2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 static bool enable_le
;
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
54 __u8 status
= *((__u8
*) skb
->data
);
56 BT_DBG("%s status 0x%x", hdev
->name
, status
);
60 mgmt_stop_discovery_failed(hdev
, status
);
65 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
68 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
71 hci_req_complete(hdev
, HCI_OP_INQUIRY_CANCEL
, status
);
73 hci_conn_check_pending(hdev
);
76 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
78 __u8 status
= *((__u8
*) skb
->data
);
80 BT_DBG("%s status 0x%x", hdev
->name
, status
);
85 hci_conn_check_pending(hdev
);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
90 BT_DBG("%s", hdev
->name
);
93 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
95 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
96 struct hci_conn
*conn
;
98 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
105 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
108 conn
->link_mode
&= ~HCI_LM_MASTER
;
110 conn
->link_mode
|= HCI_LM_MASTER
;
113 hci_dev_unlock(hdev
);
116 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
118 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
119 struct hci_conn
*conn
;
121 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
128 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
130 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
132 hci_dev_unlock(hdev
);
135 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
137 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
138 struct hci_conn
*conn
;
141 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
146 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
152 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
154 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
156 hci_dev_unlock(hdev
);
159 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
161 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
163 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
168 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
171 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
173 __u8 status
= *((__u8
*) skb
->data
);
176 BT_DBG("%s status 0x%x", hdev
->name
, status
);
178 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
183 hdev
->link_policy
= get_unaligned_le16(sent
);
185 hci_req_complete(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, status
);
188 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
190 __u8 status
= *((__u8
*) skb
->data
);
192 BT_DBG("%s status 0x%x", hdev
->name
, status
);
194 clear_bit(HCI_RESET
, &hdev
->flags
);
196 hci_req_complete(hdev
, HCI_OP_RESET
, status
);
198 /* Reset all flags, except persistent ones */
199 hdev
->dev_flags
&= BIT(HCI_MGMT
) | BIT(HCI_SETUP
) | BIT(HCI_AUTO_OFF
);
202 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
204 __u8 status
= *((__u8
*) skb
->data
);
207 BT_DBG("%s status 0x%x", hdev
->name
, status
);
209 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
215 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
216 mgmt_set_local_name_complete(hdev
, sent
, status
);
219 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
221 hci_dev_unlock(hdev
);
224 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
226 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
228 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
233 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
236 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
238 __u8 status
= *((__u8
*) skb
->data
);
241 BT_DBG("%s status 0x%x", hdev
->name
, status
);
243 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
248 __u8 param
= *((__u8
*) sent
);
250 if (param
== AUTH_ENABLED
)
251 set_bit(HCI_AUTH
, &hdev
->flags
);
253 clear_bit(HCI_AUTH
, &hdev
->flags
);
256 hci_req_complete(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, status
);
259 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
261 __u8 status
= *((__u8
*) skb
->data
);
264 BT_DBG("%s status 0x%x", hdev
->name
, status
);
266 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
271 __u8 param
= *((__u8
*) sent
);
274 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
276 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
279 hci_req_complete(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, status
);
282 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
284 __u8 param
, status
= *((__u8
*) skb
->data
);
285 int old_pscan
, old_iscan
;
288 BT_DBG("%s status 0x%x", hdev
->name
, status
);
290 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
294 param
= *((__u8
*) sent
);
299 mgmt_write_scan_failed(hdev
, param
, status
);
300 hdev
->discov_timeout
= 0;
304 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
305 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
307 if (param
& SCAN_INQUIRY
) {
308 set_bit(HCI_ISCAN
, &hdev
->flags
);
310 mgmt_discoverable(hdev
, 1);
311 if (hdev
->discov_timeout
> 0) {
312 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
313 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
316 } else if (old_iscan
)
317 mgmt_discoverable(hdev
, 0);
319 if (param
& SCAN_PAGE
) {
320 set_bit(HCI_PSCAN
, &hdev
->flags
);
322 mgmt_connectable(hdev
, 1);
323 } else if (old_pscan
)
324 mgmt_connectable(hdev
, 0);
327 hci_dev_unlock(hdev
);
328 hci_req_complete(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, status
);
331 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
333 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
335 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
340 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
342 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
343 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
346 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
348 __u8 status
= *((__u8
*) skb
->data
);
351 BT_DBG("%s status 0x%x", hdev
->name
, status
);
356 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
360 memcpy(hdev
->dev_class
, sent
, 3);
363 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
365 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
368 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
373 setting
= __le16_to_cpu(rp
->voice_setting
);
375 if (hdev
->voice_setting
== setting
)
378 hdev
->voice_setting
= setting
;
380 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
383 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
386 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
388 __u8 status
= *((__u8
*) skb
->data
);
392 BT_DBG("%s status 0x%x", hdev
->name
, status
);
397 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
401 setting
= get_unaligned_le16(sent
);
403 if (hdev
->voice_setting
== setting
)
406 hdev
->voice_setting
= setting
;
408 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
411 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
414 static void hci_cc_host_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
416 __u8 status
= *((__u8
*) skb
->data
);
418 BT_DBG("%s status 0x%x", hdev
->name
, status
);
420 hci_req_complete(hdev
, HCI_OP_HOST_BUFFER_SIZE
, status
);
423 static void hci_cc_read_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
425 struct hci_rp_read_ssp_mode
*rp
= (void *) skb
->data
;
427 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
432 hdev
->ssp_mode
= rp
->mode
;
435 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
437 __u8 status
= *((__u8
*) skb
->data
);
440 BT_DBG("%s status 0x%x", hdev
->name
, status
);
445 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
449 hdev
->ssp_mode
= *((__u8
*) sent
);
452 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
454 if (hdev
->features
[6] & LMP_EXT_INQ
)
457 if (hdev
->features
[3] & LMP_RSSI_INQ
)
460 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
461 hdev
->lmp_subver
== 0x0757)
464 if (hdev
->manufacturer
== 15) {
465 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
467 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
469 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
473 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
474 hdev
->lmp_subver
== 0x1805)
480 static void hci_setup_inquiry_mode(struct hci_dev
*hdev
)
484 mode
= hci_get_inquiry_mode(hdev
);
486 hci_send_cmd(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
489 static void hci_setup_event_mask(struct hci_dev
*hdev
)
491 /* The second byte is 0xff instead of 0x9f (two reserved bits
492 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
493 * command otherwise */
494 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
496 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
497 * any event mask for pre 1.2 devices */
498 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
501 events
[4] |= 0x01; /* Flow Specification Complete */
502 events
[4] |= 0x02; /* Inquiry Result with RSSI */
503 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
504 events
[5] |= 0x08; /* Synchronous Connection Complete */
505 events
[5] |= 0x10; /* Synchronous Connection Changed */
507 if (hdev
->features
[3] & LMP_RSSI_INQ
)
508 events
[4] |= 0x04; /* Inquiry Result with RSSI */
510 if (hdev
->features
[5] & LMP_SNIFF_SUBR
)
511 events
[5] |= 0x20; /* Sniff Subrating */
513 if (hdev
->features
[5] & LMP_PAUSE_ENC
)
514 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
516 if (hdev
->features
[6] & LMP_EXT_INQ
)
517 events
[5] |= 0x40; /* Extended Inquiry Result */
519 if (hdev
->features
