2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32 #include <net/bluetooth/a2mp.h>
33 #include <net/bluetooth/amp.h>
35 /* Handle HCI Event packets */
37 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
39 __u8 status
= *((__u8
*) skb
->data
);
41 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
45 mgmt_stop_discovery_failed(hdev
, status
);
50 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
53 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
56 hci_req_complete(hdev
, HCI_OP_INQUIRY_CANCEL
, status
);
58 hci_conn_check_pending(hdev
);
61 static void hci_cc_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
63 __u8 status
= *((__u8
*) skb
->data
);
65 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
70 set_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
73 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
75 __u8 status
= *((__u8
*) skb
->data
);
77 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
82 clear_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
);
84 hci_conn_check_pending(hdev
);
87 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
,
90 BT_DBG("%s", hdev
->name
);
93 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
95 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
96 struct hci_conn
*conn
;
98 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
105 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
108 conn
->link_mode
&= ~HCI_LM_MASTER
;
110 conn
->link_mode
|= HCI_LM_MASTER
;
113 hci_dev_unlock(hdev
);
116 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
118 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
119 struct hci_conn
*conn
;
121 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
128 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
130 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
132 hci_dev_unlock(hdev
);
135 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
137 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
138 struct hci_conn
*conn
;
141 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
146 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
152 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
154 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
156 hci_dev_unlock(hdev
);
159 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
,
162 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
164 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
169 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
172 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
,
175 __u8 status
= *((__u8
*) skb
->data
);
178 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
180 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
185 hdev
->link_policy
= get_unaligned_le16(sent
);
187 hci_req_complete(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, status
);
190 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
192 __u8 status
= *((__u8
*) skb
->data
);
194 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
196 clear_bit(HCI_RESET
, &hdev
->flags
);
198 hci_req_complete(hdev
, HCI_OP_RESET
, status
);
200 /* Reset all non-persistent flags */
201 hdev
->dev_flags
&= ~(BIT(HCI_LE_SCAN
) | BIT(HCI_PENDING_CLASS
) |
202 BIT(HCI_PERIODIC_INQ
));
204 hdev
->discovery
.state
= DISCOVERY_STOPPED
;
207 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
209 __u8 status
= *((__u8
*) skb
->data
);
212 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
214 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
220 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
221 mgmt_set_local_name_complete(hdev
, sent
, status
);
223 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
225 hci_dev_unlock(hdev
);
227 hci_req_complete(hdev
, HCI_OP_WRITE_LOCAL_NAME
, status
);
230 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
232 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
234 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
239 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
))
240 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
243 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
245 __u8 status
= *((__u8
*) skb
->data
);
248 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
250 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
255 __u8 param
= *((__u8
*) sent
);
257 if (param
== AUTH_ENABLED
)
258 set_bit(HCI_AUTH
, &hdev
->flags
);
260 clear_bit(HCI_AUTH
, &hdev
->flags
);
263 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
264 mgmt_auth_enable_complete(hdev
, status
);
266 hci_req_complete(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, status
);
269 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
271 __u8 status
= *((__u8
*) skb
->data
);
274 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
276 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
281 __u8 param
= *((__u8
*) sent
);
284 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
286 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
289 hci_req_complete(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, status
);
292 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
294 __u8 param
, status
= *((__u8
*) skb
->data
);
295 int old_pscan
, old_iscan
;
298 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
300 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
304 param
= *((__u8
*) sent
);
309 mgmt_write_scan_failed(hdev
, param
, status
);
310 hdev
->discov_timeout
= 0;
314 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
315 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
317 if (param
& SCAN_INQUIRY
) {
318 set_bit(HCI_ISCAN
, &hdev
->flags
);
320 mgmt_discoverable(hdev
, 1);
321 if (hdev
->discov_timeout
> 0) {
322 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
323 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
326 } else if (old_iscan
)
327 mgmt_discoverable(hdev
, 0);
329 if (param
& SCAN_PAGE
) {
330 set_bit(HCI_PSCAN
, &hdev
->flags
);
332 mgmt_connectable(hdev
, 1);
333 } else if (old_pscan
)
334 mgmt_connectable(hdev
, 0);
337 hci_dev_unlock(hdev
);
338 hci_req_complete(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, status
);
341 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
343 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
345 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
350 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
353 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
356 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
358 __u8 status
= *((__u8
*) skb
->data
);
361 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
363 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
370 memcpy(hdev
->dev_class
, sent
, 3);
372 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
373 mgmt_set_class_of_dev_complete(hdev
, sent
, status
);
375 hci_dev_unlock(hdev
);
378 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
380 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
383 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
388 setting
= __le16_to_cpu(rp
->voice_setting
);
390 if (hdev
->voice_setting
== setting
)
393 hdev
->voice_setting
= setting
;
395 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
398 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
401 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
,
404 __u8 status
= *((__u8
*) skb
->data
);
408 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
413 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
417 setting
= get_unaligned_le16(sent
);
419 if (hdev
->voice_setting
== setting
)
422 hdev
->voice_setting
= setting
;
424 BT_DBG("%s voice setting 0x%4.4x", hdev
->name
, setting
);
427 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
430 static void hci_cc_host_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
432 __u8 status
= *((__u8
*) skb
->data
);
434 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
436 hci_req_complete(hdev
, HCI_OP_HOST_BUFFER_SIZE
, status
);
439 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
441 __u8 status
= *((__u8
*) skb
->data
);
442 struct hci_cp_write_ssp_mode
*sent
;
444 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
446 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
452 hdev
->host_features
[0] |= LMP_HOST_SSP
;
454 hdev
->host_features
[0] &= ~LMP_HOST_SSP
;
457 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
458 mgmt_ssp_enable_complete(hdev
, sent
->mode
, status
);
461 set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
463 clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
467 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
469 if (lmp_ext_inq_capable(hdev
))
472 if (lmp_inq_rssi_capable(hdev
))
475 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
476 hdev
->lmp_subver
== 0x0757)
479 if (hdev
->manufacturer
== 15) {
480 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
482 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
484 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
488 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
489 hdev
->lmp_subver
== 0x1805)
495 static void hci_setup_inquiry_mode(struct hci_dev
*hdev
)
499 mode
= hci_get_inquiry_mode(hdev
);
501 hci_send_cmd(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
504 static void hci_setup_event_mask(struct hci_dev
*hdev
)
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
513 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
516 if (lmp_bredr_capable(hdev
)) {
517 events
[4] |= 0x01; /* Flow Specification Complete */
518 events
[4] |= 0x02; /* Inquiry Result with RSSI */
519 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
520 events
[5] |= 0x08; /* Synchronous Connection Complete */
521 events
[5] |= 0x10; /* Synchronous Connection Changed */
524 if (lmp_inq_rssi_capable(hdev
))
525 events
[4] |= 0x02; /* Inquiry Result with RSSI */
527 if (lmp_sniffsubr_capable(hdev
))
528 events
[5] |= 0x20; /* Sniff Subrating */
530 if (lmp_pause_enc_capable(hdev
))
531 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
533 if (lmp_ext_inq_capable(hdev
))
534 events
[5] |= 0x40; /* Extended Inquiry Result */
536 if (lmp_no_flush_capable(hdev
))
537 events
[7] |= 0x01; /* Enhanced Flush Complete */
539 if (lmp_lsto_capable(hdev
))
540 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
542 if (lmp_ssp_capable(hdev
)) {
543 events
[6] |= 0x01; /* IO Capability Request */
544 events
[6] |= 0x02; /* IO Capability Response */
545 events
[6] |= 0x04; /* User Confirmation Request */
546 events
[6] |= 0x08; /* User Passkey Request */
547 events
[6] |= 0x10; /* Remote OOB Data Request */
548 events
[6] |= 0x20; /* Simple Pairing Complete */
549 events
[7] |= 0x04; /* User Passkey Notification */
550 events
[7] |= 0x08; /* Keypress Notification */
551 events
[7] |= 0x10; /* Remote Host Supported
552 * Features Notification */
555 if (lmp_le_capable(hdev
))
556 events
[7] |= 0x20; /* LE Meta-Event */
558 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
560 if (lmp_le_capable(hdev
)) {
561 memset(events
, 0, sizeof(events
));
563 hci_send_cmd(hdev
, HCI_OP_LE_SET_EVENT_MASK
,
564 sizeof(events
), events
);
568 static void bredr_setup(struct hci_dev
*hdev
)
570 struct hci_cp_delete_stored_link_key cp
;
574 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
575 hci_send_cmd(hdev
, HCI_OP_READ_BUFFER_SIZE
, 0, NULL
);
577 /* Read Class of Device */
578 hci_send_cmd(hdev
, HCI_OP_READ_CLASS_OF_DEV
, 0, NULL
);
580 /* Read Local Name */
581 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_NAME
, 0, NULL
);
583 /* Read Voice Setting */
584 hci_send_cmd(hdev
, HCI_OP_READ_VOICE_SETTING
, 0, NULL
);
586 /* Clear Event Filters */
587 flt_type
= HCI_FLT_CLEAR_ALL
;
588 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_FLT
, 1, &flt_type
);
590 /* Connection accept timeout ~20 secs */
591 param
= __constant_cpu_to_le16(0x7d00);
592 hci_send_cmd(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, 2, ¶m
);
594 bacpy(&cp
.bdaddr
, BDADDR_ANY
);
596 hci_send_cmd(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, sizeof(cp
), &cp
);
599 static void le_setup(struct hci_dev
*hdev
)
601 /* Read LE Buffer Size */
602 hci_send_cmd(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, 0, NULL
);
604 /* Read LE Advertising Channel TX Power */
605 hci_send_cmd(hdev
, HCI_OP_LE_READ_ADV_TX_POWER
, 0, NULL
);
608 static void hci_setup(struct hci_dev
*hdev
)
610 if (hdev
->dev_type
!= HCI_BREDR
)
613 /* Read BD Address */
614 hci_send_cmd(hdev
, HCI_OP_READ_BD_ADDR
