2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
198 /* Reset all flags, except persistent ones */
199 hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
200 BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
203 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
205 __u8 status = *((__u8 *) skb->data);
208 BT_DBG("%s status 0x%x", hdev->name, status);
210 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
216 if (test_bit(HCI_MGMT, &hdev->dev_flags))
217 mgmt_set_local_name_complete(hdev, sent, status);
220 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
222 hci_dev_unlock(hdev);
225 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
227 struct hci_rp_read_local_name *rp = (void *) skb->data;
229 BT_DBG("%s status 0x%x", hdev->name, rp->status);
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
237 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
239 __u8 status = *((__u8 *) skb->data);
242 BT_DBG("%s status 0x%x", hdev->name, status);
244 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 __u8 param = *((__u8 *) sent);
251 if (param == AUTH_ENABLED)
252 set_bit(HCI_AUTH, &hdev->flags);
254 clear_bit(HCI_AUTH, &hdev->flags);
257 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
260 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
262 __u8 status = *((__u8 *) skb->data);
265 BT_DBG("%s status 0x%x", hdev->name, status);
267 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
272 __u8 param = *((__u8 *) sent);
275 set_bit(HCI_ENCRYPT, &hdev->flags);
277 clear_bit(HCI_ENCRYPT, &hdev->flags);
280 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
283 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
285 __u8 param, status = *((__u8 *) skb->data);
286 int old_pscan, old_iscan;
289 BT_DBG("%s status 0x%x", hdev->name, status);
291 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
295 param = *((__u8 *) sent);
300 mgmt_write_scan_failed(hdev, param, status);
301 hdev->discov_timeout = 0;
305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
308 if (param & SCAN_INQUIRY) {
309 set_bit(HCI_ISCAN, &hdev->flags);
311 mgmt_discoverable(hdev, 1);
312 if (hdev->discov_timeout > 0) {
313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
317 } else if (old_iscan)
318 mgmt_discoverable(hdev, 0);
320 if (param & SCAN_PAGE) {
321 set_bit(HCI_PSCAN, &hdev->flags);
323 mgmt_connectable(hdev, 1);
324 } else if (old_pscan)
325 mgmt_connectable(hdev, 0);
328 hci_dev_unlock(hdev);
329 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
332 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
334 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
336 BT_DBG("%s status 0x%x", hdev->name, rp->status);
341 memcpy(hdev->dev_class, rp->dev_class, 3);
343 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
344 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
347 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 __u8 status = *((__u8 *) skb->data);
352 BT_DBG("%s status 0x%x", hdev->name, status);
357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 memcpy(hdev->dev_class, sent, 3);
364 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
366 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
369 BT_DBG("%s status 0x%x", hdev->name, rp->status);
374 setting = __le16_to_cpu(rp->voice_setting);
376 if (hdev->voice_setting == setting)
379 hdev->voice_setting = setting;
381 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
384 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
387 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
417 __u8 status = *((__u8 *) skb->data);
419 BT_DBG("%s status 0x%x", hdev->name, status);
421 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
424 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
426 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
428 BT_DBG("%s status 0x%x", hdev->name, rp->status);
434 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
436 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
441 __u8 status = *((__u8 *) skb->data);
444 BT_DBG("%s status 0x%x", hdev->name, status);
449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
454 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
459 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
461 if (hdev->features[6] & LMP_EXT_INQ)
464 if (hdev->features[3] & LMP_RSSI_INQ)
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
468 hdev->lmp_subver == 0x0757)
471 if (hdev->manufacturer == 15) {
472 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
474 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
476 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
480 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
481 hdev->lmp_subver == 0x1805)
487 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
491 mode = hci_get_inquiry_mode(hdev);
493 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
496 static void hci_setup_event_mask(struct hci_dev *hdev)
498 /* The second byte is 0xff instead of 0x9f (two reserved bits
499 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
500 * command otherwise */
501 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
503 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
504 * any event mask for pre 1.2 devices */
505 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
508 events[4] |= 0x01; /* Flow Specification Complete */
509 events[4] |= 0x02; /* Inquiry Result with RSSI */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */
511 events[5] |= 0x08; /* Synchronous Connection Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */
514 if (hdev->features[3] & LMP_RSSI_INQ)
515 events[4] |= 0x04; /* Inquiry Result with RSSI */
517 if (hdev->features[5] & LMP_SNIFF_SUBR)
518 events[5] |= 0x20; /* Sniff Subrating */
520 if (hdev->features[5] & LMP_PAUSE_ENC)
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */
523 if (hdev->features[6] & LMP_EXT_INQ)
524 events[5] |= 0x40; /* Extended Inquiry Result */
526 if (hdev->features[6] & LMP_NO_FLUSH)
527 events[7] |= 0x01; /* Enhanced Flush Complete */
529 if (hdev->features[7] & LMP_LSTO)
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */
532 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
533 events[6] |= 0x01; /* IO Capability Request */
534 events[6] |= 0x02; /* IO Capability Response */
535 events[6] |= 0x04; /* User Confirmation Request */
536 events[6] |= 0x08; /* User Passkey Request */
537 events[6] |= 0x10; /* Remote OOB Data Request */
538 events[6] |= 0x20; /* Simple Pairing Complete */
539 events[7] |= 0x04; /* User Passkey Notification */
540 events[7] |= 0x08; /* Keypress Notification */
541 events[7] |= 0x10; /* Remote Host Supported
542 * Features Notification */
545 if (hdev->features[4] & LMP_LE)
546 events[7] |= 0x20; /* LE Meta-Event */
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
551 static void hci_set_le_support(struct hci_dev *hdev)
553 struct hci_cp_write_le_host_supported cp;
555 memset(&cp, 0, sizeof(cp));
559 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
562 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
565 static void hci_setup(struct hci_dev *hdev)
567 if (hdev->dev_type != HCI_BREDR)
570 hci_setup_event_mask(hdev);
572 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
573 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
575 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
577 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
580 if (hdev->features[3] & LMP_RSSI_INQ)
581 hci_setup_inquiry_mode(hdev);
583 if (hdev->features[7] & LMP_INQ_TX_PWR)
584 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
586 if (hdev->features[7] & LMP_EXTFEATURES) {
587 struct hci_cp_read_local_ext_features cp;
590 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
594 if (hdev->features[4] & LMP_LE)
595 hci_set_le_support(hdev);
598 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
600 struct hci_rp_read_local_version *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%x", hdev->name, rp->status);
607 hdev->hci_ver = rp->hci_ver;
608 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
609 hdev->lmp_ver = rp->lmp_ver;
610 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
611 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
613 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
615 hdev->hci_ver, hdev->hci_rev);
617 if (test_bit(HCI_INIT, &hdev->flags))
621 static void hci_setup_link_policy(struct hci_dev *hdev)