[6] & LMP_NO_FLUSH
)
520 events
[7] |= 0x01; /* Enhanced Flush Complete */
522 if (hdev
->features
[7] & LMP_LSTO
)
523 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
525 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
526 events
[6] |= 0x01; /* IO Capability Request */
527 events
[6] |= 0x02; /* IO Capability Response */
528 events
[6] |= 0x04; /* User Confirmation Request */
529 events
[6] |= 0x08; /* User Passkey Request */
530 events
[6] |= 0x10; /* Remote OOB Data Request */
531 events
[6] |= 0x20; /* Simple Pairing Complete */
532 events
[7] |= 0x04; /* User Passkey Notification */
533 events
[7] |= 0x08; /* Keypress Notification */
534 events
[7] |= 0x10; /* Remote Host Supported
535 * Features Notification */
538 if (hdev
->features
[4] & LMP_LE
)
539 events
[7] |= 0x20; /* LE Meta-Event */
541 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
544 static void hci_set_le_support(struct hci_dev
*hdev
)
546 struct hci_cp_write_le_host_supported cp
;
548 memset(&cp
, 0, sizeof(cp
));
552 cp
.simul
= !!(hdev
->features
[6] & LMP_SIMUL_LE_BR
);
555 hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(cp
), &cp
);
558 static void hci_setup(struct hci_dev
*hdev
)
560 if (hdev
->dev_type
!= HCI_BREDR
)
563 hci_setup_event_mask(hdev
);
565 if (hdev
->hci_ver
> BLUETOOTH_VER_1_1
)
566 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
568 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
570 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(mode
), &mode
);
573 if (hdev
->features
[3] & LMP_RSSI_INQ
)
574 hci_setup_inquiry_mode(hdev
);
576 if (hdev
->features
[7] & LMP_INQ_TX_PWR
)
577 hci_send_cmd(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
579 if (hdev
->features
[7] & LMP_EXTFEATURES
) {
580 struct hci_cp_read_local_ext_features cp
;
583 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_EXT_FEATURES
,
587 if (hdev
->features
[4] & LMP_LE
)
588 hci_set_le_support(hdev
);
591 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
593 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
595 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
600 hdev
->hci_ver
= rp
->hci_ver
;
601 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
602 hdev
->lmp_ver
= rp
->lmp_ver
;
603 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
604 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
606 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev
->name
,
608 hdev
->hci_ver
, hdev
->hci_rev
);
610 if (test_bit(HCI_INIT
, &hdev
->flags
))
614 static void hci_setup_link_policy(struct hci_dev
*hdev
)
618 if (hdev
->features
[0] & LMP_RSWITCH
)
619 link_policy
|= HCI_LP_RSWITCH
;
620 if (hdev
->features
[0] & LMP_HOLD
)
621 link_policy
|= HCI_LP_HOLD
;
622 if (hdev
->features
[0] & LMP_SNIFF
)
623 link_policy
|= HCI_LP_SNIFF
;
624 if (hdev
->features
[1] & LMP_PARK
)
625 link_policy
|= HCI_LP_PARK
;
627 link_policy
= cpu_to_le16(link_policy
);
628 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
,
629 sizeof(link_policy
), &link_policy
);
632 static void hci_cc_read_local_commands(struct hci_dev
*hdev
, struct sk_buff
*skb
)
634 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
636 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
641 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
643 if (test_bit(HCI_INIT
, &hdev
->flags
) && (hdev
->commands
[5] & 0x10))
644 hci_setup_link_policy(hdev
);
647 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, rp
->status
);
650 static void hci_cc_read_local_features(struct hci_dev
*hdev
, struct sk_buff
*skb
)
652 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
654 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
659 memcpy(hdev
->features
, rp
->features
, 8);
661 /* Adjust default settings according to features
662 * supported by device. */
664 if (hdev
->features
[0] & LMP_3SLOT
)
665 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
667 if (hdev
->features
[0] & LMP_5SLOT
)
668 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
670 if (hdev
->features
[1] & LMP_HV2
) {
671 hdev
->pkt_type
|= (HCI_HV2
);
672 hdev
->esco_type
|= (ESCO_HV2
);
675 if (hdev
->features
[1] & LMP_HV3
) {
676 hdev
->pkt_type
|= (HCI_HV3
);
677 hdev
->esco_type
|= (ESCO_HV3
);
680 if (hdev
->features
[3] & LMP_ESCO
)
681 hdev
->esco_type
|= (ESCO_EV3
);
683 if (hdev
->features
[4] & LMP_EV4
)
684 hdev
->esco_type
|= (ESCO_EV4
);
686 if (hdev
->features
[4] & LMP_EV5
)
687 hdev
->esco_type
|= (ESCO_EV5
);
689 if (hdev
->features
[5] & LMP_EDR_ESCO_2M
)
690 hdev
->esco_type
|= (ESCO_2EV3
);
692 if (hdev
->features
[5] & LMP_EDR_ESCO_3M
)
693 hdev
->esco_type
|= (ESCO_3EV3
);
695 if (hdev
->features
[5] & LMP_EDR_3S_ESCO
)
696 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
698 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev
->name
,
699 hdev
->features
[0], hdev
->features
[1],
700 hdev
->features
[2], hdev
->features
[3],
701 hdev
->features
[4], hdev
->features
[5],
702 hdev
->features
[6], hdev
->features
[7]);
705 static void hci_cc_read_local_ext_features(struct hci_dev
*hdev
,
708 struct hci_rp_read_local_ext_features
*rp
= (void *) skb
->data
;
710 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
717 memcpy(hdev
->features
, rp
->features
, 8);
720 memcpy(hdev
->host_features
, rp
->features
, 8);
724 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_EXT_FEATURES
, rp
->status
);
727 static void hci_cc_read_flow_control_mode(struct hci_dev
*hdev
,
730 struct hci_rp_read_flow_control_mode
*rp
= (void *) skb
->data
;
732 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
737 hdev
->flow_ctl_mode
= rp
->mode
;
739 hci_req_complete(hdev
, HCI_OP_READ_FLOW_CONTROL_MODE
, rp
->status
);
742 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
744 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
746 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
751 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
752 hdev
->sco_mtu
= rp
->sco_mtu
;
753 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
754 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
756 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
761 hdev
->acl_cnt
= hdev
->acl_pkts
;
762 hdev
->sco_cnt
= hdev
->sco_pkts
;
764 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
,
765 hdev
->acl_mtu
, hdev
->acl_pkts
,
766 hdev
->sco_mtu
, hdev
->sco_pkts
);
769 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
771 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
773 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
776 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
778 hci_req_complete(hdev
, HCI_OP_READ_BD_ADDR
, rp
->status
);
781 static void hci_cc_read_data_block_size(struct hci_dev
*hdev
,
784 struct hci_rp_read_data_block_size
*rp
= (void *) skb
->data
;
786 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
791 hdev
->block_mtu
= __le16_to_cpu(rp
->max_acl_len
);
792 hdev
->block_len
= __le16_to_cpu(rp
->block_len
);
793 hdev
->num_blocks
= __le16_to_cpu(rp
->num_blocks
);
795 hdev
->block_cnt
= hdev
->num_blocks
;
797 BT_DBG("%s blk mtu %d cnt %d len %d", hdev
->name
, hdev
->block_mtu
,
798 hdev
->block_cnt
, hdev
->block_len
);
800 hci_req_complete(hdev
, HCI_OP_READ_DATA_BLOCK_SIZE
, rp
->status
);
803 static void hci_cc_write_ca_timeout(struct hci_dev
*hdev
, struct sk_buff
*skb
)
805 __u8 status
= *((__u8
*) skb
->data
);
807 BT_DBG("%s status 0x%x", hdev
->name
, status
);
809 hci_req_complete(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, status
);
812 static void hci_cc_read_local_amp_info(struct hci_dev
*hdev
,
815 struct hci_rp_read_local_amp_info
*rp
= (void *) skb
->data
;
817 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
822 hdev
->amp_status
= rp
->amp_status
;
823 hdev
->amp_total_bw
= __le32_to_cpu(rp
->total_bw
);
824 hdev
->amp_max_bw
= __le32_to_cpu(rp
->max_bw
);
825 hdev
->amp_min_latency
= __le32_to_cpu(rp
->min_latency
);
826 hdev
->amp_max_pdu
= __le32_to_cpu(rp
->max_pdu
);
827 hdev
->amp_type
= rp
->amp_type
;
828 hdev
->amp_pal_cap
= __le16_to_cpu(rp
->pal_cap
);
829 hdev
->amp_assoc_size
= __le16_to_cpu(rp
->max_assoc_size
);
830 hdev
->amp_be_flush_to
= __le32_to_cpu(rp
->be_flush_to
);
831 hdev
->amp_max_flush_to
= __le32_to_cpu(rp
->max_flush_to
);
833 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_AMP_INFO
, rp
->status
);
836 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
839 __u8 status
= *((__u8
*) skb
->data
);
841 BT_DBG("%s status 0x%x", hdev
->name
, status
);
843 hci_req_complete(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, status
);
846 static void hci_cc_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
848 __u8 status
= *((__u8
*) skb
->data
);
850 BT_DBG("%s status 0x%x", hdev
->name
, status
);
852 hci_req_complete(hdev
, HCI_OP_SET_EVENT_MASK
, status
);
855 static void hci_cc_write_inquiry_mode(struct hci_dev
*hdev
,
858 __u8 status
= *((__u8
*) skb
->data
);
860 BT_DBG("%s status 0x%x", hdev
->name
, status
);
862 hci_req_complete(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, status
);
865 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
868 __u8 status
= *((__u8
*) skb
->data
);
870 BT_DBG("%s status 0x%x", hdev
->name
, status
);
872 hci_req_complete(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, status
);
875 static void hci_cc_set_event_flt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
877 __u8 status
= *((__u8
*) skb
->data
);
879 BT_DBG("%s status 0x%x", hdev
->name
, status
);