, 0, NULL
);
616 if (lmp_bredr_capable(hdev
))
619 if (lmp_le_capable(hdev
))
622 hci_setup_event_mask(hdev
);
624 if (hdev
->hci_ver
> BLUETOOTH_VER_1_1
)
625 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
627 if (lmp_ssp_capable(hdev
)) {
628 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
630 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
,
631 sizeof(mode
), &mode
);
633 struct hci_cp_write_eir cp
;
635 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
636 memset(&cp
, 0, sizeof(cp
));
638 hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
642 if (lmp_inq_rssi_capable(hdev
))
643 hci_setup_inquiry_mode(hdev
);
645 if (lmp_inq_tx_pwr_capable(hdev
))
646 hci_send_cmd(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
648 if (lmp_ext_feat_capable(hdev
)) {
649 struct hci_cp_read_local_ext_features cp
;
652 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_EXT_FEATURES
, sizeof(cp
),
656 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
)) {
658 hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(enable
),
663 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
665 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
667 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
672 hdev
->hci_ver
= rp
->hci_ver
;
673 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
674 hdev
->lmp_ver
= rp
->lmp_ver
;
675 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
676 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
678 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev
->name
,
679 hdev
->manufacturer
, hdev
->hci_ver
, hdev
->hci_rev
);
681 if (test_bit(HCI_INIT
, &hdev
->flags
))
685 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_VERSION
, rp
->status
);
688 static void hci_setup_link_policy(struct hci_dev
*hdev
)
690 struct hci_cp_write_def_link_policy cp
;
693 if (lmp_rswitch_capable(hdev
))
694 link_policy
|= HCI_LP_RSWITCH
;
695 if (lmp_hold_capable(hdev
))
696 link_policy
|= HCI_LP_HOLD
;
697 if (lmp_sniff_capable(hdev
))
698 link_policy
|= HCI_LP_SNIFF
;
699 if (lmp_park_capable(hdev
))
700 link_policy
|= HCI_LP_PARK
;
702 cp
.policy
= cpu_to_le16(link_policy
);
703 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, sizeof(cp
), &cp
);
706 static void hci_cc_read_local_commands(struct hci_dev
*hdev
,
709 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
711 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
716 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
718 if (test_bit(HCI_INIT
, &hdev
->flags
) && (hdev
->commands
[5] & 0x10))
719 hci_setup_link_policy(hdev
);
722 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, rp
->status
);
725 static void hci_cc_read_local_features(struct hci_dev
*hdev
,
728 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
730 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
735 memcpy(hdev
->features
, rp
->features
, 8);
737 /* Adjust default settings according to features
738 * supported by device. */
740 if (hdev
->features
[0] & LMP_3SLOT
)
741 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
743 if (hdev
->features
[0] & LMP_5SLOT
)
744 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
746 if (hdev
->features
[1] & LMP_HV2
) {
747 hdev
->pkt_type
|= (HCI_HV2
);
748 hdev
->esco_type
|= (ESCO_HV2
);
751 if (hdev
->features
[1] & LMP_HV3
) {
752 hdev
->pkt_type
|= (HCI_HV3
);
753 hdev
->esco_type
|= (ESCO_HV3
);
756 if (lmp_esco_capable(hdev
))
757 hdev
->esco_type
|= (ESCO_EV3
);
759 if (hdev
->features
[4] & LMP_EV4
)
760 hdev
->esco_type
|= (ESCO_EV4
);
762 if (hdev
->features
[4] & LMP_EV5
)
763 hdev
->esco_type
|= (ESCO_EV5
);
765 if (hdev
->features
[5] & LMP_EDR_ESCO_2M
)
766 hdev
->esco_type
|= (ESCO_2EV3
);
768 if (hdev
->features
[5] & LMP_EDR_ESCO_3M
)
769 hdev
->esco_type
|= (ESCO_3EV3
);
771 if (hdev
->features
[5] & LMP_EDR_3S_ESCO
)
772 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
774 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev
->name
,
775 hdev
->features
[0], hdev
->features
[1],
776 hdev
->features
[2], hdev
->features
[3],
777 hdev
->features
[4], hdev
->features
[5],
778 hdev
->features
[6], hdev
->features
[7]);
781 static void hci_set_le_support(struct hci_dev
*hdev
)
783 struct hci_cp_write_le_host_supported cp
;
785 memset(&cp
, 0, sizeof(cp
));
787 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
789 cp
.simul
= !!lmp_le_br_capable(hdev
);
792 if (cp
.le
!= !!lmp_host_le_capable(hdev
))
793 hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(cp
),
797 static void hci_cc_read_local_ext_features(struct hci_dev
*hdev
,
800 struct hci_rp_read_local_ext_features
*rp
= (void *) skb
->data
;
802 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
809 memcpy(hdev
->features
, rp
->features
, 8);
812 memcpy(hdev
->host_features
, rp
->features
, 8);
816 if (test_bit(HCI_INIT
, &hdev
->flags
) && lmp_le_capable(hdev
))
817 hci_set_le_support(hdev
);
820 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_EXT_FEATURES
, rp
->status
);
823 static void hci_cc_read_flow_control_mode(struct hci_dev
*hdev
,
826 struct hci_rp_read_flow_control_mode
*rp
= (void *) skb
->data
;
828 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
833 hdev
->flow_ctl_mode
= rp
->mode
;
835 hci_req_complete(hdev
, HCI_OP_READ_FLOW_CONTROL_MODE
, rp
->status
);
838 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
840 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
842 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
847 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
848 hdev
->sco_mtu
= rp
->sco_mtu
;
849 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
850 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
852 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
857 hdev
->acl_cnt
= hdev
->acl_pkts
;
858 hdev
->sco_cnt
= hdev
->sco_pkts
;
860 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
, hdev
->acl_mtu
,
861 hdev
->acl_pkts
, hdev
->sco_mtu
, hdev
->sco_pkts
);
864 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
866 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
868 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
871 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
873 hci_req_complete(hdev
, HCI_OP_READ_BD_ADDR
, rp
->status
);
876 static void hci_cc_read_data_block_size(struct hci_dev
*hdev
,
879 struct hci_rp_read_data_block_size
*rp
= (void *) skb
->data
;
881 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
886 hdev
->block_mtu
= __le16_to_cpu(rp
->max_acl_len
);
887 hdev
->block_len
= __le16_to_cpu(rp
->block_len
);
888 hdev
->num_blocks
= __le16_to_cpu(rp
->num_blocks
);
890 hdev
->block_cnt
= hdev
->num_blocks
;
892 BT_DBG("%s blk mtu %d cnt %d len %d", hdev
->name
, hdev
->block_mtu
,
893 hdev
->block_cnt
, hdev
->block_len
);
895 hci_req_complete(hdev
, HCI_OP_READ_DATA_BLOCK_SIZE
, rp
->status
);
898 static void hci_cc_write_ca_timeout(struct hci_dev
*hdev
, struct sk_buff
*skb
)
900 __u8 status
= *((__u8
*) skb
->data
);
902 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
904 hci_req_complete(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, status
);
907 static void hci_cc_read_local_amp_info(struct hci_dev
*hdev
,
910 struct hci_rp_read_local_amp_info
*rp
= (void *) skb
->data
;
912 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
917 hdev
->amp_status
= rp
->amp_status
;
918 hdev
->amp_total_bw
= __le32_to_cpu(rp
->total_bw
);
919 hdev
->amp_max_bw
= __le32_to_cpu(rp
->max_bw
);
920 hdev
->amp_min_latency
= __le32_to_cpu(rp
->min_latency
);
921 hdev
->amp_max_pdu
= __le32_to_cpu(rp
->max_pdu
);
922 hdev
->amp_type
= rp
->amp_type
;
923 hdev
->amp_pal_cap
= __le16_to_cpu(rp
->pal_cap
);
924 hdev
->amp_assoc_size
= __le16_to_cpu(rp
->max_assoc_size
);
925 hdev
->amp_be_flush_to
= __le32_to_cpu(rp
->be_flush_to
);
926 hdev
->amp_max_flush_to
= __le32_to_cpu(rp
->max_flush_to
);
928 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_AMP_INFO
, rp
->status
);
931 a2mp_send_getinfo_rsp(hdev
);
934 static void hci_cc_read_local_amp_assoc(struct hci_dev
*hdev
,
937 struct hci_rp_read_local_amp_assoc
*rp
= (void *) skb
->data
;
938 struct amp_assoc
*assoc
= &hdev
->loc_assoc
;
939 size_t rem_len
, frag_len
;
941 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
946 frag_len
= skb
->len
- sizeof(*rp
);
947 rem_len
= __le16_to_cpu(rp
->rem_len
);
949 if (rem_len
> frag_len
) {
950 BT_DBG("frag_len %zu rem_len %zu", frag_len
, rem_len
);
952 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, frag_len
);
953 assoc
->offset
+= frag_len
;
955 /* Read other fragments */
956 amp_read_loc_assoc_frag(hdev
, rp
->phy_handle
);
961 memcpy(assoc
->data
+ assoc
->offset
, rp
->frag
, rem_len
);
962 assoc
->len
= assoc
->offset
+ rem_len
;
966 /* Send A2MP Rsp when all fragments are received */
967 a2mp_send_getampassoc_rsp(hdev
, rp
->status
);
968 a2mp_send_create_phy_link_req(hdev
, rp
->status
);
971 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
974 __u8 status
= *((__u8
*) skb
->data
);
976 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
978 hci_req_complete(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, status
);
981 static void hci_cc_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
983 __u8 status
= *((__u8
*) skb
->data
);
985 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
987 hci_req_complete(hdev
, HCI_OP_SET_EVENT_MASK
, status
);
990 static void hci_cc_write_inquiry_mode(struct hci_dev
*hdev
,
993 __u8 status
= *((__u8
*) skb
->data
);
995 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
997 hci_req_complete(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, status
);
1000 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
1001 struct sk_buff
*skb
)
1003 struct hci_rp_read_inq_rsp_tx_power
*rp
= (void *) skb
->data
;
1005 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1008 hdev
->inq_tx_power
= rp
->tx_power
;
1010 hci_req_complete(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, rp
->status
);
1013 static void hci_cc_set_event_flt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1015 __u8 status
= *((__u8
*) skb
->data
);
1017 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1019 hci_req_complete(hdev
, HCI_OP_SET_EVENT_FLT
, status
);
1022 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1024 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
1025 struct hci_cp_pin_code_reply
*cp
;
1026 struct hci_conn
*conn
;
1028 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1032 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1033 mgmt_pin_code_reply_complete(hdev
, &rp
->bdaddr
, rp
->status
);
1038 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
1042 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1044 conn
->pin_length
= cp
->pin_len
;
1047 hci_dev_unlock(hdev
);
1050 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1052 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
1054 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1058 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1059 mgmt_pin_code_neg_reply_complete(hdev
, &rp
->bdaddr
,
1062 hci_dev_unlock(hdev
);
1065 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
1066 struct sk_buff
*skb
)
1068 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
1070 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1075 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
1076 hdev
->le_pkts
= rp
->le_max_pkt
;
1078 hdev
->le_cnt
= hdev
->le_pkts
;
1080 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
1082 hci_req_complete(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, rp
->status
);
1085 static void hci_cc_le_read_adv_tx_power(struct hci_dev
*hdev
,
1086 struct sk_buff
*skb
)
1088 struct hci_rp_le_read_adv_tx_power
*rp
= (void *) skb
->data
;
1090 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1093 hdev
->adv_tx_power
= rp
->tx_power
;
1095 hci_req_complete(hdev
, HCI_OP_LE_READ_ADV_TX_POWER
, rp
->status
);
1098 static void hci_cc_le_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1100 __u8 status
= *((__u8
*) skb
->data
);
1102 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1104 hci_req_complete(hdev
, HCI_OP_LE_SET_EVENT_MASK
, status
);
1107 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1109 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
1111 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1115 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1116 mgmt_user_confirm_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
