2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #include "hci_request.h"
34 #include "hci_debugfs.h"
39 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
40 "\x00\x00\x00\x00\x00\x00\x00\x00"
42 /* Handle HCI Event packets */
44 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
46 __u8 status = *((__u8 *) skb->data);
48 BT_DBG("%s status 0x%2.2x", hdev->name, status);
53 clear_bit(HCI_INQUIRY, &hdev->flags);
54 #ifdef CONFIG_TIZEN_WIP
55 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
57 /* In latest kernel, smp_mb__after_clear_bit is replaced with
58 * smp_mb__after_atomic. So, if kernel is migrated to latest,
59 * then below code should be enabled
61 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
63 wake_up_bit(&hdev->flags, HCI_INQUIRY);
66 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
69 hci_conn_check_pending(hdev);
72 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 __u8 status = *((__u8 *) skb->data);
76 BT_DBG("%s status 0x%2.2x", hdev->name, status);
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86 __u8 status = *((__u8 *) skb->data);
88 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
95 hci_conn_check_pending(hdev);
98 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
101 BT_DBG("%s", hdev->name);
104 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
106 struct hci_rp_role_discovery *rp = (void *) skb->data;
107 struct hci_conn *conn;
109 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
118 conn->role = rp->role;
120 hci_dev_unlock(hdev);
123 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
125 struct hci_rp_read_link_policy *rp = (void *) skb->data;
126 struct hci_conn *conn;
128 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
135 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
137 conn->link_policy = __le16_to_cpu(rp->policy);
139 hci_dev_unlock(hdev);
142 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
144 struct hci_rp_write_link_policy *rp = (void *) skb->data;
145 #ifdef CONFIG_TIZEN_WIP
146 struct hci_cp_write_link_policy cp;
147 struct hci_conn *sco_conn;
149 struct hci_conn *conn;
152 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
165 conn->link_policy = get_unaligned_le16(sent + 2);
166 #ifdef CONFIG_TIZEN_WIP
167 sco_conn = hci_conn_hash_lookup_sco(hdev);
168 if (sco_conn && conn && bacmp(&sco_conn->dst, &conn->dst) == 0 &&
169 conn->link_policy & HCI_LP_SNIFF) {
170 BT_ERR("SNIFF is not allowed during sco connection");
171 cp.handle = __cpu_to_le16(conn->handle);
172 cp.policy = __cpu_to_le16(conn->link_policy & ~HCI_LP_SNIFF);
173 hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
177 hci_dev_unlock(hdev);
180 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
183 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
190 hdev->link_policy = __le16_to_cpu(rp->policy);
193 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
196 __u8 status = *((__u8 *) skb->data);
199 BT_DBG("%s status 0x%2.2x", hdev->name, status);
204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
208 hdev->link_policy = get_unaligned_le16(sent);
211 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
213 __u8 status = *((__u8 *) skb->data);
215 BT_DBG("%s status 0x%2.2x", hdev->name, status);
217 clear_bit(HCI_RESET, &hdev->flags);
222 /* Reset all non-persistent flags */
223 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
225 hdev->discovery.state = DISCOVERY_STOPPED;
226 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
227 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
229 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
230 hdev->adv_data_len = 0;
232 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
233 hdev->scan_rsp_data_len = 0;
235 hdev->le_scan_type = LE_SCAN_PASSIVE;
237 hdev->ssp_debug_mode = 0;
239 hci_bdaddr_list_clear(&hdev->le_white_list);
242 static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
245 struct hci_rp_read_stored_link_key *rp = (void *)skb->data;
246 struct hci_cp_read_stored_link_key *sent;
248 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
250 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_STORED_LINK_KEY);
254 if (!rp->status && sent->read_all == 0x01) {
255 hdev->stored_max_keys = rp->max_keys;
256 hdev->stored_num_keys = rp->num_keys;
260 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
263 struct hci_rp_delete_stored_link_key *rp = (void *)skb->data;
265 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
270 if (rp->num_keys <= hdev->stored_num_keys)
271 hdev->stored_num_keys -= rp->num_keys;
273 hdev->stored_num_keys = 0;
276 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
278 __u8 status = *((__u8 *) skb->data);
281 BT_DBG("%s status 0x%2.2x", hdev->name, status);
283 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
289 if (test_bit(HCI_MGMT, &hdev->dev_flags))
290 mgmt_set_local_name_complete(hdev, sent, status);
292 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
294 hci_dev_unlock(hdev);
297 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
299 struct hci_rp_read_local_name *rp = (void *) skb->data;
301 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
306 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
307 test_bit(HCI_CONFIG, &hdev->dev_flags))
308 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
311 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
313 __u8 status = *((__u8 *) skb->data);
316 BT_DBG("%s status 0x%2.2x", hdev->name, status);
318 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
325 __u8 param = *((__u8 *) sent);
327 if (param == AUTH_ENABLED)
328 set_bit(HCI_AUTH, &hdev->flags);
330 clear_bit(HCI_AUTH, &hdev->flags);
333 if (test_bit(HCI_MGMT, &hdev->dev_flags))
334 mgmt_auth_enable_complete(hdev, status);
336 hci_dev_unlock(hdev);
339 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
341 __u8 status = *((__u8 *) skb->data);
345 BT_DBG("%s status 0x%2.2x", hdev->name, status);
350 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
354 param = *((__u8 *) sent);
357 set_bit(HCI_ENCRYPT, &hdev->flags);
359 clear_bit(HCI_ENCRYPT, &hdev->flags);
362 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
364 __u8 status = *((__u8 *) skb->data);
368 BT_DBG("%s status 0x%2.2x", hdev->name, status);
370 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
374 param = *((__u8 *) sent);
379 hdev->discov_timeout = 0;
383 if (param & SCAN_INQUIRY)
384 set_bit(HCI_ISCAN, &hdev->flags);
386 clear_bit(HCI_ISCAN, &hdev->flags);
388 if (param & SCAN_PAGE)
389 set_bit(HCI_PSCAN, &hdev->flags);
391 clear_bit(HCI_PSCAN, &hdev->flags);
394 hci_dev_unlock(hdev);
397 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
399 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
401 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
406 memcpy(hdev->dev_class, rp->dev_class, 3);
408 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
409 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
412 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
414 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%2.2x", hdev->name, status);
419 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
426 memcpy(hdev->dev_class, sent, 3);
428 if (test_bit(HCI_MGMT, &hdev->dev_flags))
429 mgmt_set_class_of_dev_complete(hdev, sent, status);
431 hci_dev_unlock(hdev);
434 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
436 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
439 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
444 setting = __le16_to_cpu(rp->voice_setting);
446 if (hdev->voice_setting == setting)
449 hdev->voice_setting = setting;
451 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
454 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
457 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
460 __u8 status = *((__u8 *) skb->data);
464 BT_DBG("%s status 0x%2.2x", hdev->name, status);
469 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
473 setting = get_unaligned_le16(sent);
475 if (hdev->voice_setting == setting)
478 hdev->voice_setting = setting;
480 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
483 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
486 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
489 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
491 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
496 hdev->num_iac = rp->num_iac;
498 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
501 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
503 __u8 status = *((__u8 *) skb->data);
504 struct hci_cp_write_ssp_mode *sent;
506 BT_DBG("%s status 0x%2.2x", hdev->name, status);
508 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
516 hdev->features[1][0] |= LMP_HOST_SSP;
518 hdev->features[1][0] &= ~LMP_HOST_SSP;
521 if (test_bit(HCI_MGMT, &hdev->dev_flags))
522 mgmt_ssp_enable_complete(hdev, sent->mode, status);
525 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
527 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
530 hci_dev_unlock(hdev);
533 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
535 u8 status = *((u8 *) skb->data);
536 struct hci_cp_write_sc_support *sent;
538 BT_DBG("%s status 0x%2.2x", hdev->name, status);
540 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
548 hdev->features[1][0] |= LMP_HOST_SC;
550 hdev->features[1][0] &= ~LMP_HOST_SC;
553 if (!test_bit(HCI_MGMT, &hdev->dev_flags) && !status) {
555 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
557 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
560 hci_dev_unlock(hdev);
563 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
565 struct hci_rp_read_local_version *rp = (void *) skb->data;
567 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
572 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
573 test_bit(HCI_CONFIG, &hdev->dev_flags)) {
574 hdev->hci_ver = rp->hci_ver;
575 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
576 hdev->lmp_ver = rp->lmp_ver;
577 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
578 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
582 static void hci_cc_read_local_commands(struct hci_dev *hdev,
585 struct hci_rp_read_local_commands *rp = (void *) skb->data;
587 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
592 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
593 test_bit(HCI_CONFIG, &hdev->dev_flags))
594 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
597 static void hci_cc_read_local_features(struct hci_dev *hdev,
600 struct hci_rp_read_local_features *rp = (void *) skb->data;
602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
607 memcpy(hdev->features, rp->features, 8);
609 /* Adjust default settings according to features
610 * supported by device. */
612 if (hdev->features[0][0] & LMP_3SLOT)
613 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
615 if (hdev->features[0][0] & LMP_5SLOT)
616 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
618 if (hdev->features[0][1] & LMP_HV2) {
619 hdev->pkt_type |= (HCI_HV2);
620 hdev->esco_type |= (ESCO_HV2);
623 if (hdev->features[0][1] & LMP_HV3) {
624 hdev->pkt_type |= (HCI_HV3);
625 hdev->esco_type |= (ESCO_HV3);
628 if (lmp_esco_capable(hdev))
629 hdev->esco_type |= (ESCO_EV3);
631 if (hdev->features[0][4] & LMP_EV4)
632 hdev->esco_type |= (ESCO_EV4);
634 if (hdev->features[0][4] & LMP_EV5)
635 hdev->esco_type |= (ESCO_EV5);
637 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
638 hdev->esco_type |= (ESCO_2EV3);
640 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
641 hdev->esco_type |= (ESCO_3EV3);
643 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
644 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
647 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
650 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
652 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
657 if (hdev->max_page < rp->max_page)
658 hdev->max_page = rp->max_page;
660 if (rp->page < HCI_MAX_PAGES)
661 memcpy(hdev->features[rp->page], rp->features, 8);
664 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
667 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
669 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
674 hdev->flow_ctl_mode = rp->mode;
677 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
679 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
686 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
687 hdev->sco_mtu = rp->sco_mtu;
688 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
689 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
691 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
696 hdev->acl_cnt = hdev->acl_pkts;
697 hdev->sco_cnt = hdev->sco_pkts;
699 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
700 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
703 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
705 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
707 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712 if (test_bit(HCI_INIT, &hdev->flags))
713 bacpy(&hdev->bdaddr, &rp->bdaddr);
715 if (test_bit(HCI_SETUP, &hdev->dev_flags))
716 bacpy(&hdev->setup_addr, &rp->bdaddr);
719 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
722 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
729 if (test_bit(HCI_INIT, &hdev->flags)) {
730 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
731 hdev->page_scan_window = __le16_to_cpu(rp->window);
735 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
738 u8 status = *((u8 *) skb->data);
739 struct hci_cp_write_page_scan_activity *sent;
741 BT_DBG("%s status 0x%2.2x", hdev->name, status);
746 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
750 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
751 hdev->page_scan_window = __le16_to_cpu(sent->window);
754 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
757 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
759 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
764 if (test_bit(HCI_INIT, &hdev->flags))
765 hdev->page_scan_type = rp->type;
768 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
771 u8 status = *((u8 *) skb->data);
774 BT_DBG("%s status 0x%2.2x", hdev->name, status);
779 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
781 hdev->page_scan_type = *type;
784 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
787 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
789 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
794 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
795 hdev->block_len = __le16_to_cpu(rp->block_len);
796 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
798 hdev->block_cnt = hdev->num_blocks;
800 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
801 hdev->block_cnt, hdev->block_len);
804 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
806 struct hci_rp_read_clock *rp = (void *) skb->data;
807 struct hci_cp_read_clock *cp;
808 struct hci_conn *conn;
810 BT_DBG("%s", hdev->name);
812 if (skb->len < sizeof(*rp))
820 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
824 if (cp->which == 0x00) {
825 hdev->clock = le32_to_cpu(rp->clock);
829 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
831 conn->clock = le32_to_cpu(rp->clock);
832 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
836 hci_dev_unlock(hdev);
839 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
842 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
849 hdev->amp_status = rp->amp_status;
850 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
851 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
852 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
853 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
854 hdev->amp_type = rp->amp_type;
855 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
856 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
857 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
858 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 a2mp_send_getinfo_rsp(hdev);
864 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
867 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
868 struct amp_assoc *assoc = &hdev->loc_assoc;
869 size_t rem_len, frag_len;
871 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
876 frag_len = skb->len - sizeof(*rp);
877 rem_len = __le16_to_cpu(rp->rem_len);
879 if (rem_len > frag_len) {
880 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
882 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
883 assoc->offset += frag_len;
885 /* Read other fragments */
886 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
891 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
892 assoc->len = assoc->offset + rem_len;
896 /* Send A2MP Rsp when all fragments are received */
897 a2mp_send_getampassoc_rsp(hdev, rp->status);
898 a2mp_send_create_phy_link_req(hdev, rp->status);
901 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
904 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
906 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
911 hdev->inq_tx_power = rp->tx_power;
914 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
916 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
917 struct hci_cp_pin_code_reply *cp;
918 struct hci_conn *conn;
920 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
924 if (test_bit(HCI_MGMT, &hdev->dev_flags))
925 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
930 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
934 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
936 conn->pin_length = cp->pin_len;
939 hci_dev_unlock(hdev);
942 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950 if (test_bit(HCI_MGMT, &hdev->dev_flags))
951 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
954 hci_dev_unlock(hdev);
957 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
967 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
968 hdev->le_pkts = rp->le_max_pkt;
970 hdev->le_cnt = hdev->le_pkts;
972 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
975 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
978 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
980 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 memcpy(hdev->le_features, rp->features, 8);
988 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
991 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
993 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
998 hdev->adv_tx_power = rp->tx_power;
1001 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1003 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1005 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1010 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1013 hci_dev_unlock(hdev);
1016 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1017 struct sk_buff *skb)
1019 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1021 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1025 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1026 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1027 ACL_LINK, 0, rp->status);
1029 hci_dev_unlock(hdev);
1032 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1034 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1036 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1040 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1041 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1044 hci_dev_unlock(hdev);
1047 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1048 struct sk_buff *skb)
1050 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1052 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1056 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1057 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1058 ACL_LINK, 0, rp->status);
1060 hci_dev_unlock(hdev);
1063 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
1064 struct sk_buff *skb)
1066 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1068 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1071 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1073 hci_dev_unlock(hdev);
1076 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
1077 struct sk_buff *skb)
1079 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1081 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1084 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1085 rp->hash256, rp->rand256,
1087 hci_dev_unlock(hdev);
1091 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1093 __u8 status = *((__u8 *) skb->data);
1096 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1101 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1107 bacpy(&hdev->random_addr, sent);
1109 hci_dev_unlock(hdev);
1112 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1114 __u8 *sent, status = *((__u8 *) skb->data);
1116 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1121 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1127 /* If we're doing connection initiation as peripheral. Set a
1128 * timeout in case something goes wrong.
1131 struct hci_conn *conn;
1133 set_bit(HCI_LE_ADV, &hdev->dev_flags);
1135 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1137 queue_delayed_work(hdev->workqueue,
1138 &conn->le_conn_timeout,
1139 conn->conn_timeout);
1141 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1144 hci_dev_unlock(hdev);
1147 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1149 struct hci_cp_le_set_scan_param *cp;
1150 __u8 status = *((__u8 *) skb->data);
1152 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1163 hdev->le_scan_type = cp->type;
1165 hci_dev_unlock(hdev);
1168 static bool has_pending_adv_report(struct hci_dev *hdev)
1170 struct discovery_state *d = &hdev->discovery;
1172 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1175 static void clear_pending_adv_report(struct hci_dev *hdev)
1177 struct discovery_state *d = &hdev->discovery;
1179 bacpy(&d->last_adv_addr, BDADDR_ANY);
1180 d->last_adv_data_len = 0;
1183 #ifndef CONFIG_TIZEN_WIP
1184 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1185 u8 bdaddr_type, s8 rssi, u32 flags,
1188 struct discovery_state *d = &hdev->discovery;
1190 bacpy(&d->last_adv_addr, bdaddr);
1191 d->last_adv_addr_type = bdaddr_type;
1192 d->last_adv_rssi = rssi;
1193 d->last_adv_flags = flags;
1194 memcpy(d->last_adv_data, data, len);
1195 d->last_adv_data_len = len;
1199 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1200 struct sk_buff *skb)
1202 struct hci_cp_le_set_scan_enable *cp;
1203 __u8 status = *((__u8 *) skb->data);
1205 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1210 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1216 switch (cp->enable) {
1217 case LE_SCAN_ENABLE:
1218 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1219 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1220 clear_pending_adv_report(hdev);
1223 case LE_SCAN_DISABLE:
1224 /* We do this here instead of when setting DISCOVERY_STOPPED
1225 * since the latter would potentially require waiting for
1226 * inquiry to stop too.
1228 if (has_pending_adv_report(hdev)) {
1229 struct discovery_state *d = &hdev->discovery;
1231 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1232 d->last_adv_addr_type, NULL,
1233 d->last_adv_rssi, d->last_adv_flags,
1235 d->last_adv_data_len, NULL, 0);
1238 /* Cancel this timer so that we don't try to disable scanning
1239 * when it's already disabled.
1241 cancel_delayed_work(&hdev->le_scan_disable);
1243 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1245 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1246 * interrupted scanning due to a connect request. Mark
1247 * therefore discovery as stopped. If this was not
1248 * because of a connect request advertising might have
1249 * been disabled because of active scanning, so
1250 * re-enable it again if necessary.
1252 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1254 #ifndef CONFIG_TIZEN_WIP /* The below line is kernel bug. */
1255 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1257 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
1259 else if (!test_bit(HCI_LE_ADV, &hdev->dev_flags) &&
1260 hdev->discovery.state == DISCOVERY_FINDING)
1261 mgmt_reenable_advertising(hdev);
1266 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1270 hci_dev_unlock(hdev);
1273 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1274 struct sk_buff *skb)
1276 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1278 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1283 hdev->le_white_list_size = rp->size;
1286 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1287 struct sk_buff *skb)
1289 __u8 status = *((__u8 *) skb->data);
1291 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1296 hci_bdaddr_list_clear(&hdev->le_white_list);
1299 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1300 struct sk_buff *skb)
1302 struct hci_cp_le_add_to_white_list *sent;
1303 __u8 status = *((__u8 *) skb->data);
1305 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1310 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1314 hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
1318 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1319 struct sk_buff *skb)
1321 struct hci_cp_le_del_from_white_list *sent;
1322 __u8 status = *((__u8 *) skb->data);
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1329 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1333 hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
1337 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1338 struct sk_buff *skb)
1340 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1347 memcpy(hdev->le_states, rp->le_states, 8);
1350 static void hci_cc_le_read_def_data_len(struct hci_dev *hdev,
1351 struct sk_buff *skb)
1353 struct hci_rp_le_read_def_data_len *rp = (void *) skb->data;
1355 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1360 hdev->le_def_tx_len = le16_to_cpu(rp->tx_len);
1361 hdev->le_def_tx_time = le16_to_cpu(rp->tx_time);
1364 static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1365 struct sk_buff *skb)
1367 struct hci_cp_le_write_def_data_len *sent;
1368 __u8 status = *((__u8 *) skb->data);
1370 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1375 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_WRITE_DEF_DATA_LEN);
1379 hdev->le_def_tx_len = le16_to_cpu(sent->tx_len);
1380 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1383 static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1384 struct sk_buff *skb)
1386 struct hci_rp_le_read_max_data_len *rp = (void *) skb->data;
1388 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1393 hdev->le_max_tx_len = le16_to_cpu(rp->tx_len);
1394 hdev->le_max_tx_time = le16_to_cpu(rp->tx_time);
1395 hdev->le_max_rx_len = le16_to_cpu(rp->rx_len);
1396 hdev->le_max_rx_time = le16_to_cpu(rp->rx_time);
1399 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1400 struct sk_buff *skb)
1402 struct hci_cp_write_le_host_supported *sent;
1403 __u8 status = *((__u8 *) skb->data);
1405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1410 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1417 hdev->features[1][0] |= LMP_HOST_LE;
1418 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1420 hdev->features[1][0] &= ~LMP_HOST_LE;
1421 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1422 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1426 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1428 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1430 hci_dev_unlock(hdev);
1433 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1435 struct hci_cp_le_set_adv_param *cp;
1436 u8 status = *((u8 *) skb->data);
1438 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1443 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1448 hdev->adv_addr_type = cp->own_address_type;
1449 hci_dev_unlock(hdev);
1452 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1453 struct sk_buff *skb)
1455 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1457 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1458 hdev->name, rp->status, rp->phy_handle);
1463 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1465 #ifdef CONFIG_TIZEN_WIP
1466 /* BEGIN TIZEN_Bluetooth :: Handle RSSI monitoring */
1467 static void hci_cc_enable_rssi(struct hci_dev *hdev,
1468 struct sk_buff *skb)
1470 struct hci_cc_rsp_enable_rssi *rp = (void *) skb->data;
1472 BT_DBG("hci_cc_enable_rssi - %s status 0x%2.2x Event_LE_ext_Opcode 0x%2.2x",
1473 hdev->name, rp->status, rp->le_ext_opcode);
1475 mgmt_enable_rssi_cc(hdev, rp, rp->status);
1478 static void hci_cc_get_raw_rssi(struct hci_dev *hdev,
1479 struct sk_buff *skb)
1481 struct hci_cc_rp_get_raw_rssi *rp = (void *) skb->data;
1483 BT_DBG("hci_cc_get_raw_rssi- %s Get Raw Rssi Response[%2.2x %4.4x %2.2X]",
1484 hdev->name, rp->status, rp->conn_handle, rp->rssi_dbm);
1486 mgmt_raw_rssi_response(hdev, rp, rp->status);
1488 /* END TIZEN_Bluetooth :: Handle RSSI monitoring */
1490 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1492 struct hci_rp_read_rssi *rp = (void *) skb->data;
1493 struct hci_conn *conn;
1495 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1502 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1504 conn->rssi = rp->rssi;
1506 hci_dev_unlock(hdev);
1509 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1511 struct hci_cp_read_tx_power *sent;
1512 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1513 struct hci_conn *conn;
1515 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1520 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1526 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1530 switch (sent->type) {
1532 conn->tx_power = rp->tx_power;
1535 conn->max_tx_power = rp->tx_power;
1540 hci_dev_unlock(hdev);
1543 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1545 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1548 hci_conn_check_pending(hdev);
1552 set_bit(HCI_INQUIRY, &hdev->flags);
1555 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1557 struct hci_cp_create_conn *cp;
1558 struct hci_conn *conn;
1560 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1562 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1570 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1573 #ifdef CONFIG_TIZEN_WIP
1575 BT_ERR("ACL Connection Already Exists on cs_create_con");
1577 if (conn && conn->state == BT_CONNECT && status != 0x0b) {
1579 if (conn && conn->state == BT_CONNECT) {
1581 if (status != 0x0c || conn->attempt > 2) {
1582 conn->state = BT_CLOSED;
1583 hci_proto_connect_cfm(conn, status);
1586 conn->state = BT_CONNECT2;
1590 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr,
1593 BT_ERR("No memory for new connection");
1597 hci_dev_unlock(hdev);
1600 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1602 struct hci_cp_add_sco *cp;
1603 struct hci_conn *acl, *sco;
1606 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1611 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1615 handle = __le16_to_cpu(cp->handle);
1617 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1621 acl = hci_conn_hash_lookup_handle(hdev, handle);
1625 sco->state = BT_CLOSED;
1627 hci_proto_connect_cfm(sco, status);
1632 hci_dev_unlock(hdev);
1635 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1637 struct hci_cp_auth_requested *cp;
1638 struct hci_conn *conn;
1640 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1645 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1651 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1653 if (conn->state == BT_CONFIG) {
1654 hci_proto_connect_cfm(conn, status);
1655 hci_conn_drop(conn);
1659 hci_dev_unlock(hdev);
1662 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1664 struct hci_cp_set_conn_encrypt *cp;
1665 struct hci_conn *conn;
1667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1672 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1678 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1680 if (conn->state == BT_CONFIG) {
1681 hci_proto_connect_cfm(conn, status);
1682 hci_conn_drop(conn);
1686 hci_dev_unlock(hdev);
1689 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1690 struct hci_conn *conn)
1692 if (conn->state != BT_CONFIG || !conn->out)
1695 if (conn->pending_sec_level == BT_SECURITY_SDP)
1698 /* Only request authentication for SSP connections or non-SSP
1699 * devices with sec_level MEDIUM or HIGH or if MITM protection
1702 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1703 conn->pending_sec_level != BT_SECURITY_FIPS &&
1704 conn->pending_sec_level != BT_SECURITY_HIGH &&
1705 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1711 static int hci_resolve_name(struct hci_dev *hdev,
1712 struct inquiry_entry *e)
1714 struct hci_cp_remote_name_req cp;
1716 memset(&cp, 0, sizeof(cp));
1718 bacpy(&cp.bdaddr, &e->data.bdaddr);
1719 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1720 cp.pscan_mode = e->data.pscan_mode;
1721 cp.clock_offset = e->data.clock_offset;
1723 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1726 static bool hci_resolve_next_name(struct hci_dev *hdev)
1728 struct discovery_state *discov = &hdev->discovery;
1729 struct inquiry_entry *e;
1731 if (list_empty(&discov->resolve))
1734 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1738 if (hci_resolve_name(hdev, e) == 0) {
1739 e->name_state = NAME_PENDING;
1746 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1747 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1749 struct discovery_state *discov = &hdev->discovery;
1750 struct inquiry_entry *e;
1752 /* BEGIN TIZEN_Bluetooth :: name update changes */
1753 #ifdef CONFIG_TIZEN_WIP
1754 /* Update the mgmt connected state if necessary. Be careful with
1755 * conn objects that exist but are not (yet) connected however.
1756 * Only those in BT_CONFIG or BT_CONNECTED states can be
1757 * considered connected.
1759 if (conn && (conn->state == BT_CONFIG || conn->state == BT_CONNECTED)) {
1760 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1761 mgmt_device_connected(hdev, conn, 0, name, name_len);
1763 mgmt_device_name_update(hdev, bdaddr, name, name_len);
1767 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1768 mgmt_device_connected(hdev, conn, 0, name, name_len);
1769 /* END TIZEN_Bluetooth :: name update changes */
1771 if (discov->state == DISCOVERY_STOPPED)
1774 if (discov->state == DISCOVERY_STOPPING)
1775 goto discov_complete;
1777 if (discov->state != DISCOVERY_RESOLVING)
1780 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1781 /* If the device was not found in a list of found devices names of which
1782 * are pending. there is no need to continue resolving a next name as it
1783 * will be done upon receiving another Remote Name Request Complete
1790 e->name_state = NAME_KNOWN;
1791 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1792 e->data.rssi, name, name_len);
1794 e->name_state = NAME_NOT_KNOWN;
1797 if (hci_resolve_next_name(hdev))
1801 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1804 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1806 struct hci_cp_remote_name_req *cp;
1807 struct hci_conn *conn;
1809 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1811 /* If successful wait for the name req complete event before
1812 * checking for the need to do authentication */
1816 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1822 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1824 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1825 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1830 if (!hci_outgoing_auth_needed(hdev, conn))
1833 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1834 struct hci_cp_auth_requested auth_cp;
1836 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
1838 auth_cp.handle = __cpu_to_le16(conn->handle);
1839 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1840 sizeof(auth_cp), &auth_cp);
1844 hci_dev_unlock(hdev);
1847 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1849 struct hci_cp_read_remote_features *cp;
1850 struct hci_conn *conn;
1852 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1857 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1863 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1865 if (conn->state == BT_CONFIG) {
1866 hci_proto_connect_cfm(conn, status);
1867 hci_conn_drop(conn);
1871 hci_dev_unlock(hdev);
1874 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1876 struct hci_cp_read_remote_ext_features *cp;
1877 struct hci_conn *conn;
1879 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1884 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1890 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1892 if (conn->state == BT_CONFIG) {
1893 hci_proto_connect_cfm(conn, status);
1894 hci_conn_drop(conn);
1898 hci_dev_unlock(hdev);
1901 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1903 struct hci_cp_setup_sync_conn *cp;
1904 struct hci_conn *acl, *sco;
1907 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1912 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1916 handle = __le16_to_cpu(cp->handle);
1918 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1922 acl = hci_conn_hash_lookup_handle(hdev, handle);
1926 sco->state = BT_CLOSED;
1928 hci_proto_connect_cfm(sco, status);
1933 hci_dev_unlock(hdev);
1936 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1938 struct hci_cp_sniff_mode *cp;
1939 struct hci_conn *conn;
1941 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1946 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1952 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1954 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1956 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1957 hci_sco_setup(conn, status);
1960 hci_dev_unlock(hdev);
1963 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1965 struct hci_cp_exit_sniff_mode *cp;
1966 struct hci_conn *conn;
1968 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1973 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1979 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1981 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1983 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1984 hci_sco_setup(conn, status);
1987 hci_dev_unlock(hdev);
1990 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1992 struct hci_cp_disconnect *cp;
1993 struct hci_conn *conn;
1998 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
2004 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2006 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2007 conn->dst_type, status);
2009 hci_dev_unlock(hdev);
2012 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
2014 struct hci_cp_create_phy_link *cp;
2016 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2018 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
2025 struct hci_conn *hcon;
2027 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
2031 amp_write_remote_assoc(hdev, cp->phy_handle);
2034 hci_dev_unlock(hdev);
2037 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
2039 struct hci_cp_accept_phy_link *cp;
2041 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2046 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
2050 amp_write_remote_assoc(hdev, cp->phy_handle);
2053 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
2055 struct hci_cp_le_create_conn *cp;
2056 struct hci_conn *conn;
2058 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2060 /* All connection failure handling is taken care of by the
2061 * hci_le_conn_failed function which is triggered by the HCI
2062 * request completion callbacks used for connecting.
2067 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
2073 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
2077 /* Store the initiator and responder address information which
2078 * is needed for SMP. These values will not change during the
2079 * lifetime of the connection.
2081 conn->init_addr_type = cp->own_address_type;
2082 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
2083 bacpy(&conn->init_addr, &hdev->random_addr);
2085 bacpy(&conn->init_addr, &hdev->bdaddr);
2087 conn->resp_addr_type = cp->peer_addr_type;
2088 bacpy(&conn->resp_addr, &cp->peer_addr);
2090 /* We don't want the connection attempt to stick around
2091 * indefinitely since LE doesn't have a page timeout concept
2092 * like BR/EDR. Set a timer for any connection that doesn't use
2093 * the white list for connecting.
2095 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
2096 queue_delayed_work(conn->hdev->workqueue,
2097 &conn->le_conn_timeout,
2098 conn->conn_timeout);
2101 hci_dev_unlock(hdev);
2104 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
2106 struct hci_cp_le_start_enc *cp;
2107 struct hci_conn *conn;
2109 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2116 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
2120 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
2124 if (conn->state != BT_CONNECTED)
2127 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2128 hci_conn_drop(conn);
2131 hci_dev_unlock(hdev);
2134 static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
2136 struct hci_cp_switch_role *cp;
2137 struct hci_conn *conn;
2139 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2144 cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
2150 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
2152 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2154 hci_dev_unlock(hdev);
2157 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2159 __u8 status = *((__u8 *) skb->data);
2160 struct discovery_state *discov = &hdev->discovery;
2161 struct inquiry_entry *e;
2163 BT_DBG("%s status 0x%2.2x", hdev->name, status);
2165 hci_conn_check_pending(hdev);
2167 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
2170 #ifdef CONFIG_TIZEN_WIP
2171 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
2173 /* In latest kernel, smp_mb__after_clear_bit is replaced with
2174 * smp_mb__after_atomic. So, if kernel is migrated to latest,
2175 * then below code should be enabled
2177 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
2179 wake_up_bit(&hdev->flags, HCI_INQUIRY);
2181 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2186 if (discov->state != DISCOVERY_FINDING)
2189 if (list_empty(&discov->resolve)) {
2190 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2194 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
2195 if (e && hci_resolve_name(hdev, e) == 0) {
2196 e->name_state = NAME_PENDING;
2197 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
2199 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2203 hci_dev_unlock(hdev);
2206 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2208 struct inquiry_data data;
2209 struct inquiry_info *info = (void *) (skb->data + 1);
2210 int num_rsp = *((__u8 *) skb->data);
2212 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2217 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2222 for (; num_rsp; num_rsp--, info++) {
2225 bacpy(&data.bdaddr, &info->bdaddr);
2226 data.pscan_rep_mode = info->pscan_rep_mode;
2227 data.pscan_period_mode = info->pscan_period_mode;
2228 data.pscan_mode = info->pscan_mode;
2229 memcpy(data.dev_class, info->dev_class, 3);
2230 data.clock_offset = info->clock_offset;
2231 data.rssi = HCI_RSSI_INVALID;
2232 data.ssp_mode = 0x00;
2234 flags = hci_inquiry_cache_update(hdev, &data, false);
2236 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2237 info->dev_class, HCI_RSSI_INVALID,
2238 flags, NULL, 0, NULL, 0);
2241 hci_dev_unlock(hdev);
2244 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2246 struct hci_ev_conn_complete *ev = (void *) skb->data;
2247 struct hci_conn *conn;
2249 BT_DBG("%s", hdev->name);
2253 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2255 if (ev->link_type != SCO_LINK)
2258 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2262 conn->type = SCO_LINK;
2266 conn->handle = __le16_to_cpu(ev->handle);
2268 if (conn->type == ACL_LINK) {
2269 conn->state = BT_CONFIG;
2270 hci_conn_hold(conn);
2272 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2273 !hci_find_link_key(hdev, &ev->bdaddr))
2274 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2276 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2278 conn->state = BT_CONNECTED;
2280 hci_debugfs_create_conn(conn);
2281 hci_conn_add_sysfs(conn);
2283 if (test_bit(HCI_AUTH, &hdev->flags))
2284 set_bit(HCI_CONN_AUTH, &conn->flags);
2286 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2287 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2289 /* Get remote features */
2290 if (conn->type == ACL_LINK) {
2291 struct hci_cp_read_remote_features cp;
2292 cp.handle = ev->handle;
2293 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2296 hci_update_page_scan(hdev);
2299 /* Set packet type for incoming connection */
2300 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2301 struct hci_cp_change_conn_ptype cp;
2302 cp.handle = ev->handle;
2303 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2304 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2308 #ifdef CONFIG_TIZEN_WIP
2309 if ((get_link_mode(conn)) & HCI_LM_MASTER)
2310 hci_conn_change_supervision_timeout(conn,
2311 LINK_SUPERVISION_TIMEOUT);
2312 } else if (ev->status == 0x0b) {
2313 BT_ERR("ACL connection already exists, this evt is ignored");
2316 conn->state = BT_CLOSED;
2317 if (conn->type == ACL_LINK)
2318 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2319 conn->dst_type, ev->status);
2322 if (conn->type == ACL_LINK)
2323 hci_sco_setup(conn, ev->status);
2325 #ifdef CONFIG_TIZEN_WIP
2326 if (ev->status && ev->status != 0x0b) {
2330 hci_proto_connect_cfm(conn, ev->status);
2332 } else if (ev->link_type != ACL_LINK)
2333 hci_proto_connect_cfm(conn, ev->status);
2336 hci_dev_unlock(hdev);
2338 hci_conn_check_pending(hdev);
2341 static void hci_reject_conn(struct hci_dev *hdev, bdaddr_t *bdaddr)
2343 struct hci_cp_reject_conn_req cp;
2345 bacpy(&cp.bdaddr, bdaddr);
2346 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2347 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2350 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2352 struct hci_ev_conn_request *ev = (void *) skb->data;
2353 int mask = hdev->link_mode;
2354 struct inquiry_entry *ie;
2355 struct hci_conn *conn;
2358 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2361 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2364 if (!(mask & HCI_LM_ACCEPT)) {
2365 hci_reject_conn(hdev, &ev->bdaddr);
2369 if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
2371 hci_reject_conn(hdev, &ev->bdaddr);
2375 /* Require HCI_CONNECTABLE or a whitelist entry to accept the
2376 * connection. These features are only touched through mgmt so
2377 * only do the checks if HCI_MGMT is set.
2379 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2380 !test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
2381 !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr,
2383 hci_reject_conn(hdev, &ev->bdaddr);
2387 /* Connection accepted */
2391 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2393 memcpy(ie->data.dev_class, ev->dev_class, 3);
2395 #ifdef CONFIG_TIZEN_WIP
2396 if ((ev->link_type == SCO_LINK || ev->link_type == ESCO_LINK) &&
2397 hci_conn_hash_lookup_sco(hdev)) {
2398 struct hci_cp_reject_conn_req cp;
2400 bacpy(&cp.bdaddr, &ev->bdaddr);
2401 cp.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2402 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ,
2404 hci_dev_unlock(hdev);
2408 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2411 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2414 BT_ERR("No memory for new connection");
2415 hci_dev_unlock(hdev);
2420 memcpy(conn->dev_class, ev->dev_class, 3);
2422 hci_dev_unlock(hdev);
2424 if (ev->link_type == ACL_LINK ||
2425 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2426 struct hci_cp_accept_conn_req cp;
2427 conn->state = BT_CONNECT;
2429 bacpy(&cp.bdaddr, &ev->bdaddr);
2431 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2432 cp.role = 0x00; /* Become master */
2434 cp.role = 0x01; /* Remain slave */
2436 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2437 } else if (!(flags & HCI_PROTO_DEFER)) {
2438 struct hci_cp_accept_sync_conn_req cp;
2439 conn->state = BT_CONNECT;
2441 bacpy(&cp.bdaddr, &ev->bdaddr);
2442 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2444 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2445 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2446 cp.max_latency = cpu_to_le16(0xffff);
2447 cp.content_format = cpu_to_le16(hdev->voice_setting);
2448 cp.retrans_effort = 0xff;
2450 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(cp),
2453 conn->state = BT_CONNECT2;
2454 hci_proto_connect_cfm(conn, 0);
2458 static u8 hci_to_mgmt_reason(u8 err)
2461 case HCI_ERROR_CONNECTION_TIMEOUT:
2462 return MGMT_DEV_DISCONN_TIMEOUT;
2463 case HCI_ERROR_REMOTE_USER_TERM:
2464 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2465 case HCI_ERROR_REMOTE_POWER_OFF:
2466 return MGMT_DEV_DISCONN_REMOTE;
2467 case HCI_ERROR_LOCAL_HOST_TERM:
2468 return MGMT_DEV_DISCONN_LOCAL_HOST;
2470 return MGMT_DEV_DISCONN_UNKNOWN;
2474 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2476 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2477 u8 reason = hci_to_mgmt_reason(ev->reason);
2478 struct hci_conn_params *params;
2479 struct hci_conn *conn;
2480 bool mgmt_connected;
2483 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2487 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2492 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2493 conn->dst_type, ev->status);
2497 conn->state = BT_CLOSED;
2499 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2500 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2501 reason, mgmt_connected);
2503 if (conn->type == ACL_LINK) {
2504 if (test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2505 hci_remove_link_key(hdev, &conn->dst);
2507 hci_update_page_scan(hdev);
2510 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2512 switch (params->auto_connect) {
2513 case HCI_AUTO_CONN_LINK_LOSS:
2514 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2518 case HCI_AUTO_CONN_DIRECT:
2519 case HCI_AUTO_CONN_ALWAYS:
2520 list_del_init(¶ms->action);
2521 list_add(¶ms->action, &hdev->pend_le_conns);
2522 hci_update_background_scan(hdev);
2532 hci_proto_disconn_cfm(conn, ev->reason);
2535 /* Re-enable advertising if necessary, since it might
2536 * have been disabled by the connection. From the
2537 * HCI_LE_Set_Advertise_Enable command description in
2538 * the core specification (v4.0):
2539 * "The Controller shall continue advertising until the Host
2540 * issues an LE_Set_Advertise_Enable command with
2541 * Advertising_Enable set to 0x00 (Advertising is disabled)
2542 * or until a connection is created or until the Advertising
2543 * is timed out due to Directed Advertising."
2545 if (type == LE_LINK)
2546 mgmt_reenable_advertising(hdev);
2548 #ifdef CONFIG_TIZEN_WIP
2549 if (type == ACL_LINK && !hci_conn_num(hdev, ACL_LINK)) {
2553 iscan = test_bit(HCI_ISCAN, &hdev->flags);
2554 pscan = test_bit(HCI_PSCAN, &hdev->flags);
2555 if (!iscan && !pscan) {
2556 u8 scan_enable = SCAN_PAGE;
2558 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE,
2559 sizeof(scan_enable), &scan_enable);
2565 hci_dev_unlock(hdev);
2568 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570 struct hci_ev_auth_complete *ev = (void *) skb->data;
2571 struct hci_conn *conn;
2573 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2577 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2581 #ifdef CONFIG_TIZEN_WIP /* PIN or Key Missing patch */
2582 BT_DBG("remote_auth %x, remote_cap %x, auth_type %x, io_capability %x",
2583 conn->remote_auth, conn->remote_cap,
2584 conn->auth_type, conn->io_capability);
2586 if (ev->status == 0x06) {
2587 struct hci_cp_auth_requested cp;
2588 BT_DBG("Pin or key missing");
2589 hci_remove_link_key(hdev, &conn->dst);
2590 cp.handle = cpu_to_le16(conn->handle);
2591 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp),
2597 if (!hci_conn_ssp_enabled(conn) &&
2598 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2599 BT_INFO("re-auth of legacy device is not possible.");
2601 set_bit(HCI_CONN_AUTH, &conn->flags);
2602 conn->sec_level = conn->pending_sec_level;
2605 mgmt_auth_failed(conn, ev->status);
2608 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2609 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2611 if (conn->state == BT_CONFIG) {
2612 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2613 struct hci_cp_set_conn_encrypt cp;
2614 cp.handle = ev->handle;
2616 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2619 conn->state = BT_CONNECTED;
2620 hci_proto_connect_cfm(conn, ev->status);
2621 hci_conn_drop(conn);
2624 hci_auth_cfm(conn, ev->status);
2626 hci_conn_hold(conn);
2627 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2628 hci_conn_drop(conn);
2631 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2633 struct hci_cp_set_conn_encrypt cp;
2634 cp.handle = ev->handle;
2636 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2639 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2640 hci_encrypt_cfm(conn, ev->status, 0x00);
2645 hci_dev_unlock(hdev);
2648 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2650 struct hci_ev_remote_name *ev = (void *) skb->data;
2651 struct hci_conn *conn;
2653 BT_DBG("%s", hdev->name);
2655 hci_conn_check_pending(hdev);
2659 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2661 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2664 if (ev->status == 0)
2665 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2666 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2668 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2674 if (!hci_outgoing_auth_needed(hdev, conn))
2677 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2678 struct hci_cp_auth_requested cp;
2680 set_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags);
2682 cp.handle = __cpu_to_le16(conn->handle);
2683 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2687 hci_dev_unlock(hdev);
2690 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2692 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2693 struct hci_conn *conn;
2695 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2699 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2705 /* Encryption implies authentication */
2706 set_bit(HCI_CONN_AUTH, &conn->flags);
2707 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2708 conn->sec_level = conn->pending_sec_level;
2710 /* Disable Secure connection implementation now */
2711 #ifdef CONFIG_TIZEN_WIP
2712 /* P-256 authentication key implies FIPS */
2713 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2714 set_bit(HCI_CONN_FIPS, &conn->flags);
2716 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2717 conn->type == LE_LINK)
2718 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2721 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2722 /* Disable Secure connection implementation now */
2723 #ifdef CONFIG_TIZEN_WIP
2724 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2729 /* We should disregard the current RPA and generate a new one
2730 * whenever the encryption procedure fails.
2732 if (ev->status && conn->type == LE_LINK)
2733 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2735 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2737 if (ev->status && conn->state == BT_CONNECTED) {
2738 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2739 hci_conn_drop(conn);
2743 if (conn->state == BT_CONFIG) {
2745 conn->state = BT_CONNECTED;
2747 /* Disable Secure connection implementation now */
2748 #ifdef CONFIG_TIZEN_WIP
2749 /* In Secure Connections Only mode, do not allow any
2750 * connections that are not encrypted with AES-CCM
2751 * using a P-256 authenticated combination key.
2753 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2754 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2755 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2756 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2757 hci_conn_drop(conn);
2761 hci_proto_connect_cfm(conn, ev->status);
2762 hci_conn_drop(conn);
2764 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2767 hci_dev_unlock(hdev);
2770 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2771 struct sk_buff *skb)
2773 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2774 struct hci_conn *conn;
2776 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2780 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2783 set_bit(HCI_CONN_SECURE, &conn->flags);
2785 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2787 hci_key_change_cfm(conn, ev->status);
2790 hci_dev_unlock(hdev);
2793 static void hci_remote_features_evt(struct hci_dev *hdev,
2794 struct sk_buff *skb)
2796 struct hci_ev_remote_features *ev = (void *) skb->data;
2797 struct hci_conn *conn;
2799 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2803 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2808 memcpy(conn->features[0], ev->features, 8);
2810 if (conn->state != BT_CONFIG)
2813 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2814 struct hci_cp_read_remote_ext_features cp;
2815 cp.handle = ev->handle;
2817 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2822 #ifdef CONFIG_SPRD_2331
2823 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2824 struct hci_cp_change_conn_ptype cp;
2825 memset(&cp, 0, sizeof(cp));
2826 cp.pkt_type = (HCI_DM1|HCI_DH1);
2827 if (conn->features[0][0] & LMP_3SLOT)
2828 cp.pkt_type |= (HCI_DM3|HCI_DH3);
2830 if (conn->features[0][0] & LMP_5SLOT)
2831 cp.pkt_type |= (HCI_DM5|HCI_DH5);
2833 if (!(conn->features[0][3] & LMP_EDR_ACL_2M)) {
2834 cp.pkt_type |= (HCI_2DH1|HCI_2DH3|HCI_2DH5);
2836 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
2837 cp.pkt_type |= HCI_2DH3;
2839 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
2840 cp.pkt_type |= HCI_2DH5;
2843 if (!(conn->features[0][3] & LMP_EDR_ACL_3M)) {
2844 cp.pkt_type |= (HCI_3DH1|HCI_3DH3|HCI_3DH5);
2846 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
2847 cp.pkt_type |= HCI_3DH3;
2849 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
2850 cp.pkt_type |= HCI_3DH5;
2853 cp.handle = ev->handle;
2854 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
2858 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2859 struct hci_cp_remote_name_req cp;
2860 memset(&cp, 0, sizeof(cp));
2861 bacpy(&cp.bdaddr, &conn->dst);
2862 cp.pscan_rep_mode = 0x02;
2863 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2864 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2865 mgmt_device_connected(hdev, conn, 0, NULL, 0);
2867 if (!hci_outgoing_auth_needed(hdev, conn)) {
2868 conn->state = BT_CONNECTED;
2869 hci_proto_connect_cfm(conn, ev->status);
2870 hci_conn_drop(conn);
2874 hci_dev_unlock(hdev);
2877 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2879 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2880 u8 status = skb->data[sizeof(*ev)];
2883 skb_pull(skb, sizeof(*ev));
2885 opcode = __le16_to_cpu(ev->opcode);
2888 case HCI_OP_INQUIRY_CANCEL:
2889 hci_cc_inquiry_cancel(hdev, skb);
2892 case HCI_OP_PERIODIC_INQ:
2893 hci_cc_periodic_inq(hdev, skb);
2896 case HCI_OP_EXIT_PERIODIC_INQ:
2897 hci_cc_exit_periodic_inq(hdev, skb);
2900 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2901 hci_cc_remote_name_req_cancel(hdev, skb);
2904 case HCI_OP_ROLE_DISCOVERY:
2905 hci_cc_role_discovery(hdev, skb);
2908 case HCI_OP_READ_LINK_POLICY:
2909 hci_cc_read_link_policy(hdev, skb);
2912 case HCI_OP_WRITE_LINK_POLICY:
2913 hci_cc_write_link_policy(hdev, skb);
2916 case HCI_OP_READ_DEF_LINK_POLICY:
2917 hci_cc_read_def_link_policy(hdev, skb);
2920 case HCI_OP_WRITE_DEF_LINK_POLICY:
2921 hci_cc_write_def_link_policy(hdev, skb);
2925 hci_cc_reset(hdev, skb);
2928 case HCI_OP_READ_STORED_LINK_KEY:
2929 hci_cc_read_stored_link_key(hdev, skb);
2932 case HCI_OP_DELETE_STORED_LINK_KEY:
2933 hci_cc_delete_stored_link_key(hdev, skb);
2936 case HCI_OP_WRITE_LOCAL_NAME:
2937 hci_cc_write_local_name(hdev, skb);
2940 case HCI_OP_READ_LOCAL_NAME:
2941 hci_cc_read_local_name(hdev, skb);
2944 case HCI_OP_WRITE_AUTH_ENABLE:
2945 hci_cc_write_auth_enable(hdev, skb);
2948 case HCI_OP_WRITE_ENCRYPT_MODE:
2949 hci_cc_write_encrypt_mode(hdev, skb);
2952 case HCI_OP_WRITE_SCAN_ENABLE:
2953 hci_cc_write_scan_enable(hdev, skb);
2956 case HCI_OP_READ_CLASS_OF_DEV:
2957 hci_cc_read_class_of_dev(hdev, skb);
2960 case HCI_OP_WRITE_CLASS_OF_DEV:
2961 hci_cc_write_class_of_dev(hdev, skb);
2964 case HCI_OP_READ_VOICE_SETTING:
2965 hci_cc_read_voice_setting(hdev, skb);
2968 case HCI_OP_WRITE_VOICE_SETTING:
2969 hci_cc_write_voice_setting(hdev, skb);
2972 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2973 hci_cc_read_num_supported_iac(hdev, skb);
2976 case HCI_OP_WRITE_SSP_MODE:
2977 hci_cc_write_ssp_mode(hdev, skb);
2980 case HCI_OP_WRITE_SC_SUPPORT:
2981 hci_cc_write_sc_support(hdev, skb);
2984 case HCI_OP_READ_LOCAL_VERSION:
2985 hci_cc_read_local_version(hdev, skb);
2988 case HCI_OP_READ_LOCAL_COMMANDS:
2989 hci_cc_read_local_commands(hdev, skb);
2992 case HCI_OP_READ_LOCAL_FEATURES:
2993 hci_cc_read_local_features(hdev, skb);
2996 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2997 hci_cc_read_local_ext_features(hdev, skb);
3000 case HCI_OP_READ_BUFFER_SIZE:
3001 hci_cc_read_buffer_size(hdev, skb);
3004 case HCI_OP_READ_BD_ADDR:
3005 hci_cc_read_bd_addr(hdev, skb);
3008 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
3009 hci_cc_read_page_scan_activity(hdev, skb);
3012 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
3013 hci_cc_write_page_scan_activity(hdev, skb);
3016 case HCI_OP_READ_PAGE_SCAN_TYPE:
3017 hci_cc_read_page_scan_type(hdev, skb);
3020 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
3021 hci_cc_write_page_scan_type(hdev, skb);
3024 case HCI_OP_READ_DATA_BLOCK_SIZE:
3025 hci_cc_read_data_block_size(hdev, skb);
3028 case HCI_OP_READ_FLOW_CONTROL_MODE:
3029 hci_cc_read_flow_control_mode(hdev, skb);
3032 case HCI_OP_READ_LOCAL_AMP_INFO:
3033 hci_cc_read_local_amp_info(hdev, skb);
3036 case HCI_OP_READ_CLOCK:
3037 hci_cc_read_clock(hdev, skb);
3040 case HCI_OP_READ_LOCAL_AMP_ASSOC:
3041 hci_cc_read_local_amp_assoc(hdev, skb);
3044 case HCI_OP_READ_INQ_RSP_TX_POWER:
3045 hci_cc_read_inq_rsp_tx_power(hdev, skb);
3048 case HCI_OP_PIN_CODE_REPLY:
3049 hci_cc_pin_code_reply(hdev, skb);
3052 case HCI_OP_PIN_CODE_NEG_REPLY:
3053 hci_cc_pin_code_neg_reply(hdev, skb);
3056 case HCI_OP_READ_LOCAL_OOB_DATA:
3057 hci_cc_read_local_oob_data(hdev, skb);
3060 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
3061 hci_cc_read_local_oob_ext_data(hdev, skb);
3064 case HCI_OP_LE_READ_BUFFER_SIZE:
3065 hci_cc_le_read_buffer_size(hdev, skb);
3068 case HCI_OP_LE_READ_LOCAL_FEATURES:
3069 hci_cc_le_read_local_features(hdev, skb);
3072 case HCI_OP_LE_READ_ADV_TX_POWER:
3073 hci_cc_le_read_adv_tx_power(hdev, skb);
3076 case HCI_OP_USER_CONFIRM_REPLY:
3077 hci_cc_user_confirm_reply(hdev, skb);
3080 case HCI_OP_USER_CONFIRM_NEG_REPLY:
3081 hci_cc_user_confirm_neg_reply(hdev, skb);
3084 case HCI_OP_USER_PASSKEY_REPLY:
3085 hci_cc_user_passkey_reply(hdev, skb);
3088 case HCI_OP_USER_PASSKEY_NEG_REPLY:
3089 hci_cc_user_passkey_neg_reply(hdev, skb);
3092 case HCI_OP_LE_SET_RANDOM_ADDR:
3093 hci_cc_le_set_random_addr(hdev, skb);
3096 case HCI_OP_LE_SET_ADV_ENABLE:
3097 hci_cc_le_set_adv_enable(hdev, skb);
3100 case HCI_OP_LE_SET_SCAN_PARAM:
3101 hci_cc_le_set_scan_param(hdev, skb);