881 hci_req_complete(hdev
, HCI_OP_SET_EVENT_FLT
, status
);
884 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
886 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
887 struct hci_cp_pin_code_reply
*cp
;
888 struct hci_conn
*conn
;
890 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
894 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
895 mgmt_pin_code_reply_complete(hdev
, &rp
->bdaddr
, rp
->status
);
900 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
904 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
906 conn
->pin_length
= cp
->pin_len
;
909 hci_dev_unlock(hdev
);
912 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
914 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
916 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
920 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
921 mgmt_pin_code_neg_reply_complete(hdev
, &rp
->bdaddr
,
924 hci_dev_unlock(hdev
);
927 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
930 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
932 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
937 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
938 hdev
->le_pkts
= rp
->le_max_pkt
;
940 hdev
->le_cnt
= hdev
->le_pkts
;
942 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
944 hci_req_complete(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, rp
->status
);
947 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
949 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
951 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
955 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
956 mgmt_user_confirm_reply_complete(hdev
, &rp
->bdaddr
,
959 hci_dev_unlock(hdev
);
962 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
965 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
967 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
971 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
972 mgmt_user_confirm_neg_reply_complete(hdev
, &rp
->bdaddr
,
975 hci_dev_unlock(hdev
);
978 static void hci_cc_user_passkey_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
980 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
982 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
986 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
987 mgmt_user_passkey_reply_complete(hdev
, &rp
->bdaddr
,
990 hci_dev_unlock(hdev
);
993 static void hci_cc_user_passkey_neg_reply(struct hci_dev
*hdev
,
996 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
998 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
1002 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1003 mgmt_user_passkey_neg_reply_complete(hdev
, &rp
->bdaddr
,
1006 hci_dev_unlock(hdev
);
1009 static void hci_cc_read_local_oob_data_reply(struct hci_dev
*hdev
,
1010 struct sk_buff
*skb
)
1012 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
1014 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
1017 mgmt_read_local_oob_data_reply_complete(hdev
, rp
->hash
,
1018 rp
->randomizer
, rp
->status
);
1019 hci_dev_unlock(hdev
);
1022 static void hci_cc_le_set_scan_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1024 __u8 status
= *((__u8
*) skb
->data
);
1026 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1029 static void hci_cc_le_set_scan_enable(struct hci_dev
*hdev
,
1030 struct sk_buff
*skb
)
1032 struct hci_cp_le_set_scan_enable
*cp
;
1033 __u8 status
= *((__u8
*) skb
->data
);
1035 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1040 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
);
1044 switch (cp
->enable
) {
1045 case LE_SCANNING_ENABLED
:
1046 set_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1048 cancel_delayed_work_sync(&hdev
->adv_work
);
1051 hci_adv_entries_clear(hdev
);
1052 hci_dev_unlock(hdev
);
1055 case LE_SCANNING_DISABLED
:
1056 clear_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1058 schedule_delayed_work(&hdev
->adv_work
, ADV_CLEAR_TIMEOUT
);
1062 BT_ERR("Used reserved LE_Scan_Enable param %d", cp
->enable
);
1067 static void hci_cc_le_ltk_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1069 struct hci_rp_le_ltk_reply
*rp
= (void *) skb
->data
;
1071 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
1076 hci_req_complete(hdev
, HCI_OP_LE_LTK_REPLY
, rp
->status
);
1079 static void hci_cc_le_ltk_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1081 struct hci_rp_le_ltk_neg_reply
*rp
= (void *) skb
->data
;
1083 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
1088 hci_req_complete(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, rp
->status
);
1091 static inline void hci_cc_write_le_host_supported(struct hci_dev
*hdev
,
1092 struct sk_buff
*skb
)
1094 struct hci_cp_read_local_ext_features cp
;
1095 __u8 status
= *((__u8
*) skb
->data
);
1097 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1103 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_EXT_FEATURES
, sizeof(cp
), &cp
);
1106 static inline void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
1108 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1111 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1112 hci_conn_check_pending(hdev
);
1114 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1115 mgmt_start_discovery_failed(hdev
, status
);
1116 hci_dev_unlock(hdev
);
1120 set_bit(HCI_INQUIRY
, &hdev
->flags
);
1123 hci_discovery_set_state(hdev
, DISCOVERY_INQUIRY
);
1124 hci_dev_unlock(hdev
);
1127 static inline void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
1129 struct hci_cp_create_conn
*cp
;
1130 struct hci_conn
*conn
;
1132 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1134 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
1140 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1142 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->bdaddr
), conn
);
1145 if (conn
&& conn
->state
== BT_CONNECT
) {
1146 if (status
!= 0x0c || conn
->attempt
> 2) {
1147 conn
->state
= BT_CLOSED
;
1148 hci_proto_connect_cfm(conn
, status
);
1151 conn
->state
= BT_CONNECT2
;
1155 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
1158 conn
->link_mode
|= HCI_LM_MASTER
;
1160 BT_ERR("No memory for new connection");
1164 hci_dev_unlock(hdev
);
1167 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
1169 struct hci_cp_add_sco
*cp
;
1170 struct hci_conn
*acl
, *sco
;
1173 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1178 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
1182 handle
= __le16_to_cpu(cp
->handle
);
1184 BT_DBG("%s handle %d", hdev
->name
, handle
);
1188 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1192 sco
->state
= BT_CLOSED
;
1194 hci_proto_connect_cfm(sco
, status
);
1199 hci_dev_unlock(hdev
);
1202 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
1204 struct hci_cp_auth_requested
*cp
;
1205 struct hci_conn
*conn
;
1207 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1212 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
1218 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1220 if (conn
->state
== BT_CONFIG
) {
1221 hci_proto_connect_cfm(conn
, status
);
1226 hci_dev_unlock(hdev
);
1229 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
1231 struct hci_cp_set_conn_encrypt
*cp
;
1232 struct hci_conn
*conn
;
1234 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1239 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
1245 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1247 if (conn
->state
== BT_CONFIG
) {
1248 hci_proto_connect_cfm(conn
, status
);
1253 hci_dev_unlock(hdev
);
1256 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
1257 struct hci_conn
*conn
)
1259 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
1262 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
1265 /* Only request authentication for SSP connections or non-SSP
1266 * devices with sec_level HIGH or if MITM protection is requested */
1267 if (!(hdev
->ssp_mode
> 0 && conn
->ssp_mode
> 0) &&
1268 conn
->pending_sec_level
!= BT_SECURITY_HIGH
&&
1269 !(conn
->auth_type
& 0x01))
1275 static inline int hci_resolve_name(struct hci_dev
*hdev
, struct inquiry_entry
*e
)
1277 struct hci_cp_remote_name_req cp
;
1279 memset(&cp
, 0, sizeof(cp
));
1281 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1282 cp
.pscan_rep_mode
= e
->data
.pscan_rep_mode
;
1283 cp
.pscan_mode
= e
->data
.pscan_mode
;
1284 cp
.clock_offset
= e
->data
.clock_offset
;
1286 return hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1289 static void hci_resolve_next_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1291 struct discovery_state
*discov
= &hdev
->discovery
;
1292 struct inquiry_entry
*e
;
1294 if (discov
->state
== DISCOVERY_STOPPING
)
1295 goto discov_complete
;
1297 if (discov
->state
!= DISCOVERY_RESOLVING
)
1300 e
= hci_inquiry_cache_lookup_resolve(hdev
, bdaddr
, NAME_PENDING
);
1302 e
->name_state
= NAME_KNOWN
;
1306 if (list_empty(&discov
->resolve
))
1307 goto discov_complete
;
1309 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1310 if (hci_resolve_name(hdev
, e
) == 0) {
1311 e
->name_state
= NAME_PENDING
;
1316 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1319 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1321 struct hci_cp_remote_name_req
*cp
;
1322 struct hci_conn
*conn
;
1324 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1326 /* If successful wait for the name req complete event before
1327 * checking for the need to do authentication */