, 0,
1119 hci_dev_unlock(hdev
);
1122 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
1123 struct sk_buff
*skb
)
1125 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
1127 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1131 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1132 mgmt_user_confirm_neg_reply_complete(hdev
, &rp
->bdaddr
,
1133 ACL_LINK
, 0, rp
->status
);
1135 hci_dev_unlock(hdev
);
1138 static void hci_cc_user_passkey_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1140 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
1142 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1146 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1147 mgmt_user_passkey_reply_complete(hdev
, &rp
->bdaddr
, ACL_LINK
,
1150 hci_dev_unlock(hdev
);
1153 static void hci_cc_user_passkey_neg_reply(struct hci_dev
*hdev
,
1154 struct sk_buff
*skb
)
1156 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
1158 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1162 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1163 mgmt_user_passkey_neg_reply_complete(hdev
, &rp
->bdaddr
,
1164 ACL_LINK
, 0, rp
->status
);
1166 hci_dev_unlock(hdev
);
1169 static void hci_cc_read_local_oob_data_reply(struct hci_dev
*hdev
,
1170 struct sk_buff
*skb
)
1172 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
1174 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1177 mgmt_read_local_oob_data_reply_complete(hdev
, rp
->hash
,
1178 rp
->randomizer
, rp
->status
);
1179 hci_dev_unlock(hdev
);
1182 static void hci_cc_le_set_scan_param(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1184 __u8 status
= *((__u8
*) skb
->data
);
1186 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1188 hci_req_complete(hdev
, HCI_OP_LE_SET_SCAN_PARAM
, status
);
1192 mgmt_start_discovery_failed(hdev
, status
);
1193 hci_dev_unlock(hdev
);
1198 static void hci_cc_le_set_scan_enable(struct hci_dev
*hdev
,
1199 struct sk_buff
*skb
)
1201 struct hci_cp_le_set_scan_enable
*cp
;
1202 __u8 status
= *((__u8
*) skb
->data
);
1204 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1206 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
);
1210 switch (cp
->enable
) {
1211 case LE_SCANNING_ENABLED
:
1212 hci_req_complete(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
, status
);
1216 mgmt_start_discovery_failed(hdev
, status
);
1217 hci_dev_unlock(hdev
);
1221 set_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1224 hci_discovery_set_state(hdev
, DISCOVERY_FINDING
);
1225 hci_dev_unlock(hdev
);
1228 case LE_SCANNING_DISABLED
:
1231 mgmt_stop_discovery_failed(hdev
, status
);
1232 hci_dev_unlock(hdev
);
1236 clear_bit(HCI_LE_SCAN
, &hdev
->dev_flags
);
1238 if (hdev
->discovery
.type
== DISCOV_TYPE_INTERLEAVED
&&
1239 hdev
->discovery
.state
== DISCOVERY_FINDING
) {
1240 mgmt_interleaved_discovery(hdev
);
1243 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1244 hci_dev_unlock(hdev
);
1250 BT_ERR("Used reserved LE_Scan_Enable param %d", cp
->enable
);
1255 static void hci_cc_le_ltk_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1257 struct hci_rp_le_ltk_reply
*rp
= (void *) skb
->data
;
1259 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1264 hci_req_complete(hdev
, HCI_OP_LE_LTK_REPLY
, rp
->status
);
1267 static void hci_cc_le_ltk_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1269 struct hci_rp_le_ltk_neg_reply
*rp
= (void *) skb
->data
;
1271 BT_DBG("%s status 0x%2.2x", hdev
->name
, rp
->status
);
1276 hci_req_complete(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, rp
->status
);
1279 static void hci_cc_write_le_host_supported(struct hci_dev
*hdev
,
1280 struct sk_buff
*skb
)
1282 struct hci_cp_write_le_host_supported
*sent
;
1283 __u8 status
= *((__u8
*) skb
->data
);
1285 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1287 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
);
1293 hdev
->host_features
[0] |= LMP_HOST_LE
;
1295 hdev
->host_features
[0] &= ~LMP_HOST_LE
;
1298 hdev
->host_features
[0] |= LMP_HOST_LE_BREDR
;
1300 hdev
->host_features
[0] &= ~LMP_HOST_LE_BREDR
;
1303 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
) &&
1304 !test_bit(HCI_INIT
, &hdev
->flags
))
1305 mgmt_le_enable_complete(hdev
, sent
->le
, status
);
1307 hci_req_complete(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, status
);
1310 static void hci_cc_write_remote_amp_assoc(struct hci_dev
*hdev
,
1311 struct sk_buff
*skb
)
1313 struct hci_rp_write_remote_amp_assoc
*rp
= (void *) skb
->data
;
1315 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1316 hdev
->name
, rp
->status
, rp
->phy_handle
);
1321 amp_write_rem_assoc_continue(hdev
, rp
->phy_handle
);
1324 static void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
1326 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1329 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1330 hci_conn_check_pending(hdev
);
1332 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1333 mgmt_start_discovery_failed(hdev
, status
);
1334 hci_dev_unlock(hdev
);
1338 set_bit(HCI_INQUIRY
, &hdev
->flags
);
1341 hci_discovery_set_state(hdev
, DISCOVERY_FINDING
);
1342 hci_dev_unlock(hdev
);
1345 static void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
1347 struct hci_cp_create_conn
*cp
;
1348 struct hci_conn
*conn
;
1350 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1352 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
1358 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1360 BT_DBG("%s bdaddr %pMR hcon %p", hdev
->name
, &cp
->bdaddr
, conn
);
1363 if (conn
&& conn
->state
== BT_CONNECT
) {
1364 if (status
!= 0x0c || conn
->attempt
> 2) {
1365 conn
->state
= BT_CLOSED
;
1366 hci_proto_connect_cfm(conn
, status
);
1369 conn
->state
= BT_CONNECT2
;
1373 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
1376 conn
->link_mode
|= HCI_LM_MASTER
;
1378 BT_ERR("No memory for new connection");
1382 hci_dev_unlock(hdev
);
1385 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
1387 struct hci_cp_add_sco
*cp
;
1388 struct hci_conn
*acl
, *sco
;
1391 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1396 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
1400 handle
= __le16_to_cpu(cp
->handle
);
1402 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1406 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1410 sco
->state
= BT_CLOSED
;
1412 hci_proto_connect_cfm(sco
, status
);
1417 hci_dev_unlock(hdev
);
1420 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
1422 struct hci_cp_auth_requested
*cp
;
1423 struct hci_conn
*conn
;
1425 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1430 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
1436 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1438 if (conn
->state
== BT_CONFIG
) {
1439 hci_proto_connect_cfm(conn
, status
);
1444 hci_dev_unlock(hdev
);
1447 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
1449 struct hci_cp_set_conn_encrypt
*cp
;
1450 struct hci_conn
*conn
;
1452 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1457 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
1463 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1465 if (conn
->state
== BT_CONFIG
) {
1466 hci_proto_connect_cfm(conn
, status
);
1471 hci_dev_unlock(hdev
);
1474 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
1475 struct hci_conn
*conn
)
1477 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
1480 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
1483 /* Only request authentication for SSP connections or non-SSP
1484 * devices with sec_level HIGH or if MITM protection is requested */
1485 if (!hci_conn_ssp_enabled(conn
) && !(conn
->auth_type
& 0x01) &&
1486 conn
->pending_sec_level
!= BT_SECURITY_HIGH
)
1492 static int hci_resolve_name(struct hci_dev
*hdev
,
1493 struct inquiry_entry
*e
)
1495 struct hci_cp_remote_name_req cp
;
1497 memset(&cp
, 0, sizeof(cp
));
1499 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1500 cp
.pscan_rep_mode
= e
->data
.pscan_rep_mode
;
1501 cp
.pscan_mode
= e
->data
.pscan_mode
;
1502 cp
.clock_offset
= e
->data
.clock_offset
;
1504 return hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1507 static bool hci_resolve_next_name(struct hci_dev
*hdev
)
1509 struct discovery_state
*discov
= &hdev
->discovery
;
1510 struct inquiry_entry
*e
;
1512 if (list_empty(&discov
->resolve
))
1515 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1519 if (hci_resolve_name(hdev
, e
) == 0) {
1520 e
->name_state
= NAME_PENDING
;
1527 static void hci_check_pending_name(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1528 bdaddr_t
*bdaddr
, u8
*name
, u8 name_len
)
1530 struct discovery_state
*discov
= &hdev
->discovery
;
1531 struct inquiry_entry
*e
;
1533 if (conn
&& !test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
1534 mgmt_device_connected(hdev
, bdaddr
, ACL_LINK
, 0x00, 0, name
,
1535 name_len
, conn
->dev_class
);
1537 if (discov
->state
== DISCOVERY_STOPPED
)
1540 if (discov
->state
== DISCOVERY_STOPPING
)
1541 goto discov_complete
;
1543 if (discov
->state
!= DISCOVERY_RESOLVING
)
1546 e
= hci_inquiry_cache_lookup_resolve(hdev
, bdaddr
, NAME_PENDING
);
1547 /* If the device was not found in a list of found devices names of which
1548 * are pending. there is no need to continue resolving a next name as it
1549 * will be done upon receiving another Remote Name Request Complete
1556 e
->name_state
= NAME_KNOWN
;
1557 mgmt_remote_name(hdev
, bdaddr
, ACL_LINK
, 0x00,
1558 e
->data
.rssi
, name
, name_len
);
1560 e
->name_state
= NAME_NOT_KNOWN
;
1563 if (hci_resolve_next_name(hdev
))
1567 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1570 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1572 struct hci_cp_remote_name_req
*cp
;
1573 struct hci_conn
*conn
;
1575 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1577 /* If successful wait for the name req complete event before
1578 * checking for the need to do authentication */
1582 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1588 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1590 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1591 hci_check_pending_name(hdev
, conn
, &cp
->bdaddr
, NULL
, 0);
1596 if (!hci_outgoing_auth_needed(hdev
, conn
))
1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
1600 struct hci_cp_auth_requested cp
;
1601 cp
.handle
= __cpu_to_le16(conn
->handle
);
1602 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1606 hci_dev_unlock(hdev
);
1609 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1611 struct hci_cp_read_remote_features
*cp
;
1612 struct hci_conn
*conn
;
1614 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1619 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1625 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1627 if (conn
->state
== BT_CONFIG
) {
1628 hci_proto_connect_cfm(conn
, status
);
1633 hci_dev_unlock(hdev
);
1636 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1638 struct hci_cp_read_remote_ext_features
*cp
;
1639 struct hci_conn
*conn
;
1641 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1646 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1652 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1654 if (conn
->state
== BT_CONFIG
) {
1655 hci_proto_connect_cfm(conn
, status
);
1660 hci_dev_unlock(hdev
);
1663 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1665 struct hci_cp_setup_sync_conn
*cp
;
1666 struct hci_conn
*acl
, *sco
;
1669 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1674 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1678 handle
= __le16_to_cpu(cp
->handle
);
1680 BT_DBG("%s handle 0x%4.4x", hdev
->name
, handle
);
1684 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1688 sco
->state
= BT_CLOSED
;
1690 hci_proto_connect_cfm(sco
, status
);
1695 hci_dev_unlock(hdev
);
1698 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1700 struct hci_cp_sniff_mode
*cp
;
1701 struct hci_conn
*conn
;
1703 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1708 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1714 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1716 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1718 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1719 hci_sco_setup(conn
, status
);
1722 hci_dev_unlock(hdev
);
1725 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1727 struct hci_cp_exit_sniff_mode
*cp
;
1728 struct hci_conn
*conn
;
