2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF);
202 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
204 __u8 status = *((__u8 *) skb->data);
207 BT_DBG("%s status 0x%x", hdev->name, status);
209 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
216 mgmt_set_local_name_complete(hdev, sent, status);
219 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
221 hci_dev_unlock(hdev);
224 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
226 struct hci_rp_read_local_name *rp = (void *) skb->data;
228 BT_DBG("%s status 0x%x", hdev->name, rp->status);
233 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
236 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
238 __u8 status = *((__u8 *) skb->data);
241 BT_DBG("%s status 0x%x", hdev->name, status);
243 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
248 __u8 param = *((__u8 *) sent);
250 if (param == AUTH_ENABLED)
251 set_bit(HCI_AUTH, &hdev->flags);
253 clear_bit(HCI_AUTH, &hdev->flags);
256 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
259 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
261 __u8 status = *((__u8 *) skb->data);
264 BT_DBG("%s status 0x%x", hdev->name, status);
266 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
271 __u8 param = *((__u8 *) sent);
274 set_bit(HCI_ENCRYPT, &hdev->flags);
276 clear_bit(HCI_ENCRYPT, &hdev->flags);
279 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
282 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
284 __u8 param, status = *((__u8 *) skb->data);
285 int old_pscan, old_iscan;
288 BT_DBG("%s status 0x%x", hdev->name, status);
290 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
294 param = *((__u8 *) sent);
299 mgmt_write_scan_failed(hdev, param, status);
300 hdev->discov_timeout = 0;
304 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
305 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
307 if (param & SCAN_INQUIRY) {
308 set_bit(HCI_ISCAN, &hdev->flags);
310 mgmt_discoverable(hdev, 1);
311 if (hdev->discov_timeout > 0) {
312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
313 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
316 } else if (old_iscan)
317 mgmt_discoverable(hdev, 0);
319 if (param & SCAN_PAGE) {
320 set_bit(HCI_PSCAN, &hdev->flags);
322 mgmt_connectable(hdev, 1);
323 } else if (old_pscan)
324 mgmt_connectable(hdev, 0);
327 hci_dev_unlock(hdev);
328 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
331 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
333 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
335 BT_DBG("%s status 0x%x", hdev->name, rp->status);
340 memcpy(hdev->dev_class, rp->dev_class, 3);
342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
343 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
346 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
348 __u8 status = *((__u8 *) skb->data);
351 BT_DBG("%s status 0x%x", hdev->name, status);
356 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
360 memcpy(hdev->dev_class, sent, 3);
363 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
368 BT_DBG("%s status 0x%x", hdev->name, rp->status);
373 setting = __le16_to_cpu(rp->voice_setting);
375 if (hdev->voice_setting == setting)
378 hdev->voice_setting = setting;
380 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
386 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
388 __u8 status = *((__u8 *) skb->data);
392 BT_DBG("%s status 0x%x", hdev->name, status);
397 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
401 setting = get_unaligned_le16(sent);
403 if (hdev->voice_setting == setting)
406 hdev->voice_setting = setting;
408 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
411 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
414 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
416 __u8 status = *((__u8 *) skb->data);
418 BT_DBG("%s status 0x%x", hdev->name, status);
420 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
423 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
425 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
427 BT_DBG("%s status 0x%x", hdev->name, rp->status);
432 hdev->ssp_mode = rp->mode;
435 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
437 __u8 status = *((__u8 *) skb->data);
440 BT_DBG("%s status 0x%x", hdev->name, status);
445 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
449 hdev->ssp_mode = *((__u8 *) sent);
452 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
454 if (hdev->features[6] & LMP_EXT_INQ)
457 if (hdev->features[3] & LMP_RSSI_INQ)
460 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
461 hdev->lmp_subver == 0x0757)
464 if (hdev->manufacturer == 15) {
465 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
467 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
469 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
473 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
474 hdev->lmp_subver == 0x1805)
480 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
484 mode = hci_get_inquiry_mode(hdev);
486 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
489 static void hci_setup_event_mask(struct hci_dev *hdev)
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
498 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
501 events[4] |= 0x01; /* Flow Specification Complete */
502 events[4] |= 0x02; /* Inquiry Result with RSSI */
503 events[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events[5] |= 0x08; /* Synchronous Connection Complete */
505 events[5] |= 0x10; /* Synchronous Connection Changed */
507 if (hdev->features[3] & LMP_RSSI_INQ)
508 events[4] |= 0x04; /* Inquiry Result with RSSI */
510 if (hdev->features[5] & LMP_SNIFF_SUBR)
511 events[5] |= 0x20; /* Sniff Subrating */
513 if (hdev->features[5] & LMP_PAUSE_ENC)
514 events[5] |= 0x80; /* Encryption Key Refresh Complete */
516 if (hdev->features[6] & LMP_EXT_INQ)
517 events[5] |= 0x40; /* Extended Inquiry Result */
519 if (hdev->features[6] & LMP_NO_FLUSH)
520 events[7] |= 0x01; /* Enhanced Flush Complete */
522 if (hdev->features[7] & LMP_LSTO)
523 events[6] |= 0x80; /* Link Supervision Timeout Changed */
525 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
526 events[6] |= 0x01; /* IO Capability Request */
527 events[6] |= 0x02; /* IO Capability Response */
528 events[6] |= 0x04; /* User Confirmation Request */
529 events[6] |= 0x08; /* User Passkey Request */
530 events[6] |= 0x10; /* Remote OOB Data Request */
531 events[6] |= 0x20; /* Simple Pairing Complete */
532 events[7] |= 0x04; /* User Passkey Notification */
533 events[7] |= 0x08; /* Keypress Notification */
534 events[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
538 if (hdev->features[4] & LMP_LE)
539 events[7] |= 0x20; /* LE Meta-Event */
541 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
544 static void hci_set_le_support(struct hci_dev *hdev)
546 struct hci_cp_write_le_host_supported cp;
548 memset(&cp, 0, sizeof(cp));
552 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
555 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
558 static void hci_setup(struct hci_dev *hdev)
560 if (hdev->dev_type != HCI_BREDR)
563 hci_setup_event_mask(hdev);
565 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
566 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
568 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
570 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
573 if (hdev->features[3] & LMP_RSSI_INQ)
574 hci_setup_inquiry_mode(hdev);
576 if (hdev->features[7] & LMP_INQ_TX_PWR)
577 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
579 if (hdev->features[7] & LMP_EXTFEATURES) {
580 struct hci_cp_read_local_ext_features cp;
583 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
587 if (hdev->features[4] & LMP_LE)
588 hci_set_le_support(hdev);
591 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
593 struct hci_rp_read_local_version *rp = (void *) skb->data;
595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
600 hdev->hci_ver = rp->hci_ver;
601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
602 hdev->lmp_ver = rp->lmp_ver;
603 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
604 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
608 hdev->hci_ver, hdev->hci_rev);
610 if (test_bit(HCI_INIT, &hdev->flags))
614 static void hci_setup_link_policy(struct hci_dev *hdev)
618 if (hdev->features[0] & LMP_RSWITCH)
619 link_policy |= HCI_LP_RSWITCH;
620 if (hdev->features[0] & LMP_HOLD)
621 link_policy |= HCI_LP_HOLD;
