2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 #ifdef CONFIG_TIZEN_WIP
55 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
57 /* In latest kernel, smp_mb__after_clear_bit is replaced with
58 * smp_mb__after_atomic. So, if kernel is migrated to latest,
59 * then below code should be enabled
61 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
63 wake_up_bit(&hdev->flags, HCI_INQUIRY);
66 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
69 hci_conn_check_pending(hdev);
72 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 __u8 status = *((__u8 *) skb->data);
76 BT_DBG("%s status 0x%2.2x", hdev->name, status);
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86 __u8 status = *((__u8 *) skb->data);
88 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
95 hci_conn_check_pending(hdev);
98 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
101 BT_DBG("%s", hdev->name);
104 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
106 struct hci_rp_role_discovery *rp = (void *) skb->data;
107 struct hci_conn *conn;
109 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
118 conn->role = rp->role;
120 hci_dev_unlock(hdev);
123 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
125 struct hci_rp_read_link_policy *rp = (void *) skb->data;
126 struct hci_conn *conn;
128 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
137 conn->link_policy = __le16_to_cpu(rp->policy);
139 hci_dev_unlock(hdev);
142 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
144 struct hci_rp_write_link_policy *rp = (void *) skb->data;
145 #ifdef CONFIG_TIZEN_WIP
146 struct hci_cp_write_link_policy cp;
147 struct hci_conn *sco_conn;
149 struct hci_conn *conn;
152 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
165 conn->link_policy = get_unaligned_le16(sent + 2);
166 #ifdef CONFIG_TIZEN_WIP
167 sco_conn = hci_conn_hash_lookup_sco(hdev);
168 if (sco_conn && conn && bacmp(&sco_conn->dst, &conn->dst) == 0 &&
169 conn->link_policy & HCI_LP_SNIFF) {
170 BT_ERR("SNIFF is not allowed during sco connection");
171 cp.handle = __cpu_to_le16(conn->handle);
172 cp.policy = __cpu_to_le16(conn->link_policy & ~HCI_LP_SNIFF);
173 hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
177 hci_dev_unlock(hdev);
180 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
183 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
190 hdev->link_policy = __le16_to_cpu(rp->policy);
193 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
196 __u8 status = *((__u8 *) skb->data);
199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
208 hdev->link_policy = get_unaligned_le16(sent);
211 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
213 __u8 status = *((__u8 *) skb->data);
215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
217 clear_bit(HCI_RESET, &hdev->flags);
222 /* Reset all non-persistent flags */
223 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
225 hdev->discovery.state = DISCOVERY_STOPPED;
226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
235 hdev->le_scan_type = LE_SCAN_PASSIVE;
237 hdev->ssp_debug_mode = 0;
239 hci_bdaddr_list_clear(&hdev->le_white_list);
242 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
245 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
246 struct hci_cp_read_stored_link_key *sent;
248 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
254 if (!rp->status && sent->read_all == 0x01) {
255 hdev->stored_max_keys = rp->max_keys;
256 hdev->stored_num_keys = rp->num_keys;
260 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
263 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
270 if (rp->num_keys <= hdev->stored_num_keys)
271 hdev->stored_num_keys -= rp->num_keys;
273 hdev->stored_num_keys = 0;
276 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278 __u8 status = *((__u8 *) skb->data);
281 BT_DBG("%s status 0x%2.2x", hdev->name, status);
283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
289 if (test_bit(HCI_MGMT, &hdev->dev_flags))
290 mgmt_set_local_name_complete(hdev, sent, status);
292 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
294 hci_dev_unlock(hdev);
297 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299 struct hci_rp_read_local_name *rp = (void *) skb->data;
301 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
306 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
307 test_bit(HCI_CONFIG, &hdev->dev_flags))
308 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
311 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313 __u8 status = *((__u8 *) skb->data);
316 BT_DBG("%s status 0x%2.2x", hdev->name, status);
318 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
325 __u8 param = *((__u8 *) sent);
327 if (param == AUTH_ENABLED)
328 set_bit(HCI_AUTH, &hdev->flags);
330 clear_bit(HCI_AUTH, &hdev->flags);
333 if (test_bit(HCI_MGMT, &hdev->dev_flags))
334 mgmt_auth_enable_complete(hdev, status);
336 hci_dev_unlock(hdev);
339 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
341 __u8 status = *((__u8 *) skb->data);
345 BT_DBG("%s status 0x%2.2x", hdev->name, status);
350 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
354 param = *((__u8 *) sent);
357 set_bit(HCI_ENCRYPT, &hdev->flags);
359 clear_bit(HCI_ENCRYPT, &hdev->flags);
362 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364 __u8 status = *((__u8 *) skb->data);
368 BT_DBG("%s status 0x%2.2x", hdev->name, status);
370 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
374 param = *((__u8 *) sent);
379 hdev->discov_timeout = 0;
383 if (param & SCAN_INQUIRY)
384 set_bit(HCI_ISCAN, &hdev->flags);
386 clear_bit(HCI_ISCAN, &hdev->flags);
388 if (param & SCAN_PAGE)
389 set_bit(HCI_PSCAN, &hdev->flags);
391 clear_bit(HCI_PSCAN, &hdev->flags);
394 hci_dev_unlock(hdev);
397 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
401 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
406 memcpy(hdev->dev_class, rp->dev_class, 3);
408 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
409 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
412 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
414 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%2.2x", hdev->name, status);
419 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
426 memcpy(hdev->dev_class, sent, 3);
428 if (test_bit(HCI_MGMT, &hdev->dev_flags))
429 mgmt_set_class_of_dev_complete(hdev, sent, status);
431 hci_dev_unlock(hdev);
434 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
436 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
439 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
444 setting = __le16_to_cpu(rp->voice_setting);
446 if (hdev->voice_setting == setting)
449 hdev->voice_setting = setting;
451 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
454 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
457 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
460 __u8 status = *((__u8 *) skb->data);
464 BT_DBG("%s status 0x%2.2x", hdev->name, status);
469 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
473 setting = get_unaligned_le16(sent);
475 if (hdev->voice_setting == setting)
478 hdev->voice_setting = setting;
480 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
483 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
486 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
489 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
491 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
496 hdev->num_iac = rp->num_iac;
498 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
501 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
503 __u8 status = *((__u8 *) skb->data);
504 struct hci_cp_write_ssp_mode *sent;
506 BT_DBG("%s status 0x%2.2x", hdev->name, status);
508 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
516 hdev->features[1][0] |= LMP_HOST_SSP;
518 hdev->features[1][0] &= ~LMP_HOST_SSP;
521 if (test_bit(HCI_MGMT, &hdev->dev_flags))
522 mgmt_ssp_enable_complete(hdev, sent->mode, status);
525 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
527 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
530 hci_dev_unlock(hdev);
533 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
535 u8 status = *((u8 *) skb->data);
536 struct hci_cp_write_sc_support *sent;
538 BT_DBG("%s status 0x%2.2x", hdev->name, status);
540 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
548 hdev->features[1][0] |= LMP_HOST_SC;
550 hdev->features[1][0] &= ~LMP_HOST_SC;
553 if (!test_bit(HCI_MGMT, &hdev->dev_flags) && !status) {
555 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
557 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
560 hci_dev_unlock(hdev);
563 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
565 struct hci_rp_read_local_version *rp = (void *) skb->data;
567 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
572 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
573 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
574 hdev->hci_ver = rp->hci_ver;
575 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
576 hdev->lmp_ver = rp->lmp_ver;
577 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
578 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
582 static void hci_cc_read_local_commands(struct hci_dev *hdev,
585 struct hci_rp_read_local_commands *rp = (void *) skb->data;
587 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
592 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
593 test_bit(HCI_CONFIG, &hdev->dev_flags))
594 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
597 static void hci_cc_read_local_features(struct hci_dev *hdev,
600 struct hci_rp_read_local_features *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607 memcpy(hdev->features, rp->features, 8);
609 /* Adjust default settings according to features
610 * supported by device. */
612 if (hdev->features[0][0] & LMP_3SLOT)
613 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
615 if (hdev->features[0][0] & LMP_5SLOT)
616 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
618 if (hdev->features[0][1] & LMP_HV2) {
619 hdev->pkt_type |= (HCI_HV2);
620 hdev->esco_type |= (ESCO_HV2);
623 if (hdev->features[0][1] & LMP_HV3) {
624 hdev->pkt_type |= (HCI_HV3);
625 hdev->esco_type |= (ESCO_HV3);
628 if (lmp_esco_capable(hdev))
629 hdev->esco_type |= (ESCO_EV3);
631 if (hdev->features[0][4] & LMP_EV4)
632 hdev->esco_type |= (ESCO_EV4);
634 if (hdev->features[0][4] & LMP_EV5)
635 hdev->esco_type |= (ESCO_EV5);
637 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
638 hdev->esco_type |= (ESCO_2EV3);
640 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
641 hdev->esco_type |= (ESCO_3EV3);
643 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
644 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
647 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
650 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
652 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
657 if (hdev->max_page < rp->max_page)
658 hdev->max_page = rp->max_page;
660 if (rp->page < HCI_MAX_PAGES)
661 memcpy(hdev->features[rp->page], rp->features, 8);
664 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
667 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
669 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
674 hdev->flow_ctl_mode = rp->mode;
677 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
679 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
686 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
687 hdev->sco_mtu = rp->sco_mtu;
688 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
689 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
691 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
696 hdev->acl_cnt = hdev->acl_pkts;
697 hdev->sco_cnt = hdev->sco_pkts;
699 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
700 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
703 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
705 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
707 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712 if (test_bit(HCI_INIT, &hdev->flags))
713 bacpy(&hdev->bdaddr, &rp->bdaddr);
715 if (test_bit(HCI_SETUP, &hdev->dev_flags))
716 bacpy(&hdev->setup_addr, &rp->bdaddr);
719 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
722 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 if (test_bit(HCI_INIT, &hdev->flags)) {
730 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
731 hdev->page_scan_window = __le16_to_cpu(rp->window);
735 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
738 u8 status = *((u8 *) skb->data);
739 struct hci_cp_write_page_scan_activity *sent;
741 BT_DBG("%s status 0x%2.2x", hdev->name, status);
746 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
750 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
751 hdev->page_scan_window = __le16_to_cpu(sent->window);
754 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
757 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
759 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
764 if (test_bit(HCI_INIT, &hdev->flags))
765 hdev->page_scan_type = rp->type;
768 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
771 u8 status = *((u8 *) skb->data);
774 BT_DBG("%s status 0x%2.2x", hdev->name, status);
779 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
781 hdev->page_scan_type = *type;
784 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
787 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
789 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
794 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
795 hdev->block_len = __le16_to_cpu(rp->block_len);
796 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
798 hdev->block_cnt = hdev->num_blocks;
800 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
801 hdev->block_cnt, hdev->block_len);
804 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
806 struct hci_rp_read_clock *rp = (void *) skb->data;
807 struct hci_cp_read_clock *cp;
808 struct hci_conn *conn;
810 BT_DBG("%s", hdev->name);
812 if (skb->len < sizeof(*rp))
820 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
824 if (cp->which == 0x00) {
825 hdev->clock = le32_to_cpu(rp->clock);
829 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
831 conn->clock = le32_to_cpu(rp->clock);
832 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
836 hci_dev_unlock(hdev);
839 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
842 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
849 hdev->amp_status = rp->amp_status;
850 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
851 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
852 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
853 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
854 hdev->amp_type = rp->amp_type;
855 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
856 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
857 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
858 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 a2mp_send_getinfo_rsp(hdev);
864 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
867 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
868 struct amp_assoc *assoc = &hdev->loc_assoc;
869 size_t rem_len, frag_len;
871 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
876 frag_len = skb->len - sizeof(*rp);
877 rem_len = __le16_to_cpu(rp->rem_len);
879 if (rem_len > frag_len) {
880 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
882 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
883 assoc->offset += frag_len;
885 /* Read other fragments */
886 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
891 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
892 assoc->len = assoc->offset + rem_len;
896 /* Send A2MP Rsp when all fragments are received */
897 a2mp_send_getampassoc_rsp(hdev, rp->status);
898 a2mp_send_create_phy_link_req(hdev, rp->status);
901 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
904 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
911 hdev->inq_tx_power = rp->tx_power;
914 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
917 struct hci_cp_pin_code_reply *cp;
918 struct hci_conn *conn;
920 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
924 if (test_bit(HCI_MGMT, &hdev->dev_flags))
925 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
930 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
934 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 conn->pin_length = cp->pin_len;
939 hci_dev_unlock(hdev);
942 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950 if (test_bit(HCI_MGMT, &hdev->dev_flags))
951 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
954 hci_dev_unlock(hdev);
957 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
967 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
968 hdev->le_pkts = rp->le_max_pkt;
970 hdev->le_cnt = hdev->le_pkts;
972 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
978 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
980 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 memcpy(hdev->le_features, rp->features, 8);
988 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
991 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
993 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
998 hdev->adv_tx_power = rp->tx_power;
1001 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1013 hci_dev_unlock(hdev);
1016 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1025 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1026 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1027 ACL_LINK, 0, rp->status);
1029 hci_dev_unlock(hdev);
1032 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1034 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1036 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1040 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1041 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1044 hci_dev_unlock(hdev);
1047 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1048 struct sk_buff *skb)
1050 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1052 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1056 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1057 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1058 ACL_LINK, 0, rp->status);
1060 hci_dev_unlock(hdev);
1063 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1068 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1071 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1073 hci_dev_unlock(hdev);
1076 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1077 struct sk_buff *skb)
1079 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1081 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1084 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1085 rp->hash256, rp->rand256,
1087 hci_dev_unlock(hdev);
1091 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1093 __u8 status = *((__u8 *) skb->data);
1096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1101 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1107 bacpy(&hdev->random_addr, sent);
1109 hci_dev_unlock(hdev);
1112 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1114 __u8 *sent, status = *((__u8 *) skb->data);
1116 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1121 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1127 /* If we're doing connection initiation as peripheral. Set a
1128 * timeout in case something goes wrong.
