2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
64 mgmt_discovering(hdev, 0);
67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
69 hci_conn_check_pending(hdev);
72 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 __u8 status = *((__u8 *) skb->data);
76 BT_DBG("%s status 0x%x", hdev->name, status);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 BT_DBG("%s", hdev->name);
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 conn->link_mode &= ~HCI_LM_MASTER;
106 conn->link_mode |= HCI_LM_MASTER;
109 hci_dev_unlock(hdev);
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 conn->link_policy = __le16_to_cpu(rp->policy);
128 hci_dev_unlock(hdev);
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150 conn->link_policy = get_unaligned_le16(sent + 2);
152 hci_dev_unlock(hdev);
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164 hdev->link_policy = __le16_to_cpu(rp->policy);
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%x", hdev->name, status);
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 hdev->link_policy = get_unaligned_le16(sent);
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 hci_req_complete(hdev, HCI_OP_RESET, status);
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
197 __u8 status = *((__u8 *) skb->data);
200 BT_DBG("%s status 0x%x", hdev->name, status);
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
208 if (test_bit(HCI_MGMT, &hdev->flags))
209 mgmt_set_local_name_complete(hdev, sent, status);
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
214 hci_dev_unlock(hdev);
217 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
219 struct hci_rp_read_local_name *rp = (void *) skb->data;
221 BT_DBG("%s status 0x%x", hdev->name, rp->status);
226 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
229 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
231 __u8 status = *((__u8 *) skb->data);
234 BT_DBG("%s status 0x%x", hdev->name, status);
236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
241 __u8 param = *((__u8 *) sent);
243 if (param == AUTH_ENABLED)
244 set_bit(HCI_AUTH, &hdev->flags);
246 clear_bit(HCI_AUTH, &hdev->flags);
249 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
252 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
254 __u8 status = *((__u8 *) skb->data);
257 BT_DBG("%s status 0x%x", hdev->name, status);
259 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
264 __u8 param = *((__u8 *) sent);
267 set_bit(HCI_ENCRYPT, &hdev->flags);
269 clear_bit(HCI_ENCRYPT, &hdev->flags);
272 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
275 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
277 __u8 param, status = *((__u8 *) skb->data);
278 int old_pscan, old_iscan;
281 BT_DBG("%s status 0x%x", hdev->name, status);
283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
287 param = *((__u8 *) sent);
292 mgmt_write_scan_failed(hdev, param, status);
293 hdev->discov_timeout = 0;
297 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
298 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
300 if (param & SCAN_INQUIRY) {
301 set_bit(HCI_ISCAN, &hdev->flags);
303 mgmt_discoverable(hdev, 1);
304 if (hdev->discov_timeout > 0) {
305 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
306 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
309 } else if (old_iscan)
310 mgmt_discoverable(hdev, 0);
312 if (param & SCAN_PAGE) {
313 set_bit(HCI_PSCAN, &hdev->flags);
315 mgmt_connectable(hdev, 1);
316 } else if (old_pscan)
317 mgmt_connectable(hdev, 0);
320 hci_dev_unlock(hdev);
321 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
324 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
328 BT_DBG("%s status 0x%x", hdev->name, rp->status);
333 memcpy(hdev->dev_class, rp->dev_class, 3);
335 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
336 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
339 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 __u8 status = *((__u8 *) skb->data);
344 BT_DBG("%s status 0x%x", hdev->name, status);
349 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
353 memcpy(hdev->dev_class, sent, 3);
356 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
358 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
361 BT_DBG("%s status 0x%x", hdev->name, rp->status);
366 setting = __le16_to_cpu(rp->voice_setting);
368 if (hdev->voice_setting == setting)
371 hdev->voice_setting = setting;
373 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
376 tasklet_disable(&hdev->tx_task);
377 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
378 tasklet_enable(&hdev->tx_task);
382 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
384 __u8 status = *((__u8 *) skb->data);
388 BT_DBG("%s status 0x%x", hdev->name, status);
393 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
397 setting = get_unaligned_le16(sent);
399 if (hdev->voice_setting == setting)
402 hdev->voice_setting = setting;
404 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
407 tasklet_disable(&hdev->tx_task);
408 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
409 tasklet_enable(&hdev->tx_task);
413 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
415 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%x", hdev->name, status);
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431 hdev->ssp_mode = rp->mode;
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
439 BT_DBG("%s status 0x%x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->ssp_mode = *((__u8 *) sent);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->lmp_ver <= 1)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 hci_setup_event_mask(hdev);
561 if (hdev->lmp_ver > 1)
562 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
564 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 if (hdev->features[4] & LMP_LE)
584 hci_set_le_support(hdev);
587 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
589 struct hci_rp_read_local_version *rp = (void *) skb->data;
591 BT_DBG("%s status 0x%x", hdev->name, rp->status);
596 hdev->hci_ver = rp->hci_ver;
597 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
598 hdev->lmp_ver = rp->lmp_ver;
599 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
600 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
602 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
604 hdev->hci_ver, hdev->hci_rev);
606 if (test_bit(HCI_INIT, &hdev->flags))
610 static void hci_setup_link_policy(struct hci_dev *hdev)
614 if (hdev->features[0] & LMP_RSWITCH)
615 link_policy |= HCI_LP_RSWITCH;
616 if (hdev->features[0] & LMP_HOLD)
617 link_policy |= HCI_LP_HOLD;
618 if (hdev->features[0] & LMP_SNIFF)
619 link_policy |= HCI_LP_SNIFF;
620 if (hdev->features[1] & LMP_PARK)
621 link_policy |= HCI_LP_PARK;
623 link_policy = cpu_to_le16(link_policy);
624 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
625 sizeof(link_policy), &link_policy);
628 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
630 struct hci_rp_read_local_commands *rp = (void *) skb->data;
632 BT_DBG("%s status 0x%x", hdev->name, rp->status);
637 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
639 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
640 hci_setup_link_policy(hdev);
643 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
646 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
648 struct hci_rp_read_local_features *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