622 if (hdev->features[0] & LMP_SNIFF)
623 link_policy |= HCI_LP_SNIFF;
624 if (hdev->features[1] & LMP_PARK)
625 link_policy |= HCI_LP_PARK;
627 link_policy = cpu_to_le16(link_policy);
628 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
629 sizeof(link_policy), &link_policy);
632 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
634 struct hci_rp_read_local_commands *rp = (void *) skb->data;
636 BT_DBG("%s status 0x%x", hdev->name, rp->status);
641 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
643 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
644 hci_setup_link_policy(hdev);
647 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
650 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
652 struct hci_rp_read_local_features *rp = (void *) skb->data;
654 BT_DBG("%s status 0x%x", hdev->name, rp->status);
659 memcpy(hdev->features, rp->features, 8);
661 /* Adjust default settings according to features
662 * supported by device. */
664 if (hdev->features[0] & LMP_3SLOT)
665 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
667 if (hdev->features[0] & LMP_5SLOT)
668 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
670 if (hdev->features[1] & LMP_HV2) {
671 hdev->pkt_type |= (HCI_HV2);
672 hdev->esco_type |= (ESCO_HV2);
675 if (hdev->features[1] & LMP_HV3) {
676 hdev->pkt_type |= (HCI_HV3);
677 hdev->esco_type |= (ESCO_HV3);
680 if (hdev->features[3] & LMP_ESCO)
681 hdev->esco_type |= (ESCO_EV3);
683 if (hdev->features[4] & LMP_EV4)
684 hdev->esco_type |= (ESCO_EV4);
686 if (hdev->features[4] & LMP_EV5)
687 hdev->esco_type |= (ESCO_EV5);
689 if (hdev->features[5] & LMP_EDR_ESCO_2M)
690 hdev->esco_type |= (ESCO_2EV3);
692 if (hdev->features[5] & LMP_EDR_ESCO_3M)
693 hdev->esco_type |= (ESCO_3EV3);
695 if (hdev->features[5] & LMP_EDR_3S_ESCO)
696 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
699 hdev->features[0], hdev->features[1],
700 hdev->features[2], hdev->features[3],
701 hdev->features[4], hdev->features[5],
702 hdev->features[6], hdev->features[7]);
705 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
708 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
710 BT_DBG("%s status 0x%x", hdev->name, rp->status);
717 memcpy(hdev->features, rp->features, 8);
720 memcpy(hdev->host_features, rp->features, 8);
724 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
727 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
730 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
732 BT_DBG("%s status 0x%x", hdev->name, rp->status);
737 hdev->flow_ctl_mode = rp->mode;
739 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
742 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
744 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
746 BT_DBG("%s status 0x%x", hdev->name, rp->status);
751 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
752 hdev->sco_mtu = rp->sco_mtu;
753 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
754 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
756 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
761 hdev->acl_cnt = hdev->acl_pkts;
762 hdev->sco_cnt = hdev->sco_pkts;
764 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
765 hdev->acl_mtu, hdev->acl_pkts,
766 hdev->sco_mtu, hdev->sco_pkts);
769 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
771 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
773 BT_DBG("%s status 0x%x", hdev->name, rp->status);
776 bacpy(&hdev->bdaddr, &rp->bdaddr);
778 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
781 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
784 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
786 BT_DBG("%s status 0x%x", hdev->name, rp->status);
791 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
792 hdev->block_len = __le16_to_cpu(rp->block_len);
793 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
795 hdev->block_cnt = hdev->num_blocks;
797 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
798 hdev->block_cnt, hdev->block_len);
800 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
803 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
805 __u8 status = *((__u8 *) skb->data);
807 BT_DBG("%s status 0x%x", hdev->name, status);
809 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
812 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
815 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
817 BT_DBG("%s status 0x%x", hdev->name, rp->status);
822 hdev->amp_status = rp->amp_status;
823 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
824 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
825 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
826 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
827 hdev->amp_type = rp->amp_type;
828 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
829 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
830 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
831 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
833 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
836 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
839 __u8 status = *((__u8 *) skb->data);
841 BT_DBG("%s status 0x%x", hdev->name, status);
843 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
846 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
848 __u8 status = *((__u8 *) skb->data);
850 BT_DBG("%s status 0x%x", hdev->name, status);
852 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
855 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
858 __u8 status = *((__u8 *) skb->data);
860 BT_DBG("%s status 0x%x", hdev->name, status);
862 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
865 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
868 __u8 status = *((__u8 *) skb->data);
870 BT_DBG("%s status 0x%x", hdev->name, status);
872 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
875 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
877 __u8 status = *((__u8 *) skb->data);
879 BT_DBG("%s status 0x%x", hdev->name, status);
881 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
884 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
886 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
887 struct hci_cp_pin_code_reply *cp;
888 struct hci_conn *conn;
890 BT_DBG("%s status 0x%x", hdev->name, rp->status);
894 if (test_bit(HCI_MGMT, &hdev->dev_flags))
895 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
900 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
906 conn->pin_length = cp->pin_len;
909 hci_dev_unlock(hdev);
912 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
914 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
916 BT_DBG("%s status 0x%x", hdev->name, rp->status);
920 if (test_bit(HCI_MGMT, &hdev->dev_flags))
921 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
924 hci_dev_unlock(hdev);
927 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
930 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
932 BT_DBG("%s status 0x%x", hdev->name, rp->status);
937 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
938 hdev->le_pkts = rp->le_max_pkt;
940 hdev->le_cnt = hdev->le_pkts;
942 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
944 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
947 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
949 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
951 BT_DBG("%s status 0x%x", hdev->name, rp->status);
955 if (test_bit(HCI_MGMT, &hdev->dev_flags))
956 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
959 hci_dev_unlock(hdev);
962 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
965 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
967 BT_DBG("%s status 0x%x", hdev->name, rp->status);
971 if (test_bit(HCI_MGMT, &hdev->dev_flags))
972 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
975 hci_dev_unlock(hdev);
978 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%x", hdev->name, rp->status);
986 if (test_bit(HCI_MGMT, &hdev->dev_flags))
987 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
990 hci_dev_unlock(hdev);
993 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
998 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1002 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1003 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1006 hci_dev_unlock(hdev);
1009 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1010 struct sk_buff *skb)
1012 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1014 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1017 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1018 rp->randomizer, rp->status);