1131 struct hci_conn *conn;
1133 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1135 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1137 queue_delayed_work(hdev->workqueue,
1138 &conn->le_conn_timeout,
1139 conn->conn_timeout);
1141 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1144 hci_dev_unlock(hdev);
1147 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1149 struct hci_cp_le_set_scan_param *cp;
1150 __u8 status = *((__u8 *) skb->data);
1152 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1163 hdev->le_scan_type = cp->type;
1165 hci_dev_unlock(hdev);
1168 static bool has_pending_adv_report(struct hci_dev *hdev)
1170 struct discovery_state *d = &hdev->discovery;
1172 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1175 static void clear_pending_adv_report(struct hci_dev *hdev)
1177 struct discovery_state *d = &hdev->discovery;
1179 bacpy(&d->last_adv_addr, BDADDR_ANY);
1180 d->last_adv_data_len = 0;
1183 #ifndef CONFIG_TIZEN_WIP
1184 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1185 u8 bdaddr_type, s8 rssi, u32 flags,
1188 struct discovery_state *d = &hdev->discovery;
1190 bacpy(&d->last_adv_addr, bdaddr);
1191 d->last_adv_addr_type = bdaddr_type;
1192 d->last_adv_rssi = rssi;
1193 d->last_adv_flags = flags;
1194 memcpy(d->last_adv_data, data, len);
1195 d->last_adv_data_len = len;
1199 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1202 struct hci_cp_le_set_scan_enable *cp;
1203 __u8 status = *((__u8 *) skb->data);
1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1210 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1216 switch (cp->enable) {
1217 case LE_SCAN_ENABLE:
1218 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1219 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1220 clear_pending_adv_report(hdev);
1223 case LE_SCAN_DISABLE:
1224 /* We do this here instead of when setting DISCOVERY_STOPPED
1225 * since the latter would potentially require waiting for
1226 * inquiry to stop too.
1228 if (has_pending_adv_report(hdev)) {
1229 struct discovery_state *d = &hdev->discovery;
1231 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1232 d->last_adv_addr_type, NULL,
1233 d->last_adv_rssi, d->last_adv_flags,
1235 d->last_adv_data_len, NULL, 0);
1238 /* Cancel this timer so that we don't try to disable scanning
1239 * when it's already disabled.
1241 cancel_delayed_work(&hdev->le_scan_disable);
1243 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1245 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1246 * interrupted scanning due to a connect request. Mark
1247 * therefore discovery as stopped. If this was not
1248 * because of a connect request advertising might have
1249 * been disabled because of active scanning, so
1250 * re-enable it again if necessary.
1252 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1254 #ifndef CONFIG_TIZEN_WIP /* The below line is kernel bug. */
1255 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1257 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
1259 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
1260 hdev->discovery.state == DISCOVERY_FINDING)
1261 mgmt_reenable_advertising(hdev);
1266 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1270 hci_dev_unlock(hdev);
1273 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1274 struct sk_buff *skb)
1276 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1278 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1283 hdev->le_white_list_size = rp->size;
1286 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1287 struct sk_buff *skb)
1289 __u8 status = *((__u8 *) skb->data);
1291 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1296 hci_bdaddr_list_clear(&hdev->le_white_list);
1299 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1300 struct sk_buff *skb)
1302 struct hci_cp_le_add_to_white_list *sent;
1303 __u8 status = *((__u8 *) skb->data);
1305 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1310 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1314 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1318 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1319 struct sk_buff *skb)
1321 struct hci_cp_le_del_from_white_list *sent;
1322 __u8 status = *((__u8 *) skb->data);
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1329 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1333 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1337 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1338 struct sk_buff *skb)
1340 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1347 memcpy(hdev->le_states, rp->le_states, 8);
1350 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1351 struct sk_buff *skb)
1353 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1355 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1357 #ifdef CONFIG_TIZEN_WIP
1364 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1365 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1367 #ifdef CONFIG_TIZEN_WIP
1368 mgmt_le_read_host_suggested_data_length_complete(hdev, rp->status);
1370 hci_dev_unlock(hdev);
1374 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1375 struct sk_buff *skb)
1377 struct hci_cp_le_write_def_data_len *sent;
1378 __u8 status = *((__u8 *) skb->data);
1380 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1383 #ifndef CONFIG_TIZEN_WIP
1389 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1391 #ifndef CONFIG_TIZEN_WIP
1397 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1398 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1400 #ifdef CONFIG_TIZEN_WIP
1402 mgmt_le_write_host_suggested_data_length_complete(hdev, status);
1406 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1407 struct sk_buff *skb)
1409 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1411 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1413 #ifndef CONFIG_TIZEN_WIP
1420 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1421 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1422 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1423 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1425 #ifdef CONFIG_TIZEN_WIP
1426 mgmt_le_read_maximum_data_length_complete(hdev, rp->status);
1427 hci_dev_unlock(hdev);
1431 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1432 struct sk_buff *skb)
1434 struct hci_cp_write_le_host_supported *sent;
1435 __u8 status = *((__u8 *) skb->data);
1437 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1442 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1449 hdev->features[1][0] |= LMP_HOST_LE;
1450 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1452 hdev->features[1][0] &= ~LMP_HOST_LE;
1453 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1454 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1458 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1460 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1462 hci_dev_unlock(hdev);
1465 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1467 struct hci_cp_le_set_adv_param *cp;
1468 u8 status = *((u8 *) skb->data);
1470 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1475 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1480 hdev->adv_addr_type = cp->own_address_type;
1481 hci_dev_unlock(hdev);
1484 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1485 struct sk_buff *skb)
1487 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1489 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1490 hdev->name, rp->status, rp->phy_handle);
1495 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1497 #ifdef CONFIG_TIZEN_WIP
1498 /* BEGIN TIZEN_Bluetooth :: Handle RSSI monitoring */
1499 static void hci_cc_enable_rssi(struct hci_dev *hdev,
1500 struct sk_buff *skb)
1502 struct hci_cc_rsp_enable_rssi *rp = (void *) skb->data;
1504 BT_DBG("hci_cc_enable_rssi - %s status 0x%2.2x Event_LE_ext_Opcode 0x%2.2x",
1505 hdev->name, rp->status, rp->le_ext_opcode);
1507 mgmt_enable_rssi_cc(hdev, rp, rp->status);
1510 static void hci_cc_get_raw_rssi(struct hci_dev *hdev,
1511 struct sk_buff *skb)
1513 struct hci_cc_rp_get_raw_rssi *rp = (void *) skb->data;
1515 BT_DBG("hci_cc_get_raw_rssi- %s Get Raw Rssi Response[%2.2x %4.4x %2.2X]",
1516 hdev->name, rp->status, rp->conn_handle, rp->rssi_dbm);
1518 mgmt_raw_rssi_response(hdev, rp, rp->status);
1520 /* END TIZEN_Bluetooth :: Handle RSSI monitoring */
1522 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1524 struct hci_rp_read_rssi *rp = (void *) skb->data;
1525 struct hci_conn *conn;
1527 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1536 conn->rssi = rp->rssi;
1538 hci_dev_unlock(hdev);
1541 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1543 struct hci_cp_read_tx_power *sent;
1544 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1545 struct hci_conn *conn;
1547 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1552 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1558 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1562 switch (sent->type) {
1564 conn->tx_power = rp->tx_power;
1567 conn->max_tx_power = rp->tx_power;
1572 hci_dev_unlock(hdev);
1575 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1577 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1580 hci_conn_check_pending(hdev);
1584 set_bit(HCI_INQUIRY, &hdev->flags);
1587 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1589 struct hci_cp_create_conn *cp;
1590 struct hci_conn *conn;
1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1602 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1605 #ifdef CONFIG_TIZEN_WIP
1607 BT_ERR("ACL Connection Already Exists on cs_create_con");
1609 if (conn && conn->state == BT_CONNECT && status != 0x0b) {
1611 if (conn && conn->state == BT_CONNECT) {
1613 if (status != 0x0c || conn->attempt > 2) {
1614 conn->state = BT_CLOSED;
1615 hci_proto_connect_cfm(conn, status);
1618 conn->state = BT_CONNECT2;
1622 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1625 BT_ERR("No memory for new connection");
1629 hci_dev_unlock(hdev);
1632 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1634 struct hci_cp_add_sco *cp;
1635 struct hci_conn *acl, *sco;
1638 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1643 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1647 handle = __le16_to_cpu(cp->handle);
1649 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1653 acl = hci_conn_hash_lookup_handle(hdev, handle);
1657 sco->state = BT_CLOSED;
1659 hci_proto_connect_cfm(sco, status);
1664 hci_dev_unlock(hdev);
1667 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1669 struct hci_cp_auth_requested *cp;
1670 struct hci_conn *conn;
1672 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1677 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1683 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1685 if (conn->state == BT_CONFIG) {
1686 hci_proto_connect_cfm(conn, status);
1687 hci_conn_drop(conn);
1691 hci_dev_unlock(hdev);
1694 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1696 struct hci_cp_set_conn_encrypt *cp;
1697 struct hci_conn *conn;
1699 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1704 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1710 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1712 if (conn->state == BT_CONFIG) {
1713 hci_proto_connect_cfm(conn, status);
1714 hci_conn_drop(conn);
1718 hci_dev_unlock(hdev);
1721 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1722 struct hci_conn *conn)
1724 if (conn->state != BT_CONFIG || !conn->out)
1727 if (conn->pending_sec_level == BT_SECURITY_SDP)
1730 /* Only request authentication for SSP connections or non-SSP
1731 * devices with sec_level MEDIUM or HIGH or if MITM protection
1734 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1735 conn->pending_sec_level != BT_SECURITY_FIPS &&
1736 conn->pending_sec_level != BT_SECURITY_HIGH &&
1737 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1743 static int hci_resolve_name(struct hci_dev *hdev,
1744 struct inquiry_entry *e)
1746 struct hci_cp_remote_name_req cp;
1748 memset(&cp, 0, sizeof(cp));
1750 bacpy(&cp.bdaddr, &e->data.bdaddr);
1751 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1752 cp.pscan_mode = e->data.pscan_mode;
1753 cp.clock_offset = e->data.clock_offset;
1755 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1758 static bool hci_resolve_next_name(struct hci_dev *hdev)
1760 struct discovery_state *discov = &hdev->discovery;
1761 struct inquiry_entry *e;
1763 if (list_empty(&discov->resolve))
1766 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1770 if (hci_resolve_name(hdev, e) == 0) {
1771 e->name_state = NAME_PENDING;
1778 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1779 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1781 struct discovery_state *discov = &hdev->discovery;
1782 struct inquiry_entry *e;
1784 /* BEGIN TIZEN_Bluetooth :: name update changes */
1785 #ifdef CONFIG_TIZEN_WIP
1786 /* Update the mgmt connected state if necessary. Be careful with
1787 * conn objects that exist but are not (yet) connected however.
1788 * Only those in BT_CONFIG or BT_CONNECTED states can be
1789 * considered connected.