655 memcpy(hdev->features, rp->features, 8);
657 /* Adjust default settings according to features
658 * supported by device. */
660 if (hdev->features[0] & LMP_3SLOT)
661 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
663 if (hdev->features[0] & LMP_5SLOT)
664 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
666 if (hdev->features[1] & LMP_HV2) {
667 hdev->pkt_type |= (HCI_HV2);
668 hdev->esco_type |= (ESCO_HV2);
671 if (hdev->features[1] & LMP_HV3) {
672 hdev->pkt_type |= (HCI_HV3);
673 hdev->esco_type |= (ESCO_HV3);
676 if (hdev->features[3] & LMP_ESCO)
677 hdev->esco_type |= (ESCO_EV3);
679 if (hdev->features[4] & LMP_EV4)
680 hdev->esco_type |= (ESCO_EV4);
682 if (hdev->features[4] & LMP_EV5)
683 hdev->esco_type |= (ESCO_EV5);
685 if (hdev->features[5] & LMP_EDR_ESCO_2M)
686 hdev->esco_type |= (ESCO_2EV3);
688 if (hdev->features[5] & LMP_EDR_ESCO_3M)
689 hdev->esco_type |= (ESCO_3EV3);
691 if (hdev->features[5] & LMP_EDR_3S_ESCO)
692 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
694 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
695 hdev->features[0], hdev->features[1],
696 hdev->features[2], hdev->features[3],
697 hdev->features[4], hdev->features[5],
698 hdev->features[6], hdev->features[7]);
701 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
704 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
706 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711 memcpy(hdev->extfeatures, rp->features, 8);
713 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
716 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
718 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
720 BT_DBG("%s status 0x%x", hdev->name, rp->status);
725 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
726 hdev->sco_mtu = rp->sco_mtu;
727 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
728 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
730 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
735 hdev->acl_cnt = hdev->acl_pkts;
736 hdev->sco_cnt = hdev->sco_pkts;
738 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
739 hdev->acl_mtu, hdev->acl_pkts,
740 hdev->sco_mtu, hdev->sco_pkts);
743 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
745 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
747 BT_DBG("%s status 0x%x", hdev->name, rp->status);
750 bacpy(&hdev->bdaddr, &rp->bdaddr);
752 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
755 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
757 __u8 status = *((__u8 *) skb->data);
759 BT_DBG("%s status 0x%x", hdev->name, status);
761 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
764 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
767 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
769 BT_DBG("%s status 0x%x", hdev->name, rp->status);
774 hdev->amp_status = rp->amp_status;
775 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
776 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
777 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
778 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
779 hdev->amp_type = rp->amp_type;
780 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
781 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
782 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
783 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
785 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
788 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
791 __u8 status = *((__u8 *) skb->data);
793 BT_DBG("%s status 0x%x", hdev->name, status);
795 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
798 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
800 __u8 status = *((__u8 *) skb->data);
802 BT_DBG("%s status 0x%x", hdev->name, status);
804 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
807 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
810 __u8 status = *((__u8 *) skb->data);
812 BT_DBG("%s status 0x%x", hdev->name, status);
814 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
817 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
820 __u8 status = *((__u8 *) skb->data);
822 BT_DBG("%s status 0x%x", hdev->name, status);
824 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
827 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
829 __u8 status = *((__u8 *) skb->data);
831 BT_DBG("%s status 0x%x", hdev->name, status);
833 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
836 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
838 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
839 struct hci_cp_pin_code_reply *cp;
840 struct hci_conn *conn;
842 BT_DBG("%s status 0x%x", hdev->name, rp->status);
846 if (test_bit(HCI_MGMT, &hdev->flags))
847 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
852 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
856 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
858 conn->pin_length = cp->pin_len;
861 hci_dev_unlock(hdev);
864 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
866 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
868 BT_DBG("%s status 0x%x", hdev->name, rp->status);
872 if (test_bit(HCI_MGMT, &hdev->flags))
873 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
876 hci_dev_unlock(hdev);
879 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
882 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
884 BT_DBG("%s status 0x%x", hdev->name, rp->status);
889 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
890 hdev->le_pkts = rp->le_max_pkt;
892 hdev->le_cnt = hdev->le_pkts;
894 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
896 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
899 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
901 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
903 BT_DBG("%s status 0x%x", hdev->name, rp->status);
907 if (test_bit(HCI_MGMT, &hdev->flags))
908 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
911 hci_dev_unlock(hdev);
914 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
919 BT_DBG("%s status 0x%x", hdev->name, rp->status);
923 if (test_bit(HCI_MGMT, &hdev->flags))
924 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
927 hci_dev_unlock(hdev);
930 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
933 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
935 BT_DBG("%s status 0x%x", hdev->name, rp->status);
938 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
939 rp->randomizer, rp->status);
940 hci_dev_unlock(hdev);
943 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
946 struct hci_cp_le_set_scan_enable *cp;
947 __u8 status = *((__u8 *) skb->data);
949 BT_DBG("%s status 0x%x", hdev->name, status);
954 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
958 if (cp->enable == 0x01) {
959 del_timer(&hdev->adv_timer);
962 hci_adv_entries_clear(hdev);
963 hci_dev_unlock(hdev);
964 } else if (cp->enable == 0x00) {
965 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
969 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
971 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
973 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
981 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
983 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
985 BT_DBG("%s status 0x%x", hdev->name, rp->status);
990 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