1331 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1337 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1338 hci_resolve_next_name(hdev
, &cp
->bdaddr
);
1340 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1344 if (!hci_outgoing_auth_needed(hdev
, conn
))
1347 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
)) {
1348 struct hci_cp_auth_requested cp
;
1349 cp
.handle
= __cpu_to_le16(conn
->handle
);
1350 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1354 hci_dev_unlock(hdev
);
1357 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1359 struct hci_cp_read_remote_features
*cp
;
1360 struct hci_conn
*conn
;
1362 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1367 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1373 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1375 if (conn
->state
== BT_CONFIG
) {
1376 hci_proto_connect_cfm(conn
, status
);
1381 hci_dev_unlock(hdev
);
1384 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1386 struct hci_cp_read_remote_ext_features
*cp
;
1387 struct hci_conn
*conn
;
1389 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1394 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1400 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1402 if (conn
->state
== BT_CONFIG
) {
1403 hci_proto_connect_cfm(conn
, status
);
1408 hci_dev_unlock(hdev
);
1411 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1413 struct hci_cp_setup_sync_conn
*cp
;
1414 struct hci_conn
*acl
, *sco
;
1417 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1422 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1426 handle
= __le16_to_cpu(cp
->handle
);
1428 BT_DBG("%s handle %d", hdev
->name
, handle
);
1432 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1436 sco
->state
= BT_CLOSED
;
1438 hci_proto_connect_cfm(sco
, status
);
1443 hci_dev_unlock(hdev
);
1446 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1448 struct hci_cp_sniff_mode
*cp
;
1449 struct hci_conn
*conn
;
1451 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1456 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1462 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1464 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1466 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1467 hci_sco_setup(conn
, status
);
1470 hci_dev_unlock(hdev
);
1473 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1475 struct hci_cp_exit_sniff_mode
*cp
;
1476 struct hci_conn
*conn
;
1478 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1483 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1489 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1491 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1493 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1494 hci_sco_setup(conn
, status
);
1497 hci_dev_unlock(hdev
);
1500 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, __u8 status
)
1502 struct hci_cp_le_create_conn
*cp
;
1503 struct hci_conn
*conn
;
1505 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1507 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1513 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1515 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->peer_addr
),
1519 if (conn
&& conn
->state
== BT_CONNECT
) {
1520 conn
->state
= BT_CLOSED
;
1521 hci_proto_connect_cfm(conn
, status
);
1526 conn
= hci_conn_add(hdev
, LE_LINK
, &cp
->peer_addr
);
1528 conn
->dst_type
= cp
->peer_addr_type
;
1531 BT_ERR("No memory for new connection");
1536 hci_dev_unlock(hdev
);
1539 static void hci_cs_le_start_enc(struct hci_dev
*hdev
, u8 status
)
1541 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1544 static inline void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1546 __u8 status
= *((__u8
*) skb
->data
);
1547 struct discovery_state
*discov
= &hdev
->discovery
;
1548 struct inquiry_entry
*e
;
1550 BT_DBG("%s status %d", hdev
->name
, status
);
1552 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1554 hci_conn_check_pending(hdev
);
1556 if (!test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
1559 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1564 if (discov
->state
!= DISCOVERY_INQUIRY
)
1567 if (list_empty(&discov
->resolve
)) {
1568 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1572 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1573 if (e
&& hci_resolve_name(hdev
, e
) == 0) {
1574 e
->name_state
= NAME_PENDING
;
1575 hci_discovery_set_state(hdev
, DISCOVERY_RESOLVING
);
1577 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1581 hci_dev_unlock(hdev
);
1584 static inline void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1586 struct inquiry_data data
;
1587 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1588 int num_rsp
= *((__u8
*) skb
->data
);
1590 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
1597 for (; num_rsp
; num_rsp
--, info
++) {
1600 bacpy(&data
.bdaddr
, &info
->bdaddr
);
1601 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
1602 data
.pscan_period_mode
= info
->pscan_period_mode
;
1603 data
.pscan_mode
= info
->pscan_mode
;
1604 memcpy(data
.dev_class
, info
->dev_class
, 3);
1605 data
.clock_offset
= info
->clock_offset
;
1607 data
.ssp_mode
= 0x00;
1609 name_known
= hci_inquiry_cache_update(hdev
, &data
, false);
1610 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
1611 info
->dev_class
, 0, !name_known
,
1615 hci_dev_unlock(hdev
);
1618 static inline void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1620 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
1621 struct hci_conn
*conn
;
1623 BT_DBG("%s", hdev
->name
);
1627 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1629 if (ev
->link_type
!= SCO_LINK
)
1632 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
1636 conn
->type
= SCO_LINK
;
1640 conn
->handle
= __le16_to_cpu(ev
->handle
);
1642 if (conn
->type
== ACL_LINK
) {
1643 conn
->state
= BT_CONFIG
;
1644 hci_conn_hold(conn
);
1645 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1646 mgmt_device_connected(hdev
, &ev
->bdaddr
, conn
->type
,
1649 conn
->state
= BT_CONNECTED
;
1651 hci_conn_hold_device(conn
);
1652 hci_conn_add_sysfs(conn
);
1654 if (test_bit(HCI_AUTH
, &hdev
->flags
))
1655 conn
->link_mode
|= HCI_LM_AUTH
;
1657 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
1658 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1660 /* Get remote features */
1661 if (conn
->type
== ACL_LINK
) {
1662 struct hci_cp_read_remote_features cp
;
1663 cp
.handle
= ev
->handle
;
1664 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
1668 /* Set packet type for incoming connection */
1669 if (!conn
->out
&& hdev
->hci_ver
< BLUETOOTH_VER_2_0
) {
1670 struct hci_cp_change_conn_ptype cp
;
1671 cp
.handle
= ev
->handle
;
1672 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1673 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
,
1677 conn
->state
= BT_CLOSED
;
1678 if (conn
->type
== ACL_LINK
)
1679 mgmt_connect_failed(hdev
, &ev
->bdaddr
, conn
->type
,
1680 conn
->dst_type
, ev
->status
);
1683 if (conn
->type
== ACL_LINK
)
1684 hci_sco_setup(conn
, ev
->status
);
1687 hci_proto_connect_cfm(conn
, ev
->status
);
1689 } else if (ev
->link_type
!= ACL_LINK
)
1690 hci_proto_connect_cfm(conn
, ev
->status
);
1693 hci_dev_unlock(hdev
);
1695 hci_conn_check_pending(hdev
);
1698 static inline void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1700 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
1701 int mask
= hdev
->link_mode
;
1703 BT_DBG("%s bdaddr %s type 0x%x", hdev
->name
,
1704 batostr(&ev
->bdaddr
), ev
->link_type
);
1706 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
);
1708 if ((mask
& HCI_LM_ACCEPT
) &&
1709 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
)) {
1710 /* Connection accepted */
1711 struct inquiry_entry
*ie
;
1712 struct hci_conn
*conn
;
1716 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
1718 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
1720 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1722 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
1724 BT_ERR("No memory for new connection");
1725 hci_dev_unlock(hdev
);
1730 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
1731 conn
->state
= BT_CONNECT
;
1733 hci_dev_unlock(hdev
);
1735 if (ev
->link_type
== ACL_LINK
|| !lmp_esco_capable(hdev
)) {
1736 struct hci_cp_accept_conn_req cp
;
1738 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1740 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
1741 cp
.role
= 0x00; /* Become master */
1743 cp
.role
= 0x01; /* Remain slave */
1745 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
,
1748 struct hci_cp_accept_sync_conn_req cp
;
1750 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1751 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1753 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
1754 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
1755 cp
.max_latency
= cpu_to_le16(0xffff);
1756 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
1757 cp
.retrans_effort
= 0xff;
1759 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
1763 /* Connection rejected */
1764 struct hci_cp_reject_conn_req cp
;
1766 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1767 cp
.reason
= HCI_ERROR_REJ_BAD_ADDR
;
1768 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
1772 static inline void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1774 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
1775 struct hci_conn
*conn
;
1777 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1781 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1785 if (ev