1791 if (conn && (conn->state == BT_CONFIG || conn->state == BT_CONNECTED)) {
1792 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1793 mgmt_device_connected(hdev, conn, 0, name, name_len);
1795 mgmt_device_name_update(hdev, bdaddr, name, name_len);
1799 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1800 mgmt_device_connected(hdev, conn, 0, name, name_len);
1801 /* END TIZEN_Bluetooth :: name update changes */
1803 if (discov->state == DISCOVERY_STOPPED)
1806 if (discov->state == DISCOVERY_STOPPING)
1807 goto discov_complete;
1809 if (discov->state != DISCOVERY_RESOLVING)
1812 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1813 /* If the device was not found in a list of found devices names of which
1814 * are pending. there is no need to continue resolving a next name as it
1815 * will be done upon receiving another Remote Name Request Complete
1822 e->name_state = NAME_KNOWN;
1823 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1824 e->data.rssi, name, name_len);
1826 e->name_state = NAME_NOT_KNOWN;
1829 if (hci_resolve_next_name(hdev))
1833 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1836 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1838 struct hci_cp_remote_name_req *cp;
1839 struct hci_conn *conn;
1841 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1843 /* If successful wait for the name req complete event before
1844 * checking for the need to do authentication */
1848 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1854 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1856 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1857 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1862 if (!hci_outgoing_auth_needed(hdev, conn))
1865 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1866 struct hci_cp_auth_requested auth_cp;
1868 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1870 auth_cp.handle = __cpu_to_le16(conn->handle);
1871 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1872 sizeof(auth_cp), &auth_cp);
1876 hci_dev_unlock(hdev);
1879 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1881 struct hci_cp_read_remote_features *cp;
1882 struct hci_conn *conn;
1884 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1889 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1895 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1897 if (conn->state == BT_CONFIG) {
1898 hci_proto_connect_cfm(conn, status);
1899 hci_conn_drop(conn);
1903 hci_dev_unlock(hdev);
1906 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1908 struct hci_cp_read_remote_ext_features *cp;
1909 struct hci_conn *conn;
1911 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1916 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1922 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1924 if (conn->state == BT_CONFIG) {
1925 hci_proto_connect_cfm(conn, status);
1926 hci_conn_drop(conn);
1930 hci_dev_unlock(hdev);
1933 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1935 struct hci_cp_setup_sync_conn *cp;
1936 struct hci_conn *acl, *sco;
1939 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1944 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1948 handle = __le16_to_cpu(cp->handle);
1950 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1954 acl = hci_conn_hash_lookup_handle(hdev, handle);
1958 sco->state = BT_CLOSED;
1960 hci_proto_connect_cfm(sco, status);
1965 hci_dev_unlock(hdev);
1968 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1970 struct hci_cp_sniff_mode *cp;
1971 struct hci_conn *conn;
1973 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1978 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1984 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1986 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1988 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1989 hci_sco_setup(conn, status);
1992 hci_dev_unlock(hdev);
1995 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1997 struct hci_cp_exit_sniff_mode *cp;
1998 struct hci_conn *conn;
2000 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2005 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
2011 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2013 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
2015 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2016 hci_sco_setup(conn, status);
2019 hci_dev_unlock(hdev);
2022 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
2024 struct hci_cp_disconnect *cp;
2025 struct hci_conn *conn;
2030 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2036 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2038 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2039 conn->dst_type, status);
2041 hci_dev_unlock(hdev);
2044 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
2046 struct hci_cp_create_phy_link *cp;
2048 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2050 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
2057 struct hci_conn *hcon;
2059 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
2063 amp_write_remote_assoc(hdev, cp->phy_handle);
2066 hci_dev_unlock(hdev);
2069 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
2071 struct hci_cp_accept_phy_link *cp;
2073 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2078 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
2082 amp_write_remote_assoc(hdev, cp->phy_handle);
2085 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2087 struct hci_cp_le_create_conn *cp;
2088 struct hci_conn *conn;
2090 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2092 /* All connection failure handling is taken care of by the
2093 * hci_le_conn_failed function which is triggered by the HCI
2094 * request completion callbacks used for connecting.
2099 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2105 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
2109 /* Store the initiator and responder address information which
2110 * is needed for SMP. These values will not change during the
2111 * lifetime of the connection.
2113 conn->init_addr_type = cp->own_address_type;
2114 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
2115 bacpy(&conn->init_addr, &hdev->random_addr);
2117 bacpy(&conn->init_addr, &hdev->bdaddr);
2119 conn->resp_addr_type = cp->peer_addr_type;
2120 bacpy(&conn->resp_addr, &cp->peer_addr);
2122 /* We don't want the connection attempt to stick around
2123 * indefinitely since LE doesn't have a page timeout concept
2124 * like BR/EDR. Set a timer for any connection that doesn't use
2125 * the white list for connecting.
2127 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
2128 queue_delayed_work(conn->hdev->workqueue,
2129 &conn->le_conn_timeout,
2130 conn->conn_timeout);
2133 hci_dev_unlock(hdev);
2136 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2138 struct hci_cp_le_start_enc *cp;
2139 struct hci_conn *conn;
2141 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2148 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2156 if (conn->state != BT_CONNECTED)
2159 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2160 hci_conn_drop(conn);
2163 hci_dev_unlock(hdev);
2166 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2168 struct hci_cp_switch_role *cp;
2169 struct hci_conn *conn;
2171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2176 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2184 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2186 hci_dev_unlock(hdev);
2189 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2191 __u8 status = *((__u8 *) skb->data);
2192 struct discovery_state *discov = &hdev->discovery;
2193 struct inquiry_entry *e;
2195 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2197 hci_conn_check_pending(hdev);
2199 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2202 #ifdef CONFIG_TIZEN_WIP
2203 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
2205 /* In latest kernel, smp_mb__after_clear_bit is replaced with
2206 * smp_mb__after_atomic. So, if kernel is migrated to latest,
2207 * then below code should be enabled
2209 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2211 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2213 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2218 if (discov->state != DISCOVERY_FINDING)
2221 if (list_empty(&discov->resolve)) {
2222 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2226 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2227 if (e && hci_resolve_name(hdev, e) == 0) {
2228 e->name_state = NAME_PENDING;
2229 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2231 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2235 hci_dev_unlock(hdev);
2238 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2240 struct inquiry_data data;
2241 struct inquiry_info *info = (void *) (skb->data + 1);
2242 int num_rsp = *((__u8 *) skb->data);
2244 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2249 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2254 for (; num_rsp; num_rsp--, info++) {
2257 bacpy(&data.bdaddr, &info->bdaddr);
2258 data.pscan_rep_mode = info->pscan_rep_mode;
2259 data.pscan_period_mode = info->pscan_period_mode;
2260 data.pscan_mode = info->pscan_mode;
2261 memcpy(data.dev_class, info->dev_class, 3);
2262 data.clock_offset = info->clock_offset;
2263 data.rssi = HCI_RSSI_INVALID;
2264 data.ssp_mode = 0x00;
2266 flags = hci_inquiry_cache_update(hdev, &data, false);
2268 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2269 info->dev_class, HCI_RSSI_INVALID,
2270 flags, NULL, 0, NULL, 0);
2273 hci_dev_unlock(hdev);
2276 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2278 struct hci_ev_conn_complete *ev = (void *) skb->data;
2279 struct hci_conn *conn;
2281 BT_DBG("%s", hdev->name);
2285 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2287 if (ev->link_type != SCO_LINK)
2290 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2294 conn->type = SCO_LINK;
2298 conn->handle = __le16_to_cpu(ev->handle);
2300 if (conn->type == ACL_LINK) {
2301 conn->state = BT_CONFIG;
2302 hci_conn_hold(conn);
2304 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2305 !hci_find_link_key(hdev, &ev->bdaddr))
2306 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2308 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2310 conn->state = BT_CONNECTED;
2312 hci_debugfs_create_conn(conn);
2313 hci_conn_add_sysfs(conn);
2315 if (test_bit(HCI_AUTH, &hdev->flags))
2316 set_bit(HCI_CONN_AUTH, &conn->flags);
2318 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2319 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2321 /* Get remote features */
2322 if (conn->type == ACL_LINK) {
2323 struct hci_cp_read_remote_features cp;
2324 cp.handle = ev->handle;
2325 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2328 hci_update_page_scan(hdev);
2331 /* Set packet type for incoming connection */
2332 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2333 struct hci_cp_change_conn_ptype cp;
2334 cp.handle = ev->handle;
2335 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2336 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2340 #ifdef CONFIG_TIZEN_WIP
2341 if ((get_link_mode(conn)) & HCI_LM_MASTER)
2342 hci_conn_change_supervision_timeout(conn,
2343 LINK_SUPERVISION_TIMEOUT);
2344 } else if (ev->status == 0x0b) {
2345 BT_ERR("ACL connection already exists, this evt is ignored");
2348 conn->state = BT_CLOSED;
2349 if (conn->type == ACL_LINK)
2350 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2351 conn->dst_type, ev->status);
2354 if (conn->type == ACL_LINK)
2355 hci_sco_setup(conn, ev->status);
2357 #ifdef CONFIG_TIZEN_WIP
2358 if (ev->status && ev->status != 0x0b) {
2362 hci_proto_connect_cfm(conn, ev->status);
2364 } else if (ev->link_type != ACL_LINK)
2365 hci_proto_connect_cfm(conn, ev->status);
2368 hci_dev_unlock(hdev);
2370 hci_conn_check_pending(hdev);
2373 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2375 struct hci_cp_reject_conn_req cp;
2377 bacpy(&cp.bdaddr, bdaddr);
2378 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2379 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2382 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2384 struct hci_ev_conn_request *ev = (void *) skb->data;
2385 int mask = hdev->link_mode;
2386 struct inquiry_entry *ie;
2387 struct hci_conn *conn;
2390 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2393 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2396 if (!(mask & HCI_LM_ACCEPT)) {
2397 hci_reject_conn(hdev, &ev->bdaddr);
2401 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2403 hci_reject_conn(hdev, &ev->bdaddr);
2407 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2408 * connection. These features are only touched through mgmt so
2409 * only do the checks if HCI_MGMT is set.
2411 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2412 !test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2413 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2415 hci_reject_conn(hdev, &ev->bdaddr);
2419 /* Connection accepted */
2423 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2425 memcpy(ie->data.dev_class, ev->dev_class, 3);
2427 #ifdef CONFIG_TIZEN_WIP
2428 if ((ev->link_type == SCO_LINK || ev->link_type == ESCO_LINK) &&
2429 hci_conn_hash_lookup_sco(hdev)) {
2430 struct hci_cp_reject_conn_req cp;
2432 bacpy(&cp.bdaddr, &ev->bdaddr);
2433 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2434 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ,
2436 hci_dev_unlock(hdev);
2440 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2443 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2446 BT_ERR("No memory for new connection");
2447 hci_dev_unlock(hdev);
2452 memcpy(conn->dev_class, ev->dev_class, 3);
2454 hci_dev_unlock(hdev);
2456 if (ev->link_type == ACL_LINK ||
2457 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2458 struct hci_cp_accept_conn_req cp;
2459 conn->state = BT_CONNECT;
2461 bacpy(&cp.bdaddr, &ev->bdaddr);
2463 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2464 cp.role = 0x00; /* Become master */
2466 cp.role = 0x01; /* Remain slave */
2468 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2469 } else if (!(flags & HCI_PROTO_DEFER)) {
2470 struct hci_cp_accept_sync_conn_req cp;
2471 conn->state = BT_CONNECT;
2473 bacpy(&cp.bdaddr, &ev->bdaddr);
2474 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2476 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2477 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2478 cp.max_latency = cpu_to_le16(0xffff);
2479 cp.content_format = cpu_to_le16(hdev->voice_setting);
2480 cp.retrans_effort = 0xff;
2482 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2485 conn->state = BT_CONNECT2;
2486 hci_proto_connect_cfm(conn, 0);
2490 static u8 hci_to_mgmt_reason(u8 err)
2493 case HCI_ERROR_CONNECTION_TIMEOUT:
2494 return MGMT_DEV_DISCONN_TIMEOUT;
2495 case HCI_ERROR_REMOTE_USER_TERM:
2496 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2497 case HCI_ERROR_REMOTE_POWER_OFF:
2498 return MGMT_DEV_DISCONN_REMOTE;
2499 case HCI_ERROR_LOCAL_HOST_TERM:
2500 return MGMT_DEV_DISCONN_LOCAL_HOST;
2502 return MGMT_DEV_DISCONN_UNKNOWN;
2506 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2508 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2509 u8 reason = hci_to_mgmt_reason(ev->reason);
2510 struct hci_conn_params *params;
2511 struct hci_conn *conn;
2512 bool mgmt_connected;
2515 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2519 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2524 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2525 conn->dst_type, ev->status);
2529 conn->state = BT_CLOSED;
2531 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2532 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2533 reason, mgmt_connected);
2535 if (conn->type == ACL_LINK) {
2536 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2537 hci_remove_link_key(hdev, &conn->dst);
2539 hci_update_page_scan(hdev);
2542 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2544 switch (params->auto_connect) {
2545 case HCI_AUTO_CONN_LINK_LOSS:
2546 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2550 case HCI_AUTO_CONN_DIRECT:
2551 case HCI_AUTO_CONN_ALWAYS:
2552 list_del_init(¶ms->action);
2553 list_add(¶ms->action, &hdev->pend_le_conns);
2554 hci_update_background_scan(hdev);
2564 hci_proto_disconn_cfm(conn, ev->reason);
2567 /* Re-enable advertising if necessary, since it might
2568 * have been disabled by the connection. From the
2569 * HCI_LE_Set_Advertise_Enable command description in
2570 * the core specification (v4.0):
2571 * "The Controller shall continue advertising until the Host
2572 * issues an LE_Set_Advertise_Enable command with
2573 * Advertising_Enable set to 0x00 (Advertising is disabled)
2574 * or until a connection is created or until the Advertising
2575 * is timed out due to Directed Advertising."