3104 case HCI_OP_LE_SET_SCAN_ENABLE:
3105 hci_cc_le_set_scan_enable(hdev, skb);
3108 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
3109 hci_cc_le_read_white_list_size(hdev, skb);
3112 case HCI_OP_LE_CLEAR_WHITE_LIST:
3113 hci_cc_le_clear_white_list(hdev, skb);
3116 case HCI_OP_LE_ADD_TO_WHITE_LIST:
3117 hci_cc_le_add_to_white_list(hdev, skb);
3120 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
3121 hci_cc_le_del_from_white_list(hdev, skb);
3124 case HCI_OP_LE_READ_SUPPORTED_STATES:
3125 hci_cc_le_read_supported_states(hdev, skb);
3128 case HCI_OP_LE_READ_DEF_DATA_LEN:
3129 hci_cc_le_read_def_data_len(hdev, skb);
3132 case HCI_OP_LE_WRITE_DEF_DATA_LEN:
3133 hci_cc_le_write_def_data_len(hdev, skb);
3136 case HCI_OP_LE_READ_MAX_DATA_LEN:
3137 hci_cc_le_read_max_data_len(hdev, skb);
3140 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
3141 hci_cc_write_le_host_supported(hdev, skb);
3144 case HCI_OP_LE_SET_ADV_PARAM:
3145 hci_cc_set_adv_param(hdev, skb);
3148 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
3149 hci_cc_write_remote_amp_assoc(hdev, skb);
3152 case HCI_OP_READ_RSSI:
3153 hci_cc_read_rssi(hdev, skb);
3156 case HCI_OP_READ_TX_POWER:
3157 hci_cc_read_tx_power(hdev, skb);
3159 #ifdef CONFIG_TIZEN_WIP
3160 case HCI_OP_ENABLE_RSSI:
3161 hci_cc_enable_rssi(hdev, skb);
3164 case HCI_OP_GET_RAW_RSSI:
3165 hci_cc_get_raw_rssi(hdev, skb);
3169 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3173 if (opcode != HCI_OP_NOP)
3174 cancel_delayed_work(&hdev->cmd_timer);
3176 hci_req_cmd_complete(hdev, opcode, status);
3178 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3179 atomic_set(&hdev->cmd_cnt, 1);
3180 if (!skb_queue_empty(&hdev->cmd_q))
3181 queue_work(hdev->workqueue, &hdev->cmd_work);
3185 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
3187 struct hci_ev_cmd_status *ev = (void *) skb->data;
3190 skb_pull(skb, sizeof(*ev));
3192 opcode = __le16_to_cpu(ev->opcode);
3195 case HCI_OP_INQUIRY:
3196 hci_cs_inquiry(hdev, ev->status);
3199 case HCI_OP_CREATE_CONN:
3200 hci_cs_create_conn(hdev, ev->status);
3203 case HCI_OP_DISCONNECT:
3204 hci_cs_disconnect(hdev, ev->status);
3207 case HCI_OP_ADD_SCO:
3208 hci_cs_add_sco(hdev, ev->status);
3211 case HCI_OP_AUTH_REQUESTED:
3212 hci_cs_auth_requested(hdev, ev->status);
3215 case HCI_OP_SET_CONN_ENCRYPT:
3216 hci_cs_set_conn_encrypt(hdev, ev->status);
3219 case HCI_OP_REMOTE_NAME_REQ:
3220 hci_cs_remote_name_req(hdev, ev->status);
3223 case HCI_OP_READ_REMOTE_FEATURES:
3224 hci_cs_read_remote_features(hdev, ev->status);
3227 case HCI_OP_READ_REMOTE_EXT_FEATURES:
3228 hci_cs_read_remote_ext_features(hdev, ev->status);
3231 case HCI_OP_SETUP_SYNC_CONN:
3232 hci_cs_setup_sync_conn(hdev, ev->status);
3235 case HCI_OP_CREATE_PHY_LINK:
3236 hci_cs_create_phylink(hdev, ev->status);
3239 case HCI_OP_ACCEPT_PHY_LINK:
3240 hci_cs_accept_phylink(hdev, ev->status);
3243 case HCI_OP_SNIFF_MODE:
3244 hci_cs_sniff_mode(hdev, ev->status);
3247 case HCI_OP_EXIT_SNIFF_MODE:
3248 hci_cs_exit_sniff_mode(hdev, ev->status);
3251 case HCI_OP_SWITCH_ROLE:
3252 hci_cs_switch_role(hdev, ev->status);
3255 case HCI_OP_LE_CREATE_CONN:
3256 hci_cs_le_create_conn(hdev, ev->status);
3259 case HCI_OP_LE_START_ENC:
3260 hci_cs_le_start_enc(hdev, ev->status);
3264 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3268 if (opcode != HCI_OP_NOP)
3269 cancel_delayed_work(&hdev->cmd_timer);
3272 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
3273 hci_req_cmd_complete(hdev, opcode, ev->status);
3275 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3276 atomic_set(&hdev->cmd_cnt, 1);
3277 if (!skb_queue_empty(&hdev->cmd_q))
3278 queue_work(hdev->workqueue, &hdev->cmd_work);
3282 static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
3284 struct hci_ev_hardware_error *ev = (void *) skb->data;
3286 BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
3287 #ifdef CONFIG_TIZEN_WIP
3289 mgmt_hardware_error(hdev, ev->code);
3290 hci_dev_unlock(hdev);
3294 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3296 struct hci_ev_role_change *ev = (void *) skb->data;
3297 struct hci_conn *conn;
3299 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3303 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3306 conn->role = ev->role;
3308 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
3310 hci_role_switch_cfm(conn, ev->status, ev->role);
3312 #ifdef CONFIG_TIZEN_WIP
3313 if (!ev->status && (get_link_mode(conn)) & HCI_LM_MASTER)
3314 hci_conn_change_supervision_timeout(conn,
3315 LINK_SUPERVISION_TIMEOUT);
3319 hci_dev_unlock(hdev);
3322 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
3324 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
3327 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
3328 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3332 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3333 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
3334 BT_DBG("%s bad parameters", hdev->name);
3338 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
3340 for (i = 0; i < ev->num_hndl; i++) {
3341 struct hci_comp_pkts_info *info = &ev->handles[i];
3342 struct hci_conn *conn;
3343 __u16 handle, count;
3345 handle = __le16_to_cpu(info->handle);
3346 count = __le16_to_cpu(info->count);
3348 conn = hci_conn_hash_lookup_handle(hdev, handle);
3352 conn->sent -= count;
3354 switch (conn->type) {
3356 hdev->acl_cnt += count;
3357 if (hdev->acl_cnt > hdev->acl_pkts)
3358 hdev->acl_cnt = hdev->acl_pkts;
3362 if (hdev->le_pkts) {
3363 hdev->le_cnt += count;
3364 if (hdev->le_cnt > hdev->le_pkts)
3365 hdev->le_cnt = hdev->le_pkts;
3367 hdev->acl_cnt += count;
3368 if (hdev->acl_cnt > hdev->acl_pkts)
3369 hdev->acl_cnt = hdev->acl_pkts;
3374 hdev->sco_cnt += count;
3375 if (hdev->sco_cnt > hdev->sco_pkts)
3376 hdev->sco_cnt = hdev->sco_pkts;
3380 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3385 queue_work(hdev->workqueue, &hdev->tx_work);
3388 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
3391 struct hci_chan *chan;
3393 switch (hdev->dev_type) {
3395 return hci_conn_hash_lookup_handle(hdev, handle);
3397 chan = hci_chan_lookup_handle(hdev, handle);
3402 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3409 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
3411 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
3414 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
3415 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
3419 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
3420 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
3421 BT_DBG("%s bad parameters", hdev->name);
3425 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
3428 for (i = 0; i < ev->num_hndl; i++) {
3429 struct hci_comp_blocks_info *info = &ev->handles[i];
3430 struct hci_conn *conn = NULL;
3431 __u16 handle, block_count;
3433 handle = __le16_to_cpu(info->handle);
3434 block_count = __le16_to_cpu(info->blocks);
3436 conn = __hci_conn_lookup_handle(hdev, handle);
3440 conn->sent -= block_count;
3442 switch (conn->type) {
3445 hdev->block_cnt += block_count;
3446 if (hdev->block_cnt > hdev->num_blocks)
3447 hdev->block_cnt = hdev->num_blocks;
3451 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3456 queue_work(hdev->workqueue, &hdev->tx_work);
3459 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3461 struct hci_ev_mode_change *ev = (void *) skb->data;
3462 struct hci_conn *conn;
3464 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3468 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3470 conn->mode = ev->mode;
3472 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3474 if (conn->mode == HCI_CM_ACTIVE)
3475 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3477 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3480 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3481 hci_sco_setup(conn, ev->status);
3484 hci_dev_unlock(hdev);
3487 #ifdef CONFIG_TIZEN_WIP
3488 static void hci_vendor_specific_evt(struct hci_dev *hdev, struct sk_buff *skb)
3490 struct hci_ev_vendor_specific *ev = (void *) skb->data;
3491 __u8 event_sub_code;
3492 skb_pull(skb, sizeof(*ev));
3494 BT_DBG("hci_vendor_specific_evt");
3495 event_sub_code = ev->event_sub_code;
3497 switch (event_sub_code) {
3498 case LE_META_VENDOR_SPECIFIC_GROUP_EVENT: {
3499 struct hci_ev_ext_vendor_specific *ev = (void *) skb->data;
3500 __u8 event_le_ext_sub_code;
3501 skb_pull(skb, sizeof(*ev));
3502 event_le_ext_sub_code = ev->event_le_ext_sub_code;
3504 BT_DBG("Func: %s RSSI event LE_META_VENDOR_SPECIFIC_GROUP_EVENT: %X",
3505 __func__, LE_META_VENDOR_SPECIFIC_GROUP_EVENT);
3507 switch (event_le_ext_sub_code) {
3508 case LE_RSSI_LINK_ALERT:
3509 BT_DBG("Func: %s RSSI event LE_RSSI_LINK_ALERT %X",
3510 __func__, LE_RSSI_LINK_ALERT);
3511 mgmt_rssi_alert_evt(hdev, skb);
3520 case LE_MULTI_ADV_STATE_CHANGE_SUB_EVENT:
3521 BT_DBG("Func: %s LE_MULTI_ADV_STATE_CHANGE_SUB_EVENT", __func__);
3522 mgmt_multi_adv_state_change_evt(hdev, skb);
3530 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3532 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3533 struct hci_conn *conn;
3535 BT_DBG("%s", hdev->name);
3539 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3543 if (conn->state == BT_CONNECTED) {
3544 hci_conn_hold(conn);
3545 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3546 hci_conn_drop(conn);
3549 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
3550 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3551 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3552 sizeof(ev->bdaddr), &ev->bdaddr);
3553 } else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3556 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3561 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3565 hci_dev_unlock(hdev);
3568 static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
3570 if (key_type == HCI_LK_CHANGED_COMBINATION)
3573 conn->pin_length = pin_len;
3574 conn->key_type = key_type;
3577 case HCI_LK_LOCAL_UNIT:
3578 case HCI_LK_REMOTE_UNIT:
3579 case HCI_LK_DEBUG_COMBINATION:
3581 case HCI_LK_COMBINATION:
3583 conn->pending_sec_level = BT_SECURITY_HIGH;
3585 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3587 case HCI_LK_UNAUTH_COMBINATION_P192:
3588 case HCI_LK_UNAUTH_COMBINATION_P256:
3589 conn->pending_sec_level = BT_SECURITY_MEDIUM;
3591 case HCI_LK_AUTH_COMBINATION_P192:
3592 conn->pending_sec_level = BT_SECURITY_HIGH;
3594 case HCI_LK_AUTH_COMBINATION_P256:
3595 conn->pending_sec_level = BT_SECURITY_FIPS;
3600 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3602 struct hci_ev_link_key_req *ev = (void *) skb->data;
3603 struct hci_cp_link_key_reply cp;
3604 struct hci_conn *conn;
3605 struct link_key *key;
3607 BT_DBG("%s", hdev->name);
3609 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3614 key = hci_find_link_key(hdev, &ev->bdaddr);
3616 BT_DBG("%s link key not found for %pMR", hdev->name,
3621 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3624 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3626 clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3628 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3629 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3630 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3631 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3635 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3636 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3637 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3638 BT_DBG("%s ignoring key unauthenticated for high security",
3643 conn_set_key(conn, key->type, key->pin_len);
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
3647 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3649 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3651 hci_dev_unlock(hdev);
3656 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3657 hci_dev_unlock(hdev);
3660 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3662 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3663 struct hci_conn *conn;
3664 struct link_key *key;
3668 BT_DBG("%s", hdev->name);
3672 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3676 hci_conn_hold(conn);
3677 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3678 hci_conn_drop(conn);
3680 set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
3681 conn_set_key(conn, ev->key_type, conn->pin_length);
3683 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3686 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3687 ev->key_type, pin_len, &persistent);
3691 /* Update connection information since adding the key will have
3692 * fixed up the type in the case of changed combination keys.