625 if (hdev->features[0] & LMP_RSWITCH)
626 link_policy |= HCI_LP_RSWITCH;
627 if (hdev->features[0] & LMP_HOLD)
628 link_policy |= HCI_LP_HOLD;
629 if (hdev->features[0] & LMP_SNIFF)
630 link_policy |= HCI_LP_SNIFF;
631 if (hdev->features[1] & LMP_PARK)
632 link_policy |= HCI_LP_PARK;
634 link_policy = cpu_to_le16(link_policy);
635 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
636 sizeof(link_policy), &link_policy);
639 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
641 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643 BT_DBG("%s status 0x%x", hdev->name, rp->status);
648 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
650 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
651 hci_setup_link_policy(hdev);
654 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
657 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
659 struct hci_rp_read_local_features *rp = (void *) skb->data;
661 BT_DBG("%s status 0x%x", hdev->name, rp->status);
666 memcpy(hdev->features, rp->features, 8);
668 /* Adjust default settings according to features
669 * supported by device. */
671 if (hdev->features[0] & LMP_3SLOT)
672 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
674 if (hdev->features[0] & LMP_5SLOT)
675 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
677 if (hdev->features[1] & LMP_HV2) {
678 hdev->pkt_type |= (HCI_HV2);
679 hdev->esco_type |= (ESCO_HV2);
682 if (hdev->features[1] & LMP_HV3) {
683 hdev->pkt_type |= (HCI_HV3);
684 hdev->esco_type |= (ESCO_HV3);
687 if (hdev->features[3] & LMP_ESCO)
688 hdev->esco_type |= (ESCO_EV3);
690 if (hdev->features[4] & LMP_EV4)
691 hdev->esco_type |= (ESCO_EV4);
693 if (hdev->features[4] & LMP_EV5)
694 hdev->esco_type |= (ESCO_EV5);
696 if (hdev->features[5] & LMP_EDR_ESCO_2M)
697 hdev->esco_type |= (ESCO_2EV3);
699 if (hdev->features[5] & LMP_EDR_ESCO_3M)
700 hdev->esco_type |= (ESCO_3EV3);
702 if (hdev->features[5] & LMP_EDR_3S_ESCO)
703 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
705 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
706 hdev->features[0], hdev->features[1],
707 hdev->features[2], hdev->features[3],
708 hdev->features[4], hdev->features[5],
709 hdev->features[6], hdev->features[7]);
712 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
715 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
717 BT_DBG("%s status 0x%x", hdev->name, rp->status);
724 memcpy(hdev->features, rp->features, 8);
727 memcpy(hdev->host_features, rp->features, 8);
731 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
734 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
737 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
739 BT_DBG("%s status 0x%x", hdev->name, rp->status);
744 hdev->flow_ctl_mode = rp->mode;
746 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
749 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
753 BT_DBG("%s status 0x%x", hdev->name, rp->status);
758 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
759 hdev->sco_mtu = rp->sco_mtu;
760 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
761 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
763 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
768 hdev->acl_cnt = hdev->acl_pkts;
769 hdev->sco_cnt = hdev->sco_pkts;
771 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
772 hdev->acl_mtu, hdev->acl_pkts,
773 hdev->sco_mtu, hdev->sco_pkts);
776 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
778 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
780 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783 bacpy(&hdev->bdaddr, &rp->bdaddr);
785 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
788 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
791 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
798 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
799 hdev->block_len = __le16_to_cpu(rp->block_len);
800 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
802 hdev->block_cnt = hdev->num_blocks;
804 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
805 hdev->block_cnt, hdev->block_len);
807 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
810 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
812 __u8 status = *((__u8 *) skb->data);
814 BT_DBG("%s status 0x%x", hdev->name, status);
816 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
819 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
822 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
829 hdev->amp_status = rp->amp_status;
830 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
831 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
832 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
833 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
834 hdev->amp_type = rp->amp_type;
835 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
836 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
837 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
838 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
840 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
843 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
846 __u8 status = *((__u8 *) skb->data);
848 BT_DBG("%s status 0x%x", hdev->name, status);
850 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
853 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
855 __u8 status = *((__u8 *) skb->data);
857 BT_DBG("%s status 0x%x", hdev->name, status);
859 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
862 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
865 __u8 status = *((__u8 *) skb->data);
867 BT_DBG("%s status 0x%x", hdev->name, status);
869 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
872 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
875 __u8 status = *((__u8 *) skb->data);
877 BT_DBG("%s status 0x%x", hdev->name, status);
879 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
882 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
884 __u8 status = *((__u8 *) skb->data);
886 BT_DBG("%s status 0x%x", hdev->name, status);
888 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
891 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
893 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
894 struct hci_cp_pin_code_reply *cp;
895 struct hci_conn *conn;
897 BT_DBG("%s status 0x%x", hdev->name, rp->status);
901 if (test_bit(HCI_MGMT, &hdev->dev_flags))
902 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
907 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
913 conn->pin_length = cp->pin_len;
916 hci_dev_unlock(hdev);
919 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
921 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
923 BT_DBG("%s status 0x%x", hdev->name, rp->status);
927 if (test_bit(HCI_MGMT, &hdev->dev_flags))
928 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
931 hci_dev_unlock(hdev);
934 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
937 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
939 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
945 hdev->le_pkts = rp->le_max_pkt;
947 hdev->le_cnt = hdev->le_pkts;
949 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
951 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
954 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
956 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
958 BT_DBG("%s status 0x%x", hdev->name, rp->status);
962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
963 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
966 hci_dev_unlock(hdev);
969 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
979 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
987 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
989 BT_DBG("%s status 0x%x", hdev->name, rp->status);
993 if (test_bit(HCI_MGMT, &hdev->dev_flags))
994 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
997 hci_dev_unlock(hdev);
1000 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1013 hci_dev_unlock(hdev);
1016 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1024 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1025 rp->randomizer, rp->status);
1026 hci_dev_unlock(hdev);
1029 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1031 __u8 status = *((__u8 *) skb->data);
1033 BT_DBG("%s status 0x%x", hdev->name, status);
1036 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1037 struct sk_buff *skb)
1039 struct hci_cp_le_set_scan_enable *cp;
1040 __u8 status = *((__u8 *) skb->data);
1042 BT_DBG("%s status 0x%x", hdev->name, status);
1047 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1051 switch (cp->enable) {
1052 case LE_SCANNING_ENABLED:
1053 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1055 cancel_delayed_work_sync(&hdev->adv_work);
1058 hci_adv_entries_clear(hdev);
1059 hci_dev_unlock(hdev);
1062 case LE_SCANNING_DISABLED:
1063 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1065 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1069 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1074 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1076 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1078 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1083 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1086 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1088 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1090 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1095 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1098 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1099 struct sk_buff *skb)
1101 struct hci_cp_read_local_ext_features cp;
1102 __u8 status = *((__u8 *) skb->data);
1104 BT_DBG("%s status 0x%x", hdev->name, status);
1110 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1113 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1115 BT_DBG("%s status 0x%x", hdev->name, status);
1118 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1119 hci_conn_check_pending(hdev);
1121 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1122 mgmt_start_discovery_failed(hdev, status);
1123 hci_dev_unlock(hdev);
1127 set_bit(HCI_INQUIRY, &hdev->flags);
1130 hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
1131 hci_dev_unlock(hdev);
1134 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1136 struct hci_cp_create_conn *cp;
1137 struct hci_conn *conn;
1139 BT_DBG("%s status 0x%x", hdev->name, status);
1141 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1147 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1149 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1152 if (conn && conn->state == BT_CONNECT) {
1153 if (status != 0x0c || conn->attempt > 2) {
1154 conn->state = BT_CLOSED;
1155 hci_proto_connect_cfm(conn, status);
1158 conn->state = BT_CONNECT2;
1162 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1165 conn->link_mode |= HCI_LM_MASTER;
1167 BT_ERR("No memory for new connection");
1171 hci_dev_unlock(hdev);
1174 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1176 struct hci_cp_add_sco *cp;
1177 struct hci_conn *acl, *sco;
1180 BT_DBG("%s status 0x%x", hdev->name, status);
1185 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1189 handle = __le16_to_cpu(cp->handle);
1191 BT_DBG("%s handle %d", hdev->name, handle);
1195 acl = hci_conn_hash_lookup_handle(hdev, handle);
1199 sco->state = BT_CLOSED;
1201 hci_proto_connect_cfm(sco, status);
1206 hci_dev_unlock(hdev);
1209 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1211 struct hci_cp_auth_requested *cp;
1212 struct hci_conn *conn;
1214 BT_DBG("%s status 0x%x", hdev->name, status);
1219 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1225 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1227 if (conn->state == BT_CONFIG) {
1228 hci_proto_connect_cfm(conn, status);
1233 hci_dev_unlock(hdev);
1236 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1238 struct hci_cp_set_conn_encrypt *cp;
1239 struct hci_conn *conn;
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1246 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1252 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1254 if (conn->state == BT_CONFIG) {
1255 hci_proto_connect_cfm(conn, status);
1260 hci_dev_unlock(hdev);
1263 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1264 struct hci_conn *conn)
1266 if (conn->state != BT_CONFIG || !conn->out)
1269 if (conn->pending_sec_level == BT_SECURITY_SDP)
1272 /* Only request authentication for SSP connections or non-SSP
1273 * devices with sec_level HIGH or if MITM protection is requested */
1274 if (!hci_conn_ssp_enabled(conn) &&
1275 conn->pending_sec_level != BT_SECURITY_HIGH &&
1276 !(conn->auth_type & 0x01))
1282 static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
1284 struct hci_cp_remote_name_req cp;
1286 memset(&cp, 0, sizeof(cp));
1288 bacpy(&cp.bdaddr, &e->data.bdaddr);
1289 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1290 cp.pscan_mode = e->data.pscan_mode;
1291 cp.clock_offset = e->data.clock_offset;
1293 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1296 static bool hci_resolve_next_name(struct hci_dev *hdev)
1298 struct discovery_state *discov = &hdev->discovery;
1299 struct inquiry_entry *e;
1301 if (list_empty(&discov->resolve))
1304 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1305 if (hci_resolve_name(hdev, e) == 0) {
1306 e->name_state = NAME_PENDING;
1313 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1314 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1316 struct discovery_state *discov = &hdev->discovery;
1317 struct inquiry_entry *e;
1319 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1320 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
1321 name, name_len, conn->dev_class);
1323 if (discov->state == DISCOVERY_STOPPED)
1326 if (discov->state == DISCOVERY_STOPPING)
1327 goto discov_complete;
1329 if (discov->state != DISCOVERY_RESOLVING)
1332 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1334 e->name_state = NAME_KNOWN;
1337 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1338 e->data.rssi, name, name_len);
1341 if (hci_resolve_next_name(hdev))
1345 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1348 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1350 struct hci_cp_remote_name_req *cp;
1351 struct hci_conn *conn;
1353 BT_DBG("%s status 0x%x", hdev->name, status);
1355 /* If successful wait for the name req complete event before
1356 * checking for the need to do authentication */
1360 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1368 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1369 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1374 if (!hci_outgoing_auth_needed(hdev, conn))
1377 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1378 struct hci_cp_auth_requested cp;
1379 cp.handle = __cpu_to_le16(conn->handle);
1380 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1384 hci_dev_unlock(hdev);
1387 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1389 struct hci_cp_read_remote_features *cp;
1390 struct hci_conn *conn;
1392 BT_DBG("%s status 0x%x", hdev->name, status);
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1405 if (conn->state == BT_CONFIG) {
1406 hci_proto_connect_cfm(conn, status);
1411 hci_dev_unlock(hdev);
1414 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1416 struct hci_cp_read_remote_ext_features *cp;
1417 struct hci_conn *conn;
1419 BT_DBG("%s status 0x%x", hdev->name, status);
1424 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1432 if (conn->state == BT_CONFIG) {
1433 hci_proto_connect_cfm(conn, status);
1438 hci_dev_unlock(hdev);
1441 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1443 struct hci_cp_setup_sync_conn *cp;
1444 struct hci_conn *acl, *sco;
1447 BT_DBG("%s status 0x%x", hdev->name, status);
1452 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1456 handle = __le16_to_cpu(cp->handle);
1458 BT_DBG("%s handle %d", hdev->name, handle);
1462 acl = hci_conn_hash_lookup_handle(hdev, handle);
1466 sco->state = BT_CLOSED;
1468 hci_proto_connect_cfm(sco, status);
1473 hci_dev_unlock(hdev);
1476 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1478 struct hci_cp_sniff_mode *cp;
1479 struct hci_conn *conn;
1481 BT_DBG("%s status 0x%x", hdev->name, status);
1486 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1492 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1494 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1496 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1497 hci_sco_setup(conn, status);
1500 hci_dev_unlock(hdev);
1503 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1505 struct hci_cp_exit_sniff_mode *cp;
1506 struct hci_conn *conn;
1508 BT_DBG("%s status 0x%x", hdev->name, status);
1513 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1519 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1521 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1523 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1524 hci_sco_setup(conn, status);
