2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 conn->link_mode &= ~HCI_LM_MASTER;
108 conn->link_mode |= HCI_LM_MASTER;
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 /* Reset all non-persistent flags */
195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
197 hdev->discovery.state = DISCOVERY_STOPPED;
198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
207 hdev->le_scan_type = LE_SCAN_PASSIVE;
209 hdev->ssp_debug_mode = 0;
212 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214 __u8 status = *((__u8 *) skb->data);
217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
230 hci_dev_unlock(hdev);
233 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
246 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
248 __u8 status = *((__u8 *) skb->data);
251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
258 __u8 param = *((__u8 *) sent);
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
263 clear_bit(HCI_AUTH, &hdev->flags);
266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
291 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 param = *((__u8 *) sent);
308 mgmt_write_scan_failed(hdev, param, status);
309 hdev->discov_timeout = 0;
313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
324 mgmt_discoverable(hdev, 1);
325 } else if (old_iscan)
326 mgmt_discoverable(hdev, 0);
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
331 mgmt_connectable(hdev, 1);
332 } else if (old_pscan)
333 mgmt_connectable(hdev, 0);
336 hci_dev_unlock(hdev);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
438 hdev->num_iac = rp->num_iac;
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
443 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
445 __u8 status = *((__u8 *) skb->data);
446 struct hci_cp_write_ssp_mode *sent;
448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 hdev->features[1][0] |= LMP_HOST_SSP;
458 hdev->features[1][0] &= ~LMP_HOST_SSP;
461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 hdev->features[1][0] |= LMP_HOST_SC;
486 hdev->features[1][0] &= ~LMP_HOST_SC;
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
517 static void hci_cc_read_local_commands(struct hci_dev *hdev,
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
531 static void hci_cc_read_local_features(struct hci_dev *hdev,
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
541 memcpy(hdev->features, rp->features, 8);
543 /* Adjust default settings according to features
544 * supported by device. */
546 if (hdev->features[0][0] & LMP_3SLOT)
547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
549 if (hdev->features[0][0] & LMP_5SLOT)
550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
552 if (hdev->features[0][1] & LMP_HV2) {
553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
557 if (hdev->features[0][1] & LMP_HV3) {
558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
562 if (lmp_esco_capable(hdev))
563 hdev->esco_type |= (ESCO_EV3);
565 if (hdev->features[0][4] & LMP_EV4)
566 hdev->esco_type |= (ESCO_EV4);
568 if (hdev->features[0][4] & LMP_EV5)
569 hdev->esco_type |= (ESCO_EV5);
571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
572 hdev->esco_type |= (ESCO_2EV3);
574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
575 hdev->esco_type |= (ESCO_3EV3);
577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
581 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
598 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606 hdev->flow_ctl_mode = rp->mode;
609 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
635 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
645 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
658 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
677 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
688 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
691 u8 status = *((u8 *) skb->data);
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
701 hdev->page_scan_type = *type;
704 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
718 hdev->block_cnt = hdev->num_blocks;
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
721 hdev->block_cnt, hdev->block_len);
724 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
727 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
729 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
734 hdev->amp_status = rp->amp_status;
735 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
736 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
737 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
738 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
739 hdev->amp_type = rp->amp_type;
740 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
741 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
742 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
743 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
746 a2mp_send_getinfo_rsp(hdev);
749 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
752 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
753 struct amp_assoc *assoc = &hdev->loc_assoc;
754 size_t rem_len, frag_len;
756 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
761 frag_len = skb->len - sizeof(*rp);
762 rem_len = __le16_to_cpu(rp->rem_len);
764 if (rem_len > frag_len) {
765 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
767 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
768 assoc->offset += frag_len;
770 /* Read other fragments */
771 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
776 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
777 assoc->len = assoc->offset + rem_len;
781 /* Send A2MP Rsp when all fragments are received */
782 a2mp_send_getampassoc_rsp(hdev, rp->status);
783 a2mp_send_create_phy_link_req(hdev, rp->status);
786 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
789 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
794 hdev->inq_tx_power = rp->tx_power;
797 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
799 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
800 struct hci_cp_pin_code_reply *cp;
801 struct hci_conn *conn;
803 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
807 if (test_bit(HCI_MGMT, &hdev->dev_flags))
808 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
813 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
819 conn->pin_length = cp->pin_len;
822 hci_dev_unlock(hdev);
825 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
827 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
829 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
833 if (test_bit(HCI_MGMT, &hdev->dev_flags))
834 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
837 hci_dev_unlock(hdev);
840 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
843 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
850 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
851 hdev->le_pkts = rp->le_max_pkt;
853 hdev->le_cnt = hdev->le_pkts;
855 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
858 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
861 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
863 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
866 memcpy(hdev->le_features, rp->features, 8);
869 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
872 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
874 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
877 hdev->adv_tx_power = rp->tx_power;
880 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
882 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
884 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
888 if (test_bit(HCI_MGMT, &hdev->dev_flags))
889 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
892 hci_dev_unlock(hdev);
895 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
898 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
900 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
904 if (test_bit(HCI_MGMT, &hdev->dev_flags))
905 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
906 ACL_LINK, 0, rp->status);
908 hci_dev_unlock(hdev);
911 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
913 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
915 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
919 if (test_bit(HCI_MGMT, &hdev->dev_flags))
920 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
923 hci_dev_unlock(hdev);
926 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
929 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
931 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
936 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
937 ACL_LINK, 0, rp->status);
939 hci_dev_unlock(hdev);
942 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
945 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
951 NULL, NULL, rp->status);
952 hci_dev_unlock(hdev);
955 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
958 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
960 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
963 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
964 rp->hash256, rp->randomizer256,
966 hci_dev_unlock(hdev);
970 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
972 __u8 status = *((__u8 *) skb->data);
975 BT_DBG("%s status 0x%2.2x", hdev->name, status);
977 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
984 bacpy(&hdev->random_addr, sent);
986 hci_dev_unlock(hdev);
989 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
991 __u8 *sent, status = *((__u8 *) skb->data);
993 BT_DBG("%s status 0x%2.2x", hdev->name, status);
995 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1004 /* If we're doing connection initation as peripheral. Set a
1005 * timeout in case something goes wrong.
1008 struct hci_conn *conn;
1010 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1012 queue_delayed_work(hdev->workqueue,
1013 &conn->le_conn_timeout,
1014 HCI_LE_CONN_TIMEOUT);
1017 mgmt_advertising(hdev, *sent);
1019 hci_dev_unlock(hdev);
1022 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_param *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1036 hdev->le_scan_type = cp->type;
1038 hci_dev_unlock(hdev);
1041 static bool has_pending_adv_report(struct hci_dev *hdev)
1043 struct discovery_state *d = &hdev->discovery;
1045 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1048 static void clear_pending_adv_report(struct hci_dev *hdev)
1050 struct discovery_state *d = &hdev->discovery;
1052 bacpy(&d->last_adv_addr, BDADDR_ANY);
1053 d->last_adv_data_len = 0;
1056 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1057 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
1059 struct discovery_state *d = &hdev->discovery;
1061 bacpy(&d->last_adv_addr, bdaddr);
1062 d->last_adv_addr_type = bdaddr_type;
1063 d->last_adv_rssi = rssi;
1064 memcpy(d->last_adv_data, data, len);
1065 d->last_adv_data_len = len;
1068 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1069 struct sk_buff *skb)
1071 struct hci_cp_le_set_scan_enable *cp;
1072 __u8 status = *((__u8 *) skb->data);
1074 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1076 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1083 switch (cp->enable) {
1084 case LE_SCAN_ENABLE:
1085 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1086 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1087 clear_pending_adv_report(hdev);
1090 case LE_SCAN_DISABLE:
1091 /* We do this here instead of when setting DISCOVERY_STOPPED
1092 * since the latter would potentially require waiting for
1093 * inquiry to stop too.
1095 if (has_pending_adv_report(hdev)) {
1096 struct discovery_state *d = &hdev->discovery;
1098 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1099 d->last_adv_addr_type, NULL,
1100 d->last_adv_rssi, 0, 1,
1102 d->last_adv_data_len, NULL, 0);
1105 /* Cancel this timer so that we don't try to disable scanning
1106 * when it's already disabled.
1108 cancel_delayed_work(&hdev->le_scan_disable);
1110 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1111 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1112 * interrupted scanning due to a connect request. Mark
1113 * therefore discovery as stopped.