2577 if (type == LE_LINK)
2578 mgmt_reenable_advertising(hdev);
2580 #ifdef CONFIG_TIZEN_WIP
2581 if (type == ACL_LINK && !hci_conn_num(hdev, ACL_LINK)) {
2585 iscan = test_bit(HCI_ISCAN, &hdev->flags);
2586 pscan = test_bit(HCI_PSCAN, &hdev->flags);
2587 if (!iscan && !pscan) {
2588 u8 scan_enable = SCAN_PAGE;
2590 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE,
2591 sizeof(scan_enable), &scan_enable);
2597 hci_dev_unlock(hdev);
2600 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2602 struct hci_ev_auth_complete *ev = (void *) skb->data;
2603 struct hci_conn *conn;
2605 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2613 #ifdef CONFIG_TIZEN_WIP /* PIN or Key Missing patch */
2614 BT_DBG("remote_auth %x, remote_cap %x, auth_type %x, io_capability %x",
2615 conn->remote_auth, conn->remote_cap,
2616 conn->auth_type, conn->io_capability);
2618 if (ev->status == 0x06) {
2619 struct hci_cp_auth_requested cp;
2620 BT_DBG("Pin or key missing");
2621 hci_remove_link_key(hdev, &conn->dst);
2622 cp.handle = cpu_to_le16(conn->handle);
2623 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp),
2629 if (!hci_conn_ssp_enabled(conn) &&
2630 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2631 BT_INFO("re-auth of legacy device is not possible.");
2633 set_bit(HCI_CONN_AUTH, &conn->flags);
2634 conn->sec_level = conn->pending_sec_level;
2637 mgmt_auth_failed(conn, ev->status);
2640 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2641 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2643 if (conn->state == BT_CONFIG) {
2644 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2645 struct hci_cp_set_conn_encrypt cp;
2646 cp.handle = ev->handle;
2648 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2651 conn->state = BT_CONNECTED;
2652 hci_proto_connect_cfm(conn, ev->status);
2653 hci_conn_drop(conn);
2656 hci_auth_cfm(conn, ev->status);
2658 hci_conn_hold(conn);
2659 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2660 hci_conn_drop(conn);
2663 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2665 struct hci_cp_set_conn_encrypt cp;
2666 cp.handle = ev->handle;
2668 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2671 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2672 hci_encrypt_cfm(conn, ev->status, 0x00);
2677 hci_dev_unlock(hdev);
2680 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2682 struct hci_ev_remote_name *ev = (void *) skb->data;
2683 struct hci_conn *conn;
2685 BT_DBG("%s", hdev->name);
2687 hci_conn_check_pending(hdev);
2691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2693 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2696 if (ev->status == 0)
2697 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2698 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2700 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2706 if (!hci_outgoing_auth_needed(hdev, conn))
2709 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2710 struct hci_cp_auth_requested cp;
2712 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2714 cp.handle = __cpu_to_le16(conn->handle);
2715 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2719 hci_dev_unlock(hdev);
2722 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2724 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2725 struct hci_conn *conn;
2727 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2731 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2737 /* Encryption implies authentication */
2738 set_bit(HCI_CONN_AUTH, &conn->flags);
2739 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2740 conn->sec_level = conn->pending_sec_level;
2742 /* Disable Secure connection implementation now */
2743 #ifdef CONFIG_TIZEN_WIP
2744 /* P-256 authentication key implies FIPS */
2745 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2746 set_bit(HCI_CONN_FIPS, &conn->flags);
2748 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2749 conn->type == LE_LINK)
2750 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2753 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2754 /* Disable Secure connection implementation now */
2755 #ifdef CONFIG_TIZEN_WIP
2756 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2761 /* We should disregard the current RPA and generate a new one
2762 * whenever the encryption procedure fails.
2764 if (ev->status && conn->type == LE_LINK)
2765 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2767 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2769 if (ev->status && conn->state == BT_CONNECTED) {
2770 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2771 hci_conn_drop(conn);
2775 if (conn->state == BT_CONFIG) {
2777 conn->state = BT_CONNECTED;
2779 /* Disable Secure connection implementation now */
2780 #ifdef CONFIG_TIZEN_WIP
2781 /* In Secure Connections Only mode, do not allow any
2782 * connections that are not encrypted with AES-CCM
2783 * using a P-256 authenticated combination key.
2785 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2786 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2787 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2788 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2789 hci_conn_drop(conn);
2793 hci_proto_connect_cfm(conn, ev->status);
2794 hci_conn_drop(conn);
2796 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2799 hci_dev_unlock(hdev);
2802 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2803 struct sk_buff *skb)
2805 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2806 struct hci_conn *conn;
2808 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2812 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2815 set_bit(HCI_CONN_SECURE, &conn->flags);
2817 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2819 hci_key_change_cfm(conn, ev->status);
2822 hci_dev_unlock(hdev);
2825 static void hci_remote_features_evt(struct hci_dev *hdev,
2826 struct sk_buff *skb)
2828 struct hci_ev_remote_features *ev = (void *) skb->data;
2829 struct hci_conn *conn;
2831 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2835 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2840 memcpy(conn->features[0], ev->features, 8);
2842 if (conn->state != BT_CONFIG)
2845 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2846 struct hci_cp_read_remote_ext_features cp;
2847 cp.handle = ev->handle;
2849 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2854 #ifdef CONFIG_SPRD_2331
2855 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2856 struct hci_cp_change_conn_ptype cp;
2857 memset(&cp, 0, sizeof(cp));
2858 cp.pkt_type = (HCI_DM1|HCI_DH1);
2859 if (conn->features[0][0] & LMP_3SLOT)
2860 cp.pkt_type |= (HCI_DM3|HCI_DH3);
2862 if (conn->features[0][0] & LMP_5SLOT)
2863 cp.pkt_type |= (HCI_DM5|HCI_DH5);
2865 if (!(conn->features[0][3] & LMP_EDR_ACL_2M)) {
2866 cp.pkt_type |= (HCI_2DH1|HCI_2DH3|HCI_2DH5);
2868 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
2869 cp.pkt_type |= HCI_2DH3;
2871 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
2872 cp.pkt_type |= HCI_2DH5;
2875 if (!(conn->features[0][3] & LMP_EDR_ACL_3M)) {
2876 cp.pkt_type |= (HCI_3DH1|HCI_3DH3|HCI_3DH5);
2878 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
2879 cp.pkt_type |= HCI_3DH3;
2881 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
2882 cp.pkt_type |= HCI_3DH5;
2885 cp.handle = ev->handle;
2886 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
2890 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2891 struct hci_cp_remote_name_req cp;
2892 memset(&cp, 0, sizeof(cp));
2893 bacpy(&cp.bdaddr, &conn->dst);
2894 cp.pscan_rep_mode = 0x02;
2895 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2896 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2897 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2899 if (!hci_outgoing_auth_needed(hdev, conn)) {
2900 conn->state = BT_CONNECTED;
2901 hci_proto_connect_cfm(conn, ev->status);
2902 hci_conn_drop(conn);
2906 hci_dev_unlock(hdev);
2909 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2911 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2912 u8 status = skb->data[sizeof(*ev)];
2915 skb_pull(skb, sizeof(*ev));
2917 opcode = __le16_to_cpu(ev->opcode);
2920 case HCI_OP_INQUIRY_CANCEL:
2921 hci_cc_inquiry_cancel(hdev, skb);
2924 case HCI_OP_PERIODIC_INQ:
2925 hci_cc_periodic_inq(hdev, skb);
2928 case HCI_OP_EXIT_PERIODIC_INQ:
2929 hci_cc_exit_periodic_inq(hdev, skb);
2932 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2933 hci_cc_remote_name_req_cancel(hdev, skb);
2936 case HCI_OP_ROLE_DISCOVERY:
2937 hci_cc_role_discovery(hdev, skb);
2940 case HCI_OP_READ_LINK_POLICY:
2941 hci_cc_read_link_policy(hdev, skb);
2944 case HCI_OP_WRITE_LINK_POLICY:
2945 hci_cc_write_link_policy(hdev, skb);
2948 case HCI_OP_READ_DEF_LINK_POLICY:
2949 hci_cc_read_def_link_policy(hdev, skb);
2952 case HCI_OP_WRITE_DEF_LINK_POLICY:
2953 hci_cc_write_def_link_policy(hdev, skb);
2957 hci_cc_reset(hdev, skb);
2960 case HCI_OP_READ_STORED_LINK_KEY:
2961 hci_cc_read_stored_link_key(hdev, skb);
2964 case HCI_OP_DELETE_STORED_LINK_KEY:
2965 hci_cc_delete_stored_link_key(hdev, skb);
2968 case HCI_OP_WRITE_LOCAL_NAME:
2969 hci_cc_write_local_name(hdev, skb);
2972 case HCI_OP_READ_LOCAL_NAME:
2973 hci_cc_read_local_name(hdev, skb);
2976 case HCI_OP_WRITE_AUTH_ENABLE:
2977 hci_cc_write_auth_enable(hdev, skb);
2980 case HCI_OP_WRITE_ENCRYPT_MODE:
2981 hci_cc_write_encrypt_mode(hdev, skb);
2984 case HCI_OP_WRITE_SCAN_ENABLE:
2985 hci_cc_write_scan_enable(hdev, skb);
2988 case HCI_OP_READ_CLASS_OF_DEV:
2989 hci_cc_read_class_of_dev(hdev, skb);
2992 case HCI_OP_WRITE_CLASS_OF_DEV:
2993 hci_cc_write_class_of_dev(hdev, skb);
2996 case HCI_OP_READ_VOICE_SETTING:
2997 hci_cc_read_voice_setting(hdev, skb);
3000 case HCI_OP_WRITE_VOICE_SETTING:
3001 hci_cc_write_voice_setting(hdev, skb);
3004 case HCI_OP_READ_NUM_SUPPORTED_IAC:
3005 hci_cc_read_num_supported_iac(hdev, skb);
3008 case HCI_OP_WRITE_SSP_MODE:
3009 hci_cc_write_ssp_mode(hdev, skb);
3012 case HCI_OP_WRITE_SC_SUPPORT:
3013 hci_cc_write_sc_support(hdev, skb);
3016 case HCI_OP_READ_LOCAL_VERSION:
3017 hci_cc_read_local_version(hdev, skb);
3020 case HCI_OP_READ_LOCAL_COMMANDS:
3021 hci_cc_read_local_commands(hdev, skb);
3024 case HCI_OP_READ_LOCAL_FEATURES:
3025 hci_cc_read_local_features(hdev, skb);
3028 case HCI_OP_READ_LOCAL_EXT_FEATURES:
3029 hci_cc_read_local_ext_features(hdev, skb);
3032 case HCI_OP_READ_BUFFER_SIZE:
3033 hci_cc_read_buffer_size(hdev, skb);
3036 case HCI_OP_READ_BD_ADDR:
3037 hci_cc_read_bd_addr(hdev, skb);
3040 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3041 hci_cc_read_page_scan_activity(hdev, skb);
3044 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3045 hci_cc_write_page_scan_activity(hdev, skb);
3048 case HCI_OP_READ_PAGE_SCAN_TYPE:
3049 hci_cc_read_page_scan_type(hdev, skb);
3052 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3053 hci_cc_write_page_scan_type(hdev, skb);
3056 case HCI_OP_READ_DATA_BLOCK_SIZE:
3057 hci_cc_read_data_block_size(hdev, skb);
3060 case HCI_OP_READ_FLOW_CONTROL_MODE:
3061 hci_cc_read_flow_control_mode(hdev, skb);
3064 case HCI_OP_READ_LOCAL_AMP_INFO:
3065 hci_cc_read_local_amp_info(hdev, skb);
3068 case HCI_OP_READ_CLOCK:
3069 hci_cc_read_clock(hdev, skb);
3072 case HCI_OP_READ_LOCAL_AMP_ASSOC:
3073 hci_cc_read_local_amp_assoc(hdev, skb);
3076 case HCI_OP_READ_INQ_RSP_TX_POWER:
3077 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3080 case HCI_OP_PIN_CODE_REPLY:
3081 hci_cc_pin_code_reply(hdev, skb);
3084 case HCI_OP_PIN_CODE_NEG_REPLY:
3085 hci_cc_pin_code_neg_reply(hdev, skb);
3088 case HCI_OP_READ_LOCAL_OOB_DATA:
3089 hci_cc_read_local_oob_data(hdev, skb);
3092 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3093 hci_cc_read_local_oob_ext_data(hdev, skb);
3096 case HCI_OP_LE_READ_BUFFER_SIZE:
3097 hci_cc_le_read_buffer_size(hdev, skb);
3100 case HCI_OP_LE_READ_LOCAL_FEATURES:
3101 hci_cc_le_read_local_features(hdev, skb);
3104 case HCI_OP_LE_READ_ADV_TX_POWER:
3105 hci_cc_le_read_adv_tx_power(hdev, skb);
3108 case HCI_OP_USER_CONFIRM_REPLY:
3109 hci_cc_user_confirm_reply(hdev, skb);
3112 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3113 hci_cc_user_confirm_neg_reply(hdev, skb);
3116 case HCI_OP_USER_PASSKEY_REPLY:
3117 hci_cc_user_passkey_reply(hdev, skb);
3120 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3121 hci_cc_user_passkey_neg_reply(hdev, skb);
3124 case HCI_OP_LE_SET_RANDOM_ADDR:
3125 hci_cc_le_set_random_addr(hdev, skb);
3128 case HCI_OP_LE_SET_ADV_ENABLE:
3129 hci_cc_le_set_adv_enable(hdev, skb);
3132 case HCI_OP_LE_SET_SCAN_PARAM:
3133 hci_cc_le_set_scan_param(hdev, skb);
3136 case HCI_OP_LE_SET_SCAN_ENABLE:
