_sysfs(conn);
3640 hci_proto_connect_cfm(conn, ev->status);
3643 hci_dev_unlock(hdev);
3646 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3648 u8 num_reports = skb->data[0];
3649 void *ptr = &skb->data[1];
3654 while (num_reports--) {
3655 struct hci_ev_le_advertising_info *ev = ptr;
3657 rssi = ev->data[ev->length];
3658 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3659 NULL, rssi, 0, 1, ev->data, ev->length);
3661 ptr += sizeof(*ev) + ev->length + 1;
3664 hci_dev_unlock(hdev);
3667 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3669 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3670 struct hci_cp_le_ltk_reply cp;
3671 struct hci_cp_le_ltk_neg_reply neg;
3672 struct hci_conn *conn;
3673 struct smp_ltk *ltk;
3675 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3679 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3683 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3687 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3688 cp.handle = cpu_to_le16(conn->handle);
3690 if (ltk->authenticated)
3691 conn->sec_level = BT_SECURITY_HIGH;
3693 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3695 if (ltk->type & HCI_SMP_STK) {
3696 list_del(<k->list);
3700 hci_dev_unlock(hdev);
3705 neg.handle = ev->handle;
3706 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3707 hci_dev_unlock(hdev);
3710 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3712 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3714 skb_pull(skb, sizeof(*le_ev));
3716 switch (le_ev->subevent) {
3717 case HCI_EV_LE_CONN_COMPLETE:
3718 hci_le_conn_complete_evt(hdev, skb);
3721 case HCI_EV_LE_ADVERTISING_REPORT:
3722 hci_le_adv_report_evt(hdev, skb);
3725 case HCI_EV_LE_LTK_REQ:
3726 hci_le_ltk_request_evt(hdev, skb);
3734 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3736 struct hci_ev_channel_selected *ev = (void *) skb->data;
3737 struct hci_conn *hcon;
3739 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3741 skb_pull(skb, sizeof(*ev));
3743 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3747 amp_read_loc_assoc_final_data(hdev, hcon);
3750 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3752 struct hci_event_hdr *hdr = (void *) skb->data;
3753 __u8 event = hdr->evt;
3755 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3758 case HCI_EV_INQUIRY_COMPLETE:
3759 hci_inquiry_complete_evt(hdev, skb);
3762 case HCI_EV_INQUIRY_RESULT:
3763 hci_inquiry_result_evt(hdev, skb);
3766 case HCI_EV_CONN_COMPLETE:
3767 hci_conn_complete_evt(hdev, skb);
3770 case HCI_EV_CONN_REQUEST:
3771 hci_conn_request_evt(hdev, skb);
3774 case HCI_EV_DISCONN_COMPLETE:
3775 hci_disconn_complete_evt(hdev, skb);
3778 case HCI_EV_AUTH_COMPLETE:
3779 hci_auth_complete_evt(hdev, skb);
3782 case HCI_EV_REMOTE_NAME:
3783 hci_remote_name_evt(hdev, skb);
3786 case HCI_EV_ENCRYPT_CHANGE:
3787 hci_encrypt_change_evt(hdev, skb);
3790 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3791 hci_change_link_key_complete_evt(hdev, skb);
3794 case HCI_EV_REMOTE_FEATURES:
3795 hci_remote_features_evt(hdev, skb);
3798 case HCI_EV_REMOTE_VERSION:
3799 hci_remote_version_evt(hdev, skb);
3802 case HCI_EV_QOS_SETUP_COMPLETE:
3803 hci_qos_setup_complete_evt(hdev, skb);
3806 case HCI_EV_CMD_COMPLETE:
3807 hci_cmd_complete_evt(hdev, skb);
3810 case HCI_EV_CMD_STATUS:
3811 hci_cmd_status_evt(hdev, skb);
3814 case HCI_EV_ROLE_CHANGE:
3815 hci_role_change_evt(hdev, skb);
3818 case HCI_EV_NUM_COMP_PKTS:
3819 hci_num_comp_pkts_evt(hdev, skb);
3822 case HCI_EV_MODE_CHANGE:
3823 hci_mode_change_evt(hdev, skb);
3826 case HCI_EV_PIN_CODE_REQ:
3827 hci_pin_code_request_evt(hdev, skb);
3830 case HCI_EV_LINK_KEY_REQ:
3831 hci_link_key_request_evt(hdev, skb);
3834 case HCI_EV_LINK_KEY_NOTIFY:
3835 hci_link_key_notify_evt(hdev, skb);
3838 case HCI_EV_CLOCK_OFFSET:
3839 hci_clock_offset_evt(hdev, skb);
3842 case HCI_EV_PKT_TYPE_CHANGE:
3843 hci_pkt_type_change_evt(hdev, skb);
3846 case HCI_EV_PSCAN_REP_MODE:
3847 hci_pscan_rep_mode_evt(hdev, skb);
3850 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3851 hci_inquiry_result_with_rssi_evt(hdev, skb);
3854 case HCI_EV_REMOTE_EXT_FEATURES:
3855 hci_remote_ext_features_evt(hdev, skb);
3858 case HCI_EV_SYNC_CONN_COMPLETE:
3859 hci_sync_conn_complete_evt(hdev, skb);
3862 case HCI_EV_SYNC_CONN_CHANGED:
3863 hci_sync_conn_changed_evt(hdev, skb);
3866 case HCI_EV_SNIFF_SUBRATE:
3867 hci_sniff_subrate_evt(hdev, skb);
3870 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3871 hci_extended_inquiry_result_evt(hdev, skb);
3874 case HCI_EV_KEY_REFRESH_COMPLETE:
3875 hci_key_refresh_complete_evt(hdev, skb);
3878 case HCI_EV_IO_CAPA_REQUEST:
3879 hci_io_capa_request_evt(hdev, skb);
3882 case HCI_EV_IO_CAPA_REPLY:
3883 hci_io_capa_reply_evt(hdev, skb);
3886 case HCI_EV_USER_CONFIRM_REQUEST:
3887 hci_user_confirm_request_evt(hdev, skb);
3890 case HCI_EV_USER_PASSKEY_REQUEST:
3891 hci_user_passkey_request_evt(hdev, skb);
3894 case HCI_EV_USER_PASSKEY_NOTIFY:
3895 hci_user_passkey_notify_evt(hdev, skb);
3898 case HCI_EV_KEYPRESS_NOTIFY:
3899 hci_keypress_notify_evt(hdev, skb);
3902 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3903 hci_simple_pair_complete_evt(hdev, skb);
3906 case HCI_EV_REMOTE_HOST_FEATURES:
3907 hci_remote_host_features_evt(hdev, skb);
3910 case HCI_EV_LE_META:
3911 hci_le_meta_evt(hdev, skb);
3914 case HCI_EV_CHANNEL_SELECTED:
3915 hci_chan_selected_evt(hdev, skb);
3918 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3919 hci_remote_oob_data_request_evt(hdev, skb);
3922 case HCI_EV_NUM_COMP_BLOCKS:
3923 hci_num_comp_blocks_evt(hdev, skb);
3927 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3932 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob