2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
39 __u8 status = *((__u8 *) skb->data);
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
46 clear_bit(HCI_INQUIRY, &hdev->flags);
47 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
48 wake_up_bit(&hdev->flags, HCI_INQUIRY);
50 hci_conn_check_pending(hdev);
53 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
55 __u8 status = *((__u8 *) skb->data);
57 BT_DBG("%s status 0x%2.2x", hdev->name, status);
62 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
65 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
67 __u8 status = *((__u8 *) skb->data);
69 BT_DBG("%s status 0x%2.2x", hdev->name, status);
74 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
76 hci_conn_check_pending(hdev);
79 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
82 BT_DBG("%s", hdev->name);
85 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
87 struct hci_rp_role_discovery *rp = (void *) skb->data;
88 struct hci_conn *conn;
90 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
100 conn->link_mode &= ~HCI_LM_MASTER;
102 conn->link_mode |= HCI_LM_MASTER;
105 hci_dev_unlock(hdev);
108 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
110 struct hci_rp_read_link_policy *rp = (void *) skb->data;
111 struct hci_conn *conn;
113 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
122 conn->link_policy = __le16_to_cpu(rp->policy);
124 hci_dev_unlock(hdev);
127 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 struct hci_rp_write_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
133 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
138 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
146 conn->link_policy = get_unaligned_le16(sent + 2);
148 hci_dev_unlock(hdev);
151 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
154 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
156 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
161 hdev->link_policy = __le16_to_cpu(rp->policy);
164 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
180 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
182 __u8 status = *((__u8 *) skb->data);
184 BT_DBG("%s status 0x%2.2x", hdev->name, status);
186 clear_bit(HCI_RESET, &hdev->flags);
188 /* Reset all non-persistent flags */
189 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
191 hdev->discovery.state = DISCOVERY_STOPPED;
192 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
193 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
195 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
196 hdev->adv_data_len = 0;
199 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
201 __u8 status = *((__u8 *) skb->data);
204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
206 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
212 if (test_bit(HCI_MGMT, &hdev->dev_flags))
213 mgmt_set_local_name_complete(hdev, sent, status);
215 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
217 hci_dev_unlock(hdev);
220 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
222 struct hci_rp_read_local_name *rp = (void *) skb->data;
224 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
229 if (test_bit(HCI_SETUP, &hdev->dev_flags))
230 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
233 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
235 __u8 status = *((__u8 *) skb->data);
238 BT_DBG("%s status 0x%2.2x", hdev->name, status);
240 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
245 __u8 param = *((__u8 *) sent);
247 if (param == AUTH_ENABLED)
248 set_bit(HCI_AUTH, &hdev->flags);
250 clear_bit(HCI_AUTH, &hdev->flags);
253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
254 mgmt_auth_enable_complete(hdev, status);
257 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
259 __u8 status = *((__u8 *) skb->data);
262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
264 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
269 __u8 param = *((__u8 *) sent);
272 set_bit(HCI_ENCRYPT, &hdev->flags);
274 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
280 __u8 param, status = *((__u8 *) skb->data);
281 int old_pscan, old_iscan;
284 BT_DBG("%s status 0x%2.2x", hdev->name, status);
286 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
290 param = *((__u8 *) sent);
295 mgmt_write_scan_failed(hdev, param, status);
296 hdev->discov_timeout = 0;
300 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
301 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
303 if (param & SCAN_INQUIRY) {
304 set_bit(HCI_ISCAN, &hdev->flags);
306 mgmt_discoverable(hdev, 1);
307 if (hdev->discov_timeout > 0) {
308 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
309 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
312 } else if (old_iscan)
313 mgmt_discoverable(hdev, 0);
315 if (param & SCAN_PAGE) {
316 set_bit(HCI_PSCAN, &hdev->flags);
318 mgmt_connectable(hdev, 1);
319 } else if (old_pscan)
320 mgmt_connectable(hdev, 0);
323 hci_dev_unlock(hdev);
326 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
328 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
330 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
335 memcpy(hdev->dev_class, rp->dev_class, 3);
337 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
338 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
341 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
343 __u8 status = *((__u8 *) skb->data);
346 BT_DBG("%s status 0x%2.2x", hdev->name, status);
348 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
355 memcpy(hdev->dev_class, sent, 3);
357 if (test_bit(HCI_MGMT, &hdev->dev_flags))
358 mgmt_set_class_of_dev_complete(hdev, sent, status);
360 hci_dev_unlock(hdev);
363 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
365 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
368 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
373 setting = __le16_to_cpu(rp->voice_setting);
375 if (hdev->voice_setting == setting)
378 hdev->voice_setting = setting;
380 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
383 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
386 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
389 __u8 status = *((__u8 *) skb->data);
393 BT_DBG("%s status 0x%2.2x", hdev->name, status);
398 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
402 setting = get_unaligned_le16(sent);
404 if (hdev->voice_setting == setting)
407 hdev->voice_setting = setting;
409 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
412 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
415 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
417 __u8 status = *((__u8 *) skb->data);
418 struct hci_cp_write_ssp_mode *sent;
420 BT_DBG("%s status 0x%2.2x", hdev->name, status);
422 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
428 hdev->features[1][0] |= LMP_HOST_SSP;
430 hdev->features[1][0] &= ~LMP_HOST_SSP;
433 if (test_bit(HCI_MGMT, &hdev->dev_flags))
434 mgmt_ssp_enable_complete(hdev, sent->mode, status);
437 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
439 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
443 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
445 struct hci_rp_read_local_version *rp = (void *) skb->data;
447 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
452 hdev->hci_ver = rp->hci_ver;
453 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
454 hdev->lmp_ver = rp->lmp_ver;
455 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
456 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
458 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
459 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
462 static void hci_cc_read_local_commands(struct hci_dev *hdev,
465 struct hci_rp_read_local_commands *rp = (void *) skb->data;
467 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
470 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
473 static void hci_cc_read_local_features(struct hci_dev *hdev,
476 struct hci_rp_read_local_features *rp = (void *) skb->data;
478 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
483 memcpy(hdev->features, rp->features, 8);
485 /* Adjust default settings according to features
486 * supported by device. */
488 if (hdev->features[0][0] & LMP_3SLOT)
489 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
491 if (hdev->features[0][0] & LMP_5SLOT)
492 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
494 if (hdev->features[0][1] & LMP_HV2) {
495 hdev->pkt_type |= (HCI_HV2);
496 hdev->esco_type |= (ESCO_HV2);
499 if (hdev->features[0][1] & LMP_HV3) {
500 hdev->pkt_type |= (HCI_HV3);
501 hdev->esco_type |= (ESCO_HV3);
504 if (lmp_esco_capable(hdev))
505 hdev->esco_type |= (ESCO_EV3);
507 if (hdev->features[0][4] & LMP_EV4)
508 hdev->esco_type |= (ESCO_EV4);
510 if (hdev->features[0][4] & LMP_EV5)
511 hdev->esco_type |= (ESCO_EV5);
513 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
514 hdev->esco_type |= (ESCO_2EV3);
516 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
517 hdev->esco_type |= (ESCO_3EV3);
519 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
520 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
522 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
523 hdev->features[0][0], hdev->features[0][1],
524 hdev->features[0][2], hdev->features[0][3],
525 hdev->features[0][4], hdev->features[0][5],
526 hdev->features[0][6], hdev->features[0][7]);
529 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
532 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
534 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
539 hdev->max_page = rp->max_page;
541 if (rp->page < HCI_MAX_PAGES)
542 memcpy(hdev->features[rp->page], rp->features, 8);
545 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
548 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
550 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
553 hdev->flow_ctl_mode = rp->mode;
556 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
558 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
560 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
565 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
566 hdev->sco_mtu = rp->sco_mtu;
567 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
568 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
570 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
575 hdev->acl_cnt = hdev->acl_pkts;
576 hdev->sco_cnt = hdev->sco_pkts;
578 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
579 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
582 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
584 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
589 bacpy(&hdev->bdaddr, &rp->bdaddr);
592 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
595 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
597 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
599 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
600 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
601 hdev->page_scan_window = __le16_to_cpu(rp->window);
605 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
608 u8 status = *((u8 *) skb->data);
609 struct hci_cp_write_page_scan_activity *sent;
611 BT_DBG("%s status 0x%2.2x", hdev->name, status);
616 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
620 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
621 hdev->page_scan_window = __le16_to_cpu(sent->window);
624 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
627 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
629 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
631 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
632 hdev->page_scan_type = rp->type;
635 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
638 u8 status = *((u8 *) skb->data);
641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
646 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
648 hdev->page_scan_type = *type;
651 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
654 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
656 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
661 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
662 hdev->block_len = __le16_to_cpu(rp->block_len);
663 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
665 hdev->block_cnt = hdev->num_blocks;
667 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
668 hdev->block_cnt, hdev->block_len);
671 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
674 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
676 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
681 hdev->amp_status = rp->amp_status;
682 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
683 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
684 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
685 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
686 hdev->amp_type = rp->amp_type;
687 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
688 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
689 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
690 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
693 a2mp_send_getinfo_rsp(hdev);
696 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
699 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
700 struct amp_assoc *assoc = &hdev->loc_assoc;
701 size_t rem_len, frag_len;
703 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
708 frag_len = skb->len - sizeof(*rp);
709 rem_len = __le16_to_cpu(rp->rem_len);
711 if (rem_len > frag_len) {
712 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
714 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
715 assoc->offset += frag_len;
717 /* Read other fragments */
718 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
723 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
724 assoc->len = assoc->offset + rem_len;
728 /* Send A2MP Rsp when all fragments are received */
729 a2mp_send_getampassoc_rsp(hdev, rp->status);
730 a2mp_send_create_phy_link_req(hdev, rp->status);
733 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
736 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
741 hdev->inq_tx_power = rp->tx_power;
744 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
746 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
747 struct hci_cp_pin_code_reply *cp;
748 struct hci_conn *conn;
750 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
754 if (test_bit(HCI_MGMT, &hdev->dev_flags))
755 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
760 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
764 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
766 conn->pin_length = cp->pin_len;
769 hci_dev_unlock(hdev);
772 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
774 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
776 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
780 if (test_bit(HCI_MGMT, &hdev->dev_flags))
781 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
784 hci_dev_unlock(hdev);
787 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
790 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
792 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
797 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
798 hdev->le_pkts = rp->le_max_pkt;
800 hdev->le_cnt = hdev->le_pkts;
802 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
805 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
808 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
810 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
813 memcpy(hdev->le_features, rp->features, 8);
816 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
819 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
821 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
824 hdev->adv_tx_power = rp->tx_power;
827 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
829 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
831 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
835 if (test_bit(HCI_MGMT, &hdev->dev_flags))
836 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
839 hci_dev_unlock(hdev);
842 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
845 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
847 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
851 if (test_bit(HCI_MGMT, &hdev->dev_flags))
852 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
853 ACL_LINK, 0, rp->status);
855 hci_dev_unlock(hdev);
858 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
860 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
866 if (test_bit(HCI_MGMT, &hdev->dev_flags))
867 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
870 hci_dev_unlock(hdev);
873 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
876 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
882 if (test_bit(HCI_MGMT, &hdev->dev_flags))
883 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
884 ACL_LINK, 0, rp->status);
886 hci_dev_unlock(hdev);
889 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
892 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
894 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
897 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
898 rp->randomizer, rp->status);
899 hci_dev_unlock(hdev);
902 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
904 __u8 *sent, status = *((__u8 *) skb->data);
906 BT_DBG("%s status 0x%2.2x", hdev->name, status);
908 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
916 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
918 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
921 if (!test_bit(HCI_INIT, &hdev->flags)) {
922 struct hci_request req;
924 hci_req_init(&req, hdev);
926 hci_req_run(&req, NULL);
929 hci_dev_unlock(hdev);
932 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
935 struct hci_cp_le_set_scan_enable *cp;
936 __u8 status = *((__u8 *) skb->data);
938 BT_DBG("%s status 0x%2.2x", hdev->name, status);
940 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
947 switch (cp->enable) {
949 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
952 case LE_SCAN_DISABLE:
953 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
957 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
962 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
965 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
967 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
970 hdev->le_white_list_size = rp->size;
973 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
976 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
978 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
981 memcpy(hdev->le_states, rp->le_states, 8);
984 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
987 struct hci_cp_write_le_host_supported *sent;
988 __u8 status = *((__u8 *) skb->data);
990 BT_DBG("%s status 0x%2.2x", hdev->name, status);
992 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
998 hdev->features[1][0] |= LMP_HOST_LE;
999 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1001 hdev->features[1][0] &= ~LMP_HOST_LE;
1002 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1006 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1008 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1012 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1013 struct sk_buff *skb)
1015 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1017 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1018 hdev->name, rp->status, rp->phy_handle);
1023 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1026 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1031 hci_conn_check_pending(hdev);
1035 set_bit(HCI_INQUIRY, &hdev->flags);
1038 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1040 struct hci_cp_create_conn *cp;
1041 struct hci_conn *conn;
1043 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1045 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1051 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1053 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1056 if (conn && conn->state == BT_CONNECT) {
1057 if (status != 0x0c || conn->attempt > 2) {
1058 conn->state = BT_CLOSED;
1059 hci_proto_connect_cfm(conn, status);
1062 conn->state = BT_CONNECT2;
1066 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1069 conn->link_mode |= HCI_LM_MASTER;
1071 BT_ERR("No memory for new connection");
1075 hci_dev_unlock(hdev);
1078 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1080 struct hci_cp_add_sco *cp;
1081 struct hci_conn *acl, *sco;
1084 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1089 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1093 handle = __le16_to_cpu(cp->handle);
1095 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1099 acl = hci_conn_hash_lookup_handle(hdev, handle);
1103 sco->state = BT_CLOSED;
1105 hci_proto_connect_cfm(sco, status);
1110 hci_dev_unlock(hdev);
1113 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1115 struct hci_cp_auth_requested *cp;
1116 struct hci_conn *conn;
1118 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1123 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1129 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1131 if (conn->state == BT_CONFIG) {
1132 hci_proto_connect_cfm(conn, status);
1133 hci_conn_drop(conn);
1137 hci_dev_unlock(hdev);
1140 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1142 struct hci_cp_set_conn_encrypt *cp;
1143 struct hci_conn *conn;
1145 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1150 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1156 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1158 if (conn->state == BT_CONFIG) {
1159 hci_proto_connect_cfm(conn, status);
1160 hci_conn_drop(conn);
1164 hci_dev_unlock(hdev);
1167 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1168 struct hci_conn *conn)
1170 if (conn->state != BT_CONFIG || !conn->out)
1173 if (conn->pending_sec_level == BT_SECURITY_SDP)
1176 /* Only request authentication for SSP connections or non-SSP
1177 * devices with sec_level HIGH or if MITM protection is requested */
1178 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1179 conn->pending_sec_level != BT_SECURITY_HIGH)
1185 static int hci_resolve_name(struct hci_dev *hdev,
1186 struct inquiry_entry *e)
1188 struct hci_cp_remote_name_req cp;
1190 memset(&cp, 0, sizeof(cp));
1192 bacpy(&cp.bdaddr, &e->data.bdaddr);
1193 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1194 cp.pscan_mode = e->data.pscan_mode;
1195 cp.clock_offset = e->data.clock_offset;
1197 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1200 static bool hci_resolve_next_name(struct hci_dev *hdev)
1202 struct discovery_state *discov = &hdev->discovery;
1203 struct inquiry_entry *e;
1205 if (list_empty(&discov->resolve))
1208 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1212 if (hci_resolve_name(hdev, e) == 0) {
1213 e->name_state = NAME_PENDING;
1220 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1221 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1223 struct discovery_state *discov = &hdev->discovery;
1224 struct inquiry_entry *e;
1226 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1227 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1228 name_len, conn->dev_class);
1230 if (discov->state == DISCOVERY_STOPPED)
1233 if (discov->state == DISCOVERY_STOPPING)
1234 goto discov_complete;
1236 if (discov->state != DISCOVERY_RESOLVING)
1239 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1240 /* If the device was not found in a list of found devices names of which
1241 * are pending. there is no need to continue resolving a next name as it
1242 * will be done upon receiving another Remote Name Request Complete
1249 e->name_state = NAME_KNOWN;
1250 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1251 e->data.rssi, name, name_len);
1253 e->name_state = NAME_NOT_KNOWN;
1256 if (hci_resolve_next_name(hdev))
1260 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1263 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1265 struct hci_cp_remote_name_req *cp;
1266 struct hci_conn *conn;
1268 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1270 /* If successful wait for the name req complete event before
1271 * checking for the need to do authentication */
1275 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1284 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1289 if (!hci_outgoing_auth_needed(hdev, conn))
1292 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1293 struct hci_cp_auth_requested cp;
1294 cp.handle = __cpu_to_le16(conn->handle);
1295 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1299 hci_dev_unlock(hdev);
1302 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1304 struct hci_cp_read_remote_features *cp;
1305 struct hci_conn *conn;
1307 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1312 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1318 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1320 if (conn->state == BT_CONFIG) {
1321 hci_proto_connect_cfm(conn, status);
1322 hci_conn_drop(conn);
1326 hci_dev_unlock(hdev);
1329 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1331 struct hci_cp_read_remote_ext_features *cp;
1332 struct hci_conn *conn;
1334 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1339 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1345 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1347 if (conn->state == BT_CONFIG) {
1348 hci_proto_connect_cfm(conn, status);
1349 hci_conn_drop(conn);
1353 hci_dev_unlock(hdev);
1356 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1358 struct hci_cp_setup_sync_conn *cp;
1359 struct hci_conn *acl, *sco;
1362 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1367 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1371 handle = __le16_to_cpu(cp->handle);
1373 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1377 acl = hci_conn_hash_lookup_handle(hdev, handle);
1381 sco->state = BT_CLOSED;
1383 hci_proto_connect_cfm(sco, status);
1388 hci_dev_unlock(hdev);
1391 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1393 struct hci_cp_sniff_mode *cp;
1394 struct hci_conn *conn;
1396 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1401 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1407 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1409 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1411 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1412 hci_sco_setup(conn, status);
1415 hci_dev_unlock(hdev);
1418 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1420 struct hci_cp_exit_sniff_mode *cp;
1421 struct hci_conn *conn;
1423 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1428 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1434 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1436 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1438 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1439 hci_sco_setup(conn, status);
1442 hci_dev_unlock(hdev);
1445 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1447 struct hci_cp_disconnect *cp;
1448 struct hci_conn *conn;
1453 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1459 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1461 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1462 conn->dst_type, status);
1464 hci_dev_unlock(hdev);
1467 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1469 struct hci_conn *conn;
1471 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1476 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1478 hci_dev_unlock(hdev);
1482 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1484 conn->state = BT_CLOSED;
1485 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1486 conn->dst_type, status);
1487 hci_proto_connect_cfm(conn, status);
1490 hci_dev_unlock(hdev);
1494 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1496 struct hci_cp_create_phy_link *cp;
1498 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1500 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1507 struct hci_conn *hcon;
1509 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1513 amp_write_remote_assoc(hdev, cp->phy_handle);
1516 hci_dev_unlock(hdev);
1519 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1521 struct hci_cp_accept_phy_link *cp;
1523 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1528 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1532 amp_write_remote_assoc(hdev, cp->phy_handle);
1535 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1537 __u8 status = *((__u8 *) skb->data);
1538 struct discovery_state *discov = &hdev->discovery;
1539 struct inquiry_entry *e;
1541 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1543 hci_conn_check_pending(hdev);
1545 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1548 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1549 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1551 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1556 if (discov->state != DISCOVERY_FINDING)
1559 if (list_empty(&discov->resolve)) {
1560 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1565 if (e && hci_resolve_name(hdev, e) == 0) {
1566 e->name_state = NAME_PENDING;
1567 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1569 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1573 hci_dev_unlock(hdev);
1576 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1578 struct inquiry_data data;
1579 struct inquiry_info *info = (void *) (skb->data + 1);
1580 int num_rsp = *((__u8 *) skb->data);
1582 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1587 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1592 for (; num_rsp; num_rsp--, info++) {
1593 bool name_known, ssp;
1595 bacpy(&data.bdaddr, &info->bdaddr);
1596 data.pscan_rep_mode = info->pscan_rep_mode;
1597 data.pscan_period_mode = info->pscan_period_mode;
1598 data.pscan_mode = info->pscan_mode;
1599 memcpy(data.dev_class, info->dev_class, 3);
1600 data.clock_offset = info->clock_offset;
1602 data.ssp_mode = 0x00;
1604 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1605 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1606 info->dev_class, 0, !name_known, ssp, NULL,
1610 hci_dev_unlock(hdev);
1613 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1615 struct hci_ev_conn_complete *ev = (void *) skb->data;
1616 struct hci_conn *conn;
1618 BT_DBG("%s", hdev->name);
1622 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1624 if (ev->link_type != SCO_LINK)
1627 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1631 conn->type = SCO_LINK;
1635 conn->handle = __le16_to_cpu(ev->handle);
1637 if (conn->type == ACL_LINK) {
1638 conn->state = BT_CONFIG;
1639 hci_conn_hold(conn);
1641 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1642 !hci_find_link_key(hdev, &ev->bdaddr))
1643 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1645 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1647 conn->state = BT_CONNECTED;
1649 hci_conn_add_sysfs(conn);
1651 if (test_bit(HCI_AUTH, &hdev->flags))
1652 conn->link_mode |= HCI_LM_AUTH;
1654 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1655 conn->link_mode |= HCI_LM_ENCRYPT;
1657 /* Get remote features */
1658 if (conn->type == ACL_LINK) {
1659 struct hci_cp_read_remote_features cp;
1660 cp.handle = ev->handle;
1661 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1665 /* Set packet type for incoming connection */
1666 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1667 struct hci_cp_change_conn_ptype cp;
1668 cp.handle = ev->handle;
1669 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1670 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1674 conn->state = BT_CLOSED;
1675 if (conn->type == ACL_LINK)
1676 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1677 conn->dst_type, ev->status);
1680 if (conn->type == ACL_LINK)
1681 hci_sco_setup(conn, ev->status);
1684 hci_proto_connect_cfm(conn, ev->status);
1686 } else if (ev->link_type != ACL_LINK)
1687 hci_proto_connect_cfm(conn, ev->status);
1690 hci_dev_unlock(hdev);
1692 hci_conn_check_pending(hdev);
1695 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1697 struct hci_ev_conn_request *ev = (void *) skb->data;
1698 int mask = hdev->link_mode;
1701 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1704 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
1707 if ((mask & HCI_LM_ACCEPT) &&
1708 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1709 /* Connection accepted */
1710 struct inquiry_entry *ie;
1711 struct hci_conn *conn;
1715 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1717 memcpy(ie->data.dev_class, ev->dev_class, 3);
1719 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
1722 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1724 BT_ERR("No memory for new connection");
1725 hci_dev_unlock(hdev);
1730 memcpy(conn->dev_class, ev->dev_class, 3);
1732 hci_dev_unlock(hdev);
1734 if (ev->link_type == ACL_LINK ||
1735 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1736 struct hci_cp_accept_conn_req cp;
1737 conn->state = BT_CONNECT;
1739 bacpy(&cp.bdaddr, &ev->bdaddr);
1741 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1742 cp.role = 0x00; /* Become master */
1744 cp.role = 0x01; /* Remain slave */
1746 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1748 } else if (!(flags & HCI_PROTO_DEFER)) {
1749 struct hci_cp_accept_sync_conn_req cp;
1750 conn->state = BT_CONNECT;
1752 bacpy(&cp.bdaddr, &ev->bdaddr);
1753 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1755 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1756 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1757 cp.max_latency = __constant_cpu_to_le16(0xffff);
1758 cp.content_format = cpu_to_le16(hdev->voice_setting);
1759 cp.retrans_effort = 0xff;
1761 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1764 conn->state = BT_CONNECT2;
1765 hci_proto_connect_cfm(conn, 0);
1768 /* Connection rejected */
1769 struct hci_cp_reject_conn_req cp;
1771 bacpy(&cp.bdaddr, &ev->bdaddr);
1772 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1773 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1777 static u8 hci_to_mgmt_reason(u8 err)
1780 case HCI_ERROR_CONNECTION_TIMEOUT:
1781 return MGMT_DEV_DISCONN_TIMEOUT;
1782 case HCI_ERROR_REMOTE_USER_TERM:
1783 case HCI_ERROR_REMOTE_LOW_RESOURCES:
1784 case HCI_ERROR_REMOTE_POWER_OFF:
1785 return MGMT_DEV_DISCONN_REMOTE;
1786 case HCI_ERROR_LOCAL_HOST_TERM:
1787 return MGMT_DEV_DISCONN_LOCAL_HOST;
1789 return MGMT_DEV_DISCONN_UNKNOWN;
1793 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1795 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1796 struct hci_conn *conn;
1798 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1802 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1806 if (ev->status == 0)
1807 conn->state = BT_CLOSED;
1809 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1810 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1812 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1813 conn->dst_type, ev->status);
1815 u8 reason = hci_to_mgmt_reason(ev->reason);
1817 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1818 conn->dst_type, reason);
1822 if (ev->status == 0) {
1823 if (conn->type == ACL_LINK && conn->flush_key)
1824 hci_remove_link_key(hdev, &conn->dst);
1825 hci_proto_disconn_cfm(conn, ev->reason);
1830 hci_dev_unlock(hdev);
1833 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1835 struct hci_ev_auth_complete *ev = (void *) skb->data;
1836 struct hci_conn *conn;
1838 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1842 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1847 if (!hci_conn_ssp_enabled(conn) &&
1848 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1849 BT_INFO("re-auth of legacy device is not possible.");
1851 conn->link_mode |= HCI_LM_AUTH;
1852 conn->sec_level = conn->pending_sec_level;
1855 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1859 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1860 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1862 if (conn->state == BT_CONFIG) {
1863 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1864 struct hci_cp_set_conn_encrypt cp;
1865 cp.handle = ev->handle;
1867 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1870 conn->state = BT_CONNECTED;
1871 hci_proto_connect_cfm(conn, ev->status);
1872 hci_conn_drop(conn);
1875 hci_auth_cfm(conn, ev->status);
1877 hci_conn_hold(conn);
1878 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1879 hci_conn_drop(conn);
1882 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1884 struct hci_cp_set_conn_encrypt cp;
1885 cp.handle = ev->handle;
1887 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1890 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1891 hci_encrypt_cfm(conn, ev->status, 0x00);
1896 hci_dev_unlock(hdev);
1899 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1901 struct hci_ev_remote_name *ev = (void *) skb->data;
1902 struct hci_conn *conn;
1904 BT_DBG("%s", hdev->name);
1906 hci_conn_check_pending(hdev);
1910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1912 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1915 if (ev->status == 0)
1916 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1917 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1919 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
1925 if (!hci_outgoing_auth_needed(hdev, conn))
1928 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1929 struct hci_cp_auth_requested cp;
1930 cp.handle = __cpu_to_le16(conn->handle);
1931 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1935 hci_dev_unlock(hdev);
1938 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1940 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1941 struct hci_conn *conn;
1943 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1947 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1951 /* Encryption implies authentication */
1952 conn->link_mode |= HCI_LM_AUTH;
1953 conn->link_mode |= HCI_LM_ENCRYPT;
1954 conn->sec_level = conn->pending_sec_level;
1956 conn->link_mode &= ~HCI_LM_ENCRYPT;
1959 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1961 if (ev->status && conn->state == BT_CONNECTED) {
1962 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1963 hci_conn_drop(conn);
1967 if (conn->state == BT_CONFIG) {
1969 conn->state = BT_CONNECTED;
1971 hci_proto_connect_cfm(conn, ev->status);
1972 hci_conn_drop(conn);
1974 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1978 hci_dev_unlock(hdev);
1981 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
1982 struct sk_buff *skb)
1984 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1985 struct hci_conn *conn;
1987 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1991 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1994 conn->link_mode |= HCI_LM_SECURE;
1996 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1998 hci_key_change_cfm(conn, ev->status);
2001 hci_dev_unlock(hdev);
2004 static void hci_remote_features_evt(struct hci_dev *hdev,
2005 struct sk_buff *skb)
2007 struct hci_ev_remote_features *ev = (void *) skb->data;
2008 struct hci_conn *conn;
2010 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2014 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2019 memcpy(conn->features[0], ev->features, 8);
2021 if (conn->state != BT_CONFIG)
2024 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2025 struct hci_cp_read_remote_ext_features cp;
2026 cp.handle = ev->handle;
2028 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2033 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2034 struct hci_cp_remote_name_req cp;
2035 memset(&cp, 0, sizeof(cp));
2036 bacpy(&cp.bdaddr, &conn->dst);
2037 cp.pscan_rep_mode = 0x02;
2038 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2039 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2040 mgmt_device_connected(hdev, &conn->dst, conn->type,
2041 conn->dst_type, 0, NULL, 0,
2044 if (!hci_outgoing_auth_needed(hdev, conn)) {
2045 conn->state = BT_CONNECTED;
2046 hci_proto_connect_cfm(conn, ev->status);
2047 hci_conn_drop(conn);
2051 hci_dev_unlock(hdev);
2054 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2056 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2057 u8 status = skb->data[sizeof(*ev)];
2060 skb_pull(skb, sizeof(*ev));
2062 opcode = __le16_to_cpu(ev->opcode);
2065 case HCI_OP_INQUIRY_CANCEL:
2066 hci_cc_inquiry_cancel(hdev, skb);
2069 case HCI_OP_PERIODIC_INQ:
2070 hci_cc_periodic_inq(hdev, skb);
2073 case HCI_OP_EXIT_PERIODIC_INQ:
2074 hci_cc_exit_periodic_inq(hdev, skb);
2077 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2078 hci_cc_remote_name_req_cancel(hdev, skb);
2081 case HCI_OP_ROLE_DISCOVERY:
2082 hci_cc_role_discovery(hdev, skb);
2085 case HCI_OP_READ_LINK_POLICY:
2086 hci_cc_read_link_policy(hdev, skb);
2089 case HCI_OP_WRITE_LINK_POLICY:
2090 hci_cc_write_link_policy(hdev, skb);
2093 case HCI_OP_READ_DEF_LINK_POLICY:
2094 hci_cc_read_def_link_policy(hdev, skb);
2097 case HCI_OP_WRITE_DEF_LINK_POLICY:
2098 hci_cc_write_def_link_policy(hdev, skb);
2102 hci_cc_reset(hdev, skb);
2105 case HCI_OP_WRITE_LOCAL_NAME:
2106 hci_cc_write_local_name(hdev, skb);
2109 case HCI_OP_READ_LOCAL_NAME:
2110 hci_cc_read_local_name(hdev, skb);
2113 case HCI_OP_WRITE_AUTH_ENABLE:
2114 hci_cc_write_auth_enable(hdev, skb);
2117 case HCI_OP_WRITE_ENCRYPT_MODE:
2118 hci_cc_write_encrypt_mode(hdev, skb);
2121 case HCI_OP_WRITE_SCAN_ENABLE:
2122 hci_cc_write_scan_enable(hdev, skb);
2125 case HCI_OP_READ_CLASS_OF_DEV:
2126 hci_cc_read_class_of_dev(hdev, skb);
2129 case HCI_OP_WRITE_CLASS_OF_DEV:
2130 hci_cc_write_class_of_dev(hdev, skb);
2133 case HCI_OP_READ_VOICE_SETTING:
2134 hci_cc_read_voice_setting(hdev, skb);
2137 case HCI_OP_WRITE_VOICE_SETTING:
2138 hci_cc_write_voice_setting(hdev, skb);
2141 case HCI_OP_WRITE_SSP_MODE:
2142 hci_cc_write_ssp_mode(hdev, skb);
2145 case HCI_OP_READ_LOCAL_VERSION:
2146 hci_cc_read_local_version(hdev, skb);
2149 case HCI_OP_READ_LOCAL_COMMANDS:
2150 hci_cc_read_local_commands(hdev, skb);
2153 case HCI_OP_READ_LOCAL_FEATURES:
2154 hci_cc_read_local_features(hdev, skb);
2157 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2158 hci_cc_read_local_ext_features(hdev, skb);
2161 case HCI_OP_READ_BUFFER_SIZE:
2162 hci_cc_read_buffer_size(hdev, skb);
2165 case HCI_OP_READ_BD_ADDR:
2166 hci_cc_read_bd_addr(hdev, skb);
2169 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2170 hci_cc_read_page_scan_activity(hdev, skb);
2173 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2174 hci_cc_write_page_scan_activity(hdev, skb);
2177 case HCI_OP_READ_PAGE_SCAN_TYPE:
2178 hci_cc_read_page_scan_type(hdev, skb);
2181 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2182 hci_cc_write_page_scan_type(hdev, skb);
2185 case HCI_OP_READ_DATA_BLOCK_SIZE:
2186 hci_cc_read_data_block_size(hdev, skb);
2189 case HCI_OP_READ_FLOW_CONTROL_MODE:
2190 hci_cc_read_flow_control_mode(hdev, skb);
2193 case HCI_OP_READ_LOCAL_AMP_INFO:
2194 hci_cc_read_local_amp_info(hdev, skb);
2197 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2198 hci_cc_read_local_amp_assoc(hdev, skb);
2201 case HCI_OP_READ_INQ_RSP_TX_POWER:
2202 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2205 case HCI_OP_PIN_CODE_REPLY:
2206 hci_cc_pin_code_reply(hdev, skb);
2209 case HCI_OP_PIN_CODE_NEG_REPLY:
2210 hci_cc_pin_code_neg_reply(hdev, skb);
2213 case HCI_OP_READ_LOCAL_OOB_DATA:
2214 hci_cc_read_local_oob_data_reply(hdev, skb);
2217 case HCI_OP_LE_READ_BUFFER_SIZE:
2218 hci_cc_le_read_buffer_size(hdev, skb);
2221 case HCI_OP_LE_READ_LOCAL_FEATURES:
2222 hci_cc_le_read_local_features(hdev, skb);
2225 case HCI_OP_LE_READ_ADV_TX_POWER:
2226 hci_cc_le_read_adv_tx_power(hdev, skb);
2229 case HCI_OP_USER_CONFIRM_REPLY:
2230 hci_cc_user_confirm_reply(hdev, skb);
2233 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2234 hci_cc_user_confirm_neg_reply(hdev, skb);
2237 case HCI_OP_USER_PASSKEY_REPLY:
2238 hci_cc_user_passkey_reply(hdev, skb);
2241 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2242 hci_cc_user_passkey_neg_reply(hdev, skb);
2245 case HCI_OP_LE_SET_ADV_ENABLE:
2246 hci_cc_le_set_adv_enable(hdev, skb);
2249 case HCI_OP_LE_SET_SCAN_ENABLE:
2250 hci_cc_le_set_scan_enable(hdev, skb);
2253 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2254 hci_cc_le_read_white_list_size(hdev, skb);
2257 case HCI_OP_LE_READ_SUPPORTED_STATES:
2258 hci_cc_le_read_supported_states(hdev, skb);
2261 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2262 hci_cc_write_le_host_supported(hdev, skb);
2265 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2266 hci_cc_write_remote_amp_assoc(hdev, skb);
2270 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2274 if (opcode != HCI_OP_NOP)
2275 del_timer(&hdev->cmd_timer);
2277 hci_req_cmd_complete(hdev, opcode, status);
2279 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2280 atomic_set(&hdev->cmd_cnt, 1);
2281 if (!skb_queue_empty(&hdev->cmd_q))
2282 queue_work(hdev->workqueue, &hdev->cmd_work);
2286 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2288 struct hci_ev_cmd_status *ev = (void *) skb->data;
2291 skb_pull(skb, sizeof(*ev));
2293 opcode = __le16_to_cpu(ev->opcode);
2296 case HCI_OP_INQUIRY:
2297 hci_cs_inquiry(hdev, ev->status);
2300 case HCI_OP_CREATE_CONN:
2301 hci_cs_create_conn(hdev, ev->status);
2304 case HCI_OP_ADD_SCO:
2305 hci_cs_add_sco(hdev, ev->status);
2308 case HCI_OP_AUTH_REQUESTED:
2309 hci_cs_auth_requested(hdev, ev->status);
2312 case HCI_OP_SET_CONN_ENCRYPT:
2313 hci_cs_set_conn_encrypt(hdev, ev->status);
2316 case HCI_OP_REMOTE_NAME_REQ:
2317 hci_cs_remote_name_req(hdev, ev->status);
2320 case HCI_OP_READ_REMOTE_FEATURES:
2321 hci_cs_read_remote_features(hdev, ev->status);
2324 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2325 hci_cs_read_remote_ext_features(hdev, ev->status);
2328 case HCI_OP_SETUP_SYNC_CONN:
2329 hci_cs_setup_sync_conn(hdev, ev->status);
2332 case HCI_OP_SNIFF_MODE:
2333 hci_cs_sniff_mode(hdev, ev->status);
2336 case HCI_OP_EXIT_SNIFF_MODE:
2337 hci_cs_exit_sniff_mode(hdev, ev->status);
2340 case HCI_OP_DISCONNECT:
2341 hci_cs_disconnect(hdev, ev->status);
2344 case HCI_OP_LE_CREATE_CONN:
2345 hci_cs_le_create_conn(hdev, ev->status);
2348 case HCI_OP_CREATE_PHY_LINK:
2349 hci_cs_create_phylink(hdev, ev->status);
2352 case HCI_OP_ACCEPT_PHY_LINK:
2353 hci_cs_accept_phylink(hdev, ev->status);
2357 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2361 if (opcode != HCI_OP_NOP)
2362 del_timer(&hdev->cmd_timer);
2365 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2366 hci_req_cmd_complete(hdev, opcode, ev->status);
2368 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2369 atomic_set(&hdev->cmd_cnt, 1);
2370 if (!skb_queue_empty(&hdev->cmd_q))
2371 queue_work(hdev->workqueue, &hdev->cmd_work);
2375 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2377 struct hci_ev_role_change *ev = (void *) skb->data;
2378 struct hci_conn *conn;
2380 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2388 conn->link_mode &= ~HCI_LM_MASTER;
2390 conn->link_mode |= HCI_LM_MASTER;
2393 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2395 hci_role_switch_cfm(conn, ev->status, ev->role);
2398 hci_dev_unlock(hdev);
2401 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2403 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2406 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2407 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2411 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2412 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2413 BT_DBG("%s bad parameters", hdev->name);
2417 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2419 for (i = 0; i < ev->num_hndl; i++) {
2420 struct hci_comp_pkts_info *info = &ev->handles[i];
2421 struct hci_conn *conn;
2422 __u16 handle, count;
2424 handle = __le16_to_cpu(info->handle);
2425 count = __le16_to_cpu(info->count);
2427 conn = hci_conn_hash_lookup_handle(hdev, handle);
2431 conn->sent -= count;
2433 switch (conn->type) {
2435 hdev->acl_cnt += count;
2436 if (hdev->acl_cnt > hdev->acl_pkts)
2437 hdev->acl_cnt = hdev->acl_pkts;
2441 if (hdev->le_pkts) {
2442 hdev->le_cnt += count;
2443 if (hdev->le_cnt > hdev->le_pkts)
2444 hdev->le_cnt = hdev->le_pkts;
2446 hdev->acl_cnt += count;
2447 if (hdev->acl_cnt > hdev->acl_pkts)
2448 hdev->acl_cnt = hdev->acl_pkts;
2453 hdev->sco_cnt += count;
2454 if (hdev->sco_cnt > hdev->sco_pkts)
2455 hdev->sco_cnt = hdev->sco_pkts;
2459 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2464 queue_work(hdev->workqueue, &hdev->tx_work);
2467 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2470 struct hci_chan *chan;
2472 switch (hdev->dev_type) {
2474 return hci_conn_hash_lookup_handle(hdev, handle);
2476 chan = hci_chan_lookup_handle(hdev, handle);
2481 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2488 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2490 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2493 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2494 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2498 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2499 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2500 BT_DBG("%s bad parameters", hdev->name);
2504 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2507 for (i = 0; i < ev->num_hndl; i++) {
2508 struct hci_comp_blocks_info *info = &ev->handles[i];
2509 struct hci_conn *conn = NULL;
2510 __u16 handle, block_count;
2512 handle = __le16_to_cpu(info->handle);
2513 block_count = __le16_to_cpu(info->blocks);
2515 conn = __hci_conn_lookup_handle(hdev, handle);
2519 conn->sent -= block_count;
2521 switch (conn->type) {
2524 hdev->block_cnt += block_count;
2525 if (hdev->block_cnt > hdev->num_blocks)
2526 hdev->block_cnt = hdev->num_blocks;
2530 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2535 queue_work(hdev->workqueue, &hdev->tx_work);
2538 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2540 struct hci_ev_mode_change *ev = (void *) skb->data;
2541 struct hci_conn *conn;
2543 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2549 conn->mode = ev->mode;
2550 conn->interval = __le16_to_cpu(ev->interval);
2552 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2554 if (conn->mode == HCI_CM_ACTIVE)
2555 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2557 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2560 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2561 hci_sco_setup(conn, ev->status);
2564 hci_dev_unlock(hdev);
2567 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2569 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2570 struct hci_conn *conn;
2572 BT_DBG("%s", hdev->name);
2576 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2580 if (conn->state == BT_CONNECTED) {
2581 hci_conn_hold(conn);
2582 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2583 hci_conn_drop(conn);
2586 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2587 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2588 sizeof(ev->bdaddr), &ev->bdaddr);
2589 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2592 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2597 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2601 hci_dev_unlock(hdev);
2604 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2606 struct hci_ev_link_key_req *ev = (void *) skb->data;
2607 struct hci_cp_link_key_reply cp;
2608 struct hci_conn *conn;
2609 struct link_key *key;
2611 BT_DBG("%s", hdev->name);
2613 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2618 key = hci_find_link_key(hdev, &ev->bdaddr);
2620 BT_DBG("%s link key not found for %pMR", hdev->name,
2625 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2628 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2629 key->type == HCI_LK_DEBUG_COMBINATION) {
2630 BT_DBG("%s ignoring debug key", hdev->name);
2634 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2636 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2637 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2638 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2642 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2643 conn->pending_sec_level == BT_SECURITY_HIGH) {
2644 BT_DBG("%s ignoring key unauthenticated for high security",
2649 conn->key_type = key->type;
2650 conn->pin_length = key->pin_len;
2653 bacpy(&cp.bdaddr, &ev->bdaddr);
2654 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2656 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2658 hci_dev_unlock(hdev);
2663 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2664 hci_dev_unlock(hdev);
2667 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2669 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2670 struct hci_conn *conn;
2673 BT_DBG("%s", hdev->name);
2677 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2679 hci_conn_hold(conn);
2680 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2681 pin_len = conn->pin_length;
2683 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2684 conn->key_type = ev->key_type;
2686 hci_conn_drop(conn);
2689 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2690 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2691 ev->key_type, pin_len);
2693 hci_dev_unlock(hdev);
2696 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2698 struct hci_ev_clock_offset *ev = (void *) skb->data;
2699 struct hci_conn *conn;
2701 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2705 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2706 if (conn && !ev->status) {
2707 struct inquiry_entry *ie;
2709 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2711 ie->data.clock_offset = ev->clock_offset;
2712 ie->timestamp = jiffies;
2716 hci_dev_unlock(hdev);
2719 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2721 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2722 struct hci_conn *conn;
2724 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2728 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2729 if (conn && !ev->status)
2730 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2732 hci_dev_unlock(hdev);
2735 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2737 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2738 struct inquiry_entry *ie;
2740 BT_DBG("%s", hdev->name);
2744 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2746 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2747 ie->timestamp = jiffies;
2750 hci_dev_unlock(hdev);
2753 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2754 struct sk_buff *skb)
2756 struct inquiry_data data;
2757 int num_rsp = *((__u8 *) skb->data);
2758 bool name_known, ssp;
2760 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2765 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2770 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2771 struct inquiry_info_with_rssi_and_pscan_mode *info;
2772 info = (void *) (skb->data + 1);
2774 for (; num_rsp; num_rsp--, info++) {
2775 bacpy(&data.bdaddr, &info->bdaddr);
2776 data.pscan_rep_mode = info->pscan_rep_mode;
2777 data.pscan_period_mode = info->pscan_period_mode;
2778 data.pscan_mode = info->pscan_mode;
2779 memcpy(data.dev_class, info->dev_class, 3);
2780 data.clock_offset = info->clock_offset;
2781 data.rssi = info->rssi;
2782 data.ssp_mode = 0x00;
2784 name_known = hci_inquiry_cache_update(hdev, &data,
2786 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2787 info->dev_class, info->rssi,
2788 !name_known, ssp, NULL, 0);
2791 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2793 for (; num_rsp; num_rsp--, info++) {
2794 bacpy(&data.bdaddr, &info->bdaddr);
2795 data.pscan_rep_mode = info->pscan_rep_mode;
2796 data.pscan_period_mode = info->pscan_period_mode;
2797 data.pscan_mode = 0x00;
2798 memcpy(data.dev_class, info->dev_class, 3);
2799 data.clock_offset = info->clock_offset;
2800 data.rssi = info->rssi;
2801 data.ssp_mode = 0x00;
2802 name_known = hci_inquiry_cache_update(hdev, &data,
2804 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2805 info->dev_class, info->rssi,
2806 !name_known, ssp, NULL, 0);
2810 hci_dev_unlock(hdev);
2813 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2814 struct sk_buff *skb)
2816 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2817 struct hci_conn *conn;
2819 BT_DBG("%s", hdev->name);
2823 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2827 if (ev->page < HCI_MAX_PAGES)
2828 memcpy(conn->features[ev->page], ev->features, 8);
2830 if (!ev->status && ev->page == 0x01) {
2831 struct inquiry_entry *ie;
2833 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2835 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2837 if (ev->features[0] & LMP_HOST_SSP) {
2838 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2840 /* It is mandatory by the Bluetooth specification that
2841 * Extended Inquiry Results are only used when Secure
2842 * Simple Pairing is enabled, but some devices violate
2845 * To make these devices work, the internal SSP
2846 * enabled flag needs to be cleared if the remote host
2847 * features do not indicate SSP support */
2848 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2852 if (conn->state != BT_CONFIG)
2855 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2856 struct hci_cp_remote_name_req cp;
2857 memset(&cp, 0, sizeof(cp));
2858 bacpy(&cp.bdaddr, &conn->dst);
2859 cp.pscan_rep_mode = 0x02;
2860 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2861 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2862 mgmt_device_connected(hdev, &conn->dst, conn->type,
2863 conn->dst_type, 0, NULL, 0,
2866 if (!hci_outgoing_auth_needed(hdev, conn)) {
2867 conn->state = BT_CONNECTED;
2868 hci_proto_connect_cfm(conn, ev->status);
2869 hci_conn_drop(conn);
2873 hci_dev_unlock(hdev);
2876 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2877 struct sk_buff *skb)
2879 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2880 struct hci_conn *conn;
2882 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2886 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2888 if (ev->link_type == ESCO_LINK)
2891 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2895 conn->type = SCO_LINK;
2898 switch (ev->status) {
2900 conn->handle = __le16_to_cpu(ev->handle);
2901 conn->state = BT_CONNECTED;
2903 hci_conn_add_sysfs(conn);
2906 case 0x0d: /* Connection Rejected due to Limited Resources */
2907 case 0x11: /* Unsupported Feature or Parameter Value */
2908 case 0x1c: /* SCO interval rejected */
2909 case 0x1a: /* Unsupported Remote Feature */
2910 case 0x1f: /* Unspecified error */
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK);
2914 if (hci_setup_sync(conn, conn->link->handle))
2920 conn->state = BT_CLOSED;
2924 hci_proto_connect_cfm(conn, ev->status);
2929 hci_dev_unlock(hdev);
2932 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
2933 struct sk_buff *skb)
2935 struct inquiry_data data;
2936 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2937 int num_rsp = *((__u8 *) skb->data);
2940 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2945 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2950 for (; num_rsp; num_rsp--, info++) {
2951 bool name_known, ssp;
2953 bacpy(&data.bdaddr, &info->bdaddr);
2954 data.pscan_rep_mode = info->pscan_rep_mode;
2955 data.pscan_period_mode = info->pscan_period_mode;
2956 data.pscan_mode = 0x00;
2957 memcpy(data.dev_class, info->dev_class, 3);
2958 data.clock_offset = info->clock_offset;
2959 data.rssi = info->rssi;
2960 data.ssp_mode = 0x01;
2962 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2963 name_known = eir_has_data_type(info->data,
2969 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2971 eir_len = eir_get_length(info->data, sizeof(info->data));
2972 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2973 info->dev_class, info->rssi, !name_known,
2974 ssp, info->data, eir_len);
2977 hci_dev_unlock(hdev);
2980 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
2981 struct sk_buff *skb)
2983 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2986 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
2987 __le16_to_cpu(ev->handle));
2991 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2996 conn->sec_level = conn->pending_sec_level;
2998 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3000 if (ev->status && conn->state == BT_CONNECTED) {
3001 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3002 hci_conn_drop(conn);
3006 if (conn->state == BT_CONFIG) {
3008 conn->state = BT_CONNECTED;
3010 hci_proto_connect_cfm(conn, ev->status);
3011 hci_conn_drop(conn);
3013 hci_auth_cfm(conn, ev->status);
3015 hci_conn_hold(conn);
3016 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3017 hci_conn_drop(conn);
3021 hci_dev_unlock(hdev);
3024 static u8 hci_get_auth_req(struct hci_conn *conn)
3026 /* If remote requests dedicated bonding follow that lead */
3027 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3028 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3029 /* If both remote and local IO capabilities allow MITM
3030 * protection then require it, otherwise don't */
3031 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3032 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3033 return HCI_AT_DEDICATED_BONDING;
3035 return HCI_AT_DEDICATED_BONDING_MITM;
3038 /* If remote requests no-bonding follow that lead */
3039 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3040 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3041 return conn->remote_auth | (conn->auth_type & 0x01);
3043 return conn->auth_type;
3046 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3048 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3049 struct hci_conn *conn;
3051 BT_DBG("%s", hdev->name);
3055 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3059 hci_conn_hold(conn);
3061 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3064 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3065 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3066 struct hci_cp_io_capability_reply cp;
3068 bacpy(&cp.bdaddr, &ev->bdaddr);
3069 /* Change the IO capability from KeyboardDisplay
3070 * to DisplayYesNo as it is not supported by BT spec. */
3071 cp.capability = (conn->io_capability == 0x04) ?