1527 hci_dev_unlock(hdev);
1530 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1532 struct hci_cp_le_create_conn *cp;
1533 struct hci_conn *conn;
1535 BT_DBG("%s status 0x%x", hdev->name, status);
1537 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1545 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1549 if (conn && conn->state == BT_CONNECT) {
1550 conn->state = BT_CLOSED;
1551 hci_proto_connect_cfm(conn, status);
1556 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1558 conn->dst_type = cp->peer_addr_type;
1561 BT_ERR("No memory for new connection");
1566 hci_dev_unlock(hdev);
1569 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1571 BT_DBG("%s status 0x%x", hdev->name, status);
1574 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1576 __u8 status = *((__u8 *) skb->data);
1577 struct discovery_state *discov = &hdev->discovery;
1578 struct inquiry_entry *e;
1580 BT_DBG("%s status %d", hdev->name, status);
1582 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1584 hci_conn_check_pending(hdev);
1586 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1589 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1594 if (discov->state != DISCOVERY_INQUIRY)
1597 if (list_empty(&discov->resolve)) {
1598 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1602 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1603 if (e && hci_resolve_name(hdev, e) == 0) {
1604 e->name_state = NAME_PENDING;
1605 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1607 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1611 hci_dev_unlock(hdev);
1614 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1616 struct inquiry_data data;
1617 struct inquiry_info *info = (void *) (skb->data + 1);
1618 int num_rsp = *((__u8 *) skb->data);
1620 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1627 for (; num_rsp; num_rsp--, info++) {
1630 bacpy(&data.bdaddr, &info->bdaddr);
1631 data.pscan_rep_mode = info->pscan_rep_mode;
1632 data.pscan_period_mode = info->pscan_period_mode;
1633 data.pscan_mode = info->pscan_mode;
1634 memcpy(data.dev_class, info->dev_class, 3);
1635 data.clock_offset = info->clock_offset;
1637 data.ssp_mode = 0x00;
1639 name_known = hci_inquiry_cache_update(hdev, &data, false);
1640 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1641 info->dev_class, 0, !name_known,
1645 hci_dev_unlock(hdev);
1648 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1650 struct hci_ev_conn_complete *ev = (void *) skb->data;
1651 struct hci_conn *conn;
1653 BT_DBG("%s", hdev->name);
1657 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1659 if (ev->link_type != SCO_LINK)
1662 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1666 conn->type = SCO_LINK;
1670 conn->handle = __le16_to_cpu(ev->handle);
1672 if (conn->type == ACL_LINK) {
1673 conn->state = BT_CONFIG;
1674 hci_conn_hold(conn);
1675 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1677 conn->state = BT_CONNECTED;
1679 hci_conn_hold_device(conn);
1680 hci_conn_add_sysfs(conn);
1682 if (test_bit(HCI_AUTH, &hdev->flags))
1683 conn->link_mode |= HCI_LM_AUTH;
1685 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1686 conn->link_mode |= HCI_LM_ENCRYPT;
1688 /* Get remote features */
1689 if (conn->type == ACL_LINK) {
1690 struct hci_cp_read_remote_features cp;
1691 cp.handle = ev->handle;
1692 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1696 /* Set packet type for incoming connection */
1697 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1698 struct hci_cp_change_conn_ptype cp;
1699 cp.handle = ev->handle;
1700 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1701 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1705 conn->state = BT_CLOSED;
1706 if (conn->type == ACL_LINK)
1707 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1708 conn->dst_type, ev->status);
1711 if (conn->type == ACL_LINK)
1712 hci_sco_setup(conn, ev->status);
1715 hci_proto_connect_cfm(conn, ev->status);
1717 } else if (ev->link_type != ACL_LINK)
1718 hci_proto_connect_cfm(conn, ev->status);
1721 hci_dev_unlock(hdev);
1723 hci_conn_check_pending(hdev);
1726 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1728 struct hci_ev_conn_request *ev = (void *) skb->data;
1729 int mask = hdev->link_mode;
1731 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1732 batostr(&ev->bdaddr), ev->link_type);
1734 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1736 if ((mask & HCI_LM_ACCEPT) &&
1737 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1738 /* Connection accepted */
1739 struct inquiry_entry *ie;
1740 struct hci_conn *conn;
1744 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1746 memcpy(ie->data.dev_class, ev->dev_class, 3);
1748 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1750 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1752 BT_ERR("No memory for new connection");
1753 hci_dev_unlock(hdev);
1758 memcpy(conn->dev_class, ev->dev_class, 3);
1759 conn->state = BT_CONNECT;
1761 hci_dev_unlock(hdev);
1763 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1764 struct hci_cp_accept_conn_req cp;
1766 bacpy(&cp.bdaddr, &ev->bdaddr);
1768 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1769 cp.role = 0x00; /* Become master */
1771 cp.role = 0x01; /* Remain slave */
1773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1776 struct hci_cp_accept_sync_conn_req cp;
1778 bacpy(&cp.bdaddr, &ev->bdaddr);
1779 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1781 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1782 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1783 cp.max_latency = cpu_to_le16(0xffff);
1784 cp.content_format = cpu_to_le16(hdev->voice_setting);
1785 cp.retrans_effort = 0xff;
1787 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1791 /* Connection rejected */
1792 struct hci_cp_reject_conn_req cp;
1794 bacpy(&cp.bdaddr, &ev->bdaddr);
1795 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1796 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1800 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1802 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1803 struct hci_conn *conn;
1805 BT_DBG("%s status %d", hdev->name, ev->status);
1809 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1813 if (ev->status == 0)
1814 conn->state = BT_CLOSED;
1816 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1817 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1818 if (ev->status != 0)
1819 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1821 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1825 if (ev->status == 0) {
1826 hci_proto_disconn_cfm(conn, ev->reason);
1831 hci_dev_unlock(hdev);
1834 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1836 struct hci_ev_auth_complete *ev = (void *) skb->data;
1837 struct hci_conn *conn;
1839 BT_DBG("%s status %d", hdev->name, ev->status);
1843 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1848 if (!hci_conn_ssp_enabled(conn) &&
1849 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1850 BT_INFO("re-auth of legacy device is not possible.");
1852 conn->link_mode |= HCI_LM_AUTH;
1853 conn->sec_level = conn->pending_sec_level;
1856 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1859 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1860 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1862 if (conn->state == BT_CONFIG) {
1863 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1864 struct hci_cp_set_conn_encrypt cp;
1865 cp.handle = ev->handle;
1867 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1870 conn->state = BT_CONNECTED;
1871 hci_proto_connect_cfm(conn, ev->status);
1875 hci_auth_cfm(conn, ev->status);
1877 hci_conn_hold(conn);
1878 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1882 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1884 struct hci_cp_set_conn_encrypt cp;
1885 cp.handle = ev->handle;
1887 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1890 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1891 hci_encrypt_cfm(conn, ev->status, 0x00);
1896 hci_dev_unlock(hdev);
1899 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1901 struct hci_ev_remote_name *ev = (void *) skb->data;
1902 struct hci_conn *conn;
1904 BT_DBG("%s", hdev->name);
1906 hci_conn_check_pending(hdev);
1910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1912 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1915 if (ev->status == 0)