993 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
996 struct hci_cp_read_local_ext_features cp;
997 __u8 status = *((__u8 *) skb->data);
999 BT_DBG("%s status 0x%x", hdev->name, status);
1005 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1008 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1010 BT_DBG("%s status 0x%x", hdev->name, status);
1013 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1014 hci_conn_check_pending(hdev);
1016 if (test_bit(HCI_MGMT, &hdev->flags))
1017 mgmt_inquiry_failed(hdev, status);
1018 hci_dev_unlock(hdev);
1022 set_bit(HCI_INQUIRY, &hdev->flags);
1025 mgmt_discovering(hdev, 1);
1026 hci_dev_unlock(hdev);
1029 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1031 struct hci_cp_create_conn *cp;
1032 struct hci_conn *conn;
1034 BT_DBG("%s status 0x%x", hdev->name, status);
1036 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1044 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1047 if (conn && conn->state == BT_CONNECT) {
1048 if (status != 0x0c || conn->attempt > 2) {
1049 conn->state = BT_CLOSED;
1050 hci_proto_connect_cfm(conn, status);
1053 conn->state = BT_CONNECT2;
1057 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1060 conn->link_mode |= HCI_LM_MASTER;
1062 BT_ERR("No memory for new connection");
1066 hci_dev_unlock(hdev);
1069 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1071 struct hci_cp_add_sco *cp;
1072 struct hci_conn *acl, *sco;
1075 BT_DBG("%s status 0x%x", hdev->name, status);
1080 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1084 handle = __le16_to_cpu(cp->handle);
1086 BT_DBG("%s handle %d", hdev->name, handle);
1090 acl = hci_conn_hash_lookup_handle(hdev, handle);
1094 sco->state = BT_CLOSED;
1096 hci_proto_connect_cfm(sco, status);
1101 hci_dev_unlock(hdev);
1104 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1106 struct hci_cp_auth_requested *cp;
1107 struct hci_conn *conn;
1109 BT_DBG("%s status 0x%x", hdev->name, status);
1114 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1122 if (conn->state == BT_CONFIG) {
1123 hci_proto_connect_cfm(conn, status);
1128 hci_dev_unlock(hdev);
1131 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1133 struct hci_cp_set_conn_encrypt *cp;
1134 struct hci_conn *conn;
1136 BT_DBG("%s status 0x%x", hdev->name, status);
1141 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1147 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1149 if (conn->state == BT_CONFIG) {
1150 hci_proto_connect_cfm(conn, status);
1155 hci_dev_unlock(hdev);
1158 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1159 struct hci_conn *conn)
1161 if (conn->state != BT_CONFIG || !conn->out)
1164 if (conn->pending_sec_level == BT_SECURITY_SDP)
1167 /* Only request authentication for SSP connections or non-SSP
1168 * devices with sec_level HIGH or if MITM protection is requested */
1169 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1170 conn->pending_sec_level != BT_SECURITY_HIGH &&
1171 !(conn->auth_type & 0x01))
1177 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1179 struct hci_cp_remote_name_req *cp;
1180 struct hci_conn *conn;
1182 BT_DBG("%s status 0x%x", hdev->name, status);
1184 /* If successful wait for the name req complete event before
1185 * checking for the need to do authentication */
1189 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1195 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1199 if (!hci_outgoing_auth_needed(hdev, conn))
1202 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1203 struct hci_cp_auth_requested cp;
1204 cp.handle = __cpu_to_le16(conn->handle);
1205 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1209 hci_dev_unlock(hdev);
1212 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1214 struct hci_cp_read_remote_features *cp;
1215 struct hci_conn *conn;
1217 BT_DBG("%s status 0x%x", hdev->name, status);
1222 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1228 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1230 if (conn->state == BT_CONFIG) {
1231 hci_proto_connect_cfm(conn, status);
1236 hci_dev_unlock(hdev);
1239 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1241 struct hci_cp_read_remote_ext_features *cp;
1242 struct hci_conn *conn;
1244 BT_DBG("%s status 0x%x", hdev->name, status);
1249 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1255 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1257 if (conn->state == BT_CONFIG) {
1258 hci_proto_connect_cfm(conn, status);
1263 hci_dev_unlock(hdev);
1266 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1268 struct hci_cp_setup_sync_conn *cp;
1269 struct hci_conn *acl, *sco;
1272 BT_DBG("%s status 0x%x", hdev->name, status);
1277 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1281 handle = __le16_to_cpu(cp->handle);
1283 BT_DBG("%s handle %d", hdev->name, handle);
1287 acl = hci_conn_hash_lookup_handle(hdev, handle);
1291 sco->state = BT_CLOSED;
1293 hci_proto_connect_cfm(sco, status);
1298 hci_dev_unlock(hdev);
1301 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1303 struct hci_cp_sniff_mode *cp;
1304 struct hci_conn *conn;
1306 BT_DBG("%s status 0x%x", hdev->name, status);
1311 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1317 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1319 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1321 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1322 hci_sco_setup(conn, status);
1325 hci_dev_unlock(hdev);
1328 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1330 struct hci_cp_exit_sniff_mode *cp;
1331 struct hci_conn *conn;
1333 BT_DBG("%s status 0x%x", hdev->name, status);
1338 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1344 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1346 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1348 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1349 hci_sco_setup(conn, status);
1352 hci_dev_unlock(hdev);
1355 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1357 struct hci_cp_le_create_conn *cp;
1358 struct hci_conn *conn;
1360 BT_DBG("%s status 0x%x", hdev->name, status);
1362 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1368 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1370 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1374 if (conn && conn->state == BT_CONNECT) {
1375 conn->state = BT_CLOSED;
1376 hci_proto_connect_cfm(conn, status);
1381 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1383 conn->dst_type = cp->peer_addr_type;
1386 BT_ERR("No memory for new connection");
1391 hci_dev_unlock(hdev);
1394 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1396 BT_DBG("%s status 0x%x", hdev->name, status);
1399 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1401 __u8 status = *((__u8 *) skb->data);
1403 BT_DBG("%s status %d", hdev->name, status);
1405 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1407 hci_conn_check_pending(hdev);
1409 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1413 mgmt_discovering(hdev, 0);
1414 hci_dev_unlock(hdev);
1417 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1419 struct inquiry_data data;
1420 struct inquiry_info *info = (void *) (skb->data + 1);
1421 int num_rsp = *((__u8 *) skb->data);
1423 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1430 for (; num_rsp; num_rsp--, info++) {
1431 bacpy(&data.bdaddr, &info->bdaddr);
