2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
37 /* Handle HCI Event packets */
39 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
41 __u8 status = *((__u8 *) skb->data);
43 BT_DBG("%s status 0x%2.2x", hdev->name, status);
48 clear_bit(HCI_INQUIRY, &hdev->flags);
49 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
50 wake_up_bit(&hdev->flags, HCI_INQUIRY);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
56 hci_conn_check_pending(hdev);
59 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
61 __u8 status = *((__u8 *) skb->data);
63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
68 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
73 __u8 status = *((__u8 *) skb->data);
75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
80 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
82 hci_conn_check_pending(hdev);
85 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 BT_DBG("%s", hdev->name);
91 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn;
96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
103 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 clear_bit(HCI_CONN_MASTER, &conn->flags);
108 set_bit(HCI_CONN_MASTER, &conn->flags);
111 hci_dev_unlock(hdev);
114 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn;
119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
126 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
128 conn->link_policy = __le16_to_cpu(rp->policy);
130 hci_dev_unlock(hdev);
133 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
135 struct hci_rp_write_link_policy *rp = (void *) skb->data;
136 struct hci_conn *conn;
139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
144 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
150 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
152 conn->link_policy = get_unaligned_le16(sent + 2);
154 hci_dev_unlock(hdev);
157 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
167 hdev->link_policy = __le16_to_cpu(rp->policy);
170 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
186 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
188 __u8 status = *((__u8 *) skb->data);
190 BT_DBG("%s status 0x%2.2x", hdev->name, status);
192 clear_bit(HCI_RESET, &hdev->flags);
194 /* Reset all non-persistent flags */
195 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
197 hdev->discovery.state = DISCOVERY_STOPPED;
198 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
199 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
201 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
202 hdev->adv_data_len = 0;
204 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
205 hdev->scan_rsp_data_len = 0;
207 hdev->le_scan_type = LE_SCAN_PASSIVE;
209 hdev->ssp_debug_mode = 0;
212 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
214 __u8 status = *((__u8 *) skb->data);
217 BT_DBG("%s status 0x%2.2x", hdev->name, status);
219 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
225 if (test_bit(HCI_MGMT, &hdev->dev_flags))
226 mgmt_set_local_name_complete(hdev, sent, status);
228 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
230 hci_dev_unlock(hdev);
233 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
235 struct hci_rp_read_local_name *rp = (void *) skb->data;
237 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
242 if (test_bit(HCI_SETUP, &hdev->dev_flags))
243 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
246 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
248 __u8 status = *((__u8 *) skb->data);
251 BT_DBG("%s status 0x%2.2x", hdev->name, status);
253 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
258 __u8 param = *((__u8 *) sent);
260 if (param == AUTH_ENABLED)
261 set_bit(HCI_AUTH, &hdev->flags);
263 clear_bit(HCI_AUTH, &hdev->flags);
266 if (test_bit(HCI_MGMT, &hdev->dev_flags))
267 mgmt_auth_enable_complete(hdev, status);
270 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
272 __u8 status = *((__u8 *) skb->data);
275 BT_DBG("%s status 0x%2.2x", hdev->name, status);
277 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
282 __u8 param = *((__u8 *) sent);
285 set_bit(HCI_ENCRYPT, &hdev->flags);
287 clear_bit(HCI_ENCRYPT, &hdev->flags);
291 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 __u8 param, status = *((__u8 *) skb->data);
294 int old_pscan, old_iscan;
297 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
303 param = *((__u8 *) sent);
308 mgmt_write_scan_failed(hdev, param, status);
309 hdev->discov_timeout = 0;
313 /* We need to ensure that we set this back on if someone changed
314 * the scan mode through a raw HCI socket.
316 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
318 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
319 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
321 if (param & SCAN_INQUIRY) {
322 set_bit(HCI_ISCAN, &hdev->flags);
324 mgmt_discoverable(hdev, 1);
325 } else if (old_iscan)
326 mgmt_discoverable(hdev, 0);
328 if (param & SCAN_PAGE) {
329 set_bit(HCI_PSCAN, &hdev->flags);
331 mgmt_connectable(hdev, 1);
332 } else if (old_pscan)
333 mgmt_connectable(hdev, 0);
336 hci_dev_unlock(hdev);
339 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
348 memcpy(hdev->dev_class, rp->dev_class, 3);
350 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
351 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data);
359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
368 memcpy(hdev->dev_class, sent, 3);
370 if (test_bit(HCI_MGMT, &hdev->dev_flags))
371 mgmt_set_class_of_dev_complete(hdev, sent, status);
373 hci_dev_unlock(hdev);
376 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
386 setting = __le16_to_cpu(rp->voice_setting);
388 if (hdev->voice_setting == setting)
391 hdev->voice_setting = setting;
393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399 static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 __u8 status = *((__u8 *) skb->data);
406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
411 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
415 setting = get_unaligned_le16(sent);
417 if (hdev->voice_setting == setting)
420 hdev->voice_setting = setting;
422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428 static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
431 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
433 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
438 hdev->num_iac = rp->num_iac;
440 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
443 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
445 __u8 status = *((__u8 *) skb->data);
446 struct hci_cp_write_ssp_mode *sent;
448 BT_DBG("%s status 0x%2.2x", hdev->name, status);
450 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
456 hdev->features[1][0] |= LMP_HOST_SSP;
458 hdev->features[1][0] &= ~LMP_HOST_SSP;
461 if (test_bit(HCI_MGMT, &hdev->dev_flags))
462 mgmt_ssp_enable_complete(hdev, sent->mode, status);
465 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
471 static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
473 u8 status = *((u8 *) skb->data);
474 struct hci_cp_write_sc_support *sent;
476 BT_DBG("%s status 0x%2.2x", hdev->name, status);
478 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
484 hdev->features[1][0] |= LMP_HOST_SC;
486 hdev->features[1][0] &= ~LMP_HOST_SC;
489 if (test_bit(HCI_MGMT, &hdev->dev_flags))
490 mgmt_sc_enable_complete(hdev, sent->support, status);
493 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
499 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
501 struct hci_rp_read_local_version *rp = (void *) skb->data;
503 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
508 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
509 hdev->hci_ver = rp->hci_ver;
510 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
511 hdev->lmp_ver = rp->lmp_ver;
512 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
513 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
517 static void hci_cc_read_local_commands(struct hci_dev *hdev,
520 struct hci_rp_read_local_commands *rp = (void *) skb->data;
522 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
527 if (test_bit(HCI_SETUP, &hdev->dev_flags))
528 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
531 static void hci_cc_read_local_features(struct hci_dev *hdev,
534 struct hci_rp_read_local_features *rp = (void *) skb->data;
536 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
541 memcpy(hdev->features, rp->features, 8);
543 /* Adjust default settings according to features
544 * supported by device. */
546 if (hdev->features[0][0] & LMP_3SLOT)
547 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
549 if (hdev->features[0][0] & LMP_5SLOT)
550 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
552 if (hdev->features[0][1] & LMP_HV2) {
553 hdev->pkt_type |= (HCI_HV2);
554 hdev->esco_type |= (ESCO_HV2);
557 if (hdev->features[0][1] & LMP_HV3) {
558 hdev->pkt_type |= (HCI_HV3);
559 hdev->esco_type |= (ESCO_HV3);
562 if (lmp_esco_capable(hdev))
563 hdev->esco_type |= (ESCO_EV3);
565 if (hdev->features[0][4] & LMP_EV4)
566 hdev->esco_type |= (ESCO_EV4);
568 if (hdev->features[0][4] & LMP_EV5)
569 hdev->esco_type |= (ESCO_EV5);
571 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
572 hdev->esco_type |= (ESCO_2EV3);
574 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
575 hdev->esco_type |= (ESCO_3EV3);
577 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
578 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
581 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
584 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
586 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
591 if (hdev->max_page < rp->max_page)
592 hdev->max_page = rp->max_page;
594 if (rp->page < HCI_MAX_PAGES)
595 memcpy(hdev->features[rp->page], rp->features, 8);
598 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
601 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
603 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
606 hdev->flow_ctl_mode = rp->mode;
609 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
611 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
613 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
618 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
619 hdev->sco_mtu = rp->sco_mtu;
620 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
621 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
623 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
628 hdev->acl_cnt = hdev->acl_pkts;
629 hdev->sco_cnt = hdev->sco_pkts;
631 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
632 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
635 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
637 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
639 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
642 bacpy(&hdev->bdaddr, &rp->bdaddr);
645 static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
648 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
652 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
653 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
654 hdev->page_scan_window = __le16_to_cpu(rp->window);
658 static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
661 u8 status = *((u8 *) skb->data);
662 struct hci_cp_write_page_scan_activity *sent;
664 BT_DBG("%s status 0x%2.2x", hdev->name, status);
669 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
673 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
674 hdev->page_scan_window = __le16_to_cpu(sent->window);
677 static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
680 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
682 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
684 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
685 hdev->page_scan_type = rp->type;
688 static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
691 u8 status = *((u8 *) skb->data);
694 BT_DBG("%s status 0x%2.2x", hdev->name, status);
699 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
701 hdev->page_scan_type = *type;
704 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
707 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
714 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
715 hdev->block_len = __le16_to_cpu(rp->block_len);
716 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
718 hdev->block_cnt = hdev->num_blocks;
720 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
721 hdev->block_cnt, hdev->block_len);
724 static void hci_cc_read_clock(struct hci_dev *hdev, struct sk_buff *skb)
726 struct hci_rp_read_clock *rp = (void *) skb->data;
727 struct hci_cp_read_clock *cp;
728 struct hci_conn *conn;
730 BT_DBG("%s", hdev->name);
732 if (skb->len < sizeof(*rp))
740 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
744 if (cp->which == 0x00) {
745 hdev->clock = le32_to_cpu(rp->clock);
749 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
751 conn->clock = le32_to_cpu(rp->clock);
752 conn->clock_accuracy = le16_to_cpu(rp->accuracy);
756 hci_dev_unlock(hdev);
759 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
762 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
764 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
769 hdev->amp_status = rp->amp_status;
770 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
771 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
772 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
773 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
774 hdev->amp_type = rp->amp_type;
775 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
776 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
777 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
778 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
781 a2mp_send_getinfo_rsp(hdev);
784 static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
787 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
788 struct amp_assoc *assoc = &hdev->loc_assoc;
789 size_t rem_len, frag_len;
791 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
796 frag_len = skb->len - sizeof(*rp);
797 rem_len = __le16_to_cpu(rp->rem_len);
799 if (rem_len > frag_len) {
800 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
802 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
803 assoc->offset += frag_len;
805 /* Read other fragments */
806 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
811 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
812 assoc->len = assoc->offset + rem_len;
816 /* Send A2MP Rsp when all fragments are received */
817 a2mp_send_getampassoc_rsp(hdev, rp->status);
818 a2mp_send_create_phy_link_req(hdev, rp->status);
821 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
824 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829 hdev->inq_tx_power = rp->tx_power;
832 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
834 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
835 struct hci_cp_pin_code_reply *cp;
836 struct hci_conn *conn;
838 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
842 if (test_bit(HCI_MGMT, &hdev->dev_flags))
843 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
848 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
854 conn->pin_length = cp->pin_len;
857 hci_dev_unlock(hdev);
860 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
862 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
864 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
868 if (test_bit(HCI_MGMT, &hdev->dev_flags))
869 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
872 hci_dev_unlock(hdev);
875 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
878 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
880 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
885 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
886 hdev->le_pkts = rp->le_max_pkt;
888 hdev->le_cnt = hdev->le_pkts;
890 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
893 static void hci_cc_le_read_local_features(struct hci_dev *hdev,
896 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
901 memcpy(hdev->le_features, rp->features, 8);
904 static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
907 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
909 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
912 hdev->adv_tx_power = rp->tx_power;
915 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
917 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
919 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
923 if (test_bit(HCI_MGMT, &hdev->dev_flags))
924 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
927 hci_dev_unlock(hdev);
930 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
933 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
935 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
939 if (test_bit(HCI_MGMT, &hdev->dev_flags))
940 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
941 ACL_LINK, 0, rp->status);
943 hci_dev_unlock(hdev);
946 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
954 if (test_bit(HCI_MGMT, &hdev->dev_flags))
955 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
958 hci_dev_unlock(hdev);
961 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
964 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
966 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
970 if (test_bit(HCI_MGMT, &hdev->dev_flags))
971 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
972 ACL_LINK, 0, rp->status);
974 hci_dev_unlock(hdev);
977 static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
980 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
985 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
986 NULL, NULL, rp->status);
987 hci_dev_unlock(hdev);
990 static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
993 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
995 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
998 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
999 rp->hash256, rp->randomizer256,
1001 hci_dev_unlock(hdev);
1005 static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1007 __u8 status = *((__u8 *) skb->data);
1010 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1012 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
1019 bacpy(&hdev->random_addr, sent);
1021 hci_dev_unlock(hdev);
1024 static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1026 __u8 *sent, status = *((__u8 *) skb->data);
1028 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1030 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1039 /* If we're doing connection initation as peripheral. Set a
1040 * timeout in case something goes wrong.