->status
== 0)
1786 conn
->state
= BT_CLOSED
;
1788 if (conn
->type
== ACL_LINK
|| conn
->type
== LE_LINK
) {
1789 if (ev
->status
!= 0)
1790 mgmt_disconnect_failed(hdev
, &conn
->dst
, ev
->status
);
1792 mgmt_device_disconnected(hdev
, &conn
->dst
, conn
->type
,
1796 if (ev
->status
== 0) {
1797 hci_proto_disconn_cfm(conn
, ev
->reason
);
1802 hci_dev_unlock(hdev
);
1805 static inline void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1807 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
1808 struct hci_conn
*conn
;
1810 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1814 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1819 if (!(conn
->ssp_mode
> 0 && hdev
->ssp_mode
> 0) &&
1820 test_bit(HCI_CONN_REAUTH_PEND
, &conn
->pend
)) {
1821 BT_INFO("re-auth of legacy device is not possible.");
1823 conn
->link_mode
|= HCI_LM_AUTH
;
1824 conn
->sec_level
= conn
->pending_sec_level
;
1827 mgmt_auth_failed(hdev
, &conn
->dst
, ev
->status
);
1830 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1831 clear_bit(HCI_CONN_REAUTH_PEND
, &conn
->pend
);
1833 if (conn
->state
== BT_CONFIG
) {
1834 if (!ev
->status
&& hdev
->ssp_mode
> 0 && conn
->ssp_mode
> 0) {
1835 struct hci_cp_set_conn_encrypt cp
;
1836 cp
.handle
= ev
->handle
;
1838 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
1841 conn
->state
= BT_CONNECTED
;
1842 hci_proto_connect_cfm(conn
, ev
->status
);
1846 hci_auth_cfm(conn
, ev
->status
);
1848 hci_conn_hold(conn
);
1849 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1853 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
)) {
1855 struct hci_cp_set_conn_encrypt cp
;
1856 cp
.handle
= ev
->handle
;
1858 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
1861 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1862 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
1867 hci_dev_unlock(hdev
);
1870 static inline void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1872 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
1873 struct hci_conn
*conn
;
1875 BT_DBG("%s", hdev
->name
);
1877 hci_conn_check_pending(hdev
);
1881 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
)) {
1882 if (ev
->status
== 0)
1883 mgmt_remote_name(hdev
, &ev
->bdaddr
, ev
->name
);
1885 hci_resolve_next_name(hdev
, &ev
->bdaddr
);
1888 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1892 if (!hci_outgoing_auth_needed(hdev
, conn
))
1895 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
)) {
1896 struct hci_cp_auth_requested cp
;
1897 cp
.handle
= __cpu_to_le16(conn
->handle
);
1898 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1902 hci_dev_unlock(hdev
);
1905 static inline void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1907 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
1908 struct hci_conn
*conn
;
1910 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1914 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1918 /* Encryption implies authentication */
1919 conn
->link_mode
|= HCI_LM_AUTH
;
1920 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1921 conn
->sec_level
= conn
->pending_sec_level
;
1923 conn
->link_mode
&= ~HCI_LM_ENCRYPT
;
1926 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1928 if (conn
->state
== BT_CONFIG
) {
1930 conn
->state
= BT_CONNECTED
;
1932 hci_proto_connect_cfm(conn
, ev
->status
);
1935 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
1938 hci_dev_unlock(hdev
);
1941 static inline void hci_change_link_key_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1943 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
1944 struct hci_conn
*conn
;
1946 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1950 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1953 conn
->link_mode
|= HCI_LM_SECURE
;
1955 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1957 hci_key_change_cfm(conn
, ev
->status
);
1960 hci_dev_unlock(hdev
);
1963 static inline void hci_remote_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1965 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
1966 struct hci_conn
*conn
;
1968 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1972 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1977 memcpy(conn
->features
, ev
->features
, 8);
1979 if (conn
->state
!= BT_CONFIG
)
1982 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
1983 struct hci_cp_read_remote_ext_features cp
;
1984 cp
.handle
= ev
->handle
;
1986 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
1992 struct hci_cp_remote_name_req cp
;
1993 memset(&cp
, 0, sizeof(cp
));
1994 bacpy(&cp
.bdaddr
, &conn
->dst
);
1995 cp
.pscan_rep_mode
= 0x02;
1996 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1999 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2000 conn
->state
= BT_CONNECTED
;
2001 hci_proto_connect_cfm(conn
, ev
->status
);
2006 hci_dev_unlock(hdev
);
2009 static inline void hci_remote_version_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2011 BT_DBG("%s", hdev
->name
);
2014 static inline void hci_qos_setup_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2016 BT_DBG("%s", hdev
->name
);
2019 static inline void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2021 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
2024 skb_pull(skb
, sizeof(*ev
));
2026 opcode
= __le16_to_cpu(ev
->opcode
);
2029 case HCI_OP_INQUIRY_CANCEL
:
2030 hci_cc_inquiry_cancel(hdev
, skb
);
2033 case HCI_OP_EXIT_PERIODIC_INQ
:
2034 hci_cc_exit_periodic_inq(hdev
, skb
);
2037 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
2038 hci_cc_remote_name_req_cancel(hdev
, skb
);
2041 case HCI_OP_ROLE_DISCOVERY
:
2042 hci_cc_role_discovery(hdev
, skb
);
2045 case HCI_OP_READ_LINK_POLICY
:
2046 hci_cc_read_link_policy(hdev
, skb
);
2049 case HCI_OP_WRITE_LINK_POLICY
:
2050 hci_cc_write_link_policy(hdev
, skb
);
2053 case HCI_OP_READ_DEF_LINK_POLICY
:
2054 hci_cc_read_def_link_policy(hdev
, skb
);
2057 case HCI_OP_WRITE_DEF_LINK_POLICY
:
2058 hci_cc_write_def_link_policy(hdev
, skb
);
2062 hci_cc_reset(hdev
, skb
);
2065 case HCI_OP_WRITE_LOCAL_NAME
:
2066 hci_cc_write_local_name(hdev
, skb
);
2069 case HCI_OP_READ_LOCAL_NAME
:
2070 hci_cc_read_local_name(hdev
, skb
);
2073 case HCI_OP_WRITE_AUTH_ENABLE
:
2074 hci_cc_write_auth_enable(hdev
, skb
);
2077 case HCI_OP_WRITE_ENCRYPT_MODE
:
2078 hci_cc_write_encrypt_mode(hdev
, skb
);
2081 case HCI_OP_WRITE_SCAN_ENABLE
:
2082 hci_cc_write_scan_enable(hdev
, skb
);
2085 case HCI_OP_READ_CLASS_OF_DEV
:
2086 hci_cc_read_class_of_dev(hdev
, skb
);
2089 case HCI_OP_WRITE_CLASS_OF_DEV
:
2090 hci_cc_write_class_of_dev(hdev
, skb
);
2093 case HCI_OP_READ_VOICE_SETTING
:
2094 hci_cc_read_voice_setting(hdev
, skb
);
2097 case HCI_OP_WRITE_VOICE_SETTING
:
2098 hci_cc_write_voice_setting(hdev
, skb
);
2101 case HCI_OP_HOST_BUFFER_SIZE
:
2102 hci_cc_host_buffer_size(hdev
, skb
);
2105 case HCI_OP_READ_SSP_MODE
:
2106 hci_cc_read_ssp_mode(hdev
, skb
);
2109 case HCI_OP_WRITE_SSP_MODE
:
2110 hci_cc_write_ssp_mode(hdev
, skb
);
2113 case HCI_OP_READ_LOCAL_VERSION
:
2114 hci_cc_read_local_version(hdev
, skb
);
2117 case HCI_OP_READ_LOCAL_COMMANDS
:
2118 hci_cc_read_local_commands(hdev
, skb
);
2121 case HCI_OP_READ_LOCAL_FEATURES
:
2122 hci_cc_read_local_features(hdev
, skb
);
2125 case HCI_OP_READ_LOCAL_EXT_FEATURES
:
2126 hci_cc_read_local_ext_features(hdev
, skb
);
2129 case HCI_OP_READ_BUFFER_SIZE
:
2130 hci_cc_read_buffer_size(hdev
, skb
);
2133 case HCI_OP_READ_BD_ADDR
:
2134 hci_cc_read_bd_addr(hdev
, skb
);
2137 case HCI_OP_READ_DATA_BLOCK_SIZE
:
2138 hci_cc_read_data_block_size(hdev
, skb
);
2141 case HCI_OP_WRITE_CA_TIMEOUT
:
2142 hci_cc_write_ca_timeout(hdev
, skb
);
2145 case HCI_OP_READ_FLOW_CONTROL_MODE
:
2146 hci_cc_read_flow_control_mode(hdev
, skb
);
2149 case HCI_OP_READ_LOCAL_AMP_INFO
:
2150 hci_cc_read_local_amp_info(hdev
, skb
);
2153 case HCI_OP_DELETE_STORED_LINK_KEY
:
2154 hci_cc_delete_stored_link_key(hdev
, skb
);
2157 case HCI_OP_SET_EVENT_MASK
:
2158 hci_cc_set_event_mask(hdev
, skb
);
2161 case HCI_OP_WRITE_INQUIRY_MODE
:
2162 hci_cc_write_inquiry_mode(hdev
, skb
);
2165 case HCI_OP_READ_INQ_RSP_TX_POWER
:
2166 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
2169 case HCI_OP_SET_EVENT_FLT
:
2170 hci_cc_set_event_flt(hdev
, skb
);
2173 case HCI_OP_PIN_CODE_REPLY
:
2174 hci_cc_pin_code_reply(hdev
, skb
);
2177 case HCI_OP_PIN_CODE_NEG_REPLY
:
2178 hci_cc_pin_code_neg_reply(hdev
, skb
);
2181 case HCI_OP_READ_LOCAL_OOB_DATA
:
2182 hci_cc_read_local_oob_data_reply(hdev
, skb
);
2185 case HCI_OP_LE_READ_BUFFER_SIZE
:
2186 hci_cc_le_read_buffer_size(hdev
, skb
);
2189 case HCI_OP_USER_CONFIRM_REPLY
:
2190 hci_cc_user_confirm_reply(hdev
, skb
);
2193 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
2194 hci_cc_user_confirm_neg_reply(hdev
, skb
);
2197 case HCI_OP_USER_PASSKEY_REPLY
:
2198 hci_cc_user_passkey_reply(hdev
, skb
);
2201 case HCI_OP_USER_PASSKEY_NEG_REPLY
:
2202 hci_cc_user_passkey_neg_reply(hdev
, skb
);
2204 case HCI_OP_LE_SET_SCAN_PARAM
:
2205 hci_cc_le_set_scan_param(hdev
, skb
);
2208 case HCI_OP_LE_SET_SCAN_ENABLE
:
2209 hci_cc_le_set_scan_enable(hdev
, skb
);
2212 case HCI_OP_LE_LTK_REPLY
:
2213 hci_cc_le_ltk_reply(hdev
, skb
);
2216 case HCI_OP_LE_LTK_NEG_REPLY
:
2217 hci_cc_le_ltk_neg_reply(hdev
, skb
);
2220 case HCI_OP_WRITE_LE_HOST_SUPPORTED
:
2221 hci_cc_write_le_host_supported(hdev
, skb
);
2225 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
2229 if (ev
->opcode