1115 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1117 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1121 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1126 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1127 struct sk_buff *skb)
1129 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1131 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1134 hdev->le_white_list_size = rp->size;
1137 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1138 struct sk_buff *skb)
1140 __u8 status = *((__u8 *) skb->data);
1142 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1145 hci_white_list_clear(hdev);
1148 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1149 struct sk_buff *skb)
1151 struct hci_cp_le_add_to_white_list *sent;
1152 __u8 status = *((__u8 *) skb->data);
1154 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1156 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1161 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1164 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1165 struct sk_buff *skb)
1167 struct hci_cp_le_del_from_white_list *sent;
1168 __u8 status = *((__u8 *) skb->data);
1170 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1172 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1177 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1180 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1181 struct sk_buff *skb)
1183 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1185 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1188 memcpy(hdev->le_states, rp->le_states, 8);
1191 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1192 struct sk_buff *skb)
1194 struct hci_cp_write_le_host_supported *sent;
1195 __u8 status = *((__u8 *) skb->data);
1197 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1199 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1205 hdev->features[1][0] |= LMP_HOST_LE;
1206 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1208 hdev->features[1][0] &= ~LMP_HOST_LE;
1209 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1210 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1214 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1216 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1220 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1222 struct hci_cp_le_set_adv_param *cp;
1223 u8 status = *((u8 *) skb->data);
1225 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1230 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1235 hdev->adv_addr_type = cp->own_address_type;
1236 hci_dev_unlock(hdev);
1239 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1240 struct sk_buff *skb)
1242 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1244 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1245 hdev->name, rp->status, rp->phy_handle);
1250 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1253 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1255 struct hci_rp_read_rssi *rp = (void *) skb->data;
1256 struct hci_conn *conn;
1258 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1267 conn->rssi = rp->rssi;
1269 hci_dev_unlock(hdev);
1272 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1274 struct hci_cp_read_tx_power *sent;
1275 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1276 struct hci_conn *conn;
1278 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1283 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1289 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1293 switch (sent->type) {
1295 conn->tx_power = rp->tx_power;
1298 conn->max_tx_power = rp->tx_power;
1303 hci_dev_unlock(hdev);
1306 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1308 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1311 hci_conn_check_pending(hdev);
1315 set_bit(HCI_INQUIRY, &hdev->flags);
1318 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1320 struct hci_cp_create_conn *cp;
1321 struct hci_conn *conn;
1323 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1331 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1333 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1336 if (conn && conn->state == BT_CONNECT) {
1337 if (status != 0x0c || conn->attempt > 2) {
1338 conn->state = BT_CLOSED;
1339 hci_proto_connect_cfm(conn, status);
1342 conn->state = BT_CONNECT2;
1346 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1349 conn->link_mode |= HCI_LM_MASTER;
1351 BT_ERR("No memory for new connection");
1355 hci_dev_unlock(hdev);
1358 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1360 struct hci_cp_add_sco *cp;
1361 struct hci_conn *acl, *sco;
1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1369 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1373 handle = __le16_to_cpu(cp->handle);
1375 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1379 acl = hci_conn_hash_lookup_handle(hdev, handle);
1383 sco->state = BT_CLOSED;
1385 hci_proto_connect_cfm(sco, status);
1390 hci_dev_unlock(hdev);
1393 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1395 struct hci_cp_auth_requested *cp;
1396 struct hci_conn *conn;
1398 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1403 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1409 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1411 if (conn->state == BT_CONFIG) {
1412 hci_proto_connect_cfm(conn, status);
1413 hci_conn_drop(conn);
1417 hci_dev_unlock(hdev);
1420 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1422 struct hci_cp_set_conn_encrypt *cp;
1423 struct hci_conn *conn;
1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1438 if (conn->state == BT_CONFIG) {
1439 hci_proto_connect_cfm(conn, status);
1440 hci_conn_drop(conn);
1444 hci_dev_unlock(hdev);
1447 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1448 struct hci_conn *conn)
1450 if (conn->state != BT_CONFIG || !conn->out)
1453 if (conn->pending_sec_level == BT_SECURITY_SDP)
1456 /* Only request authentication for SSP connections or non-SSP
1457 * devices with sec_level MEDIUM or HIGH or if MITM protection
1460 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1461 conn->pending_sec_level != BT_SECURITY_FIPS &&
1462 conn->pending_sec_level != BT_SECURITY_HIGH &&
1463 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1469 static int hci_resolve_name(struct hci_dev *hdev,
1470 struct inquiry_entry *e)
1472 struct hci_cp_remote_name_req cp;
1474 memset(&cp, 0, sizeof(cp));
1476 bacpy(&cp.bdaddr, &e->data.bdaddr);
1477 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1478 cp.pscan_mode = e->data.pscan_mode;
1479 cp.clock_offset = e->data.clock_offset;
1481 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1484 static bool hci_resolve_next_name(struct hci_dev *hdev)
1486 struct discovery_state *discov = &hdev->discovery;
1487 struct inquiry_entry *e;
1489 if (list_empty(&discov->resolve))
1492 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1496 if (hci_resolve_name(hdev, e) == 0) {
1497 e->name_state = NAME_PENDING;
1504 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1505 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1507 struct discovery_state *discov = &hdev->discovery;
1508 struct inquiry_entry *e;
1510 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1511 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1512 name_len, conn->dev_class);
1514 if (discov->state == DISCOVERY_STOPPED)
1517 if (discov->state == DISCOVERY_STOPPING)
1518 goto discov_complete;
1520 if (discov->state != DISCOVERY_RESOLVING)
1523 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1524 /* If the device was not found in a list of found devices names of which
1525 * are pending. there is no need to continue resolving a next name as it
1526 * will be done upon receiving another Remote Name Request Complete
1533 e->name_state = NAME_KNOWN;
1534 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1535 e->data.rssi, name, name_len);
1537 e->name_state = NAME_NOT_KNOWN;
1540 if (hci_resolve_next_name(hdev))
1544 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1547 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1549 struct hci_cp_remote_name_req *cp;
1550 struct hci_conn *conn;
1552 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1554 /* If successful wait for the name req complete event before
1555 * checking for the need to do authentication */
1559 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1565 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1567 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1568 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1573 if (!hci_outgoing_auth_needed(hdev, conn))
1576 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1577 struct hci_cp_auth_requested auth_cp;
1579 auth_cp.handle = __cpu_to_le16(conn->handle);
1580 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1581 sizeof(auth_cp), &auth_cp);
1585 hci_dev_unlock(hdev);
1588 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1590 struct hci_cp_read_remote_features *cp;
1591 struct hci_conn *conn;
1593 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1598 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1604 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1606 if (conn->state == BT_CONFIG) {
1607 hci_proto_connect_cfm(conn, status);
1608 hci_conn_drop(conn);
1612 hci_dev_unlock(hdev);
1615 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1617 struct hci_cp_read_remote_ext_features *cp;
1618 struct hci_conn *conn;
1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1625 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1631 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1633 if (conn->state == BT_CONFIG) {
1634 hci_proto_connect_cfm(conn, status);
1635 hci_conn_drop(conn);
1639 hci_dev_unlock(hdev);
1642 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1644 struct hci_cp_setup_sync_conn *cp;
1645 struct hci_conn *acl, *sco;
1648 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1653 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1657 handle = __le16_to_cpu(cp->handle);
1659 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1663 acl = hci_conn_hash_lookup_handle(hdev, handle);
1667 sco->state = BT_CLOSED;
1669 hci_proto_connect_cfm(sco, status);
1674 hci_dev_unlock(hdev);
1677 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1679 struct hci_cp_sniff_mode *cp;
1680 struct hci_conn *conn;
1682 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1687 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1695 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1697 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1698 hci_sco_setup(conn, status);
1701 hci_dev_unlock(hdev);
1704 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1706 struct hci_cp_exit_sniff_mode *cp;
1707 struct hci_conn *conn;
1709 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1714 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1720 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1722 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1724 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1725 hci_sco_setup(conn, status);
1728 hci_dev_unlock(hdev);
1731 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1733 struct hci_cp_disconnect *cp;
1734 struct hci_conn *conn;
1739 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1745 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1747 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1748 conn->dst_type, status);
1750 hci_dev_unlock(hdev);
1753 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1755 struct hci_cp_create_phy_link *cp;
1757 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1759 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1766 struct hci_conn *hcon;
1768 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1772 amp_write_remote_assoc(hdev, cp->phy_handle);
1775 hci_dev_unlock(hdev);
1778 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1780 struct hci_cp_accept_phy_link *cp;
1782 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1787 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1791 amp_write_remote_assoc(hdev, cp->phy_handle);
1794 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1796 struct hci_cp_le_create_conn *cp;
1797 struct hci_conn *conn;
1799 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1801 /* All connection failure handling is taken care of by the
1802 * hci_le_conn_failed function which is triggered by the HCI
1803 * request completion callbacks used for connecting.
1808 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1814 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1818 /* Store the initiator and responder address information which
1819 * is needed for SMP. These values will not change during the
1820 * lifetime of the connection.
1822 conn->init_addr_type = cp->own_address_type;
1823 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1824 bacpy(&conn->init_addr, &hdev->random_addr);
1826 bacpy(&conn->init_addr, &hdev->bdaddr);
1828 conn->resp_addr_type = cp->peer_addr_type;
1829 bacpy(&conn->resp_addr, &cp->peer_addr);
1831 /* We don't want the connection attempt to stick around
1832 * indefinitely since LE doesn't have a page timeout concept
1833 * like BR/EDR. Set a timer for any connection that doesn't use
1834 * the white list for connecting.