1043 struct hci_conn *conn;
1045 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1047 queue_delayed_work(hdev->workqueue,
1048 &conn->le_conn_timeout,
1049 HCI_LE_CONN_TIMEOUT);
1052 mgmt_advertising(hdev, *sent);
1054 hci_dev_unlock(hdev);
1057 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1059 struct hci_cp_le_set_scan_param *cp;
1060 __u8 status = *((__u8 *) skb->data);
1062 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1064 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1071 hdev->le_scan_type = cp->type;
1073 hci_dev_unlock(hdev);
1076 static bool has_pending_adv_report(struct hci_dev *hdev)
1078 struct discovery_state *d = &hdev->discovery;
1080 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1083 static void clear_pending_adv_report(struct hci_dev *hdev)
1085 struct discovery_state *d = &hdev->discovery;
1087 bacpy(&d->last_adv_addr, BDADDR_ANY);
1088 d->last_adv_data_len = 0;
1091 static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1092 u8 bdaddr_type, s8 rssi, u32 flags,
1095 struct discovery_state *d = &hdev->discovery;
1097 bacpy(&d->last_adv_addr, bdaddr);
1098 d->last_adv_addr_type = bdaddr_type;
1099 d->last_adv_rssi = rssi;
1100 d->last_adv_flags = flags;
1101 memcpy(d->last_adv_data, data, len);
1102 d->last_adv_data_len = len;
1105 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1106 struct sk_buff *skb)
1108 struct hci_cp_le_set_scan_enable *cp;
1109 __u8 status = *((__u8 *) skb->data);
1111 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1113 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1120 switch (cp->enable) {
1121 case LE_SCAN_ENABLE:
1122 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1123 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1124 clear_pending_adv_report(hdev);
1127 case LE_SCAN_DISABLE:
1128 /* We do this here instead of when setting DISCOVERY_STOPPED
1129 * since the latter would potentially require waiting for
1130 * inquiry to stop too.
1132 if (has_pending_adv_report(hdev)) {
1133 struct discovery_state *d = &hdev->discovery;
1135 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
1136 d->last_adv_addr_type, NULL,
1137 d->last_adv_rssi, d->last_adv_flags,
1139 d->last_adv_data_len, NULL, 0);
1142 /* Cancel this timer so that we don't try to disable scanning
1143 * when it's already disabled.
1145 cancel_delayed_work(&hdev->le_scan_disable);
1147 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1148 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1149 * interrupted scanning due to a connect request. Mark
1150 * therefore discovery as stopped.
1152 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1154 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1158 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1163 static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1164 struct sk_buff *skb)
1166 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1168 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1171 hdev->le_white_list_size = rp->size;
1174 static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1175 struct sk_buff *skb)
1177 __u8 status = *((__u8 *) skb->data);
1179 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1182 hci_white_list_clear(hdev);
1185 static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1186 struct sk_buff *skb)
1188 struct hci_cp_le_add_to_white_list *sent;
1189 __u8 status = *((__u8 *) skb->data);
1191 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1193 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1198 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1201 static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1202 struct sk_buff *skb)
1204 struct hci_cp_le_del_from_white_list *sent;
1205 __u8 status = *((__u8 *) skb->data);
1207 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1209 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1214 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1217 static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1218 struct sk_buff *skb)
1220 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1222 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1225 memcpy(hdev->le_states, rp->le_states, 8);
1228 static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1229 struct sk_buff *skb)
1231 struct hci_cp_write_le_host_supported *sent;
1232 __u8 status = *((__u8 *) skb->data);
1234 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1236 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1242 hdev->features[1][0] |= LMP_HOST_LE;
1243 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1245 hdev->features[1][0] &= ~LMP_HOST_LE;
1246 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1251 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1253 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1257 static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1259 struct hci_cp_le_set_adv_param *cp;
1260 u8 status = *((u8 *) skb->data);
1262 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1267 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1272 hdev->adv_addr_type = cp->own_address_type;
1273 hci_dev_unlock(hdev);
1276 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1277 struct sk_buff *skb)
1279 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1281 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1282 hdev->name, rp->status, rp->phy_handle);
1287 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1290 static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1292 struct hci_rp_read_rssi *rp = (void *) skb->data;
1293 struct hci_conn *conn;
1295 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1302 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1304 conn->rssi = rp->rssi;
1306 hci_dev_unlock(hdev);
1309 static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1311 struct hci_cp_read_tx_power *sent;
1312 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1313 struct hci_conn *conn;
1315 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1320 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1326 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1330 switch (sent->type) {
1332 conn->tx_power = rp->tx_power;
1335 conn->max_tx_power = rp->tx_power;
1340 hci_dev_unlock(hdev);
1343 static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1345 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1348 hci_conn_check_pending(hdev);
1352 set_bit(HCI_INQUIRY, &hdev->flags);
1355 static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1357 struct hci_cp_create_conn *cp;
1358 struct hci_conn *conn;
1360 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1362 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1368 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1370 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1373 if (conn && conn->state == BT_CONNECT) {
1374 if (status != 0x0c || conn->attempt > 2) {
1375 conn->state = BT_CLOSED;
1376 hci_proto_connect_cfm(conn, status);
1379 conn->state = BT_CONNECT2;
1383 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1386 set_bit(HCI_CONN_MASTER, &conn->flags);
1388 BT_ERR("No memory for new connection");
1392 hci_dev_unlock(hdev);
1395 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1397 struct hci_cp_add_sco *cp;
1398 struct hci_conn *acl, *sco;
1401 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1406 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1410 handle = __le16_to_cpu(cp->handle);
1412 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1416 acl = hci_conn_hash_lookup_handle(hdev, handle);
1420 sco->state = BT_CLOSED;
1422 hci_proto_connect_cfm(sco, status);
1427 hci_dev_unlock(hdev);
1430 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1432 struct hci_cp_auth_requested *cp;
1433 struct hci_conn *conn;
1435 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1440 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1446 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1448 if (conn->state == BT_CONFIG) {
1449 hci_proto_connect_cfm(conn, status);
1450 hci_conn_drop(conn);
1454 hci_dev_unlock(hdev);
1457 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1459 struct hci_cp_set_conn_encrypt *cp;
1460 struct hci_conn *conn;
1462 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1467 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1473 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1475 if (conn->state == BT_CONFIG) {
1476 hci_proto_connect_cfm(conn, status);
1477 hci_conn_drop(conn);
1481 hci_dev_unlock(hdev);
1484 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1485 struct hci_conn *conn)
1487 if (conn->state != BT_CONFIG || !conn->out)
1490 if (conn->pending_sec_level == BT_SECURITY_SDP)
1493 /* Only request authentication for SSP connections or non-SSP
1494 * devices with sec_level MEDIUM or HIGH or if MITM protection
1497 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1498 conn->pending_sec_level != BT_SECURITY_FIPS &&
1499 conn->pending_sec_level != BT_SECURITY_HIGH &&
1500 conn->pending_sec_level != BT_SECURITY_MEDIUM)
1506 static int hci_resolve_name(struct hci_dev *hdev,
1507 struct inquiry_entry *e)
1509 struct hci_cp_remote_name_req cp;
1511 memset(&cp, 0, sizeof(cp));
1513 bacpy(&cp.bdaddr, &e->data.bdaddr);
1514 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1515 cp.pscan_mode = e->data.pscan_mode;
1516 cp.clock_offset = e->data.clock_offset;
1518 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1521 static bool hci_resolve_next_name(struct hci_dev *hdev)
1523 struct discovery_state *discov = &hdev->discovery;
1524 struct inquiry_entry *e;
1526 if (list_empty(&discov->resolve))
1529 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1533 if (hci_resolve_name(hdev, e) == 0) {
1534 e->name_state = NAME_PENDING;
1541 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1542 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1544 struct discovery_state *discov = &hdev->discovery;
1545 struct inquiry_entry *e;
1547 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1548 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1549 name_len, conn->dev_class);
1551 if (discov->state == DISCOVERY_STOPPED)
1554 if (discov->state == DISCOVERY_STOPPING)
1555 goto discov_complete;
1557 if (discov->state != DISCOVERY_RESOLVING)
1560 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1561 /* If the device was not found in a list of found devices names of which
1562 * are pending. there is no need to continue resolving a next name as it
1563 * will be done upon receiving another Remote Name Request Complete
1570 e->name_state = NAME_KNOWN;
1571 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1572 e->data.rssi, name, name_len);
1574 e->name_state = NAME_NOT_KNOWN;
1577 if (hci_resolve_next_name(hdev))
1581 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1584 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1586 struct hci_cp_remote_name_req *cp;
1587 struct hci_conn *conn;
1589 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1591 /* If successful wait for the name req complete event before
1592 * checking for the need to do authentication */
1596 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1602 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1604 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1605 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1610 if (!hci_outgoing_auth_needed(hdev, conn))
1613 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1614 struct hci_cp_auth_requested auth_cp;
1616 auth_cp.handle = __cpu_to_le16(conn->handle);
1617 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1618 sizeof(auth_cp), &auth_cp);
1622 hci_dev_unlock(hdev);
1625 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1627 struct hci_cp_read_remote_features *cp;
1628 struct hci_conn *conn;
1630 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1635 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1641 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1643 if (conn->state == BT_CONFIG) {
1644 hci_proto_connect_cfm(conn, status);
1645 hci_conn_drop(conn);
1649 hci_dev_unlock(hdev);
1652 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1654 struct hci_cp_read_remote_ext_features *cp;
1655 struct hci_conn *conn;
1657 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1662 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1668 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1670 if (conn->state == BT_CONFIG) {
1671 hci_proto_connect_cfm(conn, status);
1672 hci_conn_drop(conn);
1676 hci_dev_unlock(hdev);
1679 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1681 struct hci_cp_setup_sync_conn *cp;
1682 struct hci_conn *acl, *sco;
1685 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1690 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1694 handle = __le16_to_cpu(cp->handle);
1696 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1700 acl = hci_conn_hash_lookup_handle(hdev, handle);
1704 sco->state = BT_CLOSED;
1706 hci_proto_connect_cfm(sco, status);
1711 hci_dev_unlock(hdev);
1714 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1716 struct hci_cp_sniff_mode *cp;
1717 struct hci_conn *conn;
1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1730 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1732 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1734 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1735 hci_sco_setup(conn, status);
1738 hci_dev_unlock(hdev);
1741 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1743 struct hci_cp_exit_sniff_mode *cp;
1744 struct hci_conn *conn;
1746 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1751 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1757 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1759 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1761 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1762 hci_sco_setup(conn, status);
1765 hci_dev_unlock(hdev);
1768 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1770 struct hci_cp_disconnect *cp;
1771 struct hci_conn *conn;
1776 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1782 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1784 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1785 conn->dst_type, status);
1787 hci_dev_unlock(hdev);
1790 static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1792 struct hci_cp_create_phy_link *cp;
1794 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1796 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1803 struct hci_conn *hcon;
1805 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1809 amp_write_remote_assoc(hdev, cp->phy_handle);
1812 hci_dev_unlock(hdev);
1815 static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1817 struct hci_cp_accept_phy_link *cp;
1819 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1824 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1828 amp_write_remote_assoc(hdev, cp->phy_handle);
1831 static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1833 struct hci_cp_le_create_conn *cp;
1834 struct hci_conn *conn;
1836 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1838 /* All connection failure handling is taken care of by the
1839 * hci_le_conn_failed function which is triggered by the HCI
1840 * request completion callbacks used for connecting.
