2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
45 mgmt_stop_discovery_failed(hdev, status);
50 clear_bit(HCI_INQUIRY, &hdev->flags);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
58 hci_conn_check_pending(hdev);
61 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
63 __u8 status = *((__u8 *) skb->data);
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
73 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
75 __u8 status = *((__u8 *) skb->data);
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 hci_conn_check_pending(hdev);
87 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
169 hdev->link_policy = __le16_to_cpu(rp->policy);
172 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
175 __u8 status = *((__u8 *) skb->data);
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
185 hdev->link_policy = get_unaligned_le16(sent);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 /* Reset all non-persistent flags */
197 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
199 hdev->discovery.state = DISCOVERY_STOPPED;
200 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
201 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
203 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
204 hdev->adv_data_len = 0;
207 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
209 __u8 status = *((__u8 *) skb->data);
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
225 hci_dev_unlock(hdev);
228 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
230 struct hci_rp_read_local_name *rp = (void *) skb->data;
232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
237 if (test_bit(HCI_SETUP, &hdev->dev_flags))
238 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data);
246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 __u8 param = *((__u8 *) sent);
255 if (param == AUTH_ENABLED)
256 set_bit(HCI_AUTH, &hdev->flags);
258 clear_bit(HCI_AUTH, &hdev->flags);
261 if (test_bit(HCI_MGMT, &hdev->dev_flags))
262 mgmt_auth_enable_complete(hdev, status);
265 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
267 __u8 status = *((__u8 *) skb->data);
270 BT_DBG("%s status 0x%2.2x", hdev->name, status);
272 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 __u8 param = *((__u8 *) sent);
280 set_bit(HCI_ENCRYPT, &hdev->flags);
282 clear_bit(HCI_ENCRYPT, &hdev->flags);
286 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
288 __u8 param, status = *((__u8 *) skb->data);
289 int old_pscan, old_iscan;
292 BT_DBG("%s status 0x%2.2x", hdev->name, status);
294 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
298 param = *((__u8 *) sent);
303 mgmt_write_scan_failed(hdev, param, status);
304 hdev->discov_timeout = 0;
308 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
309 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
311 if (param & SCAN_INQUIRY) {
312 set_bit(HCI_ISCAN, &hdev->flags);
314 mgmt_discoverable(hdev, 1);
315 if (hdev->discov_timeout > 0) {
316 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
317 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
320 } else if (old_iscan)
321 mgmt_discoverable(hdev, 0);
323 if (param & SCAN_PAGE) {
324 set_bit(HCI_PSCAN, &hdev->flags);
326 mgmt_connectable(hdev, 1);
327 } else if (old_pscan)
328 mgmt_connectable(hdev, 0);
331 hci_dev_unlock(hdev);
334 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
336 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
338 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
343 memcpy(hdev->dev_class, rp->dev_class, 3);
345 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
346 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
349 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
351 __u8 status = *((__u8 *) skb->data);
354 BT_DBG("%s status 0x%2.2x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
363 memcpy(hdev->dev_class, sent, 3);
365 if (test_bit(HCI_MGMT, &hdev->dev_flags))
366 mgmt_set_class_of_dev_complete(hdev, sent, status);
368 hci_dev_unlock(hdev);
371 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
373 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
376 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
381 setting = __le16_to_cpu(rp->voice_setting);
383 if (hdev->voice_setting == setting)
386 hdev->voice_setting = setting;
388 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
391 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
397 __u8 status = *((__u8 *) skb->data);
401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
406 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
410 setting = get_unaligned_le16(sent);
412 if (hdev->voice_setting == setting)
415 hdev->voice_setting = setting;
417 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
420 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
423 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425 __u8 status = *((__u8 *) skb->data);
426 struct hci_cp_write_ssp_mode *sent;
428 BT_DBG("%s status 0x%2.2x", hdev->name, status);
430 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
436 hdev->host_features[0] |= LMP_HOST_SSP;
438 hdev->host_features[0] &= ~LMP_HOST_SSP;
441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
442 mgmt_ssp_enable_complete(hdev, sent->mode, status);
445 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
447 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
451 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
453 struct hci_rp_read_local_version *rp = (void *) skb->data;
455 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
460 hdev->hci_ver = rp->hci_ver;
461 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
462 hdev->lmp_ver = rp->lmp_ver;
463 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
464 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
466 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
467 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
470 static void hci_cc_read_local_commands(struct hci_dev *hdev,
473 struct hci_rp_read_local_commands *rp = (void *) skb->data;
475 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
478 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
481 static void hci_cc_read_local_features(struct hci_dev *hdev,
484 struct hci_rp_read_local_features *rp = (void *) skb->data;
486 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
491 memcpy(hdev->features, rp->features, 8);
493 /* Adjust default settings according to features
494 * supported by device. */
496 if (hdev->features[0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
499 if (hdev->features[0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
502 if (hdev->features[1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2);
507 if (hdev->features[1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3);
512 if (lmp_esco_capable(hdev))
513 hdev->esco_type |= (ESCO_EV3);
515 if (hdev->features[4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4);
518 if (hdev->features[4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5);
521 if (hdev->features[5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3);
524 if (hdev->features[5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3);
527 if (hdev->features[5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531 hdev->features[0], hdev->features[1],
532 hdev->features[2], hdev->features[3],
533 hdev->features[4], hdev->features[5],
534 hdev->features[6], hdev->features[7]);
537 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
540 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
542 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
549 memcpy(hdev->features, rp->features, 8);
552 memcpy(hdev->host_features, rp->features, 8);
557 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
560 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
562 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
565 hdev->flow_ctl_mode = rp->mode;
568 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
570 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
572 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
577 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
578 hdev->sco_mtu = rp->sco_mtu;
579 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
580 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
582 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
587 hdev->acl_cnt = hdev->acl_pkts;
588 hdev->sco_cnt = hdev->sco_pkts;
590 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
591 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
594 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
596 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
598 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 bacpy(&hdev->bdaddr, &rp->bdaddr);
604 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
607 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
609 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
611 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
612 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
613 hdev->page_scan_window = __le16_to_cpu(rp->window);
617 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
620 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
622 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
624 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
625 hdev->page_scan_type = rp->type;
628 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
631 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
633 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
638 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
639 hdev->block_len = __le16_to_cpu(rp->block_len);
640 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
642 hdev->block_cnt = hdev->num_blocks;
644 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
645 hdev->block_cnt, hdev->block_len);
648 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
651 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
653 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
658 hdev->amp_status = rp->amp_status;