1730 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1735 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1741 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1743 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
);
1745 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
1746 hci_sco_setup(conn
, status
);
1749 hci_dev_unlock(hdev
);
1752 static void hci_cs_disconnect(struct hci_dev
*hdev
, u8 status
)
1754 struct hci_cp_disconnect
*cp
;
1755 struct hci_conn
*conn
;
1760 cp
= hci_sent_cmd_data(hdev
, HCI_OP_DISCONNECT
);
1766 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1768 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
1769 conn
->dst_type
, status
);
1771 hci_dev_unlock(hdev
);
1774 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, __u8 status
)
1776 struct hci_conn
*conn
;
1778 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1783 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
1785 hci_dev_unlock(hdev
);
1789 BT_DBG("%s bdaddr %pMR conn %p", hdev
->name
, &conn
->dst
, conn
);
1791 conn
->state
= BT_CLOSED
;
1792 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
,
1793 conn
->dst_type
, status
);
1794 hci_proto_connect_cfm(conn
, status
);
1797 hci_dev_unlock(hdev
);
1801 static void hci_cs_le_start_enc(struct hci_dev
*hdev
, u8 status
)
1803 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1806 static void hci_cs_create_phylink(struct hci_dev
*hdev
, u8 status
)
1808 struct hci_cp_create_phy_link
*cp
;
1810 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1812 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_PHY_LINK
);
1819 struct hci_conn
*hcon
;
1821 hcon
= hci_conn_hash_lookup_handle(hdev
, cp
->phy_handle
);
1825 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1828 hci_dev_unlock(hdev
);
1831 static void hci_cs_accept_phylink(struct hci_dev
*hdev
, u8 status
)
1833 struct hci_cp_accept_phy_link
*cp
;
1835 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1840 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ACCEPT_PHY_LINK
);
1844 amp_write_remote_assoc(hdev
, cp
->phy_handle
);
1847 static void hci_cs_create_logical_link(struct hci_dev
*hdev
, u8 status
)
1849 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1852 static void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1854 __u8 status
= *((__u8
*) skb
->data
);
1855 struct discovery_state
*discov
= &hdev
->discovery
;
1856 struct inquiry_entry
*e
;
1858 BT_DBG("%s status 0x%2.2x", hdev
->name
, status
);
1860 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1862 hci_conn_check_pending(hdev
);
1864 if (!test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
1867 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1872 if (discov
->state
!= DISCOVERY_FINDING
)
1875 if (list_empty(&discov
->resolve
)) {
1876 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1880 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_NEEDED
);
1881 if (e
&& hci_resolve_name(hdev
, e
) == 0) {
1882 e
->name_state
= NAME_PENDING
;
1883 hci_discovery_set_state(hdev
, DISCOVERY_RESOLVING
);
1885 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
1889 hci_dev_unlock(hdev
);
1892 static void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1894 struct inquiry_data data
;
1895 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1896 int num_rsp
= *((__u8
*) skb
->data
);
1898 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
1903 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
1908 for (; num_rsp
; num_rsp
--, info
++) {
1909 bool name_known
, ssp
;
1911 bacpy(&data
.bdaddr
, &info
->bdaddr
);
1912 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
1913 data
.pscan_period_mode
= info
->pscan_period_mode
;
1914 data
.pscan_mode
= info
->pscan_mode
;
1915 memcpy(data
.dev_class
, info
->dev_class
, 3);
1916 data
.clock_offset
= info
->clock_offset
;
1918 data
.ssp_mode
= 0x00;
1920 name_known
= hci_inquiry_cache_update(hdev
, &data
, false, &ssp
);
1921 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
1922 info
->dev_class
, 0, !name_known
, ssp
, NULL
,
1926 hci_dev_unlock(hdev
);
1929 static void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1931 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
1932 struct hci_conn
*conn
;
1934 BT_DBG("%s", hdev
->name
);
1938 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1940 if (ev
->link_type
!= SCO_LINK
)
1943 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
1947 conn
->type
= SCO_LINK
;
1951 conn
->handle
= __le16_to_cpu(ev
->handle
);
1953 if (conn
->type
== ACL_LINK
) {
1954 conn
->state
= BT_CONFIG
;
1955 hci_conn_hold(conn
);
1957 if (!conn
->out
&& !hci_conn_ssp_enabled(conn
) &&
1958 !hci_find_link_key(hdev
, &ev
->bdaddr
))
1959 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
1961 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1963 conn
->state
= BT_CONNECTED
;
1965 hci_conn_hold_device(conn
);
1966 hci_conn_add_sysfs(conn
);
1968 if (test_bit(HCI_AUTH
, &hdev
->flags
))
1969 conn
->link_mode
|= HCI_LM_AUTH
;
1971 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
1972 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1974 /* Get remote features */
1975 if (conn
->type
== ACL_LINK
) {
1976 struct hci_cp_read_remote_features cp
;
1977 cp
.handle
= ev
->handle
;
1978 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
1982 /* Set packet type for incoming connection */
1983 if (!conn
->out
&& hdev
->hci_ver
< BLUETOOTH_VER_2_0
) {
1984 struct hci_cp_change_conn_ptype cp
;
1985 cp
.handle
= ev
->handle
;
1986 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1987 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
, sizeof(cp
),
1991 conn
->state
= BT_CLOSED
;
1992 if (conn
->type
== ACL_LINK
)
1993 mgmt_connect_failed(hdev
, &ev
->bdaddr
, conn
->type
,
1994 conn
->dst_type
, ev
->status
);
1997 if (conn
->type
== ACL_LINK
)
1998 hci_sco_setup(conn
, ev
->status
);
2001 hci_proto_connect_cfm(conn
, ev
->status
);
2003 } else if (ev
->link_type
!= ACL_LINK
)
2004 hci_proto_connect_cfm(conn
, ev
->status
);
2007 hci_dev_unlock(hdev
);
2009 hci_conn_check_pending(hdev
);
2012 static void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2014 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
2015 int mask
= hdev
->link_mode
;
2017 BT_DBG("%s bdaddr %pMR type 0x%x", hdev
->name
, &ev
->bdaddr
,
2020 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
);
2022 if ((mask
& HCI_LM_ACCEPT
) &&
2023 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
)) {
2024 /* Connection accepted */
2025 struct inquiry_entry
*ie
;
2026 struct hci_conn
*conn
;
2030 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2032 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
2034 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
,
2037 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
2039 BT_ERR("No memory for new connection");
2040 hci_dev_unlock(hdev
);
2045 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
2046 conn
->state
= BT_CONNECT
;
2048 hci_dev_unlock(hdev
);
2050 if (ev
->link_type
== ACL_LINK
|| !lmp_esco_capable(hdev
)) {
2051 struct hci_cp_accept_conn_req cp
;
2053 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2055 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
2056 cp
.role
= 0x00; /* Become master */
2058 cp
.role
= 0x01; /* Remain slave */
2060 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
, sizeof(cp
),
2063 struct hci_cp_accept_sync_conn_req cp
;
2065 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2066 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
2068 cp
.tx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
2069 cp
.rx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
2070 cp
.max_latency
= __constant_cpu_to_le16(0xffff);
2071 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
2072 cp
.retrans_effort
= 0xff;
2074 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
2078 /* Connection rejected */
2079 struct hci_cp_reject_conn_req cp
;
2081 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2082 cp
.reason
= HCI_ERROR_REJ_BAD_ADDR
;
2083 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
2087 static u8
hci_to_mgmt_reason(u8 err
)
2090 case HCI_ERROR_CONNECTION_TIMEOUT
:
2091 return MGMT_DEV_DISCONN_TIMEOUT
;
2092 case HCI_ERROR_REMOTE_USER_TERM
:
2093 case HCI_ERROR_REMOTE_LOW_RESOURCES
:
2094 case HCI_ERROR_REMOTE_POWER_OFF
:
2095 return MGMT_DEV_DISCONN_REMOTE
;
2096 case HCI_ERROR_LOCAL_HOST_TERM
:
2097 return MGMT_DEV_DISCONN_LOCAL_HOST
;
2099 return MGMT_DEV_DISCONN_UNKNOWN
;
2103 static void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2105 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
2106 struct hci_conn
*conn
;
2108 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2112 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2116 if (ev
->status
== 0)
2117 conn
->state
= BT_CLOSED
;
2119 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
) &&
2120 (conn
->type
== ACL_LINK
|| conn
->type
== LE_LINK
)) {
2122 mgmt_disconnect_failed(hdev
, &conn
->dst
, conn
->type
,
2123 conn
->dst_type
, ev
->status
);
2125 u8 reason
= hci_to_mgmt_reason(ev
->reason
);
2127 mgmt_device_disconnected(hdev
, &conn
->dst
, conn
->type
,
2128 conn
->dst_type
, reason
);
2132 if (ev
->status
== 0) {
2133 if (conn
->type
== ACL_LINK
&& conn
->flush_key
)
2134 hci_remove_link_key(hdev
, &conn
->dst
);
2135 hci_proto_disconn_cfm(conn
, ev
->reason
);
2140 hci_dev_unlock(hdev
);
2143 static void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2145 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
2146 struct hci_conn
*conn
;
2148 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2152 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2157 if (!hci_conn_ssp_enabled(conn
) &&
2158 test_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
)) {
2159 BT_INFO("re-auth of legacy device is not possible.");
2161 conn
->link_mode
|= HCI_LM_AUTH
;
2162 conn
->sec_level
= conn
->pending_sec_level
;
2165 mgmt_auth_failed(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
2169 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2170 clear_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
2172 if (conn
->state
== BT_CONFIG
) {
2173 if (!ev
->status
&& hci_conn_ssp_enabled(conn
)) {
2174 struct hci_cp_set_conn_encrypt cp
;
2175 cp
.handle
= ev
->handle
;
2177 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2180 conn
->state
= BT_CONNECTED
;
2181 hci_proto_connect_cfm(conn
, ev
->status
);
2185 hci_auth_cfm(conn
, ev
->status
);
2187 hci_conn_hold(conn
);
2188 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2192 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
2194 struct hci_cp_set_conn_encrypt cp
;
2195 cp
.handle
= ev
->handle
;
2197 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
2200 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2201 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
2206 hci_dev_unlock(hdev
);
2209 static void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2211 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
2212 struct hci_conn
*conn
;
2214 BT_DBG("%s", hdev
->name
);
2216 hci_conn_check_pending(hdev
);
2220 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2222 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2225 if (ev
->status
== 0)
2226 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, ev
->name
,
2227 strnlen(ev
->name
, HCI_MAX_NAME_LENGTH
));
2229 hci_check_pending_name(hdev
, conn
, &ev
->bdaddr
, NULL
, 0);
2235 if (!hci_outgoing_auth_needed(hdev
, conn
))
2238 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
2239 struct hci_cp_auth_requested cp
;
2240 cp
.handle
= __cpu_to_le16(conn
->handle
);
2241 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
2245 hci_dev_unlock(hdev
);
2248 static void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2250 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
2251 struct hci_conn
*conn
;
2253 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2257 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2261 /* Encryption implies authentication */
2262 conn
->link_mode
|= HCI_LM_AUTH
;
2263 conn
->link_mode
|= HCI_LM_ENCRYPT
;
2264 conn
->sec_level
= conn
->pending_sec_level
;
2266 conn
->link_mode
&= ~HCI_LM_ENCRYPT
;
2269 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
2271 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
2272 hci_acl_disconn(conn
, HCI_ERROR_AUTH_FAILURE
);
2277 if (conn
->state
== BT_CONFIG
) {
2279 conn
->state
= BT_CONNECTED
;
2281 hci_proto_connect_cfm(conn
, ev
->status