1432 data.pscan_rep_mode = info->pscan_rep_mode;
1433 data.pscan_period_mode = info->pscan_period_mode;
1434 data.pscan_mode = info->pscan_mode;
1435 memcpy(data.dev_class, info->dev_class, 3);
1436 data.clock_offset = info->clock_offset;
1438 data.ssp_mode = 0x00;
1439 hci_inquiry_cache_update(hdev, &data);
1440 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1441 info->dev_class, 0, NULL);
1444 hci_dev_unlock(hdev);
1447 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1449 struct hci_ev_conn_complete *ev = (void *) skb->data;
1450 struct hci_conn *conn;
1452 BT_DBG("%s", hdev->name);
1456 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1458 if (ev->link_type != SCO_LINK)
1461 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1465 conn->type = SCO_LINK;
1469 conn->handle = __le16_to_cpu(ev->handle);
1471 if (conn->type == ACL_LINK) {
1472 conn->state = BT_CONFIG;
1473 hci_conn_hold(conn);
1474 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1475 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1478 conn->state = BT_CONNECTED;
1480 hci_conn_hold_device(conn);
1481 hci_conn_add_sysfs(conn);
1483 if (test_bit(HCI_AUTH, &hdev->flags))
1484 conn->link_mode |= HCI_LM_AUTH;
1486 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1487 conn->link_mode |= HCI_LM_ENCRYPT;
1489 /* Get remote features */
1490 if (conn->type == ACL_LINK) {
1491 struct hci_cp_read_remote_features cp;
1492 cp.handle = ev->handle;
1493 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1497 /* Set packet type for incoming connection */
1498 if (!conn->out && hdev->hci_ver < 3) {
1499 struct hci_cp_change_conn_ptype cp;
1500 cp.handle = ev->handle;
1501 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1502 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1506 conn->state = BT_CLOSED;
1507 if (conn->type == ACL_LINK)
1508 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1509 conn->dst_type, ev->status);
1512 if (conn->type == ACL_LINK)
1513 hci_sco_setup(conn, ev->status);
1516 hci_proto_connect_cfm(conn, ev->status);
1518 } else if (ev->link_type != ACL_LINK)
1519 hci_proto_connect_cfm(conn, ev->status);
1522 hci_dev_unlock(hdev);
1524 hci_conn_check_pending(hdev);
1527 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1529 struct hci_ev_conn_request *ev = (void *) skb->data;
1530 int mask = hdev->link_mode;
1532 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1533 batostr(&ev->bdaddr), ev->link_type);
1535 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1537 if ((mask & HCI_LM_ACCEPT) &&
1538 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1539 /* Connection accepted */
1540 struct inquiry_entry *ie;
1541 struct hci_conn *conn;
1545 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1547 memcpy(ie->data.dev_class, ev->dev_class, 3);
1549 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1551 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1553 BT_ERR("No memory for new connection");
1554 hci_dev_unlock(hdev);
1559 memcpy(conn->dev_class, ev->dev_class, 3);
1560 conn->state = BT_CONNECT;
1562 hci_dev_unlock(hdev);
1564 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1565 struct hci_cp_accept_conn_req cp;
1567 bacpy(&cp.bdaddr, &ev->bdaddr);
1569 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1570 cp.role = 0x00; /* Become master */
1572 cp.role = 0x01; /* Remain slave */
1574 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1577 struct hci_cp_accept_sync_conn_req cp;
1579 bacpy(&cp.bdaddr, &ev->bdaddr);
1580 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1582 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1583 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1584 cp.max_latency = cpu_to_le16(0xffff);
1585 cp.content_format = cpu_to_le16(hdev->voice_setting);
1586 cp.retrans_effort = 0xff;
1588 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1592 /* Connection rejected */
1593 struct hci_cp_reject_conn_req cp;
1595 bacpy(&cp.bdaddr, &ev->bdaddr);
1596 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1597 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1601 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1603 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1604 struct hci_conn *conn;
1606 BT_DBG("%s status %d", hdev->name, ev->status);
1610 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1614 if (ev->status == 0)
1615 conn->state = BT_CLOSED;
1617 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1618 if (ev->status != 0)
1619 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1621 mgmt_disconnected(hdev, &conn->dst, conn->type,
1625 if (ev->status == 0) {
1626 hci_proto_disconn_cfm(conn, ev->reason);
1631 hci_dev_unlock(hdev);
1634 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1636 struct hci_ev_auth_complete *ev = (void *) skb->data;
1637 struct hci_conn *conn;
1639 BT_DBG("%s status %d", hdev->name, ev->status);
1643 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1648 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1649 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1650 BT_INFO("re-auth of legacy device is not possible.");
1652 conn->link_mode |= HCI_LM_AUTH;
1653 conn->sec_level = conn->pending_sec_level;
1656 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1659 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1660 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1662 if (conn->state == BT_CONFIG) {
1663 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1664 struct hci_cp_set_conn_encrypt cp;
1665 cp.handle = ev->handle;
1667 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1670 conn->state = BT_CONNECTED;
1671 hci_proto_connect_cfm(conn, ev->status);
1675 hci_auth_cfm(conn, ev->status);
1677 hci_conn_hold(conn);
1678 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1682 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1684 struct hci_cp_set_conn_encrypt cp;
1685 cp.handle = ev->handle;
1687 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1690 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1691 hci_encrypt_cfm(conn, ev->status, 0x00);
1696 hci_dev_unlock(hdev);
1699 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1701 struct hci_ev_remote_name *ev = (void *) skb->data;
1702 struct hci_conn *conn;
1704 BT_DBG("%s", hdev->name);
1706 hci_conn_check_pending(hdev);
1710 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1711 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1713 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1717 if (!hci_outgoing_auth_needed(hdev, conn))
1720 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1721 struct hci_cp_auth_requested cp;
1722 cp.handle = __cpu_to_le16(conn->handle);
1723 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1727 hci_dev_unlock(hdev);
1730 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1732 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1733 struct hci_conn *conn;
1735 BT_DBG("%s status %d", hdev->name, ev->status);
1739 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1743 /* Encryption implies authentication */
1744 conn->link_mode |= HCI_LM_AUTH;
1745 conn->link_mode |= HCI_LM_ENCRYPT;
1746 conn->sec_level = conn->pending_sec_level;
1748 conn->link_mode &= ~HCI_LM_ENCRYPT;
1751 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1753 if (conn->state == BT_CONFIG) {
1755 conn->state = BT_CONNECTED;