659 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
660 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
661 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
662 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
663 hdev->amp_type = rp->amp_type;
664 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
665 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
666 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
667 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
670 a2mp_send_getinfo_rsp(hdev);
673 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
676 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
677 struct amp_assoc *assoc = &hdev->loc_assoc;
678 size_t rem_len, frag_len;
680 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
685 frag_len = skb->len - sizeof(*rp);
686 rem_len = __le16_to_cpu(rp->rem_len);
688 if (rem_len > frag_len) {
689 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
691 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
692 assoc->offset += frag_len;
694 /* Read other fragments */
695 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
700 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
701 assoc->len = assoc->offset + rem_len;
705 /* Send A2MP Rsp when all fragments are received */
706 a2mp_send_getampassoc_rsp(hdev, rp->status);
707 a2mp_send_create_phy_link_req(hdev, rp->status);
710 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
713 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
715 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
718 hdev->inq_tx_power = rp->tx_power;
721 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
723 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
724 struct hci_cp_pin_code_reply *cp;
725 struct hci_conn *conn;
727 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
731 if (test_bit(HCI_MGMT, &hdev->dev_flags))
732 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
737 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
743 conn->pin_length = cp->pin_len;
746 hci_dev_unlock(hdev);
749 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
753 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
757 if (test_bit(HCI_MGMT, &hdev->dev_flags))
758 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
761 hci_dev_unlock(hdev);
764 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
767 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
769 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
774 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
775 hdev->le_pkts = rp->le_max_pkt;
777 hdev->le_cnt = hdev->le_pkts;
779 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
782 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
785 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
787 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
790 memcpy(hdev->le_features, rp->features, 8);
793 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
796 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
798 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
801 hdev->adv_tx_power = rp->tx_power;
804 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
806 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
808 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
812 if (test_bit(HCI_MGMT, &hdev->dev_flags))
813 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
816 hci_dev_unlock(hdev);
819 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->dev_flags))
829 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
830 ACL_LINK, 0, rp->status);
832 hci_dev_unlock(hdev);
835 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
837 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
839 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
843 if (test_bit(HCI_MGMT, &hdev->dev_flags))
844 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
847 hci_dev_unlock(hdev);
850 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
853 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
855 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
859 if (test_bit(HCI_MGMT, &hdev->dev_flags))
860 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
861 ACL_LINK, 0, rp->status);
863 hci_dev_unlock(hdev);
866 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
869 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
871 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
874 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
875 rp->randomizer, rp->status);
876 hci_dev_unlock(hdev);
879 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
881 __u8 *sent, status = *((__u8 *) skb->data);
883 BT_DBG("%s status 0x%2.2x", hdev->name, status);
885 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
893 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
895 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
898 if (!test_bit(HCI_INIT, &hdev->flags)) {
899 struct hci_request req;
901 hci_req_init(&req, hdev);
903 hci_req_run(&req, NULL);
906 hci_dev_unlock(hdev);
909 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
911 __u8 status = *((__u8 *) skb->data);
913 BT_DBG("%s status 0x%2.2x", hdev->name, status);
917 mgmt_start_discovery_failed(hdev, status);
918 hci_dev_unlock(hdev);
923 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
926 struct hci_cp_le_set_scan_enable *cp;
927 __u8 status = *((__u8 *) skb->data);
929 BT_DBG("%s status 0x%2.2x", hdev->name, status);
931 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
935 switch (cp->enable) {
936 case LE_SCANNING_ENABLED:
939 mgmt_start_discovery_failed(hdev, status);
940 hci_dev_unlock(hdev);
944 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
947 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
948 hci_dev_unlock(hdev);
951 case LE_SCANNING_DISABLED:
954 mgmt_stop_discovery_failed(hdev, status);
955 hci_dev_unlock(hdev);
959 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
961 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
962 hdev->discovery.state == DISCOVERY_FINDING) {
963 mgmt_interleaved_discovery(hdev);
966 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
967 hci_dev_unlock(hdev);
973 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
978 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
981 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
983 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
986 hdev->le_white_list_size = rp->size;
989 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
992 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
994 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
997 memcpy(hdev->le_states, rp->le_states, 8);
1000 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1003 struct hci_cp_write_le_host_supported *sent;
1004 __u8 status = *((__u8 *) skb->data);
1006 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1008 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1014 hdev->host_features[0] |= LMP_HOST_LE;
1016 hdev->host_features[0] &= ~LMP_HOST_LE;
1019 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1021 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1024 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1025 !test_bit(HCI_INIT, &hdev->flags))
1026 mgmt_le_enable_complete(hdev, sent->le, status);
1029 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1032 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1034 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1035 hdev->name, rp->status, rp->phy_handle);
1040 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1043 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1045 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1048 hci_conn_check_pending(hdev);
1050 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1051 mgmt_start_discovery_failed(hdev, status);
1052 hci_dev_unlock(hdev);
1056 set_bit(HCI_INQUIRY, &hdev->flags);
1059 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1060 hci_dev_unlock(hdev);
1063 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1065 struct hci_cp_create_conn *cp;
1066 struct hci_conn *conn;
1068 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1070 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1076 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1078 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1081 if (conn && conn->state == BT_CONNECT) {
1082 if (status != 0x0c || conn->attempt > 2) {
1083 conn->state = BT_CLOSED;
1084 hci_proto_connect_cfm(conn, status);
1087 conn->state = BT_CONNECT2;
1091 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1094 conn->link_mode |= HCI_LM_MASTER;
1096 BT_ERR("No memory for new connection");
1100 hci_dev_unlock(hdev);
1103 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1105 struct hci_cp_add_sco *cp;
1106 struct hci_conn *acl, *sco;
1109 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1114 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1118 handle = __le16_to_cpu(cp->handle);
1120 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1124 acl = hci_conn_hash_lookup_handle(hdev, handle);
1128 sco->state = BT_CLOSED;
1130 hci_proto_connect_cfm(sco, status);
1135 hci_dev_unlock(hdev);
1138 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1140 struct hci_cp_auth_requested *cp;
1141 struct hci_conn *conn;
1143 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1148 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1154 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1156 if (conn->state == BT_CONFIG) {
1157 hci_proto_connect_cfm(conn, status);
1162 hci_dev_unlock(hdev);
1165 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1167 struct hci_cp_set_conn_encrypt *cp;
1168 struct hci_conn *conn;
1170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1175 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1181 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1183 if (conn->state == BT_CONFIG) {
1184 hci_proto_connect_cfm(conn, status);
1189 hci_dev_unlock(hdev);
1192 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1193 struct hci_conn *conn)