3694 if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
3695 conn_set_key(conn, key->type, key->pin_len);
3697 mgmt_new_link_key(hdev, key, persistent);
3699 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3700 * is set. If it's not set simply remove the key from the kernel
3701 * list (we've still notified user space about it but with
3702 * store_hint being 0).
3704 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3705 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3706 list_del_rcu(&key->list);
3707 kfree_rcu(key, rcu);
3712 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3714 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3717 hci_dev_unlock(hdev);
3720 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3722 struct hci_ev_clock_offset *ev = (void *) skb->data;
3723 struct hci_conn *conn;
3725 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3730 if (conn && !ev->status) {
3731 struct inquiry_entry *ie;
3733 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3735 ie->data.clock_offset = ev->clock_offset;
3736 ie->timestamp = jiffies;
3740 hci_dev_unlock(hdev);
3743 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3745 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3746 struct hci_conn *conn;
3748 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3752 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3753 if (conn && !ev->status)
3754 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3756 hci_dev_unlock(hdev);
3759 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3761 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3762 struct inquiry_entry *ie;
3764 BT_DBG("%s", hdev->name);
3768 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3770 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3771 ie->timestamp = jiffies;
3774 hci_dev_unlock(hdev);
3777 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3780 struct inquiry_data data;
3781 int num_rsp = *((__u8 *) skb->data);
3783 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3788 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3793 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3794 struct inquiry_info_with_rssi_and_pscan_mode *info;
3795 info = (void *) (skb->data + 1);
3797 for (; num_rsp; num_rsp--, info++) {
3800 bacpy(&data.bdaddr, &info->bdaddr);
3801 data.pscan_rep_mode = info->pscan_rep_mode;
3802 data.pscan_period_mode = info->pscan_period_mode;
3803 data.pscan_mode = info->pscan_mode;
3804 memcpy(data.dev_class, info->dev_class, 3);
3805 data.clock_offset = info->clock_offset;
3806 data.rssi = info->rssi;
3807 data.ssp_mode = 0x00;
3809 flags = hci_inquiry_cache_update(hdev, &data, false);
3811 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3812 info->dev_class, info->rssi,
3813 flags, NULL, 0, NULL, 0);
3816 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3818 for (; num_rsp; num_rsp--, info++) {
3821 bacpy(&data.bdaddr, &info->bdaddr);
3822 data.pscan_rep_mode = info->pscan_rep_mode;
3823 data.pscan_period_mode = info->pscan_period_mode;
3824 data.pscan_mode = 0x00;
3825 memcpy(data.dev_class, info->dev_class, 3);
3826 data.clock_offset = info->clock_offset;
3827 data.rssi = info->rssi;
3828 data.ssp_mode = 0x00;
3830 flags = hci_inquiry_cache_update(hdev, &data, false);
3832 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3833 info->dev_class, info->rssi,
3834 flags, NULL, 0, NULL, 0);
3838 hci_dev_unlock(hdev);
3841 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3842 struct sk_buff *skb)
3844 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3845 struct hci_conn *conn;
3847 BT_DBG("%s", hdev->name);
3851 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3855 if (ev->page < HCI_MAX_PAGES)
3856 memcpy(conn->features[ev->page], ev->features, 8);
3858 if (!ev->status && ev->page == 0x01) {
3859 struct inquiry_entry *ie;
3861 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3863 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3865 if (ev->features[0] & LMP_HOST_SSP) {
3866 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3868 /* It is mandatory by the Bluetooth specification that
3869 * Extended Inquiry Results are only used when Secure
3870 * Simple Pairing is enabled, but some devices violate
3873 * To make these devices work, the internal SSP
3874 * enabled flag needs to be cleared if the remote host
3875 * features do not indicate SSP support */
3876 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3879 /* Disable Secure connection implementation now */
3880 #ifdef CONFIG_TIZEN_WIP
3881 if (ev->features[0] & LMP_HOST_SC)
3882 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3886 if (conn->state != BT_CONFIG)
3889 #ifdef CONFIG_SPRD_2331
3890 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3891 struct hci_cp_change_conn_ptype cp;
3892 memset(&cp, 0, sizeof(cp));
3893 cp.pkt_type = (HCI_DM1|HCI_DH1);
3895 if (conn->features[0][0] & LMP_3SLOT)
3896 cp.pkt_type |= (HCI_DM3|HCI_DH3);
3898 if (conn->features[0][0] & LMP_5SLOT)
3899 cp.pkt_type |= (HCI_DM5|HCI_DH5);
3901 if (!(conn->features[0][3] & LMP_EDR_ACL_2M)) {
3902 cp.pkt_type |= (HCI_2DH1|HCI_2DH3|HCI_2DH5);
3904 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
3905 cp.pkt_type |= HCI_2DH3;
3907 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
3908 cp.pkt_type |= HCI_2DH5;
3911 if (!(conn->features[0][3] & LMP_EDR_ACL_3M)) {
3912 cp.pkt_type |= (HCI_3DH1|HCI_3DH3|HCI_3DH5);
3914 if (!(conn->features[0][4] & LMP_EDR_3SLOT))
3915 cp.pkt_type |= HCI_3DH3;
3917 if (!(conn->features[0][5] & LMP_EDR_5SLOT))
3918 cp.pkt_type |= HCI_3DH5;
3921 cp.handle = ev->handle;
3922 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
3926 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3927 struct hci_cp_remote_name_req cp;
3928 memset(&cp, 0, sizeof(cp));
3929 bacpy(&cp.bdaddr, &conn->dst);
3930 cp.pscan_rep_mode = 0x02;
3931 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3932 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3933 mgmt_device_connected(hdev, conn, 0, NULL, 0);
3935 if (!hci_outgoing_auth_needed(hdev, conn)) {
3936 conn->state = BT_CONNECTED;
3937 hci_proto_connect_cfm(conn, ev->status);
3938 hci_conn_drop(conn);
3942 hci_dev_unlock(hdev);
3945 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3946 struct sk_buff *skb)
3948 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3949 struct hci_conn *conn;
3951 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3955 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3957 if (ev->link_type == ESCO_LINK)
3960 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3964 conn->type = SCO_LINK;
3967 switch (ev->status) {
3969 conn->handle = __le16_to_cpu(ev->handle);
3970 conn->state = BT_CONNECTED;
3972 hci_debugfs_create_conn(conn);
3973 hci_conn_add_sysfs(conn);
3976 case 0x10: /* Connection Accept Timeout */
3977 case 0x0d: /* Connection Rejected due to Limited Resources */
3978 case 0x11: /* Unsupported Feature or Parameter Value */
3979 case 0x1c: /* SCO interval rejected */
3980 case 0x1a: /* Unsupported Remote Feature */
3981 case 0x1f: /* Unspecified error */
3982 case 0x20: /* Unsupported LMP Parameter value */
3984 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3985 (hdev->esco_type & EDR_ESCO_MASK);
3986 if (hci_setup_sync(conn, conn->link->handle))
3992 conn->state = BT_CLOSED;
3996 hci_proto_connect_cfm(conn, ev->status);
4001 hci_dev_unlock(hdev);
4004 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
4008 while (parsed < eir_len) {
4009 u8 field_len = eir[0];
4014 parsed += field_len + 1;
4015 eir += field_len + 1;
4021 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
4022 struct sk_buff *skb)
4024 struct inquiry_data data;
4025 struct extended_inquiry_info *info = (void *) (skb->data + 1);
4026 int num_rsp = *((__u8 *) skb->data);
4029 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
4034 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
4039 for (; num_rsp; num_rsp--, info++) {
4043 bacpy(&data.bdaddr, &info->bdaddr);
4044 data.pscan_rep_mode = info->pscan_rep_mode;
4045 data.pscan_period_mode = info->pscan_period_mode;
4046 data.pscan_mode = 0x00;
4047 memcpy(data.dev_class, info->dev_class, 3);
4048 data.clock_offset = info->clock_offset;
4049 data.rssi = info->rssi;
4050 data.ssp_mode = 0x01;
4052 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4053 name_known = eir_has_data_type(info->data,
4059 flags = hci_inquiry_cache_update(hdev, &data, name_known);
4061 eir_len = eir_get_length(info->data, sizeof(info->data));
4063 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
4064 info->dev_class, info->rssi,
4065 flags, info->data, eir_len, NULL, 0);
4068 hci_dev_unlock(hdev);
4071 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
4072 struct sk_buff *skb)
4074 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
4075 struct hci_conn *conn;
4077 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
4078 __le16_to_cpu(ev->handle));
4082 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4086 /* For BR/EDR the necessary steps are taken through the
4087 * auth_complete event.
4089 if (conn->type != LE_LINK)
4093 conn->sec_level = conn->pending_sec_level;
4095 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
4097 if (ev->status && conn->state == BT_CONNECTED) {
4098 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
4099 hci_conn_drop(conn);
4103 if (conn->state == BT_CONFIG) {
4105 conn->state = BT_CONNECTED;
4107 hci_proto_connect_cfm(conn, ev->status);
4108 hci_conn_drop(conn);
4110 hci_auth_cfm(conn, ev->status);
4112 hci_conn_hold(conn);
4113 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
4114 hci_conn_drop(conn);
4118 hci_dev_unlock(hdev);
4121 static u8 hci_get_auth_req(struct hci_conn *conn)
4123 #ifdef CONFIG_TIZEN_WIP
4124 if (conn->remote_auth == HCI_AT_GENERAL_BONDING_MITM) {
4125 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4126 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4127 return HCI_AT_GENERAL_BONDING_MITM;
4131 /* If remote requests no-bonding follow that lead */
4132 if (conn->remote_auth == HCI_AT_NO_BONDING ||
4133 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
4134 return conn->remote_auth | (conn->auth_type & 0x01);
4136 /* If both remote and local have enough IO capabilities, require
4139 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
4140 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
4141 return conn->remote_auth | 0x01;
4143 /* No MITM protection possible so ignore remote requirement */
4144 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
4147 static u8 bredr_oob_data_present(struct hci_conn *conn)
4149 struct hci_dev *hdev = conn->hdev;
4150 struct oob_data *data;
4152 data = hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR);
4156 /* When Secure Connections Only mode is enabled, then the P-256
4157 * values are required. If they are not available, then do not
4158 * declare that OOB data is present.
4160 if (bredr_sc_enabled(hdev) &&
4161 test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
4162 (!memcmp(data->rand256, ZERO_KEY, 16) ||
4163 !memcmp(data->hash256, ZERO_KEY, 16)))
4166 if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))
4172 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4174 struct hci_ev_io_capa_request *ev = (void *) skb->data;
4175 struct hci_conn *conn;
4177 BT_DBG("%s", hdev->name);
4181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4185 hci_conn_hold(conn);
4187 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4190 /* Allow pairing if we're pairable, the initiators of the
4191 * pairing or if the remote is not requesting bonding.
4193 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
4194 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
4195 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
4196 struct hci_cp_io_capability_reply cp;
4198 bacpy(&cp.bdaddr, &ev->bdaddr);
4199 /* Change the IO capability from KeyboardDisplay
4200 * to DisplayYesNo as it is not supported by BT spec. */
4201 cp.capability = (conn->io_capability == 0x04) ?
4202 HCI_IO_DISPLAY_YESNO : conn->io_capability;
4204 /* If we are initiators, there is no remote information yet */
4205 if (conn->remote_auth == 0xff) {
4206 /* Request MITM protection if our IO caps allow it
4207 * except for the no-bonding case.
4209 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4210 conn->auth_type != HCI_AT_NO_BONDING)
4211 conn->auth_type |= 0x01;
4213 conn->auth_type = hci_get_auth_req(conn);
4216 /* If we're not bondable, force one of the non-bondable
4217 * authentication requirement values.
4219 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
4220 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
4222 cp.authentication = conn->auth_type;
4223 cp.oob_data = bredr_oob_data_present(conn);
4225 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
4228 struct hci_cp_io_capability_neg_reply cp;
4230 bacpy(&cp.bdaddr, &ev->bdaddr);
4231 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
4233 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
4238 hci_dev_unlock(hdev);
4241 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
4243 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
4244 struct hci_conn *conn;
4246 BT_DBG("%s", hdev->name);
4250 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4254 conn->remote_cap = ev->capability;
4255 conn->remote_auth = ev->authentication;
4257 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
4260 hci_dev_unlock(hdev);
4263 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
4264 struct sk_buff *skb)
4266 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
4267 int loc_mitm, rem_mitm, confirm_hint = 0;
4268 struct hci_conn *conn;
4270 BT_DBG("%s", hdev->name);
4274 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4277 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4281 loc_mitm = (conn->auth_type & 0x01);
4282 rem_mitm = (conn->remote_auth & 0x01);
4284 /* If we require MITM but the remote device can't provide that
4285 * (it has NoInputNoOutput) then reject the confirmation
4286 * request. We check the security level here since it doesn't
4287 * necessarily match conn->auth_type.