1916 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1917 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1919 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1925 if (!hci_outgoing_auth_needed(hdev, conn))
1928 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1929 struct hci_cp_auth_requested cp;
1930 cp.handle = __cpu_to_le16(conn->handle);
1931 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1935 hci_dev_unlock(hdev);
1938 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1940 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1941 struct hci_conn *conn;
1943 BT_DBG("%s status %d", hdev->name, ev->status);
1947 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1951 /* Encryption implies authentication */
1952 conn->link_mode |= HCI_LM_AUTH;
1953 conn->link_mode |= HCI_LM_ENCRYPT;
1954 conn->sec_level = conn->pending_sec_level;
1956 conn->link_mode &= ~HCI_LM_ENCRYPT;
1959 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1961 if (conn->state == BT_CONFIG) {
1963 conn->state = BT_CONNECTED;
1965 hci_proto_connect_cfm(conn, ev->status);
1968 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1971 hci_dev_unlock(hdev);
1974 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1976 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1977 struct hci_conn *conn;
1979 BT_DBG("%s status %d", hdev->name, ev->status);
1983 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1986 conn->link_mode |= HCI_LM_SECURE;
1988 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1990 hci_key_change_cfm(conn, ev->status);
1993 hci_dev_unlock(hdev);
1996 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1998 struct hci_ev_remote_features *ev = (void *) skb->data;
1999 struct hci_conn *conn;
2001 BT_DBG("%s status %d", hdev->name, ev->status);
2005 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2010 memcpy(conn->features, ev->features, 8);
2012 if (conn->state != BT_CONFIG)
2015 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2016 struct hci_cp_read_remote_ext_features cp;
2017 cp.handle = ev->handle;
2019 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2025 struct hci_cp_remote_name_req cp;
2026 memset(&cp, 0, sizeof(cp));
2027 bacpy(&cp.bdaddr, &conn->dst);
2028 cp.pscan_rep_mode = 0x02;
2029 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2030 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2031 mgmt_device_connected(hdev, &conn->dst, conn->type,
2032 conn->dst_type, NULL, 0,
2035 if (!hci_outgoing_auth_needed(hdev, conn)) {
2036 conn->state = BT_CONNECTED;
2037 hci_proto_connect_cfm(conn, ev->status);
2042 hci_dev_unlock(hdev);
2045 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2047 BT_DBG("%s", hdev->name);
2050 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2052 BT_DBG("%s", hdev->name);
2055 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2060 skb_pull(skb, sizeof(*ev));
2062 opcode = __le16_to_cpu(ev->opcode);
2065 case HCI_OP_INQUIRY_CANCEL:
2066 hci_cc_inquiry_cancel(hdev, skb);
2069 case HCI_OP_EXIT_PERIODIC_INQ:
2070 hci_cc_exit_periodic_inq(hdev, skb);
2073 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2074 hci_cc_remote_name_req_cancel(hdev, skb);
2077 case HCI_OP_ROLE_DISCOVERY:
2078 hci_cc_role_discovery(hdev, skb);
2081 case HCI_OP_READ_LINK_POLICY:
2082 hci_cc_read_link_policy(hdev, skb);
2085 case HCI_OP_WRITE_LINK_POLICY:
2086 hci_cc_write_link_policy(hdev, skb);
2089 case HCI_OP_READ_DEF_LINK_POLICY:
2090 hci_cc_read_def_link_policy(hdev, skb);
2093 case HCI_OP_WRITE_DEF_LINK_POLICY:
2094 hci_cc_write_def_link_policy(hdev, skb);
2098 hci_cc_reset(hdev, skb);
2101 case HCI_OP_WRITE_LOCAL_NAME:
2102 hci_cc_write_local_name(hdev, skb);
2105 case HCI_OP_READ_LOCAL_NAME:
2106 hci_cc_read_local_name(hdev, skb);
2109 case HCI_OP_WRITE_AUTH_ENABLE:
2110 hci_cc_write_auth_enable(hdev, skb);
2113 case HCI_OP_WRITE_ENCRYPT_MODE:
2114 hci_cc_write_encrypt_mode(hdev, skb);
2117 case HCI_OP_WRITE_SCAN_ENABLE:
2118 hci_cc_write_scan_enable(hdev, skb);
2121 case HCI_OP_READ_CLASS_OF_DEV:
2122 hci_cc_read_class_of_dev(hdev, skb);
2125 case HCI_OP_WRITE_CLASS_OF_DEV:
2126 hci_cc_write_class_of_dev(hdev, skb);
2129 case HCI_OP_READ_VOICE_SETTING:
2130 hci_cc_read_voice_setting(hdev, skb);
2133 case HCI_OP_WRITE_VOICE_SETTING:
2134 hci_cc_write_voice_setting(hdev, skb);
2137 case HCI_OP_HOST_BUFFER_SIZE:
2138 hci_cc_host_buffer_size(hdev, skb);
2141 case HCI_OP_READ_SSP_MODE:
2142 hci_cc_read_ssp_mode(hdev, skb);
2145 case HCI_OP_WRITE_SSP_MODE:
2146 hci_cc_write_ssp_mode(hdev, skb);
2149 case HCI_OP_READ_LOCAL_VERSION:
2150 hci_cc_read_local_version(hdev, skb);
2153 case HCI_OP_READ_LOCAL_COMMANDS:
2154 hci_cc_read_local_commands(hdev, skb);
2157 case HCI_OP_READ_LOCAL_FEATURES:
2158 hci_cc_read_local_features(hdev, skb);
2161 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2162 hci_cc_read_local_ext_features(hdev, skb);
2165 case HCI_OP_READ_BUFFER_SIZE:
2166 hci_cc_read_buffer_size(hdev, skb);
2169 case HCI_OP_READ_BD_ADDR:
2170 hci_cc_read_bd_addr(hdev, skb);
2173 case HCI_OP_READ_DATA_BLOCK_SIZE:
2174 hci_cc_read_data_block_size(hdev, skb);
2177 case HCI_OP_WRITE_CA_TIMEOUT:
2178 hci_cc_write_ca_timeout(hdev, skb);
2181 case HCI_OP_READ_FLOW_CONTROL_MODE:
2182 hci_cc_read_flow_control_mode(hdev, skb);
2185 case HCI_OP_READ_LOCAL_AMP_INFO:
2186 hci_cc_read_local_amp_info(hdev, skb);
2189 case HCI_OP_DELETE_STORED_LINK_KEY:
2190 hci_cc_delete_stored_link_key(hdev, skb);
2193 case HCI_OP_SET_EVENT_MASK:
2194 hci_cc_set_event_mask(hdev, skb);
2197 case HCI_OP_WRITE_INQUIRY_MODE:
2198 hci_cc_write_inquiry_mode(hdev, skb);
2201 case HCI_OP_READ_INQ_RSP_TX_POWER:
2202 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2205 case HCI_OP_SET_EVENT_FLT:
2206 hci_cc_set_event_flt(hdev, skb);
2209 case HCI_OP_PIN_CODE_REPLY:
2210 hci_cc_pin_code_reply(hdev, skb);
2213 case HCI_OP_PIN_CODE_NEG_REPLY:
2214 hci_cc_pin_code_neg_reply(hdev, skb);
2217 case HCI_OP_READ_LOCAL_OOB_DATA:
2218 hci_cc_read_local_oob_data_reply(hdev, skb);
2221 case HCI_OP_LE_READ_BUFFER_SIZE:
2222 hci_cc_le_read_buffer_size(hdev, skb);
2225 case HCI_OP_USER_CONFIRM_REPLY:
2226 hci_cc_user_confirm_reply(hdev, skb);
2229 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2230 hci_cc_user_confirm_neg_reply(hdev, skb);
2233 case HCI_OP_USER_PASSKEY_REPLY:
2234 hci_cc_user_passkey_reply(hdev, skb);
2237 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2238 hci_cc_user_passkey_neg_reply(hdev, skb);
2240 case HCI_OP_LE_SET_SCAN_PARAM:
2241 hci_cc_le_set_scan_param(hdev, skb);
2244 case HCI_OP_LE_SET_SCAN_ENABLE:
2245 hci_cc_le_set_scan_enable(hdev, skb);
2248 case HCI_OP_LE_LTK_REPLY:
2249 hci_cc_le_ltk_reply(hdev, skb);
2252 case HCI_OP_LE_LTK_NEG_REPLY:
2253 hci_cc_le_ltk_neg_reply(hdev, skb);
2256 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2257 hci_cc_write_le_host_supported(hdev, skb);
2261 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2265 if (ev->opcode != HCI_OP_NOP)
2266 del_timer(&hdev->cmd_timer);
2269 atomic_set(&hdev->cmd_cnt, 1);
2270 if (!skb_queue_empty(&hdev->cmd_q))
2271 queue_work(hdev->workqueue, &hdev->cmd_work);
2275 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2277 struct hci_ev_cmd_status *ev = (void *) skb->data;
2280 skb_pull(skb, sizeof(*ev));
2282 opcode = __le16_to_cpu(ev->opcode);
2285 case HCI_OP_INQUIRY:
2286 hci_cs_inquiry(hdev, ev->status);
2289 case HCI_OP_CREATE_CONN:
2290 hci_cs_create_conn(hdev, ev->status);
2293 case HCI_OP_ADD_SCO:
2294 hci_cs_add_sco(hdev, ev->status);
2297 case HCI_OP_AUTH_REQUESTED:
2298 hci_cs_auth_requested(hdev, ev->status);
2301 case HCI_OP_SET_CONN_ENCRYPT:
2302 hci_cs_set_conn_encrypt(hdev, ev->status);
2305 case HCI_OP_REMOTE_NAME_REQ:
2306 hci_cs_remote_name_req(hdev, ev->status);
2309 case HCI_OP_READ_REMOTE_FEATURES:
2310 hci_cs_read_remote_features(hdev, ev->status);
2313 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2314 hci_cs_read_remote_ext_features(hdev, ev->status);
2317 case HCI_OP_SETUP_SYNC_CONN:
2318 hci_cs_setup_sync_conn(hdev, ev->status);
2321 case HCI_OP_SNIFF_MODE:
2322 hci_cs_sniff_mode(hdev, ev->status);
2325 case HCI_OP_EXIT_SNIFF_MODE:
2326 hci_cs_exit_sniff_mode(hdev, ev->status);
2329 case HCI_OP_DISCONNECT:
2330 if (ev->status != 0)
2331 mgmt_disconnect_failed(hdev, NULL, ev->status);
2334 case HCI_OP_LE_CREATE_CONN:
2335 hci_cs_le_create_conn(hdev, ev->status);
2338 case HCI_OP_LE_START_ENC:
2339 hci_cs_le_start_enc(hdev, ev->status);