1195 if (conn->state != BT_CONFIG || !conn->out)
1198 if (conn->pending_sec_level == BT_SECURITY_SDP)
1201 /* Only request authentication for SSP connections or non-SSP
1202 * devices with sec_level HIGH or if MITM protection is requested */
1203 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1204 conn->pending_sec_level != BT_SECURITY_HIGH)
1210 static int hci_resolve_name(struct hci_dev *hdev,
1211 struct inquiry_entry *e)
1213 struct hci_cp_remote_name_req cp;
1215 memset(&cp, 0, sizeof(cp));
1217 bacpy(&cp.bdaddr, &e->data.bdaddr);
1218 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1219 cp.pscan_mode = e->data.pscan_mode;
1220 cp.clock_offset = e->data.clock_offset;
1222 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1225 static bool hci_resolve_next_name(struct hci_dev *hdev)
1227 struct discovery_state *discov = &hdev->discovery;
1228 struct inquiry_entry *e;
1230 if (list_empty(&discov->resolve))
1233 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1237 if (hci_resolve_name(hdev, e) == 0) {
1238 e->name_state = NAME_PENDING;
1245 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1246 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1248 struct discovery_state *discov = &hdev->discovery;
1249 struct inquiry_entry *e;
1251 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1252 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1253 name_len, conn->dev_class);
1255 if (discov->state == DISCOVERY_STOPPED)
1258 if (discov->state == DISCOVERY_STOPPING)
1259 goto discov_complete;
1261 if (discov->state != DISCOVERY_RESOLVING)
1264 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1265 /* If the device was not found in a list of found devices names of which
1266 * are pending. there is no need to continue resolving a next name as it
1267 * will be done upon receiving another Remote Name Request Complete
1274 e->name_state = NAME_KNOWN;
1275 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1276 e->data.rssi, name, name_len);
1278 e->name_state = NAME_NOT_KNOWN;
1281 if (hci_resolve_next_name(hdev))
1285 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1288 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1290 struct hci_cp_remote_name_req *cp;
1291 struct hci_conn *conn;
1293 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1295 /* If successful wait for the name req complete event before
1296 * checking for the need to do authentication */
1300 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1306 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1308 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1309 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1314 if (!hci_outgoing_auth_needed(hdev, conn))
1317 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1318 struct hci_cp_auth_requested cp;
1319 cp.handle = __cpu_to_le16(conn->handle);
1320 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1324 hci_dev_unlock(hdev);
1327 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1329 struct hci_cp_read_remote_features *cp;
1330 struct hci_conn *conn;
1332 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1337 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1343 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1345 if (conn->state == BT_CONFIG) {
1346 hci_proto_connect_cfm(conn, status);
1351 hci_dev_unlock(hdev);
1354 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1356 struct hci_cp_read_remote_ext_features *cp;
1357 struct hci_conn *conn;
1359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1364 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1370 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1372 if (conn->state == BT_CONFIG) {
1373 hci_proto_connect_cfm(conn, status);
1378 hci_dev_unlock(hdev);
1381 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1383 struct hci_cp_setup_sync_conn *cp;
1384 struct hci_conn *acl, *sco;
1387 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1392 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1396 handle = __le16_to_cpu(cp->handle);
1398 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1402 acl = hci_conn_hash_lookup_handle(hdev, handle);
1406 sco->state = BT_CLOSED;
1408 hci_proto_connect_cfm(sco, status);
1413 hci_dev_unlock(hdev);
1416 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1418 struct hci_cp_sniff_mode *cp;
1419 struct hci_conn *conn;
1421 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1426 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1432 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1434 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1436 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1437 hci_sco_setup(conn, status);
1440 hci_dev_unlock(hdev);
1443 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1445 struct hci_cp_exit_sniff_mode *cp;
1446 struct hci_conn *conn;
1448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1453 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1461 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1463 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1464 hci_sco_setup(conn, status);
1467 hci_dev_unlock(hdev);
1470 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1472 struct hci_cp_disconnect *cp;
1473 struct hci_conn *conn;
1478 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1484 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1486 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1487 conn->dst_type, status);
1489 hci_dev_unlock(hdev);
1492 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1494 struct hci_conn *conn;
1496 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1501 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1503 hci_dev_unlock(hdev);
1507 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1509 conn->state = BT_CLOSED;
1510 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1511 conn->dst_type, status);
1512 hci_proto_connect_cfm(conn, status);
1515 hci_dev_unlock(hdev);
1519 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1521 struct hci_cp_create_phy_link *cp;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1532 struct hci_conn *hcon;
1534 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1538 amp_write_remote_assoc(hdev, cp->phy_handle);
1541 hci_dev_unlock(hdev);
1544 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1546 struct hci_cp_accept_phy_link *cp;
1548 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1553 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1557 amp_write_remote_assoc(hdev, cp->phy_handle);
1560 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1562 __u8 status = *((__u8 *) skb->data);
1563 struct discovery_state *discov = &hdev->discovery;
1564 struct inquiry_entry *e;
1566 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1568 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1570 hci_conn_check_pending(hdev);
1572 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1575 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1580 if (discov->state != DISCOVERY_FINDING)
1583 if (list_empty(&discov->resolve)) {
1584 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1588 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1589 if (e && hci_resolve_name(hdev, e) == 0) {
1590 e->name_state = NAME_PENDING;
1591 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1593 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1597 hci_dev_unlock(hdev);
1600 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1602 struct inquiry_data data;
1603 struct inquiry_info *info = (void *) (skb->data + 1);
1604 int num_rsp = *((__u8 *) skb->data);
1606 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1611 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1616 for (; num_rsp; num_rsp--, info++) {
1617 bool name_known, ssp;
1619 bacpy(&data.bdaddr, &info->bdaddr);
1620 data.pscan_rep_mode = info->pscan_rep_mode;
1621 data.pscan_period_mode = info->pscan_period_mode;
1622 data.pscan_mode = info->pscan_mode;
1623 memcpy(data.dev_class, info->dev_class, 3);
1624 data.clock_offset = info->clock_offset;
1626 data.ssp_mode = 0x00;
1628 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1629 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1630 info->dev_class, 0, !name_known, ssp, NULL,
1634 hci_dev_unlock(hdev);
1637 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1639 struct hci_ev_conn_complete *ev = (void *) skb->data;
1640 struct hci_conn *conn;
1642 BT_DBG("%s", hdev->name);
1646 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1648 if (ev->link_type != SCO_LINK)
1651 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1655 conn->type = SCO_LINK;
1659 conn->handle = __le16_to_cpu(ev->handle);
1661 if (conn->type == ACL_LINK) {
1662 conn->state = BT_CONFIG;
1663 hci_conn_hold(conn);
1665 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1666 !hci_find_link_key(hdev, &ev->bdaddr))
1667 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1669 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1671 conn->state = BT_CONNECTED;
1673 hci_conn_hold_device(conn);
1674 hci_conn_add_sysfs(conn);
1676 if (test_bit(HCI_AUTH, &hdev->flags))
1677 conn->link_mode |= HCI_LM_AUTH;
1679 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1680 conn->link_mode |= HCI_LM_ENCRYPT;
1682 /* Get remote features */
1683 if (conn->type == ACL_LINK) {
1684 struct hci_cp_read_remote_features cp;
1685 cp.handle = ev->handle;
1686 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1690 /* Set packet type for incoming connection */
1691 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1692 struct hci_cp_change_conn_ptype cp;
1693 cp.handle = ev->handle;
1694 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1695 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1699 conn->state = BT_CLOSED;
1700 if (conn->type == ACL_LINK)
1701 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1702 conn->dst_type, ev->status);
1705 if (conn->type == ACL_LINK)
1706 hci_sco_setup(conn, ev->status);
1709 hci_proto_connect_cfm(conn, ev->status);