1845 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1851 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1855 /* Store the initiator and responder address information which
1856 * is needed for SMP. These values will not change during the
1857 * lifetime of the connection.
1859 conn->init_addr_type = cp->own_address_type;
1860 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1861 bacpy(&conn->init_addr, &hdev->random_addr);
1863 bacpy(&conn->init_addr, &hdev->bdaddr);
1865 conn->resp_addr_type = cp->peer_addr_type;
1866 bacpy(&conn->resp_addr, &cp->peer_addr);
1868 /* We don't want the connection attempt to stick around
1869 * indefinitely since LE doesn't have a page timeout concept
1870 * like BR/EDR. Set a timer for any connection that doesn't use
1871 * the white list for connecting.
1873 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1874 queue_delayed_work(conn->hdev->workqueue,
1875 &conn->le_conn_timeout,
1876 HCI_LE_CONN_TIMEOUT);
1879 hci_dev_unlock(hdev);
1882 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1884 struct hci_cp_le_start_enc *cp;
1885 struct hci_conn *conn;
1887 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1894 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1898 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1902 if (conn->state != BT_CONNECTED)
1905 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1906 hci_conn_drop(conn);
1909 hci_dev_unlock(hdev);
1912 static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1914 __u8 status = *((__u8 *) skb->data);
1915 struct discovery_state *discov = &hdev->discovery;
1916 struct inquiry_entry *e;
1918 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1920 hci_conn_check_pending(hdev);
1922 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1925 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
1926 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1928 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1933 if (discov->state != DISCOVERY_FINDING)
1936 if (list_empty(&discov->resolve)) {
1937 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1941 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1942 if (e && hci_resolve_name(hdev, e) == 0) {
1943 e->name_state = NAME_PENDING;
1944 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1946 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1950 hci_dev_unlock(hdev);
1953 static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1955 struct inquiry_data data;
1956 struct inquiry_info *info = (void *) (skb->data + 1);
1957 int num_rsp = *((__u8 *) skb->data);
1959 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1964 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1969 for (; num_rsp; num_rsp--, info++) {
1972 bacpy(&data.bdaddr, &info->bdaddr);
1973 data.pscan_rep_mode = info->pscan_rep_mode;
1974 data.pscan_period_mode = info->pscan_period_mode;
1975 data.pscan_mode = info->pscan_mode;
1976 memcpy(data.dev_class, info->dev_class, 3);
1977 data.clock_offset = info->clock_offset;
1979 data.ssp_mode = 0x00;
1981 flags = hci_inquiry_cache_update(hdev, &data, false);
1983 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1984 info->dev_class, 0, flags, NULL, 0, NULL, 0);
1987 hci_dev_unlock(hdev);
1990 static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1992 struct hci_ev_conn_complete *ev = (void *) skb->data;
1993 struct hci_conn *conn;
1995 BT_DBG("%s", hdev->name);
1999 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2001 if (ev->link_type != SCO_LINK)
2004 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2008 conn->type = SCO_LINK;
2012 conn->handle = __le16_to_cpu(ev->handle);
2014 if (conn->type == ACL_LINK) {
2015 conn->state = BT_CONFIG;
2016 hci_conn_hold(conn);
2018 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
2019 !hci_find_link_key(hdev, &ev->bdaddr))
2020 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2022 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2024 conn->state = BT_CONNECTED;
2026 hci_conn_add_sysfs(conn);
2028 if (test_bit(HCI_AUTH, &hdev->flags))
2029 set_bit(HCI_CONN_AUTH, &conn->flags);
2031 if (test_bit(HCI_ENCRYPT, &hdev->flags))
2032 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2034 /* Get remote features */
2035 if (conn->type == ACL_LINK) {
2036 struct hci_cp_read_remote_features cp;
2037 cp.handle = ev->handle;
2038 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
2042 /* Set packet type for incoming connection */
2043 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
2044 struct hci_cp_change_conn_ptype cp;
2045 cp.handle = ev->handle;
2046 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2047 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2051 conn->state = BT_CLOSED;
2052 if (conn->type == ACL_LINK)
2053 mgmt_connect_failed(hdev, &conn->dst, conn->type,
2054 conn->dst_type, ev->status);
2057 if (conn->type == ACL_LINK)
2058 hci_sco_setup(conn, ev->status);
2061 hci_proto_connect_cfm(conn, ev->status);
2063 } else if (ev->link_type != ACL_LINK)
2064 hci_proto_connect_cfm(conn, ev->status);
2067 hci_dev_unlock(hdev);
2069 hci_conn_check_pending(hdev);
2072 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2074 struct hci_ev_conn_request *ev = (void *) skb->data;
2075 int mask = hdev->link_mode;
2078 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2081 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2084 if ((mask & HCI_LM_ACCEPT) &&
2085 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
2086 /* Connection accepted */
2087 struct inquiry_entry *ie;
2088 struct hci_conn *conn;
2092 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2094 memcpy(ie->data.dev_class, ev->dev_class, 3);
2096 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2099 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2101 BT_ERR("No memory for new connection");
2102 hci_dev_unlock(hdev);
2107 memcpy(conn->dev_class, ev->dev_class, 3);
2109 hci_dev_unlock(hdev);
2111 if (ev->link_type == ACL_LINK ||
2112 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
2113 struct hci_cp_accept_conn_req cp;
2114 conn->state = BT_CONNECT;
2116 bacpy(&cp.bdaddr, &ev->bdaddr);
2118 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2119 cp.role = 0x00; /* Become master */
2121 cp.role = 0x01; /* Remain slave */
2123 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2125 } else if (!(flags & HCI_PROTO_DEFER)) {
2126 struct hci_cp_accept_sync_conn_req cp;
2127 conn->state = BT_CONNECT;
2129 bacpy(&cp.bdaddr, &ev->bdaddr);
2130 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2132 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2133 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2134 cp.max_latency = cpu_to_le16(0xffff);
2135 cp.content_format = cpu_to_le16(hdev->voice_setting);
2136 cp.retrans_effort = 0xff;
2138 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2141 conn->state = BT_CONNECT2;
2142 hci_proto_connect_cfm(conn, 0);
2145 /* Connection rejected */
2146 struct hci_cp_reject_conn_req cp;
2148 bacpy(&cp.bdaddr, &ev->bdaddr);
2149 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2150 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2154 static u8 hci_to_mgmt_reason(u8 err)
2157 case HCI_ERROR_CONNECTION_TIMEOUT:
2158 return MGMT_DEV_DISCONN_TIMEOUT;
2159 case HCI_ERROR_REMOTE_USER_TERM:
2160 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2161 case HCI_ERROR_REMOTE_POWER_OFF:
2162 return MGMT_DEV_DISCONN_REMOTE;
2163 case HCI_ERROR_LOCAL_HOST_TERM:
2164 return MGMT_DEV_DISCONN_LOCAL_HOST;
2166 return MGMT_DEV_DISCONN_UNKNOWN;
2170 static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2172 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2173 u8 reason = hci_to_mgmt_reason(ev->reason);
2174 struct hci_conn_params *params;
2175 struct hci_conn *conn;
2176 bool mgmt_connected;
2179 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2183 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2188 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2189 conn->dst_type, ev->status);
2193 conn->state = BT_CLOSED;
2195 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2196 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2197 reason, mgmt_connected);
2199 if (conn->type == ACL_LINK &&
2200 test_bit(HCI_CONN_FLUSH_KEY, &conn->flags))
2201 hci_remove_link_key(hdev, &conn->dst);
2203 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2205 switch (params->auto_connect) {
2206 case HCI_AUTO_CONN_LINK_LOSS:
2207 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2211 case HCI_AUTO_CONN_ALWAYS:
2212 hci_pend_le_conn_add(hdev, params);
2222 hci_proto_disconn_cfm(conn, ev->reason);
2225 /* Re-enable advertising if necessary, since it might
2226 * have been disabled by the connection. From the
2227 * HCI_LE_Set_Advertise_Enable command description in
2228 * the core specification (v4.0):
2229 * "The Controller shall continue advertising until the Host
2230 * issues an LE_Set_Advertise_Enable command with
2231 * Advertising_Enable set to 0x00 (Advertising is disabled)
2232 * or until a connection is created or until the Advertising
2233 * is timed out due to Directed Advertising."