3137 hci_cc_le_set_scan_enable(hdev, skb);
3140 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3141 hci_cc_le_read_white_list_size(hdev, skb);
3144 case HCI_OP_LE_CLEAR_WHITE_LIST:
3145 hci_cc_le_clear_white_list(hdev, skb);
3148 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3149 hci_cc_le_add_to_white_list(hdev, skb);
3152 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3153 hci_cc_le_del_from_white_list(hdev, skb);
3156 case HCI_OP_LE_READ_SUPPORTED_STATES:
3157 hci_cc_le_read_supported_states(hdev, skb);
3160 case HCI_OP_LE_READ_DEF_DATA_LEN:
3161 hci_cc_le_read_def_data_len(hdev, skb);
3164 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3165 hci_cc_le_write_def_data_len(hdev, skb);
3168 case HCI_OP_LE_READ_MAX_DATA_LEN:
3169 hci_cc_le_read_max_data_len(hdev, skb);
3172 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3173 hci_cc_write_le_host_supported(hdev, skb);
3176 case HCI_OP_LE_SET_ADV_PARAM:
3177 hci_cc_set_adv_param(hdev, skb);
3180 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
3181 hci_cc_write_remote_amp_assoc(hdev, skb);
3184 case HCI_OP_READ_RSSI:
3185 hci_cc_read_rssi(hdev, skb);
3188 case HCI_OP_READ_TX_POWER:
3189 hci_cc_read_tx_power(hdev, skb);
3191 #ifdef CONFIG_TIZEN_WIP
3192 case HCI_OP_ENABLE_RSSI:
3193 hci_cc_enable_rssi(hdev, skb);
3196 case HCI_OP_GET_RAW_RSSI:
3197 hci_cc_get_raw_rssi(hdev, skb);
3201 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3205 if (opcode != HCI_OP_NOP)
3206 cancel_delayed_work(&hdev->cmd_timer);
3208 hci_req_cmd_complete(hdev, opcode, status);
3210 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3211 atomic_set(&hdev->cmd_cnt, 1);
3212 if (!skb_queue_empty(&hdev->cmd_q))
3213 queue_work(hdev->workqueue, &hdev->cmd_work);
3217 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
3219 struct hci_ev_cmd_status *ev = (void *) skb->data;
3222 skb_pull(skb, sizeof(*ev));
3224 opcode = __le16_to_cpu(ev->opcode);
3227 case HCI_OP_INQUIRY:
3228 hci_cs_inquiry(hdev, ev->status);
3231 case HCI_OP_CREATE_CONN:
3232 hci_cs_create_conn(hdev, ev->status);
3235 case HCI_OP_DISCONNECT:
3236 hci_cs_disconnect(hdev, ev->status);
3239 case HCI_OP_ADD_SCO:
3240 hci_cs_add_sco(hdev, ev->status);
3243 case HCI_OP_AUTH_REQUESTED:
3244 hci_cs_auth_requested(hdev, ev->status);
3247 case HCI_OP_SET_CONN_ENCRYPT:
3248 hci_cs_set_conn_encrypt(hdev, ev->status);
3251 case HCI_OP_REMOTE_NAME_REQ:
3252 hci_cs_remote_name_req(hdev, ev->status);
3255 case HCI_OP_READ_REMOTE_FEATURES:
3256 hci_cs_read_remote_features(hdev, ev->status);
3259 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3260 hci_cs_read_remote_ext_features(hdev, ev->status);
3263 case HCI_OP_SETUP_SYNC_CONN:
3264 hci_cs_setup_sync_conn(hdev, ev->status);
3267 case HCI_OP_CREATE_PHY_LINK:
3268 hci_cs_create_phylink(hdev, ev->status);
3271 case HCI_OP_ACCEPT_PHY_LINK:
3272 hci_cs_accept_phylink(hdev, ev->status);
3275 case HCI_OP_SNIFF_MODE:
3276 hci_cs_sniff_mode(hdev, ev->status);
3279 case HCI_OP_EXIT_SNIFF_MODE:
3280 hci_cs_exit_sniff_mode(hdev, ev->status);
3283 case HCI_OP_SWITCH_ROLE:
3284 hci_cs_switch_role(hdev, ev->status);
3287 case HCI_OP_LE_CREATE_CONN:
3288 hci_cs_le_create_conn(hdev, ev->status);
3291 case HCI_OP_LE_START_ENC:
3292 hci_cs_le_start_enc(hdev, ev->status);
3296 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3300 if (opcode != HCI_OP_NOP)
3301 cancel_delayed_work(&hdev->cmd_timer);
3304 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
3305 hci_req_cmd_complete(hdev, opcode, ev->status);
3307 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3308 atomic_set(&hdev->cmd_cnt, 1);
3309 if (!skb_queue_empty(&hdev->cmd_q))
3310 queue_work(hdev->workqueue, &hdev->cmd_work);
3314 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3316 struct hci_ev_hardware_error *ev = (void *) skb->data;
3318 BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
3319 #ifdef CONFIG_TIZEN_WIP
3321 mgmt_hardware_error(hdev, ev->code);
3322 hci_dev_unlock(hdev);
3326 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3328 struct hci_ev_role_change *ev = (void *) skb->data;
3329 struct hci_conn *conn;
3331 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3335 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3338 conn->role = ev->role;
3340 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3342 hci_role_switch_cfm(conn, ev->status, ev->role);
3344 #ifdef CONFIG_TIZEN_WIP
3345 if (!ev->status && (get_link_mode(conn)) & HCI_LM_MASTER)
3346 hci_conn_change_supervision_timeout(conn,
3347 LINK_SUPERVISION_TIMEOUT);
3351 hci_dev_unlock(hdev);
3354 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3356 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3359 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3360 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3364 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3365 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3366 BT_DBG("%s bad parameters", hdev->name);
3370 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3372 for (i = 0; i < ev->num_hndl; i++) {
3373 struct hci_comp_pkts_info *info = &ev->handles[i];
3374 struct hci_conn *conn;
3375 __u16 handle, count;
3377 handle = __le16_to_cpu(info->handle);
3378 count = __le16_to_cpu(info->count);
3380 conn = hci_conn_hash_lookup_handle(hdev, handle);
3384 conn->sent -= count;
3386 switch (conn->type) {
3388 hdev->acl_cnt += count;
3389 if (hdev->acl_cnt > hdev->acl_pkts)
3390 hdev->acl_cnt = hdev->acl_pkts;
3394 if (hdev->le_pkts) {
3395 hdev->le_cnt += count;
3396 if (hdev->le_cnt > hdev->le_pkts)
3397 hdev->le_cnt = hdev->le_pkts;
3399 hdev->acl_cnt += count;
3400 if (hdev->acl_cnt > hdev->acl_pkts)
3401 hdev->acl_cnt = hdev->acl_pkts;
3406 hdev->sco_cnt += count;
3407 if (hdev->sco_cnt > hdev->sco_pkts)
3408 hdev->sco_cnt = hdev->sco_pkts;
3412 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3417 queue_work(hdev->workqueue, &hdev->tx_work);
3420 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3423 struct hci_chan *chan;
3425 switch (hdev->dev_type) {
3427 return hci_conn_hash_lookup_handle(hdev, handle);
3429 chan = hci_chan_lookup_handle(hdev, handle);
3434 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3441 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3443 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3446 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3447 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3451 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3452 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3453 BT_DBG("%s bad parameters", hdev->name);
3457 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3460 for (i = 0; i < ev->num_hndl; i++) {
3461 struct hci_comp_blocks_info *info = &ev->handles[i];
3462 struct hci_conn *conn = NULL;
3463 __u16 handle, block_count;
3465 handle = __le16_to_cpu(info->handle);
3466 block_count = __le16_to_cpu(info->blocks);
3468 conn = __hci_conn_lookup_handle(hdev, handle);
3472 conn->sent -= block_count;
3474 switch (conn->type) {
3477 hdev->block_cnt += block_count;
3478 if (hdev->block_cnt > hdev->num_blocks)
3479 hdev->block_cnt = hdev->num_blocks;
3483 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3488 queue_work(hdev->workqueue, &hdev->tx_work);
3491 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3493 struct hci_ev_mode_change *ev = (void *) skb->data;
3494 struct hci_conn *conn;
3496 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3500 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3502 conn->mode = ev->mode;
3504 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3506 if (conn->mode == HCI_CM_ACTIVE)
3507 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3509 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3512 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3513 hci_sco_setup(conn, ev->status);
3516 hci_dev_unlock(hdev);
3519 #ifdef CONFIG_TIZEN_WIP
3520 static void hci_vendor_specific_evt(struct hci_dev *hdev, struct sk_buff *skb)
3522 struct hci_ev_vendor_specific *ev = (void *) skb->data;
3523 __u8 event_sub_code;
3524 skb_pull(skb, sizeof(*ev));
3526 BT_DBG("hci_vendor_specific_evt");
3527 event_sub_code = ev->event_sub_code;
3529 switch (event_sub_code) {
3530 case LE_META_VENDOR_SPECIFIC_GROUP_EVENT: {
3531 struct hci_ev_ext_vendor_specific *ev = (void *) skb->data;
3532 __u8 event_le_ext_sub_code;
3533 skb_pull(skb, sizeof(*ev));
3534 event_le_ext_sub_code = ev->event_le_ext_sub_code;
3536 BT_DBG("Func: %s RSSI event LE_META_VENDOR_SPECIFIC_GROUP_EVENT: %X",
3537 __func__, LE_META_VENDOR_SPECIFIC_GROUP_EVENT);
3539 switch (event_le_ext_sub_code) {
3540 case LE_RSSI_LINK_ALERT:
3541 BT_DBG("Func: %s RSSI event LE_RSSI_LINK_ALERT %X",
3542 __func__, LE_RSSI_LINK_ALERT);
3543 mgmt_rssi_alert_evt(hdev, skb);
3552 case LE_MULTI_ADV_STATE_CHANGE_SUB_EVENT:
3553 BT_DBG("Func: %s LE_MULTI_ADV_STATE_CHANGE_SUB_EVENT", __func__);
3554 mgmt_multi_adv_state_change_evt(hdev, skb);
3562 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3564 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3565 struct hci_conn *conn;
3567 BT_DBG("%s", hdev->name);
3571 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3575 if (conn->state == BT_CONNECTED) {
3576 hci_conn_hold(conn);
3577 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3578 hci_conn_drop(conn);
3581 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
3582 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3583 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3584 sizeof(ev->bdaddr), &ev->bdaddr);
3585 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3588 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3593 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3597 hci_dev_unlock(hdev);
3600 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3602 if (key_type == HCI_LK_CHANGED_COMBINATION)
3605 conn->pin_length = pin_len;
3606 conn->key_type = key_type;
3609 case HCI_LK_LOCAL_UNIT:
3610 case HCI_LK_REMOTE_UNIT:
3611 case HCI_LK_DEBUG_COMBINATION:
3613 case HCI_LK_COMBINATION:
3615 conn->pending_sec_level = BT_SECURITY_HIGH;
3617 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3619 case HCI_LK_UNAUTH_COMBINATION_P192:
3620 case HCI_LK_UNAUTH_COMBINATION_P256:
3621 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3623 case HCI_LK_AUTH_COMBINATION_P192:
3624 conn->pending_sec_level = BT_SECURITY_HIGH;
3626 case HCI_LK_AUTH_COMBINATION_P256:
3627 conn->pending_sec_level = BT_SECURITY_FIPS;
3632 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3634 struct hci_ev_link_key_req *ev = (void *) skb->data;
3635 struct hci_cp_link_key_reply cp;
3636 struct hci_conn *conn;
3637 struct link_key *key;
3639 BT_DBG("%s", hdev->name);
3641 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3646 key = hci_find_link_key(hdev, &ev->bdaddr);
3648 BT_DBG("%s link key not found for %pMR", hdev->name,
3653 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3656 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3658 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3660 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3661 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3662 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3663 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3667 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3668 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3669 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3670 BT_DBG("%s ignoring key unauthenticated for high security",
3675 conn_set_key(conn, key->type, key->pin_len);
3678 bacpy(&cp.bdaddr, &ev->bdaddr);
3679 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3681 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3683 hci_dev_unlock(hdev);
3688 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3689 hci_dev_unlock(hdev);
3692 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3694 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3695 struct hci_conn *conn;
3696 struct link_key *key;
3700 BT_DBG("%s", hdev->name);
3704 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3708 hci_conn_hold(conn);
3709 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3710 hci_conn_drop(conn);
3712 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3713 conn_set_key(conn, ev->key_type, conn->pin_length);
3715 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3718 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3719 ev->key_type, pin_len, &persistent);
3723 /* Update connection information since adding the key will have
3724 * fixed up the type in the case of changed combination keys.