);
2284 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
2288 hci_dev_unlock(hdev
);
2291 static void hci_change_link_key_complete_evt(struct hci_dev
*hdev
,
2292 struct sk_buff
*skb
)
2294 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
2295 struct hci_conn
*conn
;
2297 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2301 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2304 conn
->link_mode
|= HCI_LM_SECURE
;
2306 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
);
2308 hci_key_change_cfm(conn
, ev
->status
);
2311 hci_dev_unlock(hdev
);
2314 static void hci_remote_features_evt(struct hci_dev
*hdev
,
2315 struct sk_buff
*skb
)
2317 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
2318 struct hci_conn
*conn
;
2320 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2324 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2329 memcpy(conn
->features
, ev
->features
, 8);
2331 if (conn
->state
!= BT_CONFIG
)
2334 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
2335 struct hci_cp_read_remote_ext_features cp
;
2336 cp
.handle
= ev
->handle
;
2338 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
2343 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
2344 struct hci_cp_remote_name_req cp
;
2345 memset(&cp
, 0, sizeof(cp
));
2346 bacpy(&cp
.bdaddr
, &conn
->dst
);
2347 cp
.pscan_rep_mode
= 0x02;
2348 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2349 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
2350 mgmt_device_connected(hdev
, &conn
->dst
, conn
->type
,
2351 conn
->dst_type
, 0, NULL
, 0,
2354 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2355 conn
->state
= BT_CONNECTED
;
2356 hci_proto_connect_cfm(conn
, ev
->status
);
2361 hci_dev_unlock(hdev
);
2364 static void hci_remote_version_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2366 BT_DBG("%s", hdev
->name
);
2369 static void hci_qos_setup_complete_evt(struct hci_dev
*hdev
,
2370 struct sk_buff
*skb
)
2372 BT_DBG("%s", hdev
->name
);
2375 static void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2377 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
2380 skb_pull(skb
, sizeof(*ev
));
2382 opcode
= __le16_to_cpu(ev
->opcode
);
2385 case HCI_OP_INQUIRY_CANCEL
:
2386 hci_cc_inquiry_cancel(hdev
, skb
);
2389 case HCI_OP_PERIODIC_INQ
:
2390 hci_cc_periodic_inq(hdev
, skb
);
2393 case HCI_OP_EXIT_PERIODIC_INQ
:
2394 hci_cc_exit_periodic_inq(hdev
, skb
);
2397 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
2398 hci_cc_remote_name_req_cancel(hdev
, skb
);
2401 case HCI_OP_ROLE_DISCOVERY
:
2402 hci_cc_role_discovery(hdev
, skb
);
2405 case HCI_OP_READ_LINK_POLICY
:
2406 hci_cc_read_link_policy(hdev
, skb
);
2409 case HCI_OP_WRITE_LINK_POLICY
:
2410 hci_cc_write_link_policy(hdev
, skb
);
2413 case HCI_OP_READ_DEF_LINK_POLICY
:
2414 hci_cc_read_def_link_policy(hdev
, skb
);
2417 case HCI_OP_WRITE_DEF_LINK_POLICY
:
2418 hci_cc_write_def_link_policy(hdev
, skb
);
2422 hci_cc_reset(hdev
, skb
);
2425 case HCI_OP_WRITE_LOCAL_NAME
:
2426 hci_cc_write_local_name(hdev
, skb
);
2429 case HCI_OP_READ_LOCAL_NAME
:
2430 hci_cc_read_local_name(hdev
, skb
);
2433 case HCI_OP_WRITE_AUTH_ENABLE
:
2434 hci_cc_write_auth_enable(hdev
, skb
);
2437 case HCI_OP_WRITE_ENCRYPT_MODE
:
2438 hci_cc_write_encrypt_mode(hdev
, skb
);
2441 case HCI_OP_WRITE_SCAN_ENABLE
:
2442 hci_cc_write_scan_enable(hdev
, skb
);
2445 case HCI_OP_READ_CLASS_OF_DEV
:
2446 hci_cc_read_class_of_dev(hdev
, skb
);
2449 case HCI_OP_WRITE_CLASS_OF_DEV
:
2450 hci_cc_write_class_of_dev(hdev
, skb
);
2453 case HCI_OP_READ_VOICE_SETTING
:
2454 hci_cc_read_voice_setting(hdev
, skb
);
2457 case HCI_OP_WRITE_VOICE_SETTING
:
2458 hci_cc_write_voice_setting(hdev
, skb
);
2461 case HCI_OP_HOST_BUFFER_SIZE
:
2462 hci_cc_host_buffer_size(hdev
, skb
);
2465 case HCI_OP_WRITE_SSP_MODE
:
2466 hci_cc_write_ssp_mode(hdev
, skb
);
2469 case HCI_OP_READ_LOCAL_VERSION
:
2470 hci_cc_read_local_version(hdev
, skb
);
2473 case HCI_OP_READ_LOCAL_COMMANDS
:
2474 hci_cc_read_local_commands(hdev
, skb
);
2477 case HCI_OP_READ_LOCAL_FEATURES
:
2478 hci_cc_read_local_features(hdev
, skb
);
2481 case HCI_OP_READ_LOCAL_EXT_FEATURES
:
2482 hci_cc_read_local_ext_features(hdev
, skb
);
2485 case HCI_OP_READ_BUFFER_SIZE
:
2486 hci_cc_read_buffer_size(hdev
, skb
);
2489 case HCI_OP_READ_BD_ADDR
:
2490 hci_cc_read_bd_addr(hdev
, skb
);
2493 case HCI_OP_READ_DATA_BLOCK_SIZE
:
2494 hci_cc_read_data_block_size(hdev
, skb
);
2497 case HCI_OP_WRITE_CA_TIMEOUT
:
2498 hci_cc_write_ca_timeout(hdev
, skb
);
2501 case HCI_OP_READ_FLOW_CONTROL_MODE
:
2502 hci_cc_read_flow_control_mode(hdev
, skb
);
2505 case HCI_OP_READ_LOCAL_AMP_INFO
:
2506 hci_cc_read_local_amp_info(hdev
, skb
);
2509 case HCI_OP_READ_LOCAL_AMP_ASSOC
:
2510 hci_cc_read_local_amp_assoc(hdev
, skb
);
2513 case HCI_OP_DELETE_STORED_LINK_KEY
:
2514 hci_cc_delete_stored_link_key(hdev
, skb
);
2517 case HCI_OP_SET_EVENT_MASK
:
2518 hci_cc_set_event_mask(hdev
, skb
);
2521 case HCI_OP_WRITE_INQUIRY_MODE
:
2522 hci_cc_write_inquiry_mode(hdev
, skb
);
2525 case HCI_OP_READ_INQ_RSP_TX_POWER
:
2526 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
2529 case HCI_OP_SET_EVENT_FLT
:
2530 hci_cc_set_event_flt(hdev
, skb
);
2533 case HCI_OP_PIN_CODE_REPLY
:
2534 hci_cc_pin_code_reply(hdev
, skb
);
2537 case HCI_OP_PIN_CODE_NEG_REPLY
:
2538 hci_cc_pin_code_neg_reply(hdev
, skb
);
2541 case HCI_OP_READ_LOCAL_OOB_DATA
:
2542 hci_cc_read_local_oob_data_reply(hdev
, skb
);
2545 case HCI_OP_LE_READ_BUFFER_SIZE
:
2546 hci_cc_le_read_buffer_size(hdev
, skb
);
2549 case HCI_OP_LE_READ_ADV_TX_POWER
:
2550 hci_cc_le_read_adv_tx_power(hdev
, skb
);
2553 case HCI_OP_LE_SET_EVENT_MASK
:
2554 hci_cc_le_set_event_mask(hdev
, skb
);
2557 case HCI_OP_USER_CONFIRM_REPLY
:
2558 hci_cc_user_confirm_reply(hdev
, skb
);
2561 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
2562 hci_cc_user_confirm_neg_reply(hdev
, skb
);
2565 case HCI_OP_USER_PASSKEY_REPLY
:
2566 hci_cc_user_passkey_reply(hdev
, skb
);
2569 case HCI_OP_USER_PASSKEY_NEG_REPLY
:
2570 hci_cc_user_passkey_neg_reply(hdev
, skb
);
2573 case HCI_OP_LE_SET_SCAN_PARAM
:
2574 hci_cc_le_set_scan_param(hdev
, skb
);
2577 case HCI_OP_LE_SET_SCAN_ENABLE
:
2578 hci_cc_le_set_scan_enable(hdev
, skb
);
2581 case HCI_OP_LE_LTK_REPLY
:
2582 hci_cc_le_ltk_reply(hdev
, skb
);
2585 case HCI_OP_LE_LTK_NEG_REPLY
:
2586 hci_cc_le_ltk_neg_reply(hdev
, skb
);
2589 case HCI_OP_WRITE_LE_HOST_SUPPORTED
:
2590 hci_cc_write_le_host_supported(hdev
, skb
);
2593 case HCI_OP_WRITE_REMOTE_AMP_ASSOC
:
2594 hci_cc_write_remote_amp_assoc(hdev
, skb
);
2598 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2602 if (ev
->opcode
!= HCI_OP_NOP
)
2603 del_timer(&hdev
->cmd_timer
);
2606 atomic_set(&hdev
->cmd_cnt
, 1);
2607 if (!skb_queue_empty(&hdev
->cmd_q
))
2608 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2612 static void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2614 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
2617 skb_pull(skb
, sizeof(*ev
));
2619 opcode
= __le16_to_cpu(ev
->opcode
);
2622 case HCI_OP_INQUIRY
:
2623 hci_cs_inquiry(hdev
, ev
->status
);
2626 case HCI_OP_CREATE_CONN
:
2627 hci_cs_create_conn(hdev
, ev
->status
);
2630 case HCI_OP_ADD_SCO
:
2631 hci_cs_add_sco(hdev
, ev
->status
);
2634 case HCI_OP_AUTH_REQUESTED
:
2635 hci_cs_auth_requested(hdev
, ev
->status
);
2638 case HCI_OP_SET_CONN_ENCRYPT
:
2639 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
2642 case HCI_OP_REMOTE_NAME_REQ
:
2643 hci_cs_remote_name_req(hdev
, ev
->status
);
2646 case HCI_OP_READ_REMOTE_FEATURES
:
2647 hci_cs_read_remote_features(hdev
, ev
->status
);
2650 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
2651 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
2654 case HCI_OP_SETUP_SYNC_CONN
:
2655 hci_cs_setup_sync_conn(hdev
, ev
->status
);
2658 case HCI_OP_SNIFF_MODE
:
2659 hci_cs_sniff_mode(hdev
, ev
->status
);
2662 case HCI_OP_EXIT_SNIFF_MODE
:
2663 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
2666 case HCI_OP_DISCONNECT
:
2667 hci_cs_disconnect(hdev
, ev
->status
);
2670 case HCI_OP_LE_CREATE_CONN
:
2671 hci_cs_le_create_conn(hdev
, ev
->status
);
2674 case HCI_OP_LE_START_ENC
:
2675 hci_cs_le_start_enc(hdev
, ev
->status
);
2678 case HCI_OP_CREATE_PHY_LINK
:
2679 hci_cs_create_phylink(hdev
, ev
->status
);
2682 case HCI_OP_ACCEPT_PHY_LINK
:
2683 hci_cs_accept_phylink(hdev
, ev
->status
);
2686 case HCI_OP_CREATE_LOGICAL_LINK
:
2687 hci_cs_create_logical_link(hdev
, ev
->status
);
2691 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2695 if (ev
->opcode
!= HCI_OP_NOP
)
2696 del_timer(&hdev
->cmd_timer
);
2698 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
2699 atomic_set(&hdev
->cmd_cnt
, 1);
2700 if (!skb_queue_empty(&hdev
->cmd_q
))
2701 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2705 static void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2707 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
2708 struct hci_conn
*conn
;
2710 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2714 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2718 conn
->link_mode
&= ~HCI_LM_MASTER
;
2720 conn
->link_mode
|= HCI_LM_MASTER
;
2723 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
);
2725 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
2728 hci_dev_unlock(hdev
);
2731 static void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2733 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
2736 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_PACKET_BASED
) {
2737 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
2741 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
2742 ev
->num_hndl
* sizeof(struct hci_comp_pkts_info
)) {
2743 BT_DBG("%s bad parameters", hdev
->name
);
2747 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
2749 for (i
= 0; i
< ev
->num_hndl
; i
++) {
2750 struct hci_comp_pkts_info
*info
= &ev
->handles
[i
];
2751 struct hci_conn
*conn
;
2752 __u16 handle
, count
;
2754 handle
= __le16_to_cpu(info
->handle
);
2755 count
= __le16_to_cpu(info
->count
);
2757 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2761 conn
->sent
-= count
;
2763 switch (conn
->type
) {
2765 hdev
->acl_cnt
+= count
;
2766 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2767 hdev
->acl_cnt
= hdev
->acl_pkts
;
2771 if (hdev
->le_pkts
) {
2772 hdev
->le_cnt
+= count
;
2773 if (hdev
->le_cnt
> hdev
->le_pkts
)
2774 hdev
->le_cnt
= hdev
->le_pkts
;
2776 hdev
->acl_cnt
+= count
;
2777 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
2778 hdev
->acl_cnt
= hdev
->acl_pkts
;
2783 hdev
->sco_cnt
+= count
;
2784 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
2785 hdev
->sco_cnt
= hdev
->sco_pkts
;
2789 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
2794 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2797 static struct hci_conn
*__hci_conn_lookup_handle(struct hci_dev
*hdev
,
2800 struct hci_chan
*chan
;
2802 switch (hdev
->dev_type
) {
2804 return hci_conn_hash_lookup_handle(hdev
, handle
);
2806 chan
= hci_chan_lookup_handle(hdev
, handle
);
2811 BT_ERR("%s unknown dev_type %d", hdev
->name
, hdev
->dev_type
);
2818 static void hci_num_comp_blocks_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2820 struct hci_ev_num_comp_blocks
*ev
= (void *) skb
->data
;
2823 if (hdev
->flow_ctl_mode
!= HCI_FLOW_CTL_MODE_BLOCK_BASED
) {
2824 BT_ERR("Wrong event for mode %d", hdev
->flow_ctl_mode
);
2828 if (skb
->len
< sizeof(*ev
) || skb
->len
< sizeof(*ev
) +
2829 ev
->num_hndl
* sizeof(struct hci_comp_blocks_info
)) {
2830 BT_DBG("%s bad parameters", hdev
->name
);
2834 BT_DBG("%s num_blocks %d num_hndl %d", hdev
->name
, ev
->num_blocks
,
2837 for (i
= 0; i
< ev
->num_hndl
; i
++) {
2838 struct hci_comp_blocks_info
*info
= &ev
->handles
[i
];
2839 struct hci_conn
*conn
= NULL
;
2840 __u16 handle
, block_count
;
2842 handle
= __le16_to_cpu(info
->handle
);
2843 block_count
= __le16_to_cpu(info
->blocks
);
2845 conn
= __hci_conn_lookup_handle(hdev
, handle
);
2849 conn
->sent
-= block_count
;
2851 switch (conn
->type
) {
2854 hdev
->block_cnt
+= block_count
;
2855 if (hdev
->block_cnt
> hdev
->num_blocks
)
2856 hdev
->block_cnt
= hdev
->num_blocks
;
2860 BT_ERR("Unknown type %d conn %p", conn
->type
, conn
);
2865 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2868 static void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2870 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
2871 struct hci_conn
*conn
;
2873 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