!= HCI_OP_NOP
)
2230 del_timer(&hdev
->cmd_timer
);
2233 atomic_set(&hdev
->cmd_cnt
, 1);
2234 if (!skb_queue_empty(&hdev
->cmd_q
))
2235 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2239 static inline void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2241 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
2244 skb_pull(skb
, sizeof(*ev
));
2246 opcode
= __le16_to_cpu(ev
->opcode
);
2249 case HCI_OP_INQUIRY
:
2250 hci_cs_inquiry(hdev
, ev
->status
);
2253 case HCI_OP_CREATE_CONN
:
2254 hci_cs_create_conn(hdev
, ev
->status
);
2257 case HCI_OP_ADD_SCO
:
2258 hci_cs_add_sco(hdev
, ev
->status
);
2261 case HCI_OP_AUTH_REQUESTED
:
2262 hci_cs_auth_requested(hdev
, ev
->status
);
2265 case HCI_OP_SET_CONN_ENCRYPT
:
2266 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
2269 case HCI_OP_REMOTE_NAME_REQ
:
2270 hci_cs_remote_name_req(hdev
, ev
->status
);
2273 case HCI_OP_READ_REMOTE_FEATURES
:
2274 hci_cs_read_remote_features(hdev
, ev
->status
);
2277 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
2278 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
2281 case HCI_OP_SETUP_SYNC_CONN
:
2282 hci_cs_setup_sync_conn(hdev
, ev
->status
);
2285 case HCI_OP_SNIFF_MODE
:
2286 hci_cs_sniff_mode(hdev
, ev
->status
);
2289 case HCI_OP_EXIT_SNIFF_MODE
:
2290 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
2293 case HCI_OP_DISCONNECT
:
2294 if (ev
->status
!= 0)
2295 mgmt_disconnect_failed(hdev
, NULL
, ev
->status
);
2298 case HCI_OP_LE_CREATE_CONN
:
2299 hci_cs_le_create_conn(hdev
, ev
->status
);
2302 case HCI_OP_LE_START_ENC
:
2303 hci_cs_le_start_enc(hdev
, ev
->status
);
2307 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
2311 if (ev
->opcode
!= HCI_OP_NOP
)
2312 del_timer(&hdev
->cmd_timer
);
2314 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2315 atomic_set(&hdev
->cmd_cnt
, 1);
2316 if (!skb_queue_empty(&hdev
->cmd_q
))
2317 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2321 static inline void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2323 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
2324 struct hci_conn
*conn
;
2326 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2330 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2334 conn
->link_mode
&= ~HCI_LM_MASTER
;
2336 conn
->link_mode
|= HCI_LM_MASTER
;
2339 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->pend
);
2341 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
2344 hci_dev_unlock(hdev
);
2347 static inline void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2349 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
2352 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_PACKET_BASED
) {
2353 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
2357 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
2358 ev
->num_hndl
* sizeof(struct hci_comp_pkts_info
)) {
2359 BT_DBG("%s bad parameters", hdev
->name
);
2363 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
2365 for (i
= 0; i
< ev
->num_hndl
; i
++) {
2366 struct hci_comp_pkts_info
*info
= &ev
->handles
[i
];
2367 struct hci_conn
*conn
;
2368 __u16 handle
, count
;
2370 handle
= __le16_to_cpu(info
->handle
);
2371 count
= __le16_to_cpu(info
->count
);
2373 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2377 conn
->sent
-= count
;
2379 switch (conn
->type
) {
2381 hdev
->acl_cnt
+= count
;
2382 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2383 hdev
->acl_cnt
= hdev
->acl_pkts
;
2387 if (hdev
->le_pkts
) {
2388 hdev
->le_cnt
+= count
;
2389 if (hdev
->le_cnt
> hdev
->le_pkts
)
2390 hdev
->le_cnt
= hdev
->le_pkts
;
2392 hdev
->acl_cnt
+= count
;
2393 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2394 hdev
->acl_cnt
= hdev
->acl_pkts
;
2399 hdev
->sco_cnt
+= count
;
2400 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
2401 hdev
->sco_cnt
= hdev
->sco_pkts
;
2405 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
2410 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2413 static inline void hci_num_comp_blocks_evt(struct hci_dev
*hdev
,
2414 struct sk_buff
*skb
)
2416 struct hci_ev_num_comp_blocks
*ev
= (void *) skb
->data
;
2419 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_BLOCK_BASED
) {
2420 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
2424 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
2425 ev
->num_hndl
* sizeof(struct hci_comp_blocks_info
)) {
2426 BT_DBG("%s bad parameters", hdev
->name
);
2430 BT_DBG("%s num_blocks %d num_hndl %d", hdev
->name
, ev
->num_blocks
,
2433 for (i
= 0; i
< ev
->num_hndl
; i
++) {
2434 struct hci_comp_blocks_info
*info
= &ev
->handles
[i
];
2435 struct hci_conn
*conn
;
2436 __u16 handle
, block_count
;
2438 handle
= __le16_to_cpu(info
->handle
);
2439 block_count
= __le16_to_cpu(info
->blocks
);
2441 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2445 conn
->sent
-= block_count
;
2447 switch (conn
->type
) {
2449 hdev
->block_cnt
+= block_count
;
2450 if (hdev
->block_cnt
> hdev
->num_blocks
)
2451 hdev
->block_cnt
= hdev
->num_blocks
;
2455 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
2460 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2463 static inline void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2465 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
2466 struct hci_conn
*conn
;
2468 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2472 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2474 conn
->mode
= ev
->mode
;
2475 conn
->interval
= __le16_to_cpu(ev
->interval
);
2477 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
)) {
2478 if (conn
->mode
== HCI_CM_ACTIVE
)
2479 conn
->power_save
= 1;
2481 conn
->power_save
= 0;
2484 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
2485 hci_sco_setup(conn
, ev
->status
);
2488 hci_dev_unlock(hdev
);
2491 static inline void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2493 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
2494 struct hci_conn
*conn
;
2496 BT_DBG("%s", hdev
->name
);
2500 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2504 if (conn
->state
== BT_CONNECTED
) {
2505 hci_conn_hold(conn
);
2506 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2510 if (!test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
2511 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2512 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2513 else if (test_bit(HCI_MGMT
, &hdev
->dev_flags
)) {
2516 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
2521 mgmt_pin_code_request(hdev
, &ev
->bdaddr
, secure
);
2525 hci_dev_unlock(hdev
);
2528 static inline void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2530 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
2531 struct hci_cp_link_key_reply cp
;
2532 struct hci_conn
*conn
;
2533 struct link_key
*key
;
2535 BT_DBG("%s", hdev
->name
);
2537 if (!test_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
))
2542 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
2544 BT_DBG("%s link key not found for %s", hdev
->name
,
2545 batostr(&ev
->bdaddr
));
2549 BT_DBG("%s found key type %u for %s", hdev
->name
, key
->type
,
2550 batostr(&ev
->bdaddr
));
2552 if (!test_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
) &&
2553 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
2554 BT_DBG("%s ignoring debug key", hdev
->name
);
2558 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2560 if (key
->type
== HCI_LK_UNAUTH_COMBINATION
&&
2561 conn
->auth_type
!= 0xff &&
2562 (conn
->auth_type
& 0x01)) {
2563 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
2567 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
2568 conn
->pending_sec_level
== BT_SECURITY_HIGH
) {
2569 BT_DBG("%s ignoring key unauthenticated for high \
2570 security", hdev
->name
);
2574 conn
->key_type
= key
->type
;
2575 conn
->pin_length
= key
->pin_len
;
2578 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2579 memcpy(cp
.link_key
, key
->val
, 16);
2581 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
2583 hci_dev_unlock(hdev
);
2588 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
2589 hci_dev_unlock(hdev
);
2592 static inline void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2594 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
2595 struct hci_conn
*conn
;
2598 BT_DBG("%s", hdev
->name
);
2602 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2604 hci_conn_hold(conn
);
2605 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2606 pin_len
= conn
->pin_length
;
2608 if (ev
->key_type
!= HCI_LK_CHANGED_COMBINATION
)
2609 conn
->key_type
= ev
->key_type
;
2614 if (test_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
))
2615 hci_add_link_key(hdev
, conn
, 1, &ev
->bdaddr
, ev
->link_key
,
2616 ev
->key_type
, pin_len
);
2618 hci_dev_unlock(hdev
);
2621 static inline void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2623 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
2624 struct hci_conn
*conn
;
2626 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2630 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2631 if (conn
&& !ev
->status
) {
2632 struct inquiry_entry
*ie
;
2634 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2636 ie
->data
.clock_offset
= ev
->clock_offset
;
2637 ie
->timestamp
= jiffies
;
2641 hci_dev_unlock(hdev
);
2644 static inline void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2646 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
2647 struct hci_conn
*conn
;