1711 } else if (ev->link_type != ACL_LINK)
1712 hci_proto_connect_cfm(conn, ev->status);
1715 hci_dev_unlock(hdev);
1717 hci_conn_check_pending(hdev);
1720 void hci_conn_accept(struct hci_conn *conn, int mask)
1722 struct hci_dev *hdev = conn->hdev;
1724 BT_DBG("conn %p", conn);
1726 conn->state = BT_CONFIG;
1728 if (!lmp_esco_capable(hdev)) {
1729 struct hci_cp_accept_conn_req cp;
1731 bacpy(&cp.bdaddr, &conn->dst);
1733 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1734 cp.role = 0x00; /* Become master */
1736 cp.role = 0x01; /* Remain slave */
1738 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1739 } else /* lmp_esco_capable(hdev)) */ {
1740 struct hci_cp_accept_sync_conn_req cp;
1742 bacpy(&cp.bdaddr, &conn->dst);
1743 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1745 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1746 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1747 cp.max_latency = __constant_cpu_to_le16(0xffff);
1748 cp.content_format = cpu_to_le16(hdev->voice_setting);
1749 cp.retrans_effort = 0xff;
1751 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1756 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1758 struct hci_ev_conn_request *ev = (void *) skb->data;
1759 int mask = hdev->link_mode;
1762 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1765 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1768 if ((mask & HCI_LM_ACCEPT) &&
1769 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1770 /* Connection accepted */
1771 struct inquiry_entry *ie;
1772 struct hci_conn *conn;
1776 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1778 memcpy(ie->data.dev_class, ev->dev_class, 3);
1780 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1783 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1785 BT_ERR("No memory for new connection");
1786 hci_dev_unlock(hdev);
1791 memcpy(conn->dev_class, ev->dev_class, 3);
1793 hci_dev_unlock(hdev);
1795 if (ev->link_type == ACL_LINK ||
1796 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1797 struct hci_cp_accept_conn_req cp;
1798 conn->state = BT_CONNECT;
1800 bacpy(&cp.bdaddr, &ev->bdaddr);
1802 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1803 cp.role = 0x00; /* Become master */
1805 cp.role = 0x01; /* Remain slave */
1807 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1809 } else if (!(flags & HCI_PROTO_DEFER)) {
1810 struct hci_cp_accept_sync_conn_req cp;
1811 conn->state = BT_CONNECT;
1813 bacpy(&cp.bdaddr, &ev->bdaddr);
1814 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1816 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1817 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1818 cp.max_latency = __constant_cpu_to_le16(0xffff);
1819 cp.content_format = cpu_to_le16(hdev->voice_setting);
1820 cp.retrans_effort = 0xff;
1822 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1825 conn->state = BT_CONNECT2;
1826 hci_proto_connect_cfm(conn, 0);
1830 /* Connection rejected */
1831 struct hci_cp_reject_conn_req cp;
1833 bacpy(&cp.bdaddr, &ev->bdaddr);
1834 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1835 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1839 static u8 hci_to_mgmt_reason(u8 err)
1842 case HCI_ERROR_CONNECTION_TIMEOUT:
1843 return MGMT_DEV_DISCONN_TIMEOUT;
1844 case HCI_ERROR_REMOTE_USER_TERM:
1845 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1846 case HCI_ERROR_REMOTE_POWER_OFF:
1847 return MGMT_DEV_DISCONN_REMOTE;
1848 case HCI_ERROR_LOCAL_HOST_TERM:
1849 return MGMT_DEV_DISCONN_LOCAL_HOST;
1851 return MGMT_DEV_DISCONN_UNKNOWN;
1855 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1857 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1858 struct hci_conn *conn;
1860 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1864 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1868 if (ev->status == 0)
1869 conn->state = BT_CLOSED;
1871 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1872 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1874 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1875 conn->dst_type, ev->status);
1877 u8 reason = hci_to_mgmt_reason(ev->reason);
1879 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1880 conn->dst_type, reason);
1884 if (ev->status == 0) {
1885 if (conn->type == ACL_LINK && conn->flush_key)
1886 hci_remove_link_key(hdev, &conn->dst);
1887 hci_proto_disconn_cfm(conn, ev->reason);
1892 hci_dev_unlock(hdev);
1895 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1897 struct hci_ev_auth_complete *ev = (void *) skb->data;
1898 struct hci_conn *conn;
1900 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1904 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1909 if (!hci_conn_ssp_enabled(conn) &&
1910 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1911 BT_INFO("re-auth of legacy device is not possible.");
1913 conn->link_mode |= HCI_LM_AUTH;
1914 conn->sec_level = conn->pending_sec_level;
1917 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1921 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1922 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1924 if (conn->state == BT_CONFIG) {
1925 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1926 struct hci_cp_set_conn_encrypt cp;
1927 cp.handle = ev->handle;
1929 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1932 conn->state = BT_CONNECTED;
1933 hci_proto_connect_cfm(conn, ev->status);
1937 hci_auth_cfm(conn, ev->status);
1939 hci_conn_hold(conn);
1940 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1944 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1946 struct hci_cp_set_conn_encrypt cp;
1947 cp.handle = ev->handle;
1949 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1952 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1953 hci_encrypt_cfm(conn, ev->status, 0x00);
1958 hci_dev_unlock(hdev);
1961 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1963 struct hci_ev_remote_name *ev = (void *) skb->data;
1964 struct hci_conn *conn;
1966 BT_DBG("%s", hdev->name);
1968 hci_conn_check_pending(hdev);
1972 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1974 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1977 if (ev->status == 0)
1978 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1979 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1981 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1987 if (!hci_outgoing_auth_needed(hdev, conn))
1990 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1991 struct hci_cp_auth_requested cp;
1992 cp.handle = __cpu_to_le16(conn->handle);
1993 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1997 hci_dev_unlock(hdev);
2000 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2002 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2003 struct hci_conn *conn;
2005 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2009 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2013 /* Encryption implies authentication */
2014 conn->link_mode |= HCI_LM_AUTH;
2015 conn->link_mode |= HCI_LM_ENCRYPT;
2016 conn->sec_level = conn->pending_sec_level;
2018 conn->link_mode &= ~HCI_LM_ENCRYPT;
2021 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2023 if (ev->status && conn->state == BT_CONNECTED) {
2024 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2029 if (conn->state == BT_CONFIG) {
2031 conn->state = BT_CONNECTED;
2033 hci_proto_connect_cfm(conn, ev->status);
2036 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2040 hci_dev_unlock(hdev);
2043 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2044 struct sk_buff *skb)
2046 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2047 struct hci_conn *conn;
2049 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2053 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2056 conn->link_mode |= HCI_LM_SECURE;
2058 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2060 hci_key_change_cfm(conn, ev->status);
2063 hci_dev_unlock(hdev);
2066 static void hci_remote_features_evt(struct hci_dev *hdev,
2067 struct sk_buff *skb)
2069 struct hci_ev_remote_features *ev = (void *) skb->data;
2070 struct hci_conn *conn;
2072 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2081 memcpy(conn->features, ev->features, 8);
2083 if (conn->state != BT_CONFIG)
2086 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2087 struct hci_cp_read_remote_ext_features cp;
2088 cp.handle = ev->handle;
2090 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2095 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2096 struct hci_cp_remote_name_req cp;
2097 memset(&cp, 0, sizeof(cp));
2098 bacpy(&cp.bdaddr, &conn->dst);
2099 cp.pscan_rep_mode = 0x02;
2100 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2101 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2102 mgmt_device_connected(hdev, &conn->dst, conn->type,
2103 conn->dst_type, 0, NULL, 0,
2106 if (!hci_outgoing_auth_needed(hdev, conn)) {
2107 conn->state = BT_CONNECTED;
2108 hci_proto_connect_cfm(conn, ev->status);
2113 hci_dev_unlock(hdev);
2116 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2118 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2119 u8 status = skb->data[sizeof(*ev)];
2122 skb_pull(skb, sizeof(*ev));
2124 opcode = __le16_to_cpu(ev->opcode);
2127 case HCI_OP_INQUIRY_CANCEL:
2128 hci_cc_inquiry_cancel(hdev, skb);
2131 case HCI_OP_PERIODIC_INQ:
2132 hci_cc_periodic_inq(hdev, skb);
2135 case HCI_OP_EXIT_PERIODIC_INQ:
2136 hci_cc_exit_periodic_inq(hdev, skb);
2139 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2140 hci_cc_remote_name_req_cancel(hdev, skb);
2143 case HCI_OP_ROLE_DISCOVERY:
2144 hci_cc_role_discovery(hdev, skb);
2147 case HCI_OP_READ_LINK_POLICY:
2148 hci_cc_read_link_policy(hdev, skb);
2151 case HCI_OP_WRITE_LINK_POLICY:
2152 hci_cc_write_link_policy(hdev, skb);
2155 case HCI_OP_READ_DEF_LINK_POLICY:
2156 hci_cc_read_def_link_policy(hdev, skb);
2159 case HCI_OP_WRITE_DEF_LINK_POLICY:
2160 hci_cc_write_def_link_policy(hdev, skb);
2164 hci_cc_reset(hdev, skb);
2167 case HCI_OP_WRITE_LOCAL_NAME:
2168 hci_cc_write_local_name(hdev, skb);
2171 case HCI_OP_READ_LOCAL_NAME:
2172 hci_cc_read_local_name(hdev, skb);
2175 case HCI_OP_WRITE_AUTH_ENABLE:
2176 hci_cc_write_auth_enable(hdev, skb);
2179 case HCI_OP_WRITE_ENCRYPT_MODE:
2180 hci_cc_write_encrypt_mode(hdev, skb);
2183 case HCI_OP_WRITE_SCAN_ENABLE:
2184 hci_cc_write_scan_enable(hdev, skb);
2187 case HCI_OP_READ_CLASS_OF_DEV:
2188 hci_cc_read_class_of_dev(hdev, skb);
2191 case HCI_OP_WRITE_CLASS_OF_DEV:
2192 hci_cc_write_class_of_dev(hdev, skb);
2195 case HCI_OP_READ_VOICE_SETTING:
2196 hci_cc_read_voice_setting(hdev, skb);
2199 case HCI_OP_WRITE_VOICE_SETTING:
2200 hci_cc_write_voice_setting(hdev, skb);
2203 case HCI_OP_WRITE_SSP_MODE:
2204 hci_cc_write_ssp_mode(hdev, skb);
2207 case HCI_OP_READ_LOCAL_VERSION:
2208 hci_cc_read_local_version(hdev, skb);
2211 case HCI_OP_READ_LOCAL_COMMANDS:
2212 hci_cc_read_local_commands(hdev, skb);
2215 case HCI_OP_READ_LOCAL_FEATURES:
2216 hci_cc_read_local_features(hdev, skb);
2219 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2220 hci_cc_read_local_ext_features(hdev, skb);
2223 case HCI_OP_READ_BUFFER_SIZE:
2224 hci_cc_read_buffer_size(hdev, skb);
2227 case HCI_OP_READ_BD_ADDR:
2228 hci_cc_read_bd_addr(hdev, skb);
2231 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2232 hci_cc_read_page_scan_activity(hdev, skb);
2235 case HCI_OP_READ_PAGE_SCAN_TYPE:
2236 hci_cc_read_page_scan_type(hdev, skb);
2239 case HCI_OP_READ_DATA_BLOCK_SIZE:
2240 hci_cc_read_data_block_size(hdev, skb);
2243 case HCI_OP_READ_FLOW_CONTROL_MODE:
2244 hci_cc_read_flow_control_mode(hdev, skb);
2247 case HCI_OP_READ_LOCAL_AMP_INFO:
2248 hci_cc_read_local_amp_info(hdev, skb);
2251 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2252 hci_cc_read_local_amp_assoc(hdev, skb);
2255 case HCI_OP_READ_INQ_RSP_TX_POWER:
2256 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2259 case HCI_OP_PIN_CODE_REPLY:
2260 hci_cc_pin_code_reply(hdev, skb);
2263 case HCI_OP_PIN_CODE_NEG_REPLY:
2264 hci_cc_pin_code_neg_reply(hdev, skb);
2267 case HCI_OP_READ_LOCAL_OOB_DATA:
2268 hci_cc_read_local_oob_data_reply(hdev, skb);
2271 case HCI_OP_LE_READ_BUFFER_SIZE:
2272 hci_cc_le_read_buffer_size(hdev, skb);
2275 case HCI_OP_LE_READ_LOCAL_FEATURES:
2276 hci_cc_le_read_local_features(hdev, skb);
2279 case HCI_OP_LE_READ_ADV_TX_POWER:
2280 hci_cc_le_read_adv_tx_power(hdev, skb);
2283 case HCI_OP_USER_CONFIRM_REPLY:
2284 hci_cc_user_confirm_reply(hdev, skb);
2287 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2288 hci_cc_user_confirm_neg_reply(hdev, skb);
2291 case HCI_OP_USER_PASSKEY_REPLY:
2292 hci_cc_user_passkey_reply(hdev, skb);
2295 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2296 hci_cc_user_passkey_neg_reply(hdev, skb);
2299 case HCI_OP_LE_SET_SCAN_PARAM:
2300 hci_cc_le_set_scan_param(hdev, skb);
2303 case HCI_OP_LE_SET_ADV_ENABLE:
2304 hci_cc_le_set_adv_enable(hdev, skb);
2307 case HCI_OP_LE_SET_SCAN_ENABLE:
2308 hci_cc_le_set_scan_enable(hdev, skb);
2311 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2312 hci_cc_le_read_white_list_size(hdev, skb);
2315 case HCI_OP_LE_READ_SUPPORTED_STATES:
2316 hci_cc_le_read_supported_states(hdev, skb);
2319 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2320 hci_cc_write_le_host_supported(hdev, skb);
2323 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2324 hci_cc_write_remote_amp_assoc(hdev, skb);
2328 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2332 if (opcode != HCI_OP_NOP)
2333 del_timer(&hdev->cmd_timer);
2335 hci_req_cmd_complete(hdev, opcode, status);
2337 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2338 atomic_set(&hdev->cmd_cnt, 1);
2339 if (!skb_queue_empty(&hdev->cmd_q))
2340 queue_work(hdev->workqueue, &hdev->cmd_work);
2344 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2346 struct hci_ev_cmd_status *ev = (void *) skb->data;
2349 skb_pull(skb, sizeof(*ev));
2351 opcode = __le16_to_cpu(ev->opcode);
2354 case HCI_OP_INQUIRY:
2355 hci_cs_inquiry(hdev, ev->status);
2358 case HCI_OP_CREATE_CONN:
2359 hci_cs_create_conn(hdev, ev->status);
2362 case HCI_OP_ADD_SCO:
2363 hci_cs_add_sco(hdev, ev->status);
2366 case HCI_OP_AUTH_REQUESTED:
2367 hci_cs_auth_requested(hdev, ev->status);
2370 case HCI_OP_SET_CONN_ENCRYPT:
2371 hci_cs_set_conn_encrypt(hdev, ev->status);
2374 case HCI_OP_REMOTE_NAME_REQ:
2375 hci_cs_remote_name_req(hdev, ev->status);
2378 case HCI_OP_READ_REMOTE_FEATURES:
2379 hci_cs_read_remote_features(hdev, ev->status);
2382 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2383 hci_cs_read_remote_ext_features(hdev, ev->status);
2386 case HCI_OP_SETUP_SYNC_CONN:
2387 hci_cs_setup_sync_conn(hdev, ev->status);
2390 case HCI_OP_SNIFF_MODE:
2391 hci_cs_sniff_mode(hdev, ev->status);
2394 case HCI_OP_EXIT_SNIFF_MODE:
2395 hci_cs_exit_sniff_mode(hdev, ev->status);
2398 case HCI_OP_DISCONNECT:
2399 hci_cs_disconnect(hdev, ev->status);
2402 case HCI_OP_LE_CREATE_CONN:
2403 hci_cs_le_create_conn(hdev, ev->status);
2406 case HCI_OP_CREATE_PHY_LINK:
2407 hci_cs_create_phylink(hdev, ev->status);
2410 case HCI_OP_ACCEPT_PHY_LINK:
2411 hci_cs_accept_phylink(hdev, ev->status);
2415 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2419 if (opcode != HCI_OP_NOP)
2420 del_timer(&hdev->cmd_timer);
2422 hci_req_cmd_status(hdev, opcode, ev->status);
2424 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2425 atomic_set(&hdev->cmd_cnt, 1);
2426 if (!skb_queue_empty(&hdev->cmd_q))
2427 queue_work(hdev->workqueue, &hdev->cmd_work);
2431 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2433 struct hci_ev_role_change *ev = (void *) skb->data;
2434 struct hci_conn *conn;
2436 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2440 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2444 conn->link_mode &= ~HCI_LM_MASTER;
2446 conn->link_mode |= HCI_LM_MASTER;
2449 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2451 hci_role_switch_cfm(conn, ev->status, ev->role);
2454 hci_dev_unlock(hdev);
2457 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2459 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2462 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2463 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2467 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2468 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2469 BT_DBG("%s bad parameters", hdev->name);
2473 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2475 for (i = 0; i < ev->num_hndl; i++) {
2476 struct hci_comp_pkts_info *info = &ev->handles[i];
2477 struct hci_conn *conn;
2478 __u16 handle, count;
2480 handle = __le16_to_cpu(info->handle);
2481 count = __le16_to_cpu(info->count);
2483 conn = hci_conn_hash_lookup_handle(hdev, handle);
2487 conn->sent -= count;
2489 switch (conn->type) {
2491 hdev->acl_cnt += count;
2492 if (hdev->acl_cnt > hdev->acl_pkts)
2493 hdev->acl_cnt = hdev->acl_pkts;
2497 if (hdev->le_pkts) {
2498 hdev->le_cnt += count;
2499 if (hdev->le_cnt > hdev->le_pkts)
2500 hdev->le_cnt = hdev->le_pkts;
2502 hdev->acl_cnt += count;
2503 if (hdev->acl_cnt > hdev->acl_pkts)
2504 hdev->acl_cnt = hdev->acl_pkts;
2509 hdev->sco_cnt += count;
2510 if (hdev->sco_cnt > hdev->sco_pkts)
2511 hdev->sco_cnt = hdev->sco_pkts;
2515 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2520 queue_work(hdev->workqueue, &hdev->tx_work);
2523 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2526 struct hci_chan *chan;
2528 switch (hdev->dev_type) {
2530 return hci_conn_hash_lookup_handle(hdev, handle);
2532 chan = hci_chan_lookup_handle(hdev, handle);
2537 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2544 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2546 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2549 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2550 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2554 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2555 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2556 BT_DBG("%s bad parameters", hdev->name);
2560 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2563 for (i = 0; i < ev->num_hndl; i++) {
2564 struct hci_comp_blocks_info *info = &ev->handles[i];
2565 struct hci_conn *conn = NULL;
2566 __u16 handle, block_count;
2568 handle = __le16_to_cpu(info->handle);
2569 block_count = __le16_to_cpu(info->blocks);
2571 conn = __hci_conn_lookup_handle(hdev, handle);
2575 conn->sent -= block_count;
2577 switch (conn->type) {
2580 hdev->block_cnt += block_count;
2581 if (hdev->block_cnt > hdev->num_blocks)
2582 hdev->block_cnt = hdev->num_blocks;
2586 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2591 queue_work(hdev->workqueue, &hdev->tx_work);
2594 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2596 struct hci_ev_mode_change *ev = (void *) skb->data;
2597 struct hci_conn *conn;
2599 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2605 conn->mode = ev->mode;
2606 conn->interval = __le16_to_cpu(ev->interval);
2608 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2610 if (conn->mode == HCI_CM_ACTIVE)
2611 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2613 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2616 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2617 hci_sco_setup(conn, ev->status);
2620 hci_dev_unlock(hdev);
2623 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2625 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2626 struct hci_conn *conn;
2628 BT_DBG("%s", hdev->name);
2632 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2636 if (conn->state == BT_CONNECTED) {
2637 hci_conn_hold(conn);
2638 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2642 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2643 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2644 sizeof(ev->bdaddr), &ev->bdaddr);
2645 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2648 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2653 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2657 hci_dev_unlock(hdev);
2660 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2662 struct hci_ev_link_key_req *ev = (void *) skb->data;