2877 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2879 conn
->mode
= ev
->mode
;
2880 conn
->interval
= __le16_to_cpu(ev
->interval
);
2882 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
,
2884 if (conn
->mode
== HCI_CM_ACTIVE
)
2885 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
2887 clear_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
2890 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->flags
))
2891 hci_sco_setup(conn
, ev
->status
);
2894 hci_dev_unlock(hdev
);
2897 static void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2899 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
2900 struct hci_conn
*conn
;
2902 BT_DBG("%s", hdev
->name
);
2906 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2910 if (conn
->state
== BT_CONNECTED
) {
2911 hci_conn_hold(conn
);
2912 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2916 if (!test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
2917 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2918 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2919 else if (test_bit(HCI_MGMT
, &hdev
->dev_flags
)) {
2922 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
2927 mgmt_pin_code_request(hdev
, &ev
->bdaddr
, secure
);
2931 hci_dev_unlock(hdev
);
2934 static void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2936 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
2937 struct hci_cp_link_key_reply cp
;
2938 struct hci_conn
*conn
;
2939 struct link_key
*key
;
2941 BT_DBG("%s", hdev
->name
);
2943 if (!test_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
))
2948 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
2950 BT_DBG("%s link key not found for %pMR", hdev
->name
,
2955 BT_DBG("%s found key type %u for %pMR", hdev
->name
, key
->type
,
2958 if (!test_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
) &&
2959 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
2960 BT_DBG("%s ignoring debug key", hdev
->name
);
2964 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2966 if (key
->type
== HCI_LK_UNAUTH_COMBINATION
&&
2967 conn
->auth_type
!= 0xff && (conn
->auth_type
& 0x01)) {
2968 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
2972 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
2973 conn
->pending_sec_level
== BT_SECURITY_HIGH
) {
2974 BT_DBG("%s ignoring key unauthenticated for high security",
2979 conn
->key_type
= key
->type
;
2980 conn
->pin_length
= key
->pin_len
;
2983 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2984 memcpy(cp
.link_key
, key
->val
, HCI_LINK_KEY_SIZE
);
2986 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
2988 hci_dev_unlock(hdev
);
2993 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
2994 hci_dev_unlock(hdev
);
2997 static void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2999 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
3000 struct hci_conn
*conn
;
3003 BT_DBG("%s", hdev
->name
);
3007 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3009 hci_conn_hold(conn
);
3010 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3011 pin_len
= conn
->pin_length
;
3013 if (ev
->key_type
!= HCI_LK_CHANGED_COMBINATION
)
3014 conn
->key_type
= ev
->key_type
;
3019 if (test_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
))
3020 hci_add_link_key(hdev
, conn
, 1, &ev
->bdaddr
, ev
->link_key
,
3021 ev
->key_type
, pin_len
);
3023 hci_dev_unlock(hdev
);
3026 static void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3028 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
3029 struct hci_conn
*conn
;
3031 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3035 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3036 if (conn
&& !ev
->status
) {
3037 struct inquiry_entry
*ie
;
3039 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3041 ie
->data
.clock_offset
= ev
->clock_offset
;
3042 ie
->timestamp
= jiffies
;
3046 hci_dev_unlock(hdev
);
3049 static void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3051 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
3052 struct hci_conn
*conn
;
3054 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3058 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3059 if (conn
&& !ev
->status
)
3060 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
3062 hci_dev_unlock(hdev
);
3065 static void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3067 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
3068 struct inquiry_entry
*ie
;
3070 BT_DBG("%s", hdev
->name
);
3074 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3076 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
3077 ie
->timestamp
= jiffies
;
3080 hci_dev_unlock(hdev
);
3083 static void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
,
3084 struct sk_buff
*skb
)
3086 struct inquiry_data data
;
3087 int num_rsp
= *((__u8
*) skb
->data
);
3088 bool name_known
, ssp
;
3090 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3095 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3100 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
3101 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
3102 info
= (void *) (skb
->data
+ 1);
3104 for (; num_rsp
; num_rsp
--, info
++) {
3105 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3106 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3107 data
.pscan_period_mode
= info
->pscan_period_mode
;
3108 data
.pscan_mode
= info
->pscan_mode
;
3109 memcpy(data
.dev_class
, info
->dev_class
, 3);
3110 data
.clock_offset
= info
->clock_offset
;
3111 data
.rssi
= info
->rssi
;
3112 data
.ssp_mode
= 0x00;
3114 name_known
= hci_inquiry_cache_update(hdev
, &data
,
3116 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3117 info
->dev_class
, info
->rssi
,
3118 !name_known
, ssp
, NULL
, 0);
3121 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
3123 for (; num_rsp
; num_rsp
--, info
++) {
3124 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3125 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3126 data
.pscan_period_mode
= info
->pscan_period_mode
;
3127 data
.pscan_mode
= 0x00;
3128 memcpy(data
.dev_class
, info
->dev_class
, 3);
3129 data
.clock_offset
= info
->clock_offset
;
3130 data
.rssi
= info
->rssi
;
3131 data
.ssp_mode
= 0x00;
3132 name_known
= hci_inquiry_cache_update(hdev
, &data
,
3134 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3135 info
->dev_class
, info
->rssi
,
3136 !name_known
, ssp
, NULL
, 0);
3140 hci_dev_unlock(hdev
);
3143 static void hci_remote_ext_features_evt(struct hci_dev
*hdev
,
3144 struct sk_buff
*skb
)
3146 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
3147 struct hci_conn
*conn
;
3149 BT_DBG("%s", hdev
->name
);
3153 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3157 if (!ev
->status
&& ev
->page
== 0x01) {
3158 struct inquiry_entry
*ie
;
3160 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
3162 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3164 if (ev
->features
[0] & LMP_HOST_SSP
)
3165 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
3168 if (conn
->state
!= BT_CONFIG
)
3171 if (!ev
->status
&& !test_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
)) {
3172 struct hci_cp_remote_name_req cp
;
3173 memset(&cp
, 0, sizeof(cp
));
3174 bacpy(&cp
.bdaddr
, &conn
->dst
);
3175 cp
.pscan_rep_mode
= 0x02;
3176 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
3177 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
3178 mgmt_device_connected(hdev
, &conn
->dst
, conn
->type
,
3179 conn
->dst_type
, 0, NULL
, 0,
3182 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
3183 conn
->state
= BT_CONNECTED
;
3184 hci_proto_connect_cfm(conn
, ev
->status
);
3189 hci_dev_unlock(hdev
);
3192 static void hci_sync_conn_complete_evt(struct hci_dev
*hdev
,
3193 struct sk_buff
*skb
)
3195 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
3196 struct hci_conn
*conn
;
3198 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3202 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
3204 if (ev
->link_type
== ESCO_LINK
)
3207 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
3211 conn
->type
= SCO_LINK
;
3214 switch (ev
->status
) {
3216 conn
->handle
= __le16_to_cpu(ev
->handle
);
3217 conn
->state
= BT_CONNECTED
;
3219 hci_conn_hold_device(conn
);
3220 hci_conn_add_sysfs(conn
);
3223 case 0x11: /* Unsupported Feature or Parameter Value */
3224 case 0x1c: /* SCO interval rejected */
3225 case 0x1a: /* Unsupported Remote Feature */
3226 case 0x1f: /* Unspecified error */
3227 if (conn
->out
&& conn
->attempt
< 2) {
3228 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
3229 (hdev
->esco_type
& EDR_ESCO_MASK
);
3230 hci_setup_sync(conn
, conn
->link
->handle
);
3236 conn
->state
= BT_CLOSED
;
3240 hci_proto_connect_cfm(conn
, ev
->status
);
3245 hci_dev_unlock(hdev
);
3248 static void hci_sync_conn_changed_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3250 BT_DBG("%s", hdev
->name
);
3253 static void hci_sniff_subrate_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3255 struct hci_ev_sniff_subrate
*ev
= (void *) skb
->data
;
3257 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3260 static void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
,
3261 struct sk_buff
*skb
)
3263 struct inquiry_data data
;
3264 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
3265 int num_rsp
= *((__u8
*) skb
->data
);
3268 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
3273 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
))
3278 for (; num_rsp
; num_rsp
--, info
++) {
3279 bool name_known
, ssp
;
3281 bacpy(&data
.bdaddr
, &info
->bdaddr
);
3282 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
3283 data
.pscan_period_mode
= info
->pscan_period_mode
;
3284 data
.pscan_mode
= 0x00;
3285 memcpy(data
.dev_class
, info
->dev_class
, 3);
3286 data
.clock_offset
= info
->clock_offset
;
3287 data
.rssi
= info
->rssi
;
3288 data
.ssp_mode
= 0x01;
3290 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3291 name_known
= eir_has_data_type(info
->data
,
3297 name_known
= hci_inquiry_cache_update(hdev
, &data
, name_known
,
3299 eir_len
= eir_get_length(info
->data
, sizeof(info
->data
));
3300 mgmt_device_found(hdev
, &info
->bdaddr
, ACL_LINK
, 0x00,
3301 info
->dev_class
, info
->rssi
, !name_known
,
3302 ssp
, info
->data
, eir_len
);
3305 hci_dev_unlock(hdev
);
3308 static void hci_key_refresh_complete_evt(struct hci_dev
*hdev
,
3309 struct sk_buff
*skb
)
3311 struct hci_ev_key_refresh_complete
*ev
= (void *) skb
->data
;
3312 struct hci_conn
*conn
;
3314 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev
->name
, ev
->status
,
3315 __le16_to_cpu(ev
->handle
));
3319 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3324 conn
->sec_level
= conn
->pending_sec_level
;
3326 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
3328 if (ev
->status
&& conn
->state
== BT_CONNECTED
) {
3329 hci_acl_disconn(conn
, HCI_ERROR_AUTH_FAILURE
);
3334 if (conn
->state
== BT_CONFIG
) {
3336 conn
->state
= BT_CONNECTED
;
3338 hci_proto_connect_cfm(conn
, ev
->status
);
3341 hci_auth_cfm(conn
, ev
->status
);
3343 hci_conn_hold(conn
);
3344 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3349 hci_dev_unlock(hdev
);
3352 static u8
hci_get_auth_req(struct hci_conn
*conn
)
3354 /* If remote requests dedicated bonding follow that lead */
3355 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03) {
3356 /* If both remote and local IO capabilities allow MITM
3357 * protection then require it, otherwise don't */
3358 if (conn
->remote_cap
== 0x03 || conn
->io_capability
== 0x03)
3364 /* If remote requests no-bonding follow that lead */
3365 if (conn
->remote_auth
== 0x00 || conn
->remote_auth
== 0x01)
3366 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
3368 return conn
->auth_type
;
3371 static void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3373 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
3374 struct hci_conn
*conn
;
3376 BT_DBG("%s", hdev
->name
);
3380 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3384 hci_conn_hold(conn
);
3386 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3389 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
) ||
3390 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
3391 struct hci_cp_io_capability_reply cp
;
3393 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3394 /* Change the IO capability from KeyboardDisplay
3395 * to DisplayYesNo as it is not supported by BT spec. */
3396 cp
.capability
= (conn
->io_capability
== 0x04) ?