4289 if (conn->pending_sec_level > BT_SECURITY_MEDIUM &&
4290 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
4291 BT_DBG("Rejecting request: remote device can't provide MITM");
4292 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
4293 sizeof(ev->bdaddr), &ev->bdaddr);
4297 /* If no side requires MITM protection; auto-accept */
4298 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
4299 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
4301 /* If we're not the initiators request authorization to
4302 * proceed from user space (mgmt_user_confirm with
4303 * confirm_hint set to 1). The exception is if neither
4304 * side had MITM or if the local IO capability is
4305 * NoInputNoOutput, in which case we do auto-accept
4307 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
4308 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
4309 (loc_mitm || rem_mitm)) {
4310 BT_DBG("Confirming auto-accept as acceptor");
4315 BT_DBG("Auto-accept of user confirmation with %ums delay",
4316 hdev->auto_accept_delay);
4318 if (hdev->auto_accept_delay > 0) {
4319 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
4320 queue_delayed_work(conn->hdev->workqueue,
4321 &conn->auto_accept_work, delay);
4325 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
4326 sizeof(ev->bdaddr), &ev->bdaddr);
4331 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
4332 le32_to_cpu(ev->passkey), confirm_hint);
4335 hci_dev_unlock(hdev);
4338 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
4339 struct sk_buff *skb)
4341 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
4343 BT_DBG("%s", hdev->name);
4345 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4346 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
4349 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
4350 struct sk_buff *skb)
4352 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
4353 struct hci_conn *conn;
4355 BT_DBG("%s", hdev->name);
4357 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4361 conn->passkey_notify = __le32_to_cpu(ev->passkey);
4362 conn->passkey_entered = 0;
4364 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4365 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4366 conn->dst_type, conn->passkey_notify,
4367 conn->passkey_entered);
4370 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
4372 struct hci_ev_keypress_notify *ev = (void *) skb->data;
4373 struct hci_conn *conn;
4375 BT_DBG("%s", hdev->name);
4377 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4382 case HCI_KEYPRESS_STARTED:
4383 conn->passkey_entered = 0;
4386 case HCI_KEYPRESS_ENTERED:
4387 conn->passkey_entered++;
4390 case HCI_KEYPRESS_ERASED:
4391 conn->passkey_entered--;
4394 case HCI_KEYPRESS_CLEARED:
4395 conn->passkey_entered = 0;
4398 case HCI_KEYPRESS_COMPLETED:
4402 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4403 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
4404 conn->dst_type, conn->passkey_notify,
4405 conn->passkey_entered);
4408 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
4409 struct sk_buff *skb)
4411 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
4412 struct hci_conn *conn;
4414 BT_DBG("%s", hdev->name);
4418 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4422 /* Reset the authentication requirement to unknown */
4423 conn->remote_auth = 0xff;
4425 /* To avoid duplicate auth_failed events to user space we check
4426 * the HCI_CONN_AUTH_PEND flag which will be set if we
4427 * initiated the authentication. A traditional auth_complete
4428 * event gets always produced as initiator and is also mapped to
4429 * the mgmt_auth_failed event */
4430 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
4431 mgmt_auth_failed(conn, ev->status);
4433 hci_conn_drop(conn);
4436 hci_dev_unlock(hdev);
4439 static void hci_remote_host_features_evt(struct hci_dev *hdev,
4440 struct sk_buff *skb)
4442 struct hci_ev_remote_host_features *ev = (void *) skb->data;
4443 struct inquiry_entry *ie;
4444 struct hci_conn *conn;
4446 BT_DBG("%s", hdev->name);
4450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
4452 memcpy(conn->features[1], ev->features, 8);
4454 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
4456 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
4458 hci_dev_unlock(hdev);
4461 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
4462 struct sk_buff *skb)
4464 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
4465 struct oob_data *data;
4467 BT_DBG("%s", hdev->name);
4471 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4474 data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
4476 struct hci_cp_remote_oob_data_neg_reply cp;
4478 bacpy(&cp.bdaddr, &ev->bdaddr);
4479 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
4484 if (bredr_sc_enabled(hdev)) {
4485 struct hci_cp_remote_oob_ext_data_reply cp;
4487 bacpy(&cp.bdaddr, &ev->bdaddr);
4488 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4489 memset(cp.hash192, 0, sizeof(cp.hash192));
4490 memset(cp.rand192, 0, sizeof(cp.rand192));
4492 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
4493 memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
4495 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
4496 memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
4498 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
4501 struct hci_cp_remote_oob_data_reply cp;
4503 bacpy(&cp.bdaddr, &ev->bdaddr);
4504 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
4505 memcpy(cp.rand, data->rand192, sizeof(cp.rand));
4507 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
4512 hci_dev_unlock(hdev);
4515 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
4516 struct sk_buff *skb)
4518 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
4519 struct hci_conn *hcon, *bredr_hcon;
4521 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
4526 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4528 hci_dev_unlock(hdev);
4534 hci_dev_unlock(hdev);
4538 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
4540 hcon->state = BT_CONNECTED;
4541 bacpy(&hcon->dst, &bredr_hcon->dst);
4543 hci_conn_hold(hcon);
4544 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
4545 hci_conn_drop(hcon);
4547 hci_debugfs_create_conn(hcon);
4548 hci_conn_add_sysfs(hcon);
4550 amp_physical_cfm(bredr_hcon, hcon);
4552 hci_dev_unlock(hdev);
4555 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4557 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
4558 struct hci_conn *hcon;
4559 struct hci_chan *hchan;
4560 struct amp_mgr *mgr;
4562 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
4563 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
4566 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4570 /* Create AMP hchan */
4571 hchan = hci_chan_create(hcon);
4575 hchan->handle = le16_to_cpu(ev->handle);
4577 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
4579 mgr = hcon->amp_mgr;
4580 if (mgr && mgr->bredr_chan) {
4581 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
4583 l2cap_chan_lock(bredr_chan);
4585 bredr_chan->conn->mtu = hdev->block_mtu;
4586 l2cap_logical_cfm(bredr_chan, hchan, 0);
4587 hci_conn_hold(hcon);
4589 l2cap_chan_unlock(bredr_chan);
4593 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
4594 struct sk_buff *skb)
4596 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
4597 struct hci_chan *hchan;
4599 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
4600 le16_to_cpu(ev->handle), ev->status);
4607 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4611 amp_destroy_logical_link(hchan, ev->reason);
4614 hci_dev_unlock(hdev);
4617 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4618 struct sk_buff *skb)
4620 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4621 struct hci_conn *hcon;
4623 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4630 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4632 hcon->state = BT_CLOSED;
4636 hci_dev_unlock(hdev);
4639 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4641 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4642 struct hci_conn_params *params;
4643 struct hci_conn *conn;
4644 struct smp_irk *irk;
4647 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4651 /* All controllers implicitly stop advertising in the event of a
4652 * connection, so ensure that the state bit is cleared.
4654 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
4656 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4658 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role);
4660 BT_ERR("No memory for new connection");
4664 conn->dst_type = ev->bdaddr_type;
4666 /* If we didn't have a hci_conn object previously
4667 * but we're in master role this must be something
4668 * initiated using a white list. Since white list based
4669 * connections are not "first class citizens" we don't
4670 * have full tracking of them. Therefore, we go ahead
4671 * with a "best effort" approach of determining the
4672 * initiator address based on the HCI_PRIVACY flag.
4675 conn->resp_addr_type = ev->bdaddr_type;
4676 bacpy(&conn->resp_addr, &ev->bdaddr);
4677 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4678 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4679 bacpy(&conn->init_addr, &hdev->rpa);
4681 hci_copy_identity_address(hdev,
4683 &conn->init_addr_type);
4687 #ifdef CONFIG_TIZEN_WIP
4688 /* LE auto connect */
4689 bacpy(&conn->dst, &ev->bdaddr);
4691 cancel_delayed_work(&conn->le_conn_timeout);
4695 /* Set the responder (our side) address type based on
4696 * the advertising address type.
4698 conn->resp_addr_type = hdev->adv_addr_type;
4699 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4700 bacpy(&conn->resp_addr, &hdev->random_addr);
4702 bacpy(&conn->resp_addr, &hdev->bdaddr);
4704 conn->init_addr_type = ev->bdaddr_type;
4705 bacpy(&conn->init_addr, &ev->bdaddr);
4707 /* For incoming connections, set the default minimum
4708 * and maximum connection interval. They will be used
4709 * to check if the parameters are in range and if not
4710 * trigger the connection update procedure.
4712 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4713 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4716 /* Lookup the identity address from the stored connection
4717 * address and address type.
4719 * When establishing connections to an identity address, the
4720 * connection procedure will store the resolvable random
4721 * address first. Now if it can be converted back into the
4722 * identity address, start using the identity address from
4725 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4727 #ifdef __TIZEN_PATCH__
4728 /* Update rpa. So that, if irk is refreshed, it can be saved */
4729 bacpy(&irk->rpa, &conn->dst);
4731 bacpy(&conn->dst, &irk->bdaddr);
4732 conn->dst_type = irk->addr_type;
4736 hci_le_conn_failed(conn, ev->status);
4740 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4741 addr_type = BDADDR_LE_PUBLIC;
4743 addr_type = BDADDR_LE_RANDOM;
4745 /* Drop the connection if the device is blocked */
4746 if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
4747 hci_conn_drop(conn);
4751 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4752 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4754 conn->sec_level = BT_SECURITY_LOW;
4755 conn->handle = __le16_to_cpu(ev->handle);
4756 conn->state = BT_CONNECTED;
4758 conn->le_conn_interval = le16_to_cpu(ev->interval);
4759 conn->le_conn_latency = le16_to_cpu(ev->latency);
4760 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4762 hci_debugfs_create_conn(conn);
4763 hci_conn_add_sysfs(conn);
4765 hci_proto_connect_cfm(conn, ev->status);
4767 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
4770 list_del_init(¶ms->action);
4772 hci_conn_drop(params->conn);
4773 hci_conn_put(params->conn);
4774 params->conn = NULL;
4779 hci_update_background_scan(hdev);
4780 hci_dev_unlock(hdev);
4783 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4784 struct sk_buff *skb)
4786 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4787 struct hci_conn *conn;
4789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4796 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4798 conn->le_conn_interval = le16_to_cpu(ev->interval);
4799 conn->le_conn_latency = le16_to_cpu(ev->latency);
4800 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4803 hci_dev_unlock(hdev);
4806 /* This function requires the caller holds hdev->lock */
4807 static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
4809 u8 addr_type, u8 adv_type)
4811 struct hci_conn *conn;
4812 struct hci_conn_params *params;
4814 /* If the event is not connectable don't proceed further */
4815 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
4818 /* Ignore if the device is blocked */
4819 if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
4822 /* Most controller will fail if we try to create new connections
4823 * while we have an existing one in slave role.
4825 if (hdev->conn_hash.le_num_slave > 0)
4828 /* If we're not connectable only connect devices that we have in
4829 * our pend_le_conns list.
4831 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4836 switch (params->auto_connect) {
4837 case HCI_AUTO_CONN_DIRECT:
4838 /* Only devices advertising with ADV_DIRECT_IND are
4839 * triggering a connection attempt. This is allowing
4840 * incoming connections from slave devices.
4842 if (adv_type != LE_ADV_DIRECT_IND)
4845 case HCI_AUTO_CONN_ALWAYS:
4846 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4847 * are triggering a connection attempt. This means
4848 * that incoming connectioms from slave device are
4849 * accepted and also outgoing connections to slave
4850 * devices are established when found.
4857 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4858 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4859 if (!IS_ERR(conn)) {
4860 /* Store the pointer since we don't really have any
4861 * other owner of the object besides the params that
4862 * triggered it. This way we can abort the connection if
4863 * the parameters get removed and keep the reference
4864 * count consistent once the connection is established.
4866 params->conn = hci_conn_get(conn);
4870 switch (PTR_ERR(conn)) {
4872 /* If hci_connect() returns -EBUSY it means there is already
4873 * an LE connection attempt going on. Since controllers don't
4874 * support more than one connection attempt at the time, we
4875 * don't consider this an error case.
4879 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4886 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4887 u8 bdaddr_type, bdaddr_t *direct_addr,
4888 u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
4890 #ifndef CONFIG_TIZEN_WIP
4891 struct discovery_state *d = &hdev->discovery;
4893 struct smp_irk *irk;
4894 struct hci_conn *conn;
4895 #ifndef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Disable adv ind and scan rsp merging */
4900 /* If the direct address is present, then this report is from
4901 * a LE Direct Advertising Report event. In that case it is
4902 * important to see if the address is matching the local
4903 * controller address.
4906 /* Only resolvable random addresses are valid for these
4907 * kind of reports and others can be ignored.
4909 if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
4912 /* If the controller is not using resolvable random
4913 * addresses, then this report can be ignored.
4915 if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
4918 /* If the local IRK of the controller does not match
4919 * with the resolvable random address provided, then
4920 * this report can be ignored.
4922 if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
4926 /* Check if we need to convert to identity address */
4927 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4929 bdaddr = &irk->bdaddr;
4930 bdaddr_type = irk->addr_type;
4933 /* Check if we have been requested to connect to this device */
4934 conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
4935 if (conn && type == LE_ADV_IND) {
4936 /* Store report for later inclusion by
4937 * mgmt_device_connected
4939 memcpy(conn->le_adv_data, data, len);
4940 conn->le_adv_data_len = len;
4943 /* Passive scanning shouldn't trigger any device found events,
4944 * except for devices marked as CONN_REPORT for which we do send
4945 * device found events.