2235 if (type == LE_LINK)
2236 mgmt_reenable_advertising(hdev);
2239 hci_dev_unlock(hdev);
2242 static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2244 struct hci_ev_auth_complete *ev = (void *) skb->data;
2245 struct hci_conn *conn;
2247 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2251 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2256 if (!hci_conn_ssp_enabled(conn) &&
2257 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2258 BT_INFO("re-auth of legacy device is not possible.");
2260 set_bit(HCI_CONN_AUTH, &conn->flags);
2261 conn->sec_level = conn->pending_sec_level;
2264 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2268 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2269 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2271 if (conn->state == BT_CONFIG) {
2272 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2273 struct hci_cp_set_conn_encrypt cp;
2274 cp.handle = ev->handle;
2276 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2279 conn->state = BT_CONNECTED;
2280 hci_proto_connect_cfm(conn, ev->status);
2281 hci_conn_drop(conn);
2284 hci_auth_cfm(conn, ev->status);
2286 hci_conn_hold(conn);
2287 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2288 hci_conn_drop(conn);
2291 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2293 struct hci_cp_set_conn_encrypt cp;
2294 cp.handle = ev->handle;
2296 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2299 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2300 hci_encrypt_cfm(conn, ev->status, 0x00);
2305 hci_dev_unlock(hdev);
2308 static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2310 struct hci_ev_remote_name *ev = (void *) skb->data;
2311 struct hci_conn *conn;
2313 BT_DBG("%s", hdev->name);
2315 hci_conn_check_pending(hdev);
2319 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2321 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2324 if (ev->status == 0)
2325 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2326 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2328 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2334 if (!hci_outgoing_auth_needed(hdev, conn))
2337 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2338 struct hci_cp_auth_requested cp;
2339 cp.handle = __cpu_to_le16(conn->handle);
2340 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2344 hci_dev_unlock(hdev);
2347 static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2349 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2350 struct hci_conn *conn;
2352 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2356 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2362 /* Encryption implies authentication */
2363 set_bit(HCI_CONN_AUTH, &conn->flags);
2364 set_bit(HCI_CONN_ENCRYPT, &conn->flags);
2365 conn->sec_level = conn->pending_sec_level;
2367 /* P-256 authentication key implies FIPS */
2368 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2369 set_bit(HCI_CONN_FIPS, &conn->flags);
2371 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2372 conn->type == LE_LINK)
2373 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2375 clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
2376 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2380 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2382 if (ev->status && conn->state == BT_CONNECTED) {
2383 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2384 hci_conn_drop(conn);
2388 if (conn->state == BT_CONFIG) {
2390 conn->state = BT_CONNECTED;
2392 /* In Secure Connections Only mode, do not allow any
2393 * connections that are not encrypted with AES-CCM
2394 * using a P-256 authenticated combination key.
2396 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2397 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2398 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2399 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2400 hci_conn_drop(conn);
2404 hci_proto_connect_cfm(conn, ev->status);
2405 hci_conn_drop(conn);
2407 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2410 hci_dev_unlock(hdev);
2413 static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2414 struct sk_buff *skb)
2416 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2417 struct hci_conn *conn;
2419 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2423 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2426 set_bit(HCI_CONN_SECURE, &conn->flags);
2428 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2430 hci_key_change_cfm(conn, ev->status);
2433 hci_dev_unlock(hdev);
2436 static void hci_remote_features_evt(struct hci_dev *hdev,
2437 struct sk_buff *skb)
2439 struct hci_ev_remote_features *ev = (void *) skb->data;
2440 struct hci_conn *conn;
2442 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2446 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2451 memcpy(conn->features[0], ev->features, 8);
2453 if (conn->state != BT_CONFIG)
2456 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2457 struct hci_cp_read_remote_ext_features cp;
2458 cp.handle = ev->handle;
2460 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2465 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2466 struct hci_cp_remote_name_req cp;
2467 memset(&cp, 0, sizeof(cp));
2468 bacpy(&cp.bdaddr, &conn->dst);
2469 cp.pscan_rep_mode = 0x02;
2470 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2471 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2472 mgmt_device_connected(hdev, &conn->dst, conn->type,
2473 conn->dst_type, 0, NULL, 0,
2476 if (!hci_outgoing_auth_needed(hdev, conn)) {
2477 conn->state = BT_CONNECTED;
2478 hci_proto_connect_cfm(conn, ev->status);
2479 hci_conn_drop(conn);
2483 hci_dev_unlock(hdev);
2486 static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2488 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2489 u8 status = skb->data[sizeof(*ev)];
2492 skb_pull(skb, sizeof(*ev));
2494 opcode = __le16_to_cpu(ev->opcode);
2497 case HCI_OP_INQUIRY_CANCEL:
2498 hci_cc_inquiry_cancel(hdev, skb);
2501 case HCI_OP_PERIODIC_INQ:
2502 hci_cc_periodic_inq(hdev, skb);
2505 case HCI_OP_EXIT_PERIODIC_INQ:
2506 hci_cc_exit_periodic_inq(hdev, skb);
2509 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2510 hci_cc_remote_name_req_cancel(hdev, skb);
2513 case HCI_OP_ROLE_DISCOVERY:
2514 hci_cc_role_discovery(hdev, skb);
2517 case HCI_OP_READ_LINK_POLICY:
2518 hci_cc_read_link_policy(hdev, skb);
2521 case HCI_OP_WRITE_LINK_POLICY:
2522 hci_cc_write_link_policy(hdev, skb);
2525 case HCI_OP_READ_DEF_LINK_POLICY:
2526 hci_cc_read_def_link_policy(hdev, skb);
2529 case HCI_OP_WRITE_DEF_LINK_POLICY:
2530 hci_cc_write_def_link_policy(hdev, skb);
2534 hci_cc_reset(hdev, skb);
2537 case HCI_OP_WRITE_LOCAL_NAME:
2538 hci_cc_write_local_name(hdev, skb);
2541 case HCI_OP_READ_LOCAL_NAME:
2542 hci_cc_read_local_name(hdev, skb);
2545 case HCI_OP_WRITE_AUTH_ENABLE:
2546 hci_cc_write_auth_enable(hdev, skb);
2549 case HCI_OP_WRITE_ENCRYPT_MODE:
2550 hci_cc_write_encrypt_mode(hdev, skb);
2553 case HCI_OP_WRITE_SCAN_ENABLE:
2554 hci_cc_write_scan_enable(hdev, skb);
2557 case HCI_OP_READ_CLASS_OF_DEV:
2558 hci_cc_read_class_of_dev(hdev, skb);
2561 case HCI_OP_WRITE_CLASS_OF_DEV:
2562 hci_cc_write_class_of_dev(hdev, skb);
2565 case HCI_OP_READ_VOICE_SETTING:
2566 hci_cc_read_voice_setting(hdev, skb);
2569 case HCI_OP_WRITE_VOICE_SETTING:
2570 hci_cc_write_voice_setting(hdev, skb);
2573 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2574 hci_cc_read_num_supported_iac(hdev, skb);
2577 case HCI_OP_WRITE_SSP_MODE:
2578 hci_cc_write_ssp_mode(hdev, skb);
2581 case HCI_OP_WRITE_SC_SUPPORT:
2582 hci_cc_write_sc_support(hdev, skb);
2585 case HCI_OP_READ_LOCAL_VERSION:
2586 hci_cc_read_local_version(hdev, skb);
2589 case HCI_OP_READ_LOCAL_COMMANDS:
2590 hci_cc_read_local_commands(hdev, skb);
2593 case HCI_OP_READ_LOCAL_FEATURES:
2594 hci_cc_read_local_features(hdev, skb);
2597 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2598 hci_cc_read_local_ext_features(hdev, skb);
2601 case HCI_OP_READ_BUFFER_SIZE:
2602 hci_cc_read_buffer_size(hdev, skb);
2605 case HCI_OP_READ_BD_ADDR:
2606 hci_cc_read_bd_addr(hdev, skb);
2609 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2610 hci_cc_read_page_scan_activity(hdev, skb);
2613 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2614 hci_cc_write_page_scan_activity(hdev, skb);
2617 case HCI_OP_READ_PAGE_SCAN_TYPE:
2618 hci_cc_read_page_scan_type(hdev, skb);
2621 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2622 hci_cc_write_page_scan_type(hdev, skb);
2625 case HCI_OP_READ_DATA_BLOCK_SIZE:
2626 hci_cc_read_data_block_size(hdev, skb);
2629 case HCI_OP_READ_FLOW_CONTROL_MODE:
2630 hci_cc_read_flow_control_mode(hdev, skb);
2633 case HCI_OP_READ_LOCAL_AMP_INFO:
2634 hci_cc_read_local_amp_info(hdev, skb);
2637 case HCI_OP_READ_CLOCK:
2638 hci_cc_read_clock(hdev, skb);
2641 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2642 hci_cc_read_local_amp_assoc(hdev, skb);
2645 case HCI_OP_READ_INQ_RSP_TX_POWER:
2646 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2649 case HCI_OP_PIN_CODE_REPLY:
2650 hci_cc_pin_code_reply(hdev, skb);
2653 case HCI_OP_PIN_CODE_NEG_REPLY:
2654 hci_cc_pin_code_neg_reply(hdev, skb);
2657 case HCI_OP_READ_LOCAL_OOB_DATA:
2658 hci_cc_read_local_oob_data(hdev, skb);
2661 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2662 hci_cc_read_local_oob_ext_data(hdev, skb);
2665 case HCI_OP_LE_READ_BUFFER_SIZE:
2666 hci_cc_le_read_buffer_size(hdev, skb);
2669 case HCI_OP_LE_READ_LOCAL_FEATURES:
2670 hci_cc_le_read_local_features(hdev, skb);
2673 case HCI_OP_LE_READ_ADV_TX_POWER:
2674 hci_cc_le_read_adv_tx_power(hdev, skb);
2677 case HCI_OP_USER_CONFIRM_REPLY:
2678 hci_cc_user_confirm_reply(hdev, skb);
2681 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2682 hci_cc_user_confirm_neg_reply(hdev, skb);
2685 case HCI_OP_USER_PASSKEY_REPLY:
2686 hci_cc_user_passkey_reply(hdev, skb);
2689 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2690 hci_cc_user_passkey_neg_reply(hdev, skb);
2693 case HCI_OP_LE_SET_RANDOM_ADDR:
2694 hci_cc_le_set_random_addr(hdev, skb);
2697 case HCI_OP_LE_SET_ADV_ENABLE:
2698 hci_cc_le_set_adv_enable(hdev, skb);
2701 case HCI_OP_LE_SET_SCAN_PARAM:
2702 hci_cc_le_set_scan_param(hdev, skb);
2705 case HCI_OP_LE_SET_SCAN_ENABLE:
2706 hci_cc_le_set_scan_enable(hdev, skb);
2709 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2710 hci_cc_le_read_white_list_size(hdev, skb);
2713 case HCI_OP_LE_CLEAR_WHITE_LIST:
2714 hci_cc_le_clear_white_list(hdev, skb);
2717 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2718 hci_cc_le_add_to_white_list(hdev, skb);
2721 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2722 hci_cc_le_del_from_white_list(hdev, skb);
2725 case HCI_OP_LE_READ_SUPPORTED_STATES:
2726 hci_cc_le_read_supported_states(hdev, skb);
2729 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2730 hci_cc_write_le_host_supported(hdev, skb);
2733 case HCI_OP_LE_SET_ADV_PARAM:
2734 hci_cc_set_adv_param(hdev, skb);
2737 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2738 hci_cc_write_remote_amp_assoc(hdev, skb);
2741 case HCI_OP_READ_RSSI:
2742 hci_cc_read_rssi(hdev, skb);
2745 case HCI_OP_READ_TX_POWER:
2746 hci_cc_read_tx_power(hdev, skb);
2750 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2754 if (opcode != HCI_OP_NOP)
2755 cancel_delayed_work(&hdev->cmd_timer);
2757 hci_req_cmd_complete(hdev, opcode, status);
2759 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2760 atomic_set(&hdev->cmd_cnt, 1);
2761 if (!skb_queue_empty(&hdev->cmd_q))
2762 queue_work(hdev->workqueue, &hdev->cmd_work);
2766 static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2768 struct hci_ev_cmd_status *ev = (void *) skb->data;
2771 skb_pull(skb, sizeof(*ev));
2773 opcode = __le16_to_cpu(ev->opcode);
2776 case HCI_OP_INQUIRY:
2777 hci_cs_inquiry(hdev, ev->status);
2780 case HCI_OP_CREATE_CONN:
2781 hci_cs_create_conn(hdev, ev->status);
2784 case HCI_OP_ADD_SCO:
2785 hci_cs_add_sco(hdev, ev->status);
2788 case HCI_OP_AUTH_REQUESTED:
2789 hci_cs_auth_requested(hdev, ev->status);
2792 case HCI_OP_SET_CONN_ENCRYPT:
2793 hci_cs_set_conn_encrypt(hdev, ev->status);
2796 case HCI_OP_REMOTE_NAME_REQ:
2797 hci_cs_remote_name_req(hdev, ev->status);
2800 case HCI_OP_READ_REMOTE_FEATURES:
2801 hci_cs_read_remote_features(hdev, ev->status);
2804 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2805 hci_cs_read_remote_ext_features(hdev, ev->status);
2808 case HCI_OP_SETUP_SYNC_CONN:
2809 hci_cs_setup_sync_conn(hdev, ev->status);
2812 case HCI_OP_SNIFF_MODE:
2813 hci_cs_sniff_mode(hdev, ev->status);
2816 case HCI_OP_EXIT_SNIFF_MODE:
2817 hci_cs_exit_sniff_mode(hdev, ev->status);
2820 case HCI_OP_DISCONNECT:
2821 hci_cs_disconnect(hdev, ev->status);
2824 case HCI_OP_CREATE_PHY_LINK:
2825 hci_cs_create_phylink(hdev, ev->status);
2828 case HCI_OP_ACCEPT_PHY_LINK:
2829 hci_cs_accept_phylink(hdev, ev->status);
2832 case HCI_OP_LE_CREATE_CONN:
2833 hci_cs_le_create_conn(hdev, ev->status);
2836 case HCI_OP_LE_START_ENC:
2837 hci_cs_le_start_enc(hdev, ev->status);
2841 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2845 if (opcode != HCI_OP_NOP)
2846 cancel_delayed_work(&hdev->cmd_timer);
2849 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2850 hci_req_cmd_complete(hdev, opcode, ev->status);
2852 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2853 atomic_set(&hdev->cmd_cnt, 1);
2854 if (!skb_queue_empty(&hdev->cmd_q))
2855 queue_work(hdev->workqueue, &hdev->cmd_work);
2859 static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2861 struct hci_ev_role_change *ev = (void *) skb->data;
2862 struct hci_conn *conn;
2864 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2868 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2872 clear_bit(HCI_CONN_MASTER, &conn->flags);
2874 set_bit(HCI_CONN_MASTER, &conn->flags);
2877 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2879 hci_role_switch_cfm(conn, ev->status, ev->role);
2882 hci_dev_unlock(hdev);
2885 static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2887 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2890 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2891 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2895 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2896 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2897 BT_DBG("%s bad parameters", hdev->name);
2901 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2903 for (i = 0; i < ev->num_hndl; i++) {
2904 struct hci_comp_pkts_info *info = &ev->handles[i];
2905 struct hci_conn *conn;
2906 __u16 handle, count;
2908 handle = __le16_to_cpu(info->handle);
2909 count = __le16_to_cpu(info->count);
2911 conn = hci_conn_hash_lookup_handle(hdev, handle);
2915 conn->sent -= count;
2917 switch (conn->type) {
2919 hdev->acl_cnt += count;
2920 if (hdev->acl_cnt > hdev->acl_pkts)
2921 hdev->acl_cnt = hdev->acl_pkts;
2925 if (hdev->le_pkts) {
2926 hdev->le_cnt += count;
2927 if (hdev->le_cnt > hdev->le_pkts)
2928 hdev->le_cnt = hdev->le_pkts;
2930 hdev->acl_cnt += count;
2931 if (hdev->acl_cnt > hdev->acl_pkts)
2932 hdev->acl_cnt = hdev->acl_pkts;
2937 hdev->sco_cnt += count;
2938 if (hdev->sco_cnt > hdev->sco_pkts)
2939 hdev->sco_cnt = hdev->sco_pkts;
2943 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2948 queue_work(hdev->workqueue, &hdev->tx_work);
2951 static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2954 struct hci_chan *chan;
2956 switch (hdev->dev_type) {
2958 return hci_conn_hash_lookup_handle(hdev, handle);
2960 chan = hci_chan_lookup_handle(hdev, handle);
2965 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2972 static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2974 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2977 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2978 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2982 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2983 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2984 BT_DBG("%s bad parameters", hdev->name);
2988 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2991 for (i = 0; i < ev->num_hndl; i++) {
2992 struct hci_comp_blocks_info *info = &ev->handles[i];
2993 struct hci_conn *conn = NULL;
2994 __u16 handle, block_count;
2996 handle = __le16_to_cpu(info->handle);
2997 block_count = __le16_to_cpu(info->blocks);
2999 conn = __hci_conn_lookup_handle(hdev, handle);
3003 conn->sent -= block_count;
3005 switch (conn->type) {
3008 hdev->block_cnt += block_count;
3009 if (hdev->block_cnt > hdev->num_blocks)
3010 hdev->block_cnt = hdev->num_blocks;
3014 BT_ERR("Unknown type %d conn %p", conn->type, conn);
3019 queue_work(hdev->workqueue, &hdev->tx_work);
3022 static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3024 struct hci_ev_mode_change *ev = (void *) skb->data;
3025 struct hci_conn *conn;
3027 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3031 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3033 conn->mode = ev->mode;
3035 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
3037 if (conn->mode == HCI_CM_ACTIVE)
3038 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3040 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
3043 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
3044 hci_sco_setup(conn, ev->status);
3047 hci_dev_unlock(hdev);
3050 static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3052 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3053 struct hci_conn *conn;
3055 BT_DBG("%s", hdev->name);
3059 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3063 if (conn->state == BT_CONNECTED) {
3064 hci_conn_hold(conn);
3065 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
3066 hci_conn_drop(conn);
3069 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
3070 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3071 sizeof(ev->bdaddr), &ev->bdaddr);
3072 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
3075 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3080 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
3084 hci_dev_unlock(hdev);
3087 static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3089 struct hci_ev_link_key_req *ev = (void *) skb->data;
3090 struct hci_cp_link_key_reply cp;
3091 struct hci_conn *conn;
3092 struct link_key *key;
3094 BT_DBG("%s", hdev->name);
3096 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3101 key = hci_find_link_key(hdev, &ev->bdaddr);
3103 BT_DBG("%s link key not found for %pMR", hdev->name,
3108 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3113 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3114 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
3115 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
3116 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3120 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
3121 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3122 conn->pending_sec_level == BT_SECURITY_FIPS)) {
3123 BT_DBG("%s ignoring key unauthenticated for high security",
3128 conn->key_type = key->type;
3129 conn->pin_length = key->pin_len;
3132 bacpy(&cp.bdaddr, &ev->bdaddr);
3133 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
3135 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3137 hci_dev_unlock(hdev);
3142 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3143 hci_dev_unlock(hdev);
3146 static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3148 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3149 struct hci_conn *conn;
3150 struct link_key *key;
3154 BT_DBG("%s", hdev->name);
3158 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3160 hci_conn_hold(conn);
3161 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3162 pin_len = conn->pin_length;
3164 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3165 conn->key_type = ev->key_type;
3167 hci_conn_drop(conn);
3170 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3173 key = hci_add_link_key(hdev, conn, &ev->bdaddr, ev->link_key,
3174 ev->key_type, pin_len, &persistent);
3178 mgmt_new_link_key(hdev, key, persistent);
3180 /* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
3181 * is set. If it's not set simply remove the key from the kernel
3182 * list (we've still notified user space about it but with
3183 * store_hint being 0).