2343 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2347 if (ev->opcode != HCI_OP_NOP)
2348 del_timer(&hdev->cmd_timer);
2350 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2351 atomic_set(&hdev->cmd_cnt, 1);
2352 if (!skb_queue_empty(&hdev->cmd_q))
2353 queue_work(hdev->workqueue, &hdev->cmd_work);
2357 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2359 struct hci_ev_role_change *ev = (void *) skb->data;
2360 struct hci_conn *conn;
2362 BT_DBG("%s status %d", hdev->name, ev->status);
2366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2370 conn->link_mode &= ~HCI_LM_MASTER;
2372 conn->link_mode |= HCI_LM_MASTER;
2375 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2377 hci_role_switch_cfm(conn, ev->status, ev->role);
2380 hci_dev_unlock(hdev);
2383 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2385 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2388 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2389 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2393 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2394 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2395 BT_DBG("%s bad parameters", hdev->name);
2399 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2401 for (i = 0; i < ev->num_hndl; i++) {
2402 struct hci_comp_pkts_info *info = &ev->handles[i];
2403 struct hci_conn *conn;
2404 __u16 handle, count;
2406 handle = __le16_to_cpu(info->handle);
2407 count = __le16_to_cpu(info->count);
2409 conn = hci_conn_hash_lookup_handle(hdev, handle);
2413 conn->sent -= count;
2415 switch (conn->type) {
2417 hdev->acl_cnt += count;
2418 if (hdev->acl_cnt > hdev->acl_pkts)
2419 hdev->acl_cnt = hdev->acl_pkts;
2423 if (hdev->le_pkts) {
2424 hdev->le_cnt += count;
2425 if (hdev->le_cnt > hdev->le_pkts)
2426 hdev->le_cnt = hdev->le_pkts;
2428 hdev->acl_cnt += count;
2429 if (hdev->acl_cnt > hdev->acl_pkts)
2430 hdev->acl_cnt = hdev->acl_pkts;
2435 hdev->sco_cnt += count;
2436 if (hdev->sco_cnt > hdev->sco_pkts)
2437 hdev->sco_cnt = hdev->sco_pkts;
2441 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2446 queue_work(hdev->workqueue, &hdev->tx_work);
2449 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2450 struct sk_buff *skb)
2452 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2455 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2456 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2460 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2461 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2462 BT_DBG("%s bad parameters", hdev->name);
2466 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2469 for (i = 0; i < ev->num_hndl; i++) {
2470 struct hci_comp_blocks_info *info = &ev->handles[i];
2471 struct hci_conn *conn;
2472 __u16 handle, block_count;
2474 handle = __le16_to_cpu(info->handle);
2475 block_count = __le16_to_cpu(info->blocks);
2477 conn = hci_conn_hash_lookup_handle(hdev, handle);
2481 conn->sent -= block_count;
2483 switch (conn->type) {
2485 hdev->block_cnt += block_count;
2486 if (hdev->block_cnt > hdev->num_blocks)
2487 hdev->block_cnt = hdev->num_blocks;
2491 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2496 queue_work(hdev->workqueue, &hdev->tx_work);
2499 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2501 struct hci_ev_mode_change *ev = (void *) skb->data;
2502 struct hci_conn *conn;
2504 BT_DBG("%s status %d", hdev->name, ev->status);
2508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2510 conn->mode = ev->mode;
2511 conn->interval = __le16_to_cpu(ev->interval);
2513 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2514 if (conn->mode == HCI_CM_ACTIVE)
2515 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2517 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2520 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2521 hci_sco_setup(conn, ev->status);
2524 hci_dev_unlock(hdev);
2527 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2529 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2530 struct hci_conn *conn;
2532 BT_DBG("%s", hdev->name);
2536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2540 if (conn->state == BT_CONNECTED) {
2541 hci_conn_hold(conn);
2542 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2546 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2547 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2548 sizeof(ev->bdaddr), &ev->bdaddr);
2549 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2552 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2557 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2561 hci_dev_unlock(hdev);
2564 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2566 struct hci_ev_link_key_req *ev = (void *) skb->data;
2567 struct hci_cp_link_key_reply cp;
2568 struct hci_conn *conn;
2569 struct link_key *key;
2571 BT_DBG("%s", hdev->name);
2573 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2578 key = hci_find_link_key(hdev, &ev->bdaddr);
2580 BT_DBG("%s link key not found for %s", hdev->name,
2581 batostr(&ev->bdaddr));
2585 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2586 batostr(&ev->bdaddr));
2588 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2589 key->type == HCI_LK_DEBUG_COMBINATION) {
2590 BT_DBG("%s ignoring debug key", hdev->name);
2594 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2596 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2597 conn->auth_type != 0xff &&
2598 (conn->auth_type & 0x01)) {
2599 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2603 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2604 conn->pending_sec_level == BT_SECURITY_HIGH) {
2605 BT_DBG("%s ignoring key unauthenticated for high \
2606 security", hdev->name);
2610 conn->key_type = key->type;
2611 conn->pin_length = key->pin_len;
2614 bacpy(&cp.bdaddr, &ev->bdaddr);
2615 memcpy(cp.link_key, key->val, 16);
2617 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2619 hci_dev_unlock(hdev);
2624 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2625 hci_dev_unlock(hdev);
2628 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2630 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2631 struct hci_conn *conn;
2634 BT_DBG("%s", hdev->name);
2638 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2640 hci_conn_hold(conn);
2641 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2642 pin_len = conn->pin_length;
2644 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2645 conn->key_type = ev->key_type;
2650 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2651 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2652 ev->key_type, pin_len);
2654 hci_dev_unlock(hdev);
2657 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2659 struct hci_ev_clock_offset *ev = (void *) skb->data;
2660 struct hci_conn *conn;
2662 BT_DBG("%s status %d", hdev->name, ev->status);
2666 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2667 if (conn && !ev->status) {
2668 struct inquiry_entry *ie;
2670 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2672 ie->data.clock_offset = ev->clock_offset;
2673 ie->timestamp = jiffies;
2677 hci_dev_unlock(hdev);
2680 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2682 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2683 struct hci_conn *conn;
2685 BT_DBG("%s status %d", hdev->name, ev->status);
2689 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2690 if (conn && !ev->status)
2691 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2693 hci_dev_unlock(hdev);
2696 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2698 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2699 struct inquiry_entry *ie;
2701 BT_DBG("%s", hdev->name);
2705 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2707 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2708 ie->timestamp = jiffies;
2711 hci_dev_unlock(hdev);
2714 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2716 struct inquiry_data data;
2717 int num_rsp = *((__u8 *) skb->data);
2720 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2727 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2728 struct inquiry_info_with_rssi_and_pscan_mode *info;
2729 info = (void *) (skb->data + 1);
2731 for (; num_rsp; num_rsp--, info++) {
2732 bacpy(&data.bdaddr, &info->bdaddr);
2733 data.pscan_rep_mode = info->pscan_rep_mode;
2734 data.pscan_period_mode = info->pscan_period_mode;
2735 data.pscan_mode = info->pscan_mode;
2736 memcpy(data.dev_class, info->dev_class, 3);