2663 struct hci_cp_link_key_reply cp;
2664 struct hci_conn *conn;
2665 struct link_key *key;
2667 BT_DBG("%s", hdev->name);
2669 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2674 key = hci_find_link_key(hdev, &ev->bdaddr);
2676 BT_DBG("%s link key not found for %pMR", hdev->name,
2681 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2684 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2685 key->type == HCI_LK_DEBUG_COMBINATION) {
2686 BT_DBG("%s ignoring debug key", hdev->name);
2690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2692 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2693 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2694 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2698 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2699 conn->pending_sec_level == BT_SECURITY_HIGH) {
2700 BT_DBG("%s ignoring key unauthenticated for high security",
2705 conn->key_type = key->type;
2706 conn->pin_length = key->pin_len;
2709 bacpy(&cp.bdaddr, &ev->bdaddr);
2710 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2712 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2714 hci_dev_unlock(hdev);
2719 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2720 hci_dev_unlock(hdev);
2723 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2725 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2726 struct hci_conn *conn;
2729 BT_DBG("%s", hdev->name);
2733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2735 hci_conn_hold(conn);
2736 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2737 pin_len = conn->pin_length;
2739 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2740 conn->key_type = ev->key_type;
2745 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2746 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2747 ev->key_type, pin_len);
2749 hci_dev_unlock(hdev);
2752 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2754 struct hci_ev_clock_offset *ev = (void *) skb->data;
2755 struct hci_conn *conn;
2757 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2761 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2762 if (conn && !ev->status) {
2763 struct inquiry_entry *ie;
2765 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2767 ie->data.clock_offset = ev->clock_offset;
2768 ie->timestamp = jiffies;
2772 hci_dev_unlock(hdev);
2775 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2777 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2778 struct hci_conn *conn;
2780 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2785 if (conn && !ev->status)
2786 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2788 hci_dev_unlock(hdev);
2791 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2793 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2794 struct inquiry_entry *ie;
2796 BT_DBG("%s", hdev->name);
2800 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2802 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2803 ie->timestamp = jiffies;
2806 hci_dev_unlock(hdev);
2809 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2810 struct sk_buff *skb)
2812 struct inquiry_data data;
2813 int num_rsp = *((__u8 *) skb->data);
2814 bool name_known, ssp;
2816 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2821 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2826 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2827 struct inquiry_info_with_rssi_and_pscan_mode *info;
2828 info = (void *) (skb->data + 1);
2830 for (; num_rsp; num_rsp--, info++) {
2831 bacpy(&data.bdaddr, &info->bdaddr);
2832 data.pscan_rep_mode = info->pscan_rep_mode;
2833 data.pscan_period_mode = info->pscan_period_mode;
2834 data.pscan_mode = info->pscan_mode;
2835 memcpy(data.dev_class, info->dev_class, 3);
2836 data.clock_offset = info->clock_offset;
2837 data.rssi = info->rssi;
2838 data.ssp_mode = 0x00;
2840 name_known = hci_inquiry_cache_update(hdev, &data,
2842 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2843 info->dev_class, info->rssi,
2844 !name_known, ssp, NULL, 0);
2847 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2849 for (; num_rsp; num_rsp--, info++) {
2850 bacpy(&data.bdaddr, &info->bdaddr);
2851 data.pscan_rep_mode = info->pscan_rep_mode;
2852 data.pscan_period_mode = info->pscan_period_mode;
2853 data.pscan_mode = 0x00;
2854 memcpy(data.dev_class, info->dev_class, 3);
2855 data.clock_offset = info->clock_offset;
2856 data.rssi = info->rssi;
2857 data.ssp_mode = 0x00;
2858 name_known = hci_inquiry_cache_update(hdev, &data,
2860 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2861 info->dev_class, info->rssi,
2862 !name_known, ssp, NULL, 0);
2866 hci_dev_unlock(hdev);
2869 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2870 struct sk_buff *skb)
2872 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2873 struct hci_conn *conn;
2875 BT_DBG("%s", hdev->name);
2879 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2883 if (!ev->status && ev->page == 0x01) {
2884 struct inquiry_entry *ie;
2886 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2888 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2890 if (ev->features[0] & LMP_HOST_SSP)
2891 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2894 if (conn->state != BT_CONFIG)
2897 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2898 struct hci_cp_remote_name_req cp;
2899 memset(&cp, 0, sizeof(cp));
2900 bacpy(&cp.bdaddr, &conn->dst);
2901 cp.pscan_rep_mode = 0x02;
2902 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2903 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2904 mgmt_device_connected(hdev, &conn->dst, conn->type,
2905 conn->dst_type, 0, NULL, 0,
2908 if (!hci_outgoing_auth_needed(hdev, conn)) {
2909 conn->state = BT_CONNECTED;
2910 hci_proto_connect_cfm(conn, ev->status);
2915 hci_dev_unlock(hdev);
2918 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2919 struct sk_buff *skb)
2921 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2922 struct hci_conn *conn;
2924 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2928 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2930 if (ev->link_type == ESCO_LINK)
2933 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2937 conn->type = SCO_LINK;
2940 switch (ev->status) {
2942 conn->handle = __le16_to_cpu(ev->handle);
2943 conn->state = BT_CONNECTED;
2945 hci_conn_hold_device(conn);
2946 hci_conn_add_sysfs(conn);
2949 case 0x11: /* Unsupported Feature or Parameter Value */
2950 case 0x1c: /* SCO interval rejected */
2951 case 0x1a: /* Unsupported Remote Feature */
2952 case 0x1f: /* Unspecified error */
2953 if (conn->out && conn->attempt < 2) {
2954 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2955 (hdev->esco_type & EDR_ESCO_MASK);
2956 hci_setup_sync(conn, conn->link->handle);
2962 conn->state = BT_CLOSED;
2966 hci_proto_connect_cfm(conn, ev->status);
2971 hci_dev_unlock(hdev);
2974 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2975 struct sk_buff *skb)
2977 struct inquiry_data data;
2978 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2979 int num_rsp = *((__u8 *) skb->data);
2982 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2987 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2992 for (; num_rsp; num_rsp--, info++) {
2993 bool name_known, ssp;
2995 bacpy(&data.bdaddr, &info->bdaddr);
2996 data.pscan_rep_mode = info->pscan_rep_mode;
2997 data.pscan_period_mode = info->pscan_period_mode;
2998 data.pscan_mode = 0x00;
2999 memcpy(data.dev_class, info->dev_class, 3);
3000 data.clock_offset = info->clock_offset;
3001 data.rssi = info->rssi;
3002 data.ssp_mode = 0x01;
3004 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3005 name_known = eir_has_data_type(info->data,
3011 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3013 eir_len = eir_get_length(info->data, sizeof(info->data));
3014 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3015 info->dev_class, info->rssi, !name_known,
3016 ssp, info->data, eir_len);
3019 hci_dev_unlock(hdev);
3022 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3023 struct sk_buff *skb)
3025 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3026 struct hci_conn *conn;
3028 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3029 __le16_to_cpu(ev->handle));
3033 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3038 conn->sec_level = conn->pending_sec_level;
3040 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3042 if (ev->status && conn->state == BT_CONNECTED) {
3043 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3048 if (conn->state == BT_CONFIG) {
3050 conn->state = BT_CONNECTED;
3052 hci_proto_connect_cfm(conn, ev->status);
3055 hci_auth_cfm(conn, ev->status);
3057 hci_conn_hold(conn);
3058 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3063 hci_dev_unlock(hdev);
3066 static u8 hci_get_auth_req(struct hci_conn *conn)
3068 /* If remote requests dedicated bonding follow that lead */
3069 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3070 /* If both remote and local IO capabilities allow MITM
3071 * protection then require it, otherwise don't */
3072 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3078 /* If remote requests no-bonding follow that lead */
3079 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3080 return conn->remote_auth | (conn->auth_type & 0x01);
3082 return conn->auth_type;
3085 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3087 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3088 struct hci_conn *conn;
3090 BT_DBG("%s", hdev->name);
3094 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3098 hci_conn_hold(conn);
3100 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3103 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3104 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3105 struct hci_cp_io_capability_reply cp;
3107 bacpy(&cp.bdaddr, &ev->bdaddr);
3108 /* Change the IO capability from KeyboardDisplay
3109 * to DisplayYesNo as it is not supported by BT spec. */
3110 cp.capability = (conn->io_capability == 0x04) ?