3185 if (key->type == HCI_LK_DEBUG_COMBINATION &&
3186 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
3187 list_del(&key->list);
3191 clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3193 set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
3197 hci_dev_unlock(hdev);
3200 static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3202 struct hci_ev_clock_offset *ev = (void *) skb->data;
3203 struct hci_conn *conn;
3205 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3209 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3210 if (conn && !ev->status) {
3211 struct inquiry_entry *ie;
3213 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3215 ie->data.clock_offset = ev->clock_offset;
3216 ie->timestamp = jiffies;
3220 hci_dev_unlock(hdev);
3223 static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3225 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3226 struct hci_conn *conn;
3228 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3232 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3233 if (conn && !ev->status)
3234 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3236 hci_dev_unlock(hdev);
3239 static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3241 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3242 struct inquiry_entry *ie;
3244 BT_DBG("%s", hdev->name);
3248 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3250 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3251 ie->timestamp = jiffies;
3254 hci_dev_unlock(hdev);
3257 static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3258 struct sk_buff *skb)
3260 struct inquiry_data data;
3261 int num_rsp = *((__u8 *) skb->data);
3263 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3268 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3273 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3274 struct inquiry_info_with_rssi_and_pscan_mode *info;
3275 info = (void *) (skb->data + 1);
3277 for (; num_rsp; num_rsp--, info++) {
3280 bacpy(&data.bdaddr, &info->bdaddr);
3281 data.pscan_rep_mode = info->pscan_rep_mode;
3282 data.pscan_period_mode = info->pscan_period_mode;
3283 data.pscan_mode = info->pscan_mode;
3284 memcpy(data.dev_class, info->dev_class, 3);
3285 data.clock_offset = info->clock_offset;
3286 data.rssi = info->rssi;
3287 data.ssp_mode = 0x00;
3289 flags = hci_inquiry_cache_update(hdev, &data, false);
3291 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3292 info->dev_class, info->rssi,
3293 flags, NULL, 0, NULL, 0);
3296 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3298 for (; num_rsp; num_rsp--, info++) {
3301 bacpy(&data.bdaddr, &info->bdaddr);
3302 data.pscan_rep_mode = info->pscan_rep_mode;
3303 data.pscan_period_mode = info->pscan_period_mode;
3304 data.pscan_mode = 0x00;
3305 memcpy(data.dev_class, info->dev_class, 3);
3306 data.clock_offset = info->clock_offset;
3307 data.rssi = info->rssi;
3308 data.ssp_mode = 0x00;
3310 flags = hci_inquiry_cache_update(hdev, &data, false);
3312 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3313 info->dev_class, info->rssi,
3314 flags, NULL, 0, NULL, 0);
3318 hci_dev_unlock(hdev);
3321 static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3322 struct sk_buff *skb)
3324 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3325 struct hci_conn *conn;
3327 BT_DBG("%s", hdev->name);
3331 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3335 if (ev->page < HCI_MAX_PAGES)
3336 memcpy(conn->features[ev->page], ev->features, 8);
3338 if (!ev->status && ev->page == 0x01) {
3339 struct inquiry_entry *ie;
3341 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3343 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3345 if (ev->features[0] & LMP_HOST_SSP) {
3346 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3348 /* It is mandatory by the Bluetooth specification that
3349 * Extended Inquiry Results are only used when Secure
3350 * Simple Pairing is enabled, but some devices violate
3353 * To make these devices work, the internal SSP
3354 * enabled flag needs to be cleared if the remote host
3355 * features do not indicate SSP support */
3356 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3359 if (ev->features[0] & LMP_HOST_SC)
3360 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
3363 if (conn->state != BT_CONFIG)
3366 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3367 struct hci_cp_remote_name_req cp;
3368 memset(&cp, 0, sizeof(cp));
3369 bacpy(&cp.bdaddr, &conn->dst);
3370 cp.pscan_rep_mode = 0x02;
3371 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3372 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3373 mgmt_device_connected(hdev, &conn->dst, conn->type,
3374 conn->dst_type, 0, NULL, 0,
3377 if (!hci_outgoing_auth_needed(hdev, conn)) {
3378 conn->state = BT_CONNECTED;
3379 hci_proto_connect_cfm(conn, ev->status);
3380 hci_conn_drop(conn);
3384 hci_dev_unlock(hdev);
3387 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3388 struct sk_buff *skb)
3390 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3391 struct hci_conn *conn;
3393 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3397 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3399 if (ev->link_type == ESCO_LINK)
3402 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3406 conn->type = SCO_LINK;
3409 switch (ev->status) {
3411 conn->handle = __le16_to_cpu(ev->handle);
3412 conn->state = BT_CONNECTED;
3414 hci_conn_add_sysfs(conn);
3417 case 0x10: /* Connection Accept Timeout */
3418 case 0x0d: /* Connection Rejected due to Limited Resources */
3419 case 0x11: /* Unsupported Feature or Parameter Value */
3420 case 0x1c: /* SCO interval rejected */
3421 case 0x1a: /* Unsupported Remote Feature */
3422 case 0x1f: /* Unspecified error */
3423 case 0x20: /* Unsupported LMP Parameter value */
3425 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3426 (hdev->esco_type & EDR_ESCO_MASK);
3427 if (hci_setup_sync(conn, conn->link->handle))
3433 conn->state = BT_CLOSED;
3437 hci_proto_connect_cfm(conn, ev->status);
3442 hci_dev_unlock(hdev);
3445 static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3449 while (parsed < eir_len) {
3450 u8 field_len = eir[0];
3455 parsed += field_len + 1;
3456 eir += field_len + 1;
3462 static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3463 struct sk_buff *skb)
3465 struct inquiry_data data;
3466 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3467 int num_rsp = *((__u8 *) skb->data);
3470 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3475 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3480 for (; num_rsp; num_rsp--, info++) {
3484 bacpy(&data.bdaddr, &info->bdaddr);
3485 data.pscan_rep_mode = info->pscan_rep_mode;
3486 data.pscan_period_mode = info->pscan_period_mode;
3487 data.pscan_mode = 0x00;
3488 memcpy(data.dev_class, info->dev_class, 3);
3489 data.clock_offset = info->clock_offset;
3490 data.rssi = info->rssi;
3491 data.ssp_mode = 0x01;
3493 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3494 name_known = eir_has_data_type(info->data,
3500 flags = hci_inquiry_cache_update(hdev, &data, name_known);
3502 eir_len = eir_get_length(info->data, sizeof(info->data));
3504 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3505 info->dev_class, info->rssi,
3506 flags, info->data, eir_len, NULL, 0);
3509 hci_dev_unlock(hdev);
3512 static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3513 struct sk_buff *skb)
3515 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3516 struct hci_conn *conn;
3518 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3519 __le16_to_cpu(ev->handle));
3523 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3527 /* For BR/EDR the necessary steps are taken through the
3528 * auth_complete event.
3530 if (conn->type != LE_LINK)
3534 conn->sec_level = conn->pending_sec_level;
3536 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3538 if (ev->status && conn->state == BT_CONNECTED) {
3539 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3540 hci_conn_drop(conn);
3544 if (conn->state == BT_CONFIG) {
3546 conn->state = BT_CONNECTED;
3548 hci_proto_connect_cfm(conn, ev->status);
3549 hci_conn_drop(conn);
3551 hci_auth_cfm(conn, ev->status);
3553 hci_conn_hold(conn);
3554 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3555 hci_conn_drop(conn);
3559 hci_dev_unlock(hdev);
3562 static u8 hci_get_auth_req(struct hci_conn *conn)
3564 /* If remote requests no-bonding follow that lead */
3565 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3566 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3567 return conn->remote_auth | (conn->auth_type & 0x01);
3569 /* If both remote and local have enough IO capabilities, require
3572 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3573 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3574 return conn->remote_auth | 0x01;
3576 /* No MITM protection possible so ignore remote requirement */
3577 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
3580 static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3582 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3583 struct hci_conn *conn;
3585 BT_DBG("%s", hdev->name);
3589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3593 hci_conn_hold(conn);
3595 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3598 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3599 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3600 struct hci_cp_io_capability_reply cp;
3602 bacpy(&cp.bdaddr, &ev->bdaddr);
3603 /* Change the IO capability from KeyboardDisplay
3604 * to DisplayYesNo as it is not supported by BT spec. */
3605 cp.capability = (conn->io_capability == 0x04) ?
3606 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3608 /* If we are initiators, there is no remote information yet */
3609 if (conn->remote_auth == 0xff) {
3610 cp.authentication = conn->auth_type;
3612 /* Request MITM protection if our IO caps allow it
3613 * except for the no-bonding case.
3614 * conn->auth_type is not updated here since
3615 * that might cause the user confirmation to be
3616 * rejected in case the remote doesn't have the
3617 * IO capabilities for MITM.
3619 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3620 cp.authentication != HCI_AT_NO_BONDING)
3621 cp.authentication |= 0x01;
3623 conn->auth_type = hci_get_auth_req(conn);
3624 cp.authentication = conn->auth_type;
3627 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3628 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3633 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3636 struct hci_cp_io_capability_neg_reply cp;
3638 bacpy(&cp.bdaddr, &ev->bdaddr);
3639 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3641 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3646 hci_dev_unlock(hdev);
3649 static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3651 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3652 struct hci_conn *conn;
3654 BT_DBG("%s", hdev->name);
3658 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3662 conn->remote_cap = ev->capability;
3663 conn->remote_auth = ev->authentication;
3665 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3668 hci_dev_unlock(hdev);
3671 static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3672 struct sk_buff *skb)
3674 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3675 int loc_mitm, rem_mitm, confirm_hint = 0;
3676 struct hci_conn *conn;
3678 BT_DBG("%s", hdev->name);
3682 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3689 loc_mitm = (conn->auth_type & 0x01);
3690 rem_mitm = (conn->remote_auth & 0x01);
3692 /* If we require MITM but the remote device can't provide that
3693 * (it has NoInputNoOutput) then reject the confirmation request
3695 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3696 BT_DBG("Rejecting request: remote device can't provide MITM");
3697 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3698 sizeof(ev->bdaddr), &ev->bdaddr);
3702 /* If no side requires MITM protection; auto-accept */
3703 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3704 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3706 /* If we're not the initiators request authorization to
3707 * proceed from user space (mgmt_user_confirm with
3708 * confirm_hint set to 1). The exception is if neither
3709 * side had MITM in which case we do auto-accept.