2649 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2653 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2654 if (conn
&& !ev
->status
)
2655 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
2657 hci_dev_unlock(hdev
);
2660 static inline void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2662 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
2663 struct inquiry_entry
*ie
;
2665 BT_DBG("%s", hdev
->name
);
2669 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2671 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
2672 ie
->timestamp
= jiffies
;
2675 hci_dev_unlock(hdev
);
2678 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2680 struct inquiry_data data
;
2681 int num_rsp
= *((__u8
*) skb
->data
);
2684 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2691 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
2692 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
2693 info
= (void *) (skb
->data
+ 1);
2695 for (; num_rsp
; num_rsp
--, info
++) {
2696 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2697 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2698 data
.pscan_period_mode
= info
->pscan_period_mode
;
2699 data
.pscan_mode
= info
->pscan_mode
;
2700 memcpy(data
.dev_class
, info
->dev_class
, 3);
2701 data
.clock_offset
= info
->clock_offset
;
2702 data
.rssi
= info
->rssi
;
2703 data
.ssp_mode
= 0x00;
2705 name_known
= hci_inquiry_cache_update(hdev
, &data
,
2707 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2708 info
->dev_class
, info
->rssi
,
2709 !name_known
, NULL
, 0);
2712 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
2714 for (; num_rsp
; num_rsp
--, info
++) {
2715 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2716 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2717 data
.pscan_period_mode
= info
->pscan_period_mode
;
2718 data
.pscan_mode
= 0x00;
2719 memcpy(data
.dev_class
, info
->dev_class
, 3);
2720 data
.clock_offset
= info
->clock_offset
;
2721 data
.rssi
= info
->rssi
;
2722 data
.ssp_mode
= 0x00;
2723 name_known
= hci_inquiry_cache_update(hdev
, &data
,
2725 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2726 info
->dev_class
, info
->rssi
,
2727 !name_known
, NULL
, 0);
2731 hci_dev_unlock(hdev
);
2734 static inline void hci_remote_ext_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2736 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
2737 struct hci_conn
*conn
;
2739 BT_DBG("%s", hdev
->name
);
2743 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2747 if (!ev
->status
&& ev
->page
== 0x01) {
2748 struct inquiry_entry
*ie
;
2750 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2752 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2754 conn
->ssp_mode
= (ev
->features
[0] & 0x01);
2757 if (conn
->state
!= BT_CONFIG
)
2761 struct hci_cp_remote_name_req cp
;
2762 memset(&cp
, 0, sizeof(cp
));
2763 bacpy(&cp
.bdaddr
, &conn
->dst
);
2764 cp
.pscan_rep_mode
= 0x02;
2765 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2768 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2769 conn
->state
= BT_CONNECTED
;
2770 hci_proto_connect_cfm(conn
, ev
->status
);
2775 hci_dev_unlock(hdev
);
2778 static inline void hci_sync_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2780 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
2781 struct hci_conn
*conn
;
2783 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2787 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2789 if (ev
->link_type
== ESCO_LINK
)
2792 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2796 conn
->type
= SCO_LINK
;
2799 switch (ev
->status
) {
2801 conn
->handle
= __le16_to_cpu(ev
->handle
);
2802 conn
->state
= BT_CONNECTED
;
2804 hci_conn_hold_device(conn
);
2805 hci_conn_add_sysfs(conn
);
2808 case 0x11: /* Unsupported Feature or Parameter Value */
2809 case 0x1c: /* SCO interval rejected */
2810 case 0x1a: /* Unsupported Remote Feature */
2811 case 0x1f: /* Unspecified error */
2812 if (conn
->out
&& conn
->attempt
< 2) {
2813 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
2814 (hdev
->esco_type
& EDR_ESCO_MASK
);
2815 hci_setup_sync(conn
, conn
->link
->handle
);
2821 conn
->state
= BT_CLOSED
;
2825 hci_proto_connect_cfm(conn
, ev
->status
);
2830 hci_dev_unlock(hdev
);
2833 static inline void hci_sync_conn_changed_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2835 BT_DBG("%s", hdev
->name
);
2838 static inline void hci_sniff_subrate_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2840 struct hci_ev_sniff_subrate
*ev
= (void *) skb
->data
;
2842 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2845 static inline void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2847 struct inquiry_data data
;
2848 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
2849 int num_rsp
= *((__u8
*) skb
->data
);
2851 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2858 for (; num_rsp
; num_rsp
--, info
++) {
2861 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2862 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2863 data
.pscan_period_mode
= info
->pscan_period_mode
;
2864 data
.pscan_mode
= 0x00;
2865 memcpy(data
.dev_class
, info
->dev_class
, 3);
2866 data
.clock_offset
= info
->clock_offset
;
2867 data
.rssi
= info
->rssi
;
2868 data
.ssp_mode
= 0x01;
2870 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2871 name_known
= eir_has_data_type(info
->data
,
2877 name_known
= hci_inquiry_cache_update(hdev
, &data
, name_known
);
2878 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
2879 info
->dev_class
, info
->rssi
,
2880 !name_known
, info
->data
,
2881 sizeof(info
->data
));
2884 hci_dev_unlock(hdev
);
2887 static inline u8
hci_get_auth_req(struct hci_conn
*conn
)
2889 /* If remote requests dedicated bonding follow that lead */
2890 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03) {
2891 /* If both remote and local IO capabilities allow MITM
2892 * protection then require it, otherwise don't */
2893 if (conn
->remote_cap
== 0x03 || conn
->io_capability
== 0x03)
2899 /* If remote requests no-bonding follow that lead */
2900 if (conn
->remote_auth
== 0x00 || conn
->remote_auth
== 0x01)
2901 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
2903 return conn
->auth_type
;
2906 static inline void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2908 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
2909 struct hci_conn
*conn
;
2911 BT_DBG("%s", hdev
->name
);
2915 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2919 hci_conn_hold(conn
);
2921 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2924 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
) ||
2925 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
2926 struct hci_cp_io_capability_reply cp
;
2928 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2929 cp
.capability
= conn
->io_capability
;
2930 conn
->auth_type
= hci_get_auth_req(conn
);
2931 cp
.authentication
= conn
->auth_type
;
2933 if ((conn
->out
== 0x01 || conn
->remote_oob
== 0x01) &&
2934 hci_find_remote_oob_data(hdev
, &conn
->dst
))
2939 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
2942 struct hci_cp_io_capability_neg_reply cp
;
2944 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2945 cp
.reason
= HCI_ERROR_PAIRING_NOT_ALLOWED
;
2947 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
2952 hci_dev_unlock(hdev
);
2955 static inline void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2957 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
2958 struct hci_conn
*conn
;
2960 BT_DBG("%s", hdev
->name
);
2964 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2968 conn
->remote_cap
= ev
->capability
;
2969 conn
->remote_oob
= ev
->oob_data
;
2970 conn
->remote_auth
= ev
->authentication
;
2973 hci_dev_unlock(hdev
);
2976 static inline void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
2977 struct sk_buff
*skb
)
2979 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
2980 int loc_mitm
, rem_mitm
, confirm_hint
= 0;
2981 struct hci_conn
*conn
;
2983 BT_DBG("%s", hdev
->name
);
2987 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2990 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2994 loc_mitm
= (conn
->auth_type
& 0x01);
2995 rem_mitm
= (conn
->remote_auth
& 0x01);
2997 /* If we require MITM but the remote device can't provide that
2998 * (it has NoInputNoOutput) then reject the confirmation
2999 * request. The only exception is when we're dedicated bonding
3000 * initiators (connect_cfm_cb set) since then we always have the MITM
3002 if (!conn
->connect_cfm_cb
&& loc_mitm
&& conn
->remote_cap
== 0x03) {
3003 BT_DBG("Rejecting request: remote device can't provide MITM");
3004 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
3005 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3009 /* If no side requires MITM protection; auto-accept */
3010 if ((!loc_mitm
|| conn
->remote_cap
== 0x03) &&
3011 (!rem_mitm
|| conn
->io_capability
== 0x03)) {
3013 /* If we're not the initiators request authorization to
3014 * proceed from user space (mgmt_user_confirm with
3015 * confirm_hint set to 1). */
3016 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
)) {
3017 BT_DBG("Confirming auto-accept as acceptor");
3022 BT_DBG("Auto-accept of user confirmation with %ums delay",
3023 hdev
->auto_accept_delay
);
3025 if (hdev
->auto_accept_delay
> 0) {
3026 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
3027 mod_timer(&conn
->auto_accept_timer
, jiffies
+ delay
);
3031 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