1019 hci_dev_unlock(hdev);
1022 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1024 __u8 status = *((__u8 *) skb->data);
1026 BT_DBG("%s status 0x%x", hdev->name, status);
1029 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1030 struct sk_buff *skb)
1032 struct hci_cp_le_set_scan_enable *cp;
1033 __u8 status = *((__u8 *) skb->data);
1035 BT_DBG("%s status 0x%x", hdev->name, status);
1040 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1044 switch (cp->enable) {
1045 case LE_SCANNING_ENABLED:
1046 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1048 cancel_delayed_work_sync(&hdev->adv_work);
1051 hci_adv_entries_clear(hdev);
1052 hci_dev_unlock(hdev);
1055 case LE_SCANNING_DISABLED:
1056 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1058 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1062 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1067 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1069 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1071 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1076 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1079 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1081 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1083 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1088 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1091 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1092 struct sk_buff *skb)
1094 struct hci_cp_read_local_ext_features cp;
1095 __u8 status = *((__u8 *) skb->data);
1097 BT_DBG("%s status 0x%x", hdev->name, status);
1103 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1106 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1108 BT_DBG("%s status 0x%x", hdev->name, status);
1111 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1112 hci_conn_check_pending(hdev);
1114 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1115 mgmt_start_discovery_failed(hdev, status);
1116 hci_dev_unlock(hdev);
1120 set_bit(HCI_INQUIRY, &hdev->flags);
1123 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
1124 hci_dev_unlock(hdev);
1127 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1129 struct hci_cp_create_conn *cp;
1130 struct hci_conn *conn;
1132 BT_DBG("%s status 0x%x", hdev->name, status);
1134 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1142 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1145 if (conn && conn->state == BT_CONNECT) {
1146 if (status != 0x0c || conn->attempt > 2) {
1147 conn->state = BT_CLOSED;
1148 hci_proto_connect_cfm(conn, status);
1151 conn->state = BT_CONNECT2;
1155 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1158 conn->link_mode |= HCI_LM_MASTER;
1160 BT_ERR("No memory for new connection");
1164 hci_dev_unlock(hdev);
1167 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1169 struct hci_cp_add_sco *cp;
1170 struct hci_conn *acl, *sco;
1173 BT_DBG("%s status 0x%x", hdev->name, status);
1178 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1182 handle = __le16_to_cpu(cp->handle);
1184 BT_DBG("%s handle %d", hdev->name, handle);
1188 acl = hci_conn_hash_lookup_handle(hdev, handle);
1192 sco->state = BT_CLOSED;
1194 hci_proto_connect_cfm(sco, status);
1199 hci_dev_unlock(hdev);
1202 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1204 struct hci_cp_auth_requested *cp;
1205 struct hci_conn *conn;
1207 BT_DBG("%s status 0x%x", hdev->name, status);
1212 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1218 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1220 if (conn->state == BT_CONFIG) {
1221 hci_proto_connect_cfm(conn, status);
1226 hci_dev_unlock(hdev);
1229 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1231 struct hci_cp_set_conn_encrypt *cp;
1232 struct hci_conn *conn;
1234 BT_DBG("%s status 0x%x", hdev->name, status);
1239 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1245 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1247 if (conn->state == BT_CONFIG) {
1248 hci_proto_connect_cfm(conn, status);
1253 hci_dev_unlock(hdev);
1256 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1257 struct hci_conn *conn)
1259 if (conn->state != BT_CONFIG || !conn->out)
1262 if (conn->pending_sec_level == BT_SECURITY_SDP)
1265 /* Only request authentication for SSP connections or non-SSP
1266 * devices with sec_level HIGH or if MITM protection is requested */
1267 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1268 conn->pending_sec_level != BT_SECURITY_HIGH &&
1269 !(conn->auth_type & 0x01))
1275 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1277 struct hci_cp_remote_name_req cp;
1279 memset(&cp, 0, sizeof(cp));
1281 bacpy(&cp.bdaddr, &e->data.bdaddr);
1282 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1283 cp.pscan_mode = e->data.pscan_mode;
1284 cp.clock_offset = e->data.clock_offset;
1286 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1289 static bool hci_resolve_next_name(struct hci_dev *hdev)
1291 struct discovery_state *discov = &hdev->discovery;
1292 struct inquiry_entry *e;
1294 if (list_empty(&discov->resolve))
1297 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1298 if (hci_resolve_name(hdev, e) == 0) {
1299 e->name_state = NAME_PENDING;
1306 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1307 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1309 struct discovery_state *discov = &hdev->discovery;
1310 struct inquiry_entry *e;
1312 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1313 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1314 name, name_len, conn->dev_class);
1316 if (discov->state == DISCOVERY_STOPPED)
1319 if (discov->state == DISCOVERY_STOPPING)
1320 goto discov_complete;
1322 if (discov->state != DISCOVERY_RESOLVING)
1325 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1327 e->name_state = NAME_KNOWN;
1330 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1331 e->data.rssi, name, name_len);
1334 if (hci_resolve_next_name(hdev))
1338 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1341 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1343 struct hci_cp_remote_name_req *cp;
1344 struct hci_conn *conn;
1346 BT_DBG("%s status 0x%x", hdev->name, status);
1348 /* If successful wait for the name req complete event before
1349 * checking for the need to do authentication */
1353 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1361 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1362 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1367 if (!hci_outgoing_auth_needed(hdev, conn))
1370 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1371 struct hci_cp_auth_requested cp;
1372 cp.handle = __cpu_to_le16(conn->handle);
1373 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1377 hci_dev_unlock(hdev);
1380 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1382 struct hci_cp_read_remote_features *cp;
1383 struct hci_conn *conn;
1385 BT_DBG("%s status 0x%x", hdev->name, status);
1390 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1396 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1398 if (conn->state == BT_CONFIG) {
1399 hci_proto_connect_cfm(conn, status);
1404 hci_dev_unlock(hdev);
1407 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1409 struct hci_cp_read_remote_ext_features *cp;
1410 struct hci_conn *conn;
1412 BT_DBG("%s status 0x%x", hdev->name, status);
1417 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1425 if (conn->state == BT_CONFIG) {
1426 hci_proto_connect_cfm(conn, status);
1431 hci_dev_unlock(hdev);
1434 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1436 struct hci_cp_setup_sync_conn *cp;
1437 struct hci_conn *acl, *sco;
1440 BT_DBG("%s status 0x%x", hdev->name, status);
1445 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1449 handle = __le16_to_cpu(cp->handle);
1451 BT_DBG("%s handle %d", hdev->name, handle);
1455 acl = hci_conn_hash_lookup_handle(hdev, handle);
1459 sco->state = BT_CLOSED;
1461 hci_proto_connect_cfm(sco, status);
1466 hci_dev_unlock(hdev);
1469 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1471 struct hci_cp_sniff_mode *cp;
1472 struct hci_conn *conn;
1474 BT_DBG("%s status 0x%x", hdev->name, status);
1479 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1485 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1487 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1489 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1490 hci_sco_setup(conn, status);
1493 hci_dev_unlock(hdev);