3726 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3727 conn_set_key(conn, key->type, key->pin_len);
3729 mgmt_new_link_key(hdev, key, persistent);
3731 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3732 * is set. If it's not set simply remove the key from the kernel
3733 * list (we've still notified user space about it but with
3734 * store_hint being 0).
3736 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3737 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3738 list_del_rcu(&key->list);
3739 kfree_rcu(key, rcu);
3744 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3746 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3749 hci_dev_unlock(hdev);
3752 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3754 struct hci_ev_clock_offset *ev = (void *) skb->data;
3755 struct hci_conn *conn;
3757 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3761 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3762 if (conn && !ev->status) {
3763 struct inquiry_entry *ie;
3765 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3767 ie->data.clock_offset = ev->clock_offset;
3768 ie->timestamp = jiffies;
3772 hci_dev_unlock(hdev);
3775 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3777 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3778 struct hci_conn *conn;
3780 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3784 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3785 if (conn && !ev->status)
3786 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3788 hci_dev_unlock(hdev);
3791 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3793 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3794 struct inquiry_entry *ie;
3796 BT_DBG("%s", hdev->name);
3800 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3802 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3803 ie->timestamp = jiffies;
3806 hci_dev_unlock(hdev);
3809 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3810 struct sk_buff *skb)
3812 struct inquiry_data data;
3813 int num_rsp = *((__u8 *) skb->data);
3815 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3820 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3825 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3826 struct inquiry_info_with_rssi_and_pscan_mode *info;
3827 info = (void *) (skb->data + 1);
3829 for (; num_rsp; num_rsp--, info++) {
3832 bacpy(&data.bdaddr, &info->bdaddr);
3833 data.pscan_rep_mode = info->pscan_rep_mode;
3834 data.pscan_period_mode = info->pscan_period_mode;
3835 data.pscan_mode = info->pscan_mode;
3836 memcpy(data.dev_class, info->dev_class, 3);
3837 data.clock_offset = info->clock_offset;
3838 data.rssi = info->rssi;
3839 data.ssp_mode = 0x00;
3841 flags = hci_inquiry_cache_update(hdev, &data, false);
3843 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3844 info->dev_class, info->rssi,
3845 flags, NULL, 0, NULL, 0);
3848 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3850 for (; num_rsp; num_rsp--, info++) {
3853 bacpy(&data.bdaddr, &info->bdaddr);
3854 data.pscan_rep_mode = info->pscan_rep_mode;
3855 data.pscan_period_mode = info->pscan_period_mode;
3856 data.pscan_mode = 0x00;
3857 memcpy(data.dev_class, info->dev_class, 3);
3858 data.clock_offset = info->clock_offset;
3859 data.rssi = info->rssi;
3860 data.ssp_mode = 0x00;
3862 flags = hci_inquiry_cache_update(hdev, &data, false);
3864 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3865 info->dev_class, info->rssi,
3866 flags, NULL, 0, NULL, 0);
3870 hci_dev_unlock(hdev);
3873 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3874 struct sk_buff *skb)
3876 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3877 struct hci_conn *conn;
3879 BT_DBG("%s", hdev->name);
3883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3887 if (ev->page < HCI_MAX_PAGES)
3888 memcpy(conn->features[ev->page], ev->features, 8);
3890 if (!ev->status && ev->page == 0x01) {
3891 struct inquiry_entry *ie;
3893 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3895 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3897 if (ev->features[0] & LMP_HOST_SSP) {
3898 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3900 /* It is mandatory by the Bluetooth specification that
3901 * Extended Inquiry Results are only used when Secure
3902 * Simple Pairing is enabled, but some devices violate
3905 * To make these devices work, the internal SSP
3906 * enabled flag needs to be cleared if the remote host
3907 * features do not indicate SSP support */
3908 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3911 /* Disable Secure connection implementation now */
3912 #ifdef CONFIG_TIZEN_WIP
3913 if (ev->features[0] & LMP_HOST_SC)
3914 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3918 if (conn->state != BT_CONFIG)
3921 #ifdef CONFIG_SPRD_2331
3922 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3923 struct hci_cp_change_conn_ptype cp;
3924 memset(&cp, 0, sizeof(cp));
3925 cp.pkt_type = (HCI_DM1|HCI_DH1);
3927 if (conn->features[0][0] & LMP_3SLOT)
3928 cp.pkt_type |= (HCI_DM3|HCI_DH3);
3930 if (conn->features[0][0] & LMP_5SLOT)
3931 cp.pkt_type |= (HCI_DM5|HCI_DH5);
3933 if (!(conn->features[0][3] & LMP_EDR_ACL_2M)) {
3934 cp.pkt_type |= (HCI_2DH1|HCI_2DH3|HCI_2DH5);
3936 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
3937 cp.pkt_type |= HCI_2DH3;
3939 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
3940 cp.pkt_type |= HCI_2DH5;
3943 if (!(conn->features[0][3] & LMP_EDR_ACL_3M)) {
3944 cp.pkt_type |= (HCI_3DH1|HCI_3DH3|HCI_3DH5);
3946 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
3947 cp.pkt_type |= HCI_3DH3;
3949 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
3950 cp.pkt_type |= HCI_3DH5;
3953 cp.handle = ev->handle;
3954 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
3958 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3959 struct hci_cp_remote_name_req cp;
3960 memset(&cp, 0, sizeof(cp));
3961 bacpy(&cp.bdaddr, &conn->dst);
3962 cp.pscan_rep_mode = 0x02;
3963 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3964 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3965 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3967 if (!hci_outgoing_auth_needed(hdev, conn)) {
3968 conn->state = BT_CONNECTED;
3969 hci_proto_connect_cfm(conn, ev->status);
3970 hci_conn_drop(conn);
3974 hci_dev_unlock(hdev);
3977 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3978 struct sk_buff *skb)
3980 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3981 struct hci_conn *conn;
3983 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3987 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3989 if (ev->link_type == ESCO_LINK)
3992 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3996 conn->type = SCO_LINK;
3999 switch (ev->status) {
4001 conn->handle = __le16_to_cpu(ev->handle);
4002 conn->state = BT_CONNECTED;
4004 hci_debugfs_create_conn(conn);
4005 hci_conn_add_sysfs(conn);
4008 case 0x10: /* Connection Accept Timeout */
4009 case 0x0d: /* Connection Rejected due to Limited Resources */
4010 case 0x11: /* Unsupported Feature or Parameter Value */
4011 case 0x1c: /* SCO interval rejected */
4012 case 0x1a: /* Unsupported Remote Feature */
4013 case 0x1f: /* Unspecified error */
4014 case 0x20: /* Unsupported LMP Parameter value */
4016 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4017 (hdev->esco_type & EDR_ESCO_MASK);
4018 if (hci_setup_sync(conn, conn->link->handle))
4024 conn->state = BT_CLOSED;
4028 hci_proto_connect_cfm(conn, ev->status);
4033 hci_dev_unlock(hdev);
4036 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4040 while (parsed < eir_len) {
4041 u8 field_len = eir[0];
4046 parsed += field_len + 1;
4047 eir += field_len + 1;
4053 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4054 struct sk_buff *skb)
4056 struct inquiry_data data;
4057 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4058 int num_rsp = *((__u8 *) skb->data);
4061 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4066 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
4071 for (; num_rsp; num_rsp--, info++) {
4075 bacpy(&data.bdaddr, &info->bdaddr);
4076 data.pscan_rep_mode = info->pscan_rep_mode;
4077 data.pscan_period_mode = info->pscan_period_mode;
4078 data.pscan_mode = 0x00;
4079 memcpy(data.dev_class, info->dev_class, 3);
4080 data.clock_offset = info->clock_offset;
4081 data.rssi = info->rssi;
4082 data.ssp_mode = 0x01;
4084 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4085 name_known = eir_has_data_type(info->data,
4091 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4093 eir_len = eir_get_length(info->data, sizeof(info->data));
4095 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4096 info->dev_class, info->rssi,
4097 flags, info->data, eir_len, NULL, 0);
4100 hci_dev_unlock(hdev);
4103 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4104 struct sk_buff *skb)
4106 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4107 struct hci_conn *conn;
4109 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4110 __le16_to_cpu(ev->handle));
4114 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4118 /* For BR/EDR the necessary steps are taken through the
4119 * auth_complete event.
4121 if (conn->type != LE_LINK)
4125 conn->sec_level = conn->pending_sec_level;
4127 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4129 if (ev->status && conn->state == BT_CONNECTED) {
4130 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4131 hci_conn_drop(conn);
4135 if (conn->state == BT_CONFIG) {
4137 conn->state = BT_CONNECTED;
4139 hci_proto_connect_cfm(conn, ev->status);
4140 hci_conn_drop(conn);
4142 hci_auth_cfm(conn, ev->status);
4144 hci_conn_hold(conn);
4145 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4146 hci_conn_drop(conn);
4150 hci_dev_unlock(hdev);
4153 static u8 hci_get_auth_req(struct hci_conn *conn)
4155 #ifdef CONFIG_TIZEN_WIP
4156 if (conn->remote_auth == HCI_AT_GENERAL_BONDING_MITM) {
4157 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4158 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4159 return HCI_AT_GENERAL_BONDING_MITM;
4163 /* If remote requests no-bonding follow that lead */
4164 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4165 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4166 return conn->remote_auth | (conn->auth_type & 0x01);
4168 /* If both remote and local have enough IO capabilities, require
4171 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4172 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4173 return conn->remote_auth | 0x01;
4175 /* No MITM protection possible so ignore remote requirement */
4176 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4179 static u8 bredr_oob_data_present(struct hci_conn *conn)
4181 struct hci_dev *hdev = conn->hdev;
4182 struct oob_data *data;
4184 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4188 /* When Secure Connections Only mode is enabled, then the P-256
4189 * values are required. If they are not available, then do not
4190 * declare that OOB data is present.
4192 if (bredr_sc_enabled(hdev) &&
4193 test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
4194 (!memcmp(data->rand256, ZERO_KEY, 16) ||
4195 !memcmp(data->hash256, ZERO_KEY, 16)))
4198 if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))
4204 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4206 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4207 struct hci_conn *conn;
4209 BT_DBG("%s", hdev->name);
4213 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4217 hci_conn_hold(conn);
4219 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4222 /* Allow pairing if we're pairable, the initiators of the
4223 * pairing or if the remote is not requesting bonding.
4225 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
4226 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4227 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4228 struct hci_cp_io_capability_reply cp;
4230 bacpy(&cp.bdaddr, &ev->bdaddr);
4231 /* Change the IO capability from KeyboardDisplay
4232 * to DisplayYesNo as it is not supported by BT spec. */
4233 cp.capability = (conn->io_capability == 0x04) ?
4234 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4236 /* If we are initiators, there is no remote information yet */
4237 if (conn->remote_auth == 0xff) {
4238 /* Request MITM protection if our IO caps allow it
4239 * except for the no-bonding case.
4241 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4242 conn->auth_type != HCI_AT_NO_BONDING)
4243 conn->auth_type |= 0x01;
4245 conn->auth_type = hci_get_auth_req(conn);
4248 /* If we're not bondable, force one of the non-bondable
4249 * authentication requirement values.
4251 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
4252 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4254 cp.authentication = conn->auth_type;
4255 cp.oob_data = bredr_oob_data_present(conn);
4257 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4260 struct hci_cp_io_capability_neg_reply cp;
4262 bacpy(&cp.bdaddr, &ev->bdaddr);
4263 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4265 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4270 hci_dev_unlock(hdev);
4273 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4275 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4276 struct hci_conn *conn;
4278 BT_DBG("%s", hdev->name);
4282 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4286 conn->remote_cap = ev->capability;
4287 conn->remote_auth = ev->authentication;
4289 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
4292 hci_dev_unlock(hdev);
4295 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4296 struct sk_buff *skb)
4298 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4299 int loc_mitm, rem_mitm, confirm_hint = 0;
4300 struct hci_conn *conn;
4302 BT_DBG("%s", hdev->name);
4306 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4309 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4313 loc_mitm = (conn->auth_type & 0x01);
4314 rem_mitm = (conn->remote_auth & 0x01);
4316 /* If we require MITM but the remote device can't provide that
4317 * (it has NoInputNoOutput) then reject the confirmation
4318 * request. We check the security level here since it doesn't
4319 * necessarily match conn->auth_type.