1836 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1837 queue_delayed_work(conn->hdev->workqueue,
1838 &conn->le_conn_timeout,
1839 HCI_LE_CONN_TIMEOUT);
1842 hci_dev_unlock(hdev);
1845 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1847 struct hci_cp_le_start_enc *cp;
1848 struct hci_conn *conn;
1850 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1857 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1861 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1865 if (conn->state != BT_CONNECTED)
1868 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1869 hci_conn_drop(conn);
1872 hci_dev_unlock(hdev);
1875 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1877 __u8 status = *((__u8 *) skb->data);
1878 struct discovery_state *discov = &hdev->discovery;
1879 struct inquiry_entry *e;
1881 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1883 hci_conn_check_pending(hdev);
1885 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1888 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1889 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1891 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1896 if (discov->state != DISCOVERY_FINDING)
1899 if (list_empty(&discov->resolve)) {
1900 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1904 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1905 if (e && hci_resolve_name(hdev, e) == 0) {
1906 e->name_state = NAME_PENDING;
1907 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1909 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1913 hci_dev_unlock(hdev);
1916 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1918 struct inquiry_data data;
1919 struct inquiry_info *info = (void *) (skb->data + 1);
1920 int num_rsp = *((__u8 *) skb->data);
1922 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1927 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1932 for (; num_rsp; num_rsp--, info++) {
1933 bool name_known, ssp;
1935 bacpy(&data.bdaddr, &info->bdaddr);
1936 data.pscan_rep_mode = info->pscan_rep_mode;
1937 data.pscan_period_mode = info->pscan_period_mode;
1938 data.pscan_mode = info->pscan_mode;
1939 memcpy(data.dev_class, info->dev_class, 3);
1940 data.clock_offset = info->clock_offset;
1942 data.ssp_mode = 0x00;
1944 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1945 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1946 info->dev_class, 0, !name_known, ssp, NULL,
1950 hci_dev_unlock(hdev);
1953 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1955 struct hci_ev_conn_complete *ev = (void *) skb->data;
1956 struct hci_conn *conn;
1958 BT_DBG("%s", hdev->name);
1962 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1964 if (ev->link_type != SCO_LINK)
1967 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1971 conn->type = SCO_LINK;
1975 conn->handle = __le16_to_cpu(ev->handle);
1977 if (conn->type == ACL_LINK) {
1978 conn->state = BT_CONFIG;
1979 hci_conn_hold(conn);
1981 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1982 !hci_find_link_key(hdev, &ev->bdaddr))
1983 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1985 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1987 conn->state = BT_CONNECTED;
1989 hci_conn_add_sysfs(conn);
1991 if (test_bit(HCI_AUTH, &hdev->flags))
1992 conn->link_mode |= HCI_LM_AUTH;
1994 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1995 conn->link_mode |= HCI_LM_ENCRYPT;
1997 /* Get remote features */
1998 if (conn->type == ACL_LINK) {
1999 struct hci_cp_read_remote_features cp;
2000 cp.handle = ev->handle;
2001 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2005 /* Set packet type for incoming connection */
2006 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2007 struct hci_cp_change_conn_ptype cp;
2008 cp.handle = ev->handle;
2009 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2010 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2014 conn->state = BT_CLOSED;
2015 if (conn->type == ACL_LINK)
2016 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2017 conn->dst_type, ev->status);
2020 if (conn->type == ACL_LINK)
2021 hci_sco_setup(conn, ev->status);
2024 hci_proto_connect_cfm(conn, ev->status);
2026 } else if (ev->link_type != ACL_LINK)
2027 hci_proto_connect_cfm(conn, ev->status);
2030 hci_dev_unlock(hdev);
2032 hci_conn_check_pending(hdev);
2035 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2037 struct hci_ev_conn_request *ev = (void *) skb->data;
2038 int mask = hdev->link_mode;
2041 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2044 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2047 if ((mask & HCI_LM_ACCEPT) &&
2048 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2049 /* Connection accepted */
2050 struct inquiry_entry *ie;
2051 struct hci_conn *conn;
2055 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2057 memcpy(ie->data.dev_class, ev->dev_class, 3);
2059 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2062 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2064 BT_ERR("No memory for new connection");
2065 hci_dev_unlock(hdev);
2070 memcpy(conn->dev_class, ev->dev_class, 3);
2072 hci_dev_unlock(hdev);
2074 if (ev->link_type == ACL_LINK ||
2075 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2076 struct hci_cp_accept_conn_req cp;
2077 conn->state = BT_CONNECT;
2079 bacpy(&cp.bdaddr, &ev->bdaddr);
2081 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2082 cp.role = 0x00; /* Become master */
2084 cp.role = 0x01; /* Remain slave */
2086 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2088 } else if (!(flags & HCI_PROTO_DEFER)) {
2089 struct hci_cp_accept_sync_conn_req cp;
2090 conn->state = BT_CONNECT;
2092 bacpy(&cp.bdaddr, &ev->bdaddr);
2093 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2095 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2096 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2097 cp.max_latency = cpu_to_le16(0xffff);
2098 cp.content_format = cpu_to_le16(hdev->voice_setting);
2099 cp.retrans_effort = 0xff;
2101 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2104 conn->state = BT_CONNECT2;
2105 hci_proto_connect_cfm(conn, 0);
2108 /* Connection rejected */
2109 struct hci_cp_reject_conn_req cp;
2111 bacpy(&cp.bdaddr, &ev->bdaddr);
2112 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2113 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2117 static u8 hci_to_mgmt_reason(u8 err)
2120 case HCI_ERROR_CONNECTION_TIMEOUT:
2121 return MGMT_DEV_DISCONN_TIMEOUT;
2122 case HCI_ERROR_REMOTE_USER_TERM:
2123 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2124 case HCI_ERROR_REMOTE_POWER_OFF:
2125 return MGMT_DEV_DISCONN_REMOTE;
2126 case HCI_ERROR_LOCAL_HOST_TERM:
2127 return MGMT_DEV_DISCONN_LOCAL_HOST;
2129 return MGMT_DEV_DISCONN_UNKNOWN;
2133 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2135 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2136 u8 reason = hci_to_mgmt_reason(ev->reason);
2137 struct hci_conn_params *params;
2138 struct hci_conn *conn;
2139 bool mgmt_connected;
2142 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2151 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2152 conn->dst_type, ev->status);
2156 conn->state = BT_CLOSED;
2158 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2159 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2160 reason, mgmt_connected);
2162 if (conn->type == ACL_LINK && conn->flush_key)
2163 hci_remove_link_key(hdev, &conn->dst);
2165 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2167 switch (params->auto_connect) {
2168 case HCI_AUTO_CONN_LINK_LOSS:
2169 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2173 case HCI_AUTO_CONN_ALWAYS:
2174 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2184 hci_proto_disconn_cfm(conn, ev->reason);
2187 /* Re-enable advertising if necessary, since it might
2188 * have been disabled by the connection. From the
2189 * HCI_LE_Set_Advertise_Enable command description in
2190 * the core specification (v4.0):
2191 * "The Controller shall continue advertising until the Host
2192 * issues an LE_Set_Advertise_Enable command with
2193 * Advertising_Enable set to 0x00 (Advertising is disabled)
2194 * or until a connection is created or until the Advertising
2195 * is timed out due to Directed Advertising."
2197 if (type == LE_LINK)
2198 mgmt_reenable_advertising(hdev);
2201 hci_dev_unlock(hdev);
2204 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2206 struct hci_ev_auth_complete *ev = (void *) skb->data;
2207 struct hci_conn *conn;
2209 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2213 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2218 if (!hci_conn_ssp_enabled(conn) &&
2219 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2220 BT_INFO("re-auth of legacy device is not possible.");
2222 conn->link_mode |= HCI_LM_AUTH;
2223 conn->sec_level = conn->pending_sec_level;
2226 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2230 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2231 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2233 if (conn->state == BT_CONFIG) {
2234 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2235 struct hci_cp_set_conn_encrypt cp;
2236 cp.handle = ev->handle;
2238 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2241 conn->state = BT_CONNECTED;
2242 hci_proto_connect_cfm(conn, ev->status);
2243 hci_conn_drop(conn);
2246 hci_auth_cfm(conn, ev->status);
2248 hci_conn_hold(conn);
2249 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2250 hci_conn_drop(conn);
2253 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2255 struct hci_cp_set_conn_encrypt cp;
2256 cp.handle = ev->handle;
2258 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2261 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2262 hci_encrypt_cfm(conn, ev->status, 0x00);
2267 hci_dev_unlock(hdev);
2270 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2272 struct hci_ev_remote_name *ev = (void *) skb->data;
2273 struct hci_conn *conn;
2275 BT_DBG("%s", hdev->name);
2277 hci_conn_check_pending(hdev);
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2283 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2286 if (ev->status == 0)
2287 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2288 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2290 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2296 if (!hci_outgoing_auth_needed(hdev, conn))
2299 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2300 struct hci_cp_auth_requested cp;
2301 cp.handle = __cpu_to_le16(conn->handle);
2302 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2306 hci_dev_unlock(hdev);
2309 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2311 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2312 struct hci_conn *conn;
2314 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2318 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2324 /* Encryption implies authentication */
2325 conn->link_mode |= HCI_LM_AUTH;
2326 conn->link_mode |= HCI_LM_ENCRYPT;
2327 conn->sec_level = conn->pending_sec_level;
2329 /* P-256 authentication key implies FIPS */
2330 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2331 conn->link_mode |= HCI_LM_FIPS;
2333 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2334 conn->type == LE_LINK)
2335 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2337 conn->link_mode &= ~HCI_LM_ENCRYPT;
2338 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2342 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2344 if (ev->status && conn->state == BT_CONNECTED) {
2345 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2346 hci_conn_drop(conn);
2350 if (conn->state == BT_CONFIG) {
2352 conn->state = BT_CONNECTED;
2354 /* In Secure Connections Only mode, do not allow any
2355 * connections that are not encrypted with AES-CCM
2356 * using a P-256 authenticated combination key.