1496 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1498 struct hci_cp_exit_sniff_mode *cp;
1499 struct hci_conn *conn;
1501 BT_DBG("%s status 0x%x", hdev->name, status);
1506 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1512 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1514 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1516 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1517 hci_sco_setup(conn, status);
1520 hci_dev_unlock(hdev);
1523 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1525 struct hci_cp_le_create_conn *cp;
1526 struct hci_conn *conn;
1528 BT_DBG("%s status 0x%x", hdev->name, status);
1530 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1536 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1538 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1542 if (conn && conn->state == BT_CONNECT) {
1543 conn->state = BT_CLOSED;
1544 hci_proto_connect_cfm(conn, status);
1549 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1551 conn->dst_type = cp->peer_addr_type;
1554 BT_ERR("No memory for new connection");
1559 hci_dev_unlock(hdev);
1562 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1564 BT_DBG("%s status 0x%x", hdev->name, status);
1567 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1569 __u8 status = *((__u8 *) skb->data);
1570 struct discovery_state *discov = &hdev->discovery;
1571 struct inquiry_entry *e;
1573 BT_DBG("%s status %d", hdev->name, status);
1575 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1577 hci_conn_check_pending(hdev);
1579 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1582 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1587 if (discov->state != DISCOVERY_INQUIRY)
1590 if (list_empty(&discov->resolve)) {
1591 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1595 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1596 if (e && hci_resolve_name(hdev, e) == 0) {
1597 e->name_state = NAME_PENDING;
1598 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1600 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1604 hci_dev_unlock(hdev);
1607 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1609 struct inquiry_data data;
1610 struct inquiry_info *info = (void *) (skb->data + 1);
1611 int num_rsp = *((__u8 *) skb->data);
1613 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1620 for (; num_rsp; num_rsp--, info++) {
1623 bacpy(&data.bdaddr, &info->bdaddr);
1624 data.pscan_rep_mode = info->pscan_rep_mode;
1625 data.pscan_period_mode = info->pscan_period_mode;
1626 data.pscan_mode = info->pscan_mode;
1627 memcpy(data.dev_class, info->dev_class, 3);
1628 data.clock_offset = info->clock_offset;
1630 data.ssp_mode = 0x00;
1632 name_known = hci_inquiry_cache_update(hdev, &data, false);
1633 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1634 info->dev_class, 0, !name_known,
1638 hci_dev_unlock(hdev);
1641 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1643 struct hci_ev_conn_complete *ev = (void *) skb->data;
1644 struct hci_conn *conn;
1646 BT_DBG("%s", hdev->name);
1650 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1652 if (ev->link_type != SCO_LINK)
1655 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1659 conn->type = SCO_LINK;
1663 conn->handle = __le16_to_cpu(ev->handle);
1665 if (conn->type == ACL_LINK) {
1666 conn->state = BT_CONFIG;
1667 hci_conn_hold(conn);
1668 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1670 conn->state = BT_CONNECTED;
1672 hci_conn_hold_device(conn);
1673 hci_conn_add_sysfs(conn);
1675 if (test_bit(HCI_AUTH, &hdev->flags))
1676 conn->link_mode |= HCI_LM_AUTH;
1678 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1679 conn->link_mode |= HCI_LM_ENCRYPT;
1681 /* Get remote features */
1682 if (conn->type == ACL_LINK) {
1683 struct hci_cp_read_remote_features cp;
1684 cp.handle = ev->handle;
1685 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1689 /* Set packet type for incoming connection */
1690 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1691 struct hci_cp_change_conn_ptype cp;
1692 cp.handle = ev->handle;
1693 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1694 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1698 conn->state = BT_CLOSED;
1699 if (conn->type == ACL_LINK)
1700 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1701 conn->dst_type, ev->status);
1704 if (conn->type == ACL_LINK)
1705 hci_sco_setup(conn, ev->status);
1708 hci_proto_connect_cfm(conn, ev->status);
1710 } else if (ev->link_type != ACL_LINK)
1711 hci_proto_connect_cfm(conn, ev->status);
1714 hci_dev_unlock(hdev);
1716 hci_conn_check_pending(hdev);
1719 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1721 struct hci_ev_conn_request *ev = (void *) skb->data;
1722 int mask = hdev->link_mode;
1724 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1725 batostr(&ev->bdaddr), ev->link_type);
1727 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1729 if ((mask & HCI_LM_ACCEPT) &&
1730 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1731 /* Connection accepted */
1732 struct inquiry_entry *ie;
1733 struct hci_conn *conn;
1737 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1739 memcpy(ie->data.dev_class, ev->dev_class, 3);
1741 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1743 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1745 BT_ERR("No memory for new connection");
1746 hci_dev_unlock(hdev);
1751 memcpy(conn->dev_class, ev->dev_class, 3);
1752 conn->state = BT_CONNECT;
1754 hci_dev_unlock(hdev);
1756 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1757 struct hci_cp_accept_conn_req cp;
1759 bacpy(&cp.bdaddr, &ev->bdaddr);
1761 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1762 cp.role = 0x00; /* Become master */
1764 cp.role = 0x01; /* Remain slave */
1766 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1769 struct hci_cp_accept_sync_conn_req cp;
1771 bacpy(&cp.bdaddr, &ev->bdaddr);
1772 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1774 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1775 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1776 cp.max_latency = cpu_to_le16(0xffff);
1777 cp.content_format = cpu_to_le16(hdev->voice_setting);
1778 cp.retrans_effort = 0xff;
1780 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1784 /* Connection rejected */
1785 struct hci_cp_reject_conn_req cp;
1787 bacpy(&cp.bdaddr, &ev->bdaddr);
1788 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1789 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1793 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1795 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1796 struct hci_conn *conn;
1798 BT_DBG("%s status %d", hdev->name, ev->status);
1802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1806 if (ev->status == 0)
1807 conn->state = BT_CLOSED;
1809 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1810 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1811 if (ev->status != 0)
1812 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1814 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1818 if (ev->status == 0) {
1819 hci_proto_disconn_cfm(conn, ev->reason);
1824 hci_dev_unlock(hdev);
1827 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1829 struct hci_ev_auth_complete *ev = (void *) skb->data;
1830 struct hci_conn *conn;
1832 BT_DBG("%s status %d", hdev->name, ev->status);
1836 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1841 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1842 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1843 BT_INFO("re-auth of legacy device is not possible.");
1845 conn->link_mode |= HCI_LM_AUTH;
1846 conn->sec_level = conn->pending_sec_level;
1849 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1852 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1853 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1855 if (conn->state == BT_CONFIG) {
1856 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1857 struct hci_cp_set_conn_encrypt cp;
1858 cp.handle = ev->handle;
1860 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1863 conn->state = BT_CONNECTED;
1864 hci_proto_connect_cfm(conn, ev->status);
1868 hci_auth_cfm(conn, ev->status);
1870 hci_conn_hold(conn);
1871 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1875 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1877 struct hci_cp_set_conn_encrypt cp;
1878 cp.handle = ev->handle;