1757 hci_proto_connect_cfm(conn, ev->status);
1760 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1763 hci_dev_unlock(hdev);
1766 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1768 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1769 struct hci_conn *conn;
1771 BT_DBG("%s status %d", hdev->name, ev->status);
1775 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1778 conn->link_mode |= HCI_LM_SECURE;
1780 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1782 hci_key_change_cfm(conn, ev->status);
1785 hci_dev_unlock(hdev);
1788 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1790 struct hci_ev_remote_features *ev = (void *) skb->data;
1791 struct hci_conn *conn;
1793 BT_DBG("%s status %d", hdev->name, ev->status);
1797 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1802 memcpy(conn->features, ev->features, 8);
1804 if (conn->state != BT_CONFIG)
1807 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1808 struct hci_cp_read_remote_ext_features cp;
1809 cp.handle = ev->handle;
1811 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1817 struct hci_cp_remote_name_req cp;
1818 memset(&cp, 0, sizeof(cp));
1819 bacpy(&cp.bdaddr, &conn->dst);
1820 cp.pscan_rep_mode = 0x02;
1821 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1824 if (!hci_outgoing_auth_needed(hdev, conn)) {
1825 conn->state = BT_CONNECTED;
1826 hci_proto_connect_cfm(conn, ev->status);
1831 hci_dev_unlock(hdev);
1834 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1836 BT_DBG("%s", hdev->name);
1839 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1841 BT_DBG("%s", hdev->name);
1844 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1846 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1849 skb_pull(skb, sizeof(*ev));
1851 opcode = __le16_to_cpu(ev->opcode);
1854 case HCI_OP_INQUIRY_CANCEL:
1855 hci_cc_inquiry_cancel(hdev, skb);
1858 case HCI_OP_EXIT_PERIODIC_INQ:
1859 hci_cc_exit_periodic_inq(hdev, skb);
1862 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1863 hci_cc_remote_name_req_cancel(hdev, skb);
1866 case HCI_OP_ROLE_DISCOVERY:
1867 hci_cc_role_discovery(hdev, skb);
1870 case HCI_OP_READ_LINK_POLICY:
1871 hci_cc_read_link_policy(hdev, skb);
1874 case HCI_OP_WRITE_LINK_POLICY:
1875 hci_cc_write_link_policy(hdev, skb);
1878 case HCI_OP_READ_DEF_LINK_POLICY:
1879 hci_cc_read_def_link_policy(hdev, skb);
1882 case HCI_OP_WRITE_DEF_LINK_POLICY:
1883 hci_cc_write_def_link_policy(hdev, skb);
1887 hci_cc_reset(hdev, skb);
1890 case HCI_OP_WRITE_LOCAL_NAME:
1891 hci_cc_write_local_name(hdev, skb);
1894 case HCI_OP_READ_LOCAL_NAME:
1895 hci_cc_read_local_name(hdev, skb);
1898 case HCI_OP_WRITE_AUTH_ENABLE:
1899 hci_cc_write_auth_enable(hdev, skb);
1902 case HCI_OP_WRITE_ENCRYPT_MODE:
1903 hci_cc_write_encrypt_mode(hdev, skb);
1906 case HCI_OP_WRITE_SCAN_ENABLE:
1907 hci_cc_write_scan_enable(hdev, skb);
1910 case HCI_OP_READ_CLASS_OF_DEV:
1911 hci_cc_read_class_of_dev(hdev, skb);
1914 case HCI_OP_WRITE_CLASS_OF_DEV:
1915 hci_cc_write_class_of_dev(hdev, skb);
1918 case HCI_OP_READ_VOICE_SETTING:
1919 hci_cc_read_voice_setting(hdev, skb);
1922 case HCI_OP_WRITE_VOICE_SETTING:
1923 hci_cc_write_voice_setting(hdev, skb);
1926 case HCI_OP_HOST_BUFFER_SIZE:
1927 hci_cc_host_buffer_size(hdev, skb);
1930 case HCI_OP_READ_SSP_MODE:
1931 hci_cc_read_ssp_mode(hdev, skb);
1934 case HCI_OP_WRITE_SSP_MODE:
1935 hci_cc_write_ssp_mode(hdev, skb);
1938 case HCI_OP_READ_LOCAL_VERSION:
1939 hci_cc_read_local_version(hdev, skb);
1942 case HCI_OP_READ_LOCAL_COMMANDS:
1943 hci_cc_read_local_commands(hdev, skb);
1946 case HCI_OP_READ_LOCAL_FEATURES:
1947 hci_cc_read_local_features(hdev, skb);
1950 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1951 hci_cc_read_local_ext_features(hdev, skb);
1954 case HCI_OP_READ_BUFFER_SIZE:
1955 hci_cc_read_buffer_size(hdev, skb);
1958 case HCI_OP_READ_BD_ADDR:
1959 hci_cc_read_bd_addr(hdev, skb);
1962 case HCI_OP_WRITE_CA_TIMEOUT:
1963 hci_cc_write_ca_timeout(hdev, skb);
1966 case HCI_OP_READ_LOCAL_AMP_INFO:
1967 hci_cc_read_local_amp_info(hdev, skb);
1970 case HCI_OP_DELETE_STORED_LINK_KEY:
1971 hci_cc_delete_stored_link_key(hdev, skb);
1974 case HCI_OP_SET_EVENT_MASK:
1975 hci_cc_set_event_mask(hdev, skb);
1978 case HCI_OP_WRITE_INQUIRY_MODE:
1979 hci_cc_write_inquiry_mode(hdev, skb);
1982 case HCI_OP_READ_INQ_RSP_TX_POWER:
1983 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1986 case HCI_OP_SET_EVENT_FLT:
1987 hci_cc_set_event_flt(hdev, skb);
1990 case HCI_OP_PIN_CODE_REPLY:
1991 hci_cc_pin_code_reply(hdev, skb);
1994 case HCI_OP_PIN_CODE_NEG_REPLY:
1995 hci_cc_pin_code_neg_reply(hdev, skb);
1998 case HCI_OP_READ_LOCAL_OOB_DATA:
1999 hci_cc_read_local_oob_data_reply(hdev, skb);
2002 case HCI_OP_LE_READ_BUFFER_SIZE:
2003 hci_cc_le_read_buffer_size(hdev, skb);
2006 case HCI_OP_USER_CONFIRM_REPLY:
2007 hci_cc_user_confirm_reply(hdev, skb);
2010 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2011 hci_cc_user_confirm_neg_reply(hdev, skb);
2014 case HCI_OP_LE_SET_SCAN_ENABLE:
2015 hci_cc_le_set_scan_enable(hdev, skb);
2018 case HCI_OP_LE_LTK_REPLY:
2019 hci_cc_le_ltk_reply(hdev, skb);
2022 case HCI_OP_LE_LTK_NEG_REPLY:
2023 hci_cc_le_ltk_neg_reply(hdev, skb);
2026 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2027 hci_cc_write_le_host_supported(hdev, skb);
2031 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2035 if (ev->opcode != HCI_OP_NOP)
2036 del_timer(&hdev->cmd_timer);
2039 atomic_set(&hdev->cmd_cnt, 1);
2040 if (!skb_queue_empty(&hdev->cmd_q))
2041 tasklet_schedule(&hdev->cmd_task);
2045 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2047 struct hci_ev_cmd_status *ev = (void *) skb->data;
2050 skb_pull(skb, sizeof(*ev));
2052 opcode = __le16_to_cpu(ev->opcode);
2055 case HCI_OP_INQUIRY:
2056 hci_cs_inquiry(hdev, ev->status);
2059 case HCI_OP_CREATE_CONN:
2060 hci_cs_create_conn(hdev, ev->status);
2063 case HCI_OP_ADD_SCO:
2064 hci_cs_add_sco(hdev, ev->status);
2067 case HCI_OP_AUTH_REQUESTED:
2068 hci_cs_auth_requested(hdev, ev->status);
2071 case HCI_OP_SET_CONN_ENCRYPT:
2072 hci_cs_set_conn_encrypt(hdev, ev->status);
2075 case HCI_OP_REMOTE_NAME_REQ:
2076 hci_cs_remote_name_req(hdev, ev->status);
2079 case HCI_OP_READ_REMOTE_FEATURES:
2080 hci_cs_read_remote_features(hdev, ev->status);
2083 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2084 hci_cs_read_remote_ext_features(hdev, ev->status);
2087 case HCI_OP_SETUP_SYNC_CONN:
2088 hci_cs_setup_sync_conn(hdev, ev->status);
2091 case HCI_OP_SNIFF_MODE:
2092 hci_cs_sniff_mode(hdev, ev->status);
2095 case HCI_OP_EXIT_SNIFF_MODE:
2096 hci_cs_exit_sniff_mode(hdev, ev->status);
2099 case HCI_OP_DISCONNECT:
2100 if (ev->status != 0)
2101 mgmt_disconnect_failed(hdev, NULL, ev->status);
2104 case HCI_OP_LE_CREATE_CONN:
2105 hci_cs_le_create_conn(hdev, ev->status);
2108 case HCI_OP_LE_START_ENC:
2109 hci_cs_le_start_enc(hdev, ev->status);
2113 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2117 if (ev->opcode != HCI_OP_NOP)
2118 del_timer(&hdev->cmd_timer);
2120 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2121 atomic_set(&hdev->cmd_cnt, 1);
2122 if (!skb_queue_empty(&hdev->cmd_q))
2123 tasklet_schedule(&hdev->cmd_task);
2127 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2129 struct hci_ev_role_change *ev = (void *) skb->data;
2130 struct hci_conn *conn;
2132 BT_DBG("%s status %d", hdev->name, ev->status);