2358 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2359 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2360 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2361 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2362 hci_conn_drop(conn);
2366 hci_proto_connect_cfm(conn, ev->status);
2367 hci_conn_drop(conn);
2369 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2372 hci_dev_unlock(hdev);
2375 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2376 struct sk_buff *skb)
2378 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2379 struct hci_conn *conn;
2381 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2385 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2388 conn->link_mode |= HCI_LM_SECURE;
2390 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2392 hci_key_change_cfm(conn, ev->status);
2395 hci_dev_unlock(hdev);
2398 static void hci_remote_features_evt(struct hci_dev *hdev,
2399 struct sk_buff *skb)
2401 struct hci_ev_remote_features *ev = (void *) skb->data;
2402 struct hci_conn *conn;
2404 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2413 memcpy(conn->features[0], ev->features, 8);
2415 if (conn->state != BT_CONFIG)
2418 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2419 struct hci_cp_read_remote_ext_features cp;
2420 cp.handle = ev->handle;
2422 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2427 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2428 struct hci_cp_remote_name_req cp;
2429 memset(&cp, 0, sizeof(cp));
2430 bacpy(&cp.bdaddr, &conn->dst);
2431 cp.pscan_rep_mode = 0x02;
2432 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2433 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2434 mgmt_device_connected(hdev, &conn->dst, conn->type,
2435 conn->dst_type, 0, NULL, 0,
2438 if (!hci_outgoing_auth_needed(hdev, conn)) {
2439 conn->state = BT_CONNECTED;
2440 hci_proto_connect_cfm(conn, ev->status);
2441 hci_conn_drop(conn);
2445 hci_dev_unlock(hdev);
2448 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2450 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2451 u8 status = skb->data[sizeof(*ev)];
2454 skb_pull(skb, sizeof(*ev));
2456 opcode = __le16_to_cpu(ev->opcode);
2459 case HCI_OP_INQUIRY_CANCEL:
2460 hci_cc_inquiry_cancel(hdev, skb);
2463 case HCI_OP_PERIODIC_INQ:
2464 hci_cc_periodic_inq(hdev, skb);
2467 case HCI_OP_EXIT_PERIODIC_INQ:
2468 hci_cc_exit_periodic_inq(hdev, skb);
2471 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2472 hci_cc_remote_name_req_cancel(hdev, skb);
2475 case HCI_OP_ROLE_DISCOVERY:
2476 hci_cc_role_discovery(hdev, skb);
2479 case HCI_OP_READ_LINK_POLICY:
2480 hci_cc_read_link_policy(hdev, skb);
2483 case HCI_OP_WRITE_LINK_POLICY:
2484 hci_cc_write_link_policy(hdev, skb);
2487 case HCI_OP_READ_DEF_LINK_POLICY:
2488 hci_cc_read_def_link_policy(hdev, skb);
2491 case HCI_OP_WRITE_DEF_LINK_POLICY:
2492 hci_cc_write_def_link_policy(hdev, skb);
2496 hci_cc_reset(hdev, skb);
2499 case HCI_OP_WRITE_LOCAL_NAME:
2500 hci_cc_write_local_name(hdev, skb);
2503 case HCI_OP_READ_LOCAL_NAME:
2504 hci_cc_read_local_name(hdev, skb);
2507 case HCI_OP_WRITE_AUTH_ENABLE:
2508 hci_cc_write_auth_enable(hdev, skb);
2511 case HCI_OP_WRITE_ENCRYPT_MODE:
2512 hci_cc_write_encrypt_mode(hdev, skb);
2515 case HCI_OP_WRITE_SCAN_ENABLE:
2516 hci_cc_write_scan_enable(hdev, skb);
2519 case HCI_OP_READ_CLASS_OF_DEV:
2520 hci_cc_read_class_of_dev(hdev, skb);
2523 case HCI_OP_WRITE_CLASS_OF_DEV:
2524 hci_cc_write_class_of_dev(hdev, skb);
2527 case HCI_OP_READ_VOICE_SETTING:
2528 hci_cc_read_voice_setting(hdev, skb);
2531 case HCI_OP_WRITE_VOICE_SETTING:
2532 hci_cc_write_voice_setting(hdev, skb);
2535 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2536 hci_cc_read_num_supported_iac(hdev, skb);
2539 case HCI_OP_WRITE_SSP_MODE:
2540 hci_cc_write_ssp_mode(hdev, skb);
2543 case HCI_OP_WRITE_SC_SUPPORT:
2544 hci_cc_write_sc_support(hdev, skb);
2547 case HCI_OP_READ_LOCAL_VERSION:
2548 hci_cc_read_local_version(hdev, skb);
2551 case HCI_OP_READ_LOCAL_COMMANDS:
2552 hci_cc_read_local_commands(hdev, skb);
2555 case HCI_OP_READ_LOCAL_FEATURES:
2556 hci_cc_read_local_features(hdev, skb);
2559 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2560 hci_cc_read_local_ext_features(hdev, skb);
2563 case HCI_OP_READ_BUFFER_SIZE:
2564 hci_cc_read_buffer_size(hdev, skb);
2567 case HCI_OP_READ_BD_ADDR:
2568 hci_cc_read_bd_addr(hdev, skb);
2571 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2572 hci_cc_read_page_scan_activity(hdev, skb);
2575 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2576 hci_cc_write_page_scan_activity(hdev, skb);
2579 case HCI_OP_READ_PAGE_SCAN_TYPE:
2580 hci_cc_read_page_scan_type(hdev, skb);
2583 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2584 hci_cc_write_page_scan_type(hdev, skb);
2587 case HCI_OP_READ_DATA_BLOCK_SIZE:
2588 hci_cc_read_data_block_size(hdev, skb);
2591 case HCI_OP_READ_FLOW_CONTROL_MODE:
2592 hci_cc_read_flow_control_mode(hdev, skb);
2595 case HCI_OP_READ_LOCAL_AMP_INFO:
2596 hci_cc_read_local_amp_info(hdev, skb);
2599 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2600 hci_cc_read_local_amp_assoc(hdev, skb);
2603 case HCI_OP_READ_INQ_RSP_TX_POWER:
2604 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2607 case HCI_OP_PIN_CODE_REPLY:
2608 hci_cc_pin_code_reply(hdev, skb);
2611 case HCI_OP_PIN_CODE_NEG_REPLY:
2612 hci_cc_pin_code_neg_reply(hdev, skb);
2615 case HCI_OP_READ_LOCAL_OOB_DATA:
2616 hci_cc_read_local_oob_data(hdev, skb);
2619 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2620 hci_cc_read_local_oob_ext_data(hdev, skb);
2623 case HCI_OP_LE_READ_BUFFER_SIZE:
2624 hci_cc_le_read_buffer_size(hdev, skb);
2627 case HCI_OP_LE_READ_LOCAL_FEATURES:
2628 hci_cc_le_read_local_features(hdev, skb);
2631 case HCI_OP_LE_READ_ADV_TX_POWER:
2632 hci_cc_le_read_adv_tx_power(hdev, skb);
2635 case HCI_OP_USER_CONFIRM_REPLY:
2636 hci_cc_user_confirm_reply(hdev, skb);
2639 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2640 hci_cc_user_confirm_neg_reply(hdev, skb);
2643 case HCI_OP_USER_PASSKEY_REPLY:
2644 hci_cc_user_passkey_reply(hdev, skb);
2647 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2648 hci_cc_user_passkey_neg_reply(hdev, skb);
2651 case HCI_OP_LE_SET_RANDOM_ADDR:
2652 hci_cc_le_set_random_addr(hdev, skb);
2655 case HCI_OP_LE_SET_ADV_ENABLE:
2656 hci_cc_le_set_adv_enable(hdev, skb);
2659 case HCI_OP_LE_SET_SCAN_PARAM:
2660 hci_cc_le_set_scan_param(hdev, skb);
2663 case HCI_OP_LE_SET_SCAN_ENABLE:
2664 hci_cc_le_set_scan_enable(hdev, skb);
2667 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2668 hci_cc_le_read_white_list_size(hdev, skb);
2671 case HCI_OP_LE_CLEAR_WHITE_LIST:
2672 hci_cc_le_clear_white_list(hdev, skb);
2675 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2676 hci_cc_le_add_to_white_list(hdev, skb);
2679 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2680 hci_cc_le_del_from_white_list(hdev, skb);
2683 case HCI_OP_LE_READ_SUPPORTED_STATES:
2684 hci_cc_le_read_supported_states(hdev, skb);
2687 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2688 hci_cc_write_le_host_supported(hdev, skb);
2691 case HCI_OP_LE_SET_ADV_PARAM:
2692 hci_cc_set_adv_param(hdev, skb);
2695 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2696 hci_cc_write_remote_amp_assoc(hdev, skb);
2699 case HCI_OP_READ_RSSI:
2700 hci_cc_read_rssi(hdev, skb);
2703 case HCI_OP_READ_TX_POWER:
2704 hci_cc_read_tx_power(hdev, skb);
2708 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2712 if (opcode != HCI_OP_NOP)
2713 cancel_delayed_work(&hdev->cmd_timer);
2715 hci_req_cmd_complete(hdev, opcode, status);
2717 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2718 atomic_set(&hdev->cmd_cnt, 1);
2719 if (!skb_queue_empty(&hdev->cmd_q))
2720 queue_work(hdev->workqueue, &hdev->cmd_work);
2724 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2726 struct hci_ev_cmd_status *ev = (void *) skb->data;
2729 skb_pull(skb, sizeof(*ev));
2731 opcode = __le16_to_cpu(ev->opcode);
2734 case HCI_OP_INQUIRY:
2735 hci_cs_inquiry(hdev, ev->status);
2738 case HCI_OP_CREATE_CONN:
2739 hci_cs_create_conn(hdev, ev->status);
2742 case HCI_OP_ADD_SCO:
2743 hci_cs_add_sco(hdev, ev->status);
2746 case HCI_OP_AUTH_REQUESTED:
2747 hci_cs_auth_requested(hdev, ev->status);
2750 case HCI_OP_SET_CONN_ENCRYPT:
2751 hci_cs_set_conn_encrypt(hdev, ev->status);
2754 case HCI_OP_REMOTE_NAME_REQ:
2755 hci_cs_remote_name_req(hdev, ev->status);
2758 case HCI_OP_READ_REMOTE_FEATURES:
2759 hci_cs_read_remote_features(hdev, ev->status);
2762 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2763 hci_cs_read_remote_ext_features(hdev, ev->status);
2766 case HCI_OP_SETUP_SYNC_CONN:
2767 hci_cs_setup_sync_conn(hdev, ev->status);
2770 case HCI_OP_SNIFF_MODE:
2771 hci_cs_sniff_mode(hdev, ev->status);
2774 case HCI_OP_EXIT_SNIFF_MODE:
2775 hci_cs_exit_sniff_mode(hdev, ev->status);
2778 case HCI_OP_DISCONNECT:
2779 hci_cs_disconnect(hdev, ev->status);
2782 case HCI_OP_CREATE_PHY_LINK:
2783 hci_cs_create_phylink(hdev, ev->status);
2786 case HCI_OP_ACCEPT_PHY_LINK:
2787 hci_cs_accept_phylink(hdev, ev->status);
2790 case HCI_OP_LE_CREATE_CONN:
2791 hci_cs_le_create_conn(hdev, ev->status);
2794 case HCI_OP_LE_START_ENC:
2795 hci_cs_le_start_enc(hdev, ev->status);
2799 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2803 if (opcode != HCI_OP_NOP)
2804 cancel_delayed_work(&hdev->cmd_timer);
2807 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2808 hci_req_cmd_complete(hdev, opcode, ev->status);