1880 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1883 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1884 hci_encrypt_cfm(conn, ev->status, 0x00);
1889 hci_dev_unlock(hdev);
1892 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1894 struct hci_ev_remote_name *ev = (void *) skb->data;
1895 struct hci_conn *conn;
1897 BT_DBG("%s", hdev->name);
1899 hci_conn_check_pending(hdev);
1903 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1905 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1908 if (ev->status == 0)
1909 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1910 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1912 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1918 if (!hci_outgoing_auth_needed(hdev, conn))
1921 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1922 struct hci_cp_auth_requested cp;
1923 cp.handle = __cpu_to_le16(conn->handle);
1924 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1928 hci_dev_unlock(hdev);
1931 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1933 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1934 struct hci_conn *conn;
1936 BT_DBG("%s status %d", hdev->name, ev->status);
1940 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1944 /* Encryption implies authentication */
1945 conn->link_mode |= HCI_LM_AUTH;
1946 conn->link_mode |= HCI_LM_ENCRYPT;
1947 conn->sec_level = conn->pending_sec_level;
1949 conn->link_mode &= ~HCI_LM_ENCRYPT;
1952 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1954 if (conn->state == BT_CONFIG) {
1956 conn->state = BT_CONNECTED;
1958 hci_proto_connect_cfm(conn, ev->status);
1961 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1964 hci_dev_unlock(hdev);
1967 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1969 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1970 struct hci_conn *conn;
1972 BT_DBG("%s status %d", hdev->name, ev->status);
1976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1979 conn->link_mode |= HCI_LM_SECURE;
1981 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1983 hci_key_change_cfm(conn, ev->status);
1986 hci_dev_unlock(hdev);
1989 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1991 struct hci_ev_remote_features *ev = (void *) skb->data;
1992 struct hci_conn *conn;
1994 BT_DBG("%s status %d", hdev->name, ev->status);
1998 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2003 memcpy(conn->features, ev->features, 8);
2005 if (conn->state != BT_CONFIG)
2008 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2009 struct hci_cp_read_remote_ext_features cp;
2010 cp.handle = ev->handle;
2012 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2018 struct hci_cp_remote_name_req cp;
2019 memset(&cp, 0, sizeof(cp));
2020 bacpy(&cp.bdaddr, &conn->dst);
2021 cp.pscan_rep_mode = 0x02;
2022 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2023 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2024 mgmt_device_connected(hdev, &conn->dst, conn->type,
2025 conn->dst_type, NULL, 0,
2028 if (!hci_outgoing_auth_needed(hdev, conn)) {
2029 conn->state = BT_CONNECTED;
2030 hci_proto_connect_cfm(conn, ev->status);
2035 hci_dev_unlock(hdev);
2038 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2040 BT_DBG("%s", hdev->name);
2043 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2045 BT_DBG("%s", hdev->name);
2048 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2050 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2053 skb_pull(skb, sizeof(*ev));
2055 opcode = __le16_to_cpu(ev->opcode);
2058 case HCI_OP_INQUIRY_CANCEL:
2059 hci_cc_inquiry_cancel(hdev, skb);
2062 case HCI_OP_EXIT_PERIODIC_INQ:
2063 hci_cc_exit_periodic_inq(hdev, skb);
2066 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2067 hci_cc_remote_name_req_cancel(hdev, skb);
2070 case HCI_OP_ROLE_DISCOVERY:
2071 hci_cc_role_discovery(hdev, skb);
2074 case HCI_OP_READ_LINK_POLICY:
2075 hci_cc_read_link_policy(hdev, skb);
2078 case HCI_OP_WRITE_LINK_POLICY:
2079 hci_cc_write_link_policy(hdev, skb);
2082 case HCI_OP_READ_DEF_LINK_POLICY:
2083 hci_cc_read_def_link_policy(hdev, skb);
2086 case HCI_OP_WRITE_DEF_LINK_POLICY:
2087 hci_cc_write_def_link_policy(hdev, skb);
2091 hci_cc_reset(hdev, skb);
2094 case HCI_OP_WRITE_LOCAL_NAME:
2095 hci_cc_write_local_name(hdev, skb);
2098 case HCI_OP_READ_LOCAL_NAME:
2099 hci_cc_read_local_name(hdev, skb);
2102 case HCI_OP_WRITE_AUTH_ENABLE:
2103 hci_cc_write_auth_enable(hdev, skb);
2106 case HCI_OP_WRITE_ENCRYPT_MODE:
2107 hci_cc_write_encrypt_mode(hdev, skb);
2110 case HCI_OP_WRITE_SCAN_ENABLE:
2111 hci_cc_write_scan_enable(hdev, skb);
2114 case HCI_OP_READ_CLASS_OF_DEV:
2115 hci_cc_read_class_of_dev(hdev, skb);
2118 case HCI_OP_WRITE_CLASS_OF_DEV:
2119 hci_cc_write_class_of_dev(hdev, skb);
2122 case HCI_OP_READ_VOICE_SETTING:
2123 hci_cc_read_voice_setting(hdev, skb);
2126 case HCI_OP_WRITE_VOICE_SETTING:
2127 hci_cc_write_voice_setting(hdev, skb);
2130 case HCI_OP_HOST_BUFFER_SIZE:
2131 hci_cc_host_buffer_size(hdev, skb);
2134 case HCI_OP_READ_SSP_MODE:
2135 hci_cc_read_ssp_mode(hdev, skb);
2138 case HCI_OP_WRITE_SSP_MODE:
2139 hci_cc_write_ssp_mode(hdev, skb);
2142 case HCI_OP_READ_LOCAL_VERSION:
2143 hci_cc_read_local_version(hdev, skb);
2146 case HCI_OP_READ_LOCAL_COMMANDS:
2147 hci_cc_read_local_commands(hdev, skb);
2150 case HCI_OP_READ_LOCAL_FEATURES:
2151 hci_cc_read_local_features(hdev, skb);
2154 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2155 hci_cc_read_local_ext_features(hdev, skb);
2158 case HCI_OP_READ_BUFFER_SIZE:
2159 hci_cc_read_buffer_size(hdev, skb);
2162 case HCI_OP_READ_BD_ADDR:
2163 hci_cc_read_bd_addr(hdev, skb);
2166 case HCI_OP_READ_DATA_BLOCK_SIZE:
2167 hci_cc_read_data_block_size(hdev, skb);
2170 case HCI_OP_WRITE_CA_TIMEOUT:
2171 hci_cc_write_ca_timeout(hdev, skb);
2174 case HCI_OP_READ_FLOW_CONTROL_MODE:
2175 hci_cc_read_flow_control_mode(hdev, skb);
2178 case HCI_OP_READ_LOCAL_AMP_INFO:
2179 hci_cc_read_local_amp_info(hdev, skb);
2182 case HCI_OP_DELETE_STORED_LINK_KEY:
2183 hci_cc_delete_stored_link_key(hdev, skb);
2186 case HCI_OP_SET_EVENT_MASK:
2187 hci_cc_set_event_mask(hdev, skb);
2190 case HCI_OP_WRITE_INQUIRY_MODE:
2191 hci_cc_write_inquiry_mode(hdev, skb);
2194 case HCI_OP_READ_INQ_RSP_TX_POWER:
2195 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2198 case HCI_OP_SET_EVENT_FLT:
2199 hci_cc_set_event_flt(hdev, skb);
2202 case HCI_OP_PIN_CODE_REPLY:
2203 hci_cc_pin_code_reply(hdev, skb);
2206 case HCI_OP_PIN_CODE_NEG_REPLY:
2207 hci_cc_pin_code_neg_reply(hdev, skb);
2210 case HCI_OP_READ_LOCAL_OOB_DATA:
2211 hci_cc_read_local_oob_data_reply(hdev, skb);
2214 case HCI_OP_LE_READ_BUFFER_SIZE:
2215 hci_cc_le_read_buffer_size(hdev, skb);
2218 case HCI_OP_USER_CONFIRM_REPLY:
2219 hci_cc_user_confirm_reply(hdev, skb);
2222 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2223 hci_cc_user_confirm_neg_reply(hdev, skb);
2226 case HCI_OP_USER_PASSKEY_REPLY:
2227 hci_cc_user_passkey_reply(hdev, skb);
2230 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2231 hci_cc_user_passkey_neg_reply(hdev, skb);
2233 case HCI_OP_LE_SET_SCAN_PARAM:
2234 hci_cc_le_set_scan_param(hdev, skb);
2237 case HCI_OP_LE_SET_SCAN_ENABLE:
2238 hci_cc_le_set_scan_enable(hdev, skb);
2241 case HCI_OP_LE_LTK_REPLY:
2242 hci_cc_le_ltk_reply(hdev, skb);
2245 case HCI_OP_LE_LTK_NEG_REPLY:
2246 hci_cc_le_ltk_neg_reply(hdev, skb);
2249 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2250 hci_cc_write_le_host_supported(hdev, skb);
2254 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2258 if (ev->opcode != HCI_OP_NOP)
2259 del_timer(&hdev->cmd_timer);
2262 atomic_set(&hdev->cmd_cnt, 1);
2263 if (!skb_queue_empty(&hdev->cmd_q))
2264 queue_work(hdev->workqueue, &hdev->cmd_work);
2268 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2270 struct hci_ev_cmd_status *ev = (void *) skb->data;
2273 skb_pull(skb, sizeof(*ev));
2275 opcode = __le16_to_cpu(ev->opcode);
2278 case HCI_OP_INQUIRY:
2279 hci_cs_inquiry(hdev, ev->status);
2282 case HCI_OP_CREATE_CONN:
2283 hci_cs_create_conn(hdev, ev->status);
2286 case HCI_OP_ADD_SCO:
2287 hci_cs_add_sco(hdev, ev->status);
2290 case HCI_OP_AUTH_REQUESTED:
2291 hci_cs_auth_requested(hdev, ev->status);
2294 case HCI_OP_SET_CONN_ENCRYPT:
2295 hci_cs_set_conn_encrypt(hdev, ev->status);
2298 case HCI_OP_REMOTE_NAME_REQ:
2299 hci_cs_remote_name_req(hdev, ev->status);
2302 case HCI_OP_READ_REMOTE_FEATURES:
2303 hci_cs_read_remote_features(hdev, ev->status);
2306 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2307 hci_cs_read_remote_ext_features(hdev, ev->status);
2310 case HCI_OP_SETUP_SYNC_CONN:
2311 hci_cs_setup_sync_conn(hdev, ev->status);
2314 case HCI_OP_SNIFF_MODE:
2315 hci_cs_sniff_mode(hdev, ev->status);
2318 case HCI_OP_EXIT_SNIFF_MODE:
2319 hci_cs_exit_sniff_mode(hdev, ev->status);
2322 case HCI_OP_DISCONNECT:
2323 if (ev->status != 0)
2324 mgmt_disconnect_failed(hdev, NULL, ev->status);
2327 case HCI_OP_LE_CREATE_CONN:
2328 hci_cs_le_create_conn(hdev, ev->status);
2331 case HCI_OP_LE_START_ENC:
2332 hci_cs_le_start_enc(hdev, ev->status);
2336 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2340 if (ev->opcode != HCI_OP_NOP)
2341 del_timer(&hdev->cmd_timer);
2343 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2344 atomic_set(&hdev->cmd_cnt, 1);
2345 if (!skb_queue_empty(&hdev->cmd_q))
2346 queue_work(hdev->workqueue, &hdev->cmd_work);
2350 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2352 struct hci_ev_role_change *ev = (void *) skb->data;
2353 struct hci_conn *conn;
2355 BT_DBG("%s status %d", hdev->name, ev->status);
2359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2363 conn->link_mode &= ~HCI_LM_MASTER;
2365 conn->link_mode |= HCI_LM_MASTER;
2368 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2370 hci_role_switch_cfm(conn, ev->status, ev->role);
2373 hci_dev_unlock(hdev);
2376 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2378 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2381 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2382 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2386 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2387 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2388 BT_DBG("%s bad parameters", hdev->name);
2392 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2394 for (i = 0; i < ev->num_hndl; i++) {
2395 struct hci_comp_pkts_info *info = &ev->handles[i];
2396 struct hci_conn *conn;
2397 __u16 handle, count;
2399 handle = __le16_to_cpu(info->handle);
2400 count = __le16_to_cpu(info->count);
2402 conn = hci_conn_hash_lookup_handle(hdev, handle);
2406 conn->sent -= count;
2408 switch (conn->type) {
2410 hdev->acl_cnt += count;
2411 if (hdev->acl_cnt > hdev->acl_pkts)
2412 hdev->acl_cnt = hdev->acl_pkts;
2416 if (hdev->le_pkts) {
2417 hdev->le_cnt += count;
2418 if (hdev->le_cnt > hdev->le_pkts)
2419 hdev->le_cnt = hdev->le_pkts;
2421 hdev->acl_cnt += count;
2422 if (hdev->acl_cnt > hdev->acl_pkts)
2423 hdev->acl_cnt = hdev->acl_pkts;
2428 hdev->sco_cnt += count;
2429 if (hdev->sco_cnt > hdev->sco_pkts)
2430 hdev->sco_cnt = hdev->sco_pkts;
2434 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2439 queue_work(hdev->workqueue, &hdev->tx_work);
2442 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2443 struct sk_buff *skb)
2445 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2448 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2449 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2453 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2454 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2455 BT_DBG("%s bad parameters", hdev->name);
2459 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2462 for (i = 0; i < ev->num_hndl; i++) {
2463 struct hci_comp_blocks_info *info = &ev->handles[i];
2464 struct hci_conn *conn;
2465 __u16 handle, block_count;
2467 handle = __le16_to_cpu(info->handle);
2468 block_count = __le16_to_cpu(info->blocks);
2470 conn = hci_conn_hash_lookup_handle(hdev, handle);
2474 conn->sent -= block_count;
2476 switch (conn->type) {
2478 hdev->block_cnt += block_count;
2479 if (hdev->block_cnt > hdev->num_blocks)
2480 hdev->block_cnt = hdev->num_blocks;
2484 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2489 queue_work(hdev->workqueue, &hdev->tx_work);
2492 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2494 struct hci_ev_mode_change *ev = (void *) skb->data;
2495 struct hci_conn *conn;
2497 BT_DBG("%s status %d", hdev->name, ev->status);
2501 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2503 conn->mode = ev->mode;
2504 conn->interval = __le16_to_cpu(ev->interval);
2506 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2507 if (conn->mode == HCI_CM_ACTIVE)
2508 conn->power_save = 1;
2510 conn->power_save = 0;
2513 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2514 hci_sco_setup(conn, ev->status);
2517 hci_dev_unlock(hdev);
2520 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2522 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2523 struct hci_conn *conn;
2525 BT_DBG("%s", hdev->name);
2529 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2533 if (conn->state == BT_CONNECTED) {
2534 hci_conn_hold(conn);
2535 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2539 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2540 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2541 sizeof(ev->bdaddr), &ev->bdaddr);
2542 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2545 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2550 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2554 hci_dev_unlock(hdev);
2557 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2559 struct hci_ev_link_key_req *ev = (void *) skb->data;
2560 struct hci_cp_link_key_reply cp;
2561 struct hci_conn *conn;
2562 struct link_key *key;
2564 BT_DBG("%s", hdev->name);
2566 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2571 key = hci_find_link_key(hdev, &ev->bdaddr);
2573 BT_DBG("%s link key not found for %s", hdev->name,
2574 batostr(&ev->bdaddr));
2578 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2579 batostr(&ev->bdaddr));
2581 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2582 key->type == HCI_LK_DEBUG_COMBINATION) {
2583 BT_DBG("%s ignoring debug key", hdev->name);
2587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2589 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2590 conn->auth_type != 0xff &&
2591 (conn->auth_type & 0x01)) {
2592 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2596 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2597 conn->pending_sec_level == BT_SECURITY_HIGH) {
2598 BT_DBG("%s ignoring key unauthenticated for high \
2599 security", hdev->name);
2603 conn->key_type = key->type;
2604 conn->pin_length = key->pin_len;
2607 bacpy(&cp.bdaddr, &ev->bdaddr);
2608 memcpy(cp.link_key, key->val, 16);
2610 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2612 hci_dev_unlock(hdev);
2617 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2618 hci_dev_unlock(hdev);
2621 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2623 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2624 struct hci_conn *conn;
2627 BT_DBG("%s", hdev->name);
2631 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2633 hci_conn_hold(conn);
2634 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2635 pin_len = conn->pin_length;
2637 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2638 conn->key_type = ev->key_type;
2643 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2644 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2645 ev->key_type, pin_len);
2647 hci_dev_unlock(hdev);
2650 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2652 struct hci_ev_clock_offset *ev = (void *) skb->data;
2653 struct hci_conn *conn;
2655 BT_DBG("%s status %d", hdev->name, ev->status);
2659 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2660 if (conn && !ev->status) {
2661 struct inquiry_entry *ie;
2663 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2665 ie->data.clock_offset = ev->clock_offset;
2666 ie->timestamp = jiffies;
2670 hci_dev_unlock(hdev);
2673 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2675 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2676 struct hci_conn *conn;
2678 BT_DBG("%s status %d", hdev->name, ev->status);
2682 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2683 if (conn && !ev->status)
2684 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2686 hci_dev_unlock(hdev);
2689 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2691 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2692 struct inquiry_entry *ie;
2694 BT_DBG("%s", hdev->name);
2698 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2700 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2701 ie->timestamp = jiffies;
2704 hci_dev_unlock(hdev);
2707 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2709 struct inquiry_data data;
2710 int num_rsp = *((__u8 *) skb->data);
2713 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2720 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2721 struct inquiry_info_with_rssi_and_pscan_mode *info;