2136 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2140 conn->link_mode &= ~HCI_LM_MASTER;
2142 conn->link_mode |= HCI_LM_MASTER;
2145 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2147 hci_role_switch_cfm(conn, ev->status, ev->role);
2150 hci_dev_unlock(hdev);
2153 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2155 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2159 skb_pull(skb, sizeof(*ev));
2161 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2163 if (skb->len < ev->num_hndl * 4) {
2164 BT_DBG("%s bad parameters", hdev->name);
2168 tasklet_disable(&hdev->tx_task);
2170 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2171 struct hci_conn *conn;
2172 __u16 handle, count;
2174 handle = get_unaligned_le16(ptr++);
2175 count = get_unaligned_le16(ptr++);
2177 conn = hci_conn_hash_lookup_handle(hdev, handle);
2179 conn->sent -= count;
2181 if (conn->type == ACL_LINK) {
2182 hdev->acl_cnt += count;
2183 if (hdev->acl_cnt > hdev->acl_pkts)
2184 hdev->acl_cnt = hdev->acl_pkts;
2185 } else if (conn->type == LE_LINK) {
2186 if (hdev->le_pkts) {
2187 hdev->le_cnt += count;
2188 if (hdev->le_cnt > hdev->le_pkts)
2189 hdev->le_cnt = hdev->le_pkts;
2191 hdev->acl_cnt += count;
2192 if (hdev->acl_cnt > hdev->acl_pkts)
2193 hdev->acl_cnt = hdev->acl_pkts;
2196 hdev->sco_cnt += count;
2197 if (hdev->sco_cnt > hdev->sco_pkts)
2198 hdev->sco_cnt = hdev->sco_pkts;
2203 tasklet_schedule(&hdev->tx_task);
2205 tasklet_enable(&hdev->tx_task);
2208 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2210 struct hci_ev_mode_change *ev = (void *) skb->data;
2211 struct hci_conn *conn;
2213 BT_DBG("%s status %d", hdev->name, ev->status);
2217 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2219 conn->mode = ev->mode;
2220 conn->interval = __le16_to_cpu(ev->interval);
2222 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2223 if (conn->mode == HCI_CM_ACTIVE)
2224 conn->power_save = 1;
2226 conn->power_save = 0;
2229 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2230 hci_sco_setup(conn, ev->status);
2233 hci_dev_unlock(hdev);
2236 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2238 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2239 struct hci_conn *conn;
2241 BT_DBG("%s", hdev->name);
2245 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2249 if (conn->state == BT_CONNECTED) {
2250 hci_conn_hold(conn);
2251 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2255 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2256 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2257 sizeof(ev->bdaddr), &ev->bdaddr);
2258 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2261 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2266 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2270 hci_dev_unlock(hdev);
2273 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2275 struct hci_ev_link_key_req *ev = (void *) skb->data;
2276 struct hci_cp_link_key_reply cp;
2277 struct hci_conn *conn;
2278 struct link_key *key;
2280 BT_DBG("%s", hdev->name);
2282 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2287 key = hci_find_link_key(hdev, &ev->bdaddr);
2289 BT_DBG("%s link key not found for %s", hdev->name,
2290 batostr(&ev->bdaddr));
2294 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2295 batostr(&ev->bdaddr));
2297 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2298 key->type == HCI_LK_DEBUG_COMBINATION) {
2299 BT_DBG("%s ignoring debug key", hdev->name);
2303 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2305 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2306 conn->auth_type != 0xff &&
2307 (conn->auth_type & 0x01)) {
2308 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2312 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2313 conn->pending_sec_level == BT_SECURITY_HIGH) {
2314 BT_DBG("%s ignoring key unauthenticated for high \
2315 security", hdev->name);
2319 conn->key_type = key->type;
2320 conn->pin_length = key->pin_len;
2323 bacpy(&cp.bdaddr, &ev->bdaddr);
2324 memcpy(cp.link_key, key->val, 16);
2326 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2328 hci_dev_unlock(hdev);
2333 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2334 hci_dev_unlock(hdev);
2337 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2339 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2340 struct hci_conn *conn;
2343 BT_DBG("%s", hdev->name);
2347 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2349 hci_conn_hold(conn);
2350 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2351 pin_len = conn->pin_length;
2353 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2354 conn->key_type = ev->key_type;
2359 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2360 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2361 ev->key_type, pin_len);
2363 hci_dev_unlock(hdev);
2366 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2368 struct hci_ev_clock_offset *ev = (void *) skb->data;
2369 struct hci_conn *conn;
2371 BT_DBG("%s status %d", hdev->name, ev->status);
2375 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2376 if (conn && !ev->status) {
2377 struct inquiry_entry *ie;
2379 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2381 ie->data.clock_offset = ev->clock_offset;
2382 ie->timestamp = jiffies;
2386 hci_dev_unlock(hdev);
2389 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2391 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2392 struct hci_conn *conn;
2394 BT_DBG("%s status %d", hdev->name, ev->status);
2398 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2399 if (conn && !ev->status)
2400 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2402 hci_dev_unlock(hdev);
2405 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2407 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2408 struct inquiry_entry *ie;
2410 BT_DBG("%s", hdev->name);
2414 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2416 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2417 ie->timestamp = jiffies;
2420 hci_dev_unlock(hdev);
2423 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2425 struct inquiry_data data;
2426 int num_rsp = *((__u8 *) skb->data);
2428 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2435 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2436 struct inquiry_info_with_rssi_and_pscan_mode *info;
2437 info = (void *) (skb->data + 1);
2439 for (; num_rsp; num_rsp--, info++) {
2440 bacpy(&data.bdaddr, &info->bdaddr);
2441 data.pscan_rep_mode = info->pscan_rep_mode;
2442 data.pscan_period_mode = info->pscan_period_mode;
2443 data.pscan_mode = info->pscan_mode;
2444 memcpy(data.dev_class, info->dev_class, 3);
2445 data.clock_offset = info->clock_offset;
2446 data.rssi = info->rssi;
2447 data.ssp_mode = 0x00;
2448 hci_inquiry_cache_update(hdev, &data);
2449 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2450 info->dev_class, info->rssi,
2454 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2456 for (; num_rsp; num_rsp--, info++) {
2457 bacpy(&data.bdaddr, &info->bdaddr);
2458 data.pscan_rep_mode = info->pscan_rep_mode;
2459 data.pscan_period_mode = info->pscan_period_mode;
2460 data.pscan_mode = 0x00;
2461 memcpy(data.dev_class, info->dev_class, 3);
2462 data.clock_offset = info->clock_offset;
2463 data.rssi = info->rssi;
2464 data.ssp_mode = 0x00;
2465 hci_inquiry_cache_update(hdev, &data);