2810 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2811 atomic_set(&hdev->cmd_cnt, 1);
2812 if (!skb_queue_empty(&hdev->cmd_q))
2813 queue_work(hdev->workqueue, &hdev->cmd_work);
2817 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2819 struct hci_ev_role_change *ev = (void *) skb->data;
2820 struct hci_conn *conn;
2822 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2830 conn->link_mode &= ~HCI_LM_MASTER;
2832 conn->link_mode |= HCI_LM_MASTER;
2835 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2837 hci_role_switch_cfm(conn, ev->status, ev->role);
2840 hci_dev_unlock(hdev);
2843 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2845 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2848 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2849 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2853 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2854 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2855 BT_DBG("%s bad parameters", hdev->name);
2859 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2861 for (i = 0; i < ev->num_hndl; i++) {
2862 struct hci_comp_pkts_info *info = &ev->handles[i];
2863 struct hci_conn *conn;
2864 __u16 handle, count;
2866 handle = __le16_to_cpu(info->handle);
2867 count = __le16_to_cpu(info->count);
2869 conn = hci_conn_hash_lookup_handle(hdev, handle);
2873 conn->sent -= count;
2875 switch (conn->type) {
2877 hdev->acl_cnt += count;
2878 if (hdev->acl_cnt > hdev->acl_pkts)
2879 hdev->acl_cnt = hdev->acl_pkts;
2883 if (hdev->le_pkts) {
2884 hdev->le_cnt += count;
2885 if (hdev->le_cnt > hdev->le_pkts)
2886 hdev->le_cnt = hdev->le_pkts;
2888 hdev->acl_cnt += count;
2889 if (hdev->acl_cnt > hdev->acl_pkts)
2890 hdev->acl_cnt = hdev->acl_pkts;
2895 hdev->sco_cnt += count;
2896 if (hdev->sco_cnt > hdev->sco_pkts)
2897 hdev->sco_cnt = hdev->sco_pkts;
2901 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2906 queue_work(hdev->workqueue, &hdev->tx_work);
2909 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2912 struct hci_chan *chan;
2914 switch (hdev->dev_type) {
2916 return hci_conn_hash_lookup_handle(hdev, handle);
2918 chan = hci_chan_lookup_handle(hdev, handle);
2923 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2930 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2932 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2935 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2936 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2940 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2941 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2942 BT_DBG("%s bad parameters", hdev->name);
2946 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2949 for (i = 0; i < ev->num_hndl; i++) {
2950 struct hci_comp_blocks_info *info = &ev->handles[i];
2951 struct hci_conn *conn = NULL;
2952 __u16 handle, block_count;
2954 handle = __le16_to_cpu(info->handle);
2955 block_count = __le16_to_cpu(info->blocks);
2957 conn = __hci_conn_lookup_handle(hdev, handle);
2961 conn->sent -= block_count;
2963 switch (conn->type) {
2966 hdev->block_cnt += block_count;
2967 if (hdev->block_cnt > hdev->num_blocks)
2968 hdev->block_cnt = hdev->num_blocks;
2972 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2977 queue_work(hdev->workqueue, &hdev->tx_work);
2980 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2982 struct hci_ev_mode_change *ev = (void *) skb->data;
2983 struct hci_conn *conn;
2985 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2989 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2991 conn->mode = ev->mode;
2993 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2995 if (conn->mode == HCI_CM_ACTIVE)
2996 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2998 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3001 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3002 hci_sco_setup(conn, ev->status);
3005 hci_dev_unlock(hdev);
3008 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3010 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3011 struct hci_conn *conn;
3013 BT_DBG("%s", hdev->name);
3017 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3021 if (conn->state == BT_CONNECTED) {
3022 hci_conn_hold(conn);
3023 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3024 hci_conn_drop(conn);
3027 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3028 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3029 sizeof(ev->bdaddr), &ev->bdaddr);
3030 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3033 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3038 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3042 hci_dev_unlock(hdev);
3045 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3047 struct hci_ev_link_key_req *ev = (void *) skb->data;
3048 struct hci_cp_link_key_reply cp;
3049 struct hci_conn *conn;
3050 struct link_key *key;
3052 BT_DBG("%s", hdev->name);
3054 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3059 key = hci_find_link_key(hdev, &ev->bdaddr);
3061 BT_DBG("%s link key not found for %pMR", hdev->name,
3066 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3069 if (!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags) &&
3070 key->type == HCI_LK_DEBUG_COMBINATION) {
3071 BT_DBG("%s ignoring debug key", hdev->name);
3075 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3077 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3078 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3079 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3080 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3084 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3085 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3086 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3087 BT_DBG("%s ignoring key unauthenticated for high security",
3092 conn->key_type = key->type;
3093 conn->pin_length = key->pin_len;
3096 bacpy(&cp.bdaddr, &ev->bdaddr);
3097 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3099 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3101 hci_dev_unlock(hdev);
3106 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3107 hci_dev_unlock(hdev);
3110 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3112 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3113 struct hci_conn *conn;
3114 struct link_key *key;
3118 BT_DBG("%s", hdev->name);
3122 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3124 hci_conn_hold(conn);
3125 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3126 pin_len = conn->pin_length;
3128 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3129 conn->key_type = ev->key_type;
3131 hci_conn_drop(conn);
3134 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3137 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3138 ev->key_type, pin_len, &persistent);
3142 mgmt_new_link_key(hdev, key, persistent);
3145 conn->flush_key = !persistent;
3148 hci_dev_unlock(hdev);
3151 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3153 struct hci_ev_clock_offset *ev = (void *) skb->data;
3154 struct hci_conn *conn;
3156 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3160 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3161 if (conn && !ev->status) {
3162 struct inquiry_entry *ie;
3164 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3166 ie->data.clock_offset = ev->clock_offset;
3167 ie->timestamp = jiffies;
3171 hci_dev_unlock(hdev);
3174 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3176 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3177 struct hci_conn *conn;
3179 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3183 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3184 if (conn && !ev->status)
3185 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3187 hci_dev_unlock(hdev);
3190 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3192 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3193 struct inquiry_entry *ie;
3195 BT_DBG("%s", hdev->name);
3199 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3201 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3202 ie->timestamp = jiffies;
3205 hci_dev_unlock(hdev);
3208 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3209 struct sk_buff *skb)
3211 struct inquiry_data data;
3212 int num_rsp = *((__u8 *) skb->data);
3213 bool name_known, ssp;
3215 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3220 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3225 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3226 struct inquiry_info_with_rssi_and_pscan_mode *info;
3227 info = (void *) (skb->data + 1);
3229 for (; num_rsp; num_rsp--, info++) {
3230 bacpy(&data.bdaddr, &info->bdaddr);
3231 data.pscan_rep_mode = info->pscan_rep_mode;
3232 data.pscan_period_mode = info->pscan_period_mode;
3233 data.pscan_mode = info->pscan_mode;
3234 memcpy(data.dev_class, info->dev_class, 3);
3235 data.clock_offset = info->clock_offset;
3236 data.rssi = info->rssi;
3237 data.ssp_mode = 0x00;
3239 name_known = hci_inquiry_cache_update(hdev, &data,
3241 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3242 info->dev_class, info->rssi,
3243 !name_known, ssp, NULL, 0, NULL, 0);
3246 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3248 for (; num_rsp; num_rsp--, info++) {
3249 bacpy(&data.bdaddr, &info->bdaddr);
3250 data.pscan_rep_mode = info->pscan_rep_mode;
3251 data.pscan_period_mode = info->pscan_period_mode;
3252 data.pscan_mode = 0x00;
3253 memcpy(data.dev_class, info->dev_class, 3);
3254 data.clock_offset = info->clock_offset;