3397 0x01 : conn
->io_capability
;
3398 conn
->auth_type
= hci_get_auth_req(conn
);
3399 cp
.authentication
= conn
->auth_type
;
3401 if (hci_find_remote_oob_data(hdev
, &conn
->dst
) &&
3402 (conn
->out
|| test_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
)))
3407 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
3410 struct hci_cp_io_capability_neg_reply cp
;
3412 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3413 cp
.reason
= HCI_ERROR_PAIRING_NOT_ALLOWED
;
3415 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
3420 hci_dev_unlock(hdev
);
3423 static void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3425 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
3426 struct hci_conn
*conn
;
3428 BT_DBG("%s", hdev
->name
);
3432 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3436 conn
->remote_cap
= ev
->capability
;
3437 conn
->remote_auth
= ev
->authentication
;
3439 set_bit(HCI_CONN_REMOTE_OOB
, &conn
->flags
);
3442 hci_dev_unlock(hdev
);
3445 static void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
3446 struct sk_buff
*skb
)
3448 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
3449 int loc_mitm
, rem_mitm
, confirm_hint
= 0;
3450 struct hci_conn
*conn
;
3452 BT_DBG("%s", hdev
->name
);
3456 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3459 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3463 loc_mitm
= (conn
->auth_type
& 0x01);
3464 rem_mitm
= (conn
->remote_auth
& 0x01);
3466 /* If we require MITM but the remote device can't provide that
3467 * (it has NoInputNoOutput) then reject the confirmation
3468 * request. The only exception is when we're dedicated bonding
3469 * initiators (connect_cfm_cb set) since then we always have the MITM
3471 if (!conn
->connect_cfm_cb
&& loc_mitm
&& conn
->remote_cap
== 0x03) {
3472 BT_DBG("Rejecting request: remote device can't provide MITM");
3473 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
3474 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3478 /* If no side requires MITM protection; auto-accept */
3479 if ((!loc_mitm
|| conn
->remote_cap
== 0x03) &&
3480 (!rem_mitm
|| conn
->io_capability
== 0x03)) {
3482 /* If we're not the initiators request authorization to
3483 * proceed from user space (mgmt_user_confirm with
3484 * confirm_hint set to 1). */
3485 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
3486 BT_DBG("Confirming auto-accept as acceptor");
3491 BT_DBG("Auto-accept of user confirmation with %ums delay",
3492 hdev
->auto_accept_delay
);
3494 if (hdev
->auto_accept_delay
> 0) {
3495 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
3496 mod_timer(&conn
->auto_accept_timer
, jiffies
+ delay
);
3500 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
3501 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
3506 mgmt_user_confirm_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0, ev
->passkey
,
3510 hci_dev_unlock(hdev
);
3513 static void hci_user_passkey_request_evt(struct hci_dev
*hdev
,
3514 struct sk_buff
*skb
)
3516 struct hci_ev_user_passkey_req
*ev
= (void *) skb
->data
;
3518 BT_DBG("%s", hdev
->name
);
3520 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3521 mgmt_user_passkey_request(hdev
, &ev
->bdaddr
, ACL_LINK
, 0);
3524 static void hci_user_passkey_notify_evt(struct hci_dev
*hdev
,
3525 struct sk_buff
*skb
)
3527 struct hci_ev_user_passkey_notify
*ev
= (void *) skb
->data
;
3528 struct hci_conn
*conn
;
3530 BT_DBG("%s", hdev
->name
);
3532 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3536 conn
->passkey_notify
= __le32_to_cpu(ev
->passkey
);
3537 conn
->passkey_entered
= 0;
3539 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3540 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3541 conn
->dst_type
, conn
->passkey_notify
,
3542 conn
->passkey_entered
);
3545 static void hci_keypress_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3547 struct hci_ev_keypress_notify
*ev
= (void *) skb
->data
;
3548 struct hci_conn
*conn
;
3550 BT_DBG("%s", hdev
->name
);
3552 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3557 case HCI_KEYPRESS_STARTED
:
3558 conn
->passkey_entered
= 0;
3561 case HCI_KEYPRESS_ENTERED
:
3562 conn
->passkey_entered
++;
3565 case HCI_KEYPRESS_ERASED
:
3566 conn
->passkey_entered
--;
3569 case HCI_KEYPRESS_CLEARED
:
3570 conn
->passkey_entered
= 0;
3573 case HCI_KEYPRESS_COMPLETED
:
3577 if (test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3578 mgmt_user_passkey_notify(hdev
, &conn
->dst
, conn
->type
,
3579 conn
->dst_type
, conn
->passkey_notify
,
3580 conn
->passkey_entered
);
3583 static void hci_simple_pair_complete_evt(struct hci_dev
*hdev
,
3584 struct sk_buff
*skb
)
3586 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
3587 struct hci_conn
*conn
;
3589 BT_DBG("%s", hdev
->name
);
3593 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
3597 /* To avoid duplicate auth_failed events to user space we check
3598 * the HCI_CONN_AUTH_PEND flag which will be set if we
3599 * initiated the authentication. A traditional auth_complete
3600 * event gets always produced as initiator and is also mapped to
3601 * the mgmt_auth_failed event */
3602 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
) && ev
->status
)
3603 mgmt_auth_failed(hdev
, &conn
->dst
, conn
->type
, conn
->dst_type
,
3609 hci_dev_unlock(hdev
);
3612 static void hci_remote_host_features_evt(struct hci_dev
*hdev
,
3613 struct sk_buff
*skb
)
3615 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
3616 struct inquiry_entry
*ie
;
3618 BT_DBG("%s", hdev
->name
);
3622 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
3624 ie
->data
.ssp_mode
= (ev
->features
[0] & LMP_HOST_SSP
);
3626 hci_dev_unlock(hdev
);
3629 static void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
3630 struct sk_buff
*skb
)
3632 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
3633 struct oob_data
*data
;
3635 BT_DBG("%s", hdev
->name
);
3639 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3642 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
);
3644 struct hci_cp_remote_oob_data_reply cp
;
3646 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3647 memcpy(cp
.hash
, data
->hash
, sizeof(cp
.hash
));
3648 memcpy(cp
.randomizer
, data
->randomizer
, sizeof(cp
.randomizer
));
3650 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
, sizeof(cp
),
3653 struct hci_cp_remote_oob_data_neg_reply cp
;
3655 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
3656 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
, sizeof(cp
),
3661 hci_dev_unlock(hdev
);
3664 static void hci_phy_link_complete_evt(struct hci_dev
*hdev
,
3665 struct sk_buff
*skb
)
3667 struct hci_ev_phy_link_complete
*ev
= (void *) skb
->data
;
3668 struct hci_conn
*hcon
, *bredr_hcon
;
3670 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev
->name
, ev
->phy_handle
,
3675 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
3677 hci_dev_unlock(hdev
);
3683 hci_dev_unlock(hdev
);
3687 bredr_hcon
= hcon
->amp_mgr
->l2cap_conn
->hcon
;
3689 hcon
->state
= BT_CONNECTED
;
3690 bacpy(&hcon
->dst
, &bredr_hcon
->dst
);
3692 hci_conn_hold(hcon
);
3693 hcon
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
3696 hci_conn_hold_device(hcon
);
3697 hci_conn_add_sysfs(hcon
);
3699 hci_dev_unlock(hdev
);
3702 struct hci_dev
*bredr_hdev
= hci_dev_hold(bredr_hcon
->hdev
);
3707 /* Placeholder - create chan req
3708 l2cap_chan_create_cfm(bredr_hcon, hcon->remote_id);
3711 hci_dev_put(bredr_hdev
);
3715 static void hci_loglink_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3717 struct hci_ev_logical_link_complete
*ev
= (void *) skb
->data
;
3718 struct hci_conn
*hcon
;
3719 struct hci_chan
*hchan
;
3720 struct amp_mgr
*mgr
;
3722 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3723 hdev
->name
, le16_to_cpu(ev
->handle
), ev
->phy_handle
,
3726 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
3730 /* Create AMP hchan */
3731 hchan
= hci_chan_create(hcon
);
3735 hchan
->handle
= le16_to_cpu(ev
->handle
);
3737 BT_DBG("hcon %p mgr %p hchan %p", hcon
, hcon
->amp_mgr
, hchan
);
3739 mgr
= hcon
->amp_mgr
;
3740 if (mgr
&& mgr
->bredr_chan
) {
3741 struct l2cap_chan
*bredr_chan
= mgr
->bredr_chan
;
3743 l2cap_chan_lock(bredr_chan
);
3745 bredr_chan
->conn
->mtu
= hdev
->block_mtu
;
3746 l2cap_logical_cfm(bredr_chan
, hchan
, 0);
3747 hci_conn_hold(hcon
);