2466 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2467 info->dev_class, info->rssi,
2472 hci_dev_unlock(hdev);
2475 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2477 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2478 struct hci_conn *conn;
2480 BT_DBG("%s", hdev->name);
2484 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2488 if (!ev->status && ev->page == 0x01) {
2489 struct inquiry_entry *ie;
2491 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2493 ie->data.ssp_mode = (ev->features[0] & 0x01);
2495 conn->ssp_mode = (ev->features[0] & 0x01);
2498 if (conn->state != BT_CONFIG)
2502 struct hci_cp_remote_name_req cp;
2503 memset(&cp, 0, sizeof(cp));
2504 bacpy(&cp.bdaddr, &conn->dst);
2505 cp.pscan_rep_mode = 0x02;
2506 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2509 if (!hci_outgoing_auth_needed(hdev, conn)) {
2510 conn->state = BT_CONNECTED;
2511 hci_proto_connect_cfm(conn, ev->status);
2516 hci_dev_unlock(hdev);
2519 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2521 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2522 struct hci_conn *conn;
2524 BT_DBG("%s status %d", hdev->name, ev->status);
2528 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2530 if (ev->link_type == ESCO_LINK)
2533 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2537 conn->type = SCO_LINK;
2540 switch (ev->status) {
2542 conn->handle = __le16_to_cpu(ev->handle);
2543 conn->state = BT_CONNECTED;
2545 hci_conn_hold_device(conn);
2546 hci_conn_add_sysfs(conn);
2549 case 0x11: /* Unsupported Feature or Parameter Value */
2550 case 0x1c: /* SCO interval rejected */
2551 case 0x1a: /* Unsupported Remote Feature */
2552 case 0x1f: /* Unspecified error */
2553 if (conn->out && conn->attempt < 2) {
2554 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2555 (hdev->esco_type & EDR_ESCO_MASK);
2556 hci_setup_sync(conn, conn->link->handle);
2562 conn->state = BT_CLOSED;
2566 hci_proto_connect_cfm(conn, ev->status);
2571 hci_dev_unlock(hdev);
2574 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2576 BT_DBG("%s", hdev->name);
2579 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2581 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2583 BT_DBG("%s status %d", hdev->name, ev->status);
2586 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2588 struct inquiry_data data;
2589 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2590 int num_rsp = *((__u8 *) skb->data);
2592 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2599 for (; num_rsp; num_rsp--, info++) {
2600 bacpy(&data.bdaddr, &info->bdaddr);
2601 data.pscan_rep_mode = info->pscan_rep_mode;
2602 data.pscan_period_mode = info->pscan_period_mode;
2603 data.pscan_mode = 0x00;
2604 memcpy(data.dev_class, info->dev_class, 3);
2605 data.clock_offset = info->clock_offset;
2606 data.rssi = info->rssi;
2607 data.ssp_mode = 0x01;
2608 hci_inquiry_cache_update(hdev, &data);
2609 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2610 info->dev_class, info->rssi, info->data);
2613 hci_dev_unlock(hdev);
2616 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2618 /* If remote requests dedicated bonding follow that lead */
2619 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2620 /* If both remote and local IO capabilities allow MITM
2621 * protection then require it, otherwise don't */
2622 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2628 /* If remote requests no-bonding follow that lead */
2629 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2630 return conn->remote_auth | (conn->auth_type & 0x01);
2632 return conn->auth_type;
2635 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2637 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2638 struct hci_conn *conn;
2640 BT_DBG("%s", hdev->name);
2644 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2648 hci_conn_hold(conn);
2650 if (!test_bit(HCI_MGMT, &hdev->flags))
2653 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2654 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2655 struct hci_cp_io_capability_reply cp;
2657 bacpy(&cp.bdaddr, &ev->bdaddr);
2658 cp.capability = conn->io_capability;
2659 conn->auth_type = hci_get_auth_req(conn);
2660 cp.authentication = conn->auth_type;
2662 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2663 hci_find_remote_oob_data(hdev, &conn->dst))
2668 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2671 struct hci_cp_io_capability_neg_reply cp;
2673 bacpy(&cp.bdaddr, &ev->bdaddr);
2674 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2676 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2681 hci_dev_unlock(hdev);
2684 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2687 struct hci_conn *conn;
2689 BT_DBG("%s", hdev->name);
2693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2697 conn->remote_cap = ev->capability;
2698 conn->remote_oob = ev->oob_data;
2699 conn->remote_auth = ev->authentication;
2702 hci_dev_unlock(hdev);
2705 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2706 struct sk_buff *skb)
2708 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2709 int loc_mitm, rem_mitm, confirm_hint = 0;
2710 struct hci_conn *conn;
2712 BT_DBG("%s", hdev->name);
2716 if (!test_bit(HCI_MGMT, &hdev->flags))
2719 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2723 loc_mitm = (conn->auth_type & 0x01);
2724 rem_mitm = (conn->remote_auth & 0x01);
2726 /* If we require MITM but the remote device can't provide that
2727 * (it has NoInputNoOutput) then reject the confirmation
2728 * request. The only exception is when we're dedicated bonding
2729 * initiators (connect_cfm_cb set) since then we always have the MITM
2731 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2732 BT_DBG("Rejecting request: remote device can't provide MITM");
2733 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2734 sizeof(ev->bdaddr), &ev->bdaddr);
2738 /* If no side requires MITM protection; auto-accept */
2739 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2740 (!rem_mitm || conn->io_capability == 0x03)) {
2742 /* If we're not the initiators request authorization to
2743 * proceed from user space (mgmt_user_confirm with
2744 * confirm_hint set to 1). */
2745 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2746 BT_DBG("Confirming auto-accept as acceptor");
2751 BT_DBG("Auto-accept of user confirmation with %ums delay",
2752 hdev->auto_accept_delay);
2754 if (hdev->auto_accept_delay > 0) {
2755 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2756 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2760 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2761 sizeof(ev->bdaddr), &ev->bdaddr);
2766 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2770 hci_dev_unlock(hdev);
2773 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2775 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2776 struct hci_conn *conn;
2778 BT_DBG("%s", hdev->name);
2782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2786 /* To avoid duplicate auth_failed events to user space we check
2787 * the HCI_CONN_AUTH_PEND flag which will be set if we
2788 * initiated the authentication. A traditional auth_complete
2789 * event gets always produced as initiator and is also mapped to
2790 * the mgmt_auth_failed event */
2791 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2792 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2797 hci_dev_unlock(hdev);