3255 data.rssi = info->rssi;
3256 data.ssp_mode = 0x00;
3257 name_known = hci_inquiry_cache_update(hdev, &data,
3259 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3260 info->dev_class, info->rssi,
3261 !name_known, ssp, NULL, 0, NULL, 0);
3265 hci_dev_unlock(hdev);
3268 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3269 struct sk_buff *skb)
3271 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3272 struct hci_conn *conn;
3274 BT_DBG("%s", hdev->name);
3278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3282 if (ev->page < HCI_MAX_PAGES)
3283 memcpy(conn->features[ev->page], ev->features, 8);
3285 if (!ev->status && ev->page == 0x01) {
3286 struct inquiry_entry *ie;
3288 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3290 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3292 if (ev->features[0] & LMP_HOST_SSP) {
3293 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3295 /* It is mandatory by the Bluetooth specification that
3296 * Extended Inquiry Results are only used when Secure
3297 * Simple Pairing is enabled, but some devices violate
3300 * To make these devices work, the internal SSP
3301 * enabled flag needs to be cleared if the remote host
3302 * features do not indicate SSP support */
3303 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3306 if (ev->features[0] & LMP_HOST_SC)
3307 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3310 if (conn->state != BT_CONFIG)
3313 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3314 struct hci_cp_remote_name_req cp;
3315 memset(&cp, 0, sizeof(cp));
3316 bacpy(&cp.bdaddr, &conn->dst);
3317 cp.pscan_rep_mode = 0x02;
3318 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3319 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3320 mgmt_device_connected(hdev, &conn->dst, conn->type,
3321 conn->dst_type, 0, NULL, 0,
3324 if (!hci_outgoing_auth_needed(hdev, conn)) {
3325 conn->state = BT_CONNECTED;
3326 hci_proto_connect_cfm(conn, ev->status);
3327 hci_conn_drop(conn);
3331 hci_dev_unlock(hdev);
3334 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3335 struct sk_buff *skb)
3337 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3338 struct hci_conn *conn;
3340 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3344 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3346 if (ev->link_type == ESCO_LINK)
3349 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3353 conn->type = SCO_LINK;
3356 switch (ev->status) {
3358 conn->handle = __le16_to_cpu(ev->handle);
3359 conn->state = BT_CONNECTED;
3361 hci_conn_add_sysfs(conn);
3364 case 0x0d: /* Connection Rejected due to Limited Resources */
3365 case 0x11: /* Unsupported Feature or Parameter Value */
3366 case 0x1c: /* SCO interval rejected */
3367 case 0x1a: /* Unsupported Remote Feature */
3368 case 0x1f: /* Unspecified error */
3369 case 0x20: /* Unsupported LMP Parameter value */
3371 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3372 (hdev->esco_type & EDR_ESCO_MASK);
3373 if (hci_setup_sync(conn, conn->link->handle))
3379 conn->state = BT_CLOSED;
3383 hci_proto_connect_cfm(conn, ev->status);
3388 hci_dev_unlock(hdev);
3391 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3395 while (parsed < eir_len) {
3396 u8 field_len = eir[0];
3401 parsed += field_len + 1;
3402 eir += field_len + 1;
3408 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3409 struct sk_buff *skb)
3411 struct inquiry_data data;
3412 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3413 int num_rsp = *((__u8 *) skb->data);
3416 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3421 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3426 for (; num_rsp; num_rsp--, info++) {
3427 bool name_known, ssp;
3429 bacpy(&data.bdaddr, &info->bdaddr);
3430 data.pscan_rep_mode = info->pscan_rep_mode;
3431 data.pscan_period_mode = info->pscan_period_mode;
3432 data.pscan_mode = 0x00;
3433 memcpy(data.dev_class, info->dev_class, 3);
3434 data.clock_offset = info->clock_offset;
3435 data.rssi = info->rssi;
3436 data.ssp_mode = 0x01;
3438 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3439 name_known = eir_has_data_type(info->data,
3445 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3447 eir_len = eir_get_length(info->data, sizeof(info->data));
3448 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3449 info->dev_class, info->rssi, !name_known,
3450 ssp, info->data, eir_len, NULL, 0);
3453 hci_dev_unlock(hdev);
3456 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3457 struct sk_buff *skb)
3459 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3460 struct hci_conn *conn;
3462 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3463 __le16_to_cpu(ev->handle));
3467 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3471 /* For BR/EDR the necessary steps are taken through the
3472 * auth_complete event.
3474 if (conn->type != LE_LINK)
3478 conn->sec_level = conn->pending_sec_level;
3480 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3482 if (ev->status && conn->state == BT_CONNECTED) {
3483 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3484 hci_conn_drop(conn);
3488 if (conn->state == BT_CONFIG) {
3490 conn->state = BT_CONNECTED;
3492 hci_proto_connect_cfm(conn, ev->status);
3493 hci_conn_drop(conn);
3495 hci_auth_cfm(conn, ev->status);
3497 hci_conn_hold(conn);
3498 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3499 hci_conn_drop(conn);
3503 hci_dev_unlock(hdev);
3506 static u8 hci_get_auth_req(struct hci_conn *conn)
3508 /* If remote requests no-bonding follow that lead */
3509 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3510 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3511 return conn->remote_auth | (conn->auth_type & 0x01);
3513 /* If both remote and local have enough IO capabilities, require
3516 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3517 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3518 return conn->remote_auth | 0x01;
3520 /* No MITM protection possible so ignore remote requirement */
3521 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3524 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3526 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3527 struct hci_conn *conn;
3529 BT_DBG("%s", hdev->name);
3533 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3537 hci_conn_hold(conn);
3539 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3542 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3543 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3544 struct hci_cp_io_capability_reply cp;
3546 bacpy(&cp.bdaddr, &ev->bdaddr);
3547 /* Change the IO capability from KeyboardDisplay
3548 * to DisplayYesNo as it is not supported by BT spec. */
3549 cp.capability = (conn->io_capability == 0x04) ?
3550 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3552 /* If we are initiators, there is no remote information yet */
3553 if (conn->remote_auth == 0xff) {
3554 cp.authentication = conn->auth_type;
3556 /* Request MITM protection if our IO caps allow it
3557 * except for the no-bonding case.
3558 * conn->auth_type is not updated here since
3559 * that might cause the user confirmation to be
3560 * rejected in case the remote doesn't have the
3561 * IO capabilities for MITM.
3563 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3564 cp.authentication != HCI_AT_NO_BONDING)
3565 cp.authentication |= 0x01;
3567 conn->auth_type = hci_get_auth_req(conn);
3568 cp.authentication = conn->auth_type;
3571 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3572 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3577 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3580 struct hci_cp_io_capability_neg_reply cp;
3582 bacpy(&cp.bdaddr, &ev->bdaddr);
3583 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3585 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3590 hci_dev_unlock(hdev);
3593 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3595 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3596 struct hci_conn *conn;
3598 BT_DBG("%s", hdev->name);
3602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3606 conn->remote_cap = ev->capability;
3607 conn->remote_auth = ev->authentication;
3609 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3612 hci_dev_unlock(hdev);
3615 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3616 struct sk_buff *skb)
3618 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3619 int loc_mitm, rem_mitm, confirm_hint = 0;
3620 struct hci_conn *conn;
3622 BT_DBG("%s", hdev->name);
3626 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3629 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3633 loc_mitm = (conn->auth_type & 0x01);
3634 rem_mitm = (conn->remote_auth & 0x01);
3636 /* If we require MITM but the remote device can't provide that
3637 * (it has NoInputNoOutput) then reject the confirmation request
3639 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3640 BT_DBG("Rejecting request: remote device can't provide MITM");
3641 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3642 sizeof(ev->bdaddr), &ev->bdaddr);
3646 /* If no side requires MITM protection; auto-accept */
3647 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3648 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3650 /* If we're not the initiators request authorization to
3651 * proceed from user space (mgmt_user_confirm with
3652 * confirm_hint set to 1). The exception is if neither
3653 * side had MITM in which case we do auto-accept.