2722 info = (void *) (skb->data + 1);
2724 for (; num_rsp; num_rsp--, info++) {
2725 bacpy(&data.bdaddr, &info->bdaddr);
2726 data.pscan_rep_mode = info->pscan_rep_mode;
2727 data.pscan_period_mode = info->pscan_period_mode;
2728 data.pscan_mode = info->pscan_mode;
2729 memcpy(data.dev_class, info->dev_class, 3);
2730 data.clock_offset = info->clock_offset;
2731 data.rssi = info->rssi;
2732 data.ssp_mode = 0x00;
2734 name_known = hci_inquiry_cache_update(hdev, &data,
2736 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2737 info->dev_class, info->rssi,
2738 !name_known, NULL, 0);
2741 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2743 for (; num_rsp; num_rsp--, info++) {
2744 bacpy(&data.bdaddr, &info->bdaddr);
2745 data.pscan_rep_mode = info->pscan_rep_mode;
2746 data.pscan_period_mode = info->pscan_period_mode;
2747 data.pscan_mode = 0x00;
2748 memcpy(data.dev_class, info->dev_class, 3);
2749 data.clock_offset = info->clock_offset;
2750 data.rssi = info->rssi;
2751 data.ssp_mode = 0x00;
2752 name_known = hci_inquiry_cache_update(hdev, &data,
2754 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2755 info->dev_class, info->rssi,
2756 !name_known, NULL, 0);
2760 hci_dev_unlock(hdev);
2763 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2765 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2766 struct hci_conn *conn;
2768 BT_DBG("%s", hdev->name);
2772 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2776 if (!ev->status && ev->page == 0x01) {
2777 struct inquiry_entry *ie;
2779 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2781 ie->data.ssp_mode = (ev->features[0] & 0x01);
2783 conn->ssp_mode = (ev->features[0] & 0x01);
2786 if (conn->state != BT_CONFIG)
2790 struct hci_cp_remote_name_req cp;
2791 memset(&cp, 0, sizeof(cp));
2792 bacpy(&cp.bdaddr, &conn->dst);
2793 cp.pscan_rep_mode = 0x02;
2794 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2795 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2796 mgmt_device_connected(hdev, &conn->dst, conn->type,
2797 conn->dst_type, NULL, 0,
2800 if (!hci_outgoing_auth_needed(hdev, conn)) {
2801 conn->state = BT_CONNECTED;
2802 hci_proto_connect_cfm(conn, ev->status);
2807 hci_dev_unlock(hdev);
2810 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2812 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2813 struct hci_conn *conn;
2815 BT_DBG("%s status %d", hdev->name, ev->status);
2819 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2821 if (ev->link_type == ESCO_LINK)
2824 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2828 conn->type = SCO_LINK;
2831 switch (ev->status) {
2833 conn->handle = __le16_to_cpu(ev->handle);
2834 conn->state = BT_CONNECTED;
2836 hci_conn_hold_device(conn);
2837 hci_conn_add_sysfs(conn);
2840 case 0x11: /* Unsupported Feature or Parameter Value */
2841 case 0x1c: /* SCO interval rejected */
2842 case 0x1a: /* Unsupported Remote Feature */
2843 case 0x1f: /* Unspecified error */
2844 if (conn->out && conn->attempt < 2) {
2845 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2846 (hdev->esco_type & EDR_ESCO_MASK);
2847 hci_setup_sync(conn, conn->link->handle);
2853 conn->state = BT_CLOSED;
2857 hci_proto_connect_cfm(conn, ev->status);
2862 hci_dev_unlock(hdev);
2865 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2867 BT_DBG("%s", hdev->name);
2870 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2872 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2874 BT_DBG("%s status %d", hdev->name, ev->status);
2877 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2879 struct inquiry_data data;
2880 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2881 int num_rsp = *((__u8 *) skb->data);
2883 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2890 for (; num_rsp; num_rsp--, info++) {
2893 bacpy(&data.bdaddr, &info->bdaddr);
2894 data.pscan_rep_mode = info->pscan_rep_mode;
2895 data.pscan_period_mode = info->pscan_period_mode;
2896 data.pscan_mode = 0x00;
2897 memcpy(data.dev_class, info->dev_class, 3);
2898 data.clock_offset = info->clock_offset;
2899 data.rssi = info->rssi;
2900 data.ssp_mode = 0x01;
2902 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2903 name_known = eir_has_data_type(info->data,
2909 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2910 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2911 info->dev_class, info->rssi,
2912 !name_known, info->data,
2913 sizeof(info->data));
2916 hci_dev_unlock(hdev);
2919 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2921 /* If remote requests dedicated bonding follow that lead */
2922 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2923 /* If both remote and local IO capabilities allow MITM
2924 * protection then require it, otherwise don't */
2925 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2931 /* If remote requests no-bonding follow that lead */
2932 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2933 return conn->remote_auth | (conn->auth_type & 0x01);
2935 return conn->auth_type;
2938 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2940 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2941 struct hci_conn *conn;
2943 BT_DBG("%s", hdev->name);
2947 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2951 hci_conn_hold(conn);
2953 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2956 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2957 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2958 struct hci_cp_io_capability_reply cp;
2960 bacpy(&cp.bdaddr, &ev->bdaddr);
2961 cp.capability = conn->io_capability;
2962 conn->auth_type = hci_get_auth_req(conn);
2963 cp.authentication = conn->auth_type;
2965 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2966 hci_find_remote_oob_data(hdev, &conn->dst))
2971 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2974 struct hci_cp_io_capability_neg_reply cp;
2976 bacpy(&cp.bdaddr, &ev->bdaddr);
2977 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2979 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2984 hci_dev_unlock(hdev);
2987 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2989 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2990 struct hci_conn *conn;
2992 BT_DBG("%s", hdev->name);
2996 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3000 conn->remote_cap = ev->capability;
3001 conn->remote_oob = ev->oob_data;
3002 conn->remote_auth = ev->authentication;
3005 hci_dev_unlock(hdev);
3008 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3009 struct sk_buff *skb)
3011 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3012 int loc_mitm, rem_mitm, confirm_hint = 0;
3013 struct hci_conn *conn;
3015 BT_DBG("%s", hdev->name);
3019 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3022 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3026 loc_mitm = (conn->auth_type & 0x01);
3027 rem_mitm = (conn->remote_auth & 0x01);
3029 /* If we require MITM but the remote device can't provide that
3030 * (it has NoInputNoOutput) then reject the confirmation
3031 * request. The only exception is when we're dedicated bonding
3032 * initiators (connect_cfm_cb set) since then we always have the MITM
3034 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3035 BT_DBG("Rejecting request: remote device can't provide MITM");
3036 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3037 sizeof(ev->bdaddr), &ev->bdaddr);
3041 /* If no side requires MITM protection; auto-accept */
3042 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3043 (!rem_mitm || conn->io_capability == 0x03)) {
3045 /* If we're not the initiators request authorization to
3046 * proceed from user space (mgmt_user_confirm with
3047 * confirm_hint set to 1). */
3048 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3049 BT_DBG("Confirming auto-accept as acceptor");
3054 BT_DBG("Auto-accept of user confirmation with %ums delay",
3055 hdev->auto_accept_delay);
3057 if (hdev->auto_accept_delay > 0) {
3058 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3059 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3063 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3064 sizeof(ev->bdaddr), &ev->bdaddr);
3069 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
3073 hci_dev_unlock(hdev);
3076 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3077 struct sk_buff *skb)
3079 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3081 BT_DBG("%s", hdev->name);