2737 data.clock_offset = info->clock_offset;
2738 data.rssi = info->rssi;
2739 data.ssp_mode = 0x00;
2741 name_known = hci_inquiry_cache_update(hdev, &data,
2743 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2744 info->dev_class, info->rssi,
2745 !name_known, NULL, 0);
2748 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2750 for (; num_rsp; num_rsp--, info++) {
2751 bacpy(&data.bdaddr, &info->bdaddr);
2752 data.pscan_rep_mode = info->pscan_rep_mode;
2753 data.pscan_period_mode = info->pscan_period_mode;
2754 data.pscan_mode = 0x00;
2755 memcpy(data.dev_class, info->dev_class, 3);
2756 data.clock_offset = info->clock_offset;
2757 data.rssi = info->rssi;
2758 data.ssp_mode = 0x00;
2759 name_known = hci_inquiry_cache_update(hdev, &data,
2761 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2762 info->dev_class, info->rssi,
2763 !name_known, NULL, 0);
2767 hci_dev_unlock(hdev);
2770 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2772 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2773 struct hci_conn *conn;
2775 BT_DBG("%s", hdev->name);
2779 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2783 if (!ev->status && ev->page == 0x01) {
2784 struct inquiry_entry *ie;
2786 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2788 ie->data.ssp_mode = (ev->features[0] & 0x01);
2790 if (ev->features[0] & 0x01)
2791 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2794 if (conn->state != BT_CONFIG)
2798 struct hci_cp_remote_name_req cp;
2799 memset(&cp, 0, sizeof(cp));
2800 bacpy(&cp.bdaddr, &conn->dst);
2801 cp.pscan_rep_mode = 0x02;
2802 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2803 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2804 mgmt_device_connected(hdev, &conn->dst, conn->type,
2805 conn->dst_type, NULL, 0,
2808 if (!hci_outgoing_auth_needed(hdev, conn)) {
2809 conn->state = BT_CONNECTED;
2810 hci_proto_connect_cfm(conn, ev->status);
2815 hci_dev_unlock(hdev);
2818 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2820 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2821 struct hci_conn *conn;
2823 BT_DBG("%s status %d", hdev->name, ev->status);
2827 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2829 if (ev->link_type == ESCO_LINK)
2832 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2836 conn->type = SCO_LINK;
2839 switch (ev->status) {
2841 conn->handle = __le16_to_cpu(ev->handle);
2842 conn->state = BT_CONNECTED;
2844 hci_conn_hold_device(conn);
2845 hci_conn_add_sysfs(conn);
2848 case 0x11: /* Unsupported Feature or Parameter Value */
2849 case 0x1c: /* SCO interval rejected */
2850 case 0x1a: /* Unsupported Remote Feature */
2851 case 0x1f: /* Unspecified error */
2852 if (conn->out && conn->attempt < 2) {
2853 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2854 (hdev->esco_type & EDR_ESCO_MASK);
2855 hci_setup_sync(conn, conn->link->handle);
2861 conn->state = BT_CLOSED;
2865 hci_proto_connect_cfm(conn, ev->status);
2870 hci_dev_unlock(hdev);
2873 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2875 BT_DBG("%s", hdev->name);
2878 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2880 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2882 BT_DBG("%s status %d", hdev->name, ev->status);
2885 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2887 struct inquiry_data data;
2888 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2889 int num_rsp = *((__u8 *) skb->data);
2891 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2898 for (; num_rsp; num_rsp--, info++) {
2901 bacpy(&data.bdaddr, &info->bdaddr);
2902 data.pscan_rep_mode = info->pscan_rep_mode;
2903 data.pscan_period_mode = info->pscan_period_mode;
2904 data.pscan_mode = 0x00;
2905 memcpy(data.dev_class, info->dev_class, 3);
2906 data.clock_offset = info->clock_offset;
2907 data.rssi = info->rssi;
2908 data.ssp_mode = 0x01;
2910 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2911 name_known = eir_has_data_type(info->data,
2917 name_known = hci_inquiry_cache_update(hdev, &data, name_known);
2918 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2919 info->dev_class, info->rssi,
2920 !name_known, info->data,
2921 sizeof(info->data));
2924 hci_dev_unlock(hdev);
2927 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2929 /* If remote requests dedicated bonding follow that lead */
2930 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2931 /* If both remote and local IO capabilities allow MITM
2932 * protection then require it, otherwise don't */
2933 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2939 /* If remote requests no-bonding follow that lead */
2940 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2941 return conn->remote_auth | (conn->auth_type & 0x01);
2943 return conn->auth_type;
2946 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2948 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2949 struct hci_conn *conn;
2951 BT_DBG("%s", hdev->name);
2955 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2959 hci_conn_hold(conn);
2961 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2964 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2965 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2966 struct hci_cp_io_capability_reply cp;
2968 bacpy(&cp.bdaddr, &ev->bdaddr);
2969 /* Change the IO capability from KeyboardDisplay
2970 * to DisplayYesNo as it is not supported by BT spec. */
2971 cp.capability = (conn->io_capability == 0x04) ?
2972 0x01 : conn->io_capability;
2973 conn->auth_type = hci_get_auth_req(conn);
2974 cp.authentication = conn->auth_type;
2976 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
2977 hci_find_remote_oob_data(hdev, &conn->dst))
2982 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2985 struct hci_cp_io_capability_neg_reply cp;
2987 bacpy(&cp.bdaddr, &ev->bdaddr);
2988 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2990 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2995 hci_dev_unlock(hdev);
2998 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3000 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3001 struct hci_conn *conn;
3003 BT_DBG("%s", hdev->name);
3007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3011 conn->remote_cap = ev->capability;
3012 conn->remote_auth = ev->authentication;
3014 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3017 hci_dev_unlock(hdev);
3020 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3021 struct sk_buff *skb)
3023 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3024 int loc_mitm, rem_mitm, confirm_hint = 0;
3025 struct hci_conn *conn;
3027 BT_DBG("%s", hdev->name);
3031 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3034 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3038 loc_mitm = (conn->auth_type & 0x01);
3039 rem_mitm = (conn->remote_auth & 0x01);
3041 /* If we require MITM but the remote device can't provide that
3042 * (it has NoInputNoOutput) then reject the confirmation
3043 * request. The only exception is when we're dedicated bonding
3044 * initiators (connect_cfm_cb set) since then we always have the MITM
3046 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3047 BT_DBG("Rejecting request: remote device can't provide MITM");
3048 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3049 sizeof(ev->bdaddr), &ev->bdaddr);
3053 /* If no side requires MITM protection; auto-accept */
3054 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3055 (!rem_mitm || conn->io_capability == 0x03)) {
3057 /* If we're not the initiators request authorization to
3058 * proceed from user space (mgmt_user_confirm with
3059 * confirm_hint set to 1). */
3060 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3061 BT_DBG("Confirming auto-accept as acceptor");
3066 BT_DBG("Auto-accept of user confirmation with %ums delay",
3067 hdev->auto_accept_delay);
3069 if (hdev->auto_accept_delay > 0) {
3070 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3071 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3075 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3076 sizeof(ev->bdaddr), &ev->bdaddr);
3081 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
3085 hci_dev_unlock(hdev);
3088 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3089 struct sk_buff *skb)
3091 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3093 BT_DBG("%s", hdev->name);
3097 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3098 mgmt_user_passkey_request(hdev, &ev->bdaddr);
3100 hci_dev_unlock(hdev);