4947 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4948 if (type == LE_ADV_DIRECT_IND)
4951 #ifndef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Handle all adv packet in platform */
4952 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports,
4953 bdaddr, bdaddr_type))
4957 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4958 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4962 #ifdef CONFIG_TIZEN_WIP
4963 mgmt_le_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4964 rssi, flags, data, len, NULL, 0, type);
4966 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4967 rssi, flags, data, len, NULL, 0);
4972 /* When receiving non-connectable or scannable undirected
4973 * advertising reports, this means that the remote device is
4974 * not connectable and then clearly indicate this in the
4975 * device found event.
4977 * When receiving a scan response, then there is no way to
4978 * know if the remote device is connectable or not. However
4979 * since scan responses are merged with a previously seen
4980 * advertising report, the flags field from that report
4983 * In the really unlikely case that a controller get confused
4984 * and just sends a scan response event, then it is marked as
4985 * not connectable as well.
4987 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4988 type == LE_ADV_SCAN_RSP)
4989 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4993 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Disable adv ind and scan rsp merging */
4994 mgmt_le_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4995 rssi, flags, data, len, NULL, 0, type);
4997 /* If there's nothing pending either store the data from this
4998 * event or send an immediate device found event if the data
4999 * should not be stored for later.
5001 if (!has_pending_adv_report(hdev)) {
5002 /* If the report will trigger a SCAN_REQ store it for
5005 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5006 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5007 rssi, flags, data, len);
5011 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5012 rssi, flags, data, len, NULL, 0);
5016 /* Check if the pending report is for the same device as the new one */
5017 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
5018 bdaddr_type == d->last_adv_addr_type);
5020 /* If the pending data doesn't match this report or this isn't a
5021 * scan response (e.g. we got a duplicate ADV_IND) then force
5022 * sending of the pending data.
5024 if (type != LE_ADV_SCAN_RSP || !match) {
5025 /* Send out whatever is in the cache, but skip duplicates */
5027 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5028 d->last_adv_addr_type, NULL,
5029 d->last_adv_rssi, d->last_adv_flags,
5031 d->last_adv_data_len, NULL, 0);
5033 /* If the new report will trigger a SCAN_REQ store it for
5036 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
5037 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
5038 rssi, flags, data, len);
5042 /* The advertising reports cannot be merged, so clear
5043 * the pending report and send out a device found event.
5045 clear_pending_adv_report(hdev);
5046 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
5047 rssi, flags, data, len, NULL, 0);
5051 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
5052 * the new event is a SCAN_RSP. We can therefore proceed with
5053 * sending a merged device found event.
5055 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
5056 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
5057 d->last_adv_data, d->last_adv_data_len, data, len);
5058 clear_pending_adv_report(hdev);
5062 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5064 u8 num_reports = skb->data[0];
5065 void *ptr = &skb->data[1];
5069 while (num_reports--) {
5070 struct hci_ev_le_advertising_info *ev = ptr;
5073 rssi = ev->data[ev->length];
5074 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5075 ev->bdaddr_type, NULL, 0, rssi,
5076 ev->data, ev->length);
5078 ptr += sizeof(*ev) + ev->length + 1;
5081 hci_dev_unlock(hdev);
5084 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
5086 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
5087 struct hci_cp_le_ltk_reply cp;
5088 struct hci_cp_le_ltk_neg_reply neg;
5089 struct hci_conn *conn;
5090 struct smp_ltk *ltk;
5092 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
5096 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
5100 ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
5104 if (smp_ltk_is_sc(ltk)) {
5105 /* With SC both EDiv and Rand are set to zero */
5106 if (ev->ediv || ev->rand)
5109 /* For non-SC keys check that EDiv and Rand match */
5110 if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
5114 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
5115 cp.handle = cpu_to_le16(conn->handle);
5117 conn->pending_sec_level = smp_ltk_sec_level(ltk);
5119 conn->enc_key_size = ltk->enc_size;
5121 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
5123 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
5124 * temporary key used to encrypt a connection following
5125 * pairing. It is used during the Encrypted Session Setup to
5126 * distribute the keys. Later, security can be re-established
5127 * using a distributed LTK.
5129 if (ltk->type == SMP_STK) {
5130 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5131 list_del_rcu(<k->list);
5132 kfree_rcu(ltk, rcu);
5134 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
5137 hci_dev_unlock(hdev);
5142 neg.handle = ev->handle;
5143 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
5144 hci_dev_unlock(hdev);
5147 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
5150 struct hci_cp_le_conn_param_req_neg_reply cp;
5152 cp.handle = cpu_to_le16(handle);
5155 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
5159 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
5160 struct sk_buff *skb)
5162 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
5163 struct hci_cp_le_conn_param_req_reply cp;
5164 struct hci_conn *hcon;
5165 u16 handle, min, max, latency, timeout;
5167 handle = le16_to_cpu(ev->handle);
5168 min = le16_to_cpu(ev->interval_min);
5169 max = le16_to_cpu(ev->interval_max);
5170 latency = le16_to_cpu(ev->latency);
5171 timeout = le16_to_cpu(ev->timeout);
5173 hcon = hci_conn_hash_lookup_handle(hdev, handle);
5174 if (!hcon || hcon->state != BT_CONNECTED)
5175 return send_conn_param_neg_reply(hdev, handle,
5176 HCI_ERROR_UNKNOWN_CONN_ID);
5178 if (hci_check_conn_params(min, max, latency, timeout))
5179 return send_conn_param_neg_reply(hdev, handle,
5180 HCI_ERROR_INVALID_LL_PARAMS);
5182 if (hcon->role == HCI_ROLE_MASTER) {
5183 struct hci_conn_params *params;
5188 params = hci_conn_params_lookup(hdev, &hcon->dst,
5191 params->conn_min_interval = min;
5192 params->conn_max_interval = max;
5193 params->conn_latency = latency;
5194 params->supervision_timeout = timeout;
5200 hci_dev_unlock(hdev);
5202 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
5203 store_hint, min, max, latency, timeout);
5206 cp.handle = ev->handle;
5207 cp.interval_min = ev->interval_min;
5208 cp.interval_max = ev->interval_max;
5209 cp.latency = ev->latency;
5210 cp.timeout = ev->timeout;
5214 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
5217 static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
5218 struct sk_buff *skb)
5220 u8 num_reports = skb->data[0];
5221 void *ptr = &skb->data[1];
5225 while (num_reports--) {
5226 struct hci_ev_le_direct_adv_info *ev = ptr;
5228 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
5229 ev->bdaddr_type, &ev->direct_addr,
5230 ev->direct_addr_type, ev->rssi, NULL, 0);
5235 hci_dev_unlock(hdev);
5238 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5240 struct hci_ev_le_meta *le_ev = (void *) skb->data;
5242 skb_pull(skb, sizeof(*le_ev));
5244 switch (le_ev->subevent) {
5245 case HCI_EV_LE_CONN_COMPLETE:
5246 hci_le_conn_complete_evt(hdev, skb);
5249 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
5250 hci_le_conn_update_complete_evt(hdev, skb);
5253 case HCI_EV_LE_ADVERTISING_REPORT:
5254 hci_le_adv_report_evt(hdev, skb);
5257 case HCI_EV_LE_LTK_REQ:
5258 hci_le_ltk_request_evt(hdev, skb);
5261 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
5262 hci_le_remote_conn_param_req_evt(hdev, skb);
5265 case HCI_EV_LE_DIRECT_ADV_REPORT:
5266 hci_le_direct_adv_report_evt(hdev, skb);
5274 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
5276 struct hci_ev_channel_selected *ev = (void *) skb->data;
5277 struct hci_conn *hcon;
5279 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
5281 skb_pull(skb, sizeof(*ev));
5283 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
5287 amp_read_loc_assoc_final_data(hdev, hcon);
5290 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5292 struct hci_event_hdr *hdr = (void *) skb->data;
5293 __u8 event = hdr->evt;
5297 /* Received events are (currently) only needed when a request is
5298 * ongoing so avoid unnecessary memory allocation.
5300 if (hci_req_pending(hdev)) {
5301 kfree_skb(hdev->recv_evt);
5302 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
5305 hci_dev_unlock(hdev);
5307 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5309 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
5310 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5311 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
5313 hci_req_cmd_complete(hdev, opcode, 0);
5317 case HCI_EV_INQUIRY_COMPLETE:
5318 hci_inquiry_complete_evt(hdev, skb);
5321 case HCI_EV_INQUIRY_RESULT:
5322 hci_inquiry_result_evt(hdev, skb);
5325 case HCI_EV_CONN_COMPLETE:
5326 hci_conn_complete_evt(hdev, skb);
5329 case HCI_EV_CONN_REQUEST:
5330 hci_conn_request_evt(hdev, skb);
5333 case HCI_EV_DISCONN_COMPLETE:
5334 hci_disconn_complete_evt(hdev, skb);
5337 case HCI_EV_AUTH_COMPLETE:
5338 hci_auth_complete_evt(hdev, skb);
5341 case HCI_EV_REMOTE_NAME:
5342 hci_remote_name_evt(hdev, skb);
5345 case HCI_EV_ENCRYPT_CHANGE:
5346 hci_encrypt_change_evt(hdev, skb);
5349 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
5350 hci_change_link_key_complete_evt(hdev, skb);
5353 case HCI_EV_REMOTE_FEATURES:
5354 hci_remote_features_evt(hdev, skb);
5357 case HCI_EV_CMD_COMPLETE:
5358 hci_cmd_complete_evt(hdev, skb);
5361 case HCI_EV_CMD_STATUS:
5362 hci_cmd_status_evt(hdev, skb);
5365 case HCI_EV_HARDWARE_ERROR:
5366 hci_hardware_error_evt(hdev, skb);
5369 case HCI_EV_ROLE_CHANGE:
5370 hci_role_change_evt(hdev, skb);
5373 case HCI_EV_NUM_COMP_PKTS:
5374 hci_num_comp_pkts_evt(hdev, skb);
5377 case HCI_EV_MODE_CHANGE:
5378 hci_mode_change_evt(hdev, skb);
5381 case HCI_EV_PIN_CODE_REQ:
5382 hci_pin_code_request_evt(hdev, skb);
5385 case HCI_EV_LINK_KEY_REQ:
5386 hci_link_key_request_evt(hdev, skb);
5389 case HCI_EV_LINK_KEY_NOTIFY:
5390 hci_link_key_notify_evt(hdev, skb);
5393 case HCI_EV_CLOCK_OFFSET:
5394 hci_clock_offset_evt(hdev, skb);
5397 case HCI_EV_PKT_TYPE_CHANGE:
5398 hci_pkt_type_change_evt(hdev, skb);
5401 case HCI_EV_PSCAN_REP_MODE:
5402 hci_pscan_rep_mode_evt(hdev, skb);
5405 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
5406 hci_inquiry_result_with_rssi_evt(hdev, skb);
5409 case HCI_EV_REMOTE_EXT_FEATURES:
5410 hci_remote_ext_features_evt(hdev, skb);
5413 case HCI_EV_SYNC_CONN_COMPLETE:
5414 hci_sync_conn_complete_evt(hdev, skb);
5417 case HCI_EV_EXTENDED_INQUIRY_RESULT:
5418 hci_extended_inquiry_result_evt(hdev, skb);
5421 case HCI_EV_KEY_REFRESH_COMPLETE:
5422 hci_key_refresh_complete_evt(hdev, skb);
5425 case HCI_EV_IO_CAPA_REQUEST:
5426 hci_io_capa_request_evt(hdev, skb);
5429 case HCI_EV_IO_CAPA_REPLY:
5430 hci_io_capa_reply_evt(hdev, skb);
5433 case HCI_EV_USER_CONFIRM_REQUEST:
5434 hci_user_confirm_request_evt(hdev, skb);
5437 case HCI_EV_USER_PASSKEY_REQUEST:
5438 hci_user_passkey_request_evt(hdev, skb);
5441 case HCI_EV_USER_PASSKEY_NOTIFY:
5442 hci_user_passkey_notify_evt(hdev, skb);
5445 case HCI_EV_KEYPRESS_NOTIFY:
5446 hci_keypress_notify_evt(hdev, skb);
5449 case HCI_EV_SIMPLE_PAIR_COMPLETE:
5450 hci_simple_pair_complete_evt(hdev, skb);
5453 case HCI_EV_REMOTE_HOST_FEATURES:
5454 hci_remote_host_features_evt(hdev, skb);
5457 case HCI_EV_LE_META:
5458 hci_le_meta_evt(hdev, skb);
5461 case HCI_EV_CHANNEL_SELECTED:
5462 hci_chan_selected_evt(hdev, skb);
5465 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
5466 hci_remote_oob_data_request_evt(hdev, skb);
5469 case HCI_EV_PHY_LINK_COMPLETE:
5470 hci_phy_link_complete_evt(hdev, skb);
5473 case HCI_EV_LOGICAL_LINK_COMPLETE:
5474 hci_loglink_complete_evt(hdev, skb);
5477 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
5478 hci_disconn_loglink_complete_evt(hdev, skb);
5481 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
5482 hci_disconn_phylink_complete_evt(hdev, skb);
5485 case HCI_EV_NUM_COMP_BLOCKS:
5486 hci_num_comp_blocks_evt(hdev, skb);
5489 #ifdef CONFIG_TIZEN_WIP
5490 case HCI_EV_VENDOR_SPECIFIC:
5491 hci_vendor_specific_evt(hdev, skb);
5496 BT_DBG("%s event 0x%2.2x", hdev->name, event);
5501 hdev->stat.evt_rx++;