3711 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3712 (loc_mitm || rem_mitm)) {
3713 BT_DBG("Confirming auto-accept as acceptor");
3718 BT_DBG("Auto-accept of user confirmation with %ums delay",
3719 hdev->auto_accept_delay);
3721 if (hdev->auto_accept_delay > 0) {
3722 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3723 queue_delayed_work(conn->hdev->workqueue,
3724 &conn->auto_accept_work, delay);
3728 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3729 sizeof(ev->bdaddr), &ev->bdaddr);
3734 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3735 le32_to_cpu(ev->passkey), confirm_hint);
3738 hci_dev_unlock(hdev);
3741 static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3742 struct sk_buff *skb)
3744 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3746 BT_DBG("%s", hdev->name);
3748 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3749 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3752 static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3753 struct sk_buff *skb)
3755 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3756 struct hci_conn *conn;
3758 BT_DBG("%s", hdev->name);
3760 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3764 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3765 conn->passkey_entered = 0;
3767 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3768 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3769 conn->dst_type, conn->passkey_notify,
3770 conn->passkey_entered);
3773 static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3775 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3776 struct hci_conn *conn;
3778 BT_DBG("%s", hdev->name);
3780 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3785 case HCI_KEYPRESS_STARTED:
3786 conn->passkey_entered = 0;
3789 case HCI_KEYPRESS_ENTERED:
3790 conn->passkey_entered++;
3793 case HCI_KEYPRESS_ERASED:
3794 conn->passkey_entered--;
3797 case HCI_KEYPRESS_CLEARED:
3798 conn->passkey_entered = 0;
3801 case HCI_KEYPRESS_COMPLETED:
3805 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3806 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3807 conn->dst_type, conn->passkey_notify,
3808 conn->passkey_entered);
3811 static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3812 struct sk_buff *skb)
3814 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3815 struct hci_conn *conn;
3817 BT_DBG("%s", hdev->name);
3821 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3825 /* To avoid duplicate auth_failed events to user space we check
3826 * the HCI_CONN_AUTH_PEND flag which will be set if we
3827 * initiated the authentication. A traditional auth_complete
3828 * event gets always produced as initiator and is also mapped to
3829 * the mgmt_auth_failed event */
3830 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3831 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3834 hci_conn_drop(conn);
3837 hci_dev_unlock(hdev);
3840 static void hci_remote_host_features_evt(struct hci_dev *hdev,
3841 struct sk_buff *skb)
3843 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3844 struct inquiry_entry *ie;
3845 struct hci_conn *conn;
3847 BT_DBG("%s", hdev->name);
3851 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3853 memcpy(conn->features[1], ev->features, 8);
3855 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3857 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3859 hci_dev_unlock(hdev);
3862 static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3863 struct sk_buff *skb)
3865 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3866 struct oob_data *data;
3868 BT_DBG("%s", hdev->name);
3872 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3875 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3877 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3878 struct hci_cp_remote_oob_ext_data_reply cp;
3880 bacpy(&cp.bdaddr, &ev->bdaddr);
3881 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3882 memcpy(cp.randomizer192, data->randomizer192,
3883 sizeof(cp.randomizer192));
3884 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3885 memcpy(cp.randomizer256, data->randomizer256,
3886 sizeof(cp.randomizer256));
3888 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3891 struct hci_cp_remote_oob_data_reply cp;
3893 bacpy(&cp.bdaddr, &ev->bdaddr);
3894 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3895 memcpy(cp.randomizer, data->randomizer192,
3896 sizeof(cp.randomizer));
3898 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3902 struct hci_cp_remote_oob_data_neg_reply cp;
3904 bacpy(&cp.bdaddr, &ev->bdaddr);
3905 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3910 hci_dev_unlock(hdev);
3913 static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3914 struct sk_buff *skb)
3916 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3917 struct hci_conn *hcon, *bredr_hcon;
3919 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3924 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3926 hci_dev_unlock(hdev);
3932 hci_dev_unlock(hdev);
3936 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3938 hcon->state = BT_CONNECTED;
3939 bacpy(&hcon->dst, &bredr_hcon->dst);
3941 hci_conn_hold(hcon);
3942 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3943 hci_conn_drop(hcon);
3945 hci_conn_add_sysfs(hcon);
3947 amp_physical_cfm(bredr_hcon, hcon);
3949 hci_dev_unlock(hdev);
3952 static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3954 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3955 struct hci_conn *hcon;
3956 struct hci_chan *hchan;
3957 struct amp_mgr *mgr;
3959 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3960 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3963 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3967 /* Create AMP hchan */
3968 hchan = hci_chan_create(hcon);
3972 hchan->handle = le16_to_cpu(ev->handle);
3974 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3976 mgr = hcon->amp_mgr;
3977 if (mgr && mgr->bredr_chan) {
3978 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3980 l2cap_chan_lock(bredr_chan);
3982 bredr_chan->conn->mtu = hdev->block_mtu;
3983 l2cap_logical_cfm(bredr_chan, hchan, 0);
3984 hci_conn_hold(hcon);
3986 l2cap_chan_unlock(bredr_chan);
3990 static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3991 struct sk_buff *skb)
3993 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3994 struct hci_chan *hchan;
3996 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3997 le16_to_cpu(ev->handle), ev->status);
4004 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
4008 amp_destroy_logical_link(hchan, ev->reason);
4011 hci_dev_unlock(hdev);
4014 static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4015 struct sk_buff *skb)
4017 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
4018 struct hci_conn *hcon;
4020 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4027 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4029 hcon->state = BT_CLOSED;
4033 hci_dev_unlock(hdev);
4036 static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4038 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4039 struct hci_conn_params *params;
4040 struct hci_conn *conn;
4041 struct smp_irk *irk;
4044 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4048 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4050 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
4052 BT_ERR("No memory for new connection");
4056 conn->dst_type = ev->bdaddr_type;
4058 if (ev->role == LE_CONN_ROLE_MASTER) {
4060 set_bit(HCI_CONN_MASTER, &conn->flags);
4063 /* If we didn't have a hci_conn object previously
4064 * but we're in master role this must be something
4065 * initiated using a white list. Since white list based
4066 * connections are not "first class citizens" we don't
4067 * have full tracking of them. Therefore, we go ahead
4068 * with a "best effort" approach of determining the
4069 * initiator address based on the HCI_PRIVACY flag.
4072 conn->resp_addr_type = ev->bdaddr_type;
4073 bacpy(&conn->resp_addr, &ev->bdaddr);
4074 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4075 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4076 bacpy(&conn->init_addr, &hdev->rpa);
4078 hci_copy_identity_address(hdev,
4080 &conn->init_addr_type);
4084 cancel_delayed_work(&conn->le_conn_timeout);
4088 /* Set the responder (our side) address type based on
4089 * the advertising address type.
4091 conn->resp_addr_type = hdev->adv_addr_type;
4092 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4093 bacpy(&conn->resp_addr, &hdev->random_addr);
4095 bacpy(&conn->resp_addr, &hdev->bdaddr);
4097 conn->init_addr_type = ev->bdaddr_type;
4098 bacpy(&conn->init_addr, &ev->bdaddr);
4100 /* For incoming connections, set the default minimum
4101 * and maximum connection interval. They will be used
4102 * to check if the parameters are in range and if not
4103 * trigger the connection update procedure.
4105 conn->le_conn_min_interval = hdev->le_conn_min_interval;
4106 conn->le_conn_max_interval = hdev->le_conn_max_interval;
4109 /* Lookup the identity address from the stored connection
4110 * address and address type.
4112 * When establishing connections to an identity address, the
4113 * connection procedure will store the resolvable random
4114 * address first. Now if it can be converted back into the
4115 * identity address, start using the identity address from
4118 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
4120 bacpy(&conn->dst, &irk->bdaddr);
4121 conn->dst_type = irk->addr_type;
4124 if (conn->dst_type == ADDR_LE_DEV_PUBLIC)
4125 addr_type = BDADDR_LE_PUBLIC;
4127 addr_type = BDADDR_LE_RANDOM;
4129 /* Drop the connection if he device is blocked */
4130 if (hci_blacklist_lookup(hdev, &conn->dst, addr_type)) {
4131 hci_conn_drop(conn);
4136 hci_le_conn_failed(conn, ev->status);
4140 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
4141 mgmt_device_connected(hdev, &conn->dst, conn->type,
4142 conn->dst_type, 0, NULL, 0, NULL);
4144 conn->sec_level = BT_SECURITY_LOW;
4145 conn->handle = __le16_to_cpu(ev->handle);
4146 conn->state = BT_CONNECTED;
4148 conn->le_conn_interval = le16_to_cpu(ev->interval);
4149 conn->le_conn_latency = le16_to_cpu(ev->latency);
4150 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4152 hci_conn_add_sysfs(conn);
4154 hci_proto_connect_cfm(conn, ev->status);
4156 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
4158 hci_pend_le_conn_del(hdev, params);
4161 hci_dev_unlock(hdev);
4164 static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4165 struct sk_buff *skb)
4167 struct hci_ev_le_conn_update_complete *ev = (void *) skb->data;
4168 struct hci_conn *conn;
4170 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4177 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4179 conn->le_conn_interval = le16_to_cpu(ev->interval);
4180 conn->le_conn_latency = le16_to_cpu(ev->latency);
4181 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout);
4184 hci_dev_unlock(hdev);
4187 /* This function requires the caller holds hdev->lock */
4188 static bool check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4191 struct hci_conn *conn;
4193 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4196 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4201 switch (PTR_ERR(conn)) {
4203 /* If hci_connect() returns -EBUSY it means there is already
4204 * an LE connection attempt going on. Since controllers don't
4205 * support more than one connection attempt at the time, we
4206 * don't consider this an error case.
4210 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4216 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4217 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4219 struct discovery_state *d = &hdev->discovery;
4223 /* Passive scanning shouldn't trigger any device found events,
4224 * except for devices marked as CONN_REPORT for which we do send
4225 * device found events.
4227 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4228 struct hci_conn_params *param;
4229 struct smp_irk *irk;
4231 /* Check if we need to convert to identity address */
4232 irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
4234 bdaddr = &irk->bdaddr;
4235 bdaddr_type = irk->addr_type;
4238 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND) {
4239 if (check_pending_le_conn(hdev, bdaddr, bdaddr_type))
4243 if (list_empty(&hdev->pend_le_reports))
4246 if (type == LE_ADV_DIRECT_IND)
4249 param = hci_conn_params_lookup(hdev, bdaddr, bdaddr_type);
4250 if (!param || param->auto_connect != HCI_AUTO_CONN_REPORT)
4253 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)
4254 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4257 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4258 rssi, flags, data, len, NULL, 0);
4262 /* When receiving non-connectable or scannable undirected
4263 * advertising reports, this means that the remote device is
4264 * not connectable and then clearly indicate this in the
4265 * device found event.
4267 * When receiving a scan response, then there is no way to
4268 * know if the remote device is connectable or not. However
4269 * since scan responses are merged with a previously seen
4270 * advertising report, the flags field from that report
4273 * In the really unlikely case that a controller get confused
4274 * and just sends a scan response event, then it is marked as
4275 * not connectable as well.
4277 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND ||
4278 type == LE_ADV_SCAN_RSP)
4279 flags = MGMT_DEV_FOUND_NOT_CONNECTABLE;
4283 /* If there's nothing pending either store the data from this
4284 * event or send an immediate device found event if the data
4285 * should not be stored for later.
4287 if (!has_pending_adv_report(hdev)) {
4288 /* If the report will trigger a SCAN_REQ store it for
4291 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4292 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4293 rssi, flags, data, len);
4297 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4298 rssi, flags, data, len, NULL, 0);
4302 /* Check if the pending report is for the same device as the new one */
4303 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4304 bdaddr_type == d->last_adv_addr_type);
4306 /* If the pending data doesn't match this report or this isn't a
4307 * scan response (e.g. we got a duplicate ADV_IND) then force
4308 * sending of the pending data.