4321 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4322 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4323 BT_DBG("Rejecting request: remote device can't provide MITM");
4324 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4325 sizeof(ev->bdaddr), &ev->bdaddr);
4329 /* If no side requires MITM protection; auto-accept */
4330 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4331 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4333 /* If we're not the initiators request authorization to
4334 * proceed from user space (mgmt_user_confirm with
4335 * confirm_hint set to 1). The exception is if neither
4336 * side had MITM or if the local IO capability is
4337 * NoInputNoOutput, in which case we do auto-accept
4339 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4340 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4341 (loc_mitm || rem_mitm)) {
4342 BT_DBG("Confirming auto-accept as acceptor");
4347 BT_DBG("Auto-accept of user confirmation with %ums delay",
4348 hdev->auto_accept_delay);
4350 if (hdev->auto_accept_delay > 0) {
4351 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4352 queue_delayed_work(conn->hdev->workqueue,
4353 &conn->auto_accept_work, delay);
4357 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4358 sizeof(ev->bdaddr), &ev->bdaddr);
4363 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4364 le32_to_cpu(ev->passkey), confirm_hint);
4367 hci_dev_unlock(hdev);
4370 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4371 struct sk_buff *skb)
4373 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4375 BT_DBG("%s", hdev->name);
4377 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4378 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4381 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4382 struct sk_buff *skb)
4384 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4385 struct hci_conn *conn;
4387 BT_DBG("%s", hdev->name);
4389 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4393 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4394 conn->passkey_entered = 0;
4396 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4397 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4398 conn->dst_type, conn->passkey_notify,
4399 conn->passkey_entered);
4402 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4404 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4405 struct hci_conn *conn;
4407 BT_DBG("%s", hdev->name);
4409 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4414 case HCI_KEYPRESS_STARTED:
4415 conn->passkey_entered = 0;
4418 case HCI_KEYPRESS_ENTERED:
4419 conn->passkey_entered++;
4422 case HCI_KEYPRESS_ERASED:
4423 conn->passkey_entered--;
4426 case HCI_KEYPRESS_CLEARED:
4427 conn->passkey_entered = 0;
4430 case HCI_KEYPRESS_COMPLETED:
4434 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4435 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4436 conn->dst_type, conn->passkey_notify,
4437 conn->passkey_entered);
4440 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4441 struct sk_buff *skb)
4443 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4444 struct hci_conn *conn;
4446 BT_DBG("%s", hdev->name);
4450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4454 /* Reset the authentication requirement to unknown */
4455 conn->remote_auth = 0xff;
4457 /* To avoid duplicate auth_failed events to user space we check
4458 * the HCI_CONN_AUTH_PEND flag which will be set if we
4459 * initiated the authentication. A traditional auth_complete
4460 * event gets always produced as initiator and is also mapped to
4461 * the mgmt_auth_failed event */
4462 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4463 mgmt_auth_failed(conn, ev->status);
4465 hci_conn_drop(conn);
4468 hci_dev_unlock(hdev);
4471 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4472 struct sk_buff *skb)
4474 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4475 struct inquiry_entry *ie;
4476 struct hci_conn *conn;
4478 BT_DBG("%s", hdev->name);
4482 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4484 memcpy(conn->features[1], ev->features, 8);
4486 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4488 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4490 hci_dev_unlock(hdev);
4493 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4494 struct sk_buff *skb)
4496 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4497 struct oob_data *data;
4499 BT_DBG("%s", hdev->name);
4503 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4506 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4508 struct hci_cp_remote_oob_data_neg_reply cp;
4510 bacpy(&cp.bdaddr, &ev->bdaddr);
4511 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4516 if (bredr_sc_enabled(hdev)) {
4517 struct hci_cp_remote_oob_ext_data_reply cp;
4519 bacpy(&cp.bdaddr, &ev->bdaddr);
4520 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4521 memset(cp.hash192, 0, sizeof(cp.hash192));
4522 memset(cp.rand192, 0, sizeof(cp.rand192));
4524 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4525 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4527 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4528 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4530 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4533 struct hci_cp_remote_oob_data_reply cp;
4535 bacpy(&cp.bdaddr, &ev->bdaddr);
4536 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4537 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4539 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4544 hci_dev_unlock(hdev);
4547 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4548 struct sk_buff *skb)
4550 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4551 struct hci_conn *hcon, *bredr_hcon;
4553 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4558 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4560 hci_dev_unlock(hdev);
4566 hci_dev_unlock(hdev);
4570 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4572 hcon->state = BT_CONNECTED;
4573 bacpy(&hcon->dst, &bredr_hcon->dst);
4575 hci_conn_hold(hcon);
4576 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4577 hci_conn_drop(hcon);
4579 hci_debugfs_create_conn(hcon);
4580 hci_conn_add_sysfs(hcon);
4582 amp_physical_cfm(bredr_hcon, hcon);
4584 hci_dev_unlock(hdev);
4587 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4589 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4590 struct hci_conn *hcon;
4591 struct hci_chan *hchan;
4592 struct amp_mgr *mgr;
4594 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4595 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4598 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4602 /* Create AMP hchan */
4603 hchan = hci_chan_create(hcon);
4607 hchan->handle = le16_to_cpu(ev->handle);
4609 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4611 mgr = hcon->amp_mgr;
4612 if (mgr && mgr->bredr_chan) {
4613 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4615 l2cap_chan_lock(bredr_chan);
4617 bredr_chan->conn->mtu = hdev->block_mtu;
4618 l2cap_logical_cfm(bredr_chan, hchan, 0);
4619 hci_conn_hold(hcon);
4621 l2cap_chan_unlock(bredr_chan);
4625 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4626 struct sk_buff *skb)
4628 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4629 struct hci_chan *hchan;
4631 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4632 le16_to_cpu(ev->handle), ev->status);
4639 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4643 amp_destroy_logical_link(hchan, ev->reason);
4646 hci_dev_unlock(hdev);
4649 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4650 struct sk_buff *skb)
4652 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4653 struct hci_conn *hcon;
4655 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4662 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4664 hcon->state = BT_CLOSED;
4668 hci_dev_unlock(hdev);
4671 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4673 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4674 struct hci_conn_params *params;
4675 struct hci_conn *conn;
4676 struct smp_irk *irk;
4679 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4683 /* All controllers implicitly stop advertising in the event of a
4684 * connection, so ensure that the state bit is cleared.
4686 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4688 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4690 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4692 BT_ERR("No memory for new connection");
4696 conn->dst_type = ev->bdaddr_type;
4698 /* If we didn't have a hci_conn object previously
4699 * but we're in master role this must be something
4700 * initiated using a white list. Since white list based
4701 * connections are not "first class citizens" we don't
4702 * have full tracking of them. Therefore, we go ahead
4703 * with a "best effort" approach of determining the
4704 * initiator address based on the HCI_PRIVACY flag.
4707 conn->resp_addr_type = ev->bdaddr_type;
4708 bacpy(&conn->resp_addr, &ev->bdaddr);
4709 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4710 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4711 bacpy(&conn->init_addr, &hdev->rpa);
4713 hci_copy_identity_address(hdev,
4715 &conn->init_addr_type);
4719 #ifdef CONFIG_TIZEN_WIP
4720 /* LE auto connect */
4721 bacpy(&conn->dst, &ev->bdaddr);
4723 cancel_delayed_work(&conn->le_conn_timeout);
4727 /* Set the responder (our side) address type based on
4728 * the advertising address type.
4730 conn->resp_addr_type = hdev->adv_addr_type;
4731 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4732 bacpy(&conn->resp_addr, &hdev->random_addr);
4734 bacpy(&conn->resp_addr, &hdev->bdaddr);
4736 conn->init_addr_type = ev->bdaddr_type;
4737 bacpy(&conn->init_addr, &ev->bdaddr);
4739 /* For incoming connections, set the default minimum
4740 * and maximum connection interval. They will be used
4741 * to check if the parameters are in range and if not
4742 * trigger the connection update procedure.
4744 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4745 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4748 /* Lookup the identity address from the stored connection
4749 * address and address type.
4751 * When establishing connections to an identity address, the
4752 * connection procedure will store the resolvable random
4753 * address first. Now if it can be converted back into the
4754 * identity address, start using the identity address from
4757 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4759 #ifdef __TIZEN_PATCH__
4760 /* Update rpa. So that, if irk is refreshed, it can be saved */
4761 bacpy(&irk->rpa, &conn->dst);
4763 bacpy(&conn->dst, &irk->bdaddr);
4764 conn->dst_type = irk->addr_type;
4768 hci_le_conn_failed(conn, ev->status);
4772 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4773 addr_type = BDADDR_LE_PUBLIC;
4775 addr_type = BDADDR_LE_RANDOM;
4777 /* Drop the connection if the device is blocked */
4778 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4779 hci_conn_drop(conn);
4783 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4784 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4786 conn->sec_level = BT_SECURITY_LOW;
4787 conn->handle = __le16_to_cpu(ev->handle);
4788 conn->state = BT_CONNECTED;
4790 conn->le_conn_interval = le16_to_cpu(ev->interval);
4791 conn->le_conn_latency = le16_to_cpu(ev->latency);
4792 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4794 hci_debugfs_create_conn(conn);
4795 hci_conn_add_sysfs(conn);
4797 hci_proto_connect_cfm(conn, ev->status);
4799 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4802 list_del_init(¶ms->action);
4804 hci_conn_drop(params->conn);
4805 hci_conn_put(params->conn);
4806 params->conn = NULL;
4811 hci_update_background_scan(hdev);
4812 hci_dev_unlock(hdev);
4815 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4816 struct sk_buff *skb)
4818 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4819 struct hci_conn *conn;
4821 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4828 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4830 conn->le_conn_interval = le16_to_cpu(ev->interval);
4831 conn->le_conn_latency = le16_to_cpu(ev->latency);
4832 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4835 hci_dev_unlock(hdev);
4838 /* This function requires the caller holds hdev->lock */
4839 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4841 u8 addr_type, u8 adv_type)
4843 struct hci_conn *conn;
4844 struct hci_conn_params *params;
4846 /* If the event is not connectable don't proceed further */
4847 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4850 /* Ignore if the device is blocked */
4851 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4854 /* Most controller will fail if we try to create new connections
4855 * while we have an existing one in slave role.
4857 if (hdev->conn_hash.le_num_slave > 0)
4860 /* If we're not connectable only connect devices that we have in
4861 * our pend_le_conns list.
4863 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4868 switch (params->auto_connect) {
4869 case HCI_AUTO_CONN_DIRECT:
4870 /* Only devices advertising with ADV_DIRECT_IND are
4871 * triggering a connection attempt. This is allowing
4872 * incoming connections from slave devices.
4874 if (adv_type != LE_ADV_DIRECT_IND)
4877 case HCI_AUTO_CONN_ALWAYS:
4878 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4879 * are triggering a connection attempt. This means
4880 * that incoming connectioms from slave device are
4881 * accepted and also outgoing connections to slave
4882 * devices are established when found.
4889 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4890 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4891 if (!IS_ERR(conn)) {
4892 /* Store the pointer since we don't really have any
4893 * other owner of the object besides the params that
4894 * triggered it. This way we can abort the connection if
4895 * the parameters get removed and keep the reference
4896 * count consistent once the connection is established.
4898 params->conn = hci_conn_get(conn);
4902 switch (PTR_ERR(conn)) {
4904 /* If hci_connect() returns -EBUSY it means there is already
4905 * an LE connection attempt going on. Since controllers don't
4906 * support more than one connection attempt at the time, we
4907 * don't consider this an error case.
4911 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4918 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4919 u8 bdaddr_type, bdaddr_t *direct_addr,
4920 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4922 #ifndef CONFIG_TIZEN_WIP
4923 struct discovery_state *d = &hdev->discovery;
4925 struct smp_irk *irk;
4926 struct hci_conn *conn;
4927 #ifndef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Disable adv ind and scan rsp merging */
4932 /* If the direct address is present, then this report is from
4933 * a LE Direct Advertising Report event. In that case it is
4934 * important to see if the address is matching the local
4935 * controller address.
4938 /* Only resolvable random addresses are valid for these
4939 * kind of reports and others can be ignored.
4941 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4944 /* If the controller is not using resolvable random
4945 * addresses, then this report can be ignored.
4947 if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
4950 /* If the local IRK of the controller does not match
4951 * with the resolvable random address provided, then
4952 * this report can be ignored.
4954 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4958 /* Check if we need to convert to identity address */
4959 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4961 bdaddr = &irk->bdaddr;
4962 bdaddr_type = irk->addr_type;
4965 /* Check if we have been requested to connect to this device */
4966 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4967 if (conn && type == LE_ADV_IND) {
4968 /* Store report for later inclusion by
4969 * mgmt_device_connected
4971 memcpy(conn->le_adv_data, data, len);
4972 conn->le_adv_data_len = len;
4975 /* Passive scanning shouldn't trigger any device found events,
4976 * except for devices marked as CONN_REPORT for which we do send
4977 * device found events.