3111 0x01 : conn->io_capability;
3112 conn->auth_type = hci_get_auth_req(conn);
3113 cp.authentication = conn->auth_type;
3115 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3116 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3121 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3124 struct hci_cp_io_capability_neg_reply cp;
3126 bacpy(&cp.bdaddr, &ev->bdaddr);
3127 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3129 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3134 hci_dev_unlock(hdev);
3137 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3139 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3140 struct hci_conn *conn;
3142 BT_DBG("%s", hdev->name);
3146 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3150 conn->remote_cap = ev->capability;
3151 conn->remote_auth = ev->authentication;
3153 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3156 hci_dev_unlock(hdev);
3159 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3160 struct sk_buff *skb)
3162 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3163 int loc_mitm, rem_mitm, confirm_hint = 0;
3164 struct hci_conn *conn;
3166 BT_DBG("%s", hdev->name);
3170 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3173 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3177 loc_mitm = (conn->auth_type & 0x01);
3178 rem_mitm = (conn->remote_auth & 0x01);
3180 /* If we require MITM but the remote device can't provide that
3181 * (it has NoInputNoOutput) then reject the confirmation
3182 * request. The only exception is when we're dedicated bonding
3183 * initiators (connect_cfm_cb set) since then we always have the MITM
3185 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3186 BT_DBG("Rejecting request: remote device can't provide MITM");
3187 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3188 sizeof(ev->bdaddr), &ev->bdaddr);
3192 /* If no side requires MITM protection; auto-accept */
3193 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3194 (!rem_mitm || conn->io_capability == 0x03)) {
3196 /* If we're not the initiators request authorization to
3197 * proceed from user space (mgmt_user_confirm with
3198 * confirm_hint set to 1). */
3199 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3200 BT_DBG("Confirming auto-accept as acceptor");
3205 BT_DBG("Auto-accept of user confirmation with %ums delay",
3206 hdev->auto_accept_delay);
3208 if (hdev->auto_accept_delay > 0) {
3209 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3210 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3214 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3215 sizeof(ev->bdaddr), &ev->bdaddr);
3220 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3224 hci_dev_unlock(hdev);
3227 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3228 struct sk_buff *skb)
3230 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3232 BT_DBG("%s", hdev->name);
3234 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3235 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3238 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3239 struct sk_buff *skb)
3241 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3242 struct hci_conn *conn;
3244 BT_DBG("%s", hdev->name);
3246 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3250 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3251 conn->passkey_entered = 0;
3253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3254 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3255 conn->dst_type, conn->passkey_notify,
3256 conn->passkey_entered);
3259 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3261 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3262 struct hci_conn *conn;
3264 BT_DBG("%s", hdev->name);
3266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3271 case HCI_KEYPRESS_STARTED:
3272 conn->passkey_entered = 0;
3275 case HCI_KEYPRESS_ENTERED:
3276 conn->passkey_entered++;
3279 case HCI_KEYPRESS_ERASED:
3280 conn->passkey_entered--;
3283 case HCI_KEYPRESS_CLEARED:
3284 conn->passkey_entered = 0;
3287 case HCI_KEYPRESS_COMPLETED:
3291 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3292 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3293 conn->dst_type, conn->passkey_notify,
3294 conn->passkey_entered);
3297 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3298 struct sk_buff *skb)
3300 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3301 struct hci_conn *conn;
3303 BT_DBG("%s", hdev->name);
3307 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3311 /* To avoid duplicate auth_failed events to user space we check
3312 * the HCI_CONN_AUTH_PEND flag which will be set if we
3313 * initiated the authentication. A traditional auth_complete
3314 * event gets always produced as initiator and is also mapped to
3315 * the mgmt_auth_failed event */
3316 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3317 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3323 hci_dev_unlock(hdev);
3326 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3327 struct sk_buff *skb)
3329 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3330 struct inquiry_entry *ie;
3332 BT_DBG("%s", hdev->name);
3336 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3338 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3340 hci_dev_unlock(hdev);
3343 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3344 struct sk_buff *skb)
3346 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3347 struct oob_data *data;
3349 BT_DBG("%s", hdev->name);
3353 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3356 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3358 struct hci_cp_remote_oob_data_reply cp;
3360 bacpy(&cp.bdaddr, &ev->bdaddr);
3361 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3362 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3364 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3367 struct hci_cp_remote_oob_data_neg_reply cp;
3369 bacpy(&cp.bdaddr, &ev->bdaddr);
3370 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3375 hci_dev_unlock(hdev);
3378 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3379 struct sk_buff *skb)
3381 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3382 struct hci_conn *hcon, *bredr_hcon;
3384 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3389 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3391 hci_dev_unlock(hdev);
3397 hci_dev_unlock(hdev);
3401 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3403 hcon->state = BT_CONNECTED;
3404 bacpy(&hcon->dst, &bredr_hcon->dst);
3406 hci_conn_hold(hcon);
3407 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3410 hci_conn_hold_device(hcon);
3411 hci_conn_add_sysfs(hcon);
3413 amp_physical_cfm(bredr_hcon, hcon);
3415 hci_dev_unlock(hdev);
3418 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3420 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3421 struct hci_conn *hcon;
3422 struct hci_chan *hchan;
3423 struct amp_mgr *mgr;
3425 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3426 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3429 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3433 /* Create AMP hchan */
3434 hchan = hci_chan_create(hcon);
3438 hchan->handle = le16_to_cpu(ev->handle);
3440 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3442 mgr = hcon->amp_mgr;
3443 if (mgr && mgr->bredr_chan) {
3444 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3446 l2cap_chan_lock(bredr_chan);
3448 bredr_chan->conn->mtu = hdev->block_mtu;
3449 l2cap_logical_cfm(bredr_chan, hchan, 0);