4310 if (type != LE_ADV_SCAN_RSP || !match) {
4311 /* Send out whatever is in the cache, but skip duplicates */
4313 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4314 d->last_adv_addr_type, NULL,
4315 d->last_adv_rssi, d->last_adv_flags,
4317 d->last_adv_data_len, NULL, 0);
4319 /* If the new report will trigger a SCAN_REQ store it for
4322 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4323 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
4324 rssi, flags, data, len);
4328 /* The advertising reports cannot be merged, so clear
4329 * the pending report and send out a device found event.
4331 clear_pending_adv_report(hdev);
4332 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4333 rssi, flags, data, len, NULL, 0);
4337 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4338 * the new event is a SCAN_RSP. We can therefore proceed with
4339 * sending a merged device found event.
4341 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4342 d->last_adv_addr_type, NULL, rssi, d->last_adv_flags,
4343 d->last_adv_data, d->last_adv_data_len, data, len);
4344 clear_pending_adv_report(hdev);
4347 static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4349 u8 num_reports = skb->data[0];
4350 void *ptr = &skb->data[1];
4354 while (num_reports--) {
4355 struct hci_ev_le_advertising_info *ev = ptr;
4358 rssi = ev->data[ev->length];
4359 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4360 ev->bdaddr_type, rssi, ev->data, ev->length);
4362 ptr += sizeof(*ev) + ev->length + 1;
4365 hci_dev_unlock(hdev);
4368 static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
4370 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4371 struct hci_cp_le_ltk_reply cp;
4372 struct hci_cp_le_ltk_neg_reply neg;
4373 struct hci_conn *conn;
4374 struct smp_ltk *ltk;
4376 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
4380 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
4384 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
4388 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
4389 cp.handle = cpu_to_le16(conn->handle);
4391 if (ltk->authenticated)
4392 conn->pending_sec_level = BT_SECURITY_HIGH;
4394 conn->pending_sec_level = BT_SECURITY_MEDIUM;
4396 conn->enc_key_size = ltk->enc_size;
4398 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4400 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4401 * temporary key used to encrypt a connection following
4402 * pairing. It is used during the Encrypted Session Setup to
4403 * distribute the keys. Later, security can be re-established
4404 * using a distributed LTK.
4406 if (ltk->type == SMP_STK) {
4407 set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4408 list_del(<k->list);
4411 clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
4414 hci_dev_unlock(hdev);
4419 neg.handle = ev->handle;
4420 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4421 hci_dev_unlock(hdev);
4424 static void send_conn_param_neg_reply(struct hci_dev *hdev, u16 handle,
4427 struct hci_cp_le_conn_param_req_neg_reply cp;
4429 cp.handle = cpu_to_le16(handle);
4432 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_NEG_REPLY, sizeof(cp),
4436 static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
4437 struct sk_buff *skb)
4439 struct hci_ev_le_remote_conn_param_req *ev = (void *) skb->data;
4440 struct hci_cp_le_conn_param_req_reply cp;
4441 struct hci_conn *hcon;
4442 u16 handle, min, max, latency, timeout;
4444 handle = le16_to_cpu(ev->handle);
4445 min = le16_to_cpu(ev->interval_min);
4446 max = le16_to_cpu(ev->interval_max);
4447 latency = le16_to_cpu(ev->latency);
4448 timeout = le16_to_cpu(ev->timeout);
4450 hcon = hci_conn_hash_lookup_handle(hdev, handle);
4451 if (!hcon || hcon->state != BT_CONNECTED)
4452 return send_conn_param_neg_reply(hdev, handle,
4453 HCI_ERROR_UNKNOWN_CONN_ID);
4455 if (hci_check_conn_params(min, max, latency, timeout))
4456 return send_conn_param_neg_reply(hdev, handle,
4457 HCI_ERROR_INVALID_LL_PARAMS);
4459 if (test_bit(HCI_CONN_MASTER, &hcon->flags)) {
4460 struct hci_conn_params *params;
4465 params = hci_conn_params_lookup(hdev, &hcon->dst,
4468 params->conn_min_interval = min;
4469 params->conn_max_interval = max;
4470 params->conn_latency = latency;
4471 params->supervision_timeout = timeout;
4477 hci_dev_unlock(hdev);
4479 mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
4480 store_hint, min, max, latency, timeout);
4483 cp.handle = ev->handle;
4484 cp.interval_min = ev->interval_min;
4485 cp.interval_max = ev->interval_max;
4486 cp.latency = ev->latency;
4487 cp.timeout = ev->timeout;
4491 hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
4494 static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
4496 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4498 skb_pull(skb, sizeof(*le_ev));
4500 switch (le_ev->subevent) {
4501 case HCI_EV_LE_CONN_COMPLETE:
4502 hci_le_conn_complete_evt(hdev, skb);
4505 case HCI_EV_LE_CONN_UPDATE_COMPLETE:
4506 hci_le_conn_update_complete_evt(hdev, skb);
4509 case HCI_EV_LE_ADVERTISING_REPORT:
4510 hci_le_adv_report_evt(hdev, skb);
4513 case HCI_EV_LE_LTK_REQ:
4514 hci_le_ltk_request_evt(hdev, skb);
4517 case HCI_EV_LE_REMOTE_CONN_PARAM_REQ:
4518 hci_le_remote_conn_param_req_evt(hdev, skb);
4526 static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4528 struct hci_ev_channel_selected *ev = (void *) skb->data;
4529 struct hci_conn *hcon;
4531 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4533 skb_pull(skb, sizeof(*ev));
4535 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4539 amp_read_loc_assoc_final_data(hdev, hcon);
4542 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4544 struct hci_event_hdr *hdr = (void *) skb->data;
4545 __u8 event = hdr->evt;
4549 /* Received events are (currently) only needed when a request is
4550 * ongoing so avoid unnecessary memory allocation.
4552 if (hdev->req_status == HCI_REQ_PEND) {
4553 kfree_skb(hdev->recv_evt);
4554 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4557 hci_dev_unlock(hdev);
4559 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4561 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
4562 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4563 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
4565 hci_req_cmd_complete(hdev, opcode, 0);
4569 case HCI_EV_INQUIRY_COMPLETE:
4570 hci_inquiry_complete_evt(hdev, skb);
4573 case HCI_EV_INQUIRY_RESULT:
4574 hci_inquiry_result_evt(hdev, skb);
4577 case HCI_EV_CONN_COMPLETE:
4578 hci_conn_complete_evt(hdev, skb);
4581 case HCI_EV_CONN_REQUEST:
4582 hci_conn_request_evt(hdev, skb);
4585 case HCI_EV_DISCONN_COMPLETE:
4586 hci_disconn_complete_evt(hdev, skb);
4589 case HCI_EV_AUTH_COMPLETE:
4590 hci_auth_complete_evt(hdev, skb);
4593 case HCI_EV_REMOTE_NAME:
4594 hci_remote_name_evt(hdev, skb);
4597 case HCI_EV_ENCRYPT_CHANGE:
4598 hci_encrypt_change_evt(hdev, skb);
4601 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4602 hci_change_link_key_complete_evt(hdev, skb);
4605 case HCI_EV_REMOTE_FEATURES:
4606 hci_remote_features_evt(hdev, skb);
4609 case HCI_EV_CMD_COMPLETE:
4610 hci_cmd_complete_evt(hdev, skb);
4613 case HCI_EV_CMD_STATUS:
4614 hci_cmd_status_evt(hdev, skb);
4617 case HCI_EV_ROLE_CHANGE:
4618 hci_role_change_evt(hdev, skb);
4621 case HCI_EV_NUM_COMP_PKTS:
4622 hci_num_comp_pkts_evt(hdev, skb);
4625 case HCI_EV_MODE_CHANGE:
4626 hci_mode_change_evt(hdev, skb);
4629 case HCI_EV_PIN_CODE_REQ:
4630 hci_pin_code_request_evt(hdev, skb);
4633 case HCI_EV_LINK_KEY_REQ:
4634 hci_link_key_request_evt(hdev, skb);
4637 case HCI_EV_LINK_KEY_NOTIFY:
4638 hci_link_key_notify_evt(hdev, skb);
4641 case HCI_EV_CLOCK_OFFSET:
4642 hci_clock_offset_evt(hdev, skb);
4645 case HCI_EV_PKT_TYPE_CHANGE:
4646 hci_pkt_type_change_evt(hdev, skb);
4649 case HCI_EV_PSCAN_REP_MODE:
4650 hci_pscan_rep_mode_evt(hdev, skb);
4653 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4654 hci_inquiry_result_with_rssi_evt(hdev, skb);
4657 case HCI_EV_REMOTE_EXT_FEATURES:
4658 hci_remote_ext_features_evt(hdev, skb);
4661 case HCI_EV_SYNC_CONN_COMPLETE:
4662 hci_sync_conn_complete_evt(hdev, skb);
4665 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4666 hci_extended_inquiry_result_evt(hdev, skb);
4669 case HCI_EV_KEY_REFRESH_COMPLETE:
4670 hci_key_refresh_complete_evt(hdev, skb);
4673 case HCI_EV_IO_CAPA_REQUEST:
4674 hci_io_capa_request_evt(hdev, skb);
4677 case HCI_EV_IO_CAPA_REPLY:
4678 hci_io_capa_reply_evt(hdev, skb);
4681 case HCI_EV_USER_CONFIRM_REQUEST:
4682 hci_user_confirm_request_evt(hdev, skb);
4685 case HCI_EV_USER_PASSKEY_REQUEST:
4686 hci_user_passkey_request_evt(hdev, skb);
4689 case HCI_EV_USER_PASSKEY_NOTIFY:
4690 hci_user_passkey_notify_evt(hdev, skb);
4693 case HCI_EV_KEYPRESS_NOTIFY:
4694 hci_keypress_notify_evt(hdev, skb);
4697 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4698 hci_simple_pair_complete_evt(hdev, skb);
4701 case HCI_EV_REMOTE_HOST_FEATURES:
4702 hci_remote_host_features_evt(hdev, skb);
4705 case HCI_EV_LE_META:
4706 hci_le_meta_evt(hdev, skb);
4709 case HCI_EV_CHANNEL_SELECTED:
4710 hci_chan_selected_evt(hdev, skb);
4713 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4714 hci_remote_oob_data_request_evt(hdev, skb);
4717 case HCI_EV_PHY_LINK_COMPLETE:
4718 hci_phy_link_complete_evt(hdev, skb);
4721 case HCI_EV_LOGICAL_LINK_COMPLETE:
4722 hci_loglink_complete_evt(hdev, skb);
4725 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4726 hci_disconn_loglink_complete_evt(hdev, skb);
4729 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4730 hci_disconn_phylink_complete_evt(hdev, skb);
4733 case HCI_EV_NUM_COMP_BLOCKS:
4734 hci_num_comp_blocks_evt(hdev, skb);
4738 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4743 hdev->stat.evt_rx++;
git.openpandora.org / pandora-kernel.git / blob