3749 l2cap_chan_unlock(bredr_chan
);
3753 static void hci_disconn_loglink_complete_evt(struct hci_dev
*hdev
,
3754 struct sk_buff
*skb
)
3756 struct hci_ev_disconn_logical_link_complete
*ev
= (void *) skb
->data
;
3757 struct hci_chan
*hchan
;
3759 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev
->name
,
3760 le16_to_cpu(ev
->handle
), ev
->status
);
3767 hchan
= hci_chan_lookup_handle(hdev
, le16_to_cpu(ev
->handle
));
3771 amp_destroy_logical_link(hchan
, ev
->reason
);
3774 hci_dev_unlock(hdev
);
3777 static void hci_disconn_phylink_complete_evt(struct hci_dev
*hdev
,
3778 struct sk_buff
*skb
)
3780 struct hci_ev_disconn_phy_link_complete
*ev
= (void *) skb
->data
;
3781 struct hci_conn
*hcon
;
3783 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3790 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
3792 hcon
->state
= BT_CLOSED
;
3796 hci_dev_unlock(hdev
);
3799 static void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3801 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
3802 struct hci_conn
*conn
;
3804 BT_DBG("%s status 0x%2.2x", hdev
->name
, ev
->status
);
3808 conn
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
3810 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
3812 BT_ERR("No memory for new connection");
3816 conn
->dst_type
= ev
->bdaddr_type
;
3818 if (ev
->role
== LE_CONN_ROLE_MASTER
) {
3820 conn
->link_mode
|= HCI_LM_MASTER
;
3825 mgmt_connect_failed(hdev
, &conn
->dst
, conn
->type
,
3826 conn
->dst_type
, ev
->status
);
3827 hci_proto_connect_cfm(conn
, ev
->status
);
3828 conn
->state
= BT_CLOSED
;
3833 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED
, &conn
->flags
))
3834 mgmt_device_connected(hdev
, &ev
->bdaddr
, conn
->type
,
3835 conn
->dst_type
, 0, NULL
, 0, NULL
);
3837 conn
->sec_level
= BT_SECURITY_LOW
;
3838 conn
->handle
= __le16_to_cpu(ev
->handle
);
3839 conn
->state
= BT_CONNECTED
;
3841 hci_conn_hold_device(conn
);
3842 hci_conn_add_sysfs(conn
);
3844 hci_proto_connect_cfm(conn
, ev
->status
);
3847 hci_dev_unlock(hdev
);
3850 static void hci_le_adv_report_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3852 u8 num_reports
= skb
->data
[0];
3853 void *ptr
= &skb
->data
[1];
3858 while (num_reports
--) {
3859 struct hci_ev_le_advertising_info
*ev
= ptr
;
3861 rssi
= ev
->data
[ev
->length
];
3862 mgmt_device_found(hdev
, &ev
->bdaddr
, LE_LINK
, ev
->bdaddr_type
,
3863 NULL
, rssi
, 0, 1, ev
->data
, ev
->length
);
3865 ptr
+= sizeof(*ev
) + ev
->length
+ 1;
3868 hci_dev_unlock(hdev
);
3871 static void hci_le_ltk_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3873 struct hci_ev_le_ltk_req
*ev
= (void *) skb
->data
;
3874 struct hci_cp_le_ltk_reply cp
;
3875 struct hci_cp_le_ltk_neg_reply neg
;
3876 struct hci_conn
*conn
;
3877 struct smp_ltk
*ltk
;
3879 BT_DBG("%s handle 0x%4.4x", hdev
->name
, __le16_to_cpu(ev
->handle
));
3883 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
3887 ltk
= hci_find_ltk(hdev
, ev
->ediv
, ev
->random
);
3891 memcpy(cp
.ltk
, ltk
->val
, sizeof(ltk
->val
));
3892 cp
.handle
= cpu_to_le16(conn
->handle
);
3894 if (ltk
->authenticated
)
3895 conn
->sec_level
= BT_SECURITY_HIGH
;
3897 hci_send_cmd(hdev
, HCI_OP_LE_LTK_REPLY
, sizeof(cp
), &cp
);
3899 if (ltk
->type
& HCI_SMP_STK
) {
3900 list_del(<k
->list
);
3904 hci_dev_unlock(hdev
);
3909 neg
.handle
= ev
->handle
;
3910 hci_send_cmd(hdev
, HCI_OP_LE_LTK_NEG_REPLY
, sizeof(neg
), &neg
);
3911 hci_dev_unlock(hdev
);
3914 static void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3916 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
3918 skb_pull(skb
, sizeof(*le_ev
));
3920 switch (le_ev
->subevent
) {
3921 case HCI_EV_LE_CONN_COMPLETE
:
3922 hci_le_conn_complete_evt(hdev
, skb
);
3925 case HCI_EV_LE_ADVERTISING_REPORT
:
3926 hci_le_adv_report_evt(hdev
, skb
);
3929 case HCI_EV_LE_LTK_REQ
:
3930 hci_le_ltk_request_evt(hdev
, skb
);
3938 static void hci_chan_selected_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3940 struct hci_ev_channel_selected
*ev
= (void *) skb
->data
;
3941 struct hci_conn
*hcon
;
3943 BT_DBG("%s handle 0x%2.2x", hdev
->name
, ev
->phy_handle
);
3945 skb_pull(skb
, sizeof(*ev
));
3947 hcon
= hci_conn_hash_lookup_handle(hdev
, ev
->phy_handle
);
3951 amp_read_loc_assoc_final_data(hdev
, hcon
);
3954 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3956 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
3957 __u8 event
= hdr
->evt
;
3959 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
3962 case HCI_EV_INQUIRY_COMPLETE
:
3963 hci_inquiry_complete_evt(hdev
, skb
);
3966 case HCI_EV_INQUIRY_RESULT
:
3967 hci_inquiry_result_evt(hdev
, skb
);
3970 case HCI_EV_CONN_COMPLETE
:
3971 hci_conn_complete_evt(hdev
, skb
);
3974 case HCI_EV_CONN_REQUEST
:
3975 hci_conn_request_evt(hdev
, skb
);
3978 case HCI_EV_DISCONN_COMPLETE
:
3979 hci_disconn_complete_evt(hdev
, skb
);
3982 case HCI_EV_AUTH_COMPLETE
:
3983 hci_auth_complete_evt(hdev
, skb
);
3986 case HCI_EV_REMOTE_NAME
:
3987 hci_remote_name_evt(hdev
, skb
);
3990 case HCI_EV_ENCRYPT_CHANGE
:
3991 hci_encrypt_change_evt(hdev
, skb
);
3994 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
3995 hci_change_link_key_complete_evt(hdev
, skb
);
3998 case HCI_EV_REMOTE_FEATURES
:
3999 hci_remote_features_evt(hdev
, skb
);
4002 case HCI_EV_REMOTE_VERSION
:
4003 hci_remote_version_evt(hdev
, skb
);
4006 case HCI_EV_QOS_SETUP_COMPLETE
:
4007 hci_qos_setup_complete_evt(hdev
, skb
);
4010 case HCI_EV_CMD_COMPLETE
:
4011 hci_cmd_complete_evt(hdev
, skb
);
4014 case HCI_EV_CMD_STATUS
:
4015 hci_cmd_status_evt(hdev
, skb
);
4018 case HCI_EV_ROLE_CHANGE
:
4019 hci_role_change_evt(hdev
, skb
);
4022 case HCI_EV_NUM_COMP_PKTS
:
4023 hci_num_comp_pkts_evt(hdev
, skb
);
4026 case HCI_EV_MODE_CHANGE
:
4027 hci_mode_change_evt(hdev
, skb
);
4030 case HCI_EV_PIN_CODE_REQ
:
4031 hci_pin_code_request_evt(hdev
, skb
);
4034 case HCI_EV_LINK_KEY_REQ
:
4035 hci_link_key_request_evt(hdev
, skb
);
4038 case HCI_EV_LINK_KEY_NOTIFY
:
4039 hci_link_key_notify_evt(hdev
, skb
);
4042 case HCI_EV_CLOCK_OFFSET
:
4043 hci_clock_offset_evt(hdev
, skb
);
4046 case HCI_EV_PKT_TYPE_CHANGE
:
4047 hci_pkt_type_change_evt(hdev
, skb
);
4050 case HCI_EV_PSCAN_REP_MODE
:
4051 hci_pscan_rep_mode_evt(hdev
, skb
);
4054 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
4055 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
4058 case HCI_EV_REMOTE_EXT_FEATURES
:
4059 hci_remote_ext_features_evt(hdev
, skb
);
4062 case HCI_EV_SYNC_CONN_COMPLETE
:
4063 hci_sync_conn_complete_evt(hdev
, skb
);
4066 case HCI_EV_SYNC_CONN_CHANGED
:
4067 hci_sync_conn_changed_evt(hdev
, skb
);
4070 case HCI_EV_SNIFF_SUBRATE
:
4071 hci_sniff_subrate_evt(hdev
, skb
);
4074 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
4075 hci_extended_inquiry_result_evt(hdev
, skb
);
4078 case HCI_EV_KEY_REFRESH_COMPLETE
:
4079 hci_key_refresh_complete_evt(hdev
, skb
);
4082 case HCI_EV_IO_CAPA_REQUEST
:
4083 hci_io_capa_request_evt(hdev
, skb
);
4086 case HCI_EV_IO_CAPA_REPLY
:
4087 hci_io_capa_reply_evt(hdev
, skb
);
4090 case HCI_EV_USER_CONFIRM_REQUEST
:
4091 hci_user_confirm_request_evt(hdev
, skb
);
4094 case HCI_EV_USER_PASSKEY_REQUEST
:
4095 hci_user_passkey_request_evt(hdev
, skb
);
4098 case HCI_EV_USER_PASSKEY_NOTIFY
:
4099 hci_user_passkey_notify_evt(hdev
, skb
);
4102 case HCI_EV_KEYPRESS_NOTIFY
:
4103 hci_keypress_notify_evt(hdev
, skb
);
4106 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
4107 hci_simple_pair_complete_evt(hdev
, skb
);
4110 case HCI_EV_REMOTE_HOST_FEATURES
:
4111 hci_remote_host_features_evt(hdev
, skb
);
4114 case HCI_EV_LE_META
:
4115 hci_le_meta_evt(hdev
, skb
);
4118 case HCI_EV_CHANNEL_SELECTED
:
4119 hci_chan_selected_evt(hdev
, skb
);
4122 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
4123 hci_remote_oob_data_request_evt(hdev
, skb
);
4126 case HCI_EV_PHY_LINK_COMPLETE
:
4127 hci_phy_link_complete_evt(hdev
, skb
);
4130 case HCI_EV_LOGICAL_LINK_COMPLETE
:
4131 hci_loglink_complete_evt(hdev
, skb
);
4134 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE
:
4135 hci_disconn_loglink_complete_evt(hdev
, skb
);
4138 case HCI_EV_DISCONN_PHY_LINK_COMPLETE
:
4139 hci_disconn_phylink_complete_evt(hdev
, skb
);
4142 case HCI_EV_NUM_COMP_BLOCKS
:
4143 hci_num_comp_blocks_evt(hdev
, skb
);
4147 BT_DBG("%s event 0x%2.2x", hdev
->name
, event
);
4152 hdev
->stat
.evt_rx
++;