3655 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3656 (loc_mitm || rem_mitm)) {
3657 BT_DBG("Confirming auto-accept as acceptor");
3662 BT_DBG("Auto-accept of user confirmation with %ums delay",
3663 hdev->auto_accept_delay);
3665 if (hdev->auto_accept_delay > 0) {
3666 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3667 queue_delayed_work(conn->hdev->workqueue,
3668 &conn->auto_accept_work, delay);
3672 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3673 sizeof(ev->bdaddr), &ev->bdaddr);
3678 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3679 le32_to_cpu(ev->passkey), confirm_hint);
3682 hci_dev_unlock(hdev);
3685 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3686 struct sk_buff *skb)
3688 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3690 BT_DBG("%s", hdev->name);
3692 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3693 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3696 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3697 struct sk_buff *skb)
3699 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3700 struct hci_conn *conn;
3702 BT_DBG("%s", hdev->name);
3704 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3708 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3709 conn->passkey_entered = 0;
3711 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3712 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3713 conn->dst_type, conn->passkey_notify,
3714 conn->passkey_entered);
3717 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3719 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3720 struct hci_conn *conn;
3722 BT_DBG("%s", hdev->name);
3724 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3729 case HCI_KEYPRESS_STARTED:
3730 conn->passkey_entered = 0;
3733 case HCI_KEYPRESS_ENTERED:
3734 conn->passkey_entered++;
3737 case HCI_KEYPRESS_ERASED:
3738 conn->passkey_entered--;
3741 case HCI_KEYPRESS_CLEARED:
3742 conn->passkey_entered = 0;
3745 case HCI_KEYPRESS_COMPLETED:
3749 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3750 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3751 conn->dst_type, conn->passkey_notify,
3752 conn->passkey_entered);
3755 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3756 struct sk_buff *skb)
3758 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3759 struct hci_conn *conn;
3761 BT_DBG("%s", hdev->name);
3765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3769 /* To avoid duplicate auth_failed events to user space we check
3770 * the HCI_CONN_AUTH_PEND flag which will be set if we
3771 * initiated the authentication. A traditional auth_complete
3772 * event gets always produced as initiator and is also mapped to
3773 * the mgmt_auth_failed event */
3774 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3775 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3778 hci_conn_drop(conn);
3781 hci_dev_unlock(hdev);
3784 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3785 struct sk_buff *skb)
3787 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3788 struct inquiry_entry *ie;
3789 struct hci_conn *conn;
3791 BT_DBG("%s", hdev->name);
3795 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3797 memcpy(conn->features[1], ev->features, 8);
3799 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3801 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3803 hci_dev_unlock(hdev);
3806 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3807 struct sk_buff *skb)
3809 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3810 struct oob_data *data;
3812 BT_DBG("%s", hdev->name);
3816 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3819 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3821 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3822 struct hci_cp_remote_oob_ext_data_reply cp;
3824 bacpy(&cp.bdaddr, &ev->bdaddr);
3825 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3826 memcpy(cp.randomizer192, data->randomizer192,
3827 sizeof(cp.randomizer192));
3828 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3829 memcpy(cp.randomizer256, data->randomizer256,
3830 sizeof(cp.randomizer256));
3832 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3835 struct hci_cp_remote_oob_data_reply cp;
3837 bacpy(&cp.bdaddr, &ev->bdaddr);
3838 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3839 memcpy(cp.randomizer, data->randomizer192,
3840 sizeof(cp.randomizer));
3842 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3846 struct hci_cp_remote_oob_data_neg_reply cp;
3848 bacpy(&cp.bdaddr, &ev->bdaddr);
3849 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3854 hci_dev_unlock(hdev);
3857 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3858 struct sk_buff *skb)
3860 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3861 struct hci_conn *hcon, *bredr_hcon;
3863 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3868 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3870 hci_dev_unlock(hdev);
3876 hci_dev_unlock(hdev);
3880 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3882 hcon->state = BT_CONNECTED;
3883 bacpy(&hcon->dst, &bredr_hcon->dst);
3885 hci_conn_hold(hcon);
3886 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3887 hci_conn_drop(hcon);
3889 hci_conn_add_sysfs(hcon);
3891 amp_physical_cfm(bredr_hcon, hcon);
3893 hci_dev_unlock(hdev);
3896 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3898 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3899 struct hci_conn *hcon;
3900 struct hci_chan *hchan;
3901 struct amp_mgr *mgr;
3903 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3904 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3907 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3911 /* Create AMP hchan */
3912 hchan = hci_chan_create(hcon);
3916 hchan->handle = le16_to_cpu(ev->handle);
3918 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3920 mgr = hcon->amp_mgr;
3921 if (mgr && mgr->bredr_chan) {
3922 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3924 l2cap_chan_lock(bredr_chan);
3926 bredr_chan->conn->mtu = hdev->block_mtu;
3927 l2cap_logical_cfm(bredr_chan, hchan, 0);
3928 hci_conn_hold(hcon);
3930 l2cap_chan_unlock(bredr_chan);
3934 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3935 struct sk_buff *skb)
3937 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3938 struct hci_chan *hchan;
3940 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3941 le16_to_cpu(ev->handle), ev->status);
3948 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3952 amp_destroy_logical_link(hchan, ev->reason);
3955 hci_dev_unlock(hdev);
3958 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3959 struct sk_buff *skb)
3961 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3962 struct hci_conn *hcon;
3964 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3971 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3973 hcon->state = BT_CLOSED;
3977 hci_dev_unlock(hdev);
3980 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3982 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3983 struct hci_conn *conn;
3984 struct smp_irk *irk;
3986 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3990 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3992 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3994 BT_ERR("No memory for new connection");
3998 conn->dst_type = ev->bdaddr_type;
4000 if (ev->role == LE_CONN_ROLE_MASTER) {
4002 conn->link_mode |= HCI_LM_MASTER;
4005 /* If we didn't have a hci_conn object previously
4006 * but we're in master role this must be something
4007 * initiated using a white list. Since white list based
4008 * connections are not "first class citizens" we don't
4009 * have full tracking of them. Therefore, we go ahead
4010 * with a "best effort" approach of determining the
4011 * initiator address based on the HCI_PRIVACY flag.
4014 conn->resp_addr_type = ev->bdaddr_type;
4015 bacpy(&conn->resp_addr, &ev->bdaddr);
4016 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4017 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4018 bacpy(&conn->init_addr, &hdev->rpa);
4020 hci_copy_identity_address(hdev,
4022 &conn->init_addr_type);
4026 cancel_delayed_work(&conn->le_conn_timeout);
4030 /* Set the responder (our side) address type based on
4031 * the advertising address type.
4033 conn->resp_addr_type = hdev->adv_addr_type;
4034 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4035 bacpy(&conn->resp_addr, &hdev->random_addr);
4037 bacpy(&conn->resp_addr, &hdev->bdaddr);
4039 conn->init_addr_type = ev->bdaddr_type;
4040 bacpy(&conn->init_addr, &ev->bdaddr);
4042 /* For incoming connections, set the default minimum
4043 * and maximum connection interval. They will be used
4044 * to check if the parameters are in range and if not
4045 * trigger the connection update procedure.
4047 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4048 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4051 /* Lookup the identity address from the stored connection
4052 * address and address type.
4054 * When establishing connections to an identity address, the
4055 * connection procedure will store the resolvable random
4056 * address first. Now if it can be converted back into the
4057 * identity address, start using the identity address from
4060 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4062 bacpy(&conn->dst, &irk->bdaddr);
4063 conn->dst_type = irk->addr_type;
4067 hci_le_conn_failed(conn, ev->status);
4071 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4072 mgmt_device_connected(hdev, &conn->dst, conn->type,
4073 conn->dst_type, 0, NULL, 0, NULL);
4075 conn->sec_level = BT_SECURITY_LOW;
4076 conn->handle = __le16_to_cpu(ev->handle);
4077 conn->state = BT_CONNECTED;
4079 conn->le_conn_interval = le16_to_cpu(ev->interval);
4080 conn->le_conn_latency = le16_to_cpu(ev->latency);
4081 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4083 hci_conn_add_sysfs(conn);
4085 hci_proto_connect_cfm(conn, ev->status);
4087 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4090 hci_dev_unlock(hdev);
4093 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4094 struct sk_buff *skb)
4096 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4097 struct hci_conn *conn;
4099 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4106 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4108 conn->le_conn_interval = le16_to_cpu(ev->interval);
4109 conn->le_conn_latency = le16_to_cpu(ev->latency);
4110 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4113 hci_dev_unlock(hdev);
4116 /* This function requires the caller holds hdev->lock */
4117 static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4120 struct hci_conn *conn;
4121 struct smp_irk *irk;
4123 /* If this is a resolvable address, we should resolve it and then
4124 * update address and address type variables.
4126 irk = hci_get_irk(hdev, addr, addr_type);
4128 addr = &irk->bdaddr;
4129 addr_type = irk->addr_type;
4132 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4135 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4140 switch (PTR_ERR(conn)) {
4142 /* If hci_connect() returns -EBUSY it means there is already
4143 * an LE connection attempt going on. Since controllers don't
4144 * support more than one connection attempt at the time, we
4145 * don't consider this an error case.