3103 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3105 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3106 struct hci_conn *conn;
3108 BT_DBG("%s", hdev->name);
3112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3116 /* To avoid duplicate auth_failed events to user space we check
3117 * the HCI_CONN_AUTH_PEND flag which will be set if we
3118 * initiated the authentication. A traditional auth_complete
3119 * event gets always produced as initiator and is also mapped to
3120 * the mgmt_auth_failed event */
3121 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3122 mgmt_auth_failed(hdev, &conn->dst, ev->status);
3127 hci_dev_unlock(hdev);
3130 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
3132 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3133 struct inquiry_entry *ie;
3135 BT_DBG("%s", hdev->name);
3139 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3141 ie->data.ssp_mode = (ev->features[0] & 0x01);
3143 hci_dev_unlock(hdev);
3146 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3147 struct sk_buff *skb)
3149 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3150 struct oob_data *data;
3152 BT_DBG("%s", hdev->name);
3156 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3159 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3161 struct hci_cp_remote_oob_data_reply cp;
3163 bacpy(&cp.bdaddr, &ev->bdaddr);
3164 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3165 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3167 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3170 struct hci_cp_remote_oob_data_neg_reply cp;
3172 bacpy(&cp.bdaddr, &ev->bdaddr);
3173 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3178 hci_dev_unlock(hdev);
3181 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3183 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3184 struct hci_conn *conn;
3186 BT_DBG("%s status %d", hdev->name, ev->status);
3190 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3192 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3194 BT_ERR("No memory for new connection");
3195 hci_dev_unlock(hdev);
3199 conn->dst_type = ev->bdaddr_type;
3203 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3204 conn->dst_type, ev->status);
3205 hci_proto_connect_cfm(conn, ev->status);
3206 conn->state = BT_CLOSED;
3211 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3212 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3213 conn->dst_type, NULL, 0, 0);
3215 conn->sec_level = BT_SECURITY_LOW;
3216 conn->handle = __le16_to_cpu(ev->handle);
3217 conn->state = BT_CONNECTED;
3219 hci_conn_hold_device(conn);
3220 hci_conn_add_sysfs(conn);
3222 hci_proto_connect_cfm(conn, ev->status);
3225 hci_dev_unlock(hdev);
3228 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3229 struct sk_buff *skb)
3231 u8 num_reports = skb->data[0];
3232 void *ptr = &skb->data[1];
3237 while (num_reports--) {
3238 struct hci_ev_le_advertising_info *ev = ptr;
3240 hci_add_adv_entry(hdev, ev);
3242 rssi = ev->data[ev->length];
3243 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3244 NULL, rssi, 0, ev->data, ev->length);
3246 ptr += sizeof(*ev) + ev->length + 1;
3249 hci_dev_unlock(hdev);
3252 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3253 struct sk_buff *skb)
3255 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3256 struct hci_cp_le_ltk_reply cp;
3257 struct hci_cp_le_ltk_neg_reply neg;
3258 struct hci_conn *conn;
3259 struct smp_ltk *ltk;
3261 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3269 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3273 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3274 cp.handle = cpu_to_le16(conn->handle);
3276 if (ltk->authenticated)
3277 conn->sec_level = BT_SECURITY_HIGH;
3279 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3281 if (ltk->type & HCI_SMP_STK) {
3282 list_del(<k->list);
3286 hci_dev_unlock(hdev);
3291 neg.handle = ev->handle;
3292 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3293 hci_dev_unlock(hdev);
3296 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3298 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3300 skb_pull(skb, sizeof(*le_ev));
3302 switch (le_ev->subevent) {
3303 case HCI_EV_LE_CONN_COMPLETE:
3304 hci_le_conn_complete_evt(hdev, skb);
3307 case HCI_EV_LE_ADVERTISING_REPORT:
3308 hci_le_adv_report_evt(hdev, skb);
3311 case HCI_EV_LE_LTK_REQ:
3312 hci_le_ltk_request_evt(hdev, skb);
3320 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3322 struct hci_event_hdr *hdr = (void *) skb->data;
3323 __u8 event = hdr->evt;
3325 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3328 case HCI_EV_INQUIRY_COMPLETE:
3329 hci_inquiry_complete_evt(hdev, skb);
3332 case HCI_EV_INQUIRY_RESULT:
3333 hci_inquiry_result_evt(hdev, skb);
3336 case HCI_EV_CONN_COMPLETE:
3337 hci_conn_complete_evt(hdev, skb);
3340 case HCI_EV_CONN_REQUEST:
3341 hci_conn_request_evt(hdev, skb);
3344 case HCI_EV_DISCONN_COMPLETE:
3345 hci_disconn_complete_evt(hdev, skb);
3348 case HCI_EV_AUTH_COMPLETE:
3349 hci_auth_complete_evt(hdev, skb);
3352 case HCI_EV_REMOTE_NAME:
3353 hci_remote_name_evt(hdev, skb);
3356 case HCI_EV_ENCRYPT_CHANGE:
3357 hci_encrypt_change_evt(hdev, skb);
3360 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3361 hci_change_link_key_complete_evt(hdev, skb);
3364 case HCI_EV_REMOTE_FEATURES:
3365 hci_remote_features_evt(hdev, skb);
3368 case HCI_EV_REMOTE_VERSION:
3369 hci_remote_version_evt(hdev, skb);
3372 case HCI_EV_QOS_SETUP_COMPLETE:
3373 hci_qos_setup_complete_evt(hdev, skb);
3376 case HCI_EV_CMD_COMPLETE:
3377 hci_cmd_complete_evt(hdev, skb);
3380 case HCI_EV_CMD_STATUS:
3381 hci_cmd_status_evt(hdev, skb);
3384 case HCI_EV_ROLE_CHANGE:
3385 hci_role_change_evt(hdev, skb);
3388 case HCI_EV_NUM_COMP_PKTS:
3389 hci_num_comp_pkts_evt(hdev, skb);
3392 case HCI_EV_MODE_CHANGE:
3393 hci_mode_change_evt(hdev, skb);
3396 case HCI_EV_PIN_CODE_REQ:
3397 hci_pin_code_request_evt(hdev, skb);
3400 case HCI_EV_LINK_KEY_REQ:
3401 hci_link_key_request_evt(hdev, skb);
3404 case HCI_EV_LINK_KEY_NOTIFY:
3405 hci_link_key_notify_evt(hdev, skb);
3408 case HCI_EV_CLOCK_OFFSET:
3409 hci_clock_offset_evt(hdev, skb);
3412 case HCI_EV_PKT_TYPE_CHANGE:
3413 hci_pkt_type_change_evt(hdev, skb);
3416 case HCI_EV_PSCAN_REP_MODE:
3417 hci_pscan_rep_mode_evt(hdev, skb);
3420 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3421 hci_inquiry_result_with_rssi_evt(hdev, skb);
3424 case HCI_EV_REMOTE_EXT_FEATURES:
3425 hci_remote_ext_features_evt(hdev, skb);
3428 case HCI_EV_SYNC_CONN_COMPLETE:
3429 hci_sync_conn_complete_evt(hdev, skb);
3432 case HCI_EV_SYNC_CONN_CHANGED:
3433 hci_sync_conn_changed_evt(hdev, skb);
3436 case HCI_EV_SNIFF_SUBRATE:
3437 hci_sniff_subrate_evt(hdev, skb);
3440 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3441 hci_extended_inquiry_result_evt(hdev, skb);
3444 case HCI_EV_IO_CAPA_REQUEST:
3445 hci_io_capa_request_evt(hdev, skb);
3448 case HCI_EV_IO_CAPA_REPLY:
3449 hci_io_capa_reply_evt(hdev, skb);
3452 case HCI_EV_USER_CONFIRM_REQUEST:
3453 hci_user_confirm_request_evt(hdev, skb);
3456 case HCI_EV_USER_PASSKEY_REQUEST:
3457 hci_user_passkey_request_evt(hdev, skb);
3460 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3461 hci_simple_pair_complete_evt(hdev, skb);
3464 case HCI_EV_REMOTE_HOST_FEATURES:
3465 hci_remote_host_features_evt(hdev, skb);
3468 case HCI_EV_LE_META:
3469 hci_le_meta_evt(hdev, skb);
3472 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3473 hci_remote_oob_data_request_evt(hdev, skb);
3476 case HCI_EV_NUM_COMP_BLOCKS:
3477 hci_num_comp_blocks_evt(hdev, skb);
3481 BT_DBG("%s event 0x%x", hdev->name, event);
3486 hdev->stat.evt_rx++;
3489 /* Generate internal stack event */
3490 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3492 struct hci_event_hdr *hdr;
3493 struct hci_ev_stack_internal *ev;
3494 struct sk_buff *skb;
3496 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3500 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3501 hdr->evt = HCI_EV_STACK_INTERNAL;
3502 hdr->plen = sizeof(*ev) + dlen;
3504 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3506 memcpy(ev->data, data, dlen);
3508 bt_cb(skb)->incoming = 1;
3509 __net_timestamp(skb);
3511 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3512 skb->dev = (void *) hdev;
3513 hci_send_to_sock(hdev, skb, NULL);
3517 module_param(enable_le, bool, 0644);
3518 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / karo-tx-linux.git / blob