4979 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4980 if (type == LE_ADV_DIRECT_IND)
4983 #ifndef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Handle all adv packet in platform */
4984 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4985 bdaddr, bdaddr_type))
4989 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4990 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4994 #ifdef CONFIG_TIZEN_WIP
4995 mgmt_le_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4996 rssi, flags, data, len, NULL, 0, type);
4998 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4999 rssi, flags, data, len, NULL, 0);
5004 /* When receiving non-connectable or scannable undirected
5005 * advertising reports, this means that the remote device is
5006 * not connectable and then clearly indicate this in the
5007 * device found event.
5009 * When receiving a scan response, then there is no way to
5010 * know if the remote device is connectable or not. However
5011 * since scan responses are merged with a previously seen
5012 * advertising report, the flags field from that report
5015 * In the really unlikely case that a controller get confused
5016 * and just sends a scan response event, then it is marked as
5017 * not connectable as well.
5019 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
5020 type == LE_ADV_SCAN_RSP)
5021 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
5025 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Disable adv ind and scan rsp merging */
5026 mgmt_le_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5027 rssi, flags, data, len, NULL, 0, type);
5029 /* If there's nothing pending either store the data from this
5030 * event or send an immediate device found event if the data
5031 * should not be stored for later.
5033 if (!has_pending_adv_report(hdev)) {
5034 /* If the report will trigger a SCAN_REQ store it for
5037 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5038 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5039 rssi, flags, data, len);
5043 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5044 rssi, flags, data, len, NULL, 0);
5048 /* Check if the pending report is for the same device as the new one */
5049 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5050 bdaddr_type == d->last_adv_addr_type);
5052 /* If the pending data doesn't match this report or this isn't a
5053 * scan response (e.g. we got a duplicate ADV_IND) then force
5054 * sending of the pending data.
5056 if (type != LE_ADV_SCAN_RSP || !match) {
5057 /* Send out whatever is in the cache, but skip duplicates */
5059 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5060 d->last_adv_addr_type, NULL,
5061 d->last_adv_rssi, d->last_adv_flags,
5063 d->last_adv_data_len, NULL, 0);
5065 /* If the new report will trigger a SCAN_REQ store it for
5068 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5069 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5070 rssi, flags, data, len);
5074 /* The advertising reports cannot be merged, so clear
5075 * the pending report and send out a device found event.
5077 clear_pending_adv_report(hdev);
5078 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5079 rssi, flags, data, len, NULL, 0);
5083 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5084 * the new event is a SCAN_RSP. We can therefore proceed with
5085 * sending a merged device found event.
5087 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5088 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5089 d->last_adv_data, d->last_adv_data_len, data, len);
5090 clear_pending_adv_report(hdev);
5094 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5096 u8 num_reports = skb->data[0];
5097 void *ptr = &skb->data[1];
5101 while (num_reports--) {
5102 struct hci_ev_le_advertising_info *ev = ptr;
5105 rssi = ev->data[ev->length];
5106 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5107 ev->bdaddr_type, NULL, 0, rssi,
5108 ev->data, ev->length);
5110 ptr += sizeof(*ev) + ev->length + 1;
5113 hci_dev_unlock(hdev);
5116 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5118 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5119 struct hci_cp_le_ltk_reply cp;
5120 struct hci_cp_le_ltk_neg_reply neg;
5121 struct hci_conn *conn;
5122 struct smp_ltk *ltk;
5124 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5132 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5136 if (smp_ltk_is_sc(ltk)) {
5137 /* With SC both EDiv and Rand are set to zero */
5138 if (ev->ediv || ev->rand)
5141 /* For non-SC keys check that EDiv and Rand match */
5142 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5146 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
5147 cp.handle = cpu_to_le16(conn->handle);
5149 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5151 conn->enc_key_size = ltk->enc_size;
5153 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5155 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5156 * temporary key used to encrypt a connection following
5157 * pairing. It is used during the Encrypted Session Setup to
5158 * distribute the keys. Later, security can be re-established
5159 * using a distributed LTK.
5161 if (ltk->type == SMP_STK) {
5162 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5163 list_del_rcu(<k->list);
5164 kfree_rcu(ltk, rcu);
5166 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5169 hci_dev_unlock(hdev);
5174 neg.handle = ev->handle;
5175 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5176 hci_dev_unlock(hdev);
5179 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5182 struct hci_cp_le_conn_param_req_neg_reply cp;
5184 cp.handle = cpu_to_le16(handle);
5187 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5191 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5192 struct sk_buff *skb)
5194 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5195 struct hci_cp_le_conn_param_req_reply cp;
5196 struct hci_conn *hcon;
5197 u16 handle, min, max, latency, timeout;
5199 handle = le16_to_cpu(ev->handle);
5200 min = le16_to_cpu(ev->interval_min);
5201 max = le16_to_cpu(ev->interval_max);
5202 latency = le16_to_cpu(ev->latency);
5203 timeout = le16_to_cpu(ev->timeout);
5205 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5206 if (!hcon || hcon->state != BT_CONNECTED)
5207 return send_conn_param_neg_reply(hdev, handle,
5208 HCI_ERROR_UNKNOWN_CONN_ID);
5210 if (hci_check_conn_params(min, max, latency, timeout))
5211 return send_conn_param_neg_reply(hdev, handle,
5212 HCI_ERROR_INVALID_LL_PARAMS);
5214 if (hcon->role == HCI_ROLE_MASTER) {
5215 struct hci_conn_params *params;
5220 params = hci_conn_params_lookup(hdev, &hcon->dst,
5223 params->conn_min_interval = min;
5224 params->conn_max_interval = max;
5225 params->conn_latency = latency;
5226 params->supervision_timeout = timeout;
5232 hci_dev_unlock(hdev);
5234 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5235 store_hint, min, max, latency, timeout);
5238 cp.handle = ev->handle;
5239 cp.interval_min = ev->interval_min;
5240 cp.interval_max = ev->interval_max;
5241 cp.latency = ev->latency;
5242 cp.timeout = ev->timeout;
5246 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5249 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5250 struct sk_buff *skb)
5252 u8 num_reports = skb->data[0];
5253 void *ptr = &skb->data[1];
5257 while (num_reports--) {
5258 struct hci_ev_le_direct_adv_info *ev = ptr;
5260 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5261 ev->bdaddr_type, &ev->direct_addr,
5262 ev->direct_addr_type, ev->rssi, NULL, 0);
5267 hci_dev_unlock(hdev);
5270 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5272 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5274 skb_pull(skb, sizeof(*le_ev));
5276 switch (le_ev->subevent) {
5277 case HCI_EV_LE_CONN_COMPLETE:
5278 hci_le_conn_complete_evt(hdev, skb);
5281 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5282 hci_le_conn_update_complete_evt(hdev, skb);
5285 case HCI_EV_LE_ADVERTISING_REPORT:
5286 hci_le_adv_report_evt(hdev, skb);
5289 case HCI_EV_LE_LTK_REQ:
5290 hci_le_ltk_request_evt(hdev, skb);
5293 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5294 hci_le_remote_conn_param_req_evt(hdev, skb);
5297 case HCI_EV_LE_DIRECT_ADV_REPORT:
5298 hci_le_direct_adv_report_evt(hdev, skb);
5306 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
5308 struct hci_ev_channel_selected *ev = (void *) skb->data;
5309 struct hci_conn *hcon;
5311 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
5313 skb_pull(skb, sizeof(*ev));
5315 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5319 amp_read_loc_assoc_final_data(hdev, hcon);
5322 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5324 struct hci_event_hdr *hdr = (void *) skb->data;
5325 __u8 event = hdr->evt;
5329 /* Received events are (currently) only needed when a request is
5330 * ongoing so avoid unnecessary memory allocation.
5332 if (hci_req_pending(hdev)) {
5333 kfree_skb(hdev->recv_evt);
5334 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
5337 hci_dev_unlock(hdev);
5339 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5341 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
5342 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5343 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
5345 hci_req_cmd_complete(hdev, opcode, 0);
5349 case HCI_EV_INQUIRY_COMPLETE:
5350 hci_inquiry_complete_evt(hdev, skb);
5353 case HCI_EV_INQUIRY_RESULT:
5354 hci_inquiry_result_evt(hdev, skb);
5357 case HCI_EV_CONN_COMPLETE:
5358 hci_conn_complete_evt(hdev, skb);
5361 case HCI_EV_CONN_REQUEST:
5362 hci_conn_request_evt(hdev, skb);
5365 case HCI_EV_DISCONN_COMPLETE:
5366 hci_disconn_complete_evt(hdev, skb);
5369 case HCI_EV_AUTH_COMPLETE:
5370 hci_auth_complete_evt(hdev, skb);
5373 case HCI_EV_REMOTE_NAME:
5374 hci_remote_name_evt(hdev, skb);
5377 case HCI_EV_ENCRYPT_CHANGE:
5378 hci_encrypt_change_evt(hdev, skb);
5381 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5382 hci_change_link_key_complete_evt(hdev, skb);
5385 case HCI_EV_REMOTE_FEATURES:
5386 hci_remote_features_evt(hdev, skb);
5389 case HCI_EV_CMD_COMPLETE:
5390 hci_cmd_complete_evt(hdev, skb);
5393 case HCI_EV_CMD_STATUS:
5394 hci_cmd_status_evt(hdev, skb);
5397 case HCI_EV_HARDWARE_ERROR:
5398 hci_hardware_error_evt(hdev, skb);
5401 case HCI_EV_ROLE_CHANGE:
5402 hci_role_change_evt(hdev, skb);
5405 case HCI_EV_NUM_COMP_PKTS:
5406 hci_num_comp_pkts_evt(hdev, skb);
5409 case HCI_EV_MODE_CHANGE:
5410 hci_mode_change_evt(hdev, skb);
5413 case HCI_EV_PIN_CODE_REQ:
5414 hci_pin_code_request_evt(hdev, skb);
5417 case HCI_EV_LINK_KEY_REQ:
5418 hci_link_key_request_evt(hdev, skb);
5421 case HCI_EV_LINK_KEY_NOTIFY:
5422 hci_link_key_notify_evt(hdev, skb);
5425 case HCI_EV_CLOCK_OFFSET:
5426 hci_clock_offset_evt(hdev, skb);
5429 case HCI_EV_PKT_TYPE_CHANGE:
5430 hci_pkt_type_change_evt(hdev, skb);
5433 case HCI_EV_PSCAN_REP_MODE:
5434 hci_pscan_rep_mode_evt(hdev, skb);
5437 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5438 hci_inquiry_result_with_rssi_evt(hdev, skb);
5441 case HCI_EV_REMOTE_EXT_FEATURES:
5442 hci_remote_ext_features_evt(hdev, skb);
5445 case HCI_EV_SYNC_CONN_COMPLETE:
5446 hci_sync_conn_complete_evt(hdev, skb);
5449 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5450 hci_extended_inquiry_result_evt(hdev, skb);
5453 case HCI_EV_KEY_REFRESH_COMPLETE:
5454 hci_key_refresh_complete_evt(hdev, skb);
5457 case HCI_EV_IO_CAPA_REQUEST:
5458 hci_io_capa_request_evt(hdev, skb);
5461 case HCI_EV_IO_CAPA_REPLY:
5462 hci_io_capa_reply_evt(hdev, skb);
5465 case HCI_EV_USER_CONFIRM_REQUEST:
5466 hci_user_confirm_request_evt(hdev, skb);
5469 case HCI_EV_USER_PASSKEY_REQUEST:
5470 hci_user_passkey_request_evt(hdev, skb);
5473 case HCI_EV_USER_PASSKEY_NOTIFY:
5474 hci_user_passkey_notify_evt(hdev, skb);
5477 case HCI_EV_KEYPRESS_NOTIFY:
5478 hci_keypress_notify_evt(hdev, skb);
5481 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5482 hci_simple_pair_complete_evt(hdev, skb);
5485 case HCI_EV_REMOTE_HOST_FEATURES:
5486 hci_remote_host_features_evt(hdev, skb);
5489 case HCI_EV_LE_META:
5490 hci_le_meta_evt(hdev, skb);
5493 case HCI_EV_CHANNEL_SELECTED:
5494 hci_chan_selected_evt(hdev, skb);
5497 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5498 hci_remote_oob_data_request_evt(hdev, skb);
5501 case HCI_EV_PHY_LINK_COMPLETE:
5502 hci_phy_link_complete_evt(hdev, skb);
5505 case HCI_EV_LOGICAL_LINK_COMPLETE:
5506 hci_loglink_complete_evt(hdev, skb);
5509 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5510 hci_disconn_loglink_complete_evt(hdev, skb);
5513 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5514 hci_disconn_phylink_complete_evt(hdev, skb);
5517 case HCI_EV_NUM_COMP_BLOCKS:
5518 hci_num_comp_blocks_evt(hdev, skb);
5521 #ifdef CONFIG_TIZEN_WIP
5522 case HCI_EV_VENDOR_SPECIFIC:
5523 hci_vendor_specific_evt(hdev, skb);
5528 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5533 hdev->stat.evt_rx++;