4149 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4153 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4154 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4156 struct discovery_state *d = &hdev->discovery;
4159 /* Passive scanning shouldn't trigger any device found events */
4160 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4161 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4162 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4166 /* If there's nothing pending either store the data from this
4167 * event or send an immediate device found event if the data
4168 * should not be stored for later.
4170 if (!has_pending_adv_report(hdev)) {
4171 /* If the report will trigger a SCAN_REQ store it for
4174 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4175 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4180 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4181 rssi, 0, 1, data, len, NULL, 0);
4185 /* Check if the pending report is for the same device as the new one */
4186 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4187 bdaddr_type == d->last_adv_addr_type);
4189 /* If the pending data doesn't match this report or this isn't a
4190 * scan response (e.g. we got a duplicate ADV_IND) then force
4191 * sending of the pending data.
4193 if (type != LE_ADV_SCAN_RSP || !match) {
4194 /* Send out whatever is in the cache, but skip duplicates */
4196 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4197 d->last_adv_addr_type, NULL,
4198 d->last_adv_rssi, 0, 1,
4200 d->last_adv_data_len, NULL, 0);
4202 /* If the new report will trigger a SCAN_REQ store it for
4205 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4206 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4211 /* The advertising reports cannot be merged, so clear
4212 * the pending report and send out a device found event.
4214 clear_pending_adv_report(hdev);
4215 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4216 rssi, 0, 1, data, len, NULL, 0);
4220 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4221 * the new event is a SCAN_RSP. We can therefore proceed with
4222 * sending a merged device found event.
4224 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4225 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4226 d->last_adv_data, d->last_adv_data_len);
4227 clear_pending_adv_report(hdev);
4230 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4232 u8 num_reports = skb->data[0];
4233 void *ptr = &skb->data[1];
4237 while (num_reports--) {
4238 struct hci_ev_le_advertising_info *ev = ptr;
4241 rssi = ev->data[ev->length];
4242 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4243 ev->bdaddr_type, rssi, ev->data, ev->length);
4245 ptr += sizeof(*ev) + ev->length + 1;
4248 hci_dev_unlock(hdev);
4251 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4253 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4254 struct hci_cp_le_ltk_reply cp;
4255 struct hci_cp_le_ltk_neg_reply neg;
4256 struct hci_conn *conn;
4257 struct smp_ltk *ltk;
4259 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4263 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4267 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4271 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4272 cp.handle = cpu_to_le16(conn->handle);
4274 if (ltk->authenticated)
4275 conn->pending_sec_level = BT_SECURITY_HIGH;
4277 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4279 conn->enc_key_size = ltk->enc_size;
4281 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4283 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4284 * temporary key used to encrypt a connection following
4285 * pairing. It is used during the Encrypted Session Setup to
4286 * distribute the keys. Later, security can be re-established
4287 * using a distributed LTK.
4289 if (ltk->type == SMP_STK) {
4290 list_del(<k->list);
4294 hci_dev_unlock(hdev);
4299 neg.handle = ev->handle;
4300 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4301 hci_dev_unlock(hdev);
4304 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4306 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4308 skb_pull(skb, sizeof(*le_ev));
4310 switch (le_ev->subevent) {
4311 case HCI_EV_LE_CONN_COMPLETE:
4312 hci_le_conn_complete_evt(hdev, skb);
4315 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4316 hci_le_conn_update_complete_evt(hdev, skb);
4319 case HCI_EV_LE_ADVERTISING_REPORT:
4320 hci_le_adv_report_evt(hdev, skb);
4323 case HCI_EV_LE_LTK_REQ:
4324 hci_le_ltk_request_evt(hdev, skb);
4332 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4334 struct hci_ev_channel_selected *ev = (void *) skb->data;
4335 struct hci_conn *hcon;
4337 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4339 skb_pull(skb, sizeof(*ev));
4341 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4345 amp_read_loc_assoc_final_data(hdev, hcon);
4348 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4350 struct hci_event_hdr *hdr = (void *) skb->data;
4351 __u8 event = hdr->evt;
4355 /* Received events are (currently) only needed when a request is
4356 * ongoing so avoid unnecessary memory allocation.
4358 if (hdev->req_status == HCI_REQ_PEND) {
4359 kfree_skb(hdev->recv_evt);
4360 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4363 hci_dev_unlock(hdev);
4365 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4367 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4368 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4369 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4371 hci_req_cmd_complete(hdev, opcode, 0);
4375 case HCI_EV_INQUIRY_COMPLETE:
4376 hci_inquiry_complete_evt(hdev, skb);
4379 case HCI_EV_INQUIRY_RESULT:
4380 hci_inquiry_result_evt(hdev, skb);
4383 case HCI_EV_CONN_COMPLETE:
4384 hci_conn_complete_evt(hdev, skb);
4387 case HCI_EV_CONN_REQUEST:
4388 hci_conn_request_evt(hdev, skb);
4391 case HCI_EV_DISCONN_COMPLETE:
4392 hci_disconn_complete_evt(hdev, skb);
4395 case HCI_EV_AUTH_COMPLETE:
4396 hci_auth_complete_evt(hdev, skb);
4399 case HCI_EV_REMOTE_NAME:
4400 hci_remote_name_evt(hdev, skb);
4403 case HCI_EV_ENCRYPT_CHANGE:
4404 hci_encrypt_change_evt(hdev, skb);
4407 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4408 hci_change_link_key_complete_evt(hdev, skb);
4411 case HCI_EV_REMOTE_FEATURES:
4412 hci_remote_features_evt(hdev, skb);
4415 case HCI_EV_CMD_COMPLETE:
4416 hci_cmd_complete_evt(hdev, skb);
4419 case HCI_EV_CMD_STATUS:
4420 hci_cmd_status_evt(hdev, skb);
4423 case HCI_EV_ROLE_CHANGE:
4424 hci_role_change_evt(hdev, skb);
4427 case HCI_EV_NUM_COMP_PKTS:
4428 hci_num_comp_pkts_evt(hdev, skb);
4431 case HCI_EV_MODE_CHANGE:
4432 hci_mode_change_evt(hdev, skb);
4435 case HCI_EV_PIN_CODE_REQ:
4436 hci_pin_code_request_evt(hdev, skb);
4439 case HCI_EV_LINK_KEY_REQ:
4440 hci_link_key_request_evt(hdev, skb);
4443 case HCI_EV_LINK_KEY_NOTIFY:
4444 hci_link_key_notify_evt(hdev, skb);
4447 case HCI_EV_CLOCK_OFFSET:
4448 hci_clock_offset_evt(hdev, skb);
4451 case HCI_EV_PKT_TYPE_CHANGE:
4452 hci_pkt_type_change_evt(hdev, skb);
4455 case HCI_EV_PSCAN_REP_MODE:
4456 hci_pscan_rep_mode_evt(hdev, skb);
4459 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4460 hci_inquiry_result_with_rssi_evt(hdev, skb);
4463 case HCI_EV_REMOTE_EXT_FEATURES:
4464 hci_remote_ext_features_evt(hdev, skb);
4467 case HCI_EV_SYNC_CONN_COMPLETE:
4468 hci_sync_conn_complete_evt(hdev, skb);
4471 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4472 hci_extended_inquiry_result_evt(hdev, skb);
4475 case HCI_EV_KEY_REFRESH_COMPLETE:
4476 hci_key_refresh_complete_evt(hdev, skb);
4479 case HCI_EV_IO_CAPA_REQUEST:
4480 hci_io_capa_request_evt(hdev, skb);
4483 case HCI_EV_IO_CAPA_REPLY:
4484 hci_io_capa_reply_evt(hdev, skb);
4487 case HCI_EV_USER_CONFIRM_REQUEST:
4488 hci_user_confirm_request_evt(hdev, skb);
4491 case HCI_EV_USER_PASSKEY_REQUEST:
4492 hci_user_passkey_request_evt(hdev, skb);
4495 case HCI_EV_USER_PASSKEY_NOTIFY:
4496 hci_user_passkey_notify_evt(hdev, skb);
4499 case HCI_EV_KEYPRESS_NOTIFY:
4500 hci_keypress_notify_evt(hdev, skb);
4503 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4504 hci_simple_pair_complete_evt(hdev, skb);
4507 case HCI_EV_REMOTE_HOST_FEATURES:
4508 hci_remote_host_features_evt(hdev, skb);
4511 case HCI_EV_LE_META:
4512 hci_le_meta_evt(hdev, skb);
4515 case HCI_EV_CHANNEL_SELECTED:
4516 hci_chan_selected_evt(hdev, skb);
4519 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4520 hci_remote_oob_data_request_evt(hdev, skb);
4523 case HCI_EV_PHY_LINK_COMPLETE:
4524 hci_phy_link_complete_evt(hdev, skb);
4527 case HCI_EV_LOGICAL_LINK_COMPLETE:
4528 hci_loglink_complete_evt(hdev, skb);
4531 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4532 hci_disconn_loglink_complete_evt(hdev, skb);
4535 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4536 hci_disconn_phylink_complete_evt(hdev, skb);
4539 case HCI_EV_NUM_COMP_BLOCKS:
4540 hci_num_comp_blocks_evt(hdev, skb);
4544 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4549 hdev->stat.evt_rx++;