3072 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3073 conn->auth_type = hci_get_auth_req(conn);
3074 cp.authentication = conn->auth_type;
3076 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3077 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3082 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3085 struct hci_cp_io_capability_neg_reply cp;
3087 bacpy(&cp.bdaddr, &ev->bdaddr);
3088 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3090 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3095 hci_dev_unlock(hdev);
3098 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3100 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3101 struct hci_conn *conn;
3103 BT_DBG("%s", hdev->name);
3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3111 conn->remote_cap = ev->capability;
3112 conn->remote_auth = ev->authentication;
3114 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3117 hci_dev_unlock(hdev);
3120 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3121 struct sk_buff *skb)
3123 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3124 int loc_mitm, rem_mitm, confirm_hint = 0;
3125 struct hci_conn *conn;
3127 BT_DBG("%s", hdev->name);
3131 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3134 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3138 loc_mitm = (conn->auth_type & 0x01);
3139 rem_mitm = (conn->remote_auth & 0x01);
3141 /* If we require MITM but the remote device can't provide that
3142 * (it has NoInputNoOutput) then reject the confirmation
3143 * request. The only exception is when we're dedicated bonding
3144 * initiators (connect_cfm_cb set) since then we always have the MITM
3146 if (!conn->connect_cfm_cb && loc_mitm &&
3147 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3148 BT_DBG("Rejecting request: remote device can't provide MITM");
3149 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3150 sizeof(ev->bdaddr), &ev->bdaddr);
3154 /* If no side requires MITM protection; auto-accept */
3155 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3156 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3158 /* If we're not the initiators request authorization to
3159 * proceed from user space (mgmt_user_confirm with
3160 * confirm_hint set to 1). */
3161 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3162 BT_DBG("Confirming auto-accept as acceptor");
3167 BT_DBG("Auto-accept of user confirmation with %ums delay",
3168 hdev->auto_accept_delay);
3170 if (hdev->auto_accept_delay > 0) {
3171 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3172 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3176 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3177 sizeof(ev->bdaddr), &ev->bdaddr);
3182 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3186 hci_dev_unlock(hdev);
3189 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3190 struct sk_buff *skb)
3192 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3194 BT_DBG("%s", hdev->name);
3196 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3197 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3200 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3201 struct sk_buff *skb)
3203 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3204 struct hci_conn *conn;
3206 BT_DBG("%s", hdev->name);
3208 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3212 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3213 conn->passkey_entered = 0;
3215 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3216 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3217 conn->dst_type, conn->passkey_notify,
3218 conn->passkey_entered);
3221 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3223 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3224 struct hci_conn *conn;
3226 BT_DBG("%s", hdev->name);
3228 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3233 case HCI_KEYPRESS_STARTED:
3234 conn->passkey_entered = 0;
3237 case HCI_KEYPRESS_ENTERED:
3238 conn->passkey_entered++;
3241 case HCI_KEYPRESS_ERASED:
3242 conn->passkey_entered--;
3245 case HCI_KEYPRESS_CLEARED:
3246 conn->passkey_entered = 0;
3249 case HCI_KEYPRESS_COMPLETED:
3253 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3254 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3255 conn->dst_type, conn->passkey_notify,
3256 conn->passkey_entered);
3259 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3260 struct sk_buff *skb)
3262 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3263 struct hci_conn *conn;
3265 BT_DBG("%s", hdev->name);
3269 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3273 /* To avoid duplicate auth_failed events to user space we check
3274 * the HCI_CONN_AUTH_PEND flag which will be set if we
3275 * initiated the authentication. A traditional auth_complete
3276 * event gets always produced as initiator and is also mapped to
3277 * the mgmt_auth_failed event */
3278 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3279 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3282 hci_conn_drop(conn);
3285 hci_dev_unlock(hdev);
3288 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3289 struct sk_buff *skb)
3291 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3292 struct inquiry_entry *ie;
3293 struct hci_conn *conn;
3295 BT_DBG("%s", hdev->name);
3299 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3301 memcpy(conn->features[1], ev->features, 8);
3303 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3305 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3307 hci_dev_unlock(hdev);
3310 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3311 struct sk_buff *skb)
3313 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3314 struct oob_data *data;
3316 BT_DBG("%s", hdev->name);
3320 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3323 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3325 struct hci_cp_remote_oob_data_reply cp;
3327 bacpy(&cp.bdaddr, &ev->bdaddr);
3328 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3329 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3331 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3334 struct hci_cp_remote_oob_data_neg_reply cp;
3336 bacpy(&cp.bdaddr, &ev->bdaddr);
3337 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3342 hci_dev_unlock(hdev);
3345 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3346 struct sk_buff *skb)
3348 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3349 struct hci_conn *hcon, *bredr_hcon;
3351 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3356 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3358 hci_dev_unlock(hdev);
3364 hci_dev_unlock(hdev);
3368 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3370 hcon->state = BT_CONNECTED;
3371 bacpy(&hcon->dst, &bredr_hcon->dst);
3373 hci_conn_hold(hcon);
3374 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3375 hci_conn_drop(hcon);
3377 hci_conn_add_sysfs(hcon);
3379 amp_physical_cfm(bredr_hcon, hcon);
3381 hci_dev_unlock(hdev);
3384 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3386 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3387 struct hci_conn *hcon;
3388 struct hci_chan *hchan;
3389 struct amp_mgr *mgr;
3391 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3392 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3395 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3399 /* Create AMP hchan */
3400 hchan = hci_chan_create(hcon);
3404 hchan->handle = le16_to_cpu(ev->handle);
3406 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3408 mgr = hcon->amp_mgr;
3409 if (mgr && mgr->bredr_chan) {
3410 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3412 l2cap_chan_lock(bredr_chan);
3414 bredr_chan->conn->mtu = hdev->block_mtu;
3415 l2cap_logical_cfm(bredr_chan, hchan, 0);
3416 hci_conn_hold(hcon);
3418 l2cap_chan_unlock(bredr_chan);
3422 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3423 struct sk_buff *skb)