3032 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3037 mgmt_user_confirm_request(hdev
, &ev
->bdaddr
, ev
->passkey
,
3041 hci_dev_unlock(hdev
);
3044 static inline void hci_user_passkey_request_evt(struct hci_dev
*hdev
,
3045 struct sk_buff
*skb
)
3047 struct hci_ev_user_passkey_req
*ev
= (void *) skb
->data
;
3049 BT_DBG("%s", hdev
->name
);
3053 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3054 mgmt_user_passkey_request(hdev
, &ev
->bdaddr
);
3056 hci_dev_unlock(hdev
);
3059 static inline void hci_simple_pair_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3061 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
3062 struct hci_conn
*conn
;
3064 BT_DBG("%s", hdev
->name
);
3068 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3072 /* To avoid duplicate auth_failed events to user space we check
3073 * the HCI_CONN_AUTH_PEND flag which will be set if we
3074 * initiated the authentication. A traditional auth_complete
3075 * event gets always produced as initiator and is also mapped to
3076 * the mgmt_auth_failed event */
3077 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
) && ev
->status
!= 0)
3078 mgmt_auth_failed(hdev
, &conn
->dst
, ev
->status
);
3083 hci_dev_unlock(hdev
);
3086 static inline void hci_remote_host_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3088 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
3089 struct inquiry_entry
*ie
;
3091 BT_DBG("%s", hdev
->name
);
3095 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3097 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
3099 hci_dev_unlock(hdev
);
3102 static inline void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
3103 struct sk_buff
*skb
)
3105 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
3106 struct oob_data
*data
;
3108 BT_DBG("%s", hdev
->name
);
3112 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3115 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
);
3117 struct hci_cp_remote_oob_data_reply cp
;
3119 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3120 memcpy(cp
.hash
, data
->hash
, sizeof(cp
.hash
));
3121 memcpy(cp
.randomizer
, data
->randomizer
, sizeof(cp
.randomizer
));
3123 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
, sizeof(cp
),
3126 struct hci_cp_remote_oob_data_neg_reply cp
;
3128 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3129 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
, sizeof(cp
),
3134 hci_dev_unlock(hdev
);
3137 static inline void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3139 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
3140 struct hci_conn
*conn
;
3142 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
3146 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &ev
->bdaddr
);
3148 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
3150 BT_ERR("No memory for new connection");
3151 hci_dev_unlock(hdev
);
3155 conn
->dst_type
= ev
->bdaddr_type
;
3159 mgmt_connect_failed(hdev
, &ev
->bdaddr
, conn
->type
,
3160 conn
->dst_type
, ev
->status
);
3161 hci_proto_connect_cfm(conn
, ev
->status
);
3162 conn
->state
= BT_CLOSED
;
3167 mgmt_device_connected(hdev
, &ev
->bdaddr
, conn
->type
, conn
->dst_type
);
3169 conn
->sec_level
= BT_SECURITY_LOW
;
3170 conn
->handle
= __le16_to_cpu(ev
->handle
);
3171 conn
->state
= BT_CONNECTED
;
3173 hci_conn_hold_device(conn
);
3174 hci_conn_add_sysfs(conn
);
3176 hci_proto_connect_cfm(conn
, ev
->status
);
3179 hci_dev_unlock(hdev
);
3182 static inline void hci_le_adv_report_evt(struct hci_dev
*hdev
,
3183 struct sk_buff
*skb
)
3185 u8 num_reports
= skb
->data
[0];
3186 void *ptr
= &skb
->data
[1];
3191 while (num_reports
--) {
3192 struct hci_ev_le_advertising_info
*ev
= ptr
;
3194 hci_add_adv_entry(hdev
, ev
);
3196 rssi
= ev
->data
[ev
->length
];
3197 mgmt_device_found(hdev
, &ev
->bdaddr
, LE_LINK
, ev
->bdaddr_type
,
3198 NULL
, rssi
, 0, ev
->data
, ev
->length
);
3200 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
3203 hci_dev_unlock(hdev
);
3206 static inline void hci_le_ltk_request_evt(struct hci_dev
*hdev
,
3207 struct sk_buff
*skb
)
3209 struct hci_ev_le_ltk_req
*ev
= (void *) skb
->data
;
3210 struct hci_cp_le_ltk_reply cp
;
3211 struct hci_cp_le_ltk_neg_reply neg
;
3212 struct hci_conn
*conn
;
3213 struct link_key
*ltk
;
3215 BT_DBG("%s handle %d", hdev
->name
, cpu_to_le16(ev
->handle
));
3219 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3223 ltk
= hci_find_ltk(hdev
, ev
->ediv
, ev
->random
);
3227 memcpy(cp
.ltk
, ltk
->val
, sizeof(ltk
->val
));
3228 cp
.handle
= cpu_to_le16(conn
->handle
);
3229 conn
->pin_length
= ltk
->pin_len
;
3231 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
3233 hci_dev_unlock(hdev
);
3238 neg
.handle
= ev
->handle
;
3239 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(neg
), &neg
);
3240 hci_dev_unlock(hdev
);
3243 static inline void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3245 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
3247 skb_pull(skb
, sizeof(*le_ev
));
3249 switch (le_ev
->subevent
) {
3250 case HCI_EV_LE_CONN_COMPLETE
:
3251 hci_le_conn_complete_evt(hdev
, skb
);
3254 case HCI_EV_LE_ADVERTISING_REPORT
:
3255 hci_le_adv_report_evt(hdev
, skb
);
3258 case HCI_EV_LE_LTK_REQ
:
3259 hci_le_ltk_request_evt(hdev
, skb
);
3267 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3269 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
3270 __u8 event
= hdr
->evt
;
3272 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
3275 case HCI_EV_INQUIRY_COMPLETE
:
3276 hci_inquiry_complete_evt(hdev
, skb
);
3279 case HCI_EV_INQUIRY_RESULT
:
3280 hci_inquiry_result_evt(hdev
, skb
);
3283 case HCI_EV_CONN_COMPLETE
:
3284 hci_conn_complete_evt(hdev
, skb
);
3287 case HCI_EV_CONN_REQUEST
:
3288 hci_conn_request_evt(hdev
, skb
);
3291 case HCI_EV_DISCONN_COMPLETE
:
3292 hci_disconn_complete_evt(hdev
, skb
);
3295 case HCI_EV_AUTH_COMPLETE
:
3296 hci_auth_complete_evt(hdev
, skb
);
3299 case HCI_EV_REMOTE_NAME
:
3300 hci_remote_name_evt(hdev
, skb
);
3303 case HCI_EV_ENCRYPT_CHANGE
:
3304 hci_encrypt_change_evt(hdev
, skb
);
3307 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
3308 hci_change_link_key_complete_evt(hdev
, skb
);
3311 case HCI_EV_REMOTE_FEATURES
:
3312 hci_remote_features_evt(hdev
, skb
);
3315 case HCI_EV_REMOTE_VERSION
:
3316 hci_remote_version_evt(hdev
, skb
);
3319 case HCI_EV_QOS_SETUP_COMPLETE
:
3320 hci_qos_setup_complete_evt(hdev
, skb
);
3323 case HCI_EV_CMD_COMPLETE
:
3324 hci_cmd_complete_evt(hdev
, skb
);
3327 case HCI_EV_CMD_STATUS
:
3328 hci_cmd_status_evt(hdev
, skb
);
3331 case HCI_EV_ROLE_CHANGE
:
3332 hci_role_change_evt(hdev
, skb
);
3335 case HCI_EV_NUM_COMP_PKTS
:
3336 hci_num_comp_pkts_evt(hdev
, skb
);
3339 case HCI_EV_MODE_CHANGE
:
3340 hci_mode_change_evt(hdev
, skb
);
3343 case HCI_EV_PIN_CODE_REQ
:
3344 hci_pin_code_request_evt(hdev
, skb
);
3347 case HCI_EV_LINK_KEY_REQ
:
3348 hci_link_key_request_evt(hdev
, skb
);
3351 case HCI_EV_LINK_KEY_NOTIFY
:
3352 hci_link_key_notify_evt(hdev
, skb
);
3355 case HCI_EV_CLOCK_OFFSET
:
3356 hci_clock_offset_evt(hdev
, skb
);
3359 case HCI_EV_PKT_TYPE_CHANGE
:
3360 hci_pkt_type_change_evt(hdev
, skb
);
3363 case HCI_EV_PSCAN_REP_MODE
:
3364 hci_pscan_rep_mode_evt(hdev
, skb
);
3367 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
3368 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
3371 case HCI_EV_REMOTE_EXT_FEATURES
:
3372 hci_remote_ext_features_evt(hdev
, skb
);
3375 case HCI_EV_SYNC_CONN_COMPLETE
:
3376 hci_sync_conn_complete_evt(hdev
, skb
);
3379 case HCI_EV_SYNC_CONN_CHANGED
:
3380 hci_sync_conn_changed_evt(hdev
, skb
);
3383 case HCI_EV_SNIFF_SUBRATE
:
3384 hci_sniff_subrate_evt(hdev
, skb
);
3387 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
3388 hci_extended_inquiry_result_evt(hdev
, skb
);
3391 case HCI_EV_IO_CAPA_REQUEST
:
3392 hci_io_capa_request_evt(hdev
, skb
);
3395 case HCI_EV_IO_CAPA_REPLY
:
3396 hci_io_capa_reply_evt(hdev
, skb
);
3399 case HCI_EV_USER_CONFIRM_REQUEST
:
3400 hci_user_confirm_request_evt(hdev
, skb
);
3403 case HCI_EV_USER_PASSKEY_REQUEST
:
3404 hci_user_passkey_request_evt(hdev
, skb
);
3407 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
3408 hci_simple_pair_complete_evt(hdev
, skb
);
3411 case HCI_EV_REMOTE_HOST_FEATURES
:
3412 hci_remote_host_features_evt(hdev
, skb
);
3415 case HCI_EV_LE_META
:
3416 hci_le_meta_evt(hdev
, skb
);
3419 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
3420 hci_remote_oob_data_request_evt(hdev
, skb
);
3423 case HCI_EV_NUM_COMP_BLOCKS
:
3424 hci_num_comp_blocks_evt(hdev
, skb
);
3428 BT_DBG("%s event 0x%x", hdev
->name
, event
);
3433 hdev
->stat
.evt_rx
++;
3436 /* Generate internal stack event */
3437 void hci_si_event(struct hci_dev
*hdev
, int type
, int dlen
, void *data
)
3439 struct hci_event_hdr
*hdr
;
3440 struct hci_ev_stack_internal
*ev
;
3441 struct sk_buff
*skb
;
3443 skb
= bt_skb_alloc(HCI_EVENT_HDR_SIZE
+ sizeof(*ev
) + dlen
, GFP_ATOMIC
);
3447 hdr
= (void *) skb_put(skb
, HCI_EVENT_HDR_SIZE
);
3448 hdr
->evt
= HCI_EV_STACK_INTERNAL
;
3449 hdr
->plen
= sizeof(*ev
) + dlen
;
3451 ev
= (void *) skb_put(skb
, sizeof(*ev
) + dlen
);
3453 memcpy(ev
->data
, data
, dlen
);
3455 bt_cb(skb
)->incoming
= 1;
3456 __net_timestamp(skb
);
3458 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
3459 skb
->dev
= (void *) hdev
;
3460 hci_send_to_sock(hdev
, skb
, NULL
);
3464 module_param(enable_le
, bool, 0644);
3465 MODULE_PARM_DESC(enable_le
, "Enable LE support");