3085 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3086 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3088 hci_dev_unlock(hdev);
3091 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3093 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3094 struct hci_conn *conn;
3096 BT_DBG("%s", hdev->name);
3100 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3104 /* To avoid duplicate auth_failed events to user space we check
3105 * the HCI_CONN_AUTH_PEND flag which will be set if we
3106 * initiated the authentication. A traditional auth_complete
3107 * event gets always produced as initiator and is also mapped to
3108 * the mgmt_auth_failed event */
3109 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3110 mgmt_auth_failed(hdev, &conn->dst, ev->status);
3115 hci_dev_unlock(hdev);
3118 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3120 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3121 struct inquiry_entry *ie;
3123 BT_DBG("%s", hdev->name);
3127 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3129 ie->data.ssp_mode = (ev->features[0] & 0x01);
3131 hci_dev_unlock(hdev);
3134 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3135 struct sk_buff *skb)
3137 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3138 struct oob_data *data;
3140 BT_DBG("%s", hdev->name);
3144 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3147 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3149 struct hci_cp_remote_oob_data_reply cp;
3151 bacpy(&cp.bdaddr, &ev->bdaddr);
3152 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3153 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3155 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3158 struct hci_cp_remote_oob_data_neg_reply cp;
3160 bacpy(&cp.bdaddr, &ev->bdaddr);
3161 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3166 hci_dev_unlock(hdev);
3169 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3171 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3172 struct hci_conn *conn;
3174 BT_DBG("%s status %d", hdev->name, ev->status);
3178 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3180 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3182 BT_ERR("No memory for new connection");
3183 hci_dev_unlock(hdev);
3187 conn->dst_type = ev->bdaddr_type;
3191 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3192 conn->dst_type, ev->status);
3193 hci_proto_connect_cfm(conn, ev->status);
3194 conn->state = BT_CLOSED;
3199 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3200 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3201 conn->dst_type, NULL, 0, 0);
3203 conn->sec_level = BT_SECURITY_LOW;
3204 conn->handle = __le16_to_cpu(ev->handle);
3205 conn->state = BT_CONNECTED;
3207 hci_conn_hold_device(conn);
3208 hci_conn_add_sysfs(conn);
3210 hci_proto_connect_cfm(conn, ev->status);
3213 hci_dev_unlock(hdev);
3216 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3217 struct sk_buff *skb)
3219 u8 num_reports = skb->data[0];
3220 void *ptr = &skb->data[1];
3225 while (num_reports--) {
3226 struct hci_ev_le_advertising_info *ev = ptr;
3228 hci_add_adv_entry(hdev, ev);
3230 rssi = ev->data[ev->length];
3231 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3232 NULL, rssi, 0, ev->data, ev->length);
3234 ptr += sizeof(*ev) + ev->length + 1;
3237 hci_dev_unlock(hdev);
3240 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3241 struct sk_buff *skb)
3243 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3244 struct hci_cp_le_ltk_reply cp;
3245 struct hci_cp_le_ltk_neg_reply neg;
3246 struct hci_conn *conn;
3247 struct link_key *ltk;
3249 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3253 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3257 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3261 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3262 cp.handle = cpu_to_le16(conn->handle);
3263 conn->pin_length = ltk->pin_len;
3265 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3267 hci_dev_unlock(hdev);
3272 neg.handle = ev->handle;
3273 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3274 hci_dev_unlock(hdev);
3277 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3279 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3281 skb_pull(skb, sizeof(*le_ev));
3283 switch (le_ev->subevent) {
3284 case HCI_EV_LE_CONN_COMPLETE:
3285 hci_le_conn_complete_evt(hdev, skb);
3288 case HCI_EV_LE_ADVERTISING_REPORT:
3289 hci_le_adv_report_evt(hdev, skb);
3292 case HCI_EV_LE_LTK_REQ:
3293 hci_le_ltk_request_evt(hdev, skb);
3301 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3303 struct hci_event_hdr *hdr = (void *) skb->data;
3304 __u8 event = hdr->evt;
3306 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3309 case HCI_EV_INQUIRY_COMPLETE:
3310 hci_inquiry_complete_evt(hdev, skb);
3313 case HCI_EV_INQUIRY_RESULT:
3314 hci_inquiry_result_evt(hdev, skb);
3317 case HCI_EV_CONN_COMPLETE:
3318 hci_conn_complete_evt(hdev, skb);
3321 case HCI_EV_CONN_REQUEST:
3322 hci_conn_request_evt(hdev, skb);
3325 case HCI_EV_DISCONN_COMPLETE:
3326 hci_disconn_complete_evt(hdev, skb);
3329 case HCI_EV_AUTH_COMPLETE:
3330 hci_auth_complete_evt(hdev, skb);
3333 case HCI_EV_REMOTE_NAME:
3334 hci_remote_name_evt(hdev, skb);
3337 case HCI_EV_ENCRYPT_CHANGE:
3338 hci_encrypt_change_evt(hdev, skb);
3341 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3342 hci_change_link_key_complete_evt(hdev, skb);
3345 case HCI_EV_REMOTE_FEATURES:
3346 hci_remote_features_evt(hdev, skb);
3349 case HCI_EV_REMOTE_VERSION:
3350 hci_remote_version_evt(hdev, skb);
3353 case HCI_EV_QOS_SETUP_COMPLETE:
3354 hci_qos_setup_complete_evt(hdev, skb);
3357 case HCI_EV_CMD_COMPLETE:
3358 hci_cmd_complete_evt(hdev, skb);
3361 case HCI_EV_CMD_STATUS:
3362 hci_cmd_status_evt(hdev, skb);
3365 case HCI_EV_ROLE_CHANGE:
3366 hci_role_change_evt(hdev, skb);
3369 case HCI_EV_NUM_COMP_PKTS:
3370 hci_num_comp_pkts_evt(hdev, skb);
3373 case HCI_EV_MODE_CHANGE:
3374 hci_mode_change_evt(hdev, skb);
3377 case HCI_EV_PIN_CODE_REQ:
3378 hci_pin_code_request_evt(hdev, skb);
3381 case HCI_EV_LINK_KEY_REQ:
3382 hci_link_key_request_evt(hdev, skb);
3385 case HCI_EV_LINK_KEY_NOTIFY:
3386 hci_link_key_notify_evt(hdev, skb);
3389 case HCI_EV_CLOCK_OFFSET:
3390 hci_clock_offset_evt(hdev, skb);
3393 case HCI_EV_PKT_TYPE_CHANGE:
3394 hci_pkt_type_change_evt(hdev, skb);
3397 case HCI_EV_PSCAN_REP_MODE:
3398 hci_pscan_rep_mode_evt(hdev, skb);
3401 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3402 hci_inquiry_result_with_rssi_evt(hdev, skb);
3405 case HCI_EV_REMOTE_EXT_FEATURES:
3406 hci_remote_ext_features_evt(hdev, skb);
3409 case HCI_EV_SYNC_CONN_COMPLETE:
3410 hci_sync_conn_complete_evt(hdev, skb);
3413 case HCI_EV_SYNC_CONN_CHANGED:
3414 hci_sync_conn_changed_evt(hdev, skb);
3417 case HCI_EV_SNIFF_SUBRATE:
3418 hci_sniff_subrate_evt(hdev, skb);
3421 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3422 hci_extended_inquiry_result_evt(hdev, skb);
3425 case HCI_EV_IO_CAPA_REQUEST:
3426 hci_io_capa_request_evt(hdev, skb);
3429 case HCI_EV_IO_CAPA_REPLY:
3430 hci_io_capa_reply_evt(hdev, skb);
3433 case HCI_EV_USER_CONFIRM_REQUEST:
3434 hci_user_confirm_request_evt(hdev, skb);
3437 case HCI_EV_USER_PASSKEY_REQUEST:
3438 hci_user_passkey_request_evt(hdev, skb);
3441 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3442 hci_simple_pair_complete_evt(hdev, skb);
3445 case HCI_EV_REMOTE_HOST_FEATURES:
3446 hci_remote_host_features_evt(hdev, skb);
3449 case HCI_EV_LE_META:
3450 hci_le_meta_evt(hdev, skb);
3453 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3454 hci_remote_oob_data_request_evt(hdev, skb);
3457 case HCI_EV_NUM_COMP_BLOCKS:
3458 hci_num_comp_blocks_evt(hdev, skb);
3462 BT_DBG("%s event 0x%x", hdev->name, event);
3467 hdev->stat.evt_rx++;
3470 /* Generate internal stack event */
3471 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3473 struct hci_event_hdr *hdr;
3474 struct hci_ev_stack_internal *ev;
3475 struct sk_buff *skb;
3477 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3481 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3482 hdr->evt = HCI_EV_STACK_INTERNAL;
3483 hdr->plen = sizeof(*ev) + dlen;
3485 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3487 memcpy(ev->data, data, dlen);
3489 bt_cb(skb)->incoming = 1;
3490 __net_timestamp(skb);
3492 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3493 skb->dev = (void *) hdev;
3494 hci_send_to_sock(hdev, skb, NULL);
3498 module_param(enable_le, bool, 0644);
3499 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / karo-tx-linux.git / blob