2800 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2802 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2803 struct inquiry_entry *ie;
2805 BT_DBG("%s", hdev->name);
2809 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2811 ie->data.ssp_mode = (ev->features[0] & 0x01);
2813 hci_dev_unlock(hdev);
2816 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2817 struct sk_buff *skb)
2819 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2820 struct oob_data *data;
2822 BT_DBG("%s", hdev->name);
2826 if (!test_bit(HCI_MGMT, &hdev->flags))
2829 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2831 struct hci_cp_remote_oob_data_reply cp;
2833 bacpy(&cp.bdaddr, &ev->bdaddr);
2834 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2835 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2837 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2840 struct hci_cp_remote_oob_data_neg_reply cp;
2842 bacpy(&cp.bdaddr, &ev->bdaddr);
2843 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2848 hci_dev_unlock(hdev);
2851 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2853 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2854 struct hci_conn *conn;
2856 BT_DBG("%s status %d", hdev->name, ev->status);
2860 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2862 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2864 BT_ERR("No memory for new connection");
2865 hci_dev_unlock(hdev);
2869 conn->dst_type = ev->bdaddr_type;
2873 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2874 conn->dst_type, ev->status);
2875 hci_proto_connect_cfm(conn, ev->status);
2876 conn->state = BT_CLOSED;
2881 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
2883 conn->sec_level = BT_SECURITY_LOW;
2884 conn->handle = __le16_to_cpu(ev->handle);
2885 conn->state = BT_CONNECTED;
2887 hci_conn_hold_device(conn);
2888 hci_conn_add_sysfs(conn);
2890 hci_proto_connect_cfm(conn, ev->status);
2893 hci_dev_unlock(hdev);
2896 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2897 struct sk_buff *skb)
2899 u8 num_reports = skb->data[0];
2900 void *ptr = &skb->data[1];
2904 while (num_reports--) {
2905 struct hci_ev_le_advertising_info *ev = ptr;
2907 hci_add_adv_entry(hdev, ev);
2909 ptr += sizeof(*ev) + ev->length + 1;
2912 hci_dev_unlock(hdev);
2915 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2916 struct sk_buff *skb)
2918 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2919 struct hci_cp_le_ltk_reply cp;
2920 struct hci_cp_le_ltk_neg_reply neg;
2921 struct hci_conn *conn;
2922 struct link_key *ltk;
2924 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2928 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2932 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2936 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2937 cp.handle = cpu_to_le16(conn->handle);
2938 conn->pin_length = ltk->pin_len;
2940 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2942 hci_dev_unlock(hdev);
2947 neg.handle = ev->handle;
2948 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2949 hci_dev_unlock(hdev);
2952 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2954 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2956 skb_pull(skb, sizeof(*le_ev));
2958 switch (le_ev->subevent) {
2959 case HCI_EV_LE_CONN_COMPLETE:
2960 hci_le_conn_complete_evt(hdev, skb);
2963 case HCI_EV_LE_ADVERTISING_REPORT:
2964 hci_le_adv_report_evt(hdev, skb);
2967 case HCI_EV_LE_LTK_REQ:
2968 hci_le_ltk_request_evt(hdev, skb);
2976 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2978 struct hci_event_hdr *hdr = (void *) skb->data;
2979 __u8 event = hdr->evt;
2981 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2984 case HCI_EV_INQUIRY_COMPLETE:
2985 hci_inquiry_complete_evt(hdev, skb);
2988 case HCI_EV_INQUIRY_RESULT:
2989 hci_inquiry_result_evt(hdev, skb);
2992 case HCI_EV_CONN_COMPLETE:
2993 hci_conn_complete_evt(hdev, skb);
2996 case HCI_EV_CONN_REQUEST:
2997 hci_conn_request_evt(hdev, skb);
3000 case HCI_EV_DISCONN_COMPLETE:
3001 hci_disconn_complete_evt(hdev, skb);
3004 case HCI_EV_AUTH_COMPLETE:
3005 hci_auth_complete_evt(hdev, skb);
3008 case HCI_EV_REMOTE_NAME:
3009 hci_remote_name_evt(hdev, skb);
3012 case HCI_EV_ENCRYPT_CHANGE:
3013 hci_encrypt_change_evt(hdev, skb);
3016 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3017 hci_change_link_key_complete_evt(hdev, skb);
3020 case HCI_EV_REMOTE_FEATURES:
3021 hci_remote_features_evt(hdev, skb);
3024 case HCI_EV_REMOTE_VERSION:
3025 hci_remote_version_evt(hdev, skb);
3028 case HCI_EV_QOS_SETUP_COMPLETE:
3029 hci_qos_setup_complete_evt(hdev, skb);
3032 case HCI_EV_CMD_COMPLETE:
3033 hci_cmd_complete_evt(hdev, skb);
3036 case HCI_EV_CMD_STATUS:
3037 hci_cmd_status_evt(hdev, skb);
3040 case HCI_EV_ROLE_CHANGE:
3041 hci_role_change_evt(hdev, skb);
3044 case HCI_EV_NUM_COMP_PKTS:
3045 hci_num_comp_pkts_evt(hdev, skb);
3048 case HCI_EV_MODE_CHANGE:
3049 hci_mode_change_evt(hdev, skb);
3052 case HCI_EV_PIN_CODE_REQ:
3053 hci_pin_code_request_evt(hdev, skb);
3056 case HCI_EV_LINK_KEY_REQ:
3057 hci_link_key_request_evt(hdev, skb);
3060 case HCI_EV_LINK_KEY_NOTIFY:
3061 hci_link_key_notify_evt(hdev, skb);
3064 case HCI_EV_CLOCK_OFFSET:
3065 hci_clock_offset_evt(hdev, skb);
3068 case HCI_EV_PKT_TYPE_CHANGE:
3069 hci_pkt_type_change_evt(hdev, skb);
3072 case HCI_EV_PSCAN_REP_MODE:
3073 hci_pscan_rep_mode_evt(hdev, skb);
3076 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3077 hci_inquiry_result_with_rssi_evt(hdev, skb);
3080 case HCI_EV_REMOTE_EXT_FEATURES:
3081 hci_remote_ext_features_evt(hdev, skb);
3084 case HCI_EV_SYNC_CONN_COMPLETE:
3085 hci_sync_conn_complete_evt(hdev, skb);
3088 case HCI_EV_SYNC_CONN_CHANGED:
3089 hci_sync_conn_changed_evt(hdev, skb);
3092 case HCI_EV_SNIFF_SUBRATE:
3093 hci_sniff_subrate_evt(hdev, skb);
3096 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3097 hci_extended_inquiry_result_evt(hdev, skb);
3100 case HCI_EV_IO_CAPA_REQUEST:
3101 hci_io_capa_request_evt(hdev, skb);
3104 case HCI_EV_IO_CAPA_REPLY:
3105 hci_io_capa_reply_evt(hdev, skb);
3108 case HCI_EV_USER_CONFIRM_REQUEST:
3109 hci_user_confirm_request_evt(hdev, skb);
3112 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3113 hci_simple_pair_complete_evt(hdev, skb);
3116 case HCI_EV_REMOTE_HOST_FEATURES:
3117 hci_remote_host_features_evt(hdev, skb);
3120 case HCI_EV_LE_META:
3121 hci_le_meta_evt(hdev, skb);
3124 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3125 hci_remote_oob_data_request_evt(hdev, skb);
3129 BT_DBG("%s event 0x%x", hdev->name, event);
3134 hdev->stat.evt_rx++;
3137 /* Generate internal stack event */
3138 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3140 struct hci_event_hdr *hdr;
3141 struct hci_ev_stack_internal *ev;
3142 struct sk_buff *skb;
3144 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3148 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3149 hdr->evt = HCI_EV_STACK_INTERNAL;
3150 hdr->plen = sizeof(*ev) + dlen;
3152 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3154 memcpy(ev->data, data, dlen);
3156 bt_cb(skb)->incoming = 1;
3157 __net_timestamp(skb);
3159 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3160 skb->dev = (void *) hdev;
3161 hci_send_to_sock(hdev, skb, NULL);
3165 module_param(enable_le, bool, 0644);
3166 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / profile / ivi / kernel-adaptation-intel-automotive.git / blob