3425 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3426 struct hci_chan *hchan;
3428 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3429 le16_to_cpu(ev->handle), ev->status);
3436 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3440 amp_destroy_logical_link(hchan, ev->reason);
3443 hci_dev_unlock(hdev);
3446 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3447 struct sk_buff *skb)
3449 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3450 struct hci_conn *hcon;
3452 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3459 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3461 hcon->state = BT_CLOSED;
3465 hci_dev_unlock(hdev);
3468 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3470 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3471 struct hci_conn *conn;
3473 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3477 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3479 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3481 BT_ERR("No memory for new connection");
3485 conn->dst_type = ev->bdaddr_type;
3487 if (ev->role == LE_CONN_ROLE_MASTER) {
3489 conn->link_mode |= HCI_LM_MASTER;
3494 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3495 conn->dst_type, ev->status);
3496 hci_proto_connect_cfm(conn, ev->status);
3497 conn->state = BT_CLOSED;
3502 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3503 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3504 conn->dst_type, 0, NULL, 0, NULL);
3506 conn->sec_level = BT_SECURITY_LOW;
3507 conn->handle = __le16_to_cpu(ev->handle);
3508 conn->state = BT_CONNECTED;
3510 hci_conn_add_sysfs(conn);
3512 hci_proto_connect_cfm(conn, ev->status);
3515 hci_dev_unlock(hdev);
3518 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3520 u8 num_reports = skb->data[0];
3521 void *ptr = &skb->data[1];
3524 while (num_reports--) {
3525 struct hci_ev_le_advertising_info *ev = ptr;
3527 rssi = ev->data[ev->length];
3528 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3529 NULL, rssi, 0, 1, ev->data, ev->length);
3531 ptr += sizeof(*ev) + ev->length + 1;
3535 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3537 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3538 struct hci_cp_le_ltk_reply cp;
3539 struct hci_cp_le_ltk_neg_reply neg;
3540 struct hci_conn *conn;
3541 struct smp_ltk *ltk;
3543 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3547 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3551 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3555 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3556 cp.handle = cpu_to_le16(conn->handle);
3558 if (ltk->authenticated)
3559 conn->sec_level = BT_SECURITY_HIGH;
3561 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3563 if (ltk->type & HCI_SMP_STK) {
3564 list_del(<k->list);
3568 hci_dev_unlock(hdev);
3573 neg.handle = ev->handle;
3574 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3575 hci_dev_unlock(hdev);
3578 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3580 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3582 skb_pull(skb, sizeof(*le_ev));
3584 switch (le_ev->subevent) {
3585 case HCI_EV_LE_CONN_COMPLETE:
3586 hci_le_conn_complete_evt(hdev, skb);
3589 case HCI_EV_LE_ADVERTISING_REPORT:
3590 hci_le_adv_report_evt(hdev, skb);
3593 case HCI_EV_LE_LTK_REQ:
3594 hci_le_ltk_request_evt(hdev, skb);
3602 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3604 struct hci_ev_channel_selected *ev = (void *) skb->data;
3605 struct hci_conn *hcon;
3607 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3609 skb_pull(skb, sizeof(*ev));
3611 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3615 amp_read_loc_assoc_final_data(hdev, hcon);
3618 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3620 struct hci_event_hdr *hdr = (void *) skb->data;
3621 __u8 event = hdr->evt;
3625 /* Received events are (currently) only needed when a request is
3626 * ongoing so avoid unnecessary memory allocation.
3628 if (hdev->req_status == HCI_REQ_PEND) {
3629 kfree_skb(hdev->recv_evt);
3630 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3633 hci_dev_unlock(hdev);
3635 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3637 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3638 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3639 u16 opcode = __le16_to_cpu(hdr->opcode);
3641 hci_req_cmd_complete(hdev, opcode, 0);
3645 case HCI_EV_INQUIRY_COMPLETE:
3646 hci_inquiry_complete_evt(hdev, skb);
3649 case HCI_EV_INQUIRY_RESULT:
3650 hci_inquiry_result_evt(hdev, skb);
3653 case HCI_EV_CONN_COMPLETE:
3654 hci_conn_complete_evt(hdev, skb);
3657 case HCI_EV_CONN_REQUEST:
3658 hci_conn_request_evt(hdev, skb);
3661 case HCI_EV_DISCONN_COMPLETE:
3662 hci_disconn_complete_evt(hdev, skb);
3665 case HCI_EV_AUTH_COMPLETE:
3666 hci_auth_complete_evt(hdev, skb);
3669 case HCI_EV_REMOTE_NAME:
3670 hci_remote_name_evt(hdev, skb);
3673 case HCI_EV_ENCRYPT_CHANGE:
3674 hci_encrypt_change_evt(hdev, skb);
3677 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3678 hci_change_link_key_complete_evt(hdev, skb);
3681 case HCI_EV_REMOTE_FEATURES:
3682 hci_remote_features_evt(hdev, skb);
3685 case HCI_EV_CMD_COMPLETE:
3686 hci_cmd_complete_evt(hdev, skb);
3689 case HCI_EV_CMD_STATUS:
3690 hci_cmd_status_evt(hdev, skb);
3693 case HCI_EV_ROLE_CHANGE:
3694 hci_role_change_evt(hdev, skb);
3697 case HCI_EV_NUM_COMP_PKTS:
3698 hci_num_comp_pkts_evt(hdev, skb);
3701 case HCI_EV_MODE_CHANGE:
3702 hci_mode_change_evt(hdev, skb);
3705 case HCI_EV_PIN_CODE_REQ:
3706 hci_pin_code_request_evt(hdev, skb);
3709 case HCI_EV_LINK_KEY_REQ:
3710 hci_link_key_request_evt(hdev, skb);
3713 case HCI_EV_LINK_KEY_NOTIFY:
3714 hci_link_key_notify_evt(hdev, skb);
3717 case HCI_EV_CLOCK_OFFSET:
3718 hci_clock_offset_evt(hdev, skb);
3721 case HCI_EV_PKT_TYPE_CHANGE:
3722 hci_pkt_type_change_evt(hdev, skb);
3725 case HCI_EV_PSCAN_REP_MODE:
3726 hci_pscan_rep_mode_evt(hdev, skb);
3729 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3730 hci_inquiry_result_with_rssi_evt(hdev, skb);
3733 case HCI_EV_REMOTE_EXT_FEATURES:
3734 hci_remote_ext_features_evt(hdev, skb);
3737 case HCI_EV_SYNC_CONN_COMPLETE:
3738 hci_sync_conn_complete_evt(hdev, skb);
3741 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3742 hci_extended_inquiry_result_evt(hdev, skb);
3745 case HCI_EV_KEY_REFRESH_COMPLETE:
3746 hci_key_refresh_complete_evt(hdev, skb);
3749 case HCI_EV_IO_CAPA_REQUEST:
3750 hci_io_capa_request_evt(hdev, skb);
3753 case HCI_EV_IO_CAPA_REPLY:
3754 hci_io_capa_reply_evt(hdev, skb);
3757 case HCI_EV_USER_CONFIRM_REQUEST:
3758 hci_user_confirm_request_evt(hdev, skb);
3761 case HCI_EV_USER_PASSKEY_REQUEST:
3762 hci_user_passkey_request_evt(hdev, skb);
3765 case HCI_EV_USER_PASSKEY_NOTIFY:
3766 hci_user_passkey_notify_evt(hdev, skb);
3769 case HCI_EV_KEYPRESS_NOTIFY:
3770 hci_keypress_notify_evt(hdev, skb);
3773 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3774 hci_simple_pair_complete_evt(hdev, skb);
3777 case HCI_EV_REMOTE_HOST_FEATURES:
3778 hci_remote_host_features_evt(hdev, skb);
3781 case HCI_EV_LE_META:
3782 hci_le_meta_evt(hdev, skb);
3785 case HCI_EV_CHANNEL_SELECTED:
3786 hci_chan_selected_evt(hdev, skb);
3789 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3790 hci_remote_oob_data_request_evt(hdev, skb);
3793 case HCI_EV_PHY_LINK_COMPLETE:
3794 hci_phy_link_complete_evt(hdev, skb);
3797 case HCI_EV_LOGICAL_LINK_COMPLETE:
3798 hci_loglink_complete_evt(hdev, skb);
3801 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
3802 hci_disconn_loglink_complete_evt(hdev, skb);
3805 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
3806 hci_disconn_phylink_complete_evt(hdev, skb);
3809 case HCI_EV_NUM_COMP_BLOCKS:
3810 hci_num_comp_blocks_evt(hdev, skb);
3814 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3819 hdev->stat.evt_rx++;
projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blob