3450 hci_conn_hold(hcon);
3452 l2cap_chan_unlock(bredr_chan);
3456 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3457 struct sk_buff *skb)
3459 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3460 struct hci_chan *hchan;
3462 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3463 le16_to_cpu(ev->handle), ev->status);
3470 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3474 amp_destroy_logical_link(hchan, ev->reason);
3477 hci_dev_unlock(hdev);
3480 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3481 struct sk_buff *skb)
3483 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3484 struct hci_conn *hcon;
3486 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3493 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3495 hcon->state = BT_CLOSED;
3499 hci_dev_unlock(hdev);
3502 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3504 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3505 struct hci_conn *conn;
3507 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3511 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3513 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3515 BT_ERR("No memory for new connection");
3519 conn->dst_type = ev->bdaddr_type;
3521 if (ev->role == LE_CONN_ROLE_MASTER) {
3523 conn->link_mode |= HCI_LM_MASTER;
3528 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3529 conn->dst_type, ev->status);
3530 hci_proto_connect_cfm(conn, ev->status);
3531 conn->state = BT_CLOSED;
3536 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3537 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3538 conn->dst_type, 0, NULL, 0, NULL);
3540 conn->sec_level = BT_SECURITY_LOW;
3541 conn->handle = __le16_to_cpu(ev->handle);
3542 conn->state = BT_CONNECTED;
3544 hci_conn_hold_device(conn);
3545 hci_conn_add_sysfs(conn);
3547 hci_proto_connect_cfm(conn, ev->status);
3550 hci_dev_unlock(hdev);
3553 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3555 u8 num_reports = skb->data[0];
3556 void *ptr = &skb->data[1];
3559 while (num_reports--) {
3560 struct hci_ev_le_advertising_info *ev = ptr;
3562 rssi = ev->data[ev->length];
3563 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3564 NULL, rssi, 0, 1, ev->data, ev->length);
3566 ptr += sizeof(*ev) + ev->length + 1;
3570 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3572 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3573 struct hci_cp_le_ltk_reply cp;
3574 struct hci_cp_le_ltk_neg_reply neg;
3575 struct hci_conn *conn;
3576 struct smp_ltk *ltk;
3578 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3582 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3586 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3590 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3591 cp.handle = cpu_to_le16(conn->handle);
3593 if (ltk->authenticated)
3594 conn->sec_level = BT_SECURITY_HIGH;
3596 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3598 if (ltk->type & HCI_SMP_STK) {
3599 list_del(<k->list);
3603 hci_dev_unlock(hdev);
3608 neg.handle = ev->handle;
3609 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3610 hci_dev_unlock(hdev);
3613 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3615 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3617 skb_pull(skb, sizeof(*le_ev));
3619 switch (le_ev->subevent) {
3620 case HCI_EV_LE_CONN_COMPLETE:
3621 hci_le_conn_complete_evt(hdev, skb);
3624 case HCI_EV_LE_ADVERTISING_REPORT:
3625 hci_le_adv_report_evt(hdev, skb);
3628 case HCI_EV_LE_LTK_REQ:
3629 hci_le_ltk_request_evt(hdev, skb);
3637 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3639 struct hci_ev_channel_selected *ev = (void *) skb->data;
3640 struct hci_conn *hcon;
3642 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3644 skb_pull(skb, sizeof(*ev));
3646 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3650 amp_read_loc_assoc_final_data(hdev, hcon);
3653 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3655 struct hci_event_hdr *hdr = (void *) skb->data;
3656 __u8 event = hdr->evt;
3658 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3661 case HCI_EV_INQUIRY_COMPLETE:
3662 hci_inquiry_complete_evt(hdev, skb);
3665 case HCI_EV_INQUIRY_RESULT:
3666 hci_inquiry_result_evt(hdev, skb);
3669 case HCI_EV_CONN_COMPLETE:
3670 hci_conn_complete_evt(hdev, skb);
3673 case HCI_EV_CONN_REQUEST:
3674 hci_conn_request_evt(hdev, skb);
3677 case HCI_EV_DISCONN_COMPLETE:
3678 hci_disconn_complete_evt(hdev, skb);
3681 case HCI_EV_AUTH_COMPLETE:
3682 hci_auth_complete_evt(hdev, skb);
3685 case HCI_EV_REMOTE_NAME:
3686 hci_remote_name_evt(hdev, skb);
3689 case HCI_EV_ENCRYPT_CHANGE:
3690 hci_encrypt_change_evt(hdev, skb);
3693 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3694 hci_change_link_key_complete_evt(hdev, skb);
3697 case HCI_EV_REMOTE_FEATURES:
3698 hci_remote_features_evt(hdev, skb);
3701 case HCI_EV_CMD_COMPLETE:
3702 hci_cmd_complete_evt(hdev, skb);
3705 case HCI_EV_CMD_STATUS:
3706 hci_cmd_status_evt(hdev, skb);
3709 case HCI_EV_ROLE_CHANGE:
3710 hci_role_change_evt(hdev, skb);
3713 case HCI_EV_NUM_COMP_PKTS:
3714 hci_num_comp_pkts_evt(hdev, skb);
3717 case HCI_EV_MODE_CHANGE:
3718 hci_mode_change_evt(hdev, skb);
3721 case HCI_EV_PIN_CODE_REQ:
3722 hci_pin_code_request_evt(hdev, skb);
3725 case HCI_EV_LINK_KEY_REQ:
3726 hci_link_key_request_evt(hdev, skb);
3729 case HCI_EV_LINK_KEY_NOTIFY:
3730 hci_link_key_notify_evt(hdev, skb);
3733 case HCI_EV_CLOCK_OFFSET:
3734 hci_clock_offset_evt(hdev, skb);
3737 case HCI_EV_PKT_TYPE_CHANGE:
3738 hci_pkt_type_change_evt(hdev, skb);
3741 case HCI_EV_PSCAN_REP_MODE:
3742 hci_pscan_rep_mode_evt(hdev, skb);
3745 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3746 hci_inquiry_result_with_rssi_evt(hdev, skb);
3749 case HCI_EV_REMOTE_EXT_FEATURES:
3750 hci_remote_ext_features_evt(hdev, skb);
3753 case HCI_EV_SYNC_CONN_COMPLETE:
3754 hci_sync_conn_complete_evt(hdev, skb);
3757 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3758 hci_extended_inquiry_result_evt(hdev, skb);
3761 case HCI_EV_KEY_REFRESH_COMPLETE:
3762 hci_key_refresh_complete_evt(hdev, skb);
3765 case HCI_EV_IO_CAPA_REQUEST:
3766 hci_io_capa_request_evt(hdev, skb);
3769 case HCI_EV_IO_CAPA_REPLY:
3770 hci_io_capa_reply_evt(hdev, skb);
3773 case HCI_EV_USER_CONFIRM_REQUEST:
3774 hci_user_confirm_request_evt(hdev, skb);
3777 case HCI_EV_USER_PASSKEY_REQUEST:
3778 hci_user_passkey_request_evt(hdev, skb);
3781 case HCI_EV_USER_PASSKEY_NOTIFY:
3782 hci_user_passkey_notify_evt(hdev, skb);
3785 case HCI_EV_KEYPRESS_NOTIFY:
3786 hci_keypress_notify_evt(hdev, skb);
3789 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3790 hci_simple_pair_complete_evt(hdev, skb);
3793 case HCI_EV_REMOTE_HOST_FEATURES:
3794 hci_remote_host_features_evt(hdev, skb);
3797 case HCI_EV_LE_META:
3798 hci_le_meta_evt(hdev, skb);
3801 case HCI_EV_CHANNEL_SELECTED:
3802 hci_chan_selected_evt(hdev, skb);
3805 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3806 hci_remote_oob_data_request_evt(hdev, skb);
3809 case HCI_EV_PHY_LINK_COMPLETE:
3810 hci_phy_link_complete_evt(hdev, skb);
3813 case HCI_EV_LOGICAL_LINK_COMPLETE:
3814 hci_loglink_complete_evt(hdev, skb);
3817 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3818 hci_disconn_loglink_complete_evt(hdev, skb);
3821 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3822 hci_disconn_phylink_complete_evt(hdev, skb);
3825 case HCI_EV_NUM_COMP_BLOCKS:
3826 hci_num_comp_blocks_evt(hdev, skb);
3830 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3835 hdev->stat.evt_rx++;
projects / firefly-linux-kernel-4.4.55.git / blob